BOOL froot(_MIPD_ flash x,int n,flash w)
{ /* extract nth root of x - w=x^(1/n) using Newtons method */
BOOL minus,rn,rm,hack;
int nm,dn,s,op[5];
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
copy(x,w);
if (mr_mip->ERNUM || n==1) return TRUE;
if (n==(-1))
{
frecip(_MIPP_ w,w);
return TRUE;
}
MR_IN(52)
minus=FALSE;
if (n<0)
{
minus=TRUE;
n=(-n);
}
s=exsign(w);
if (n%2==0 && s==MINUS)
{
mr_berror(_MIPP_ MR_ERR_NEG_ROOT);
MR_OUT
return FALSE;
}
double fdsize(_MIPD_ flash w)
{ /* express flash number as double. */
int i,s,en,ed;
double n,d,b,BIGGEST;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM || size(w)==0) return (0.0);
MR_IN(11)
BIGGEST=pow(2.0,(double)(1<<(MR_EBITS-4)));
mr_mip->EXACT=FALSE;
n=0.0;
d=0.0;
if (mr_mip->base==0) b=pow(2.0,(double)MIRACL);
else b=(double)mr_mip->base;
numer(_MIPP_ w,mr_mip->w1);
s=exsign(mr_mip->w1);
insign(PLUS,mr_mip->w1);
en=(int)mr_mip->w1->len;
for (i=0;i<en;i++)
n=(double)mr_mip->w1->w[i]+(n/b);
denom(_MIPP_ w,mr_mip->w1);
ed=(int)mr_mip->w1->len;
for (i=0;i<ed;i++)
d=(double)mr_mip->w1->w[i]+(d/b);
n/=d;
while (en!=ed)
{
if (en>ed)
{
ed++;
if (BIGGEST/b<n)
{
mr_berror(_MIPP_ MR_ERR_DOUBLE_FAIL);
MR_OUT
return (0.0);
}
n*=b;
}
int xgcd(_MIPD_ big x,big y,big xd,big yd,big z)
{ /* greatest common divisor by Euclids method *
* extended to also calculate xd and yd where *
* z = x.xd + y.yd = gcd(x,y) *
* if xd, yd not distinct, only xd calculated *
* z only returned if distinct from xd and yd *
* xd will always be positive, yd negative */
int s,n,iter;
mr_small r,a,b,c,d;
mr_small q,m,sr;
#ifdef MR_FP
mr_small dres;
#endif
#ifdef mr_dltype
union doubleword uu,vv;
mr_large u,v,lr;
#else
mr_small u,v,lr;
#endif
BOOL last,dplus=TRUE;
big t;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return 0;
MR_IN(30)
#ifdef MR_COUNT_OPS
fpx++;
#endif
copy(x,mr_mip->w1);
copy(y,mr_mip->w2);
s=exsign(mr_mip->w1);
insign(PLUS,mr_mip->w1);
insign(PLUS,mr_mip->w2);
convert(_MIPP_ 1,mr_mip->w3);
zero(mr_mip->w4);
last=FALSE;
a=b=c=d=0;
iter=0;
while (size(mr_mip->w2)!=0)
{
if (b==0)
{ /* update mr_mip->w1 and mr_mip->w2 */
divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5);
t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */
multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0);
add(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */
iter++;
}
else
{
/* printf("a= %I64u b= %I64u c= %I64u d= %I64u \n",a,b,c,d); */
mr_pmul(_MIPP_ mr_mip->w1,c,mr_mip->w5); /* c*w1 */
mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1); /* a*w1 */
mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w0); /* b*w2 */
mr_pmul(_MIPP_ mr_mip->w2,d,mr_mip->w2); /* d*w2 */
if (!dplus)
{
mr_psub(_MIPP_ mr_mip->w0,mr_mip->w1,mr_mip->w1); /* b*w2-a*w1 */
mr_psub(_MIPP_ mr_mip->w5,mr_mip->w2,mr_mip->w2); /* c*w1-d*w2 */
}
else
{
mr_psub(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1); /* a*w1-b*w2 */
mr_psub(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2); /* d*w2-c*w1 */
