struct msgOneArrays_ECC *proverMessageOne_ECC(int stat_SecParam, struct eccParams *params,
unsigned char *J_set, struct eccPoint *alpha,
struct eccPoint *g_0, struct eccPoint *g_1,
struct eccPoint **h_0_List, struct eccPoint **h_1_List, gmp_randstate_t state)
{
struct msgOneArrays_ECC *msgArray = initMsgOneArray_ECC(stat_SecParam);
struct eccPoint *topHalf, *bottomHalf;
int i, j_in_I = 0, j_not_I = 0;
for(i = 0; i < stat_SecParam; i ++)
{
// If i IS in I
if(0x00 == J_set[i])
{
msgArray -> notI_Struct -> not_in_I_index[j_not_I] = i + 1;
// Generate a random exponent pair C and Z.
mpz_urandomm(msgArray -> notI_Struct -> C_array[j_not_I], state, params -> n);
mpz_urandomm(msgArray -> notI_Struct -> Z_array[j_not_I], state, params -> n);
// Compute the A share using C and Z
topHalf = windowedScalarPoint(msgArray -> notI_Struct -> Z_array[j_not_I], g_0, params);
bottomHalf = windowedScalarPoint(msgArray -> notI_Struct -> C_array[j_not_I], h_0_List[i], params);
msgArray -> A_array[i] = invertPoint(bottomHalf, params);
groupOp_PlusEqual(msgArray -> A_array[i], topHalf, params);
clearECC_Point(topHalf);
clearECC_Point(bottomHalf);
// Compute the B share using C and Z
topHalf = windowedScalarPoint(msgArray -> notI_Struct -> Z_array[j_not_I], g_1, params);
bottomHalf = windowedScalarPoint(msgArray -> notI_Struct -> C_array[j_not_I], h_1_List[i], params);
msgArray -> B_array[i] = invertPoint(bottomHalf, params);
groupOp_PlusEqual(msgArray -> B_array[i], topHalf, params);
clearECC_Point(topHalf);
clearECC_Point(bottomHalf);
j_not_I ++;
}
else
{
// Raise the A and B to the power of a random (and stored) exponent
msgArray -> in_I_index[j_in_I] = i + 1;
mpz_urandomm(msgArray -> roeArray[j_in_I], state, params -> n);
msgArray -> A_array[i] = windowedScalarPoint(msgArray -> roeArray[j_in_I], g_0, params);
msgArray -> B_array[i] = windowedScalarPoint(msgArray -> roeArray[j_in_I], g_1, params);
j_in_I ++;
}
}
return msgArray;
}
int BnetSRP3::init( const char* username_, const char* password_, const byte * salt_ )
{
if(!srp3_inited)
{
gmp_randinit_default(rand);
gmp_randseed_ui(rand, (unsigned long)time(NULL));
mpz_init2(N, 256);
mpz_import(N, 32, -1, 1, 0, 0, SRP3_N);
mpz_init_set_ui(g, SRP3_g);
srp3_inited = true;
}
uint i;
const char* source;
if (!username_) {
return -1;
}
uint len = strlen(username_);
username.resize(len);
source = username_;
for(i = 0; i < len; ++ i)
{
username[i] = toupper(*(source++));
}
if (!((password_ == NULL) ^ (salt_ == NULL))) {
return -1;
}
if (password_!=NULL) {
len = strlen(password_);
password.resize(len);
source = password_;
for(i = 0; i < len; ++ i)
{
password[i] = toupper(*(source++));
}
mpz_init2(a, 256);
mpz_init(b);
mpz_urandomm(a, rand, N); /* generates the private key */
mpz_t s;
mpz_init2(s, 256);
mpz_urandomb(s, rand, 256);
mpz_export(raw_salt, NULL, 1, 4, -1, 0, s);
} else {
password = "";
mpz_init(a);
mpz_init2(b, 256);
mpz_urandomm(b, rand, N);
setSalt(salt_);
}
