Builtin random

This commit is contained in:
Pieter Wuille 2013-04-20 23:34:41 +02:00
parent b2966ce852
commit d06e61cbb5
8 changed files with 101 additions and 56 deletions

View file

@ -5,9 +5,22 @@
#include "impl/group.h" #include "impl/group.h"
#include "impl/ecmult.h" #include "impl/ecmult.h"
#include "impl/ecdsa.h" #include "impl/ecdsa.h"
#include "impl/util.h"
void random_num_order(secp256k1_num_t *num) {
do {
unsigned char b32[32];
secp256k1_rand256(b32);
secp256k1_num_set_bin(num, b32, 32);
if (secp256k1_num_is_zero(num))
continue;
if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0)
continue;
break;
} while(1);
}
int main() { int main() {
secp256k1_num_start();
secp256k1_fe_start(); secp256k1_fe_start();
secp256k1_ge_start(); secp256k1_ge_start();
secp256k1_ecmult_start(); secp256k1_ecmult_start();
@ -24,9 +37,9 @@ int main() {
int cnt = 0; int cnt = 0;
int good = 0; int good = 0;
for (int i=0; i<1000000; i++) { for (int i=0; i<1000000; i++) {
secp256k1_num_set_rand(&r, order); random_num_order(&r);
secp256k1_num_set_rand(&s, order); random_num_order(&s);
secp256k1_num_set_rand(&m, order); random_num_order(&m);
secp256k1_ecdsa_sig_set_rs(&sig, &r, &s); secp256k1_ecdsa_sig_set_rs(&sig, &r, &s);
secp256k1_gej_t pubkey; secp256k1_gej_set_xo(&pubkey, &x, 1); secp256k1_gej_t pubkey; secp256k1_gej_set_xo(&pubkey, &x, 1);
if (secp256k1_gej_is_valid(&pubkey)) { if (secp256k1_gej_is_valid(&pubkey)) {
@ -43,6 +56,5 @@ int main() {
secp256k1_ecmult_stop(); secp256k1_ecmult_stop();
secp256k1_ge_stop(); secp256k1_ge_stop();
secp256k1_fe_stop(); secp256k1_fe_stop();
secp256k1_num_stop();
return 0; return 0;
} }

View file

@ -16,12 +16,6 @@ void static secp256k1_num_sanity(const secp256k1_num_t *a) {
#define secp256k1_num_sanity(a) do { } while(0) #define secp256k1_num_sanity(a) do { } while(0)
#endif #endif
void static secp256k1_num_start(void) {
}
void static secp256k1_num_stop(void) {
}
void static secp256k1_num_init(secp256k1_num_t *r) { void static secp256k1_num_init(secp256k1_num_t *r) {
r->neg = 0; r->neg = 0;
r->limbs = 1; r->limbs = 1;
@ -385,11 +379,4 @@ void static secp256k1_num_negate(secp256k1_num_t *r) {
r->neg ^= 1; r->neg ^= 1;
} }
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpn_random(r->data, a->limbs);
r->limbs = a->limbs;
r->neg = 0;
secp256k1_num_mod(r, a);
}
#endif #endif

View file

@ -9,13 +9,6 @@
#include "../num.h" #include "../num.h"
void static secp256k1_num_start() {
}
void static secp256k1_num_stop() {
}
void static secp256k1_num_init(secp256k1_num_t *r) { void static secp256k1_num_init(secp256k1_num_t *r) {
BN_init(&r->bn); BN_init(&r->bn);
} }
@ -145,8 +138,4 @@ void static secp256k1_num_negate(secp256k1_num_t *r) {
BN_set_negative(&r->bn, !BN_is_negative(&r->bn)); BN_set_negative(&r->bn, !BN_is_negative(&r->bn));
} }
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
BN_pseudo_rand_range(&r->bn, &a->bn);
}
#endif #endif

48
src/impl/util.h Normal file
View file

@ -0,0 +1,48 @@
#ifndef _SECP256K1_UTIL_IMPL_H_
#define _SECP256K1_UTIL_IMPL_H_
#include <stdint.h>
#include <string.h>
#include "../util.h"
static inline uint32_t secp256k1_rand32(void) {
static uint32_t Rz = 11, Rw = 11;
Rz = 36969 * (Rz & 0xFFFF) + (Rz >> 16);
Rw = 18000 * (Rw & 0xFFFF) + (Rw >> 16);
return (Rw << 16) + Rz;
}
static void secp256k1_rand256(unsigned char *b32) {
for (int i=0; i<8; i++) {
uint32_t r = secp256k1_rand32();
b32[i*4 + 0] = (r >> 0) & 0xFF;
b32[i*4 + 1] = (r >> 8) & 0xFF;
b32[i*4 + 2] = (r >> 16) & 0xFF;
b32[i*4 + 3] = (r >> 24) & 0xFF;
}
}
static void secp256k1_rand256_test(unsigned char *b32) {
int bits=0;
uint32_t ent;
int entbits = 0;
memset(b32, 0, 32);
while (bits < 256) {
if (entbits < 15) {
ent = secp256k1_rand32();
entbits = 32;
}
int now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
uint32_t val = 1 & (ent >> 11);
ent -= 12;
entbits >>= 12;
while (now > 0 && bits < 256) {
b32[bits / 8] |= val << (bits % 8);
now--;
bits++;
}
}
}
#endif

