Beispiel #1
0
void PairingGroup::init(ZR & r, char *value)
{
	big x = mirvar(0);
	cinstr(x, value);
	r = ZR(x); //should copy this
	mr_free(x);
}
Beispiel #2
0
static BOOL next(int ch)
{ /* get next digit - returns FALSE if there is a problem  */
    int cv;
    result=FALSE;
    if (ipt>=dlen) return FALSE;
    if (ch=='/' || ch=='.')
    {
        if (delim || (ch=='/' && ipt==0)) return FALSE;
        delim=TRUE;
    }
    else
    {
        if (ch>='A' && ch<='F') cv=10+(ch-'A');
        else                    cv=ch-'0';
        if (mip->IOBASE<=cv) return FALSE;
    }
    if (ipt==0 && ch=='0') clr();
    else
    {
        mybuff[ipt++]=ch;
        mybuff[ipt]='\0';
    }
    just(mybuff);
    cinstr(x,mybuff);
    newx=TRUE;
    return TRUE;
}
Beispiel #3
0
/* parse a range given for LbyR or T from the command line.
 * Examples:
 * 1) "value"            => list = { value, value, 1, SCALE_LIN }
 * 2) "start,stop,N"     => list = { start, stop, N, SCALE_LIN }
 * 3) "start,stop,N,log" => list = { start, stop, N, SCALE_LOG }
 */
void parse_range(const char param, const char *_optarg, double list[])
{
    int elems = cinstr(_optarg, ','); /* commas in _optarg */
    list[3] = SCALE_LIN;

    switch(elems)
    {
        case 0:
            /* no comma => example 1) */
            list[0] = list[1] = atof(_optarg);
            list[2] = 1;
            break;
        case 3:
            /* 3 commas => example 3) */
            if(strncasecmp(indexn(_optarg, ',', 3)+1, "log", 3) == 0)
                list[3] = SCALE_LOG;
            /* here no break! */
        case 2:
            /* 2 commas => example 2) */
            list[0] = atof(_optarg);
            list[1] = atof(indexn(_optarg, ',', 1)+1);
            list[2] = atoi(indexn(_optarg, ',', 2)+1);

            /* N must be positive */
            if(list[2] <= 0)
            {
                fprintf(stderr, "error parsing parameter -%c\n\n", param);
                usage(stderr);
                exit(1);
            }

            /* ensure that start < stop */
            if(list[0] > list[1])
                swap(&list[0], &list[1]);
            break;

        default:
            fprintf(stderr, "Can't parse range %s.\n\n", _optarg);
            usage(stderr);
            exit(1);
    }
}
Beispiel #4
0
void envirment_init() {
    big a, b, p, x, y;

#if MIRACL==16
    #ifdef MR_FLASH
        miracl *mip = mirsys(500,10);    /* initialise system to base 10, 500 digits per "big" */
    #else
        miracl *mip = mirsys(5000,10);   /* bigger numbers possible if no flash arithmetic     */
    #endif
#else
    miracl *mip = mirsys(5000,10);  /* 5000 digits per "big" */
#endif
    // init
    a = mirvar(-3);
    b = mirvar(0);
    ECC_N = mirvar(0);
    p = mirvar(0);
    x = mirvar(0);
    y = mirvar(0);
    ECC_G = epoint_init();
    ECC_H = epoint_init();

    mip->IOBASE = 10;
    // init curve
    cinstr(b, bChar);
    cinstr(ECC_N, nChar);
    cinstr(p, pChar);
    ecurve_init(a, b, p, MR_PROJECTIVE);

    // init point:  G, H
    cinstr(x, gxChar);
    cinstr(y, gyChar);
    epoint_set(x, y, 0, ECC_G);
    cinstr(x, hxChar);
    cinstr(y, hyChar);
    epoint_set(x, y, 0, ECC_H);
    mip->IOBASE = 16;
    mirkill(a);
    mirkill(b);
    mirkill(p);
    mirkill(x);
    mirkill(y);
}
Beispiel #5
0
int main()
{ /*  MIRACL rational calculator */
    int i,j,k,p,q,c,hpos;
    BOOL over,help;
    screen();
#if MIRACL==16
    mip=mirsys(10,0);      /*** 16-bit computer ***/
#else
    mip=mirsys(6,0);       /*** 32-bit computer ***/
#endif
    mip->ERCON=TRUE;
    x=mirvar(0);
    for (i=0;i<=top;i++) y[i]=mirvar(0);
    m=mirvar(0);
    t=mirvar(0);
    radeg=mirvar(0);
    loge2=mirvar(0);
    loge10=mirvar(0);
    eps=mirvar(0);
    mip->pi=mirvar(0);
    cinstr(mip->pi,cpi);            /* read in constants */
    fpmul(mip->pi,1,180,radeg);
    cinstr(loge2,clg2);
    cinstr(loge10,clg10);
    cinstr(eps,ceps);
    help=OFF;
    show(TRUE);
    p=6;
    q=0;
    flag=OFF;
    newx=OFF;
    over=FALSE;


