int main() { FILE *fp; int ep,m,a,b,c; miracl *mip; epoint *g,*public; char ifname[50],ofname[50]; big a2,a6,q,x,y,v,u1,u2,r,s,hash; /* get public data */ fp=fopen("common2.ecs","r"); if (fp==NULL) { printf("file common2.ecs does not exist\n"); return 0; } fscanf(fp,"%d\n",&m); mip=mirsys(3+abs(m)/MIRACL,0); a2=mirvar(0); a6=mirvar(0); q=mirvar(0); x=mirvar(0); y=mirvar(0); v=mirvar(0); u1=mirvar(0); u2=mirvar(0); s=mirvar(0); r=mirvar(0); hash=mirvar(0); mip->IOBASE=16; cinnum(a2,fp); cinnum(a6,fp); cinnum(q,fp); cinnum(x,fp); cinnum(y,fp); mip->IOBASE=10; fscanf(fp,"%d\n",&a); fscanf(fp,"%d\n",&b); fscanf(fp,"%d\n",&c); fclose(fp); ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */ g=epoint2_init(); epoint2_set(x,y,0,g); /* initialise point of order q */ /* get public key of signer */ fp=fopen("public.ecs","r"); if (fp==NULL) { printf("file public.ecs does not exist\n"); return 0; } fscanf(fp,"%d",&ep); cinnum(x,fp); fclose(fp); public=epoint2_init();
/* function initF2mCurve : This function initializes an elliptic curve over F2m according to the accepted values * param m : * param k1 : The integer k1 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z) * param k2 : The integer k2 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z) * param k3 : The integer k3 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z) * param aVal : a value of the equation * param bVal : b value of the equation * return : the created miracl pointer. */ JNIEXPORT void JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECF2m_initF2mCurve (JNIEnv *env, jobject obj, jlong m, jint mod, jint k1, jint k2, jint k3, jbyteArray aVal, jbyteArray bVal){ big a, b; /* convert the accepted parameters to MIRACL parameters*/ miracl* mip = (miracl*)m; a = byteArrayToMiraclBig(env, mip, aVal); b = byteArrayToMiraclBig(env, mip, bVal); /* initialize the curve */ ecurve2_init(mip, mod, k1, k2, k3, a, b, 0, MR_PROJECTIVE); mirkill(a); mirkill(b); }
int main() { int ia,ib,promptr; epoint *PA,*PB; big A,B,a,b,q,pa,pb,key,x,y; ebrick2 binst; miracl instance; /* create miracl workspace on the stack */ /* Specify base 16 here so that HEX can be read in directly without a base-change */ miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */ char mem_big[MR_BIG_RESERVE(10)]; /* we need 10 bigs... */ char mem_ecp[MR_ECP_RESERVE(2)]; /* ..and two elliptic curve points */ memset(mem_big, 0, MR_BIG_RESERVE(10)); /* clear the memory */ memset(mem_ecp, 0, MR_ECP_RESERVE(2)); A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */ B=mirvar_mem(mip, mem_big, 1); pa=mirvar_mem(mip, mem_big, 2); pb=mirvar_mem(mip, mem_big, 3); key=mirvar_mem(mip, mem_big, 4); x=mirvar_mem(mip, mem_big, 5); y=mirvar_mem(mip, mem_big, 6); q=mirvar_mem(mip,mem_big,7); a=mirvar_mem(mip, mem_big, 8); b=mirvar_mem(mip, mem_big, 9); PA=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */ PB=epoint_init_mem(mip, mem_ecp, 1); irand(mip, 3L); /* change parameter for different random numbers */ promptr=0; init_big_from_rom(B,WORDS,rom,WORDS*4,&promptr); /* Read in curve parameter B from ROM */ /* don't need q or G(x,y) (we have precomputed table from it) */ init_big_from_rom(q,WORDS,rom,WORDS*4,&promptr); init_big_from_rom(x,WORDS,rom,WORDS*4,&promptr); init_big_from_rom(y,WORDS,rom,WORDS*4,&promptr); convert(mip,1,A); /* set