int main()
{
FILE *fp;
int ep,m,a,b,c;
miracl *mip;
epoint *g,*public;
char ifname[50],ofname[50];
big a2,a6,q,x,y,v,u1,u2,r,s,hash;
/* get public data */
fp=fopen("common2.ecs","r");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(3+abs(m)/MIRACL,0);
a2=mirvar(0);
a6=mirvar(0);
q=mirvar(0);
x=mirvar(0);
y=mirvar(0);
v=mirvar(0);
u1=mirvar(0);
u2=mirvar(0);
s=mirvar(0);
r=mirvar(0);
hash=mirvar(0);
mip->IOBASE=16;
cinnum(a2,fp);
cinnum(a6,fp);
cinnum(q,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint2_init();
epoint2_set(x,y,0,g); /* initialise point of order q */
/* get public key of signer */
fp=fopen("public.ecs","r");
if (fp==NULL)
{
printf("file public.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d",&ep);
cinnum(x,fp);
fclose(fp);
public=epoint2_init();
/* function initF2mCurve : This function initializes an elliptic curve over F2m according to the accepted values
* param m :
* param k1 : The integer k1 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z)
* param k2 : The integer k2 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z)
* param k3 : The integer k3 where x^m+x^k1+x^k2+x^k3+1 represents the reduction polynomial f(z)
* param aVal : a value of the equation
* param bVal : b value of the equation
* return : the created miracl pointer.
*/
JNIEXPORT void JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECF2m_initF2mCurve
(JNIEnv *env, jobject obj, jlong m, jint mod, jint k1, jint k2, jint k3, jbyteArray aVal, jbyteArray bVal){
big a, b;
/* convert the accepted parameters to MIRACL parameters*/
miracl* mip = (miracl*)m;
a = byteArrayToMiraclBig(env, mip, aVal);
b = byteArrayToMiraclBig(env, mip, bVal);
/* initialize the curve */
ecurve2_init(mip, mod, k1, k2, k3, a, b, 0, MR_PROJECTIVE);
mirkill(a);
mirkill(b);
}
int main()
{
int ia,ib,promptr;
epoint *PA,*PB;
big A,B,a,b,q,pa,pb,key,x,y;
ebrick2 binst;
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*HEXDIGS,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(10)]; /* we need 10 bigs... */
char mem_ecp[MR_ECP_RESERVE(2)]; /* ..and two elliptic curve points */
memset(mem_big, 0, MR_BIG_RESERVE(10)); /* clear the memory */
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
pa=mirvar_mem(mip, mem_big, 2);
pb=mirvar_mem(mip, mem_big, 3);
key=mirvar_mem(mip, mem_big, 4);
x=mirvar_mem(mip, mem_big, 5);
y=mirvar_mem(mip, mem_big, 6);
q=mirvar_mem(mip,mem_big,7);
a=mirvar_mem(mip, mem_big, 8);
b=mirvar_mem(mip, mem_big, 9);
PA=epoint_init_mem(mip, mem_ecp, 0); /* initialise Elliptic Curve points */
PB=epoint_init_mem(mip, mem_ecp, 1);
irand(mip, 3L); /* change parameter for different random numbers */
promptr=0;
init_big_from_rom(B,WORDS,rom,WORDS*4,&promptr); /* Read in curve parameter B from ROM */
/* don't need q or G(x,y) (we have precomputed table from it) */
init_big_from_rom(q,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(x,WORDS,rom,WORDS*4,&promptr);
init_big_from_rom(y,WORDS,rom,WORDS*4,&promptr);
convert(mip,1,A); /* set A=1 */
/* Create precomputation instance from precomputed table in ROM */
ebrick2_init(&binst,prom,A,B,CURVE_M,CURVE_A,CURVE_B,CURVE_C,WINDOW,CURVE_M);
/* offline calculations */
bigbits(mip,CURVE_M,a); /* A's random number */
ia=mul2_brick(mip,&binst,a,pa,pa); /* a*G =(pa,ya), ia is sign of ya */
bigbits(mip,CURVE_M,b); /* B's random number */
ib=mul2_brick(mip,&binst,b,pb,pb); /* b*G =(pb,yb), ib is sign of yb */
/* online calculations */
ecurve2_init(mip,CURVE_M,CURVE_A,CURVE_B,CURVE_C,A,B,FALSE,MR_PROJECTIVE);
