Exemplo n.º 1
0
BOOL power_tate(ECn& P,ECn4 Q,Big& q,Big *cf,ZZn2 &Fr,Big &e,ZZn4& r)
{ 
    int i,nb;
    ECn A;
    ZZn8 w,res,a[4];
    ZZn4 Qx,Qy;
    ZZn2 x,y;
    Big carry,ex[4];
    Big p=get_modulus();

    Q.get(Qx,Qy);
    Qx=txd(Qx);
    Qy=txd(txd(Qy));

    res=1;  

/* Left to right method  */
    A=P;
    nb=bits(q);

	for (i=nb-2;i>=0;i--)
    {
        res*=res;           
        res*=g(A,A,Qx,Qy); 
        if (bit(q,i))
            res*=g(A,P,Qx,Qy);

    }

    if (!A.iszero() || res.iszero()) return FALSE;
    w=res;

    w.powq(Fr); w.powq(Fr);  // ^(p^4-1)
    w.powq(Fr); w.powq(Fr);  

    res=w/res;

    res.mark_as_unitary();

    a[3]=res;
    a[2]=a[3]; a[2].powq(Fr);
    a[1]=a[2]; a[1].powq(Fr);
    a[0]=a[1]; a[0].powq(Fr);

    if (e.isone()) for (i=0;i<4;i++) ex[i]=cf[i];
    else
    { // cf *= e
        carry=0;
        for (i=3;i>=0;i--)
            carry=mad(cf[i],e,carry,p,ex[i]);
    }

    res=pow(4,a,ex);
    r=real(res); // compression

//    r=powl(real(res),cf);    // ^(p*p*p*p+1)/q

    if (r.isunity()) return FALSE;
    return TRUE;            
}
Exemplo n.º 2
0
ECn4 hash4(char *ID)
{
    ECn4 T;
    ZZn4 x;
    ZZn2 X,Y=0;
    Big x0,y0=0;

    x0=H1(ID);
    do
    {
        X.set(x0,y0);
        x.set(X,Y);
        x0+=1;
    }
    while (!is_on_curve(x));
    T.set(x);
    return T;
}     
Exemplo n.º 3
0
int main(int argc, char **argv)
{
	miracl *mip=&precision;
	Big p,R,B,mc,curve_b,cru,cof,tau[9];
	Big m,x,y,w,t,c,n,r,a,b,gx,gy,r2modp;
	Big np,PP,TT,FF;
	int i,A,curve,bb,chunk,words,mbits,bytes,ip=0;
	int modtype,curvetype,curve_a,curve_b_i,cof_i,lang=0;
	ZZn2 X;
	ECn P;
	ECn2 Q;
	ECn4 QQ;
	ECn8 Q8;
	ZZn4 XA,YA,AA,BB;
	ZZn8 X8,Y8;
	ZZn2 Aa,Ab,Ba,Bb;
	ZZn2 Xa,Ya;
	ZZn zcru;
	char pre0[50],pre1[50],pre2[50],pre3[50],pre4[50],pre5[50],pre6[50];
	char post0[50],post1[50],post2[50],post3[50],post4[50],post5[50],post6[50];
	char pre7[50],post7[50],lg[50];

	char xxx[20],yyy[20],zzz[20];
	
	char curvename[30],fieldname[30];

	argv++; argc--;

	if (argc<4)
	{
		help();
		return 0;
	}
 
	strcpy(curvename,argv[0]);

//	curve=atoi(argv[ip++]);
	for (i=0;;i++)
	{
		if (curvename[i]==0) break;
		curvename[i]=toupper(curvename[i]);
	}

	//cout << "curvename= " << curvename << " " << strlen(curvename) << endl;

	curve=0; ip++;
	chunk=atoi(argv[ip++]);
	bb=atoi(argv[ip++]);

	strcpy(lg,argv[ip]);

	if (chunk !=16 && chunk!=32 && chunk!=64) {help(); return 0;}
	if (bb<0 || bb>=chunk) {help(); return 0;}

