This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch review-mike in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit a703dbfa397e4fd86a5eac5ec8d0fa2814447b2a Author: Samuele Andreoli <[email protected]> AuthorDate: Wed Apr 8 17:27:58 2020 +0100 update CRT to reflect milagro-crypto-c --- include/amcl/commitments.h | 1 + python/amcl/mpc.py | 1 + src/commitments.c | 5 +++-- src/factoring_zk.c | 4 +++- src/mta.c | 10 ++++++++-- 5 files changed, 16 insertions(+), 5 deletions(-) diff --git a/include/amcl/commitments.h b/include/amcl/commitments.h index ba25de6..f7bf607 100644 --- a/include/amcl/commitments.h +++ b/include/amcl/commitments.h @@ -71,6 +71,7 @@ typedef struct { BIG_1024_58 P[HFLEN_2048]; /**< Safe prime P = 2p+1 */ BIG_1024_58 Q[HFLEN_2048]; /**< Safe prime Q = 2q+1 */ + BIG_1024_58 invPQ[HFLEN_2048]; /**< Precomputed P^(-1) mod Q */ BIG_1024_58 pq[FFLEN_2048]; /**< Precomputed product of p and q */ BIG_1024_58 N[FFLEN_2048]; /**< Public part of the modulus */ BIG_1024_58 alpha[FFLEN_2048]; /**< Secret exponent of the DLOG b1 = b0^alpha*/ diff --git a/python/amcl/mpc.py b/python/amcl/mpc.py index 4714442..2cbf1dc 100644 --- a/python/amcl/mpc.py +++ b/python/amcl/mpc.py @@ -61,6 +61,7 @@ typedef struct BIG_1024_58 lq[1]; BIG_1024_58 invp[2]; BIG_1024_58 invq[2]; + BIG_1024_58 invpq[1]; BIG_1024_58 p2[2]; BIG_1024_58 q2[2]; BIG_1024_58 mp[1]; diff --git a/src/commitments.c b/src/commitments.c index af7c2af..2991d3e 100644 --- a/src/commitments.c +++ b/src/commitments.c @@ -229,6 +229,7 @@ void COMMITMENTS_BC_setup(csprng *RNG, COMMITMENTS_BC_priv_modulus *m, octet *P, FF_2048_mul(m->N, m->P, m->Q, HFLEN_2048); FF_2048_mul(m->pq, p, q, HFLEN_2048); + FF_2048_invmodp(m->invPQ, m->P, m->Q, HFLEN_2048); /* Load or generate generator b0 and DLOG exponent alpha */ @@ -239,7 +240,7 @@ void COMMITMENTS_BC_setup(csprng *RNG, COMMITMENTS_BC_priv_modulus *m, octet *P, bc_generator(RNG, gp, p, m->P, HFLEN_2048); bc_generator(RNG, gq, q, m->Q, HFLEN_2048); - FF_2048_crt(m->b0, gp, gq, m->P, m->Q, HFLEN_2048); + FF_2048_crt(m->b0, gp, gq, m->P, m->invPQ, m->N, HFLEN_2048); } else { @@ -276,7 +277,7 @@ void COMMITMENTS_BC_setup(csprng *RNG, COMMITMENTS_BC_priv_modulus *m, octet *P, FF_2048_skpow(gp, gp, ap, m->P, HFLEN_2048, HFLEN_2048); FF_2048_skpow(gq, gq, aq, m->Q, HFLEN_2048, HFLEN_2048); - FF_2048_crt(m->b1, gp, gq, m->P, m->Q, HFLEN_2048); + FF_2048_crt(m->b1, gp, gq, m->P, m->invPQ, m->N, HFLEN_2048); // Clean memory FF_2048_zero(p, HFLEN_2048); diff --git a/src/factoring_zk.c b/src/factoring_zk.c index 07dd2e8..10b10e2 100644 --- a/src/factoring_zk.c +++ b/src/factoring_zk.c @@ -104,6 +104,7 @@ void FACTORING_ZK_prove(csprng *RNG, octet *P, octet *Q, octet *R, octet *E, oct BIG_1024_58 p[HFLEN_2048]; BIG_1024_58 q[HFLEN_2048]; + BIG_1024_58 invpq[HFLEN_2048]; BIG_1024_58 n[FFLEN_2048]; BIG_1024_58 r[FFLEN_2048]; @@ -124,6 +125,7 @@ void FACTORING_ZK_prove(csprng *RNG, octet *P, octet *Q, octet *R, octet *E, oct FF_2048_fromOctet(p, P, HFLEN_2048); FF_2048_fromOctet(q, Q, HFLEN_2048); FF_2048_mul(n, p, q, HFLEN_2048); + FF_2048_invmodp(invpq, p, q, HFLEN_2048); if (RNG != NULL) { @@ -175,7 +177,7 @@ void FACTORING_ZK_prove(csprng *RNG, octet *P, octet *Q, octet *R, octet *E, oct FF_2048_skpow(zrq, hws, rq, q, HFLEN_2048, HFLEN_2048); // Combine Z_i ^ r mod N with CRT - FF_2048_crt(ws, zrp, zrq, p, q, HFLEN_2048); + FF_2048_crt(ws, zrp, zrq, p, invpq, n, HFLEN_2048); // Process Z_i ^ r mod N in H FF_2048_toOctet(&W, ws, FFLEN_2048); diff --git a/src/mta.c b/src/mta.c index d41174e..41368b5 100644 --- a/src/mta.c +++ b/src/mta.c @@ -326,6 +326,8 @@ void MTA_RP_commit(csprng *RNG, PAILLIER_private_key *key, COMMITMENTS_BC_pub_mo BIG_1024_58 n[FFLEN_2048]; BIG_1024_58 g[FFLEN_2048]; BIG_1024_58 q[HFLEN_2048]; + BIG_1024_58 invp2q2[FFLEN_2048]; + BIG_1024_58 n2[2 * FFLEN_2048]; BIG_1024_58 ws1[FFLEN_2048]; BIG_1024_58 ws2[FFLEN_2048]; BIG_1024_58 dws[2 * FFLEN_2048]; @@ -342,6 +344,9 @@ void MTA_RP_commit(csprng *RNG, PAILLIER_private_key *key, COMMITMENTS_BC_pub_mo FF_2048_mul(n, key->p, key->q, HFLEN_2048); FF_2048_copy(g, n, FFLEN_2048); FF_2048_inc(g, 1, FFLEN_2048); + FF_2048_sqr(n2, n, FFLEN_2048); + FF_2048_norm(n2, 2 * FFLEN_2048); + FF_2048_invmodp(invp2q2, key->p2, key->q2, FFLEN_2048); if (RNG != NULL) { @@ -382,7 +387,7 @@ void MTA_RP_commit(csprng *RNG, PAILLIER_private_key *key, COMMITMENTS_BC_pub_mo // Compute u using CRT FF_2048_skpow2(ws1, g, rv->alpha, rv->beta, n, key->p2, FFLEN_2048, FFLEN_2048); FF_2048_skpow2(ws2, g, rv->alpha, rv->beta, n, key->q2, FFLEN_2048, FFLEN_2048); - FF_2048_crt(dws, ws1, ws2, key->p2, key->q2, FFLEN_2048); + FF_2048_crt(dws1, ws1, ws2, key->p2, invp2q2, n2, FFLEN_2048); // Convert u as FF_4096 since it is only used as such FF_2048_toOctet(&OCT, dws, 2 * FFLEN_2048); @@ -479,7 +484,8 @@ void MTA_RP_prove(PAILLIER_private_key *key, MTA_RP_commitment_rv *rv, octet *M, FF_2048_mul(ws1, sq, hws, HFLEN_2048); FF_2048_dmod(sq, ws1, key->q, HFLEN_2048); - FF_2048_crt(ws1, sp, sq, key->p, key->q, HFLEN_2048); + FF_2048_mul(ws2, key->p, key->q, HFLEN_2048); + FF_2048_crt(ws1, sp, sq, key->p, key->invpq, ws2, HFLEN_2048); // Convert s to FF_4096 since it is only used as such FF_2048_toOctet(&OCT, ws1, FFLEN_2048);