epoint2_set(mip,pb,pb,ib,PB); /* decompress PB */
ecurve2_mult(mip,a,PB,PB);
epoint2_get(mip,PB,key,key);
/* since internal base is HEX, can use otnum instead of cotnum - avoiding a base change */
printf("Alice's Key= ");
otnum(mip,key,stdout);
epoint2_set(mip,pa,pa,ia,PB); /* decompress PA */
ecurve2_mult(mip,b,PB,PB);
epoint2_get(mip,PB,key,key);
printf("Bob's Key= ");
otnum(mip,key,stdout);
/* clear the memory */
memset(mem_big, 0, MR_BIG_RESERVE(10));
memset(mem_ecp, 0, MR_ECP_RESERVE(2));
return 0;
}
BOOL BaseOT::Miracl_Init(int secparam, BYTE* seed) {
//secparam = 163;
m_SecParam = secparam;
miracl *mip = mirsys(secparam, 2);
//miracl *mip=mirsys(MR_ROUNDUP(abs(163),4),16);
char *ecp = NULL, *ecb = NULL, *ecx = ecx160, *ecy = ecy160;
m_BB = new Big();
m_BA = new Big();
m_BP = new Big();
switch (secparam)
{
case 160:
ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break;
case 163:
ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break;
case 192:
ecp = ecp192; ecb = ecb192; ecx = ecx192; ecy = ecy192; break;
case 224:
ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224; break;
case 233:
ecx = ecx233; ecy = ecy233; m_nM = 233; m_nA = 74; m_nB = 0; m_nC = 0; *m_BA = 0; break;
case 256:
ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256; break;
case 283:
ecx = ecx283; ecy = ecy283; m_nM = 283; m_nA = 12; m_nB = 7; m_nC = 5; *m_BA = 0; break;
default:
ecp = ecp192; ecb = ecb192; ecx = ecx192; ecy = ecy192; m_SecParam = 192; break;
}
//seed the miracl rnd generator
irand((long)(*seed));
//Change the base to read in the parameters
mip->IOBASE = 16;
*m_BB = 1;
if(m_SecParam == 160 || m_SecParam == 192 || m_SecParam == 224 || m_SecParam == 256)
{
mip->IOBASE = 16;
*m_BA = -3;
*m_BB = ecb;
*m_BP = ecp;
ecurve(*m_BA, *m_BB, *m_BP, MR_BEST);
m_bUsePrimeField = true;
}
else
{
ecurve2_init(m_nM, m_nA, m_nB, m_nC, m_BA->getbig(), m_BB->getbig(), false, MR_BEST);
m_bUsePrimeField = false;
}
m_X = new Big();
m_Y = new Big();
*m_X = ecx;
*m_Y = ecy;
//change the base back
mip->IOBASE = 10;
return true;
}
int main()
{
FILE *fp;
int m,a,b,c;
big e,a2,a6,x,y,r;
epoint *g;
ebrick2 binst;
int i,d,ndig,nb,best,time,store,base;
miracl *mip=mirsys(50,0);
e=mirvar(0);
a2=mirvar(0);
a6=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
fp=fopen("common2.ecs","r");
fscanf(fp,"%d\n",&m);
mip->IOBASE=16;
cinnum(a2,fp);
cinnum(a6,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
printf("modulus is %d bits in length\n",m);
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
ebrick2_init(&binst,x,y,a2,a6,m,a,b,c,nb);
printf("%d big numbers have been precomputed and stored\n",binst.store);
bigdig(nb,2,e); /* random exponent */
printf("naive method\n");
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE);
g=epoint2_init();
epoint2_set(x,y,0,g);
ecurve2_mult(e,g,g);
epoint2_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
zero(x); zero(y);
printf("Brickel et al method\n");
mul2_brick(&binst,e,x,y);
ebrick2_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{
big a2,a6,bx,r;
big res[4];
epoint *P,*Q;
int i,romptr;
miracl instance; /* sizeof(miracl)= 2000 bytes from the stack */
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=(char *)memalloc(_MIPP_ 8);
char *mem1=(char *)ecp_memalloc(_MIPP_ 2);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16); /* size of bigs is fixed */
#else
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(8)]; /* reserve space on the stack for 8 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* reserve space on stack for 2 curve points */
