/** * Applique euclide etendu a nb1 et nb2 * @param resultat tableau de 3 entiers : u, v et r tels que r=pgcd(nb1, nb2) et a*u+b*v=r */ void euclide_etendu(mpz_t nb1, mpz_t nb2, mpz_t *resultat){ mpz_t r, r1, u, u1, v, v1; mpz_inits(r, r1, NULL); mpz_set(r, nb1); mpz_set(r1, nb2); mpz_init_set_si(u, 1); mpz_init_set_si(u1, 0); mpz_init_set_si(v, 0); mpz_init_set_si(v1, 1); /* printf("u=%ld, v=%ld, pgcd=%ld\n",mpz_get_si(u),mpz_get_si(v), mpz_get_si(r)); */ mpz_t q, r_temp, u_temp, v_temp, tmp; mpz_inits(q, r_temp, u_temp, v_temp, tmp, NULL); while (mpz_get_si(r1) != 0){ mpz_cdiv_q(q,r,r1); /* Division entiere */ mpz_set(r_temp,r); mpz_set(u_temp,u); mpz_set(v_temp,v); mpz_set(r,r1); mpz_set(u,u1); mpz_set(v,v1); mpz_mul(tmp, q, r1); mpz_sub(r1, r_temp, tmp); /* r1=r_temp-q*r1; */ mpz_mul(tmp, q, u1); mpz_sub(u1, u_temp, tmp); mpz_mul(tmp, q, v1); mpz_sub(v1, v_temp, tmp); } if(mpz_get_si(r)<0){ mpz_neg(u,u); mpz_neg(v,v); mpz_neg(r,r); } mpz_set(resultat[0],u); mpz_set(resultat[1],v); mpz_set(resultat[2],r); /* Creer une fonction */ /* Clear */ mpz_clear(r); mpz_clear(r1); mpz_clear(u); mpz_clear(u1); mpz_clear(v); mpz_clear(v1); }
//~ eq : (a*X^2 + Y^2)*Z^2 = Z^4 + d*(X^2)*(Y^2) int is_on_curve_extProj(ExtProjPoint *op){ int rep; mpz_t leq, req, lx, ly, lz; mpz_inits (leq, req, lx, ly, lz, NULL); mpz_mul (lx, op->X, op->X); mpz_mod (lx, lx, p); mpz_mul (ly, op->Y, op->Y); mpz_mod (ly, ly, p); mpz_mul (lz, op->Z, op->Z); mpz_mod (lz, lz, p); mpz_mul (leq, lx, curve_a); mpz_add (leq, leq, ly); mpz_mul (leq, leq, lz); mpz_mod (leq, leq, p); // leq <-- (a*X^2 + Y^2)*Z^2 mpz_mul (lz, lz, lz); mpz_mod (lz, lz, p); // lz <-- Z^4 mpz_mul (req, lx, ly); mpz_mul (req, req, curve_d); mpz_add (req, req, lz); mpz_mod (req, req, p); // req <-- Z^4 + d*(X^2)*(Y^2) rep = mpz_cmp (leq, req); mpz_clears (leq, req, lx, ly, lz, NULL); return (rep==0); }
// sign a hash using ECDSA, hash must be a string in base used during initialisation. // private key and a generator point are required for it to work (look SetDomain // and SetKeys) void ECDSA::Sign( char *hash, char *&r, char *&s ) { mpz_t z,k,rr,ss,t,u; ECPoint kG; mpz_init_set_str(z, hash, m_base); mpz_inits(k, rr, ss, t, u, NULL); do { mpz_urandomm(k, m_st, ecc->m_n); ecc->MultiplePoint(k, ecc->m_G, kG); mpz_set(rr, kG.x); mpz_mod(rr, rr, ecc->m_n); } while (!mpz_cmp_ui(rr, 0)); do { mpz_set(t,z); mpz_addmul(t,rr,ecc->m_dA); mpz_set(u,k); mpz_invert(u,u,ecc->m_n); mpz_mul(ss, t, u); mpz_mod(ss, ss, ecc->m_n); } while (!mpz_cmp_ui(ss, 0)); mpz_get_str(r, m_base, rr); mpz_get_str(s, m_base, ss); mpz_clears(z,k,rr,ss,t,u,NULL); return; }
