Example usage for org.bouncycastle.math.ec ECPoint negate

List of usage examples for org.bouncycastle.math.ec ECPoint negate

Introduction

In this page you can find the example usage for org.bouncycastle.math.ec ECPoint negate.

Prototype

public abstract ECPoint negate();

Source Link

Usage

From source file:edu.biu.scapi.primitives.dlog.bc.BcAdapterDlogEC.java

License:Open Source License

public GroupElement getInverse(GroupElement groupElement) throws IllegalArgumentException {

    //if the GroupElement doesn't match the DlogGroup, throws exception
    if (!(checkInstance(groupElement))) {
        throw new IllegalArgumentException("groupElement doesn't match the DlogGroup");
    }/*w w  w. j ava 2 s .co m*/

    //the inverse of infinity point is infinity
    if (((ECPointBc) groupElement).isInfinity()) {
        return groupElement;
    }

    //gets the ECPoint
    ECPoint point1 = ((ECPointBc) groupElement).getPoint();

    /* 
     * BC treats EC as additive group while we treat that as multiplicative group. 
     * Therefore, invert point is negate.
     */
    ECPoint result = point1.negate();

    //creates GroupElement from the result
    return createPoint(result);

}

From source file:org.cryptoworkshop.ximix.node.crypto.test.BasicShamirSharingTest.java

License:Apache License

private void doTest(ECDomainParameters domainParams, AsymmetricCipherKeyPair[] kps, int threshold,
        boolean shouldPass, int... missing) {
    int numberOfPeers = kps.length;

    // create the splitter for the peers/threshold over the order of the curve.
    ShamirSecretSplitter secretSplitter = new ShamirSecretSplitter(numberOfPeers, threshold,
            domainParams.getN(), new SecureRandom());

    // Having created a private key the server creates shares of that
    // private key. It would keep one share for itself and sends the others
    // shares to the other servers.
    BigInteger[][] privateKeyShares = new BigInteger[numberOfPeers][];
    BigInteger[] finalPrivateKeyShares = new BigInteger[numberOfPeers];
    for (int i = 0; i < numberOfPeers; i++) {
        privateKeyShares[i] = secretSplitter.split(((ECPrivateKeyParameters) kps[i].getPrivate()).getD())
                .getShares();/* w ww.  j a  v  a2s.  c  o  m*/
    }

    // Simulates distributing shares and combining them
    for (int i = 0; i < numberOfPeers; i++) {
        finalPrivateKeyShares[i] = privateKeyShares[0][i];
        for (int j = 1; j < numberOfPeers; j++) {
            finalPrivateKeyShares[i] = finalPrivateKeyShares[i].add(privateKeyShares[j][i]);
        }
    }

    ECPoint pubPoint = ((ECPublicKeyParameters) kps[0].getPublic()).getQ();

    for (int i = 1; i < numberOfPeers; i++) {
        pubPoint = pubPoint.add(((ECPublicKeyParameters) kps[i].getPublic()).getQ());
    }

    ECPublicKeyParameters jointPub = new ECPublicKeyParameters(pubPoint, domainParams);

    // Create a random plaintext
    ECPoint plaintext = generatePoint(domainParams, new SecureRandom());

    // Encrypt it using the joint public key
    ECEncryptor enc = new ECElGamalEncryptor();

    enc.init(new ParametersWithRandom(jointPub, new SecureRandom()));

    ECPair cipherText = enc.encrypt(plaintext);

    // do partial decrypts
    ECPoint[] partialDecs = new ECPoint[numberOfPeers];

    for (int i = 0; i < numberOfPeers; i++) {
        partialDecs[i] = cipherText.getX().multiply(finalPrivateKeyShares[i]);
    }

    // simulate missing peers
    for (int i = 0; i != missing.length; i++) {
        partialDecs[missing[i]] = null;
    }

    // decryption step
    LagrangeWeightCalculator lagrangeWeightCalculator = new LagrangeWeightCalculator(numberOfPeers,
            domainParams.getN());

    BigInteger[] weights = lagrangeWeightCalculator.computeWeights(partialDecs);

