/*
* Apply a command to the virtual machine.:
*/
void gvm_apply(struct gvm *m, struct command *cmd, struct point *values,
enum axismask *mask)
{
switch (cmd->prefix) {
case 'G':
switch (cmd->code) {
case 0:
case 1:
/* G0 / G1 Move */
if (!m->unlocated_moves && !m->located)
gcerr("un-located moves not enabled");
switch (m->mode) {
case MODE_ABSOLUTE:
point_cpy(&(m->position), values, mask);
break;
case MODE_RELATIVE:
point_delta(&(m->position), values, mask, 1);
break;
default:
gcerr("mode undeclared");
}
break;
case 28:
/* G28 Home */
point_clear(&(m->position), mask);
point_clear(&(m->offset), mask);
m->located = true;
break;
case 90:
/* G90 Absolute Positioning */
m->mode = MODE_ABSOLUTE;
break;
case 91:
/* G91 Relative Positioning */
m->mode = MODE_RELATIVE;
break;
case 92:
/* G92 Set */
point_delta(&(m->offset), values, mask, 1);
point_delta(&(m->offset), &(m->position), mask, -1);
point_cpy(&(m->position), values, mask);
break;
}
break;
case ';':
case '#':
/* comment */
break;
}
}
//============================================
// MAP to POINT テスト
//============================================
void test_map_to_point(const EC_GROUP ec)
{
int i;
unsigned long long int t1, t2;
EC_POINT P, Q;
point_init(P, ec);
point_init(Q, ec);
point_map_to_point(P, MAP_STR, sizeof(MAP_STR), t);
assert(point_is_on_curve(P));
point_mul(Q, ec->order, P);
assert(point_is_infinity(Q));
point_map_to_point(Q, MAP_STR, sizeof(MAP_STR), t);
assert(point_cmp(Q, P) == 0);
t1 = rdtsc();
for (i = 0; i < M; i++) { point_map_to_point(P, MAP_STR, sizeof(MAP_STR), t); }
t2 = rdtsc();
printf("point map to point in 128 security: %.2lf [clock]\n", (double)(t2 - t1) / M);
point_clear(P);
point_clear(Q);
}
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve)
{
//verify r and s are within [1, n-1]
mpz_t one;mpz_init(one);
mpz_set_ui(one, 1);
if( mpz_cmp(sig->r,one) < 0 &&
mpz_cmp(curve->n,sig->r) <= 0 &&
mpz_cmp(sig->s,one) < 0 &&
mpz_cmp(curve->n,sig->s) <= 0)
{
mpz_clear(one);
return false;
}
mpz_clear(one);
//Initialize variables
mpz_t w;mpz_init(w);
mpz_t u1;mpz_init(u1);
mpz_t u2;mpz_init(u2);
mpz_t t;mpz_init(t);
mpz_t tt2;mpz_init(tt2);
point x = point_init();
point t1 = point_init();
point t2 = point_init();
//w = s¯¹ mod n
number_theory_inverse(w, sig->s, curve->n);
//u1 = message * w mod n
mpz_mod(tt2, message, curve->n);
mpz_mul(t, tt2, w);
mpz_mod(u1, t, curve->n);
//u2 = r*w mod n
mpz_mul(t, sig->r, w);
mpz_mod(u2, t, curve->n);
//x = u1*G+u2*Q
point_multiplication(t1, u1, curve->G, curve);
point_multiplication(t2, u2, public_key, curve);
point_addition(x, t1, t2, curve);
//Get the result, by comparing x value with r and verifying that x is NOT at infinity
bool result = mpz_cmp(sig->r, x->x) == 0 && !x->infinity;
//release memory
point_clear(x);
point_clear(t1);
point_clear(t2);
mpz_clear(w);
mpz_clear(u1);
mpz_clear(u2);
mpz_clear(t);
mpz_clear(tt2);
//Return result
return result;
}
void IBE_KEM_encrypt_array(byte_string_t *s, byte_string_t U,
char **idarray, int count, params_t params)
{
int i;
mpz_t r;
fp2_t gidr;
point_t Qid;
point_t rP;
if (count <= 0) return;
//r is random in F_q
