double powers_double(int gb,int eb,big p)
{
int iterations=0;
clock_t start;
double elapsed;
big g1,e1,g2,e2,w;
char *mem;
mem=(char *)memalloc(5);
g1=mirvar_mem(mem,0);
e1=mirvar_mem(mem,1);
g2=mirvar_mem(mem,2);
e2=mirvar_mem(mem,3);
w=mirvar_mem(mem,4);
bigbits(gb,g1);
bigbits(gb,g2);
bigbits(eb,e1);
bigbits(eb,e2);
start=clock();
do {
powmod2(g1,e1,g2,e2,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("D - %8d iterations of %4d/%4d ",iterations,gb,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,4);
return elapsed;
}
double powers_small_base(int g,int eb,big p)
{
int iterations=0;
big e,w;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(2);
e=mirvar_mem(mem,0);
w=mirvar_mem(mem,1);
bigbits(eb,e);
start=clock();
do {
powltr(g,e,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("S - %8d iterations of g=%d/%4d ",iterations,g,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,2);
return elapsed;
}
ZR SmallExp(int bits) {
big t = mirvar(0);
bigbits(bits, t);
ZR zr(t);
mr_free(t);
return zr;
}
double mult2_precomp(int eb,big x,big y,big a2,big a6,int M,int A,int B,int C)
{
big e,c,d;
int iterations=0;
ebrick2 binst;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(3);
e=mirvar_mem(mem,0);
c=mirvar_mem(mem,1);
d=mirvar_mem(mem,2);
ebrick2_init(&binst,x,y,a2,a6,M,A,B,C,WINDOW,eb);
bigbits(eb,e);
start=clock();
do {
mul2_brick(&binst,e,c,d);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("EP - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
ebrick2_end(&binst);
memkill(mem,3);
return elapsed;
}
double powers_small_exp(int gb,long ex,big p)
{
int iterations=0;
big g,e,w;
clock_t start;
double elapsed;
char *mem;
mem=(char *)memalloc(3);
g=mirvar_mem(mem,0);
e=mirvar_mem(mem,1);
w=mirvar_mem(mem,2);
bigbits(gb,g);
start=clock();
lgconv(ex,e);
do {
power(g,ex,p,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
if (ex==257L)
printf("V - %8d iterations of %4d/e=F3 ",iterations,gb);
if (ex==65537L)
printf("V - %8d iterations of %4d/e=F4 ",iterations,gb);
if (ex!=257L && ex!=65537L)
printf("V - %8d iterations of %4d/e=%2ld ",iterations,gb,ex);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem,3);
return elapsed;
}
void primemod(int bits,big p)
{
do {
printf("%d bit prime.....\n",bits);
bigbits(bits,p);
nxprime(p,p);
} while (logb2(p)!=bits);
}
int main()
{
big p,q,dp,dq,m,c,m1;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2124 bytes from the stack */
#ifndef MR_STATIC
miracl *mr_mip=mirsys(&instance,WORDS*8,16);
char *mem=memalloc(_MIPP_ ,7);
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*8,16); /* size of bigs is fixed */
char mem[MR_BIG_RESERVE(7)]; /* reserve space on the stack for 7 bigs */
memset(mem,0,MR_BIG_RESERVE(7)); /* clear this memory */
#endif
/* Initialise bigs */
p=mirvar_mem(_MIPP_ mem,0);
q=mirvar_mem(_MIPP_ mem,1);
dp=mirvar_mem(_MIPP_ mem,2);
dq=mirvar_mem(_MIPP_ mem,3);
m=mirvar_mem(_MIPP_ mem,4);
c=mirvar_mem(_MIPP_ mem,5);
m1=mirvar_mem(_MIPP_ mem,6);
romptr=0;
init_big_from_rom(p,WORDS,rom,256,&romptr);
init_big_from_rom(q,WORDS,rom,256,&romptr);
init_big_from_rom(dp,WORDS,rom,256,&romptr);
init_big_from_rom(dq,WORDS,rom,256,&romptr);
bigbits(_MIPP_ 512,c);
/* count clocks, instructions and CPI from here.. */
//for (i=0;i<100000;i++)
//{
powmod(_MIPP_ c,dp,p,m);
powmod(_MIPP_ c,dq,q,m1);
//}
/* to here... */
#ifndef MR_NO_STANDARD_IO
otnum(_MIPP_ m,stdout);
otnum(_MIPP_ m1,stdout);
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,7);
#else
memset(mem,0,MR_BIG_RESERVE(6)); /* clear this stack memory */
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
double mult2_double(int eb,epoint *g)
