Cryptography Reference
In-Depth Information
We may test these parameters with the
ECDomainTest
function:
> ECDomainTest(dp256);
Valid parameters
We next give the key generation functionwhich generates an “ECkey pair” formed
by an integer
d
dG
. As on other
occasions, we will use the Blum-Blum-Shub PRG to generate
d
and, to this purpose,
the PRG should be supplied with a random seed. Thus the input parameters of the
function are
domain
, for the list of EC domain parameters, and
seed
, for the seed.
The optional parameters are
bbslength
to set the length of the primes used by
Blum-Blum-Shub and
format
to specify whether the output will be decimal or
hexadecimal (with the latter as default). The output is a list
∈[
1
,
n
−
1
]
and a point
Q
∈
E
(
F
p
)
such that
Q
=
[
d
,
Q
]
containing the
integer
d
and the point
Q
.
> ECKeyGen := proc(domain::list, seed::{posint, string},
{bbslength::{512, 768, 1024} := 1024, format::identical(decimal, hex) := hex})
local dom, p, a, b, G, n, E, sd, B, l, c, d, Q;
dom := stringposint
∼∼
(domain);
p := dom[1];
a := dom[2];
b := dom[3];
G := dom[4];
n := dom[5];
E := EllipticCurve(a, b, p);
l := intlog[2](n)+1;
sd := stringposint(seed);
B := RandomTools:-BlumBlumShub:-NewBitGenerator(sd, primes = bbslength);
c := n-1;
while n-2 < c do
c := convert(cat(seq(B(), i=1..l)), decimal, binary)
end do;
d := c+1;
Q := EllipticMult(d, G, E);
if format = decimal then
[d, Q]
else
StringTools:-LowerCase
∼∼
(convert
∼∼
([d, Q], hex))
end if
end proc:
The next function tests EC key pairs. The input parameters are
domain
for the EC
domain parameters and
key
for the key pair. The function checks whether the point
Q
in the key pair
Q
, for the value of
G
in the domain parameters. The output is either “Valid key” or “Invalid key”.
> ECKeyTest := proc(domain::list, key::list)
local k, dom, E;
dom := stringposint
∼∼
(domain);
k := stringposint
∼∼
(key);
E := EllipticCurve(dom[2], dom[3], dom[1]);
if not IsEllipticPoint(k[2], E) then
error "%1 is not a point on the curve", k[2]
end if
if evalb(EllipticMult(k[1], dom[4], E) = k[2]) then
printf("Valid key")
else
printf("Invalid key")
end if
end proc:
[
d
,
Q
]
belongs to the curve and whether
dG
=