kris
/
sidh-torture
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Takes 2 SIKE/SIDH implementations and runs them against each other until something goes wrong
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
10 Revīzijas
3 Atzari
190 KiB
 
 
 
 
Koks: 48059bd908
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '48059bd908'
${ noResults }
sidh-torture/sidh/msr/include/P503_api.h

107 rindas
6.3 KiB
Neapstrādāts Vainot Vēsture 

  1. /********************************************************************************************

  2. * SIDH: an efficient supersingular isogeny cryptography library

  3. *

  4. * Abstract: API header file for P503

  5. *********************************************************************************************/  

  6. 

  7. #ifndef __P503_API_H__

  8. #define __P503_API_H__

  9.     

  10. 

  11. /*********************** Key encapsulation mechanism API ***********************/

  12. 

  13. #define CRYPTO_SECRETKEYBYTES     434    // MSG_BYTES + SECRETKEY_B_BYTES + CRYPTO_PUBLICKEYBYTES bytes

  14. #define CRYPTO_PUBLICKEYBYTES     378

  15. #define CRYPTO_BYTES               16

  16. #define CRYPTO_CIPHERTEXTBYTES    402    // CRYPTO_PUBLICKEYBYTES + MSG_BYTES bytes  

  17. 

  18. // Algorithm name

  19. #define CRYPTO_ALGNAME "SIKEp503"  

  20. 

  21. // SIKE's key generation

  22. // It produces a private key sk and computes the public key pk.

  23. // Outputs: secret key sk (CRYPTO_SECRETKEYBYTES = 434 bytes)

  24. //          public key pk (CRYPTO_PUBLICKEYBYTES = 378 bytes) 

  25. int crypto_kem_keypair_SIKEp503(unsigned char *pk, unsigned char *sk);

  26. 

  27. // SIKE's encapsulation

  28. // Input:   public key pk         (CRYPTO_PUBLICKEYBYTES = 378 bytes)

  29. // Outputs: shared secret ss      (CRYPTO_BYTES = 16 bytes)

  30. //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = 402 bytes)

  31. int crypto_kem_enc_SIKEp503(unsigned char *ct, unsigned char *ss, const unsigned char *pk);

  32. 

  33. // SIKE's decapsulation

  34. // Input:   secret key sk         (CRYPTO_SECRETKEYBYTES = 434 bytes)

  35. //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = 402 bytes) 

  36. // Outputs: shared secret ss      (CRYPTO_BYTES = 16 bytes)

  37. int crypto_kem_dec_SIKEp503(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);

  38. 

  39. 

  40. // Encoding of keys for KEM-based isogeny system "SIKEp503" (wire format):

  41. // ----------------------------------------------------------------------

  42. // Elements over GF(p503) are encoded in 63 octets in little endian format (i.e., the least significant octet is located in the lowest memory address). 

  43. // Elements (a+b*i) over GF(p503^2), where a and b are defined over GF(p503), are encoded as {a, b}, with a in the lowest memory portion.

  44. //

  45. // Private keys sk consist of the concatenation of a 24-byte random value, a value in the range [0, 2^252-1] and the public key pk. In the SIKE API, 

  46. // private keys are encoded in 434 octets in little endian format. 

  47. // Public keys pk consist of 3 elements in GF(p503^2). In the SIKE API, pk is encoded in 378 octets. 

  48. // Ciphertexts ct consist of the concatenation of a public key value and a 24-byte value. In the SIKE API, ct is encoded in 378 + 24 = 402 octets.  

  49. // Shared keys ss consist of a value of 16 octets.

  50. 

  51. 

  52. /*********************** Ephemeral key exchange API ***********************/

  53. 

  54. #define SIDH_SECRETKEYBYTES      32

  55. #define SIDH_PUBLICKEYBYTES     378

  56. #define SIDH_BYTES              126

  57. 

  58. // SECURITY NOTE: SIDH supports ephemeral Diffie-Hellman key exchange. It is NOT secure to use it with static keys.

  59. // See "On the Security of Supersingular Isogeny Cryptosystems", S.D. Galbraith, C. Petit, B. Shani and Y.B. Ti, in ASIACRYPT 2016, 2016.

