double mult2_precomp(int eb,big x,big y,big a2,big a6,int M,int A,int B,int C)
{
big e,c,d;
int iterations=0;
ebrick2 binst;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(3);
e=mirvar_mem(mem,0);
c=mirvar_mem(mem,1);
d=mirvar_mem(mem,2);
ebrick2_init(&binst,x,y,a2,a6,M,A,B,C,WINDOW,eb);
bigbits(eb,e);
start=clock();
do {
mul2_brick(&binst,e,c,d);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("EP - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
ebrick2_end(&binst);
memkill(mem,3);
return elapsed;
}
double powers_small_exp(int gb,long ex,big p)
{
int iterations=0;
big g,e,w;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(3);
g=mirvar_mem(mem,0);
e=mirvar_mem(mem,1);
w=mirvar_mem(mem,2);
bigbits(gb,g);
start=clock();
lgconv(ex,e);
do {
power(g,ex,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
if (ex==257L)
printf("V - %8d iterations of %4d/e=F3 ",iterations,gb);
if (ex==65537L)
printf("V - %8d iterations of %4d/e=F4 ",iterations,gb);
if (ex!=257L && ex!=65537L)
printf("V - %8d iterations of %4d/e=%2ld ",iterations,gb,ex);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,3);
return elapsed;
}
double powers_small_base(int g,int eb,big p)
{
int iterations=0;
big e,w;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(2);
e=mirvar_mem(mem,0);
w=mirvar_mem(mem,1);
bigbits(eb,e);
start=clock();
do {
powltr(g,e,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("S - %8d iterations of g=%d/%4d ",iterations,g,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,2);
return elapsed;
}
double powers_double(int gb,int eb,big p)
{
int iterations=0;
clock_t start;
double elapsed;
big g1,e1,g2,e2,w;
char *mem;
mem=(char *)memalloc(5);
g1=mirvar_mem(mem,0);
e1=mirvar_mem(mem,1);
g2=mirvar_mem(mem,2);
e2=mirvar_mem(mem,3);
w=mirvar_mem(mem,4);
bigbits(gb,g1);
bigbits(gb,g2);
bigbits(eb,e1);
bigbits(eb,e2);
start=clock();
do {
powmod2(g1,e1,g2,e2,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("D - %8d iterations of %4d/%4d ",iterations,gb,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,4);
return elapsed;
}
double mult2_double(int eb,epoint *g)
{
big e1,e2;
int iterations=0;
clock_t start;
double elapsed;
char *mem1;
char *mem2;
epoint *w;
epoint *r1;
epoint *r2;
mem1=(char *)memalloc(2);
mem2=(char *)ecp_memalloc(3);
e1=mirvar_mem(mem1,0);
e2=mirvar_mem(mem1,1);
w=epoint_init_mem(mem2,0);
r1=epoint_init_mem(mem2,1);
r2=epoint_init_mem(mem2,2);
bigbits(eb,e1);
ecurve2_mult(e1,g,r1); /* generate a random point on the curve */
bigbits(eb,e2);
ecurve2_mult(e2,g,r2); /* generate a random point on the curve */
bigbits(eb,e1);
bigbits(eb,e2);
start=clock();
do {
ecurve2_mult2(e1,r1,e2,r2,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ED - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
ecp_memkill(mem2,3);
memkill(mem1,2);
return elapsed;
}
int main()
{
big p,q,dp,dq,m,c,m1;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2124 bytes from the stack */
#ifndef MR_STATIC
miracl *mr_mip=mirsys(&instance,WORDS*8,16);
char *mem=memalloc(_MIPP_ ,7);
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*8,16); /* size of bigs is fixed */
char mem[MR_BIG_RESERVE(7)]; /* reserve space on the stack for 7 bigs */
memset(mem,0,MR_BIG_RESERVE(7)); /* clear this memory */
#endif
/* Initialise bigs */
p=mirvar_mem(_MIPP_ mem,0);
q=mirvar_mem(_MIPP_ mem,1);
dp=mirvar_mem(_MIPP_ mem,2);
dq=mirvar_mem(_MIPP_ mem,3);
m=mirvar_mem(_MIPP_ mem,4);
c=mirvar_mem(_MIPP_ mem,5);
m1=mirvar_mem(_MIPP_ mem,6);
romptr=0;
init_big_from_rom(p,WORDS,rom,256,&romptr);
init_big_from_rom(q,WORDS,rom,256,&romptr);
init_big_from_rom(dp,WORDS,rom,256,&romptr);
init_big_from_rom(dq,WORDS,rom,256,&romptr);
bigbits(_MIPP_ 512,c);
/* count clocks, instructions and CPI from here.. */
//for (i=0;i<100000;i++)
//{
powmod(_MIPP_ c,dp,p,m);
powmod(_MIPP_ c,dq,q,m1);
//}
/* to here... */
#ifndef MR_NO_STANDARD_IO
otnum(_MIPP_ m,stdout);
otnum(_MIPP_ m1,stdout);
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,7);
#else
memset(mem,0,MR_BIG_RESERVE(6)); /* clear this stack memory */
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
void pollard(big id,big dl)
{
int i;
long iter;
big_chinese bc;
big w,Q,R,m,n,q;
char stack_mem[mr_big_reserve(6,50)];
memset(stack_mem,0,mr_big_reserve(6,50));
w=mirvar_mem(stack_mem,0);
Q=mirvar_mem(stack_mem,1);
R=mirvar_mem(stack_mem,2);
m=mirvar_mem(stack_mem,3);
n=mirvar_mem(stack_mem,4);
q=mirvar_mem(stack_mem,5);
copy(id,q);
crt_init(&bc,np,pp);
for (i=0;i<np;i++)
{ /* accumulate solutions for each pp */
copy(p1,w);
divide(w,pp[i],w);
powmod(q,w,p,Q);
powltr(PROOT,w,p,R);
copy(pp[i],order);
iter=rho(Q,R,m,n);
xgcd(m,order,w,w,w);
mad(w,n,n,order,order,rem[i]);
printf("%9ld iterations needed\n",iter);
}
crt(&bc,rem,dl); /* apply chinese remainder thereom */
crt_end(&bc);
}
void ecap(_MIPD_ zzn2 *Qx,zzn2 *Qy,epoint *P,big T,big fr,big delta,zzn2* r)
{
zzn4 res,w;
#ifndef MR_STATIC
char *mem=memalloc(_MIPP_ 8);
#else
char mem[MR_BIG_RESERVE(8)];
memset(mem,0,MR_BIG_RESERVE(8));
#endif
res.x.a=mirvar_mem(_MIPP_ mem,0);
res.x.b=mirvar_mem(_MIPP_ mem,1);
res.y.a=mirvar_mem(_MIPP_ mem,2);
res.y.b=mirvar_mem(_MIPP_ mem,3);
w.x.a=mirvar_mem(_MIPP_ mem,4);
w.x.b=mirvar_mem(_MIPP_ mem,5);
w.y.a=mirvar_mem(_MIPP_ mem,6);
w.y.b=mirvar_mem(_MIPP_ mem,7);
res.unitary=FALSE;
w.unitary=FALSE;
epoint_norm(_MIPP_ P);
fast_tate_pairing(_MIPP_ Qx,Qy,P,T,fr,delta,&w,&res);
zzn4_copy(&res,&w);
zzn4_powq(_MIPP_ fr,&res);
zzn4_powu(_MIPP_ &w,delta,&w);
zzn4_mul(_MIPP_ &res,&w,&res);
zzn2_copy(&(res.x),r);
#ifdef MR_COUNT_OPS
printf("Final Exponentiation cost\n");
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,8);
#else
memset(mem,0,MR_BIG_RESERVE(8));
#endif
}
double powers_precomp(int gb,int eb,big p)
{
int iterations=0;
clock_t start;
double elapsed;
brick binst;