A=1 */ /* Create precomputation instance from precomputed table in ROM */ ebrick2_init(&binst,prom,A,B,CURVE_M,CURVE_A,CURVE_B,CURVE_C,WINDOW,CURVE_M); /* offline calculations */ bigbits(mip,CURVE_M,a); /* A's random number */ ia=mul2_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya), ia is sign of ya */ bigbits(mip,CURVE_M,b); /* B's random number */ ib=mul2_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb), ib is sign of yb */ /* online calculations */ ecurve2_init(mip,CURVE_M,CURVE_A,CURVE_B,CURVE_C,A,B,FALSE,MR_PROJECTIVE); epoint2_set(mip,pb,pb,ib,PB); /* decompress PB */ ecurve2_mult(mip,a,PB,PB); epoint2_get(mip,PB,key,key); /* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */ printf("Alice's Key= "); otnum(mip,key,stdout); epoint2_set(mip,pa,pa,ia,PB); /* decompress PA */ ecurve2_mult(mip,b,PB,PB); epoint2_get(mip,PB,key,key); printf("Bob's Key= "); otnum(mip,key,stdout); /* clear the memory */ memset(mem_big, 0, MR_BIG_RESERVE(10)); memset(mem_ecp, 0, MR_ECP_RESERVE(2)); return 0; }
BOOL BaseOT::Miracl_Init(int secparam, BYTE* seed) { //secparam = 163; m_SecParam = secparam; miracl *mip = mirsys(secparam, 2); //miracl *mip=mirsys(MR_ROUNDUP(abs(163),4),16); char *ecp = NULL, *ecb = NULL, *ecx = ecx160, *ecy = ecy160; m_BB = new Big(); m_BA = new Big(); m_BP = new Big(); switch (secparam) { case 160: ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break; case 163: ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break; case 192: ecp = ecp192; ecb = ecb192; ecx = ecx192; ecy = ecy192; break; case 224: ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224; break; case 233: ecx = ecx233; ecy = ecy233; m_nM = 233; m_nA = 74; m_nB = 0; m_nC = 0; *m_BA = 0; break; case 256: ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256; break; case 283: ecx = ecx283; ecy = ecy283; m_nM = 283; m_nA = 12; m_nB = 7; m_nC = 5; *m_BA = 0; break; default: ecp = ecp192; ecb = ecb192; ecx = ecx192; ecy = ecy192; m_SecParam = 192; break; } //seed the miracl rnd generator irand((long)(*seed)); //Change the base to read in the parameters mip->IOBASE = 16; *m_BB = 1; if(m_SecParam == 160 || m_SecParam == 192 || m_SecParam == 224 || m_SecParam == 256) { mip->IOBASE = 16; *m_BA = -3; *m_BB = ecb; *m_BP = ecp; ecurve(*m_BA, *m_BB, *m_BP, MR_BEST); m_bUsePrimeField = true; } else { ecurve2_init(m_nM, m_nA, m_nB, m_nC, m_BA->getbig(), m_BB->getbig(), false, MR_BEST); m_bUsePrimeField = false; } m_X = new Big(); m_Y = new Big(); *m_X = ecx; *m_Y = ecy; //change the base back mip->IOBASE = 10; return true; }
int main() { FILE *fp; int m,a,b,c; big e,a2,a6,x,y,r; epoint *g; ebrick2 binst; int i,d,ndig,nb,best,time,store,base; miracl *mip=mirsys(50,0); e=mirvar(0); a2=mirvar(0); a6=mirvar(0); x=mirvar(0); y=mirvar(0); r=mirvar(0); fp=fopen("common2.ecs","r"); fscanf(fp,"%d\n",&m); mip->IOBASE=16; cinnum(a2,fp); cinnum(a6,fp); cinnum(r,fp); cinnum(x,fp); cinnum(y,fp); mip->IOBASE=10; fscanf(fp,"%d\n",&a); fscanf(fp,"%d\n",&b); fscanf(fp,"%d\n",&c); printf("modulus is %d bits in length\n",m); printf("Enter size of exponent in bits = "); scanf("%d",&nb); getchar(); ebrick2_init(&binst,x,y,a2,a6,m,a,b,c,nb); printf("%d big numbers have been precomputed and stored\n",binst.store); bigdig(nb,2,e); /* random exponent */ printf("naive method\n"); ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); g=epoint2_init(); epoint2_set(x,y,0,g); ecurve2_mult(e,g,g); epoint2_get(g,x,y); cotnum(x,stdout); cotnum(y,stdout); zero(x); zero(y); printf("Brickel et al method\n"); mul2_brick(&binst,e,x,y); ebrick2_end(&binst); cotnum(x,stdout); cotnum(y,stdout); return 0; }
