void RSA::decrypt(char* msg) { std::lock_guard<std::recursive_mutex> lockClass(lock); mpz_t c, m; mpz_init2(c, 1024); mpz_init2(m, 1024); mpz_import(c, 128, 1, 1, 0, 0, msg); // m = c^d mod n mpz_powm(m, c, m_d, m_n); size_t count = (mpz_sizeinbase(m, 2) + 7)/8; memset(msg, 0, 128 - count); mpz_export(&msg[128 - count], nullptr, 1, 1, 0, 0, m); mpz_clear(c); mpz_clear(m); }
// ----------------------------------------------------------------------------- // Return non-zero iff @e is a quadratic residue mod @p // // power: (@p + 1) / 4 // ----------------------------------------------------------------------------- static int is_quadratic_residue(mpz_t e, mpz_t p, mpz_t power) { mpz_t emod; mpz_init(emod); mpz_mod(emod, e, p); mpz_t r; mpz_init(r); mpz_powm(r, e, power, p); mpz_mul(r, r, r); mpz_mod(r, r, p); const int result = 0 == mpz_cmp(r, emod); mpz_clear(r); mpz_clear(emod); return result; }
paillier_plaintext_t* paillier_dec( paillier_plaintext_t* res, paillier_pubkey_t* pub, paillier_prvkey_t* prv, paillier_ciphertext_t* ct ) { if( !res ) { res = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t)); mpz_init(res->m); } mpz_powm(res->m, ct->c, prv->lambda, pub->n_squared); mpz_sub_ui(res->m, res->m, 1); mpz_div(res->m, res->m, pub->n); mpz_mul(res->m, res->m, prv->x); mpz_mod(res->m, res->m, pub->n); return res; }
void encrypt(int msg/*To be extended to other types !*/){ // generate r between 0 and n-1 inclusive unsigned long int m = msg; gmp_randstate_t state; gmp_randinit_mt (state); // initiallize state with Mersenne Twister which is basically fast one ! mpz_urandomm(r, state, n); //66666666666666666666666666666666666 //mpz_init_set_str(r,"23",10); //6666666666666666666666666666666666 gmp_printf ("\nr = %Zd\n", r); mpz_powm_ui(tmpI, g/*base*/, m/*exp*/, nn/*mod*/); // tmp = base^exp modulo mod gmp_printf ("\ng^m = %Zd\n", tmpI); mpz_powm(tmpII, r/*base*/, n/*exp*/, nn/*mod*/); // tmp = base^exp modulo mod gmp_printf ("\nr^n = %Zd\n", tmpII); // Remember : a.b mod n = ((a mod n).(b mod n)) mod n mpz_mul(c, tmpI, tmpII); mpz_mod(c, c, nn); gmp_printf ("\nc = %Zd\n", c); }
void egDecrypt(egpvk_t k, egem_t c, egdm_t *m) { int i; mpz_t tmp, inv; mpz_init(tmp); mpz_init(inv); mpz_powm(tmp, c.y1, k.a, k.p); mpz_invert(inv, tmp, k.p); for (i=0; i<c.size; i++) { // Decryption mpz_mul(c.y2[i], c.y2[i], inv); mpz_mod(c.y2[i], c.y2[i], k.p); } m->m = convertToChar(c.y2, c.size, k.k, &i); m->size = i; mpz_clear(tmp); mpz_clear(inv); }
void dhGenPubKey(dhpvk_t *pvk, dhpbk_t *pbk) { // Integer used for random numbers if (!seed_initialized) rnInit(); do { mpz_urandomb(pbk->p, seed, DH_KEY_SIZE); } while (!mpz_probab_prime_p(pbk->p, NB_TURN)); mpz_set(pvk->p, pbk->p); mpz_set_ui(pbk->g, 2); // Search alpha so that alpha is a generator while(!isGenerator(pbk->p, pbk->g)) mpz_add_ui(pbk->g, pbk->g, 1); mpz_set(pvk->g, pbk->g); mpz_urandomm(pvk->a, seed, pvk->p); mpz_powm(pbk->pow, pbk->g, pvk->a, pbk->p); }