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(2)); /* ~668 bytes in all */
#endif
/* Initialise bigs */
a2=mirvar_mem(_MIPP_ mem,0);
a6=mirvar_mem(_MIPP_ mem,1);
bx=mirvar_mem(_MIPP_ mem,2);
for (i=0;i<4;i++)
res[i]=mirvar_mem(_MIPP_ mem,3+i);
r=mirvar_mem(_MIPP_ mem,7);
/* printf("ROM size= %d\n",sizeof(rom)+sizeof(prom)); */
#ifndef MR_NO_STANDARD_IO
#ifdef MR_STATIC
printf("n Bigs require n*%d+%d bytes\n",MR_SIZE,MR_SL);
printf("n Points require n*%d+%d bytes\n",MR_ESIZE,MR_SL);
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
#endif
/* Initialise Elliptic curve points */
P=epoint_init_mem(_MIPP_ mem1,0);
Q=epoint_init_mem(_MIPP_ mem1,1);
/* Initialise supersingular curve */
convert(_MIPP_ 1,a2);
convert(_MIPP_ B,a6);
/* The -M tells MIRACL that this is a supersingular curve */
if (!ecurve2_init(_MIPP_ -M,T,U,V,a2,a6,FALSE,MR_PROJECTIVE))
{
#ifndef MR_NO_STANDARD_IO
printf("Problem with the curve\n");
#endif
return 0;
}
/* Get P and Q from ROM */
/* These should have been multiplied by the cofactor 487805 = 5*97561 */
/* 487805 is a cofactor of the group order 2^271+2^136+1 */
romptr=0;
init_point_from_rom(P,WORDS,rom,ROMSZ,&romptr);
init_point_from_rom(Q,WORDS,rom,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf( "P= \n");
otnum(_MIPP_ P->X,stdout);
otnum(_MIPP_ P->Y,stdout);
printf( "Q= \n");
otnum(_MIPP_ Q->X,stdout);
otnum(_MIPP_ Q->Y,stdout);
#endif
bigbits(_MIPP_ 160,r);
/* Simple bilinearity test */
tate(_MIPP_ P,Q,res);
/* this could break the 4k stack, 2060+668+2996 >4K */
/* so we cannot afford much precomputation in power4 */
power4(_MIPP_ res,r,res); /* res=res^{sr} */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,Q)^r= \n");
for (i=0;i<4;i++)
{
otnum(_MIPP_ res[i],stdout);
zero(res[i]);
}
#endif
ecurve2_mult(_MIPP_ r,Q,Q); /* Q=rQ */
epoint2_norm(_MIPP_ Q);
tate(_MIPP_ P,Q,res); /* Now invert is taken out of Tate, and the stack should be OK */
#ifndef MR_NO_STANDARD_IO
printf( "\ne(P,rQ)= \n");
for (i=0;i<4;i++)
otnum(_MIPP_ res[i],stdout);
#endif
/* all done */
#ifndef MR_STATIC
memkill(_MIPP_ mem,8);
ecp_memkill(_MIPP_ mem1,2);
#else
memset(mem,0,MR_BIG_RESERVE(8)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(2));
#endif
mirexit(_MIPPO_ ); /* clears workspace memory */
return 0;
}
int main()
{
int j,k;
big a,b,x,y,p,A2;
time_t seed;
epoint *g;
double tr1,tr2,ts,tv1,tv2,tp,td;
#ifndef MR_NOFULLWIDTH
miracl *mip=mirsys(300,0);
#else
miracl *mip=mirsys(300,MAXBASE);
#endif
p=mirvar(0);
a=mirvar(-3);
b=mirvar(0);
x=mirvar(1);
y=mirvar(0);
A2=mirvar(0);
mip->IOBASE=60;
time(&seed);
irand((long)seed);
printf("MIRACL - %d bit version\n",MIRACL);
#ifdef MR_LITTLE_ENDIAN
printf("Little Endian processor\n");
#endif
#ifdef MR_BIG_ENDIAN
printf("Big Endian processor\n");
#endif
#ifdef MR_NOASM
printf("C-Only Version of MIRACL\n");
#else
printf("Using some assembly language\n");
#endif
#ifdef MR_STRIPPED_DOWN
printf("Stripped down version of MIRACL - no error messages\n");
#endif
#ifdef MR_KCM
k=MR_KCM*MIRACL;
printf("Using KCM method \n");
printf("Optimized for %d, %d, %d, %d...etc. bit moduli\n",k,k*2,k*4,k*8);
#endif
#ifdef MR_COMBA
k=MR_COMBA*MIRACL;
printf("Using COMBA method \n");
printf("Optimized for %d bit moduli\n",k);
#endif
#ifdef MR_PENTIUM
printf("Floating-point co-processor arithmetic used for Pentium\n");
#endif
#ifndef MR_KCM
#ifndef MR_COMBA
#ifndef MR_PENTIUM
printf("No special optimizations\n");
#endif
#endif
#endif