int main() { big a2,a6,bx,r; big res[4]; epoint *P,*Q; int i,romptr; miracl instance; /* sizeof(miracl)= 2000 bytes from the stack */ #ifndef MR_STATIC #ifdef MR_GENERIC_MT miracl *mr_mip=mirsys(WORDS*NPW,16); #else miracl *mr_mip=mirsys(WORDS*NPW,16); #endif char *mem=(char *)memalloc(_MIPP_ 8); char *mem1=(char *)ecp_memalloc(_MIPP_ 2); #else #ifdef MR_GENERIC_MT miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); /* size of bigs is fixed */ #else miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); #endif char mem[MR_BIG_RESERVE(8)]; /* reserve space on the stack for 8 bigs */ char mem1[MR_ECP_RESERVE(2)]; /* reserve space on stack for 2 curve points */ memset(mem,0,MR_BIG_RESERVE(8)); /* clear this memory */ memset(mem1,0,MR_ECP_RESERVE(2)); /* ~668 bytes in all */ #endif /* Initialise bigs */ a2=mirvar_mem(_MIPP_ mem,0); a6=mirvar_mem(_MIPP_ mem,1); bx=mirvar_mem(_MIPP_ mem,2); for (i=0;i<4;i++) res[i]=mirvar_mem(_MIPP_ mem,3+i); r=mirvar_mem(_MIPP_ mem,7); /* printf("ROM size= %d\n",sizeof(rom)+sizeof(prom)); */ #ifndef MR_NO_STANDARD_IO #ifdef MR_STATIC printf("n Bigs require n*%d+%d bytes\n",MR_SIZE,MR_SL); printf("n Points require n*%d+%d bytes\n",MR_ESIZE,MR_SL); printf("sizeof(miracl)= %d\n",sizeof(miracl)); #endif #endif /* Initialise Elliptic curve points */ P=epoint_init_mem(_MIPP_ mem1,0); Q=epoint_init_mem(_MIPP_ mem1,1); /* Initialise supersingular curve */ convert(_MIPP_ 1,a2); convert(_MIPP_ B,a6); /* The -M tells MIRACL that this is a supersingular curve */ if (!ecurve2_init(_MIPP_ -M,T,U,V,a2,a6,FALSE,MR_PROJECTIVE)) { #ifndef MR_NO_STANDARD_IO printf("Problem with the curve\n"); #endif return 0; } /* Get P and Q from ROM */ /* These should have been multiplied by the cofactor 487805 = 5*97561 */ /* 487805 is a cofactor of the group order 2^271+2^136+1 */ romptr=0; init_point_from_rom(P,WORDS,rom,ROMSZ,&romptr); init_point_from_rom(Q,WORDS,rom,ROMSZ,&romptr); #ifndef MR_NO_STANDARD_IO printf( "P= \n"); otnum(_MIPP_ P->X,stdout); otnum(_MIPP_ P->Y,stdout); printf( "Q= \n"); otnum(_MIPP_ Q->X,stdout); otnum(_MIPP_ Q->Y,stdout); #endif bigbits(_MIPP_ 160,r); /* Simple bilinearity test */ tate(_MIPP_ P,Q,res); /* this could break the 4k stack, 2060+668+2996 >4K */ /* so we cannot afford much precomputation in power4 */ power4(_MIPP_ res,r,res); /* res=res^{sr} */ #ifndef MR_NO_STANDARD_IO printf( "\ne(P,Q)^r= \n"); for (i=0;i<4;i++) { otnum(_MIPP_ res[i],stdout); zero(res[i]); } #endif ecurve2_mult(_MIPP_ r,Q,Q); /* Q=rQ */ epoint2_norm(_MIPP_ Q); tate(_MIPP_ P,Q,res); /* Now invert is taken out of Tate, and the stack should be OK */ #ifndef MR_NO_STANDARD_IO printf( "\ne(P,rQ)= \n"); for (i=0;i<4;i++) otnum(_MIPP_ res[i],stdout); #endif /* all done */ #ifndef MR_STATIC memkill(_MIPP_ mem,8); ecp_memkill(_MIPP_ mem1,2); #else memset(mem,0,MR_BIG_RESERVE(8)); /* clear this stack memory */ memset(mem1,0,MR_ECP_RESERVE(2)); #endif mirexit(_MIPPO_ ); /* clears workspace memory */ return 0; }