// Specify curve constants

	if (strcmp(curvename,"ED25519")==0)
	{ // ED25519
		curve=1;
		printf("Curve= ED25519\n");
		strcpy(fieldname,"25519");
		mbits=255;                 // bits in modulus
		words=(1+((mbits-1)/bb));  // words per Big
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=-1;			     // Curve A parameter
		cof=8;
		p=pow((Big)2,mbits)-19;  // Modulus
		r=pow((Big)2,252)+(char *)"27742317777372353535851937790883648493";   // group order
		mip->IOBASE=16;
		curve_b=(char *)"52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3";  // curve B parameter
		gx=(char *)"216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A";       // generator point
		gy=(char *)"6666666666666666666666666666666666666666666666666666666666666658";
	}

	if (strcmp(curvename,"C25519")==0)
	{
		curve=2;
		printf("Curve= C25519\n");
		strcpy(fieldname,"25519");
		mbits=255;
		words=(1+((mbits-1)/bb));
		curvetype=MONTGOMERY;
		modtype=PSEUDO_MERSENNE;
		curve_a=486662;
		cof=8;
		p=pow((Big)2,mbits)-19;
		r=pow((Big)2,252)+(char *)"27742317777372353535851937790883648493";

		curve_b=0;
		mip->IOBASE=16;
		gx=(char *)"9";
		gy=0;
	}

	if (strcmp(curvename,"NIST256")==0)
	{
		curve=3;
		printf("Curve= NIST256\n");
		strcpy(fieldname,curvename);
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=-3;
		cof=1;
		p=(char *)"115792089210356248762697446949407573530086143415290314195533631308867097853951";
		r=(char *)"115792089210356248762697446949407573529996955224135760342422259061068512044369";
		mip->IOBASE=16;
		curve_b=(char *)"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b";
		gx=(char *)"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296";
		gy=(char *)"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5";
	}

	if (strcmp(curvename,"BRAINPOOL")==0)
	{
		curve=4;
		printf("Curve= BRAINPOOL\n");
		strcpy(fieldname,curvename);
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=-3;
		cof=1;
		p=(char *)"76884956397045344220809746629001649093037950200943055203735601445031516197751";
		mip->IOBASE=16;
		r=(char *)"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7";
		mip->IOBASE=10;
		curve_b=(char *)"46214326585032579593829631435610129746736367449296220983687490401182983727876";
		mip->IOBASE=16;
		gx=(char *)"a3e8eb3cc1cfe7b7732213b23a656149afa142c47aafbc2b79a191562e1305f4";
		gy=(char *)"2d996c823439c56d7f7b22e14644417e69bcb6de39d027001dabe8f35b25c9be";
	}

	if (strcmp(curvename,"ANSSI")==0)
	{
		curve=5;
		printf("Curve= ANSSI\n");
		strcpy(fieldname,curvename);
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=-3;
		cof=1;
		p=(char *)"109454571331697278617670725030735128145969349647868738157201323556196022393859";
		mip->IOBASE=16;
		r=(char *)"F1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1";
		mip->IOBASE=10;
		curve_b=(char *)"107744541122042688792155207242782455150382764043089114141096634497567301547839";
		mip->IOBASE=16;
		gx=(char *)"b6b3d4c356c139eb31183d4749d423958c27d2dcaf98b70164c97a2dd98f5cff";
		gy=(char *)"6142e0f7c8b204911f9271f0f3ecef8c2701c307e8e4c9e183115a1554062cfb";
	}

	if (strcmp(curvename,"HIFIVE")==0)
	{
		curve=6;
		printf("Curve= HIFIVE\n");
		strcpy(fieldname,curvename);
		mbits=336;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=1;
		cof=8;
		p=pow((Big)2,336)-3;
		mip->IOBASE=16;
		r=(char *)"200000000000000000000000000000000000000000071415FA9850C0BD6B87F93BAA7B2F95973E9FA805";
		mip->IOBASE=10;
		curve_b=(char *)"11111";
		mip->IOBASE=16;
		gx=(char *)"C";
		gy=(char *)"C0DC616B56502E18E1C161D007853D1B14B46C3811C7EF435B6DB5D5650CA0365DB12BEC68505FE8632";
	}

	if (strcmp(curvename,"GOLDILOCKS")==0)
	{
		curve=7;
		printf("Curve= GOLDILOCKS\n");
		strcpy(fieldname,curvename);
		mbits=448;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=GENERALISED_MERSENNE;
		curve_a=1;
		cof=4;
		p=pow((Big)2,448)-pow((Big)2,224)-1;
		r=(p+1-(char *)"28312320572429821613362531907042076847709625476988141958474579766324")/4;
		mip->IOBASE=10;
		curve_b=p-39081;
		mip->IOBASE=16;

