## Ladder and DifferentialAddition formula unrolling

In [None]:
from pyecsca.ec.point import Point, InfinityPoint
from pyecsca.ec.mod import Mod, SymbolicMod
from pyecsca.ec.model import ShortWeierstrassModel, EdwardsModel, MontgomeryModel
from pyecsca.ec.coordinates import AffineCoordinateModel
from pyecsca.ec.context import local, DefaultContext
from pyecsca.ec.formula import LadderFormula, DifferentialAdditionFormula
from pyecsca.misc.cfg import getconfig
from sympy import symbols, Mod as SympyMod
import warnings

In [None]:
def remove_mod(expression):
    if isinstance(expression, SympyMod):
        return remove_mod(expression.args[0])
    if not expression.args:
        return expression
    args = []
    for arg in expression.args:
        if isinstance(arg, SympyMod):
            arg = remove_mod(arg.args[0])
        else:
            arg = remove_mod(arg)
        args.append(arg)
    return expression.func(*args)

## Short Weierstrass

In [None]:
model = ShortWeierstrassModel()
coords = model.coordinates["xz"]
acoords = AffineCoordinateModel(model)
xd, zd, xp, zp, xq, zq = symbols("X1 Z1 X2 Z2 X3 Z3")
a, b = symbols("a b")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"

In [None]:
PmQ = Point(coords, X=SymbolicMod(xd, p), Z=SymbolicMod(zd, p))
P = Point(coords, X=SymbolicMod(xp, p), Z=SymbolicMod(zp, p))
Q = Point(coords, X=SymbolicMod(xq, p), Z=SymbolicMod(zq, p))

In [None]:
for name, formula in coords.formulas.items():
    if not isinstance(formula, (LadderFormula, DifferentialAdditionFormula)):
        continue
    print(f"--- {name} ---")
    with warnings.catch_warnings(record=True) as w:
        with local(DefaultContext()) as ctx:
            res = formula(p, PmQ, P, Q, a=SymbolicMod(a, p), b=SymbolicMod(b, p))[0]
        action, _ = ctx.actions.get_by_index([0])
        for name, values in action.intermediates.items():
            for value in values:
                if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                    print(f"{name} =", remove_mod(value.value.x))
    if w:
        print(w[0].message)
    print()

## Edwards

In [None]:
model = EdwardsModel()
coords = model.coordinates["yz"]
acoords = AffineCoordinateModel(model)
yd, zd, yp, zp, yq, zq = symbols("Y1 Z1 Y2 Z2 Y3 Z3")
c, r, d = symbols("c r d")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"

In [None]:
PmQ = Point(coords, Y=SymbolicMod(yd, p), Z=SymbolicMod(zd, p))
P = Point(coords, Y=SymbolicMod(yp, p), Z=SymbolicMod(zp, p))
Q = Point(coords, Y=SymbolicMod(yq, p), Z=SymbolicMod(zq, p))

In [None]:
for name, formula in coords.formulas.items():
    if not isinstance(formula, (LadderFormula)):
        continue
    print(f"--- {name} ---")
    with warnings.catch_warnings(record=True) as w:
        with local(DefaultContext()) as ctx:
            res = formula(p, PmQ, P, Q, c=SymbolicMod(c, p), r=SymbolicMod(r, p), d=SymbolicMod(d, p))[0]
        action, _ = ctx.actions.get_by_index([0])
        for name, values in action.intermediates.items():
            for value in values:
                if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                    print(f"{name} =", remove_mod(value.value.x))
    if w:
        print(w[0].message)
    print()

## Montgomery

In [None]:
model = MontgomeryModel()
coords = model.coordinates["xz"]
acoords = AffineCoordinateModel(model)
xd, zd, xp, zp, xq, zq = symbols("X1 Z1 X2 Z2 X3 Z3")
a, b = symbols("a b")
p = 53  # This number is unused, but pyecsca needs some prime to be the modulus even for symbolic exec
getconfig().ec.unsatisfied_formula_assumption_action = "warning"

In [None]:
PmQ = Point(coords, X=SymbolicMod(xd, p), Z=SymbolicMod(zd, p))
P = Point(coords, X=SymbolicMod(xp, p), Z=SymbolicMod(zp, p))
Q = Point(coords, X=SymbolicMod(xq, p), Z=SymbolicMod(zq, p))

In [None]:
for name, formula in coords.formulas.items():
    if not isinstance(formula, (LadderFormula, DifferentialAdditionFormula)):
        continue
    print(f"--- {name} ---")
    with warnings.catch_warnings(record=True) as w:
        with local(DefaultContext()) as ctx:
            res = formula(p, PmQ, P, Q, a=SymbolicMod(a, p), b=SymbolicMod(b, p))[0]
        action, _ = ctx.actions.get_by_index([0])
        for name, values in action.intermediates.items():
            for value in values:
                if name in formula.outputs:  # Remove this test if you want the output of all intermediates.
                    print(f"{name} =", remove_mod(value.value.x))
    if w:
        print(w[0].message)
    print()