int main()
{
int ia,ib;
time_t seed;
epoint *g,*ea,*eb;
big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv;
big primes[2],pm[2];
big_chinese ch;
miracl *mip;
#ifndef MR_NOFULLWIDTH
mip=mirsys(500,0);
#else
mip=mirsys(500,MAXBASE);
#endif
a=mirvar(0);
b=mirvar(0);
p=mirvar(0);
q=mirvar(0);
n=mirvar(0);
p1=mirvar(0);
q1=mirvar(0);
phi=mirvar(0);
pa=mirvar(0);
pb=mirvar(0);
key=mirvar(0);
e=mirvar(0);
d=mirvar(0);
dp=mirvar(0);
dq=mirvar(0);
t=mirvar(0);
m=mirvar(0);
c=mirvar(0);
pm[0]=mirvar(0);
pm[1]=mirvar(0);
x=mirvar(0);
y=mirvar(0);
k=mirvar(0);
inv=mirvar(0);
time(&seed);
irand((unsigned long)seed); /* change parameter for different values */
printf("First Diffie-Hellman Key exchange .... \n");
cinstr(p,primetext);
/* offline calculations could be done quicker using Comb method
- See brick.c. Note use of "truncated exponent" of 160 bits -
could be output of hash function SHA (see mrshs.c) */
printf("\nAlice's offline calculation\n");
bigbits(160,a);
/* 3 generates the sub-group of prime order (p-1)/2 */
powltr(3,a,p,pa);
printf("Bob's offline calculation\n");
bigbits(160,b);
powltr(3,b,p,pb);
printf("Alice calculates Key=\n");
powmod(pb,a,p,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
powmod(pa,b,p,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same!\n");
/*
Now Elliptic Curve version of the above.
Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above
"Primitive root" is the point (x,y) above, which is of large prime order q.
In this case actually
q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
*/
printf("\nLets try that again using elliptic curves .... \n");
convert(-3,a);
mip->IOBASE=16;
cinstr(b,ecb);
cinstr(p,ecp);
ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */
g=epoint_init();
cinstr(x,ecx);
cinstr(y,ecy);
mip->IOBASE=10;
epoint_set(x,y,0,g);
ea=epoint_init();
eb=epoint_init();
epoint_copy(g,ea);
epoint_copy(g,eb);
printf("Alice's offline calculation\n");
bigbits(160,a);
ecurve_mult(a,ea,ea);
ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */
printf("Bob's offline calculation\n");
bigbits(160,b);
ecurve_mult(b,eb,eb);
ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */
printf("Alice calculates Key=\n");
epoint_set(pb,pb,ib,eb); /* decompress eb */
ecurve_mult(a,eb,eb);
epoint_get(eb,key,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
epoint_set(pa,pa,ia,ea); /* decompress ea */
ecurve_mult(b,ea,ea);
epoint_get(ea,key,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same! (but much smaller)\n");
epoint_free(g);
epoint_free(ea);
epoint_free(eb);
/* El Gamal's Method */
printf("\nTesting El Gamal's public key method\n");
cinstr(p,primetext);
bigbits(160,x); /* x<p */
powltr(3,x,p,y); /* y=3^x mod p*/
decr(p,1,p1);
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
do
{
bigbits(160,k);
} while (egcd(k,p1,t)!=1);
powltr(3,k,p,a); /* a=3^k mod p */
powmod(y,k,p,b);
mad(b,m,m,p,p,b); /* b=m*y^k mod p */
printf("Ciphertext= \n");
cotnum(a,stdout);
cotnum(b,stdout);
