You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/04 10:42:23 UTC
[incubator-milagro-crypto-c] 01/03: add constant time triple
exponent
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-multiple-exponent-api
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit 32ac3e7fbf23be73b7965c47e043250477d09cf0
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Tue Feb 4 10:18:34 2020 +0000
add constant time triple exponent
---
include/ff.h.in | 16 ++++++++++-
src/ff.c.in | 58 +++++++++++++++++++++++++++++++++++++++
test/test_ff_consistency_WWW.c.in | 10 +++++++
3 files changed, 83 insertions(+), 1 deletion(-)
diff --git a/include/ff.h.in b/include/ff.h.in
index 7096162..0bcf458 100644
--- a/include/ff.h.in
+++ b/include/ff.h.in
@@ -253,7 +253,7 @@ extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int
@param n size of FF in BIGs
*/
extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n);
-/** @brief Calculate r=x^e.y^f mod p for big e and f, side channel resistant
+/** @brief Calculate r=x^e.y^f mod p for FF e and f, side channel resistant
*
@param r FF instance, on exit = x^e.y^f mod p
@param x FF instance
@@ -265,6 +265,20 @@ extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n);
@param en size of the exponent in BIGs
*/
extern void FF_WWW_skpow2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p, int n, int en);
+/** @brief Calculate r=x^e.y^f.z^g mod p for FF e, f and g, side channel resistant
+ *
+ @param r FF instance, on exit = x^e.y^f.z^g mod p
+ @param x FF instance
+ @param e FF exponent
+ @param y FF instance
+ @param f FF exponent
+ @param z FF instance
+ @param g FF exponent
+ @param p FF modulus
+ @param n size of FF in BIGs
+ @param en size of the exponent in BIGs
+ */
+extern void FF_WWW_skpow3(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en);
/** @brief Calculate r=x^e mod p
*
For very short integer exponent
diff --git a/src/ff.c.in b/src/ff.c.in
index 2ce8da1..3f83bc2 100644
--- a/src/ff.c.in
+++ b/src/ff.c.in
@@ -866,6 +866,64 @@ void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[
FF_WWW_redc(r,p,ND,n);
}
+/* r=x^e*y^f mod p - side channel resistant */
+void FF_WWW_skpow3(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX z[], BIG_XXX g[], BIG_XXX p[], int n, int en)
+{
+ int i,b;
+#ifndef C99
+ BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],zn[FFLEN_WWW],xy[FFLEN_WWW],xz[FFLEN_WWW],yz[FFLEN_WWW],xyz[FFLEN_WWW],w[FFLEN_WWW],ND[FFLEN_WWW];
+#else
+ BIG_XXX xn[n],yn[n],zn[n],xy[n],xz[n],yz[n],xyz[n],w[n],ND[n];
+#endif
+
+ FF_WWW_invmod2m(ND, p, n);
+
+ FF_WWW_copy(xn, x, n);
+ FF_WWW_copy(yn, y, n);
+ FF_WWW_copy(zn, z, n);
+ FF_WWW_nres(xn, p, n);
+ FF_WWW_nres(yn, p, n);
+ FF_WWW_nres(zn, p, n);
+ FF_WWW_modmul(xy, xn, yn, p, ND, n);
+ FF_WWW_modmul(xz, xn, zn, p, ND, n);
+ FF_WWW_modmul(yz, yn, zn, p, ND, n);
+ FF_WWW_modmul(xyz, xy, zn, p, ND, n);
+ FF_WWW_one(w, n);
+ FF_WWW_one(r, n);
+ FF_WWW_nres(w, p, n);
+ FF_WWW_nres(r, p, n);
+
+ for (i=8*MODBYTES_XXX*en-1; i>=0; i--)
+ {
+ b = BIG_XXX_bit(g[i/BIGBITS_XXX],i%BIGBITS_XXX);
+ b <<= 1;
+ b = b | BIG_XXX_bit(f[i/BIGBITS_XXX],i%BIGBITS_XXX);
+ b <<= 1;
+ b = b | BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
+
+ FF_WWW_cswap(w, xn, b == 0x01, n);
+ FF_WWW_cswap(w, yn, b == 0x02, n);
+ FF_WWW_cswap(w, zn, b == 0x04, n);
+ FF_WWW_cswap(w, xy, b == 0x03, n);
+ FF_WWW_cswap(w, xz, b == 0x05, n);
+ FF_WWW_cswap(w, yz, b == 0x06, n);
+ FF_WWW_cswap(w, xyz, b == 0x07, n);
+
+ FF_WWW_modsqr(r, r, p, ND, n);
+ FF_WWW_modmul(r, w, r, p, ND, n);
+
+ FF_WWW_cswap(w, xn, b == 0x01, n);
+ FF_WWW_cswap(w, yn, b == 0x02, n);
+ FF_WWW_cswap(w, zn, b == 0x04, n);
+ FF_WWW_cswap(w, xy, b == 0x03, n);
+ FF_WWW_cswap(w, xz, b == 0x05, n);
+ FF_WWW_cswap(w, yz, b == 0x06, n);
+ FF_WWW_cswap(w, xyz, b == 0x07, n);
+ }
+
+ FF_WWW_redc(r, p, ND, n);
+}
+
/* raise to an integer power - right-to-left method */
void FF_WWW_power(BIG_XXX r[],BIG_XXX x[],int e,BIG_XXX p[],int n)
{
diff --git a/test/test_ff_consistency_WWW.c.in b/test/test_ff_consistency_WWW.c.in
index 56fa552..f077a5d 100644
--- a/test/test_ff_consistency_WWW.c.in
+++ b/test/test_ff_consistency_WWW.c.in
@@ -324,6 +324,16 @@ int main()
exit(EXIT_FAILURE);
}
+ // Test triple exponent for secret key
+ FF_WWW_zero(N, HFLEN_WWW);
+ FF_WWW_skpow3(N, A, E, B, F, C, G, P, HFLEN_WWW, HFLEN_WWW);
+
+ if(FF_WWW_comp(N, L, HFLEN_WWW))
+ {
+ printf("ERROR testing pow3");
+ exit(EXIT_FAILURE);
+ }
+
// Test quadruple exponent
FF_WWW_pow(N, D, H, P, HFLEN_WWW);
FF_WWW_mul(Q, L, N, HFLEN_WWW);