BOOL froot(_MIPD_ flash x,int n,flash w) { /* extract nth root of x - w=x^(1/n) using Newtons method */ BOOL minus,rn,rm,hack; int nm,dn,s,op[5]; #ifdef MR_OS_THREADS miracl *mr_mip=get_mip(); #endif copy(x,w); if (mr_mip->ERNUM || n==1) return TRUE; if (n==(-1)) { frecip(_MIPP_ w,w); return TRUE; } MR_IN(52) minus=FALSE; if (n<0) { minus=TRUE; n=(-n); } s=exsign(w); if (n%2==0 && s==MINUS) { mr_berror(_MIPP_ MR_ERR_NEG_ROOT); MR_OUT return FALSE; }
double fdsize(_MIPD_ flash w) { /* express flash number as double. */ int i,s,en,ed; double n,d,b,BIGGEST; #ifdef MR_OS_THREADS miracl *mr_mip=get_mip(); #endif if (mr_mip->ERNUM || size(w)==0) return (0.0); MR_IN(11) BIGGEST=pow(2.0,(double)(1<<(MR_EBITS-4))); mr_mip->EXACT=FALSE; n=0.0; d=0.0; if (mr_mip->base==0) b=pow(2.0,(double)MIRACL); else b=(double)mr_mip->base; numer(_MIPP_ w,mr_mip->w1); s=exsign(mr_mip->w1); insign(PLUS,mr_mip->w1); en=(int)mr_mip->w1->len; for (i=0;i<en;i++) n=(double)mr_mip->w1->w[i]+(n/b); denom(_MIPP_ w,mr_mip->w1); ed=(int)mr_mip->w1->len; for (i=0;i<ed;i++) d=(double)mr_mip->w1->w[i]+(d/b); n/=d; while (en!=ed) { if (en>ed) { ed++; if (BIGGEST/b<n) { mr_berror(_MIPP_ MR_ERR_DOUBLE_FAIL); MR_OUT return (0.0); } n*=b; }
int xgcd(_MIPD_ big x,big y,big xd,big yd,big z) { /* greatest common divisor by Euclids method * * extended to also calculate xd and yd where * * z = x.xd + y.yd = gcd(x,y) * * if xd, yd not distinct, only xd calculated * * z only returned if distinct from xd and yd * * xd will always be positive, yd negative */ int s,n,iter; mr_small r,a,b,c,d; mr_small q,m,sr; #ifdef MR_FP mr_small dres; #endif #ifdef mr_dltype union doubleword uu,vv; mr_large u,v,lr; #else mr_small u,v,lr; #endif BOOL last,dplus=TRUE; big t; #ifdef MR_OS_THREADS miracl *mr_mip=get_mip(); #endif if (mr_mip->ERNUM) return 0; MR_IN(30) #ifdef MR_COUNT_OPS fpx++; #endif copy(x,mr_mip->w1); copy(y,mr_mip->w2); s=exsign(mr_mip->w1); insign(PLUS,mr_mip->w1); insign(PLUS,mr_mip->w2); convert(_MIPP_ 1,mr_mip->w3); zero(mr_mip->w4); last=FALSE; a=b=c=d=0; iter=0; while (size(mr_mip->w2)!=0) { if (b==0) { /* update mr_mip->w1 and mr_mip->w2 */ divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5); t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */ multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0); add(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */ iter++; } else { /* printf("a= %I64u b= %I64u c= %I64u d= %I64u \n",a,b,c,d); */ mr_pmul(_MIPP_ mr_mip->w1,c,mr_mip->w5); /* c*w1 */ mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1); /* a*w1 */ mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w0); /* b*w2 */ mr_pmul(_MIPP_ mr_mip->w2,d,mr_mip->w2); /* d*w2 */ if (!dplus) { mr_psub(_MIPP_ mr_mip->w0,mr_mip->w1,mr_mip->w1); /* b*w2-a*w1 */ mr_psub(_MIPP_ mr_mip->w5,mr_mip->w2,mr_mip->w2); /* c*w1-d*w2 */ } else { mr_psub(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1); /* a*w1-b*w2 */ mr_psub(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2); /* d*w2-c*w1 */ } mr_pmul(_MIPP_ mr_mip->w3,c,mr_mip->w5); mr_pmul(_MIPP_ mr_mip->w3,a,mr_mip->w3); mr_pmul(_MIPP_ mr_mip->w4,b,mr_mip->w0); mr_pmul(_MIPP_ mr_mip->w4,d,mr_mip->w4); if (a==0) copy(mr_mip->w0,mr_mip->w3); else mr_padd(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); mr_padd(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4); } if (mr_mip->ERNUM || size(mr_mip->w2)==0) break; n=(int)mr_mip->w1->len; if (n==1) { last=TRUE; u=mr_mip->w1->w[0]; v=mr_mip->w2->w[0]; } else { m=mr_mip->w1->w[n-1]+1; #ifndef MR_SIMPLE_BASE if (mr_mip->base==0) { #endif #ifndef MR_NOFULLWIDTH #ifdef mr_dltype /* use double length type if available */ if (n>2 && m!