void pollard(big id,big dl) { int i; long iter; big_chinese bc; big w,Q,R,m,n,q; char stack_mem[mr_big_reserve(6,50)]; memset(stack_mem,0,mr_big_reserve(6,50)); w=mirvar_mem(stack_mem,0); Q=mirvar_mem(stack_mem,1); R=mirvar_mem(stack_mem,2); m=mirvar_mem(stack_mem,3); n=mirvar_mem(stack_mem,4); q=mirvar_mem(stack_mem,5); copy(id,q); crt_init(&bc,np,pp); for (i=0;i<np;i++) { /* accumulate solutions for each pp */ copy(p1,w); divide(w,pp[i],w); powmod(q,w,p,Q); powltr(PROOT,w,p,R); copy(pp[i],order); iter=rho(Q,R,m,n); xgcd(m,order,w,w,w); mad(w,n,n,order,order,rem[i]); printf("%9ld iterations needed\n",iter); } crt(&bc,rem,dl); /* apply chinese remainder thereom */ crt_end(&bc); }
double powers_small_base(int g,int eb,big p) { int iterations=0; big e,w; clock_t start; double elapsed; char *mem; mem=(char *)memalloc(2); e=mirvar_mem(mem,0); w=mirvar_mem(mem,1); bigbits(eb,e); start=clock(); do { powltr(g,e,p,w); iterations++; elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; } while (elapsed<MIN_TIME || iterations<MIN_ITERS); elapsed=1000.0*elapsed/iterations; printf("S - %8d iterations of g=%d/%4d ",iterations,g,eb); printf(" %8.2lf ms per iteration\n",elapsed); memkill(mem,2); return elapsed; }
int main() { /* program to find a trap-door prime */ BOOL found; int i,spins; long seed; big pp[NPRIMES],q,p,t; FILE *fp; mirsys(50,0); for (i=0;i<NPRIMES;i++) pp[i]=mirvar(0); q=mirvar(0); t=mirvar(0); p=mirvar(0); printf("Enter 9 digit seed= "); scanf("%ld",&seed); getchar(); irand(seed); printf("Enter 4 digit seed= "); scanf("%d",&spins); getchar(); for (i=0;i<spins;i++) brand(); convert(2,pp[0]); do { /* find prime p = 2.pp[1].pp[2]....+1 */ convert(2,p); for (i=1;i<NPRIMES-1;i++) { /* generate all but last prime */ bigdig(i+6,10,q); nxprime(q,pp[i]); multiply(p,pp[i],p); } do { /* find last prime component such that p is prime */ nxprime(q,q); copy(q,pp[NPRIMES-1]); multiply(p,pp[NPRIMES-1],t); incr(t,1,t); } while(!isprime(t)); copy(t,p); found=TRUE; for (i=0;i<NPRIMES;i++) { /* check that PROOT is a primitive root */ decr(p,1,q); divide(q,pp[i],q); powltr(PROOT,q,p,t); if (size(t)==1) { found=FALSE; break; } } } while (!found); fp=fopen("prime.dat","wt"); fprintf(fp,"%d\n",NPRIMES); for (i=0;i<NPRIMES;i++) cotnum(pp[i],fp); fclose(fp); printf("prime= \n"); cotnum(p,stdout); return 0; }
void pollard(big id,big dl) { int i; long iter; big w,Q,R,m,n,q; big_chinese bc; w=mirvar(0); Q=mirvar(0); R=mirvar(0); m=mirvar(0); n=mirvar(0); q=mirvar(0); copy(id,q); crt_init(&bc,np,pp); for (i=0;i<np;i++) { /* accumulate solutions for each pp */ copy(p1,w); divide(w,pp[i],w); powmod(q,w,p,Q); powltr(PROOT,w,p,R); copy(pp[i],order); iter=rho(Q,R,m,n); xgcd(m,order,w,w,w); mad(w,n,n,order,order,rem[i]); printf("%9ld iterations needed\n",iter); } crt(&bc,rem,dl); /* apply chinese remainder thereom */ crt_end(&bc); mirkill(q); mirkill(n); mirkill(m); mirkill(R); mirkill(Q); mirkill(w); }