{
big e1,e2;
int iterations=0;
clock_t start;
double elapsed;
char *mem1;
char *mem2;
epoint *w;
epoint *r1;
epoint *r2;
mem1=(char *)memalloc(2);
mem2=(char *)ecp_memalloc(3);
e1=mirvar_mem(mem1,0);
e2=mirvar_mem(mem1,1);
w=epoint_init_mem(mem2,0);
r1=epoint_init_mem(mem2,1);
r2=epoint_init_mem(mem2,2);
bigbits(eb,e1);
ecurve2_mult(e1,g,r1); /* generate a random point on the curve */
bigbits(eb,e2);
ecurve2_mult(e2,g,r2); /* generate a random point on the curve */
bigbits(eb,e1);
bigbits(eb,e2);
start=clock();
do {
ecurve2_mult2(e1,r1,e2,r2,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ED - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
ecp_memkill(mem2,3);
memkill(mem1,2);
return elapsed;
}
double mults2(int eb,epoint *g)
{
big e;
int iterations=0;
clock_t start;
double elapsed;
epoint *w;
epoint *r;
char *mem1;
char *mem2;
mem1=(char *)memalloc(1);
mem2=(char *)ecp_memalloc(2);
e=mirvar_mem(mem1,0);
w=epoint_init_mem(mem2,0);
r=epoint_init_mem(mem2,1);
bigbits(eb,e);
ecurve2_mult(e,g,r); /* generate a random point on the curve */
bigbits(eb,e);
start=clock();
do {
ecurve2_mult(e,r,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("ER - %8d iterations ",iterations);
printf(" %8.2lf ms per iteration\n",elapsed);
memkill(mem1,1);
ecp_memkill(mem2,2);
return elapsed;
}
int main()
{
FILE *fp;
big e,n,g,a;
brick binst;
int window,nb,bits;
miracl *mip=mirsys(100,0);
n=mirvar(0);
e=mirvar(0);
a=mirvar(0);
g=mirvar(0);
fp=fopen("common.dss","rt");
fscanf(fp,"%d\n",&bits);
mip->IOBASE=16;
cinnum(n,fp);
cinnum(g,fp);
cinnum(g,fp);
mip->IOBASE=10;
printf("modulus is %d bits in length\n",logb2(n));
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
printf("Enter window size in bits (1-10)= ");
scanf("%d",&window);
getchar();
if (!brick_init(&binst,g,n,window,nb))
{
printf("Failed to initialize\n");
return 0;
}
printf("%d big numbers have been precomputed and stored\n",(1<<window));
bigbits(nb,e); /* random exponent */
printf("naive method\n");
powmod(g,e,n,a);
cotnum(a,stdout);
printf("Comb method\n");
pow_brick(&binst,e,a);
brick_end(&binst);
cotnum(a,stdout);
return 0;
}
double powers_precomp(int gb,int eb,big p)
{
int iterations=0;
clock_t start;
double elapsed;
brick binst;
big g,e,w;
char *mem;
mem=(char *)memalloc(3);
g=mirvar_mem(mem,0);
e=mirvar_mem(mem,1);
w=mirvar_mem(mem,2);
bigbits(gb,g);
brick_init(&binst,g,p,WINDOW,eb);
bigbits(eb,e);
start=clock();
do {
pow_brick(&binst,e,w);
iterations++;
elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
} while (elapsed<MIN_TIME || iterations<MIN_ITERS);
elapsed=1000.0*elapsed/iterations;
printf("P - %8d iterations of %4d/%4d ",iterations,gb,eb);
printf(" %8.2lf ms per iteration\n",elapsed);
brick_end(&binst);
memkill(mem,3);
return elapsed;
}
int main()
{
FILE *fp;
big q,p,p1,h,t,g,low,high;
big pool[POOL_SIZE];
BOOL fail;
int i,j,p1bits,np;
long seed,m,permutation;
miracl *mip=mirsys(100,0);
q=mirvar(0);
p=mirvar(0);
h=mirvar(0);
t=mirvar(0);
g=mirvar(0);
p1=mirvar(0);
low=mirvar(0);
high=mirvar(0);
gprime(10000);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
p1bits=PBITS-QBITS-1;
/* find number of primes pa, pb, pc etc., that will be needed */
np=1;
while (p1bits/np >= OBITS) np++;
np--;
/* find the high/low limits for these primes, so that
the generated prime p will be exactly PBITS in length */
expb2(p1bits-1,t);
nroot(t,np,low); /* np-th integer root */
incr(low,1,low);
premult(t,2,t);
decr(t,1,t);
nroot(t,np,high);
subtract(high,low,t); /* raise low limit up to half-way... */
subdiv(t,2,t);
subtract(high,t,low);
/* generate q */
forever
{ /* make sure leading two bits of q 11... */