big g,e,w;
char *mem;
mem=(char *)memalloc(3);
g=mirvar_mem(mem,0);
e=mirvar_mem(mem,1);
w=mirvar_mem(mem,2);
bigbits(gb,g);
brick_init(&binst,g,p,WINDOW,eb);
bigbits(eb,e);
start=clock();
do {
pow_brick(&binst,e,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("P - %8d iterations of %4d/%4d ",iterations,gb,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
brick_end(&binst);
memkill(mem,3);
return elapsed;
}
double mults2(int eb,epoint *g)
{
big e;
int iterations=0;
clock_t start;
double elapsed;
epoint *w;
epoint *r;
char *mem1;
char *mem2;
mem1=(char *)memalloc(1);
mem2=(char *)ecp_memalloc(2);
e=mirvar_mem(mem1,0);
w=epoint_init_mem(mem2,0);
r=epoint_init_mem(mem2,1);
bigbits(eb,e);
ecurve2_mult(e,g,r); /* generate a random point on the curve */
bigbits(eb,e);
start=clock();
do {
ecurve2_mult(e,r,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ER - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem1,1);
ecp_memkill(mem2,2);
return elapsed;
}
void tate(_MIPD_ epoint *P,epoint *Q,big *res)
{
int i;
big f[4];
#ifndef MR_STATIC
char *mem=(char *)memalloc(_MIPP_ 4);
#else
char mem[MR_BIG_RESERVE(4)]; /* 160 bytes from stack */
memset(mem,0,MR_BIG_RESERVE(4));
#endif
for (i=0;i<4;i++) f[i]=mirvar_mem(_MIPP_ mem,i);
eta_T(_MIPP_ P,Q,f,res);
invert(_MIPP_ f);
mult4(_MIPP_ res,f,res);
#ifndef MR_STATIC
memkill(_MIPP_ mem,4);
#else
memset(mem,0,MR_BIG_RESERVE(4));
#endif
}
long rho(big q,big r,big m,big n)
{ /* find q^m = r^n */
long iter,rr,i;
char stack_mem[mr_big_reserve(6,50)];
big ax,bx,ay,by,x,y;
memset(stack_mem,0,mr_big_reserve(6,50));
ax=mirvar_mem(stack_mem,0);
bx=mirvar_mem(stack_mem,1);
ay=mirvar_mem(stack_mem,2);
by=mirvar_mem(stack_mem,3);
x=mirvar_mem(stack_mem,4);
y=mirvar_mem(stack_mem,5);
convert(1,y);
zero(ay); zero(by);
iter=0L;
rr=1L;
do
{ /* Brent's Cycle finder */
copy(y,x);
copy(ay,ax);
copy(by,bx);
rr*=2;
for (i=1L;i<=rr;i++)
{
iter++;
iterate(y,q,r,ay,by);
if (compare(x,y)==0) break;
}
} while (compare(x,y)!=0);
subtract(ax,ay,m);
if (size(m)<0) add(m,order,m);
subtract(by,bx,n);
if (size(n)<0) add(n,order,n);
return iter;
}
void g(_MIPD_ zzn2 *Ax,zzn2 *Ay,zzn2 *Az,zzn2 *Bx,zzn2 *By,zzn2 *Bz,big Px,big Py,zzn4 *w)
{
BOOL Doubling;
zzn2 lam,extra1,extra2,Kx,nn,dd;
#ifndef MR_STATIC
char *mem = memalloc(_MIPP_ 12);
#else
char mem[MR_BIG_RESERVE(12)];
memset(mem, 0, MR_BIG_RESERVE(12));
#endif
lam.a=mirvar_mem(_MIPP_ mem,0);
lam.b=mirvar_mem(_MIPP_ mem,1);
extra1.a=mirvar_mem(_MIPP_ mem,2);
extra1.b=mirvar_mem(_MIPP_ mem,3);
extra2.a=mirvar_mem(_MIPP_ mem,4);
extra2.b=mirvar_mem(_MIPP_ mem,5);
Kx.a=mirvar_mem(_MIPP_ mem,6);
Kx.b=mirvar_mem(_MIPP_ mem,7);
nn.a=mirvar_mem(_MIPP_ mem,8);
nn.b=mirvar_mem(_MIPP_ mem,9);
dd.a=mirvar_mem(_MIPP_ mem,10);
dd.b=mirvar_mem(_MIPP_ mem,11);
zzn2_copy(Ax,&Kx);
Doubling=ecurve_fp2_add(_MIPP_ Bx,By,Bz,Ax,Ay,Az,&lam,&extra1,&extra2);
/* Get extra information from the point addition, for use in the line functions */
if (!Doubling)
{
zzn2_smul(_MIPP_ Az,Py,&nn);
zzn2_timesi(_MIPP_ &nn);
zzn2_copy(Bx,&dd);
zzn2_timesi(_MIPP_ &dd);
zzn2_sadd(_MIPP_ &dd,Px,&dd);
zzn2_mul(_MIPP_ &lam,&dd,&lam);
zzn2_copy(By,&dd);
zzn2_timesi(_MIPP_ &dd);
zzn2_mul(_MIPP_ &dd,Az,&dd);
zzn2_sub(_MIPP_ &lam,&dd,&dd);
}
else
{
zzn2_smul(_MIPP_ &extra2,Py,&nn);
zzn2_mul(_MIPP_ &nn,Az,&nn);
zzn2_timesi(_MIPP_ &nn);
zzn2_timesi(_MIPP_ &Kx);
zzn2_smul(_MIPP_ &extra2,Px,&dd);
zzn2_add(_MIPP_ &dd,&Kx,&dd);
zzn2_mul(_MIPP_ &lam,&dd,&lam);
zzn2_timesi(_MIPP_ &extra1);
zzn2_sub(_MIPP_ &lam,&extra1,&dd);
}
zzn2_copy(&nn,&(w->x));
zzn2_copy(&dd,&(w->y));
#ifndef MR_STATIC
memkill(_MIPP_ mem,12);
#else
memset(mem,0,MR_BIG_RESERVE(12));
#endif
return;
}
int main()
{
big a2,a6,bx,r;
big res[4];
epoint *P,*Q;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2000 bytes from the stack */
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=(char *)memalloc(_MIPP_ 8);
char *mem1=(char *)ecp_memalloc(_MIPP_ 2);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); /* size of bigs is fixed */
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(8)]; /* reserve space on the stack for 8 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* reserve space on stack for 2 curve points */
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(2)); /* ~668 bytes in all */
#endif
/* Initialise bigs */
a2=mirvar_mem(_MIPP_ mem,0);
a6=mirvar_mem(_MIPP_ mem,1);
bx=mirvar_mem(_MIPP_ mem,2);
for (i=0;i<4;i++)
res[i]=mirvar_mem(_MIPP_ mem,3+i);
r=mirvar_mem(_MIPP_ mem,7);
/* printf("ROM size= %d\n",sizeof(rom)+sizeof(prom)); */
#ifndef MR_NO_STANDARD_IO
#ifdef MR_STATIC
printf("n Bigs require n*%d+%d bytes\n",MR_SIZE,MR_SL);
printf("n Points require n*%d+%d bytes\n",MR_ESIZE,MR_SL);
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
#endif
/* Initialise Elliptic curve points */
P=epoint_init_mem(_MIPP_ mem1,0);
Q=epoint_init_mem(_MIPP_ mem1,1);
/* Initialise supersingular curve */
convert(_MIPP_ 1,a2);
convert(_MIPP_ B,a6);
/* The -M tells MIRACL that this is a supersingular curve */
if (!ecurve2_init(_MIPP_ -M,T,U,V,a2,a6,FALSE,MR_PROJECTIVE))
{
#ifndef MR_NO_STANDARD_IO
printf("Problem with the curve\n");
#endif
return 0;
}
/* Get P and Q from ROM */
/* These should have been multiplied by the cofactor 487805 = 5*97561 */
/* 487805 is a cofactor of the group order 2^271+2^136+1 */
romptr=0;
init_point_from_rom(P,WORDS,rom,ROMSZ,&romptr);
init_point_from_rom(Q,WORDS,rom,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf( "P= \n");
otnum(_MIPP_ P->X,stdout);
otnum(_MIPP_ P->Y,stdout);
printf( "Q= \n");
otnum(_MIPP_ Q->X,stdout);
otnum(_MIPP_ Q->Y,stdout);
#endif
bigbits(_MIPP_ 160,r);
/* Simple bilinearity test */
tate(_MIPP_ P,Q,res);
/* this could break the 4k stack, 2060+668+2996 >4K */
/* so we cannot afford much precomputation in power4 */
