void PairingGroup::init(ZR & r, char *value) { big x = mirvar(0); cinstr(x, value); r = ZR(x); //should copy this mr_free(x); }
static BOOL next(int ch) { /* get next digit - returns FALSE if there is a problem */ int cv; result=FALSE; if (ipt>=dlen) return FALSE; if (ch=='/' || ch=='.') { if (delim || (ch=='/' && ipt==0)) return FALSE; delim=TRUE; } else { if (ch>='A' && ch<='F') cv=10+(ch-'A'); else cv=ch-'0'; if (mip->IOBASE<=cv) return FALSE; } if (ipt==0 && ch=='0') clr(); else { mybuff[ipt++]=ch; mybuff[ipt]='\0'; } just(mybuff); cinstr(x,mybuff); newx=TRUE; return TRUE; }
/* parse a range given for LbyR or T from the command line. * Examples: * 1) "value" => list = { value, value, 1, SCALE_LIN } * 2) "start,stop,N" => list = { start, stop, N, SCALE_LIN } * 3) "start,stop,N,log" => list = { start, stop, N, SCALE_LOG } */ void parse_range(const char param, const char *_optarg, double list[]) { int elems = cinstr(_optarg, ','); /* commas in _optarg */ list[3] = SCALE_LIN; switch(elems) { case 0: /* no comma => example 1) */ list[0] = list[1] = atof(_optarg); list[2] = 1; break; case 3: /* 3 commas => example 3) */ if(strncasecmp(indexn(_optarg, ',', 3)+1, "log", 3) == 0) list[3] = SCALE_LOG; /* here no break! */ case 2: /* 2 commas => example 2) */ list[0] = atof(_optarg); list[1] = atof(indexn(_optarg, ',', 1)+1); list[2] = atoi(indexn(_optarg, ',', 2)+1); /* N must be positive */ if(list[2] <= 0) { fprintf(stderr, "error parsing parameter -%c\n\n", param); usage(stderr); exit(1); } /* ensure that start < stop */ if(list[0] > list[1]) swap(&list[0], &list[1]); break; default: fprintf(stderr, "Can't parse range %s.\n\n", _optarg); usage(stderr); exit(1); } }
void envirment_init() { big a, b, p, x, y; #if MIRACL==16 #ifdef MR_FLASH miracl *mip = mirsys(500,10); /* initialise system to base 10, 500 digits per "big" */ #else miracl *mip = mirsys(5000,10); /* bigger numbers possible if no flash arithmetic */ #endif #else miracl *mip = mirsys(5000,10); /* 5000 digits per "big" */ #endif // init a = mirvar(-3); b = mirvar(0); ECC_N = mirvar(0); p = mirvar(0); x = mirvar(0); y = mirvar(0); ECC_G = epoint_init(); ECC_H = epoint_init(); mip->IOBASE = 10; // init curve cinstr(b, bChar); cinstr(ECC_N, nChar); cinstr(p, pChar); ecurve_init(a, b, p, MR_PROJECTIVE); // init point: G, H cinstr(x, gxChar); cinstr(y, gyChar); epoint_set(x, y, 0, ECC_G); cinstr(x, hxChar); cinstr(y, hyChar); epoint_set(x, y, 0, ECC_H); mip->IOBASE = 16; mirkill(a); mirkill(b); mirkill(p); mirkill(x); mirkill(y); }
int main() { /* MIRACL rational calculator */ int i,j,k,p,q,c,hpos; BOOL over,help; screen(); #if MIRACL==16 mip=mirsys(10,0); /*** 16-bit computer ***/ #else mip=mirsys(6,0); /*** 32-bit computer ***/ #endif mip->ERCON=TRUE; x=mirvar(0); for (i=0;i<=top;i++) y[i]=mirvar(0); m=mirvar(0); t=mirvar(0); radeg=mirvar(0); loge2=mirvar(0); loge10=mirvar(0); eps=mirvar(0); mip->pi=mirvar(0); cinstr(mip->pi,cpi); /* read in constants */ fpmul(mip->pi,1,180,radeg); cinstr(loge2,clg2); cinstr(loge10,clg10); cinstr(eps,ceps); help=OFF; show(TRUE); p=6; q=0; flag=OFF; newx=OFF; over=FALSE; setopts(); clrall(); drawit(); while (!over) { /* main loop */ if (mip->ERNUM) { aprint(ORDINARY,4+5*p,6+3*q,keys[q][p]); p=5,q=0; } if (width==80 || !help) { aprint(INVER,4+5*p,6+3*q,keys[q][p]); curser(1,24); c=gethit(); aprint(ORDINARY,4+5*p,6+3*q,keys[q][p]); } else while ((c=gethit())!='H') ; result=TRUE; if ((k=arrow(c))!