private ECFieldElement SolveQuadradicEquation(ECFieldElement beta)
{
if (beta.IsZero)
{
return(beta);
}
ECFieldElement eCFieldElement = FromBigInteger(BigInteger.Zero);
int fieldSize = FieldSize;
ECFieldElement eCFieldElement2;
ECFieldElement eCFieldElement5;
do
{
ECFieldElement b = FromBigInteger(BigInteger.Arbitrary(fieldSize));
eCFieldElement2 = eCFieldElement;
ECFieldElement eCFieldElement3 = beta;
for (int i = 1; i < fieldSize; i++)
{
ECFieldElement eCFieldElement4 = eCFieldElement3.Square();
eCFieldElement2 = eCFieldElement2.Square().Add(eCFieldElement4.Multiply(b));
eCFieldElement3 = eCFieldElement4.Add(beta);
}
if (!eCFieldElement3.IsZero)
{
return(null);
}
eCFieldElement5 = eCFieldElement2.Square().Add(eCFieldElement2);
}while (eCFieldElement5.IsZero);
return(eCFieldElement2);
}
/**
* Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
* D.1.6) The other solution is <code>z + 1</code>.
*
* @param beta
* The value to solve the quadratic equation for.
* @return the solution for <code>z<sup>2</sup> + z = beta</code> or
* <code>null</code> if no solution exists.
*/
private ECFieldElement SolveQuadradicEquation(ECFieldElement beta)
{
if (beta.IsZero)
{
return(beta);
}
ECFieldElement gamma, z, zeroElement = FromBigInteger(BigInteger.Zero);
int m = FieldSize;
do
{
ECFieldElement t = FromBigInteger(BigInteger.Arbitrary(m));
z = zeroElement;
ECFieldElement w = beta;
for (int i = 1; i < m; i++)
{
ECFieldElement w2 = w.Square();
z = z.Square().Add(w2.Multiply(t));
w = w2.Add(beta);
}
if (!w.IsZero)
{
return(null);
}
gamma = z.Square().Add(z);
}while(gamma.IsZero);
return(z);
}
public void ShouldPassBatchVerifycation()
{
var vectors = new string[][] {
new [] {
"0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"0000000000000000000000000000000000000000000000000000000000000000",
"787A848E71043D280C50470E8E1532B2DD5D20EE912A45DBDD2BD1DFBF187EF67031A98831859DC34DFFEEDDA86831842CCD0079E1F92AF177F7F22CC1DCED05"
},
new [] {
"02DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
"243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
"2A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D1E51A22CCEC35599B8F266912281F8365FFC2D035A230434A1A64DC59F7013FD"
},
new [] {
"03FAC2114C2FBB091527EB7C64ECB11F8021CB45E8E7809D3C0938E4B8C0E5F84B",
"5E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C",
"00DA9B08172A9B6F0466A2DEFD817F2D7AB437E0D253CB5395A963866B3574BE00880371D01766935B92D2AB4CD5C8A2A5837EC57FED7660773A05F0DE142380"
}
};
var messages = vectors.Select(v => uint256.Parse(v[1])).ToArray();
var pubkeys = vectors.Select(v => new PubKey(Encoders.Hex.DecodeData(v[0]))).ToArray();
var signatures = vectors.Select(v => SchnorrSignature.Parse(v[2])).ToArray();
var randoms = Enumerable.Range(0, 2).Select(x => BigInteger.Arbitrary(256)).ToArray();
var ok = SchnorrSigner.BatchVerify(messages, pubkeys, signatures, randoms);
Assert.True(ok);
}
public override ECFieldElement Sqrt()
{
BigInteger integer14;
if (this.IsZero || this.IsOne)
{
return(this);
}
if (!this.q.TestBit(0))
{
throw Platform.CreateNotImplementedException("even value of q");
}
if (this.q.TestBit(1))
{
BigInteger integer = this.q.ShiftRight(2).Add(BigInteger.One);
return(this.CheckSqrt(new FpFieldElement(this.q, this.r, this.x.ModPow(integer, this.q))));
}
if (this.q.TestBit(2))
{
BigInteger integer2 = this.x.ModPow(this.q.ShiftRight(3), this.q);
BigInteger integer3 = this.ModMult(integer2, this.x);
if (this.ModMult(integer3, integer2).Equals(BigInteger.One))
{
return(this.CheckSqrt(new FpFieldElement(this.q, this.r, integer3)));
}
BigInteger integer5 = BigInteger.Two.ModPow(this.q.ShiftRight(2), this.q);
BigInteger integer6 = this.ModMult(integer3, integer5);
return(this.CheckSqrt(new FpFieldElement(this.q, this.r, integer6)));
}
BigInteger e = this.q.ShiftRight(1);
if (!this.x.ModPow(e, this.q).Equals(BigInteger.One))
{
