double mult2_double(int eb,epoint *g)
{
big e1,e2;
int iterations=0;
clock_t start;
double elapsed;
char *mem1;
char *mem2;
epoint *w;
epoint *r1;
epoint *r2;
mem1=(char *)memalloc(2);
mem2=(char *)ecp_memalloc(3);
e1=mirvar_mem(mem1,0);
e2=mirvar_mem(mem1,1);
w=epoint_init_mem(mem2,0);
r1=epoint_init_mem(mem2,1);
r2=epoint_init_mem(mem2,2);
bigbits(eb,e1);
ecurve2_mult(e1,g,r1); /* generate a random point on the curve */
bigbits(eb,e2);
ecurve2_mult(e2,g,r2); /* generate a random point on the curve */
bigbits(eb,e1);
bigbits(eb,e2);
start=clock();
do {
ecurve2_mult2(e1,r1,e2,r2,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ED - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
ecp_memkill(mem2,3);
memkill(mem1,2);
return elapsed;
}
double mults2(int eb,epoint *g)
{
big e;
int iterations=0;
clock_t start;
double elapsed;
epoint *w;
epoint *r;
char *mem1;
char *mem2;
mem1=(char *)memalloc(1);
mem2=(char *)ecp_memalloc(2);
e=mirvar_mem(mem1,0);
w=epoint_init_mem(mem2,0);
r=epoint_init_mem(mem2,1);
bigbits(eb,e);
ecurve2_mult(e,g,r); /* generate a random point on the curve */
bigbits(eb,e);
start=clock();
do {
ecurve2_mult(e,r,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ER - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem1,1);
ecp_memkill(mem2,2);
return elapsed;
}
/* function exponentiateF2mPoint : This function exponentiate point of ec over F2m
* param m : miracl pointer
* param point : ellitic curve point
* param exponent
* return : the exponentiation result
*/
JNIEXPORT jlong JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECF2m_exponentiateF2mPoint
(JNIEnv *env, jobject obj, jlong m, jlong point, jbyteArray exponent){
epoint *p2;
/* convert the accepted parameters to MIRACL parameters*/
miracl* mip = (miracl*)m;
big exp = byteArrayToMiraclBig(env, mip, exponent);
//init the result point
p2 = epoint_init(mip);
/* The exponentiate operation is converted to multiplication because miracl treat EC as additive group */
ecurve2_mult(mip, exp, (epoint*)point, p2);
mirkill(exp);
return (jlong)p2; //return the result
}
int main()
{
int ia,ib,promptr;
epoint *PA,*PB;
big A,B,a,b,q,pa,pb,key,x,y;
ebrick2 binst;
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(10)]; /* we need 10 bigs... */
char mem_ecp[MR_ECP_RESERVE(2)]; /* ..and two elliptic curve points */
memset(mem_big, 0, MR_BIG_RESERVE(10)); /* clear the memory */
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
pa=mirvar_mem(mip, mem_big, 2);
pb=mirvar_mem(mip, mem_big, 3);
key=mirvar_mem(mip, mem_big, 4);
x=mirvar_mem(mip, mem_big, 5);
y=mirvar_mem(mip, mem_big, 6);
q=mirvar_mem(mip,mem_big,7);
a=mirvar_mem(mip, mem_big, 8);
b=mirvar_mem(mip, mem_big, 9);
PA=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */
PB=epoint_init_mem(mip, mem_ecp, 1);
irand(mip, 3L); /* change parameter for different random numbers */
promptr=0;
init_big_from_rom(B,WORDS,rom,WORDS*4,&promptr); /* Read in curve parameter B from ROM */
/* don't need q or G(x,y) (we have precomputed table from it) */
init_big_from_rom(q,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(x,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(y,WORDS,rom,WORDS*4,&promptr);
convert(mip,1,A); /* set A=1 */
/* Create precomputation instance from precomputed table in ROM */
ebrick2_init(&binst,prom,A,B,CURVE_M,CURVE_A,CURVE_B,CURVE_C,WINDOW,CURVE_M);
/* offline calculations */
bigbits(mip,CURVE_M,a); /* A's random number */
ia=mul2_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya), ia is sign of ya */
bigbits(mip,CURVE_M,b); /* B's random number */
ib=mul2_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb), ib is sign of yb */
