Obtaining shared secret as scalar multiplication (continuing GooglePay theme)
22 views
Skip to first unread message
Миша Винник
Mar 27, 2018, 11:27:10 AM3/27/18
to Crypto++ Users
Hello!
How can we initialize field over CryptoPP::ASN1::secp256r1();?
Grabbing x and y from accepted ephemeral key, and priv_int - CryptoPP::Integer representation of our private.
How can we initialize field over CryptoPP::ASN1::secp256r1();?
Grabbing x and y from accepted ephemeral key, and priv_int - CryptoPP::Integer representation of our private.
CryptoPP::ECP field;
CryptoPP::ECPPoint p_result = field.ScalarMultiply(p_eph, priv_int);
Now it ends up in error - and it is obviuous, because not know how to init field properly.
Thank you very much.
any help is welcome!
Now it ends up in error - and it is obviuous, because not know how to init field properly.
Thank you very much.
any help is welcome!
Миша Винник
Mar 27, 2018, 12:01:28 PM3/27/18
to Crypto++ Users
Question seems to be closed. secp256r1 Cryptopp representation not allows scalar multiplication for not-odd modulus. And from standard it is not-odd!
Some code if anybody wants to test for self. Params from here: http://www.secg.org/SEC2-Ver-1.0.pdf .
Some code if anybody wants to test for self. Params from here: http://www.secg.org/SEC2-Ver-1.0.pdf .
CryptoPP::Integer m, a, b;
CryptoPP::byte m_str[] = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF";
CryptoPP::byte a_str[] = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC";
CryptoPP::byte b_str[] = "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B";
m.Decode(&(m_str[0]), sizeof(m_str) / sizeof(m_str[0]),CryptoPP::Integer::UNSIGNED);
a.Decode(&(a_str[0]), sizeof(a_str) / sizeof(a_str[0]), CryptoPP::Integer::UNSIGNED);
b.Decode(&(b_str[0]), sizeof(b_str) / sizeof(b_str[0]), CryptoPP::Integer::UNSIGNED);
bool is_odd = m.IsOdd();
CryptoPP::ECP field(m,a,b);
//CryptoPP::DL_GroupPrecomputation<CryptoPP::ECP>::Element group(field);
//multiplying over this field
CryptoPP::ECPPoint p_result = field.ScalarMultiply(p_eph, priv_int);Why so? it is a standart curve, why not allowing scalar multiplication?!
Миша Винник
Mar 27, 2018, 12:04:19 PM3/27/18
to Crypto++ Users
No, it should be odd. Standard say so. Maybe anybody knows how to properly parse it from string?
I have a second week elliptic curve maraphon, help is very welcome!
I have a second week elliptic curve maraphon, help is very welcome!
Jeffrey Walton
Mar 27, 2018, 12:05:11 PM3/27/18
to Миша Винник, Crypto++ Users
On Tue, Mar 27, 2018 at 11:27 AM, Миша Винник <m.vin...@gmail.com> wrote:
> Hello!
>
> How can we initialize field over CryptoPP::ASN1::secp256r1();?
>
> Grabbing x and y from accepted ephemeral key, and priv_int -
> CryptoPP::Integer representation of our private.
https://www.cryptopp.com/wiki/Elliptic_Curve_Diffie-Hellman#Ephemeral_Key_as_.28x.2Cy.29
> Hello!
>
> How can we initialize field over CryptoPP::ASN1::secp256r1();?
>
> Grabbing x and y from accepted ephemeral key, and priv_int -
> CryptoPP::Integer representation of our private.
Jeff
Миша Винник
Mar 27, 2018, 12:09:58 PM3/27/18
to Crypto++ Users
Yeah, wiki is back! Thanks, be crawling on it for now
Миша Винник
Mar 27, 2018, 12:15:24 PM3/27/18
to Crypto++ Users
Hmmm.. It is answer to a bit another question.
Question is about creating field from constructor, as here: https://groups.google.com/forum/#!topic/cryptopp-users/o2YiAC2emvY
At fact, field is created, but because of incorrect parsing hex from string, modulus is incorrect and ScalarMultiply method is unreachable
Question is about creating field from constructor, as here: https://groups.google.com/forum/#!topic/cryptopp-users/o2YiAC2emvY
At fact, field is created, but because of incorrect parsing hex from string, modulus is incorrect and ScalarMultiply method is unreachable
Миша Винник
Mar 27, 2018, 12:40:16 PM3/27/18
to Crypto++ Users
Giving the same result as dh.Agree(...). Beautiful.
For strangers who wants to obtain the same shared from field theory:
For strangers who wants to obtain the same shared from field theory:
unsigned long modulus,a_element,b_element;
CryptoPP::Integer m, a, b;
string m_str("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
vector<unsigned char> m_vec = hex_to_bytes(m_str);
m.Decode(&(m_vec.at(0)), m_vec.size(), CryptoPP::Integer::UNSIGNED);
bool is_odd = m.IsOdd();
string a_str("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
vector<unsigned char> a_vec = hex_to_bytes(a_str);
a.Decode(&(a_vec.at(0)), a_vec.size(), CryptoPP::Integer::UNSIGNED);
string b_str("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
vector<unsigned char> b_vec = hex_to_bytes(b_str);
b.Decode(&(b_vec.at(0)), b_vec.size(), CryptoPP::Integer::UNSIGNED);
//field init
CryptoPP::ECP field(m,a,b);
//multiplying over this field google_ephemeral_point * our_privatekey_int
CryptoPP::ECPPoint p_result = field.ScalarMultiply(p_eph, priv_int);
//obtaining shared from result:
CryptoPP::byte x_res[32];
CryptoPP::byte y_res[32];
p_result.x.Encode(&(x_res[0]), 32,CryptoPP::Integer::UNSIGNED);
p_result.y.Encode(&(y_res[0]), 32, CryptoPP::Integer::UNSIGNED);Миша Винник
Mar 28, 2018, 3:37:25 AM3/28/18
to Crypto++ Users
Shared secret obtained, further things are describing in main theme on it: https://groups.google.com/forum/#!topic/cryptopp-users/IFvwPWcbxCI
Jeffrey Walton
Mar 29, 2018, 2:32:38 PM3/29/18
to Crypto++ Users
On Wednesday, March 28, 2018 at 3:37:25 AM UTC-4, Миша Винник wrote:
Shared secret obtained, further things are describing in main theme on it: https://groups.google.com/forum/#!topic/cryptopp-users/IFvwPWcbxCI
Congrats man, good work.
You are the first person I am aware to take it to completion.
Миша Винник
Mar 30, 2018, 1:59:24 AM3/30/18
to Crypto++ Users
Thanks, Jeff. For now working on verifying signature, if have some time, will try to do it also using math background of issue.
Reply all
Reply to author
Forward
0 new messages