}
mr_pmul(_MIPP_ mr_mip->w3,c,mr_mip->w5);
mr_pmul(_MIPP_ mr_mip->w3,a,mr_mip->w3);
mr_pmul(_MIPP_ mr_mip->w4,b,mr_mip->w0);
mr_pmul(_MIPP_ mr_mip->w4,d,mr_mip->w4);
if (a==0) copy(mr_mip->w0,mr_mip->w3);
else mr_padd(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
mr_padd(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4);
}
if (mr_mip->ERNUM || size(mr_mip->w2)==0) break;
n=(int)mr_mip->w1->len;
if (n==1)
{
last=TRUE;
u=mr_mip->w1->w[0];
v=mr_mip->w2->w[0];
}
else
{
m=mr_mip->w1->w[n-1]+1;
#ifndef MR_SIMPLE_BASE
if (mr_mip->base==0)
{
#endif
#ifndef MR_NOFULLWIDTH
#ifdef mr_dltype
/* use double length type if available */
if (n>2 && m!=0)
{ /* squeeze out as much significance as possible */
uu.h[MR_TOP]=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr);
uu.h[MR_BOT]=muldvm(sr,mr_mip->w1->w[n-3],m,&sr);
vv.h[MR_TOP]=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr);
vv.h[MR_BOT]=muldvm(sr,mr_mip->w2->w[n-3],m,&sr);
}
else
{
uu.h[MR_TOP]=mr_mip->w1->w[n-1];
uu.h[MR_BOT]=mr_mip->w1->w[n-2];
vv.h[MR_TOP]=mr_mip->w2->w[n-1];
vv.h[MR_BOT]=mr_mip->w2->w[n-2];
if (n==2) last=TRUE;
}
u=uu.d;
v=vv.d;
#else
if (m==0)
{
u=mr_mip->w1->w[n-1];
v=mr_mip->w2->w[n-1];
}
else
{
u=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr);
v=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr);
}
#endif
#endif
#ifndef MR_SIMPLE_BASE
}
else
{
#ifdef mr_dltype
if (n>2)
{ /* squeeze out as much significance as possible */
u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr);
u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1->w[n-3],m,&sr);
v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr);
v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2->w[n-3],m,&sr);
}
else
{
u=(mr_large)mr_mip->base*mr_mip->w1->w[n-1]+mr_mip->w1->w[n-2];
v=(mr_large)mr_mip->base*mr_mip->w2->w[n-1]+mr_mip->w2->w[n-2];
last=TRUE;
}
#else
u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr);
v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr);
#endif
}
#endif
}
dplus=TRUE;
a=1; b=0; c=0; d=1;
forever
{ /* work only with most significant piece */
if (last)
{
if (v==0) break;
q=qdiv(u,v);
if (q==0) break;
}
else
{
if (dplus)
{
if ((mr_small)(v-c)==0 || (mr_small)(v+d)==0) break;
q=qdiv(u+a,v-c);
if (q==0) break;
if (q!=qdiv(u-b,v+d)) break;
}
else
{
if ((mr_small)(v+c)==0 || (mr_small)(v-d)==0) break;
q=qdiv(u-a,v+c);
if (q==0) break;
if (q!=qdiv(u+b,v-d)) break;
}
}
if (q==1)
{
if ((mr_small)(b+d) >= MAXBASE) break;
r=a+c; a=c; c=r;
r=b+d; b=d; d=r;
lr=u-v; u=v; v=lr;
}
else
{
if (q>=MR_DIV(MAXBASE-b,d)) break;
r=a+q*c; a=c; c=r;
r=b+q*d; b=d; d=r;
lr=u-q*v; u=v; v=lr;
}
iter++;
dplus=!dplus;
}
iter%=2;
}
if (s==MINUS) iter++;
if (iter%2==1) subtract(_MIPP_ y,mr_mip->w3,mr_mip->w3);
if (xd!=yd)
{
negify(x,mr_mip->w2);
mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4);
copy(mr_mip->w4,yd);
}
copy(mr_mip->w3,xd);
if (z!=xd && z!=yd) copy(mr_mip->w1,z);
