added scalar addition
This commit is contained in:
parent
ce74cffc0a
commit
310b4e0d27
BIN
ed25519.dll
BIN
ed25519.dll
Binary file not shown.
@ -83,6 +83,13 @@ must be a readable 64 byte buffer. `message` must have at least `message_len`
|
||||
bytes to be read. `public_key` must be a 32 byte public key generated by
|
||||
`ed25519_create_keypair`. Returns 1 if the signature matches, 0 otherwise.
|
||||
|
||||
```c
|
||||
void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key,
|
||||
const unsigned char *scalar);
|
||||
```
|
||||
|
||||
Adds `scalar` to the given keypair where scalar is a 32 byte buffer (possibly generated with `ed25519_create_seed`), generating a new keypair. You can calculate the public key sum without knowing the private key and vice versa by passing in NULL. This is useful for enforcing randomness on a keypair while only knowing the public key, among other things.
|
||||
|
||||
Example
|
||||
-------
|
||||
```c
|
||||
|
46
src/add_scalar.c
Normal file
46
src/add_scalar.c
Normal file
@ -0,0 +1,46 @@
|
||||
#include "ge.h"
|
||||
#include "sc.h"
|
||||
|
||||
|
||||
/* see http://crypto.stackexchange.com/a/6215/4697 */
|
||||
void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) {
|
||||
const unsigned char SC_1[32] = {1}; /* scalar with value 1 */
|
||||
|
||||
unsigned char n[32];
|
||||
ge_p3 nB;
|
||||
ge_p1p1 A_p1p1;
|
||||
ge_p3 A;
|
||||
ge_p3 public_key_unpacked;
|
||||
ge_cached T;
|
||||
|
||||
int i;
|
||||
|
||||
/* copy the scalar and clear highest bit */
|
||||
for (i = 0; i < 31; ++i) {
|
||||
n[i] = scalar[i];
|
||||
}
|
||||
n[31] = scalar[31] & 127;
|
||||
|
||||
/* private key: a = n + t */
|
||||
if (private_key) {
|
||||
sc_muladd(private_key, SC_1, n, private_key);
|
||||
}
|
||||
|
||||
if (public_key) {
|
||||
/* unpack public key into T */
|
||||
ge_frombytes_negate_vartime(&public_key_unpacked, public_key);
|
||||
fe_neg(public_key_unpacked.X, public_key_unpacked.X); // undo negate
|
||||
fe_neg(public_key_unpacked.T, public_key_unpacked.T); // undo negate
|
||||
ge_p3_to_cached(&T, &public_key_unpacked);
|
||||
|
||||
/* calculate n*B */
|
||||
ge_scalarmult_base(&nB, n);
|
||||
|
||||
/* A = n*B + T */
|
||||
ge_add(&A_p1p1, &nB, &T);
|
||||
ge_p1p1_to_p3(&A, &A_p1p1);
|
||||
|
||||
/* pack public key */
|
||||
ge_p3_tobytes(public_key, &A);
|
||||
}
|
||||
}
|
@ -27,6 +27,7 @@ int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
|
||||
void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
|
||||
void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key);
|
||||
int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
|
||||
void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
32
test.c
32
test.c
@ -3,13 +3,17 @@
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#define ED25519_DLL
|
||||
//#define ED25519_DLL
|
||||
#include "src/ed25519.h"
|
||||
|
||||
#include "src/ge.h"
|
||||
#include "src/sc.h"
|
||||
|
||||
const char message[] = "Hello, world!";
|
||||
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
unsigned char public_key[32], private_key[64], seed[32];
|
||||
unsigned char public_key[32], private_key[64], seed[32], scalar[32];
|
||||
unsigned char signature[64];
|
||||
|
||||
clock_t start;
|
||||
@ -30,6 +34,20 @@ int main(int argc, char *argv[]) {
|
||||
printf("invalid signature\n");
|
||||
}
|
||||
|
||||
/* create scalar and add it to the keypair */
|
||||
ed25519_create_seed(scalar);
|
||||
ed25519_add_scalar(public_key, private_key, scalar);
|
||||
|
||||
/* create signature with the new keypair */
|
||||
ed25519_sign(signature, message, strlen(message), public_key, private_key);
|
||||
|
||||
/* verify the signature with the new keypair */
|
||||
if (ed25519_verify(signature, message, strlen(message), public_key)) {
|
||||
printf("valid signature\n");
|
||||
} else {
|
||||
printf("invalid signature\n");
|
||||
}
|
||||
|
||||
/* make a slight adjustment and verify again */
|
||||
signature[44] ^= 0x10;
|
||||
if (ed25519_verify(signature, message, strlen(message), public_key)) {
|
||||
@ -67,5 +85,15 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
|
||||
|
||||
|
||||
printf("testing scalar addition performance: ");
|
||||
start = clock();
|
||||
for (i = 0; i < 10000; ++i) {
|
||||
ed25519_add_scalar(public_key, private_key, scalar);
|
||||
}
|
||||
end = clock();
|
||||
|
||||
printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user