Crypto++  5.6.5
Free C++ class library of cryptographic schemes
rabin.cpp
1 // rabin.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 #include "rabin.h"
5 #include "integer.h"
6 #include "nbtheory.h"
7 #include "modarith.h"
8 #include "asn.h"
9 #include "sha.h"
10 
11 NAMESPACE_BEGIN(CryptoPP)
12 
13 void RabinFunction::BERDecode(BufferedTransformation &bt)
14 {
15  BERSequenceDecoder seq(bt);
16  m_n.BERDecode(seq);
17  m_r.BERDecode(seq);
18  m_s.BERDecode(seq);
19  seq.MessageEnd();
20 }
21 
22 void RabinFunction::DEREncode(BufferedTransformation &bt) const
23 {
24  DERSequenceEncoder seq(bt);
25  m_n.DEREncode(seq);
26  m_r.DEREncode(seq);
27  m_s.DEREncode(seq);
28  seq.MessageEnd();
29 }
30 
32 {
34 
35  Integer out = in.Squared()%m_n;
36  if (in.IsOdd())
37  out = out*m_r%m_n;
38  if (Jacobi(in, m_n)==-1)
39  out = out*m_s%m_n;
40  return out;
41 }
42 
43 bool RabinFunction::Validate(RandomNumberGenerator& /*rng*/, unsigned int level) const
44 {
45  bool pass = true;
46  pass = pass && m_n > Integer::One() && m_n%4 == 1;
47  CRYPTOPP_ASSERT(pass);
48  pass = pass && m_r > Integer::One() && m_r < m_n;
49  CRYPTOPP_ASSERT(pass);
50  pass = pass && m_s > Integer::One() && m_s < m_n;
51  CRYPTOPP_ASSERT(pass);
52  if (level >= 1)
53  {
54  pass = pass && Jacobi(m_r, m_n) == -1 && Jacobi(m_s, m_n) == -1;
55  CRYPTOPP_ASSERT(pass);
56  }
57  return pass;
58 }
59 
60 bool RabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
61 {
62  return GetValueHelper(this, name, valueType, pValue).Assignable()
63  CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
64  CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
65  CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
66  ;
67 }
68 
70 {
71  AssignFromHelper(this, source)
72  CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
73  CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
74  CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
75  ;
76 }
77 
78 // *****************************************************************************
79 // private key operations:
80 
81 // generate a random private key
83 {
84  int modulusSize = 2048;
85  alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
86 
87  if (modulusSize < 16)
88  throw InvalidArgument("InvertibleRabinFunction: specified modulus size is too small");
89 
90  // VC70 workaround: putting these after primeParam causes overlapped stack allocation
91  bool rFound=false, sFound=false;
92  Integer t=2;
93 
94  AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
95  ("EquivalentTo", 3)("Mod", 4);
96  m_p.GenerateRandom(rng, primeParam);
97  m_q.GenerateRandom(rng, primeParam);
98 
99  while (!(rFound && sFound))
100  {
101  int jp = Jacobi(t, m_p);
102  int jq = Jacobi(t, m_q);
103 
104  if (!rFound && jp==1 && jq==-1)
105  {
106  m_r = t;
107  rFound = true;
108  }
109 
110  if (!sFound && jp==-1 && jq==1)
111  {
112  m_s = t;
113  sFound = true;
114  }
115 
116  ++t;
117  }
118 
119  m_n = m_p * m_q;
120  m_u = m_q.InverseMod(m_p);
121 }
122 
123 void InvertibleRabinFunction::BERDecode(BufferedTransformation &bt)
124 {
125  BERSequenceDecoder seq(bt);
126  m_n.BERDecode(seq);
127  m_r.BERDecode(seq);
128  m_s.BERDecode(seq);
129  m_p.BERDecode(seq);
130  m_q.BERDecode(seq);
131  m_u.BERDecode(seq);
132  seq.MessageEnd();
133 }
134 
135 void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const
136 {
137  DERSequenceEncoder seq(bt);
138  m_n.DEREncode(seq);
139  m_r.DEREncode(seq);
140  m_s.DEREncode(seq);
141  m_p.DEREncode(seq);
142  m_q.DEREncode(seq);
143  m_u.DEREncode(seq);
144  seq.MessageEnd();
145 }
146 
148 {
150 
151  ModularArithmetic modn(m_n);
152  Integer r(rng, Integer::One(), m_n - Integer::One());
153  r = modn.Square(r);
154  Integer r2 = modn.Square(r);
155  Integer c = modn.Multiply(in, r2); // blind
156 
157  Integer cp=c%m_p, cq=c%m_q;
158 
159  int jp = Jacobi(cp, m_p);
160  int jq = Jacobi(cq, m_q);
161 
162  if (jq==-1)
163  {
164  cp = cp*EuclideanMultiplicativeInverse(m_r, m_p)%m_p;
165  cq = cq*EuclideanMultiplicativeInverse(m_r, m_q)%m_q;
166  }
167 
168  if (jp==-1)
169  {
170  cp = cp*EuclideanMultiplicativeInverse(m_s, m_p)%m_p;
171  cq = cq*EuclideanMultiplicativeInverse(m_s, m_q)%m_q;
172  }
173 
174  cp = ModularSquareRoot(cp, m_p);
175  cq = ModularSquareRoot(cq, m_q);
176 
177  if (jp==-1)
178  cp = m_p-cp;
179 
180  Integer out = CRT(cq, m_q, cp, m_p, m_u);
181 
182  out = modn.Divide(out, r); // unblind
183 
184  if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd()))
185  out = m_n-out;
186 
187  return out;
188 }
189 
190 bool InvertibleRabinFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
191 {
192  bool pass = RabinFunction::Validate(rng, level);
