diff options
| author | J08nY | 2016-12-22 00:21:35 +0100 |
|---|---|---|
| committer | J08nY | 2016-12-22 00:21:35 +0100 |
| commit | d49e01aa85f3e0220ce2631b20466be4d513edfa (patch) | |
| tree | 32f5fb60bac79b0a201763355327ff0e1b372878 | |
| parent | af1773daebcaafd9e9c4d0d6f8a8ea4dc79bf6b5 (diff) | |
| download | ecgen-d49e01aa85f3e0220ce2631b20466be4d513edfa.tar.gz ecgen-d49e01aa85f3e0220ce2631b20466be4d513edfa.tar.zst ecgen-d49e01aa85f3e0220ce2631b20466be4d513edfa.zip | |
| -rw-r--r-- | gp.c | 204 | ||||
| -rw-r--r-- | gp.gp | 1 | ||||
| -rw-r--r-- | gp.h | 18 | ||||
| -rw-r--r-- | points.gp | 34 | ||||
| -rw-r--r-- | sea.gp | 77 | ||||
| -rw-r--r-- | utils.gp | 11 |
6 files changed, 158 insertions, 187 deletions
@@ -8,7 +8,43 @@ init_gp(void) /* void */ return; } -/* Finds random point of order n on curve e of order o. +void +print_params(GEN curve) /* void */ +{ + pari_sp ltop = avma; + printf0("%x,%x,%x,%x,%x,%x,%x\n", mkvecn(7, gel(curve, 1), gel(curve, 2), gel(curve, 3), gel(curve, 4), gel(curve, 5), gel(curve, 6), gel(curve, 7))); + avma = ltop; + return; +} + +void +print_params_pub(GEN curve) /* void */ +{ + pari_sp ltop = avma; + printf0("%x,%x,%x,%x,%x,%x,%x,%x,%x,%x\n", mkvecn(10, gel(curve, 1), gel(curve, 2), gel(curve, 3), gel(curve, 4), gel(curve, 5), gel(curve, 6), gel(curve, 7), gel(curve, 8), gel(curve, 9), gel(curve, 10))); + avma = ltop; + return; +} + +GEN +pack_params(GEN p, GEN a, GEN b, GEN G) /* vec */ +{ + pari_sp ltop = avma; + GEN p1 = gen_0; /* vec */ + p1 = cgetg(8, t_VEC); + gel(p1, 1) = gcopy(p); + gel(p1, 2) = gcopy(a); + gel(p1, 3) = gcopy(b); + gel(p1, 4) = lift(gel(gel(G, 1), 1)); + gel(p1, 5) = lift(gel(gel(G, 1), 2)); + gel(p1, 6) = gcopy(gel(G, 2)); + gel(p1, 7) = gcopy(gel(G, 3)); + p1 = gerepilecopy(ltop, p1); + return p1; +} + +/** +* Finds random point of order n on curve e of order o. * @returns [[P.x, P.y], n, h] * @param e curve * @param o curve order @@ -38,7 +74,8 @@ find_point(GEN e, GEN o, GEN n) /* vec */ return p1; } -/* Finds random points of orders given by vector p. +/** +* Finds random points of orders given by vector p. * @returns vector of points in format [[P.x, P.y], n, h] * @param e curve * @param o curve order @@ -103,32 +140,6 @@ minprime_order(GEN e, GEN o) return gen_0; } -GEN -max_order(GEN e, GEN o) -{ - pari_sp ltop = avma; - o = gerepilecopy(ltop, o); - return o; -} - -/* Finds a random point of order given by f(o). -* @returns [[P.x, P.y], n, h] -* with P being the point with order f(o). -* @param e curve -* @param o curve order -* @param f function returning the point order, \in maxprime_order, -* minprime_order, max_order -*/ -GEN -get_point(GEN e, GEN o, GEN f) /* vec */ -{ - pari_sp ltop = avma; - GEN p1 = gen_0; /* vec */ - p1 = find_point(e, o, closure_callgen1(f, o)); - p1 = gerepilecopy(ltop, p1); - return p1; -} - /*####################################################################*/ GEN @@ -163,30 +174,44 @@ prime_orders(GEN e, GEN o) return gen_0; } -/* Finds random points of orders given by f(o). -* @returns vector of points in format [[P.x, P.y], n, h] -* @param e curve -* @param o