|
|
@@ -52,6 +52,50 @@ func traverseTreePublicKeyA(curve *p751.ProjectiveCurveParameters, xR, phiP, phi |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------- |
|
|
|
// Functions for traversing isogeny trees acoording to strategy. Key type 'A' is |
|
|
|
// |
|
|
|
|
|
|
|
// Traverses isogeny tree in order to compute xR, xP, xQ and xQmP needed |
|
|
|
// for public key generation. |
|
|
|
func traverseTreePublicKeyAX(ctx *OperationContext, pub *PublicKey/*curve *p751.ProjectiveCurveParameters, xR, phiP, phiQ, phiR *p751.ProjectivePoint, */) { |
|
|
|
var points = make([]p751.ProjectivePoint, 0, 8) |
|
|
|
var indices = make([]int, 0, 8) |
|
|
|
var i, sidx int |
|
|
|
|
|
|
|
//cparam := curve.CalcCurveParamsEquiv4() |
|
|
|
phi := p751.NewIsogeny4() |
|
|
|
strat := pub.params.A.IsogenyStrategy |
|
|
|
stratSz := len(strat) |
|
|
|
|
|
|
|
for j := 1; j <= stratSz; j++ { |
|
|
|
for i <= stratSz-j { |
|
|
|
points = append(points, *xR) |
|
|
|
indices = append(indices, i) |
|
|
|
|
|
|
|
k := strat[sidx] |
|
|
|
sidx++ |
|
|
|
xR.Pow2k(&cparam, xR, 2*k) |
|
|
|
i += int(k) |
|
|
|
} |
|
|
|
|
|
|
|
cparam = phi.GenerateCurve(xR) |
|
|
|
for k := 0; k < len(points); k++ { |
|
|
|
points[k] = phi.EvaluatePoint(&points[k]) |
|
|
|
} |
|
|
|
|
|
|
|
*phiP = phi.EvaluatePoint(phiP) |
|
|
|
*phiQ = phi.EvaluatePoint(phiQ) |
|
|
|
*phiR = phi.EvaluatePoint(phiR) |
|
|
|
|
|
|
|
// pop xR from points |
|
|
|
*xR, points = points[len(points)-1], points[:len(points)-1] |
|
|
|
i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1] |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Traverses isogeny tree in order to compute xR needed |
|
|
|
// for public key generation. |
|
|
|
func traverseTreeSharedKeyA(curve *p751.ProjectiveCurveParameters, xR *p751.ProjectivePoint, pub *PublicKey) { |
|
|
@@ -223,13 +267,21 @@ func (prv *PrivateKey) generatePrivateKeyB(rand io.Reader) error { |
|
|
|
|
|
|
|
// Generate a public key in the 2-torsion group |
|
|
|
func publicKeyGenA(prv *PrivateKey) (pub *PublicKey) { |
|
|
|
var xPA, xQA, xRA p751.ProjectivePoint |
|
|
|
var xPB, xQB, xRB, xR p751.ProjectivePoint |
|
|
|
var invZP, invZQ, invZR p751.ExtensionFieldElement |
|
|
|
var tmp p751.ProjectiveCurveParameters |
|
|
|
var phi = p751.NewIsogeny4() |
|
|
|
// var xPA, xQA, xRA p751.ProjectivePoint |
|
|
|
// var xPB, xQB, xRB, xR p751.ProjectivePoint |
|
|
|
// var invZP, invZQ, invZR p751.ExtensionFieldElement |
|
|
|
// var tmp p751.ProjectiveCurveParameters |
|
|
|
// var phi = p751.NewIsogeny4() |
|
|
|
// |
|
|
|
pub = NewPublicKey(prv.params.Id, KeyVariant_SIDH_A) |
|
|
|
|
|
|
|
ctx := prv.params.op() |
|
|
|
ctx.LoadBasePoints() |
|
|
|
ctx.ScalarMul(prv.Scalar, prv.params.A.SecretBitLen) |
|
|
|
traverseTreePublicKeyA(ctx) |
|
|
|
// ctx.CreateSecretIsogeny() |
|
|
|
// ctx.Store(pub) |
|
|
|
|
|
|
|
/* |
|
|
|
// Load points for A |
|
|
|
xPA.FromAffine(&prv.params.A.Affine_P) |
|
|
|
xPA.Z.One() |
|
|
@@ -266,6 +318,7 @@ func publicKeyGenA(prv *PrivateKey) (pub *PublicKey) { |
|
|
|
pub.affine_xP.Mul(&xPA.X, &invZP) |
|
|
|
pub.affine_xQ.Mul(&xQA.X, &invZQ) |
|
|
|
pub.affine_xQmP.Mul(&xRA.X, &invZR) |
|
|
|
*/ |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
@@ -278,14 +331,6 @@ func publicKeyGenB(prv *PrivateKey) (pub *PublicKey) { |
|
|
|
var phi = p751.NewIsogeny3() |
|
|
|
pub = NewPublicKey(prv.params.Id, prv.keyVariant) |
|
|
|
|
|
|
|
// Load points for B |
|
|
|
xRB.FromAffine(&prv.params.B.Affine_R) |
|
|
|
xRB.Z.One() |
|
|
|
xQB.FromAffine(&prv.params.B.Affine_Q) |
|
|
|
xQB.Z.One() |
|
|
|
xPB.FromAffine(&prv.params.B.Affine_P) |
|
|
|
xPB.Z.One() |
|
|
|
|
|
|
|
// Load points for A |
|
|
|
xPA.FromAffine(&prv.params.A.Affine_P) |
|
|
|
xPA.Z.One() |
|
|
@@ -294,6 +339,14 @@ func publicKeyGenB(prv *PrivateKey) (pub *PublicKey) { |
|
|
|
xRA.FromAffine(&prv.params.A.Affine_R) |
|
|
|
xRA.Z.One() |
|
|
|
|
|
|
|
// Load points for B |
|
|
|
xRB.FromAffine(&prv.params.B.Affine_R) |
|
|
|
xRB.Z.One() |
|
|
|
xQB.FromAffine(&prv.params.B.Affine_Q) |
|
|
|
xQB.Z.One() |
|
|
|
xPB.FromAffine(&prv.params.B.Affine_P) |
|
|
|
xPB.Z.One() |
|
|
|
|
|
|
|
tmp.A.Zero() |
|
|
|
tmp.C.One() |
|
|
|
xR = p751.RightToLeftLadder(&tmp, &xPB, &xQB, &xRB, prv.params.B.SecretBitLen, prv.Scalar) |
|
|
|