123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370 |
- #include "multiplicationL1.hpp"
- //template <typename S, typename T>
- BitEvalL2 multiplicationL1 (BitEvalL1<curvepoint_fp_t> eval1, BitEvalL1<twistpoint_fp2_t> eval2, PublicKey public_key)
- {
- BitEvalL2 produit;
- F2 s=rand()%2;
- produit.set_bit_masque(eval1.get_bit_masque()*eval2.get_bit_masque()-s);
- Bipoint<curvepoint_fp_t> bipoint_curve_subgroupelt;
- Bipoint<twistpoint_fp2_t> bipoint_twist_subgroupelt;
- scalar_t lambda1, lambda2;
- scalar_setrandom(lambda1, bn_r);
- scalar_setrandom(lambda2, bn_r);
- bipoint_curve_subgroupelt.scalarmult_vartime(public_key.get_bipoint_curvegen(),lambda1); // calcul de u1
- bipoint_curve_subgroupelt.makeaffine();
- bipoint_twist_subgroupelt.scalarmult_vartime(public_key.get_bipoint_twistgen(),lambda2); // calcul de v1
- bipoint_twist_subgroupelt.makeaffine();
- public_key.get_bipoint_twist_groupelt().makeaffine();
-
- Quadripoint factor1, factor2, factor3, factor4, factor5;
- Bipoint<curvepoint_fp_t> chiffre_1_curve;
- Bipoint<twistpoint_fp2_t> chiffre_1_twist, chiffre_s;
-
- //calcul de e(beta_1,beta_2)
- factor1 = pairing(eval1.get_bipoint(),eval2.get_bipoint());
-
- //calcul de e(Enc(1), a1 beta2 + Enc(s))
-
- Bipoint<curvepoint_fp_t> temp1;
- Bipoint<twistpoint_fp2_t> temp2;
-
- chiffrement(chiffre_s,s, public_key);
- chiffre_s.makeaffine();
-
-
- chiffrement(chiffre_1_curve,1, public_key);
- temp1=chiffre_1_curve;
- temp1.makeaffine();
-
- if (eval1.get_bit_masque() == 1)
- {
- temp2 = eval2.get_bipoint()+chiffre_s;
- }
- else
- {
- temp2 = chiffre_s;
- }
- temp2.makeaffine();
- factor2 = pairing(temp1, temp2);
-
- //calcul de e(a2 beta1, Enc(1))
- Bipoint<curvepoint_fp_t> temp3; // les bipoints sont initialisés par défaut au bipoint à l'infini
- Bipoint<twistpoint_fp2_t> temp4;
- chiffrement(chiffre_1_twist,1, public_key);
- //F2 un;
- //dechiffrement(un,chiffre_1_twist,private_key);
- //zout(un);
- if (eval2.get_bit_masque() == 1) //sinon temp3 doit etre le bipoint à l'infini
- {
- temp3 = eval1.get_bipoint();
- }
- temp3.makeaffine();
- //temp3.print();
-
- temp4=chiffre_1_twist;
- temp4.makeaffine();
- //ecris(affichage de chiffre_1_twist);
- //temp4.print();
-
- factor3 = pairing(temp3, temp4);
-
- //ecris(affichage de pi_1(f3[0]));
- //private_key.pi_1(temp3).print(0);
-
- //ecris(affichage de pi_2(f3[1]));
- //private_key.pi_2(chiffre_1_twist).print();
-
- //ecris(affichage de e(pi_1(f3[0]),pi_2(f3[1])));
- //pairing(private_key.pi_1(temp3),private_key.pi_2(temp4)).print(0);
- //ecris(affichage de e(f3[0],f3[1]));
- //pairing(temp3,temp4).print(0);
-
- //ecris(affichage de pi_T(e(f3[0],f3[1])));
- //private_key.pi_T(pairing(temp3,temp4)).print(0);
-
- //calcul de e(u,v1)
- factor4 = pairing(public_key.get_bipoint_curve_groupelt(),bipoint_twist_subgroupelt);