  60. // Extended version available at: http://eprint.iacr.org/2016/859  

  61. 

  62. // Generation of Alice's secret key 

  63. // Outputs random value in [0, 2^250 - 1] to be used as Alice's private key

  64. void random_mod_order_A_SIDHp503(unsigned char* random_digits);

  65. 

  66. // Generation of Bob's secret key 

  67. // Outputs random value in [0, 2^Floor(Log(2,3^159)) - 1] to be used as Bob's private key

  68. void random_mod_order_B_SIDHp503(unsigned char* random_digits);

  69. 

  70. // Alice's ephemeral public key generation

  71. // Input:  a private key PrivateKeyA in the range [0, 2^250 - 1], stored in 32 bytes. 

  72. // Output: the public key PublicKeyA consisting of 3 GF(p503^2) elements encoded in 378 bytes.

  73. int EphemeralKeyGeneration_A_SIDHp503(const unsigned char* PrivateKeyA, unsigned char* PublicKeyA);

  74. 

  75. // Bob's ephemeral key-pair generation

  76. // It produces a private key PrivateKeyB and computes the public key PublicKeyB.

  77. // The private key is an integer in the range [0, 2^Floor(Log(2,3^159)) - 1], stored in 32 bytes. 

  78. // The public key consists of 3 GF(p503^2) elements encoded in 378 bytes.

  79. int EphemeralKeyGeneration_B_SIDHp503(const unsigned char* PrivateKeyB, unsigned char* PublicKeyB);

  80. 

  81. // Alice's ephemeral shared secret computation

  82. // It produces a shared secret key SharedSecretA using her secret key PrivateKeyA and Bob's public key PublicKeyB

  83. // Inputs: Alice's PrivateKeyA is an integer in the range [0, 2^250 - 1], stored in 32 bytes. 

  84. //         Bob's PublicKeyB consists of 3 GF(p503^2) elements encoded in 378 bytes.

  85. // Output: a shared secret SharedSecretA that consists of one element in GF(p503^2) encoded in 126 bytes.

  86. int EphemeralSecretAgreement_A_SIDHp503(const unsigned char* PrivateKeyA, const unsigned char* PublicKeyB, unsigned char* SharedSecretA);

  87. 

  88. // Bob's ephemeral shared secret computation

  89. // It produces a shared secret key SharedSecretB using his secret key PrivateKeyB and Alice's public key PublicKeyA

  90. // Inputs: Bob's PrivateKeyB is an integer in the range [0, 2^Floor(Log(2,3^159)) - 1], stored in 32 bytes. 

  91. //         Alice's PublicKeyA consists of 3 GF(p503^2) elements encoded in 378 bytes.

  92. // Output: a shared secret SharedSecretB that consists of one element in GF(p503^2) encoded in 126 bytes.

  93. int EphemeralSecretAgreement_B_SIDHp503(const unsigned char* PrivateKeyB, const unsigned char* PublicKeyA, unsigned char* SharedSecretB);

  94. 

  95. 

  96. // Encoding of keys for KEX-based isogeny system "SIDHp503" (wire format):

  97. // ----------------------------------------------------------------------

  98. // Elements over GF(p503) are encoded in 63 octets in little endian format (i.e., the least significant octet is located in the lowest memory address). 

  99. // Elements (a+b*i) over GF(p503^2), where a and b are defined over GF(p503), are encoded as {a, b}, with a in the lowest memory portion.

  100. //

  101. // Private keys PrivateKeyA and PrivateKeyB can have values in the range [0, 2^250-1] and [0, 2^252-1], resp. In the SIDH API, private keys are encoded 

  102. // in 32 octets in little endian format. 

  103. // Public keys PublicKeyA and PublicKeyB consist of 3 elements in GF(p503^2). In the SIDH API, they are encoded in 378 octets. 

  104. // Shared keys SharedSecretA and SharedSecretB consist of one element in GF(p503^2). In the SIDH API, they are encoded in 126 octets.

  105. 

  106. 

  107. #endif