Пример #1
0
/* computing of $(-t^2 +u*s -t*p -p^2)^3$
 * The algorithm is by J.Beuchat et.al, in the paper of "Algorithms and Arithmetic Operators for Computing
 * the $eta_T$ Pairing in Characteristic Three", algorithm 4 in the appendix */
static void algorithm4a(element_t S, element_t t, element_t u) {
    field_ptr f = FIELD(t);
    element_t e1, c0, c1, m0, v0, v2;
    element_init(e1, f);
    element_init(c0, f);
    element_init(c1, f);
    element_init(m0, f);
    element_init(v0, f);
    element_init(v2, f);
    element_set1(e1);
    element_cubic(c0, t); // c0 == t^3
    element_cubic(c1, u);
    element_neg(c1, c1); // c1 == -u^3
    element_mul(m0, c0, c0); // m0 == c0^2
    element_neg(v0, m0); // v0 == -c0^2
    element_sub(v0, v0, c0); // v0 == -c0^2 -c0
    element_sub(v0, v0, e1); // v0 == -c0^2 -c0 -1
    element_set1(v2);
    element_sub(v2, v2, c0); // v2 == 1 -c0
    // v1 == c1
    // S == [[v0, v1], [v2, f3m.zero()], [f3m.two(), f3m.zero()]]
    element_set(ITEM(S,0,0), v0);
    element_set(ITEM(S,0,1), c1);
    element_set(ITEM(S,1,0), v2);
    element_set0(ITEM(S,1,1));
    element_neg(ITEM(S,2,0), e1);
    element_set0(ITEM(S,2,1));
    element_clear(e1);
    element_clear(c0);
    element_clear(c1);
    element_clear(m0);
    element_clear(v0);
    element_clear(v2);
}
Пример #2
0
/* $e<- a*b$ */
static void gf32m_mult(element_t e, element_t a, element_t b) {
    element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, b0 = GF32M(b)->_0, b1 =
            GF32M(b)->_1, e0 = GF32M(e)->_0, e1 = GF32M(e)->_1;
    field_ptr base = BASE(a);
    element_t a0b0, a1b1, t0, t1, c1;
    element_init(a0b0, base);
    element_init(a1b1, base);
    element_init(t0, base);
    element_init(t1, base);
    element_init(c1, base);
    element_mul(a0b0, a0, b0);
    element_mul(a1b1, a1, b1);
    element_add(t0, a1, a0);
    element_add(t1, b1, b0);
    element_mul(c1, t0, t1); // c1 == (a1+a0)*(b1+b0)
    element_sub(c1, c1, a1b1);
    element_sub(c1, c1, a0b0);
    element_ptr c0 = a0b0;
    element_sub(c0, c0, a1b1); // c0 == a0*b0 - a1*b1
    element_set(e0, c0);
    element_set(e1, c1);
    element_clear(a0b0);
    element_clear(a1b1);
    element_clear(t0);
    element_clear(t1);
    element_clear(c1);
}
Пример #3
0
static void gf33m_assign(element_t e, element_t a) {
    element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, e0 =
            GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2;
    element_set(e0, a0);
    element_set(e1, a1);
    element_set(e2, a2);
}
Пример #4
0
// The final powering, where we standardize the coset representative.
static void cc_tatepower(element_ptr out, element_ptr in, pairing_t pairing) {
  pptr p = pairing->data;
  #define qpower(sign) {                         \
    polymod_const_mul(e2, inre[1], p->xpowq);    \
    element_set(e0re, e2);                       \
    polymod_const_mul(e2, inre[2], p->xpowq2);   \
    element_add(e0re, e0re, e2);                 \
    element_add(e0re0, e0re0, inre[0]);          \
                                                 \
    if (sign > 0) {                              \
      polymod_const_mul(e2, inim[1], p->xpowq);  \
      element_set(e0im, e2);                     \
      polymod_const_mul(e2, inim[2], p->xpowq2); \
      element_add(e0im, e0im, e2);               \
      element_add(e0im0, e0im0, inim[0]);        \
    } else {                                     \
      polymod_const_mul(e2, inim[1], p->xpowq);  \
      element_neg(e0im, e2);                     \
      polymod_const_mul(e2, inim[2], p->xpowq2); \
      element_sub(e0im, e0im, e2);               \
      element_sub(e0im0, e0im0, inim[0]);        \
    }                                            \
  }
  if (p->k == 6) {
    // See thesis, section 6.9, "The Final Powering", which gives a formula
    // for the first step of the final powering when Fq6 has been implemented
    // as a quadratic extension on top of a cubic extension.
    element_t e0, e2, e3;
    element_init(e0, p->Fqk);
    element_init(e2, p->Fqd);
    element_init(e3, p->Fqk);
    element_ptr e0re = element_x(e0);
    element_ptr e0im = element_y(e0);
    element_ptr e0re0 = ((element_t *) e0re->data)[0];
    element_ptr e0im0 = ((element_t *) e0im->data)[0];
    element_t *inre = element_x(in)->data;
    element_t *inim = element_y(in)->data;
    // Expressions in the formula are similar, hence the following function.
    qpower(1);
    element_set(e3, e0);
    element_set(e0re, element_x(in));
    element_neg(e0im, element_y(in));
    element_mul(e3, e3, e0);
    qpower(-1);
    element_mul(e0, e0, in);
    element_invert(e0, e0);
    element_mul(in, e3, e0);