=0) { /* arrow key hit */ if (k==1 && q>0) q--; if (k==2 && q<5) q++; if (k==3 && p<6) p++; if (k==4 && p>0) p--; continue; } if (c=='H') { /* switch help on/off */ help=!help; for (i=1;i<=24;i++) { if (width==80) hpos=41; else hpos=1; if (help) aprint(HELPCOL,hpos,i,htext[i-1]); else lclr(hpos,i); } if (width==40 && !help) drawit(); continue; } if (c>='A' && c<='F') { /* hex only */ if (!next(c)) putchar(BELL); else show(FALSE); continue; } for (j=0;j<6;j++) for (i=0;i<7;i++) if (c==qkeys[j][i]) p=i,q=j,c=' '; if (c==8 || c==127) p=6,q=1,c=' '; /* aliases */ if (c==',' || c=='a') p=5,q=5,c=' '; if (c=='O' || c==ESC) p=6,q=0,c=' '; if (c==13) p=6,q=5,c=' '; if (c=='[' || c=='{') p=3,q=5,c=' '; if (c==']' || c=='}') p=4,q=5,c=' '; if (c=='d') p=5,q=2,c=' '; if (c=='b') p=5,q=3,c=' '; if (c=='^') p=3,q=2,c=' '; if (c==' ') over=act(p,q); else continue; absol(x,t); if (fcomp(t,eps)<0) zero(x); if (result) { /* output result to display */ cotstr(x,mip->IOBUFF); just((char *)mip->IOBUFF); if (mip->ERNUM<0) { /* convert to radix and try again */ mip->ERNUM=0; mip->RPOINT=ON; cotstr(x,mip->IOBUFF); putchar(BELL); just((char *)mip->IOBUFF); } clr(); } if (newx) { /* update display */ getstat(); show(FALSE); } } curser(1,24); restore(); return 0; }
static BOOL act(int p,int q) { /* act on selected key */ int k,n,c; aprint(PRESSED,4+5*p,6+3*q,keys[q][p]); switch(p+7*q) { case 0: if (degrees) fmul(x,radeg,x); if (hyp) fsinh(x,x); else fsin(x,x); newx=TRUE; break; case 1: if (degrees) fmul(x,radeg,x); if (hyp) fcosh(x,x); else fcos(x,x); newx=TRUE; break; case 2: if (degrees) fmul(x,radeg,x); if (hyp) ftanh(x,x); else ftan(x,x); newx=TRUE; break; case 3: if (lgbase>0) { n=size(x); if (abs(n)<MR_TOOBIG) { convert(lgbase,x); if (n<0) frecip(x,x); fpower(x,abs(n),x); newx=TRUE; break; } if (lgbase==2) fmul(x,loge2,x); if (lgbase==10) fmul(x,loge10,x); } fexp(x,x); newx=TRUE; break; case 4: mip->RPOINT=!mip->RPOINT; newx=TRUE; break; case 5: clrall(); newx=TRUE; break; case 6: return TRUE; case 7: if (hyp) fasinh(x,x); else fasin(x,x); if (degrees) fdiv(x,radeg,x); newx=TRUE; break; case 8: if (hyp) facosh(x,x); else facos(x,x); if (degrees) fdiv(x,radeg,x); newx=TRUE; break; case 9: if (hyp) fatanh(x,x); else fatan(x,x); if (degrees) fdiv(x,radeg,x); newx=TRUE; break; case 10: flog(x,x); if (lgbase==2) fdiv(x,loge2,x); if (lgbase==10) fdiv(x,loge10,x); newx=TRUE; break; case 11: newx=TRUE; k=3; forever { aprint(INVER,2+stptr[k],2,settings[k][option[k]]); curser(2+stptr[k],2); c=arrow(gethit()); if (c==1) { if (option[k]==nops[k]) option[k]=0; else option[k]+=1; continue; } aprint(STATCOL,2+stptr[k],2,settings[k][option[k]]); if (c==0 || c==2) break; if (c==4 && k>0) k--; if (c==3 && k<3) k++; } setopts(); break; case 12: chekit(7); break; case 13: result=FALSE; if (ipt==0) break; ipt--; mybuff[ipt]='\0'; if (ipt==0) clr(); just(mybuff); cinstr(x,mybuff); newx=TRUE; break; case 14: if (!next('7')) putchar(BELL); break; case 15: if (!next('8')) putchar(BELL); break; case 16: if (!next('9')) putchar(BELL); break; case 17: chekit(6); break; case 18: chekit(5); break; case 19: chekit(4); break; case 20: copy(m,x); newx=TRUE; break; case 21: if (!next('4')) putchar(BELL); break; case 22: if (!next('5')) putchar(BELL); break; case 23: if (!next('6')) putchar(BELL); break; case 24: fmul(x,x,x); newx=TRUE; break; case 25: froot(x,2,x); newx=TRUE; break; case 26: chekit(3); break; case 27: brkt=0; chekit(0); flag=OFF; fadd(m,x,m); newx=TRUE; break; case 