Beispiel #1
0
func LCM(a *big.Int, b *big.Int) (c *big.Int) {
	x := big.Int{}
	c = big.NewInt(1)
	c.Mul(a, b)
	x.GCD(nil, nil, a, b)
	c.Div(c, &x)
	return
}
Beispiel #2
0
// GenerateMultiPrimeKey generates a multi-prime RSA keypair of the given bit
// size, as suggested in [1]. Although the public keys are compatible
// (actually, indistinguishable) from the 2-prime case, the private keys are
// not. Thus it may not be possible to export multi-prime private keys in
// certain formats or to subsequently import them into other code.
//
// Table 1 in [2] suggests maximum numbers of primes for a given size.
//
// [1] US patent 4405829 (1972, expired)
// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err error) {
	priv = new(PrivateKey)
	priv.E = 65537

	if nprimes < 2 {
		return nil, errors.New("crypto/rsa: GenerateMultiPrimeKey: nprimes must be >= 2")
	}

	primes := make([]*big.Int, nprimes)

NextSetOfPrimes:
	for {
		todo := bits
		for i := 0; i < nprimes; i++ {
			primes[i], err = rand.Prime(random, todo/(nprimes-i))
			if err != nil {
				return nil, err
			}
			todo -= primes[i].BitLen()
		}

		// Make sure that primes is pairwise unequal.
		for i, prime := range primes {
			for j := 0; j < i; j++ {
				if prime.Cmp(primes[j]) == 0 {
					continue NextSetOfPrimes
				}
			}
		}

		n := new(big.Int).Set(bigOne)
		totient := new(big.Int).Set(bigOne)
		pminus1 := new(big.Int)
		for _, prime := range primes {
			n.Mul(n, prime)
			pminus1.Sub(prime, bigOne)
			totient.Mul(totient, pminus1)
		}

		g := new(big.Int)
		priv.D = new(big.Int)
		y := new(big.Int)
		e := big.NewInt(int64(priv.E))
		g.GCD(priv.D, y, e, totient)

		if g.Cmp(bigOne) == 0 {
			priv.D.Add(priv.D, totient)
			priv.Primes = primes
			priv.N = n

			break
		}
	}

	priv.Precompute()
	return
}
Beispiel #3
0
// Returns (N, e, d) of the given size that encrypts decBytes to encBytes
func chosenEncrytion(decBytes, encBytes []byte, keySize int) (N, e, d *big.Int) {
	padM := new(big.Int).SetBytes(encBytes)
	sig := new(big.Int).SetBytes(decBytes)
	eveP, evePFactors := choosePrime(keySize/2, padM, sig, nil)
	eveQ, eveQFactors := choosePrime(keySize/2, padM, sig, evePFactors)
	eveN := new(big.Int).Mul(eveP, eveQ)

	ep := pohlig(padM, sig, eveP, evePFactors)

	eq := pohlig(padM, sig, eveQ, eveQFactors)

	evePhi := new(big.Int).Set(eveN)
	evePhi.Sub(evePhi, eveP)
	evePhi.Sub(evePhi, eveQ)
	evePhi.Add(evePhi, big.NewInt(1))

