This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch issue18-add-python-flow-example in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 177a37e66421e98e45b6c973071f51d6bd6a0c1a Author: Samuele Andreoli <[email protected]> AuthorDate: Wed Feb 26 16:22:14 2020 +0000 Add custom functions for keys and k generation --- examples/example_ecdsa.c | 65 +++++++------------------------------- examples/example_ecdsa_mpc.c | 5 ++- examples/example_full.c | 13 +++----- include/amcl/mpc.h | 20 ++++++++++++ src/mpc.c | 43 ++++++++++++++++++++++++- test/smoke/test_ecdsa_smoke.c | 73 +++++++++---------------------------------- 6 files changed, 94 insertions(+), 125 deletions(-) diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c index be43f53..8da4bd2 100644 --- a/examples/example_ecdsa.c +++ b/examples/example_ecdsa.c @@ -136,11 +136,6 @@ int test(csprng *RNG) char hm[32]; octet HM = {0,sizeof(hm),hm}; - char nc_ecp[2 * EFS_SECP256K1 + 1]; - octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp}; - - ECP_SECP256K1 P; - printf("Generating Paillier key pair one\n"); PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1); @@ -148,16 +143,7 @@ int test(csprng *RNG) PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2); printf("Generating ECDSA key pair one\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP); - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&PK1, &P, true); - + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1); rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1); if (rc!=0) { @@ -166,64 +152,37 @@ int test(csprng *RNG) } printf("Generating ECDSA key pair two\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP); - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&PK2, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2); - if (rc!=0) + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2); + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating GAMMA pair one\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP); - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1); - if (rc!=0) + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1); + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating GAMMA pair two\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP); - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2); - if (rc!=0) + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2); + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating K1\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP); + MPC_K_GENERATE(RNG, &K1); printf("Generating K2\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP); + MPC_K_GENERATE(RNG, &K2); OCT_jstring(&M,"test message"); printf("M: "); diff --git a/examples/example_ecdsa_mpc.c b/examples/example_ecdsa_mpc.c index 87dba95..cba4c96 100644 --- a/examples/example_ecdsa_mpc.c +++ b/examples/example_ecdsa_mpc.c @@ -30,7 +30,7 @@ int main() char sk[EGS_SECP256K1]; octet SK = {0,sizeof(sk),sk}; - char pk[2*EFS_SECP256K1+1]; + char pk[EFS_SECP256K1+1]; octet PK = {0,sizeof(pk),pk}; char k[EGS_SECP256K1]; @@ -49,8 +49,7 @@ int main() char* sk_hex = "2f7b34cc0194179865128b63dc8af0c4062067291693e8043eda653d32a2b2d2"; OCT_fromHex(&SK,sk_hex); - // ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&SK,&PK); - ECP_SECP256K1_KEY_PAIR_GENERATE(NULL,&SK,&PK); + MPC_ECDSA_KEY_PAIR_GENERATE(NULL,&SK,&PK); rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK); if (rc!=0) { diff --git a/examples/example_full.c b/examples/example_full.c index dd5dd9a..c45dd69 100644 --- a/examples/example_full.c +++ b/examples/example_full.c @@ -53,7 +53,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q) { int rc; - char pk[2 * EFS_SECP256K1 + 1]; + char pk[EFS_SECP256K1 + 1]; octet PK = {0, sizeof(pk), pk}; char out[2][FS_2048]; @@ -65,12 +65,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q) // ECDSA Key Pair printf("\n\tGenerate ECDSA key pair\n"); - rc = ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, km->SK, &PK); - if (rc != 0) - { - return rc; - } - + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, km->SK, &PK); rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK); if (rc != 0) { @@ -1297,7 +1292,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_ BIG_256_56_toBytes(K1.val, k1); K1.len = EGS_SECP256K1; - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP); ECP_SECP256K1_fromOctet(&P, &NCP); ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true); @@ -1327,7 +1322,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_ BIG_256_56_toBytes(K2.val, k2); K2.len = EGS_SECP256K1; - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP); ECP_SECP256K1_fromOctet(&P, &NCP); ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true); diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h index 9e5045e..7203578 100644 --- a/include/amcl/mpc.h +++ b/include/amcl/mpc.h @@ -37,6 +37,17 @@ extern "C" { #define MPC_FAIL 71 /**< Failure */ #define MPC_INVALID_ECP 72 /**< Input is not a valid point on