From 40f4da22657db96cdc6ce58daf2482aa40425c7d Mon Sep 17 00:00:00 2001 From: Kris Kwiatkowski Date: Mon, 3 Sep 2018 14:02:41 +0100 Subject: [PATCH] WIP --- Makefile | 1 + internal/utils/utils.go | 6 +++ p751toolbox/api.go | 41 +++++++++++++++++++++ sidh/api.go | 1 + sidh/params.go | 7 ++++ sidh/sidh.go | 81 ++++++++++++++++++++++++++++++++++------- 6 files changed, 123 insertions(+), 14 deletions(-) create mode 100644 internal/utils/utils.go create mode 100644 p751toolbox/api.go diff --git a/Makefile b/Makefile index dd683bc..b72adb2 100644 --- a/Makefile +++ b/Makefile @@ -33,6 +33,7 @@ build_env: GOPATH=$(GOPATH_LOCAL) go get $(CSHAKE_PKG) mkdir -p $(GOPATH_LOCAL)/src/$(GOPATH_DIR) cp -rf etc $(GOPATH_LOCAL)/src/$(GOPATH_DIR) + cp -rf internal $(GOPATH_LOCAL)/src/$(GOPATH_DIR) copy-target-%: cp -rf $* $(GOPATH_LOCAL)/src/$(GOPATH_DIR) diff --git a/internal/utils/utils.go b/internal/utils/utils.go new file mode 100644 index 0000000..c08a15e --- /dev/null +++ b/internal/utils/utils.go @@ -0,0 +1,6 @@ +package internal + +type OperationContext interface { + LoadBasePoints() + ScalarMul(scalar []byte, scalarSz uint) +} diff --git a/p751toolbox/api.go b/p751toolbox/api.go new file mode 100644 index 0000000..7b8e91a --- /dev/null +++ b/p751toolbox/api.go @@ -0,0 +1,41 @@ +package p751toolbox + +import ( + . "github.com/cloudflare/p751sidh/internal/utils" +) + +type context struct { + xPA, xQA, xRA ProjectivePoint + xPB, xQB, xRB ProjectivePoint + xR ProjectivePoint + curve ProjectiveCurveParameters +} + +func (c *context) LoadBasePoints() { + // Load points for A + c.xPA.FromAffine(&P751_affine_PA) + c.xPA.Z.One() + c.xQA.FromAffine(&P751_affine_QA) + c.xQA.Z.One() + c.xRA.FromAffine(&P751_affine_RA) + c.xRA.Z.One() + + // Load points for B + c.xRB.FromAffine(&P751_affine_RB) + c.xRB.Z.One() + c.xQB.FromAffine(&P751_affine_QB) + c.xQB.Z.One() + c.xPB.FromAffine(&P751_affine_PB) + c.xPB.Z.One() +} + +func (c *context) ScalarMul(scalar []byte, sz uint) { + c.curve.A.Zero() + c.curve.C.One() + // OZAPTF: PA QA RA -> PB QB ... if used for B + c.xR = RightToLeftLadder(&tmp, &c.xPA, &c.xQA, &c.xRA, sz, scalar) +} + +func NewCtx() OperationContext { + return new(context) +} diff --git a/sidh/api.go b/sidh/api.go index 867d7c6..01992a8 100644 --- a/sidh/api.go +++ b/sidh/api.go @@ -3,6 +3,7 @@ package sidh import ( "errors" p751 "github.com/cloudflare/p751sidh/p751toolbox" +// . "github.com/cloudflare/p751sidh/internal/utils" "io" ) diff --git a/sidh/params.go b/sidh/params.go index 33c484d..56e09b5 100644 --- a/sidh/params.go +++ b/sidh/params.go @@ -3,8 +3,11 @@ package sidh import ( // p503 "github.com/cloudflare/p751sidh/p503toolbox" p751 "github.com/cloudflare/p751sidh/p751toolbox" + . "github.com/cloudflare/p751sidh/internal/utils" ) +type ctxCtor func() OperationContext + type DomainParams struct { // P, Q and R=P-Q base points Affine_P, Affine_Q, Affine_R p751.ExtensionFieldElement @@ -33,6 +36,8 @@ type SidhParams struct { MsgLen uint // Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1) KemSize uint + // Creates operation context + op ctxCtor } // Keeps mapping: SIDH prime field ID to domain parameters @@ -54,6 +59,7 @@ func init() { PublicKeySize: p751.P751_PublicKeySize, SharedSecretSize: p751.P751_SharedSecretSize, A: DomainParams{ + // OZAPTF: Probably not needed Affine_P: p751.P751_affine_PA, Affine_Q: p751.P751_affine_QA, Affine_R: p751.P751_affine_RA, @@ -73,6 +79,7 @@ func init() { // SIKEp751 provides 192 bit of classical security ([SIKE], 5.1) KemSize: 24, SampleRate: p751.P751_SampleRate, + op: p751.NewCtx, } /* p503 := SidhParams{ diff --git a/sidh/sidh.go