使用Crypto ++的curve25519基点乘法
[英]curve25519 base point multiplication using Crypto++
问题描述
When we multiply the basepoint of curve25519 with a scalar number, an exception is thrown. 
当我们将curve25519的curve25519乘以标量数时,将引发异常。
Integer gx(group.GetSubgroupGenerator().x);
Integer gy(group.GetSubgroupGenerator().y);
ECP::Point g(gx, gy);
ECP::Point P(group.GetCurve().ScalarMultiply(g, 3));
Exception thrown at 0x005B4412 in CryptoExample.exe: 0xC0000005: Access violation reading location 0x00000000.
How can we take generator, other than basepoint in this curve? 除了该曲线的基点外,我们如何获取发电机?
1 个解决方案
解决方案1
1 已采纳 2019-08-06 14:04:57
Integer gx(group.GetSubgroupGenerator().x); Integer gy(group.GetSubgroupGenerator().y); ECP::Point g(gx, gy); ECP::Point P(group.GetCurve().ScalarMultiply(g, 3));
group.GetCurve() is likely returning NULL because no curve has been set. 由于未设置曲线,因此group.GetCurve()可能返回NULL 。 But the curve25519 gear is probably not going to function correctly using the standard way of doing things (like shown at Scalar multiplication on secp521r1 using Crypto++ ). 但是,使用标准的处理方式,curve25519齿轮可能无法正常工作(如使用Crypto ++的secp521r1的标量乘法所示)。 In fact, if you run the following code: 实际上,如果您运行以下代码:
GroupParameters group;
group.Initialize(ASN1::X25519());
Then the code will result in an exception because the domain parameters are missing in eccrypto.h and eccrypto.cpp : 然后,代码将导致异常,因为eccrypto.h和eccrypto.cpp中缺少域参数:
$ ./test.exe
terminate called after throwing an instance of 'CryptoPP::UnknownOID'
what(): BER decode error: unknown object identifier
The curve25519 gear is special in Crypto++. curve25519齿轮在Crypto ++中是特殊的。 Rather than using the library's underlying Integer class and typical field operations through GroupParameters object, it uses a constant time implementation from Andrew Moon called Donna. 它没有使用库的底层Integer类和通过GroupParameters对象进行典型的字段操作,而是使用了来自Andrew Moon的称为Donna的恒定时间实现。 The library then wraps Moon's Donna code and provides most expected operation using Crypto++ objects like PK_Signer and PK_Verifier . 该库然后包装Moon的Donna代码,并使用PK_Signer和PK_Verifier类的Crypto ++对象提供大多数预期的操作。
However, "... and provides most expected operation" stops precisely at the lower-level objects like DL_GroupParameters_EC , which is the interface you are trying to use. 但是, “ ...并提供最期望的操作”恰好在您尝试使用的接口DL_GroupParameters_EC类的较低级对象处停止。
You might also want to take a look at the functions available in donna.h : 您可能还想看看donna.h提供的功能:
int curve25519_mult (byte publicKey[32], const byte secretKey[32])
Generate a public key. More...
int curve25519_mult (byte sharedKey[32], const byte secretKey[32], const byte othersKey[32])
Generate a shared key. More...
Those are the scalar multiplications you are looking for. 这些是您要查找的标量乘法。 The first curve25519_mult uses a basepoint of 9. The second curve25519_mult allows you to specify an arbitrary basepoint. 第一条curve25519_mult使用的基点为9。第二条curve25519_mult允许您指定任意基点。
donna.h should be a private header, but we had to expose it because of the missing curve operations. donna.h应该是一个私有头文件,但是由于缺少曲线操作,我们不得不公开它。 However, Donna is still missing functions for Add and Double , though they could probably be exported if needed. 但是,Donna仍然缺少Add和Double函数,尽管如果需要可以将其导出。
And also see x25519 and ed25519 on the Crypto++ wiki; 另请参见Crypto ++ Wiki上的x25519和ed25519 ; and Scalar multiplication on secp521r1 using Crypto++ on Stack Overflow. 在堆栈溢出上使用Crypto ++对secp521r1进行标量乘法 。
The x25519 and ed25519 wiki pages actually discuss your problem: x25519和ed25519 Wiki页面实际上讨论了您的问题:
The Crypto++ library uses Andrew Moon's constant time ed25519-donna.
The reason curve25519 is special is, we needed to provide the gear, but wanted to avoid a lot of changes required to properly support it. curve25519之所以与众不同,是因为我们需要提供齿轮,但要避免为正确支撑齿轮而进行大量更改。 The library supports short Weierstrass curves well, but has nearly no support for Edwards and Twisted Edward curves. 该库很好地支持短Weierstrass曲线,但几乎不支持Edwards和Twisted Edward曲线。
Eventually curve25519 will be properly added to the library. 最终,curve25519将被正确添加到库中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.