Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EccPoint_mult #9

Closed
zweib730 opened this issue Apr 27, 2014 · 5 comments
Closed

EccPoint_mult #9

zweib730 opened this issue Apr 27, 2014 · 5 comments

Comments

@zweib730
Copy link

When I add an ECC curve to micro-ecc, I found that EccPoint_mult got a wrong result.

curve params is:
p=fffffffe ffffffff ffffffff ffffffff ffffffff 00000000 ffffffff ffffffff
a=fffffffe ffffffff ffffffff ffffffff ffffffff 00000000 ffffffff fffffffc
b=28e9fa9e 9d9f5e34 4d5a9e4b cf6509a7 f39789f5 15ab8f92 ddbcbd41 4d940e93
n=fffffffe ffffffff ffffffff ffffffff 7203df6b 21c6052b 53bbf409 39d54123
gx=32c4ae2c 1f198119 5f990446 6a39c994 8fe30bbf f2660be1 715a4589 334c74c7
gy=bc3736a2 f4f6779c 59bdcee3 6b692153 d0a9877c c62a4740 02df32e5 2139f0a0

I have implemented “vli_mmod_fast” function myself, and i have tested it by OPENSSL, it's correct.

Could you please tell me what should I do next?
@kmackay
Copy link
Owner

kmackay commented Apr 27, 2014

Make sure that you specified all of the curve parameters correctly. Note that the words should be specified in the code in the opposite order since micro-ecc uses a little-endian convention.

@zweib730
Copy link
Author

yes, I have convert all params to little-endian convertion. for example

p=fffffffe ffffffff ffffffff ffffffff ffffffff 00000000 ffffffff ffffffff
-->#define Curve_P_6 {0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE}

Could you please give me your EMAIL? I send the source code that I modified to you?

@kmackay
Copy link
Owner

kmackay commented Apr 28, 2014

kmackay@gmail.com

@kmackay
Copy link
Owner

kmackay commented Apr 28, 2014

There was a bug in your omega_mult() function. Here is the corrected version:

static void omega_mult(uint32_t *p_result, uint32_t *p_right)
{
    /* Multiply by (2^224 + 2^96 - 2^64 + 1). */
    vli_set(p_result, p_right); /* 1 */
    p_result[3 + NUM_ECC_DIGITS] = vli_add(p_result + 3, p_result + 3, p_right); /* 2^96 + 1 */
    p_result[7 + NUM_ECC_DIGITS] = vli_add(p_result + 7, p_result + 7, p_right); /* 2^224 + 2^96 + 1 */
    if(vli_sub(p_result + 2, p_result + 2, p_right))
    { /* Propagate borrow if necessary. */
        uint i;
        for(i = 2 + NUM_ECC_DIGITS; ; ++i)
        {
            --p_result[i];
            if(p_result[i] != 0xffffffff)
            {
                break;
            }
        }
    }
}

I recommend that you try the "Generalized Mersenne Reduction" method in http://www.isys.uni-klu.ac.at/PDF/2001-0126-MT.pdf (algorithms 5 and 6, on page 356). This should result in code similar to the secpr256r1 version (should be significantly faster).

@zweib730
Copy link
Author

Yes, my signature passed. Thank you very much for your help, I will try that method later.

@kmackay kmackay closed this as completed Apr 29, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kmackay @zweib730