B_inited = false;
return 0;
}
static void rho(mpz_t R, mpz_t N)
{
mpz_t divisor;
mpz_t c;
mpz_t x;
mpz_t xx;
mpz_t abs;
mpz_init(divisor);
mpz_init(c);
mpz_init(x);
mpz_init(xx);
mpz_init(abs);
mpz_urandomm(c, randstate, N);
mpz_urandomm(x, randstate, N);
mpz_set(xx, x);
/* check divisibility by 2 */
if (mpz_divisible_p(N, two)) {
mpz_set(R, two);
return;
}
do {
/* Do this with x */
mpz_mul(x, x, x);
mpz_mod(x, x, N);
mpz_add(x, x, c);
mpz_mod(x, x, N);
/* First time with xx */
mpz_mul(xx, xx, xx);
mpz_mod(xx, xx, N);
mpz_add(xx, xx, c);
mpz_mod(xx, xx, N);
/* Second time with xx */
mpz_mul(xx, xx, xx);
mpz_mod(xx, xx, N);
mpz_add(xx, xx, c);
mpz_mod(xx, xx, N);
mpz_sub(abs, x, xx);
mpz_abs(abs, abs);
mpz_gcd(divisor, abs, N);
} while (mpz_cmp(divisor, one) == 0);
mpz_set(R, divisor);
}
//assume state has been initialized
void get_random_r_given_modulo( mpz_t random_no, mpz_t modulo )
{
do{
mpz_urandomm(random_no, state, modulo);
}while(mpz_cmp_ui(random_no, 0) == 0);
}
void SecretShare::getShares(mpz_t** shares, mpz_t* secrets, int size){
mpz_t coefficient;
mpz_init(coefficient);
mpz_t temp;
mpz_init_set_ui(temp, 0);
int peer;
for(int i = 0; i < size; i++){
for(int degree = 0; degree < threshold+1; degree++){
if(degree == 0)
mpz_set(coefficient,secrets[i]);
else{
mpz_urandomm(coefficient, rstate, fieldSize); //
if(degree == threshold && mpz_sgn(coefficient) == 0)
mpz_add_ui(coefficient, coefficient, 1);
}
for(int peer = 0; peer < peers; peer++){
modMul(temp, sharingMatrix[peer][degree], coefficient);
modAdd(shares[peer][i],shares[peer][i], temp);
}
}
}
mpz_clear(coefficient);
mpz_clear(temp);
}
void random::randominteger(mpz_ptr r,mpz_ptr a,mpz_ptr b)
{
// #ifdef DEBUG_MU
// if(RAND_COUNTER<sizeof(RAND)/sizeof(int)){
// mpz_set_si(r,RAND[RAND_COUNTER]);
// RAND_COUNTER++;
// std::wcerr<<"random ";
// print_mpz_ptr(r);
// std::wcerr<<std::endl;
// return;
// }
// #endif
mpz_t temp_z;
mpz_init(temp_z);
mpz_sub(temp_z,b,a);
mpz_add_ui(temp_z,temp_z,1);
mpz_urandomm(r,rstate,temp_z);
mpz_clear(temp_z);
mpz_add(r,r,a);
// #ifdef DEBUG_MU
// std::wcerr<<"random ";
// print_mpz_ptr(r);
// std::wcerr<<std::endl;
// RAND_COUNTER++;
// #endif
return ;
}
void create_commit_box_key(struct commit_batch_params *params, unsigned char *toCommit, int toCommitLen, gmp_randstate_t state,
struct elgamal_commit_box *c, struct elgamal_commit_key *k)
{
struct eccPoint *g_x;
mpz_t r, *x = (mpz_t*) calloc(1, sizeof(mpz_t));
unsigned char *xHashed = sha256_full(toCommit, toCommitLen);
mpz_init(r);
mpz_init(*x);
convertBytesToMPZ(x, xHashed, 32);
g_x = fixedPointMultiplication(gPreComputes, *x, params -> params);
mpz_urandomm(r, state, params -> params -> n);
c -> u = fixedPointMultiplication(gPreComputes, r, params -> params);
c -> v = windowedScalarPoint(r, params -> h, params -> params);
groupOp_PlusEqual(c -> v, g_x, params -> params);
mpz_set(k -> r, r);
k -> x = toCommit;
k -> xLen = toCommitLen;
free(x);
}
static PyObject *
