mqv_8h_source.html

 // mqv.h - written and placed in the public domain by Wei Dai


 #ifndef CRYPTOPP_MQV_H
 #define CRYPTOPP_MQV_H

 #include "cryptlib.h"
 #include "gfpcrypt.h"
 #include "modarith.h"
 #include "integer.h"
 #include "algebra.h"
 #include "misc.h"

 NAMESPACE_BEGIN(CryptoPP)

 template <class GROUP_PARAMETERS, class COFACTOR_OPTION = typename GROUP_PARAMETERS::DefaultCofactorOption>
 class MQV_Domain : public AuthenticatedKeyAgreementDomain
 {
 public:
         typedef GROUP_PARAMETERS GroupParameters;
         typedef typename GroupParameters::Element Element;
         typedef MQV_Domain<GROUP_PARAMETERS, COFACTOR_OPTION> Domain;

         MQV_Domain() {}

         MQV_Domain(const GroupParameters &params)
                 : m_groupParameters(params) {}

         MQV_Domain(BufferedTransformation &bt)
                 {m_groupParameters.BERDecode(bt);}

         template <class T1, class T2>
         MQV_Domain(T1 v1, T2 v2)
                 {m_groupParameters.Initialize(v1, v2);}

         template <class T1, class T2, class T3>
         MQV_Domain(T1 v1, T2 v2, T3 v3)
                 {m_groupParameters.Initialize(v1, v2, v3);}

         template <class T1, class T2, class T3, class T4>
         MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4)
                 {m_groupParameters.Initialize(v1, v2, v3, v4);}

         const GroupParameters & GetGroupParameters() const {return m_groupParameters;}

         GroupParameters & AccessGroupParameters() {return m_groupParameters;}

         CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();}

         unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);}

         unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}

         unsigned int StaticPublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);}

         void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
         {
                 Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent());
                 x.Encode(privateKey, StaticPrivateKeyLength());
         }

         void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
         {
                 CRYPTOPP_UNUSED(rng);
                 const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
                 Integer x(privateKey, StaticPrivateKeyLength());
                 Element y = params.ExponentiateBase(x);
                 params.EncodeElement(true, y, publicKey);
         }

         unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();}
         unsigned int EphemeralPublicKeyLength() const {return StaticPublicKeyLength();}

         void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
         {
                 const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
                 Integer x(rng, Integer::One(), params.GetMaxExponent());
                 x.Encode(privateKey, StaticPrivateKeyLength());
                 Element y = params.ExponentiateBase(x);
                 params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength());
         }

         void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
         {
                 CRYPTOPP_UNUSED(rng);
                 memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength());
         }

         bool Agree(byte *agreedValue,
                 const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
                 const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
                 bool validateStaticOtherPublicKey=true) const
         {
                 try
                 {
                         const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
                         Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey);
                         Element VV = params.DecodeElement(ephemeralOtherPublicKey, true);

                         Integer s(staticPrivateKey, StaticPrivateKeyLength());
                         Integer u(ephemeralPrivateKey, StaticPrivateKeyLength());
                         Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(), false);

                         const Integer &r = params.GetSubgroupOrder();
                         Integer h2 = Integer::Power2((r.BitCount()+1)/2);
                         Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r;
                         Integer tt = h2 + params.ConvertElementToInteger(VV) % h2;

                         if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION)
                         {
                                 Element P = params.ExponentiateElement(WW, tt);
                                 P = m_groupParameters.MultiplyElements(P, VV);
                                 Element R[2];
                                 const Integer e2[2] = {r, e};
                                 params.SimultaneousExponentiate(R, P, e2, 2);
                                 if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1]))
                                         return false;
                                 params.EncodeElement(false, R[1], agreedValue);
                         }
                         else
                         {
                                 const Integer &k = params.GetCofactor();
                                 if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION)
                                         e = ModularArithmetic(r).Divide(e, k);
                                 Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r));
                                 if (params.IsIdentity(P))
                                         return false;
                                 params.EncodeElement(false, P, agreedValue);
                         }
                 }
                 catch (DL_BadElement &)
                 {
                         return false;
                 }
                 return true;
         }

 private:
         DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return m_groupParameters;}
         const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return m_groupParameters;}

         GroupParameters m_groupParameters;
 };

 typedef MQV_Domain<DL_GroupParameters_GFP_DefaultSafePrime> MQV;

 NAMESPACE_END

 #endif
T1
#define T1
Definition: integer.cpp:2170

MQV_Domain::MQV_Domain
MQV_Domain(T1 v1, T2 v2)
Construct a MQV domain.
Definition: mqv.h:54

byte
uint8_t byte
Definition: Common.h:57

T2
#define T2
Definition: integer.cpp:2171

misc.h
Utility functions for the Crypto++ library.

MQV_Domain::m_groupParameters
GroupParameters m_groupParameters
Definition: mqv.h:212

Integer::Encode
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Definition: integer.cpp:3369

MQV_Domain::GenerateStaticPublicKey
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a static public key from a private key in this domain.
Definition: mqv.h:132

NAMESPACE_BEGIN
#define NAMESPACE_BEGIN(x)
Definition: config.h:200

DL_GroupParameters
Interface for Discrete Log (DL) group parameters.
Definition: pubkey.h:736

MQV_Domain::MQV_Domain
MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4)
Construct a MQV domain.
Definition: mqv.h:80

MQV_Domain::GetAbstractGroupParameters
const DL_GroupParameters< Element > & GetAbstractGroupParameters() const
Definition: mqv.h:210

MQV_Domain::EphemeralPublicKeyLength
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
Definition: mqv.h:142

cryptlib.h
Abstract base classes that provide a uniform interface to this library.