int main() { int i; FILE *fp; big K,rid,id,w,a,b,n,q1; miracl *mip=mirsys(200,256); for (i=0;i<NPRIMES;i++) { pp[i]=mirvar(0); rem[i]=mirvar(0); } w=mirvar(0); n=mirvar(0); a=mirvar(0); b=mirvar(0); p=mirvar(0); p1=mirvar(0); q1=mirvar(0); K=mirvar(0); lim1=mirvar(0); lim2=mirvar(0); id=mirvar(0); rid=mirvar(0); order=mirvar(0); printf("Enter ID= "); innum(rid,stdin); getprime("trap1.dat"); copy(p,n); getprime("trap2.dat"); multiply(n,p,n); printf("\ncomposite =\n"); cotnum(n,stdout); premult(rid,256,id); while (jack(id,n)!=1) { /* bad identity - id=256*rid+i */ printf("No Discrete Log. for this ID -- incrementing\n"); incr(id,1,id); } getprime("trap1.dat"); copy(p1,q1); pollard(id,b); getprime("trap2.dat"); pollard(id,a); xgcd(p1,q1,K,K,K); subtract(b,a,w); mad(w,K,w,q1,q1,w); if(size(w)<0) add_r(w,q1,w); subdiv(w,2,w); multiply(w,p1,w); add_r(w,a,w); fp=fopen("secret.dat","w"); otnum(rid,fp); cotnum(w,fp); cotnum(n,fp); fclose(fp); printf("\nDiscrete log (secret key) \n"); cotnum(w,stdout); powltr(PROOT,w,n,id); subdiv(id,256,id); otstr(id,mip->IOBUFF); printf("Check Identity= %s\n",mip->IOBUFF); return 0; }
int main() { int ia,ib; time_t seed; epoint *g,*ea,*eb; big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv; big primes[2],pm[2]; big_chinese ch; miracl *mip; #ifndef MR_NOFULLWIDTH mip=mirsys(500,0); #else mip=mirsys(500,MAXBASE); #endif a=mirvar(0); b=mirvar(0); p=mirvar(0); q=mirvar(0); n=mirvar(0); p1=mirvar(0); q1=mirvar(0); phi=mirvar(0); pa=mirvar(0); pb=mirvar(0); key=mirvar(0); e=mirvar(0); d=mirvar(0); dp=mirvar(0); dq=mirvar(0); t=mirvar(0); m=mirvar(0); c=mirvar(0); pm[0]=mirvar(0); pm[1]=mirvar(0); x=mirvar(0); y=mirvar(0); k=mirvar(0); inv=mirvar(0); time(&seed); irand((unsigned long)seed); /* change parameter for different values */ printf("First Diffie-Hellman Key exchange .... \n"); cinstr(p,primetext); /* offline calculations could be done quicker using Comb method - See brick.c. Note use of "truncated exponent" of 160 bits - could be output of hash function SHA (see mrshs.c) */ printf("\nAlice's offline calculation\n"); bigbits(160,a); /* 3 generates the sub-group of prime order (p-1)/2 */ powltr(3,a,p,pa); printf("Bob's offline calculation\n"); bigbits(160,b); powltr(3,b,p,pb); printf("Alice calculates Key=\n"); powmod(pb,a,p,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); powmod(pa,b,p,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same!\n"); /* Now Elliptic Curve version of the above. Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above "Primitive root" is the point (x,y) above, which is of large prime order q. In this case actually q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 */ printf("\nLets try that again using elliptic curves .... \n"); convert(-3,a); mip->IOBASE=16; cinstr(b,ecb); cinstr(p,ecp); ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */ g=epoint_init(); cinstr(x,ecx); cinstr(y,ecy); mip->IOBASE=10; epoint_set(x,y,0,g); ea=epoint_init(); eb=epoint_init(); epoint_copy(g,ea); epoint_copy(g,eb); printf("Alice's