xec_ec1.h

IBE是一种非对称密码技术

/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */

#include "ictk.h"

#ifndef XEC_EC1_H
#define XEC_EC1_H

#ifdef __cplusplus
extern "C" {
#endif

#ifndef ICTK_DO_PRE_DISTORT
#define ICTK_DO_PRE_DISTORT  1
#endif

#define ICTK_MOST_GENERAL_TATE  0

/* allocates and inits a new ec1_t curve, with subgroup of Solinas
 * prime order q.
 * curve characteristic is set to q * r - 1 which must be some prime
 * number p.
 * r is just an 'int' as it is typically very small.
 * Note that this function returns an int, 0 for success or a nonzero
 * error code (there are more possible errors than MEMORY). The new
 * object is returned at the address given by ec1.
 */
int ec1New (
   ec1_t **ec1,
   z_t *q_solinas,
   z_t *r_factor,
   bf_context_t *bf
   );

/* clears and deallocates an ec1_t curve
 */
void ec1Del (
   ec1_t *ec
   );

/* r = - a
 */
int ec1PointNegate (
   pt1_t *r,
   pt1_t *a,
   ec1_t *ec
   );

/* x = cuberoot (y ^ 2 - 1)
 */
int ec1XfromY (
   z_t *x,
   z_t *y,
   ec1_t *ec
   );

/* y2 = x ^ 3 + 1
 */
int ec1Y2fromX (
   z_t *y2,
   z_t *x,
   ec1_t *ec
   );

/* apply appropriate distorion map
 */
int ec1Distort (
   pt1_t *r,
   pt1_t *a,
   ec1_t *ec
   );

/* r = random point on E/F_p
 */
int ec1PointRandomFp (
   pt1_t *r,
   ec1_t *ec,
   VtRandomObject random
   );

/* r = a + a
 */
int ec1PointDouble (
   pt1_t *r,
   pt1_t *a,
   ec1_t *ec
   );

/* r = a + b
 */
int ec1PointAdd (
   pt1_t *r,
   pt1_t *a,
   pt1_t *b,
   ec1_t *ec
   );

/* point doubling in E/F_p: (x3, y3, 1) = 2 (x1, y1, 1) , all non-zero
 */
int ec1fpPointDouble (
   z_t *x3,
   z_t *y3,
   z_t *x1,
   z_t *y1,
   z_t *p,
   bf_context_t *bf
   );

/* point addition in E/F_p: (x3, y3, 1) = (x1, y1, 1) + (x2, y2, 1),
 * all non-zero
 */
int ec1fpPointAdd (
   z_t *x3,
   z_t *y3,
   z_t *x1,
   z_t *y1,
   z_t *x2,
   z_t *y2,
   z_t *p,
   bf_context_t *bf
   );

/* tests whether point a is non-zero and in E/F_p for ec1_t curves
 */
int ec1IsPointSpecial (
   bool_t *result,
   pt1_t *a,
   ec1_t *ec
   );

/* admissible encoding from y in F_p* to r in G1*, specialized to
 * y^2 = x^3 + 1
 */
int ec1MapToPoint (
   pt1_t *r,
   z_t *y,
   ec1_t *ec
   );

/* point compression for point in E/F_p, specialized for curve
 * y^2 = x^3 + 1
 */
int ec1PackPoint (
   z_t *y,
   pt1_t *P,
   ec1_t *ec
   );

/* point decompression for point in E/F_p, specialized for curve
 * y^2 = x^3 + 1
 */
int ec1UnpackPoint (
   pt1_t *P,
   z_t *y,
   ec1_t *ec
   );

/* let (x, y, z) *= 2. If the point is finite, set the finite bool_t to
 * true_n, otherwise set it to false_n and do't do any operations.
 */
int ec1ProjDouble (
   bool_t *finite,
   z_t *x,
   z_t *y,
   z_t *z,
   z_t *p,
   bf_context_t *bf
   );

/* let (x1, y1, z1) += (x2, y2, 1). If the result will be finite set
 * finite to true_n, otherwise set it to false.
 */
int ec1ProjAccu (
   bool_t *finite,
   z_t *x1,
   z_t *y1,
   z_t *z1,
   z_t *x2,
   z_t *y2,
   z_t *p,
   bf_context_t *bf
   );

/* (a,b) <- (x,y,z)
 */
int ec1ProjToAffine (
   z_t *a,
   z_t *b,
   z_t *x,
   z_t *y,
   z_t *z,
   z_t *p,
   bf_context_t *bf
   );

/* apply original Boneh-Franklin distortion map
 */
int ec1BonehFranklinDistort (
   pt1_t *r,
   pt1_t *a,
   ec1_t *ec
   );

/* apply faster Scott distortion map
 */
int ec1ScottDistort (
   pt1_t *r,
   pt1_t *a,
   ec1_t *ec
   );

/* computes the Solinas representation of the given Solinas prime q
 * return true_n if the input q is indeed a Solinas prime, false_n if
 * not.
 */
bool_t ec1ToSolinas (
   solinas_t *sol,
   z_t *q,
   bf_context_t *bf
   );

/* computes NAF form of k
 * i.e., produces \sum_{j=0}^{l} 2^j s[j] = k with s[j] \in \{-1,0,1\}
 */
int zMakeNAF (
   int **naf,
   int *sz,
   z_t *k,
   bf_context_t *bf
   );

/* frees up NAF
 */
void zFreeNAF (
   int **naf,
   bf_context_t *bf
   );

#ifdef __cplusplus
}
#endif

#endif // XEC_EC1_H