MR_OUT
return (size(mr_mip->w1));
}
{
zero(z);
return;
}
MR_IN(34)
if (size(den)==0)
{
mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW);
MR_OUT
return;
}
copy(num,mr_mip->w5);
copy(den,mr_mip->w6);
s=exsign(mr_mip->w5)*exsign(mr_mip->w6);
insign(PLUS,mr_mip->w5);
insign(PLUS,mr_mip->w6);
if (compare(mr_mip->w5,mr_mip->w6)==0)
{
convert(_MIPP_ s,z);
MR_OUT
return;
}
if (size(mr_mip->w6)==1)
{
if ((int)mr_mip->w5->len>mr_mip->nib)
{
mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW);
MR_OUT
return;
/*
* function encodeByteArrayToPoint : Encodes the given byte array into a point.
* If the given byte array can not be encoded to a point, returns 0.
* param dlog : Pointer to the native Dlog object.
* param binaryString : The byte array to encode.
* param k : k is the maximum length of a string to be converted to a Group Element of this group.
* If a string exceeds the k length it cannot be converted.
* return : The created point or 0 if the point cannot be created.
*/
JNIEXPORT jlong JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECFp_encodeByteArrayToPoint
(JNIEnv * env, jobject, jlong m, jbyteArray binaryString, jint k){
//Pseudo-code:
/*If the length of binaryString exceeds k then throw IndexOutOfBoundsException.
Let L be the length in bytes of p
Choose a random byte array r of length L – k – 2 bytes
Prepare a string newString of the following form: r || binaryString || binaryString.length (where || denotes concatenation) (i.e., the least significant byte of newString is the length of binaryString in bytes)
Convert the result to a BigInteger (bIString)
Compute the elliptic curve equation for this x and see if there exists a y such that (x,y) satisfies the equation.
If yes, return (x,y)
Else, go back to step 3 (choose a random r etc.) up to 80 times (This is an arbitrary hard-coded number).
If did not find y such that (x,y) satisfies the equation after 80 trials then return null.
*/
/* convert the accepted parameters to MIRACL parameters*/
miracl* mip = (miracl*)m;
jbyte* string = (jbyte*) env->GetByteArrayElements(binaryString, 0);
int len = env->GetArrayLength(binaryString);
if (len > k){
env ->ReleaseByteArrayElements(binaryString, string, 0);
return 0;
}
big x, p;
x = mirvar(mip, 0);
p = mip->modulus;
int l = logb2(mip, p)/8;
char* randomArray = new char[l-k-2];
char* newString = new char[l - k - 1 + len];
memcpy(newString+l-k-2, string, len);
newString[l - k - 2 + len] = (char) len;
int counter = 0;
bool success = 0;
csprng rng;
srand(time(0));
long seed;
char raw = rand();
time((time_t*)&seed);
strong_init(&rng,1,&raw,seed);
do{
for (int i=0; i<l-k-2; i++){
randomArray[i] = strong_rng(&rng);
}
memcpy(newString, randomArray, l-k-2);
bytes_to_big(mip, l - k - 1 + len, newString, x);
//If the number is negative, make it positive.
if(exsign(x)== -1){
absol(x, x);
}
//epoint_x returns true if the given x value leads to a valid point on the curve.