    // weighting
    ECPoint weightedDecryption = partialDecs[0].multiply(weights[0]);
    for (int i = 1; i < weights.length; i++) {
        if (partialDecs[i] != null) {
            weightedDecryption = weightedDecryption.add(partialDecs[i].multiply(weights[i]));
        }
    }

    // Do final decryption to recover plaintext ECPoint
    ECPoint decrypted = cipherText.getY().add(weightedDecryption.negate());

    Assert.assertEquals(shouldPass, plaintext.equals(decrypted));
}

From source file:org.cryptoworkshop.ximix.node.crypto.test.NewDKGTest.java

License:Apache License

private void doTest(ECDomainParameters domainParams, AsymmetricCipherKeyPair[] kps, int threshold,
        boolean shouldPass, int... missing) {
    int numberOfPeers = kps.length;

    // create the splitter for the peers/threshold over the order of the curve.
    ECPoint hVal = domainParams.getG().multiply(getRandomInteger(domainParams.getN(), new SecureRandom()));
    ECNewDKGSecretSplitter secretSplitter = new ECNewDKGSecretSplitter(numberOfPeers, threshold, hVal,
            domainParams, new SecureRandom());

    // Having created a private key the server creates shares of that
    // private key. It would keep one share for itself and sends the others
    // shares to the other servers.
    ECCommittedSplitSecret[] privateKeyShares = new ECCommittedSplitSecret[numberOfPeers];
    BigInteger[] finalPrivateKeyShares = new BigInteger[numberOfPeers];
    for (int i = 0; i < numberOfPeers; i++) {
        privateKeyShares[i] = secretSplitter.split(((ECPrivateKeyParameters) kps[i].getPrivate()).getD());
    }//  w  w w  .  ja va  2  s . c om

    // Simulates distributing shares and combining them
    for (int i = 0; i < numberOfPeers; i++) {
        finalPrivateKeyShares[i] = privateKeyShares[0].getShares()[i];
        for (int j = 1; j < numberOfPeers; j++) {
            finalPrivateKeyShares[i] = finalPrivateKeyShares[i].add(privateKeyShares[j].getShares()[i]);
        }
    }

    //
    // check the commitment values.
    //
    for (int i = 0; i != numberOfPeers; i++) {
        ECCommittedSecretShare[] shares = privateKeyShares[i].getCommittedShares();
        for (int j = 0; j != numberOfPeers; j++) {
            Assert.assertTrue(shares[j].isRevealed(j, domainParams, hVal));
        }
    }

    ECPoint pubPoint = ((ECPublicKeyParameters) kps[0].getPublic()).getQ();

    for (int i = 1; i < numberOfPeers; i++) {
        pubPoint = pubPoint.add(((ECPublicKeyParameters) kps[i].getPublic()).getQ());
    }

    ECPublicKeyParameters jointPub = new ECPublicKeyParameters(pubPoint, domainParams);

    //
    // check the public key commitment values.
    //
    for (int i = 0; i != numberOfPeers; i++) {
        BigInteger[] aCoefficients = privateKeyShares[i].getCoefficients();
        ECPoint[] qCommitments = new ECPoint[aCoefficients.length];

        for (int k = 0; k != qCommitments.length; k++) {
            qCommitments[k] = domainParams.getG().multiply(aCoefficients[k]);
        }

        for (int j = 0; j != numberOfPeers; j++) {
            ECPoint val = qCommitments[0];
            for (int k = 1; k != qCommitments.length; k++) {
                val = val.add(qCommitments[k].multiply(BigInteger.valueOf(j + 1).pow(k)));
            }

            Assert.assertEquals(domainParams.getG().multiply(privateKeyShares[i].getShares()[j]), val);
        }
    }

    // Create a random plaintext
    ECPoint plaintext = generatePoint(domainParams, new SecureRandom());

    // Encrypt it using the joint public key
    ECEncryptor enc = new ECElGamalEncryptor();

    enc.init(new ParametersWithRandom(jointPub, new SecureRandom()));

    ECPair cipherText = enc.encrypt(plaintext);