power4(_MIPP_ res,r,res); /* res=res^{sr} */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,Q)^r= \n");
for (i=0;i<4;i++)
{
otnum(_MIPP_ res[i],stdout);
zero(res[i]);
}
#endif
ecurve2_mult(_MIPP_ r,Q,Q); /* Q=rQ */
epoint2_norm(_MIPP_ Q);
tate(_MIPP_ P,Q,res); /* Now invert is taken out of Tate, and the stack should be OK */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,rQ)= \n");
for (i=0;i<4;i++)
otnum(_MIPP_ res[i],stdout);
#endif
/* all done */
#ifndef MR_STATIC
memkill(_MIPP_ mem,8);
ecp_memkill(_MIPP_ mem1,2);
#else
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(2));
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
int crypto_dh(unsigned char *s,const unsigned char* pk,const unsigned char *sk)
{
int i,promptr;
ecn2 P;
big A,B,p,a[2];
zzn2 x,y,psi[2];
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(17)]; /* we need 17 bigs... */
memset(mem_big, 0, MR_BIG_RESERVE(17)); /* clear the memory */
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
x.a=mirvar_mem(mip, mem_big, 2);
x.b=mirvar_mem(mip, mem_big, 3);
#ifndef COMPRESSED
y.a=mirvar_mem(mip, mem_big, 4);
y.b=mirvar_mem(mip, mem_big, 5);
#endif
a[0]=mirvar_mem(mip, mem_big, 6);
a[1]=mirvar_mem(mip, mem_big, 7);
p=mirvar_mem(mip, mem_big, 8);
P.x.a=mirvar_mem(mip, mem_big, 9);
P.x.b=mirvar_mem(mip, mem_big, 10);
P.y.a=mirvar_mem(mip, mem_big, 11);
P.y.b=mirvar_mem(mip, mem_big, 12);
P.z.a=mirvar_mem(mip, mem_big, 13);
P.z.b=mirvar_mem(mip, mem_big, 14);
P.marker=MR_EPOINT_INFINITY;
psi[0].a=mirvar_mem(mip, mem_big, 15);
psi[0].b=mirvar_mem(mip, mem_big, 16);
promptr=0;
init_big_from_rom(p,WORDS,rom,16,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,16,&promptr); /* Read in curve parameter B from ROM */
init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
init_big_from_rom(x.a,WORDS,rom,16,&promptr);
init_big_from_rom(x.b,WORDS,rom,16,&promptr);
#ifndef COMPRESSED
init_big_from_rom(y.a,WORDS,rom,16,&promptr);
init_big_from_rom(y.b,WORDS,rom,16,&promptr);
#endif
convert(mip,1,A); /* Fix A=1 */
/* offline calculations */
ecurve_init(mip,A,B,p,MR_PROJECTIVE);
mip->TWIST=TRUE;
/* Alice calculates secret key */
bytes_to_big(mip,16,pk,x.a);
bytes_to_big(mip,16,&pk[16],x.b);
bytes_to_big(mip,16,sk,a[0]);
bytes_to_big(mip,16,&sk[16],a[1]);
#ifndef COMPRESSED
bytes_to_big(mip,16,&pk[32],y.a);
bytes_to_big(mip,16,&pk[48],y.b);
if (!ecn2_set(mip,&x,&y,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#else
if (!ecn2_setx(mip,&x,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#endif
ecn2_mul2_gls(mip,a,&P,psi,&P);
ecn2_getx(&P,&x);
#ifdef COMPRESSED
zzn2_sqr(mip,&x,&x); /* I tossed y, so I might have wrong sign.. */
#endif
big_to_bytes(mip,16,x.a,s,TRUE);
big_to_bytes(mip,16,x.b,&s[16],TRUE);
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return 0;
}
Ps_ZZn operator*(Ps_ZZn& a,Ps_ZZn& b)
{
Ps_ZZn prod;
ZZn t;
term_ps_zzn *aptr,*bptr,*pos;
int ka,kb,i,pa,pb,d,deg,g;
if (a.IsInt())
{
if (a.start==NULL) return prod;
else return (a.start->an*b);
}
if (b.IsInt())
{
if (b.start==NULL) return prod;
else return (b.start->an*a);
}
g=igcd(a.pwr,b.pwr);
deg=psN/g;
#ifdef FFT
if (deg>=FFT_BREAK_EVEN)
{ // use fast methods
big *A,*B,*C;
A=(big *)mr_alloc(deg,sizeof(big));
B=(big *)mr_alloc(deg,sizeof(big));
C=(big *)mr_alloc(deg,sizeof(big));
char *memc=(char *)memalloc(deg);
for (i=0;i<deg;i++) C[i]=mirvar_mem(memc,i);
ka=a.pwr/g;
a.decompress(ka);
aptr=a.start;
while (aptr!=NULL)
{
d=aptr->n;
if (d >= deg) break;
A[d]=getbig(aptr->an);
aptr=aptr->next;
}
kb=b.pwr/g;
b.decompress(kb);
bptr=b.start;
while (bptr!=NULL)
{
d=bptr->n;
if (d >= deg) break;
B[d]=getbig(bptr->an);
bptr=bptr->next;
}
mr_ps_zzn_mul(deg,A,B,C);
pos=NULL;
for (d=0;d<deg;d++)
{
t=C[d];
if (t.iszero()) continue;
pos=prod.addterm(t,d*g,pos);
}
memkill(memc,deg);
a.compress(ka); b.compress(kb);
mr_free(C); mr_free(B); mr_free(A);
}
else
{
#endif
bptr=b.start;
while (bptr!=NULL)
{
aptr=a.start;
pb=bptr->n*b.pwr-b.offset;
pos=NULL;
while (aptr!=NULL)
{
pa=aptr->n*a.pwr-a.offset;
if (pb+pa>=psN) break;
pos=prod.addterm(aptr->an*bptr->an,pa+pb,pos);
aptr=aptr->next;
}
bptr=bptr->next;
}
#ifdef FFT
}
#endif
if (prod.start!=NULL) prod.offset=a.offset+b.offset;
return prod;
}
int main()
{
FILE *fp;
int ep,m,a,b,c;
epoint *g,*public;
char ifname[50],ofname[50];
big a2,a6,q,x,y,v,u1,u2,r,s,hash;
miracl instance;
miracl *mip=&instance;
char mem[MR_BIG_RESERVE(11)]; /* reserve space on the stack for 11 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* and two elliptic curve points */
memset(mem,0,MR_BIG_RESERVE(11));
memset(mem1,0,MR_ECP_RESERVE(2));
/* get public data */
fp=fopen("common2.ecs","rt");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(mip,MR_ROUNDUP(abs(m),4),16);
a2=mirvar_mem(mip,mem,0);
a6=mirvar_mem(mip,mem,1);
q=mirvar_mem(mip,mem,2);
x=mirvar_mem(mip,mem,3);
y=mirvar_mem(mip,mem,4);
v=mirvar_mem(mip,mem,5);
u1=mirvar_mem(mip,mem,6);
u2=mirvar_mem(mip,mem,7);
s=mirvar_mem(mip,mem,8);
r=mirvar_mem(mip,mem,9);
hash=mirvar_mem(mip,mem,10);
innum(mip,a2,fp);
innum(mip,a6,fp);
innum(mip,q,fp);
innum(mip,x,fp);
innum(mip,y,fp);
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
ecurve2_init(mip,m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint_init_mem(mip,mem1,0);
epoint2_set(mip,x,y,0,g); /* initialise point of order q */
/* get public key of signer */
fp=fopen("public.ecs","rt");
if (fp==NULL)
{
printf("file public.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d",&ep);
innum(mip,x,fp);
fclose(fp);
public=epoint_init_mem(mip,mem1,1);
int main()
{
FILE *fp;
char ifname[50],ofname[50];
big a,b,p,q,x,y,d,r,s,k,hash;
epoint *g;
long seed;
int bits;
miracl instance;
miracl *mip=&instance;
char mem[MR_BIG_RESERVE(11)]; /* reserve space on the stack for 11 bigs */
char mem1[MR_ECP_RESERVE(1)]; /* and one elliptic curve points */