zero(m); /* proof of pudding... */
subtract(p1,x,t);
powmod(a,t,p,m);
mad(m,b,b,p,p,m); /* m=b/a^x mod p */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
mip->IOBASE=10;
/* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */
printf("\nNow generating 512-bit random primes p and q\n");
do
{
bigbits(512,p);
if (subdivisible(p,2)) incr(p,1,p);
while (!isprime(p)) incr(p,2,p);
bigbits(512,q);
if (subdivisible(q,2)) incr(q,1,q);
while (!isprime(q)) incr(q,2,q);
multiply(p,q,n); /* n=p.q */
lgconv(65537L,e);
decr(p,1,p1);
decr(q,1,q1);
multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */
} while (xgcd(e,phi,d,d,t)!=1);
cotnum(p,stdout);
cotnum(q,stdout);
printf("n = p.q = \n");
cotnum(n,stdout);
/* set up for chinese remainder thereom */
/* primes[0]=p;
primes[1]=q;
crt_init(&ch,2,primes);
*/
/* use simple CRT as only two primes */
xgcd(p,q,inv,inv,inv); /* 1/p mod q */
copy(d,dp);
copy(d,dq);
divide(dp,p1,p1); /* dp=d mod p-1 */
divide(dq,q1,q1); /* dq=d mod q-1 */
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
printf("Encrypting test string\n");
powmod(m,e,n,c);
printf("Ciphertext= \n");
cotnum(c,stdout);
zero(m);
printf("Decrypting test string\n");
powmod(c,dp,p,pm[0]); /* get result mod p */
powmod(c,dq,q,pm[1]); /* get result mod q */
subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */
mad(inv,pm[1],inv,q,q,m);
multiply(m,p,m);
add(m,pm[0],m);
/* crt(&ch,pm,m); combine them using CRT */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
/* crt_end(&ch); */
return 0;
}
void mcl_ecpbs_test(char *data) {
/* timing the experiment */
struct timespec bank_start, bank_end, verify_start, verify_end;
long bank_nanos = 0;
long verify_nanos = 0;
int i = 0;
int result = 0;
/* simulate client and bank interaction */
mcl_ecpbs_bank_state bstate;
mcl_ecpbs_state cstate;
mcl_ecpbs_init_bank(&bstate);
mcl_ecpbs_init(&cstate);
int date1 = time(NULL) / 86400;
int date2 = date1 + 7;
int date3 = date1 + 28;
int infolen = 3 * sizeof(date1) + 6; /* 3 ints, 2 commas, null byte */
char info[infolen];
snprintf(info, infolen, "%d,%d,%d", date1, date2, date3);
/* do a bunch of signatures and verifies */
char *pos = data;
for (i = 0; i < NUM_LOOPS_PER_RUN; ++i) {
/* bank computes a,b */
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_start);
mcl_ecpbs_sign_start_bank(&bstate, info);
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_end);
bank_nanos = get_timer_nanos(&bank_start, &bank_end);
/* bank 'sends' a,b,info to client */
epoint_copy(bstate.a, cstate.a);
epoint_copy(bstate.b, cstate.b);
/* client computes e */
mcl_ecpbs_sign_start(&cstate, info, pos);
/* client 'sends' e to bank */
copy(cstate.e, bstate.e);
/* bank produces r,c,s,d for client */
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_start);
mcl_ecpbs_sign_finish_bank(&bstate);
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &bank_end);
bank_nanos += get_timer_nanos(&bank_start, &bank_end);
/* bank 'sends' r,c,s,d to client */
copy(bstate.r, cstate.r);
copy(bstate.c, cstate.c);