GMPy_MPZ_random_Function(PyObject *self, PyObject *args)
{
MPZ_Object *result, *temp;
if (PyTuple_GET_SIZE(args) != 2) {
TYPE_ERROR("mpz_random() requires 2 arguments");
return NULL;
}
if (!RandomState_Check(PyTuple_GET_ITEM(args, 0))) {
TYPE_ERROR("mpz_random() requires 'random_state' and 'int' arguments");
return NULL;
}
if (!(temp = GMPy_MPZ_From_Integer(PyTuple_GET_ITEM(args, 1), NULL))) {
TYPE_ERROR("mpz_random() requires 'random_state' and 'int' arguments");
return NULL;
}
if ((result = GMPy_MPZ_New(NULL))) {
mpz_urandomm(result->z, RANDOM_STATE(PyTuple_GET_ITEM(args, 0)), temp->z);
}
Py_DECREF((PyObject*)temp);
return (PyObject*)result;
}
/*
* call-seq:
* rand_state.urandomm(integer)
*
* From the GMP Manual:
*
* Generate a uniformly distributed random integer in the range 0 to
* _integer-1_, inclusive. _integer_ can be an instance of GMP::Z,
* Fixnum, or Bignum
*/
VALUE r_gmprandstate_urandomm(VALUE self, VALUE arg)
{
MP_RANDSTATE *self_val;
MP_INT *res_val, *arg_val;
int free_arg_val = 0;
VALUE res;
mprandstate_get_struct(self,self_val);
if (GMPZ_P(arg)) {
mpz_get_struct(arg, arg_val);
} else if (FIXNUM_P(arg)) {
mpz_temp_alloc(arg_val);
mpz_init_set_ui(arg_val, FIX2INT(arg));
free_arg_val = 1;
} else if (BIGNUM_P(arg)) {
mpz_temp_from_bignum(arg_val, arg);
free_arg_val = 1;
} else {
typeerror_as(ZXB, "arg");
}
mpz_make_struct_init(res, res_val);
mpz_urandomm(res_val, self_val, arg_val);
if (free_arg_val) { mpz_temp_free(arg_val); }
return res;
}
// sign a hash using ECDSA, hash must be a string in base used during initialisation.
// private key and a generator point are required for it to work (look SetDomain
// and SetKeys)
void ECDSA::Sign( char *hash, char *&r, char *&s )
{
mpz_t z,k,rr,ss,t,u;
ECPoint kG;
mpz_init_set_str(z, hash, m_base);
mpz_inits(k, rr, ss, t, u, NULL);
do
{
mpz_urandomm(k, m_st, ecc->m_n);
ecc->MultiplePoint(k, ecc->m_G, kG);
mpz_set(rr, kG.x);
mpz_mod(rr, rr, ecc->m_n);
} while (!mpz_cmp_ui(rr, 0));
do
{
mpz_set(t,z);
mpz_addmul(t,rr,ecc->m_dA);
mpz_set(u,k);
mpz_invert(u,u,ecc->m_n);
mpz_mul(ss, t, u);
mpz_mod(ss, ss, ecc->m_n);
} while (!mpz_cmp_ui(ss, 0));
mpz_get_str(r, m_base, rr);
mpz_get_str(s, m_base, ss);
mpz_clears(z,k,rr,ss,t,u,NULL);
return;
}
int rabin_miller(mpz_t n, unsigned int t, gmp_randstate_t rand_state) {
mpz_t a;
unsigned int res = PRIME, i;
/* skrati cas */
if (mpz_even_p(n)) return COMPOSITE;
if (mpz_fdiv_ui(n, 3) == 0) return COMPOSITE;
if (mpz_fdiv_ui(n, 5) == 0) return COMPOSITE;
if (mpz_fdiv_ui(n, 7) == 0) return COMPOSITE;
mpz_init(a);
for (i = 0; i < t; ++i) {
/* nahodne kladne a */
do {
mpz_urandomm(a,rand_state, n);
} while(mpz_sgn(a) == 0); /* nesmie byt 0 */
if(rabin_miller_test(n,a) == COMPOSITE) {
res = COMPOSITE;
break;
}
}
mpz_clear(a);
return res;
}
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve)
{
//message must not have a bit length longer than that of n
//see: Guide to Elliptic Curve Cryptography, section 4.4.1.
