Based on Differentia-addition on P I can understand (Xp,Zp) which is the base point, (Xq,Zq) which comes from Doubling, but I don't know what is the equation used to get P-Q to get X-,Z-.
So for example if I have P1(8,3,1) so it means (X⊖,Z⊖) = (8,1) and the value of (Xq,Zq) is from doubling? what about (Xp,Zp)?
I don't know what is the equation used to get
P-Qto get X-,Z-.
Actually, if you're using the Montgomery Ladder algorithm, it's the base point we're multiplying.
At each step of the iteration, we have the points $P, P+G, G$ (where $P = zG$, where $z$ is the part of the multiplier we've already entered), and depending on whether the next bit in the multiplier is a 1, we want (if it is a 0) $2P, 2P+G, G$ or (if it is a 1) $2P+G, 2P+2G, G$.
So, the first step is to take $(X_P, Z_P) = P+G$, and $(X_Q, Z_Q) = P$, and $(X_\ominus, Z_\ominus ) = G$; it is easy to see that the precondition $(X_P, Z_P) - (X_Q, Z_Q) = (X_\ominus, Z_\ominus )$ holds; the addition algorithm then gives us $(X_\oplus, Z_\oplus ) = (X_P, Z_P) + (X_Q, Z_Q) = 2P+G$. And, all we need to do is compute either $2P$ or $2P+2G$ - either case is just a doubling of a value we already have.
And, to start the process, we start with $P=0$ (hence our triple is $(0, G, G)$, which fulfills the precondition, and then we can start by shifting the multiplier bits in, in msb to lsb order...
Hence, in this application, $X_\ominus, Z_\ominus )$ is always $G$ (the base point we are multiplying by).
