private void ExecuteRandomThread()
{
FireEventExecuteTest();
int i = 1;
for (; i <= m_Rounds; i++)
{
BigInteger k = BigIntegerHelper.Max(2, BigIntegerHelper.RandomIntLimit(BigInteger.Parse(m_RandomBaseTo.ToString())));
if (ExecuteWitness(i, new PrimesBigInteger(k.ToString())))
{
break;
}
}
if (i <= m_Rounds)
{
log.Info(string.Format((i == 1) ? rsc.Primetest.mr_witnessfound1 : rsc.Primetest.mr_witnessfound2, i, m_Value));
}
else
{
log.Info(string.Format((m_Rounds.IntValue == 1) ? rsc.Primetest.mr_witnessnotfound1 : rsc.Primetest.mr_witnessnotfound2, m_Rounds.IntValue, m_Value));
}
FireEventCancelTest();
}
public void Execute()
{
if (currentAttempt == 0)
{
RateOfSuccess = Math.Pow(settings._AmountOfOptions, -settings.AmountOfAttempts);
OnPropertyChanged("RateOfSuccess");
}
if (currentAttempt > 0 && OutputRandom != Input)
{
Success = false;
}
if (currentAttempt >= settings.AmountOfAttempts || !Success)
{
OnPropertyChanged("Success");
ProgressChanged(1, 1);
return;
}
OutputRandom = BigIntegerHelper.RandomIntLimit(settings._AmountOfOptions);
OnPropertyChanged("AmountOfOptions");
OnPropertyChanged("OutputRandom");
currentAttempt++;
ProgressChanged(currentAttempt, settings.AmountOfAttempts);
}
/*
* Encryption ( g^m * r^n = (1 + m*n) * r^n mod n^2 )
* Hint: g^m = (n+1)^m = sum(k=0,m)((m over k)*n^k) = 1+m*n (mod n^2)
*/
//private BigInteger encrypt(BigInteger m, bool useRandom=true )
private BigInteger encrypt(BigInteger m)
{
if (m >= n)
{
GuiLogMessage("Message is bigger than N - this will produce a wrong result!", NotificationLevel.Warning);
}
BigInteger r;
Boolean useRandom = true;
if (useRandom)
{
while (true)
{
r = BigIntegerHelper.RandomIntLimit(n) % n;
if (BigInteger.GreatestCommonDivisor(r, n) == 1)
{
break;
}
GuiLogMessage("GCD <> 1, retrying...", NotificationLevel.Warning);
}
r = BigInteger.ModPow(r, n, n_square);
//r = cipherMul(r,n);
}
else
{
r = 1;
}
return((((n * m + 1) % n_square) * r) % n_square);
//return cipherAdd( (n * m + 1) % n_square, r );
}
public void Execute()
{
ProgressChanged(0, 1);
if (AmountOfOptions <= 0)
{
GuiLogMessage("AmountOfOptions must be a positive integer.", NotificationLevel.Error);
return;
}
if (settings.Secret)
{
// If the prover knows the secret, he can generate any requested number.
// This is represented by him simply forwarding the requested number 'Input' to the 'Output'.
Output = Input;
}
else
{
// If the prover doesn't know he secret, he doesn't know how to produce the requested number.
// He can only hope his random guess equals the requested number.
// The more rounds and the more choices there are, it will become more and more unlikely that he always guesses right.
Output = BigIntegerHelper.RandomIntLimit(AmountOfOptions);
}
OnPropertyChanged("Output");
ProgressChanged(1, 1);
}
public void Execute()
{
ProgressChanged(0, 1);
if (NumberOfNumbers <= 0)
{
GuiLogMessage("The number of numbers must be greater than 0.", NotificationLevel.Error);
return;
}
if (Maximum <= 0)
{
GuiLogMessage("The maximum value must be greater than 0.", NotificationLevel.Error);
return;
}
List = new BigInteger[NumberOfNumbers];
for (int i = 0; i < NumberOfNumbers; i++)
{
List[i] = BigIntegerHelper.RandomIntLimit(Maximum);
}
OnPropertyChanged("List");
ProgressChanged(1, 1);
}
/*
* DGK encryption using CRT for the owner of the private key (p,q,vp,vq).