    setopts();
    clrall();
    drawit();
    while (!over)
    { /* main loop */
        if (mip->ERNUM)
        {
            aprint(ORDINARY,4+5*p,6+3*q,keys[q][p]);
            p=5,q=0;
        }
        if (width==80 || !help)
        {
            aprint(INVER,4+5*p,6+3*q,keys[q][p]);
            curser(1,24);
            c=gethit();
            aprint(ORDINARY,4+5*p,6+3*q,keys[q][p]);
        }
        else while ((c=gethit())!='H') ;
        result=TRUE;
        if ((k=arrow(c))!=0)
        { /* arrow key hit */
            if (k==1 && q>0) q--;
            if (k==2 && q<5) q++;
            if (k==3 && p<6) p++;
            if (k==4 && p>0) p--;
            continue;
        }
        if (c=='H')
        { /* switch help on/off */
            help=!help;
            for (i=1;i<=24;i++)
            {
                if (width==80) hpos=41;
                else           hpos=1;
                if (help) aprint(HELPCOL,hpos,i,htext[i-1]);
                else lclr(hpos,i);
            }
            if (width==40 && !help) drawit();
            continue;
        }            
        if (c>='A' && c<='F')
        { /* hex only */
            if (!next(c)) putchar(BELL);
            else show(FALSE);
            continue;
        }
        for (j=0;j<6;j++)
            for (i=0;i<7;i++)
                if (c==qkeys[j][i]) p=i,q=j,c=' ';
        if (c==8 || c==127) p=6,q=1,c=' ';       /* aliases */
        if (c==',' || c=='a') p=5,q=5,c=' ';
        if (c=='O' || c==ESC) p=6,q=0,c=' ';
        if (c==13)  p=6,q=5,c=' ';
        if (c=='[' || c=='{') p=3,q=5,c=' ';
        if (c==']' || c=='}') p=4,q=5,c=' ';
        if (c=='d') p=5,q=2,c=' ';
        if (c=='b') p=5,q=3,c=' ';
        if (c=='^') p=3,q=2,c=' ';
        if (c==' ') over=act(p,q);
        else        continue;
        absol(x,t);
        if (fcomp(t,eps)<0) zero(x);
        if (result)
        { /* output result to display */
            cotstr(x,mip->IOBUFF);
            just((char *)mip->IOBUFF);
            if (mip->ERNUM<0)
            { /* convert to radix and try again */
                mip->ERNUM=0;
                mip->RPOINT=ON;
                cotstr(x,mip->IOBUFF);
                putchar(BELL);
                just((char *)mip->IOBUFF);
            }
            clr();
        }
        if (newx)
        { /* update display */
            getstat();
            show(FALSE);
        }
    }
    curser(1,24);
    restore();
    return 0;
}
Beispiel #6
0
static BOOL act(int p,int q)
{ /* act on selected key */
    int k,n,c;
    aprint(PRESSED,4+5*p,6+3*q,keys[q][p]);
    switch(p+7*q)
    {
    case 0:  if (degrees) fmul(x,radeg,x);
             if (hyp) fsinh(x,x);
             else     fsin(x,x);
             newx=TRUE;
             break;
    case 1:  if (degrees) fmul(x,radeg,x);
             if (hyp) fcosh(x,x);
             else     fcos(x,x);
             newx=TRUE;
             break;
    case 2:  if (degrees) fmul(x,radeg,x);
             if (hyp) ftanh(x,x);
             else     ftan(x,x);
             newx=TRUE;
             break;
    case 3:  if (lgbase>0)
             {
                 n=size(x);
                 if (abs(n)<MR_TOOBIG)
                 {
                     convert(lgbase,x);
                     if (n<0) frecip(x,x);
                     fpower(x,abs(n),x);
                     newx=TRUE;
                     break;
                 }
                 if (lgbase==2)  fmul(x,loge2,x);
                 if (lgbase==10) fmul(x,loge10,x);
             }
             fexp(x,x);
             newx=TRUE;
             break;
    case 4:  mip->RPOINT=!mip->RPOINT;
             newx=TRUE;
             break;
    case 5:  clrall();
             newx=TRUE;
             break;
    case 6:  return TRUE;
    case 7:  if (hyp) fasinh(x,x);
             else     fasin(x,x);
             if (degrees) fdiv(x,radeg,x);
             newx=TRUE;
             break;
    case 8:  if (hyp) facosh(x,x);
             else     facos(x,x);
             if (degrees) fdiv(x,radeg,x);
             newx=TRUE;
             break;
    case 9:  if (hyp) fatanh(x,x);
             else     fatan(x,x);
             if (degrees) fdiv(x,radeg,x);
             newx=TRUE;
             break;
    case 10: flog(x,x);
             if (lgbase==2)  fdiv(x,loge2,x);
             if (lgbase==10) fdiv(x,loge10,x);
             newx=TRUE;
             break;
    case 11: newx=TRUE;
             k=3;
             forever
             {
                 aprint(INVER,2+stptr[k],2,settings[k][option[k]]);
                 curser(2+stptr[k],2);
                 c=arrow(gethit());
                 if (c==1)
                 {
                     if (option[k]==nops[k]) option[k]=0;
                     else option[k]+=1;
                     continue;
                 }
                 aprint(STATCOL,2+stptr[k],2,settings[k][option[k]]);
                 if (c==0 || c==2) break;
                 if (c==4 && k>0) k--;
                 if (c==3 && k<3) k++;
             }
             setopts();
             break;
    case 12: chekit(7);
             break;
    case 13: result=FALSE;
             if (ipt==0) break;
             ipt--;
             mybuff[ipt]='\0';
             if (ipt==0) clr();
             just(mybuff);
             cinstr(x,mybuff);
             newx=TRUE;
             break;
    case 14: if (!next('7')) putchar(BELL);
             break;
    case 15: if (!next('8')) putchar(BELL);
             break;
    case 16: if (!next('9')) putchar(BELL);
             break;
    case 17: chekit(6);
             break;
    case 18: chekit(5);
             break;
    case 19: chekit(4);
             break;
    case 20: copy(m,x);
             newx=TRUE;
             break;
    case 21: if (!next('4')) putchar(BELL);
             break;
    case 22: if (!next('5')) putchar(BELL);
             break;
    case 23: if (!next('6')) putchar(BELL);
             break;
    case 24: fmul(x,x,x);