		gx=(char *)"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa955555555555555555555555555555555555555555555555555555555";
		gy=(char *)"ae05e9634ad7048db359d6205086c2b0036ed7a035884dd7b7e36d728ad8c4b80d6565833a2a3098bbbcb2bed1cda06bdaeafbcdea9386ed";
	}

	if (strcmp(curvename,"NIST384")==0)
	{
		curve=8;
		printf("Curve= NIST384\n");
		strcpy(fieldname,curvename);
		mbits=384;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=-3;
		cof=1;
		p=(char *)"39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319";
		r=p+1-(char *)"1388124618062372383606759648309780106643088307173319169677";

		curve_b=(char *)"27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575";
		mip->IOBASE=16;
		gx=(char *)"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7";
		gy=(char *)"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f";
	}

	if (strcmp(curvename,"C41417")==0)
	{
		curve=9;
		printf("Curve= C41417\n");
		strcpy(fieldname,curvename);
		mbits=414;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=1;
		p=pow((Big)2,mbits)-17; 
		cof=8;
		r=pow((Big)2,411)-(char *)"33364140863755142520810177694098385178984727200411208589594759"; // Group Order

		curve_b=(char *)"3617";
		mip->IOBASE=16;
		gx=(char *)"1a334905141443300218c0631c326e5fcd46369f44c03ec7f57ff35498a4ab4d6d6ba111301a73faa8537c64c4fd3812f3cbc595";
		gy=(char *)"22";
	}

	if (strcmp(curvename,"NIST521")==0)
	{
		curve=10;
		printf("Curve= NIST521\n");
		strcpy(fieldname,curvename);
		mbits=521;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=-3;
		cof=1;
		p=pow((Big)2,mbits)-1; 

		mip->IOBASE=16;
		r=(char *)"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"; // Group Order
		curve_b=(char *)"51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00";

		gx=(char *)"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66";
		gy=(char *)"11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650";
	}
	
	if (strcmp(curvename,"NUMS256W")==0)
	{
		curve=11;
		printf("Curve= NUMS256W\n");
		strcpy(fieldname,"256PMW");
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=PSEUDO_MERSENNE;
		curve_a=-3;
		cof=1;
		p=pow((Big)2,mbits)-189; 

		mip->IOBASE=16;
		r=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE43C8275EA265C6020AB20294751A825"; // Group Order
		curve_b=(char *)"25581";
		gx=(char *)"BC9ED6B65AAADB61297A95A04F42CB0983579B0903D4C73ABC52EE1EB21AACB1";
		gy=(char *)"D08FC0F13399B6A673448BF77E04E035C955C3D115310FBB80B5B9CB2184DE9F";
	}

	if (strcmp(curvename,"NUMS256E")==0)
	{
		curve=12;
		printf("Curve= NUMS256E\n");
		strcpy(fieldname,"256PME");
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=1;
		cof=4;
		p=pow((Big)2,mbits)-189; 

		mip->IOBASE=16;
		r=(char *)"4000000000000000000000000000000041955AA52F59439B1A47B190EEDD4AF5"; // Group Order
		curve_b=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC355";
		gx=(char *)"8A7514FB6AEA237DCD1E3D5F69209BD60C398A0EE3083586A0DEC0902EED13DA";
		gy=(char *)"44D53E9FD9D925C7CE9665D9A64B8010715F61D810856ED32FA616E7798A89E6";
	}


	if (strcmp(curvename,"NUMS384W")==0)
	{
		curve=13;
		printf("Curve= NUMS384W\n");
		strcpy(fieldname,"384PM");
		mbits=384;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=PSEUDO_MERSENNE;
		curve_a=-3;
		cof=1;
		p=pow((Big)2,mbits)-317; 

		mip->IOBASE=16;
		r=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD61EAF1EEB5D6881BEDA9D3D4C37E27A604D81F67B0E61B9"; // Group Order
		curve_b=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77BB";
		gx=(char *)"757956F0B16F181C4880CA224105F1A60225C1CDFB81F9F4F3BD291B2A6CC742522EED100F61C47BEB9CBA042098152A";
		gy=(char *)"ACDEE368E19B8E38D7E33D300584CF7EB0046977F87F739CB920837D121A837EBCD6B4DBBFF4AD265C74B8EC66180716";
	}

	if (strcmp(curvename,"NUMS384E")==0)
	{
		curve=14;
		printf("Curve= NUMS384E\n");
		strcpy(fieldname,"384PM");
		mbits=384;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=1;
		cof=4;
		p=pow((Big)2,mbits)-317; 

