## Doubling formula unrolling

In [None]:
from pyecsca.ec.point import Point, InfinityPoint
from pyecsca.ec.mod import Mod, SymbolicMod
from pyecsca.ec.model import ShortWeierstrassModel, EdwardsModel, MontgomeryModel, TwistedEdwardsModel
from pyecsca.ec.coordinates import AffineCoordinateModel
from pyecsca.ec.context import local, DefaultContext
from pyecsca.ec.formula import LadderFormula, DifferentialAdditionFormula, DoublingFormula
from pyecsca.misc.cfg import getconfig
from sympy import symbols, Mod as SympyMod, Eq
import warnings

In [None]:
def remove_mod(expression):
    if isinstance(expression, SympyMod):
        return remove_mod(expression.args[0])
    if not expression.args:
        return expression
    args = []
    for arg in expression.args:
        if isinstance(arg, SympyMod):
            arg = remove_mod(arg.args[0])
        else:
            arg = remove_mod(arg)
        args.append(arg)
    return expression.func(*args)

In [None]:
# Whether to display formulas in LaTeX or as raw text
#display_mode = "latex"
display_mode = "raw"

## Short Weierstrass

In [None]:
model = ShortWeierstrassModel()
acoords = AffineCoordinateModel(model)
a, b = symbols("a b")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"
for coord_name, coords in model.coordinates.items():
    svars = {var:SymbolicMod(symbols(var), p) for var in coords.variables}
    pt = Point(coords, **svars)
    params = {"a": SymbolicMod(a, p), "b": SymbolicMod(b, p)}
    for param in coords.parameters:
        params[param] = SymbolicMod(symbols(param), p)
    print(f"###### {coord_name} ######")
    for name, formula in coords.formulas.items():
        if not isinstance(formula, DoublingFormula):
            continue
        print(f"--- {name} ---")
        with warnings.catch_warnings(record=True) as w:
            try:
                with local(DefaultContext()) as ctx:
                    res = formula(p, pt, **params)[0]
                action, _ = ctx.actions.get_by_index([0])
                for name, values in action.intermediates.items():
                    # The `values` here contains all the values assigned to the variable during the execution of the formula.
                    # Output all of the `values` to get all intermediate values.
                    value = values[-1]
                    if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                        if display_mode == "latex":
                            display(Eq(symbols(name), remove_mod(value.value.x)))
                        elif display_mode == "raw":
                            print(f"{name} =", remove_mod(value.value.x))
            except Exception as e:
                print(e)
        if w:
            print(w[0].message)
        print()


## Edwards

In [None]:
model = EdwardsModel()
acoords = AffineCoordinateModel(model)
c, d = symbols("c d")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"
for coord_name, coords in model.coordinates.items():
    svars = {var:SymbolicMod(symbols(var), p) for var in coords.variables}
    pt = Point(coords, **svars)
    params = {"c": SymbolicMod(c, p), "d": SymbolicMod(d, p)}
    for param in coords.parameters:
        params[param] = SymbolicMod(symbols(param), p)
    print(f"###### {coord_name} ######")
    for name, formula in coords.formulas.items():
        if not isinstance(formula, DoublingFormula):
            continue
        print(f"--- {name} ---")
        with warnings.catch_warnings(record=True) as w:
            try:
                with local(DefaultContext()) as ctx:
                    res = formula(p, pt, **params)[0]
                action, _ = ctx.actions.get_by_index([0])
                for name, values in action.intermediates.items():
                    # The `values` here contains all the values assigned to the variable during the execution of the formula.
                    # Output all of the `values` to get all intermediate values.
                    value = values[-1]
                    if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                        if display_mode == "latex":
                            display(Eq(symbols(name), remove_mod(value.value.x)))
                        elif display_mode == "raw":
                            print(f"{name} =", remove_mod(value.value.x))
            except Exception as e:
                print(e)
        if w:
            print(w[0].message)
        print()

## Montgomery

In [None]:
model = MontgomeryModel()
acoords = AffineCoordinateModel(model)
a, b = symbols("a b")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"
for coord_name, coords in model.coordinates.items():
    svars = {var:SymbolicMod(symbols(var), p) for var in coords.variables}
    pt = Point(coords, **svars)
    params = {"a": SymbolicMod(a, p), "b": SymbolicMod(b, p)}
    for param in coords.parameters:
        params[param] = SymbolicMod(symbols(param), p)
    print(f"###### {coord_name} ######")
    for name, formula in coords.formulas.items():
        if not isinstance(formula, DoublingFormula):
            continue
        print(f"--- {name} ---")
        with warnings.catch_warnings(record=True) as w:
            try:
                with local(DefaultContext()) as ctx:
                    res = formula(p, pt, **params)[0]
                action, _ = ctx.actions.get_by_index([0])
                for name, values in action.intermediates.items():
                    # The `values` here contains all the values assigned to the variable during the execution of the formula.
                    # Output all of the `values` to get all intermediate values.
                    value = values[-1]
                    if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                        if display_mode == "latex":
                            display(Eq(symbols(name), remove_mod(value.value.x)))
                        elif display_mode == "raw":
                            print(f"{name} =", remove_mod(value.value.x))
            except Exception as e:
                print(e)
        if w:
            print(w[0].message)
        print()

## Twisted Edwards

In [None]:
model = TwistedEdwardsModel()
acoords = AffineCoordinateModel(model)
a, d = symbols("a d")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"
for coord_name, coords in model.coordinates.items():
    svars = {var:SymbolicMod(symbols(var), p) for var in coords.variables}
    pt = Point(coords, **svars)
    params = {"a": SymbolicMod(a, p), "d": SymbolicMod(d, p)}
    for param in coords.parameters:
        params[param] = SymbolicMod(symbols(param), p)
    print(f"###### {coord_name} ######")
    for name, formula in coords.formulas.items():
        if not isinstance(formula, DoublingFormula):
            continue
        print(f"--- {name} ---")
        with warnings.catch_warnings(record=True) as w:
            try:
                with local(DefaultContext()) as ctx:
                    res = formula(p, pt, **params)[0]
                action, _ = ctx.actions.get_by_index([0])
                for name, values in action.intermediates.items():
                    # The `values` here contains all the values assigned to the variable during the execution of the formula.
                    # Output all of the `values` to get all intermediate values.
                    value = values[-1]
                    if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                        if display_mode == "latex":
                            display(Eq(symbols(name), remove_mod(value.value.x)))
                        elif display_mode == "raw":
                            print(f"{name} =", remove_mod(value.value.x))
            except Exception as e:
                print(e)
        if w:
            print(w[0].message)
        print()