mpz_init(r);
mympz_randomm(r, params->q);
bm_put(bm_get_time(), "rP0");
//U = rP
point_init(rP);
//point_mul(rP, r, params->P);
point_mul_postprocess(rP, r, params->curve);
bm_put(bm_get_time(), "rP1");
fp2_init(gidr);
byte_string_set_point(U, rP);
point_clear(rP);
point_init(Qid);
for (i=0; i<count; i++) {
const char *id = idarray[i];
//XXX:set up a cache to avoid these expensive ops
map_to_point(Qid, id, params);
point_Phi(Qid, Qid, params);
//calculate gidr = e(Q_id, Phi(P_pub))^r
//tate_pairing(gidr, Qid, PhiPpub);
tate_postprocess(gidr, params->Ppub_mc, Qid, params->curve);
bm_put(bm_get_time(), "gidr0");
fp2_pow(gidr, gidr, r, params->p);
bm_put(bm_get_time(), "gidr1");
hash_H(s[i], gidr, params);
}
point_clear(Qid);
mpz_clear(r);
fp2_clear(gidr);
}
int main(void)
{
EC_PAIRING p;
EC_POINT a, b, c;
Element d;
pairing_init(p, "ECBN254");
point_init(a, p->g1);
point_init(b, p->g2);
point_init(c, p->g1);
element_init(d, p->g3);
point_set_str(a,
"["
"0000000000000000000000000000000000000000000000000000000000000001,"
"0D45589B158FAAF6AB0E4AD38D998E9982E7FF63964EE1460342A592677CCCB0"
"]"
);
point_set_str(b,
"["
"19850140BC38957238BDEB56EC7B97FE30A6A65D15C4BA07CEF54DB5026C7210 "
"1DEB7F4B6C1AEFAEBD0EB750B841BD8ABF916EB750FDF7291F99DFD290C28CE0,"
"14C164D6D18CBC7F64559076E00789C75FF001D1BE0968D210C19FB0D3AD649A "
"059A2ABA101B7A3C1FA3CAF4DF6B38F2CB4976287488E33F526FA7E8C5441B4B"
"]"
);
pairing_map(d, a, b, p);
point_print("a", a);
point_print("b", b);
element_print("d", d);
char msg[] = "abc";
point_map_to_point(c, msg, sizeof(msg), 80);
point_print("c", c);
point_clear(a);
point_clear(b);
point_clear(c);
element_clear(d);
pairing_clear(p);
return 0;
}
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve)
{
//message must not have a bit length longer than that of n
//see: Guide to Elliptic Curve Cryptography, section 4.4.1.
assert(mpz_sizeinbase(message, 2) <= mpz_sizeinbase(curve->n, 2));
//Initializing variables
mpz_t k;mpz_init(k);
mpz_t x;mpz_init(x);
point Q = point_init();
mpz_t r;mpz_init(r);
mpz_t t1;mpz_init(t1);
mpz_t t2;mpz_init(t2);
mpz_t t3;mpz_init(t3);
mpz_t s;mpz_init(s);
gmp_randstate_t r_state;
signature_sign_start:
//Set k
gmp_randinit_default(r_state);
random_seeding(r_state);
mpz_sub_ui(t1, curve->n, 2);
mpz_urandomm(k , r_state , t1);
gmp_randclear(r_state);
//Calculate x
point_multiplication(Q, k, curve->G, curve);
mpz_set(x, Q->x);
point_clear(Q);
//Calculate r
mpz_mod(r, x, curve->n);
if(!mpz_sgn(r)) //Start over if r=0, note haven't been tested memory might die :)
goto signature_sign_start;
mpz_clear(x);
//Calculate s
//s = k¯¹(e+d*r) mod n = (k¯¹ mod n) * ((e+d*r) mod n) mod n
number_theory_inverse(t1, k, curve->n);//t1 = k¯¹ mod n
mpz_mul(t2, private_key, r);//t2 = d*r
mpz_add(t3, message, t2); //t3 = e+t2
mpz_mod(t2, t3, curve->n); //t2 = t3 mod n
mpz_mul(t3, t2, t1); //t3 = t2 * t1
mpz_mod(s, t3, curve->n); //s = t3 mod n
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(t3);
//Set signature
mpz_set(sig->r, r);
mpz_set(sig->s, s);
//Release k,r and s
mpz_clear(k);
mpz_clear(r);
mpz_clear(s);
}
/*
* Initialise virtual machine to default state.