		mip->IOBASE=16;
		r=(char *)"3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2471A1CB46BE1CF61E4555AAB35C87920B9DCC4E6A3897D"; // Group Order
		curve_b=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD19F";
		gx=(char *)"61B111FB45A9266CC0B6A2129AE55DB5B30BF446E5BE4C005763FFA8F33163406FF292B16545941350D540E46C206BDE";
		gy=(char *)"82983E67B9A6EEB08738B1A423B10DD716AD8274F1425F56830F98F7F645964B0072B0F946EC48DC9D8D03E1F0729392";
	}

	if (strcmp(curvename,"NUMS512W")==0)
	{
		curve=15;
		printf("Curve= NUMS512W\n");
		strcpy(fieldname,"512PM");
		mbits=512;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=PSEUDO_MERSENNE;
		curve_a=-3;
		cof=1;
		p=pow((Big)2,mbits)-569; 

		mip->IOBASE=16;
		r=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D"; // Group Order
		curve_b=(char *)"1D99B";
		gx=(char *)"3AC03447141D0A93DA2B7002A03D3B5298CAD83BB501F6854506E0C25306D9F95021A151076B359E93794286255615831D5D60137D6F5DE2DC8287958CABAE57";
		gy=(char *)"943A54CA29AD56B3CE0EEEDC63EBB1004B97DBDEABBCBB8C8F4B260C7BD14F14A28415DA8B0EEDE9C121A840B25A5602CF2B5C1E4CFD0FE923A08760383527A6";
	}

	if (strcmp(curvename,"NUMS512E")==0)
	{
		curve=16;
		printf("Curve= NUMS512E\n");
		strcpy(fieldname,"512PM");
		mbits=512;
		words=(1+((mbits-1)/bb));
		curvetype=EDWARDS;
		modtype=PSEUDO_MERSENNE;
		curve_a=1;
		cof=4;
		p=pow((Big)2,mbits)-569; 

		mip->IOBASE=16;
		r=(char *)"3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4F0636D2FCF91BA9E3FD8C970B686F52A4605786DEFECFF67468CF51BEED46D"; // Group Order
		curve_b=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECBEF";
		gx=(char *)"DF8E316D128DB69C7A18CB7888D3C5332FD1E79F4DC4A38227A17EBE273B81474621C14EEE46730F78BDC992568904AD0FE525427CC4F015C5B9AB2999EC57FE";
		gy=(char *)"6D09BFF39D49CA7198B0F577A82A256EE476F726D8259D22A92B6B95909E834120CA53F2E9963562601A06862AECC1FD0266D38A9BF1D01F326DDEC0C1E2F5E1";
	}


	if (strcmp(curvename,"SECP256K1")==0)
	{ // SECP256K1
		curve=17;
		printf("Curve= SECP256K1\n");
		strcpy(fieldname,"SECP256K1");
		mbits=256;                 // bits in modulus
		words=(1+((mbits-1)/bb));  // words per Big
		curvetype=WEIERSTRASS;
		/*if (chunk<64)*/ modtype=NOT_SPECIAL;
		//modtype=PSEUDO_MERSENNE;
		curve_a=0;			     // Curve A parameter
		cof=1;
		p=pow((Big)2,mbits)-pow((Big)2,32)-977;  // Modulus
		mip->IOBASE=16;
		r=(char *)"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141";   // group order

		curve_b=(char *)"7";  // curve B parameter
		gx=(char *)"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798";       // generator point
		gy=(char *)"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8";
	}


	if (strcmp(curvename,"BN254")==0)
	{
		curve=18;
		printf("Curve= BN254\n");
		strcpy(fieldname,curvename);
		mbits=254;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"4080000000000001";    // Fast but not GT_STRONG parameter

		p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;  // Modulus
		t=6*x*x+1;
		r=p+1-t;                       // Group order
		curve_b=2;
		gx=p-1;                        // generator point in G1
		gy=1;
		cof=1;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_D;        // twist type

		Xa.set((ZZn)0,(ZZn)-1);
		Ya.set((ZZn)1,ZZn(0));
		Q.set(Xa,Ya);

