int main() { int ia,ib; time_t seed; epoint *g,*ea,*eb; big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv; big primes[2],pm[2]; big_chinese ch; miracl *mip; #ifndef MR_NOFULLWIDTH mip=mirsys(500,0); #else mip=mirsys(500,MAXBASE); #endif a=mirvar(0); b=mirvar(0); p=mirvar(0); q=mirvar(0); n=mirvar(0); p1=mirvar(0); q1=mirvar(0); phi=mirvar(0); pa=mirvar(0); pb=mirvar(0); key=mirvar(0); e=mirvar(0); d=mirvar(0); dp=mirvar(0); dq=mirvar(0); t=mirvar(0); m=mirvar(0); c=mirvar(0); pm[0]=mirvar(0); pm[1]=mirvar(0); x=mirvar(0); y=mirvar(0); k=mirvar(0); inv=mirvar(0); time(&seed); irand((unsigned long)seed); /* change parameter for different values */ printf("First Diffie-Hellman Key exchange .... \n"); cinstr(p,primetext); /* offline calculations could be done quicker using Comb method - See brick.c. Note use of "truncated exponent" of 160 bits - could be output of hash function SHA (see mrshs.c) */ printf("\nAlice's offline calculation\n"); bigbits(160,a); /* 3 generates the sub-group of prime order (p-1)/2 */ powltr(3,a,p,pa); printf("Bob's offline calculation\n"); bigbits(160,b); powltr(3,b,p,pb); printf("Alice calculates Key=\n"); powmod(pb,a,p,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); powmod(pa,b,p,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same!\n"); /* Now Elliptic Curve version of the above. Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above "Primitive root" is the point (x,y) above, which is of large prime order q. In this case actually q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 */ printf("\nLets try that again using elliptic curves .... \n"); convert(-3,a); mip->IOBASE=16; cinstr(b,ecb); cinstr(p,ecp); ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */ g=epoint_init(); cinstr(x,ecx); cinstr(y,ecy); mip->IOBASE=10; epoint_set(x,y,0,g); ea=epoint_init(); eb=epoint_init(); epoint_copy(g,ea); epoint_copy(g,eb); printf("Alice's offline calculation\n"); bigbits(160,a); ecurve_mult(a,ea,ea); ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */ printf("Bob's offline calculation\n"); bigbits(160,b); ecurve_mult(b,eb,eb); ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */ printf("Alice calculates Key=\n"); epoint_set(pb,pb,ib,eb); /* decompress eb */ ecurve_mult(a,eb,eb); epoint_get(eb,key,key); cotnum(key,stdout); printf("Bob calculates Key=\n"); epoint_set(pa,pa,ia,ea); /* decompress ea */ ecurve_mult(b,ea,ea); epoint_get(ea,key,key); cotnum(key,stdout); printf("Alice and Bob's keys should be the same! (but much smaller)\n"); epoint_free(g); epoint_free(ea); epoint_free(eb); /* El Gamal's Method */ printf("\nTesting El Gamal's public key method\n"); cinstr(p,primetext); bigbits(160,x); /* x<p */ powltr(3,x,p,y); /* y=3^x mod p*/ decr(p,1,p1); mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; do { bigbits(160,k); } while (egcd(k,p1,t)!