1 #include "RsaCrtShamirsTrick.h"
8 pair
<Rsa::KeyPub
, RsaCrtShamirsTrick::KeyPriv
> RsaCrtShamirsTrick::generateRSAKeys(uint exponent
, uint keySizeBits
)
17 kPriv
.p
= Rand::randPrime(keySizeBits
/ 2);
18 kPriv
.q
= Rand::randPrime(keySizeBits
/ 2);
20 kPub
.n
= kPriv
.p
* kPriv
.q
;
21 phi
= (kPriv
.p
- 1) * (kPriv
.q
- 1);
23 // d = e^-1 (mode phi).
24 } while (mpz_invert(kPriv
.d
.get_mpz_t(), kPub
.e
.get_mpz_t(), phi
.get_mpz_t()) == 0);
26 // qInv = q^-1 (mod p)
27 mpz_invert(kPriv
.qInv
.get_mpz_t(), kPriv
.q
.get_mpz_t(), kPriv
.p
.get_mpz_t());
29 return make_pair(kPub
, kPriv
);
32 mpz_class
RsaCrtShamirsTrick::sign(const mpz_class
& m
, const KeyPriv
& kPriv
)
34 const mpz_class r
= Rand::randPrime(64);
36 const mpz_class pr
= kPriv
.p
* r
;
37 const mpz_class qr
= kPriv
.q
* r
;
39 const mpz_class spExponent
= kPriv
.d
% ((kPriv
.p
- 1) * (r
- 1)); // d mod phi(p * r).
40 const mpz_class sqExponent
= kPriv
.d
% ((kPriv
.q
- 1) * (r
- 1)); // d mod phi(q * r).
43 mpz_powm(spr
.get_mpz_t(), m
.get_mpz_t(), spExponent
.get_mpz_t(), pr
.get_mpz_t());
44 mpz_powm(sqr
.get_mpz_t(), m
.get_mpz_t(), sqExponent
.get_mpz_t(), qr
.get_mpz_t());
46 if (spr
% r
!= sqr
% r
)
47 throw UnableToSignWithShamirsTrick();
49 mpz_class sp
= spr
% kPriv
.p
;
50 mpz_class sq
= sqr
% kPriv
.q
;
52 return sq
+ ((kPriv
.qInv
* (sp
- sq
)) % kPriv
.p
) * kPriv
.q
;
55 mpz_class
RsaCrtShamirsTrick::signWithFaultySp(const mpz_class
& m
, const KeyPriv
& kPriv
)
59 mpz_powm_sec(sp.get_mpz_t(), m.get_mpz_t(), kPriv.dp.get_mpz_t(), kPriv.p.get_mpz_t());
60 mpz_powm_sec(sq.get_mpz_t(), m.get_mpz_t(), kPriv.dq.get_mpz_t(), kPriv.q.get_mpz_t());
62 mpz_combit(sp.get_mpz_t(), 42); // Flip the fourty second bit.
64 return sq + ((kPriv.qInv * (sp - sq)) % kPriv.p) * kPriv.q;*/