expb2(QBITS,q);
bigbits(QBITS-2,t);
subtract(q,t,q);
nxprime(q,q);
if (logb2(q)>QBITS) continue;
break;
}
printf("q= (%d bits)\n",logb2(q));
cotnum(q,stdout);
/* generate prime pool from which permutations of np
primes will be picked until a Lim-Lee prime is found */
for (i=0;i<POOL_SIZE;i++)
{ /* generate the primes pa, pb, pc etc.. */
pool[i]=mirvar(0);
forever
{
bigrand(high,p1);
if (mr_compare(p1,low)<0) continue;
nxprime(p1,p1);
if (mr_compare(p1,high)>0) continue;
copy(p1,pool[i]);
break;
}
}
/* The '1' bits in the permutation indicate which primes are
picked from the pool. If np=5, start at 11111, then 101111 etc */
permutation=1L;
for (i=0;i<np;i++) permutation<<=1;
permutation-=1; /* permuation = 2^np-1 */
/* generate p */
fail=FALSE;
forever
{
convert(1,p1);
for (i=j=0,m=1L;j<np;i++,m<<=1)
{
if (i>=POOL_SIZE)
{ /* ran out of primes... */
fail=TRUE;
break;
}
if (m&permutation)
{
multiply(p1,pool[i],p1);
j++;
}
}
if (fail) break;
printf(".");
premult(q,2,p);
multiply(p,p1,p);
incr(p,1,p);
permutation=increment(permutation);
if (logb2(p)!=PBITS) continue;
if (isprime(p)) break;
}
if (fail)
{
printf("\nFailed - very unlikely! - try increasing POOL_SIZE\n");
return 0;
}
printf("\np= (%d bits)\n",logb2(p));
cotnum(p,stdout);
/* finally find g */
do {
decr(p,1,t);
bigrand(t,h);
divide(t,q,t);
powmod(h,t,p,g);
} while(size(g)==1);
printf("g= (%d bits)\n",logb2(g));
cotnum(g,stdout);
fp=fopen("common.dss","wt");
fprintf(fp,"%d\n",PBITS);
mip->IOBASE=16;
cotnum(p,fp);
cotnum(q,fp);
cotnum(g,fp);
fclose(fp);
return 0;
}
int main()
{
FILE *fp;
big e,n,a,b,x,y,r;
epoint *g;
ebrick binst;
int nb,bits,window,len,bptr,m,i,j;
miracl *mip=mirsys(50,0);
n=mirvar(0);
e=mirvar(0);
a=mirvar(0);
b=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
#ifndef MR_EDWARDS
fp=fopen("common.ecs","rt");
#else
fp=fopen("edwards.ecs","rt");
#endif
fscanf(fp,"%d\n",&bits);
mip->IOBASE=16;
cinnum(n,fp);
cinnum(a,fp);
cinnum(b,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
printf("modulus is %d bits in length\n",logb2(n));
printf("Enter max. size of exponent in bits = ");
scanf("%d",&nb);
getchar();
printf("Enter window size in bits (1-10)= ");
scanf("%d",&window);
getchar();
ebrick_init(&binst,x,y,a,b,n,window,nb);
/* Print out the precomputed table (for use in ecdhp.c ?)
In which case make sure that MR_SPECIAL is defined and
active in the build of this program, so MR_COMBA must
also be defined as the number of words in the modulus *
len=MR_ROUNDUP(bits,MIRACL);
bptr=0;
for (i=0;i<2*(1<<window);i++)
{
for (j=0;j<len;j++)
{
printf("0x%x,",binst.table[bptr++]);
}
printf("\n");
}
*/
printf("%d elliptic curve points have been precomputed and stored\n",(1<< window));
bigbits(nb,e); /* random exponent */
printf("naive method\n");
ecurve_init(a,b,n,MR_PROJECTIVE);
g=epoint_init();
epoint_set(x,y,0,g);
ecurve_mult(e,g,g);
epoint_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
printf("Comb method\n");
mul_brick(&binst,e,x,y);
ebrick_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{
FILE *fp;
big p,q,h,g,n,s,t;
long seed;
miracl *mip=mirsys(100,0);
p=mirvar(0);
q=mirvar(0);
h=mirvar(0);
g=mirvar(0);
n=mirvar(0);
s=mirvar(0);
t=mirvar(0);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
/* generate q */
forever
{
bigbits(QBITS,q);
nxprime(q,q);
if (logb2(q)>QBITS) continue;
break;
}
printf("q= ");
cotnum(q,stdout);
/* generate p */
expb2(PBITS,t);
decr(t,1,t);
premult(q,2,n);
divide(t,n,t);
expb2(PBITS-1,s);
decr(s,1,s);
divide(s,n,s);
forever
{
bigrand(t,p);
if (mr_compare(p,s)<=0) continue;
premult(p,2,p);
multiply(p,q,p);
incr(p,1,p);
copy(p,n);
