【加解密与C】非对称加解密(三)ECC椭圆曲线

ECC椭圆曲线的基本概念

椭圆曲线密码学(Elliptic Curve Cryptography,ECC)是一种基于椭圆曲线数学的公钥密码体制。与传统的RSA相比,ECC在相同安全级别下使用更短的密钥,计算效率更高,适用于资源受限的环境。

椭圆曲线的数学定义通常表示为: [ y^2 = x^3 + ax + b ] 其中 (a) 和 (b) 是满足 (4a^3 + 27b^2 \neq 0) 的常数,以避免曲线出现奇异点。

ECC的核心运算

椭圆曲线的核心运算包括点加法(Point Addition)和标量乘法(Scalar Multiplication)。点加法用于定义曲线上两个点的加法运算,标量乘法则是通过重复点加法实现。

点加法的几何意义:

  • 若 (P) 和 (Q) 是曲线上两个不同的点,连接 (P) 和 (Q) 的直线与曲线交于第三点 (R),则 (P + Q = -R)(对称点)。
  • 若 (P = Q),则通过 (P) 的切线与曲线交于 (R),此时 (2P = -R)。

标量乘法用于密钥生成和加密/解密过程: [ k \cdot P = \underbrace{P + P + \cdots + P}_{k \text{次}} ]

ECC的安全性

ECC的安全性基于椭圆曲线离散对数问题(ECDLP):给定曲线上的点 (P) 和 (Q = k \cdot P),求解 (k) 是计算困难的。目前没有已知的多项式时间算法可以解决ECDLP。

与RSA相比,ECC的优势在于:

  • 更短的密钥长度(例如256位ECC密钥相当于3072位RSA密钥的安全性)。
  • 更快的计算速度和更低的资源消耗。

ECC的应用场景

ECC广泛应用于以下领域:

  • 数字签名(如ECDSA)。
  • 密钥交换(如ECDH)。
  • 物联网(IoT)设备的安全通信。
  • 区块链技术(如比特币和以太坊使用ECC生成地址)。

ECC的注意事项

使用ECC时需注意以下问题:

  • 选择标准化的椭圆曲线(如NIST推荐的曲线或SECP256k1)。
  • 避免使用自定义曲线,可能存在安全隐患。
  • 确保随机数生成器的质量,避免密钥泄露。

ECC因其高效性和安全性,已成为现代密码学的重要组成部分。

ECC.h

#ifndef _ECC_H_
#define _ECC_H_
#include <stdint.h>// 定义256位大整数结构
typedef struct {uint32_t d[8]; // 小端序存储: d[0]是最低32位
} uint256_t;// 椭圆曲线点结构
typedef struct {uint256_t x;uint256_t y;int infinity; // 是否为无穷远点
} Point;// 密钥生成
void ecc_keygen(uint256_t* private_key, Point* public_key);// ECDSA签名
void ecdsa_sign(const uint256_t* private_key, const uint256_t* hash, uint256_t* r, uint256_t* s);// ECDSA验签
int ecdsa_verify(const Point* public_key, const uint256_t* hash, const uint256_t* r, const uint256_t* s);// ECC加密
void ecc_encrypt(const Point* public_key, const uint8_t* plain, size_t len, Point* c1, uint8_t* c2);// ECC解密
void ecc_decrypt(const uint256_t* private_key, const Point* c1, const uint8_t* c2, size_t len, uint8_t* plain);
#endif