/* gmpをつかって Diffie Hellman 法を実装するルーチン */ static void diffie_hellman( char *genstr, char *modstr, char *expstr , char *out, int outlen ) { mpz_t gen, mod , exp , key; char *keystr; mpz_init_set_str( gen , genstr , 16 ); mpz_init_set_str( mod , modstr , 16 ); mpz_init_set_str( exp , expstr , 16 ); mpz_init( key ); mpz_powm( key, gen, exp, mod ); keystr = mpz_get_str( NULL , 16 , key ); snprintf( out, outlen , "%s" , keystr ); mpz_clear( gen ); mpz_clear( exp ); mpz_clear( mod ); mpz_clear( key ); }
void srp_get_v(srp_t *srp, gchar *out, const gchar *salt) { mpz_t g; mpz_t v; mpz_t x; size_t count; if (!srp) return; mpz_init_set_ui(g, SRP_VAR_g); mpz_init(v); srp_get_x(srp, x, salt); mpz_powm(v, g, x, srp->n); mpz_export(out, &count, -1, 1, 0, 0, v); mpz_clear(v); mpz_clear(g); mpz_clear(x); }
static int millerrabin (mpz_srcptr n, mpz_srcptr nm1, mpz_ptr x, mpz_ptr y, mpz_srcptr q, unsigned long int k) { unsigned long int i; mpz_powm (y, x, q, n); if (mpz_cmp_ui (y, 1L) == 0 || mpz_cmp (y, nm1) == 0) return 1; for (i = 1; i < k; i++) { mpz_powm_ui (y, y, 2L, n); if (mpz_cmp (y, nm1) == 0) return 1; if (mpz_cmp_ui (y, 1L) == 0) return 0; } return 0; }
static Variant HHVM_FUNCTION(gmp_powm, const Variant& dataA, const Variant& dataB, const Variant& dataC) { mpz_t gmpDataA, gmpDataB, gmpDataC, gmpReturn; if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_POWM, gmpDataB, dataB)) { return false; } if (mpz_sgn(gmpDataB) < 0) { mpz_clear(gmpDataB); raise_warning(cs_GMP_INVALID_EXPONENT_MUST_BE_POSITIVE, cs_GMP_FUNC_NAME_GMP_POWM); return false; } if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_POWM, gmpDataA, dataA)) { mpz_clear(gmpDataB); return false; } if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_POWM, gmpDataC, dataC)) { mpz_clear(gmpDataA); mpz_clear(gmpDataB); return false; } mpz_init(gmpReturn); mpz_powm(gmpReturn, gmpDataA, gmpDataB, gmpDataC); Variant ret = NEWOBJ(GMPResource)(gmpReturn); mpz_clear(gmpDataA); mpz_clear(gmpDataB); mpz_clear(gmpDataC); mpz_clear(gmpReturn); return ret; }
static void dsa_find_generator(mpz_t g, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, const mpz_t p, const mpz_t q) { mpz_t e; mpz_t n; /* e = (p-1)/q */ mpz_init_set(e, p); mpz_sub_ui(e, e, 1); mpz_divexact(e, e, q); /* n = p-2 = |2, 3, ... p-1| */ mpz_init_set(n, p); mpz_sub_ui(n, n, 2); for (;;) { nettle_mpz_random(g, random_ctx, random, n); mpz_add_ui(g, g, 2); if (progress) progress(progress_ctx, 'g'); mpz_powm(g, g, e, p); if (mpz_cmp_ui(g, 1)) { /* g != 1. Finished. */ if (progress) progress(progress_ctx, '\n'); mpz_clear(e); mpz_clear(n); return; } } }