=1); powltr(3,k,p,a); /* a=3^k mod p */ powmod(y,k,p,b); mad(b,m,m,p,p,b); /* b=m*y^k mod p */ printf("Ciphertext= \n"); cotnum(a,stdout); cotnum(b,stdout); zero(m); /* proof of pudding... */ subtract(p1,x,t); powmod(a,t,p,m); mad(m,b,b,p,p,m); /* m=b/a^x mod p */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); mip->IOBASE=10; /* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */ printf("\nNow generating 512-bit random primes p and q\n"); do { bigbits(512,p); if (subdivisible(p,2)) incr(p,1,p); while (!isprime(p)) incr(p,2,p); bigbits(512,q); if (subdivisible(q,2)) incr(q,1,q); while (!isprime(q)) incr(q,2,q); multiply(p,q,n); /* n=p.q */ lgconv(65537L,e); decr(p,1,p1); decr(q,1,q1); multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */ } while (xgcd(e,phi,d,d,t)!=1); cotnum(p,stdout); cotnum(q,stdout); printf("n = p.q = \n"); cotnum(n,stdout); /* set up for chinese remainder thereom */ /* primes[0]=p; primes[1]=q; crt_init(&ch,2,primes); */ /* use simple CRT as only two primes */ xgcd(p,q,inv,inv,inv); /* 1/p mod q */ copy(d,dp); copy(d,dq); divide(dp,p1,p1); /* dp=d mod p-1 */ divide(dq,q1,q1); /* dq=d mod q-1 */ mip->IOBASE=128; cinstr(m,text); mip->IOBASE=10; printf("Encrypting test string\n"); powmod(m,e,n,c); printf("Ciphertext= \n"); cotnum(c,stdout); zero(m); printf("Decrypting test string\n"); powmod(c,dp,p,pm[0]); /* get result mod p */ powmod(c,dq,q,pm[1]); /* get result mod q */ subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */ mad(inv,pm[1],inv,q,q,m); multiply(m,p,m); add(m,pm[0],m); /* crt(&ch,pm,m); combine them using CRT */ printf("Plaintext= \n"); mip->IOBASE=128; cotnum(m,stdout); /* crt_end(&ch); */ return 0; }
void mcl_ecpbs_test(char *data) { /* timing the experiment */ struct timespec bank_start, bank_end, verify_start, verify_end; long bank_nanos = 0; long verify_nanos = 0; int i = 0; int result = 0; /* simulate client and bank interaction */ mcl_ecpbs_bank_state bstate; mcl_ecpbs_state cstate; mcl_ecpbs_init_bank(&bstate); mcl_ecpbs_init(&cstate); int date1 = time(NULL) / 86400; int date2 = date1 + 7; int date3 = date1 + 28; int infolen = 3 * sizeof(date1) + 6; /* 3 ints, 2 commas, null byte */ char info[infolen]; snprintf(info, infolen, "%d,%d,%d", date1, date2, date3); /* do a bunch of signatures and verifies */ char *pos = data; for (i = 0; i < NUM_LOOPS_PER_RUN; ++i) { /* bank computes a,b */ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_start); mcl_ecpbs_sign_start_bank(&bstate, info); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_end); bank_nanos = get_timer_nanos(&bank_start, &bank_end); /* bank 'sends' a,b,info to client */ epoint_copy(bstate.a, cstate.a); epoint_copy(bstate.b, cstate.b); /* client computes e */ mcl_ecpbs_sign_start(&cstate, info, pos); /* client 'sends' e to bank */ copy(cstate.e, bstate.e); /* bank produces r,c,s,d for client */ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_start); mcl_ecpbs_sign_finish_bank(&bstate); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_end); bank_nanos += get_timer_nanos(&bank_start, &bank_end); /* bank 'sends' r,c,s,d to client */ copy(bstate.r, cstate.r); copy(bstate.c, cstate.c); copy(bstate.s, cstate.s); copy(bstate.d, cstate.d); /* client finishes signature */ if (!mcl_ecpbs_sign_finish(&cstate)) { printf("Signature consistency check failed\n"); } /* now verify */ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &verify_start); result = mcl_ecpbs_verify(&cstate.signature, info, pos, &cstate.parameters, &cstate.pk, &cstate.workspace); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &verify_end); verify_nanos = get_timer_nanos(&verify_start, &verify_end); if (result != 0) { printf("Signature incorrect\n"); mcl_ecpbs_print_bank(&bstate, stdout); mcl_ecpbs_print(&cstate, stdout); } pos += CELL_NETWORK_SIZE + 1; mcl_ecpbs_reset_bank(&bstate); mcl_ecpbs_reset(&cstate); printf("mcl_ecpbs Bank effort: 1 signature %ld nanoseconds (%d/%d)\n", bank_nanos, i+1, NUM_LOOPS_PER_RUN); printf("mcl_ecpbs Signature verification: 1 verify %ld nanoseconds (%d/%d)\n", verify_nanos, i+1, NUM_LOOPS_PER_RUN); } /* free state and miracl */ mcl_ecpbs_free_bank(&bstate); mcl_ecpbs_free(&cstate); mirexit(); }
void fast_tate_pairing(_MIPD_ epoint *P,zzn3 *Qx,zzn3 *Qy,big q,big cf,zzn6 *w,zzn6* res) { int i,j,n,nb,nbw,nzs; epoint *t[4],*A,*P2; zzn6 zn[4]; big work[4]; #ifndef MR_STATIC char *mem=memalloc(_MIPP_ 28); char *mem1=ecp_memalloc(_MIPP_ 6); #else char mem[MR_BIG_RESERVE(28)]; char mem1[MR_ECP_RESERVE(6)]; memset(mem,0,MR_BIG_RESERVE(28)); memset(mem1,0,MR_ECP_RESERVE(6)); #endif for (i=0;i<4;i++) t[i]=epoint_init_mem(_MIPP_ mem1,i); A=epoint_init_mem(_MIPP_ mem1,4); P2=epoint_init_mem(_MIPP_ mem1,5); for (j=i=0;i<4;i++) { work[i]=mirvar_mem(_MIPP_ mem,j++); zn[i].x.a=mirvar_mem(_MIPP_ mem,j++); zn[i].x.b=mirvar_mem(_MIPP_ mem,j++); zn[i].x.c=mirvar_mem(_MIPP_ mem,j++); zn[i].y.a=mirvar_mem(_MIPP_ mem,j++); zn[i].y.b=mirvar_mem(_MIPP_ mem,j++); zn[i].y.c=mirvar_mem(_MIPP_ mem,j++); zn[i].unitary=FALSE; } zzn6_from_int(_MIPP_ 1,&zn[0]); epoint_copy(P,A); epoint_copy(P,P2); epoint_copy(P,t[0]); g(_MIPP_ P2,P2,Qx,Qy,res); epoint_norm(_MIPP_ P2); for (i=1;i<4;i++) { g(_MIPP_ A,P2,Qx,Qy,w); epoint_copy(A,t[i]); zzn6_mul(_MIPP_ &zn[i-1],w,&zn[i]); zzn6_mul(_MIPP_ &zn[i],res,&zn[i]); } epoint_multi_norm(_MIPP_ 4,work,t); epoint_copy(P,A); zzn6_from_int(_MIPP_ 1,res); nb=logb2(_MIPP_ q); for (i=nb-2;i>=0;i-=(nbw+nzs)) { n=mr_window(_MIPP_ q,i,&nbw,&nzs,3); for (j=0;j<nbw;j++) { zzn6_mul(_MIPP_ res,res,res); g(_MIPP_ A,A,Qx,Qy,w); zzn6_mul(_MIPP_ res,w,res); } if (n>0) { zzn6_mul(_MIPP_ res,&zn[n/2],res); g(_MIPP_ A,t[n/2],Qx,Qy,w); zzn6_mul(_MIPP_ res,w,res); } for (j=0;j<nzs;j++) { zzn6_mul(_MIPP_ res,res,res); g(_MIPP_ A,A,Qx,Qy,w); zzn6_mul(_MIPP_ res,w,res); } } zzn6_copy(res,w); zzn6_powq(_MIPP_ w); zzn6_mul(_MIPP_ res,w,res); zzn6_copy(res,w); zzn6_powq(_MIPP_ w); zzn6_powq(_MIPP_ w); zzn6_powq(_MIPP_ w); zzn6_inv(_MIPP_ res); zzn6_mul(_MIPP_ res,w,res); res->unitary=TRUE; #ifndef MR_STATIC memkill(_MIPP_ mem,28); ecp_memkill(_MIPP_ mem1,6); #else memset(mem,0,MR_BIG_RESERVE(28)); memset(mem1,0,MR_ECP_RESERVE(6)); #endif }