include/cryptopp/luc.h

0001 // luc.h - originally written and placed in the public domain by Wei Dai

0002
0003 /// \file luc.h

0004 /// \brief Classes for the LUC cryptosystem

0005 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0006 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0007 ///   defined later in this .h file may be of more practical interest.

0008 /// \since Crypto++ 2.1

0009
0010 #ifndef CRYPTOPP_LUC_H
0011 #define CRYPTOPP_LUC_H
0012
0013 #include "cryptlib.h"
0014 #include "gfpcrypt.h"
0015 #include "integer.h"
0016 #include "algebra.h"
0017 #include "secblock.h"
0018
0019 #if CRYPTOPP_MSC_VERSION
0020 # pragma warning(push)
0021 # pragma warning(disable: 4127 4189)
0022 #endif
0023
0024 #include "pkcspad.h"
0025 #include "integer.h"
0026 #include "oaep.h"
0027 #include "dh.h"
0028
0029 #include <limits.h>
0030
0031 NAMESPACE_BEGIN(CryptoPP)
0032
0033 /// \brief The LUC function.

0034 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0035 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0036 ///   defined later in this .h file may be of more practical interest.

0037 /// \since Crypto++ 2.1

0038 class LUCFunction : public TrapdoorFunction, public PublicKey
0039 {
0040     typedef LUCFunction ThisClass;
0041
0042 public:
0043     virtual ~LUCFunction() {}
0044
0045     /// \brief Initialize a LUC public key with {n,e}

0046     /// \param n the modulus

0047     /// \param e the public exponent

0048     void Initialize(const Integer &n, const Integer &e)
0049         {m_n = n; m_e = e;}
0050
0051     void BERDecode(BufferedTransformation &bt);
0052     void DEREncode(BufferedTransformation &bt) const;
0053
0054     Integer ApplyFunction(const Integer &x) const;
0055     Integer PreimageBound() const {return m_n;}
0056     Integer ImageBound() const {return m_n;}
0057
0058     bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
0059     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
0060     void AssignFrom(const NameValuePairs &source);
0061
0062     // non-derived interface

0063     const Integer & GetModulus() const {return m_n;}
0064     const Integer & GetPublicExponent() const {return m_e;}
0065
0066     void SetModulus(const Integer &n) {m_n = n;}
0067     void SetPublicExponent(const Integer &e) {m_e = e;}
0068
0069 protected:
0070     Integer m_n, m_e;
0071 };
0072
0073 /// \brief The LUC inverse function.

0074 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0075 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0076 ///   defined later in this .h file may be of more practical interest.

0077 /// \since Crypto++ 2.1

0078 class InvertibleLUCFunction : public LUCFunction, public TrapdoorFunctionInverse, public PrivateKey
0079 {
0080     typedef InvertibleLUCFunction ThisClass;
0081
0082 public:
0083     virtual ~InvertibleLUCFunction() {}
0084
0085     /// \brief Create a LUC private key

0086     /// \param rng a RandomNumberGenerator derived class

0087     /// \param modulusBits the size of the modulus, in bits

0088     /// \param eStart the desired starting public exponent

0089     /// \details Initialize() creates a new keypair using a starting public exponent of 17.

0090     /// \details This function overload of Initialize() creates a new keypair because it

0091     ///   takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,

0092     ///   then use one of the other Initialize() overloads.

0093     void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17);
0094
0095     /// \brief Initialize a LUC private key with {n,e,p,q,dp,dq,u}

0096     /// \param n modulus

0097     /// \param e public exponent

0098     /// \param p first prime factor

0099     /// \param q second prime factor

0100     /// \param u q<sup>-1</sup> mod p

0101     /// \details This Initialize() function overload initializes a private key from existing parameters.