	// From Wikipedia CRT page
	eveModuli := make(map[*big.Int]*big.Int)
	newP := new(big.Int).Sub(eveP, big.NewInt(1))
	newQ := new(big.Int).Sub(eveQ, big.NewInt(1))
	// Remove "2" factor so CRT works.
	newP.Div(newP, big.NewInt(2))
	newQ.Div(newQ, big.NewInt(2))
	eveModuli[newP] = new(big.Int).Mod(ep, newP)
	eveModuli[newQ] = new(big.Int).Mod(eq, newQ)
	if new(big.Int).Mod(eq, big.NewInt(2)).Cmp(new(big.Int).Mod(ep, big.NewInt(2))) != 0 {
		log.Fatal("ep and eq are not compatible and CRT won't work")
	}
	eveModuli[big.NewInt(4)] = new(big.Int).Mod(eq, big.NewInt(4))
	eveE := new(big.Int)
	for n, a := range eveModuli {
		N := new(big.Int).Set(evePhi)
		scratch := new(big.Int)
		scratch.Mod(N, n)
		if scratch.Cmp(new(big.Int)) != 0 {
			log.Fatalf("hmm %d / %d", N, n)
		}
		N.Div(N, n)
		scratch.GCD(nil, nil, N, n)
		if scratch.Cmp(big.NewInt(1)) != 0 {
			log.Fatalf("GCD: %d", scratch)
		}
		N.ModInverse(N, n)
		N.Mul(N, evePhi)
		N.Div(N, n)
		N.Mul(N, a)
		eveE.Add(eveE, N)
		eveE.Mod(eveE, evePhi)
	}

	return eveN, eveE, new(big.Int).ModInverse(eveE, evePhi)
}
Beispiel #4
0
/*从crypto/rsa复制 */
func modInverse(a, n *big.Int) (ia *big.Int, ok bool) {
	g := new(big.Int)
	x := new(big.Int)
	y := new(big.Int)
	g.GCD(x, y, a, n)
	if g.Cmp(bigOne) != 0 {
		return
	}
	if x.Cmp(bigOne) < 0 {
		x.Add(x, n)
	}
	return x, true
}
Beispiel #5
0
// SmallPrimeTest determins if N is a small prime
// or divisible by a small prime.
func SmallPrimeTest(N *big.Int) int {
	if N.Sign() <= 0 {
		panic("SmallPrimeTest for positive integers only")
	}
	if N.BitLen() <= 10 {
		n := uint16(N.Uint64())
		i := sort.Search(len(primes10), func(i int) bool {
			return primes10[i] >= n
		})
		if i >= len(primes10) || n != primes10[i] {
			return IsComposite
		}
		return IsPrime
	}
	// quick test for N even
	if N.Bits()[0]&1 == 0 {
		return IsComposite
	}
	// compare several small gcds for efficency
	z := new(big.Int)
	if z.GCD(nil, nil, N, prodPrimes10A).Cmp(one) == 1 {
		return IsComposite
	}
	if z.GCD(nil, nil, N, prodPrimes10B).Cmp(one) == 1 {
		return IsComposite
	}
	if z.GCD(nil, nil, N, prodPrimes10C).Cmp(one) == 1 {
		return IsComposite
	}
	if z.GCD(nil, nil, N, prodPrimes10D).Cmp(one) == 1 {
		return IsComposite
	}
	return Undetermined
}
func moBachShallit58(a, n *big.Int, pf []pExp) *big.Int {
	n1 := new(big.Int).Sub(n, one)
	var x, y, o1, g big.Int
	mo := big.NewInt(1)
	for _, pe := range pf {
		y.Quo(n1, y.Exp(pe.prime, big.NewInt(pe.exp), nil))
		var o int64
		for x.Exp(a, &y, n); x.Cmp(one) > 0; o++ {
			x.Exp(&x, pe.prime, n)
		}
		o1.Exp(pe.prime, o1.SetInt64(o), nil)
		mo.Mul(mo, o1.Quo(&o1, g.GCD(nil, nil, mo, &o1)))
	}
	return mo
}
func pollardRho(task *Task, toFactor *big.Int, constant int64) (*big.Int, bool) {

	//~ x := new(big.Int).Set(TWO)
	c := big.NewInt(constant)
	y := big.NewInt(2)
	y.Add(y, c)
	x := c.Add(c, TWO)
	//~
	//~ dprint(toFactor)
	//~ dprint(ZERO)

