List of usage examples for org.bouncycastle.math.ec ECPoint negate
public abstract ECPoint negate();
From source file:edu.biu.scapi.primitives.dlog.bc.BcAdapterDlogEC.java
License:Open Source License
public GroupElement getInverse(GroupElement groupElement) throws IllegalArgumentException { //if the GroupElement doesn't match the DlogGroup, throws exception if (!(checkInstance(groupElement))) { throw new IllegalArgumentException("groupElement doesn't match the DlogGroup"); }/*w w w. j ava 2 s .co m*/ //the inverse of infinity point is infinity if (((ECPointBc) groupElement).isInfinity()) { return groupElement; } //gets the ECPoint ECPoint point1 = ((ECPointBc) groupElement).getPoint(); /* * BC treats EC as additive group while we treat that as multiplicative group. * Therefore, invert point is negate. */ ECPoint result = point1.negate(); //creates GroupElement from the result return createPoint(result); }
From source file:org.cryptoworkshop.ximix.node.crypto.test.BasicShamirSharingTest.java
License:Apache License
private void doTest(ECDomainParameters domainParams, AsymmetricCipherKeyPair[] kps, int threshold, boolean shouldPass, int... missing) { int numberOfPeers = kps.length; // create the splitter for the peers/threshold over the order of the curve. ShamirSecretSplitter secretSplitter = new ShamirSecretSplitter(numberOfPeers, threshold, domainParams.getN(), new SecureRandom()); // Having created a private key the server creates shares of that // private key. It would keep one share for itself and sends the others // shares to the other servers. BigInteger[][] privateKeyShares = new BigInteger[numberOfPeers][]; BigInteger[] finalPrivateKeyShares = new BigInteger[numberOfPeers]; for (int i = 0; i < numberOfPeers; i++) { privateKeyShares[i] = secretSplitter.split(((ECPrivateKeyParameters) kps[i].getPrivate()).getD()) .getShares();/* w ww. j a v a2s. c o m*/ } // Simulates distributing shares and combining them for (int i = 0; i < numberOfPeers; i++) { finalPrivateKeyShares[i] = privateKeyShares[0][i]; for (int j = 1; j < numberOfPeers; j++) { finalPrivateKeyShares[i] = finalPrivateKeyShares[i].add(privateKeyShares[j][i]); } } ECPoint pubPoint = ((ECPublicKeyParameters) kps[0].getPublic()).getQ(); for (int i = 1; i < numberOfPeers; i++) { pubPoint = pubPoint.add(((ECPublicKeyParameters) kps[i].getPublic()).getQ()); } ECPublicKeyParameters jointPub = new ECPublicKeyParameters(pubPoint, domainParams); // Create a random plaintext ECPoint plaintext = generatePoint(domainParams, new SecureRandom()); // Encrypt it using the joint public key ECEncryptor enc = new ECElGamalEncryptor(); enc.init(new ParametersWithRandom(jointPub, new SecureRandom())); ECPair cipherText = enc.encrypt(plaintext); // do partial decrypts ECPoint[] partialDecs = new ECPoint[numberOfPeers]; for (int i = 0; i < numberOfPeers; i++) { partialDecs[i] = cipherText.getX().multiply(finalPrivateKeyShares[i]); } // simulate missing peers for (int i = 0; i != missing.length; i++) { partialDecs[missing[i]] = null; } // decryption step LagrangeWeightCalculator lagrangeWeightCalculator = new LagrangeWeightCalculator(numberOfPeers, domainParams.getN()); BigInteger[] weights = lagrangeWeightCalculator.computeWeights(partialDecs); // weighting ECPoint weightedDecryption = partialDecs[0].multiply(weights[0]); for (int i = 1; i < weights.length; i++) { if (partialDecs[i] != null) { weightedDecryption = weightedDecryption.add(partialDecs[i].multiply(weights[i])); } } // Do final decryption to recover plaintext ECPoint ECPoint decrypted = cipherText.getY().add(weightedDecryption.negate()); Assert.assertEquals(shouldPass, plaintext.equals(decrypted)); }
From source file:org.cryptoworkshop.ximix.node.crypto.test.NewDKGTest.java
License:Apache License