int main() { int j,k; big a,b,x,y,p,A2; time_t seed; epoint *g; double tr1,tr2,ts,tv1,tv2,tp,td; #ifndef MR_NOFULLWIDTH miracl *mip=mirsys(300,0); #else miracl *mip=mirsys(300,MAXBASE); #endif p=mirvar(0); a=mirvar(-3); b=mirvar(0); x=mirvar(1); y=mirvar(0); A2=mirvar(0); mip->IOBASE=60; time(&seed); irand((long)seed); printf("MIRACL - %d bit version\n",MIRACL); #ifdef MR_LITTLE_ENDIAN printf("Little Endian processor\n"); #endif #ifdef MR_BIG_ENDIAN printf("Big Endian processor\n"); #endif #ifdef MR_NOASM printf("C-Only Version of MIRACL\n"); #else printf("Using some assembly language\n"); #endif #ifdef MR_STRIPPED_DOWN printf("Stripped down version of MIRACL - no error messages\n"); #endif #ifdef MR_KCM k=MR_KCM*MIRACL; printf("Using KCM method \n"); printf("Optimized for %d, %d, %d, %d...etc. bit moduli\n",k,k*2,k*4,k*8); #endif #ifdef MR_COMBA k=MR_COMBA*MIRACL; printf("Using COMBA method \n"); printf("Optimized for %d bit moduli\n",k); #endif #ifdef MR_PENTIUM printf("Floating-point co-processor arithmetic used for Pentium\n"); #endif #ifndef MR_KCM #ifndef MR_COMBA #ifndef MR_PENTIUM printf("No special optimizations\n"); #endif #endif #endif printf("Precomputation uses fixed Window size = %d\n",WINDOW); printf("So %d values are precomputed and stored\n",(1<<WINDOW)); #ifdef MR_NOFULLWIDTH printf("No Fullwidth base possible\n"); #else printf("NOTE: No optimizations/assembly language apply to GF(2^m) Elliptic Curves\n"); #endif printf("NOTE: times are elapsed real-times - so make sure nothing else is running!\n\n"); printf("Modular exponentiation benchmarks - calculating g^e mod p\n"); printf("From these figures it should be possible to roughly estimate the time\n"); printf("required for your favourite PK algorithm, RSA, DSA, DH, etc.\n"); printf("Key R - random base bits/random exponent bits \n"); printf(" V - random base bits/(small exponent e) \n"); printf(" S - (small base g) /random exponent bits \n"); printf(" P - exponentiation with precomputation (fixed base g)\n"); printf(" D - double exponentiation g^e.a^b mod p\n"); printf("F3 = 257, F4 = 65537\n"); printf("RSA - Rivest-Shamir-Adleman\n"); printf("DH - Diffie Hellman Key exchange\n"); printf("DSA - Digital Signature Algorithm\n"); printf("\n512 bit prime....\n"); cinstr(p,p512); k=512; j=160; tr1=powers(k,j,p); td=powers_double(k,j,p); tr2=powers(k,k,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n1024 bit prime....\n"); cinstr(p,p1024); k=1024; j=160; tr1=powers(k,j,p); td=powers_double(k,j,p); tr2=powers(k,k,p); tv1=powers_small_exp(k,3,p); tv2=powers_small_exp(k,65537L,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2); printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1); printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n2048 bit prime....\n"); cinstr(p,p2048); k=2048; j=256; tr1=powers(k,j,p); td=powers_double(k,j,p); powers(k,k,p); tv1=powers_small_exp(k,3,p); tv2=powers_small_exp(k,65537L,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1); printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n"); printf("Elliptic Curve point multiplication benchmarks - calculating r.P\n"); printf("From these figures it should be possible to roughly estimate the time\n"); printf("required for your favourite EC PK algorithm, ECDSA, ECDH, etc.