0102     void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q, const Integer &u)
0103         {m_n = n; m_e = e; m_p = p; m_q = q; m_u = u;}
0104
0105     void BERDecode(BufferedTransformation &bt);
0106     void DEREncode(BufferedTransformation &bt) const;
0107
0108     Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
0109
0110     bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
0111     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
0112     void AssignFrom(const NameValuePairs &source);
0113     /*! parameters: (ModulusSize, PublicExponent (default 17)) */
0114     void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
0115
0116     // non-derived interface

0117     const Integer& GetPrime1() const {return m_p;}
0118     const Integer& GetPrime2() const {return m_q;}
0119     const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;}
0120
0121     void SetPrime1(const Integer &p) {m_p = p;}
0122     void SetPrime2(const Integer &q) {m_q = q;}
0123     void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;}
0124
0125 protected:
0126     Integer m_p, m_q, m_u;
0127 };
0128
0129 /// \brief LUC cryptosystem

0130 /// \since Crypto++ 2.1

0131 struct LUC
0132 {
0133     static std::string StaticAlgorithmName() {return "LUC";}
0134     typedef LUCFunction PublicKey;
0135     typedef InvertibleLUCFunction PrivateKey;
0136 };
0137
0138 /// \brief LUC encryption scheme

0139 /// \tparam STANDARD signature standard

0140 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0141 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0142 ///   defined later in this .h file may be of more practical interest.

0143 /// \since Crypto++ 2.1

0144 template <class STANDARD>
0145 struct LUCES : public TF_ES<LUC, STANDARD>
0146 {
0147 };
0148
0149 /// \brief LUC signature scheme with appendix

0150 /// \tparam STANDARD signature standard

0151 /// \tparam H hash transformation

0152 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0153 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0154 ///   defined later in this .h file may be of more practical interest.

0155 /// \since Crypto++ 2.1

0156 template <class STANDARD, class H>
0157 struct LUCSS : public TF_SS<LUC, STANDARD, H>
0158 {
0159 };
0160
0161 // analogous to the RSA schemes defined in PKCS #1 v2.0

0162 typedef LUCES<OAEP<SHA1> >::Decryptor LUCES_OAEP_SHA_Decryptor;
0163 typedef LUCES<OAEP<SHA1> >::Encryptor LUCES_OAEP_SHA_Encryptor;
0164
0165 typedef LUCSS<PKCS1v15, SHA1>::Signer LUCSSA_PKCS1v15_SHA_Signer;
0166 typedef LUCSS<PKCS1v15, SHA1>::Verifier LUCSSA_PKCS1v15_SHA_Verifier;
0167
0168 // ********************************************************

0169
0170 /// \brief LUC GroupParameters precomputation

0171 /// \details No actual precomputation is performed

0172 /// \since Crypto++ 2.1

0173 class DL_GroupPrecomputation_LUC : public DL_GroupPrecomputation<Integer>
0174 {
0175 public:
0176     virtual ~DL_GroupPrecomputation_LUC() {}
0177
0178     const AbstractGroup<Element> & GetGroup() const {CRYPTOPP_ASSERT(false); throw 0;}
0179     Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);}
0180     void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);}
0181
0182     // non-inherited

0183     void SetModulus(const Integer &v) {m_p = v;}
0184     const Integer & GetModulus() const {return m_p;}
0185
0186 private:
0187     Integer m_p;
0188 };
0189
0190 /// \brief LUC Precomputation

0191 /// \since Crypto++ 2.1

0192 class DL_BasePrecomputation_LUC : public DL_FixedBasePrecomputation<Integer>
0193 {
0194 public:
0195     virtual ~DL_BasePrecomputation_LUC() {}
0196
0197     // DL_FixedBasePrecomputation

0198     bool IsInitialized() const {return m_g.NotZero();}
0199     void SetBase(const DL_GroupPrecomputation<Element> &group, const Integer &base)
0200         {CRYPTOPP_UNUSED(group); m_g = base;}
0201     const Integer & GetBase(const DL_GroupPrecomputation<Element> &group) const
0202         {CRYPTOPP_UNUSED(group); return m_g;}
0203     void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage)
0204         {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(maxExpBits); CRYPTOPP_UNUSED(storage);}
0205     void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation)
0206         {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);}
0207     void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const
0208         {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);}
0209     Integer Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const;
0210     Integer CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Integer> &pc2, const Integer &exponent2) const
0211         {
0212             CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(exponent); CRYPTOPP_UNUSED(pc2); CRYPTOPP_UNUSED(exponent2);
0213             // shouldn't be called

0214             throw NotImplemented("DL_BasePrecomputation_LUC: CascadeExponentiate not implemented");
0215         }
0216
0217 private:
0218     Integer m_g;
0219 };
0220
0221 /// \brief LUC GroupParameters specialization