b/sidh/sidh.go index 307caf8..a92f659 100644 --- a/sidh/sidh.go +++ b/sidh/sidh.go @@ -52,6 +52,50 @@ func traverseTreePublicKeyA(curve *p751.ProjectiveCurveParameters, xR, phiP, phi } } + +// ----------------------------------------------------------------------------- +// Functions for traversing isogeny trees acoording to strategy. Key type 'A' is +// + +// Traverses isogeny tree in order to compute xR, xP, xQ and xQmP needed +// for public key generation. +func traverseTreePublicKeyAX(ctx *OperationContext, pub *PublicKey/*curve *p751.ProjectiveCurveParameters, xR, phiP, phiQ, phiR *p751.ProjectivePoint, */) { + var points = make([]p751.ProjectivePoint, 0, 8) + var indices = make([]int, 0, 8) + var i, sidx int + + //cparam := curve.CalcCurveParamsEquiv4() + phi := p751.NewIsogeny4() + strat := pub.params.A.IsogenyStrategy + stratSz := len(strat) + + for j := 1; j <= stratSz; j++ { + for i <= stratSz-j { + points = append(points, *xR) + indices = append(indices, i) + + k := strat[sidx] + sidx++ + xR.Pow2k(&cparam, xR, 2*k) + i += int(k) + } + + cparam = phi.GenerateCurve(xR) + for k := 0; k < len(points); k++ { + points[k] = phi.EvaluatePoint(&points[k]) + } + + *phiP = phi.EvaluatePoint(phiP) + *phiQ = phi.EvaluatePoint(phiQ) + *phiR = phi.EvaluatePoint(phiR) + + // pop xR from points + *xR, points = points[len(points)-1], points[:len(points)-1] + i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1] + } +} + + // Traverses isogeny tree in order to compute xR needed // for public key generation. func traverseTreeSharedKeyA(curve *p751.ProjectiveCurveParameters, xR *p751.ProjectivePoint, pub *PublicKey) { @@ -223,13 +267,21 @@ func (prv *PrivateKey) generatePrivateKeyB(rand io.Reader) error { // Generate a public key in the 2-torsion group func publicKeyGenA(prv *PrivateKey) (pub *PublicKey) { - var xPA, xQA, xRA p751.ProjectivePoint - var xPB, xQB, xRB, xR p751.ProjectivePoint - var invZP, invZQ, invZR p751.ExtensionFieldElement - var tmp p751.ProjectiveCurveParameters - var phi = p751.NewIsogeny4() +// var xPA, xQA, xRA p751.ProjectivePoint +// var xPB, xQB, xRB, xR p751.ProjectivePoint +// var invZP, invZQ, invZR p751.ExtensionFieldElement +// var tmp p751.ProjectiveCurveParameters +// var phi = p751.NewIsogeny4() +// pub = NewPublicKey(prv.params.Id, KeyVariant_SIDH_A) - + ctx := prv.params.op() + ctx.LoadBasePoints() + ctx.ScalarMul(prv.Scalar, prv.params.A.SecretBitLen) + traverseTreePublicKeyA(ctx) +// ctx.CreateSecretIsogeny() +// ctx.Store(pub) + +/* // Load points for A xPA.FromAffine(&prv.params.A.Affine_P) xPA.Z.One() @@ -266,6 +318,7 @@ func publicKeyGenA(prv *PrivateKey) (pub *PublicKey) { pub.affine_xP.Mul(&xPA.X, &invZP) pub.affine_xQ.Mul(&xQA.X, &invZQ) pub.affine_xQmP.Mul(&xRA.X, &invZR) +*/ return } @@ -278,14 +331,6 @@ func publicKeyGenB(prv *PrivateKey) (pub *PublicKey) { var phi = p751.NewIsogeny3() pub = NewPublicKey(prv.params.Id, prv.keyVariant) - // Load points for B - xRB.FromAffine(&prv.params.B.Affine_R) - xRB.Z.One() - xQB.FromAffine(&prv.params.B.Affine_Q) - xQB.Z.One() - xPB.FromAffine(&prv.params.B.Affine_P) - xPB.Z.One() - // Load points for A xPA.FromAffine(&prv.params.A.Affine_P) xPA.Z.One() @@ -294,6 +339,14 @@ func publicKeyGenB(prv *PrivateKey) (pub *PublicKey) { xRA.FromAffine(&prv.params.A.Affine_R) xRA.Z.One() + // Load points for B + xRB.FromAffine(&prv.params.B.Affine_R) + xRB.Z.One() + xQB.FromAffine(&prv.params.B.Affine_Q) + xQB.Z.One() + xPB.FromAffine(&prv.params.B.Affine_P) + xPB.Z.One() + tmp.A.Zero() tmp.C.One() xR = p751.RightToLeftLadder(&tmp, &xPB, &xQB, &xRB, prv.params.B.SecretBitLen, prv.Scalar)