// luc.h - originally written and placed in the public domain by Wei Dai /// \file luc.h /// \brief Classes for the LUC cryptosystem /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 #ifndef CRYPTOPP_LUC_H #define CRYPTOPP_LUC_H #include "cryptlib.h" #include "gfpcrypt.h" #include "integer.h" #include "algebra.h" #include "secblock.h" #if CRYPTOPP_MSC_VERSION # pragma warning(push) # pragma warning(disable: 4127 4189) #endif #include "pkcspad.h" #include "integer.h" #include "oaep.h" #include "dh.h" #include NAMESPACE_BEGIN(CryptoPP) /// \brief The LUC function. /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 class LUCFunction : public TrapdoorFunction, public PublicKey { typedef LUCFunction ThisClass; public: virtual ~LUCFunction() {} /// \brief Initialize a LUC public key with {n,e} /// \param n the modulus /// \param e the public exponent void Initialize(const Integer &n, const Integer &e) {m_n = n; m_e = e;} void BERDecode(BufferedTransformation &bt); void DEREncode(BufferedTransformation &bt) const; Integer ApplyFunction(const Integer &x) const; Integer PreimageBound() const {return m_n;} Integer ImageBound() const {return m_n;} bool Validate(RandomNumberGenerator &rng, unsigned int level) const; bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; void AssignFrom(const NameValuePairs &source); // non-derived interface const Integer & GetModulus() const {return m_n;} const Integer & GetPublicExponent() const {return m_e;} void SetModulus(const Integer &n) {m_n = n;} void SetPublicExponent(const Integer &e) {m_e = e;} protected: Integer m_n, m_e; }; /// \brief The LUC inverse function. /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 class InvertibleLUCFunction : public LUCFunction, public TrapdoorFunctionInverse, public PrivateKey { typedef InvertibleLUCFunction ThisClass; public: virtual ~InvertibleLUCFunction() {} /// \brief Create a LUC private key /// \param rng a RandomNumberGenerator derived class /// \param modulusBits the size of the modulus, in bits /// \param eStart the desired starting public exponent /// \details Initialize() creates a new keypair using a starting public exponent of 17. /// \details This function overload of Initialize() creates a new keypair because it /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17); /// \brief Initialize a LUC private key with {n,e,p,q,dp,dq,u} /// \param n modulus /// \param e public exponent /// \param p first prime factor /// \param q second prime factor /// \param u q-1 mod p /// \details This Initialize() function overload initializes a private key from existing parameters. void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q, const Integer &u) {m_n = n; m_e = e; m_p = p; m_q = q; m_u = u;} void BERDecode(BufferedTransformation &bt); void DEREncode(BufferedTransformation &bt) const; Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; bool Validate(RandomNumberGenerator &rng, unsigned int level) const; bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; void AssignFrom(const NameValuePairs &source); /*! parameters: (ModulusSize, PublicExponent (default 17)) */ void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); // non-derived interface const Integer& GetPrime1() const {return m_p;} const Integer& GetPrime2() const {return m_q;} const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} void SetPrime1(const Integer &p) {m_p = p;} void SetPrime2(const Integer &q) {m_q = q;} void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} protected: Integer m_p, m_q, m_u; }; /// \brief LUC cryptosystem /// \since Crypto++ 2.1 struct LUC { static std::string StaticAlgorithmName() {return "LUC";} typedef LUCFunction PublicKey; typedef InvertibleLUCFunction PrivateKey; }; /// \brief LUC encryption scheme /// \tparam STANDARD signature standard /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 template struct LUCES : public TF_ES { }; /// \brief LUC signature scheme with appendix /// \tparam STANDARD signature standard /// \tparam H hash transformation /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 template struct LUCSS : public TF_SS { }; // analogous to the RSA schemes defined in PKCS #1 v2.0 typedef LUCES >::Decryptor LUCES_OAEP_SHA_Decryptor; typedef LUCES >::Encryptor LUCES_OAEP_SHA_Encryptor; typedef LUCSS::Signer LUCSSA_PKCS1v15_SHA_Signer; typedef LUCSS::Verifier LUCSSA_PKCS1v15_SHA_Verifier; // ******************************************************** /// \brief LUC GroupParameters precomputation /// \details No actual precomputation is performed /// \since Crypto++ 2.1 class DL_GroupPrecomputation_LUC : public DL_GroupPrecomputation { public: virtual ~DL_GroupPrecomputation_LUC() {} const AbstractGroup & GetGroup() const {CRYPTOPP_ASSERT(false); throw 0;} Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} // non-inherited void SetModulus(const Integer &v) {m_p = v;} const Integer & GetModulus() const {return m_p;} private: Integer m_p; }; /// \brief