memset(mem,0,MR_BIG_RESERVE(11));
memset(mem1,0,MR_ECP_RESERVE(1));
/* get public data */
#ifndef MR_EDWARDS
fp=fopen("common.ecs","rt");
if (fp==NULL)
{
printf("file common.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#else
fp=fopen("edwards.ecs","rt");
if (fp==NULL)
{
printf("file edwards.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#endif
mirsys(mip,bits/4,16); /* Use Hex internally */
a=mirvar_mem(mip,mem,0);
b=mirvar_mem(mip,mem,1);
p=mirvar_mem(mip,mem,2);
q=mirvar_mem(mip,mem,3);
x=mirvar_mem(mip,mem,4);
y=mirvar_mem(mip,mem,5);
d=mirvar_mem(mip,mem,6);
r=mirvar_mem(mip,mem,7);
s=mirvar_mem(mip,mem,8);
k=mirvar_mem(mip,mem,9);
hash=mirvar_mem(mip,mem,10);
innum(mip,p,fp); /* modulus */
innum(mip,a,fp); /* curve parameters */
innum(mip,b,fp);
innum(mip,q,fp); /* order of (x,y) */
innum(mip,x,fp); /* (x,y) point on curve of order q */
innum(mip,y,fp);
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(mip,seed);
ecurve_init(mip,a,b,p,MR_PROJECTIVE); /* initialise curve */
g=epoint_init_mem(mip,mem1,0);
epoint_set(mip,x,y,0,g); /* initialise point of order q */
/* calculate r - this can be done offline,
and hence amortized to almost nothing */
bigrand(mip,q,k);
ecurve_mult(mip,k,g,g); /* see ebrick.c for method to speed this up */
epoint_get(mip,g,r,r);
divide(mip,r,q,q);
/* get private key of signer */
fp=fopen("private.ecs","rt");
if (fp==NULL)
{
printf("file private.ecs does not exist\n");
return 0;
}
innum(mip,d,fp);
fclose(fp);
/* calculate message digest */
printf("file to be signed = ");
gets(ifname);
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".ecs");
if ((fp=fopen(ifname,"rb"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
hashing(mip,fp,hash);
fclose(fp);
/* calculate s */
xgcd(mip,k,q,k,k,k);
mad(mip,d,r,hash,q,q,s);
mad(mip,s,k,k,q,q,s);
fp=fopen(ofname,"wt");
otnum(mip,r,fp);
otnum(mip,s,fp);
fclose(fp);
memset(mem,0,MR_BIG_RESERVE(11));
memset(mem1,0,MR_ECP_RESERVE(1));
return 0;
}
void zzn4_powu(_MIPD_ zzn4 *x,big k,zzn4 *u)
{
zzn4 t[5],u2;
big k3;
int i,j,n,nb,nbw,nzs;
#ifndef MR_STATIC
char *mem=memalloc(_MIPP_ 25);
#else
char mem[MR_BIG_RESERVE(25)];
memset(mem,0,MR_BIG_RESERVE(25));
#endif
if (size(k)==0)
{
zzn4_from_int(_MIPP_ 1,u);
return;
}
zzn4_copy(x,u);
if (size(k)==1) return;
for (j=i=0; i<5; i++)
{
t[i].x.a=mirvar_mem(_MIPP_ mem,j++);
t[i].x.b=mirvar_mem(_MIPP_ mem,j++);
t[i].y.a=mirvar_mem(_MIPP_ mem,j++);
t[i].y.b=mirvar_mem(_MIPP_ mem,j++);
t[i].unitary=FALSE;
}
u2.x.a=mirvar_mem(_MIPP_ mem,j++);
u2.x.b=mirvar_mem(_MIPP_ mem,j++);
u2.y.a=mirvar_mem(_MIPP_ mem,j++);
u2.y.b=mirvar_mem(_MIPP_ mem,j++);
u2.unitary=FALSE;
k3=mirvar_mem(_MIPP_ mem,j);
premult(_MIPP_ k,3,k3);
zzn4_mul(_MIPP_ u,u,&u2);
zzn4_copy(u,&t[0]);
for (i=1; i<=4; i++)
zzn4_mul(_MIPP_ &u2,&t[i-1],&t[i]);
nb=logb2(_MIPP_ k3);
for (i=nb-2; i>=1;)
{
n=mr_naf_window(_MIPP_ k,k3,i,&nbw,&nzs,5);
for (j=0; j<nbw; j++) zzn4_mul(_MIPP_ u,u,u);
if (n>0) zzn4_mul(_MIPP_ u,&t[n/2],u);
if (n<0)
{
zzn4_conj(_MIPP_ &t[-n/2],&u2);
zzn4_mul(_MIPP_ u,&u2,u);
}
i-=nbw;
if (nzs)
{
for (j=0; j<nzs; j++) zzn4_mul(_MIPP_ u,u,u);
i-=nzs;
}
}
#ifndef MR_STATIC
memkill(_MIPP_ mem,25);
#else
memset(mem,0,MR_BIG_RESERVE(25));
#endif
}
int crypto_dh_keypair(unsigned char* pk,unsigned char *sk)
{
int i,promptr;
big A,B,p,a[2];
zzn2 x,y,psi[2];
miracl instance; /* create miracl workspace on the stack */
ebrick binst;
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(11)]; /* we need 10 bigs... */
memset(mem_big, 0, MR_BIG_RESERVE(11)); /* clear the memory */
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
x.a=mirvar_mem(mip, mem_big, 2);
x.b=mirvar_mem(mip, mem_big, 3);
y.a=mirvar_mem(mip, mem_big, 4);
y.b=mirvar_mem(mip, mem_big, 5);
a[0]=mirvar_mem(mip, mem_big, 6);
a[1]=mirvar_mem(mip, mem_big, 7);
p=mirvar_mem(mip, mem_big, 8);
psi[0].a=mirvar_mem(mip, mem_big, 9);
psi[0].b=mirvar_mem(mip, mem_big, 10);
promptr=0;
init_big_from_rom(p,WORDS,rom,16,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,16,&promptr); /* Read in curve parameter B from ROM */
init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
convert(mip,1,A); /* Fix A=1 */
ecn2_brick_init(&binst,prom,A,B,p,6,128);
/* Alices key gen calculation */
#ifdef HAVE_MAIN
for (i=0;i<32;i++) sk[i]=rand();
#else
randombytes(sk,32);
#endif
sk[15]&=0x3f; sk[31]&=0x3f;
bytes_to_big(mip,16,sk,a[0]);
bytes_to_big(mip,16,&sk[16],a[1]);
ecn2_mul_brick_gls(mip,&binst,a,psi,&x,&y);
big_to_bytes(mip,16,x.a,pk,TRUE);
big_to_bytes(mip,16,x.b,&pk[16],TRUE);
#ifndef COMPRESSED
big_to_bytes(mip,16,y.a,&pk[32],TRUE);
big_to_bytes(mip,16,y.b,&pk[48],TRUE);
#endif
memset(mem_big, 0, MR_BIG_RESERVE(11));
mirexit(mip);
return 0;
}
BOOL ecurve_fp2_add(_MIPD_ zzn2 *Zx, zzn2 *Zy, zzn2 *Zz, zzn2 *x, zzn2 *y, zzn2 *z, zzn2 *lam,zzn2 *ex1,zzn2 *ex2)
{
BOOL doubling,normed;
zzn2 Xzz, Yzzz, xZZ, yZZZ, zz, ZZ;
zzn2 t1, t2, t3, x3;
#ifndef MR_STATIC
char *mem = memalloc(_MIPP_ 20);
#else
char mem[MR_BIG_RESERVE(20)];
memset(mem, 0, MR_BIG_RESERVE(20));
#endif
Xzz.a = mirvar_mem(_MIPP_ mem, 0);
Xzz.b = mirvar_mem(_MIPP_ mem, 1);
Yzzz.a = mirvar_mem(_MIPP_ mem, 2);
Yzzz.b = mirvar_mem(_MIPP_ mem, 3);
xZZ.a = mirvar_mem(_MIPP_ mem, 4);
xZZ.b = mirvar_mem(_MIPP_ mem, 5);
yZZZ.a = mirvar_mem(_MIPP_ mem, 6);
yZZZ.b = mirvar_mem(_MIPP_ mem, 7);
zz.a = mirvar_mem(_MIPP_ mem, 8);
zz.b = mirvar_mem(_MIPP_ mem, 9);
ZZ.a = mirvar_mem(_MIPP_ mem, 10);
ZZ.b = mirvar_mem(_MIPP_ mem, 11);
t1.a = mirvar_mem(_MIPP_ mem, 12);
t1.b = mirvar_mem(_MIPP_ mem, 13);
t2.a = mirvar_mem(_MIPP_ mem, 14);
t2.b = mirvar_mem(_MIPP_ mem, 15);
t3.a = mirvar_mem(_MIPP_ mem, 16);
t3.b = mirvar_mem(_MIPP_ mem, 17);
x3.a = mirvar_mem(_MIPP_ mem, 18);
x3.b = mirvar_mem(_MIPP_ mem, 19);
doubling=FALSE;
if (z==Zz) doubling=TRUE;
if (!doubling)
{ // maybe we are really doubling? Or P-=P?