ECC.cpp

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "ECC.h"// secp256k1曲线参数
static const uint256_t P = {{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2F}};
static const uint256_t A = {{0}};
static const uint256_t B = {{7, 0, 0, 0, 0, 0, 0, 0}};
static const Point G = {{{0x79BE667E, 0xF9DCBBAC, 0x55A06295, 0xCE870B07, 0x029BFCDB, 0x2DCE28D9, 0x59F2815B, 0x16F81798}},{{0x483ADA77, 0x26A3C465, 0x5DA4FBFC, 0x0E1108A8, 0xFD17B448, 0xA6855419, 0x9C47D08F, 0xFB10D4B8}},0
};
static const uint256_t N = {{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364141}};// 比较两个大整数是否相等
static int uint256_equal(const uint256_t* a, const uint256_t* b) {for (int i = 0; i < 8; i++) {if (a->d[i] != b->d[i]) return 0;}return 1;
}// 判断大整数是否为0
static int uint256_is_zero(const uint256_t* a) {for (int i = 0; i < 8; i++) {if (a->d[i] != 0) return 0;}return 1;
}// 大整数复制
static void uint256_copy(uint256_t* dest, const uint256_t* src) {memcpy(dest, src, sizeof(uint256_t));
}// 模加: result = (a + b) mod P
static void uint256_add(const uint256_t* a, const uint256_t* b, uint256_t* result) {uint64_t carry = 0;for (int i = 0; i < 8; i++) {uint64_t sum = (uint64_t)a->d[i] + b->d[i] + carry;result->d[i] = (uint32_t)sum;carry = sum >> 32;}// 如果结果大于P,则减去Pif (carry || !uint256_equal(result, &P) && (result->d[7] > P.d[7] || (result->d[7] == P.d[7] && result->d[6] > P.d[6]) || (result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] > P.d[5]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] > P.d[4]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] > P.d[3]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] > P.d[2]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] == P.d[2] && result->d[1] > P.d[1]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] == P.d[2] && result->d[1] == P.d[1] && result->d[0] >= P.d[0]))) {uint256_t temp = *result;uint64_t borrow = 0;for (int i = 0; i < 8; i++) {uint64_t diff = (uint64_t)temp.d[i] - P.d[i] - borrow;result->d[i] = (uint32_t)diff;borrow = (diff >> 32) ? 1 : 0;}}
}// 模减: result = (a - b) mod P
static void uint256_sub(const uint256_t* a, const uint256_t* b, uint256_t* result) {uint64_t borrow = 0;for (int i = 0; i < 8; i++) {uint64_t diff = (uint64_t)a->d[i] - b->d[i] - borrow;result->d[i] = (uint32_t)diff;borrow = (diff >> 63) ? 1 : 0;}// 如果结果为负,则加上Pif (borrow) {uint256_t temp = *result;uint64_t carry = 0;for (int i = 0; i < 8; i++) {uint64_t sum = (uint64_t)temp.d[i] + P.d[i] + carry;result->d[i] = (uint32_t)sum;carry = sum >> 32;}}
}// 模乘: result = (a * b) mod P
static void uint256_mul(const uint256_t* a, const uint256_t* b, uint256_t* result) {uint64_t product[16] = {0};// 计算乘积for (int i = 0; i < 8; i++) {uint64_t carry = 0;for (int j = 0; j < 8; j++) {uint64_t temp = product[i+j] + (uint64_t)a->d[i] * b->d[j] + carry;product[i+j] = temp & 0xFFFFFFFF;carry = temp >> 32;}product[i+8] = carry;}// 模P约简 (使用secp256k1的特殊形式)for (int i = 15; i >= 8; i--) {uint64_t carry = 0;for (int j = 0; j < 8; j++) {uint64_t temp = (uint64_t)product[i-8+j] + (product[i] * P.d[j]) + carry;product[i-8+j] = temp & 0xFFFFFFFF;carry = temp >> 32;}if (i < 15) {product[i] = carry;}}// 复制结果for (int i = 0; i < 8; i++) {result->d[i] = (uint32_t)product[i];}// 最终模约简if (uint256_equal(result, &P) || !uint256_equal(result, &P) && (result->d[7] > P.d[7] || (result->d[7] == P.d[7] && result->d[6] > P.d[6]) || (result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] > P.d[5]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] > P.d[4]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] > P.d[3]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] > P.d[2]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] == P.d[2] && result->d[1] > P.d[1]) ||(result->d[7] == P.d[7] && result->d[6] == P.d[6] && result->d[5] == P.d[5] && result->d[4] == P.d[4] && result->d[3] == P.d[3] && result->d[2] == P.d[2] && result->d[1] == P.d[1] && result->d[0] >= P.d[0]))) {uint256_t temp = *result;uint64_t borrow = 0;for (int i = 0; i < 8; i++) {uint64_t diff = (uint64_t)temp.d[i] - P.d[i] - borrow;result->d[i] = (uint32_t)diff;borrow = (diff >> 63) ? 1 : 0;}}
