You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2019/12/06 15:07:45 UTC
[incubator-milagro-crypto-c] 06/10: ff - allow specification of
exponent size in skpow
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue51
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit aee0051a6dd8ea278527f1be725290242da45ea7
Author: samuele-andreoli <sa...@yahoo.it>
AuthorDate: Thu Nov 28 15:49:08 2019 +0000
ff - allow specification of exponent size in skpow
---
include/ff.h.in | 69 +++++++++++++++++++-------------------------
include/paillier.h | 2 +-
src/ff.c.in | 46 +++--------------------------
src/paillier.c | 26 +++++++----------
src/rsa.c.in | 4 +--
test/test_paillier_decrypt.c | 3 +-
6 files changed, 49 insertions(+), 101 deletions(-)
diff --git a/include/ff.h.in b/include/ff.h.in
index dd48cc3..7c50c00 100644
--- a/include/ff.h.in
+++ b/include/ff.h.in
@@ -181,11 +181,11 @@ extern void FF_WWW_mul(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
/** @brief Reduce FF mod a modulus
*
This is slow
- @param x FF instance to be reduced mod m - on exit = x mod m
- @param m FF modulus
+ @param x FF instance to be reduced mod p - on exit = x mod p
+ @param p FF modulus
@param n size of FF in BIGs
*/
-extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *m,int n);
+extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *p,int n);
/** @brief Square an FF
*
Uses Karatsuba method internally
@@ -226,55 +226,57 @@ extern void FF_WWW_random(BIG_XXX *x,csprng *R,int n);
@param n size of FF in BIGs
*/
extern void FF_WWW_randomnum(BIG_XXX *x,BIG_XXX *y,csprng *R,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
+/** @brief Calculate r=x^e mod p, side channel resistant
*
@param r FF instance, on exit = x^e mod p
@param x FF instance
@param e FF exponent
- @param m FF modulus
+ @param p FF modulus
@param n size of FF in BIGs
+ @param en size of the exponent in BIGs
*/
-extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
+extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int en);
+/** @brief Calculate r=x^e mod p, side channel resistant
*
For short BIG exponent
@param r FF instance, on exit = x^e mod p
@param x FF instance
@param e BIG exponent
- @param m FF modulus
+ @param p FF modulus
@param n size of FF in BIGs
*/
-extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e.y^f mod m for big e and f, side channel resistant
+extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n);
+/** @brief Calculate r=x^e.y^f mod p for big e and f, side channel resistant
*
- @param r FF instance, on exit = x^e.y^f mod m
- @param x FF instance
- @param e FF exponent
- @param y FF instance
- @param f FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
+ @param r FF instance, on exit = x^e.y^f mod p
+ @param x FF instance
+ @param e FF exponent
+ @param y FF instance
+ @param f FF exponent
+ @param p FF modulus
+ @param n size of FF in BIGs
+ @param en size of the exponent in BIGs
*/
-extern void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX m[], int n);
-/** @brief Calculate r=x^e mod m
+extern void FF_WWW_skpow2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p, int n, int en);
+/** @brief Calculate r=x^e mod p
*
For very short integer exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e integer exponent
- @param m FF modulus
- @param n size of FF in BIGs
+ @param r FF instance, on exit = x^e mod p
+ @param x FF instance
+ @param e integer exponent
+ @param p FF modulus
+ @param n size of FF in BIGs
*/
-extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e mod m
+extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *p,int n);
+/** @brief Calculate r=x^e mod p
*
@param r FF instance, on exit = x^e mod p
@param x FF instance
@param e FF exponent
- @param m FF modulus
+ @param p FF modulus
@param n size of FF in BIGs
*/
-extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *m,int n);
+extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *p,int n);
/** @brief Test if an FF has factor in common with integer s
*
@param x FF instance to be tested
@@ -292,16 +294,5 @@ extern int FF_WWW_cfactor(BIG_XXX *x,sign32 s,int n);
@return 1 if x is (almost certainly) prime, else return 0
*/
extern int FF_WWW_prime(BIG_XXX *x,csprng *R,int n);
-/** @brief Calculate r=x^e.y^f mod m
- *
- @param r FF instance, on exit = x^e.y^f mod p
- @param x FF instance
- @param e BIG exponent
- @param y FF instance
- @param f BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *y,BIG_XXX f,BIG_XXX *m,int n);
#endif
diff --git a/include/paillier.h b/include/paillier.h
index 7ba9592..30cae34 100644
--- a/include/paillier.h
+++ b/include/paillier.h
@@ -54,7 +54,7 @@ typedef struct{
typedef struct{
BIG_512_60 n[FFLEN_4096]; /**< Paillier Modulus - n = pq*/
BIG_512_60 g[FFLEN_4096]; /**< Public Base - n+1 */
- BIG_512_60 l[FFLEN_4096]; /**< Private Key (Euler totient of n) */
+ BIG_512_60 l[HFLEN_4096]; /**< Private Key (Euler totient of n) */
BIG_512_60 m[FFLEN_4096]; /**< Precomputed l^(-1) */
BIG_512_60 p[HFLEN_4096]; /**< Secret Prime */
diff --git a/src/ff.c.in b/src/ff.c.in
index 31347c7..946388c 100644
--- a/src/ff.c.in
+++ b/src/ff.c.in
@@ -767,7 +767,7 @@ static void FF_WWW_modsqr(BIG_XXX z[],BIG_XXX x[],BIG_XXX p[],BIG_XXX ND[],int n
}
/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
-void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n)
+void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n, int en)
{
int i,b;
#ifndef C99
@@ -782,7 +782,7 @@ void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n)
FF_WWW_nres(R0,p,n);
FF_WWW_nres(R1,p,n);
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
+ for (i=8*MODBYTES_XXX*en-1; i>=0; i--)
{
b=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
FF_WWW_modmul(r,R0,R1,p,ND,n);
@@ -825,7 +825,7 @@ void FF_WWW_skspow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n)
}
/* r=x^e*y^f mod p - side channel resistant */
-void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n) {
+void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n, int en) {
int i,eb,fb;
#ifndef C99
BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],w[FFLEN_WWW],ND[FFLEN_WWW];
@@ -845,7 +845,7 @@ void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[
FF_WWW_one(r,n);
FF_WWW_nres(r,p,n);
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
+ for (i=8*MODBYTES_XXX*en-1; i>=0; i--)
{
eb=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
fb=BIG_XXX_bit(f[i/BIGBITS_XXX],i%BIGBITS_XXX);
@@ -924,44 +924,6 @@ void FF_WWW_pow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n)
FF_WWW_redc(r,p,ND,n);
}
-/* double exponentiation r=x^e.y^f mod p */
-void FF_WWW_pow2(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX y[],BIG_XXX f,BIG_XXX p[],int n)
-{
- int i,eb,fb;
-#ifndef C99
- BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX xn[n],yn[n],xy[n],ND[n];
-#endif
-
- FF_WWW_invmod2m(ND,p,n);
-
- FF_WWW_copy(xn,x,n);
- FF_WWW_copy(yn,y,n);
- FF_WWW_nres(xn,p,n);
- FF_WWW_nres(yn,p,n);
- FF_WWW_modmul(xy,xn,yn,p,ND,n);
- FF_WWW_one(r,n);
- FF_WWW_nres(r,p,n);
-
- for (i=8*MODBYTES_XXX-1; i>=0; i--)
- {
- eb=BIG_XXX_bit(e,i);
- fb=BIG_XXX_bit(f,i);
- FF_WWW_modsqr(r,r,p,ND,n);
- if (eb==1)
- {
- if (fb==1) FF_WWW_modmul(r,r,xy,p,ND,n);
- else FF_WWW_modmul(r,r,xn,p,ND,n);
- }
- else
- {
- if (fb==1) FF_WWW_modmul(r,r,yn,p,ND,n);
- }
- }
- FF_WWW_redc(r,p,ND,n);
-}
-
static sign32 igcd(sign32 x,sign32 y)
{
/* integer GCD, returns GCD of x and y */
diff --git a/src/paillier.c b/src/paillier.c
index aa3a5c5..cacf40d 100644
--- a/src/paillier.c
+++ b/src/paillier.c
@@ -155,7 +155,6 @@ void PAILLIER_KEY_PAIR(csprng *RNG, octet *P, octet* Q, PAILLIER_public_key *PUB
OCT_empty(&OCT);
FF_2048_toOctet(&OCT, l, FFLEN_2048);
- FF_4096_zero(PRIV->l, FFLEN_4096);
FF_4096_fromOctet(PRIV->l, &OCT, HFLEN_4096);
OCT_empty(&OCT);