-
- //calcul de e(u1,v)
- factor5 = pairing(bipoint_curve_subgroupelt,public_key.get_bipoint_twist_groupelt());
-
- produit.set_quadripoint(factor1*factor2*factor3*factor4*factor5);
- return produit;
- }
- BitEvalL2 multiplicationL1 (BitChiffre eval1, BitChiffre eval2, PublicKey public_key)
- {
- //signature;
- if (eval1.get_type() == CURVE && eval2.get_type() == TWIST)
- {
- BitEvalL2 produit;
- F2 s=rand()%2;
- //zout(s);
- //cout << "a1 = " << eval1.get_bit_masque() << endl;
- //cout << "a2 = " << eval2.get_bit_masque() << endl;
- //cin.ignore() ; //NB temps[] d'attente
- produit.set_bit_masque(eval1.get_bit_masque()*eval2.get_bit_masque()-s);
- //eval1.print_bit_masque();
- //eval2.print_bit_masque();
- //ecris(affichage de a1a2-s);
- //produit.print_bit_masque();
- Bipoint<curvepoint_fp_t> bipoint_curve_subgroupelt;
- Bipoint<twistpoint_fp2_t> bipoint_twist_subgroupelt;
- scalar_t lambda1, lambda2;
- scalar_setrandom(lambda1, bn_r);
- scalar_setrandom(lambda2, bn_r);
- //mpz_class mpz1, mpz2;
- //mpz1=scalar2mpz(lambda1);
- //mpz2=scalar2mpz(lambda2);
- //scalar_print(stdout,lambda1);
- //JUMP;
- //zout(mpz1);
- //scalar_print(stdout,lambda2);
- //JUMP;
- //zout(mpz2);
- bipoint_curve_subgroupelt.scalarmult_vartime(public_key.get_bipoint_curvegen(),lambda1); // calcul de u1
- bipoint_curve_subgroupelt.makeaffine();
- bipoint_twist_subgroupelt.scalarmult_vartime(public_key.get_bipoint_twistgen(),lambda2); // calcul de v1
- bipoint_twist_subgroupelt.makeaffine();
- public_key.get_bipoint_twist_groupelt().makeaffine();
-
- Quadripoint factor1, factor2, factor3, factor4, factor5;
- Bipoint<curvepoint_fp_t> chiffre_1_curve;
- Bipoint<twistpoint_fp2_t> chiffre_1_twist, chiffre_s;
-
- //calcul de e(beta_1,beta_2)
- factor1 = pairing(eval1.get_bipoint_curve(),eval2.get_bipoint_twist());
-
- //calcul de e(Enc(1), a1 beta2 + Enc(s))
-
- Bipoint<curvepoint_fp_t> temp1;
- Bipoint<twistpoint_fp2_t> temp2;
-
- chiffrement(chiffre_s,s, public_key);
- chiffre_s.makeaffine();
-
-
- chiffrement(chiffre_1_curve,1, public_key);
- temp1=chiffre_1_curve;
- temp1.makeaffine();
-
- if (eval1.get_bit_masque() == 1)
- {
- temp2 = eval2.get_bipoint_twist()+chiffre_s;
- }
- else
- {
- temp2 = chiffre_s;
- }
- temp2.makeaffine();
- factor2 = pairing(temp1, temp2);
-
- //calcul de e(a2 beta1, Enc(1))
- Bipoint<curvepoint_fp_t> temp3; // les bipoints sont initialisés par défaut au bipoint à l'infini
- Bipoint<twistpoint_fp2_t> temp4;
- chiffrement(chiffre_1_twist,1, public_key);
- //F2 un;
- //dechiffrement(un,chiffre_1_twist,private_key);
- //zout(un);
- if (eval2.get_bit_masque() == 1) //sinon temp3 doit etre le bipoint à l'infini
- {
- temp3 = eval1.get_bipoint_curve();
- }
- temp3.makeaffine();
- //temp3.print();
-
- temp4=chiffre_1_twist;