curve order -* @param f function returning a vector of point orders +/** +* E(Fp): y^2 = x^3 + ax + b mod p +* @returns [p, a, b, G.x, G.y, n, h], G has the largest prime order possible +* @param p +* @param a +* @param b */ GEN -get_points(GEN e, GEN o, GEN f) /* vec */ +largest_prime(GEN p, GEN a, GEN b, long prec) { pari_sp ltop = avma; - GEN p1 = gen_0; /* vec */ - p1 = find_points(e, o, closure_callgen1(f, o)); - p1 = gerepilecopy(ltop, p1); - return p1; + GEN e = gen_0, o = gen_0, G = gen_0; + GEN p1 = gen_0, p2 = gen_0; /* vec */ + p1 = cgetg(3, t_VEC); + gel(p1, 1) = gcopy(a); + gel(p1, 2) = gcopy(b); + e = ellinit(p1, p, prec); + o = ellsea(e, 0); + if (gequal0(o)) + { + avma = ltop; + return gen_0; + } + G = find_point(e, o, maxprime_order(o, gen_0)); + p2 = pack_params(p, a, b, G); + p2 = gerepilecopy(ltop, p2); + return p2; } -/* E(Fp): y^2 = x^3 + ax + b mod p -* @returns [p, a, b, [G.x, G.y], n, h] +/** +* E(Fp): y^2 = x^3 + ax + b mod p +* @returns [p, a, b, G.x, G.y, n, h], G has the smallest prime order possible * @param p * @param a * @param b */ GEN -largest_prime(GEN p, GEN a, GEN b, long prec) +smallest_prime(GEN p, GEN a, GEN b, long prec) { pari_sp ltop = avma; GEN e = gen_0, o = gen_0, G = gen_0; @@ -201,27 +226,21 @@ largest_prime(GEN p, GEN a, GEN b, long prec) avma = ltop; return gen_0; } - G = find_point(e, o, maxprime_order(o, gen_0)); - p2 = cgetg(8, t_VEC); - gel(p2, 1) = gcopy(p); - gel(p2, 2) = gcopy(a); - gel(p2, 3) = gcopy(b); - gel(p2, 4) = lift(gel(gel(G, 1), 1)); - gel(p2, 5) = lift(gel(gel(G, 1), 2)); - gel(p2, 6) = gcopy(gel(G, 2)); - gel(p2, 7) = gcopy(gel(G, 3)); + G = find_point(e, o, minprime_order(o, gen_0)); + p2 = pack_params(p, a, b, G); p2 = gerepilecopy(ltop, p2); return p2; } -/* E(Fp): y^2 = x^3 + ax + b mod p -* @returns [p, a, b, G, n, h] +/** +* E(Fp): y^2 = x^3 + ax + b mod p +* @returns [p, a, b, G.x, G.y, n, h=1], G is generator of E(Fp) * @param p * @param a * @param b */ GEN -smallest_prime(GEN p, GEN a, GEN b, long prec) +generator(GEN p, GEN a, GEN b, long prec) { pari_sp ltop = avma; GEN e = gen_0, o = gen_0, G = gen_0; @@ -236,20 +255,14 @@ smallest_prime(GEN p, GEN a, GEN b, long prec) avma = ltop; return gen_0; } - G = find_point(e, o, minprime_order(o, gen_0)); - p2 = cgetg(8, t_VEC); - gel(p2, 1) = gcopy(p); - gel(p2, 2) = gcopy(a); - gel(p2, 3) = gcopy(b); - gel(p2, 4) = lift(gel(gel(G, 1), 1)); - gel(p2, 5) = lift(gel(gel(G, 1), 2)); - gel(p2, 6) = gcopy(gel(G, 2)); - gel(p2, 7) = gcopy(gel(G, 3)); + G = find_point(e, o, o); + p2 = pack_params(p, a, b, G); p2 = gerepilecopy(ltop, p2); return p2; } -/* E(Fp): y^2 = x^3 + ax + b mod p +/** +* E(Fp): y^2 = x^3 + ax + b mod p * @returns vector of domain parameters [p, a, b, G, n, h] points of all prime orders * @param p * @param a @@ -279,18 +292,7 @@ all_prime(GEN p, GEN a, GEN b, long prec) long X; p3 = cgetg(l2+1, t_VEC); for (X = 1; X <= l2; ++X) - { - GEN p4 = gen_0; /* vec */ - p4 = cgetg(8, t_VEC); - gel(p4, 1) = gcopy(p); - gel(p4, 2) = gcopy(a); - gel(p4, 3) = gcopy(b); - gel(p4, 4) = lift(gel(gel(gel(G, X), 1), 1)); - gel(p4, 5) = lift(gel(gel(gel(G, X), 