void PaillierAdapter::keygen( unsigned int modulusbits, paillier_pubkey* pub, paillier_prvkey* prv, unsigned int init_s) { mpz_t p, q; mpz_inits(p, q, NULL); /* pick random (modulusbits/2)-bit primes p and q */ do { get_prime_of_size(p, modulusbits / 2); get_prime_of_size(q, modulusbits / 2); mpz_mul(*pub->getnj(1), p, q); }while(mpz_sizeinbase(*pub->getnj(1), 2) != modulusbits); pub->setbits(modulusbits); pub->setinit_s(init_s); pub->complete_key(init_s+1); /*we don't know if it will be used beyond one level*/ /* compute the private key lambda = lcm(p-1,q-1) */ mpz_sub_ui(p, p, 1); mpz_sub_ui(q, q, 1); mpz_lcm(prv->d, p, q); mpz_invert(prv->inv_d, prv->d ,*pub->getnj(init_s)); /* clear temporary integers */ mpz_clears(p, q, NULL); }
int verifyZZ_p(Sig * sig, char * msg, PointZZ_p * Q, const CurveZZ_p * curve) { mpz_t e, w, u1, u2; PointZZ_p tmp; mpz_inits(w, u1, u2, tmp.x, tmp.y, NULL); // convert digest to integer (digest is computed as hex in ecdsa.py) mpz_init_set_str(e, msg, 16); int orderBits = mpz_sizeinbase(curve->q, 2); int digestBits = strlen(msg) * 4; if(digestBits > orderBits) { mpz_fdiv_q_2exp(e, e, digestBits - orderBits); } mpz_invert(w, sig->s, curve->q); mpz_mul(u1, e, w); mpz_mod(u1, u1, curve->q); mpz_mul(u2, sig->r, w); mpz_mod(u2, u2, curve->q); pointZZ_pShamirsTrick(&tmp, curve->g, u1, Q, u2, curve); mpz_mod(tmp.x, tmp.x, curve->q); int equal = (mpz_cmp(tmp.x, sig->r) == 0); mpz_clears(e, w, u1, u2, tmp.x, tmp.y, NULL); return equal; }
int is_on_curve_jac(JacPoint *jp, const mpz_t a, const mpz_t b){ int rep; mpz_t c, d, e; mpz_inits (c, d, e, NULL); //~ c= Z^2 mpz_mul (c, jp->Z, jp->Z); mpz_mod (c, c, p); //~ d= Z^4 mpz_mul (d, c, c); mpz_mod (d, d, p); //~ c = bZ^6 mpz_mul (c, c, d); mpz_mul (c, c, b); mpz_mod (c, c, p); //~ d=aXZ^4 (p) mpz_mul (d, d, a); mpz_mul (d, d, jp->X); mpz_mod (d, d, p); //~ e= X^3 (p) mpz_mul (e, jp->X, jp->X); mpz_mul (e, e, jp->X); mpz_mod (e, e, p); //~ e = X^3 +aXZ^4 +bZ^6 (p) mpz_add (e, e, c); mpz_add (e, e, d); mpz_mod (e, e, p); //~ c= Y^2 (p) mpz_mul (c, jp->Y, jp->Y); mpz_mod (c, c, p); rep = mpz_cmp (c, e); mpz_clears(c, d, e, NULL); return (rep==0); }
void signZZ_p(Sig * sig, char * msg, mpz_t d, mpz_t k, const CurveZZ_p * curve) { mpz_t e, kinv; // R = k * G, r = R[x] PointZZ_p R; pointZZ_pMul(&R, curve->g, k, curve); mpz_init_set(sig->r, R.x); mpz_mod(sig->r, sig->r, curve->q); // convert digest to integer (digest is computed as hex in ecdsa.py) mpz_init_set_str(e, msg, 16); int orderBits = mpz_sizeinbase(curve->q, 2); int digestBits = strlen(msg) * 4; if(digestBits > orderBits) { mpz_fdiv_q_2exp(e, e, digestBits - orderBits); } // s = (k^-1 * (e + d * r)) mod n mpz_inits(kinv, sig->s, NULL); mpz_invert(kinv, k, curve->q); mpz_mul(sig->s, d, sig->r); mpz_add(sig->s, sig->s, e); mpz_mul(sig->s, sig->s, kinv); mpz_mod(sig->s, sig->s, curve->q); mpz_clears(R.x, R.y, e, kinv, NULL); }