if (!zzn2_isunity(_MIPP_ Zz))
{
zzn2_mul(_MIPP_ Zz, Zz, &ZZ); // ZZ = Zz^2
zzn2_mul(_MIPP_ x, &ZZ, &xZZ); // xZZ = x * Zz^2
zzn2_mul(_MIPP_ &ZZ, Zz, &yZZZ); // yZZZ = Zz^3
zzn2_mul(_MIPP_ &yZZZ, y, &yZZZ); // yZZZ = y * Zz^3
normed=FALSE;
}
else
{
zzn2_copy(x,&xZZ);
zzn2_copy(y,&yZZZ);
normed=TRUE;
}
if (!zzn2_isunity(_MIPP_ z))
{
zzn2_mul(_MIPP_ z, z, &zz); // zz = z^2
zzn2_mul(_MIPP_ Zx, &zz, &Xzz); // Xzz = Zx * z^2
zzn2_mul(_MIPP_ &zz, z, &Yzzz); // Yzzz = z^3
zzn2_mul(_MIPP_ &Yzzz, Zy, &Yzzz); // Yzzz = Zy * z^3
}
else
{
zzn2_copy(Zx,&Xzz);
zzn2_copy(Zy,&Yzzz);
}
if (zzn2_compare(&Xzz,&xZZ))
{
if (!zzn2_compare(&Yzzz,&yZZZ) || zzn2_iszero(y))
{
zzn2_zero(x);
zzn2_zero(y);
zzn2_zero(z);
zzn2_from_int(_MIPP_ 1,lam);
#ifndef MR_STATIC
memkill(_MIPP_ mem, 20);
#else
memset(mem, 0, MR_BIG_RESERVE(20));
#endif
return doubling;
}
else
doubling=TRUE;
}
}
if (!doubling)
{ // point addition
zzn2_sub(_MIPP_ &xZZ, &Xzz, &t1); // t1 = Xzz - xZZ
zzn2_sub(_MIPP_ &yZZZ, &Yzzz, lam); // lam = yZZZ - yZZZ
zzn2_mul(_MIPP_ z,&t1,z);
if (!normed) zzn2_mul(_MIPP_ z,&ZZ,z);
zzn2_mul(_MIPP_ &t1,&t1,&t2);
zzn2_add(_MIPP_ &xZZ,&Xzz,&t3);
zzn2_mul(_MIPP_ &t3,&t2,&t3);
zzn2_mul(_MIPP_ lam, lam, &x3); // x3 = lam^2
zzn2_sub(_MIPP_ &x3,&t3,&x3);
zzn2_sub(_MIPP_ &t3,&x3,&t3);
zzn2_sub(_MIPP_ &t3,&x3,&t3);
zzn2_mul(_MIPP_ &t3,lam,&t3);
zzn2_mul(_MIPP_ &t2,&t1,&t2);
zzn2_add(_MIPP_ &yZZZ,&Yzzz,&t1);
zzn2_mul(_MIPP_ &t1,&t2,&t1);
zzn2_sub(_MIPP_ &t3,&t1,y);
zzn2_div2(_MIPP_ y);
zzn2_copy(&x3,x);
}
else
{ // point doubling
zzn2_mul(_MIPP_ y, y, &t2); // t2 = y^2
/* its on the twist so A=6! */
zzn2_mul(_MIPP_ z,z,ex2);
zzn2_mul(_MIPP_ x,x,lam);
zzn2_mul(_MIPP_ ex2,ex2,&t1);
zzn2_add(_MIPP_ &t1,&t1,&t1);
zzn2_add(_MIPP_ lam,&t1,lam);
zzn2_copy(lam,&t1);
zzn2_add(_MIPP_ lam,lam,lam);
zzn2_add(_MIPP_ lam,&t1,lam);
zzn2_mul(_MIPP_ x, &t2, &t1); // t1 = x * y^2
zzn2_add(_MIPP_ &t1, &t1, &t1); // t1 = 2(x*y^2)
zzn2_add(_MIPP_ &t1, &t1, &t1); // t1 = 4(x*y^2)
// x = lam^2 - t1 - t1
zzn2_mul(_MIPP_ lam, lam, x); // x = lam^2
zzn2_sub(_MIPP_ x, &t1, x); // x = lam^2 - t1
zzn2_sub(_MIPP_ x, &t1, x); // x = lam^2 - 2t1
zzn2_mul(_MIPP_ z, y , z); // z = yz
zzn2_add(_MIPP_ z, z, z); // z = 2yz
// 8 * y^2
zzn2_add(_MIPP_ &t2, &t2, &t2); // t2 = 2y^2
zzn2_copy(&t2,ex1);
zzn2_mul(_MIPP_ &t2, &t2, &t2); // t2 = 4y^2
zzn2_add(_MIPP_ &t2, &t2, &t2); // t2 = 8y^2
// y = lam*(t - x) - y^2
zzn2_sub(_MIPP_ &t1, x, y); // y = t1 - x
zzn2_mul(_MIPP_ y, lam, y); // y = lam(t1 - x)
zzn2_sub(_MIPP_ y, &t2, y); // y = lam(t1 - x) * y^2
}
#ifndef MR_STATIC
memkill(_MIPP_ mem, 20);
#else
memset(mem, 0, MR_BIG_RESERVE(20));
#endif
return doubling;
}
int main()
{ /* factoring program using Brents method */
long k,r,i,m,iter;
big x,y,z,n,q,ys,c3;
#ifndef MR_STATIC
miracl *mip=mirsys(16,0); /* if allocating from the heap, specify size of bigs here */
char *mem=memalloc(7); /* allocate and clear memory from the heap for 7 bigs */
#else
miracl *mip=mirsys(MR_STATIC,0); /* If allocating from the stack, size of bigs is pre-defined */
char mem[MR_BIG_RESERVE(7)]; /* reserve space on the stack for 7 bigs ... */
memset(mem,0,MR_BIG_RESERVE(7)); /* ... and clear this memory */
#endif
x=mirvar_mem(mem,0); /* 7 bigs have index from 0-6 */
y=mirvar_mem(mem,1);
ys=mirvar_mem(mem,2);
z=mirvar_mem(mem,3);
n=mirvar_mem(mem,4);
q=mirvar_mem(mem,5);
c3=mirvar_mem(mem,6);
convert(3,c3);
printf("input number to be factored\n");
cinnum(n,stdin);
if (isprime(n))
{
printf("this number is prime!\n");
return 0;
}
m=10L;
r=1L;
iter=0L;
do
{
printf("iterations=%5ld",iter);
convert(1,q);
do
{
copy(y,x);
for (i=1L;i<=r;i++)
mad(y,y,c3,n,n,y);
k=0;
do
{
iter++;
if (iter%10==0) printf("\b\b\b\b\b%5ld",iter);
fflush(stdout);
copy(y,ys);
for (i=1L;i<=mr_min(m,r-k);i++)
{
mad(y,y,c3,n,n,y);
subtract(y,x,z);
mad(z,q,q,n,n,q);
}
egcd(q,n,z);
k+=m;
} while (k<r && size(z)==1);
r*=2;
} while (size(z)==1);
if (compare(z,n)==0) do
{ /* back-track */
mad(ys,ys,c3,n,n,ys);
subtract(ys,x,z);
} while (egcd(z,n,z)==1);
if (!isprime(z))
printf("\ncomposite factor ");
else printf("\nprime factor ");
cotnum(z,stdout);
if (compare(z,n)==0) return 0;
divide(n,z,n);
divide(y,n,n);
} while (!isprime(n));
printf("prime factor ");
cotnum(n,stdout);
#ifndef MR_STATIC
memkill(mem,7); /* delete all 7 bigs */
#else
memset(mem,0,MR_BIG_RESERVE(7)); /* clear memory used for bigs */
#endif
return 0;
}
void fast_tate_pairing(_MIPD_ zzn2 *Qx,zzn2 *Qy,epoint *P,big T,big fr,big delta,zzn4 *w,zzn4* res)
{
int i,j,nb;
zzn2 Ax,Ay,Az,Qz;
zzn Px,Py;
#ifndef MR_STATIC
char *mem=memalloc(_MIPP_ 10);
#else
char mem[MR_BIG_RESERVE(10)];
memset(mem,0,MR_BIG_RESERVE(10));
#endif
#ifdef MR_COUNT_OPS
fpa=fpc=fpx=0;
#endif
Ax.a=mirvar_mem(_MIPP_ mem,0);
Ax.b=mirvar_mem(_MIPP_ mem,1);
Ay.a=mirvar_mem(_MIPP_ mem,2);
Ay.b=mirvar_mem(_MIPP_ mem,3);
Az.a=mirvar_mem(_MIPP_ mem,4);
Az.b=mirvar_mem(_MIPP_ mem,5);
Qz.a=mirvar_mem(_MIPP_ mem,6);