View file

@ -11,12 +11,6 @@
#error "Please select num implementation" #error "Please select num implementation"
#endif #endif
/** Initialize the num module. */
void static secp256k1_num_start(void);
/** De-initialize the num module. */
void static secp256k1_num_stop(void);
/** Initialize a number. */ /** Initialize a number. */
void static secp256k1_num_init(secp256k1_num_t *r); void static secp256k1_num_init(secp256k1_num_t *r);
@ -93,7 +87,4 @@ void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const
/** Change a number's sign. */ /** Change a number's sign. */
void static secp256k1_num_negate(secp256k1_num_t *r); void static secp256k1_num_negate(secp256k1_num_t *r);
/** Set a number to an random value below the passed number. */
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a);
#endif #endif

View file

@ -5,7 +5,6 @@
#include "impl/ecdsa.h" #include "impl/ecdsa.h"
void secp256k1_start(void) { void secp256k1_start(void) {
secp256k1_num_start();
secp256k1_fe_start(); secp256k1_fe_start();
secp256k1_ge_start(); secp256k1_ge_start();
secp256k1_ecmult_start(); secp256k1_ecmult_start();
@ -15,7 +14,6 @@ void secp256k1_stop(void) {
secp256k1_ecmult_stop(); secp256k1_ecmult_stop();
secp256k1_ge_stop(); secp256k1_ge_stop();
secp256k1_fe_stop(); secp256k1_fe_stop();
secp256k1_num_stop();
} }
int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) { int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {

View file

@ -5,10 +5,24 @@
#include "impl/group.h" #include "impl/group.h"
#include "impl/ecmult.h" #include "impl/ecmult.h"
#include "impl/ecdsa.h" #include "impl/ecdsa.h"
#include "impl/util.h"
// #define COUNT 2 // #define COUNT 2
#define COUNT 100 #define COUNT 100
void random_num_order(secp256k1_num_t *num) {
do {
unsigned char b32[32];
secp256k1_rand256_test(b32);
secp256k1_num_set_bin(num, b32, 32);
if (secp256k1_num_is_zero(num))
continue;
if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0)
continue;
break;
} while(1);
}
void test_run_ecmult_chain() { void test_run_ecmult_chain() {
// random starting point A (on the curve) // random starting point A (on the curve)
secp256k1_fe_t ax; secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004", 64); secp256k1_fe_t ax; secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004", 64);
@ -130,21 +144,14 @@ void test_wnaf(const secp256k1_num_t *number, int w) {
} }
void test_run_wnaf() { void test_run_wnaf() {
secp256k1_num_t range, min, n; secp256k1_num_t n;
secp256k1_num_init(&range);
secp256k1_num_init(&min);
secp256k1_num_init(&n); secp256k1_num_init(&n);
secp256k1_num_set_hex(&range, "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 66);
secp256k1_num_copy(&min, &range);
secp256k1_num_shift(&min, 1);
secp256k1_num_negate(&min);
for (int i=0; i<COUNT; i++) { for (int i=0; i<COUNT; i++) {
secp256k1_num_set_rand(&n, &range); random_num_order(&n);
secp256k1_num_add(&n, &n, &min); if (i % 1)
secp256k1_num_negate(&n);
test_wnaf(&n, 4+(i%10)); test_wnaf(&n, 4+(i%10));
} }
secp256k1_num_free(&range);
secp256k1_num_free(&min);
secp256k1_num_free(&n); secp256k1_num_free(&n);
} }
@ -152,15 +159,15 @@ void test_ecdsa_sign_verify() {
const secp256k1_ge_consts_t *c = secp256k1_ge_consts; const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
secp256k1_num_t msg, key, nonce; secp256k1_num_t msg, key, nonce;
secp256k1_num_init(&msg); secp256k1_num_init(&msg);
secp256k1_num_set_rand(&msg, &c->order); random_num_order(&msg);
secp256k1_num_init(&key); secp256k1_num_init(&key);
secp256k1_num_set_rand(&key, &c->order); random_num_order(&key);
secp256k1_num_init(&nonce); secp256k1_num_init(&nonce);
secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key); secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key);
secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig); secp256k1_ecdsa_sig_init(&sig);
do { do {
secp256k1_num_set_rand(&nonce, &c->order); random_num_order(&nonce);
} while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce)); } while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce));
assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg)); assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg));
secp256k1_num_inc(&msg); secp256k1_num_inc(&msg);
@ -178,7 +185,6 @@ void test_run_ecdsa_sign_verify() {
} }
int main(void) { int main(void) {
secp256k1_num_start();
secp256k1_fe_start(); secp256k1_fe_start();
secp256k1_ge_start(); secp256k1_ge_start();
secp256k1_ecmult_start(); secp256k1_ecmult_start();
@ -191,6 +197,5 @@ int main(void) {
secp256k1_ecmult_stop(); secp256k1_ecmult_stop();
secp256k1_ge_stop(); secp256k1_ge_stop();
secp256k1_fe_stop(); secp256k1_fe_stop();
secp256k1_num_stop();
return 0; return 0;
} }

15
src/util.h Normal file
View file

@ -0,0 +1,15 @@
#ifndef _SECP256K1_UTIL_H_
#define _SECP256K1_UTIL_H_
/** Generate a pseudorandom 32-bit number. */
static uint32_t secp256k1_rand32(void);
/** Generate a pseudorandom 32-byte array. */
static void secp256k1_rand256(unsigned char *b32);
/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
static void secp256k1_rand256_test(unsigned char *b32);
#include "impl/util.h"
#endif