damgard_jurik_plaintext_t* damgard_jurik::decrypt(damgard_jurik_ciphertext_t* ct) { damgard_jurik_plaintext_t *res = new damgard_jurik_plaintext_t(); mpz_t c_r; mpz_init(c_r); mpz_powm(c_r, ct->text, prvkey->lambda, pubkey->n_j[ct->s + 1]); int i, j; mpz_t t1, t2, t3, i_lamda; mpz_init(t1); mpz_init(t2); mpz_init(t3); mpz_init(i_lamda); mpz_set_ui(i_lamda, 0); for (i = 1;i <= ct->s;++i) { mpz_mod(t1, c_r, pubkey->n_j[i + 1]); damgard_jurik_function_l(t1, t1, pubkey->n_j[1]); mpz_set(t2, i_lamda); for (j = 2;j <= i;j++) { mpz_sub_ui(i_lamda, i_lamda, 1); mpz_mul(t2, t2, i_lamda); mpz_mod(t2, t2, pubkey->n_j[i]); mpz_set(t3, pubkey->k_n[j]); mpz_invert(t3, t3, pubkey->n_j[i]); mpz_mul(t3, t2, t3); mpz_mod(t3, t3, pubkey->n_j[i]); mpz_mul(t3, t3, pubkey->n_j[j - 1]); mpz_mod(t3, t3, pubkey->n_j[i]); mpz_sub(t1, t1, t3); mpz_mod(t1, t1, pubkey->n_j[i]); } mpz_set(i_lamda, t1); } mpz_invert(t3, prvkey->lambda, pubkey->n_j[ct->s]); mpz_mul(res->text, i_lamda, t3); mpz_mod(res->text, res->text, pubkey->n_j[ct->s]); return res; }
void init_data(SGLVData *op){ //~ Note: 'op' is supposed to be already initialised (see main.c) mpz_t X, Y, tmp_exp; mpz_inits (X, Y, tmp_exp, NULL); //~ p = 2^256-1539 mpz_setbit (p, 256); mpz_sub_ui (p, p, 1539); //~ Curve is y^2 = x^3 + 5 //~ mpz_set_ui (ca, 0); // Already set to ZERO through the initialisation mpz_set_ui (cb, 5); mpz_set_str (X, "66043340678279369258981193985450715448372246692524118399919799979198175326756", 10); mpz_set_str (Y, "52931614173969837860927627620185828149756459753631369661231760168280520196499", 10); //~ Point P mpz_set (op->PP[0].X , X); mpz_set (op->PP[0].Y , Y); //~ 5 is a generator of Fp and beta is an element of order 3 mpz_set_ui (beta, 5); mpz_sub_ui (tmp_exp, p, 1); mpz_divexact_ui (tmp_exp, tmp_exp, 3); mpz_powm (beta, beta, tmp_exp, p); //~ Order of P mpz_set_str (op->efp, "115792089237316195423570985008687907852920869663551026044856920202296625078603", 10); //~ Integer part of square root of efp mpz_set_str (op->refp, "340282366920938463463374607431768211455", 10); //~ Root of phi^2+phi+1 = 0 mod #E(Fp) mpz_set_str (op->phi, "86115113571596370384202877098459685148505633832452548870570058599719872579953", 10); init_glvRData(op); if (is_on_curve_aff(op->PP, ca, cb)) { printf("P OK\n"); print_affPoint(op->PP); } else printf("P not OK\n"); mpz_clears (X, Y, tmp_exp, NULL); }
void SRPCalcS(LPNLS nls, char *result) { mpz_t temp, s, v, a; mpz_init2(a, 256); mpz_init2(v, 256); mpz_init(temp); mpz_init(s); mpz_import(a, 32, -1, 1, 0, 0, nls->A); mpz_import(v, 32, -1, 1, 0, 0, nls->V); mpz_powm_ui(temp, v, SRPCalcU(nls->B), N); mpz_mul(temp, a, temp); mpz_powm(s, temp, nls->b_src, N); mpz_export(result, (size_t *)0, -1, 1, 0, 0, s); mpz_clear(temp); mpz_clear(s); mpz_clear(v); mpz_clear(a); }
/* Raise b to the e-th power, mod m Return: b^e (mod m) */ unsigned long int expt(unsigned long int b, unsigned long int e, unsigned long int m) { mpz_t base, exponent, modulus, result; unsigned long int r; mpz_init(result); mpz_init_set_ui(base, b); mpz_init_set_ui(exponent, e); mpz_init_set_ui(modulus, m); mpz_powm(result, base, exponent, modulus); r = mpz_get_ui(result); mpz_clear(result); mpz_clear(base); mpz_clear(exponent); mpz_clear(modulus); return r; }
