|
@@ -1,11 +1,11 @@
|
|
#include "PrivateKey.hpp"
|
|
#include "PrivateKey.hpp"
|
|
|
|
|
|
-Scalar PrivateKey::decrypt(const Bipoint<curvepoint_fp_t>& ciphertext)
|
|
|
|
|
|
+Scalar PrivateKey::decrypt(const CurveBipoint& ciphertext) const
|
|
{
|
|
{
|
|
- static std::unordered_map<Bipoint<curvepoint_fp_t>, Scalar> memoizer;
|
|
|
|
|
|
+ static std::unordered_map<CurveBipoint, Scalar, CurveBipointHash> memoizer;
|
|
static Scalar max_checked = Scalar(0);
|
|
static Scalar max_checked = Scalar(0);
|
|
|
|
|
|
- Bipoint<curvepoint_fp_t> pi_1_ciphertext = pi_1(ciphertext);
|
|
|
|
|
|
+ CurveBipoint pi_1_ciphertext = pi_1(ciphertext);
|
|
|
|
|
|
auto lookup = memoizer.find(pi_1_ciphertext);
|
|
auto lookup = memoizer.find(pi_1_ciphertext);
|
|
if (lookup != memoizer.end())
|
|
if (lookup != memoizer.end())
|
|
@@ -13,7 +13,7 @@ Scalar PrivateKey::decrypt(const Bipoint<curvepoint_fp_t>& ciphertext)
|
|
return lookup->second;
|
|
return lookup->second;
|
|
}
|
|
}
|
|
|
|
|
|
- Bipoint<curvepoint_fp_t> i = pi_1_curvegen * max_checked;
|
|
|
|
|
|
+ CurveBipoint i = pi_1_curvegen * max_checked;
|
|
do
|
|
do
|
|
{
|
|
{
|
|
memoizer[pi_1_ciphertext] = max_checked++;
|
|
memoizer[pi_1_ciphertext] = max_checked++;
|
|
@@ -23,12 +23,12 @@ Scalar PrivateKey::decrypt(const Bipoint<curvepoint_fp_t>& ciphertext)
|
|
return max_checked - Scalar(1);
|
|
return max_checked - Scalar(1);
|
|
}
|
|
}
|
|
|
|
|
|
-Scalar PrivateKey::decrypt(const Bipoint<twistpoint_fp2_t>& ciphertext)
|
|
|
|
|
|
+Scalar PrivateKey::decrypt(const TwistBipoint& ciphertext) const
|
|
{
|
|
{
|
|
- static std::unordered_map<Bipoint<twistpoint_fp2_t>, Scalar> memoizer;
|
|
|
|
|
|
+ static std::unordered_map<TwistBipoint, Scalar, TwistBipointHash> memoizer;
|
|
static Scalar max_checked = Scalar(0);
|
|
static Scalar max_checked = Scalar(0);
|
|
|
|
|
|
- Bipoint<twistpoint_fp2_t> pi_2_ciphertext = pi_2(ciphertext);
|
|
|
|
|
|
+ TwistBipoint pi_2_ciphertext = pi_2(ciphertext);
|
|
|
|
|
|
auto lookup = memoizer.find(pi_2_ciphertext);
|
|
auto lookup = memoizer.find(pi_2_ciphertext);
|
|
if (lookup != memoizer.end())
|
|
if (lookup != memoizer.end())
|
|
@@ -36,7 +36,7 @@ Scalar PrivateKey::decrypt(const Bipoint<twistpoint_fp2_t>& ciphertext)
|
|
return lookup->second;
|
|
return lookup->second;
|
|
}
|
|
}
|
|
|
|
|
|
- Bipoint<twistpoint_fp2_t> i = pi_2_twistgen * max_checked;
|
|
|
|
|
|
+ TwistBipoint i = pi_2_twistgen * max_checked;
|
|
do
|
|
do
|
|
{
|
|
{
|
|
memoizer[pi_2_ciphertext] = max_checked++;
|
|
memoizer[pi_2_ciphertext] = max_checked++;
|
|
@@ -47,9 +47,9 @@ Scalar PrivateKey::decrypt(const Bipoint<twistpoint_fp2_t>& ciphertext)
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
-void PrivateKey::decrypt(const Quadripoint& ciphertext)
|
|
|
|
|
|
+Scalar PrivateKey::decrypt(const Quadripoint& ciphertext) const
|
|
{
|
|
{
|
|
- static std::unordered_map<Quadripoint, Scalar> memoizer;
|
|
|
|
|
|
+ static std::unordered_map<Quadripoint, Scalar, QuadripointHash> memoizer;
|
|