if (isprime(p)) break;
}
printf("p= ");
cotnum(p,stdout);
/* generate g */
do {
decr(p,1,t);
bigrand(t,h);
divide(t,q,t);
powmod(h,t,p,g);
} while (size(g)==1);
printf("g= ");
cotnum(g,stdout);
fp=fopen("common.dss","wt");
fprintf(fp,"%d\n",PBITS);
mip->IOBASE=16;
cotnum(p,fp);
cotnum(q,fp);
cotnum(g,fp);
fclose(fp);
return 0;
}
int main()
{
int ia,ib,promptr;
epoint *PA,*PB;
big A,B,a,b,q,pa,pb,key,x,y;
ebrick2 binst;
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(10)]; /* we need 10 bigs... */
char mem_ecp[MR_ECP_RESERVE(2)]; /* ..and two elliptic curve points */
memset(mem_big, 0, MR_BIG_RESERVE(10)); /* clear the memory */
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
pa=mirvar_mem(mip, mem_big, 2);
pb=mirvar_mem(mip, mem_big, 3);
key=mirvar_mem(mip, mem_big, 4);
x=mirvar_mem(mip, mem_big, 5);
y=mirvar_mem(mip, mem_big, 6);
q=mirvar_mem(mip,mem_big,7);
a=mirvar_mem(mip, mem_big, 8);
b=mirvar_mem(mip, mem_big, 9);
PA=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */
PB=epoint_init_mem(mip, mem_ecp, 1);
irand(mip, 3L); /* change parameter for different random numbers */
promptr=0;
init_big_from_rom(B,WORDS,rom,WORDS*4,&promptr); /* Read in curve parameter B from ROM */
/* don't need q or G(x,y) (we have precomputed table from it) */
init_big_from_rom(q,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(x,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(y,WORDS,rom,WORDS*4,&promptr);
convert(mip,1,A); /* set A=1 */
/* Create precomputation instance from precomputed table in ROM */
ebrick2_init(&binst,prom,A,B,CURVE_M,CURVE_A,CURVE_B,CURVE_C,WINDOW,CURVE_M);
/* offline calculations */
bigbits(mip,CURVE_M,a); /* A's random number */
ia=mul2_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya), ia is sign of ya */
bigbits(mip,CURVE_M,b); /* B's random number */
ib=mul2_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb), ib is sign of yb */
/* online calculations */
ecurve2_init(mip,CURVE_M,CURVE_A,CURVE_B,CURVE_C,A,B,FALSE,MR_PROJECTIVE);
epoint2_set(mip,pb,pb,ib,PB); /* decompress PB */
ecurve2_mult(mip,a,PB,PB);
epoint2_get(mip,PB,key,key);
/* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */
printf("Alice's Key= ");
otnum(mip,key,stdout);
epoint2_set(mip,pa,pa,ia,PB); /* decompress PA */
ecurve2_mult(mip,b,PB,PB);
epoint2_get(mip,PB,key,key);
printf("Bob's Key= ");
otnum(mip,key,stdout);
/* clear the memory */
memset(mem_big, 0, MR_BIG_RESERVE(10));
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
return 0;
}
int main()
{
#ifdef MR_GENERIC_MT
miracl instance;
#endif
big p,A,B,fr,q,delta,t,T;
zzn2 res,Qx,Qy;
epoint *P;
int i,romptr;
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=memalloc(_MIPP_ 14);
char *mem1=ecp_memalloc(_MIPP_ 1);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#else
miracl *mr_mip=mirsys(MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(14)]; /* reserve space on the stack for 14 bigs */
char mem1[MR_ECP_RESERVE(1)]; /* reserve space on stack for 1 curve points */
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
p=mirvar_mem(_MIPP_ mem,0);
A=mirvar_mem(_MIPP_ mem,1);
B=mirvar_mem(_MIPP_ mem,2);
T=mirvar_mem(_MIPP_ mem,3);
q=mirvar_mem(_MIPP_ mem,4);
fr=mirvar_mem(_MIPP_ mem,5);
delta=mirvar_mem(_MIPP_ mem,6);
res.a=mirvar_mem(_MIPP_ mem,7);
res.b=mirvar_mem(_MIPP_ mem,8);
t=mirvar_mem(_MIPP_ mem,9);
Qx.a=mirvar_mem(_MIPP_ mem,10);
Qx.b=mirvar_mem(_MIPP_ mem,11);
Qy.a=mirvar_mem(_MIPP_ mem,12);
Qy.b=mirvar_mem(_MIPP_ mem,13);
P=epoint_init_mem(_MIPP_ mem1,0);
convert(_MIPP_ -3,A);
romptr=0;