             newx=TRUE;
             break;
    case 25: froot(x,2,x);
             newx=TRUE;
             break;
    case 26: chekit(3);
             break;
    case 27: brkt=0;
             chekit(0);
             flag=OFF;
             fadd(m,x,m);
             newx=TRUE;
             break;
    case 28: if (!next('1')) putchar(BELL);
             break;
    case 29: if (!next('2')) putchar(BELL);
             break;
    case 30: if (!next('3')) putchar(BELL);
             break;
    case 31: frecip(x,x);
             newx=TRUE;
             break;
    case 32: fpi(x);
             newx=TRUE;
             break;
    case 33: chekit(2);
             break;
    case 34: negify(x,x);
             newx=TRUE;
             break;
    case 35: if (!next('0')) putchar(BELL);
             break;
    case 36: if (!next('/')) putchar(BELL);
             break;
    case 37: if (!next('.')) putchar(BELL);
             break;
    case 38: if (ipt>0)
             {
                 putchar(BELL);
                 result=FALSE;
             }
             else
             {
                 zero(x);
                 brkt+=1;
                 newx=TRUE;
             }
             break;
    case 39: if (brkt>0)
             {
                 chekit(0);
                 brkt-=1;
             }
             else
             {
                 putchar(BELL);
                 result=FALSE;
             }
             break;
    case 40: chekit(1);
             break;
    case 41: brkt=0;
             equals(0);
             flag=OFF;
             break;
    }
    return FALSE;
}
Beispiel #7
0
int main()
{  /*  encode using public key  */
    big e,m,y,ke,mn,mx;
    FILE *ifile;
    FILE *ofile;
    static char line[500];
    static char buff[256];
    char ifname[13],ofname[13];
    BOOL fli,last;
    int i,ipt,klen;
    mip=mirsys(100,0);
    e=mirvar(0);
    m=mirvar(0);
    y=mirvar(0);
    ke=mirvar(0);
    mn=mirvar(0);
    mx=mirvar(0);
    if ((ifile=fopen("public.key","rt"))==NULL)
    {
        printf("Unable to open file public.key\n");
        return 0;
    }
    mip->IOBASE=16;
    cinnum(ke,ifile);
    fclose(ifile);
    nroot(ke,3,mn);
    multiply(mn,mn,m);
    multiply(mn,m,mx);
    subtract(mx,m,mx);
    klen=0;
    copy(mx,m);
    while (size(m)>0)
    { /* find key length in characters */
        klen++;
        subdiv(m,128,m);
    }
    klen--;
    printf("file to be encoded = ");
    gets(ifname);
    fli=FALSE;
    if (strlen(ifname)>0) fli=TRUE;
    if (fli)
    { /* set up input file */
        strcpy(ofname,ifname);
        strip(ofname);
        strcat(ofname,".rsa");
        if ((ifile=fopen(ifname,"rt"))==NULL)
        {
            printf("Unable to open file %s\n",ifname);
            return 0;
        }
        printf("encoding message\n");
    }
    else
    { /* accept input from keyboard */
        ifile=stdin;
        do
        {
            printf("output filename = ");
            gets(ofname); 
        } while (strlen(ofname)==0);
        strip(ofname);    
        strcat(ofname,".rsa");
        printf("input message - finish with cntrl z\n");
    }
    ofile=fopen(ofname,"wt");
    ipt=0;
    last=FALSE;
    while (!last)
    { /* encode line by line */
        if (fgets(&line[ipt],132,ifile)==NULL) last=TRUE;
        if (line[ipt]==EOF) last=TRUE;
        ipt=strlen(line);
        if (ipt<klen && !last) continue;
        while (ipt>=klen)
        { /* chop up into klen-sized chunks and encode */
            for (i=0;i<klen;i++)
                buff[i]=line[i];
            buff[klen]='\0';
            for (i=klen;i<=ipt;i++)
                line[i-klen]=line[i];
            ipt-=klen;
            mip->IOBASE=128;
            cinstr(m,buff);
            power(m,3,ke,e);
            mip->IOBASE=16;
            cotnum(e,ofile);
        }
        if (last && ipt>0)
        { /* now deal with left overs */
            mip->IOBASE=128;
            cinstr(m,line);
            if (compare(m,mn)<0)
            { /* pad out with random number if necessary */
                bigrand(mn,y);
                multiply(mn,mn,e);
                subtract(e,y,e);
                multiply(mn,e,y);
                add(m,y,m);
            }
            power(m,3,ke,e);
            mip->IOBASE=16;
            cotnum(e,ofile);
        }
    }
    fclose(ofile);
    if (fli) fclose(ifile);
    return 0;
}
Beispiel #8
0
JNIEXPORT jobjectArray JNICALL
Java_com_sunshuzhou_experiment_1miracl_Verify_computeForServer(JNIEnv *env, jobject instance,
                                                               jstring ux_, jstring uy_,
                                                               jstring u1x_, jstring u1y_,
                                                               jstring wx_, jstring wy_,
                                                               jstring com1x_, jstring com1y_,
                                                               jstring N1_, jstring sid_,
                                                               jstring alpha_, jstring beta_,
                                                               jstring zeta_) {
    const char *ux = (*env)->GetStringUTFChars(env, ux_, 0);
    const char *uy = (*env)->GetStringUTFChars(env, uy_, 0);
    const char *u1x = (*env)->GetStringUTFChars(env, u1x_, 0);
    const char *u1y = (*env)->GetStringUTFChars(env, u1y_, 0);
    const char *wx = (*env)->GetStringUTFChars(env, wx_, 0);
    const char *wy = (*env)->GetStringUTFChars(env, wy_, 0);
    const char *com1x = (*env)->GetStringUTFChars(env, com1x_, 0);
    const char *com1y = (*env)->GetStringUTFChars(env, com1y_, 0);
    const char *N1 = (*env)->GetStringUTFChars(env, N1_, 0);
    const char *sid = (*env)->GetStringUTFChars(env, sid_, 0);
    const char *alpha = (*env)->GetStringUTFChars(env, alpha_, 0);
    const char *beta = (*env)->GetStringUTFChars(env, beta_, 0);
    const char *zeta = (*env)->GetStringUTFChars(env, zeta_, 0);

