public void GeneratePublicKeyFromPrivateWithSomeManipulationEnsureNoLongerValidKeyPair() { var privateKey = new BitString("4C089A9597865D316B5163A01F85458A0B954CD542B9B2D83E39CB3CBA010441"); var expectedPublic = new BitString("EBB9897DF6C5E4E42999578ECA0F48B0985FF99032E80244C4679032F1132A24"); // Gen public key from private var subject = new EdDsa(EntropyProviderTypes.Testable); subject.AddEntropy(privateKey.ToPositiveBigInteger()); var factory = new EdwardsCurveFactory(); var curve = factory.GetCurve(Curve.Ed25519); var domainParams = new EdDomainParameters(curve, new NativeShaFactory()); var keyPair = subject.GenerateKeyPair(domainParams).KeyPair; Assert.AreEqual(expectedPublic, keyPair.PublicQ, "expected public key"); // Check x/y, record var x = new BitString("172B32732D86C9D9D63B11957AAD1364E9D3C1EC258CD13AB012E10648942C4E") .ToPositiveBigInteger(); var y = new BitString("242A13F1329067C44402E83290F95F98B0480FCA8E579929E4E4C5F67D89B9EB") .ToPositiveBigInteger(); // encode public key (done by default, and represented in Q // decode public key var decoded = domainParams.CurveE.Decode(keyPair.PublicQ); // check that the decoded x/y match the previous prior to encode/decode Assert.AreEqual(x, decoded.X, "x decoded matches"); Assert.AreEqual(y, decoded.Y, "y decoded matches"); Assert.IsTrue(subject.ValidateKeyPair(domainParams, keyPair).Success, "original key pair should be valid"); // Modify the public key value until the point is no longer on the curve var modifiedPublicQ = curve.Decode(keyPair.PublicQ); var addedX = modifiedPublicQ.X; var addedY = modifiedPublicQ.Y; var adds = 0; do { modifiedPublicQ = new EdPoint(modifiedPublicQ.X, modifiedPublicQ.Y + 8); addedX = modifiedPublicQ.X + 41; addedY = modifiedPublicQ.Y + 23; keyPair = new EdKeyPair(curve.Encode(modifiedPublicQ), keyPair.PrivateD.GetDeepCopy()); adds++; } while (subject.ValidateKeyPair(domainParams, keyPair).Success); Assert.IsFalse(curve.PointExistsOnCurve(modifiedPublicQ), "check point not on curve prior to encode"); Assert.IsFalse(subject.ValidateKeyPair(domainParams, keyPair).Success, "keypair should not be valid."); }
/*[TestCase(Curve.Ed25519, * "00066499232C0FED45301404782344A374766533B60A", "0004B549A871C577A2EC6B53DE8FBCA532B9AD7E6C61", * false, TestName = "PointExistsOnCurve b-163 #2")] * [TestCase(Curve.Ed448, * "00fac9dfcbac8313bb2139f1bb755fef65bc391f8b36f8f8eb7371fd558b", "01006a08a41903350678e58528bebf8a0beff867a7ca36716f7e01f81052", * true, TestName = "PointExistsOnCurve b-233 #1")] * [TestCase(Curve.Ed448, * "01DA664638DA59453A816E842DC776C37D7222AF808971FC4993182804E3", "01BB7AADE0594383E663A91582D86DB7F5C5551678BA1A1BBE2F97F42069", * false, TestName = "PointExistsOnCurve b-233 #2")]*/ #endregion PointsOnCurve public void ShouldKnowIfAPointIsOnTheCurve(Curve curve, string xHex, string yHex, bool expectedResult) { var x = LoadValue(xHex); var y = LoadValue(yHex); var a = new EdPoint(x, y); var factory = new EdwardsCurveFactory(); var subject = factory.GetCurve(curve); var result = subject.PointExistsOnCurve(a); Assert.AreEqual(expectedResult, result); }
public EdPoint Add(EdPoint pointA, EdPoint pointB) { var numeratorX = _operator.Add(_operator.Multiply(pointA.X, pointB.Y), _operator.Multiply(pointA.Y, pointB.X)); var numeratorY = _operator.Subtract(_operator.Multiply(pointA.Y, pointB.Y), _operator.Multiply(CoefficientA, _operator.Multiply(pointA.X, pointB.X))); var denominatorMult = _operator.Multiply(CoefficientD, _operator.Multiply(_operator.Multiply(pointA.X, pointB.X), _operator.Multiply(pointA.Y, pointB.Y))); var denominatorX = _operator.Add(1, denominatorMult); var denominatorY = _operator.Subtract(1, denominatorMult); var x = _operator.Divide(numeratorX, denominatorX); var y = _operator.Divide(numeratorY, denominatorY); return(new EdPoint(x, y)); }