printf("Precomputation uses fixed Window size = %d\n",WINDOW);
printf("So %d values are precomputed and stored\n",(1<<WINDOW));
#ifdef MR_NOFULLWIDTH
printf("No Fullwidth base possible\n");
#else
printf("NOTE: No optimizations/assembly language apply to GF(2^m) Elliptic Curves\n");
#endif
printf("NOTE: times are elapsed real-times - so make sure nothing else is running!\n\n");
printf("Modular exponentiation benchmarks - calculating g^e mod p\n");
printf("From these figures it should be possible to roughly estimate the time\n");
printf("required for your favourite PK algorithm, RSA, DSA, DH, etc.\n");
printf("Key R - random base bits/random exponent bits \n");
printf(" V - random base bits/(small exponent e) \n");
printf(" S - (small base g) /random exponent bits \n");
printf(" P - exponentiation with precomputation (fixed base g)\n");
printf(" D - double exponentiation g^e.a^b mod p\n");
printf("F3 = 257, F4 = 65537\n");
printf("RSA - Rivest-Shamir-Adleman\n");
printf("DH - Diffie Hellman Key exchange\n");
printf("DSA - Digital Signature Algorithm\n");
printf("\n512 bit prime....\n");
cinstr(p,p512);
k=512;
j=160;
tr1=powers(k,j,p);
td=powers_double(k,j,p);
tr2=powers(k,k,p);
ts=powers_small_base(3,j,p);
tp=powers_precomp(k,j,p);
printf("\n");
printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2);
printf("%4d bit DH %d bit exponent:-\n",k,j);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, small base %8.2lf ms \n",ts);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit DSA %d bit exponent:-\n",k,j);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n1024 bit prime....\n");
cinstr(p,p1024);
k=1024; j=160;
tr1=powers(k,j,p);
td=powers_double(k,j,p);
tr2=powers(k,k,p);
tv1=powers_small_exp(k,3,p);
tv2=powers_small_exp(k,65537L,p);
ts=powers_small_base(3,j,p);
tp=powers_precomp(k,j,p);
printf("\n");
printf("%4d bit RSA decryption %8.2lf ms \n",2*k,2*tr2);
printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1);
printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2);
printf("%4d bit DH %d bit exponent:-\n",k,j);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, small base %8.2lf ms \n",ts);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit DSA %d bit exponent:-\n",k,j);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n2048 bit prime....\n");
cinstr(p,p2048);
k=2048; j=256;
tr1=powers(k,j,p);
td=powers_double(k,j,p);
powers(k,k,p);
tv1=powers_small_exp(k,3,p);
tv2=powers_small_exp(k,65537L,p);
ts=powers_small_base(3,j,p);
tp=powers_precomp(k,j,p);
printf("\n");
printf("%4d bit RSA encryption e=3 %8.2lf ms \n",k,tv1);
printf("%4d bit RSA encryption e=65537 %8.2lf ms \n",k,tv2);
printf("%4d bit DH %d bit exponent:-\n",k,j);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, small base %8.2lf ms \n",ts);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit DSA %d bit exponent:-\n",k,j);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n");
printf("Elliptic Curve point multiplication benchmarks - calculating r.P\n");
printf("From these figures it should be possible to roughly estimate the time\n");
printf("required for your favourite EC PK algorithm, ECDSA, ECDH, etc.\n");
printf("Key - ER - Elliptic Curve point multiplication r.P\n");
printf(" ED - Elliptic Curve double multiplication r.P + s.Q\n");
printf(" EP - Elliptic Curve multiplication with precomputation\n");
printf("EC - Elliptic curve GF(p) - p of no special form \n");
printf("ECDH - Diffie Hellman Key exchange\n");
printf("ECDSA - Digital Signature Algorithm\n");
