public byte[] Encrypt(byte[] Input)
{
int kDiv8 = _K >> 3;
// generate random r of length k div 8 bytes
byte[] r = new byte[kDiv8];
_secRnd.GetBytes(r);
// generate random vector r' of length k bits
GF2Vector rPrime = new GF2Vector(_K, _secRnd);
// convert r' to byte array
byte[] rPrimeBytes = rPrime.GetEncoded();
// compute (input||r)
byte[] mr = ByteUtils.Concatenate(Input, r);
// compute H(input||r)
_dgtEngine.BlockUpdate(mr, 0, mr.Length);
byte[] hmr = new byte[_dgtEngine.DigestSize];
_dgtEngine.DoFinal(hmr, 0);
// convert H(input||r) to error vector z
GF2Vector z = CCA2Conversions.Encode(_N, _T, hmr);
// compute c1 = E(rPrime, z)
byte[] c1 = CCA2Primitives.Encrypt((MPKCPublicKey)_keyPair.PublicKey, rPrime, z).GetEncoded();
byte[] c2;
// get PRNG object
using (KDF2Drbg sr0 = new KDF2Drbg(GetDigest(_cipherParams.Digest)))
{
// seed PRNG with r'
sr0.Initialize(rPrimeBytes);
// generate random c2
c2 = new byte[Input.Length + kDiv8];
sr0.Generate(c2);
}
// XOR with input
for (int i = 0; i < Input.Length; i++)
{
c2[i] ^= Input[i];
}
// XOR with r
for (int i = 0; i < kDiv8; i++)
{
c2[Input.Length + i] ^= r[i];
}
// return (c1||c2)
return(ByteUtils.Concatenate(c1, c2));
}
/// <summary>
/// Encrypt a plain text message
/// </summary>
///
/// <param name="Input">The plain text</param>
///
/// <returns>The cipher text</returns>
public byte[] Encrypt(byte[] Input)
{
// generate random vector r of length k bits
GF2Vector r = new GF2Vector(_K, _secRnd);
// convert r to byte array
byte[] rBytes = r.GetEncoded();
// compute (r||input)
byte[] rm = ByteUtils.Concatenate(rBytes, Input);
// compute H(r||input)
_dgtEngine.BlockUpdate(rm, 0, rm.Length);
byte[] hrm = new byte[_dgtEngine.DigestSize];
_dgtEngine.DoFinal(hrm, 0);
// convert H(r||input) to error vector z
GF2Vector z = CCA2Conversions.Encode(_N, _T, hrm);
// compute c1 = E(r, z)
byte[] c1 = CCA2Primitives.Encrypt((MPKCPublicKey)_keyPair.PublicKey, r, z).GetEncoded();
byte[] c2;
// get PRNG object
using (KDF2Drbg sr0 = new KDF2Drbg(GetDigest(_cipherParams.Digest)))
{
// seed PRNG with r'
sr0.Initialize(rBytes);
// generate random c2
c2 = new byte[Input.Length];
sr0.Generate(c2);
}
// XOR with input
for (int i = 0; i < Input.Length; i++)
{
c2[i] ^= Input[i];
}
// return (c1||c2)
return(ByteUtils.Concatenate(c1, c2));
}
/// <summary>
/// Encrypt a plain text message
/// </summary>
///
/// <param name="Input">The plain text</param>
///
/// <returns>The cipher text</returns>
public byte[] Encrypt(byte[] Input)
{
int c2Len = _dgtEngine.DigestSize;
int c4Len = _K >> 3;
int c5Len = (BigMath.Binomial(_N, _T).BitLength - 1) >> 3;
int mLen = c4Len + c5Len - c2Len - MPKCINFO.Length;
if (Input.Length > mLen)
{
mLen = Input.Length;
}
int c1Len = mLen + MPKCINFO.Length;
int c6Len = c1Len + c2Len - c4Len - c5Len;
// compute (m||const)
byte[] mConst = new byte[c1Len];
Array.Copy(Input, 0, mConst, 0, Input.Length);
Array.Copy(MPKCINFO, 0, mConst, mLen, MPKCINFO.Length);
// generate random r of length c2Len bytes
byte[] r = new byte[c2Len];
_secRnd.GetBytes(r);
byte[] c1;
// get PRNG object ToDo:
//DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest()); //why bc, why?
using (KDF2Drbg sr0 = new KDF2Drbg(GetDigest(_cipherParams.Digest)))
{
// seed PRNG with r'
sr0.Initialize(r);
// generate random sequence ...
c1 = new byte[c1Len];
sr0.Generate(c1);
}
// ... and XOR with (m||const) to obtain c1
for (int i = c1Len - 1; i >= 0; i--)
{
c1[i] ^= mConst[i];
}
// compute H(c1) ...
byte[] c2 = new byte[_dgtEngine.DigestSize];
_dgtEngine.BlockUpdate(c1, 0, c1.Length);
_dgtEngine.DoFinal(c2, 0);
// ... and XOR with r
for (int i = c2Len - 1; i >= 0; i--)
{
c2[i] ^= r[i];
}
// compute (c2||c1)
byte[] c2c1 = ByteUtils.Concatenate(c2, c1);
// split (c2||c1) into (c6||c5||c4), where c4Len is k/8 bytes, c5Len is
// floor[log(n|t)]/8 bytes, and c6Len is c1Len+c2Len-c4Len-c5Len (may be 0).
byte[] c6 = new byte[0];
if (c6Len > 0)
{
c6 = new byte[c6Len];
Array.Copy(c2c1, 0, c6, 0, c6Len);
}
byte[] c5 = new byte[c5Len];
Array.Copy(c2c1, c6Len, c5, 0, c5Len);
byte[] c4 = new byte[c4Len];
Array.Copy(c2c1, c6Len + c5Len, c4, 0, c4Len);
// convert c4 to vector over GF(2)
GF2Vector c4Vec = GF2Vector.OS2VP(_K, c4);
// convert c5 to error vector z
GF2Vector z = CCA2Conversions.Encode(_N, _T, c5);
// compute encC4 = E(c4, z)
byte[] encC4 = CCA2Primitives.Encrypt((MPKCPublicKey)_keyPair.PublicKey, c4Vec, z).GetEncoded();
// if c6Len > 0 return (c6||encC4)
if (c6Len > 0)
{
return(ByteUtils.Concatenate(c6, encC4));
}
// else, return encC4
return(encC4);
}