private void doTest(ECDomainParameters domainParams, AsymmetricCipherKeyPair[] kps, int threshold, boolean shouldPass, int... missing) { int numberOfPeers = kps.length; // create the splitter for the peers/threshold over the order of the curve. ECPoint hVal = domainParams.getG().multiply(getRandomInteger(domainParams.getN(), new SecureRandom())); ECNewDKGSecretSplitter secretSplitter = new ECNewDKGSecretSplitter(numberOfPeers, threshold, hVal, domainParams, new SecureRandom()); // Having created a private key the server creates shares of that // private key. It would keep one share for itself and sends the others // shares to the other servers. ECCommittedSplitSecret[] privateKeyShares = new ECCommittedSplitSecret[numberOfPeers]; BigInteger[] finalPrivateKeyShares = new BigInteger[numberOfPeers]; for (int i = 0; i < numberOfPeers; i++) { privateKeyShares[i] = secretSplitter.split(((ECPrivateKeyParameters) kps[i].getPrivate()).getD()); }// w w w . ja va 2 s . c om // Simulates distributing shares and combining them for (int i = 0; i < numberOfPeers; i++) { finalPrivateKeyShares[i] = privateKeyShares[0].getShares()[i]; for (int j = 1; j < numberOfPeers; j++) { finalPrivateKeyShares[i] = finalPrivateKeyShares[i].add(privateKeyShares[j].getShares()[i]); } } // // check the commitment values. // for (int i = 0; i != numberOfPeers; i++) { ECCommittedSecretShare[] shares = privateKeyShares[i].getCommittedShares(); for (int j = 0; j != numberOfPeers; j++) { Assert.assertTrue(shares[j].isRevealed(j, domainParams, hVal)); } } ECPoint pubPoint = ((ECPublicKeyParameters) kps[0].getPublic()).getQ(); for (int i = 1; i < numberOfPeers; i++) { pubPoint = pubPoint.add(((ECPublicKeyParameters) kps[i].getPublic()).getQ()); } ECPublicKeyParameters jointPub = new ECPublicKeyParameters(pubPoint, domainParams); // // check the public key commitment values. // for (int i = 0; i != numberOfPeers; i++) { BigInteger[] aCoefficients = privateKeyShares[i].getCoefficients(); ECPoint[] qCommitments = new ECPoint[aCoefficients.length]; for (int k = 0; k != qCommitments.length; k++) { qCommitments[k] = domainParams.getG().multiply(aCoefficients[k]); } for (int j = 0; j != numberOfPeers; j++) { ECPoint val = qCommitments[0]; for (int k = 1; k != qCommitments.length; k++) { val = val.add(qCommitments[k].multiply(BigInteger.valueOf(j + 1).pow(k))); } Assert.assertEquals(domainParams.getG().multiply(privateKeyShares[i].getShares()[j]), val); } } // Create a random plaintext ECPoint plaintext = generatePoint(domainParams, new SecureRandom()); // Encrypt it using the joint public key ECEncryptor enc = new ECElGamalEncryptor(); enc.init(new ParametersWithRandom(jointPub, new SecureRandom())); ECPair cipherText = enc.encrypt(plaintext); // do partial decrypts ECPoint[] partialDecs = new ECPoint[numberOfPeers]; for (int i = 0; i < numberOfPeers; i++) { partialDecs[i] = cipherText.getX().multiply(finalPrivateKeyShares[i]); } // simulate missing peers for (int i = 0; i != missing.length; i++) { partialDecs[missing[i]] = null; } // decryption step LagrangeWeightCalculator lagrangeWeightCalculator = new LagrangeWeightCalculator(numberOfPeers, domainParams.getN()); BigInteger[] weights = lagrangeWeightCalculator.computeWeights(partialDecs); // weighting ECPoint weightedDecryption = partialDecs[0].multiply(weights[0]); for (int i = 1; i < weights.length; i++) { if (partialDecs[i] != null) { weightedDecryption = weightedDecryption.add(partialDecs[i].multiply(weights[i])); } } // Do final decryption to recover plaintext ECPoint ECPoint decrypted = cipherText.getY().add(weightedDecryption.negate()); Assert.assertEquals(shouldPass, plaintext.equals(decrypted)); }
From source file:org.hyperledger.common.BouncyCastleCrypto.java
License:Apache License
@Override public byte[] getPublicKeyAtOffset(byte[] publicKey, byte[] offset) { BigInteger offsetInt = new BigInteger(publicKey); boolean invert = false; if (offsetInt.compareTo(BigInteger.ZERO) < 0) { invert = true;//from w w w. ja va 2s .c o m offsetInt = offsetInt.abs(); } ECPoint oG = curve.getG().multiply(offsetInt); if (invert) { oG = oG.negate(); } return oG.add(curve.getCurve().decodePoint(publicKey)).getEncoded(true); }
From source file:org.hyperledger.common.PublicKey.java
License:Apache License
public PublicKey offsetKey(BigInteger offset) throws HyperLedgerException { boolean invert = false; if (offset.compareTo(BigInteger.ZERO) < 0) { invert = true;//from w w w . j a v a2 s. c o m offset = offset.abs(); } ECPoint oG = curve.getG().multiply(offset); if (invert) { oG = oG.negate(); } ECPoint q = oG.add(curve.getCurve().decodePoint(pub)); if (q.isInfinity()) { throw new HyperLedgerException("This is rather unlikely, but it did just happen"); } return new PublicKey(q.getEncoded(compressed), compressed); }
From source file:service.ACService.java
License:Open Source License