//if failed, go back to choose a random r etc.
success = epoint_x(mip, x);
counter++;
} while((!success) && (counter <= 80)); //we limit the amount of times we try to 80 which is an arbitrary number.
epoint* point = 0;
if (success){
point = epoint_init(mip);
epoint_set(mip, x, x, 0, point);
}
char* temp = new char[l - k - 1 + len];
big_to_bytes(mip,l - k - 1 + len , x, temp, 1);
//Delete the allocated memory.
env ->ReleaseByteArrayElements(binaryString, string, 0);
mirkill(x);
delete(randomArray);
delete(newString);
//Return the created point.
return (long) point;
}
static void mr_select(_MIPD_ big x,int d,big y,big z)
{ /* perform required add or subtract operation */
int sx,sy,sz,jf,xgty;
#ifdef MR_FLASH
if (mr_notint(x) || mr_notint(y))
{
mr_berror(_MIPP_ MR_ERR_INT_OP);
return;
}
#endif
sx=exsign(x);
sy=exsign(y);
sz=0;
x->len&=MR_OBITS; /* force operands to be positive */
y->len&=MR_OBITS;
xgty=mr_compare(x,y);
jf=(1+sx)+(1+d*sy)/2;
switch (jf)
{ /* branch according to signs of operands */
case 0:
if (xgty>=0)
mr_padd(_MIPP_ x,y,z);
else
mr_padd(_MIPP_ y,x,z);
sz=MINUS;
break;
case 1:
if (xgty<=0)
{
mr_psub(_MIPP_ y,x,z);
sz=PLUS;
}
else
{
mr_psub(_MIPP_ x,y,z);
sz=MINUS;
}
break;
case 2:
if (xgty>=0)
{
mr_psub(_MIPP_ x,y,z);
sz=PLUS;
}
else
{
mr_psub(_MIPP_ y,x,z);
sz=MINUS;
}
break;
case 3:
if (xgty>=0)
mr_padd(_MIPP_ x,y,z);
else
mr_padd(_MIPP_ y,x,z);
sz=PLUS;
break;
}
if (sz<0) z->len^=MR_MSBIT; /* set sign of result */
if (x!=z && sx<0) x->len^=MR_MSBIT; /* restore signs to operands */
if (y!=z && y!=x && sy<0) y->len^=MR_MSBIT;
}
int xgcd(_MIPD_ big x,big y,big xd,big yd,big z)
{ /* greatest common divisor by Euclids method *
* extended to also calculate xd and yd where *
* z = x.xd + y.yd = gcd(x,y) *
* if xd, yd not distinct, only xd calculated *
* z only returned if distinct from xd and yd *
* xd will always be positive, yd negative */
int q,r,a,b,c,d,s,n;
mr_small m,sr;
#ifdef mr_dltype
mr_large u,v,lq,lr;
#else
mr_small u,v,lq,lr;
#endif
BOOL last;
big t;
#ifndef MR_GENERIC_MT
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return 0;
MR_IN(30)
copy(x,mr_mip->w1);
copy(y,mr_mip->w2);
s=exsign(mr_mip->w1);
insign(PLUS,mr_mip->w1);
insign(PLUS,mr_mip->w2);
/* copy(mr_mip->w1,mr_mip->w3);
copy(mr_mip->w2,mr_mip->w4); */
convert(_MIPP_ 1,mr_mip->w3);
zero(mr_mip->w4);
last=FALSE;
a=b=c=d=0;
while (size(mr_mip->w2)!=0)
{
if (b==0)
{ /* update mr_mip->w1 and mr_mip->w2 */
divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5);
t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */
multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0);
subtract(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */
}
else
{
premult(_MIPP_ mr_mip->w1,c,mr_mip->w5);