28: if (!next('1')) putchar(BELL); break; case 29: if (!next('2')) putchar(BELL); break; case 30: if (!next('3')) putchar(BELL); break; case 31: frecip(x,x); newx=TRUE; break; case 32: fpi(x); newx=TRUE; break; case 33: chekit(2); break; case 34: negify(x,x); newx=TRUE; break; case 35: if (!next('0')) putchar(BELL); break; case 36: if (!next('/')) putchar(BELL); break; case 37: if (!next('.')) putchar(BELL); break; case 38: if (ipt>0) { putchar(BELL); result=FALSE; } else { zero(x); brkt+=1; newx=TRUE; } break; case 39: if (brkt>0) { chekit(0); brkt-=1; } else { putchar(BELL); result=FALSE; } break; case 40: chekit(1); break; case 41: brkt=0; equals(0); flag=OFF; break; } return FALSE; }
int main() { /* encode using public key */ big e,m,y,ke,mn,mx; FILE *ifile; FILE *ofile; static char line[500]; static char buff[256]; char ifname[13],ofname[13]; BOOL fli,last; int i,ipt,klen; mip=mirsys(100,0); e=mirvar(0); m=mirvar(0); y=mirvar(0); ke=mirvar(0); mn=mirvar(0); mx=mirvar(0); if ((ifile=fopen("public.key","rt"))==NULL) { printf("Unable to open file public.key\n"); return 0; } mip->IOBASE=16; cinnum(ke,ifile); fclose(ifile); nroot(ke,3,mn); multiply(mn,mn,m); multiply(mn,m,mx); subtract(mx,m,mx); klen=0; copy(mx,m); while (size(m)>0) { /* find key length in characters */ klen++; subdiv(m,128,m); } klen--; printf("file to be encoded = "); gets(ifname); fli=FALSE; if (strlen(ifname)>0) fli=TRUE; if (fli) { /* set up input file */ strcpy(ofname,ifname); strip(ofname); strcat(ofname,".rsa"); if ((ifile=fopen(ifname,"rt"))==NULL) { printf("Unable to open file %s\n",ifname); return 0; } printf("encoding message\n"); } else { /* accept input from keyboard */ ifile=stdin; do { printf("output filename = "); gets(ofname); } while (strlen(ofname)==0); strip(ofname); strcat(ofname,".rsa"); printf("input message - finish with cntrl z\n"); } ofile=fopen(ofname,"wt"); ipt=0; last=FALSE; while (!last) { /* encode line by line */ if (fgets(&line[ipt],132,ifile)==NULL) last=TRUE; if (line[ipt]==EOF) last=TRUE; ipt=strlen(line); if (ipt<klen && !last) continue; while (ipt>=klen) { /* chop up into klen-sized chunks and encode */ for (i=0;i<klen;i++) buff[i]=line[i]; buff[klen]='\0'; for (i=klen;i<=ipt;i++) line[i-klen]=line[i]; ipt-=klen; mip->IOBASE=128; cinstr(m,buff); power(m,3,ke,e); mip->IOBASE=16; cotnum(e,ofile); } if (last && ipt>0) { /* now deal with left overs */ mip->IOBASE=128; cinstr(m,line); if (compare(m,mn)<0) { /* pad out with random number if necessary */ bigrand(mn,y); multiply(mn,mn,e); subtract(e,y,e); multiply(mn,e,y); add(m,y,m); } power(m,3,ke,e); mip->IOBASE=16; cotnum(e,ofile); } } fclose(ofile); if (fli) fclose(ifile); return 0; }
JNIEXPORT jobjectArray JNICALL Java_com_sunshuzhou_experiment_1miracl_Verify_computeForServer(JNIEnv *env, jobject instance, jstring ux_, jstring uy_, jstring u1x_, jstring u1y_, jstring wx_, jstring wy_, jstring com1x_, jstring com1y_, jstring N1_, jstring sid_, jstring alpha_, jstring beta_, jstring zeta_) { const char *ux = (*env)->GetStringUTFChars(env, ux_, 0); const char *uy = (*env)->GetStringUTFChars(env, uy_, 0); const char *u1x = (*env)->GetStringUTFChars(env, u1x_, 0); const char *u1y = (*env)->GetStringUTFChars(env, u1y_, 0); const char *wx = (*env)->GetStringUTFChars(env, wx_, 0); const char *wy = (*env)->GetStringUTFChars(env, wy_, 0); const char *com1x = (*env)->GetStringUTFChars(env, com1x_, 0); const char *com1y = (*env)->GetStringUTFChars(env, com1y_, 0); const char *N1 = (*env)->GetStringUTFChars(env, N1_, 0); const char *sid = (*env)->GetStringUTFChars(env, sid_, 0); const char *alpha = (*env)->GetStringUTFChars(env, alpha_, 0); const char *beta = (*env)->GetStringUTFChars(env, beta_, 0); const char *zeta = (*env)->GetStringUTFChars(env, zeta_, 0); big x, y, d, k1, N2, sum, big1; epoint *u, *u1, *w, *com1, *w1, *epoint1, *com, *K; int message_len, i; unsigned char key[300], tag[SHA1_HASH_SIZE], hexdigest[SHA1_HASH_SIZE * 2 + 1], message[1000], tempChars[300]; jclass jclass1 = (*env)->FindClass(env, "java/lang/String"); jobjectArray result; envirment_init(); x = mirvar(0); y = mirvar(0); d = mirvar(0); k1 = mirvar(0); N2 = mirvar(0); sum = mirvar(0); big1 = mirvar(0); u = epoint_init(); u1 = epoint_init(); w = epoint_init(); com1 = epoint_init(); w1 = epoint_init(); epoint1 = epoint_init(); com = epoint_init(); K = epoint_init(); cinstr(x, ux); cinstr(y, uy); epoint_set(x, y, 0, u); cinstr(x, u1x); cinstr(y, u1y); epoint_set(x, y, 0, u1); cinstr(x, wx); cinstr(y, wy); epoint_set(x, y, 0, w); cinstr(x, com1x); cinstr(y, com1y); epoint_set(x, y, 0, com1); irand((long)time(0)); bigrand(ECC_N, d); bigrand(ECC_N, k1); bigbits(80, N2); // sum = alpha + beta + zeta cinstr(big1, alpha); cinstr(sum, beta); add(big1, sum, sum); cinstr(big1, zeta); add(big1, sum, sum); // w1 = k1 * H ecurve_mult(k1, ECC_H, w1); // com = (alpha + beta + zeta) * u + d * H ecurve_mult(sum, u, com); ecurve_mult(d, ECC_H, epoint1); ecurve_add(epoint1, com); // K = d * w + k1 * (com1 - sum * u1) ecurve_mult(d, w, K); ecurve_mult(sum, u1, epoint1); ecurve_sub(epoint1, com1); ecurve_mult(k1, com1, com1); ecurve_add(com1, K); // K.y as key epoint_get(K, x, y); cotstr(y, key); // message: u.y || u1.y || w.y || com1.y || N1 || sid epoint_get(u, x, y); cotstr(y, message); message_len = strlen(message); epoint_get(u1, x, y); cotstr(y, &message[message_len]); message_len = strlen(message); epoint_get(w, x, y); cotstr(y, &message[message_len]); message_len = strlen(message); epoint_get(com1, x, y); cotstr(x, &message[message_len]); message_len = strlen(message); strcpy(&message[message_len], N1); message_len = strlen(message); strcpy(&message[message_len], sid); message_len = strlen(message); hmac_sha1(key, strlen(key), message, message_len, tag, SHA1_HASH_SIZE); for (i = 0; i < SHA1_HASH_SIZE; ++i) { sprintf(&hexdigest[i * 2], "%02x", tag[i]); } hexdigest[40] = '\0'; (*env)->ReleaseStringUTFChars(env, ux_, ux); (*env)->ReleaseStringUTFChars(env, uy_, uy); (*env)->ReleaseStringUTFChars(env, u1x_, u1x); (*env)->ReleaseStringUTFChars(env, u1y_, u1y); (*env)->ReleaseStringUTFChars(env, wx_, wx); (*env)->ReleaseStringUTFChars(env, wy_, wy); (*env)->ReleaseStringUTFChars(env, com1x_, com1x); (*env)->ReleaseStringUTFChars(env, com1y_, com1y); (*env)->ReleaseStringUTFChars(env, N1_, N1); (*env)->ReleaseStringUTFChars(env, sid_, sid); (*env)->ReleaseStringUTFChars(env, alpha_, alpha); (*env)->ReleaseStringUTFChars(env, beta_, beta); (*env)->ReleaseStringUTFChars(env, zeta_, zeta); result = (*env)->NewObjectArray(env, 8, jclass1, (*env)->NewStringUTF(env, "")); epoint_get(w1, x, y); cotstr(x, tempChars); (*env)->SetObjectArrayElement(env, result, 0, (*env)->NewStringUTF(env, tempChars)); cotstr(y, tempChars); (*env)->SetObjectArrayElement(env, result, 1, (*env)->NewStringUTF(env, tempChars)); epoint_get(com, x, y); cotstr(x, tempChars); (*env)->SetObjectArrayElement(env, result, 