	//~ sub1 := new(big.Int).Sub(toFactor, ONE)
	//~ x := new(big.Int).Rand(rng, sub1)
	//~ y := new(big.Int).Rand(rng, sub1)

	d := big.NewInt(1)
	r := new(big.Int)
	rand_const := ONE //r.Rand(rng, toFactor)

	if r.Mod(toFactor, TWO).Cmp(ZERO) == 0 {
		return TWO, false
	}

	i := 0
	for d.Cmp(ONE) == 0 {
		/*
		 */
		//~ x = x.Set(y)
		// x = f(x)
		x = x.Mul(x, x).Add(x, rand_const).Mod(x, toFactor)

		// y = f(f(y))
		y = y.Mul(y, y).Add(y, rand_const).Mod(y, toFactor)
		y = y.Mul(y, y).Add(y, rand_const).Mod(y, toFactor)

		r.Sub(x, y).Abs(r)
		d = r.GCD(nil, nil, r, toFactor)
		i++
		if d.Cmp(toFactor) == 0 {
			//~ dprint("failed. retrying")
			return d, true
		} else if task.ShouldStop() {
			return d, true
		}
	}

	return d, false
}
func crt(a, n []*big.Int) (*big.Int, error) {
	p := new(big.Int).Set(n[0])
	for _, n1 := range n[1:] {
		p.Mul(p, n1)
	}
	var x, q, s, z big.Int
	for i, n1 := range n {
		q.Div(p, n1)
		z.GCD(nil, &s, n1, &q)
		if z.Cmp(one) != 0 {
			return nil, fmt.Errorf("%d not coprime", n1)
		}
		x.Add(&x, s.Mul(a[i], s.Mul(&s, &q)))
	}
	return x.Mod(&x, p), nil
}
Beispiel #9
0
func Rho(n *big.Int) (*big.Int, *big.Int) {
	c := big.NewInt(10)
	a0 := big.NewInt(1)
	a1 := new(big.Int)
	a1 = a1.Mul(a0, a0).Add(a1, c)
	a2 := new(big.Int)
	a2 = a2.Mul(a1, a1).Add(a2, c)

	d := new(big.Int)
	g := new(big.Int)
	for Equal(g.GCD(nil, nil, n, d.Sub(a2, a1).Abs(d)), big1) {
		a1.Mul(a1, a1).Add(a1, c).Mod(a1, n)
		a2.Mul(a2, a2).Add(a2, c).Mod(a2, n)
		a2.Mul(a2, a2).Add(a2, c).Mod(a2, n)
	}
	return g, n.Div(n, g)
}
Beispiel #10
0
// ModInverse calculates the modular inverse of a over P
func (curve Curve) ModInverse(a *big.Int) (*big.Int, error) {
	// since P should be a prime, any GCD calculation is really a waste if a != P
	if a.Cmp(curve.Params.N) == 0 {
		return nil, ErrNotRelPrime
	}
	if a.Cmp(big.NewInt(1)) == 0 { // this should never happen
		return nil, ErrNotRelPrime
	}
	if a.Cmp(big.NewInt(0)) == 0 { // this should never happen
		return nil, ErrNotRelPrime
	}
	z := new(big.Int)
	z = z.GCD(nil, nil, a, curve.Params.N)
	if z.Cmp(big.NewInt(1)) == 0 {
		z = z.ModInverse(a, curve.Params.N)
		return z, nil
	}
	return nil, ErrNotRelPrime
}
Beispiel #11
0
// Join takes k shares that resulted from Split and recovers the original
// secret. The shares can be presented in any order, however the (zero based)
// index of each share must be known and provided in shareNumbers.
func Join(shares []*big.Int, shareNumbers []int, modulus *big.Int) (*big.Int, error) {
	if len(shares) != len(shareNumbers) {
		return nil, errors.New("lengths of shares and shareNumbers must match")
	}

	secret := new(big.Int)
	zero := new(big.Int)

	for i := 0; i < len(shares); i++ {
		if shareNumbers[i] < 0 {
			return nil, errors.New("found negative share number")
		}