*/
void gvm_init(struct gvm *m, bool verbose)
{
m->verbose = verbose;
m->sloppy = true;
m->unlocated_moves = true;
m->gcode = NULL;
m->counter = 0;
m->mode = MODE_NONE;
m->located = false;
point_clear(&(m->position), NULL);
point_clear(&(m->previous), NULL);
point_clear(&(m->offset), NULL);
point_clear(&(m->prevoffset), NULL);
}
void params_clear(params_t params)
{
curve_clear(params->curve);
mpz_clear(params->p1onq);
fp2_clear(params->zeta);
miller_cache_clear(params->Ppub_mc);
if (params->sharen) params_robust_clear(params);
mpz_clear(params->p);
mpz_clear(params->q);
point_clear(params->P);
point_clear(params->Ppub);
point_clear(params->PhiPpub);
free(params->version);
free(params->id);
}
void params_robust_clear(params_t params)
{
int i;
for (i=0; i<params->sharen; i++) {
point_clear(params->robustP[i]);
mpz_clear(params->robustx[i]);
}
free(params->robustP);
free(params->robustx);
params->sharet = params->sharen = 0;
}
void IBE_get_shared_secret_preprocess(preprocessed_key_t pk,
byte_string_t key, params_t params)
{
point_t Q;
point_init(Q);
point_set_byte_string(Q, key);
tate_preprocess(pk->mc, Q, params->curve);
point_clear(Q);
}
void IBE_KEM_decrypt(byte_string_t s,
byte_string_t U, byte_string_t key, params_t params)
{
point_t xQ, rP;
fp2_t res;
fp2_init(res);
point_init(xQ);
point_init(rP);
point_set_byte_string(xQ, key);
point_set_byte_string(rP, U);
point_Phi(rP, rP, params);
tate_pairing(res, xQ, rP, params->curve);
hash_H(s, res, params);
fp2_clear(res);
point_clear(xQ);
point_clear(rP);
}
void IBE_get_shared_secret(byte_string_t s,
char *id, byte_string_t key, params_t params)
{
point_t Qid;
fp2_t gid;
point_t Q;
point_init(Q);
fp2_init(gid);
point_init(Qid);
map_to_point(Qid, id, params);
//calculate gid = e(Q, Phi(Q_id))
point_set_byte_string(Q, key);
point_Phi(Qid, Qid, params);
tate_pairing(gid, Q, Qid, params->curve);
hash_H(s, gid, params);
fp2_clear(gid);
point_clear(Q);
point_clear(Qid);
}
void IBE_extract_share_byte_string(byte_string_t share, byte_string_t mshare,
byte_string_t id, params_t params)
//extract a private key share from an ID and master share
{
mpz_t y;
int i;
byte_string_t bs1, bs2;
point_t yd;
point_t d;
point_init(yd);
point_init(d);
mpz_init(y);
byte_string_split(bs1, bs2, mshare);
i = int_from_byte_string(bs1);
mympz_set_byte_string(y, bs2);
byte_string_clear(bs1);
byte_string_clear(bs2);
map_byte_string_to_point(d, id, params);
point_mul(yd, y, d, params->curve);
byte_string_set_int(bs1, i);
byte_string_set_point(bs2, yd);
byte_string_join(share, bs1, bs2);
byte_string_clear(bs1);
byte_string_clear(bs2);
point_clear(yd);
point_clear(d);
mpz_clear(y);
}
/*
* Set "result" to the delta incurred by the last step.