2, (*env)->NewStringUTF(env, tempChars)); cotstr(y, tempChars); (*env)->SetObjectArrayElement(env, result, 3, (*env)->NewStringUTF(env, tempChars)); cotstr(N2, tempChars); (*env)->SetObjectArrayElement(env, result, 4, (*env)->NewStringUTF(env, tempChars)); (*env)->SetObjectArrayElement(env, result, 5, (*env)->NewStringUTF(env, message)); (*env)->SetObjectArrayElement(env, result, 6, (*env)->NewStringUTF(env, hexdigest)); (*env)->SetObjectArrayElement(env, result, 7, (*env)->NewStringUTF(env, key)); mirkill(x); mirkill(y); mirkill(d); mirkill(k1); mirkill(N2); mirkill(sum); mirkill(big1); return result; }
int main() { int ia,ib; time_t seed; epoint *g,*ea,*eb; big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv; big primes[2],pm[2]; big_chinese ch; miracl *mip; #ifndef MR_NOFULLWIDTH mip=mirsys(500,0); #else mip=mirsys(500,MAXBASE); #endif a=mirvar(0); b=mirvar(0); p=mirvar(0); q=mirvar(0); n=mirvar(0); p1=mirvar(0); q1=mirvar(0); phi=mirvar(0); pa=mirvar(0); pb=mirvar(0); key=mirvar(0); e=mirvar(0); d=mirvar(0); dp=mirvar(0); dq=mirvar(0); t=mirvar(0); m=mirvar(0); c=mirvar(0); pm[0]=mirvar(0); pm[1]=mirvar(0); x=mirvar(0); y=mirvar(0); k=mirvar(0); inv=mirvar(0); time(&seed); irand((unsigned long)seed); /* change parameter for different values */ printf("First Diffie-Hellman Key exchange .... \n"); cinstr(p,primetext); /* offline calculations could be done quicker using Comb method - See brick.c. Note use of "truncated exponent" of 160 bits - could be output of hash function SHA (see mrshs.c) */ printf("\nAlice's offline calculation\n"); bigbits(160,a); /* 3 generates the sub-group of prime order (p-1)/2 */ powltr(3,a,p,pa); printf("Bob's offline calculation\n"); bigbits(160,b); powltr(3,b,p,pb); printf("Alice calculates Key=\n"); powmod(pb,a,p,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); powmod(pa,b,p,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same!\n"); /* Now Elliptic Curve version of the above. Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above "Primitive root" is the point (x,y) above, which is of large prime order q. In this case actually q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 */ printf("\nLets try that again using elliptic curves .... \n"); convert(-3,a); mip->IOBASE=16; cinstr(b,ecb); cinstr(p,ecp); ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */ g=epoint_init(); cinstr(x,ecx); cinstr(y,ecy); mip->IOBASE=10; epoint_set(x,y,0,g); ea=epoint_init(); eb=epoint_init(); epoint_copy(g,ea); epoint_copy(g,eb); printf("Alice's offline calculation\n"); bigbits(160,a); ecurve_mult(a,ea,ea); ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */ printf("Bob's offline calculation\n"); bigbits(160,b); ecurve_mult(b,eb,eb); ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */ printf("Alice calculates Key=\n"); epoint_set(pb,pb,ib,eb); /* decompress eb */ ecurve_mult(a,eb,eb); epoint_get(eb,key,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); epoint_set(pa,pa,ia,ea); /* decompress ea */ ecurve_mult(b,ea,ea); epoint_get(ea,key,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same! (but much smaller)\n"); epoint_free(g); epoint_free(ea); epoint_free(eb); /* El Gamal's Method */ printf("\nTesting El Gamal's public key method\n"); cinstr(p,primetext); bigbits(160,x); /* x<p */ powltr(3,x,p,y); /* y=3^x mod p*/ decr(p,1,p1); mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; do { bigbits(160,k); } while (egcd(k,p1,t)!