    big x, y, d, k1, N2, sum, big1;
    epoint *u, *u1, *w, *com1, *w1, *epoint1, *com, *K;
    int message_len, i;
    unsigned char key[300], tag[SHA1_HASH_SIZE], hexdigest[SHA1_HASH_SIZE * 2 + 1], message[1000], tempChars[300];
    jclass jclass1 = (*env)->FindClass(env, "java/lang/String");
    jobjectArray result;

    envirment_init();
    x = mirvar(0);
    y = mirvar(0);
    d = mirvar(0);
    k1 = mirvar(0);
    N2 = mirvar(0);
    sum = mirvar(0);
    big1 = mirvar(0);
    u = epoint_init();
    u1 = epoint_init();
    w = epoint_init();
    com1 = epoint_init();
    w1 = epoint_init();
    epoint1 = epoint_init();
    com = epoint_init();
    K = epoint_init();

    cinstr(x, ux);
    cinstr(y, uy);
    epoint_set(x, y, 0, u);
    cinstr(x, u1x);
    cinstr(y, u1y);
    epoint_set(x, y, 0, u1);
    cinstr(x, wx);
    cinstr(y, wy);
    epoint_set(x, y, 0, w);
    cinstr(x, com1x);
    cinstr(y, com1y);
    epoint_set(x, y, 0, com1);

    irand((long)time(0));
    bigrand(ECC_N, d);
    bigrand(ECC_N, k1);
    bigbits(80, N2);


    // sum = alpha + beta + zeta
    cinstr(big1, alpha);
    cinstr(sum, beta);
    add(big1, sum, sum);
    cinstr(big1, zeta);
    add(big1, sum, sum);

    // w1 = k1 * H
    ecurve_mult(k1, ECC_H, w1);

    // com = (alpha + beta + zeta) * u + d * H
    ecurve_mult(sum, u, com);
    ecurve_mult(d, ECC_H, epoint1);
    ecurve_add(epoint1, com);

    // K = d * w + k1 * (com1 - sum * u1)
    ecurve_mult(d, w, K);
    ecurve_mult(sum, u1, epoint1);
    ecurve_sub(epoint1, com1);
    ecurve_mult(k1, com1, com1);
    ecurve_add(com1, K);


    // K.y as key
    epoint_get(K, x, y);
    cotstr(y, key);
    // message: u.y || u1.y || w.y || com1.y || N1 || sid
    epoint_get(u, x, y);
    cotstr(y, message);
    message_len = strlen(message);
    epoint_get(u1, x, y);
    cotstr(y, &message[message_len]);
    message_len = strlen(message);
    epoint_get(w, x, y);
    cotstr(y, &message[message_len]);
    message_len = strlen(message);
    epoint_get(com1, x, y);
    cotstr(x, &message[message_len]);
    message_len = strlen(message);
    strcpy(&message[message_len], N1);
    message_len = strlen(message);
    strcpy(&message[message_len], sid);
    message_len = strlen(message);

    hmac_sha1(key, strlen(key), message, message_len, tag, SHA1_HASH_SIZE);

    for (i = 0; i < SHA1_HASH_SIZE; ++i) {
        sprintf(&hexdigest[i * 2], "%02x", tag[i]);
    }
    hexdigest[40] = '\0';