=0) { /* squeeze out as much significance as possible */ uu.h[MR_TOP]=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr); uu.h[MR_BOT]=muldvm(sr,mr_mip->w1->w[n-3],m,&sr); vv.h[MR_TOP]=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr); vv.h[MR_BOT]=muldvm(sr,mr_mip->w2->w[n-3],m,&sr); } else { uu.h[MR_TOP]=mr_mip->w1->w[n-1]; uu.h[MR_BOT]=mr_mip->w1->w[n-2]; vv.h[MR_TOP]=mr_mip->w2->w[n-1]; vv.h[MR_BOT]=mr_mip->w2->w[n-2]; if (n==2) last=TRUE; } u=uu.d; v=vv.d; #else if (m==0) { u=mr_mip->w1->w[n-1]; v=mr_mip->w2->w[n-1]; } else { u=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr); v=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr); } #endif #endif #ifndef MR_SIMPLE_BASE } else { #ifdef mr_dltype if (n>2) { /* squeeze out as much significance as possible */ u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr); u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1->w[n-3],m,&sr); v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr); v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2->w[n-3],m,&sr); } else { u=(mr_large)mr_mip->base*mr_mip->w1->w[n-1]+mr_mip->w1->w[n-2]; v=(mr_large)mr_mip->base*mr_mip->w2->w[n-1]+mr_mip->w2->w[n-2]; last=TRUE; } #else u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr); v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr); #endif } #endif } dplus=TRUE; a=1; b=0; c=0; d=1; forever { /* work only with most significant piece */ if (last) { if (v==0) break; q=qdiv(u,v); if (q==0) break; } else { if (dplus) { if ((mr_small)(v-c)==0 || (mr_small)(v+d)==0) break; q=qdiv(u+a,v-c); if (q==0) break; if (q!=qdiv(u-b,v+d)) break; } else { if ((mr_small)(v+c)==0 || (mr_small)(v-d)==0) break; q=qdiv(u-a,v+c); if (q==0) break; if (q!=qdiv(u+b,v-d)) break; } } if (q==1) { if ((mr_small)(b+d) >= MAXBASE) break; r=a+c; a=c; c=r; r=b+d; b=d; d=r; lr=u-v; u=v; v=lr; } else { if (q>=MR_DIV(MAXBASE-b,d)) break; r=a+q*c; a=c; c=r; r=b+q*d; b=d; d=r; lr=u-q*v; u=v; v=lr; } iter++; dplus=!dplus; } iter%=2; } if (s==MINUS) iter++; if (iter%2==1) subtract(_MIPP_ y,mr_mip->w3,mr_mip->w3); if (xd!=yd) { negify(x,mr_mip->w2); mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4); copy(mr_mip->w4,yd); } copy(mr_mip->w3,xd); if (z!=xd && z!=yd) copy(mr_mip->w1,z); MR_OUT return (size(mr_mip->w1)); }
{ zero(z); return; } MR_IN(34) if (size(den)==0) { mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW); MR_OUT return; } copy(num,mr_mip->w5); copy(den,mr_mip->w6); s=exsign(mr_mip->w5)*exsign(mr_mip->w6); insign(PLUS,mr_mip->w5); insign(PLUS,mr_mip->w6); if (compare(mr_mip->w5,mr_mip->w6)==0) { convert(_MIPP_ s,z); MR_OUT return; } if (size(mr_mip->w6)==1) { if ((int)mr_mip->w5->len>mr_mip->nib) { mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW); MR_OUT return;
/* * function encodeByteArrayToPoint : Encodes the given byte array into a point. * If the given byte array can not be encoded to a point, returns 0. * param dlog : Pointer to the native Dlog object. * param binaryString : The byte array to encode. * param k : k is the maximum length of a string to be converted to a Group Element of this group. * If a string exceeds the k length it cannot be converted. * return : The created point or 0 if the point cannot be created. */ JNIEXPORT jlong JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECFp_encodeByteArrayToPoint (JNIEnv * env, jobject, jlong m, jbyteArray binaryString, jint k){ //Pseudo-code: /*If the length of binaryString exceeds k then