assert(mpz_sizeinbase(message, 2) <= mpz_sizeinbase(curve->n, 2));
//Initializing variables
mpz_t k;mpz_init(k);
mpz_t x;mpz_init(x);
point Q = point_init();
mpz_t r;mpz_init(r);
mpz_t t1;mpz_init(t1);
mpz_t t2;mpz_init(t2);
mpz_t t3;mpz_init(t3);
mpz_t s;mpz_init(s);
gmp_randstate_t r_state;
signature_sign_start:
//Set k
gmp_randinit_default(r_state);
random_seeding(r_state);
mpz_sub_ui(t1, curve->n, 2);
mpz_urandomm(k , r_state , t1);
gmp_randclear(r_state);
//Calculate x
point_multiplication(Q, k, curve->G, curve);
mpz_set(x, Q->x);
point_clear(Q);
//Calculate r
mpz_mod(r, x, curve->n);
if(!mpz_sgn(r)) //Start over if r=0, note haven't been tested memory might die :)
goto signature_sign_start;
mpz_clear(x);
//Calculate s
//s = k¯¹(e+d*r) mod n = (k¯¹ mod n) * ((e+d*r) mod n) mod n
number_theory_inverse(t1, k, curve->n);//t1 = k¯¹ mod n
mpz_mul(t2, private_key, r);//t2 = d*r
mpz_add(t3, message, t2); //t3 = e+t2
mpz_mod(t2, t3, curve->n); //t2 = t3 mod n
mpz_mul(t3, t2, t1); //t3 = t2 * t1
mpz_mod(s, t3, curve->n); //s = t3 mod n
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(t3);
//Set signature
mpz_set(sig->r, r);
mpz_set(sig->s, s);
//Release k,r and s
mpz_clear(k);
mpz_clear(r);
mpz_clear(s);
}
MEXP(nls_t*) nls_init_l(const char* username, unsigned long username_length,
const char* password, unsigned long password_length)
{
unsigned int i;
char* d; /* destination */
const char* o; /* original */
nls_t* nls;
nls = (nls_t*) malloc(sizeof(nls_t));
if (!nls)
return (nls_t*) 0;
nls->username_len = username_length;
nls->password_len = password_length;
nls->username = (char*) malloc(nls->username_len + 1);
nls->password = (char*) malloc(nls->password_len + 1);
if (!nls->username || !nls->password) {
free(nls);
return (nls_t*) 0;
}
d = (char*) nls->username;
o = username;
for (i = 0; i < nls->username_len; i++) {
*d = (char) toupper(*o);
d++;
o++;
}
*((char*) nls->username + username_length) = 0;
*((char*) nls->password + password_length) = 0;
d = (char*) nls->password;
o = password;
for (i = 0; i < nls->password_len; i++) {
*d = (char) toupper(*o);
d++;
o++;
}
mpz_init_set_str(nls->n, NLS_VAR_N_STR, 16);
gmp_randinit_default(nls->rand);
gmp_randseed_ui(nls->rand, nls_pre_seed());
mpz_init2(nls->a, 256);
mpz_urandomm(nls->a, nls->rand, nls->n); /* generates the private key */
/* The following line replaces preceding 2 lines during testing. */
/*mpz_init_set_str(nls->a, "1234", 10);*/
nls->A = (char*) 0;
nls->S = (char*) 0;
nls->K = (char*) 0;
nls->M1 = (char*) 0;
nls->M2 = (char*) 0;
return nls;
}
num* prime_field::get_rnd_num(uint32_t bitlen) {
mpz_t val;
if (bitlen == 0)
bitlen = secparam.ifcbits;
mpz_init(val);
mpz_urandomm(val, rnd_state, q);
return new gmp_num(this, val);
}
void SecretShare::getShares(mpz_t* shares, mpz_t secret){
/*mpz_t coefficient, temp;
mpz_init(coefficient);
mpz_init(temp);
int peer;
for(peer = 0; peer < peers; peer++)
mpz_set_ui(shares[peer], 0);
for(int degree = 0; degree < threshold+1; degree++){
if(degree == 0)
mpz_set(coefficient,secret);
else{
mpz_urandomb(coefficient, rstate, bits);
if(degree == threshold && mpz_sgn(coefficient) == 0)
mpz_add_ui(coefficient, coefficient, 1);
}
for(int peer = 0; peer < peers; peer++){
modMul(temp, sharingMatrix[peer][degree], coefficient);
modAdd(shares[peer],shares[peer], temp);
}
}
mpz_clear(temp);
mpz_clear(coefficient); */
srand(time(NULL));
mpz_t coefficient;
mpz_init(coefficient);
mpz_t temp;
mpz_init(temp);
mpz_set_ui(temp, 0);
mpz_t random;
mpz_init(random);
for(int i = 0; i < peers; i++)
mpz_set_ui(shares[i], 0);
if(mpz_cmp_si(secret, 0) < 0){
mpz_mod(secret, secret, fieldSize);
}
for(int degree = 0; degree < threshold+1; degree++){
if(degree == 0)
mpz_set(coefficient,secret);
else{
mpz_urandomm(coefficient, rstate, fieldSize); //
if(degree == threshold && mpz_sgn(coefficient) == 0)
mpz_add_ui(coefficient, coefficient, 1);
/*mpz_set_ui(temp,rand());
mpz_set(temp, random);
mpz_mod(coefficient, temp, fieldSize);
mpz_add_ui(coefficient, coefficient, 1);*/
}
for(int peer = 0; peer < peers; peer++){
modMul(temp, sharingMatrix[peer][degree], coefficient);
modAdd(shares[peer],shares[peer], temp);
}
}
}
void dh_keyexchange(gmp_randstate_t *state, mpz_t p, mpz_t g, mpz_t a, mpz_t A)
{
mpz_init(a);
mpz_init(A);
mpz_urandomm(a, *state, p);
mpz_powm(A, g, a, p);
}
// Verifier randomly generates a C and a T, sets up its commitment to them.