    (*env)->ReleaseStringUTFChars(env, ux_, ux);
    (*env)->ReleaseStringUTFChars(env, uy_, uy);
    (*env)->ReleaseStringUTFChars(env, u1x_, u1x);
    (*env)->ReleaseStringUTFChars(env, u1y_, u1y);
    (*env)->ReleaseStringUTFChars(env, wx_, wx);
    (*env)->ReleaseStringUTFChars(env, wy_, wy);
    (*env)->ReleaseStringUTFChars(env, com1x_, com1x);
    (*env)->ReleaseStringUTFChars(env, com1y_, com1y);
    (*env)->ReleaseStringUTFChars(env, N1_, N1);
    (*env)->ReleaseStringUTFChars(env, sid_, sid);
    (*env)->ReleaseStringUTFChars(env, alpha_, alpha);
    (*env)->ReleaseStringUTFChars(env, beta_, beta);
    (*env)->ReleaseStringUTFChars(env, zeta_, zeta);

    result = (*env)->NewObjectArray(env, 8, jclass1, (*env)->NewStringUTF(env, ""));
    epoint_get(w1, x, y);
    cotstr(x, tempChars);
    (*env)->SetObjectArrayElement(env, result, 0, (*env)->NewStringUTF(env, tempChars));
    cotstr(y, tempChars);
    (*env)->SetObjectArrayElement(env, result, 1, (*env)->NewStringUTF(env, tempChars));

    epoint_get(com, x, y);
    cotstr(x, tempChars);
    (*env)->SetObjectArrayElement(env, result, 2, (*env)->NewStringUTF(env, tempChars));
    cotstr(y, tempChars);
    (*env)->SetObjectArrayElement(env, result, 3, (*env)->NewStringUTF(env, tempChars));

    cotstr(N2, tempChars);
    (*env)->SetObjectArrayElement(env, result, 4, (*env)->NewStringUTF(env, tempChars));
    (*env)->SetObjectArrayElement(env, result, 5, (*env)->NewStringUTF(env, message));
    (*env)->SetObjectArrayElement(env, result, 6, (*env)->NewStringUTF(env, hexdigest));

    (*env)->SetObjectArrayElement(env, result, 7, (*env)->NewStringUTF(env, key));

    mirkill(x);
    mirkill(y);
    mirkill(d);
    mirkill(k1);
    mirkill(N2);
    mirkill(sum);
    mirkill(big1);

    return result;
}
Beispiel #9
0
int main()
{
    int ia,ib;
    time_t seed;
    epoint *g,*ea,*eb;
    big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv;
    big primes[2],pm[2];
    big_chinese ch;
    miracl *mip;
#ifndef MR_NOFULLWIDTH   
    mip=mirsys(500,0);
#else
    mip=mirsys(500,MAXBASE);
#endif
    a=mirvar(0);
    b=mirvar(0);
    p=mirvar(0);
    q=mirvar(0);
    n=mirvar(0);
    p1=mirvar(0);
    q1=mirvar(0);
    phi=mirvar(0);
    pa=mirvar(0);
    pb=mirvar(0);
    key=mirvar(0);
    e=mirvar(0);
    d=mirvar(0);
    dp=mirvar(0);
    dq=mirvar(0);
    t=mirvar(0);
    m=mirvar(0);
    c=mirvar(0);
    pm[0]=mirvar(0);
    pm[1]=mirvar(0);
    x=mirvar(0);
    y=mirvar(0);
    k=mirvar(0);
    inv=mirvar(0);

    time(&seed);
    irand((unsigned long)seed);   /* change parameter for different values */

    printf("First Diffie-Hellman Key exchange .... \n");

    cinstr(p,primetext);

/* offline calculations could be done quicker using Comb method
   - See brick.c. Note use of "truncated exponent" of 160 bits -  
   could be output of hash function SHA (see mrshs.c)               */

    printf("\nAlice's offline calculation\n");        
    bigbits(160,a);

/* 3 generates the sub-group of prime order (p-1)/2 */

    powltr(3,a,p,pa);

    printf("Bob's offline calculation\n");        
    bigbits(160,b);
    powltr(3,b,p,pb);

    printf("Alice calculates Key=\n");
    powmod(pb,a,p,key);
    cotnum(key,stdout);

    printf("Bob calculates Key=\n");
    powmod(pa,b,p,key);
    cotnum(key,stdout);

    printf("Alice and Bob's keys should be the same!\n");

/* 
   Now Elliptic Curve version of the above.
   Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above 
   "Primitive root" is the point (x,y) above, which is of large prime order q. 
   In this case actually
   q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 
 
*/

    printf("\nLets try that again using elliptic curves .... \n");
    convert(-3,a);
    mip->IOBASE=16;
    cinstr(b,ecb);
    cinstr(p,ecp);      
    ecurve_init(a,b,p,MR_BEST);  /* Use PROJECTIVE if possible, else AFFINE coordinates */

    g=epoint_init();
    cinstr(x,ecx);
    cinstr(y,ecy);
    mip->IOBASE=10;
    epoint_set(x,y,0,g);
    ea=epoint_init();
    eb=epoint_init();
    epoint_copy(g,ea);
    epoint_copy(g,eb);

    printf("Alice's offline calculation\n");        
    bigbits(160,a);
    ecurve_mult(a,ea,ea);
    ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */

    printf("Bob's offline calculation\n");        
    bigbits(160,b);
    ecurve_mult(b,eb,eb);
    ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */

    printf("Alice calculates Key=\n");
    epoint_set(pb,pb,ib,eb); /* decompress eb */
    ecurve_mult(a,eb,eb);
    epoint_get(eb,key,key);
    cotnum(key,stdout);

    printf("Bob calculates Key=\n");
    epoint_set(pa,pa,ia,ea); /* decompress ea */
    ecurve_mult(b,ea,ea);
    epoint_get(ea,key,key);
    cotnum(key,stdout);

    printf("Alice and Bob's keys should be the same! (but much smaller)\n");

    epoint_free(g);
    epoint_free(ea);
    epoint_free(eb);