init_big_from_rom(p,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(B,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(q,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(delta,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(fr,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(T,WORDS,romp,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf("ROM size= %d\n",sizeof(romp)+sizeof(Prom));
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
ecurve_init(_MIPP_ A,B,p,MR_PROJECTIVE);
romptr=0;
init_point_from_rom(P,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.b,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.b,WORDS,Prom,PROMSZ,&romptr);
#ifdef MR_COUNT_OPS
fpa=fpc=fpx=0;
#endif
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
/*
#ifdef MR_COUNT_OPS
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
*/
bigbits(_MIPP_ 160,t);
zzn2_powl(_MIPP_ &res,t,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
ecurve_mult(_MIPP_ t,P,P);
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,14);
ecp_memkill(_MIPP_ mem1,1);
#else
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
return 0;
}
JNIEXPORT jobjectArray JNICALL
Java_com_sunshuzhou_experiment_1miracl_Verify_computeForServer(JNIEnv *env, jobject instance,
jstring ux_, jstring uy_,
jstring u1x_, jstring u1y_,
jstring wx_, jstring wy_,
jstring com1x_, jstring com1y_,
jstring N1_, jstring sid_,
jstring alpha_, jstring beta_,
jstring zeta_) {
const char *ux = (*env)->GetStringUTFChars(env, ux_, 0);
const char *uy = (*env)->GetStringUTFChars(env, uy_, 0);
const char *u1x = (*env)->GetStringUTFChars(env, u1x_, 0);
const char *u1y = (*env)->GetStringUTFChars(env, u1y_, 0);
const char *wx = (*env)->GetStringUTFChars(env, wx_, 0);
const char *wy = (*env)->GetStringUTFChars(env, wy_, 0);
const char *com1x = (*env)->GetStringUTFChars(env, com1x_, 0);
const char *com1y = (*env)->GetStringUTFChars(env, com1y_, 0);
const char *N1 = (*env)->GetStringUTFChars(env, N1_, 0);
const char *sid = (*env)->GetStringUTFChars(env, sid_, 0);
const char *alpha = (*env)->GetStringUTFChars(env, alpha_, 0);
const char *beta = (*env)->GetStringUTFChars(env, beta_, 0);
const char *zeta = (*env)->GetStringUTFChars(env, zeta_, 0);
big x, y, d, k1, N2, sum, big1;
epoint *u, *u1, *w, *com1, *w1, *epoint1, *com, *K;
int message_len, i;
unsigned char key[300], tag[SHA1_HASH_SIZE], hexdigest[SHA1_HASH_SIZE * 2 + 1], message[1000], tempChars[300];
jclass jclass1 = (*env)->FindClass(env, "java/lang/String");
jobjectArray result;
envirment_init();
x = mirvar(0);
y = mirvar(0);
d = mirvar(0);
k1 = mirvar(0);
N2 = mirvar(0);
sum = mirvar(0);
big1 = mirvar(0);
u = epoint_init();
u1 = epoint_init();
w = epoint_init();
com1 = epoint_init();
w1 = epoint_init();
epoint1 = epoint_init();
com = epoint_init();
K = epoint_init();
cinstr(x, ux);
cinstr(y, uy);
epoint_set(x, y, 0, u);
cinstr(x, u1x);
cinstr(y, u1y);
epoint_set(x, y, 0, u1);
cinstr(x, wx);
cinstr(y, wy);
epoint_set(x, y, 0, w);
cinstr(x, com1x);
cinstr(y, com1y);
epoint_set(x, y, 0, com1);
irand((long)time(0));
bigrand(ECC_N, d);
bigrand(ECC_N, k1);
bigbits(80, N2);
// sum = alpha + beta + zeta
cinstr(big1, alpha);
cinstr(sum, beta);
add(big1, sum, sum);
cinstr(big1, zeta);
add(big1, sum, sum);
// w1 = k1 * H
ecurve_mult(k1, ECC_H, w1);
// com = (alpha + beta + zeta) * u + d * H
ecurve_mult(sum, u, com);
ecurve_mult(d, ECC_H, epoint1);
ecurve_add(epoint1, com);
// K = d * w + k1 * (com1 - sum * u1)
ecurve_mult(d, w, K);
ecurve_mult(sum, u1, epoint1);
ecurve_sub(epoint1, com1);
ecurve_mult(k1, com1, com1);
ecurve_add(com1, K);
// K.y as key
epoint_get(K, x, y);
cotstr(y, key);
// message: u.y || u1.y || w.y || com1.y || N1 || sid