/* online calculations */
ecurve2_init(mip,CURVE_M,CURVE_A,CURVE_B,CURVE_C,A,B,FALSE,MR_PROJECTIVE);
epoint2_set(mip,pb,pb,ib,PB); /* decompress PB */
ecurve2_mult(mip,a,PB,PB);
epoint2_get(mip,PB,key,key);
/* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */
printf("Alice's Key= ");
otnum(mip,key,stdout);
epoint2_set(mip,pa,pa,ia,PB); /* decompress PA */
ecurve2_mult(mip,b,PB,PB);
epoint2_get(mip,PB,key,key);
printf("Bob's Key= ");
otnum(mip,key,stdout);
/* clear the memory */
memset(mem_big, 0, MR_BIG_RESERVE(10));
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
return 0;
}
int main()
{
FILE *fp;
int m,a,b,c;
big e,a2,a6,x,y,r;
epoint *g;
ebrick2 binst;
int i,d,ndig,nb,best,time,store,base;
miracl *mip=mirsys(50,0);
e=mirvar(0);
a2=mirvar(0);
a6=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
fp=fopen("common2.ecs","r");
fscanf(fp,"%d\n",&m);
mip->IOBASE=16;
cinnum(a2,fp);
cinnum(a6,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
printf("modulus is %d bits in length\n",m);
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
ebrick2_init(&binst,x,y,a2,a6,m,a,b,c,nb);
printf("%d big numbers have been precomputed and stored\n",binst.store);
bigdig(nb,2,e); /* random exponent */
printf("naive method\n");
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE);
g=epoint2_init();
epoint2_set(x,y,0,g);
ecurve2_mult(e,g,g);
epoint2_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
zero(x); zero(y);
printf("Brickel et al method\n");
mul2_brick(&binst,e,x,y);
ebrick2_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{
big a2,a6,bx,r;
big res[4];
epoint *P,*Q;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2000 bytes from the stack */
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=(char *)memalloc(_MIPP_ 8);
char *mem1=(char *)ecp_memalloc(_MIPP_ 2);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); /* size of bigs is fixed */
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(8)]; /* reserve space on the stack for 8 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* reserve space on stack for 2 curve points */
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(2)); /* ~668 bytes in all */
#endif
/* Initialise bigs */
a2=mirvar_mem(_MIPP_ mem,0);
a6=mirvar_mem(_MIPP_ mem,1);
bx=mirvar_mem(_MIPP_ mem,2);
for (i=0;i<4;i++)
res[i]=mirvar_mem(_MIPP_ mem,3+i);
r=mirvar_mem(_MIPP_ mem,7);
/* printf("ROM size= %d\n",sizeof(rom)+sizeof(prom)); */
#ifndef MR_NO_STANDARD_IO
#ifdef MR_STATIC
printf("n Bigs require n*%d+%d bytes\n",MR_SIZE,MR_SL);
printf("n Points require n*%d+%d bytes\n",MR_ESIZE,MR_SL);
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
#endif
/* Initialise Elliptic curve points */
P=epoint_init_mem(_MIPP_ mem1,0);
Q=epoint_init_mem(_MIPP_ mem1,1);
/* Initialise supersingular curve */
convert(_MIPP_ 1,a2);
convert(_MIPP_ B,a6);
/* The -M tells MIRACL that this is a supersingular curve */
if (!ecurve2_init(_MIPP_ -M,T,U,V,a2,a6,FALSE,MR_PROJECTIVE))
{
#ifndef MR_NO_STANDARD_IO
printf("Problem with the curve\n");
#endif
return 0;
}
/* Get P and Q from ROM */
/* These should have been multiplied by the cofactor 487805 = 5*97561 */
/* 487805 is a cofactor of the group order 2^271+2^136+1 */
romptr=0;
init_point_from_rom(P,WORDS,rom,ROMSZ,&romptr);
init_point_from_rom(Q,WORDS,rom,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf( "P= \n");
otnum(_MIPP_ P->X,stdout);
otnum(_MIPP_ P->Y,stdout);
printf( "Q= \n");
otnum(_MIPP_ Q->X,stdout);
otnum(_MIPP_ Q->Y,stdout);
#endif
bigbits(_MIPP_ 160,r);
/* Simple bilinearity test */
tate(_MIPP_ P,Q,res);
/* this could break the 4k stack, 2060+668+2996 >4K */
