/*
* W=x*H(G);
* if RNG == NULL then X is passed in
* if RNG != NULL the X is passed out
* if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
*/
public static int GET_G1_MULTIPLE(RAND rng, int type, sbyte[] X, sbyte[] G, sbyte[] W)
{
BIG x;
BIG r = new BIG(ROM.CURVE_Order);
if (rng != null)
{
x = BIG.randomnum(r, rng);
x.toBytes(X);
}
else
{
x = BIG.fromBytes(X);
}
ECP P;
if (type == 0)
{
P = ECP.fromBytes(G);
if (P.is_infinity())
{
return(INVALID_POINT);
}
}
else
{
P = mapit(G);
}
PAIR.G1mul(P, x).toBytes(W);
return(0);
}
/* Functions to support M-Pin Full */
public static int PRECOMPUTE(sbyte[] TOKEN, sbyte[] CID, sbyte[] G1, sbyte[] G2)
{
ECP P, T;
FP12 g;
T = ECP.fromBytes(TOKEN);
if (T.is_infinity())
{
return(INVALID_POINT);
}
P = mapit(CID);
ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa), new BIG(ROM.CURVE_Pxb)), new FP2(new BIG(ROM.CURVE_Pya), new BIG(ROM.CURVE_Pyb)));
g = PAIR.ate(Q, T);
g = PAIR.fexp(g);
g.toBytes(G1);
g = PAIR.ate(Q, P);
g = PAIR.fexp(g);
g.toBytes(G2);
return(0);
}
/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
public static int GET_CLIENT_PERMIT(int date, sbyte[] S, sbyte[] CID, sbyte[] CTT)
{
sbyte[] h = hashit(date, CID);
ECP P = mapit(h);
BIG s = BIG.fromBytes(S);
PAIR.G1mul(P, s).toBytes(CTT);
return(0);
}
/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
public static int GET_SERVER_SECRET(sbyte[] S, sbyte[] SST)
{
ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa), new BIG(ROM.CURVE_Pxb)), new FP2(new BIG(ROM.CURVE_Pya), new BIG(ROM.CURVE_Pyb)));
BIG s = BIG.fromBytes(S);
Q = PAIR.G2mul(Q, s);
Q.toBytes(SST);
return(0);
}
/**
* Verify a WBB signature for a certain message
*
* @param pk Public key
* @param sig Signature
* @param m Message
* @return True iff valid
*/
public static bool weakBBVerify(ECP2 pk, ECP sig, BIG m)
{
ECP2 p = new ECP2();
p.Copy(pk);
p.Add(IdemixUtils.GenG2.Mul(m));
p.Affine();
return(PAIR.FExp(PAIR.Ate(p, sig)).Equals(IdemixUtils.GenGT));
}
/* Implement step 2 on client side of MPin protocol */
public static int CLIENT_2(sbyte[] X, sbyte[] Y, sbyte[] SEC)
{
BIG r = new BIG(ROM.CURVE_Order);
ECP P = ECP.fromBytes(SEC);
if (P.is_infinity())
{
return(INVALID_POINT);
}
BIG px = BIG.fromBytes(X);
BIG py = BIG.fromBytes(Y);
px.add(py);
px.mod(r);
px.rsub(r);
PAIR.G1mul(P, px).toBytes(SEC);
return(0);
}
/**
* verify cryptographically verifies the credential
*
* @param sk the secret key of the user
* @param ipk the public key of the issuer
* @return true iff valid
*/
public bool Verify(BIG sk, IdemixIssuerPublicKey ipk)
{
if (ipk == null || Attrs.Length != ipk.AttributeNames.Length)
{
return(false);
}
foreach (byte[] attr in Attrs)
{
if (attr == null)
{
return(false);
}
}
ECP bPrime = new ECP();
bPrime.Copy(IdemixUtils.GenG1);
bPrime.Add(ipk.Hsk.Mul2(sk, ipk.HRand, S));
for (int i = 0; i < Attrs.Length / 2; i++)
{
bPrime.Add(ipk.HAttrs[2 * i].Mul2(BIG.FromBytes(Attrs[2 * i]), ipk.HAttrs[2 * i + 1], BIG.FromBytes(Attrs[2 * i + 1])));
}
if (Attrs.Length % 2 != 0)
{
bPrime.Add(ipk.HAttrs[Attrs.Length - 1].Mul(BIG.FromBytes(Attrs[Attrs.Length - 1])));
}
if (!B.Equals(bPrime))
{
return(false);
}
ECP2 a = IdemixUtils.GenG2.Mul(E);
a.Add(ipk.W);
a.Affine();
return(PAIR.FExp(PAIR.Ate(a, A)).Equals(PAIR.FExp(PAIR.Ate(IdemixUtils.GenG2, B))));
}
/* NEGW extended ?**** */
static void negw_ex()
{
PAIR r = new PAIR(), t;
{ ea.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; }; t.d = RM16(ea.d);
r.d = (uint)-t.d;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((0 ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); };
WM16(ea.d, r);
}
/* $1023 LBLS relative ----- */
static void lbls()
{
{
PAIR t = new PAIR();
{
t.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1));
konami.pc.wl += 2;
}; if ((konami.cc & (0x04 | 0x01)) != 0)