=1); powltr(3,k,p,a); /* a=3^k mod p */ powmod(y,k,p,b); mad(b,m,m,p,p,b); /* b=m*y^k mod p */ printf("Ciphertext= \n"); cotnum(a,stdout); cotnum(b,stdout); zero(m); /* proof of pudding... */ subtract(p1,x,t); powmod(a,t,p,m); mad(m,b,b,p,p,m); /* m=b/a^x mod p */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); mip->IOBASE=10; /* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */ printf("\nNow generating 512-bit random primes p and q\n"); do { bigbits(512,p); if (subdivisible(p,2)) incr(p,1,p); while (!isprime(p)) incr(p,2,p); bigbits(512,q); if (subdivisible(q,2)) incr(q,1,q); while (!isprime(q)) incr(q,2,q); multiply(p,q,n); /* n=p.q */ lgconv(65537L,e); decr(p,1,p1); decr(q,1,q1); multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */ } while (xgcd(e,phi,d,d,t)!=1); cotnum(p,stdout); cotnum(q,stdout); printf("n = p.q = \n"); cotnum(n,stdout); /* set up for chinese remainder thereom */ /* primes[0]=p; primes[1]=q; crt_init(&ch,2,primes); */ /* use simple CRT as only two primes */ xgcd(p,q,inv,inv,inv); /* 1/p mod q */ copy(d,dp); copy(d,dq); divide(dp,p1,p1); /* dp=d mod p-1 */ divide(dq,q1,q1); /* dq=d mod q-1 */ mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; printf("Encrypting test string\n"); powmod(m,e,n,c); printf("Ciphertext= \n"); cotnum(c,stdout); zero(m); printf("Decrypting test string\n"); powmod(c,dp,p,pm[0]); /* get result mod p */ powmod(c,dq,q,pm[1]); /* get result mod q */ subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */ mad(inv,pm[1],inv,q,q,m); multiply(m,p,m); add(m,pm[0],m); /* crt(&ch,pm,m); combine them using CRT */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); /* crt_end(&ch); */ return 0; }
int main() { int j,k; big a,b,x,y,p,A2; time_t seed; epoint *g; double tr1,tr2,ts,tv1,tv2,tp,td; #ifndef MR_NOFULLWIDTH miracl *mip=mirsys(300,0); #else miracl *mip=mirsys(300,MAXBASE); #endif p=mirvar(0); a=mirvar(-3); b=mirvar(0); x=mirvar(1); y=mirvar(0); A2=mirvar(0); mip->IOBASE=60; time(&seed); irand((long)seed); printf("MIRACL - %d bit version\n",MIRACL); #ifdef MR_LITTLE_ENDIAN printf("Little Endian processor\n"); #endif #ifdef MR_BIG_ENDIAN printf("Big Endian processor\n"); #endif #ifdef MR_NOASM printf("C-Only Version of MIRACL\n"); #else printf("Using some assembly language\n"); #endif #ifdef MR_STRIPPED_DOWN printf("Stripped down version of MIRACL - no error messages\n"); #endif #ifdef MR_KCM k=MR_KCM*MIRACL; printf("Using KCM method \n"); printf("Optimized for %d, %d, %d, %d...etc. bit moduli\n",k,k*2,k*4,k*8); #endif #ifdef MR_COMBA k=MR_COMBA*MIRACL; printf("Using COMBA method \n"); printf("Optimized for %d bit moduli\n",k); #endif #ifdef MR_PENTIUM printf("Floating-point co-processor arithmetic used for Pentium\n"); #endif #ifndef MR_KCM #ifndef MR_COMBA #ifndef MR_PENTIUM printf("No special optimizations\n"); #endif #endif #endif printf("Precomputation uses fixed Window size = %d\n",WINDOW); printf("So %d values are precomputed and stored\n",(1<<WINDOW)); #ifdef MR_NOFULLWIDTH printf("No Fullwidth base possible\n"); #else printf("NOTE: No optimizations/assembly language apply to GF(2^m) Elliptic Curves\n"); #endif printf("NOTE: times are elapsed real-times - so make sure nothing else is running!\n\n"); printf("Modular exponentiation benchmarks - calculating g^e mod p\n"); printf("From these figures it should be possible to roughly estimate the time\n"); printf("required for your favourite PK algorithm, RSA, DSA, DH, etc.