1), 2)); - gel(p4, 6) = gcopy(gel(gel(G, X), 2)); - gel(p4, 7) = gcopy(gel(gel(G, X), 3)); - gel(p3, X) = p4; - } + gel(p3, X) = pack_params(p, a, b, gel(G, X)); } p3 = gerepilecopy(ltop, p3); return p3; @@ -298,14 +300,15 @@ all_prime(GEN p, GEN a, GEN b, long prec) /*####################################################################*/ -/* E(Fp): y^2 = x^3 + ax + b mod p -* @returns [p, a, b, G.x, G.y, r, k, P.x, P.y, n] +/** +* E(Fp): y^2 = x^3 + ax + b mod p +* @returns [p, a, b, G.x, G.y, r, k, P.x, P.y, n], G is generator of E(Fp), P has the smallest prime order */ GEN small_pubkey(GEN p, GEN a, GEN b, long prec) { pari_sp ltop = avma; - GEN e = gen_0, o = gen_0, f = gen_0, G = gen_0, n = gen_0, h = gen_0, r = gen_0, P = gen_0; + GEN e = gen_0, o = gen_0, G = gen_0, f = gen_0, n = gen_0, r = gen_0, P = gen_0; GEN p1 = gen_0, p2 = gen_0; /* vec */ p1 = cgetg(3, t_VEC); gel(p1, 1) = gcopy(a); @@ -321,28 +324,21 @@ small_pubkey(GEN p, GEN a, GEN b, long prec) { G = genrand(e); n = o; - h = gen_1; + r = o; P = genrand(e); } else { + G = find_point(e, o, o); f = factor(o); - f = vecsort0(f, NULL, 0); - n = gcopy(gcoeff(f, 1, 2)); - h = gdivent(o, n); - /*printf("%s %u %u\n", f, n, h); */ - { - pari_sp btop = avma; - do - { - G = genrand(e); - r = ellorder(e, G, NULL); - if (gc_needed(btop, 1)) - gerepileall(btop, 2, &G, &r); - } while(!gequal0(gmod(r, n))); - } - /*printf("%s %s\n", G, r); */ - P = ellmul(e, G, gdivent(r, n)); + n = gcopy(gcoeff(f, 1, 1)); + /* + until(r % n == 0, + G = random(e); + r = ellorder(e, G); + ); + */ + P = ellmul(e, G, gdivent(o, n)); } p2 = cgetg(11, t_VEC); gel(p2, 1) = gcopy(p); @@ -359,21 +355,3 @@ small_pubkey(GEN p, GEN a, GEN b, long prec) return p2; } -void -print_params(GEN curve) /* void */ -{ - pari_sp ltop = avma; - printf0("%x,%x,%x,%x,%x,%x,%x\n", mkvecn(7, gel(curve, 1), gel(curve, 2), gel(curve, 3), gel(curve, 4), gel(curve, 5), gel(curve, 6), gel(curve, 7))); - avma = ltop; - return; -} - -void -print_params_pub(GEN curve) /* void */ -{ - pari_sp ltop = avma; - printf0("%x,%x,%x,%x,%x,%x,%x,%x,%x,%x\n", mkvecn(10, gel(curve, 1), gel(curve, 2), gel(curve, 3), gel(curve, 4), gel(curve, 5), gel(curve, 6), gel(curve, 7), gel(curve, 8), gel(curve, 9), gel(curve, 10))); - avma = ltop; - return; -} - @@ -1,2 +1,3 @@ +\rutils \rpoints \rsea @@ -2,34 +2,32 @@ #include <pari/pari.h> /* GP;install("init_gp","v","init_gp","./gp.gp.so"); +GP;install("print_params","vD0,G,","print_params","./gp.gp.so"); +GP;install("print_params_pub","vD0,G,","print_params_pub","./gp.gp.so"); +GP;install("pack_params","D0,G,D0,G,D0,G,D0,G,","pack_params","./gp.gp.so"); GP;install("find_point","D0,G,D0,G,D0,G,","find_point","./gp.gp.so"); GP;install("find_points","D0,G,D0,G,D0,G,","find_points","./gp.gp.so"); GP;install("maxprime_order","D0,G,D0,G,","maxprime_order","./gp.gp.so"); GP;install("minprime_order","D0,G,D0,G,","minprime_order","./gp.gp.so"); -GP;install("max_order","D0,G,D0,G,","max_order","./gp.gp.so"); -GP;install("get_point","D0,G,D0,G,D0,G,","get_point","./gp.gp.so"); GP;install("prime_orders","D0,G,D0,G,","prime_orders","./gp.gp.