{
konami_ICount[0] -= 1; konami.pc.wl += t.wl;
change_pc(konami.pc.wl);
}
};
}
/* ASRW extended ?**-* */
static void asrw_ex()
{
PAIR t = new PAIR();
{ ea.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; }; t.d = RM16(ea.d);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
t.d = (t.d & 0x8000) | (t.d >> 1);
{ konami.cc |= (byte)((t.d & 0x8000) >> 12); if (t.d == 0)konami.cc |= 0x04; };
WM16(ea.d, t);
}
/* ROLW indexed -**** */
static void rolw_ix()
{
PAIR t, r = new PAIR();
t.d = RM16(ea.d);
r.d = (uint)(konami.cc & 0x01) | (t.d << 1);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((t.d ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); };
WM16(ea.d, r);
}
/* CLRW extended -0100 */
static void clrw_ex()
{
PAIR t = new PAIR();
t.d = 0;
{ ea.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; };
WM16(ea.d, t);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01)); konami.cc |= 0x04;
}
/* calculate common key on client side */
/* wCID = w.(A+AT) */
public static int CLIENT_KEY(sbyte[] G1, sbyte[] G2, int pin, sbyte[] R, sbyte[] X, sbyte[] wCID, sbyte[] CK)
{
HASH H = new HASH();
sbyte[] t = new sbyte[EFS];
FP12 g1 = FP12.fromBytes(G1);
FP12 g2 = FP12.fromBytes(G2);
BIG z = BIG.fromBytes(R);
BIG x = BIG.fromBytes(X);
ECP W = ECP.fromBytes(wCID);
if (W.is_infinity())
{
return(INVALID_POINT);
}
W = PAIR.G1mul(W, x);
FP2 f = new FP2(new BIG(ROM.CURVE_Fra), new BIG(ROM.CURVE_Frb));
BIG r = new BIG(ROM.CURVE_Order);
BIG q = new BIG(ROM.Modulus);
BIG m = new BIG(q);
m.mod(r);
BIG a = new BIG(z);
a.mod(m);
BIG b = new BIG(z);
b.div(m);
g2.pinpow(pin, PBLEN);
g1.mul(g2);
FP4 c = g1.trace();
g2.copy(g1);
g2.frob(f);
FP4 cp = g2.trace();
g1.conj();
g2.mul(g1);
FP4 cpm1 = g2.trace();
g2.mul(g1);
FP4 cpm2 = g2.trace();
c = c.xtr_pow2(cp, cpm1, cpm2, a, b);
c.geta().A.toBytes(t);
H.process_array(t);
c.geta().B.toBytes(t);
H.process_array(t);
c.getb().A.toBytes(t);
H.process_array(t);
c.getb().B.toBytes(t);
H.process_array(t);
W.X.toBytes(t);
H.process_array(t);
W.Y.toBytes(t);
H.process_array(t);
t = H.hash();
for (int i = 0; i < PAS; i++)
{
CK[i] = t[i];
}
return(0);
}
/* DECW indexed -***- */
static void decw_ix()
{
PAIR t = new PAIR(), r;
t.d = RM16(ea.d);
r = t;
--r.d;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02)); { konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((t.d ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); };
WM16(ea.d, r);
}
/* CLRW indexed -0100 */
static void clrw_ix()
{
PAIR t = new PAIR();
t.d = 0;
WM16(ea.d, t);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01)); konami.cc |= 0x04;
}
public static void RM16(uint Addr, ref PAIR p)
{
p.d = 0;
p.bh = ((byte)cpu_readmem16((int)((Addr) & m6805.amask)));
if (++Addr > m6805.amask) Addr = 0;
p.bl = ((byte)cpu_readmem16((int)((Addr) & m6805.amask)));
}
static void WM16(uint Addr, PAIR p)
{
cpu_writemem16((int)((Addr) & m6805.amask), p.bh);
if (++Addr > m6805.amask) Addr = 0;
cpu_writemem16((int)((Addr) & m6805.amask), p.bl);
}
static void wr_s_handler_w(PAIR p)
{
if (--m6805.s.wl < m6805.sp_low) m6805.s.wl = (ushort)m6805.sp_mask;
cpu_writemem16((int)((m6805.s.wl) & m6805.amask), p.bl);
if (--m6805.s.wl < m6805.sp_low) m6805.s.wl = (ushort)m6805.sp_mask;
cpu_writemem16((int)((m6805.s.wl) & m6805.amask), p.bh);
}
static void rd_s_handler_w(ref PAIR p)
{
p.d = 0;
p.bh = ((byte)cpu_readmem16((int)((m6805.s.wl) & m6805.amask)));
if (++m6805.s.wl > m6805.sp_mask) m6805.s.wl = (ushort)m6805.sp_low;
p.bl = ((byte)cpu_readmem16((int)((m6805.s.wl) & m6805.amask)));
if (++m6805.s.wl > m6805.sp_mask) m6805.s.wl = (ushort)m6805.sp_low;
}
/* calculate common key on server side */
/* Z=r.A - no time permits involved */
public static int SERVER_KEY(sbyte[] Z, sbyte[] SST, sbyte[] W, sbyte[] xID, sbyte[] xCID, sbyte[] SK)