- temp4.makeaffine();
- //ecris(affichage de chiffre_1_twist);
- //temp4.print();
-
- factor3 = pairing(temp3, temp4);
-
- //ecris(affichage de pi_1(f3[0]));
- //private_key.pi_1(temp3).print(0);
-
- //ecris(affichage de pi_2(f3[1]));
- //private_key.pi_2(chiffre_1_twist).print();
-
- //ecris(affichage de e(pi_1(f3[0]),pi_2(f3[1])));
- //pairing(private_key.pi_1(temp3),private_key.pi_2(temp4)).print(0);
- //ecris(affichage de e(f3[0],f3[1]));
- //pairing(temp3,temp4).print(0);
-
- //ecris(affichage de pi_T(e(f3[0],f3[1])));
- //private_key.pi_T(pairing(temp3,temp4)).print(0);
-
- //calcul de e(u,v1)
- factor4 = pairing(public_key.get_bipoint_curve_groupelt(),bipoint_twist_subgroupelt);
-
- //calcul de e(u1,v)
- factor5 = pairing(bipoint_curve_subgroupelt,public_key.get_bipoint_twist_groupelt());
-
- //private_key.pi_1(bipoint_curve_subgroupelt).print();
- //private_key.pi_2(public_key.get_bipoint_twist_groupelt()).print();
-
- //ecris(affichage de e(pi_1(u),pi_2(v1)));
- //pairing(private_key.pi_1(private_key.pi_1(public_key.get_bipoint_curve_groupelt())),private_key.pi_2(bipoint_twist_subgroupelt)).print();
-
- //ecris(affichage de e(pi_1(u1),pi_2(v)));
- //pairing(private_key.pi_1(bipoint_curve_subgroupelt),private_key.pi_2(public_key.get_bipoint_twist_groupelt())).print();
-
- //ecris(affichage de e(-j1l1u1[0]+i1l1u1[1],-j2l2v[0]+i2l2v[1]));
- ////void curvepoint_fp_scalarmult_vartime(curvepoint_fp_t rop, const curvepoint_fp_t op, const scalar_t s);
- ////void curvepoint_fp_add_vartime(curvepoint_fp_t rop, const curvepoint_fp_t op1, const curvepoint_fp_t op2);
- ////void curvepoint_fp_neg(curvepoint_fp_t rop, const curvepoint_fp_t op);
- //curvepoint_fp_t tempc[6], op1;
- //twistpoint_fp2_t tempt[5], op2;
- //fp12e_t tempf[60], test, test2, test3, test4;
- //curvepoint_fp_neg(tempc[0],bipoint_curve_subgroupelt[0]);
- //curvepoint_fp_scalarmult_vartime(tempc[1],tempc[0],private_key.get("j1").scalar());
- //curvepoint_fp_scalarmult_vartime(tempc[2],tempc[1],private_key.get("l1").scalar());
- //curvepoint_fp_scalarmult_vartime(tempc[3],bipoint_curve_subgroupelt[1],private_key.get("i1").scalar());
- //curvepoint_fp_scalarmult_vartime(tempc[4],tempc[3],private_key.get("l1").scalar());
- //curvepoint_fp_makeaffine(tempc[2]);curvepoint_fp_makeaffine(tempc[4]);
- //curvepoint_fp_add_vartime(op1,tempc[2],tempc[4]);
-
- //twistpoint_fp2_neg(tempt[0],public_key.get_bipoint_twist_groupelt()[0]);
- //twistpoint_fp2_scalarmult_vartime(tempt[1],tempt[0],private_key.get("j2").scalar());
- //twistpoint_fp2_scalarmult_vartime(tempt[2],tempt[1],private_key.get("l2").scalar());
- //twistpoint_fp2_scalarmult_vartime(tempt[3],public_key.get_bipoint_twist_groupelt()[1],private_key.get("i2").scalar());
- //twistpoint_fp2_scalarmult_vartime(tempt[4],tempt[3],private_key.get("l2").scalar());