		c := big.NewInt(1)
		for j := 0; j < len(shares); j++ {
			if i == j {
				continue
			}
			bigJ := big.NewInt(int64(shareNumbers[j] + 1))
			c.Mul(c, bigJ)
			bigJ.Sub(bigJ, big.NewInt(int64(shareNumbers[i]+1)))
			if bigJ.Cmp(zero) < 0 {
				bigJ.Add(bigJ, modulus)
			}

			d := new(big.Int)
			x := new(big.Int)
			y := new(big.Int)
			d.GCD(x, y, bigJ, modulus)
			if x.Cmp(zero) < 0 {
				x.Add(x, modulus)
			}
			c.Mul(c, x)
			c.Mod(c, modulus)
		}

		c.Mul(c, shares[i])
		secret.Add(secret, c)
	}

	secret.Mod(secret, modulus)
	return secret, nil
}
Beispiel #12
0
func checkGCD(n, g *big.Int) (newN, newG *big.Int, ok bool) {

	var z big.Int

	g.Abs(g)

	z.GCD(nil, nil, n, g)

	if z.Cmp(n) == 0 {
		return nil, nil, false
	}

	if z.Cmp(one) == 0 {
		return nil, nil, false
	}

	n.Div(n, &z)

	return n, &z, true
}
Beispiel #13
0
// Validate performs basic sanity checks on the key.
// It returns nil if the key is valid, or else an error describing a problem.
func (priv *PrivateKey) Validate() error {
	// Check that the prime factors are actually prime. Note that this is
	// just a sanity check. Since the random witnesses chosen by
	// ProbablyPrime are deterministic, given the candidate number, it's
	// easy for an attack to generate composites that pass this test.
	for _, prime := range priv.Primes {
		if !prime.ProbablyPrime(20) {
			return errors.New("prime factor is composite")
		}
	}

	// Check that Πprimes == n.
	modulus := new(big.Int).Set(bigOne)
	for _, prime := range priv.Primes {
		modulus.Mul(modulus, prime)
	}
	if modulus.Cmp(priv.N) != 0 {
		return errors.New("invalid modulus")
	}
	// Check that e and totient(Πprimes) are coprime.
	totient := new(big.Int).Set(bigOne)
	for _, prime := range priv.Primes {
		pminus1 := new(big.Int).Sub(prime, bigOne)
		totient.Mul(totient, pminus1)
	}
	e := big.NewInt(int64(priv.E))
	gcd := new(big.Int)
	x := new(big.Int)
	y := new(big.Int)
	gcd.GCD(x, y, totient, e)
	if gcd.Cmp(bigOne) != 0 {
		return errors.New("invalid public exponent E")
	}
	// Check that de ≡ 1 (mod totient(Πprimes))
	de := new(big.Int).Mul(priv.D, e)
	de.Mod(de, totient)
	if de.Cmp(bigOne) != 0 {
		return errors.New("invalid private exponent D")
	}
	return nil
}
Beispiel #14
0
// modInverse returns ia, the inverse of a in the multiplicative group of prime
// order n. It requires that a be a member of the group (i.e. less than n).
func modInverse(a, n *big.Int) (ia *big.Int, ok bool) {
	g := new(big.Int)
	x := new(big.Int)
	y := new(big.Int)
	g.GCD(x, y, a, n)
	if g.Cmp(bigOne) != 0 {
		// In this case, a and n aren't coprime and we cannot calculate
		// the inverse. This happens because the values of n are nearly
		// prime (being the product of two primes) rather than truly
		// prime.
		return
	}

	if x.Cmp(bigOne) < 0 {
		// 0 is not the multiplicative inverse of any element so, if x
		// < 1, then x is negative.
		x.Add(x, n)
	}