{
HASH H = new HASH();
sbyte[] t = new sbyte[EFS];
ECP2 sQ = ECP2.fromBytes(SST);
if (sQ.is_infinity())
{
return(INVALID_POINT);
}
ECP R = ECP.fromBytes(Z);
if (R.is_infinity())
{
return(INVALID_POINT);
}
ECP U;
if (xCID != null)
{
U = ECP.fromBytes(xCID);
}
else
{
U = ECP.fromBytes(xID);
}
if (U.is_infinity())
{
return(INVALID_POINT);
}
BIG w = BIG.fromBytes(W);
U = PAIR.G1mul(U, w);
FP12 g = PAIR.ate(sQ, R);
g = PAIR.fexp(g);
FP4 c = g.trace();
c.geta().A.toBytes(t);
H.process_array(t);
c.geta().B.toBytes(t);
H.process_array(t);
c.getb().A.toBytes(t);
H.process_array(t);
c.getb().B.toBytes(t);
H.process_array(t);
U.X.toBytes(t);
H.process_array(t);
U.Y.toBytes(t);
H.process_array(t);
t = H.hash();
for (int i = 0; i < PAS; i++)
{
SK[i] = t[i];
}
return(0);
}
/* Implement step 1 on client side of MPin protocol */
public static int CLIENT_1(int date, sbyte[] CLIENT_ID, RAND rng, sbyte[] X, int pin, sbyte[] TOKEN, sbyte[] SEC, sbyte[] xID, sbyte[] xCID, sbyte[] PERMIT)
{
BIG r = new BIG(ROM.CURVE_Order);
// BIG q=new BIG(ROM.Modulus);
BIG x;
// BIG m=new BIG(0);
if (rng != null)
{
x = BIG.randomnum(r, rng);
x.toBytes(X);
}
else
{
x = BIG.fromBytes(X);
}
ECP P, T, W;
BIG px;
// byte[] t=new byte[EFS];
sbyte[] h = hashit(0, CLIENT_ID);
P = mapit(h);
T = ECP.fromBytes(TOKEN);
if (T.is_infinity())
{
return(INVALID_POINT);
}
pin %= MAXPIN;
W = P.pinmul(pin, PBLEN);
T.add(W);
if (date != 0)
{
W = ECP.fromBytes(PERMIT);
if (W.is_infinity())
{
return(INVALID_POINT);
}
T.add(W);
h = hashit(date, h);
W = mapit(h);
if (xID != null)
{
P = PAIR.G1mul(P, x);
P.toBytes(xID);
W = PAIR.G1mul(W, x);
P.add(W);
}
else
{
P.add(W);
P = PAIR.G1mul(P, x);
}
if (xCID != null)
{
P.toBytes(xCID);
}
}
else
{
if (xID != null)
{
P = PAIR.G1mul(P, x);
P.toBytes(xID);
}
}
T.toBytes(SEC);
return(0);
}
/* LSRW direct -0*-* */
static void lsrw_di()
{
PAIR t = new PAIR();
ea.d = konami.dp.d; { ea.bl = (byte)((uint)cpu_readop_arg(konami.pc.d)); konami.pc.wl++; }; t.d = RM16(ea.d);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
t.d >>= 1;
if ((ushort)t.d == 0) konami.cc |= 0x04;
WM16(ea.d, t);
}
/* $108C CMPY immediate -**** */
static void cmpy_im()
{
uint r, d;
PAIR b = new PAIR();
{ b.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; };
d = konami.y.wl;
r = d - b.d;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
{ konami.cc |= (byte)((r & 0x8000) >> 12); if ((ushort)r == 0)konami.cc |= 0x04; konami.cc |= (byte)(((d ^ b.d ^ r ^ (r >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r & 0x10000) >> 16); };
}
/* LSRW extended -0*-* */
static void lsrw_ex()
{
PAIR t = new PAIR();
{ ea.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; }; t.d = RM16(ea.d);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
t.d >>= 1;
if ((ushort)t.d == 0) konami.cc |= 0x04;
WM16(ea.d, t);
}
/* CLRW direct -0100 */
static void clrw_di()
{
PAIR t = new PAIR();
t.d = 0;
ea.d = konami.dp.d; { ea.bl = (byte)((uint)cpu_readop_arg(konami.pc.d)); konami.pc.wl++; };
WM16(ea.d, t);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
konami.cc |= 0x04;
}
/* RORW extended -**-* */
static void rorw_ex()
{
PAIR t, r = new PAIR();
{ ea.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; }; t.d = RM16(ea.d);
r.d = (uint)(konami.cc & 0x01) << 15;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
r.d |= t.d >> 1;
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if (r.d == 0)konami.cc |= 0x04; };
WM16(ea.d, r);
}
/* DECW direct -***- */
static void decw_di()
{
PAIR t = new PAIR(), r;
ea.d = konami.dp.d; { ea.bl = (byte)((uint)cpu_readop_arg(konami.pc.d)); konami.pc.wl++; }; t.d = RM16(ea.d);
r = t;
--r.d;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02));