epoint_get(u, x, y);
cotstr(y, message);
message_len = strlen(message);
epoint_get(u1, x, y);
cotstr(y, &message[message_len]);
message_len = strlen(message);
epoint_get(w, x, y);
cotstr(y, &message[message_len]);
message_len = strlen(message);
epoint_get(com1, x, y);
cotstr(x, &message[message_len]);
message_len = strlen(message);
strcpy(&message[message_len], N1);
message_len = strlen(message);
strcpy(&message[message_len], sid);
message_len = strlen(message);
hmac_sha1(key, strlen(key), message, message_len, tag, SHA1_HASH_SIZE);
for (i = 0; i < SHA1_HASH_SIZE; ++i) {
sprintf(&hexdigest[i * 2], "%02x", tag[i]);
}
hexdigest[40] = '\0';
(*env)->ReleaseStringUTFChars(env, ux_, ux);
(*env)->ReleaseStringUTFChars(env, uy_, uy);
(*env)->ReleaseStringUTFChars(env, u1x_, u1x);
(*env)->ReleaseStringUTFChars(env, u1y_, u1y);
(*env)->ReleaseStringUTFChars(env, wx_, wx);
(*env)->ReleaseStringUTFChars(env, wy_, wy);
(*env)->ReleaseStringUTFChars(env, com1x_, com1x);
(*env)->ReleaseStringUTFChars(env, com1y_, com1y);
(*env)->ReleaseStringUTFChars(env, N1_, N1);
(*env)->ReleaseStringUTFChars(env, sid_, sid);
(*env)->ReleaseStringUTFChars(env, alpha_, alpha);
(*env)->ReleaseStringUTFChars(env, beta_, beta);
(*env)->ReleaseStringUTFChars(env, zeta_, zeta);
result = (*env)->NewObjectArray(env, 8, jclass1, (*env)->NewStringUTF(env, ""));
epoint_get(w1, x, y);
cotstr(x, tempChars);
(*env)->SetObjectArrayElement(env, result, 0, (*env)->NewStringUTF(env, tempChars));
cotstr(y, tempChars);
(*env)->SetObjectArrayElement(env, result, 1, (*env)->NewStringUTF(env, tempChars));
epoint_get(com, x, y);
cotstr(x, tempChars);
(*env)->SetObjectArrayElement(env, result, 2, (*env)->NewStringUTF(env, tempChars));
cotstr(y, tempChars);
(*env)->SetObjectArrayElement(env, result, 3, (*env)->NewStringUTF(env, tempChars));
cotstr(N2, tempChars);
(*env)->SetObjectArrayElement(env, result, 4, (*env)->NewStringUTF(env, tempChars));
(*env)->SetObjectArrayElement(env, result, 5, (*env)->NewStringUTF(env, message));
(*env)->SetObjectArrayElement(env, result, 6, (*env)->NewStringUTF(env, hexdigest));
(*env)->SetObjectArrayElement(env, result, 7, (*env)->NewStringUTF(env, key));
mirkill(x);
mirkill(y);
mirkill(d);
mirkill(k1);
mirkill(N2);
mirkill(sum);
mirkill(big1);
return result;
}
int main()
{
int ia,ib;
time_t seed;
epoint *g,*ea,*eb;
big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv;
big primes[2],pm[2];
big_chinese ch;
miracl *mip;
#ifndef MR_NOFULLWIDTH
mip=mirsys(500,0);
#else
mip=mirsys(500,MAXBASE);
#endif
a=mirvar(0);
b=mirvar(0);
p=mirvar(0);
q=mirvar(0);
n=mirvar(0);
p1=mirvar(0);
q1=mirvar(0);
phi=mirvar(0);
pa=mirvar(0);
pb=mirvar(0);
key=mirvar(0);
e=mirvar(0);
d=mirvar(0);
dp=mirvar(0);
dq=mirvar(0);
t=mirvar(0);
m=mirvar(0);
c=mirvar(0);
pm[0]=mirvar(0);
pm[1]=mirvar(0);
x=mirvar(0);
y=mirvar(0);
k=mirvar(0);
inv=mirvar(0);
time(&seed);
irand((unsigned long)seed); /* change parameter for different values */
printf("First Diffie-Hellman Key exchange .... \n");
cinstr(p,primetext);
/* offline calculations could be done quicker using Comb method
- See brick.c. Note use of "truncated exponent" of 160 bits -
could be output of hash function SHA (see mrshs.c) */
printf("\nAlice's offline calculation\n");
bigbits(160,a);
/* 3 generates the sub-group of prime order (p-1)/2 */
powltr(3,a,p,pa);
printf("Bob's offline calculation\n");
bigbits(160,b);
powltr(3,b,p,pb);
printf("Alice calculates Key=\n");
powmod(pb,a,p,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
powmod(pa,b,p,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same!\n");
/*
Now Elliptic Curve version of the above.
Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above
"Primitive root" is the point (x,y) above, which is of large prime order q.
In this case actually
q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
*/
printf("\nLets try that again using elliptic curves .... \n");
convert(-3,a);
mip->IOBASE=16;
cinstr(b,ecb);
cinstr(p,ecp);
ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */
g=epoint_init();
cinstr(x,ecx);
cinstr(y,ecy);
mip->IOBASE=10;
epoint_set(x,y,0,g);
ea=epoint_init();
eb=epoint_init();
epoint_copy(g,ea);
epoint_copy(g,eb);
printf("Alice's offline calculation\n");
bigbits(160,a);
ecurve_mult(a,ea,ea);
ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */
printf("Bob's offline calculation\n");
bigbits(160,b);
ecurve_mult(b,eb,eb);
ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */
printf("Alice calculates Key=\n");
epoint_set(pb,pb,ib,eb); /* decompress eb */
ecurve_mult(a,eb,eb);
epoint_get(eb,key,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
epoint_set(pa,pa,ia,ea); /* decompress ea */
ecurve_mult(b,ea,ea);
epoint_get(ea,key,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same! (but much smaller)\n");
epoint_free(g);
epoint_free(ea);
epoint_free(eb);
/* El Gamal's Method */
printf("\nTesting El Gamal's public key method\n");
cinstr(p,primetext);
bigbits(160,x); /* x<p */
powltr(3,x,p,y); /* y=3^x mod p*/
decr(p,1,p1);
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
do
{
bigbits(160,k);
} while (egcd(k,p1,t)!=1);
powltr(3,k,p,a); /* a=3^k mod p */
powmod(y,k,p,b);
mad(b,m,m,p,p,b); /* b=m*y^k mod p */
printf("Ciphertext= \n");
cotnum(a,stdout);
cotnum(b,stdout);
zero(m); /* proof of pudding... */
subtract(p1,x,t);
powmod(a,t,p,m);
mad(m,b,b,p,p,m); /* m=b/a^x mod p */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
mip->IOBASE=10;
/* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */
printf("\nNow generating 512-bit random primes p and q\n");
do
{
bigbits(512,p);
if (subdivisible(p,2)) incr(p,1,p);
while (!isprime(p)) incr(p,2,p);
bigbits(512,q);
if (subdivisible(q,2)) incr(q,1,q);
while (!isprime(q)) incr(q,2,q);
multiply(p,q,n); /* n=p.q */
lgconv(65537L,e);
decr(p,1,p1);
decr(q,1,q1);
multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */
} while (xgcd(e,phi,d,d,t)!=1);
cotnum(p,stdout);
cotnum(q,stdout);
printf("n = p.q = \n");
cotnum(n,stdout);
/* set up for chinese remainder thereom */
/* primes[0]=p;
primes[1]=q;
crt_init(&ch,2,primes);
*/
/* use simple CRT as only two primes */
xgcd(p,q,inv,inv,inv); /* 1/p mod q */
copy(d,dp);
copy(d,dq);
divide(dp,p1,p1); /* dp=d mod p-1 */
divide(dq,q1,q1); /* dq=d mod q-1 */
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
printf("Encrypting test string\n");
powmod(m,e,n,c);
printf("Ciphertext= \n");
cotnum(c,stdout);
zero(m);
printf("Decrypting test string\n");
powmod(c,dp,p,pm[0]); /* get result mod p */
powmod(c,dq,q,pm[1]); /* get result mod q */
subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */
mad(inv,pm[1],inv,q,q,m);
multiply(m,p,m);
add(m,pm[0],m);
/* crt(&ch,pm,m); combine them using CRT */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
/* crt_end(&ch); */
return 0;
}
int main()
{
big a2,a6,bx,r;
big res[4];
epoint *P,*Q;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2000 bytes from the stack */
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=(char *)memalloc(_MIPP_ 8);
char *mem1=(char *)ecp_memalloc(_MIPP_ 2);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); /* size of bigs is fixed */
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(8)]; /* reserve space on the stack for 8 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* reserve space on stack for 2 curve points */
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(2)); /* ~668 bytes in all */
#endif
/* Initialise bigs */
a2=mirvar_mem(_MIPP_ mem,0);
a6=mirvar_mem(_MIPP_ mem,1);
bx=mirvar_mem(_MIPP_ mem,2);
for (i=0;i<4;i++)
res[i]=mirvar_mem(_MIPP_ mem,3+i);