throw IndexOutOfBoundsException. Let L be the length in bytes of p Choose a random byte array r of length L – k – 2 bytes Prepare a string newString of the following form: r || binaryString || binaryString.length (where || denotes concatenation) (i.e., the least significant byte of newString is the length of binaryString in bytes) Convert the result to a BigInteger (bIString) Compute the elliptic curve equation for this x and see if there exists a y such that (x,y) satisfies the equation. If yes, return (x,y) Else, go back to step 3 (choose a random r etc.) up to 80 times (This is an arbitrary hard-coded number). If did not find y such that (x,y) satisfies the equation after 80 trials then return null. */ /* convert the accepted parameters to MIRACL parameters*/ miracl* mip = (miracl*)m; jbyte* string = (jbyte*) env->GetByteArrayElements(binaryString, 0); int len = env->GetArrayLength(binaryString); if (len > k){ env ->ReleaseByteArrayElements(binaryString, string, 0); return 0; } big x, p; x = mirvar(mip, 0); p = mip->modulus; int l = logb2(mip, p)/8; char* randomArray = new char[l-k-2]; char* newString = new char[l - k - 1 + len]; memcpy(newString+l-k-2, string, len); newString[l - k - 2 + len] = (char) len; int counter = 0; bool success = 0; csprng rng; srand(time(0)); long seed; char raw = rand(); time((time_t*)&seed); strong_init(&rng,1,&raw,seed); do{ for (int i=0; i<l-k-2; i++){ randomArray[i] = strong_rng(&rng); } memcpy(newString, randomArray, l-k-2); bytes_to_big(mip, l - k - 1 + len, newString, x); //If the number is negative, make it positive. if(exsign(x)== -1){ absol(x, x); } //epoint_x returns true if the given x value leads to a valid point on the curve. //if failed, go back to choose a random r etc. success = epoint_x(mip, x); counter++; } while((!success) && (counter <= 80)); //we limit the amount of times we try to 80 which is an arbitrary number. epoint* point = 0; if (success){ point = epoint_init(mip); epoint_set(mip, x, x, 0, point); } char* temp = new char[l - k - 1 + len]; big_to_bytes(mip,l - k - 1 + len , x, temp, 1); //Delete the allocated memory. env ->ReleaseByteArrayElements(binaryString, string, 0); mirkill(x); delete(randomArray); delete(newString); //Return the created point. return (long) point; }
static void mr_select(_MIPD_ big x,int d,big y,big z) { /* perform required add or subtract operation */ int sx,sy,sz,jf,xgty; #ifdef MR_FLASH if (mr_notint(x) || mr_notint(y)) { mr_berror(_MIPP_ MR_ERR_INT_OP); return; } #endif sx=exsign(x); sy=exsign(y); sz=0; x->len&=MR_OBITS; /* force operands to be positive */ y->len&=MR_OBITS; xgty=mr_compare(x,y); jf=(1+sx)+(1+d*sy)/2; switch (jf) { /* branch according to signs of operands */ case 0: if (xgty>=0) mr_padd(_MIPP_ x,y,z); else mr_padd(_MIPP_ y,x,z); sz=MINUS; break; case 1: if (xgty<=0) { mr_psub(_MIPP_ y,x,z); sz=PLUS; } else { mr_psub(_MIPP_ x,y,z); sz=MINUS; } break; case 2: if (xgty>=0) { mr_psub(_MIPP_ x,y,z); sz=PLUS; } else { mr_psub(_MIPP_ y,x,z); sz=MINUS; } break; case 3: if (xgty>=0) mr_padd(_MIPP_ x,y,z); else mr_padd(_MIPP_ y,x,z); sz=PLUS; break; } if (sz<0) z->len^=MR_MSBIT; /* set sign of result */ if (x!=z && sx<0) x->len^=MR_MSBIT; /* restore signs to operands */ if (y!=z && y!=x && sy<0) y->len^=MR_MSBIT; }