/* El Gamal's Method */

    printf("\nTesting El Gamal's public key method\n");
    cinstr(p,primetext);
    bigbits(160,x);    /* x<p */
    powltr(3,x,p,y);    /* y=3^x mod p*/
    decr(p,1,p1);

    mip->IOBASE=128;
    cinstr(m,text);

    mip->IOBASE=10;
    do 
    {
        bigbits(160,k);
    } while (egcd(k,p1,t)!=1);
    powltr(3,k,p,a);   /* a=3^k mod p */
    powmod(y,k,p,b);
    mad(b,m,m,p,p,b);  /* b=m*y^k mod p */
    printf("Ciphertext= \n");
    cotnum(a,stdout);
    cotnum(b,stdout);

    zero(m);           /* proof of pudding... */
  
    subtract(p1,x,t);
    powmod(a,t,p,m);
    mad(m,b,b,p,p,m);  /* m=b/a^x mod p */

    printf("Plaintext= \n");
    mip->IOBASE=128;
    cotnum(m,stdout);
    mip->IOBASE=10;

/* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */

    printf("\nNow generating 512-bit random primes p and q\n");
    do 
    {
        bigbits(512,p);
        if (subdivisible(p,2)) incr(p,1,p);
        while (!isprime(p)) incr(p,2,p);

        bigbits(512,q);
        if (subdivisible(q,2)) incr(q,1,q);
        while (!isprime(q)) incr(q,2,q);

        multiply(p,q,n);      /* n=p.q */

        lgconv(65537L,e);
        decr(p,1,p1);
        decr(q,1,q1);
        multiply(p1,q1,phi);  /* phi =(p-1)*(q-1) */
    } while (xgcd(e,phi,d,d,t)!=1);

    cotnum(p,stdout);
    cotnum(q,stdout);
    printf("n = p.q = \n");
    cotnum(n,stdout);

/* set up for chinese remainder thereom */
/*    primes[0]=p;
      primes[1]=q;
      crt_init(&ch,2,primes);
*/

/* use simple CRT as only two primes */

    xgcd(p,q,inv,inv,inv);   /* 1/p mod q */

    copy(d,dp);
    copy(d,dq);
    divide(dp,p1,p1);   /* dp=d mod p-1 */
    divide(dq,q1,q1);   /* dq=d mod q-1 */
    mip->IOBASE=128;
    cinstr(m,text);
    mip->IOBASE=10;
    printf("Encrypting test string\n");
    powmod(m,e,n,c);
    printf("Ciphertext= \n");
    cotnum(c,stdout);

    zero(m);

    printf("Decrypting test string\n");

    powmod(c,dp,p,pm[0]);    /* get result mod p */
    powmod(c,dq,q,pm[1]);    /* get result mod q */

    subtract(pm[1],pm[0],pm[1]);  /* poor man's CRT */
    mad(inv,pm[1],inv,q,q,m);
    multiply(m,p,m);
    add(m,pm[0],m);

/*    crt(&ch,pm,m);            combine them using CRT */

    printf("Plaintext= \n");
    mip->IOBASE=128;
    cotnum(m,stdout);
/*    crt_end(&ch);  */
    return 0;
}
Beispiel #10
0
int main()
{
    int j,k;
    big a,b,x,y,p,A2;
    time_t seed;
    epoint *g;
    double tr1,tr2,ts,tv1,tv2,tp,td;
#ifndef MR_NOFULLWIDTH
    miracl *mip=mirsys(300,0);
#else
    miracl *mip=mirsys(300,MAXBASE);
#endif
    p=mirvar(0);
    a=mirvar(-3);
    b=mirvar(0);
    x=mirvar(1);
    y=mirvar(0);
    A2=mirvar(0);
    mip->IOBASE=60;

    time(&seed);
    irand((long)seed);

    printf("MIRACL - %d bit version\n",MIRACL);
#ifdef MR_LITTLE_ENDIAN
    printf("Little Endian processor\n");
#endif
#ifdef MR_BIG_ENDIAN
    printf("Big Endian processor\n");
#endif
#ifdef MR_NOASM
    printf("C-Only Version of MIRACL\n");
#else
    printf("Using some assembly language\n");
#endif
#ifdef MR_STRIPPED_DOWN
    printf("Stripped down version of MIRACL - no error messages\n");
#endif
#ifdef MR_KCM
    k=MR_KCM*MIRACL;
    printf("Using KCM method \n");
    printf("Optimized for %d, %d, %d, %d...etc. bit moduli\n",k,k*2,k*4,k*8);
#endif
#ifdef MR_COMBA
    k=MR_COMBA*MIRACL;
    printf("Using COMBA method \n");
    printf("Optimized for %d bit moduli\n",k);
#endif
#ifdef MR_PENTIUM
    printf("Floating-point co-processor arithmetic used for Pentium\n");
#endif
#ifndef MR_KCM
#ifndef MR_COMBA
#ifndef MR_PENTIUM
    printf("No special optimizations\n");
#endif
#endif
#endif
    printf("Precomputation uses fixed Window size = %d\n",WINDOW);
    printf("So %d values are precomputed and stored\n",(1<<WINDOW));
#ifdef MR_NOFULLWIDTH
    printf("No Fullwidth base possible\n");
#else
    printf("NOTE: No optimizations/assembly language apply to GF(2^m) Elliptic Curves\n");
#endif