r=mirvar_mem(_MIPP_ mem,7);
/* printf("ROM size= %d\n",sizeof(rom)+sizeof(prom)); */
#ifndef MR_NO_STANDARD_IO
#ifdef MR_STATIC
printf("n Bigs require n*%d+%d bytes\n",MR_SIZE,MR_SL);
printf("n Points require n*%d+%d bytes\n",MR_ESIZE,MR_SL);
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
#endif
/* Initialise Elliptic curve points */
P=epoint_init_mem(_MIPP_ mem1,0);
Q=epoint_init_mem(_MIPP_ mem1,1);
/* Initialise supersingular curve */
convert(_MIPP_ 1,a2);
convert(_MIPP_ B,a6);
/* The -M tells MIRACL that this is a supersingular curve */
if (!ecurve2_init(_MIPP_ -M,T,U,V,a2,a6,FALSE,MR_PROJECTIVE))
{
#ifndef MR_NO_STANDARD_IO
printf("Problem with the curve\n");
#endif
return 0;
}
/* Get P and Q from ROM */
/* These should have been multiplied by the cofactor 487805 = 5*97561 */
/* 487805 is a cofactor of the group order 2^271+2^136+1 */
romptr=0;
init_point_from_rom(P,WORDS,rom,ROMSZ,&romptr);
init_point_from_rom(Q,WORDS,rom,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf( "P= \n");
otnum(_MIPP_ P->X,stdout);
otnum(_MIPP_ P->Y,stdout);
printf( "Q= \n");
otnum(_MIPP_ Q->X,stdout);
otnum(_MIPP_ Q->Y,stdout);
#endif
bigbits(_MIPP_ 160,r);
/* Simple bilinearity test */
tate(_MIPP_ P,Q,res);
/* this could break the 4k stack, 2060+668+2996 >4K */
/* so we cannot afford much precomputation in power4 */
power4(_MIPP_ res,r,res); /* res=res^{sr} */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,Q)^r= \n");
for (i=0;i<4;i++)
{
otnum(_MIPP_ res[i],stdout);
zero(res[i]);
}
#endif
ecurve2_mult(_MIPP_ r,Q,Q); /* Q=rQ */
epoint2_norm(_MIPP_ Q);
tate(_MIPP_ P,Q,res); /* Now invert is taken out of Tate, and the stack should be OK */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,rQ)= \n");
for (i=0;i<4;i++)
otnum(_MIPP_ res[i],stdout);
#endif
/* all done */
#ifndef MR_STATIC
memkill(_MIPP_ mem,8);
ecp_memkill(_MIPP_ mem1,2);
#else
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(2));
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
int main()
{
int promptr;
epoint *PB;
big A,B,p,a,b,pa,pb,key;
ebrick binst;
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(8)]; /* we need 8 bigs... */
char mem_ecp[MR_ECP_RESERVE(1)]; /* ..and 1 elliptic curve points */
memset(mem_big, 0, MR_BIG_RESERVE(8)); /* clear the memory */
memset(mem_ecp, 0, MR_ECP_RESERVE(1));
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
pa=mirvar_mem(mip, mem_big, 2);
pb=mirvar_mem(mip, mem_big, 3);
key=mirvar_mem(mip, mem_big, 4);
a=mirvar_mem(mip, mem_big, 5);
b=mirvar_mem(mip, mem_big, 6);
p=mirvar_mem(mip, mem_big, 7);
PB=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */
irand(mip, 3L); /* change parameter for different random numbers */
promptr=0;
init_big_from_rom(p,WORDS,rom,WORDS*5,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,WORDS*5,&promptr); /* Read in curve parameter B from ROM */
/* don't need q or G(x,y) (we have precomputed table from it) */
convert(mip,-3,A); /* set A=-3 */
/* Create precomputation instance from precomputed table in ROM */
ebrick_init(&binst,prom,A,B,p,WINDOW,CURVE_BITS);
/* offline calculations */
bigbits(mip,CURVE_BITS,a); /* A's random number */
mul_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya) */
bigbits(mip,CURVE_BITS,b); /* B's random number */
mul_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb) */
/* swap X values of point */
/* online calculations */
ecurve_init(mip,A,B,p,MR_PROJECTIVE);
epoint_set(mip,pb,pb,0,PB); /* decompress PB */
ecurve_mult(mip,a,PB,PB);
epoint_get(mip,PB,key,key);
/* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */
#ifndef MR_NO_STANDARD_IO
printf("Alice's Key= ");
otnum(mip,key,stdout);
#endif
epoint_set(mip,pa,pa,0,PB); /* decompress PA */
ecurve_mult(mip,b,PB,PB);
epoint_get(mip,PB,key,key);
#ifndef MR_NO_STANDARD_IO
printf("Bob's Key= ");
otnum(mip,key,stdout);
#endif
/* clear the memory */
memset(mem_big, 0, MR_BIG_RESERVE(8));
memset(mem_ecp, 0, MR_ECP_RESERVE(1));
return 0;
}