static Scalar max_checked = Scalar(0);
|
|
static Scalar max_checked = Scalar(0);
|
|
|
|
|
|
Quadripoint pi_T_ciphertext = pi_T(ciphertext);
|
|
Quadripoint pi_T_ciphertext = pi_T(ciphertext);
|
|
@@ -63,7 +63,7 @@ void PrivateKey::decrypt(const Quadripoint& ciphertext)
|
|
Quadripoint i = pi_T_pairgen * max_checked;
|
|
Quadripoint i = pi_T_pairgen * max_checked;
|
|
do
|
|
do
|
|
{
|
|
{
|
|
- memoizer[pi_2_ciphertext] = max_checked++;
|
|
|
|
|
|
+ memoizer[pi_T_ciphertext] = max_checked++;
|
|
i = i + pi_T_pairgen;
|
|
i = i + pi_T_pairgen;
|
|
} while (i != pi_T_ciphertext);
|
|
} while (i != pi_T_ciphertext);
|
|
|
|
|
|
@@ -86,62 +86,66 @@ void PrivateKey::set(const PublicKey& pub_key, const Scalar& a1, const Scalar& b
|
|
this->d2 = d2;
|
|
this->d2 = d2;
|
|
|
|
|
|
this->pi_1_curvegen = pi_1(pub_key.get_bipoint_curvegen());
|
|
this->pi_1_curvegen = pi_1(pub_key.get_bipoint_curvegen());
|
|
- this->pi_2_curvegen = pi_2(pub_key.get_bipoint_twistgen());
|
|
|
|
- this->pi_T_curvegen = pi_T(pairing(pub_key.get_bipoint_curvegen(), pub_key.get_bipoint_twistgen()));
|
|
|
|
|
|
+ this->pi_2_twistgen = pi_2(pub_key.get_bipoint_twistgen());
|
|
|
|
+ this->pi_T_pairgen = pi_T(pairing(pub_key.get_bipoint_curvegen(), pub_key.get_bipoint_twistgen()));
|
|
}
|
|
}
|
|
|
|
|
|
-Bipoint<curvepoint_fp_t> PrivateKey::pi_1(const Bipoint<curvepoint_fp_t>& input) const
|
|
|
|
|
|
+CurveBipoint PrivateKey::pi_1(const CurveBipoint& input) const
|
|
{
|
|
{
|
|
- Bipoint<curvepoint_fp_t> retval;
|
|
|
|
|
|
+ CurveBipoint retval;
|
|
curvepoint_fp_t temp0, temp1;
|
|
curvepoint_fp_t temp0, temp1;
|
|
|
|
|
|
|
|
|
|
- temp0 = b1 * (c1 * input[0]);
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ c1.mult(temp0, temp0);
|
|
curvepoint_fp_neg(temp0, temp0);
|
|
curvepoint_fp_neg(temp0, temp0);
|
|
|
|
|
|
- temp1 = a1 * (c1 * input[1]);
|
|
|
|
|
|
+ a1.mult(temp1, input[1]);
|
|
|
|
+ c1.mult(temp1, temp1);
|
|
|
|
+
|
|
curvepoint_fp_add_vartime(temp0, temp0, temp1);
|
|
curvepoint_fp_add_vartime(temp0, temp0, temp1);
|
|
-
|
|
|
|
- curvepoint_fp_makeaffine(temp0);
|
|
|
|
curvepoint_fp_set(retval[0], temp0);
|
|
curvepoint_fp_set(retval[0], temp0);
|
|
|
|
|
|
|
|
|
|
- temp0 = b1 * (d1 * input[0]);
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ d1.mult(temp0, temp0);
|
|
curvepoint_fp_neg(temp0, temp0);
|
|
curvepoint_fp_neg(temp0, temp0);
|
|
|
|
|
|
- temp1 = a1 * (d1 * input[1]);
|
|
|
|
|
|
+ a1.mult(temp1, input[1]);
|
|
|
|
+ d1.mult(temp1, temp1);
|
|
|
|
+
|
|
curvepoint_fp_add_vartime(temp0, temp0, temp1);
|
|
curvepoint_fp_add_vartime(temp0, temp0, temp1);
|
|
-
|
|
|
|
- curvepoint_fp_makeaffine(temp0);
|
|
|
|
curvepoint_fp_set(retval[1], temp0);
|
|
curvepoint_fp_set(retval[1], temp0);
|
|
|
|
|
|
|
|
|
|
return retval;
|
|
return retval;
|
|
}
|
|
}
|
|
|
|
|
|
-Bipoint<twistpoint_fp2_t> PrivateKey::pi_2(const Bipoint<twistpoint_fp2_t>& input) const
|
|
|
|
|
|
+TwistBipoint PrivateKey::pi_2(const TwistBipoint& input) const
|
|
{
|
|
{
|
|