    // do partial decrypts
    ECPoint[] partialDecs = new ECPoint[numberOfPeers];

    for (int i = 0; i < numberOfPeers; i++) {
        partialDecs[i] = cipherText.getX().multiply(finalPrivateKeyShares[i]);
    }

    // simulate missing peers
    for (int i = 0; i != missing.length; i++) {
        partialDecs[missing[i]] = null;
    }

    // decryption step
    LagrangeWeightCalculator lagrangeWeightCalculator = new LagrangeWeightCalculator(numberOfPeers,
            domainParams.getN());

    BigInteger[] weights = lagrangeWeightCalculator.computeWeights(partialDecs);

    // weighting
    ECPoint weightedDecryption = partialDecs[0].multiply(weights[0]);
    for (int i = 1; i < weights.length; i++) {
        if (partialDecs[i] != null) {
            weightedDecryption = weightedDecryption.add(partialDecs[i].multiply(weights[i]));
        }
    }

    // Do final decryption to recover plaintext ECPoint
    ECPoint decrypted = cipherText.getY().add(weightedDecryption.negate());

    Assert.assertEquals(shouldPass, plaintext.equals(decrypted));
}

From source file:org.hyperledger.common.BouncyCastleCrypto.java

License:Apache License

@Override
public byte[] getPublicKeyAtOffset(byte[] publicKey, byte[] offset) {
    BigInteger offsetInt = new BigInteger(publicKey);
    boolean invert = false;

    if (offsetInt.compareTo(BigInteger.ZERO) < 0) {
        invert = true;//from w  w  w.  ja  va  2s  .c  o m
        offsetInt = offsetInt.abs();
    }

    ECPoint oG = curve.getG().multiply(offsetInt);

    if (invert) {
        oG = oG.negate();
    }

    return oG.add(curve.getCurve().decodePoint(publicKey)).getEncoded(true);
}

From source file:org.hyperledger.common.PublicKey.java

License:Apache License

public PublicKey offsetKey(BigInteger offset) throws HyperLedgerException {
    boolean invert = false;
    if (offset.compareTo(BigInteger.ZERO) < 0) {
        invert = true;//from  w  w  w  . j a v a2 s.  c o  m
        offset = offset.abs();
    }
    ECPoint oG = curve.getG().multiply(offset);
    if (invert) {
        oG = oG.negate();
    }
    ECPoint q = oG.add(curve.getCurve().decodePoint(pub));
    if (q.isInfinity()) {
        throw new HyperLedgerException("This is rather unlikely, but it did just happen");
    }
    return new PublicKey(q.getEncoded(compressed), compressed);
}

From source file:service.ACService.java

License:Open Source License

public AnonymousCertificate proveAttribute(int attrIndex) throws CardServiceException {
    BigInteger N = BigInteger.probablePrime(127, new SecureRandom());
    ECPoint nonce = c.getG().multiply(N);

    byte[][] data = new byte[2][];
    data[0] = new byte[1];
    data[0][0] = a[attrIndex].id;/*from  ww  w . jav  a  2  s. c o  m*/
    data[1] = toAPDU(nonce);
    CommandAPDU cmd = APDUprepare(GET_ATTRIBUTE, data, null);

    AnonymousCertificate result = new AnonymousCertificate();
    ResponseAPDU response = transmit(cmd);
    if (response.getSW() != 0x9000) {
        System.err.println("Request failed: " + response.getSW());
        return null;
    } else {
        byte[] resp = response.getData();
        int length, offset = 0;
        length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff));
        result.signedNonce = fromAPDU(resp, offset);
        offset += length + 2;
        System.out.println("signedNonce: " + Hex.toHexString(result.signedNonce.toByteArray()));

        length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff));
        result.blindedKey = fromAPDU(resp, offset);
        offset += length + 2;
        System.out.println("blindedKey:  " + Hex.toHexString(result.blindedKey.toByteArray()));

        length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff));
        result.blindedSignature = fromAPDU(resp, offset);
        offset += length + 2;
        System.out.println("blindedSig:  " + Hex.toHexString(result.blindedSignature.toByteArray()));

        length = ((resp[offset] << 8) | (resp[offset + 1] & 0xff));
        offset += 2;
        result.attributeValue = new byte[length];
        System.arraycopy(resp, offset, result.attributeValue, 0, length);
        System.out.println("attribVal:   " + Hex.toHexString(result.attributeValue));
    }