*/
int gvm_get_delta(struct gvm *m, struct point *result, bool physical)
{
point_clear(result, NULL);
point_delta(result, &(m->position), NULL, 1);
point_delta(result, &(m->previous), NULL, -1);
if (physical) {
if (!m->located)
return -1;
point_delta(result, &(m->offset), NULL, -1);
point_delta(result, &(m->prevoffset), NULL, 1);
}
return 0;
}
void IBE_get_shared_secret_postprocess(byte_string_t s,
char *id, preprocessed_key_t pk, params_t params)
{
point_t Qid;
fp2_t gid;
fp2_init(gid);
point_init(Qid);
map_to_point(Qid, id, params);
//calculate gid = e(Q_id, Phi(P_pub))
point_Phi(Qid, Qid, params);
tate_postprocess(gid, pk->mc, Qid, params->curve);
hash_H(s, gid, params);
fp2_clear(gid);
point_clear(Qid);
}
void IBE_extract_byte_string(byte_string_t bs, byte_string_t master,
byte_string_t id, params_t params)
//for testing purposes
{
point_t key;
mpz_t x;
mpz_init(x);
point_init(key);
map_byte_string_to_point(key, id, params);
mympz_set_byte_string(x, master);
point_mul(key, x, key, params->curve);
byte_string_set_point(bs, key);
point_clear(key);
mpz_clear(x);
}
//============================================
// 楕円曲線の演算テスト
//============================================
void test_arithmetic_operation(const EC_GROUP ec)
{
int i;
unsigned long long int t1, t2;
EC_POINT a, b, c, d;
Element dx, dy;
mpz_t scalar;
//-------------------
// init
//-------------------
point_init(a, ec);
point_init(b, ec);
point_init(c, ec);
point_init(d, ec);
//-------------------
// random
//-------------------
point_random(a);
assert(point_is_on_curve(a));
t1 = rdtsc();
for (i = 0; i < M; i++) { point_random(a); }
t2 = rdtsc();
printf("point random: %.2lf [clock]\n", (double)(t2 - t1) / M);
//-------------------
// add/dob
//-------------------
point_add(b, b, a);
point_add(c, b, c);
assert(point_cmp(b, a) == 0);
assert(point_cmp(c, b) == 0);
point_set_infinity(d);
point_dob(d, d);
assert(point_is_infinity(d));
point_set_str(a, "[6D2E4115FA177379A504A0EE4EF53767DE51C6364AAB69D4064529EC1FD047A 635B2C858AA4F4A3DB8AA17A588B037CAFFD36678F76E3F3369DFC90C6878C7,193E877C82EFCA81EC2815906630B837BBC6976CC8A7958E6A40D1B190FF2E5F E8A77E88AFCEE9F806DC15BF50EADD138320F1A5A87E78DDE86FA7A867300D]");
point_set_str(b, "[1A8F5DAB09EE4290F95FE4C824C153E355D55B6CF94B998C6203FEC3D81377CF 15A19F2704C4BDBAAE39A5E26772A3E4E7EC7A9E205651F8822298766DE044FF,1C566EB3917F06B05E0A786BD8030CAFCCDB62864DD0E2A22A9B6817B310FD53 6A0927BB33EB263F45CAB921A20E67A1BD8A791D6EB0415AC92C9B1F74D16D1]");
point_set_str(d, "[143D414F99AA18C844B331064C9DD66363EBA3D852250CBCF8C9D4B33E0C4C1C 225865D85EC7A34647CA55E026BD1FA201E0C4E8C66F7A43E69AF708F410A0FF,FACA1388C034CF614A72E06EE60DEDC4880CDBD368E5BEC2795130B266FFB9E 1681217E50705AB9A21FEB62E0BF9A5657EB27C3AED3323FE9C57058358735A9]");
point_add(c, a, b);
assert(point_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_add(c, a, b); }
t2 = rdtsc();
printf("point add: %.2lf [clock]\n", (double)(t2 - t1) / N);
element_init(dx, ec->field);
element_init(dy, ec->field);
element_set_str(dx, "33F550F9A63EF53C786BF7BDFDAB1538CD76A3FCED3C9DBC3307DD4F354775A C814AE99C91C71845F0B51E4349520908E48C70181313D70C05F6ED24EC1F36");
element_set_str(dy, "3766ED0DD7C988DB76770081A298DAA924D0E3279726F9B5504129AFA3E57B9 520CE8A563F88AF882AB99086BFDBBDCEF9DE65879AB234DFF5AAFD5BEE7E4F");
point_set_xy(d, dx, dy);
point_dob(c, a);
assert(point_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_dob(c, a); }
t2 = rdtsc();
printf("point dob: %.2lf [clock]\n", (double)(t2 - t1) / N);
element_clear(dx);
element_clear(dy);
//------------------