void egKeyGen(egpvk_t *pvk, egpbk_t *pbk) { // Useful for random generation if (!seed_initialized) rnInit(); // Temporary variables mpz_t tmp; mpz_init(tmp); // p definition do { mpz_urandomb(pvk->p, seed, EG_KEY_SIZE); } while (!mpz_probab_prime_p(pvk->p, NB_TURN)); mpz_set(pbk->p, pvk->p); mpz_set_ui(pbk->alpha, 2); // Search alpha so that alpha is a generator while(!isGenerator(pbk->p, pbk->alpha)) mpz_add_ui(pbk->alpha, pbk->alpha, 1); // Compute private key mpz_urandomb(pvk->a, seed, EG_KEY_SIZE); // Compute last part of public key mpz_powm(pbk->beta, pbk->alpha, pvk->a, pvk->p); // Compute k mpz_set_ui(tmp, NB_CHAR); pvk->k = 0; while (mpz_cmp(tmp, pbk->p) < 0) { mpz_mul_ui(tmp, tmp, NB_CHAR); pvk->k ++; } pbk->k = pvk->k; mpz_clear(tmp); }
void rsa_encryptdata(const void* pdata, unsigned long length, void* pbuffer, PRSAPUBKEY ppubkey){ mpz_t M; mpz_t c; mpz_t k; mpz_t n; unsigned char* pdatain = (unsigned char*)pdata; char* pdataout = (char*)pbuffer; char* pstrin = (char*)malloc((length*2)+1); unsigned long idx; char strtmpval[4]; memset(pstrin,0x00,(length*2)+1); for(idx = 0; idx < length ;++idx){ sprintf(strtmpval,"%2.2X",pdatain[idx]); strcat(pstrin,strtmpval); } mpz_init(M); mpz_init(c); mpz_init(k); mpz_init(n); mpz_set_str(k,ppubkey->strkey_k,16); mpz_set_str(n,ppubkey->strkey_n,16); mpz_set_str(M,pstrin,16); free(pstrin); /* c = (M ^ k) mod n*/ mpz_powm(c,M,k,n); mpz_get_str(pdataout,16,c); mpz_clear(M); mpz_clear(c); mpz_clear(k); mpz_clear(n); }
int _rsa_verify(const struct rsa_public_key *key, const mpz_t m, const mpz_t s) { int res; mpz_t m1; if ( (mpz_sgn(s) <= 0) || (mpz_cmp(s, key->n) >= 0) ) return 0; mpz_init(m1); mpz_powm(m1, s, key->e, key->n); res = !mpz_cmp(m, m1); mpz_clear(m1); return res; }
bool RSA::decrypt(char* msg) { boost::recursive_mutex::scoped_lock lockClass(rsaLock); mpz_t c, m; mpz_init2(c, 1024); mpz_init2(m, 1024); mpz_import(c, 128, 1, 1, 0, 0, msg); // m = c^d mod n mpz_powm(m, c, m_d, m_n); size_t count = (mpz_sizeinbase(m, 2) + 7)/8; memset(msg, 0, 128 - count); mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, m); mpz_clear(c); mpz_clear(m); return true; }
bool RSA::encrypt(char* msg) { boost::recursive_mutex::scoped_lock lockClass(rsaLock); mpz_t plain, c; mpz_init2(plain, 1024); mpz_init2(c, 1024); mpz_import(plain, 128, 1, 1, 0, 0, msg); // c = m^e mod n mpz_powm(c, plain, m_e, m_n); size_t count = (mpz_sizeinbase(c, 2) + 7)/8; memset(msg, 0, 128 - count); mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, c); mpz_clear(c); mpz_clear(plain); return true; }
int dsa_generate_keypair(struct dsa_public_key *pub, struct dsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, /* Size of key, in bits. * Use size = 512 + 64 * l for the official * NIS key sizes. */ unsigned bits) { mpz_t t; if (bits < DSA_MIN_P_BITS) return 0; dsa_nist_gen(pub->p, pub->q, random_ctx, random, progress_ctx, progress, bits); dsa_find_generator(pub->g, random_ctx, random, progress_ctx, progress, pub->p, pub->q); mpz_init_set(t, pub->q); mpz_sub_ui(t, t, 2); nettle_mpz_random(key->x, random_ctx, random, t); mpz_add_ui(key->x, key->x, 1); mpz_powm(pub->y, pub->g, key->x, pub->p); mpz_clear(t); return 1; }
