Crypto++ 8.9
Free C++ class library of cryptographic schemes
rabin.cpp
1// rabin.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "rabin.h"
5#include "integer.h"
6#include "nbtheory.h"
7#include "modarith.h"
8#include "asn.h"
9#include "sha.h"
10#include "trap.h"
11
12NAMESPACE_BEGIN(CryptoPP)
13
14void RabinFunction::BERDecode(BufferedTransformation &bt)
15{
16 BERSequenceDecoder seq(bt);
17 m_n.BERDecode(seq);
18 m_r.BERDecode(seq);
19 m_s.BERDecode(seq);
20 seq.MessageEnd();
21}
22
23void RabinFunction::DEREncode(BufferedTransformation &bt) const
24{
25 DERSequenceEncoder seq(bt);
26 m_n.DEREncode(seq);
27 m_r.DEREncode(seq);
28 m_s.DEREncode(seq);
29 seq.MessageEnd();
30}
31
33{
35
36 Integer out = in.Squared()%m_n;
37 if (in.IsOdd())
38 out = out*m_r%m_n;
39 if (Jacobi(in, m_n)==-1)
40 out = out*m_s%m_n;
41 return out;
42}
43
44bool RabinFunction::Validate(RandomNumberGenerator& /*rng*/, unsigned int level) const
45{
46 bool pass = true;
47 pass = pass && m_n > Integer::One() && m_n%4 == 1;
48 CRYPTOPP_ASSERT(pass);
49 pass = pass && m_r > Integer::One() && m_r < m_n;
50 CRYPTOPP_ASSERT(pass);
51 pass = pass && m_s > Integer::One() && m_s < m_n;
52 CRYPTOPP_ASSERT(pass);
53 if (level >= 1)
54 {
55 pass = pass && Jacobi(m_r, m_n) == -1 && Jacobi(m_s, m_n) == -1;
56 CRYPTOPP_ASSERT(pass);
57 }
58 return pass;
59}
60
61bool RabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
62{
63 return GetValueHelper(this, name, valueType, pValue).Assignable()
64 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
65 CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
66 CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
67 ;
68}
69
71{
72 AssignFromHelper(this, source)
73 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
74 CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
75 CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
76 ;
77}
78
79// *****************************************************************************
80// private key operations:
81
82// generate a random private key
84{
85 int modulusSize = 2048;
86 alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
87
88 if (modulusSize < 16)
89 throw InvalidArgument("InvertibleRabinFunction: specified modulus size is too small");
90
91 // VC70 workaround: putting these after primeParam causes overlapped stack allocation
92 bool rFound=false, sFound=false;
93 Integer t=2;
94
95 AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
96 ("EquivalentTo", 3)("Mod", 4);
97 m_p.GenerateRandom(rng, primeParam);
98 m_q.GenerateRandom(rng, primeParam);
99
100 while (!(rFound && sFound))
101 {
102 int jp = Jacobi(t, m_p);
103 int jq = Jacobi(t, m_q);
104
105 if (!rFound && jp==1 && jq==-1)
106 {
107 m_r = t;
108 rFound = true;
109 }
110
111 if (!sFound && jp==-1 && jq==1)
112 {
113 m_s = t;
114 sFound = true;
115 }
116
117 ++t;
118 }
119
120 m_n = m_p * m_q;
121 m_u = m_q.InverseMod(m_p);
122}
123
124void InvertibleRabinFunction::BERDecode(BufferedTransformation &bt)
125{
126 BERSequenceDecoder seq(bt);
127 m_n.BERDecode(seq);
128 m_r.BERDecode(seq);
129 m_s.BERDecode(seq);
130 m_p.BERDecode(seq);
131 m_q.BERDecode(seq);
132 m_u.BERDecode(seq);
133 seq.MessageEnd();
134
137}
138
139void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const
140{
141 DERSequenceEncoder seq(bt);
142 m_n.DEREncode(seq);
143 m_r.DEREncode(seq);
144 m_s.DEREncode(seq);
145 m_p.DEREncode(seq);
146 m_q.DEREncode(seq);
147 m_u.DEREncode(seq);
148 seq.MessageEnd();
149}
150
152{
155
157
158 ModularArithmetic modn(m_n);
159 Integer r(rng, Integer::One(), m_n - Integer::One());
160 r = modn.Square(r);
161 Integer r2 = modn.Square(r);
162 Integer c = modn.Multiply(in, r2); // blind
163
164 Integer cp=c%m_p, cq=c%m_q;
165
166 int jp = Jacobi(cp, m_p);
167 int jq = Jacobi(cq, m_q);
168
169 if (jq==-1)
170 {
171 cp = cp*EuclideanMultiplicativeInverse(m_r, m_p)%m_p;
172 cq = cq*EuclideanMultiplicativeInverse(m_r, m_q)%m_q;
173 }
174
175 if (jp==-1)
176 {
177 cp = cp*EuclideanMultiplicativeInverse(m_s, m_p)%m_p;
178 cq = cq*EuclideanMultiplicativeInverse(m_s, m_q)%m_q;
179 }
180
181 cp = ModularSquareRoot(cp, m_p);
182 cq = ModularSquareRoot(cq, m_q);
183
184 if (jp==-1)
185 cp = m_p-cp;
186
187 Integer out = CRT(cq, m_q, cp, m_p, m_u);
188
189 out = modn.Divide(out, r); // unblind
190
191 if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd()))
192 out = m_n-out;
193
194 return out;
195}
196
198{
199 bool pass = RabinFunction::Validate(rng, level);
200 CRYPTOPP_ASSERT(pass);
201 pass = pass && m_p > Integer::One() && m_p%4 == 3 && m_p < m_n;
202 CRYPTOPP_ASSERT(pass);
203 pass = pass && m_q > Integer::One() && m_q%4 == 3 && m_q < m_n;