    System.out.println("signedNonce: " + result.signedNonce);
    System.out.println("blindedKey:  " + result.blindedKey);
    System.out.println("blindedSig:  " + result.blindedSignature);
    System.out.println("attribVal:   " + new String(result.attributeValue));

    // *** NONCE SIGNATURE VERIFICATION ***
    long start = System.nanoTime();
    ECPoint sn = reconstructPoint(c, result.signedNonce, false);
    ECPoint bk = reconstructPoint(c, result.blindedKey, false);

    ECPoint bkn = bk.multiply(N);
    if (!bkn.equals(sn)) {
        if (!bkn.negate().equals(sn)) {
            System.out.println("Nonce verification failed");
            return null;
        } else {
        }
    } else {
    }
    System.out.println("Nonce verification succeeded");

    // *** PAIRING SIGNATURE VERIFICATION ***
    ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]);

    ECPoint bs = reconstructPoint(c, result.blindedSignature, false);
    ECFieldElement e2 = c.R_atePairing(bs, Q);

    ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1)));

    if (!e1.equals(e2)) {
        if (!ONE.equals(e1.multiply(e2))) {
            System.out.println("Signature verification failed");
            return null;
        } else {
        }
    }
    System.out.println("Signature verification succeeded");

    long end = System.nanoTime();
    System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0);
    return result;
}

From source file:terminal.GateClient.java

License:Open Source License

public BigInteger[] proveAttribute(int attrIndex) {
    log.append("---> Get Attributes");
    BigInteger N = BigInteger.probablePrime(127, random);
    ECPoint nonce = c.getG().multiply(N);
    BigInteger[] attr = card.getAttribute(a[attrIndex].id, nonce);
    if (attr == null) {
        return null;
    }// ww w .j  a  v a  2  s  .co  m
    for (BigInteger ti : attr) {
        System.out.println("attr: " + ti);
    }

    // *** NONCE SIGNATURE VERIFICATION ***
    long start = System.nanoTime();
    ECPoint sn = reconstructPoint(c, attr[CardInterface.SIGNED_NONCE], false);
    ECPoint bk = reconstructPoint(c, attr[CardInterface.BLINDED_KEY], false);

    ECPoint bkn = bk.multiply(N);
    if (!bkn.equals(sn)) {
        log.append("Nonce signature verification failed (n.bk != sn)");
        if (!bkn.negate().equals(sn)) {
            log.append("Nonce signature verification failed (-n.bk != sn)");
            return null;
        } else {
            log.append("Nonce signature verification succeeded (-n.bk == sn)");
        }
    } else {
        log.append("Nonce signature verification succeeded (n.bk == sn)");
    }

    // *** PAIRING SIGNATURE VERIFICATION ***
    ECFieldElement e1 = c.R_atePairing(bk, saQ[attrIndex]);

    ECPoint bs = reconstructPoint(c, attr[CardInterface.BLINDED_SIGNATURE], false);
    ECFieldElement e2 = c.R_atePairing(bs, Q);

    ONE = new ECFieldElementFp12(new ECFieldElement.Fp(c.getQ(), BigInteger.valueOf(1)));

    if (!e1.equals(e2)) {
        log.append("Pairing signature verification failed (e1 != e2)");
        if (!ONE.equals(e1.multiply(e2))) {
            log.append("Pairing signature verification failed (!equals ONE)");
            return null;
        } else {
            log.append("Pairing signature verification succeeded (equals ONE)");
        }
    } else {
        log.append("Pairing signature verification succeeded (e1 == e2)");
    }

    long end = System.nanoTime();
    log.append("*** VERIFICATION ***");
    System.out.format(" d = %.2f ms\n", (end - start) / 1000000.0);
    return attr;
}