List of usage examples for org.bouncycastle.math.ec ECFieldElement multiply
public abstract ECFieldElement multiply(ECFieldElement b);
From source file:de.fraunhofer.fokus.openeid.cryptography.EllipticCurve.java
License:Open Source License
/** * Retrieves whether the point with the specified coordinates is on this * curve. //w w w .ja v a 2 s . com * @param x * @param y * @return <code>true</code> if point is on this curve, otherwise * <code>false</code>. */ public boolean isOnCurve(ECFieldElement x, ECFieldElement y) { ECFieldElement a = curve.getA(); ECFieldElement b = curve.getB(); ECFieldElement lhs = y.multiply(y); ECFieldElement rhs = x.multiply(x).multiply(x).add(a.multiply(x)).add(b); return rhs.equals(lhs); }
From source file:org.jmrtd.Util.java
License:Open Source License
/** * This just solves the curve equation for y. * * @param affineX the x coord of a point on the curve * @param params EC parameters for curve over Fp * @return the corresponding y coord/*from w w w.j a v a2s. c om*/ */ public static BigInteger computeAffineY(BigInteger affineX, ECParameterSpec params) { ECCurve bcCurve = toBouncyCastleECCurve(params); ECFieldElement a = bcCurve.getA(); ECFieldElement b = bcCurve.getB(); ECFieldElement x = bcCurve.fromBigInteger(affineX); ECFieldElement y = x.multiply(x).add(a).multiply(x).add(b).sqrt(); return y.toBigInteger(); }
From source file:org.ScripterRon.BitcoinCore.ECKey.java
License:Apache License
/** * Decompress a compressed public key (x coordinate and low-bit of y-coordinate). * * @param xBN X-coordinate * @param yBit Sign of Y-coordinate * @return Uncompressed public key *//* w w w. j a v a2 s .c o m*/ private static ECPoint decompressKey(BigInteger xBN, boolean yBit) { SecP256K1Curve curve = (SecP256K1Curve) ecParams.getCurve(); ECFieldElement x = curve.fromBigInteger(xBN); ECFieldElement alpha = x.multiply(x.square().add(curve.getA())).add(curve.getB()); ECFieldElement beta = alpha.sqrt(); if (beta == null) throw new IllegalArgumentException("Invalid point compression"); ECPoint ecPoint; BigInteger nBeta = beta.toBigInteger(); if (nBeta.testBit(0) == yBit) { ecPoint = curve.createPoint(x.toBigInteger(), nBeta); } else { ECFieldElement y = curve.fromBigInteger(curve.getQ().subtract(nBeta)); ecPoint = curve.createPoint(x.toBigInteger(), y.toBigInteger()); } return ecPoint; }
From source file:service.ACService.java
License:Open Source License
public AnonymousCertificate proveAttribute(int attrIndex) throws CardServiceException { BigInteger N = BigInteger.probablePrime(127, new SecureRandom()); ECPoint nonce = c.getG().multiply(N); byte[][] data = new byte[2][]; data[0] = new byte[1]; data[0][0] = a[attrIndex].id;//from w w w. j a va2 s. com data[1] = toAPDU(nonce); CommandAPDU cmd = APDUprepare(GET_ATTRIBUTE, data, null); AnonymousCertificate result = new AnonymousCertificate(); ResponseAPDU response = transmit(cmd); if (response.getSW() != 0x9000) { System.err.println("Request failed: " + response.getSW()); return null; } else { byte[] resp = response.getData(); int length, offset = 0; length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.signedNonce = fromAPDU(resp, offset); offset += length + 2; System.out.println("signedNonce: " + Hex.toHexString(result.signedNonce.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.blindedKey = fromAPDU(resp, offset); offset += length + 2; System.out.println("blindedKey: " + Hex.toHexString(result.blindedKey.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.blindedSignature = fromAPDU(resp, offset); offset += length + 2; System.out.println("blindedSig: " + Hex.toHexString(result.blindedSignature.