mip->IOBASE=10;
printf("\n160 bit GF(p) Elliptic Curve....\n");
k=160;
cinstr(p,p160);
cinstr(b,b160);
cinstr(y,y160);
ecurve_init(a,b,p,MR_PROJECTIVE);
g=epoint_init();
if (!epoint_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults(k,g);
td=mult_double(k,g);
tp=mult_precomp(k,x,y,a,b,p);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n192 bit GF(p) Elliptic Curve....\n");
k=192;
cinstr(p,p192);
cinstr(b,b192);
cinstr(y,y192);
ecurve_init(a,b,p,MR_PROJECTIVE);
g=epoint_init();
if (!epoint_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults(k,g);
td=mult_double(k,g);
tp=mult_precomp(k,x,y,a,b,p);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n224 bit GF(p) Elliptic Curve....\n");
k=224;
cinstr(p,p224);
cinstr(b,b224);
cinstr(y,y224);
ecurve_init(a,b,p,MR_PROJECTIVE);
g=epoint_init();
if (!epoint_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults(k,g);
td=mult_double(k,g);
tp=mult_precomp(k,x,y,a,b,p);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n256 bit GF(p) Elliptic Curve....\n");
k=256;
cinstr(p,p256);
cinstr(b,b256);
cinstr(y,y256);
ecurve_init(a,b,p,MR_PROJECTIVE);
g=epoint_init();
if (!epoint_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults(k,g);
td=mult_double(k,g);
tp=mult_precomp(k,x,y,a,b,p);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
#ifndef MR_FP
printf("\n163 bit GF(2^m) Elliptic Curve....\n");
k=163;
mip->IOBASE=16;
cinstr(b,B163);
cinstr(x,x163);
cinstr(y,y163);
mip->IOBASE=10;
convert(A163,A2);
ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n163 bit GF(2^m) Koblitz Elliptic Curve....\n");
k=163;
mip->IOBASE=16;
cinstr(b,KB163);
cinstr(x,Kx163);
cinstr(y,Ky163);
mip->IOBASE=10;
convert(KA163,A2);
ecurve2_init(m163,a163,b163,c163,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m163,a163,b163,c163);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n233 bit GF(2^m) Elliptic Curve....\n");
k=233;
mip->IOBASE=16;
cinstr(b,B233);
cinstr(x,x233);
cinstr(y,y233);
mip->IOBASE=10;
convert(A233,A2);
ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n233 bit GF(2^m) Koblitz Elliptic Curve....\n");
k=233;
mip->IOBASE=16;
cinstr(b,KB233);
cinstr(x,Kx233);
cinstr(y,Ky233);
mip->IOBASE=10;
convert(KA233,A2);
ecurve2_init(m233,a233,b233,c233,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m233,a233,b233,c233);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n283 bit GF(2^m) Elliptic Curve....\n");
k=283;
mip->IOBASE=16;
cinstr(b,B283);
cinstr(x,x283);
cinstr(y,y283);
mip->IOBASE=10;
convert(A283,A2);
ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n283 bit GF(2^m) Koblitz Elliptic Curve....\n");
k=283;
mip->IOBASE=16;
cinstr(b,KB283);
cinstr(x,Kx283);
cinstr(y,Ky283);
mip->IOBASE=10;
convert(KA283,A2);
ecurve2_init(m283,a283,b283,c283,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m283,a283,b283,c283);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n571 bit GF(2^m) Elliptic Curve....\n");
k=571;
mip->IOBASE=16;
cinstr(b,B571);
cinstr(x,x571);
cinstr(y,y571);
mip->IOBASE=10;
convert(A571,A2);
ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
printf("\n571 bit GF(2^m) Koblitz Elliptic Curve....\n");
k=571;
mip->IOBASE=16;
cinstr(b,KB571);
cinstr(x,Kx571);
cinstr(y,Ky571);
mip->IOBASE=10;
convert(KA571,A2);
ecurve2_init(m571,a571,b571,c571,A2,b,FALSE,MR_PROJECTIVE);
g=epoint_init();
if (!epoint2_set(x,y,0,g))
{
printf("This is not a point on the curve!\n");
exit(0);
}
tr1=mults2(k,g);
td=mult2_double(k,g);
tp=mult2_precomp(k,x,y,A2,b,m571,a571,b571,c571);