}// 模逆元: result = a^{-1} mod P (使用扩展欧几里得算法)
static void uint256_inv(const uint256_t* a, uint256_t* result) {uint256_t u = *a;uint256_t v = P;uint256_t x1 = {{1,0,0,0,0,0,0,0}};uint256_t x2 = {{0,0,0,0,0,0,0,0}};uint256_t one = { {1,0,0,0,0,0,0,0} };while (!uint256_equal(&u, &one) && !uint256_equal(&v, &one)) {while ((u.d[0] & 1) == 0) { // u为偶数// u = u / 2for (int i = 7; i >= 0; i--) {if (i > 0 && (u.d[i] & 1)) {u.d[i-1] |= 0x80000000;}u.d[i] >>= 1;}// x1 = x1 / 2if (x1.d[0] & 1) {uint256_add(&x1, &P, &x1);}for (int i = 7; i >= 0; i--) {if (i > 0 && (x1.d[i] & 1)) {x1.d[i-1] |= 0x80000000;}x1.d[i] >>= 1;}}while ((v.d[0] & 1) == 0) { // v为偶数// v = v / 2for (int i = 7; i >= 0; i--) {if (i > 0 && (v.d[i] & 1)) {v.d[i-1] |= 0x80000000;}v.d[i] >>= 1;}// x2 = x2 / 2if (x2.d[0] & 1) {uint256_add(&x2, &P, &x2);}for (int i = 7; i >= 0; i--) {if (i > 0 && (x2.d[i] & 1)) {x2.d[i-1] |= 0x80000000;}x2.d[i] >>= 1;}}if (u.d[7] < v.d[7] || (u.d[7] == v.d[7] && u.d[6] < v.d[6]) || (u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] < v.d[5]) ||(u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] == v.d[5] && u.d[4] < v.d[4]) ||(u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] == v.d[5] && u.d[4] == v.d[4] && u.d[3] < v.d[3]) ||(u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] == v.d[5] && u.d[4] == v.d[4] && u.d[3] == v.d[3] && u.d[2] < v.d[2]) ||(u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] == v.d[5] && u.d[4] == v.d[4] && u.d[3] == v.d[3] && u.d[2] == v.d[2] && u.d[1] < v.d[1]) ||(u.d[7] == v.d[7] && u.d[6] == v.d[6] && u.d[5] == v.d[5] && u.d[4] == v.d[4] && u.d[3] == v.d[3] && u.d[2] == v.d[2] && u.d[1] == v.d[1] && u.d[0] < v.d[0])) {uint256_sub(&v, &u, &v);uint256_sub(&x2, &x1, &x2);} else {uint256_sub(&u, &v, &u);uint256_sub(&x1, &x2, &x1);}}if (uint256_equal(&u, &one)) {uint256_copy(result, &x1);} else {uint256_copy(result, &x2);}if (result->d[7] & 0x80000000) {uint256_add(result, &P, result);}
}// 椭圆曲线点运算
static int point_is_zero(const Point* p) {return p->infinity;
}static void point_set_zero(Point* p) {p->infinity = 1;
}// 点加倍: result = 2 * P
static void point_double(const Point* p, Point* result) {if (point_is_zero(p)) {point_set_zero(result);return;}// λ = (3x² + a) / (2y)uint256_t lambda, numerator, denominator, temp;// 计算分子: 3x² + auint256_mul(&p->x, &p->x, &temp);uint256_t three = {{3,0,0,0,0,0,0,0}};uint256_mul(&temp, &three, &numerator);uint256_add(&numerator, &A, &numerator);// 计算分母: 2yuint256_t two = {{2,0,0,0,0,0,0,0}};uint256_mul(&p->y, &two, &denominator);// 计算λ = 分子 / 分母uint256_inv(&denominator, &temp);uint256_mul(&numerator, &temp, &lambda);// 计算新点坐标// xr = λ² - 2xuint256_mul(&lambda, &lambda, &temp);uint256_mul(&p->x, &two, &denominator);uint256_sub(&temp, &denominator, &result->x);// yr = λ(x - xr) - yuint256_sub(&p->x, &result->x, &temp);uint256_mul(&lambda, &temp, &temp);uint256_sub(&temp, &p->y, &result->y);result->infinity = 0;
}// 点加法: result = P + Q
