Crypto++  8.8
Free C++ class library of cryptographic schemes
luc.cpp
1 // luc.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 #include "luc.h"
5 #include "asn.h"
6 #include "sha.h"
7 #include "integer.h"
8 #include "nbtheory.h"
9 #include "algparam.h"
10 #include "pkcspad.h"
11 
12 NAMESPACE_BEGIN(CryptoPP)
13 
14 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
15 void LUC_TestInstantiations()
16 {
18  LUCFunction t2;
20 }
21 #endif
22 
23 void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
24 {
25  const Integer &q = params.GetSubgroupOrder();
26  r = params.ExponentiateBase(k);
27  s = (k + x*(r+e)) % q;
28 }
29 
30 bool DL_Algorithm_LUC_HMP::Verify(const DL_GroupParameters<Integer> &params, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
31 {
32  const Integer p = params.GetGroupOrder()-1;
33  const Integer &q = params.GetSubgroupOrder();
34 
35  Integer Vsg = params.ExponentiateBase(s);
36  Integer Vry = publicKey.ExponentiatePublicElement((r+e)%q);
37  return (Vsg*Vsg + Vry*Vry + r*r) % p == (Vsg * Vry * r + 4) % p;
38 }
39 
40 Integer DL_BasePrecomputation_LUC::Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const
41 {
42  return Lucas(exponent, m_g, static_cast<const DL_GroupPrecomputation_LUC &>(group).GetModulus());
43 }
44 
45 void DL_GroupParameters_LUC::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
46 {
47  for (unsigned int i=0; i<exponentsCount; i++)
48  results[i] = Lucas(exponents[i], base, GetModulus());
49 }
50 
51 void LUCFunction::BERDecode(BufferedTransformation &bt)
52 {
53  BERSequenceDecoder seq(bt);
54  m_n.BERDecode(seq);
55  m_e.BERDecode(seq);
56  seq.MessageEnd();
57 }
58 
59 void LUCFunction::DEREncode(BufferedTransformation &bt) const
60 {
61  DERSequenceEncoder seq(bt);
62  m_n.DEREncode(seq);
63  m_e.DEREncode(seq);
64  seq.MessageEnd();
65 }
66 
68 {
70  return Lucas(m_e, x, m_n);
71 }
72 
73 bool LUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
74 {
75  CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
76  bool pass = true;
77  pass = pass && m_n > Integer::One() && m_n.IsOdd();
78  CRYPTOPP_ASSERT(pass);
79  pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
80  CRYPTOPP_ASSERT(pass);
81  return pass;
82 }
83 
84 bool LUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
85 {
86  return GetValueHelper(this, name, valueType, pValue).Assignable()
87  CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
88  CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
89  ;
90 }
91 
93 {
94  AssignFromHelper(this, source)
95  CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
96  CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
97  ;
98 }
99 
100 // *****************************************************************************
101 // private key operations:
102 
104 {
105 public:
106  LUCPrimeSelector(const Integer &e) : m_e(e) {}
107  bool IsAcceptable(const Integer &candidate) const
108  {
109  return RelativelyPrime(m_e, candidate+1) && RelativelyPrime(m_e, candidate-1);
110  }
111  Integer m_e;
112 };
113 
115 {
116  int modulusSize = 2048;
117  alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
118 
119  if (modulusSize < 16)
120  throw InvalidArgument("InvertibleLUCFunction: specified modulus size is too small");
121 
122  m_e = alg.GetValueWithDefault("PublicExponent", Integer(17));
123 
124  if (m_e < 5 || m_e.IsEven())
125  throw InvalidArgument("InvertibleLUCFunction: invalid public exponent");
126 
127  LUCPrimeSelector selector(m_e);
128  AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
129  ("PointerToPrimeSelector", selector.GetSelectorPointer());
130  m_p.GenerateRandom(rng, primeParam);
131  m_q.GenerateRandom(rng, primeParam);
132 
133  m_n = m_p * m_q;
134  m_u = m_q.InverseMod(m_p);
135 }
136 
137 void InvertibleLUCFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e)
138 {
139  GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e));
140 }
141 
142 void InvertibleLUCFunction::BERDecode(BufferedTransformation &bt)
143 {
144  BERSequenceDecoder seq(bt);
145 
146  Integer version(seq);
147  if (!!version) // make sure version is 0
148  BERDecodeError();
149 
150  m_n.BERDecode(seq);
151  m_e.BERDecode(seq);
152  m_p.BERDecode(seq);
153  m_q.BERDecode(seq);
154  m_u.BERDecode(seq);
155  seq.MessageEnd();
156 }
157 
158 void InvertibleLUCFunction::DEREncode(BufferedTransformation &bt) const
159 {
160  DERSequenceEncoder seq(bt);
161 
162  const byte version[] = {INTEGER, 1, 0};
163  seq.Put(version, sizeof(version));
164  m_n.DEREncode(seq);
165  m_e.DEREncode(seq);
166  m_p.DEREncode(seq);
167  m_q.DEREncode(seq);
168  m_u.DEREncode(seq);
169  seq.MessageEnd();
170 }
171 
173 {
174  // not clear how to do blinding with LUC
175  CRYPTOPP_UNUSED(rng);
177  return InverseLucas(m_e, x, m_q, m_p, m_u);
178 }
179 
180 bool InvertibleLUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
181 {
182  bool pass = LUCFunction::Validate(rng, level);
183  CRYPTOPP_ASSERT(pass);
184  pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
185  CRYPTOPP_ASSERT(pass);
186  pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
187  CRYPTOPP_ASSERT(pass);
188  pass = pass && m_u.IsPositive() && m_u < m_p;
189  CRYPTOPP_ASSERT(pass);
190  if (level >= 1)
191  {
192  pass = pass && m_p * m_q == m_n;
193  CRYPTOPP_ASSERT(pass);
194  pass = pass && RelativelyPrime(m_e, m_p+1);
195  CRYPTOPP_ASSERT(pass);
196  pass = pass && RelativelyPrime(m_e, m_p-1);
197  CRYPTOPP_ASSERT(pass);
198  pass = pass && RelativelyPrime(m_e, m_q+1);
199  CRYPTOPP_ASSERT(pass);