public AnonymousCertificate proveAttribute(int attrIndex) throws CardServiceException { BigInteger N = BigInteger.probablePrime(127, new SecureRandom()); ECPoint nonce = c.getG().multiply(N); byte[][] data = new byte[2][]; data[0] = new byte[1]; data[0][0] = a[attrIndex].id;/*from ww w . jav a 2 s. c o m*/ data[1] = toAPDU(nonce); CommandAPDU cmd = APDUprepare(GET_ATTRIBUTE, data, null); AnonymousCertificate result = new AnonymousCertificate(); ResponseAPDU response = transmit(cmd); if (response.getSW() != 0x9000) { System.err.println("Request failed: " + response.getSW()); return null; } else { byte[] resp = response.getData(); int length, offset = 0; length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.signedNonce = fromAPDU(resp, offset); offset += length + 2; System.out.println("signedNonce: " + Hex.toHexString(result.signedNonce.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.blindedKey = fromAPDU(resp, offset); offset += length + 2; System.out.println("blindedKey: " + Hex.toHexString(result.blindedKey.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); result.blindedSignature = fromAPDU(resp, offset); offset += length + 2; System.out.println("blindedSig: " + Hex.toHexString(result.blindedSignature.toByteArray())); length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff)); offset += 2; result.attributeValue = new byte[length]; System.arraycopy(resp, offset, result.attributeValue, 0, length); System.out.println("attribVal: " + Hex.toHexString(result.attributeValue)); } System.out.println("signedNonce: " + result.signedNonce); System.out.println("blindedKey: " + result.blindedKey); System.out.println("blindedSig: " + result.blindedSignature); System.out.println("attribVal: " + new String(result.attributeValue)); // *** NONCE SIGNATURE VERIFICATION *** long start = System.nanoTime(); ECPoint sn = reconstructPoint(c, result.signedNonce, false); ECPoint bk = reconstructPoint(c, result.blindedKey, false); ECPoint bkn = bk.multiply(N); if (!bkn.equals(sn)) { if (!bkn.negate().equals(sn)) { System.out.println("Nonce verification failed"); return null; } else { } } else { } System.out.println("Nonce verification succeeded"); // *** PAIRING SIGNATURE VERIFICATION *** ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]); ECPoint bs = reconstructPoint(c, result.blindedSignature, false); ECFieldElement e2 = c.R_atePairing(bs, Q); ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1))); if (!e1.equals(e2)) { if (!ONE.equals(e1.multiply(e2))) { System.out.println("Signature verification failed"); return null; } else { } } System.out.println("Signature verification succeeded"); long end = System.nanoTime(); System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0); return result; }
From source file:terminal.GateClient.java
License:Open Source License
public BigInteger[] proveAttribute(int attrIndex) { log.append("---> Get Attributes"); BigInteger N = BigInteger.probablePrime(127, random); ECPoint nonce = c.getG().multiply(N); BigInteger[] attr = card.getAttribute(a[attrIndex].id, nonce); if (attr == null) { return null; }// ww w .j a v a 2 s .co m for (BigInteger ti : attr) { System.out.println("attr: " + ti); } // *** NONCE SIGNATURE VERIFICATION *** long start = System.nanoTime(); ECPoint sn = reconstructPoint(c, attr[CardInterface.SIGNED_NONCE], false); ECPoint bk = reconstructPoint(c, attr[CardInterface.BLINDED_KEY], false); ECPoint bkn = bk.multiply(N); if (!bkn.equals(sn)) { log.append("Nonce signature verification failed (n.bk != sn)"); if (!bkn.negate().equals(sn)) { log.append("Nonce signature verification failed (-n.bk != sn)"); return null; } else { log.append("Nonce signature verification succeeded (-n.bk == sn)"); } } else { log.append("Nonce signature verification succeeded (n.bk == sn)"); } // *** PAIRING SIGNATURE VERIFICATION *** ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]); ECPoint bs = reconstructPoint(c, attr[CardInterface.BLINDED_SIGNATURE], false); ECFieldElement e2 = c.R_atePairing(bs, Q); ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1))); if (!e1.equals(e2)) { log.append("Pairing signature verification failed (e1 != e2)"); if (!ONE.equals(e1.multiply(e2))) { log.append("Pairing signature verification failed (!equals ONE)"); return null; } else { log.append("Pairing signature verification succeeded (equals ONE)"); } } else { log.append("Pairing signature verification succeeded (e1 == e2)"); } long end = System.nanoTime(); log.append("*** VERIFICATION ***"); System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0); return attr; }