public virtual ECPoint ValidatePoint(BigInteger x, BigInteger y) { ECPoint p = CreatePoint(x, y); if (!p.IsValid()) { throw new ArgumentException("Invalid point coordinates"); } return(p); }
public virtual ECPoint ValidatePoint(BigInteger x, BigInteger y, bool withCompression) { ECPoint eCPoint = CreatePoint(x, y, withCompression); if (!eCPoint.IsValid()) { throw new ArgumentException("Invalid point coordinates"); } return(eCPoint); }
private void ImplValidityTest(ECCurve c, ECPoint g) { Assert.IsTrue(g.IsValid()); BigInteger h = c.Cofactor; if (h != null && h.CompareTo(BigInteger.One) > 0) { if (ECAlgorithms.IsF2mCurve(c)) { ECPoint order2 = c.CreatePoint(BigInteger.Zero, c.B.Sqrt().ToBigInteger()); ECPoint bad = g.Add(order2); Assert.IsFalse(bad.IsValid()); } } }
private void ImplValidityTest(ECCurve c, ECPoint g) { Assert.IsTrue(g.IsValid()); if (ECAlgorithms.IsF2mCurve(c)) { BigInteger h = c.Cofactor; if (null != h) { if (!h.TestBit(0)) { ECFieldElement sqrtB = c.B.Sqrt(); ECPoint order2 = c.CreatePoint(BigInteger.Zero, sqrtB.ToBigInteger()); Assert.IsTrue(order2.Twice().IsInfinity); Assert.IsFalse(order2.IsValid()); ECPoint bad2 = g.Add(order2); Assert.IsFalse(bad2.IsValid()); ECPoint good2 = bad2.Add(order2); Assert.IsTrue(good2.IsValid()); if (!h.TestBit(1)) { ECFieldElement L = SolveQuadraticEquation(c, c.A); Assert.IsNotNull(L); ECFieldElement T = sqrtB; ECFieldElement x = T.Sqrt(); ECFieldElement y = T.Add(x.Multiply(L)); ECPoint order4 = c.CreatePoint(x.ToBigInteger(), y.ToBigInteger()); Assert.IsTrue(order4.Twice().Equals(order2)); Assert.IsFalse(order4.IsValid()); ECPoint bad4_1 = g.Add(order4); Assert.IsFalse(bad4_1.IsValid()); ECPoint bad4_2 = bad4_1.Add(order4); Assert.IsFalse(bad4_2.IsValid()); ECPoint bad4_3 = bad4_2.Add(order4); Assert.IsFalse(bad4_3.IsValid()); ECPoint good4 = bad4_3.Add(order4); Assert.IsTrue(good4.IsValid()); } } } } }
private static ECPoint Validate(ECPoint q) { if (q == null) { throw new ArgumentNullException("q"); } if (q.IsInfinity) { throw new ArgumentException("point at infinity", "q"); } q = q.Normalize(); if (!q.IsValid()) { throw new ArgumentException("point not on curve", "q"); } return(q); }
internal static ECPoint Validate(ECCurve c, ECPoint q) { if (q == null) { throw new ArgumentException("Point has null value", "q"); } q = ECAlgorithms.ImportPoint(c, q).Normalize(); if (q.IsInfinity) { throw new ArgumentException("Point at infinity", "q"); } if (!q.IsValid()) { throw new ArgumentException("Point not on curve", "q"); } return(q); }
internal static ECPoint ValidatePublicPoint(ECCurve c, ECPoint q) { if (null == q) { throw new ArgumentNullException("q", "Point cannot be null"); } q = ECAlgorithms.ImportPoint(c, q).Normalize(); if (q.IsInfinity) { throw new ArgumentException("Point at infinity", "q"); } if (!q.IsValid()) { throw new ArgumentException("Point not on curve", "q"); } return(q); }