public bool PointExistsOnCurve(EdPoint point) { // Point is out of bounds if (!PointExistsInField(point)) { return(false); } var lhs = _operator.Add(_operator.Multiply(CoefficientA, _operator.Multiply(point.X, point.X)), _operator.Multiply(point.Y, point.Y)); var rhs = _operator.Add(1, _operator.Multiply(CoefficientD, _operator.Multiply(_operator.Multiply(point.X, point.X), _operator.Multiply(point.Y, point.Y)))); return(lhs == rhs); }
public bool PointExistsInField(EdPoint point) { if (point.X < 0 || point.X > FieldSizeQ - 1) { return(false); } if (point.Y < 0 || point.Y > FieldSizeQ - 1) { return(false); } return(true); }
public EdwardsCurve(Curve curveName, BigInteger p, BigInteger a, BigInteger d, EdPoint g, BigInteger n, int b, int dSAn, int c) { CurveName = curveName; FieldSizeQ = p; CoefficientA = a; CoefficientD = d; BasePointG = g; OrderN = n; VariableB = b; VariableN = dSAn; VariableC = c; _operator = new PrimeFieldOperator(p); }
public void ShouldDoublePointsCorrectly(Curve curve, string xHex, string yHex, string resultXHex, string resultYHex) { var x = LoadValue(xHex); var y = LoadValue(yHex); var resultx = LoadValue(resultXHex); var resulty = LoadValue(resultYHex); var a = new EdPoint(x, y); var expectedResult = new EdPoint(resultx, resulty); var factory = new EdwardsCurveFactory(); var subject = factory.GetCurve(curve); var result = subject.Double(a); Assert.AreEqual(expectedResult.X, result.X, "x"); Assert.AreEqual(expectedResult.Y, result.Y, "y"); }
public void ShouldMultiplyBasisCorrectly(Curve curve, string axHex, string ayHex, string multipleHex, string resultXHex, string resultYHex) { var ax = LoadValue(axHex); var ay = LoadValue(ayHex); var multiple = LoadValue(multipleHex); var resultx = LoadValue(resultXHex); var resulty = LoadValue(resultYHex); var a = new EdPoint(ax, ay); var expectedResult = new EdPoint(resultx, resulty); var factory = new EdwardsCurveFactory(); var subject = factory.GetCurve(curve); var result = subject.Multiply(a, multiple); Assert.AreEqual(expectedResult.X, result.X, "x"); Assert.AreEqual(expectedResult.Y, result.Y, "y"); }
public void ShouldAddTwoPointsCorrectly(Curve curve, string axHex, string ayHex, string bxHex, string byHex, string resultXHex, string resultYHex) { var ax = LoadValue(axHex); var ay = LoadValue(ayHex); var bx = LoadValue(bxHex); var by = LoadValue(byHex); var resultx = LoadValue(resultXHex); var resulty = LoadValue(resultYHex); var a = new EdPoint(ax, ay); var b = new EdPoint(bx, by); var expectedResult = new EdPoint(resultx, resulty); var factory = new EdwardsCurveFactory(); var subject = factory.GetCurve(curve); var result = subject.Add(a, b); Assert.AreEqual(expectedResult.X, result.X, "x"); Assert.AreEqual(expectedResult.Y, result.Y, "y"); }
private ExtendedEdPoint EdPointToExtended(EdPoint point) { return(new ExtendedEdPoint(point.X, point.Y, _operator.Multiply(point.X, point.Y), 1)); }
public BitString Encode(EdPoint point) { return(EdPointEncoder.Encode(point, VariableB)); }
public EdPoint Multiply(EdPoint startPoint, BigInteger scalar) { // Find scalar within group and convert to NABS, normal modulo here, not on the field, like CAVS return(Multiply(EdPointToExtended(startPoint), new NonAdjacentBitString(scalar % OrderN))); }
public EdPoint Double(EdPoint point) { return(Add(point, point)); }
public EdPoint Subtract(EdPoint pointA, EdPoint pointB) { return(Add(pointA, Negate(pointB))); }
public EdPoint Negate(EdPoint point) { return(new EdPoint(_operator.Negate(point.X), point.Y)); }