return(null);
}
BigInteger x = this.x;
BigInteger n = this.ModDouble(this.ModDouble(x));
BigInteger k = e.Add(BigInteger.One);
BigInteger integer11 = this.q.Subtract(BigInteger.One);
Label_01A2:
integer14 = BigInteger.Arbitrary(this.q.BitLength);
if ((integer14.CompareTo(this.q) >= 0) || !this.ModReduce(integer14.Multiply(integer14).Subtract(n)).ModPow(e, this.q).Equals(integer11))
{
goto Label_01A2;
}
BigInteger[] integerArray = this.LucasSequence(integer14, x, k);
BigInteger integer12 = integerArray[0];
BigInteger integer13 = integerArray[1];
if (this.ModMult(integer13, integer13).Equals(n))
{
return(new FpFieldElement(this.q, this.r, this.ModHalfAbs(integer13)));
}
if (integer12.Equals(BigInteger.One) || integer12.Equals(integer11))
{
goto Label_01A2;
}
return(null);
}
private ECFieldElement SolveQuadradicEquation(ECFieldElement beta)
{
ECFieldElement element2;
if (beta.IsZero)
{
return(beta);
}
ECFieldElement element3 = this.FromBigInteger(BigInteger.Zero);
int fieldSize = this.FieldSize;
do
{
ECFieldElement b = this.FromBigInteger(BigInteger.Arbitrary(fieldSize));
element2 = element3;
ECFieldElement element5 = beta;
for (int i = 1; i < fieldSize; i++)
{
ECFieldElement element6 = element5.Square();
element2 = element2.Square().Add(element6.Multiply(b));
element5 = element6.Add(beta);
}
if (!element5.IsZero)
{
return(null);
}
}while (element2.Square().Add(element2).IsZero);
return(element2);
}
private static ECFieldElement SolveQuadraticEquation(ECCurve c, ECFieldElement rhs)
{
if (rhs.IsZero)
{
return(rhs);
}
ECFieldElement gamma, z, zeroElement = c.FromBigInteger(BigInteger.Zero);
int m = c.FieldSize;
do
{
ECFieldElement t = c.FromBigInteger(BigInteger.Arbitrary(m));
z = zeroElement;
ECFieldElement w = rhs;
for (int i = 1; i < m; i++)
{
ECFieldElement w2 = w.Square();
z = z.Square().Add(w2.Multiply(t));
w = w2.Add(rhs);
}
if (!w.IsZero)
{
return(null);
}
gamma = z.Square().Add(z);
}while (gamma.IsZero);
return(z);
}
public override ECFieldElement Sqrt()
{
if (IsZero || IsOne)
{
return(this);
}
if (!q.TestBit(0))
{
throw Platform.CreateNotImplementedException("even value of q");
}
if (q.TestBit(1))
{
BigInteger e = q.ShiftRight(2).Add(BigInteger.One);
return(CheckSqrt(new FpFieldElement(q, r, this.x.ModPow(e, q))));
}
if (q.TestBit(2))
{
BigInteger bigInteger = this.x.ModPow(q.ShiftRight(3), q);
BigInteger x = ModMult(bigInteger, this.x);
BigInteger bigInteger2 = ModMult(x, bigInteger);
if (bigInteger2.Equals(BigInteger.One))
{
return(CheckSqrt(new FpFieldElement(q, r, x)));
}
BigInteger x2 = BigInteger.Two.ModPow(q.ShiftRight(2), q);
BigInteger bigInteger3 = ModMult(x, x2);
return(CheckSqrt(new FpFieldElement(q, r, bigInteger3)));
}
BigInteger bigInteger4 = q.ShiftRight(1);
if (!this.x.ModPow(bigInteger4, q).Equals(BigInteger.One))
{
return(null);
}
BigInteger bigInteger5 = this.x;
BigInteger bigInteger6 = ModDouble(ModDouble(bigInteger5));
BigInteger k = bigInteger4.Add(BigInteger.One);
BigInteger obj = q.Subtract(BigInteger.One);
while (true)
{
BigInteger bigInteger7 = BigInteger.Arbitrary(q.BitLength);
if (bigInteger7.CompareTo(q) < 0 && ModReduce(bigInteger7.Multiply(bigInteger7).Subtract(bigInteger6)).ModPow(bigInteger4, q).Equals(obj))
{
BigInteger[] array = LucasSequence(bigInteger7, bigInteger5, k);
BigInteger bigInteger8 = array[0];
BigInteger bigInteger9 = array[1];
if (ModMult(bigInteger9, bigInteger9).Equals(bigInteger6))
{
return(new FpFieldElement(q, r, ModHalfAbs(bigInteger9)));
}
if (!bigInteger8.Equals(BigInteger.One) && !bigInteger8.Equals(obj))
{
break;
}
}
}
return(null);
}
/**
* Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
* D.1.6) The other solution is <code>z + 1</code>.
*
* @param beta
* The value to solve the quadratic equation for.
* @return the solution for <code>z<sup>2</sup> + z = beta</code> or
* <code>null</code> if no solution exists.