	return x, true
}
Beispiel #15
0
// GenerateMultiPrimeKey generates a multi-prime RSA keypair of the given bit
// size, as suggested in [1]. Although the public keys are compatible
// (actually, indistinguishable) from the 2-prime case, the private keys are
// not. Thus it may not be possible to export multi-prime private keys in
// certain formats or to subsequently import them into other code.
//
// Table 1 in [2] suggests maximum numbers of primes for a given size.
//
// [1] US patent 4405829 (1972, expired)
// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err error) {
	priv = new(PrivateKey)
	priv.E = 65537

	if nprimes < 2 {
		return nil, errors.New("crypto/rsa: GenerateMultiPrimeKey: nprimes must be >= 2")
	}

	primes := make([]*big.Int, nprimes)

NextSetOfPrimes:
	for {
		todo := bits
		// crypto/rand should set the top two bits in each prime.
		// Thus each prime has the form
		//   p_i = 2^bitlen(p_i) × 0.11... (in base 2).
		// And the product is:
		//   P = 2^todo × α
		// where α is the product of nprimes numbers of the form 0.11...
		//
		// If α < 1/2 (which can happen for nprimes > 2), we need to
		// shift todo to compensate for lost bits: the mean value of 0.11...
		// is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
		// will give good results.
		if nprimes >= 7 {
			todo += (nprimes - 2) / 5
		}
		for i := 0; i < nprimes; i++ {
			primes[i], err = rand.Prime(random, todo/(nprimes-i))
			if err != nil {
				return nil, err
			}
			todo -= primes[i].BitLen()
		}

		// Make sure that primes is pairwise unequal.
		for i, prime := range primes {
			for j := 0; j < i; j++ {
				if prime.Cmp(primes[j]) == 0 {
					continue NextSetOfPrimes
				}
			}
		}

		n := new(big.Int).Set(bigOne)
		totient := new(big.Int).Set(bigOne)
		pminus1 := new(big.Int)
		for _, prime := range primes {
			n.Mul(n, prime)
			pminus1.Sub(prime, bigOne)
			totient.Mul(totient, pminus1)
		}
		if n.BitLen() != bits {
			// This should never happen for nprimes == 2 because
			// crypto/rand should set the top two bits in each prime.
			// For nprimes > 2 we hope it does not happen often.
			continue NextSetOfPrimes
		}

		g := new(big.Int)
		priv.D = new(big.Int)
		y := new(big.Int)
		e := big.NewInt(int64(priv.E))
		g.GCD(priv.D, y, e, totient)

		if g.Cmp(bigOne) == 0 {
			priv.D.Add(priv.D, totient)
			priv.Primes = primes
			priv.N = n

			break
		}
	}

	priv.Precompute()
	return
}
Beispiel #16
0
func main() {

	scanner := bufio.NewScanner(os.Stdin)

	var z big.Int
	var a, b, c big.Int
	var r big.Int

	two := big.NewInt(2)

	var n_add, n_sub, n_mul2, n_div2, n_gcd, n_sqr, n_invmod, n_exptmod int

	for scanner.Scan() {
		cmd := scanner.Text()

		fmt.Println(n_add, n_sub, n_mul2, n_div2, n_gcd, n_sqr, n_invmod)

		switch cmd {

		case "add_d", "add":
			n_add++
			next(scanner, &a)
			next(scanner, &b)
			next(scanner, &r)

			z.Add(&a, &b)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		case "sub_d", "sub":
			n_sub++
			next(scanner, &a)
			next(scanner, &b)
			next(scanner, &r)

			z.Sub(&a, &b)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		case "mul2":
			n_mul2++
			next(scanner, &a)
			next(scanner, &r)

			z.Mul(&a, two)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		case "div2":
			n_div2++
			next(scanner, &a)
			next(scanner, &r)

			z.Div(&a, two)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}
		case "sqr":
			n_sqr++
			next(scanner, &a)
			next(scanner, &r)

			z.Mul(&a, &a)
			if false && z.Cmp(&r) != 0 {
				fmt.Printf("sqr: %s %s %s\n", a.String(), r.String(), z.String())
			}