static void point_add(const Point* p, const Point* q, Point* result) {if (point_is_zero(p)) {*result = *q;return;}if (point_is_zero(q)) {*result = *p;return;}// 处理相同点的情况if (uint256_equal(&p->x, &q->x)) {if (uint256_equal(&p->y, &q->y)) {point_double(p, result);return;} else {point_set_zero(result);return;}}// λ = (yq - yp) / (xq - xp)uint256_t lambda, numerator, denominator, temp;uint256_sub(&q->y, &p->y, &numerator);uint256_sub(&q->x, &p->x, &denominator);uint256_inv(&denominator, &temp);uint256_mul(&numerator, &temp, &lambda);// xr = λ² - xp - xquint256_mul(&lambda, &lambda, &temp);uint256_sub(&temp, &p->x, &temp);uint256_sub(&temp, &q->x, &result->x);// yr = λ(xp - xr) - ypuint256_sub(&p->x, &result->x, &temp);uint256_mul(&lambda, &temp, &temp);uint256_sub(&temp, &p->y, &result->y);result->infinity = 0;
}// 标量乘法: result = k * P
static void point_mul(const uint256_t* k, const Point* p, Point* result) {Point r;point_set_zero(&r);Point temp_point = *p;for (int i = 0; i < 256; i++) {int word_index = i / 32;int bit_index = i % 32;if ((k->d[word_index] >> bit_index) & 1) {if (point_is_zero(&r)) {r = temp_point;} else {point_add(&r, &temp_point, &r);}}Point new_point;point_double(&temp_point, &new_point);temp_point = new_point;}*result = r;
}// 密钥生成
void ecc_keygen(uint256_t* private_key, Point* public_key) {// 生成随机私钥 (1 < d < N-1)do {for (int i = 0; i < 8; i++) {private_key->d[i] = rand() ^ (rand() << 16);}} while (uint256_equal(private_key, &N) || uint256_is_zero(private_key) || private_key->d[7] >= N.d[7] || (private_key->d[7] == N.d[7] && private_key->d[6] >= N.d[6]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] >= N.d[5]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] == N.d[5] && private_key->d[4] >= N.d[4]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] == N.d[5] && private_key->d[4] == N.d[4] && private_key->d[3] >= N.d[3]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] == N.d[5] && private_key->d[4] == N.d[4] && private_key->d[3] == N.d[3] && private_key->d[2] >= N.d[2]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] == N.d[5] && private_key->d[4] == N.d[4] && private_key->d[3] == N.d[3] && private_key->d[2] == N.d[2] && private_key->d[1] >= N.d[1]) ||(private_key->d[7] == N.d[7] && private_key->d[6] == N.d[6] && private_key->d[5] == N.d[5] && private_key->d[4] == N.d[4] && private_key->d[3] == N.d[3] && private_key->d[2] == N.d[2] && private_key->d[1] == N.d[1] && private_key->d[0] >= N.d[0]));// 公钥 = 私钥 * Gpoint_mul(private_key, &G, public_key);
}// ECDSA签名
void ecdsa_sign(const uint256_t* private_key, const uint256_t* hash, uint256_t* r, uint256_t* s) {uint256_t k = { 0 };Point kG;do {// 生成随机kfor (int i = 0; i < 8; i++) {k.d[i] = rand() ^ (rand() << 16);}// 计算 r = (kG).x mod Npoint_mul(&k, &G, &kG);uint256_copy(r, &kG.x);while (!uint256_equal(r, &N) && (r->d[7] > N.d[7] || (r->d[7] == N.d[7] && r->d[6] > N.d[6]) || (r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] > N.d[5]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] > N.d[4]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] > N.d[3]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] > N.d[2]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] == N.d[2] && r->d[1] > N.d[1]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] == N.d[2] && r->d[1] == N.d[1] && r->d[0] >= N.d[0]))) {uint256_sub(r, &N, r);}} while (uint256_is_zero(r));// 计算 s = (hash + r*d) * k^{-1} mod Nuint256_t tmp1, kinv;uint256_mul(r, private_key, &tmp1);   // r * duint256_add(&tmp1, hash, &tmp1);       // hash + r*duint256_inv(&k, &kinv);               // k^{-1}uint256_mul(&tmp1, &kinv, s);          // s = (hash + r*d) * k^{-1}while (!uint256_equal(s, &N) && (s->d[7] > N.d[7] || (s->d[7] == N.d[7] && s->d[6] > N.d[6]) || (s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] > N.d[5]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] > N.d[4]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] > N.d[3]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] > N.d[2]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] == N.d[2] && s->d[1] > N.d[1]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] == N.d[2] && s->d[1] == N.d[1] && s->d[0] >= N.d[0]))) {uint256_sub(s, &N, s);}
