-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpcnr.c
67 lines (55 loc) · 1.59 KB
/
pcnr.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/*
* Copyright 2016 naehrwert
* Licensed under the terms of the GNU GPL, version 2
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
*/
#include "pcnr.h"
void pcnr_sign(pcnr_ctxt_t *ctxt, pcnr_sig_t *sig, bn_t *H)
{
bn_t *e = bn_alloc(ctxt->N->n),
*kk = bn_alloc(ctxt->N->n),
*m = bn_alloc(ctxt->N->n);
pc_point_t *mG = pc_point_alloc(ctxt->pcg->p->n);
// Create random(!) m.
bn_reduce(bn_rand(m), ctxt->N);
// R = (mG).x + e
bn_reduce(bn_copy(e, H), ctxt->N);
pc_point_mul(mG, m, ctxt->G, ctxt->pcg);
pc_point_from_mon(mG, ctxt->pcg);
bn_add(sig->R, mG->x, e, ctxt->N);
// S = (m - kR) mod N
bn_reduce(bn_copy(kk, ctxt->k), ctxt->N);
bn_to_mon(kk, ctxt->N);
bn_to_mon(sig->R, ctxt->N);
bn_mon_mul(e, kk, sig->R, ctxt->N);
bn_from_mon(sig->R, ctxt->N);
bn_from_mon(e, ctxt->N);
bn_sub(sig->S, m, e, ctxt->N);
//Free temporaries.
pc_point_free(mG);
bn_free(m);
bn_free(kk);
bn_free(e);
}
int pcnr_verify(pcnr_ctxt_t *ctxt, pcnr_sig_t *sig, bn_t *H)
{
int res = 0;
bn_t *e = bn_alloc(ctxt->N->n),
*z = bn_alloc(ctxt->N->n);
pc_point_t *P1 = pc_point_alloc(ctxt->pcg->p->n),
*P2 = pc_point_alloc(ctxt->pcg->p->n);
//P1 = S*G + R*Q
pc_point_mul(P1, sig->S, ctxt->G, ctxt->pcg);
pc_point_mul(P2, sig->R, ctxt->Q, ctxt->pcg);
pc_point_add(P1, P1, P2, ctxt->pcg);
pc_point_from_mon(P1, ctxt->pcg);
//z = R - P.x (mod N)
bn_sub(z, sig->R, P1->x, ctxt->N);
bn_reduce(bn_copy(e, H), ctxt->N);
res = (bn_cmp(e, z) == BN_CMP_E);
bn_free(z);
bn_free(e);
pc_point_free(P2);
pc_point_free(P1);
return res;
}