R
#define R(a, b)

DL_GroupParameters::ConvertElementToInteger
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.

ModularArithmetic
Ring of congruence classes modulo n.
Definition: modarith.h:34

RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1188

MQV_Domain::MQV_Domain
MQV_Domain(BufferedTransformation &bt)
Construct a MQV domain.
Definition: mqv.h:44

algebra.h
Classes for performing mathematics over different fields.

BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1352

Integer::One
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition: integer.cpp:3035

MQV
MQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > MQV
Menezes-Qu-Vanstone in GF(p) with key validation, AKA MQV
Definition: mqv.h:217

Integer::BitCount
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition: integer.cpp:3305

x
#define x(i)

MQV_Domain
MQV domain for performing authenticated key agreement.
Definition: mqv.h:27

NO_COFACTOR_MULTIPLICTION
No cofactor multiplication applied.
Definition: pubkey.h:1917

MQV_Domain::GroupParameters
GROUP_PARAMETERS GroupParameters
Definition: mqv.h:30

DL_GroupParameters::SimultaneousExponentiate
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0
Exponentiates a base to multiple exponents.

Integer::Power2
static Integer CRYPTOPP_API Power2(size_t e)
Exponentiates to a power of 2.
Definition: integer.cpp:3008

MQV_Domain::EphemeralPrivateKeyLength
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
Definition: mqv.h:141

MQV_Domain::StaticPrivateKeyLength
unsigned int StaticPrivateKeyLength() const
Provides the size of the static private key.
Definition: mqv.h:105

Integer
Multiple precision integer with arithmetic operations.
Definition: integer.h:43

MQV_Domain::AgreedValueLength
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
Definition: mqv.h:100

MQV_Domain::GenerateStaticPrivateKey
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate static private key in this domain.
Definition: mqv.h:119

MQV_Domain::Element
GroupParameters::Element Element
Definition: mqv.h:31

MQV_Domain::Domain
MQV_Domain< GROUP_PARAMETERS, COFACTOR_OPTION > Domain
Definition: mqv.h:32

gfpcrypt.h
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)

DL_GroupParameters::DecodeElement
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.

DL_BadElement
Exception thrown when an invalid group element is encountered.
Definition: pubkey.h:726

DL_GroupParameters::GetCofactor
virtual Integer GetCofactor() const
Retrieves the cofactor.
Definition: pubkey.h:848

MQV_Domain::GenerateEphemeralPublicKey
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate ephemeral public key.
Definition: mqv.h:153

ModularArithmetic::Divide
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition: modarith.h:198

MQV_Domain::AccessAbstractGroupParameters
DL_GroupParameters< Element > & AccessAbstractGroupParameters()
Definition: mqv.h:209

MQV_Domain::MQV_Domain
MQV_Domain(const GroupParameters &params)
Construct a MQV domain.
Definition: mqv.h:39

memcpy
void * memcpy(void *a, const void *b, size_t c)
Definition: glibc_compat.cpp:17

CRYPTOPP_UNUSED
#define CRYPTOPP_UNUSED(x)
Definition: config.h:741

P
#define P

DL_GroupParameters::EncodeElement
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.

integer.h
Multiple precision integer with arithmetic operations.

MQV_Domain::MQV_Domain
MQV_Domain(T1 v1, T2 v2, T3 v3)
Construct a MQV domain.
Definition: mqv.h:66

MQV_Domain::MQV_Domain
MQV_Domain()
Construct a MQV domain.
Definition: mqv.h:35

NAMESPACE_END
#define NAMESPACE_END
Definition: config.h:201

CryptoParameters
Interface for crypto prameters.
Definition: cryptlib.h:2191

DL_GroupParameters::GetMaxExponent
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.

MQV_Domain::AccessCryptoParameters
CryptoParameters & AccessCryptoParameters()
Retrieves the crypto parameters for this domain.
Definition: mqv.h:93

e
#define e(i)
Definition: sha.cpp:733

modarith.h
Class file for performing modular arithmetic.

CryptoPP

MQV_Domain::GetGroupParameters
const GroupParameters & GetGroupParameters() const
Retrieves the group parameters for this domain.
Definition: mqv.h:85

AuthenticatedKeyAgreementDomain
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2727

MQV_Domain::AccessGroupParameters
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
Definition: mqv.h:89

h2
#define h2(tab, w)
Definition: skipjack.cpp:74

MQV_Domain::GenerateEphemeralPrivateKey
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate ephemeral private key.
Definition: mqv.h:144

T3
#define T3
Definition: integer.cpp:2172

DL_GroupParameters::ExponentiateBase
virtual Element ExponentiateBase(const Integer &exponent) const
Retrieves the subgroup generator.
Definition: pubkey.h:803

MQV_Domain::Agree
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
Derive agreed value.
Definition: mqv.h:159

MQV_Domain::StaticPublicKeyLength
unsigned int StaticPublicKeyLength() const
Provides the size of the static public key.
Definition: mqv.h:112

COMPATIBLE_COFACTOR_MULTIPLICTION
Cofactor multiplication compatible with ordinary Diffie-Hellman.
Definition: pubkey.h:1921

DL_GroupParameters::ExponentiateElement
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
Definition: pubkey.h:813

DL_GroupParameters::IsIdentity
virtual bool IsIdentity(const Element &element) const =0
Determines if an element is an identity.

DL_GroupParameters::GetSubgroupOrder
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.