the curve */ +/** @brief Generate an ECC public/private key pair + * + * Generat an ECC public/private key pair W = s.G, where + * G is a fixed public generator + * + * @param RNG is a pointer to a cryptographically secure random number generator + * @param S the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input + * @param W the output public key, which is s.G, where G is a fixed generator + */ +void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W); + /** \brief ECDSA Sign message * * Generate the ECDSA signature on message, M, with outputs (R,S) @@ -70,6 +81,15 @@ int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S); */ int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S); +/** \brief Generate a random K for and ECDSA signature + * + * Generate a random K modulo the curve order + * + * @param RNG Pointer to a cryptographically secure PRNG + * @param K Destination octet for the randomly generated value + */ +void MPC_K_GENERATE(csprng *RNG, octet *K); + /** \brief Calculate the inverse of the sum of kgamma values * * Calculate the inverse of the sum of kgamma values diff --git a/src/mpc.c b/src/mpc.c index 80babcc..6a97c46 100644 --- a/src/mpc.c +++ b/src/mpc.c @@ -23,6 +23,35 @@ under the License. #include <amcl/ecdh_support.h> #include <amcl/mpc.h> +/* Generate ECDSA key pair */ +void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W) +{ + + BIG_256_56 s, q; + + ECP_SECP256K1 G; + + ECP_SECP256K1_generator(&G); + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); + + if (RNG!=NULL) + { + BIG_256_56_randomnum(s, q, RNG); + + S->len=EGS_SECP256K1; + BIG_256_56_toBytes(S->val,s); + } + else + { + BIG_256_56_fromBytesLen(s, S->val, S->len); + } + + ECP_SECP256K1_mul(&G, s); + ECP_SECP256K1_toOctet(W, &G, true); + + BIG_256_56_zero(s); +} + /* ECDSA Signature, R and S are the signature on M using private key SK */ int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S) { @@ -157,6 +186,19 @@ int MPC_ECDSA_VERIFY(octet *HM, octet *PK, octet *R,octet *S) return res; } +void MPC_K_GENERATE(csprng *RNG, octet *K) +{ + BIG_256_56 s, q; + + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); + BIG_256_56_randomnum(s, q, RNG); + + K->len=EGS_SECP256K1; + BIG_256_56_toBytes(K->val, s); + + BIG_256_56_zero(s); +} + /* Calculate the inverse of kgamma */ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA) { @@ -183,7 +225,6 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA) BIG_256_56_toBytes(INVKGAMMA->val, kgamma1); } - /* Calculate the r component of the signature */ int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP) { diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c index eb20072..f4e1106 100644 --- a/test/smoke/test_ecdsa_smoke.c +++ b/test/smoke/test_ecdsa_smoke.c @@ -136,11 +136,6 @@ int test(csprng *RNG) char hm[32]; octet HM = {0,sizeof(hm),hm}; - char nc_ecp[2 * EFS_SECP256K1 + 1]; - octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp}; - - ECP_SECP256K1 P; - printf("Generating Paillier key pair one\n"); PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1); @@ -148,90 +143,50 @@ int test(csprng *RNG) PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2); printf("Generating ECDSA key pair one\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1); - // Convert to compressed form - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&PK1, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1); - if (rc!=0) + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating ECDSA key pair two\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP); - - // Convert to compressed form - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&PK2, &P, true); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2); - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2); - if (rc!=0) + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating GAMMA pair one\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1); - // Convert to compressed form - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1); - if (rc!=0) + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating GAMMA pair two\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP); + MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2); - // Convert to compressed form - rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP); - if (!rc) - { - fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n"); - exit(EXIT_FAILURE); - } - - ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true); - - rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2); - if (rc!=0) + rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2); + if (rc != 0) { fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc); exit(EXIT_FAILURE); } printf("Generating K1\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP); + MPC_K_GENERATE(RNG, &K1); printf("Generating K2\n"); - ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP); + MPC_K_GENERATE(RNG, &K2); OCT_jstring(&M,"test message"); printf("M: ");