offline calculation\n"); bigbits(160,a); ecurve_mult(a,ea,ea); ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */ printf("Bob's offline calculation\n"); bigbits(160,b); ecurve_mult(b,eb,eb); ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */ printf("Alice calculates Key=\n"); epoint_set(pb,pb,ib,eb); /* decompress eb */ ecurve_mult(a,eb,eb); epoint_get(eb,key,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); epoint_set(pa,pa,ia,ea); /* decompress ea */ ecurve_mult(b,ea,ea); epoint_get(ea,key,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same! (but much smaller)\n"); epoint_free(g); epoint_free(ea); epoint_free(eb); /* El Gamal's Method */ printf("\nTesting El Gamal's public key method\n"); cinstr(p,primetext); bigbits(160,x); /* x<p */ powltr(3,x,p,y); /* y=3^x mod p*/ decr(p,1,p1); mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; do { bigbits(160,k); } while (egcd(k,p1,t)!=1); powltr(3,k,p,a); /* a=3^k mod p */ powmod(y,k,p,b); mad(b,m,m,p,p,b); /* b=m*y^k mod p */ printf("Ciphertext= \n"); cotnum(a,stdout); cotnum(b,stdout); zero(m); /* proof of pudding... */ subtract(p1,x,t); powmod(a,t,p,m); mad(m,b,b,p,p,m); /* m=b/a^x mod p */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); mip->IOBASE=10; /* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */ printf("\nNow generating 512-bit random primes p and q\n"); do { bigbits(512,p); if (subdivisible(p,2)) incr(p,1,p); while (!isprime(p)) incr(p,2,p); bigbits(512,q); if (subdivisible(q,2)) incr(q,1,q); while (!isprime(q)) incr(q,2,q); multiply(p,q,n); /* n=p.q */ lgconv(65537L,e); decr(p,1,p1); decr(q,1,q1); multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */ } while (xgcd(e,phi,d,d,t)!=1); cotnum(p,stdout); cotnum(q,stdout); printf("n = p.q = \n"); cotnum(n,stdout); /* set up for chinese remainder thereom */ /* primes[0]=p; primes[1]=q; crt_init(&ch,2,primes); */ /* use simple CRT as only two primes */ xgcd(p,q,inv,inv,inv); /* 1/p mod q */ copy(d,dp); copy(d,dq); divide(dp,p1,p1); /* dp=d mod p-1 */ divide(dq,q1,q1); /* dq=d mod q-1 */ mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; printf("Encrypting test string\n"); powmod(m,e,n,c); printf("Ciphertext= \n"); cotnum(c,stdout); zero(m); printf("Decrypting test string\n"); powmod(c,dp,p,pm[0]); /* get result mod p */ powmod(c,dq,q,pm[1]); /* get result mod q */ subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */ mad(inv,pm[1],inv,q,q,m); multiply(m,p,m); add(m,pm[0],m); /* crt(&ch,pm,m); combine them using CRT */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); /* crt_end(&ch); */ return 0; }