int xgcd(_MIPD_ big x,big y,big xd,big yd,big z) { /* greatest common divisor by Euclids method * * extended to also calculate xd and yd where * * z = x.xd + y.yd = gcd(x,y) * * if xd, yd not distinct, only xd calculated * * z only returned if distinct from xd and yd * * xd will always be positive, yd negative */ int q,r,a,b,c,d,s,n; mr_small m,sr; #ifdef mr_dltype mr_large u,v,lq,lr; #else mr_small u,v,lq,lr; #endif BOOL last; big t; #ifndef MR_GENERIC_MT miracl *mr_mip=get_mip(); #endif if (mr_mip->ERNUM) return 0; MR_IN(30) copy(x,mr_mip->w1); copy(y,mr_mip->w2); s=exsign(mr_mip->w1); insign(PLUS,mr_mip->w1); insign(PLUS,mr_mip->w2); /* copy(mr_mip->w1,mr_mip->w3); copy(mr_mip->w2,mr_mip->w4); */ convert(_MIPP_ 1,mr_mip->w3); zero(mr_mip->w4); last=FALSE; a=b=c=d=0; while (size(mr_mip->w2)!=0) { if (b==0) { /* update mr_mip->w1 and mr_mip->w2 */ divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5); t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */ multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0); subtract(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */ } else { premult(_MIPP_ mr_mip->w1,c,mr_mip->w5); premult(_MIPP_ mr_mip->w1,a,mr_mip->w1); premult(_MIPP_ mr_mip->w2,b,mr_mip->w0); premult(_MIPP_ mr_mip->w2,d,mr_mip->w2); add_r(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1); add_r(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2); premult(_MIPP_ mr_mip->w3,c,mr_mip->w5); premult(_MIPP_ mr_mip->w3,a,mr_mip->w3); premult(_MIPP_ mr_mip->w4,b,mr_mip->w0); premult(_MIPP_ mr_mip->w4,d,mr_mip->w4); add_r(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); add_r(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4); } if (mr_mip->ERNUM || size(mr_mip->w2)==0) break; n=(int)mr_mip->w1[0]; a=1; b=0; c=0; d=1; if (n==1) { last=TRUE; u=mr_mip->w1[1]; v=mr_mip->w2[1]; } else { m=mr_mip->w1[n]+1; if (mr_mip->base==0) { #ifdef mr_dltype /* use double length type if available */ if (n>2 && m!=0) { /* squeeze out as much significance as possible */ MR_TOP(u)=muldvm(mr_mip->w1[n],mr_mip->w1[n-1],m,&sr); MR_BOT(u)=muldvm(sr,mr_mip->w1[n-2],m,&sr); MR_TOP(v)=muldvm(mr_mip->w2[n],mr_mip->w2[n-1],m,&sr); MR_BOT(v)=muldvm(sr,mr_mip->w2[n-2],m,&sr); } else { MR_TOP(u)=mr_mip->w1[n]; MR_BOT(u)=mr_mip->w1[n-1]; MR_TOP(v)=mr_mip->w2[n]; MR_BOT(v)=mr_mip->w2[n-1]; if (n==2) last=TRUE; } #else if (m==0) { u=mr_mip->w1[n]; v=mr_mip->w2[n]; } else { u=muldvm(mr_mip->w1[n],mr_mip->w1[n-1],m,&sr); v=muldvm(mr_mip->w2[n],mr_mip->w2[n-1],m,&sr); } #endif } else { #ifdef mr_dltype /* use double length type if available */ if (n>2) { /* squeeze out as much significance as possible */ u=muldiv(mr_mip->w1[n],mr_mip->base,mr_mip->w1[n-1],m,&sr); u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1[n-2],m,&sr); v=muldiv(mr_mip->w2[n],mr_mip->base,mr_mip->w2[n-1],m,&sr); v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2[n-2],m,&sr); } else { u=(mr_large)mr_mip->base*mr_mip->w1[n]+mr_mip->w1[n-1]; v=(mr_large)mr_mip->base*mr_mip->w2[n]+mr_mip->w2[n-1]; last=TRUE; } #else u=muldiv(mr_mip->w1[n],mr_mip->base,mr_mip->w1[n-1],m,&sr); v=muldiv(mr_mip->w2[n],mr_mip->base,mr_mip->w2[n-1],m,&sr); #endif } } forever { /* work only with most significant piece */ if (last) { if (v==0) break; lq=u/v; } else { if (((v+c)==0) || ((v+d)==0)) break; lq=(u+a)/(v+c); if (lq!=(u+b)/(v+d)) break; } #ifdef mr_dltype if (lq>=(mr_large)(MR_TOOBIG/abs(d))) break; #else if (lq>=(mr_small)(MR_TOOBIG/abs(d))) break; #endif q=(int)lq; r=a-q*c; a=c; c=r; r=b-q*d; b=d; d=r; lr=u-lq*v; u=v; v=lr; } } if (s==MINUS) negate(mr_mip->w3,mr_mip->w3); if (size(mr_mip->w3)<=0) add_r(_MIPP_ mr_mip->w3,y,mr_mip->w3); if (xd!=yd) { negate(x,mr_mip->w2); mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4); copy(mr_mip->w4,yd); } copy(mr_mip->w3,xd); if (z!=xd && z!=yd) copy(mr_mip->w1,z); MR_OUT return (size(mr_mip->w1)); }