Qz.b=mirvar_mem(_MIPP_ mem,7);
Px=mirvar_mem(_MIPP_ mem,8);
Py=mirvar_mem(_MIPP_ mem,9);
copy(P->X,Px);
copy(P->Y,Py);
nres_modadd(_MIPP_ Px,Px,Px); /* removes a factor of 2 from g() */
nres_modadd(_MIPP_ Py,Py,Py);
zzn2_from_int(_MIPP_ 1,&Qz);
zzn2_copy(Qx,&Ax);
zzn2_copy(Qy,&Ay);
zzn2_copy(&Qz,&Az);
zzn4_from_int(_MIPP_ 1,res);
/* Simple Miller loop */
nb=logb2(_MIPP_ T);
for (i=nb-2; i>=0; i--)
{
zzn4_mul(_MIPP_ res,res,res);
g(_MIPP_ &Ax,&Ay,&Az,&Ax,&Ay,&Az,Px,Py,w);
zzn4_mul(_MIPP_ res,w,res);
if (mr_testbit(_MIPP_ T,i))
{
g(_MIPP_ &Ax,&Ay,&Az,Qx,Qy,&Qz,Px,Py,w);
zzn4_mul(_MIPP_ res,w,res);
}
}
#ifdef MR_COUNT_OPS
printf("Millers loop Cost\n");
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
zzn4_copy(res,w);
zzn4_powq(_MIPP_ fr,w);
zzn4_powq(_MIPP_ fr,w);
zzn4_inv(_MIPP_ res);
zzn4_mul(_MIPP_ res,w,res); /* ^(p*p-1) */
res->unitary=TRUE;
zzn4_mul(_MIPP_ res,res,res);
zzn4_copy(res,w);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,w,res); /* res=powu(res,CF) for CF=34 */
#ifndef MR_STATIC
memkill(_MIPP_ mem,10);
#else
memset(mem,0,MR_BIG_RESERVE(10));
#endif
}
void power4(_MIPD_ big *a,big k,big *u)
{
int i,j,m,nb,n,nbw,nzs;
big u2[4],t[4][4];
#ifndef MR_STATIC
char *mem=(char *)memalloc(_MIPP_ 20);
#else
char mem[MR_BIG_RESERVE(20)];
memset(mem,0,MR_BIG_RESERVE(20));
#endif
m=0;
for (i=0;i<4;i++)
for (j=0;j<4;j++) t[i][j]=mirvar_mem(_MIPP_ mem,m++);
u2[0]=mirvar_mem(_MIPP_ mem,16);
u2[1]=mirvar_mem(_MIPP_ mem,17);
u2[2]=mirvar_mem(_MIPP_ mem,18);
u2[3]=mirvar_mem(_MIPP_ mem,19);
if(size(k)==0)
{
convert(_MIPP_ 1,u[0]);
zero(u[1]);
zero(u[2]);
zero(u[3]);
#ifndef MR_STATIC
memkill(_MIPP_ mem,20);
#else
memset(mem,0,MR_BIG_RESERVE(20));
#endif
return;
}
for (i=0;i<4;i++)
fcopy2(a[i],u[i]);
if (size(k)==1)
{
#ifndef MR_STATIC
memkill(_MIPP_ mem,20);
#else
memset(mem,0,MR_BIG_RESERVE(20));
#endif
return;
}
square4(_MIPP_ u,u2);
for (i=0;i<4;i++)
fcopy2(u[i],t[0][i]);
for(i=1;i<4;i++)
mult4(_MIPP_ u2,t[i-1],t[i]);
nb=logb2(_MIPP_ k);
if(nb>1) for(i=nb-2;i>=0;)
{
n=mr_window(_MIPP_ k,i,&nbw,&nzs,3); /* small 3 bit window to save RAM */
for(j=0;j<nbw;j++)
square4(_MIPP_ u,u);
if(n>0) mult4(_MIPP_ u,t[n/2],u);
i-=nbw;
if(nzs!=0)
{
for (j=0;j<nzs;j++) square4(_MIPP_ u,u);
i-=nzs;
}
}
#ifndef MR_STATIC
memkill(_MIPP_ mem,20);
#else
memset(mem,0,MR_BIG_RESERVE(20));
#endif
}
int main()
{
#ifdef MR_GENERIC_MT
miracl instance;
#endif
big p,A,B,fr,q,delta,t,T;
zzn2 res,Qx,Qy;
epoint *P;
int i,romptr;
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=memalloc(_MIPP_ 14);
char *mem1=ecp_memalloc(_MIPP_ 1);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#else
miracl *mr_mip=mirsys(MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(14)]; /* reserve space on the stack for 14 bigs */
char mem1[MR_ECP_RESERVE(1)]; /* reserve space on stack for 1 curve points */
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
p=mirvar_mem(_MIPP_ mem,0);
A=mirvar_mem(_MIPP_ mem,1);
B=mirvar_mem(_MIPP_ mem,2);
T=mirvar_mem(_MIPP_ mem,3);
q=mirvar_mem(_MIPP_ mem,4);
fr=mirvar_mem(_MIPP_ mem,5);
delta=mirvar_mem(_MIPP_ mem,6);
res.a=mirvar_mem(_MIPP_ mem,7);
res.b=mirvar_mem(_MIPP_ mem,8);
t=mirvar_mem(_MIPP_ mem,9);
Qx.a=mirvar_mem(_MIPP_ mem,10);
Qx.b=mirvar_mem(_MIPP_ mem,11);
Qy.a=mirvar_mem(_MIPP_ mem,12);
Qy.b=mirvar_mem(_MIPP_ mem,13);
P=epoint_init_mem(_MIPP_ mem1,0);
convert(_MIPP_ -3,A);
romptr=0;
init_big_from_rom(p,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(B,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(q,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(delta,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(fr,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(T,WORDS,romp,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf("ROM size= %d\n",sizeof(romp)+sizeof(Prom));
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
ecurve_init(_MIPP_ A,B,p,MR_PROJECTIVE);
romptr=0;
init_point_from_rom(P,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.b,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.b,WORDS,Prom,PROMSZ,&romptr);
#ifdef MR_COUNT_OPS
fpa=fpc=fpx=0;
#endif
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
/*
#ifdef MR_COUNT_OPS
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
*/
bigbits(_MIPP_ 160,t);
zzn2_powl(_MIPP_ &res,t,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
ecurve_mult(_MIPP_ t,P,P);
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,14);
ecp_memkill(_MIPP_ mem1,1);
#else
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
return 0;
}
void invert(_MIPD_ big *x)
{
int degF,degG,degB,degC,d,i,j;
big alpha,beta,gamma,BB[4],FF[5],CC[4],GG[5],t;
big *BP=BB,*CP=CC,*FP=FF,*GP=GG,*TP;
#ifndef MR_STATIC
char *mem=(char *)memalloc(_MIPP_ 22);
#else
char mem[MR_BIG_RESERVE(22)]; /* 972 bytes from the stack */
memset(mem,0,MR_BIG_RESERVE(22));
#endif
alpha=mirvar_mem(_MIPP_ mem,0);