void ecc_init_set_afn(ecc_afn_t *P, ecc_afn_t *Q) { mpz_inits(P->x, P->y, NULL); mpz_set(P->x, Q->x); mpz_set(P->y, Q->y); }
/* void RSA_decrypt_chunk(string, mpz_t, RSA_PRIVATE) * decrypts cipher using one's private key */ void RSA_decrypt_chunk(string &message, mpz_t &cipher, RSA_PRIVATE &priv) { mpz_t m, m1, m2, h; mpz_inits(m, m1, m2, h, NULL); mpz_powm(m1, cipher, priv.dP, priv.p); mpz_powm(m2, cipher, priv.dQ, priv.q); if (mpz_cmp(m1, m2) < 0) mpz_add(m1, m1, priv.p); mpz_sub(m1, m1, m2); mpz_mul(h, priv.qInv, m1); mpz_mod(h, h, priv.p); mpz_mul(h, h, priv.q); mpz_add(m, m2, h); // now we have m decrypted, but we still need to unhask // the message from it // EB = 00 || 02 || PS || 00 || D message = mpz_get_str(NULL, 16, m); int msg_start = message.rfind("00") + 2; message = message.substr(msg_start); // message now contains decrypted text but in numbers in base 16 // below code converts number from base 16 into chars string msg(message.length() / 2, ' '); for (unsigned int i=0; i<message.length(); i+=2) { msg[0.5*i] = (unsigned char) hex2decbyte(message[i], message[i+1]); } message = msg; mpz_clears(m, m1, m2, h, NULL); // tidying }
static void randomize(mpz_t u, mpz_t v, const mpz_t g, const mpz_t h, const mpz_t gp, const mpz_t hp, struct params *p) { mpz_t s, t, tmp; mpz_inits(s, t, tmp, NULL); random_element(s, p); random_element(t, p); /* compute g^s h^t */ mpz_powm(tmp, g, s, p->p); mpz_powm(u, h, t, p->p); mpz_mul(u, u, tmp); mpz_mod(u, u, p->p); /* compute gp^s hp^t */ mpz_powm(tmp, gp, s, p->p); mpz_powm(v, hp, t, p->p); mpz_mul(v, v, tmp); mpz_mod(v, v, p->p); mpz_clears(s, t, tmp, NULL); }
int main(int argc, char **argv) { mp_bitcnt_t bit_width = 0; int base = kDefaultBase; static const struct option long_options[] = { { "help", no_argument, NULL, 'h' }, { "use-random", no_argument, NULL, 'r' }, { "base", required_argument, NULL, 'b' }, { "bit-width", required_argument, NULL, 's' }, { NULL, 0, NULL, 0 } }; for (;;) { int opt = getopt_long(argc, argv, "hrb:s:", long_options, NULL); if (opt == -1) break; switch (opt) { case 'r': gRNGFilename = "/dev/random"; break; case 'b': if (simple_strtoi(&base, optarg, 10) < 0 || (base > -2 && base < 2) || base < -36 || base > 62) fatal("invalid base: '%s'", optarg); break; case 's': if (simple_strtoul(&bit_width, optarg, 10) < 0 || bit_width == 0) fatal("invalid bit width: '%s'", optarg); break; case 'h': print_usage(); return EXIT_SUCCESS; default: return EXIT_FAILURE; } } argv += optind; argc -= optind; if (argc > 2 || (bit_width != 0 && argc > 0)) fatal("too many arguments"); mpz_t low, high, result; mpz_inits(low, high, result, NULL); if (argc == 2) { arg_to_mpz(low, argv[0]); arg_to_mpz(high, argv[1]); } else if (argc == 1) { arg_to_mpz(high, argv[0]); } else if (bit_width != 0) { mpz_setbit(high, bit_width); } else { mpz_set_ui(high, kDefaultUpperBound); } get_random_mpz(result, low, high); mpz_out_str(stdout, base, result); putchar('\n'); mpz_clears(low, high, result, NULL); return EXIT_SUCCESS; }
void ecc_init_setstr_afn(ecc_afn_t *P, char *x, char *y) { mpz_inits(P->x, P->y, NULL); mpz_set_str(P->x, x, 10); mpz_set_str(P->y, y, 10); }
static void dm_ddh_setup_dec(struct dm_ddh_crs *crs, struct params *p) { mpz_t x, y; int file; unsigned long seed; mpz_inits(x, y, NULL); /* fix seed of random number generator */ gmp_randseed_ui(p->rnd, 0UL); find_generator(crs->g0, p); random_element(y, p); mpz_powm(crs->g1, crs->g0, y, p->p); mpz_powm(crs->h0, crs->g0, x, p->p); mpz_powm(crs->h1, crs->g1, x, p->p); mpz_clears(x, y, NULL); /* re-seed random number generator */ if ((file = open("/dev/urandom", O_RDONLY)) == -1) { (void) fprintf(stderr, "Error opening /dev/urandom\n"); } else { if (read(file, &seed, sizeof seed) == -1) { (void) fprintf(stderr, "Error reading from /dev/urandom\n"); (void) close(file); } } gmp_randseed_ui(p->rnd, seed); (void) close(file); }
/** * Private encrypt methode. * Params : * - paillier_pubkey* pub : Paillier public key pointer ; * - mpz_t m : data to encrypt ; * - unsigned int s : recursion level ; * - mpz_t c : result operande . **/ void PaillierAdapter::enc( paillier_pubkey* pub, mpz_t m, unsigned int s, mpz_t c ) { mpz_t gm, rns, r; mpz_inits( gm, rns, r, NULL); unsigned int modulusbits = publicParameters.getKeyBitsize(); do { mpz_urandomb(r, rand, (s+1)*modulusbits); } while( mpz_cmp(r, *pub->getnj(s+1)) >= 0 ); mpz_powm(gm, *pub->getg(), m, *pub->getnj(s+1)); mpz_powm(rns, r, *pub->getnj(s), *pub->getnj(s+1)); mpz_mul(c, gm, rns); mpz_mod(c,c, *pub->getnj(s+1)); #ifdef DEBUG_ENCRYPT mpz_t test; mpz_init(test); dec(pub, privateParameters.getPrvKey(), c, s, test); gmp_printf("Decrypting %Zd into %Zd\n\n", c, test); #endif mpz_clears(gm, rns, r, NULL); }