		Q=(p-1+t)*Q;                   // generator point in G2
		cru=(18*pow(x,3)-18*x*x+9*x-2); // cube root of unity for GLV method
	}


	if (strcmp(curvename,"BN254CX")==0)
	{
		curve=19;
		printf("Curve= BN254CX\n");
		strcpy(fieldname,curvename);
		mbits=254;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"4000000003C012B1";

		p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;
		t=6*x*x+1;
		r=p+1-t;
		curve_b=2;
		gx=p-1;
		gy=1;
		cof=1;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_D;

		Xa.set((ZZn)0,(ZZn)-1);
		Ya.set((ZZn)1,ZZn(0));
		Q.set(Xa,Ya);

		Q=(p-1+t)*Q;                   // generator point in G2
		cru=(18*pow(x,3)-18*x*x+9*x-2);
	}

	if (strcmp(curvename,"BLS383")==0)
	{
		curve=20;
		printf("Curve= BLS383\n");
		strcpy(fieldname,curvename);
		mbits=383;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
	
		mip->IOBASE=16;
	//	x=(char *)"11000001000000040";              
		x=(char *)"10008000001001200";	// SIGN_OF_X is POSITIVE
		p=(pow(x,6)-2*pow(x,5)+2*pow(x,3)+x+1)/3;
		t=x+1;
		r=pow(x,4)-x*x+1;
		cof=(p+1-t)/r;

	//	gx=-2; gy=-1;
	//	curve_b=9;
		gx=1; gy=4;
		curve_b=15;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
	//	mip->TWIST=MR_SEXTIC_D;
		mip->TWIST=MR_SEXTIC_M;

		P.set(gx,gy);
		P*=cof;
		P.get(gx,gy);

		//cout << "gx= " << gx << endl;
		//cout << "gy= " << gy << endl;
		//cout << "y^2= " << (gy*gy)%p << endl;
		//cout << "x^3+b= " << (gx*gx*gx+15)%p << endl;

		//while (!Q.set(randn2())) ; // probably not best way to choose this

		Xa=1;
		while (!Q.set(Xa))
		{
			Xa=Xa+(ZZn2)1;
		}

		TT=t*t-2*p;
		PP=p*p;
		FF=sqrt((4*PP-TT*TT)/3);
		np=PP+1-(-3*FF+TT)/2;  // 2 possibilities...

		Q=(np/r)*Q;

		zcru=pow((ZZn)2,(p-1)/3);
	//	zcru*=zcru;   // right cube root of unity
		cru=(Big)zcru;
	}

	if (strcmp(curvename,"BLS381")==0)
	{
		curve=21;
		printf("Curve= BLS381\n");
		strcpy(fieldname,curvename);
		mbits=381;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"d201000000010000";              // SIGN_OF_X is NEGATIVE
		p=(pow(x,6)+2*pow(x,5)-2*pow(x,3)-x+1)/3;
		t=-x+1;
		r=pow(x,4)-x*x+1;
		cof=(p+1-t)/r;

		curve_b=4;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_M;

		gx=1;
		while (!P.set(gx))
		{
			gx=gx+1;
		}
		P*=cof;
		P.get(gx,gy);

		Xa=1;
		while (!Q.set(Xa))
		{
			Xa=Xa+(ZZn2)1;
		}
		Q.get(Xa,Ya);
		Ya=-Ya;
		Q.set(Xa,Ya);

		TT=t*t-2*p;
		PP=p*p;
		FF=sqrt((4*PP-TT*TT)/3);
		np=PP+1-(-3*FF+TT)/2;  // 2 possibilities...

		Q=(np/r)*Q;

		zcru=pow((ZZn)2,(p-1)/3);
		//zcru*=zcru;   // right cube root of unity ?? if x>0 do this??
		cru=(Big)zcru;
	}


	if (strcmp(curvename,"BLS461")==0)
	{
		curve=24;
		printf("Curve= BLS461\n");
		strcpy(fieldname,curvename);
		mbits=461;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"1FFFFFFBFFFE00000000";              // SIGN_OF_X is NEGATIVE
		p=(pow(x,6)+2*pow(x,5)-2*pow(x,3)-x+1)/3;
		t=-x+1;
		r=pow(x,4)-x*x+1;
		cof=(p+1-t)/r;

		gx=-2; gy=-1;
		curve_b=9;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_M;

		P.set(gx,gy);
		P*=cof;
		P.get(gx,gy);

		while (!Q.set(randn2())) ;  // probably not best way to choose this

		TT=t*t-2*p;
		PP=p*p;
		FF=sqrt((4*PP-TT*TT)/3);
		np=PP+1-(-3*FF+TT)/2;  // 2 possibilities...