/* * Initalize bleichenbacher useful variables */ int b98_init(struct bleichenbacher_98_t *b98, const size_t rsa_byte_len, const mpz_t c, const mpz_t e, const mpz_t n, int (*server_validation)(const mpz_t) ) { mpz_t B, two, B_exp; mpz_init_set(b98->c, c); mpz_init_set(b98->e, e); mpz_init_set(b98->n, n); /* B = 2**(8*(k-2)) */ mpz_init(B); mpz_init_set_ui(two, 2); mpz_init_set_ui(B_exp, 8*(rsa_byte_len - 2)); mpz_powm(B, two, B_exp, n); /* min_range = 2B */ mpz_init(b98->min_range); mpz_mul_ui(b98->min_range, B, 2); /* max_range = 3B - 1*/ mpz_init(b98->max_range); mpz_mul_ui(b98->max_range, B, 3); mpz_sub_ui(b98->max_range, b98->max_range, 1); mpz_init_set(b98->a, b98->min_range); mpz_init_set(b98->b, b98->max_range); mpz_init_set_ui(b98->s, 1); mpz_init_set_ui(b98->r, 1); b98 -> server_padding_validate = server_validation; mpz_clear(B); mpz_clear(B_exp); mpz_clear(two); return 0x00; }
praef_signator* praef_signator_new(void) { unsigned char xbuf[PRAEF_SIGINT_SIZE]; praef_signator* this = malloc(sizeof(praef_signator)); if (!this) return NULL; /* Initialise constants */ mpz_inits(this->p, this->q, this->g, this->y, this->x, this->k, this->r, this->s, this->kinv, NULL); if (mpz_set_str(this->p, PRAEF_DSA_P, 16) || mpz_set_str(this->q, PRAEF_DSA_Q, 16) || mpz_set_str(this->g, PRAEF_DSA_G, 16)) { praef_signator_delete(this); return NULL; } /* Generate private key */ do { if (!praef_secure_random(xbuf, sizeof(xbuf))) { praef_signator_delete(this); return NULL; } mpz_import(this->x, sizeof(xbuf), -1, 1, 0, 0, xbuf); } while (mpz_cmp_ui(this->x, 0) <= 0 || mpz_cmp(this->x, this->q) >= 0); /* Use the raw private key as the k-generation salt */ memcpy(this->salt, xbuf, sizeof(this->salt)); /* Derive the public key */ mpz_powm(this->y, this->g, this->x, this->p); this->pubkey_hint = praef_calc_pubkey_hint(this->y); return this; }
int djcs_import_private_key(djcs_private_key *vk, const char *json) { JSON_Value *root = json_parse_string(json); JSON_Object *obj = json_value_get_object(root); vk->s = json_object_get_number(obj, "s"); vk->n = malloc(sizeof(mpz_t) * (vk->s + 1)); mpz_init(vk->n[0]); mpz_set_str(vk->n[0], json_object_get_string(obj, "n"), HCS_INTERNAL_BASE); mpz_set_str(vk->d, json_object_get_string(obj, "d"), HCS_INTERNAL_BASE); json_value_free(root); /* Calculate remaining values */ for (unsigned long i = 1; i <= vk->s; ++i) { mpz_init_set(vk->n[i], vk->n[i-1]); mpz_mul(vk->n[i], vk->n[i], vk->n[0]); } mpz_add_ui(vk->mu, vk->n[0], 1); mpz_powm(vk->mu, vk->mu, vk->d, vk->n[vk->s]); dlog_s(vk, vk->mu, vk->mu); mpz_invert(vk->mu, vk->mu, vk->n[vk->s-1]); return 0; }