/* Test operands from a table of seed data. This variant creates the operands using a division chain. This is a hack for better coverage of the gcd code, which depends on that the random number generators give the exact numbers we expect. */ void check_kolmo2 (void) { static const struct { unsigned int seed; int nb, chain_len; } data[] = { { 917, 15, 5 }, { 1032, 18, 6 }, { 1167, 18, 6 }, { 1174, 18, 6 }, { 1192, 18, 6 }, }; gmp_randstate_t rs; mpz_t bs, a, b, want; int i; gmp_randinit_default (rs); mpz_inits (bs, a, b, want, NULL); for (i = 0; i < numberof (data); i++) { gmp_randseed_ui (rs, data[i].seed); make_chain_operands (want, a, b, rs, data[i].nb, data[i].nb, data[i].chain_len); one_test (a, b, want, -1); } mpz_clears (bs, a, b, want, NULL); gmp_randclear (rs); }
/** * Recombine les racines modulo mod1 et mod2 pour trouver les racines finales. * rac_modi[0]contient les valeurs en x des racines et rac_modi[1] celles en y. * @param rac_mod1 tableau des couples (x, y) de racines modulo mod1 * @param rac_mod2 tableau des couples (x, y) de racines modulo mod2 * @param nb1 nombre de racines (x, y) dans rac_mod1 * @param nb2 nombre de racines (x, y) dans rac_mod2 */ void find_roots(mpz_t *rac_mod1[2], mpz_t *rac_mod2[2], int nb1, int nb2, mpz_t mod1, mpz_t mod2, mpz_t **PY, mpz_t **QY, int *degres_PY, int *degresQY, int deg_P, int deg_Q, mpz_t mod){ int i, j, nb_racines=0; mpz_t rx, ry, isroot; mpz_inits(rx, ry, isroot, NULL); for(i=0; i<nb1; i++){ for(j=0; j<nb2; j++){ /* crt sur la i eme racine mod1 et la j eme mod2 */ crt(rx, rac_mod1[0][i], rac_mod2[0][j], mod1, mod2); crt(ry, rac_mod1[1][i], rac_mod2[1][j], mod1, mod2); /* on evalue en le resultat (rx, ry) trouve */ eval_bivXY(isroot, rx, ry, PY, degres_PY, deg_P, mod); /* on teste si le resultat est bien racine */ if (!mpz_cmp_si(isroot, 0)){ printf("(%ld, %ld) est racine\n", mpz_get_si(rx), mpz_get_si(ry)); nb_racines++; } } } printf("%d racines au total\n", nb_racines); }
void ecc_doubling(ecc_jcb_t *ROP, ecc_jcb_t *P, ecc_curve *curve) { mpz_t alfa, alfa1, alfa2, beta, x3_2, y3_2, y2, z3_2; if((strcmp(mpz_get_str(NULL, 10, P->x), "0") == 0) && (strcmp(mpz_get_str(NULL, 10, P->y), "0") == 0) && (strcmp(mpz_get_str(NULL, 10, P->z), "0") == 0)) { ecc_cp_jcb(ROP, P); } else { mpz_inits(alfa, alfa1, alfa2, beta, x3_2, y3_2, z3_2, y2, NULL); // alfa = 3*(x1)**2 + a * (z1**4) fp_mul_mpz(alfa1, P->x, P->x, curve->p); fp_mul_mpz(alfa2, P->z, P->z, curve->p); fp_mul_mpz(alfa2, alfa2, alfa2, curve->p); fp_mul_si(alfa1, alfa1, 3, curve->p); fp_mul_mpz(alfa2, alfa2, curve->a, curve->p); fp_add_mpz(alfa, alfa1, alfa2, curve->p); // y2 = y1**2 fp_mul_mpz(y2, P->y, P->y, curve->p); // beta = 4*x1*(y1**2) fp_mul_mpz(beta, y2, P->x, curve->p); fp_mul_si(beta, beta, 