struct verifierCommitment_ECC *verifierSetupCommitment_ECC(struct eccParams *params, struct eccPoint *g_0,
struct eccPoint *alpha, gmp_randstate_t state)
{
struct verifierCommitment_ECC *commitment_box = initVerifierCommitment_ECC();
struct eccPoint *temp1, *temp2;
mpz_urandomm(commitment_box -> t, state, params -> n);
mpz_urandomm(commitment_box -> c, state, params -> n);
temp1 = windowedScalarPoint(commitment_box -> c, g_0, params);
temp2 = windowedScalarPoint(commitment_box -> t, alpha, params);
commitment_box -> C_commit = groupOp(temp1, temp2, params);
return commitment_box;
}
static void
_hec_new (mpz_t v)
{
mpz_t r;
mpz_init (r);
mpz_urandomm (r, state, n);
mpz_powm (v, r, n, n2);
mpz_clear (r);
}
int solovay_strassen(mpz_t n, int k)
{
int i;
for (i = 0; i < primes_count && mpz_cmp_si(n, primes[i]*primes[i]) >= 0; i++)
if (mpz_divisible_ui_p(n, primes[i])) // Check if current prime divides n
return 0;
if (mpz_cmp_si(n, 2) < 0)
return 0;
if (mpz_cmp_si(n, 2) == 0)
return 1;
if (mpz_divisible_ui_p(n, 2))
return 0;
gmp_randstate_t RAND;
gmp_randinit_default(RAND);
mpz_t a, jac, mod, exp, n1;
mpz_init(a);
mpz_init(jac);
mpz_init(mod);
mpz_init(exp);
mpz_init(n1);
mpz_sub_ui(n1, n, 1);
while (k > 0) {
k--;
mpz_urandomm(a, RAND, n1);
mpz_add_ui(a, a, 1);
int j = jacobi(a, n);
if (j == -1) { // jac = n + jac(a,n)
mpz_sub_ui(jac, n, 1);
} else if (j == 1)
mpz_set_si(jac, j);
mpz_divexact_ui(exp, n1, 2); // exp = (n-1)/2
mpz_powm(mod, a, exp, n); // mod = a^((n-1)/2) % n
if (mpz_cmp_ui(jac, 0) == 0 || mpz_cmp(mod, jac) != 0) { // Is it a liar?