}// ECDSA验签
int ecdsa_verify(const Point* public_key, const uint256_t* hash, const uint256_t* r, const uint256_t* s) {if (uint256_is_zero(r) || uint256_is_zero(s) || !uint256_equal(r, &N) && (r->d[7] > N.d[7] || (r->d[7] == N.d[7] && r->d[6] > N.d[6]) || (r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] > N.d[5]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] > N.d[4]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] > N.d[3]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] > N.d[2]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] == N.d[2] && r->d[1] > N.d[1]) ||(r->d[7] == N.d[7] && r->d[6] == N.d[6] && r->d[5] == N.d[5] && r->d[4] == N.d[4] && r->d[3] == N.d[3] && r->d[2] == N.d[2] && r->d[1] == N.d[1] && r->d[0] >= N.d[0])) ||!uint256_equal(s, &N) && (s->d[7] > N.d[7] || (s->d[7] == N.d[7] && s->d[6] > N.d[6]) || (s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] > N.d[5]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] > N.d[4]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] > N.d[3]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] > N.d[2]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] == N.d[2] && s->d[1] > N.d[1]) ||(s->d[7] == N.d[7] && s->d[6] == N.d[6] && s->d[5] == N.d[5] && s->d[4] == N.d[4] && s->d[3] == N.d[3] && s->d[2] == N.d[2] && s->d[1] == N.d[1] && s->d[0] >= N.d[0]))) {return 0;}uint256_t w;uint256_inv(s, &w);  // w = s^{-1} mod Nuint256_t u1, u2;uint256_mul(hash, &w, &u1);  // u1 = hash * w mod Nuint256_mul(r, &w, &u2);     // u2 = r * w mod NPoint p1, p2;point_mul(&u1, &G, &p1);     // u1 * Gpoint_mul(&u2, public_key, &p2); // u2 * QPoint res;point_add(&p1, &p2, &res);   // 计算点 (x, y)if (point_is_zero(&res)) {return 0;}// 验证 r == x mod Nuint256_t x = res.x;while (!uint256_equal(&x, &N) && (x.d[7] > N.d[7] || (x.d[7] == N.d[7] && x.d[6] > N.d[6]) || (x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] > N.d[5]) ||(x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] == N.d[5] && x.d[4] > N.d[4]) ||(x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] == N.d[5] && x.d[4] == N.d[4] && x.d[3] > N.d[3]) ||(x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] == N.d[5] && x.d[4] == N.d[4] && x.d[3] == N.d[3] && x.d[2] > N.d[2]) ||(x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] == N.d[5] && x.d[4] == N.d[4] && x.d[3] == N.d[3] && x.d[2] == N.d[2] && x.d[1] > N.d[1]) ||(x.d[7] == N.d[7] && x.d[6] == N.d[6] && x.d[5] == N.d[5] && x.d[4] == N.d[4] && x.d[3] == N.d[3] && x.d[2] == N.d[2] && x.d[1] == N.d[1] && x.d[0] >= N.d[0]))) {uint256_sub(&x, &N, &x);}return uint256_equal(&x, r);
}// ECC加密
void ecc_encrypt(const Point* public_key, const uint8_t* plain, size_t len, Point* c1, uint8_t* c2) {uint256_t k = { 0 };Point kQ;// 生成临时密钥kdo {for (int i = 0; i < 8; i++) {k.d[i] = rand() ^ (rand() << 16);}} while (uint256_is_zero(&k));// c1 = k * Gpoint_mul(&k, &G, c1);// 共享密钥 S = k * Qpoint_mul(&k, public_key, &kQ);// 使用S.x的低32位作为XOR密钥uint32_t key = kQ.x.d[0];for (size_t i = 0; i < len; i++) {c2[i] = plain[i] ^ (key & 0xFF);key = (key >> 8) | (key << 24); // 循环移位}
}// ECC解密
void ecc_decrypt(const uint256_t* private_key, const Point* c1, const uint8_t* c2, size_t len, uint8_t* plain) {// 计算共享密钥 S = d * c1Point S;point_mul(private_key, c1, &S);// 使用S.x的低32位作为XOR密钥uint32_t key = S.x.d[0];for (size_t i = 0; i < len; i++) {plain[i] = c2[i] ^ (key & 0xFF);key = (key >> 8) | (key << 24); // 循环移位}
}