    element_set(e0, in);
    // We use Lucas sequences to complete the final powering.
    lucas_even(out, e0, pairing->phikonr);

    element_clear(e0);
    element_clear(e2);
    element_clear(e3);
  } else {
    element_pow_mpz(out, in, p->tateexp);
  }
  #undef qpower
}
Пример #5
0
static void point_add(element_t c, element_t a, element_t b) {
    point_ptr p1 = DATA(a), p2 = DATA(b), p3 = DATA(c);
    int inf1 = p1->isinf, inf2 = p2->isinf;
    element_ptr x1 = p1->x, y1 = p1->y, x2 = p2->x, y2 = p2->y;
    field_ptr f = FIELD(x1);
    if (inf1) {
        point_set(c, b);
        return;
    }
    if (inf2) {
        point_set(c, a);
        return;
    }
    element_t v0, v1, v2, v3, v4, ny2;
    element_init(v0, f);
    element_init(v1, f);
    element_init(v2, f);
    element_init(v3, f);
    element_init(v4, f);
    element_init(ny2, f);
    if (!element_cmp(x1, x2)) { // x1 == x2
        element_neg(ny2, y2); // ny2 == -y2
        if (!element_cmp(y1, ny2)) {
            p3->isinf = 1;
            goto end;
        }
        if (!element_cmp(y1, y2)) { // y1 == y2
            element_invert(v0, y1); // v0 == y1^{-1}
            element_mul(v1, v0, v0); // v1 == [y1^{-1}]^2
            element_add(p3->x, v1, x1); // v1 == [y1^{-1}]^2 + x1
            element_cubic(v2, v0); // v2 == [y1^{-1}]^3
            element_add(v2, v2, y1); // v2 == [y1^{-1}]^3 + y1
            element_neg(p3->y, v2); // p3 == -([y1^{-1}]^3 + y1)
            p3->isinf = 0;
            goto end;
        }
    }
    // $P1 \ne \pm P2$
    element_sub(v0, x2, x1); // v0 == x2-x1
    element_invert(v1, v0); // v1 == (x2-x1)^{-1}
    element_sub(v0, y2, y1); // v0 == y2-y1
    element_mul(v2, v0, v1); // v2 == (y2-y1)/(x2-x1)
    element_mul(v3, v2, v2); // v3 == [(y2-y1)/(x2-x1)]^2
    element_cubic(v4, v2); // v4 == [(y2-y1)/(x2-x1)]^3
    element_add(v0, x1, x2); // v0 == x1+x2
    element_sub(v3, v3, v0); // v3 == [(y2-y1)/(x2-x1)]^2 - (x1+x2)
    element_add(v0, y1, y2); // v0 == y1+y2
    element_sub(v4, v0, v4); // v4 == (y1+y2) - [(y2-y1)/(x2-x1)]^3
    p3->isinf = 0;
    element_set(p3->x, v3);
    element_set(p3->y, v4);
end:
    element_clear(v0);
    element_clear(v1);
    element_clear(v2);
    element_clear(v3);
    element_clear(v4);
    element_clear(ny2);
}
Пример #6
0
//c_iとk_iをペアリングする関数
//¬記号で別々の処理する
//(v_i - x_t)も必要→とりあえず置いておこう……→一応できた?
Element *pairing_c_k(EC_PAIRING p, rho_i *rho, EC_POINT *c, EC_POINT *k, mpz_t *alpha_i) {
	int i;
	Element *result;
	result = (Element*)malloc(sizeof(Element));
	Element egg, tempegg1, tempegg2;
	element_init(egg, p->g3);
	element_init(tempegg1, p->g3);
	element_init(tempegg2, p->g3);
	element_init(*result, p->g3);
	mpz_t temp1;
	mpz_init(temp1);
	mpz_t temp2;
	mpz_init(temp2);
	mpz_t order;
	mpz_init(order);
	mpz_set(order, *pairing_get_order(p));
	element_set_one(*result);