\n"); printf("Key R - random base bits/random exponent bits \n"); printf(" V - random base bits/(small exponent e) \n"); printf(" S - (small base g) /random exponent bits \n"); printf(" P - exponentiation with precomputation (fixed base g)\n"); printf(" D - double exponentiation g^e.a^b mod p\n"); printf("F3 = 257, F4 = 65537\n"); printf("RSA - Rivest-Shamir-Adleman\n"); printf("DH - Diffie Hellman Key exchange\n"); printf("DSA - Digital Signature Algorithm\n"); printf("\n512 bit prime....\n"); cinstr(p,p512); k=512; j=160; tr1=powers(k,j,p); td=powers_double(k,j,p); tr2=powers(k,k,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n1024 bit prime....\n"); cinstr(p,p1024); k=1024; j=160; tr1=powers(k,j,p); td=powers_double(k,j,p); tr2=powers(k,k,p); tv1=powers_small_exp(k,3,p); tv2=powers_small_exp(k,65537L,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2); printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1); printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n2048 bit prime....\n"); cinstr(p,p2048); k=2048; j=256; tr1=powers(k,j,p); td=powers_double(k,j,p); powers(k,k,p); tv1=powers_small_exp(k,3,p); tv2=powers_small_exp(k,65537L,p); ts=powers_small_base(3,j,p); tp=powers_precomp(k,j,p); printf("\n"); printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1); printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2); printf("%4d bit DH %d bit exponent:-\n",k,j); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, small base %8.2lf ms \n",ts); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit DSA %d bit exponent:-\n",k,j); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n"); printf("Elliptic Curve point multiplication benchmarks - calculating r.P\n"); printf("From these figures it should be possible to roughly estimate the time\n"); printf("required for your favourite EC PK algorithm, ECDSA, ECDH, etc.\n"); printf("Key - ER - Elliptic Curve point multiplication r.P\n"); printf(" ED - Elliptic Curve double multiplication r.P + s.Q\n"); printf(" EP - Elliptic Curve multiplication with precomputation\n"); printf("EC - Elliptic curve GF(p) - p of no special form \n"); printf("ECDH - Diffie Hellman Key exchange\n"); printf("ECDSA - Digital Signature Algorithm\n"); mip->IOBASE=10; printf("\n160 bit GF(p) Elliptic Curve....\n"); k=160; cinstr(p,p160); cinstr(b,b160); cinstr(y,y160); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n192 bit GF(p) Elliptic Curve....\n"); k=192; cinstr(p,p192); cinstr(b,b192); cinstr(y,y192); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n224 bit GF(p) Elliptic Curve....\n"); k=224; cinstr(p,p224); cinstr(b,b224); cinstr(y,y224); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n256 bit GF(p) Elliptic Curve....\n"); k=256; cinstr(p,p256); cinstr(b,b256); cinstr(y,y256); ecurve_init(a,b,p,MR_PROJECTIVE); g=epoint_init(); if (!epoint_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults(k,g); td=mult_double(k,g); tp=mult_precomp(k,x,y,a,b,p); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); #ifndef MR_FP printf("\n163 bit GF(2^m) Elliptic Curve....\n"); k=163; mip->IOBASE=16; cinstr(b,B163); cinstr(x,x163); cinstr(y,y163); mip->IOBASE=10; convert(A163,A2); ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n163 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=163; mip->IOBASE=16; cinstr(b,KB163); cinstr(x,Kx163); cinstr(y,Ky163); mip->IOBASE=10; convert(KA163,A2); ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n233 bit GF(2^m) Elliptic Curve....