		case "gcd":
			n_gcd++
			next(scanner, &a)
			next(scanner, &b)
			next(scanner, &r)

			z.GCD(nil, nil, &a, &b)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		case "invmod":
			n_invmod++
			next(scanner, &a)
			next(scanner, &b)
			next(scanner, &r)

			z.ModInverse(&a, &b)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		case "exptmod":
			n_exptmod++
			next(scanner, &a)
			next(scanner, &b)
			next(scanner, &c)
			next(scanner, &r)

			z.Exp(&a, &b, &c)
			if z.Cmp(&r) != 0 {
				fmt.Println(a, b, r, z)
			}

		default:
			// nothing
		}
	}
}
Beispiel #17
0
Datei: rsa.go Projekt: achanda/go
// GenerateMultiPrimeKey generates a multi-prime RSA keypair of the given bit
// size and the given random source, as suggested in [1]. Although the public
// keys are compatible (actually, indistinguishable) from the 2-prime case,
// the private keys are not. Thus it may not be possible to export multi-prime
// private keys in certain formats or to subsequently import them into other
// code.
//
// Table 1 in [2] suggests maximum numbers of primes for a given size.
//
// [1] US patent 4405829 (1972, expired)
// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*PrivateKey, error) {
	priv := new(PrivateKey)
	priv.E = 65537

	if nprimes < 2 {
		return nil, errors.New("crypto/rsa: GenerateMultiPrimeKey: nprimes must be >= 2")
	}

	if bits < 64 {
		primeLimit := float64(uint64(1) << uint(bits/nprimes))
		// pi approximates the number of primes less than primeLimit
		pi := primeLimit / (math.Log(primeLimit) - 1)
		// Generated primes start with 11 (in binary) so we can only
		// use a quarter of them.
		pi /= 4
		// Use a factor of two to ensure that key generation terminates
		// in a reasonable amount of time.
		pi /= 2
		if pi <= float64(nprimes) {
			return nil, errors.New("crypto/rsa: too few primes of given length to generate an RSA key")
		}
	}

	primes := make([]*big.Int, nprimes)

NextSetOfPrimes:
	for {
		todo := bits
		// crypto/rand should set the top two bits in each prime.
		// Thus each prime has the form
		//   p_i = 2^bitlen(p_i) × 0.11... (in base 2).
		// And the product is:
		//   P = 2^todo × α
		// where α is the product of nprimes numbers of the form 0.11...
		//
		// If α < 1/2 (which can happen for nprimes > 2), we need to
		// shift todo to compensate for lost bits: the mean value of 0.11...
		// is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
		// will give good results.
		if nprimes >= 7 {
			todo += (nprimes - 2) / 5
		}
		for i := 0; i < nprimes; i++ {
			var err error
			primes[i], err = rand.Prime(random, todo/(nprimes-i))
			if err != nil {
				return nil, err
			}
			todo -= primes[i].BitLen()
		}

		// Make sure that primes is pairwise unequal.
		for i, prime := range primes {
			for j := 0; j < i; j++ {
				if prime.Cmp(primes[j]) == 0 {
					continue NextSetOfPrimes
				}
			}
		}

		n := new(big.Int).Set(bigOne)
		totient := new(big.Int).Set(bigOne)
		pminus1 := new(big.Int)
		for _, prime := range primes {
			n.Mul(n, prime)
			pminus1.Sub(prime, bigOne)
			totient.Mul(totient, pminus1)
		}
		if n.BitLen() != bits {
			// This should never happen for nprimes == 2 because
			// crypto/rand should set the top two bits in each prime.
			// For nprimes > 2 we hope it does not happen often.
			continue NextSetOfPrimes
		}

		g := new(big.Int)
		priv.D = new(big.Int)
		e := big.NewInt(int64(priv.E))
		g.GCD(priv.D, nil, e, totient)