\n"); printf("Key - ER - Elliptic Curve point multiplication r.P\n"); printf(" ED - Elliptic Curve double multiplication r.P + s.Q\n"); printf(" EP - Elliptic Curve multiplication with precomputation\n"); printf("EC - Elliptic curve GF(p) - p of no special form \n"); printf("ECDH - Diffie Hellman Key exchange\n"); printf("ECDSA - Digital Signature Algorithm\n"); mip->IOBASE=10; printf("\n160 bit GF(p) Elliptic Curve....\n"); k=160; cinstr(p,p160); cinstr(b,b160); cinstr(y,y160); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n192 bit GF(p) Elliptic Curve....\n"); k=192; cinstr(p,p192); cinstr(b,b192); cinstr(y,y192); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n224 bit GF(p) Elliptic Curve....\n"); k=224; cinstr(p,p224); cinstr(b,b224); cinstr(y,y224); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n256 bit GF(p) Elliptic Curve....\n"); k=256; cinstr(p,p256); cinstr(b,b256); cinstr(y,y256); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); #ifndef MR_FP printf("\n163 bit GF(2^m) Elliptic Curve....\n"); k=163; mip->IOBASE=16; cinstr(b,B163); cinstr(x,x163); cinstr(y,y163); mip->IOBASE=10; convert(A163,A2); ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n163 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=163; mip->IOBASE=16; cinstr(b,KB163); cinstr(x,Kx163); cinstr(y,Ky163); mip->IOBASE=10; convert(KA163,A2); ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n233 bit GF(2^m) Elliptic Curve....\n"); k=233; mip->IOBASE=16; cinstr(b,B233); cinstr(x,x233); cinstr(y,y233); mip->IOBASE=10; convert(A233,A2); ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n233 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=233; mip->IOBASE=16; cinstr(b,KB233); cinstr(x,Kx233); cinstr(y,Ky233); mip->IOBASE=10; convert(KA233,A2); ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n283 bit GF(2^m) Elliptic Curve....\n"); k=283; mip->IOBASE=16; cinstr(b,B283); cinstr(x,x283); cinstr(y,y283); mip->IOBASE=10; convert(A283,A2); ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n283 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=283; mip->IOBASE=16; cinstr(b,KB283); cinstr(x,Kx283); cinstr(y,Ky283); mip->IOBASE=10; convert(KA283,A2); ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n571 bit GF(2^m) Elliptic Curve....\n"); k=571; mip->IOBASE=16; cinstr(b,B571); cinstr(x,x571); cinstr(y,y571); mip->IOBASE=10; convert(A571,A2); ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n571 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=571; mip->IOBASE=16; cinstr(b,KB571); cinstr(x,Kx571); cinstr(y,Ky571); mip->IOBASE=10; convert(KA571,A2); ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); #endif return 0; }
BOOL ecurve2(int m,int a,int b,int c,const Big& a2,const Big& a6,BOOL check,int t) { return ecurve2_init(m,a,b,c,a2.fn,a6.fn,check,t);}