/* so we cannot afford much precomputation in power4 */
power4(_MIPP_ res,r,res); /* res=res^{sr} */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,Q)^r= \n");
for (i=0;i<4;i++)
{
otnum(_MIPP_ res[i],stdout);
zero(res[i]);
}
#endif
ecurve2_mult(_MIPP_ r,Q,Q); /* Q=rQ */
epoint2_norm(_MIPP_ Q);
tate(_MIPP_ P,Q,res); /* Now invert is taken out of Tate, and the stack should be OK */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,rQ)= \n");
for (i=0;i<4;i++)
otnum(_MIPP_ res[i],stdout);
#endif
/* all done */
#ifndef MR_STATIC
memkill(_MIPP_ mem,8);
ecp_memkill(_MIPP_ mem1,2);
#else
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(2));
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
EC2 operator*(const Big& e,const EC2& b)
{
EC2 t;
ecurve2_mult(e.getbig(),b.p,t.p);
return t;
}
epoint* computeLL(miracl* mip, epoint** elements, big* exponents, int n, int field){
big bigExp = mirvar(mip, 0);
big two = mirvar(mip, 2);
big zero = mirvar(mip, 0);
int t = 0, w, h, i, j;
epoint*** preComp;
epoint* result;
//get the biggest exponent
for (i=0; i<n; i++)
if (mr_compare(bigExp, exponents[i]) < 0)
bigExp = exponents[i];
//num of bitf in the biggest exponent
t = logb2(mip, bigExp);
//choose w according to the value of t
w = getLLW(t);
//h = n/w
if ((n % w) == 0){
h = n / w;
} else{
h = ((int) (n / w)) + 1;
}
//printf("n is: %d\n", n);
//printf("t is: %d\n", t);
//printf("w is: %d\n", w);
//printf("h is: %d\n", h);
//creates pre computation table
preComp = createLLPreCompTable(mip, elements, w, h, n, field);
result = getIdentity(mip, field); //holds the computation result
//computes the loop of the computation
result = computeLoop(mip, exponents, w, h, preComp, result, t-1, n, field);
//third part of computation
for (j=t-2; j>=0; j--){
//operate y^2 differently. depends on the field type
if (field==1)
ecurve_mult(mip, two, result, result);
else
ecurve2_mult(mip, two, result, result);
//computes the loop of the computation
result = computeLoop(mip, exponents, w, h, preComp, result, j, n, field);
}
//free the allocated memeory
mirkill(two);
mirkill(zero);
for (i=0; i<h; i++){
for (j=0; j<pow((double)2, w); j++){
epoint_free(preComp[i][j]);
}
free(preComp[i]);
}
free(preComp);
return result;
}
int main()
{
FILE *fp;
int m,a,b,c,cf;
miracl *mip;
char ifname[13],ofname[13];
big a2,a6,q,x,y,d,r,s,k,hash;
epoint *g;
long seed;
/* get public data */
fp=fopen("common2.ecs","r");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(3+m/MIRACL,0);
a2=mirvar(0);
a6=mirvar(0);
q=mirvar(0);
x=mirvar(0);
y=mirvar(0);
d=mirvar(0);
r=mirvar(0);
s=mirvar(0);
k=mirvar(0);
hash=mirvar(0);
mip->IOBASE=16;
cinnum(a2,fp); /* curve parameters */
cinnum(a6,fp); /* curve parameters */
cinnum(q,fp); /* order of (x,y) */
cinnum(x,fp); /* (x,y) point on curve of order q */
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint2_init();
epoint2_set(x,y,0,g); /* set point of order q */
/* calculate r - this can be done offline,
and hence amortized to almost nothing */
bigrand(q,k);
ecurve2_mult(k,g,g); /* see ebrick2.c for method to speed this up */
epoint2_get(g,r,r);
divide(r,q,q);
/* get private key of signer */
fp=fopen("private.ecs","r");
if (fp==NULL)
{
printf("file private.ecs does not exist\n");
return 0;
}
cinnum(d,fp);
fclose(fp);
/* calculate message digest */
printf("file to be signed = ");
gets(ifname);
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".ecs");
if ((fp=fopen(ifname,"rb"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
hashing(fp,hash);
fclose(fp);
/* calculate s */
xgcd(k,q,k,k,k);
mad(d,r,hash,q,q,s);
mad(s,k,k,q,q,s);
fp=fopen(ofname,"w");
cotnum(r,fp);
cotnum(s,fp);
fclose(fp);
return 0;
}