4, curve->p); mpz_set(ROP->z, P->z); // z3 = y1*z1 fp_mul_mpz(ROP->z, P->z, P->y, curve->p); // z3 = 2*y1*z1 fp_mul_si(ROP->z, ROP->z, 2, curve->p); mpz_init_set(x3_2, beta); // x3_2 = 2*beta fp_mul_si(x3_2, x3_2, 2, curve->p); mpz_set(ROP->x, alfa); // x3 = alfa**2 - 2*beta fp_mul_mpz(ROP->x, ROP->x, ROP->x, curve->p); fp_sub_mpz(ROP->x, ROP->x, x3_2, curve->p); mpz_init_set(y3_2, P->y); mpz_set(ROP->y, beta); // y3 = alfa(beta -x3) fp_sub_mpz(ROP->y, ROP->y, ROP->x, curve->p); fp_mul_mpz(ROP->y, ROP->y, alfa, curve->p); // y3_2 = 8*y1**4 fp_mul_mpz(y3_2, y2, y2, curve->p); fp_mul_si(y3_2, y3_2, 8, curve->p); // y3 = alfa(beta -x3) - 8*y1**4 fp_sub_mpz(ROP->y, ROP->y, y3_2, curve->p); mpz_clears(alfa, alfa1, alfa2, beta, x3_2, y3_2, z3_2, y2, NULL); } }
void ecc_init_setstr_jcb(ecc_jcb_t *P, char *x, char *y, char *z) { mpz_inits(P->x, P->y, P->z, NULL); mpz_set_str(P->x, x, 10); mpz_set_str(P->y, y, 10); mpz_set_str(P->z, z, 10); }
void ecc_init_set_jcb(ecc_jcb_t *P, ecc_jcb_t *Q) { mpz_inits(P->x, P->y, P->z, NULL); mpz_set(P->x, Q->x); mpz_set(P->y, Q->y); mpz_set(P->z, Q->z); }
djcs_private_key* djcs_init_private_key(void) { djcs_private_key *vk = malloc(sizeof(djcs_private_key)); if (!vk) return NULL; mpz_inits(vk->d, vk->mu, NULL); vk->s = 0; vk->n = NULL; return vk; }
// Calculate euler's totient of n, assuming n = p*q. Then, // phi(n) = phi(p)phi(q) = (p-1)(q-1) void rsa_phi(mpz_t phi_n, const mpz_t p, const mpz_t q) { mpz_t p_minus_one, q_minus_one; mpz_inits(p_minus_one, q_minus_one, '\0'); mpz_sub_ui(p_minus_one, p, 1); mpz_sub_ui(q_minus_one, q, 1); mpz_mul(phi_n, p_minus_one, q_minus_one); mpz_clears(p_minus_one, q_minus_one, '\0'); }
int main (int argc, char *argv[]) { mpz_t c, m1, m2, pc, q1, q2, e, d1, d2, phi1, phi2, tmp1, tmp2, key1, key2; FILE *fp, *fp1; char chars[3]; //initializations mpz_inits(c, m1, m2, pc, q1, q2, e, d1, d2, phi1, phi2, tmp1, tmp2, key1, key2, NULL); //Welcome! printf("Begin task 4 / 5...\n"); printf("*******************************\n"); printf("Welcome to fun with big numbers\n"); printf("Lets do some decryption\n"); printf("*******************************\n"); //Get needed input from file fp = fopen("p4in.txt", "r"); gmp_fscanf(fp, "%Zd\n%Zd\n%Zd\n%Zd", &key1, &key2, &pc, &c); gmp_printf("key1=%Zd\n\nkey2=%Zd\n\nCommon factor=%Zd\n\ncipher=%Zd\n\n", key1, key2, pc, c); fclose(fp); //setup calculating needed values mpz_cdiv_q(q1, key1, pc); mpz_cdiv_q(q2, key2, pc); mpz_set_ui(e, 65537); mpz_sub_ui(tmp1, pc, 1); mpz_sub_ui(tmp2, q1, 1); mpz_mul(phi1, tmp1, tmp2); mpz_sub_ui(tmp2, q2, 