- //twistpoint_fp2_add_vartime(op2,tempt[5],tempt[4]);
-
- //OptimalAte(test,op1,op2);
- //fp12e_print(stdout,test);
- //JUMP;
-
- //ecris(affichage de e(-j1l1u1[0],-j2l2v[0]+i2l2v[1])e(i1l1u1[1],-j2l2v[0]+i2l2v[1]));
- //OptimalAte(tempf[0],tempc[2],op2);
- //OptimalAte(tempf[1],tempc[4],op2);
- //fp12e_mul(test2,tempf[0],tempf[1]);
- //fp12e_print(stdout,test2);
- //JUMP;
-
-
- //ecris(affichage de e(-j1l1u1[0],-j2l2v[0])e(-j1l1u1[0],i2l2v[1])e(i1l1u1[1],-j2l2v[0])e(i1l1u1[1],i2l2v[1]));
- //OptimalAte(tempf[2],tempc[2],tempt[2]);
- //OptimalAte(tempf[3],tempc[2],tempt[4]);
- //OptimalAte(tempf[4],tempc[4],tempt[2]);
- //OptimalAte(tempf[5],tempc[4],tempt[4]);
- //fp12e_mul(tempf[6],tempf[2],tempf[3]);
- //fp12e_mul(tempf[7],tempf[4],tempf[5]);
- //fp12e_mul(test3,tempf[6],tempf[7]);
- //fp12e_print(stdout,test3);
- //JUMP;
-
-
- //ecris(affichage de e(u1[0],v[0])^((-j1l1)(-j2l2)) e(u1[0],v[1])^((-j1l1)(i2l2)) e(u1[1],v[0])^((i1l1)(-j2l2)) e(u1[1],v[1])^((i1l1)(i2l2)));
-
-
- //curvepoint_fp_makeaffine(bipoint_curve_subgroupelt[0]);curvepoint_fp_makeaffine(bipoint_curve_subgroupelt[1]);
- //twistpoint_fp2_makeaffine(public_key.get_bipoint_twist_groupelt()[0]);twistpoint_fp2_makeaffine(public_key.get_bipoint_twist_groupelt()[1]);
-
-
- //OptimalAte(tempf[8],bipoint_curve_subgroupelt[0],public_key.get_bipoint_twist_groupelt()[0]);
- //OptimalAte(tempf[9],bipoint_curve_subgroupelt[0],public_key.get_bipoint_twist_groupelt()[1]);
- //OptimalAte(tempf[10],bipoint_curve_subgroupelt[1],public_key.get_bipoint_twist_groupelt()[0]);
- //OptimalAte(tempf[11],bipoint_curve_subgroupelt[1],public_key.get_bipoint_twist_groupelt()[1]);
-
- //fp12e_invert(tempf[12],tempf[8]);
- //fp12e_pow_vartime(tempf[13],tempf[12],private_key.get("j1").scalar());
- //fp12e_pow_vartime(tempf[14],tempf[13],private_key.get("l1").scalar());
- //fp12e_invert(tempf[15],tempf[14]);
- //fp12e_pow_vartime(tempf[16],tempf[15],private_key.get("j2").scalar());
- //fp12e_pow_vartime(tempf[17],tempf[16],private_key.get("l2").scalar());
-
- //fp12e_invert(tempf[18],tempf[9]);
- //fp12e_pow_vartime(tempf[19],tempf[18],private_key.get("j1").scalar());
- //fp12e_pow_vartime(tempf[20],tempf[19],private_key.get("l1").scalar());
- //fp12e_pow_vartime(tempf[21],tempf[20],private_key.get("i2").scalar());
- //fp12e_pow_vartime(tempf[22],tempf[21],private_key.get("l2").scalar());
-
- //fp12e_invert(tempf[23],tempf[10]);
- //fp12e_pow_vartime(tempf[24],tempf[23],private_key.get("i1").scalar());
- //fp12e_pow_vartime(tempf[25],tempf[24],private_key.get("l1").scalar());
- //fp12e_pow_vartime(tempf[26],tempf[25],private_key.get("j2").scalar());
- //fp12e_pow_vartime(tempf[27],tempf[26],private_key.get("l2").scalar());
-
- //fp12e_pow_vartime(tempf[28],tempf[27],private_key.get("i1").scalar());