193  CRYPTOPP_ASSERT(pass);
194  pass = pass && m_p > Integer::One() && m_p%4 == 3 && m_p < m_n;
195  CRYPTOPP_ASSERT(pass);
196  pass = pass && m_q > Integer::One() && m_q%4 == 3 && m_q < m_n;
197  CRYPTOPP_ASSERT(pass);
198  pass = pass && m_u.IsPositive() && m_u < m_p;
199  CRYPTOPP_ASSERT(pass);
200  if (level >= 1)
201  {
202  pass = pass && m_p * m_q == m_n;
203  CRYPTOPP_ASSERT(pass);
204  pass = pass && m_u * m_q % m_p == 1;
205  CRYPTOPP_ASSERT(pass);
206  pass = pass && Jacobi(m_r, m_p) == 1;
207  CRYPTOPP_ASSERT(pass);
208  pass = pass && Jacobi(m_r, m_q) == -1;
209  CRYPTOPP_ASSERT(pass);
210  pass = pass && Jacobi(m_s, m_p) == -1;
211  CRYPTOPP_ASSERT(pass);
212  pass = pass && Jacobi(m_s, m_q) == 1;
213  CRYPTOPP_ASSERT(pass);
214  }
215  if (level >= 2)
216  {
217  pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
218  CRYPTOPP_ASSERT(pass);
219  }
220  return pass;
221 }
222 
223 bool InvertibleRabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
224 {
225  return GetValueHelper<RabinFunction>(this, name, valueType, pValue).Assignable()
226  CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
227  CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
228  CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
229  ;
230 }
231 
233 {
234  AssignFromHelper<RabinFunction>(this, source)
235  CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
236  CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
237  CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
238  ;
239 }
240 
241 NAMESPACE_END
const char * MultiplicativeInverseOfPrime2ModPrime1()
Integer.
Definition: argnames.h:47
An invalid argument was detected.
Definition: cryptlib.h:194
Classes for Rabin encryption and signature schemes.
const Integer & Square(const Integer &a) const
Square an element in the ring.
Definition: modarith.h:177
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition: modarith.h:198
const char * Prime2()
Integer.
Definition: argnames.h:44
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
Definition: integer.cpp:3457
const char * QuadraticResidueModPrime1()
Integer.
Definition: argnames.h:48
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition: rabin.cpp:147
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: rabin.cpp:60
Ring of congruence classes modulo n.
Definition: modarith.h:34
Interface for random number generators.
Definition: cryptlib.h:1188
Integer InverseMod(const Integer &n) const
calculate multiplicative inverse of *this mod n
Definition: integer.cpp:4440
BER Sequence Decoder.
Definition: asn.h:303
Interface for buffered transformations.
Definition: cryptlib.h:1343
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:3096
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition: rabin.cpp:31
const char * Prime1()
Integer.
Definition: argnames.h:43
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition: cryptlib.h:2124
const char * QuadraticResidueModPrime2()
Integer.
Definition: argnames.h:49
const Integer & Multiply(const Integer &a, const Integer &b) const
Multiplies elements in the ring.
Definition: modarith.h:170
bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level=1)
Verifies a prime number.
Definition: nbtheory.cpp:249
Multiple precision integer with arithmetic operations.
Definition: integer.h:49
bool IsEven() const
Determines if the Integer is even parity.
Definition: integer.h:348
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:60
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition: rabin.cpp:82
Classes and functions for working with ANS.1 objects.
Classes for SHA-1 and SHA-2 family of message digests.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: rabin.cpp:43
Classes and functions for number theoretic operations.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: rabin.cpp:190
DER Sequence Encoder.
Definition: asn.h:313
Integer Squared() const
Multiply this integer by itself.
Definition: integer.h:576
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: rabin.cpp:232
An object that implements NameValuePairs.
Definition: algparam.h:437
const char * Modulus()
Integer.
Definition: argnames.h:33
Multiple precision integer with arithmetic operations.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: rabin.cpp:69
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
Definition: integer.cpp:3464
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: rabin.cpp:223
Class file for performing modular arithmetic.
Crypto++ library namespace.
bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition: cryptlib.h:379
bool IsOdd() const
Determines if the Integer is odd parity.
Definition: integer.h:351
Interface for retrieving values given their names.
Definition: cryptlib.h:285