    printf("NOTE: times are elapsed real-times - so make sure nothing else is running!\n\n");
    printf("Modular exponentiation benchmarks - calculating g^e mod p\n");
    printf("From these figures it should be possible to roughly estimate the time\n");
    printf("required for your favourite PK algorithm, RSA, DSA, DH, etc.\n");
    printf("Key R - random base bits/random exponent bits \n");
    printf("    V - random base bits/(small exponent e)   \n");
    printf("    S - (small base g)  /random exponent bits \n");
    printf("    P - exponentiation with precomputation (fixed base g)\n");
    printf("    D - double exponentiation g^e.a^b mod p\n");
   
    printf("F3 = 257, F4 = 65537\n");
    printf("RSA - Rivest-Shamir-Adleman\n");
    printf("DH  - Diffie Hellman Key exchange\n");
    printf("DSA - Digital Signature Algorithm\n");

    printf("\n512 bit prime....\n");
    cinstr(p,p512);

    k=512;
    j=160;

    tr1=powers(k,j,p);
    td=powers_double(k,j,p);
    tr2=powers(k,k,p);
    ts=powers_small_base(3,j,p);
    tp=powers_precomp(k,j,p);

    printf("\n");
    printf("%4d bit RSA decryption               %8.2lf ms \n",2*k,2*tr2);
    printf("%4d bit DH %d bit exponent:-\n",k,j);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, small base          %8.2lf ms \n",ts);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit DSA %d bit exponent:-\n",k,j);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);
          
    printf("\n1024 bit prime....\n");
    cinstr(p,p1024);        

    k=1024; j=160;
    tr1=powers(k,j,p);
    td=powers_double(k,j,p);
    tr2=powers(k,k,p);
    tv1=powers_small_exp(k,3,p);
    tv2=powers_small_exp(k,65537L,p);
    ts=powers_small_base(3,j,p);
    tp=powers_precomp(k,j,p);

    printf("\n");
    printf("%4d bit RSA decryption               %8.2lf ms \n",2*k,2*tr2);
    printf("%4d bit RSA encryption e=3           %8.2lf ms \n",k,tv1);
    printf("%4d bit RSA encryption e=65537       %8.2lf ms \n",k,tv2);
    printf("%4d bit DH %d bit exponent:-\n",k,j);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, small base          %8.2lf ms \n",ts);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit DSA %d bit exponent:-\n",k,j);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n2048 bit prime....\n");
    cinstr(p,p2048);

    k=2048; j=256;

    tr1=powers(k,j,p);
    td=powers_double(k,j,p);
    powers(k,k,p);
    tv1=powers_small_exp(k,3,p);
    tv2=powers_small_exp(k,65537L,p);
    ts=powers_small_base(3,j,p);
    tp=powers_precomp(k,j,p);

    printf("\n");
    printf("%4d bit RSA encryption e=3           %8.2lf ms \n",k,tv1);
    printf("%4d bit RSA encryption e=65537       %8.2lf ms \n",k,tv2);
    printf("%4d bit DH %d bit exponent:-\n",k,j);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, small base          %8.2lf ms \n",ts);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit DSA %d bit exponent:-\n",k,j);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);
  
    printf("\n");
    printf("Elliptic Curve point multiplication benchmarks - calculating r.P\n");
    printf("From these figures it should be possible to roughly estimate the time\n");
    printf("required for your favourite EC PK algorithm, ECDSA, ECDH, etc.\n");
    printf("Key - ER - Elliptic Curve point multiplication r.P\n");
    printf("      ED - Elliptic Curve double multiplication r.P + s.Q\n");
    printf("      EP - Elliptic Curve multiplication with precomputation\n");
    printf("EC    - Elliptic curve GF(p) - p of no special form \n");
    printf("ECDH  - Diffie Hellman Key exchange\n");
    printf("ECDSA - Digital Signature Algorithm\n");

    mip->IOBASE=10;

    printf("\n160 bit GF(p) Elliptic Curve....\n");
    k=160;
    cinstr(p,p160);
    cinstr(b,b160);
    cinstr(y,y160);

    ecurve_init(a,b,p,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint_set(x,y,0,g))
    {
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults(k,g);
    td=mult_double(k,g);
    tp=mult_precomp(k,x,y,a,b,p);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n192 bit GF(p) Elliptic Curve....\n");
    k=192;
    cinstr(p,p192);
    cinstr(b,b192);
    cinstr(y,y192);

    ecurve_init(a,b,p,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }


    tr1=mults(k,g);
    td=mult_double(k,g);
    tp=mult_precomp(k,x,y,a,b,p);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n224 bit GF(p) Elliptic Curve....\n");
    k=224;
    cinstr(p,p224);
    cinstr(b,b224);
    cinstr(y,y224);

    ecurve_init(a,b,p,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults(k,g);
    td=mult_double(k,g);
    tp=mult_precomp(k,x,y,a,b,p);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n256 bit GF(p) Elliptic Curve....\n");
    k=256;
    cinstr(p,p256);
    cinstr(b,b256);
    cinstr(y,y256);

    ecurve_init(a,b,p,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults(k,g);
    td=mult_double(k,g);
    tp=mult_precomp(k,x,y,a,b,p);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