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((t.d ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); }; ;
WM16(ea.d, r);
}
/* Implement step 2 of MPin protocol on server side */
public static int SERVER_2(int date, sbyte[] HID, sbyte[] HTID, sbyte[] Y, sbyte[] SST, sbyte[] xID, sbyte[] xCID, sbyte[] mSEC, sbyte[] E, sbyte[] F)
{
BIG q = new BIG(ROM.Modulus);
ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa), new BIG(ROM.CURVE_Pxb)), new FP2(new BIG(ROM.CURVE_Pya), new BIG(ROM.CURVE_Pyb)));
ECP2 sQ = ECP2.fromBytes(SST);
if (sQ.is_infinity())
{
return(INVALID_POINT);
}
ECP R;
if (date != 0)
{
R = ECP.fromBytes(xCID);
}
else
{
if (xID == null)
{
return(BAD_PARAMS);
}
R = ECP.fromBytes(xID);
}
if (R.is_infinity())
{
return(INVALID_POINT);
}
BIG y = BIG.fromBytes(Y);
ECP P;
if (date != 0)
{
P = ECP.fromBytes(HTID);
}
else
{
if (HID == null)
{
return(BAD_PARAMS);
}
P = ECP.fromBytes(HID);
}
if (P.is_infinity())
{
return(INVALID_POINT);
}
P = PAIR.G1mul(P, y);
P.add(R);
R = ECP.fromBytes(mSEC);
if (R.is_infinity())
{
return(INVALID_POINT);
}
FP12 g;
// FP12 g1=new FP12(0);
g = PAIR.ate2(Q, R, sQ, P);
g = PAIR.fexp(g);
if (!g.isunity())
{
if (HID != null && xID != null && E != null && F != null)
{
g.toBytes(E);
if (date != 0)
{
P = ECP.fromBytes(HID);
if (P.is_infinity())
{
return(INVALID_POINT);
}
R = ECP.fromBytes(xID);
if (R.is_infinity())
{
return(INVALID_POINT);
}
P = PAIR.G1mul(P, y);
P.add(R);
}
g = PAIR.ate(Q, P);
g = PAIR.fexp(g);
g.toBytes(F);
}
return(BAD_PIN);
}
return(0);
}
/* TSTW direct -**0- */
static void tstw_di()
{
PAIR t = new PAIR();
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02));
ea.d = konami.dp.d; { ea.bl = (byte)((uint)cpu_readop_arg(konami.pc.d)); konami.pc.wl++; }; t.d = RM16(ea.d);
{ konami.cc |= (byte)((t.d & 0x8000) >> 12); if (t.d == 0)konami.cc |= 0x04; };
}
public int[][] DecodeNBestCRF(Sequence seq, int N)
{
//ys contains the output of RNN for each word
Matrix<double> ys = ProcessSequence(seq, RunningMode.Test);
int n = seq.States.Length;
int K = OutputLayer.LayerSize;
Matrix<double> STP = CRFTagTransWeights;
PAIR<int, int>[,,] vPath = new PAIR<int, int>[n, K, N];
int DUMP_LABEL = -1;
double[,] vPreAlpha = new double[K, N];
double[,] vAlpha = new double[K, N];
int nStartTagIndex = 0;
int nEndTagIndex = 0;
double MIN_VALUE = double.MinValue;
//viterbi algorithm
for (int i = 0; i < K; i++)
{
for (int j = 0; j < N; j++)
{
vPreAlpha[i, j] = MIN_VALUE;
vPath[0, i, j] = new PAIR<int, int>(DUMP_LABEL, 0);
}
}
vPreAlpha[nStartTagIndex, 0] = ys[0][nStartTagIndex];
vPath[0, nStartTagIndex, 0].first = nStartTagIndex;
AdvUtils.PriorityQueue<double, PAIR<int, int>> q = new AdvUtils.PriorityQueue<double, PAIR<int, int>>();
for (int t = 1; t < n; t++)
{
for (int j = 0; j < K; j++)
{
while (q.Count() > 0)
q.Dequeue();
double _stp = STP[j][0];
double _y = ys[t][j];
for (int k = 0; k < N; k++)
{
double score = vPreAlpha[0, k] + _stp + _y;
q.Enqueue(score, new PAIR<int, int>(0, k));
}
for (int i = 1; i < K; i++)
{
_stp = STP[j][i];
for (int k = 0; k < N; k++)
{
double score = vPreAlpha[i, k] + _stp + _y;
if (score <= q.Peek().Key)
break;
q.Dequeue();
q.Enqueue(score, new PAIR<int, int>(i, k));
}
}
int idx = N - 1;
while (q.Count() > 0)
{
vAlpha[j, idx] = q.Peek().Key;
vPath[t, j, idx] = q.Peek().Value;
idx--;
q.Dequeue();
}
}
vPreAlpha = vAlpha;
vAlpha = new double[K, N];
}
//backtrace to get the n-best result path
int[][] vTagOutput = new int[N][];
for (int i = 0; i < N; i++)
{
vTagOutput[i] = new int[n];
}
for (int k = 0; k < N; k++)
{
vTagOutput[k][n - 1] = nEndTagIndex;
PAIR<int, int> decision = new PAIR<int, int>(nEndTagIndex, k);
for (int t = n - 2; t >= 0; t--)
{
vTagOutput[k][t] = vPath[t + 1, decision.first, decision.second].first;
decision = vPath[t + 1, decision.first, decision.second];
}
}