mpz_clear(a);
mpz_clear(jac);
mpz_clear(mod);
mpz_clear(exp);
mpz_clear(n1);
return 0;
}
}
mpz_clear(a);
mpz_clear(jac);
mpz_clear(mod);
mpz_clear(exp);
mpz_clear(n1);
return 1;
}
void prove_SingleDH_Tuple(int writeSocket, int readSocket,
mpz_t witness,
struct eccPoint *g_0, struct eccPoint *g_1,
struct eccPoint *u, struct eccPoint *v,
struct eccParams *params, gmp_randstate_t *state)
{
unsigned char *commBuffer;
struct eccPoint *a, *b;
int i, commBufferLen = 0, bufferOffset = 0, length;
mpz_t r, *e, unmodded, eW, finalReply;
mpz_init(r);
mpz_init(unmodded);
mpz_init(eW);
mpz_init(finalReply);
mpz_urandomm(r, *state, params -> n);
a = windowedScalarPoint(r, g_0, params);
b = windowedScalarPoint(r, g_1, params);
commBufferLen = sizeOfSerial_ECCPoint(a) + sizeOfSerial_ECCPoint(b);
commBuffer = (unsigned char *) calloc(commBufferLen, sizeof(unsigned char));
serialise_ECC_Point(a, commBuffer, &bufferOffset);
serialise_ECC_Point(b, commBuffer, &bufferOffset);
sendBoth(writeSocket, commBuffer, bufferOffset);
free(commBuffer);
bufferOffset = 0;
commBuffer = receiveBoth(readSocket, commBufferLen);
e = deserialiseMPZ(commBuffer, &bufferOffset);
free(commBuffer);
mpz_mul(eW, *e, witness);
mpz_add(unmodded, eW, r);
mpz_add(finalReply, unmodded, params -> n);
bufferOffset = 0;
commBufferLen = sizeof(int) + (sizeof(mp_limb_t) * mpz_size(finalReply));
commBuffer = (unsigned char *) calloc(commBufferLen, sizeof(unsigned char));
serialiseMPZ(finalReply, commBuffer, &bufferOffset);
sendBoth(writeSocket, commBuffer, bufferOffset);
free(commBuffer);
mpz_clear(r);
mpz_clear(unmodded);
mpz_clear(eW);
mpz_clear(finalReply);
mpz_clear(*e);
free(e);
}
int
mpz_millerrabin (mpz_srcptr n, int reps)
{
int r;
mpz_t nm1, nm3, x, y, q;
unsigned long int k;
gmp_randstate_t rstate;
int is_prime;
TMP_DECL;
TMP_MARK;
MPZ_TMP_INIT (nm1, SIZ (n) + 1);
mpz_sub_ui (nm1, n, 1L);
MPZ_TMP_INIT (x, SIZ (n) + 1);
MPZ_TMP_INIT (y, 2 * SIZ (n)); /* mpz_powm_ui needs excessive memory!!! */
/* Perform a Fermat test. */
mpz_set_ui (x, 210L);
mpz_powm (y, x, nm1, n);
if (mpz_cmp_ui (y, 1L) != 0)
{
TMP_FREE;
return 0;
}
MPZ_TMP_INIT (q, SIZ (n));
/* Find q and k, where q is odd and n = 1 + 2**k * q. */
k = mpz_scan1 (nm1, 0L);
mpz_tdiv_q_2exp (q, nm1, k);
/* n-3 */
MPZ_TMP_INIT (nm3, SIZ (n) + 1);
mpz_sub_ui (nm3, n, 3L);
ASSERT (mpz_cmp_ui (nm3, 1L) >= 0);
gmp_randinit_default (rstate);
is_prime = 1;
for (r = 0; r < reps && is_prime; r++)
{
/* 2 to n-2 inclusive, don't want 1, 0 or -1 */
mpz_urandomm (x, rstate, nm3);
mpz_add_ui (x, x, 2L);
is_prime = millerrabin (n, nm1, x, y, q, k);
}
gmp_randclear (rstate);
TMP_FREE;
return is_prime;
}
void random::randominteger(int & r,int a,int b)
{
mpz_t rr,bound;
mpz_init(rr);mpz_init(bound);
mpz_set_si(rr,r);mpz_set_si(bound,b-a+1);
mpz_urandomm(rr,rstate,bound);
r=mpz_get_si(rr);
r=r+a;
mpz_clear(rr);mpz_clear(bound);
return ;
}
// Prover sets up for the commitments. Picks a random exponent A, stores alpha = g ^ A.