204 CRYPTOPP_ASSERT(pass);
205 pass = pass && m_u.IsPositive() && m_u < m_p;
206 CRYPTOPP_ASSERT(pass);
207 if (level >= 1)
208 {
209 pass = pass && m_p * m_q == m_n;
210 CRYPTOPP_ASSERT(pass);
211 pass = pass && m_u * m_q % m_p == 1;
212 CRYPTOPP_ASSERT(pass);
213 pass = pass && Jacobi(m_r, m_p) == 1;
214 CRYPTOPP_ASSERT(pass);
215 pass = pass && Jacobi(m_r, m_q) == -1;
216 CRYPTOPP_ASSERT(pass);
217 pass = pass && Jacobi(m_s, m_p) == -1;
218 CRYPTOPP_ASSERT(pass);
219 pass = pass && Jacobi(m_s, m_q) == 1;
220 CRYPTOPP_ASSERT(pass);
221 }
222 if (level >= 2)
223 {
224 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
225 CRYPTOPP_ASSERT(pass);
226 }
227 return pass;
228}
229
230bool InvertibleRabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
231{
232 return GetValueHelper<RabinFunction>(this, name, valueType, pValue).Assignable()
233 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
234 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
235 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
236 ;
237}
238
240{
241 AssignFromHelper<RabinFunction>(this, source)
242 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
243 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
244 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
245 ;
246}
247
248NAMESPACE_END
Classes and functions for working with ANS.1 objects.
An object that implements NameValuePairs.
Definition algparam.h:426
BER Sequence Decoder.
Definition asn.h:526
Interface for buffered transformations.
Definition cryptlib.h:1657
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition cryptlib.h:2498
DER Sequence Encoder.
Definition asn.h:558
Multiple precision integer with arithmetic operations.
Definition integer.h:50
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
Generate a random number.
Definition integer.h:509
bool IsPositive() const
Determines if the Integer is positive.
Definition integer.h:347
Integer Squared() const
Multiply this integer by itself.
Definition integer.h:634
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
bool IsOdd() const
Determines if the Integer is odd parity.
Definition integer.h:356
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
static const Integer & One()
Integer representing 1.
bool IsEven() const
Determines if the Integer is even parity.
Definition integer.h:353
An invalid argument was detected.
Definition cryptlib.h:208
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition rabin.cpp:151
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition rabin.cpp:83
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition rabin.cpp:239
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition rabin.cpp:197
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition rabin.cpp:230
Ring of congruence classes modulo n.
Definition modarith.h:44
const Integer & Square(const Integer &a) const
Square an element in the ring.
Definition modarith.h:197
const Integer & Multiply(const Integer &a, const Integer &b) const
Multiplies elements in the ring.
Definition modarith.h:190
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition modarith.h:218
Interface for retrieving values given their names.
Definition cryptlib.h:327
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition cryptlib.h:420
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition rabin.cpp:61
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition rabin.cpp:44
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition rabin.cpp:70
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition rabin.cpp:32
Interface for random number generators.
Definition cryptlib.h:1440
Multiple precision integer with arithmetic operations.
Class file for performing modular arithmetic.
Crypto++ library namespace.
Classes and functions for number theoretic operations.
CRYPTOPP_DLL int Jacobi(const Integer &a, const Integer &b)
Calculate the Jacobi symbol.
CRYPTOPP_DLL bool IsPrime(const Integer &p)
Verifies a number is probably prime.
CRYPTOPP_DLL Integer ModularSquareRoot(const Integer &a, const Integer &p)
Extract a modular square root.
CRYPTOPP_DLL bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level=1)
Verifies a number is probably prime.
Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b)
Calculate multiplicative inverse.
Definition nbtheory.h:169
CRYPTOPP_DLL Integer CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u)
Chinese Remainder Theorem.
Precompiled header file.
Classes for Rabin encryption and signature schemes.
Classes for SHA-1 and SHA-2 family of message digests.
Debugging and diagnostic assertions.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition trap.h:68