return vTagOutput;
}
/* LSRW indexed -0*-* */
static void lsrw_ix()
{
PAIR t = new PAIR();
t.d = RM16(ea.d);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
t.d >>= 1;
if ((ushort)t.d == 0) konami.cc |= 0x04;
WM16(ea.d, t);
}
public int[][] DecodeNBestCRF(float[] ys, int numStats, int numNBest)
{
var vPath = new PAIR <int, int> [numStats, m_tagSetSize, numNBest];
var DUMP_LABEL = -1;
var vPreAlpha = new float[m_tagSetSize, numNBest];
var vAlpha = new float[m_tagSetSize, numNBest];
var nStartTagIndex = 0;
var nEndTagIndex = 0;
var MIN_VALUE = float.MinValue;
//viterbi algorithm
for (var i = 0; i < m_tagSetSize; i++)
{
for (var j = 0; j < numNBest; j++)
{
vPreAlpha[i, j] = MIN_VALUE;
vPath[0, i, j] = new PAIR <int, int>(DUMP_LABEL, 0);
}
}
vPreAlpha[nStartTagIndex, 0] = ys[nStartTagIndex];
vPath[0, nStartTagIndex, 0].first = nStartTagIndex;
var q = new PriorityQueue <float, PAIR <int, int> >();
for (var t = 1; t < numStats; t++)
{
for (var j = 0; j < m_tagSetSize; j++)
{
while (q.Count() > 0)
{
q.Dequeue();
}
var _stp = CRFWeights[j * m_tagSetSize];
var _y = ys[t * m_tagSetSize + j];
for (var k = 0; k < numNBest; k++)
{
var score = vPreAlpha[0, k] + _stp + _y;
q.Enqueue(score, new PAIR <int, int>(0, k));
}
for (var i = 1; i < m_tagSetSize; i++)
{
_stp = CRFWeights[j * m_tagSetSize + i];
for (var k = 0; k < numNBest; k++)
{
var score = vPreAlpha[i, k] + _stp + _y;
if (score <= q.Peek().Key)
{
break;
}
q.Dequeue();
q.Enqueue(score, new PAIR <int, int>(i, k));
}
}
var idx = numNBest - 1;
while (q.Count() > 0)
{
vAlpha[j, idx] = q.Peek().Key;
vPath[t, j, idx] = q.Peek().Value;
idx--;
q.Dequeue();
}
}
vPreAlpha = vAlpha;
vAlpha = new float[m_tagSetSize, numNBest];
}
//backtrace to get the n-best result path
var vTagOutput = new int[numNBest][];
for (var i = 0; i < numNBest; i++)
{
vTagOutput[i] = new int[numStats];
}
for (var k = 0; k < numNBest; k++)
{
vTagOutput[k][numStats - 1] = nEndTagIndex;
var decision = new PAIR <int, int>(nEndTagIndex, k);
for (var t = numStats - 2; t >= 0; t--)
{
vTagOutput[k][t] = vPath[t + 1, decision.first, decision.second].first;
decision = vPath[t + 1, decision.first, decision.second];
}
}
return(vTagOutput);
}
/* RORW indexed -**-* */
static void rorw_ix()
{
PAIR t, r = new PAIR();
t.d = RM16(ea.d);
r.d = (uint)(konami.cc & 0x01) << 15;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
r.d |= t.d >> 1;
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if (r.d == 0)konami.cc |= 0x04; };
WM16(ea.d, r);
}
/* $1024 LBCC relative ----- */
void lbcc()
{
{
PAIR t = new PAIR(); t.d = (uint)(((cpu_readop_arg(m6809.pc.d)) << 8) | (cpu_readop_arg((m6809.pc.d + 1) & 0xffff)));
m6809.pc.wl += 2; if ((m6809.cc & 0x01) == 0) { m6809_ICount[0] -= 1; m6809.pc.wl += t.wl; change_pc16(m6809.pc.d); }
};
}
/* ASRW indexed ?**-* */
static void asrw_ix()
{
PAIR t = new PAIR();
t.d = RM16(ea.d);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x01));
konami.cc |= (byte)(t.d & 0x01);
t.d = (t.d & 0x8000) | (t.d >> 1);
{ konami.cc |= (byte)((t.d & 0x8000) >> 12); if (t.d == 0)konami.cc |= 0x04; };
WM16(ea.d, t);
}
/* $102F LBLE relative ----- */
void lble()
{
{
PAIR t = new PAIR(); t.d = (uint)(((cpu_readop_arg(m6809.pc.d)) << 8) | (cpu_readop_arg((m6809.pc.d + 1) & 0xffff)));
m6809.pc.wl += 2; if ((((m6809.cc & 0x08) ^ ((m6809.cc & 0x02) << 2)) != 0 || (m6809.cc & 0x04) != 0)) { m6809_ICount[0] -= 1; m6809.pc.wl += t.wl; change_pc16(m6809.pc.d); }
};
}
/* ROLW direct -**** */
static void rolw_di()
{
PAIR t, r = new PAIR();
ea.d = konami.dp.d; { ea.bl = (byte)((uint)cpu_readop_arg(konami.pc.d)); konami.pc.wl++; }; t.d = RM16(ea.d);
r.d = (uint)(konami.cc & 0x01) | (t.d << 1);
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((t.d ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); };