beta=mirvar_mem(_MIPP_ mem,1);
gamma=mirvar_mem(_MIPP_ mem,2);
t=mirvar_mem(_MIPP_ mem,3);
for (i=0;i<4;i++)
BB[i]=mirvar_mem(_MIPP_ mem,4+i);
for (i=0;i<5;i++)
FF[i]=mirvar_mem(_MIPP_ mem,8+i);
for (i=0;i<4;i++)
CC[i]=mirvar_mem(_MIPP_ mem,13+i);
for (i=0;i<5;i++)
GG[i]=mirvar_mem(_MIPP_ mem,17+i);
convert(_MIPP_ 1,CP[0]);
convert(_MIPP_ 1,FP[0]);
convert(_MIPP_ 1,FP[1]);
convert(_MIPP_ 1,FP[4]); /* F = x^4+x+1 - irreducible polynomial for GF(2^{4m}) */
degF=4; degG=degree(x); degC=0; degB=-1;
if (degG==0)
{
inverse2(_MIPP_ x[0],x[0]);
return;
}
for (i=0;i<4;i++)
{
fcopy2(x[i],GP[i]);
zero(x[i]);
}
while (degF!=0)
{
if (degF<degG)
{ /* swap */
TP=FP; FP=GP; GP=TP; d=degF; degF=degG; degG=d;
TP=BP; BP=CP; CP=TP; d=degB; degB=degC; degC=d;
}
j=degF-degG;
modsquare2(_MIPP_ GP[degG],alpha);
modmult2(_MIPP_ FP[degF],GP[degG],beta);
modmult2(_MIPP_ GP[degG],FP[degF-1],t);
modmult2(_MIPP_ FP[degF],GP[degG-1],gamma);
fincr2(t,gamma);
zero(t);
for (i=0;i<=degF;i++ )
{
modmult2(_MIPP_ FP[i],alpha,FP[i]);
if (i>=j-1)
{
modmult2(_MIPP_ gamma,GP[i-j+1],t);
fincr2(t,FP[i]);
}
if (i>=j)
{
modmult2(_MIPP_ beta,GP[i-j],t);
fincr2(t,FP[i]);
}
}
for (i=0;i<=degB || i<=(degC+j);i++)
{
modmult2(_MIPP_ BP[i],alpha,BP[i]);
if (i>=j-1)
{
modmult2(_MIPP_ gamma,CP[i-j+1],t);
fincr2(t,BP[i]);
}
if (i>=j)
{
modmult2(_MIPP_ beta,CP[i-j],t);
fincr2(t,BP[i]);
}
}
while (degF>=0 && size(FP[degF])==0) degF--;
if (degF==degG)
{
fcopy2(FP[degF],alpha);
for (i=0;i<=degF;i++)
{
modmult2(_MIPP_ FP[i],GP[degF],FP[i]);
modmult2(_MIPP_ alpha,GP[i],t);
fincr2(t,FP[i]);
}
for (i=0;i<=4-degF;i++)
{
modmult2(_MIPP_ BP[i],GP[degF],BP[i]);
modmult2(_MIPP_ CP[i],alpha,t);
fincr2(t,BP[i]);
}
while (degF>=0 && size(FP[degF])==0) degF--;
}
degB=3;
while (degB>=0 && size(BP[degB])==0) degB--;
}
inverse2(_MIPP_ FP[0],alpha);
for (i=0;i<=degB;i++)
modmult2(_MIPP_ alpha,BP[i],x[i]);
#ifndef MR_STATIC
memkill(_MIPP_ mem,22);
#else
memset(mem,0,MR_BIG_RESERVE(22));
#endif
}
int main()
{
int ia,ib,promptr;
epoint *PA,*PB;
big A,B,a,b,q,pa,pb,key,x,y;
ebrick2 binst;
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(10)]; /* we need 10 bigs... */
char mem_ecp[MR_ECP_RESERVE(2)]; /* ..and two elliptic curve points */
memset(mem_big, 0, MR_BIG_RESERVE(10)); /* clear the memory */
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
pa=mirvar_mem(mip, mem_big, 2);
pb=mirvar_mem(mip, mem_big, 3);
key=mirvar_mem(mip, mem_big, 4);
x=mirvar_mem(mip, mem_big, 5);
y=mirvar_mem(mip, mem_big, 6);
q=mirvar_mem(mip,mem_big,7);
a=mirvar_mem(mip, mem_big, 8);
b=mirvar_mem(mip, mem_big, 9);
PA=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */
PB=epoint_init_mem(mip, mem_ecp, 1);
irand(mip, 3L); /* change parameter for different random numbers */
promptr=0;
init_big_from_rom(B,WORDS,rom,WORDS*4,&promptr); /* Read in curve parameter B from ROM */
/* don't need q or G(x,y) (we have precomputed table from it) */
init_big_from_rom(q,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(x,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(y,WORDS,rom,WORDS*4,&promptr);
convert(mip,1,A); /* set A=1 */
/* Create precomputation instance from precomputed table in ROM */
ebrick2_init(&binst,prom,A,B,CURVE_M,CURVE_A,CURVE_B,CURVE_C,WINDOW,CURVE_M);
/* offline calculations */
bigbits(mip,CURVE_M,a); /* A's random number */
ia=mul2_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya), ia is sign of ya */
bigbits(mip,CURVE_M,b); /* B's random number */
ib=mul2_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb), ib is sign of yb */
/* online calculations */
ecurve2_init(mip,CURVE_M,CURVE_A,CURVE_B,CURVE_C,A,B,FALSE,MR_PROJECTIVE);
epoint2_set(mip,pb,pb,ib,PB); /* decompress PB */
ecurve2_mult(mip,a,PB,PB);
epoint2_get(mip,PB,key,key);
/* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */
printf("Alice's Key= ");
otnum(mip,key,stdout);
epoint2_set(mip,pa,pa,ia,PB); /* decompress PA */
ecurve2_mult(mip,b,PB,PB);
epoint2_get(mip,PB,key,key);
printf("Bob's Key= ");
otnum(mip,key,stdout);
/* clear the memory */
memset(mem_big, 0, MR_BIG_RESERVE(10));
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
return 0;
}
void eta_T(_MIPD_ epoint *P,epoint *Q,big *f,big *res)
{
big xp,yp,xq,yq,t,d;
big miller[4],v[4],u[4];
int i,m=M;
int promptr;
#ifndef MR_STATIC
char *mem=(char *)memalloc(_MIPP_ 18);
#else
char mem[MR_BIG_RESERVE(18)]; /* 972 bytes from stack */
memset(mem,0,MR_BIG_RESERVE(18));
#endif
xp=mirvar_mem(_MIPP_ mem,0);
yp=mirvar_mem(_MIPP_ mem,1);
xq=mirvar_mem(_MIPP_ mem,2);
yq=mirvar_mem(_MIPP_ mem,3);
t=mirvar_mem(_MIPP_ mem,4);
d=mirvar_mem(_MIPP_ mem,5);
for (i=0;i<4;i++) miller[i]=mirvar_mem(_MIPP_ mem,6+i);
for (i=0;i<4;i++) v[i]=mirvar_mem(_MIPP_ mem,10+i);
for (i=0;i<4;i++) u[i]=mirvar_mem(_MIPP_ mem,14+i);
fcopy2(P->X,xp);
fcopy2(P->Y,yp);
fcopy2(Q->X,xq);
fcopy2(Q->Y,yq);
incr2(xp,1,t); /* t=xp+1 */
fadd2(xp,xq,d);
incr2(d,1,d); /* xp+xq+1 */