		Q=(np/r)*Q;

		zcru=pow((ZZn)2,(p-1)/3);
		//zcru*=zcru;   // right cube root of unity
		cru=(Big)zcru;

	}

	if (strcmp(curvename,"FP256BN")==0)
	{
		curve=22;
		printf("Curve= FP256BN\n");
		strcpy(fieldname,curvename);
		mbits=256;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"6882F5C030B0A801";    // Slow!

		p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;
		t=6*x*x+1;
		r=p+1-t;
		curve_b=3;
		gx=1;
		gy=2;
		cof=1;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_M;


		Q.set((ZZn2)1);
		//while (!Q.set(randn2())) ;
		Q=(p-1+t)*Q;

		cru=(18*pow(x,3)-18*x*x+9*x-2);
		cout << pre1 << toupperit((char *)"CURVE_Cru",lang) << post1; output(chunk,words,cru,m); cout << term << endl;

	}

	if (strcmp(curvename,"FP512BN")==0)
	{
		curve=23;
		printf("Curve= FP512BN\n");
		strcpy(fieldname,curvename);
		mbits=512;
		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;
		x=(char *)"6882F5C030B0F7F010B306BB5E1BD80F";    // Slow!

		p=36*pow(x,4)+36*pow(x,3)+24*x*x+6*x+1;
		t=6*x*x+1;
		r=p+1-t;
		curve_b=3;
		gx=1;
		gy=2;
		cof=1;
		ecurve((Big)0,curve_b,p,MR_AFFINE);
		mip->TWIST=MR_SEXTIC_M;

		Q.set((ZZn2)1);
		//while (!Q.set(randn2())) ;
		Q=(p-1+t)*Q;

		cru=p-(18*pow(x,3)+18*x*x+9*x+2);
	}


	if (strcmp(curvename,"BLS24")==0)
	{
		curve=25;
		printf("Curve= BLS24\n");
		strcpy(fieldname,curvename);

		mbits=479;

		words=(1+((mbits-1)/bb));
		curvetype=WEIERSTRASS;
		modtype=NOT_SPECIAL;
		curve_a=0;
		mip->IOBASE=16;

// Note - this is GT-Strong curve

		x=(char *)"100020011FF80";				// SIGN_OF_X is POSITIVE

		//x=-x;

		p=(1+x+x*x-pow(x,4)+2*pow(x,5)-pow(x,6)+pow(x,8)-2*pow(x,9)+pow(x,10))/3;
		t=x+1;
		r=pow(x,8)-pow(x,4)+1;
		cof=(p+1-t)/r;

		//x=-x;

		gx=5; gy=12;
		curve_b=19;
		ecurve((Big)0,curve_b,p,MR_AFFINE);

		mip->TWIST=MR_SEXTIC_M;

		P.set(gx,gy);
		P*=cof;

		P.get(gx,gy);

		Big x0=0;
	
		forever
		{
			ZZn4 X;
			ZZn2 t;

			x0+=1;
			t.set((ZZn)0,(ZZn)x0);
			X.set(t,(ZZn2)0);
			if (!QQ.set(X)) continue;
			break;
		}

		TT=t*t*t*t-4*p*t*t+2*p*p;
		PP=pow(p,4);
		FF=sqrt((4*PP-TT*TT)/3);
		np=PP+1-(3*FF+TT)/2;

		QQ=(np/r)*QQ;

//cout << "QQ= " << QQ << endl;
//cout << "2*QQ= " << QQ+QQ << endl;
//cout << "3*QQ= " << (QQ+QQ)+QQ << endl;

		zcru=pow((ZZn)2,(p-1)/3);
		//zcru*=zcru;   // right cube root of unity -  not for M-TYPE
		cru=(Big)zcru;
	}
Exemplo n.º 4
0
Arquivo: bls24.cpp Projeto: asgene/sm2
int main()
{
	miracl *mip=&precision;
	Big s,x,q,p,t,A,B,cf,X,Y,sru,n,best_s,f,tau[5],TAU;
	Big T,P,F,m1,m2,m3,m4;
	BOOL got_one;
	ECn W;
	ECn4 Q;
	ZZn4 XX,YY,r;	
	ZZn2 xi;
	int i,ns,sign,best_ham=1000;
	mip->IOBASE=16;
	s="E000000000000000";   

