Sorry for the false alarm. I just realized that I was using the *order*
as the *modulus* argument to the ECP constructor.
i.e. -- if I replace N in the sample code with the following string:
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", the
code works as expected!
On 02/28/2012 11:15 PM, Alan Reiner wrote:
I have spent hours trying to figure out why my ECP calls in Crypto++
are not producing correct answers. Perhaps I just don't understand
the library usage, but I can't find any example code on this.
I am attempting to do scalar-point multiplication, and point-point
addition on the secp256k1 curve. I have pulled the curve parameters
directly from the EcRecommendedParameters definition: N is the order
of the secp256k1 EC group, and a=0, b=7 in the equation
y^2=x^3+ax+b. I used them in the following code:
----------------------------------------------------------------------------------------------
static BinaryData N = BinaryData::CreateFromHex(
"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
static BinaryData a = BinaryData::CreateFromHex(
"0000000000000000000000000000000000000000000000000000000000000000");
static BinaryData b = BinaryData::CreateFromHex(
"0000000000000000000000000000000000000000000000000000000000000007");
CryptoPP::Integer intA, intBx, intBy, intN, inta, intb;
intN.Decode( N.getPtr(), N.getSize(), UNSIGNED);
inta.Decode( a.getPtr(), a.getSize(), UNSIGNED);
intb.Decode( b.getPtr(), b.getSize(), UNSIGNED);
*CryptoPP::ECP ecp(intN, inta, intb);
*
intA .Decode(A.getPtr(), A.getSize(), UNSIGNED);
intBx.Decode(Bx.getPtr(), Bx.getSize(), UNSIGNED);
intBy.Decode(By.getPtr(), By.getSize(), UNSIGNED);
BTC_ECPOINT B(intBx, intBy);
BTC_ECPOINT C = ecp.ScalarMultiply(B, intA);
BinaryData Cbd(64);
C.x.Encode(Cbd.getPtr(), 32, UNSIGNED);
C.y.Encode(Cbd.getPtr()+32, 32, UNSIGNED);
----------------------------------------------------------------------------------------------
Yet, when I execute the code with a known point on the secp256k1
curve, the result is /not/ on the secp256k1 curve. Everything should
be in big-endian, and I have tried switching endianness with no luck.
For instance, if I use the known secp256k1 point:
(x,y) =
(a706ad8f73115f90500266f273f7571df9429a4cfb4bbfbcd825227202dabad1,
ba3d35c73aec698af852b327ba1c24e11758936bb6322fe93d7469b182f66631)
Multiplying by 2 gets me:
(x,y) =
(659c31a54e3e368509e54128911033ed484d181748d962386bb36881053f66c3,
c064da501202e48492e31e7553fdb3b6628a31ac1cc6ffe56cef3ad94c4f9ea1)
But that point is not on secp256k1. Can anyone offer insight into why
this doesn't work?
Thanks so much in advance! -Alan
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
