Jump to content
Tuts 4 You

Problem with elliptic curve implementation

_sb_

By _sb_
in Programming and Coding

Recommended Posts

_sb_

_sb_

Posted
Posted

Hello people i am using miracl and i was trying to implement a *SECURE*`elliptic curve standard. So my parameters should be valid. The curve details is:

: type binary over 2^n

: curve name: SECT-193R2

curve parameters:

a: 0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B

b: 00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE

n: 010000000000000000000000015AAB561B005413CCD4EE99D5

q: 02000000000000000000000000000000000000000000008001

Base point:

x: 00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F

y: 01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C

The problem resides in the public point (x,y) are not getting accepted by miracl as members of the current curve i did the math myself and the equation wont match (y^2+x*y=x^3+a*x^2+b over q and q has the representation in pentomial basis as 193,14,13,13 because 2^193+2^14+2^13+2^13 is equal to q).

actually this does not fits in numerical integer maths. Anyways the implementation in c++ is here like this:

int i=0;

int m193=193;

int a14=14;

int b13=13;

int c13=13;

miracl *mip;

big a, b, p, n, x, d, k, r, s, h,y,y_1;

epoint *G;

TCHAR name[MAX_NAME];

TCHAR serial[MAX_SERIAL];

TCHAR temp[60];

TCHAR decoded[MAX_SERIAL];

BYTE digest[20];

sha sh;

if(GetDlgItemText(hwnd,IDC_NAME,name,MAX_NAME)<MIN_NAME)

{

SetDlgItemText(hwnd, IDC_SERIAL,"your name is too short");

}

else

{

RtlZeroMemory(temp,60);

lstrcat(temp,hardcode);

lstrcat(temp,name);

lstrcpy(name,temp);

RtlZeroMemory(temp,60);

mip = mirsys(50, 0);

G = epoint_init();

memset(serial,0,MAX_SERIAL);

mip->IOBASE = 16;

a = mirvar(0);

b = mirvar(0);

p = mirvar(0);

n = mirvar(0);

y = mirvar(0);

x = mirvar(0);

d = mirvar(0);

k = mirvar(0);

r = mirvar(0);

s = mirvar(0);

h = mirvar(0);

y_1 = mirvar(0);

cinstr(y_1, "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C");

cinstr(x, "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F");

cinstr(p, "AEBF94CEE3E707");

cinstr(n, "010000000000000000000000015AAB561B005413CCD4EE99D5");

cinstr(d, "5445414D584FDA8E91");//gerada

cinstr(a, "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B");

cinstr(b, "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE");

//ecurve_init(a, b, p, MR_AFFINE);

//2^193 + 2^14 + 2^13 + 2^13 + 2^0 for pentominal

ecurve2_init(m193,a14,b13,c13,a,b,FALSE,MR_AFFINE);

epoint2_set(x, y_1, 0, G);

the problem is that when debugged epoint2_set returns al=00 wich is the isomrf boolean for FALSE - in other words he says that (x,y_1) does not belongs to the curve (how come? it should be a member of the active curve), and any math i'll do with it will be purely fake and return allways zero. anyways this is just a portion of my code if you think that i screwed up somewhere on my code here it is the full picture:

ocde_ecc parameters ec2n

a: 0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B

b: 00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE

n: 010000000000000000000000015AAB561B005413CCD4EE99D5

p: 02000000000000000000000000000000000000000000008001

x: 00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F

y: 01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C

the public ec2n point:

9F 9E 72 DA 67 0D 16 62 85 94 79 9A DE 8B 32 33 AE 36 C2 36 48 CB 63 8D 01 needs

reversing for both

25 2F 04 D6 35 5C A5 F5 1A 60 A5 46 06 F5 B5 2B 5C F9 F6 B5 9B EB 51 32

reversed_public_ec2n_point:

018D63CB4836C236AE33328BDE9A79948562160D67DA729E9F ;Qax

3251EB9BB5F6F95C2BB5F50646A5601AF5A55C35D6042F25 ; Qay

*/

#include "all.h"

#include "miracl.h"

DWORD WINAPI GenererSerial(HWND hwnd)

{

int i=0;

int m193=193;

int a14=14;

int b13=13;

int c13=13;

miracl *mip;

big a, b, p, n, x, d, k, r, s, h,y,y_1;

epoint *G;

TCHAR name[MAX_NAME];

TCHAR serial[MAX_SERIAL];

TCHAR temp[60];

TCHAR decoded[MAX_SERIAL];

BYTE digest[20];

sha sh;

if(GetDlgItemText(hwnd,IDC_NAME,name,MAX_NAME)<MIN_NAME)

{

SetDlgItemText(hwnd, IDC_SERIAL,"your name is too short");