200  pass = pass && RelativelyPrime(m_e, m_q-1);
201  CRYPTOPP_ASSERT(pass);
202  pass = pass && m_u * m_q % m_p == 1;
203  CRYPTOPP_ASSERT(pass);
204  }
205  if (level >= 2)
206  {
207  pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
208  CRYPTOPP_ASSERT(pass);
209  }
210  return pass;
211 }
212 
213 bool InvertibleLUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
214 {
215  return GetValueHelper<LUCFunction>(this, name, valueType, pValue).Assignable()
216  CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
217  CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
218  CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
219  ;
220 }
221 
223 {
224  AssignFromHelper<LUCFunction>(this, source)
225  CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
226  CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
227  CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
228  ;
229 }
230 
231 NAMESPACE_END
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:508
Classes and functions for working with ANS.1 objects.
@ INTEGER
ASN.1 Integer.
Definition: asn.h:34
void BERDecodeError()
Raises a BERDecodeErr.
Definition: asn.h:104
An object that implements NameValuePairs.
Definition: algparam.h:426
BER Sequence Decoder.
Definition: asn.h:525
Interface for buffered transformations.
Definition: cryptlib.h:1657
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition: cryptlib.h:2498
DER Sequence Encoder.
Definition: asn.h:557
bool Verify(const DL_GroupParameters< Integer > &params, const DL_PublicKey< Integer > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: luc.cpp:30
void Sign(const DL_GroupParameters< Integer > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: luc.cpp:23
const Integer & GetModulus() const
Retrieve the modulus for the group.
Definition: gfpcrypt.h:205
void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
Exponentiates a base to multiple exponents.
Definition: luc.cpp:45
Interface for Discrete Log (DL) group parameters.
Definition: pubkey.h:782
virtual Integer GetGroupOrder() const
Retrieves the order of the group.
Definition: pubkey.h:909
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
Definition: pubkey.h:869
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
LUC GroupParameters precomputation.
Definition: luc.h:174
DL_GroupPrecomputation interface.
Definition: eprecomp.h:20
Interface for Discrete Log (DL) public keys.
Definition: pubkey.h:1059
virtual Element ExponentiatePublicElement(const Integer &exponent) const
Exponentiates this element.
Definition: pubkey.h:1098
Multiple precision integer with arithmetic operations.
Definition: integer.h:50
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
Generate a random number.
Definition: integer.h:509
bool IsPositive() const
Determines if the Integer is positive.
Definition: integer.h:347
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
static const Integer & One()
Integer representing 1.
bool IsOdd() const
Determines if the Integer is odd parity.
Definition: integer.h:356
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
An invalid argument was detected.
Definition: cryptlib.h:208
The LUC inverse function.
Definition: luc.h:79
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: luc.cpp:213
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: luc.cpp:222
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: luc.cpp:180
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition: luc.cpp:172
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17)
Create a LUC private key.
Definition: luc.cpp:137
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition: luc.cpp:114
The LUC function.
Definition: luc.h:39
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: luc.cpp:84
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: luc.cpp:73
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition: luc.cpp:67
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: luc.cpp:92
Interface for retrieving values given their names.
Definition: cryptlib.h:327
T GetValueWithDefault(const char *name, T defaultValue) const
Get a named value.
Definition: cryptlib.h:397
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition: cryptlib.h:420
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:2198
Application callback to signal suitability of a cabdidate prime.
Definition: nbtheory.h:114
Interface for random number generators.
Definition: cryptlib.h:1440
Multiple precision integer with arithmetic operations.
Classes for the LUC cryptosystem.
Crypto++ library namespace.
const char * Prime1()
Integer.
Definition: argnames.h:43
const char * Modulus()
Integer.
Definition: argnames.h:33
const char * MultiplicativeInverseOfPrime2ModPrime1()
Integer.
Definition: argnames.h:47
const char * PublicExponent()
Integer.
Definition: argnames.h:34
const char * Prime2()
Integer.
Definition: argnames.h:44
Classes and functions for number theoretic operations.
bool RelativelyPrime(const Integer &a, const Integer &b)
Determine relative primality.
Definition: nbtheory.h:150
CRYPTOPP_DLL Integer Lucas(const Integer &e, const Integer &p, const Integer &n)
Calculate the Lucas value.
CRYPTOPP_DLL Integer InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u)
Calculate the inverse Lucas value.
CRYPTOPP_DLL bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level=1)
Verifies a number is probably prime.
Precompiled header file.
Classes for PKCS padding schemes.
Classes for SHA-1 and SHA-2 family of message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68