LUC Precomputation /// \since Crypto++ 2.1 class DL_BasePrecomputation_LUC : public DL_FixedBasePrecomputation { public: virtual ~DL_BasePrecomputation_LUC() {} // DL_FixedBasePrecomputation bool IsInitialized() const {return m_g.NotZero();} void SetBase(const DL_GroupPrecomputation &group, const Integer &base) {CRYPTOPP_UNUSED(group); m_g = base;} const Integer & GetBase(const DL_GroupPrecomputation &group) const {CRYPTOPP_UNUSED(group); return m_g;} void Precompute(const DL_GroupPrecomputation &group, unsigned int maxExpBits, unsigned int storage) {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(maxExpBits); CRYPTOPP_UNUSED(storage);} void Load(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);} void Save(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) const {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);} Integer Exponentiate(const DL_GroupPrecomputation &group, const Integer &exponent) const; Integer CascadeExponentiate(const DL_GroupPrecomputation &group, const Integer &exponent, const DL_FixedBasePrecomputation &pc2, const Integer &exponent2) const { CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(exponent); CRYPTOPP_UNUSED(pc2); CRYPTOPP_UNUSED(exponent2); // shouldn't be called throw NotImplemented("DL_BasePrecomputation_LUC: CascadeExponentiate not implemented"); } private: Integer m_g; }; /// \brief LUC GroupParameters specialization /// \since Crypto++ 2.1 class DL_GroupParameters_LUC : public DL_GroupParameters_IntegerBasedImpl { public: virtual ~DL_GroupParameters_LUC() {} // DL_GroupParameters bool IsIdentity(const Integer &element) const {return element == Integer::Two();} void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; Element MultiplyElements(const Element &a, const Element &b) const { CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented"); } Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const { CRYPTOPP_UNUSED(element1); CRYPTOPP_UNUSED(exponent1); CRYPTOPP_UNUSED(element2); CRYPTOPP_UNUSED(exponent2); throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented"); } // NameValuePairs interface bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { return GetValueHelper(this, name, valueType, pValue).Assignable(); } private: int GetFieldType() const {return 2;} }; /// \brief GF(p) group parameters that default to safe primes /// \since Crypto++ 2.1 class DL_GroupParameters_LUC_DefaultSafePrime : public DL_GroupParameters_LUC { public: typedef NoCofactorMultiplication DefaultCofactorOption; protected: unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} }; /// \brief LUC HMP signature algorithm /// \since Crypto++ 2.1 class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm { public: CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "LUC-HMP";} virtual ~DL_Algorithm_LUC_HMP() {} void Sign(const DL_GroupParameters ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; bool Verify(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &e, const Integer &r, const Integer &s) const; size_t RLen(const DL_GroupParameters ¶ms) const {return params.GetGroupOrder().ByteCount();} }; /// \brief LUC signature keys /// \since Crypto++ 2.1 struct DL_SignatureKeys_LUC { typedef DL_GroupParameters_LUC GroupParameters; typedef DL_PublicKey_GFP PublicKey; typedef DL_PrivateKey_GFP PrivateKey; }; /// \brief LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen /// \tparam H hash transformation /// \details This class is here for historical and pedagogical interest. It has no practical advantages over other /// trapdoor functions and probably shouldn't be used in production software. The discrete log based LUC schemes /// defined later in this .h file may be of more practical interest. /// \since Crypto++ 2.1 template struct LUC_HMP : public DL_SS { }; /// \brief LUC encryption keys /// \since Crypto++ 2.1 struct DL_CryptoKeys_LUC { typedef DL_GroupParameters_LUC_DefaultSafePrime GroupParameters; typedef DL_PublicKey_GFP PublicKey; typedef DL_PrivateKey_GFP PrivateKey; }; /// \brief LUC Integrated Encryption Scheme /// \tparam COFACTOR_OPTION cofactor multiplication option /// \tparam HASH HashTransformation derived class used for key drivation and MAC computation /// \tparam DHAES_MODE flag indicating if the MAC includes additional context parameters such as u·V, v·U and label /// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits /// \sa CofactorMultiplicationOption /// \since Crypto++ 2.1, Crypto++ 5.7 for Bouncy Castle and Botan compatibility template struct LUC_IES : public DL_ES< DL_CryptoKeys_LUC, DL_KeyAgreementAlgorithm_DH, DL_KeyDerivationAlgorithm_P1363 >, DL_EncryptionAlgorithm_Xor, DHAES_MODE, LABEL_OCTETS>, LUC_IES<> > { CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "LUC-IES";} // non-standard name }; // ******************************************************** /// \brief LUC-DH typedef DH_Domain LUC_DH; NAMESPACE_END #if CRYPTOPP_MSC_VERSION # pragma warning(pop) #endif #endif