- //fp12e_pow_vartime(tempf[29],tempf[28],private_key.get("l1").scalar());
- //fp12e_pow_vartime(tempf[30],tempf[29],private_key.get("i2").scalar());
- //fp12e_pow_vartime(tempf[31],tempf[30],private_key.get("l2").scalar());
-
- //fp12e_mul(tempf[32],tempf[17],tempf[22]);
- //fp12e_mul(tempf[33],tempf[27],tempf[31]);
- //fp12e_mul(test4,tempf[32],tempf[33]);
-
- //fp12e_print(stdout,test4);
- //JUMP;
-
-
- //ecris(affichage de e(u1[0],v[0])^((-j1l1)(-j2l2)));
- //fp12e_print(stdout,tempf[17]);
- //JUMP;
-
- //ecris(affichage de e(-j1l1u1[0],-j2l2v[0]));
- //fp12e_print(stdout,tempf[6]);
- //JUMP;
-
- //zout(scalar2mpz(private_key.get("i1").scalar()));
- //zout(scalar2mpz(private_key.get("j1").scalar()));
- //zout(scalar2mpz(private_key.get("k1").scalar()));
- //zout(scalar2mpz(private_key.get("l1").scalar()));
- //zout(scalar2mpz(private_key.get("i2").scalar()));
- //zout(scalar2mpz(private_key.get("j2").scalar()));
- //zout(scalar2mpz(private_key.get("k2").scalar()));
- //zout(scalar2mpz(private_key.get("l2").scalar()));
-
- //ecris(affichage de e(u1[0],v[0])^j1);
- //fp12e_pow_vartime(tempf[34],tempf[8],private_key.get("j1").scalar());
- //fp12e_print(stdout,tempf[34]);
- //JUMP;
-
- //ecris(affichage de e(j1u1[0],v[0]));
- //curvepoint_fp_scalarmult_vartime(tempc[5],bipoint_curve_subgroupelt[0],private_key.get("j1").scalar());
- //curvepoint_fp_makeaffine(tempc[5]);
- //twistpoint_fp2_makeaffine(public_key.get_bipoint_twist_groupelt()[0]);
- //OptimalAte(tempf[36],tempc[5],public_key.get_bipoint_twist_groupelt()[0]);
- //fp12e_print(stdout,tempf[36]);
- //JUMP;
- //exit(0);
-
-
- //ecris(affichage de e(pi_1(u),pi_2(v)));
- //pairing(private_key.pi_1(public_key.get_bipoint_curve_groupelt()),private_key.pi_2(public_key.get_bipoint_twist_groupelt())).print(0);
- //ecris(affichage de (e(pi_1(u),pi_2(v)))^2);
- //pairing(private_key.pi_1(public_key.get_bipoint_curve_groupelt()),private_key.pi_2(public_key.get_bipoint_twist_groupelt())).square().print_point(0);
-
- //ecris(affichage de (e(pi_1(u),pi_2(v)))^3);
- //scalar_t trois; trois[0]=3;
- //pairing(private_key.pi_1(public_key.get_bipoint_curve_groupelt()),private_key.pi_2(public_key.get_bipoint_twist_groupelt())).pow_vartime(trois).print_point(0);
-
- //ecris(affichage de (e(pi_1(u),pi_2(v)))^4);
- //scalar_t quatre; quatre[0]=4;
- //pairing(private_key.pi_1(public_key.get_bipoint_curve_groupelt()),private_key.pi_2(public_key.get_bipoint_twist_groupelt())).pow_vartime(quatre).print_point(0);
-
- produit.set_quadripoint(factor1*factor2*factor3*factor4*factor5);
- return produit;
- }
- else
- {
- cout << "Problème de type dans multiplicationL1, le premier argument doit être un élément de type CURVE et le second, un élément de type TWIST" << endl;
- exit(0);
- }
- }
|