\n"); k=233; mip->IOBASE=16; cinstr(b,B233); cinstr(x,x233); cinstr(y,y233); mip->IOBASE=10; convert(A233,A2); ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n233 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=233; mip->IOBASE=16; cinstr(b,KB233); cinstr(x,Kx233); cinstr(y,Ky233); mip->IOBASE=10; convert(KA233,A2); ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n283 bit GF(2^m) Elliptic Curve....\n"); k=283; mip->IOBASE=16; cinstr(b,B283); cinstr(x,x283); cinstr(y,y283); mip->IOBASE=10; convert(A283,A2); ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n283 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=283; mip->IOBASE=16; cinstr(b,KB283); cinstr(x,Kx283); cinstr(y,Ky283); mip->IOBASE=10; convert(KA283,A2); ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n571 bit GF(2^m) Elliptic Curve....\n"); k=571; mip->IOBASE=16; cinstr(b,B571); cinstr(x,x571); cinstr(y,y571); mip->IOBASE=10; convert(A571,A2); ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); printf("\n571 bit GF(2^m) Koblitz Elliptic Curve....\n"); k=571; mip->IOBASE=16; cinstr(b,KB571); cinstr(x,Kx571); cinstr(y,Ky571); mip->IOBASE=10; convert(KA571,A2); ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE); g=epoint_init(); if (!epoint2_set(x,y,0,g)) { printf("This is not a point on the curve!\n"); exit(0); } tr1=mults2(k,g); td=mult2_double(k,g); tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571); printf("\n"); printf("%4d bit ECDH :-\n",k); printf(" offline, no precomputation %8.2lf ms \n",tr1); printf(" offline, w. precomputation %8.2lf ms \n",tp); printf(" online %8.2lf ms \n",tr1); printf("%4d bit ECDSA :-\n",k); printf(" signature no precomputation %8.2lf ms \n",tr1); printf(" signature w. precomputation %8.2lf ms \n",tp); printf(" verification %8.2lf ms \n",td); #endif return 0; }
int main() { /* Pollard's lambda algorithm for finding discrete logs * * which are known to be less than a certain limit LIMIT */ big x,n,t,trap,table[32]; int i,j,m; long dm,dn,s,distance[32]; miracl *mip=mirsys(50,0); x=mirvar(0); n=mirvar(0); t=mirvar(0); trap=mirvar(0); for (s=1L,m=1;;m++) { /* find table size */ distance[m-1]=s; s*=2; if ((2*s/m)>(LEAPS/4)) break; } mip->IOBASE=60; /* get large modulus */ cinstr(n,modulus); mip->IOBASE=10; printf("solve discrete logarithm problem - using Pollard's kangaroos\n"); printf("finds x in y=%d^x mod n, given y, for fixed n and small x\n",ALPHA); printf("known to be less than %ld\n",LIMIT); printf("n= "); cotnum(n,stdout); for (i=0;i<m;i++) { /* create table */ lgconv(distance[i],t); table[i]=mirvar(0); powltr(ALPHA,t,n,table[i]); } lgconv(LIMIT,t); powltr(ALPHA,t,n,x); printf("setting trap .... \n"); for (dn=0L,j=0;j<LEAPS;j++) { /* set traps beyond LIMIT using tame kangaroo */ i=subdiv(x,m,t); /* random function */ mad(x,table[i],x,n,n,x); dn+=distance[i]; } printf("trap set!\n"); copy(x,trap); forever { /* ready to solve */ printf("Enter x= "); cinnum(x,stdin); if (size(x)<=0) break; powltr(ALPHA,x,n,t); printf("y= "); cotnum(t,stdout); copy(t,x); for (dm=0L;;) { /* unlease wild kangaroo - boing - boing ... */ i=subdiv(x,m,t); mad(x,table[i],x,n,n,x); dm+=distance[i]; if (compare(x,trap)==0 || dm>LIMIT+dn) break; } if (dm>LIMIT+dn) { /* trap stepped over */ printf("trap failed\n"); continue; } printf("Gotcha!\n"); printf("Discrete log of y= %ld\n",LIMIT+dn-dm); } return 0; }