	if (alpha_i == NULL && rho == NULL) { //e(c_0, k_0)
			for (i = 0; i < 5; i++) {
				pairing_map(tempegg1, c[i], k[i], p);
				element_mul(tempegg2, tempegg1, *result);
				element_set(*result, tempegg2);
			}
	}
    else if (mpz_cmp_ui(*alpha_i, 0) == 0) {//return 1
    }
	else if (rho->is_negated == FALSE) {
			for (i = 0; i < 7; i++) {
				pairing_map(tempegg1, c[i], k[i], p);
				element_mul(tempegg2, tempegg1, *result);
				element_set(*result, tempegg2);
			}
			element_pow(tempegg1, *result, *alpha_i);
			element_set(*result, tempegg1);
	}
	else { //is_negated == TRUE
			for (i = 0; i < 7; i++) {
				pairing_map(tempegg1, c[i], k[i], p);
				element_mul(tempegg2, tempegg1, *result);
				element_set(*result, tempegg2);
			}
		mpz_set_ui(temp1, rho->v_t[0]); //v_i - x_t
		mpz_invert(temp2, temp1, order);
		mpz_mul(temp1, temp2, *alpha_i); // alpha_i / (v_i - x_t)
		mpz_mod(*alpha_i, temp1, order);
		element_pow(tempegg1, *result, *alpha_i);
		element_set(*result, tempegg1);
	}

    mpz_clear(order);
    mpz_clear(temp2);
    mpz_clear(temp1);
	element_clear(egg);
	element_clear(tempegg1);
	element_clear(tempegg2);

	return result;
}
Пример #7
0
void point_set_xy(EC_POINT p, const Element x, const Element y)
{
    element_set(p->x, x);
    element_set(p->y, y);
    element_set_one(p->z);