*/
BigInteger encryptCRT(BigInteger message)
{
if (message >= u)
{
GuiLogMessage("Message is bigger than U - this will produce a wrong result!", NotificationLevel.Warning);
}
// Use Zv instead of a 2t bit number:
BigInteger r = BigIntegerHelper.RandomIntLimit(vpvq);
// Calculate in Zp and Zq instead of Zn:
BigInteger tmp_cp = BigInteger.ModPow(g, message, p) * BigInteger.ModPow(h, r, p);
BigInteger tmp_cq = BigInteger.ModPow(g, message, q) * BigInteger.ModPow(h, r, q);
return((tmp_cp * qq_inv + tmp_cq * pp_inv) % n);
}
public void Execute()
{
ProgressChanged(0, 1);
if (b < 0 || b >= x.Length)
{
GuiLogMessage("Requested message index " + b + " is illegal, it must be bigger than 0 and smaller than " + x.Length, NotificationLevel.Error);
return;
}
K = BigIntegerHelper.RandomIntLimit(N);
v = (x[b] + BigInteger.ModPow(K, e, N)) % N;
OnPropertyChanged("K");
OnPropertyChanged("v");
ProgressChanged(1, 1);
}
/*
* Standard DGK encryption.
*/
BigInteger encrypt(BigInteger message)
{
if (secretKeyValid)
{
return(encryptCRT(message));
}
if (message >= u)
{
GuiLogMessage("Message is bigger than U - this will produce a wrong result!", NotificationLevel.Warning);
}
//BigInteger r = BigIntegerHelper.RandomIntBits(DGK_BLINDING_T);
// Choose random number with 2t bits. But t is not part of the public key.
// Workaround: use n as upper bound. n has k bits and k>t, so n^2 has 2k bits.
BigInteger r = BigIntegerHelper.RandomIntLimit(n_square);
return(cipherAdd(cipherMul(g, message), cipherMul(h, r)));
//return ( BigInteger.ModPow(g,message,n) * BigInteger.ModPow(h,r,n) ) % n;
}
/// <summary>
/// Called by the environment to start generating of public/private keys
/// </summary>
public void Execute()
{
BigInteger p;
BigInteger q;
BigInteger n;
BigInteger e;
BigInteger d;
ProgressChanged(0.0, 1.0);
switch (settings.Source)
{
// manual
case 0:
try
{
p = BigIntegerHelper.ParseExpression(settings.P);
q = BigIntegerHelper.ParseExpression(settings.Q);
e = BigIntegerHelper.ParseExpression(settings.E);
if (!BigIntegerHelper.IsProbablePrime(p))
{
GuiLogMessage(p.ToString() + " is not prime!", NotificationLevel.Error);
return;
}
if (!BigIntegerHelper.IsProbablePrime(q))
{
GuiLogMessage(q.ToString() + " is not prime!", NotificationLevel.Error);
return;
}
if (p == q)
{
GuiLogMessage("The primes P and Q can not be equal!", NotificationLevel.Error);
return;
}
}
catch (Exception ex)
{
GuiLogMessage("Invalid Big Number input: " + ex.Message, NotificationLevel.Error);
return;
}
try
{
D = BigIntegerHelper.ModInverse(e, (p - 1) * (q - 1));
}
catch (Exception)
{
GuiLogMessage("RSAKeyGenerator Error: E (" + e + ") can not be inverted.", NotificationLevel.Error);
return;
}
try
{
N = p * q;
E = e;
}
catch (Exception ex)
{
GuiLogMessage("Big Number fail: " + ex.Message, NotificationLevel.Error);
return;
}
break;
case 1:
try
{
n = BigIntegerHelper.ParseExpression(settings.N);
d = BigIntegerHelper.ParseExpression(settings.D);
e = BigIntegerHelper.ParseExpression(settings.E);
}
catch (Exception ex)
{
GuiLogMessage("Invalid Big Number input: " + ex.Message, NotificationLevel.Error);
return;
}
try
{
N = n;
E = e;
D = d;
}
catch (Exception ex)
{
GuiLogMessage("Big Number fail: " + ex.Message, NotificationLevel.Error);
return;
}
break;
//randomly generated
case 2:
try
{
n = BigInteger.Parse(this.settings.Range);
switch (this.settings.RangeType)
{
case 0: // n = number of bits for primes
if ((int)n <= 2)
{
GuiLogMessage("Value for n has to be greater than 2.", NotificationLevel.Error);
return;
}
if (n >= 1024)
