-
-
[原创]我竟然会用readyu大侠的ECCTooL了
-
发表于: 2012-8-19 19:57
-
我竟然会用readyu大侠的ECCTooL了
看了一下readyu大侠的“椭圆曲线加密分析:FLEXLM ECC问答”这个酷帖,坦白的说,这不是科普文章。因我菜鸟我实在看不下去了,作者吐血给了工具,但偶竟然笨得不会用!(童鞋们会用的请举一下手啊,哇,这么多啊!买块豆腐撞死算了!)。没有说明书就不会用?这是理由吗?研究了约一个小时,终于有所心得。废话少说,开讲。
只解释下面这段,原文如下:
(1) 签名
r = k * G mod n ... (1) // 这里r应该是计算结果的横坐标吧?偶不懂
s = (h + rd)/k mod n ... (2)
(2) 验证(v == r) // 这里应该是验证 V=k * G mod n吧?
u = h/s
w = r/s
V = u * G + w * R mod n
例子, NIST-P192 签名。
y^2 = x^3 - 3x + 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1 mod FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF
n=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
取G(x,y):
Gx=188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012
Gy=07192B95FFC8DA78631011ED6B24CDD573F977A11E794811
取 d =16fdbb3f3e4d7d253c421ae5a09f1ce500d973c04ae91564
R(x,y) = d * G(x,y)=
Rx=2B443533CFBECB00ABE1F9D0F3A8FFD871EFDDAB4FF93B0C
Ry=6EFF3D69042B58F7C726BDB6B495AE75BD09D762259013DB
签名 "123",即求sha1('123'),得到:
h = 40bd001563085fc35165329ea1ff5c5ecbdbbeef
取 k =CADDC27FEFC3040C1CCA194542218E002F58D504A639B668
Sign(用ECCTool计算):
sig.r=5C09A23549325C866F0C1D8D6AB81255977C90A9FD6D66C4
sig.s=C0DFFC8E4BA4A91EBFFBCE7FE07E202AAF567DC10D69D5E8
Verify (用ECCTool 和 BigIntCal计算):
u = h/s mod n = BBBBED787373E2407BA720D7851CE0895222B5B5DF81BECB
w = r/s mod n = 2BBC84EA2E318FC5666B50CEE41845F3EB1DF40C838FA86C
V(x,y) = u *G + w *R mod n =
V.x = 5C09A23549325C866F0C1D8D6AB81255977C90A9FD6D66C4
V.y = 70360EEEC1C42D5AC10226B8BE0EA507E3FF54290737B02C
下面使用作者的ecctool_v1.05,BigIntCalc_v1.14工具,给出原文数据来源。
已知条件:
A=-3
B=64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1
P=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF
n=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
Rx=2B443533CFBECB00ABE1F9D0F3A8FFD871EFDDAB4FF93B0C
Ry=6EFF3D69042B58F7C726BDB6B495AE75BD09D762259013DB
Gx=188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012
Gy=07192B95FFC8DA78631011ED6B24CDD573F977A11E794811
h=40bd001563085fc35165329ea1ff5c5ecbdbbeef
r=5C09A23549325C866F0C1D8D6AB81255977C90A9FD6D66C4
d=16fdbb3f3e4d7d253c421ae5a09f1ce500d973c04ae91564
k=CADDC27FEFC3040C1CCA194542218E002F58D504A639B668
n=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
(1) 签名
k * G mod n 的横坐标 r=5C09A23549325C866F0C1D8D6AB81255977C90A9FD6D66C4
s= (h + rd)* k^-1 mod n
h+rd=8440CC7A935B37A946574E1F0049F38B08062C127AA7F1E298C7EA7077ACDA445A513B5B8D54F1227DA37D6F469F77F
h+rd mod n=4A36F71E1BE5CCC086A5483BAFF2F81F1B8729087731A60D
k^-1 mod n= 3A5DF42EDE377F21CA637377C20FE43EDAFF70F0332641E1
s= (4A36F71E1BE5CCC086A5483BAFF2F81F1B8729087731A60D * 3A5DF42EDE377F21CA637377C20FE43EDAFF70F0332641E1) mod n
=10EBB0BE92170DD54EE7EBB5C4E4C549C785BC29C1303EC0EEC0E31E0EDE9703DC1604680CEBF5A83A5B28579ABA3E6D mod n
=C0DFFC8E4BA4A91EBFFBCE7FE07E202AAF567DC10D69D5E8
(2) 验证 V=k * G mod n
u = h/s mod n = BBBBED787373E2407BA720D7851CE0895222B5B5DF81BECB
w = r/s mod n = 2BBC84EA2E318FC5666B50CEE41845F3EB1DF40C838FA86C
V(x,y) = u *G + w *R mod n =
V.x = 5C09A23549325C866F0C1D8D6AB81255977C90A9FD6D66C4
V.y = 70360EEEC1C42D5AC10226B8BE0EA507E3FF54290737B02C
与计算k * G mod n返回的结果比较,V.x和V.y显然与之相等,验证完毕。
天易love
2012-08-19
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
看不懂 只能膜拜了
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
天易love,和readyu都是我的偶像
|
|
|
易婶,别太挑剔了,马上要过节了,拥抱这事吧缘分到了男女都一样的
 况且在我心中只有纯粹的对易婶的仰慕之情呢.. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
多谢天易love指点!
一个目标的授权许可是ECC加密的,糊里糊涂地搞定了。再看看还是一头雾水 。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
