/*Generate Group Parameters*/
void GetGroupParameters(Integer &g, Integer &p, Integer &q)
{
AutoSeededRandomPool rnd;
unsigned int bits = 1024;
DH dh;
dh.AccessGroupParameters().GenerateRandomWithKeySize(rnd, bits);
if(!dh.GetGroupParameters().ValidateGroup(rnd, 3))
cout << "Failed to validate prime and generator" << endl;
size_t count = 0;
p = dh.GetGroupParameters().GetModulus();
count = p.BitCount();
q = dh.GetGroupParameters().GetSubgroupOrder();
count = q.BitCount();
g = dh.GetGroupParameters().GetGenerator();
count = g.BitCount();
#ifdef DEBUG
cout << "P (" << std::dec << count << "): " << std::hex << p << endl;
cout << "Q (" << std::dec << count << "): " << std::hex << q << endl;
cout << "G (" << std::dec << count << "): " << std::dec << g << endl;
#endif
Integer v = ModularExponentiation(g, q, p);
if(v != Integer::One())
{
cout << "Failed to verify order of the subgroup" << endl;
exit(1);
}
}
static bool CheckMOVCondition(const Integer &q, const Integer &r)
{
Integer t=1;
unsigned int n=q.BitCount(), m=r.BitCount();
for (unsigned int i=n; DiscreteLogWorkFactor(i)<m/2; i+=n)
{
t = (t*q)%r;
if (t == 1)
return false;
}
return true;
}
PublicBlumBlumShub::PublicBlumBlumShub(const Integer &n, const Integer &seed)
: modn(n),
maxBits(BitPrecision(n.BitCount())-1)
{
current = modn.Square(modn.Square(seed));
bitsLeft = maxBits;
}
Integer Lucas(const Integer &e, const Integer &pIn, const Integer &n)
{
unsigned i = e.BitCount();
if (i==0)
return 2;
MontgomeryRepresentation m(n);
Integer p=m.ConvertIn(pIn%n), two=m.ConvertIn(2);
Integer v=p, v1=m.Subtract(m.Square(p), two);
i--;
while (i--)
{
if (e.GetBit(i))
{
// v = (v*v1 - p) % m;
v = m.Subtract(m.Multiply(v,v1), p);
// v1 = (v1*v1 - 2) % m;
v1 = m.Subtract(m.Square(v1), two);
}
else
{
// v1 = (v*v1 - p) % m;
v1 = m.Subtract(m.Multiply(v,v1), p);
// v = (v*v - 2) % m;
v = m.Subtract(m.Square(v), two);
}
}
return m.ConvertOut(v);
}
bool FindFirstWindow(const AbstractGroup<Element> &group, const Integer &expIn)
{
exp = &expIn;
expLen = expIn.BitCount();
windowSize = expLen <= 17 ? 1 : (expLen <= 24 ? 2 : (expLen <= 70 ? 3 : (expLen <= 197 ? 4 : (expLen <= 539 ? 5 : (expLen <= 1434 ? 6 : 7)))));
buckets.resize(1<<(windowSize-1), group.Zero());
windowEnd = 0;
return FindNextWindow();
}
ECP::Point ECP::ScalarMultiply(const Point &P, const Integer &k) const
{
Element result;
if (k.BitCount() <= 5)
AbstractGroup<ECPPoint>::SimultaneousMultiply(&result, P, &k, 1);
else
ECP::SimultaneousMultiply(&result, P, &k, 1);
return result;
}
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
ma.m_representative.New(MessageRepresentativeLength());
Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
if (x.BitCount() > MessageRepresentativeBitLength())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(ma.m_representative, ma.m_representative.size());
}
GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p)
{
unsigned int bitCount = e.BitCount();
if (bitCount == 0)
return GFP2Element(-3, -3);
// find the lowest bit of e that is 1
unsigned int lowest1bit;
for (lowest1bit=0; e.GetBit(lowest1bit) == 0; lowest1bit++) {}
GFP2_ONB<MontgomeryRepresentation> gfp2(p);
GFP2Element c = gfp2.ConvertIn(b);
GFP2Element cp = gfp2.PthPower(c);
GFP2Element S[5] = {gfp2.ConvertIn(3), c, gfp2.SpecialOperation1(c)};
// do all exponents bits except the lowest zeros starting from the top
unsigned int i;
for (i = e.BitCount() - 1; i>lowest1bit; i--)
{
if (e.GetBit(i))
{
gfp2.RaiseToPthPower(S[0]);
gfp2.Accumulate(S[0], gfp2.SpecialOperation2(S[2], c, S[1]));
S[1] = gfp2.SpecialOperation1(S[1]);
S[2] = gfp2.SpecialOperation1(S[2]);
S[0].swap(S[1]);
}
else
{
gfp2.RaiseToPthPower(S[2]);
gfp2.Accumulate(S[2], gfp2.SpecialOperation2(S[0], cp, S[1]));
S[1] = gfp2.SpecialOperation1(S[1]);
S[0] = gfp2.SpecialOperation1(S[0]);
S[2].swap(S[1]);
}
}
// now do the lowest zeros
while (i--)
S[1] = gfp2.SpecialOperation1(S[1]);
return gfp2.ConvertOut(S[1]);
}
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
HashIdentifier id = GetHashIdentifier();
const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
throw PK_SignatureScheme::KeyTooShort();
ma.m_representative.New(MessageRepresentativeLength());
Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
if (x.BitCount() > MessageRepresentativeBitLength())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(ma.m_representative, ma.m_representative.size());
}
template <class T> T AbstractGroup<T>::CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const
{
const unsigned expLen = STDMAX(e1.BitCount(), e2.BitCount());
if (expLen==0)
return this->Identity();
const unsigned w = (expLen <= 46 ? 1 : (expLen <= 260 ? 2 : 3));
const unsigned tableSize = 1<<w;
std::vector<Element> powerTable(tableSize << w);
powerTable[1] = x;
powerTable[tableSize] = y;
if (w==1)
powerTable[3] = this->Add(x,y);
else
{
powerTable[2] = this->Double(x);
powerTable[2*tableSize] = this->Double(y);
unsigned i, j;
for (i=3; i<tableSize; i+=2)
powerTable[i] = Add(powerTable[i-2], powerTable[2]);
for (i=1; i<tableSize; i+=2)
for (j=i+tableSize; j<(tableSize<<w); j+=tableSize)
powerTable[j] = Add(powerTable[j-tableSize], y);
for (i=3*tableSize; i<(tableSize<<w); i+=2*tableSize)
powerTable[i] = Add(powerTable[i-2*tableSize], powerTable[2*tableSize]);
for (i=tableSize; i<(tableSize<<w); i+=2*tableSize)
for (j=i+2; j<i+tableSize; j+=2)
powerTable[j] = Add(powerTable[j-1], x);
}
Element result;
unsigned power1 = 0, power2 = 0, prevPosition = expLen-1;
bool firstTime = true;
for (int i = expLen-1; i>=0; i--)
{
power1 = 2*power1 + e1.GetBit(i);
power2 = 2*power2 + e2.GetBit(i);
if (i==0 || 2*power1 >= tableSize || 2*power2 >= tableSize)
{
unsigned squaresBefore = prevPosition-i;
unsigned squaresAfter = 0;
prevPosition = i;
while ((power1 || power2) && power1%2 == 0 && power2%2==0)
{
power1 /= 2;
power2 /= 2;
squaresBefore--;
squaresAfter++;
}
if (firstTime)
{
result = powerTable[(power2<<w) + power1];
firstTime = false;
}
else
{
while (squaresBefore--)
result = this->Double(result);
if (power1 || power2)
Accumulate(result, powerTable[(power2<<w) + power1]);
}
while (squaresAfter--)
result = this->Double(result);
power1 = power2 = 0;
}
}
return result;
}
unsigned int PrimeSearchInterval(const Integer &max)
{
return max.BitCount();
}
static PyObject *
SigningKey__dump(SigningKey *self, PyObject *dummy) {
const DL_GroupParameters_EC<ECP>& gp = self->k->GetKey().GetGroupParameters();
std::cout << "whee " << gp.GetEncodedElementSize(true) << "\a";
std::cout << "booo " << gp.GetEncodedElementSize(false) << "\n";
ECPPoint p = gp.GetSubgroupGenerator();
std::cout << "generator " << p.x << ", " << p.y << "\n";
std::cout << "GroupOrder: ";
std::cout << gp.GetGroupOrder();
std::cout << "\n";
std::string s;
StringSink* ss = new StringSink(s);
HexEncoder he(ss);
std::cout << "AlgorithmID: ";
gp.GetAlgorithmID().DEREncode(he);
std::cout << s << "\n";
const ECP& ec = gp.GetCurve();
Integer fieldsize = ec.FieldSize();
std::cout << "field size " << fieldsize.BitCount() << " " << fieldsize.ByteCount() << " " << ec.FieldSize() << "\n";
std::cout << "Curve: ";
std::cout << "curve field max element bit length: " << ec.GetField().MaxElementBitLength() << "\n";
std::cout << "curve field modulus: " << ec.GetField().GetModulus() << "\n";
std::cout << "curve A: " << ec.GetA() << ", curve B: " << ec.GetB();
const ECP::Field& f = ec.GetField();
std::cout << "curve field modulus: " << f.GetModulus() << "\n";
std::cout << "curve field identity: " << f.Identity() << "\n";
std::string cfs;
StringSink* cfss = new StringSink(cfs);
HexEncoder cfhe(cfss);
f.DEREncode(cfhe);
std::cout << "curve field derencoding: " << cfs << "\n";
const CryptoMaterial& cm = self->k->GetMaterial();
Integer i;
cm.GetValue("SubgroupOrder", i);
std::cout << "\n";
std::cout << "SubgroupOrder: ";
std::cout << i;
std::cout << "\n";
ECP::Element e;
cm.GetValue("SubgroupGenerator", e);
std::cout << "SubgroupGenerator: ";
std::cout << e.x << ", " << e.y;
std::cout << "\n";
std::cout << "private key: ";
const PrivateKey& privkey = self->k->GetPrivateKey();
std::cout << privkey.GetValueNames() << "\n";
Integer privi;
privkey.GetValue("PrivateExponent", privi);
std::cout << privi << "\n";
std::cout << "numbits: " << privi.BitCount() << "\n";
std::cout << "numbytes: " << privi.ByteCount() << "\n";
Py_RETURN_NONE;
}