{
GuiLogMessage("Please note that the generation of prime numbers with " + n + " bits may take some time...", NotificationLevel.Warning);
}
// calculate the number of expected tries for the indeterministic prime number generation using the density of primes in the given region
BigInteger limit = ((BigInteger)1) << (int)n;
limittries = (int)(BigInteger.Log(limit) / 6);
expectedtries = 2 * limittries;
tries = 0;
p = this.RandomPrimeBits((int)n);
tries = limittries; limittries = expectedtries;
do
{
q = this.RandomPrimeBits((int)n);
} while (p == q);
break;
case 1: // n = upper limit for primes
default:
if (n <= 4)
{
GuiLogMessage("Value for n has to be greater than 4", NotificationLevel.Error);
return;
}
p = BigIntegerHelper.RandomPrimeLimit(n + 1);
ProgressChanged(0.5, 1.0);
do
{
q = BigIntegerHelper.RandomPrimeLimit(n + 1);
} while (p == q);
break;
}
}
catch
{
GuiLogMessage("Please enter an integer value for n.", NotificationLevel.Error);
return;
}
BigInteger phi = (p - 1) * (q - 1);
// generate E for the given values of p and q
bool found = false;
foreach (var ee in new BigInteger[] { 3, 5, 7, 11, 17, 65537 })
{
if (ee < phi && ee.GCD(phi) == 1)
{
E = ee; found = true; break;
}
}
if (!found)
{
for (int i = 0; i < 1000; i++)
{
e = BigIntegerHelper.RandomIntLimit(phi);
if (e >= 2 && e.GCD(phi) == 1)
{
E = e; found = true; break;
}
}
}
if (!found)
{
GuiLogMessage("Could not generate a valid E for p=" + p + " and q=" + q + ".", NotificationLevel.Error);
return;
}
N = p * q;
D = BigIntegerHelper.ModInverse(E, phi);
break;
//using x509 certificate
case 3:
try
{
X509Certificate2 cert;
RSAParameters par;
if (this.settings.Password != "")
{
GuiLogMessage("Password entered. Try getting public and private key", NotificationLevel.Info);
cert = new X509Certificate2(settings.CertificateFile, settings.Password, X509KeyStorageFlags.Exportable);
if (cert == null || cert.PrivateKey == null)
{
throw new Exception("Private Key of X509Certificate could not be fetched");
}
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)cert.PrivateKey;
par = provider.ExportParameters(true);
}
else
{
GuiLogMessage("No Password entered. Try loading public key only", NotificationLevel.Info);
cert = new X509Certificate2(settings.CertificateFile);
if (cert == null || cert.PublicKey == null || cert.PublicKey.Key == null)
{
throw new Exception("Private Key of X509Certificate could not be fetched");
}
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)cert.PublicKey.Key;
par = provider.ExportParameters(false);
}
try
{
N = new BigInteger(par.Modulus);
}
catch (Exception ex)
{
GuiLogMessage("Could not get N from certificate: " + ex.Message, NotificationLevel.Warning);
}
try
{
E = new BigInteger(par.Exponent);
}
catch (Exception ex)
{
GuiLogMessage("Could not get E from certificate: " + ex.Message, NotificationLevel.Warning);
}
try
{
if (this.settings.Password != "")
{
D = new BigInteger(par.D);
}
else
{
D = 0;
}
}
catch (Exception ex)
{
GuiLogMessage("Could not get D from certificate: " + ex.Message, NotificationLevel.Warning);
}
}
catch (Exception ex)
{
GuiLogMessage("Could not load the selected certificate: " + ex.Message, NotificationLevel.Error);
}
break;
}
ProgressChanged(1.0, 1.0);
}
/*
* Produces a random non-zero plaintext and encrypts it.
* might be implemented as precomputation.
*/
BigInteger nonZeroEncryption()
{
BigInteger plain = BigIntegerHelper.RandomIntLimit(u - 1) + 1;
return(encrypt(plain));
}
/*
* Generates a random nonzero-plaintext and uses it for multiplicative blinding.