so"); -GP;install("get_points","D0,G,D0,G,D0,G,","get_points","./gp.gp.so"); GP;install("largest_prime","D0,G,D0,G,D0,G,p","largest_prime","./gp.gp.so"); GP;install("smallest_prime","D0,G,D0,G,D0,G,p","smallest_prime","./gp.gp.so"); +GP;install("generator","D0,G,D0,G,D0,G,p","generator","./gp.gp.so"); GP;install("all_prime","D0,G,D0,G,D0,G,p","all_prime","./gp.gp.so"); GP;install("small_pubkey","D0,G,D0,G,D0,G,p","small_pubkey","./gp.gp.so"); -GP;install("print_params","vD0,G,","print_params","./gp.gp.so"); -GP;install("print_params_pub","vD0,G,","print_params_pub","./gp.gp.so"); */ void init_gp(void); +void print_params(GEN curve); +void print_params_pub(GEN curve); +GEN pack_params(GEN p, GEN a, GEN b, GEN G); GEN find_point(GEN e, GEN o, GEN n); GEN find_points(GEN e, GEN o, GEN p); GEN maxprime_order(GEN e, GEN o); GEN minprime_order(GEN e, GEN o); -GEN max_order(GEN e, GEN o); -GEN get_point(GEN e, GEN o, GEN f); GEN prime_orders(GEN e, GEN o); -GEN get_points(GEN e, GEN o, GEN f); GEN largest_prime(GEN p, GEN a, GEN b, long prec); GEN smallest_prime(GEN p, GEN a, GEN b, long prec); +GEN generator(GEN p, GEN a, GEN b, long prec); GEN all_prime(GEN p, GEN a, GEN b, long prec); GEN small_pubkey(GEN p, GEN a, GEN b, long prec); -void print_params(GEN curve); -void print_params_pub(GEN curve); /*End of prototype*/ @@ -1,4 +1,5 @@ -/* Finds random point of order n on curve e of order o. +/** + * Finds random point of order n on curve e of order o. * @returns [[P.x, P.y], n, h] * @param e curve * @param o curve order @@ -13,7 +14,8 @@ find_point(e, o, n) = { return([P, n, h]); } -/* Finds random points of orders given by vector p. +/** + * Finds random points of orders given by vector p. * @returns vector of points in format [[P.x, P.y], n, h] * @param e curve * @param o curve order @@ -41,40 +43,14 @@ minprime_order(e, o) = { ); } -max_order(e, o) = { - return(o); -} - -/* Finds a random point of order given by f(o). - * @returns [[P.x, P.y], n, h] - * with P being the point with order f(o). - * @param e curve - * @param o curve order - * @param f function returning the point order, \in maxprime_order, - * minprime_order, max_order - */ -get_point(e, o, f) = { - return(find_point(e, o, f(o))); -} - /*####################################################################*/ prime_orders(e, o) = { local(f); if(isprime(o), - return([o]);; + return([o]); , f = factor(o); return(vector(length(f),X,f[X,1])); ); } - -/* Finds random points of orders given by f(o). - * @returns vector of points in format [[P.x, P.y], n, h] - * @param e curve - * @param o curve order - * @param f function returning a vector of point orders - */ -get_points(e, o, f) = { - return(find_points(e, o, f(o))); -} @@ -1,6 +1,6 @@ -\rpoints -/* E(Fp): y^2 = x^3 + ax + b mod p - * @returns [p, a, b, [G.x, G.y], n, h] +/** + * E(Fp): y^2 = x^3 + ax + b mod p + * @returns [p, a, b, G.x, G.y, n, h], G has the largest prime order possible * @param p * @param a * @param b @@ -12,11 +12,12 @@ largest_prime(p, a, b) = { if(!o, return); G = find_point(e, o, maxprime_order(o)); - return([p, a, b, lift(G[1][1]), lift(G[1][2]), G[2], G[3]]); + return(pack_params(p, a, b, G)); } -/* E(Fp): y^2 = x^3 + ax + b mod p - * @returns [p, a, b, G, n, h] +/** + * E(Fp): y^2 = x^3 + ax + b mod p + * @returns [p, a, b, G.x, G.y, n, h], G has the smallest prime order possible * @param p * @param a * @param b @@ -28,10 +29,28 @@ smallest_prime(p, a, b) = { if(!o, return); G = find_point(e, o, minprime_order(o)); - return([p, a, b, lift(G[1][1]), lift(G[1][2]), G[2], G[3]]); + return(pack_params(p, a, b, G)); } -/* E(Fp): y^2 = x^3 + ax + b mod p +/** + * E(Fp): y^2 = x^3 + ax + b mod p + * @returns [p, a, b, G.x, G.y, n, h=1], G is generator of E(Fp) + * @param p + * @param a + * @param b + */ +generator(p, a, b) = { + local(e, o, G); + e = ellinit([a, b], p); + o = ellsea(e); + if(!o, return); + + G = find_point(e, o, o); + return(pack_params(p, a, b, G)); +} + +/** + * E(Fp): y^2 = x^3 + ax + b mod p * @returns vector of domain parameters [p, a, b, G, n, h] points of all prime orders * @param p * @param a @@ -44,50 +63,38 @@ all_prime(p, a, b) = { if(!o, return); G = find_points(e, o, prime_orders(o)); - return(vector(length(G),X,[p, a, b, lift(G[X][1][1]), lift(G[X][1][2]), G[X][2], G[X][3]])); + return(vector(length(G),X,pack_params(p, a, b, G[X]))); } /*####################################################################*/ -/* E(Fp): y^2 = x^3 + ax + b mod p - * @returns [p, a, b, G.x, G.y, r, k, P.x, P.y, n] +/** + * E(Fp): y^2 = x^3 + ax + b mod p + * @returns [p, a, b, G.x, G.y, r, k, P.x, P.y, n], G is generator of E(Fp), P has the smallest prime order */ -small_pubkey(p,a,b) = -{ - local(e, o, f, G, n, h, r, P); - e = ellinit([a,b],p); +small_pubkey(p, a, b) = { + local(e, o, G, f, n, r, P); + e = ellinit([a, b], p); o = ellsea(e); if(!o, return); if(isprime(o), G = random(e); n = o; - h = 1; + r = o; P = random(e); - , + , + G = find_point(e, o, o); f = factor(o); - f = vecsort(f); - n = f[1,2]; - h = o\n; - - \\printf("%s %u %u\n", f, n, h); + n = f[1,1]; + /* until(r % n == 0, G = random(e); r = ellorder(e, G); - \\printf("%s %s\n", G, r); ); - P = ellmul(e,G,r\n); + */ + P = ellmul(e, G, o\n); ); - return([p,a,b,lift(G[1]),lift(G[2]),r,o\r,lift(P[1]),lift(P[2]),n]); -} - -print_params(curve) = -{ - printf("%x,%x,%x,%x,%x,%x,%x\n", curve[1], curve[2], curve[3], curve[4], curve[5], curve[6], curve[7]); -} - -print_params_pub(curve) = -{ - printf("%x,%x,%x,%x,%x,%x,%x,%x,%x,%x\n", curve[1], curve[2], curve[3], curve[4], curve[5], curve[6], curve[7], curve[8], curve[9], curve[10]); + return([p, a, b, lift(G[1]), lift(G[2]), r, o\r, lift(P[1]), lift(P[2]), n]); } diff --git a/utils.gp b/utils.gp new file mode 100644 index 0000000..bfd0326 --- /dev/null +++ b/utils.gp @@ -0,0 +1,11 @@ +print_params(curve) = { + printf("%x,%x,%x,%x,%x,%x,%x\n", curve[1], curve[2], curve[3], curve[4], curve[5], curve[6], curve[7]); +} + +print_params_pub(curve) = { + printf("%x,%x,%x,%x,%x,%x,%x,%x,%x,%x\n", curve[1], curve[2], curve[3], curve[4], curve[5], curve[6], curve[7], curve[8], curve[9], curve[10]); +} + +pack_params(p, a, b, G) = { + return([p, a, b, lift(G[1][1]), lift(G[1][2]), G[2], G[3]]); +} |