copy(bstate.s, cstate.s);
copy(bstate.d, cstate.d);
/* client finishes signature */
if (!mcl_ecpbs_sign_finish(&cstate)) {
printf("Signature consistency check failed\n");
}
/* now verify */
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &verify_start);
result = mcl_ecpbs_verify(&cstate.signature, info, pos,
&cstate.parameters, &cstate.pk, &cstate.workspace);
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &verify_end);
verify_nanos = get_timer_nanos(&verify_start, &verify_end);
if (result != 0) {
printf("Signature incorrect\n");
mcl_ecpbs_print_bank(&bstate, stdout);
mcl_ecpbs_print(&cstate, stdout);
}
pos += CELL_NETWORK_SIZE + 1;
mcl_ecpbs_reset_bank(&bstate);
mcl_ecpbs_reset(&cstate);
printf("mcl_ecpbs Bank effort: 1 signature %ld nanoseconds (%d/%d)\n", bank_nanos, i+1, NUM_LOOPS_PER_RUN);
printf("mcl_ecpbs Signature verification: 1 verify %ld nanoseconds (%d/%d)\n", verify_nanos, i+1, NUM_LOOPS_PER_RUN);
}
/* free state and miracl */
mcl_ecpbs_free_bank(&bstate);
mcl_ecpbs_free(&cstate);
mirexit();
}
void fast_tate_pairing(_MIPD_ epoint *P,zzn3 *Qx,zzn3 *Qy,big q,big cf,zzn6 *w,zzn6* res)
{
int i,j,n,nb,nbw,nzs;
epoint *t[4],*A,*P2;
zzn6 zn[4];
big work[4];
#ifndef MR_STATIC
char *mem=memalloc(_MIPP_ 28);
char *mem1=ecp_memalloc(_MIPP_ 6);
#else
char mem[MR_BIG_RESERVE(28)];
char mem1[MR_ECP_RESERVE(6)];
memset(mem,0,MR_BIG_RESERVE(28));
memset(mem1,0,MR_ECP_RESERVE(6));
#endif
for (i=0;i<4;i++)
t[i]=epoint_init_mem(_MIPP_ mem1,i);
A=epoint_init_mem(_MIPP_ mem1,4);
P2=epoint_init_mem(_MIPP_ mem1,5);
for (j=i=0;i<4;i++)
{
work[i]=mirvar_mem(_MIPP_ mem,j++);
zn[i].x.a=mirvar_mem(_MIPP_ mem,j++);
zn[i].x.b=mirvar_mem(_MIPP_ mem,j++);
zn[i].x.c=mirvar_mem(_MIPP_ mem,j++);
zn[i].y.a=mirvar_mem(_MIPP_ mem,j++);
zn[i].y.b=mirvar_mem(_MIPP_ mem,j++);
zn[i].y.c=mirvar_mem(_MIPP_ mem,j++);
zn[i].unitary=FALSE;
}
zzn6_from_int(_MIPP_ 1,&zn[0]);
epoint_copy(P,A);
epoint_copy(P,P2);
epoint_copy(P,t[0]);
g(_MIPP_ P2,P2,Qx,Qy,res);
epoint_norm(_MIPP_ P2);
for (i=1;i<4;i++)
{
g(_MIPP_ A,P2,Qx,Qy,w);
epoint_copy(A,t[i]);
zzn6_mul(_MIPP_ &zn[i-1],w,&zn[i]);
zzn6_mul(_MIPP_ &zn[i],res,&zn[i]);
}
epoint_multi_norm(_MIPP_ 4,work,t);
epoint_copy(P,A);
zzn6_from_int(_MIPP_ 1,res);
nb=logb2(_MIPP_ q);
for (i=nb-2;i>=0;i-=(nbw+nzs))
{
n=mr_window(_MIPP_ q,i,&nbw,&nzs,3);
for (j=0;j<nbw;j++)
{
zzn6_mul(_MIPP_ res,res,res);
g(_MIPP_ A,A,Qx,Qy,w);
zzn6_mul(_MIPP_ res,w,res);
}
if (n>0)
{
zzn6_mul(_MIPP_ res,&zn[n/2],res);
g(_MIPP_ A,t[n/2],Qx,Qy,w);
zzn6_mul(_MIPP_ res,w,res);
}
for (j=0;j<nzs;j++)
{
zzn6_mul(_MIPP_ res,res,res);
g(_MIPP_ A,A,Qx,Qy,w);
zzn6_mul(_MIPP_ res,w,res);
}
}
zzn6_copy(res,w);
zzn6_powq(_MIPP_ w);
zzn6_mul(_MIPP_ res,w,res);
zzn6_copy(res,w);
zzn6_powq(_MIPP_ w);
zzn6_powq(_MIPP_ w);
zzn6_powq(_MIPP_ w);
zzn6_inv(_MIPP_ res);
zzn6_mul(_MIPP_ res,w,res);
res->unitary=TRUE;
#ifndef MR_STATIC
memkill(_MIPP_ mem,28);
ecp_memkill(_MIPP_ mem1,6);
#else
memset(mem,0,MR_BIG_RESERVE(28));
memset(mem1,0,MR_ECP_RESERVE(6));
#endif
}