@@ -206,10 +205,10 @@ void PAILLIER_KEY_PAIR(csprng *RNG, octet *P, octet* Q, PAILLIER_public_key *PUB
/* Clean secrets from private key */
void PAILLIER_PRIVATE_KEY_KILL(PAILLIER_private_key *PRIV)
{
- FF_4096_zero(PRIV->l, FFLEN_4096);
+ FF_4096_zero(PRIV->l, HFLEN_4096);
FF_4096_zero(PRIV->m, FFLEN_4096);
- FF_4096_zero(PRIV->p, HFLEN_4096/2);
- FF_4096_zero(PRIV->q, HFLEN_4096/2);
+ FF_4096_zero(PRIV->p, HFLEN_4096);
+ FF_4096_zero(PRIV->q, HFLEN_4096);
}
/* Paillier encrypt
@@ -221,12 +220,11 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C
BIG_512_60 r[FFLEN_4096];
// plaintext
- BIG_512_60 pt[FFLEN_4096];
+ BIG_512_60 pt[HFLEN_4096];
// ciphertext
BIG_512_60 ct[FFLEN_4096];
- FF_4096_zero(pt, FFLEN_4096);
FF_4096_fromOctet(pt,PT,HFLEN_4096);
// In production generate R from RNG
@@ -240,7 +238,7 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C
}
// ct = g^pt * r^n mod n2
- FF_4096_skpow2(ct, PUB->g, pt, r, PUB->n, PUB->n2, FFLEN_4096);
+ FF_4096_skpow2(ct, PUB->g, pt, r, PUB->n, PUB->n2, FFLEN_4096, HFLEN_4096);
// Output
FF_4096_toOctet(CT, ct, FFLEN_4096);
@@ -265,7 +263,7 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C
FF_4096_output(r,FFLEN_4096);
printf("\n\n");
printf("pt ");
- FF_4096_output(pt,FFLEN_4096);
+ FF_4096_output(pt,HFLEN_4096);
printf("\n\n");
printf("ct ");
FF_4096_output(ct,FFLEN_4096);
@@ -297,7 +295,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT)
FF_4096_fromOctet(ct,CT,FFLEN_4096);
// ct^l mod n^2 - 1
- FF_4096_skpow(ctl,ct,PRIV->l,PRIV->n2,FFLEN_4096);
+ FF_4096_skpow(ctl,ct,PRIV->l,PRIV->n2,FFLEN_4096,HFLEN_4096);
FF_4096_dec(ctl,1,FFLEN_4096);
#ifdef DEBUG
@@ -330,7 +328,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT)
FF_4096_output(PRIV->n,FFLEN_4096);
printf("\n\n");
printf("PAILLIER_DECRYPT l ");
- FF_4096_output(PRIV->l,FFLEN_4096);
+ FF_4096_output(PRIV->l,HFLEN_4096);
printf("\n\n");
printf("PAILLIER_DECRYPT m ");
FF_4096_output(PRIV->m,FFLEN_4096);
@@ -414,18 +412,16 @@ void PAILLIER_MULT(PAILLIER_public_key *PUB, octet* CT1, octet* PT, octet* CT)
BIG_512_60 ct1[FFLEN_4096];
// Plaintext
- BIG_512_60 pt[FFLEN_4096];
+ BIG_512_60 pt[HFLEN_4096];
// Ciphertext output. ct = ct1 ^ pt mod n^2
BIG_512_60 ct[FFLEN_4096];
- FF_4096_zero(pt, FFLEN_4096);
FF_4096_fromOctet(pt,PT,HFLEN_4096);
-
FF_4096_fromOctet(ct1,CT1,FFLEN_4096);
// ct1^pt mod n^2
- FF_4096_skpow(ct,ct1,pt,PUB->n2,FFLEN_4096);
+ FF_4096_skpow(ct,ct1,pt,PUB->n2,FFLEN_4096, HFLEN_4096);
// output
FF_4096_toOctet(CT, ct, FFLEN_4096);
@@ -441,7 +437,7 @@ void PAILLIER_MULT(PAILLIER_public_key *PUB, octet* CT1, octet* PT, octet* CT)
FF_4096_output(ct1,FFLEN_4096);
printf("\n\n");
printf("PAILLIER_MULT pt: ");
- FF_4096_output(pt,FFLEN_4096);
+ FF_4096_output(pt,HFLEN_4096);
printf("\n\n");
printf("PAILLIER_MULT ct: ");
FF_4096_output(ct,FFLEN_4096);
diff --git a/src/rsa.c.in b/src/rsa.c.in
index bbe41b2..ba996bd 100644
--- a/src/rsa.c.in
+++ b/src/rsa.c.in
@@ -136,8 +136,8 @@ void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F)
FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW);
FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW);
- FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW);
- FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW);
+ FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW,HFLEN_WWW);
+ FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW,HFLEN_WWW);
FF_WWW_zero(g,FFLEN_WWW);
diff --git a/test/test_paillier_decrypt.c b/test/test_paillier_decrypt.c
index 855cb14..f60d034 100644
--- a/test/test_paillier_decrypt.c
+++ b/test/test_paillier_decrypt.c
@@ -123,11 +123,10 @@ int main(int argc, char** argv)
{
len = strlen(Lline);
linePtr = line + len;
- FF_4096_zero(PRIV.l, FFLEN_4096);
read_FF_4096(PRIV.l, linePtr, HFLEN_4096);
#ifdef DEBUG
printf("L = ");
- FF_4096_output(PRIV.l , FFLEN_4096);
+ FF_4096_output(PRIV.l , HFLEN_4096);
printf("\n");
#endif
}