hss.c 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. #include "config.h"
  2. #include <assert.h>
  3. #include <stdlib.h>
  4. #include "entropy.h"
  5. #include "elgamal.h"
  6. #include "hss.h"
  7. void ssl1_init(ssl1_t s)
  8. {
  9. ELGAMAL_CIPHER(init, s->w);
  10. for (size_t t = 0; t < SK_BLOCKS; t++) {
  11. ELGAMAL_CIPHER(init, s->cw[t]);
  12. }
  13. }
  14. void ssl1_clear(ssl1_t s)
  15. {
  16. ELGAMAL_CIPHER(clear, s->w);
  17. for (size_t t = 0; t < SK_BLOCKS; t++) {
  18. ELGAMAL_CIPHER(clear, s->cw[t]);
  19. }
  20. }
  21. void ssl1_share(ssl1_t r1, ssl1_t r2, const mpz_t v, const elgamal_key_t key)
  22. {
  23. mpz_t q, r, x;
  24. mpz_init_set(q, key->sk);
  25. mpz_inits(r, x, NULL);
  26. elgamal_encrypt_shares(r1->w, r2->w, key, v);
  27. for (size_t t = 0; t < SK_BLOCKS; t++) {
  28. mpz_fdiv_r_2exp(r, q, SS_BASE);
  29. mpz_fdiv_q_2exp(q, q, SS_BASE);
  30. mpz_mul(x, v, r);
  31. /* do it in reverse so that when computing it's just incremental */
  32. elgamal_encrypt_shares(r1->cw[SK_BLOCKS - 1 - t],
  33. r2->cw[SK_BLOCKS - 1 - t],
  34. key, x);
  35. }
  36. mpz_clears(q, r, x, NULL);
  37. }
  38. void ssl1_open(mpz_t rop, const ssl1_t r1, const ssl1_t r2, const elgamal_key_t key)
  39. {
  40. mpz_t rop1, rop2;
  41. mpz_inits(rop1, rop2, NULL);
  42. elgamal_decrypt(rop1, key, r1->w);
  43. elgamal_decrypt(rop2, key, r2->w);
  44. assert(!mpz_cmp(rop1, rop2));
  45. mpz_set(rop, rop1);
  46. mpz_clears(rop1, rop2, NULL);
  47. }
  48. void ssl2_init(ssl2_t s)
  49. {
  50. s->x = 0;
  51. mpz_inits(s->cx, NULL);
  52. }
  53. void ssl2_clear(ssl2_t s)
  54. {
  55. mpz_clear(s->cx);
  56. }
  57. void ssl2_share(ssl2_t s1, ssl2_t s2, const mpz_t v, const mpz_t sk)
  58. {
  59. /* sampling one byte here is already sufficient.
  60. * However, the purpose of this function is testing,
  61. * so here we go sampling over the whole space */
  62. getrandom(&s1->x, 3, GRND_NONBLOCK);
  63. //mpz_urandomb(s1->x, _rstate, 192);
  64. //mpz_add(s2->x, v, s1->x);
  65. const uint32_t _v = (uint32_t) mpz_get_ui(v);
  66. s2->x = s1->x + _v;
  67. mpz_urandomb(s1->cx, _rstate, 192);
  68. mpz_mul(s2->cx, sk, v);
  69. mpz_add(s2->cx, s2->cx, s1->cx);
  70. }
  71. void ssl2_open(mpz_t rop, const ssl2_t s1, const ssl2_t s2)
  72. {
  73. if (s1->x > s2->x) mpz_set_ui(rop, s1->x - s2->x);
  74. else mpz_set_ui(rop, s2->x - s1->x);
  75. //mpz_sub(rop, s2->x, s1->x);
  76. //mpz_abs(rop, rop);
  77. }