printf("\n");
printf("%4d bit ECDH :-\n",k);
printf(" offline, no precomputation %8.2lf ms \n",tr1);
printf(" offline, w. precomputation %8.2lf ms \n",tp);
printf(" online %8.2lf ms \n",tr1);
printf("%4d bit ECDSA :-\n",k);
printf(" signature no precomputation %8.2lf ms \n",tr1);
printf(" signature w. precomputation %8.2lf ms \n",tp);
printf(" verification %8.2lf ms \n",td);
#endif
return 0;
}
BOOL ecurve2(int m,int a,int b,int c,const Big& a2,const Big& a6,BOOL check,int t)
{ return ecurve2_init(m,a,b,c,a2.fn,a6.fn,check,t);}
int main()
{
FILE *fp;
int ep,m,a,b,c;
epoint *g,*public;
char ifname[50],ofname[50];
big a2,a6,q,x,y,v,u1,u2,r,s,hash;
miracl instance;
miracl *mip=&instance;
char mem[MR_BIG_RESERVE(11)]; /* reserve space on the stack for 11 bigs */
char mem1[MR_ECP_RESERVE(2)]; /* and two elliptic curve points */
memset(mem,0,MR_BIG_RESERVE(11));
memset(mem1,0,MR_ECP_RESERVE(2));
/* get public data */
fp=fopen("common2.ecs","rt");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(mip,MR_ROUNDUP(abs(m),4),16);
a2=mirvar_mem(mip,mem,0);
a6=mirvar_mem(mip,mem,1);
q=mirvar_mem(mip,mem,2);
x=mirvar_mem(mip,mem,3);
y=mirvar_mem(mip,mem,4);
v=mirvar_mem(mip,mem,5);
u1=mirvar_mem(mip,mem,6);
u2=mirvar_mem(mip,mem,7);
s=mirvar_mem(mip,mem,8);
r=mirvar_mem(mip,mem,9);
hash=mirvar_mem(mip,mem,10);
innum(mip,a2,fp);
innum(mip,a6,fp);
innum(mip,q,fp);
innum(mip,x,fp);
innum(mip,y,fp);
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
ecurve2_init(mip,m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint_init_mem(mip,mem1,0);
epoint2_set(mip,x,y,0,g); /* initialise point of order q */
/* get public key of signer */
fp=fopen("public.ecs","rt");
if (fp==NULL)
{
printf("file public.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d",&ep);
innum(mip,x,fp);
fclose(fp);
public=epoint_init_mem(mip,mem1,1);
BOOL MiraclInit(SECLVL lvl, BYTE* seed, fparams* params) {
//secparam = 163;
/* switch(lvl.ecckcbits)
{
#ifdef OTEXT_USE_PRIMEFIELD
case ST: m_nSecParam = 160; break;
case MT: m_nSecParam = 224; break;
case LT: m_nSecParam = 256; break;
default: m_nSecParam = 160; break;
#else
case ST.ecckcbits: m_nSecParam = 163; break;
case MT.ecckcbits: m_nSecParam = 233; break;
case LT.ecckcbits: m_nSecParam = 283; break;
default: m_nSecParam = 163; break;
#endif
}*/
#ifdef OTEXT_USE_PRIMEFIELD
params->secparam = lvl.ecckcbits;
#else
params->secparam= lvl.ecckcbits;
#endif
miracl *mip = mirsys(params->secparam, 2);
//miracl *mip=mirsys(MR_ROUNDUP(abs(163),4),16);
char *ecp = NULL, *ecb = NULL, *ecx = ecx160, *ecy = ecy160;
params->eccparams.BB = new Big();
params->eccparams.BA = new Big();
params->eccparams.BP = new Big();
#ifdef OTEXT_USE_PRIMEFIELD
if(lvl.eccpfbits == ST.eccpfbits)
{
ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160;
} else if(lvl.eccpfbits == MT.eccpfbits)
{
ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224;
} else if(lvl.eccpfbits == LT.eccpfbits)
{
ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256;
} else //Short term security
{
ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160;
}
/*switch (lvl.eccpfbits)
{
case ST.eccpfbits:
ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break;
case MT.eccpfbits:
ecp = ecp224; ecb = ecb224; ecx = ecx224; ecy = ecy224; break;
case LT.eccpfbits:
ecp = ecp256; ecb = ecb256; ecx = ecx256; ecy = ecy256; break;
default: //Short term security
ecp = ecp160; ecb = ecb160; ecx = ecx160; ecy = ecy160; break;
}*/
#else
if(lvl.ecckcbits == ST.ecckcbits)
{