WM16(ea.d, r);
}
/**
* Verify this signature
*
* @param disclosure an array indicating which attributes it expects to be disclosed
* @param ipk the issuer public key
* @param msg the message that should be signed in this signature
* @param attributeValues BIG array where attributeValues[i] contains the desired attribute value for the i-th attribute if its disclosed
* @param rhIndex index of the attribute that represents the revocation-handle
* @param revPk the long term public key used to authenticate CRIs
* @param epoch monotonically increasing counter representing a time window
* @return true iff valid
*/
// ReSharper disable once ParameterHidesMember
public bool Verify(bool[] disclosure, IdemixIssuerPublicKey ipk, byte[] msg, BIG[] attributeValues, int rhIndex, KeyPair revPk, int epoch)
{
if (disclosure == null || ipk == null || msg == null || attributeValues == null || attributeValues.Length != ipk.AttributeNames.Length || disclosure.Length != ipk.AttributeNames.Length)
{
return(false);
}
for (int i = 0; i < ipk.AttributeNames.Length; i++)
{
if (disclosure[i] && attributeValues[i] == null)
{
return(false);
}
}
int[] hiddenIndices = HiddenIndices(disclosure);
if (proofSAttrs.Length != hiddenIndices.Length)
{
return(false);
}
if (aPrime.IsInfinity())
{
return(false);
}
if (nonRevocationProof.RevocationAlg >= Enum.GetValues(typeof(RevocationAlgorithm)).Length)
{
throw new ArgumentException("CRI specifies unknown revocation algorithm");
}
RevocationAlgorithm revocationAlgorithm = (RevocationAlgorithm)nonRevocationProof.RevocationAlg;
if (disclosure[rhIndex])
{
throw new ArgumentException("Attribute " + rhIndex + " is disclosed but also used a revocation handle attribute, which should remain hidden");
}
// Verify EpochPK
if (!RevocationAuthority.VerifyEpochPK(revPk, revocationPk, revocationPKSig, epoch, revocationAlgorithm))
{
// Signature is based on an invalid revocation epoch public key
return(false);
}
FP12 temp1 = PAIR.Ate(ipk.W, aPrime);
FP12 temp2 = PAIR.Ate(IdemixUtils.GenG2, aBar);
temp2.Inverse();
temp1.mul(temp2);
if (!PAIR.FExp(temp1).IsUnity())
{
return(false);
}
ECP t1 = aPrime.Mul2(proofSE, ipk.HRand, proofSR2);
ECP temp = new ECP();
temp.Copy(aBar);
temp.Sub(bPrime);
t1.Sub(PAIR.G1Mul(temp, proofC));
ECP t2 = PAIR.G1Mul(ipk.HRand, proofSSPrime);
t2.Add(bPrime.Mul2(proofSR3, ipk.Hsk, proofSSk));
for (int i = 0; i < hiddenIndices.Length / 2; i++)
{
t2.Add(ipk.HAttrs[hiddenIndices[2 * i]].Mul2(proofSAttrs[2 * i], ipk.HAttrs[hiddenIndices[2 * i + 1]], proofSAttrs[2 * i + 1]));
}
if (hiddenIndices.Length % 2 != 0)
{
t2.Add(PAIR.G1Mul(ipk.HAttrs[hiddenIndices[hiddenIndices.Length - 1]], proofSAttrs[hiddenIndices.Length - 1]));
}
temp = new ECP();
temp.Copy(IdemixUtils.GenG1);
for (int i = 0; i < disclosure.Length; i++)
{
if (disclosure[i])
{
temp.Add(PAIR.G1Mul(ipk.HAttrs[i], attributeValues[i]));
}
}
t2.Add(PAIR.G1Mul(temp, proofC));
ECP t3 = ipk.Hsk.Mul2(proofSSk, ipk.HRand, proofSRNym);
t3.Sub(nym.Mul(proofC));
// Check with non-revoked-verifier
INonRevocationVerifier nonRevokedVerifier = NonRevocationVerifier.GetNonRevocationVerifier(revocationAlgorithm);
int hiddenRHIndex = Array.IndexOf(hiddenIndices, rhIndex);
if (hiddenRHIndex < 0)
{
// rhIndex is not present, set to last index position
hiddenRHIndex = hiddenIndices.Length;
}
BIG proofSRh = proofSAttrs[hiddenRHIndex];
byte[] nonRevokedProofBytes = nonRevokedVerifier.RecomputeFSContribution(nonRevocationProof, proofC, revocationPk.ToECP2(), proofSRh);
if (nonRevokedProofBytes == null)
{
return(false);
}
// create proofData such that it can contain the sign label, 7 elements in G1 (each of size 2*FIELD_BYTES+1),
// the ipk hash, the disclosure array, and the message
byte[] proofData = new byte[0];
proofData = proofData.Append(SIGN_LABEL.ToBytes());