}

else

{

RtlZeroMemory(temp,60);

lstrcat(temp,hardcode);

lstrcat(temp,name);

lstrcpy(name,temp);

RtlZeroMemory(temp,60);

mip = mirsys(50, 0);

G = epoint_init();

memset(serial,0,MAX_SERIAL);

mip->IOBASE = 16;

a = mirvar(0);

b = mirvar(0);

p = mirvar(0);

n = mirvar(0);

y = mirvar(0);

x = mirvar(0);

d = mirvar(0);

k = mirvar(0);

r = mirvar(0);

s = mirvar(0);

h = mirvar(0);

y_1 = mirvar(0);

cinstr(y_1, "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C");

cinstr(x, "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F");

cinstr(p, "AEBF94CEE3E707");

cinstr(n, "010000000000000000000000015AAB561B005413CCD4EE99D5");

cinstr(d, "5445414D584FDA8E91");//gerada

cinstr(a, "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B");

cinstr(b, "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE");

//ecurve_init(a, b, p, MR_AFFINE);

//2^193 + 2^14 + 2^13 + 2^13 + 2^0 for pentominal

ecurve2_init(m193,a14,b13,c13,a,b,FALSE,MR_AFFINE);

epoint2_set(x, y_1, 0, G);

irand(GetTickCount());

do

{

bigrand(n, k);

} while(egcd(k, n, s) != 1);

ecurve2_mult(k, G, G);

epoint2_get(G, r, r);

xgcd(k, n, k, k, k);

shs_init(&sh);

i = 0;

while (name != 0)

{

shs_process(&sh, name);

i++;

}

shs_hash(&sh, digest);

bytes_to_big(20, digest, h);

mad(d, r, h, n, n, s);

mad(k, s, s, n, n, s);

RtlZeroMemory(decoded,MAX_SERIAL);

//cotstr(r, serial);

//strcat(serial, "-");

//cotstr(s, temp);

//strcat(serial, temp);

__asm {

//D599EED4 CC135400 1B56AB5A 01000000 00000000 00000000 01000000

MOV BYTE PTR dS:[serial],1

MOV DWORD PTR dS:[serial+1],0

MOV DWORD PTR dS:[serial+1+4],0

MOV DWORD PTR dS:[serial+1+4*2],01000000h

MOV DWORD PTR dS:[serial+1+4*3],1B56AB5Ah

MOV DWORD PTR dS:[serial+1+4*4],0CC135400h

MOV DWORD PTR dS:[serial+1+4*5],22222222h

XOR EAX,EAX

XOR EBX,EBX

XOR ECX,ECX

decode:

mov al, byte ptr ds:[serial+ecx]

inc al

and al, 0f0h

sub al, 30h

movsx eax, al

shr al, 4

or al,30h

mov byte ptr ds:[decoded+ecx*2+1],al

mov al, byte ptr ds:[serial+ecx]

inc al

and al, 0fh

or al,30h

mov byte ptr ds:[decoded+ecx*2],al

inc ecx

cmp ecx, 19h

jnz decode

}

cinstr(x, "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F");

cinstr(y_1, "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C");

epoint2_set(x, y_1, 0, G);

ecurve2_mult(d, G, G);

epoint2_get(G, x, y);

cotstr(x, serial);

strcat(serial, "-");

cotstr(y, temp);

strcat(serial, temp);

SetDlgItemText(hwnd, IDC_SERIAL,serial);

epoint_free(G);

mirkill(a);

mirkill(B);

mirkill(p);

mirkill(y_1);

mirkill(n);

mirkill(x);

mirkill(d);

mirkill(k);

mirkillĀ®;

mirkill(s);

mirkill(y);

mirkill(h);

mirexit();

}

return 0;

}

thanks in advance and sorry to disturb i just dont know what is happening there.

sincerely

team xo.

qpt^J

qpt^J

Posted
Posted

its because of you choosed bad poly

try x^193+x^15+1, not sure though

_sb_

_sb_

Posted
  • Author
Posted

2^193 + 2^15 + 1 == 2^193 + 2^14 + 2^13 + 2^13 + 1 (true)

and miracl does not stand triominal representation.

qpt^J

qpt^J

Posted
Posted (edited)

i checked it with ECCTool, and the only good poly for

Base point:

x: 00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F

y: 01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C

is 2^193 + 2^15 + 1

try other blgnumber libs, there are a lots of them in net

BR, qpt

Edited by qpt^J
_sb_

_sb_

Posted
  • Author
Posted

it got solved with miracl, all it needed to be done would be: blabla_start_a_new_curve_over_2n(integer_m,integer_a,null,null,...

i got this by inventing a litle but its ok now that it works fine, thank you for you nice efforts qpt^j may we see each other soon...

sincerely,

team xo

qpt^J

qpt^J

Posted
Posted

np at all

if you have another question, just call me ;)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...