		if g.Cmp(bigOne) == 0 {
			if priv.D.Sign() < 0 {
				priv.D.Add(priv.D, totient)
			}
			priv.Primes = primes
			priv.N = n

			break
		}
	}

	priv.Precompute()
	return priv, nil
}
Beispiel #18
0
// CalculateBlindingParams generates the w,z,e,d,a,b privateParams blinding parameters and calculates r1,r2 (included in privateParams)
func (client BlindingClient) CalculateBlindingParams(params *SignRequestPublicInt) (privateParams *BlindingParamsPrivateInt, err error) {
	var loopcount int
	for {
		if loopcount > eccutil.MaxLoopCount {
			return nil, eccutil.ErrMaxLoop
		}
		ScalarRs1, err := client.curve.ExtractR(params.PointRs1)
		if err != nil {
			return nil, err
		}
		ScalarRs2, err := client.curve.ExtractR(params.PointRs2)
		if err != nil {
			return nil, err
		}

		loopcount++
		ScalarW, err := client.curve.GenNVint() // This limits W substantially and is likely unnecessary
		if err != nil {
			continue
		}
		ScalarZ, err := client.curve.GenNVint() // This limits Z substantially and is likely unnecessary
		if err != nil {
			continue
		}
		ScalarE := new(big.Int)
		ScalarD := new(big.Int)

		gcd := new(big.Int)
		gcd = gcd.GCD(ScalarE, ScalarD, ScalarW, ScalarZ) // Int.GCD(w, z, e, d) == 1
		if gcd.Cmp(eccutil.TestOne) != 0 {
			continue
		}

		ScalarA, err := client.curve.GenNVint() // This limits A substantially and is likely unnecessary
		if err != nil {
			continue
		}
		ScalarB, err := client.curve.GenNVint() // This limits B substantially and is likely unnecessary
		if err != nil {
			continue
		}
		_, _ = ScalarA, ScalarB
		ta := eccutil.ManyMult(ScalarW, ScalarA, params.ScalarLs1).Bytes() // w * a * ls1 -> byte ta
		tb := eccutil.ManyMult(ScalarZ, ScalarB, params.ScalarLs2).Bytes() // z * b * ls2 -> byte tb

		PointR1 := client.curve.ScalarMult(params.PointRs1, ta)
		PointR2 := client.curve.ScalarMult(params.PointRs2, tb)

		ScalarR1, err := client.curve.ExtractR(PointR1) // scalarmult(ta,R1).x mod P  != 0
		if err != nil {
			continue
		}
		ScalarR2, err := client.curve.ExtractR(PointR2) // scalarmult(tb,R2).x mod P  != 0
		if err != nil {
			continue
		}

		// Probably useless test
		_, err = client.curve.TestParams(ScalarW, ScalarZ, ScalarE, ScalarD, ScalarA, ScalarB, ScalarR1, ScalarR2, ScalarRs1, ScalarRs2, params.ScalarLs1, params.ScalarLs2)
		if err != nil {
			continue
		}
		bp := new(BlindingParamsPrivateInt)
		bp.ScalarW, bp.ScalarZ = ScalarW, ScalarZ
		bp.ScalarE, bp.ScalarD = ScalarE, ScalarD
		bp.ScalarA, bp.ScalarB = ScalarA, ScalarB
		bp.PointR1, bp.PointR2 = PointR1, PointR2
		bp.ScalarR1, bp.ScalarR2 = ScalarR1, ScalarR2
		bp.ScalarRs1, bp.ScalarRs2 = ScalarRs1, ScalarRs2
		bp.IsUsed = false
		return bp, nil
	}
}
Beispiel #19
0
func LeastCommonMultiple(a, b big.Int) big.Int {
	var z big.Int
	z.Mul(z.Div(&a, z.GCD(nil, nil, &a, &b)), &b)
	return z
}