    p->isinfinity = FALSE;
}
Пример #8
0
static void point_set(element_t e, element_t a) {
    point_ptr r = DATA(e), p = DATA(a);
    r->isinf = p->isinf;
    if (!p->isinf) {
        element_set(r->x, p->x);
        element_set(r->y, p->y);
    }
}
Пример #9
0
/* $c <- a*b$ */
static void gf33m_mult(element_t e, element_t a, element_t b) {
    element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, b0 =
            GF33M(b)->_0, b1 = GF33M(b)->_1, b2 = GF33M(b)->_2, e0 =
            GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2;
    field_ptr base = BASE(e);
    element_t t0, t1, c1, a0b0, a1b1, a2b2;
    element_init(t0, base);
    element_init(t1, base);
    element_init(c1, base);
    element_init(a0b0, base);
    element_init(a1b1, base);
    element_init(a2b2, base);
    element_mul(a0b0, a0, b0);
    element_mul(a1b1, a1, b1);
    element_mul(a2b2, a2, b2);
    element_ptr d0 = a0b0;
    element_add(t0, a1, a0);
    element_add(t1, b1, b0);
    element_t d1;
    element_init(d1, base);
    element_mul(d1, t0, t1);
    element_sub(d1, d1, a1b1);
    element_sub(d1, d1, a0b0);
    element_add(t0, a2, a0);
    element_add(t1, b2, b0);
    element_t d2;
    element_init(d2, base);
    element_mul(d2, t0, t1);
    element_add(d2, d2, a1b1);
    element_sub(d2, d2, a2b2);
    element_sub(d2, d2, a0b0);
    element_add(t0, a2, a1);
    element_add(t1, b2, b1);
    element_t d3;
    element_init(d3, base);
    element_mul(d3, t0, t1);
    element_sub(d3, d3, a2b2);
    element_sub(d3, d3, a1b1);
    element_ptr d4 = a2b2;
    element_add(t0, d0, d3);
    element_ptr c0 = t0;
    element_add(c1, d1, d3);
    element_add(c1, c1, d4);
    element_add(t1, d2, d4);
    element_ptr c2 = t1;
    element_set(e0, c0);
    element_set(e1, c1);
    element_set(e2, c2);
    element_clear(t0);
    element_clear(t1);
    element_clear(c1);
    element_clear(a0b0);
    element_clear(a1b1);
    element_clear(a2b2);
    element_clear(d1);
    element_clear(d2);
    element_clear(d3);
}
Пример #10
0
/* $e <- a^{-1}$ */
static void gf33m_invert(element_t e, element_t a) {
    element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, e0 =
            GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2;
    field_ptr base = BASE(e);
    element_t a02, a12, a22;
    element_init(a02, base);
    element_init(a12, base);
    element_init(a22, base);
    element_mul(a02, a0, a0);
    element_mul(a12, a1, a1);
    element_mul(a22, a2, a2);
    element_t v0;
    element_init(v0, base);
    element_sub(v0, a0, a2); // v0 == a0-a2
    element_t delta;
    element_init(delta, base);
    element_mul(delta, v0, a02); // delta = (a0-a2)*(a0^2), free
    element_sub(v0, a1, a0); // v0 == a1-a0
    element_t c0;
    element_init(c0, base);
    element_mul(c0, v0, a12); // c0 == (a1-a0)*(a1^2)
    element_add(delta, delta, c0); // delta = (a0-a2)*(a0^2) + (a1-a0)*(a1^2)
    element_sub(v0, a2, v0); // v0 == a2-(a1-a0) = a0-a1+a2
    element_t c1;
    element_init(c1, base);
    element_mul(c1, v0, a22); // c1 == (a0-a1+a2)*(a2^2)
    element_add(delta, delta, c1); // delta = (a0-a2)*(a0^2) + (a1-a0)*(a1^2) + (a0-a1+a2)*(a2^2)
    element_invert(delta, delta); // delta = [(a0-a2)*(a0^2) + (a1-a0)*(a1^2) + (a0-a1+a2)*(a2^2)] ^ {-1}
    element_add(v0, a02, a22); // v0 == a0^2+a2^2
    element_t c2;
    element_init(c2, base);
    element_mul(c2, a0, a2); // c2 == a0*a2
    element_sub(c0, v0, c2); // c0 == a0^2+a2^2-a0*a2
    element_add(v0, a1, a2); // v0 == a1+a2
    element_t c3;
    element_init(c3, base);
    element_mul(c3, a1, v0); // c3 == a1*(a1+a2)
    element_sub(c0, c0, c3); // c0 == a0^2+a2^2-a0*a2-a1*(a1+a2)
    element_mul(c0, c0, delta); // c0 *= delta
    element_mul(c1, a0, a1); // c1 == a0*a1
    element_sub(c1, a22, c1); // c1 == a2^2-a0*a1
    element_mul(c1, c1, delta); // c1 *= delta
    element_sub(c2, a12, c2); // c2 == a1^2-a0*a2
    element_sub(c2, c2, a22); // c2 == a1^2-a0*a2-a2^2
    element_mul(c2, c2, delta); // c2 *= delta
    element_set(e0, c0);
    element_set(e1, c1);
    element_set(e2, c2);
    element_clear(a02);
    element_clear(a12);
    element_clear(a22);
    element_clear(v0);
    element_clear(delta);
    element_clear(c0);
    element_clear(c1);
    element_clear(c2);
    element_clear(c3);
}
Пример #11
0
static void sn_add(element_t c, element_t a, element_t b) {
  point_ptr r = c->data;
  point_ptr p = a->data;
  point_ptr q = b->data;
  if (p->inf_flag) {
    sn_set(c, b);
    return;
  }
  if (q->inf_flag) {
    sn_set(c, a);
    return;
  }
  if (!element_cmp(p->x, q->x)) {
    if (!element_cmp(p->y, q->y)) {
      if (element_is0(p->y)) {
        r->inf_flag = 1;
        return;
      } else {
        sn_double_no_check(r, p);
        return;
      }
    }
    //points are inverses of each other
    r->inf_flag = 1;
    return;
  } else {
    element_t lambda, e0, e1;

    element_init(lambda, p->x->field);
    element_init(e0, p->x->field);
    element_init(e1, p->x->field);

    //lambda = (y2-y1)/(x2-x1)
    element_sub(e0, q->x, p->x);
    element_invert(e0, e0);
    element_sub(lambda, q->y, p->y);
    element_mul(lambda, lambda, e0);
    //x3 = lambda^2 - x1 - x2 - 1
    element_square(e0, lambda);
    element_sub(e0, e0, p->x);
    element_sub(e0, e0, q->x);
    element_set1(e1);
    element_sub(e0, e0, e1);
    //y3 = (x1-x3)lambda - y1
    element_sub(e1, p->x, e0);
    element_mul(e1, e1, lambda);
    element_sub(e1, e1, p->y);

    element_set(r->x, e0);
    element_set(r->y, e1);
    r->inf_flag = 0;

    element_clear(lambda);
    element_clear(e0);
    element_clear(e1);
  }
}
Пример #12
0
//--------------------------------------------------
//  square root in extended Fp
//--------------------------------------------------
int bn254_fp2_sqrt(Element z, const Element x)
{
    mpz_t _v;
    int m, r, i;

    field_precomp_sqrt_p ps;