*/
BigInteger multiplicativeBlind(BigInteger cipher)
{
BigInteger r = BigIntegerHelper.RandomIntLimit(u - 1) + 1;
return(cipherMul(cipher, r));
}
private void generateKeys(int k, int t, int l, BigInteger ownu)
{
if (l < 8 || l > 16)
{
throw new Exception("Choose parameter l from the interval 8<=l<=16 !");
}
if (t <= l)
{
throw new Exception("Parameter t must be greater than l.");
}
if (k <= t)
{
throw new Exception("Parameter k must be greater than t.");
}
if (k % 2 != 0)
{
throw new Exception("Parameter k has to be an even number!");
}
//if ((k / 2 < (l + 5)) || (k / 2 < t + 2))
// throw new Exception("Parameter k has to be specified by the rules k/2 > l+4 and k/2 > t+1!");
if (k / 2 < l + t + 10)
{
throw new Exception("Choose parameters k,l,t so that k/2 >= l+t+10 !");
}
// generate u the minimal prime number greater than l+2
//Workaround, TODO:
//u = (l == 0) ? ownu : BigIntegerHelper.NextProbablePrime(l + l + 2);
u = BigIntegerHelper.NextProbablePrime((1 << l) + 2);
// generate vp, vq as a random t bit prime number
vp = BigIntegerHelper.RandomPrimeBits(t);
vq = BigIntegerHelper.RandomPrimeBits(t);
// store the product vp*vq
vpvq = vp * vq;
// DGK style to generate p and q from u and v:
// p is chosen as rp * u * vp + 1 where r_p is randomly chosen such that p has roughly k/2 bits
BigInteger rp, rq, tmp;
int needed_bits;
tmp = u * vp;
needed_bits = k / 2 - (int)Math.Ceiling(BigInteger.Log(tmp, 2));
//int needed_bits = k / 2 - mpz_sizeinbase(tmp1, 2);
do
{
rp = BigIntegerHelper.RandomIntMSBSet(needed_bits - 1) * 2;
p = rp * tmp + 1;
} while (!BigIntegerHelper.IsProbablePrime(p));
// q is chosen as rq * u*vq + 1 where rq is randomly chosen such that q has roughly k/2 bits
tmp = u * vq;
needed_bits = k / 2 - (int)Math.Ceiling(BigInteger.Log(tmp, 2));
do
{
rq = BigIntegerHelper.RandomIntMSBSet(needed_bits - 1) * 2;
q = rq * tmp + 1;
} while (!BigIntegerHelper.IsProbablePrime(q));
// RSA modulus n
N = p * q;
/*
* h must be random in Zn* and have order vp*vq. We
* choose it by setting
*
* h = h' ^{rp * rq * u}.
*
* Seeing h as (hp, hq) and h' as (h'p, h'q) in Zp* x Zq*, we
* then have
*
* (hp^vpvq, hq^vpvq) = (h'p^{rp*u*vp}^(rq*vq), h'q^{rq*u*vq}^(rp*vp))
* = (1^(rq*vq), 1^(rp*vp)) = (1, 1)
*
* which means that h^(vpvq) = 1 in Zn*.
*
* So we only need to check that h is not 1 and that it really
* is in Zn*.
*/
BigInteger r;
tmp = rp * rq * u;
while (true)
{
r = BigIntegerHelper.RandomIntLimit(n);
h = BigInteger.ModPow(r, tmp, n);
if (h == 1)
{
continue;
}
if (BigInteger.GreatestCommonDivisor(h, n) == 1)
{
break;
}
}
/*
* g is chosen at random in Zn* such that it has order uv. This
* is done in much the same way as for h, but the order of
* power of the random number might be u, v or uv. We therefore
* also check that g^u and g^v are different from 1.
*/
BigInteger rprq = rp * rq;
while (true)
{
r = BigIntegerHelper.RandomIntLimit(n);
g = BigInteger.ModPow(r, rprq, n);
// test if g is "good":
if (g == 1)
{
continue;
}
if (BigInteger.GreatestCommonDivisor(g, n) != 1)
{
continue;
}
if (BigInteger.ModPow(g, u, n) == 1)
{
continue; // test if ord(g) == u
}
if (BigInteger.ModPow(g, vp, n) == 1)
{
continue; // test if ord(g) == vp
}
if (BigInteger.ModPow(g, vq, n) == 1)
{
continue; // test if ord(g) == vq
}
if (BigInteger.ModPow(g, u * vp, n) == 1)
{
continue; // test if ord(g) == u*vp
}
if (BigInteger.ModPow(g, u * vq, n) == 1)
{
continue; // test if ord(g) == u*vq
}
if (BigInteger.ModPow(g, vpvq, n) == 1)
{
continue; // test if ord(g) == vp*vq
}
break; // g has passed all tests
}
}