int main() { FILE *fp; int ep,m,a,b,c; epoint *g,*public; char ifname[50],ofname[50]; big a2,a6,q,x,y,v,u1,u2,r,s,hash; miracl instance; miracl *mip=&instance; char mem[MR_BIG_RESERVE(11)]; /* reserve space on the stack for 11 bigs */ char mem1[MR_ECP_RESERVE(2)]; /* and two elliptic curve points */ memset(mem,0,MR_BIG_RESERVE(11)); memset(mem1,0,MR_ECP_RESERVE(2)); /* get public data */ fp=fopen("common2.ecs","rt"); if (fp==NULL) { printf("file common2.ecs does not exist\n"); return 0; } fscanf(fp,"%d\n",&m); mip=mirsys(mip,MR_ROUNDUP(abs(m),4),16); a2=mirvar_mem(mip,mem,0); a6=mirvar_mem(mip,mem,1); q=mirvar_mem(mip,mem,2); x=mirvar_mem(mip,mem,3); y=mirvar_mem(mip,mem,4); v=mirvar_mem(mip,mem,5); u1=mirvar_mem(mip,mem,6); u2=mirvar_mem(mip,mem,7); s=mirvar_mem(mip,mem,8); r=mirvar_mem(mip,mem,9); hash=mirvar_mem(mip,mem,10); innum(mip,a2,fp); innum(mip,a6,fp); innum(mip,q,fp); innum(mip,x,fp); innum(mip,y,fp); fscanf(fp,"%d\n",&a); fscanf(fp,"%d\n",&b); fscanf(fp,"%d\n",&c); fclose(fp); ecurve2_init(mip,m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */ g=epoint_init_mem(mip,mem1,0); epoint2_set(mip,x,y,0,g); /* initialise point of order q */ /* get public key of signer */ fp=fopen("public.ecs","rt"); if (fp==NULL) { printf("file public.ecs does not exist\n"); return 0; } fscanf(fp,"%d",&ep); innum(mip,x,fp); fclose(fp); public=epoint_init_mem(mip,mem1,1);
BOOL MiraclInit(SECLVL lvl, BYTE* seed, fparams* params) { //secparam = 163; /* switch(lvl.ecckcbits) { #ifdef OTEXT_USE_PRIMEFIELD case ST: m_nSecParam = 160; break; case MT: m_nSecParam = 224; break; case LT: m_nSecParam = 256; break; default: m_nSecParam = 160; break; #else case ST.ecckcbits: m_nSecParam = 163; break; case MT.ecckcbits: m_nSecParam = 233; break; case LT.ecckcbits: m_nSecParam = 283; break; default: m_nSecParam = 163; break; #endif }*/ #ifdef OTEXT_USE_PRIMEFIELD params->secparam = lvl.ecckcbits; #else params->secparam= lvl.ecckcbits; #endif miracl *mip = mirsys(params->secparam, 2); //miracl *mip=mirsys(MR_ROUNDUP(abs(163),4),16); char *ecp = NULL, *ecb = NULL, *ecx = ecx160, *ecy = ecy160; params->eccparams.BB = new Big(); params->eccparams.BA = new Big(); params->eccparams.BP = new Big(); #ifdef OTEXT_USE_PRIMEFIELD if(lvl.eccpfbits == ST.eccpfbits) { ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; } else if(lvl.eccpfbits == MT.eccpfbits) { ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224; } else if(lvl.eccpfbits == LT.eccpfbits) { ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256; } else //Short term security { ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; } /*switch (lvl.eccpfbits) { case ST.eccpfbits: ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break; case MT.eccpfbits: ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224; break; case LT.eccpfbits: ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256; break; default: //Short term security ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break; }*/ #else if(lvl.ecckcbits == ST.ecckcbits) { ecx = ecx163; ecy = ecy163; params->eccparams.m = 163; params->eccparams.a = 7; params->eccparams.b = 6; params->eccparams.c = 3; *(params->eccparams.BA) = 1; } else if(lvl.ecckcbits == MT.ecckcbits) { ecx = ecx233; ecy = ecy233; params->eccparams.m = 233; params->eccparams.a = 74; params->eccparams.b = 0; params->eccparams.c = 0; *(params->eccparams.BA) = 0; } else if(lvl.ecckcbits == LT.ecckcbits) { ecx = ecx283; ecy = ecy283; params->eccparams.m = 283; params->eccparams.a = 12; params->eccparams.b = 