    Element *t = field(z)->tmp;

    if (!element_is_sqr(x)) {
        return FALSE;
    }

    ps = ((field_precomp_p)(field(x)->precomp))->ps;

    element_set(t[0], ps->n_v);  // t0 = n^v

    r = ps->e; // r = e

    mpz_init_set(_v, ps->v);
    mpz_sub_ui(_v, _v, 1);
    mpz_tdiv_q_2exp(_v, _v, 1);

    element_pow(t[1], x, _v);   // t1 = x^{(v-1)/2}
    element_sqr(t[2], t[1]);
    element_mul(t[2], t[2], x); // t2 = x*t1^2
    element_mul(t[1], x, t[1]); // t1 = x*t1

    mpz_clear(_v);

    while (!element_is_one(t[2]))
    {
        m = 0;
        element_set(t[3], t[2]);

        do {
            element_sqr(t[3], t[3]);
            m++;
        }
        while (!element_is_one(t[3]) && m < r);

        r = r - m - 1;
        element_set(t[3], t[0]);
        for (i = 1; i <= r; i++) {
            element_sqr(t[3], t[3]);
        } // t3 = t2^{r-m-1}
        element_sqr(t[0], t[3]);      // t0 = t3^2
        r = m;
        element_mul(t[1], t[1], t[3]);// t1 = t1*t3
        element_mul(t[2], t[2], t[0]);// t2 = t2*t0
    }

    element_set(z, t[1]);

    return TRUE;
}
Пример #13
0
static void sn_set(element_ptr c, element_ptr a) {
  point_ptr r = c->data, p = a->data;
  if (p->inf_flag) {
    r->inf_flag = 1;
    return;
  }
  r->inf_flag = 0;
  element_set(r->x, p->x);
  element_set(r->y, p->y);
}
Пример #14
0
static void curve_mul(element_ptr c, element_ptr a, element_ptr b) {
	curve_data_ptr cdp = (curve_data_ptr)a->field->data;
  point_ptr r = (point_ptr)c->data, p = (point_ptr)a->data, q = (point_ptr)b->data;

  if (p->inf_flag) {
    curve_set(c, b);
    return;
  }
  if (q->inf_flag) {
    curve_set(c, a);
    return;
  }
  if (!element_cmp(p->x, q->x)) {
    if (!element_cmp(p->y, q->y)) {
      if (element_is0(p->y)) {
        r->inf_flag = 1;
        return;
      } else {
        double_no_check(r, p, cdp->a);
        return;
      }
    }
    //points are inverses of each other
    r->inf_flag = 1;
    return;
  } else {
    element_t lambda, e0, e1;

    element_init(lambda, cdp->field);
    element_init(e0, cdp->field);
    element_init(e1, cdp->field);

    //lambda = (y2-y1)/(x2-x1)
    element_sub(e0, q->x, p->x);
    element_invert(e0, e0);
    element_sub(lambda, q->y, p->y);
    element_mul(lambda, lambda, e0);
    //x3 = lambda^2 - x1 - x2
    element_square(e0, lambda);
    element_sub(e0, e0, p->x);
    element_sub(e0, e0, q->x);
    //y3 = (x1-x3)lambda - y1
    element_sub(e1, p->x, e0);
    element_mul(e1, e1, lambda);
    element_sub(e1, e1, p->y);

    element_set(r->x, e0);
    element_set(r->y, e1);
    r->inf_flag = 0;

    element_clear(lambda);
    element_clear(e0);
    element_clear(e1);
  }
}
Пример #15
0
void miller(element_t z, element_t PR, element_t R, element_t P, element_t Q)
{
    int m = mpz_sizeinbase(order, 2) - 2;

    element_t Z;
    element_t z1;
    element_t x1;
    element_init_same_as(Z, PR);

    element_set(Z, P);
    element_set1(z);
    element_init_same_as(z1, z);
    element_init_same_as(x1, z);