proofData = proofData.Append(t1.ToBytes());
proofData = proofData.Append(t2.ToBytes());
proofData = proofData.Append(t3.ToBytes());
proofData = proofData.Append(aPrime.ToBytes());
proofData = proofData.Append(aBar.ToBytes());
proofData = proofData.Append(bPrime.ToBytes());
proofData = proofData.Append(nym.ToBytes());
proofData = proofData.Append(ipk.Hash);
proofData = proofData.Append(disclosure);
proofData = proofData.Append(msg);
BIG cvalue = proofData.HashModOrder();
byte[] finalProofData = new byte[0];
finalProofData = finalProofData.Append(cvalue.ToBytes());
finalProofData = finalProofData.Append(nonce.ToBytes());
byte[] hashedProofData = finalProofData.HashModOrder().ToBytes();
return(Enumerable.SequenceEqual(proofC.ToBytes(), hashedProofData));
}
/* NEGW indexed ?**** */
static void negw_ix()
{
PAIR r = new PAIR(), t;
t.d = RM16(ea.d);
r.d = (uint)-t.d;
konami.cc &= unchecked((byte)~(0x08 | 0x04 | 0x02 | 0x01));
{ konami.cc |= (byte)((r.d & 0x8000) >> 12); if ((ushort)r.d == 0)konami.cc |= 0x04; konami.cc |= (byte)(((0 ^ t.d ^ r.d ^ (r.d >> 1)) & 0x8000) >> 14); konami.cc |= (byte)((r.d & 0x10000) >> 16); };
WM16(ea.d, r);
}
/**
* Create a new IdemixSignature by proving knowledge of a credential
*
* @param c the credential used to create an idemix signature
* @param sk the signer's secret key
* @param pseudonym a pseudonym of the signer
* @param ipk the issuer public key
* @param disclosure a bool-array that steers the disclosure of attributes
* @param msg the message to be signed
* @param rhIndex the index of the attribute that represents the revocation handle
* @param cri the credential revocation information that allows the signer to prove non-revocation
*/
public IdemixSignature(IdemixCredential c, BIG sk, IdemixPseudonym pseudonym, IdemixIssuerPublicKey ipk, bool[] disclosure, byte[] msg, int rhIndex, CredentialRevocationInformation cri)
{
if (c == null || sk == null || pseudonym == null || pseudonym.Nym == null || pseudonym.RandNym == null || ipk == null || disclosure == null || msg == null || cri == null)
{
throw new ArgumentException("Cannot construct idemix signature from null input");
}
if (disclosure.Length != c.Attrs.Length)
{
throw new ArgumentException("Disclosure length must be the same as the number of attributes");
}
if (cri.RevocationAlg >= Enum.GetValues(typeof(RevocationAlgorithm)).Length)
{
throw new ArgumentException("CRI specifies unknown revocation algorithm");
}
if (cri.RevocationAlg != (int)RevocationAlgorithm.ALG_NO_REVOCATION && disclosure[rhIndex])
{
throw new ArgumentException("Attribute " + rhIndex + " is disclosed but also used a revocation handle attribute, which should remain hidden");
}
RevocationAlgorithm revocationAlgorithm = (RevocationAlgorithm)cri.RevocationAlg;
int[] hiddenIndices = HiddenIndices(disclosure);
RAND rng = IdemixUtils.GetRand();
// Start signature
BIG r1 = rng.RandModOrder();
BIG r2 = rng.RandModOrder();
BIG r3 = new BIG(r1);
r3.InvModp(IdemixUtils.GROUP_ORDER);
nonce = rng.RandModOrder();
aPrime = PAIR.G1Mul(c.A, r1);
aBar = PAIR.G1Mul(c.B, r1);
aBar.Sub(PAIR.G1Mul(aPrime, c.E));
bPrime = PAIR.G1Mul(c.B, r1);
bPrime.Sub(PAIR.G1Mul(ipk.HRand, r2));
BIG sPrime = new BIG(c.S);
sPrime.Add(BIG.ModNeg(BIG.ModMul(r2, r3, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER));
sPrime.Mod(IdemixUtils.GROUP_ORDER);
//Construct Zero Knowledge Proof
BIG rsk = rng.RandModOrder();
BIG re = rng.RandModOrder();
BIG rR2 = rng.RandModOrder();
BIG rR3 = rng.RandModOrder();
BIG rSPrime = rng.RandModOrder();
BIG rRNym = rng.RandModOrder();
BIG[] rAttrs = new BIG[hiddenIndices.Length];
for (int i = 0; i < hiddenIndices.Length; i++)
{
rAttrs[i] = rng.RandModOrder();
}
// Compute non-revoked proof