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); offset += 2; result.attributeValue = new byte[length]; System.arraycopy(resp, offset, result.attributeValue, 0, length); System.out.println("attribVal: " + Hex.toHexString(result.attributeValue)); } System.out.println("signedNonce: " + result.signedNonce); System.out.println("blindedKey: " + result.blindedKey); System.out.println("blindedSig: " + result.blindedSignature); System.out.println("attribVal: " + new String(result.attributeValue)); // *** NONCE SIGNATURE VERIFICATION *** long start = System.nanoTime(); ECPoint sn = reconstructPoint(c, result.signedNonce, false); ECPoint bk = reconstructPoint(c, result.blindedKey, false); ECPoint bkn = bk.multiply(N); if (!bkn.equals(sn)) { if (!bkn.negate().equals(sn)) { System.out.println("Nonce verification failed"); return null; } else { } } else { } System.out.println("Nonce verification succeeded"); // *** PAIRING SIGNATURE VERIFICATION *** ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]); ECPoint bs = reconstructPoint(c, result.blindedSignature, false); ECFieldElement e2 = c.R_atePairing(bs, Q); ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1))); if (!e1.equals(e2)) { if (!ONE.equals(e1.multiply(e2))) { System.out.println("Signature verification failed"); return null; } else { } } System.out.println("Signature verification succeeded"); long end = System.nanoTime(); System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0); return result; }
From source file:service.ACService.java
License:Open Source License
private static ECPoint reconstructPoint(ECCurve c, BigInteger i, boolean negate) { ECFieldElement x = c.fromBigInteger(i); ECFieldElement y = x.multiply(x).multiply(x).add(c.getA().multiply(x)).add(c.getB()).sqrt(); if (negate) { return c.createPoint(x.toBigInteger(), y.toBigInteger().negate(), false); } else {//from w w w.j a va 2 s .c om return c.createPoint(x.toBigInteger(), y.toBigInteger(), false); } }
From source file:terminal.GateClient.java
License:Open Source License
public BigInteger[] proveAttribute(int attrIndex) { log.append("---> Get Attributes"); BigInteger N = BigInteger.probablePrime(127, random); ECPoint nonce = c.getG().multiply(N); BigInteger[] attr = card.getAttribute(a[attrIndex].id, nonce); if (attr == null) { return null; }/* ww w.ja v a 2 s . co m*/ for (BigInteger ti : attr) { System.out.println("attr: " + ti); } // *** NONCE SIGNATURE VERIFICATION *** long start = System.nanoTime(); ECPoint sn = reconstructPoint(c, attr[CardInterface.SIGNED_NONCE], false); ECPoint bk = reconstructPoint(c, attr[CardInterface.BLINDED_KEY], false); ECPoint bkn = bk.multiply(N); if (!bkn.equals(sn)) { log.append("Nonce signature verification failed (n.bk != sn)"); if (!bkn.negate().equals(sn)) { log.append("Nonce signature verification failed (-n.bk != sn)"); return null; } else { log.append("Nonce signature verification succeeded (-n.bk == sn)"); } } else { log.append("Nonce signature verification succeeded (n.bk == sn)"); } // *** PAIRING SIGNATURE VERIFICATION *** ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]); ECPoint bs = reconstructPoint(c, attr[CardInterface.BLINDED_SIGNATURE], false); ECFieldElement e2 = c.R_atePairing(bs, Q); ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1))); if (!e1.equals(e2)) { log.append("Pairing signature verification failed (e1 != e2)"); if (!ONE.equals(e1.multiply(e2))) { log.append("Pairing signature verification failed (!equals ONE)"); return null; } else { log.append("Pairing signature verification succeeded (equals ONE)"); } } else { log.append("Pairing signature verification succeeded (e1 == e2)"); } long end = System.nanoTime(); log.append("*** VERIFICATION ***"); System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0); return attr; }