*/
internal ECFieldElement SolveQuadraticEquation(ECFieldElement beta)
{
AbstractF2mFieldElement betaF2m = (AbstractF2mFieldElement)beta;
bool fastTrace = betaF2m.HasFastTrace;
if (fastTrace && 0 != betaF2m.Trace())
{
return(null);
}
int m = FieldSize;
// For odd m, use the half-trace
if (0 != (m & 1))
{
ECFieldElement r = betaF2m.HalfTrace();
if (fastTrace || r.Square().Add(r).Add(beta).IsZero)
{
return(r);
}
return(null);
}
if (beta.IsZero)
{
return(beta);
}
ECFieldElement gamma, z, zeroElement = FromBigInteger(BigInteger.Zero);
do
{
ECFieldElement t = FromBigInteger(BigInteger.Arbitrary(m));
z = zeroElement;
ECFieldElement w = beta;
for (int i = 1; i < m; i++)
{
ECFieldElement w2 = w.Square();
z = z.Square().Add(w2.Multiply(t));
w = w2.Add(beta);
}
if (!w.IsZero)
{
return(null);
}
gamma = z.Square().Add(z);
}while (gamma.IsZero);
return(z);
}
public void tt()
{
var p = new BigInteger("1df7c01a4554fd826c5eb26ed9946a07a8460a36605a26f947a9728db6e47b3132b3520927d7b4009e41bd3be74ed35ca97c5509474b13779f196e7a767402babb2e3e9fcfe60d79dd9db948b3662abdf87153c1206651cdaad3d76dc8abdd05b4a5cb157d15bc9f561a68f0fc4ac4bca0447c445c25904fd5ea2e7ab0fcfba0b4b129bb7fe7bd5a8527887a25195ab6c5cec449e2d24ca87babee526d2e120b672d3663905aa33ed34b73e08072bee519fb7d08514d2e2a012f94506765cc18c27206f0f540fae9203b56cdcc7645ac3d45520e4d2128a5f0b56053fa19188a775793886ea8bf86b8b726748ac9f1ae9610b3c046d229af799da1c059fd76edb", 16);
var g = BigInteger.ValueOf(5);
var a = BigInteger.Arbitrary(p.BitLength);
var A = g.ModPow(a, p);
var b = BigInteger.Arbitrary(p.BitLength);
var B = g.ModPow(b, p);
var kB = A.ModPow(b, p);
var kA = B.ModPow(a, p);
}
public void t()
{
var rnd = new RNGCryptoServiceProvider();
var q = BigInteger.ProbablePrime(2048, rnd);
var p = BigInteger.Two.Multiply(q).Add(BigInteger.One);
var g = BigInteger.ValueOf(5);
var a = BigInteger.Arbitrary(q.BitLength);
var A = g.ModPow(a, p);
var b = BigInteger.Arbitrary(q.BitLength);
var B = g.ModPow(b, p);
var kB = A.ModPow(b, p);
var kA = B.ModPow(a, p);
}
/**
* return a sqrt root - the routine verifies that the calculation
* returns the right value - if none exists it returns null.
*/
public override ECFieldElement Sqrt()
{
if (IsZero || IsOne)
{
return(this);
}
if (!q.TestBit(0))
{
throw Platform.CreateNotImplementedException("even value of q");
}
if (q.TestBit(1)) // q == 4m + 3
{
BigInteger e = q.ShiftRight(2).Add(BigInteger.One);
return(CheckSqrt(new FpFieldElement(q, r, x.ModPow(e, q))));
}
if (q.TestBit(2)) // q == 8m + 5
{
BigInteger t1 = x.ModPow(q.ShiftRight(3), q);
BigInteger t2 = ModMult(t1, x);
BigInteger t3 = ModMult(t2, t1);
if (t3.Equals(BigInteger.One))
{
return(CheckSqrt(new FpFieldElement(q, r, t2)));
}
// TODO This is constant and could be precomputed
BigInteger t4 = BigInteger.Two.ModPow(q.ShiftRight(2), q);
BigInteger y = ModMult(t2, t4);
return(CheckSqrt(new FpFieldElement(q, r, y)));
}
// q == 8m + 1
BigInteger legendreExponent = q.ShiftRight(1);
if (!(x.ModPow(legendreExponent, q).Equals(BigInteger.One)))
{
return(null);
}
BigInteger X = this.x;
BigInteger fourX = ModDouble(ModDouble(X));;
BigInteger k = legendreExponent.Add(BigInteger.One), qMinusOne = q.Subtract(BigInteger.One);
BigInteger U, V;
do
{
BigInteger P;
do
{
P = BigInteger.Arbitrary(q.BitLength);
}while (P.CompareTo(q) >= 0 ||
!ModReduce(P.Multiply(P).Subtract(fourX)).ModPow(legendreExponent, q).Equals(qMinusOne));
BigInteger[] result = LucasSequence(P, X, k);
U = result[0];
V = result[1];
if (ModMult(V, V).Equals(fourX))
{
return(new FpFieldElement(q, r, ModHalfAbs(V)));
}
}while (U.Equals(BigInteger.One) || U.Equals(qMinusOne));
return(null);
}
public Requester()
{
_k = new RandomDsaKCalculator();
_k.Init(BigInteger.Arbitrary(256), new SecureRandom());
}
public static byte[] GetPrivateKey()
{
return(BigInteger.Arbitrary(KeyBits).ToByteArray());
}