modmult2(_MIPP_ d,t,d); /* t*(xp+xq+1) */
fincr2(yp,d);
fincr2(yq,d);
incr2(d,B,d);
incr2(d,1,f[0]); /* f[0]=t*(xp+xq+1)+yp+yq+B+1 */
convert(_MIPP_ 1,miller[0]);
fadd2(t,xq,f[2]); /* f[2]=t+xq */
incr2(f[2],1,f[1]); /* f[1]=t+xq+1 */
zero(f[3]);
promptr=0;
for (i=0;i<(m-1)/2;i+=2)
{
fcopy2(xp,t);
sqroot2(_MIPP_ xp,xp);
sqroot2(_MIPP_ yp,yp);
fadd2(xp,xq,d);
modmult2(_MIPP_ d,t,d);
fincr2(yp,d);
fincr2(yq,d);
fadd2(d,xp,v[0]); /* v[0]=t*(xp+xq)+yp+yq+xp */
fadd2(t,xq,v[2]); /* v[2]=t+xq */
incr2(v[2],1,v[1]); /* v[1]=t+xq+1 */
modsquare2(_MIPP_ xq,xq); /* xq*=xq */
modsquare2(_MIPP_ yq,yq); /* yp*=yp */
fcopy2(xp,t); /* same again - unlooped times 2 */
sqroot2(_MIPP_ xp,xp);
sqroot2(_MIPP_ yp,yp);
fadd2(xp,xq,d);
modmult2(_MIPP_ d,t,d);
fincr2(yp,d);
fincr2(yq,d);
fadd2(d,xp,u[0]);
fadd2(t,xq,u[2]);
incr2(u[2],1,u[1]);
modsquare2(_MIPP_ xq,xq);
modsquare2(_MIPP_ yq,yq);
mul(_MIPP_ u,v,u); /* fast mul */
mult4(_MIPP_ miller,u,miller);
}
mult4(_MIPP_ miller,f,miller);
for (i=0;i<4;i++)
{
fcopy2(miller[i],u[i]);
fcopy2(miller[i],v[i]);
fcopy2(miller[i],f[i]);
}
/* final exponentiation */
for (i=0;i<(m+1)/2;i++) square4(_MIPP_ u,u); /* u*=u */
powq(_MIPP_ u);
powq(_MIPP_ f);
for(i=0;i<4;i++) fcopy2(f[i],v[i]);
powq(_MIPP_ f);
for(i=0;i<4;i++) fcopy2(f[i],res[i]);
powq(_MIPP_ f);
mult4(_MIPP_ f,u,f);
mult4(_MIPP_ f,miller,f);
mult4(_MIPP_ res,v,res);
powq(_MIPP_ u);
powq(_MIPP_ u);
mult4(_MIPP_ res,u,res);
/* doing inversion here could kill the stack... */
#ifndef MR_STATIC
memkill(_MIPP_ mem,18);
#else
memset(mem,0,MR_BIG_RESERVE(18));
#endif
}
int main()
{
FILE *fp;
int ep,bits;
epoint *g,*w;
big a,b,p,q,x,y,d;
long seed;
miracl instance;
miracl *mip=&instance;
char mem[MR_BIG_RESERVE(7)]; /* reserve space on the stack for 7 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* and two elliptic curve points */
memset(mem,0,MR_BIG_RESERVE(7));
memset(mem1,0,MR_ECP_RESERVE(2));
#ifndef MR_EDWARDS
fp=fopen("common.ecs","rt");
if (fp==NULL)
{
printf("file common.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#else
fp=fopen("edwards.ecs","rt");
if (fp==NULL)
{
printf("file edwards.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#endif
mirsys(mip,bits/4,16); /* Use Hex internally */
a=mirvar_mem(mip,mem,0);
b=mirvar_mem(mip,mem,1);
p=mirvar_mem(mip,mem,2);
q=mirvar_mem(mip,mem,3);
x=mirvar_mem(mip,mem,4);
y=mirvar_mem(mip,mem,5);
d=mirvar_mem(mip,mem,6);
innum(mip,p,fp);
innum(mip,a,fp);
innum(mip,b,fp);
innum(mip,q,fp);
innum(mip,x,fp);
innum(mip,y,fp);
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(mip,seed);
ecurve_init(mip,a,b,p,MR_PROJECTIVE); /* initialise curve */
g=epoint_init_mem(mip,mem1,0);
w=epoint_init_mem(mip,mem1,1);
if (!epoint_set(mip,x,y,0,g)) /* initialise point of order q */
{
printf("Problem - point (x,y) is not on the curve\n");
exit(0);
}
ecurve_mult(mip,q,g,w);
if (!point_at_infinity(w))
{
printf("Problem - point (x,y) is not of order q\n");
exit(0);
}
/* generate public/private keys */
bigrand(mip,q,d);
ecurve_mult(mip,d,g,g);
ep=epoint_get(mip,g,x,x); /* compress point */
printf("public key = %d ",ep);
otnum(mip,x,stdout);
fp=fopen("public.ecs","wt");
fprintf(fp,"%d ",ep);
otnum(mip,x,fp);
fclose(fp);
fp=fopen("private.ecs","wt");
otnum(mip,d,fp);
fclose(fp);
/* clear all memory used */
memset(mem,0,MR_BIG_RESERVE(7));
memset(mem1,0,MR_ECP_RESERVE(2));
return 0;
}
int main()
{
FILE *fp;
int bits,ep;
epoint *g,*public;
char ifname[50],ofname[50];
big a,b,p,q,x,y,v,u1,u2,r,s,hash;
miracl instance;
miracl *mip=&instance;
char mem[MR_BIG_RESERVE(12)]; /* reserve space on the stack for 12 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* and two elliptic curve points */
memset(mem,0,MR_BIG_RESERVE(12));
memset(mem1,0,MR_ECP_RESERVE(2));
/* get public data */
#ifndef MR_EDWARDS
fp=fopen("common.ecs","rt");
if (fp==NULL)
{
printf("file common.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#else
fp=fopen("edwards.ecs","rt");
if (fp==NULL)
{
printf("file edwards.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
#endif
mirsys(mip,bits/4,16); /* Use Hex Internally */
a=mirvar_mem(mip,mem,0);
b=mirvar_mem(mip,mem,1);
p=mirvar_mem(mip,mem,2);
q=mirvar_mem(mip,mem,3);
x=mirvar_mem(mip,mem,4);
y=mirvar_mem(mip,mem,5);
v=mirvar_mem(mip,mem,6);
u1=mirvar_mem(mip,mem,7);
u2=mirvar_mem(mip,mem,8);
s=mirvar_mem(mip,mem,9);
r=mirvar_mem(mip,mem,10);
hash=mirvar_mem(mip,mem,11);
innum(mip,p,fp);
innum(mip,a,fp);
innum(mip,b,fp);
innum(mip,q,fp);
innum(mip,x,fp);
innum(mip,y,fp);
fclose(fp);
ecurve_init(mip,a,b,p,MR_PROJECTIVE); /* initialise curve */
g=epoint_init_mem(mip,mem1,0);
epoint_set(mip,x,y,0,g); /* initialise point of order q */
/* get public key of signer */
fp=fopen("public.ecs","rt");
if (fp==NULL)
{
printf("file public.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d",&ep);
innum(mip,x,fp);
fclose(fp);
public=epoint_init_mem(mip,mem1,1);