public static bool Verify(byte[] msg, Signature sig, ECPoint publicKey) { if (sig.R == BigInteger.Zero || sig.S == BigInteger.Zero) { throw new Exception("Invalid R or S value: cannot be zero."); } if (sig.R.SignValue == -1 || sig.S.SignValue == -1) { throw new Exception("Invalid R or S value: cannot be negative."); } if (publicKey.Curve != (secp256k1.Curve)) { throw new Exception("The public key must be a point on secp256k1."); } if (!publicKey.IsValid()) { throw new Exception("Invalid public key."); } ECPoint l = publicKey.Multiply(sig.R); ECPoint r = secp256k1.G.Multiply(sig.S); ECPoint Q = l.Add(r); if (Q.IsInfinity || !Q.IsValid()) { throw new Exception("Invalid intermediate point."); } BigInteger r1 = Hash(Q, publicKey, msg).Mod(secp256k1.N); if (r1 == (BigInteger.Zero)) { throw new Exception("Invalid hash."); } return(r1.Equals(sig.R)); }
internal static ECPoint Validated(ECPoint q) { // FSM_STATE:5.8, "FIPS 186-3/SP 800-89 ASSURANCES", "The module is performing FIPS 186-3/SP 800-89 Assurances self-test" // FSM_TRANS:5.9, "CONDITIONAL TEST", "FIPS 186-3/SP 800-89 ASSURANCES CHECK", "Invoke FIPS 186-3/SP 800-89 Assurances test" if (q == null) { throw new ArgumentException("Point has null value"); } if (q.IsInfinity) { throw new ArgumentException("Point at infinity"); } q = q.Normalize(); if (!q.IsValid()) { throw new ArgumentException("Point not on curve"); } // FSM_TRANS:5.10, "FIPS 186-3/SP 800-89 ASSURANCES CHECK", "CONDITIONAL TEST", "FIPS 186-3/SP 800-89 Assurances test successful" return(q); }
/// <summary> /// Verifies a zero knowledge proof. /// </summary> /// <returns><c>true</c>, if zero knowledge proof is valid/correct, <c>false</c> otherwise.</returns> private bool ZeroKnowledgeProofValid(ECPoint generator, ECPoint X, ECPoint V, BigInteger r, string participantId) { // ZKP: { V=G*v, r } BigInteger h = Hash(generator, V, X, participantId); // Public key validation based on p. 25 // http://cs.ucsb.edu/~koc/ccs130h/notes/ecdsa-cert.pdf // 1. X != infinity if (X.IsInfinity) { return(false); } BigInteger xCoord = X.AffineXCoord.ToBigInteger(); BigInteger yCoord = X.AffineYCoord.ToBigInteger(); BigInteger qSub1 = _q.Subtract(BigInteger.One); // 2. Check x and y coordinates are in Fq, i.e., x, y in [0, q-1] if (xCoord.CompareTo(BigInteger.Zero) == -1 || xCoord.CompareTo(qSub1) == 1 || yCoord.CompareTo(BigInteger.Zero) == -1 || yCoord.CompareTo(qSub1) == 1) { Debug.WriteLine("Point X coordinates not in Fq."); return(false); } // 3. Check X lies on the curve try { if (X.IsValid() == false) { Debug.WriteLine("Point X not valid."); return(false); } } catch (Exception e) { Debug.WriteLine("Check that point X is on curve failed.\n" + e.StackTrace); return(false); } // 4. Check that nX = infinity. // It is equivalent - but more more efficient - to check the cofactor*X is not infinity. if (X.Multiply(_domain.Curve.Cofactor).IsInfinity) { Debug.WriteLine("X mult H (cofactor) == infinity"); return(false); } // Now check if V = G*r + X*h. // Given that {G, X} are valid points on curve, the equality implies that V is also a point on curve. ECPoint Gr = BasePointMultiplier.Multiply(generator, r); ECPoint Xh = BasePointMultiplier.Multiply(X, h.Mod(_domain.Curve.Order)); if (V.Equals(Gr.Add(Xh)) == false) { return(false); } // ZKP is valid return(true); }