	ns=1;
	
	forever
	{
		s+=1;
		for (sign=1;sign<=2;sign++)
		{

			if (sign==1) x=s;
			else         x=-s;

			if (x<0 || ham(x)>7) continue; // filter out difficult or poor solutions

			t=1+x;
			p=1+x+x*x-pow(x,4)+2*pow(x,5)-pow(x,6)+pow(x,8)-2*pow(x,9)+pow(x,10);
			q=1-pow(x,4)+pow(x,8);
	
			if (p%3!=0) continue;
			p/=3;
			
			if (p%8==1) continue;
			if (!prime(p)) continue;
			if (!prime(q)) continue;

			modulo(p);
			if (p%8==5) xi.set(0,1);
			if (p%8==3) xi.set(1,1);
			if (p%8==7) xi.set(2,1);

// make sure its irreducible
			if (pow(xi,(p*p-1)/2)==1) {/*cout << "Failed - not a square" << endl; */ continue;}
			if (pow(xi,(p*p-1)/3)==1) {/*cout << "Failed - not a cube" << endl; */ continue;}  // make sure that x^6-c is irreducible

			n=p+1-t;
			cf=n/q;

			tau[0]=2;  // count points on twist over extension p^4
			tau[1]=t;
			for (i=1;i<4;i++ ) tau[i+1]=t*tau[i]-p*tau[i-1];
			P=p*p*p*p;
			TAU=tau[4];

			F=(4*P-TAU*TAU)/3;
			F=sqrt(F);
		
			m2=P+1-(3*F+TAU)/2;

		//	cout << "m2%q= " << m2%q << endl;

			B=1;   // find curve equation
	
			forever
			{
				B+=1;
				if (B==2)
				{
					X=-1; Y=1;
				}
				else if (B==3)
				{
					X=1; Y=2;
				}
				else if (B==8)
				{
					X=1; Y=3;
				}
				else if (B==15)
				{
					X=1; Y=4;
				}
				else
				{
					do
					{
						X=rand(p);
						Y=sqrt(X*X*X+B,p);
					} while (Y==0);
				}
        
				ecurve(0,B,p,MR_AFFINE);
				W.set(X,Y);
				W*=cf;
				if ((q*W).iszero()) break;
			}

			mip->TWIST=MR_SEXTIC_M;  // is it an M-type twist...?
			do
			{
				r=randn4();
			} while (!Q.set(r)); 
			got_one=FALSE;

			Q*=(m2/q);

			if ((q*Q).iszero()) got_one=TRUE;

//			cout << "m1*Q= " << m1*Q << endl;
//			cout << "m1%q= " << m1%q << endl;
			else
			{
				mip->TWIST=MR_SEXTIC_D;  // no, so it must be D-type.
				do
				{
					r=randn4();
				} while (!Q.set(r)); 
			
				Q*=(m2/q);

				if ((q*Q).iszero()) got_one=TRUE;
			}
			if (!got_one) {cout << "Bad twist" << endl; exit(0);}  // Huh?
	
			if (mip->TWIST==MR_SEXTIC_M) continue;  // not interested just now

			cout << "solution " << ns << endl;
		
			cout << "x= " << x << " ham(x)= " << ham(x) << endl;
			cout << "p= " << p << " bits(p)= " << bits(p) << endl;
			cout << "q= " << q << " bits(q)= " << bits(q) << endl;
			cout << "n= " << n << endl;
			cout << "t= " << t << endl;
			cout << "cf= " << cf << endl;
			

			cout << "W= " << W << endl;
			cout << "q*W= " << q*W << endl;
			mip->IOBASE=10;
			cout << "E(Fp): y^2=x^3+" << B << endl;
			cout << "(p-1)%24= " << (p-1)%24 << endl;
			cout << "p%8= " << p%8 << endl;
			mip->IOBASE=16;
			if (mip->TWIST==MR_SEXTIC_M) cout << "Twist type M" << endl;
			if (mip->TWIST==MR_SEXTIC_D) cout << "Twist type D" << endl;

			Q*=q;
			cout << "check - if right twist should be O - q*Q= " << Q << endl;	
						
			if (ham(x)<best_ham) {best_ham=ham(x);best_s=s;}	
			cout << "So far minimum hamming weight of x= " << best_ham << endl;
			cout << "for seed= " << best_s << endl;
						
			cout << endl;
			ns++;
		}
	}

	return 0;
}