INonRevocationProver prover = NonRevocationProver.GetNonRevocationProver(revocationAlgorithm);
int hiddenRHIndex = Array.IndexOf(hiddenIndices, rhIndex);
if (hiddenRHIndex < 0)
{
// rhIndex is not present, set to last index position
hiddenRHIndex = hiddenIndices.Length;
}
byte[] nonRevokedProofHashData = prover.GetFSContribution(BIG.FromBytes(c.Attrs[rhIndex]), rAttrs[hiddenRHIndex], cri);
if (nonRevokedProofHashData == null)
{
throw new Exception("Failed to compute non-revoked proof");
}
ECP t1 = aPrime.Mul2(re, ipk.HRand, rR2);
ECP t2 = PAIR.G1Mul(ipk.HRand, rSPrime);
t2.Add(bPrime.Mul2(rR3, ipk.Hsk, rsk));
for (int i = 0; i < hiddenIndices.Length / 2; i++)
{
t2.Add(ipk.HAttrs[hiddenIndices[2 * i]].Mul2(rAttrs[2 * i], ipk.HAttrs[hiddenIndices[2 * i + 1]], rAttrs[2 * i + 1]));
}
if (hiddenIndices.Length % 2 != 0)
{
t2.Add(PAIR.G1Mul(ipk.HAttrs[hiddenIndices[hiddenIndices.Length - 1]], rAttrs[hiddenIndices.Length - 1]));
}
ECP t3 = ipk.Hsk.Mul2(rsk, ipk.HRand, rRNym);
// create proofData such that it can contain the sign label, 7 elements in G1 (each of size 2*FIELD_BYTES+1),
// the ipk hash, the disclosure array, and the message
byte[] proofData = new byte[0];
proofData = proofData.Append(SIGN_LABEL.ToBytes());
proofData = proofData.Append(t1.ToBytes());
proofData = proofData.Append(t2.ToBytes());
proofData = proofData.Append(t3.ToBytes());
proofData = proofData.Append(aPrime.ToBytes());
proofData = proofData.Append(aBar.ToBytes());
proofData = proofData.Append(bPrime.ToBytes());
proofData = proofData.Append(pseudonym.Nym.ToBytes());
proofData = proofData.Append(ipk.Hash);
proofData = proofData.Append(disclosure);
proofData = proofData.Append(msg);
BIG cvalue = proofData.HashModOrder();
byte[] finalProofData = new byte[0];
finalProofData = finalProofData.Append(cvalue.ToBytes());
finalProofData = finalProofData.Append(nonce.ToBytes());
proofC = finalProofData.HashModOrder();
proofSSk = rsk.ModAdd(BIG.ModMul(proofC, sk, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSE = re.ModSub(BIG.ModMul(proofC, c.E, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSR2 = rR2.ModAdd(BIG.ModMul(proofC, r2, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSR3 = rR3.ModSub(BIG.ModMul(proofC, r3, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSSPrime = rSPrime.ModAdd(BIG.ModMul(proofC, sPrime, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSRNym = rRNym.ModAdd(BIG.ModMul(proofC, pseudonym.RandNym, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
nym = new ECP();
nym.Copy(pseudonym.Nym);
proofSAttrs = new BIG[hiddenIndices.Length];
for (int i = 0; i < hiddenIndices.Length; i++)
{
proofSAttrs[i] = new BIG(rAttrs[i]);
proofSAttrs[i].Add(BIG.ModMul(proofC, BIG.FromBytes(c.Attrs[hiddenIndices[i]]), IdemixUtils.GROUP_ORDER));
proofSAttrs[i].Mod(IdemixUtils.GROUP_ORDER);
}
// include non-revocation proof in signature
revocationPk = cri.EpochPk;
revocationPKSig = cri.EpochPkSig.ToByteArray();
epoch = cri.Epoch;
nonRevocationProof = prover.GetNonRevocationProof(proofC);
}
static void WM16(uint Addr, PAIR p)
{
cpu_writemem16((int)Addr, p.bh);
cpu_writemem16((int)(Addr + 1) & 0xffff, p.bl);
}
/* $102F LBLE relative ----- */
static void lble()
{
{
PAIR t = new PAIR(); { t.d = (((uint)cpu_readop_arg(konami.pc.d)) << 8) | ((uint)cpu_readop_arg(konami.pc.d + 1)); konami.pc.wl += 2; };
if ((((konami.cc & 0x08) ^ ((konami.cc & 0x02) << 2)) != 0 || (konami.cc & 0x04) != 0))
{
konami_ICount[0] -= 1; konami.pc.wl += t.wl;
change_pc(konami.pc.wl);
}
};
}
void PUSHWORD(PAIR w)
{
--konami.s.wl;
cpu_writemem16((int)konami.s.d, w.bl);
--konami.s.wl;
cpu_writemem16((int)konami.s.d, w.bh);
}
void fd_e2() { illegal_1(); } /* DB FD */
void fd_e3() { { PAIR tmp = new PAIR(); RM16(Z80.SP.d, ref tmp); WM16(Z80.SP.d, Z80.IY); Z80.IY = tmp; }; } /* EX (SP),IY */