0222 /// \since Crypto++ 2.1

0223 class DL_GroupParameters_LUC : public DL_GroupParameters_IntegerBasedImpl<DL_GroupPrecomputation_LUC, DL_BasePrecomputation_LUC>
0224 {
0225 public:
0226     virtual ~DL_GroupParameters_LUC() {}
0227
0228     // DL_GroupParameters

0229     bool IsIdentity(const Integer &element) const {return element == Integer::Two();}
0230     void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
0231     Element MultiplyElements(const Element &a, const Element &b) const
0232     {
0233         CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b);
0234         throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");
0235     }
0236     Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const
0237     {
0238         CRYPTOPP_UNUSED(element1); CRYPTOPP_UNUSED(exponent1); CRYPTOPP_UNUSED(element2); CRYPTOPP_UNUSED(exponent2);
0239         throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");
0240     }
0241
0242     // NameValuePairs interface

0243     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
0244     {
0245         return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();
0246     }
0247
0248 private:
0249     int GetFieldType() const {return 2;}
0250 };
0251
0252 /// \brief GF(p) group parameters that default to safe primes

0253 /// \since Crypto++ 2.1

0254 class DL_GroupParameters_LUC_DefaultSafePrime : public DL_GroupParameters_LUC
0255 {
0256 public:
0257     typedef NoCofactorMultiplication DefaultCofactorOption;
0258
0259 protected:
0260     unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;}
0261 };
0262
0263 /// \brief LUC HMP signature algorithm

0264 /// \since Crypto++ 2.1

0265 class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm<Integer>
0266 {
0267 public:
0268     CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "LUC-HMP";}
0269
0270     virtual ~DL_Algorithm_LUC_HMP() {}
0271
0272     void Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const;
0273     bool Verify(const DL_GroupParameters<Integer> &params, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const;
0274
0275     size_t RLen(const DL_GroupParameters<Integer> &params) const
0276         {return params.GetGroupOrder().ByteCount();}
0277 };
0278
0279 /// \brief LUC signature keys

0280 /// \since Crypto++ 2.1

0281 struct DL_SignatureKeys_LUC
0282 {
0283     typedef DL_GroupParameters_LUC GroupParameters;
0284     typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
0285     typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
0286 };
0287
0288 /// \brief LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen

0289 /// \tparam H hash transformation

0290 /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other

0291 ///   trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes

0292 ///   defined later in this .h file may be of more practical interest.

0293 /// \since Crypto++ 2.1

0294 template <class H>
0295 struct LUC_HMP : public DL_SS<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, DL_SignatureMessageEncodingMethod_DSA, H>
0296 {
0297 };
0298
0299 /// \brief LUC encryption keys

0300 /// \since Crypto++ 2.1

0301 struct DL_CryptoKeys_LUC
0302 {
0303     typedef DL_GroupParameters_LUC_DefaultSafePrime GroupParameters;
0304     typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
0305     typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
0306 };
0307
0308 /// \brief LUC Integrated Encryption Scheme

0309 /// \tparam COFACTOR_OPTION cofactor multiplication option

0310 /// \tparam HASH HashTransformation derived class used for key drivation and MAC computation

0311 /// \tparam DHAES_MODE flag indicating if the MAC includes additional context parameters such as <em>u·V</em>, <em>v·U</em> and label

0312 /// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits

0313 /// \sa CofactorMultiplicationOption

0314 /// \since Crypto++ 2.1, Crypto++ 5.7 for Bouncy Castle and Botan compatibility

0315 template <class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true, bool LABEL_OCTETS = false>
0316 struct LUC_IES
0317     : public DL_ES<
0318         DL_CryptoKeys_LUC,
0319         DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
0320         DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
0321         DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
0322         LUC_IES<> >
0323 {
0324     CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "LUC-IES";} // non-standard name

0325 };
0326
0327 // ********************************************************

0328
0329 /// \brief LUC-DH

0330 typedef DH_Domain<DL_GroupParameters_LUC_DefaultSafePrime> LUC_DH;
0331
0332 NAMESPACE_END
0333
0334 #if CRYPTOPP_MSC_VERSION
0335 # pragma warning(pop)
0336 #endif
0337
0338 #endif