    do_vert(x1, PR, Q);
    element_printf("vert(P+R) %B\n", x1);
    do_line(z1, P, R, Q);
    element_printf("line(P,R) %B\n", z1);
    element_div(x1, x1, z1);
    element_printf("x1 %B\n", x1);
    element_set(z, x1);

    for (;;) {
	printf("iteration %d: %d\n", m, mpz_tstbit(order,m));
	element_square(z, z);
	element_printf("squared: %B\n", z);
	do_tangent(z1, Z, Q);
	element_mul(z, z, z1);

	element_double(Z, Z);
	do_vert(z1, Z, Q);
	element_div(z, z, z1);
	element_printf("pre-if: %B\n", z);

	if (mpz_tstbit(order, m)) {
	    element_mul(z, z, x1);
	    do_vert(z1, P, Q);
	    element_mul(z, z, z1);
	    element_printf("done %B\n", z);
	    /*
	    do_line(z1, Z, P, Q);
	    element_mul(z, z, z1);
	    element_add(Z, Z, P);
	    do_vert(z1, Z, Q);
	    element_div(z, z, z1);
	    */
	}
	if (!m) break;
	m--;
    }

    element_clear(x1);
    element_clear(z1);
}
Пример #16
0
static void record(element_t asum, element_t bsum, element_t snark,
                   darray_t hole, mpz_t counter) {
  snapshot_ptr ss = pbc_malloc(sizeof(struct snapshot_s));
  element_init_same_as(ss->a, asum);
  element_init_same_as(ss->b, bsum);
  element_init_same_as(ss->snark, snark);
  element_set(ss->a, asum);
  element_set(ss->b, bsum);
  element_set(ss->snark, snark);
  darray_append(hole, ss);
  element_printf("snark %Zd: %B\n", counter, snark);
}
Пример #17
0
/* $e <- a^3$ */
static void gf32m_cubic(element_t e, element_t a) {
    element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, e0 = GF32M(e)->_0, e1 =
            GF32M(e)->_1;
    field_ptr base = BASE(a);
    element_t c0, c1;
    element_init(c0, base);
    element_init(c1, base);
    element_cubic(c0, a0);
    element_cubic(c1, a1);
    element_neg(c1, c1); // c1 == -(a1^3)
    element_set(e0, c0);
    element_set(e1, c1);
    element_clear(c0);
    element_clear(c1);
}
Пример #18
0
// USER JOIN PHASE 4 - user key generation (Join)
int xsgs_user_join_phase4(XSGS_PUBLIC_KEY* gpk, XSGS_USER_DB_ENTRY* udbe,
		XSGS_JOIN_PHASE3* jpd3, XSGS_JOIN_PHASE4* jpd4, char* upk_pem_filename) {
	int ret;
	pairing_ptr pairing = gpk->pairing;
	field_ptr Fp = pairing->Zr;

	DWORD msg_len = element_length_in_bytes(udbe->UCert.A);
	BYTE* msg = (BYTE*) malloc(msg_len);
	element_to_bytes(msg, udbe->UCert.A);

	/* TODO Verify_PK_CA(cert_user) */

	ret = xsgs_rsa_verify(upk_pem_filename, msg, msg_len, jpd3->S.sig,
			jpd3->S.len);
	free(msg);

	udbe->S.len = jpd3->S.len;
	udbe->S.sig = (BYTE*) malloc(udbe->S.len);
	memcpy(udbe->S.sig, jpd3->S.sig, udbe->S.len);

	element_init(jpd4->x, Fp);
	element_set(jpd4->x, udbe->UCert.x);

	return ret;
}
Пример #19
0
static void fi_sqrt(element_ptr n, element_ptr e) {
  eptr p = e->data;
  eptr r = n->data;
  element_t e0, e1, e2;

  // If (a+bi)^2 = x+yi then 2a^2 = x +- sqrt(x^2 + y^2)
  // where we choose the sign so that a exists, and 2ab = y.
  // Thus 2b^2 = - (x -+ sqrt(x^2 + y^2)).
  element_init(e0, p->x->field);
  element_init(e1, e0->field);
  element_init(e2, e0->field);
  element_square(e0, p->x);
  element_square(e1, p->y);
  element_add(e0, e0, e1);
  element_sqrt(e0, e0);
  // e0 = sqrt(x^2 + y^2)
  element_add(e1, p->x, e0);
  element_set_si(e2, 2);
  element_invert(e2, e2);
  element_mul(e1, e1, e2);
  // e1 = (x + sqrt(x^2 + y^2))/2
  if (!element_is_sqr(e1)) {
    element_sub(e1, e1, e0);
    // e1 should be a square.
  }
  element_sqrt(e0, e1);
  element_add(e1, e0, e0);
  element_invert(e1, e1);
  element_mul(r->y, p->y, e1);
  element_set(r->x, e0);
  element_clear(e0);
  element_clear(e1);
  element_clear(e2);
}
Пример #20
0
void CipherText::compute_node(element_t& v, Node* node){//v amounts to s
  if(node->getType() == LEAF){
    Leaf* leaf = (Leaf*)node;
    leaf->compute(&v, this->pub, this->p);
  //  printf("leaf: %d, %d, computed\n", leaf->getK(), leaf->getNum());