7; params->eccparams.c = 5; *(params->eccparams.BA) = 0; } else //Short term security { ecx = ecx163; ecy = ecy163; params->eccparams.m = 163; params->eccparams.a = 7; params->eccparams.b = 6; params->eccparams.c = 3; *(params->eccparams.BA) = 1; } /*switch (lvl.ecckcbits) { case ST.ecckcbits: ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break; case MT.ecckcbits: ecx = ecx233; ecy = ecy233; m_nM = 233; m_nA = 74; m_nB = 0; m_nC = 0; *m_BA = 0; break; case LT.ecckcbits: ecx = ecx283; ecy = ecy283; m_nM = 283; m_nA = 12; m_nB = 7; m_nC = 5; *m_BA = 0; break; default: ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break; }*/ #endif //seed the miracl rnd generator irand((long)(*seed)); //Change the base to read in the parameters mip->IOBASE = 16; *(params->eccparams.BB) = 1; #ifdef OTEXT_USE_PRIMEFIELD mip->IOBASE = 16; *(m_ECCField.BA) = -3; *(m_ECCField.BB) = ecb; *(m_ECCField.BP) = ecp; ecurve(*(m_ECCField.BA), *(m_ECCField.BB), *(m_ECCField.BP), MR_BEST); #else ecurve2_init(params->eccparams.m, params->eccparams.a, params->eccparams.b, params->eccparams.c, params->eccparams.BA->getbig(), params->eccparams.BB->getbig(), false, MR_BEST); #endif params->eccparams.X = new Big(); params->eccparams.Y = new Big(); *(params->eccparams.X) = ecx; *(params->eccparams.Y) = ecy; //cout << "params->eccparams.X : " << (*params->eccparams.X) << endl; //reset the base representation //mip->IOBASE = 10; //For ECC, a coordinate is transferred as well as a 1/-1 params->elebytelen = (params->secparam+7)/8 + 1; return true; }
int main() { FILE *fp; int m,a,b,c,cf; miracl *mip; char ifname[13],ofname[13]; big a2,a6,q,x,y,d,r,s,k,hash; epoint *g; long seed; /* get public data */ fp=fopen("common2.ecs","r"); if (fp==NULL) { printf("file common2.ecs does not exist\n"); return 0; } fscanf(fp,"%d\n",&m); mip=mirsys(3+m/MIRACL,0); a2=mirvar(0); a6=mirvar(0); q=mirvar(0); x=mirvar(0); y=mirvar(0); d=mirvar(0); r=mirvar(0); s=mirvar(0); k=mirvar(0); hash=mirvar(0); mip->IOBASE=16; cinnum(a2,fp); /* curve parameters */ cinnum(a6,fp); /* curve parameters */ cinnum(q,fp); /* order of (x,y) */ cinnum(x,fp); /* (x,y) point on curve of order q */ cinnum(y,fp); mip->IOBASE=10; fscanf(fp,"%d\n",&a); fscanf(fp,"%d\n",&b); fscanf(fp,"%d\n",&c); fclose(fp); /* randomise */ printf("Enter 9 digit random number seed = "); scanf("%ld",&seed); getchar(); irand(seed); ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */ g=epoint2_init(); epoint2_set(x,y,0,g); /* set point of order q */ /* calculate r - this can be done offline, and hence amortized to almost nothing */ bigrand(q,k); ecurve2_mult(k,g,g); /* see ebrick2.c for method to speed this up */ epoint2_get(g,r,r); divide(r,q,q); /* get private key of signer */ fp=fopen("private.ecs","r"); if (fp==NULL) { printf("file private.ecs does not exist\n"); return 0; } cinnum(d,fp); fclose(fp); /* calculate message digest */ printf("file to be signed = "); gets(ifname); strcpy(ofname,ifname); strip(ofname); strcat(ofname,".ecs"); if ((fp=fopen(ifname,"rb"))==NULL) { printf("Unable to open file %s\n",ifname); return 0; } hashing(fp,hash); fclose(fp); /* calculate s */ xgcd(k,q,k,k,k); mad(d,r,hash,q,q,s); mad(s,k,k,q,q,s); fp=fopen(ofname,"w"); cotnum(r,fp); cotnum(s,fp); fclose(fp); return 0; }