1); mpz_mul(phi2, tmp1, tmp2); mpz_invert(d1, e, phi1); mpz_invert(d2, e, phi2); //Lets try and decrypt decrypt(&m1, c, d1, key1); decrypt(&m2, c, d2, key2); fp = fopen("p4out.txt", "w"); gmp_fprintf(fp, "%Zx\n%Zx\n", m1, m2); fclose(fp); mpz_clears(c, m1, m2, pc, q1, q2, e, d1, d2, phi1, phi2, tmp1, tmp2, key1, key2, NULL); fp = fopen("p4out.txt", "r"); chars[2] = 0; while (fscanf(fp, "%c%c", chars, chars + 1) > 0){ printf("%c", (int)strtol(chars, NULL, 16)); } fclose(fp); return 0; }
l5_lhs_t * l5_rhs_new(mpz_t g, mpz_t h, mpz_t p, unsigned long x) { mpz_t tmp; l5_lhs_t * ret = (l5_lhs_t*)malloc(sizeof(l5_lhs_t)); assert(ret != NULL); mpz_inits(ret->value, tmp, NULL); ret->x = x; mpz_powm_ui(tmp, g, B20, p); mpz_powm_ui(ret->value, tmp, x, p); return ret; }
//~ Note : PP contains P, (-P + PHI_P), PHI_P and (P + PHI_P) resp. void point_from_GLVScalar(ExtProjPoint *rop, GLVScalar *k, ExtAffPoint *pp){ int j,u; mpz_t tmpX, tmpT; mpz_inits (tmpX, tmpT, NULL); j = k->j; u = k->tk1[j] + 3 * k->tk2[j]; if (u < 0){ mpz_set_ui (rop->Z, 1); mpz_set (rop->Y, pp[-u-1].y); mpz_neg (rop->X, pp[-u-1].x); mpz_neg (rop->T, pp[-u-1].t); } else{ mpz_set_ui (rop->Z, 1); mpz_set (rop->Y, pp[u-1].y); mpz_set (rop->X, pp[u-1].x); mpz_set (rop->T, pp[u-1].t); } j = j - 1; while (j > 0){ double_proj_to_extProj(rop); u = k->tk1[j] + 3 * k->tk2[j]; if (u < 0){ mpz_neg (tmpX, pp[-u-1].x); mpz_neg (tmpT, pp[-u-1].t); add_extProj_extAff_to_Proj(rop, tmpX, pp[-u-1].y, tmpT); } else if (u > 0){ add_extProj_extAff_to_Proj(rop, pp[u-1].x, pp[u-1].y, pp[u-1].t); } j = j - 1; } //~ For the last turn, it is preferable to calculate 'rop->T', if u != 0. double_proj_to_extProj(rop); u = k->tk1[j] + 3 * k->tk2[j]; if (u < 0){ mpz_neg (tmpX, pp[-u-1].x); mpz_neg (tmpT, pp[-u-1].t); add_extProj_extAff_to_extProj(rop, tmpX, pp[-u-1].y, tmpT); } else if (u > 0){ add_extProj_extAff_to_extProj(rop, pp[u-1].x, pp[u-1].y, pp[u-1].t); } mpz_clears (tmpX, tmpT, NULL); }
void S1(mpz_t n, uint64_t crn, int8_t* mu, mpz_t result) { mpz_t tmp; mpz_inits(result, tmp, NULL); uint64_t i; for(i=1; i<=crn; i++) { mpz_tdiv_q_ui(tmp, n, i); mpz_mul_si(tmp, tmp, mu[i]); mpz_add(result, result, tmp); } }
/* void RSA_encrypt_chunk(mpz_t, string, RSA_PUBLIC) * encrypts one part of message using one's public key, part fits the * requirements for itself, so that |part| <= k - 11 */ void RSA_encrypt_chunk(mpz_t &cipher, string &message, RSA_PUBLIC &pub) { // encrypting chunk has below format: // EB = 00 || 02 || PS || 00 || D // where k = |n| (it's in bytes) // D = message, |D|<=k-11 long long k = mpz_sizeinbase(pub.n, 2) / 