premult(_MIPP_ mr_mip->w1,a,mr_mip->w1);
premult(_MIPP_ mr_mip->w2,b,mr_mip->w0);
premult(_MIPP_ mr_mip->w2,d,mr_mip->w2);
add_r(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1);
add_r(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2);
premult(_MIPP_ mr_mip->w3,c,mr_mip->w5);
premult(_MIPP_ mr_mip->w3,a,mr_mip->w3);
premult(_MIPP_ mr_mip->w4,b,mr_mip->w0);
premult(_MIPP_ mr_mip->w4,d,mr_mip->w4);
add_r(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
add_r(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4);
}
if (mr_mip->ERNUM || size(mr_mip->w2)==0) break;
n=(int)mr_mip->w1[0];
a=1;
b=0;
c=0;
d=1;
if (n==1)
{
last=TRUE;
u=mr_mip->w1[1];
v=mr_mip->w2[1];
}
else
{
m=mr_mip->w1[n]+1;
if (mr_mip->base==0)
{
#ifdef mr_dltype
/* use double length type if available */
if (n>2 && m!=0)
{ /* squeeze out as much significance as possible */
MR_TOP(u)=muldvm(mr_mip->w1[n],mr_mip->w1[n-1],m,&sr);
MR_BOT(u)=muldvm(sr,mr_mip->w1[n-2],m,&sr);
MR_TOP(v)=muldvm(mr_mip->w2[n],mr_mip->w2[n-1],m,&sr);
MR_BOT(v)=muldvm(sr,mr_mip->w2[n-2],m,&sr);
}
else
{
MR_TOP(u)=mr_mip->w1[n];
MR_BOT(u)=mr_mip->w1[n-1];
MR_TOP(v)=mr_mip->w2[n];
MR_BOT(v)=mr_mip->w2[n-1];
if (n==2) last=TRUE;
}
#else
if (m==0)
{
u=mr_mip->w1[n];
v=mr_mip->w2[n];
}
else
{
u=muldvm(mr_mip->w1[n],mr_mip->w1[n-1],m,&sr);
v=muldvm(mr_mip->w2[n],mr_mip->w2[n-1],m,&sr);
}
#endif
}
else
{
#ifdef mr_dltype
/* use double length type if available */
if (n>2)
{ /* squeeze out as much significance as possible */
u=muldiv(mr_mip->w1[n],mr_mip->base,mr_mip->w1[n-1],m,&sr);
u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1[n-2],m,&sr);
v=muldiv(mr_mip->w2[n],mr_mip->base,mr_mip->w2[n-1],m,&sr);
v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2[n-2],m,&sr);
}
else
{
u=(mr_large)mr_mip->base*mr_mip->w1[n]+mr_mip->w1[n-1];
v=(mr_large)mr_mip->base*mr_mip->w2[n]+mr_mip->w2[n-1];
last=TRUE;
}
#else
u=muldiv(mr_mip->w1[n],mr_mip->base,mr_mip->w1[n-1],m,&sr);
v=muldiv(mr_mip->w2[n],mr_mip->base,mr_mip->w2[n-1],m,&sr);
#endif
}
}
forever
{ /* work only with most significant piece */
if (last)
{
if (v==0) break;
lq=u/v;
}
else
{
if (((v+c)==0) || ((v+d)==0)) break;
lq=(u+a)/(v+c);
if (lq!=(u+b)/(v+d)) break;
}
#ifdef mr_dltype
if (lq>=(mr_large)(MR_TOOBIG/abs(d))) break;
#else
if (lq>=(mr_small)(MR_TOOBIG/abs(d))) break;
#endif
q=(int)lq;
r=a-q*c;
a=c;
c=r;
r=b-q*d;
b=d;
d=r;
lr=u-lq*v;
u=v;
v=lr;
}
}
if (s==MINUS) negate(mr_mip->w3,mr_mip->w3);
if (size(mr_mip->w3)<=0) add_r(_MIPP_ mr_mip->w3,y,mr_mip->w3);
if (xd!=yd)
{
negate(x,mr_mip->w2);
mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4);
copy(mr_mip->w4,yd);
}
copy(mr_mip->w3,xd);
if (z!=xd && z!=yd) copy(mr_mip->w1,z);
MR_OUT
return (size(mr_mip->w1));
}