  } else if (node->getType() == INTERNAL_NODE){

    InternalNode* internalNode = (InternalNode*)node;
    int num = internalNode->getNum();
    int k = internalNode->getK();
    Node** sons = internalNode->getSons();//??

  //  printf("internal Node: %d, %d\n", k, num);

    element_t* ys = (element_t*)malloc(sizeof(element_t) *  (num + 1));      
    element_init_Zr(ys[0], *(this->p));
    element_set(ys[0], v);                          //set ys[0] to v
    computePoints(ys, k, num);       //compute other num point, 
    int i = 1;
    for (i = 1; i <= num; i++){
      compute_node(ys[i], sons[i - 1]);
    }
  }
}
Пример #21
0
/* computing $c <- U^M, M=(3^{3m}-1)*(3^m+1)*(3^m+1-\mu*b*3^{(m+1)//2})$
 * This is the algorithm 8 in the paper above. */
static void algorithm8(element_t c, element_t u) {
    field_ptr f6 = FIELD(u), f = FIELD(ITEM(u,0,0));
    params *p = (params *) f->data;
    element_t v, w;
    element_init(v, f6);
    element_init(w, f6);
    algorithm6(v, u);
    algorithm7(v, v);
    element_set(w, v);
    int i;
    for (i = 0; i < (p->m + 1) / 2; i++)
        element_cubic(w, w);
    algorithm7(v, v);
    if (p->m % 12 == 1 || p->m % 12 == 11) { // w <= w^{-\mu*b}
        element_ptr e;
        e = ITEM(w,0,1);
        element_neg(e, e);
        e = ITEM(w,1,1);
        element_neg(e, e);
        e = ITEM(w,2,1);
        element_neg(e, e);
    }
    element_mul(c, v, w);
    element_clear(v);
    element_clear(w);
}
Пример #22
0
static val_ptr eval_elem(tree_ptr t) {
	// TODO: Write element_clone(), or at least element_new().
	element_ptr e = (element_ptr)pbc_malloc(sizeof(*e));
	element_init_same_as(e, t->elem);
	element_set(e, t->elem);
	return val_new_element(e);
}
Пример #23
0
void millertate(element_t z, element_t P, element_t Q)
{
    element_t Z;
    element_t z0;

    element_init_same_as(Z, P);
    element_init_same_as(z0, z);

    element_set(Z, P);

    do_tangent(z, Z, Q);

    element_double(Z, Z);

    do_vert(z0, Z, Q);
    element_div(z, z, z0);

    element_printf("presquare: z = %B\n", z);

    element_square(z, z);

    element_printf("square: z = %B\n", z);

    do_tangent(z0, Z, Q);
    element_mul(z, z, z0);

    element_clear(z0);
    element_clear(Z);
}
Пример #24
0
//Called in file encryption function to generate C0,C1,C0',C1' and EK
//returns CT,EK
void EK_CT_generate(char *gamma, int *shared_users, int num_users, unsigned char *pps, ct CT, element_t EK, char *t_str)
{

  global_broadcast_params_t gbs;
  element_t t;
  int j;

  //Global Setup of gbs params
  setup_global_broadcast_params(&gbs, pps);
  element_set_str(gbs->gamma, gamma, PBC_CONVERT_BASE); //it is important to set user gamma here else a random value will be used

  //pick a random value of t from Zr
  element_init_Zr(t, gbs->pairing);
  element_random(t);
  element_snprint(t_str,MAX_ELEMENT_LEN,t);

  //compute C0=g^t
  element_init(CT->OC0, gbs->pairing->G1);
  element_pow_zn(CT->OC0, gbs->g, t);

  //compute C1=(g^gamma)x(g[num_users+1-j]) for j in all shared users
  element_init(CT->OC1, gbs->pairing->G1);
  element_pow_zn(CT->OC1, gbs->g, gbs->gamma); //at this step C1 = g^gamma = v as given in paper
  for(j=0;j<num_users;j++)
    element_mul(CT->OC1, CT->OC1, gbs->gs[(gbs->num_users)-shared_users[j]]);
  element_pow_zn(CT->OC1, CT->OC1, t);