// neg/sub
//------------------
point_neg(c, a);
point_add(d, a, c);
point_sub(b, a, a);
assert(point_is_infinity(d));
assert(point_is_infinity(b));
//-------------------
// mul
//-------------------
mpz_init(scalar);
mpz_set(scalar, ec->order);
for (i = 0; i < 100; i++)
{
point_random(a);
point_mul(b, scalar, a);
ec_bn254_fp2_mul_end(c, scalar, a);
assert(point_is_infinity(b));
assert(point_cmp(c, b) == 0);
}
t1 = rdtsc();
for (i = 0; i < M; i++) { point_mul(b, scalar, a); }
t2 = rdtsc();
printf("point mul with endomorphism: %.2lf [clock]\n", (double)(t2 - t1) / M);
t1 = rdtsc();
for (i = 0; i < M; i++) { ec_bn254_fp2_mul(b, scalar, a); }
t2 = rdtsc();
printf("point mul with binary method: %.2lf [clock]\n", (double)(t2 - t1) / M);
mpz_clear(scalar);
//-------------------
// clear
//-------------------
point_clear(a);
point_clear(b);
point_clear(c);
point_clear(d);
}
void
ui_result (global_t * gp)
{
int p, i;
int iy[4];
char buf[1024];
int n = 0;
if (flag_pause && !auto_play && !BUILD4)
{
wait4key ();
}
if (!point)
make_point ();
if (BUILD4)
wrap_widgets ();
snd (audioplay_yaku ());
flag_not_needredraw = 0;
point_clear ();
memcpy (hora_global, gp, sizeof (global_t));
hora_reset ();
for (p = 0; p < 4; p++)
{
if (result[p].flag == 0)
{
continue;
}
n++;
}
for (p = 0; p < 4; p++)
{
if (result[p].flag == 0)
{
continue;
}
if (result[p].flag != RESULT_RYUKYOKU && (result[p].who != -1))
{
hora_set (hora_global, result[p].who);
}
else
{
hora_set (hora_global, -1);
}
result_cvt_to_int (result + p, iy);
pmcontainer_print (point_results, pm_result_name[result[p].flag]);
for (i = 0; i < 4; i++)
{
integer_t color;
pmcontainer_print (point_home[i], pm_home_names[i]);
print_yakupoint (point_home_point[i], result[p].points[i]);
widget_configure (point_home_user[i], resource_text,
player[pplayer[i]].name);
color = point_color (result[p].points[i]);
widget_configure (point_home_user[i], resource_textfont, MEDIUMJP);
widget_configure (point_home_user[i], resource_textcolor, color);
{
extern integer_t *tblpos;
color = point_bgcolor (result[p].points[i]);
widget_model_change (name_frame[tblpos[i]], color, white, white,
white);
}
}
if (result[p].fu)
{
widget_configure (point_fubase, resource_invisible, 0);
print_yakupoint (point_fu, result[p].fu);
print_yakupoint (point_fan, result[p].fan);
}
else
{
widget_configure (point_fubase, resource_invisible, 1);
}
#define yaku_idx(idx) \
if (!point_yaku[idx]) { goto YAKUEND; }
{
integer_t idx = 0;
for (i = 0; i < Y_MAX; i++)
{
if (Y_GET (iy, i))
{
char buf[128];
int len, n;
yaku_idx (idx);
strcpy (buf, result_str[i]);
len = strlen (buf);
if (buf[len - 1] == ')' && buf[len - 3] == '(')
{
buf[len - 3] = buf[len - 1] = 0;
n = buf[len - 2] - '0';
print_yakupoint (point_yaku_point[idx], n);
}
else
{
widget_configure (point_yaku_point[idx], resource_text,
"");
}
widget_configure (point_yaku[idx], resource_text, buf);
idx++;
}
}
if (result[p].dora)
{
yaku_idx (idx);
widget_configure (point_yaku[idx], resource_text, dora_str);
print_yakupoint (point_yaku_point[idx], result[p].dora);
idx++;
}
if (result[p].uradora)
{
yaku_idx (idx);
widget_configure (point_yaku[idx], resource_text, uradora_str);
print_yakupoint (point_yaku_point[idx], result[p].uradora);
idx++;
}
if (result[p].akadora)
{
yaku_idx (idx);
widget_configure (point_yaku[idx], resource_text, akadora_str);
print_yakupoint (point_yaku_point[idx], result[p].akadora);
idx++;
}
for (; idx < 30; idx++)
{
if (!point_yaku[idx])
{
continue;
}
widget_configure (point_yaku[idx], resource_text, "");
widget_configure (point_yaku_point[idx], resource_text, "");
