}
mpz_class RsaCrtShamirsTrick::sign(const mpz_class& m, const KeyPriv& kPriv)
+{
+ return sign(m, kPriv, false);
+}
+
+mpz_class RsaCrtShamirsTrick::signWithFaultySp(const mpz_class& m, const KeyPriv& kPriv)
+{
+ return sign(m, kPriv, true);
+}
+
+mpz_class RsaCrtShamirsTrick::sign(const mpz_class& m, const KeyPriv& kPriv, bool withError)
{
const mpz_class r = Rand::randPrime(64);
const mpz_class sqExponent = kPriv.d % ((kPriv.q - 1) * (r - 1)); // d mod phi(q * r).
mpz_class spr, sqr;
- mpz_powm(spr.get_mpz_t(), m.get_mpz_t(), spExponent.get_mpz_t(), pr.get_mpz_t());
- mpz_powm(sqr.get_mpz_t(), m.get_mpz_t(), sqExponent.get_mpz_t(), qr.get_mpz_t());
+ mpz_powm(spr.get_mpz_t(), m.get_mpz_t(), spExponent.get_mpz_t(), pr.get_mpz_t()); // spr = m^exp mod p*r.
+ mpz_powm(sqr.get_mpz_t(), m.get_mpz_t(), sqExponent.get_mpz_t(), qr.get_mpz_t()); // sqr = m^exp mod q*r.
+
+ if (withError)
+ mpz_combit(spr.get_mpz_t(), 42); // Flip the fourty second bit.
if (spr % r != sqr % r)
throw UnableToSignWithShamirsTrick();
return sq + ((kPriv.qInv * (sp - sq)) % kPriv.p) * kPriv.q;
}
-
-mpz_class RsaCrtShamirsTrick::signWithFaultySp(const mpz_class& m, const KeyPriv& kPriv)
-{
- mpz_class sp, sq;/*
-
- mpz_powm_sec(sp.get_mpz_t(), m.get_mpz_t(), kPriv.dp.get_mpz_t(), kPriv.p.get_mpz_t());
- mpz_powm_sec(sq.get_mpz_t(), m.get_mpz_t(), kPriv.dq.get_mpz_t(), kPriv.q.get_mpz_t());
-
- mpz_combit(sp.get_mpz_t(), 42); // Flip the fourty second bit.
-
- return sq + ((kPriv.qInv * (sp - sq)) % kPriv.p) * kPriv.q;*/
- return sp;
-}