You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/26 20:02:16 UTC
[incubator-milagro-MPC] 01/05: Add custom functions for keys and k
generation
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 177a37e66421e98e45b6c973071f51d6bd6a0c1a
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 16:22:14 2020 +0000
Add custom functions for keys and k generation
---
examples/example_ecdsa.c | 65 +++++++-------------------------------
examples/example_ecdsa_mpc.c | 5 ++-
examples/example_full.c | 13 +++-----
include/amcl/mpc.h | 20 ++++++++++++
src/mpc.c | 43 ++++++++++++++++++++++++-
test/smoke/test_ecdsa_smoke.c | 73 +++++++++----------------------------------
6 files changed, 94 insertions(+), 125 deletions(-)
diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c
index be43f53..8da4bd2 100644
--- a/examples/example_ecdsa.c
+++ b/examples/example_ecdsa.c
@@ -136,11 +136,6 @@ int test(csprng *RNG)
char hm[32];
octet HM = {0,sizeof(hm),hm};
- char nc_ecp[2 * EFS_SECP256K1 + 1];
- octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp};
-
- ECP_SECP256K1 P;
-
printf("Generating Paillier key pair one\n");
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1);
@@ -148,16 +143,7 @@ int test(csprng *RNG)
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2);
printf("Generating ECDSA key pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK1, &P, true);
-
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1);
rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
if (rc!=0)
{
@@ -166,64 +152,37 @@ int test(csprng *RNG)
}
printf("Generating ECDSA key pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating K1\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K1);
printf("Generating K2\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K2);
OCT_jstring(&M,"test message");
printf("M: ");
diff --git a/examples/example_ecdsa_mpc.c b/examples/example_ecdsa_mpc.c
index 87dba95..cba4c96 100644
--- a/examples/example_ecdsa_mpc.c
+++ b/examples/example_ecdsa_mpc.c
@@ -30,7 +30,7 @@ int main()
char sk[EGS_SECP256K1];
octet SK = {0,sizeof(sk),sk};
- char pk[2*EFS_SECP256K1+1];
+ char pk[EFS_SECP256K1+1];
octet PK = {0,sizeof(pk),pk};
char k[EGS_SECP256K1];
@@ -49,8 +49,7 @@ int main()
char* sk_hex = "2f7b34cc0194179865128b63dc8af0c4062067291693e8043eda653d32a2b2d2";
OCT_fromHex(&SK,sk_hex);
- // ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&SK,&PK);
- ECP_SECP256K1_KEY_PAIR_GENERATE(NULL,&SK,&PK);
+ MPC_ECDSA_KEY_PAIR_GENERATE(NULL,&SK,&PK);
rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
if (rc!=0)
{
diff --git a/examples/example_full.c b/examples/example_full.c
index dd5dd9a..c45dd69 100644
--- a/examples/example_full.c
+++ b/examples/example_full.c
@@ -53,7 +53,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
{
int rc;
- char pk[2 * EFS_SECP256K1 + 1];
+ char pk[EFS_SECP256K1 + 1];
octet PK = {0, sizeof(pk), pk};
char out[2][FS_2048];
@@ -65,12 +65,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
// ECDSA Key Pair
printf("\n\tGenerate ECDSA key pair\n");
- rc = ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
- if (rc != 0)
- {
- return rc;
- }
-
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
if (rc != 0)
{
@@ -1297,7 +1292,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
BIG_256_56_toBytes(K1.val, k1);
K1.len = EGS_SECP256K1;
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
ECP_SECP256K1_fromOctet(&P, &NCP);
ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
@@ -1327,7 +1322,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
BIG_256_56_toBytes(K2.val, k2);
K2.len = EGS_SECP256K1;
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
ECP_SECP256K1_fromOctet(&P, &NCP);
ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h
index 9e5045e..7203578 100644
--- a/include/amcl/mpc.h
+++ b/include/amcl/mpc.h
@@ -37,6 +37,17 @@ extern "C" {
#define MPC_FAIL 71 /**< Failure */
#define MPC_INVALID_ECP 72 /**< Input is not a valid point on the curve */
+/** @brief Generate an ECC public/private key pair
+ *
+ * Generat an ECC public/private key pair W = s.G, where
+ * G is a fixed public generator
+ *
+ * @param RNG is a pointer to a cryptographically secure random number generator
+ * @param S the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ * @param W the output public key, which is s.G, where G is a fixed generator
+ */
+void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W);
+
/** \brief ECDSA Sign message
*
* Generate the ECDSA signature on message, M, with outputs (R,S)
@@ -70,6 +81,15 @@ int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S);
*/
int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
+/** \brief Generate a random K for and ECDSA signature
+ *
+ * Generate a random K modulo the curve order
+ *
+ * @param RNG Pointer to a cryptographically secure PRNG
+ * @param K Destination octet for the randomly generated value
+ */
+void MPC_K_GENERATE(csprng *RNG, octet *K);
+
/** \brief Calculate the inverse of the sum of kgamma values
*
* Calculate the inverse of the sum of kgamma values
diff --git a/src/mpc.c b/src/mpc.c
index 80babcc..6a97c46 100644
--- a/src/mpc.c
+++ b/src/mpc.c
@@ -23,6 +23,35 @@ under the License.
#include <amcl/ecdh_support.h>
#include <amcl/mpc.h>
+/* Generate ECDSA key pair */
+void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W)
+{
+
+ BIG_256_56 s, q;
+
+ ECP_SECP256K1 G;
+
+ ECP_SECP256K1_generator(&G);
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+ if (RNG!=NULL)
+ {
+ BIG_256_56_randomnum(s, q, RNG);
+
+ S->len=EGS_SECP256K1;
+ BIG_256_56_toBytes(S->val,s);
+ }
+ else
+ {
+ BIG_256_56_fromBytesLen(s, S->val, S->len);
+ }
+
+ ECP_SECP256K1_mul(&G, s);
+ ECP_SECP256K1_toOctet(W, &G, true);
+
+ BIG_256_56_zero(s);
+}
+
/* ECDSA Signature, R and S are the signature on M using private key SK */
int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S)
{
@@ -157,6 +186,19 @@ int MPC_ECDSA_VERIFY(octet *HM, octet *PK, octet *R,octet *S)
return res;
}
+void MPC_K_GENERATE(csprng *RNG, octet *K)
+{
+ BIG_256_56 s, q;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(s, q, RNG);
+
+ K->len=EGS_SECP256K1;
+ BIG_256_56_toBytes(K->val, s);
+
+ BIG_256_56_zero(s);
+}
+
/* Calculate the inverse of kgamma */
void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA)
{
@@ -183,7 +225,6 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA)
BIG_256_56_toBytes(INVKGAMMA->val, kgamma1);
}
-
/* Calculate the r component of the signature */
int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP)
{
diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c
index eb20072..f4e1106 100644
--- a/test/smoke/test_ecdsa_smoke.c
+++ b/test/smoke/test_ecdsa_smoke.c
@@ -136,11 +136,6 @@ int test(csprng *RNG)
char hm[32];
octet HM = {0,sizeof(hm),hm};
- char nc_ecp[2 * EFS_SECP256K1 + 1];
- octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp};
-
- ECP_SECP256K1 P;
-
printf("Generating Paillier key pair one\n");
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1);
@@ -148,90 +143,50 @@ int test(csprng *RNG)
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2);
printf("Generating ECDSA key pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating ECDSA key pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP);
-
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK2, &P, true);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2);
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating K1\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K1);
printf("Generating K2\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K2);
OCT_jstring(&M,"test message");
printf("M: ");