// Input: priv_key = buffer of 200 bytes // pub_key = buffer of 200 bytes // Output: priv_key = Your private key // pub_key = Your public key int DH1080_gen(char *priv_key, char *pub_key) { unsigned char raw_buf[160], iniHash[33]; unsigned long seed; int len, iRet; big b_privkey, b_pubkey; csprng myRNG; FILE *hRnd; priv_key[0]='0'; priv_key[1]='\0'; pub_key[0]='0'; pub_key[1]='\0'; hRnd = fopen("/dev/urandom", "r"); // don't use /dev/random, it's a blocking device if(!hRnd) return 0; b_privkey=mirvar(0); b_pubkey=mirvar(0); // #*#*#*#*#* RNG START #*#*#*#*#* time((time_t *)&seed); seed ^= (long)hRnd << 16; if(fread(raw_buf, 1, sizeof(raw_buf), hRnd) < 32) { ZeroMemory(raw_buf, sizeof(raw_buf)); fclose(hRnd); mirkill(b_privkey); mirkill(b_pubkey); return 0; } fclose(hRnd); sha_file(iniPath, iniHash); memXOR(raw_buf+128, iniHash, 32); sha_file((unsigned char *)get_irssi_config(), iniHash); memXOR(raw_buf+128, iniHash, 32); ZeroMemory(iniHash, sizeof(iniHash)); // first 128 byte in raw_buf: output from /dev/urandom // last 32 byte in raw_buf: SHA-256 digest from blow.ini and irssi.conf seed *= (unsigned long)mip; strong_init(&myRNG, sizeof(raw_buf), raw_buf, (unsigned int)seed); strong_rng(&myRNG); strong_bigdig(&myRNG, 1080, 2, b_privkey); strong_kill(&myRNG); seed=0; // #*#*#*#*#* RNG END #*#*#*#*#* powltr(2, b_privkey, b_prime1080, b_pubkey); if(DH_verifyPubKey(b_pubkey)) { len=big_to_bytes(sizeof(raw_buf), b_privkey, raw_buf, FALSE); htob64(raw_buf, priv_key, len); len=big_to_bytes(sizeof(raw_buf), b_pubkey, raw_buf, FALSE); htob64(raw_buf, pub_key, len); iRet=1; } else iRet=0; ZeroMemory(raw_buf, sizeof(raw_buf)); mirkill(b_privkey); mirkill(b_pubkey); return iRet; }
int main() { /* Pollard's lambda algorithm for finding discrete logs * * which are known to be less than a certain limit LIMIT */ big x,n,t,trap,table[32]; int i,j,m; long dm,dn,s,distance[32]; miracl *mip=mirsys(50,0); x=mirvar(0); n=mirvar(0); t=mirvar(0); trap=mirvar(0); for (s=1L,m=1;;m++) { /* find table size */ distance[m-1]=s; s*=2; if ((2*s/m)>(LEAPS/4)) break; } mip->IOBASE=60; /* get large modulus */ cinstr(n,modulus); mip->IOBASE=10; printf("solve discrete logarithm problem - using Pollard's kangaroos\n"); printf("finds x in y=%d^x mod n, given y, for fixed n and small x\n",ALPHA); printf("known to be less than %ld\n",LIMIT); printf("n= "); cotnum(n,stdout); for (i=0;i<m;i++) { /* create table */ lgconv(distance[i],t); table[i]=mirvar(0); powltr(ALPHA,t,n,table[i]); } lgconv(LIMIT,t); powltr(ALPHA,t,n,x); printf("setting trap .... \n"); for (dn=0L,j=0;j<LEAPS;j++) { /* set traps beyond LIMIT using tame kangaroo */ i=subdiv(x,m,t); /* random function */ mad(x,table[i],x,n,n,x); dn+=distance[i]; } printf("trap set!\n"); copy(x,trap); forever { /* ready to solve */ printf("Enter x= "); cinnum(x,stdin); if (size(x)<=0) break; powltr(ALPHA,x,n,t); printf("y= "); cotnum(t,stdout); copy(t,x); for (dm=0L;;) { /* unlease wild kangaroo - boing - boing ... */ i=subdiv(x,m,t); mad(x,table[i],x,n,n,x); dm+=distance[i]; if (compare(x,trap)==0 || dm>LIMIT+dn) break; } if (dm>LIMIT+dn) { /* trap stepped over */ printf("trap failed\n"); continue; } printf("Gotcha!\n"); printf("Discrete log of y= %ld\n",LIMIT+dn-dm); } return 0; }