struct alphaAndA_Struct *proverSetupCommitment_ECC(struct eccParams *params, struct eccPoint *g_0, gmp_randstate_t state)
{
struct alphaAndA_Struct *alphaAndA = (struct alphaAndA_Struct*) calloc(1, sizeof(struct alphaAndA_Struct));
mpz_init(alphaAndA -> a);
mpz_urandomm(alphaAndA -> a, state, params -> n);
alphaAndA -> alpha = windowedScalarPoint(alphaAndA -> a, g_0, params);
return alphaAndA;
}
int miller_rabin(mpz_t n, gmp_randstate_t rand_state,int nb_bases_test)
{
mpz_t a;
int i;
mpz_init(a);
for(i=0; i<nb_bases_test; i++)
{
do { mpz_urandomm(a, rand_state, n); } while (mpz_sgn(a) == 0);
if (miller_rabin_pass(a, n) == 0)
{ return 0;}
}
return 1;
}
void Round1(mpz_t Out0) {
mpz_t _r_1, _t_1;
mpz_init(_r_1);
mpz_init(_t_1);
mpz_urandomm(_r_1, rstate, _mpz_11);
mpz_set(g_r_1, _r_1);
mpz_powm(_t_1, _mpz_3, _r_1, _mpz_23);
mpz_set(Out0, _t_1);
mpz_clear(_r_1);
mpz_clear(_t_1);
}
void dhGenPubKeyFromAnother(dhpbk_t *pbk, dhpvk_t *pvk) {
if (!seed_initialized)
rnInit();
mpz_set(pvk->p, pbk->p);
mpz_set(pvk->g, pbk->g);
mpz_urandomm(pvk->a, seed, pvk->p);
mpz_powm(pvk->key, pbk->pow, pvk->a, pvk->p);
mpz_powm(pbk->pow, pbk->g, pvk->a, pbk->p);
}
int miller_rabin(mpz_t n, gmp_randstate_t rand_state) {
mpz_t a;
int repeat;
mpz_init(a);
for(repeat=0; repeat<20; repeat++) {
do {
mpz_urandomm(a, rand_state, n);
} while (mpz_sgn(a) == 0);
if (miller_rabin_pass(a, n) == COMPOSITE) {
return COMPOSITE;
}
}
return PROBABLE_PRIME;
}
struct commit_batch_params *generate_commit_params(int securityParam, gmp_randstate_t state)
{
struct commit_batch_params *toReturn = init_commit_batch_params();
mpz_t a;
mpz_init(a);
toReturn -> params = initBrainpool_256_Curve();
mpz_urandomm(a, state, toReturn -> params -> n);
// toReturn -> h = windowedScalarPoint(a, toReturn -> params -> g, toReturn -> params);
toReturn -> h = fixedPointMultiplication(gPreComputes, a, toReturn -> params);
return toReturn;
}
int factor_pollard_rho_method(const Ptr<RCP<const Integer>> &f,
const Integer &n, unsigned retries)
{
int ret_val = 0;
mpz_class rop, nm1, nm4, a, s;
gmp_randstate_t state;
gmp_randinit_default(state);
gmp_randseed_ui(state, retries);
nm1 = n.as_mpz() - 1;
nm4 = n.as_mpz() - 4;
for (unsigned i = 0; i < retries && ret_val == 0; i++) {
mpz_urandomm(a.get_mpz_t(), state, nm1.get_mpz_t());
mpz_urandomm(s.get_mpz_t(), state, nm4.get_mpz_t());
s = s + 1;
ret_val = _factor_pollard_rho_method(rop, n.as_mpz(), a, s);
}
if (ret_val != 0)
*f = integer(rop);
return ret_val;
}
int verify_SingleDH_Tuple(int writeSocket, int readSocket,
struct eccPoint *g_0, struct eccPoint *g_1,
struct eccPoint *u, struct eccPoint *v,
struct eccParams *params, gmp_randstate_t *state)
{
unsigned char *commBuffer;
int i, commBufferLen = 0, bufferOffset = 0, verified = 0;
struct eccPoint *a, *uCheck, *b, *vCheck, *x, *y;
mpz_t e, *z;
bufferOffset = 0;
commBuffer = receiveBoth(readSocket, commBufferLen);
a = deserialise_ECC_Point(commBuffer, &bufferOffset);
b = deserialise_ECC_Point(commBuffer, &bufferOffset);
free(commBuffer);
mpz_init(e);
mpz_urandomm(e, *state, params -> n);
bufferOffset = 0;
commBufferLen = sizeof(int) + (sizeof(mp_limb_t) * mpz_size(e));
commBuffer = (unsigned char *) calloc(commBufferLen, sizeof(unsigned char));
serialiseMPZ(e, commBuffer, &bufferOffset);
sendBoth(writeSocket, commBuffer, bufferOffset);
free(commBuffer);
bufferOffset = 0;
commBuffer = receiveBoth(readSocket, commBufferLen);
z = deserialiseMPZ(commBuffer, &bufferOffset);
free(commBuffer);
uCheck = windowedScalarPoint(*z, g_0, params);
vCheck = windowedScalarPoint(*z, g_1, params);
x = windowedScalarPoint(e, u, params);
y = windowedScalarPoint(e, v, params);
groupOp_PlusEqual(a, x, params);
groupOp_PlusEqual(b, y, params);
verified = eccPointsEqual(a, uCheck) | eccPointsEqual(b, vCheck);
return verified;
}