  //Duplicate C0'=C0
  element_init(CT->C0, gbs->pairing->G1);
  element_set(CT->C0,CT->OC0);

  //Duplicate C1'=C1
  element_init(CT->C1, gbs->pairing->G1);
  element_set(CT->C1,CT->OC1);

  //COMPUTE EK = e(g[n], g[1])^(t)
  element_init(EK, gbs->pairing->GT);
  element_pairing(EK, gbs->gs[0],gbs->gs[gbs->num_users-1]);  //at this step EK = e(g[1],g[n])
  element_pow_zn(EK,EK,t);  //EK = e(g[1],g[n])^t

  //free the memory for global broadcast params
  element_clear(t);
  FreeGBP(gbs);

  return;
}
Пример #25
0
static void fi_square(element_ptr n, element_ptr a) {
  eptr p = a->data;
  eptr r = n->data;
  element_t e0, e1;

  element_init(e0, p->x->field);
  element_init(e1, e0->field);
  // Re(n) = x^2 - y^2 = (x+y)(x-y)
  element_add(e0, p->x, p->y);
  element_sub(e1, p->x, p->y);
  element_mul(e0, e0, e1);
  // Im(n) = 2xy
  element_mul(e1, p->x, p->y);
  element_add(e1, e1, e1);
  element_set(r->x, e0);
  element_set(r->y, e1);
  element_clear(e0);
  element_clear(e1);
}
Пример #26
0
void bn254_fp2_pow(Element z, const Element x, const mpz_t exp)
{
    long t, i;
    Element c;

    element_init(c, field(z));
    element_set(c, x);

    t = (long)mpz_sizeinbase(exp, 2);

    for (i = t - 2; i >= 0; i--)
    {
        element_sqr(c, c);
        if (mpz_tstbit(exp, i)) { element_mul(c, c, x); }
    }

    element_set(z, c);
    element_clear(c);
}
Пример #27
0
static void curve_invert(element_ptr c, element_ptr a) {
	point_ptr r = (point_ptr)c->data, p = (point_ptr)a->data;

  if (p->inf_flag) {
    r->inf_flag = 1;
    return;
  }
  r->inf_flag = 0;
  element_set(r->x, p->x);
  element_neg(r->y, p->y);
}
Пример #28
0
/* doing multiplication in GF(3^m)
 * The function sets $e == a*b \in GF(3^m)$ */
static void gf3m_mult(element_t e, element_ptr a, element_t b) {
    params *p = PARAM(a);
    element_t aa, t, c;
    element_init(aa, a->field);
    element_set(aa, a);
    a = aa; // clone $a$
    element_init(t, a->field);
    element_init(c, a->field);
    unsigned i;
    for (i = 0; i < p->m; i++) {
        unsigned v = gf3m_get(b, i);
        gf3m_f1(t, v, a); /* t == b[i]*a in GF(3^m) */
        gf3m_add(c, c, t); /* c += b[i]*a in GF(3^m) */
        gf3m_f2(a); /* a == a*x in GF(3^m) */
    }
    element_set(e, c);
    element_clear(t);
    element_clear(c);
    element_clear(aa);
}
Пример #29
0
static val_ptr run_item(val_ptr v[]) {
	mpz_t z;
	mpz_init(z);
	element_to_mpz(z, v[1]->elem);
	int i = mpz_get_si(z);
	mpz_clear(z);
	element_ptr a = element_item(v[0]->elem, i);
	element_ptr e = (element_ptr)pbc_malloc(sizeof(*e));
	element_init_same_as(e, a);
	element_set(e, a);
	return val_new_element(e);
}
Пример #30
0
static void fq_square(element_ptr n, element_ptr a) {
  eptr p = a->data;
  eptr r = n->data;
  element_ptr nqr = fq_nqr(n->field);
  element_t e0, e1;

  element_init(e0, p->x->field);
  element_init(e1, e0->field);
  element_square(e0, p->x);
  element_square(e1, p->y);
  element_mul(e1, e1, nqr);
  element_add(e0, e0, e1);
  element_mul(e1, p->x, p->y);
  //TODO: which is faster?
  //element_add(e1, e1, e1);
  element_double(e1, e1);
  element_set(r->x, e0);
  element_set(r->y, e1);
  element_clear(e0);
  element_clear(e1);
}