- Bipoint<twistpoint_fp2_t> retval;
|
|
|
|
|
|
+ TwistBipoint retval;
|
|
twistpoint_fp2_t temp0, temp1;
|
|
twistpoint_fp2_t temp0, temp1;
|
|
|
|
|
|
|
|
|
|
- temp0 = b2 * (c2 * input[0]);
|
|
|
|
|
|
+ b2.mult(temp0, input[0]);
|
|
|
|
+ c2.mult(temp0, temp0);
|
|
twistpoint_fp2_neg(temp0, temp0);
|
|
twistpoint_fp2_neg(temp0, temp0);
|
|
|
|
|
|
- temp1 = a2 * (c2 * input[1]);
|
|
|
|
|
|
+ a2.mult(temp1, input[1]);
|
|
|
|
+ c2.mult(temp1, temp1);
|
|
|
|
+
|
|
twistpoint_fp2_add_vartime(temp0, temp0, temp1);
|
|
twistpoint_fp2_add_vartime(temp0, temp0, temp1);
|
|
-
|
|
|
|
- twistpoint_fp2_makeaffine(temp0);
|
|
|
|
twistpoint_fp2_set(retval[0], temp0);
|
|
twistpoint_fp2_set(retval[0], temp0);
|
|
|
|
|
|
|
|
|
|
- temp0 = b2 * (d2 * input[0]);
|
|
|
|
|
|
+ b2.mult(temp0, input[0]);
|
|
|
|
+ d2.mult(temp0, temp0);
|
|
twistpoint_fp2_neg(temp0, temp0);
|
|
twistpoint_fp2_neg(temp0, temp0);
|
|
|
|
|
|
- temp1 = a2 * (d2 * input[1]);
|
|
|
|
|
|
+ a2.mult(temp1, input[1]);
|
|
|
|
+ d2.mult(temp1, temp1);
|
|
|
|
+
|
|
twistpoint_fp2_add_vartime(temp0, temp0, temp1);
|
|
twistpoint_fp2_add_vartime(temp0, temp0, temp1);
|
|
-
|
|
|
|
- twistpoint_fp2_makeaffine(temp0);
|
|
|
|
twistpoint_fp2_set(retval[1], temp0);
|
|
twistpoint_fp2_set(retval[1], temp0);
|
|
|
|
|
|
|
|
|
|
@@ -154,15 +158,27 @@ Quadripoint PrivateKey::pi_T(const Quadripoint& input) const
|
|
fp12e_t temp0, temp1, temp2, temp3;
|
|
fp12e_t temp0, temp1, temp2, temp3;
|
|
|
|
|
|
|
|
|
|
- temp0 = c2 * (b2 * (c1 * (b1 * input[0])));
|
|
|
|
-
|
|
|
|
- fp12e_invert(temp1, input[1]);
|
|
|
|
- temp1 = c2 * (a2 * (c1 * (b1 * temp1)));
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ c1.mult(temp0, temp0);
|
|
|
|
+ b2.mult(temp0, temp0);
|
|
|
|
+ c2.mult(temp0, temp0);
|
|
|
|
|
|
- fp12e_invert(temp2, input[2]);
|
|
|
|
- temp2 = c2 * (b2 * (c1 * (a1 * temp2)));
|
|
|
|
|
|
+ b1.mult(temp1, input[1]);
|
|
|
|
+ c1.mult(temp1, temp1);
|
|
|
|
+ a2.mult(temp1, temp1);
|
|
|
|
+ c2.mult(temp1, temp1);
|
|
|
|
+ fp12e_invert(temp1, temp1);
|
|
|
|
+
|
|
|
|
+ a1.mult(temp2, input[2]);
|
|
|
|
+ c1.mult(temp2, temp2);
|
|
|
|
+ b2.mult(temp2, temp2);
|
|
|
|
+ c2.mult(temp2, temp2);
|
|
|
|
+ fp12e_invert(temp2, temp2);
|
|
|
|
|
|
- temp3 = c2 * (a2 * (c1 * (a1 * input[3])));
|
|
|
|
|
|
+ a1.mult(temp3, input[3]);
|
|
|
|
+ c1.mult(temp3, temp3);
|
|
|
|
+ a2.mult(temp3, temp3);
|
|
|
|
+ c2.mult(temp3, temp3);
|
|
|
|
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
@@ -170,17 +186,27 @@ Quadripoint PrivateKey::pi_T(const Quadripoint& input) const
|
|
fp12e_set(retval[0], temp0);
|
|
fp12e_set(retval[0], temp0);
|
|
|
|
|
|
|
|
|
|
- temp0 = d2 * (b2 * (c1 * (b1 * input[0])));
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ c1.mult(temp0, temp0);
|
|
|
|
+ b2.mult(temp0, temp0);
|
|
|
|
+ d2.mult(temp0, temp0);
|
|
|
|
|
|
- temp1 = b1 * input[0];
|
|
|
|
|
|
+ b1.mult(temp1, input[1]);
|
|
|
|
+ c1.mult(temp1, temp1);
|
|
|
|
+ a2.mult(temp1, temp1);
|
|
|
|
+ d2.mult(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