ecx = ecx163; ecy = ecy163; params->eccparams.m = 163; params->eccparams.a = 7;
params->eccparams.b = 6; params->eccparams.c = 3; *(params->eccparams.BA) = 1;
} else if(lvl.ecckcbits == MT.ecckcbits)
{
ecx = ecx233; ecy = ecy233; params->eccparams.m = 233; params->eccparams.a = 74;
params->eccparams.b = 0; params->eccparams.c = 0; *(params->eccparams.BA) = 0;
} else if(lvl.ecckcbits == LT.ecckcbits)
{
ecx = ecx283; ecy = ecy283; params->eccparams.m = 283; params->eccparams.a = 12;
params->eccparams.b = 7; params->eccparams.c = 5; *(params->eccparams.BA) = 0;
} else //Short term security
{
ecx = ecx163; ecy = ecy163; params->eccparams.m = 163; params->eccparams.a = 7;
params->eccparams.b = 6; params->eccparams.c = 3; *(params->eccparams.BA) = 1;
}
/*switch (lvl.ecckcbits)
{
case ST.ecckcbits:
ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break;
case MT.ecckcbits:
ecx = ecx233; ecy = ecy233; m_nM = 233; m_nA = 74; m_nB = 0; m_nC = 0; *m_BA = 0; break;
case LT.ecckcbits:
ecx = ecx283; ecy = ecy283; m_nM = 283; m_nA = 12; m_nB = 7; m_nC = 5; *m_BA = 0; break;
default:
ecx = ecx163; ecy = ecy163; m_nM = 163; m_nA = 7; m_nB = 6; m_nC = 3; *m_BA = 1; break;
}*/
#endif
//seed the miracl rnd generator
irand((long)(*seed));
//Change the base to read in the parameters
mip->IOBASE = 16;
*(params->eccparams.BB) = 1;
#ifdef OTEXT_USE_PRIMEFIELD
mip->IOBASE = 16;
*(m_ECCField.BA) = -3;
*(m_ECCField.BB) = ecb;
*(m_ECCField.BP) = ecp;
ecurve(*(m_ECCField.BA), *(m_ECCField.BB), *(m_ECCField.BP), MR_BEST);
#else
ecurve2_init(params->eccparams.m, params->eccparams.a, params->eccparams.b, params->eccparams.c,
params->eccparams.BA->getbig(), params->eccparams.BB->getbig(), false, MR_BEST);
#endif
params->eccparams.X = new Big();
params->eccparams.Y = new Big();
*(params->eccparams.X) = ecx;
*(params->eccparams.Y) = ecy;
//cout << "params->eccparams.X : " << (*params->eccparams.X) << endl;
//reset the base representation
//mip->IOBASE = 10;
//For ECC, a coordinate is transferred as well as a 1/-1
params->elebytelen = (params->secparam+7)/8 + 1;
return true;
}
int main()
{
FILE *fp;
int m,a,b,c,cf;
miracl *mip;
char ifname[13],ofname[13];
big a2,a6,q,x,y,d,r,s,k,hash;
epoint *g;
long seed;
/* get public data */
fp=fopen("common2.ecs","r");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(3+m/MIRACL,0);
a2=mirvar(0);
a6=mirvar(0);
q=mirvar(0);
x=mirvar(0);
y=mirvar(0);
d=mirvar(0);
r=mirvar(0);
s=mirvar(0);
k=mirvar(0);
hash=mirvar(0);
mip->IOBASE=16;
cinnum(a2,fp); /* curve parameters */
cinnum(a6,fp); /* curve parameters */
cinnum(q,fp); /* order of (x,y) */
cinnum(x,fp); /* (x,y) point on curve of order q */
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint2_init();
epoint2_set(x,y,0,g); /* set point of order q */
/* calculate r - this can be done offline,
and hence amortized to almost nothing */
bigrand(q,k);
ecurve2_mult(k,g,g); /* see ebrick2.c for method to speed this up */
epoint2_get(g,r,r);
divide(r,q,q);
/* get private key of signer */
fp=fopen("private.ecs","r");
if (fp==NULL)
{
printf("file private.ecs does not exist\n");
return 0;
}
cinnum(d,fp);
fclose(fp);
/* calculate message digest */
printf("file to be signed = ");
gets(ifname);
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".ecs");
if ((fp=fopen(ifname,"rb"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
hashing(fp,hash);
fclose(fp);
/* calculate s */
xgcd(k,q,k,k,k);
mad(d,r,hash,q,q,s);
mad(s,k,k,q,q,s);
fp=fopen(ofname,"w");
cotnum(r,fp);
cotnum(s,fp);
fclose(fp);
return 0;
}