/* * It is a functions that performs Fermat Little Theoem * input: number(mpz_t) to be tested and number of iterations(int) to run the test * output: int 1 and 0 which represents pass and fail the test respectively */ int Fermat(mpz_t p, int iterations){ mpz_t rand_Num; //use as base, a mpz_init(rand_Num); mpz_t ans; //ans = a^(p-1) mod p mpz_init(ans); mpz_t p2; //p2 = p - 1 mpz_init(p2); mpz_sub_ui(p2, p, 1); if(mpz_cmp_ui(p,1)== 0) return 0; gmp_randstate_t state; srand(time(NULL)); int seed = rand(); gmp_randinit_default (state); gmp_randseed_ui(state, seed); //prepare random seed int i; for(i =0; i<iterations; i++){ mpz_urandomb(rand_Num,state,64); mpz_mod(rand_Num, rand_Num, p2); //base must not be bigger than p mpz_add_ui(rand_Num, rand_Num, 1); //must be at least 1 mpz_powm(ans, rand_Num, p2, p); if(mpz_cmp_ui(ans, 1) != 0) return 0; } return 1; }
static int rsa_public(rsa_public_key_t *key, uint8_t *in, size_t in_len, uint8_t *out) { size_t t; mpz_t p, c; mpz_init2(p, key->size + GMP_NUMB_BITS); mpz_init2(c, key->size + GMP_NUMB_BITS); mpz_import(p, in_len, 1, 1, 0, 0, in); /* c = p ^ d mod n */ mpz_powm(c, p, key->e, key->n); t = mpz_sizeinbase(c, 2); if (t > key->size) { mpz_clear(p); mpz_clear(c); return -1; } t = (key->size - t) >> 3; memset(out, 0, t); mpz_export(&out[t], &t, 1, 1, 0, 0, c); mpz_clear(p); mpz_clear(c); return 0; }
int miller_rabin_pass(mpz_t a, mpz_t n) { int i, s, result; mpz_t a_to_power, d, n_minus_one; mpz_init(n_minus_one); mpz_sub_ui(n_minus_one, n, 1); s = 0; mpz_init_set(d, n_minus_one); while (mpz_even_p(d)) { mpz_fdiv_q_2exp(d, d, 1); s++; } mpz_init(a_to_power); mpz_powm(a_to_power, a, d, n); if (mpz_cmp_ui(a_to_power, 1) == 0) { result=PROBABLE_PRIME; goto exit; } for(i=0; i < s-1; i++) { if (mpz_cmp(a_to_power, n_minus_one) == 0) { result=PROBABLE_PRIME; goto exit; } mpz_powm_ui (a_to_power, a_to_power, 2, n); } if (mpz_cmp(a_to_power, n_minus_one) == 0) { result=PROBABLE_PRIME; goto exit; } result = COMPOSITE; exit: mpz_clear(a_to_power); mpz_clear(d); mpz_clear(n_minus_one); return result; }
/* ********************************************************************************************* * mpz_sprp: (also called a Miller-Rabin pseudoprime) * A "strong pseudoprime" to the base a is an odd composite n = (2^r)*s+1 with s odd such that * either a^s == 1 mod n, or a^((2^t)*s) == -1 mod n, for some integer t, with 0 <= t < r. * *********************************************************************************************/ int mpz_sprp(mpz_t n, mpz_t a) { mpz_t s; mpz_t nm1; mpz_t mpz_test; unsigned long int r = 0; if (mpz_cmp_ui(a, 2) < 0) return PRP_ERROR; if (mpz_cmp_ui(n, 2) < 0) return PRP_COMPOSITE; if (mpz_divisible_ui_p(n, 2)) { if (mpz_cmp_ui(n, 2) == 0) return PRP_PRIME; else return PRP_COMPOSITE; } mpz_init_set_ui(mpz_test, 0); mpz_init_set_ui(s, 0); mpz_init_set(nm1, n); mpz_sub_ui(nm1, nm1, 1); /***********************************************/ /* Find s and r satisfying: n-1=(2^r)*s, s odd */ r = mpz_scan1(nm1, 0); mpz_fdiv_q_2exp(s, nm1, r); /******************************************/ /* Check a^((2^t)*s) mod n for 0 <= t < r */ mpz_powm(mpz_test, a, s, n); if ( (mpz_cmp_ui(mpz_test, 1) == 0) || (mpz_cmp(mpz_test, nm1) == 0) ) { mpz_clear(s); mpz_clear(nm1); mpz_clear(mpz_test); return PRP_PRP; } while ( --r ) { /* mpz_test = mpz_test^2%n */ mpz_mul(mpz_test, mpz_test, mpz_test); mpz_mod(mpz_test, mpz_test, n); if (mpz_cmp(mpz_test, nm1) == 0) { mpz_clear(s); mpz_clear(nm1); mpz_clear(mpz_test); return PRP_PRP; } } mpz_clear(s); mpz_clear(nm1); mpz_clear(mpz_test); return PRP_COMPOSITE; }/* method mpz_sprp */
// USER JOIN PHASE 1 - user key generation (Join) void xsgs_user_join_phase1(XSGS_PUBLIC_KEY* gpk, XSGS_USER_KEY* uk, XSGS_PAILLIER_PUBKEY* ppk, XSGS_JOIN_PHASE1* jpd1) { pairing_ptr pairing = gpk->pairing; field_ptr Fp = pairing->Zr; gmp_randstate_t rnd_state; mpz_t y, r, R1, h; element_t R2; // 1.choose y e Zp at random and element_init(uk->y, Fp); element_random(uk->y); // compute C <- H^y element_init_G1(jpd1->C, pairing); element_pow_naf(jpd1->C, gpk->H, uk->y); // 2. U = (c=ext-commit(y), NIZKPEqDL(c, C, H)) // c = ext-commit(y) = g^y mod n^2 mpz_init(y); mpz_init(jpd1->U.c); element_to_mpz(y, uk->y); mpz_powm(jpd1->U.c, ppk->g, y, ppk->n_squared); // zero-knowledge proof of c, C and H init_rand(rnd_state, PAILLIER_MODULO_BITS / 8 + 1); mpz_init(r); mpz_urandomb(r, rnd_state, PAILLIER_MODULO_BITS); gmp_randclear(rnd_state); // R1 = g^r mod n^2 mpz_init(R1); mpz_powm(R1, ppk->g, r, ppk->n_squared); // R2 = H^r element_init_G1(R2, pairing); element_pow_naf_mpz(R2, gpk->H, r); // h = H(g, n, c, C, H, R1, R2) DWORD data_len = mpz_length_in_bytes(ppk->g) + mpz_length_in_bytes(ppk->n_squared) + //mpz_length_in_bytes(ppk->n) + mpz_length_in_bytes(jpd1->U.c) + element_length_in_bytes(jpd1->C) + element_length_in_bytes(gpk->H) + mpz_length_in_bytes(R1) + element_length_in_bytes(R2); BYTE* data_buf = (BYTE*) malloc(data_len); data_buf += mpz_to_bytes(data_buf, ppk->g); data_buf += mpz_to_bytes(data_buf, ppk->n_squared); //data_buf += mpz_to_bytes(data_buf, ppk->n); data_buf += mpz_to_bytes(data_buf, jpd1->U.c); data_buf += element_to_bytes(data_buf, jpd1->C); data_buf += element_to_bytes(data_buf, gpk->H); data_buf += mpz_to_bytes(data_buf, R1); data_buf += element_to_bytes(data_buf, R2); data_buf -= data_len; jpd1->U.hash = (BYTE*) malloc(JOIN_HASH_BITS / 8); xsgs_hash(data_buf, data_len * 8, jpd1->U.hash, JOIN_HASH_BITS); free(data_buf); mpz_clear(R1); element_clear(R2); // s = r - h * y mpz_init(h); mpz_init(jpd1->U.s); mpz_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8); mpz_mul(jpd1->U.s, h, y); mpz_sub(jpd1->U.s, r, jpd1->U.s); mpz_clear(r); mpz_clear(y); mpz_clear(h); // return ( paillier = (pub, prv), C, U = (c, h, s) ) return; }
void decrypt_char(mpz_t rop, int c, key k) { mpz_set_ui(rop, c); mpz_powm(rop, rop, k.d, k.n); }