- temp1 = d2 * (a2 * (c1 * temp1));
|
|
|
|
|
|
|
|
- temp2 = b2 * (c1 * (a1 * input[2]));
|
|
|
|
|
|
+ a1.mult(temp2, input[2]);
|
|
|
|
+ c1.mult(temp2, temp2);
|
|
|
|
+ b2.mult(temp2, temp2);
|
|
|
|
+ d2.mult(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
- temp2 = d2 * temp2;
|
|
|
|
-
|
|
|
|
- temp3 = d2 * (a2 * (c1 * (a1 * input[3])));
|
|
|
|
|
|
+
|
|
|
|
+ a1.mult(temp3, input[3]);
|
|
|
|
+ c1.mult(temp3, temp3);
|
|
|
|
+ a2.mult(temp3, temp3);
|
|
|
|
+ d2.mult(temp3, temp3);
|
|
|
|
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
@@ -188,17 +214,27 @@ Quadripoint PrivateKey::pi_T(const Quadripoint& input) const
|
|
fp12e_set(retval[1], temp0);
|
|
fp12e_set(retval[1], temp0);
|
|
|
|
|
|
|
|
|
|
- temp0 = c2 * (b2 * (d1 * (b1 * input[0])));
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ d1.mult(temp0, temp0);
|
|
|
|
+ b2.mult(temp0, temp0);
|
|
|
|
+ c2.mult(temp0, temp0);
|
|
|
|
|
|
- temp1 = b1 * input[0];
|
|
|
|
|
|
+ b1.mult(temp1, input[1]);
|
|
|
|
+ d1.mult(temp1, temp1);
|
|
|
|
+ a2.mult(temp1, temp1);
|
|
|
|
+ c2.mult(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
- temp1 = c2 * (a2 * (d1 * temp1));
|
|
|
|
|
|
|
|
- temp2 = b2 * (d1 * (a1 * input[2]));
|
|
|
|
|
|
+ a1.mult(temp2, input[2]);
|
|
|
|
+ d1.mult(temp2, temp2);
|
|
|
|
+ b2.mult(temp2, temp2);
|
|
|
|
+ c2.mult(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
- temp2 = c2 * temp2;
|
|
|
|
-
|
|
|
|
- temp3 = c2 * (a2 * (d1 * (a1 * input[3])));
|
|
|
|
|
|
+
|
|
|
|
+ a1.mult(temp3, input[3]);
|
|
|
|
+ d1.mult(temp3, temp3);
|
|
|
|
+ a2.mult(temp3, temp3);
|
|
|
|
+ c2.mult(temp3, temp3);
|
|
|
|
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
@@ -206,17 +242,27 @@ Quadripoint PrivateKey::pi_T(const Quadripoint& input) const
|
|
fp12e_set(retval[2], temp0);
|
|
fp12e_set(retval[2], temp0);
|
|
|
|
|
|
|
|
|
|
- temp0 = d2 * (b2 * (d1 * (b1 * input[0])));
|
|
|
|
|
|
+ b1.mult(temp0, input[0]);
|
|
|
|
+ d1.mult(temp0, temp0);
|
|
|
|
+ b2.mult(temp0, temp0);
|
|
|
|
+ d2.mult(temp0, temp0);
|
|
|
|
|
|
- temp1 = b1 * input[0];
|
|
|
|
|
|
+ b1.mult(temp1, input[1]);
|
|
|
|
+ d1.mult(temp1, temp1);
|
|
|
|
+ a2.mult(temp1, temp1);
|
|
|
|
+ d2.mult(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
fp12e_invert(temp1, temp1);
|
|
- temp1 = d2 * (a2 * (d1 * temp1));
|
|
|
|
|
|
|
|
- temp2 = b2 * (d1 * (a1 * input[2]));
|
|
|
|
|
|
+ a1.mult(temp2, input[2]);
|
|
|
|
+ d1.mult(temp2, temp2);
|
|
|
|
+ b2.mult(temp2, temp2);
|
|
|
|
+ d2.mult(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
fp12e_invert(temp2, temp2);
|
|
- temp2 = d2 * temp2;
|
|
|
|
-
|
|
|
|
- temp3 = d2 * (a2 * (d1 * (a1 * input[3])));
|
|
|
|
|
|
+
|
|
|
|
+ a1.mult(temp3, input[3]);
|
|
|
|
+ d1.mult(temp3, temp3);
|
|
|
|
+ a2.mult(temp3, temp3);
|
|
|
|
+ d2.mult(temp3, temp3);
|
|
|
|
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp0, temp0, temp1);
|
|
fp12e_mul(temp1, temp2, temp3);
|
|
fp12e_mul(temp1, temp2, temp3);
|