8; // PS = random octets, |PS|=k-|D|-3 long long ps_len = k - 3 - message.length(); string EB("0002"); // EB = 00 || 02 EB.reserve(k*2); string PS_tab; PS_tab.reserve(2*ps_len); for (int i=0; i<ps_len; i++) { PS_tab.append( decbyte2hex( random(255)+1 ) ); } EB.append(PS_tab); // EB = 00 || 02 || PS EB.append("00"); // EB = 00 || 02 || PS || 00 for (unsigned int i=0; i<message.length(); i++) { EB.append( decbyte2hex((unsigned int)message[i]) ); } // EB = 00 || 02 || PS || 00 || D // now we have EB generated // algorithm for faster computing y = x^e (mod n) // e = e(k-1)e(k-2)...e(1)e(0) // e has the value of 11, 10001 or 10000000000000001 (3, 17, 65537) string e_str = mpz_get_str(NULL, 2, pub.e); int k_e = e_str.length(); mpz_t y, x; mpz_inits(y, x, NULL); mpz_set_str(x, EB.c_str(), 16); // x == EB mpz_set(y, x); // y == x for (long long i=1; i<k_e; i++) { mpz_powm_ui(y, y, 2, pub.n); if (e_str[i]=='1') { mpz_mul(y, y, x); mpz_mod(y, y, pub.n); } } mpz_set(cipher, y); // cipher is now encrypted EB mpz_clears(y, x, NULL); // tidying }
static void dm_ddh_crs_setup(struct dm_ddh_crs *crs, enum crs_type mode, struct params *p) { mpz_inits(crs->g0, crs->h0, crs->g1, crs->h1, NULL); switch (mode) { case EXT: dm_ddh_setup_messy(crs, p); break; case DEC: dm_ddh_setup_dec(crs, p); break; } }
// Compute private key d, given n, p, and q. Assume e = 2^16+1 int rsa_compute_d(mpz_t d, const mpz_t n, const mpz_t p, const mpz_t q) { mpz_t e, phi_n, gcd; mpz_inits(e, phi_n, gcd, '\0'); rsa_phi(phi_n, p, q); mpz_set_ui(e, 65537); if (mpz_invert(d, e, phi_n) == 0) exit(EXIT_FAILURE); mpz_clears(phi_n, gcd, '\0'); return 0; }
void eg_encrypt( eg_pub_key_t pub, mpz_t plain, eg_message_t *cipher ) { gmp_randstate_t r_state; get_rand_seed(r_state); mpz_t y; mpz_init(y); mpz_t c1; mpz_init(c1); mpz_t c2; mpz_init(c2); mpz_t s; mpz_init(s); mpz_inits(cipher->mask, cipher->message, NULL); gen_range_ui(y, 1, pub.p, r_state); mpz_powm(c1, pub.g, y, pub.p); mpz_powm(s, pub.beta, y, pub.p); mpz_mul(c2, plain, s); mpz_mod(c2, c2, pub.p); mpz_inits(cipher->mask, cipher->message, NULL); mpz_set(cipher->mask, c1); mpz_set(cipher->message, c2); mpz_clears(y, c1, c2, s, NULL); }
void ecc_jcb_to_afn(ecc_afn_t *ROP, ecc_jcb_t *P, ecc_curve *curve) { mpz_t g, s, inv, tmp; mpz_inits(g, s, inv, tmp, NULL); mpz_gcdext(g, s, inv, curve->p, P->z); // inv = Z^1 fp_mul_mpz(tmp, inv, inv, curve->p); // (Z^1)^2 fp_mul_mpz(ROP->x, P->x, tmp, curve->p); // X*((Z^1)^2) fp_mul_mpz(tmp, tmp, inv, curve->p); // (Z^1)^3 fp_mul_mpz(ROP->y, P->y, tmp, curve->p); // Y*((Z^1)^3) mpz_clears(g, s, inv, tmp, NULL); }