#ifndef MR_FP

    printf("\n163 bit GF(2^m) Elliptic Curve....\n");
    k=163;
    mip->IOBASE=16;
    cinstr(b,B163);
    cinstr(x,x163);
    cinstr(y,y163);
    mip->IOBASE=10;
    convert(A163,A2);
    ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n163 bit GF(2^m) Koblitz Elliptic Curve....\n");
    k=163;
    mip->IOBASE=16;
    cinstr(b,KB163);
    cinstr(x,Kx163);
    cinstr(y,Ky163);
    mip->IOBASE=10;
    convert(KA163,A2);
    ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n233 bit GF(2^m) Elliptic Curve....\n");
    k=233;
    mip->IOBASE=16;
    cinstr(b,B233);
    cinstr(x,x233);
    cinstr(y,y233);
    mip->IOBASE=10;
    convert(A233,A2);
    ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n233 bit GF(2^m) Koblitz Elliptic Curve....\n");
    k=233;
    mip->IOBASE=16;
    cinstr(b,KB233);
    cinstr(x,Kx233);
    cinstr(y,Ky233);
    mip->IOBASE=10;
    convert(KA233,A2);
    ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);


    printf("\n283 bit GF(2^m) Elliptic Curve....\n");
    k=283;
    mip->IOBASE=16;
    cinstr(b,B283);
    cinstr(x,x283);
    cinstr(y,y283);
    mip->IOBASE=10;

    convert(A283,A2);
    ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n283 bit GF(2^m) Koblitz Elliptic Curve....\n");
    k=283;
    mip->IOBASE=16;
    cinstr(b,KB283);
    cinstr(x,Kx283);
    cinstr(y,Ky283);
    mip->IOBASE=10;

    convert(KA283,A2);
    ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n571 bit GF(2^m) Elliptic Curve....\n");
    k=571;
    mip->IOBASE=16;
    cinstr(b,B571);
    cinstr(x,x571);
    cinstr(y,y571);
    mip->IOBASE=10;

    convert(A571,A2);
    ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

    printf("\n571 bit GF(2^m) Koblitz Elliptic Curve....\n");
    k=571;
    mip->IOBASE=16;
    cinstr(b,KB571);
    cinstr(x,Kx571);
    cinstr(y,Ky571);
    mip->IOBASE=10;

    convert(KA571,A2);
    ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE);
    g=epoint_init();
    if (!epoint2_set(x,y,0,g))
    {            
        printf("This is not a point on the curve!\n");
        exit(0);
    }

    tr1=mults2(k,g);
    td=mult2_double(k,g);
    tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571);

    printf("\n");
    printf("%4d bit ECDH :-\n",k);
    printf("         offline, no precomputation   %8.2lf ms \n",tr1);
    printf("         offline, w. precomputation   %8.2lf ms \n",tp);
    printf("         online                       %8.2lf ms \n",tr1);                           
    printf("%4d bit ECDSA :-\n",k);
    printf("         signature no precomputation  %8.2lf ms \n",tr1);
    printf("         signature w. precomputation  %8.2lf ms \n",tp);
    printf("         verification                 %8.2lf ms \n",td);

#endif
    return 0;
}
Beispiel #11
0
int main()
{ /* Pollard's lambda algorithm for finding discrete logs  *
   * which are known to be less than a certain limit LIMIT */
    big x,n,t,trap,table[32];
    int i,j,m;
    long dm,dn,s,distance[32];
    miracl *mip=mirsys(50,0);
    x=mirvar(0);
    n=mirvar(0);
    t=mirvar(0);
    trap=mirvar(0);
    for (s=1L,m=1;;m++)
    { /* find table size */
        distance[m-1]=s;
        s*=2;     
        if ((2*s/m)>(LEAPS/4)) break;
    }
    mip->IOBASE=60;    /* get large modulus */
    cinstr(n,modulus);
    mip->IOBASE=10;
    printf("solve discrete logarithm problem - using Pollard's kangaroos\n");
    printf("finds x in y=%d^x mod n, given y, for fixed n and small x\n",ALPHA);
    printf("known to be less than %ld\n",LIMIT);
    printf("n= ");
    cotnum(n,stdout);
    for (i=0;i<m;i++) 
    { /* create table */
        lgconv(distance[i],t);
        table[i]=mirvar(0);
        powltr(ALPHA,t,n,table[i]);
    }       
    lgconv(LIMIT,t);
    powltr(ALPHA,t,n,x);
    printf("setting trap .... \n");
    for (dn=0L,j=0;j<LEAPS;j++)
    { /* set traps beyond LIMIT using tame kangaroo */
        i=subdiv(x,m,t);    /* random function */
        mad(x,table[i],x,n,n,x);
        dn+=distance[i];
    }
    printf("trap set!\n");
    copy(x,trap);
    forever
    { /* ready to solve */
        printf("Enter x= ");
        cinnum(x,stdin);
        if (size(x)<=0) break;
        powltr(ALPHA,x,n,t);
        printf("y= ");
        cotnum(t,stdout);
        copy(t,x);
        for (dm=0L;;)
        { /* unlease wild kangaroo - boing - boing ... */
            i=subdiv(x,m,t);
            mad(x,table[i],x,n,n,x);
            dm+=distance[i];
            if (compare(x,trap)==0 || dm>LIMIT+dn) break;
        }
        if (dm>LIMIT+dn)
        { /* trap stepped over */
            printf("trap failed\n");
            continue;
        }
        printf("Gotcha!\n");
        printf("Discrete log of y= %ld\n",LIMIT+dn-dm);
    }
    return 0;
}