}
}
YAKUEND:
draw_hora ();
{
extern widget_t board;
if (!BUILD4)
{
widget_unmap (board);
}
widget_map (point);
widget_display (point);
widget_flush (point);
{
for (i = 0; i < 4; i++)
{
widget_display (name_frame[i]);
widget_flush (name_frame[i]);
}
}
if (!auto_play)
wait_key ();
hora_reset ();
}
}
linepos_clear ();
for (i = 0; i < 4; i++)
{
widget_model_change (name_frame[i], get_basiccolorpixel (), white,
white, white);
}
if (!BUILD4)
{
widget_unmap (point);
}
else
{
unwrap_widgets ();
}
board_reset ();
board_redraw (1);
if (logfile)
log_play (gp, logfile);
}
//============================================
// 楕円曲線の入出力テスト
//============================================
void test_io(const EC_GROUP ec)
{
int i;
unsigned long long int t1, t2;
EC_POINT P, Q, R;
size_t osize;
unsigned char os[130];
char str[262];
point_init(P, ec);
point_init(Q, ec);
point_init(R, ec);
//---------------------
// octet string
//---------------------
point_set_infinity(R);
point_to_oct(os, &osize, R);
point_from_oct(Q, os, osize);
assert(point_is_infinity(Q));
for (i = 0; i < 100; i++)
{
point_random(P);
point_to_oct(os, &osize, P);
point_from_oct(Q, os, osize);
assert(point_cmp(P, Q) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { point_to_oct(os, &osize, P); }
t2 = rdtsc();
printf("point to octet string: %.2lf [clock]\n", (double)(t2 - t1) / N);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_from_oct(Q, os, osize); }
t2 = rdtsc();
printf("point from octet string: %.2lf [clock]\n", (double)(t2 - t1) / N);
//---------------------
// string
//---------------------
point_set_infinity(R);
point_get_str(str, R);
point_set_str(Q, str);
assert(point_is_infinity(Q));
for (i = 0; i < 100; i++)
{
point_get_str(str, P);
point_set_str(Q, str);
assert(point_cmp(P, Q) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { point_get_str(str, P); }
t2 = rdtsc();
printf("point get string: %.2lf [clock]\n", (double)(t2 - t1) / N);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_set_str(Q, str); }
t2 = rdtsc();
printf("point set string: %.2lf [clock]\n", (double)(t2 - t1) / N);
point_clear(P);
point_clear(Q);
point_clear(R);
}
int IBE_combine(byte_string_t key, byte_string_t *kshare, params_t params)
//reconstruct a key from key shares, or a certificate from certificate shares
{
int i, j;
int indexi, indexj;
point_t yP;
mpz_t num, denom;
mpz_t z;
point_t d;
byte_string_t bs1, bs2;
int *index;
index = (int *) malloc(params->sharet * sizeof(int));
for (i=0; i<params->sharet; i++) {
byte_string_split(bs1, bs2, kshare[i]);
byte_string_clear(bs2);
index[i] = int_from_byte_string(bs1);
byte_string_clear(bs1);
for (j=0; j<i; j++) {
if (index[i] == index[j]) {
return 0;
}
}
}
point_init(yP);
mpz_init(z);
mpz_init(num); mpz_init(denom);
point_init(d);
point_set_O(d);
for (i=0; i<params->sharet; i++) {
byte_string_split(bs1, bs2, kshare[i]);
indexi = index[i];
byte_string_clear(bs1);
point_set_byte_string(yP, bs2);
byte_string_clear(bs2);
mpz_set_ui(num, 1);
mpz_set_ui(denom, 1);
for (j=0; j<params->sharet; j++) {
if (j != i) {
indexj = index[j];
mpz_mul(num, num, params->robustx[indexj]);
mpz_mod(num, num, params->q);
mpz_sub(z, params->robustx[indexj], params->robustx[indexi]);
mpz_mul(denom, denom, z);
mpz_mod(denom, denom, params->q);
}
}
mpz_invert(denom, denom, params->q);
mpz_mul(z, num, denom);
mpz_mod(z, z, params->q);
point_mul(yP, z, yP, params->curve);
point_add(d, d, yP, params->curve);
}
byte_string_set_point(key, d);
point_clear(yP);
mpz_clear(z);
mpz_clear(num); mpz_clear(denom);
point_clear(d);
return 1;
}