※说明:代码仅从原理上实现了ecc的加解密、签名、验签,并未充分验证其正确性和完整性,且性能较差,仅供自学习时参考。若应用于生产环境,请使用openssl等三方库。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.pswp.cn/web/88185.shtml
繁体地址,请注明出处:http://hk.pswp.cn/web/88185.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

力扣网编程150题:加油站(贪心解法)

一. 简介 前面一篇文章使用暴力解法来解决力扣网150 题目&#xff1a;加油站。文章如下&#xff1a; 力扣网编程150题&#xff1a;加油站&#xff08;暴力解法&#xff09;-CSDN博客 暴力解法就是遍历了所有元素作为起始点的可能&#xff0c;算法时间复杂度为 O(n*n)&#x…

windwos 设置redis长久密码不生效

1、设置长久密码redis.windows.conf 文件修改对应的设置密码2、启动时设置对应的加载配置文件

物联网(IoT)领域存在多种协议

物联网&#xff08;IoT&#xff09;领域存在多种协议&#xff0c;主要是因为不同的应用场景对通信的需求差异很大&#xff0c;包括实时性、带宽、功耗、设备兼容性、安全性等。以下从协议多样性的原因和你提到的具体协议&#xff08;如 dc3-driver-* 模块&#xff09;展开说明&…

二、encoders

文章目录一、batch_encoder (用于 BFV)1. 概述2. 数学原理3. 使用方法4. 代码示例二、ckks_encoder (用于 CKKS)在 1. bfv_basics.cpp 中&#xff0c;我们展示了如何使用BFV方案执行非常简单的计算。计算是在 plain_modulus 参数的模下执行的&#xff0c;并且 只使用了 BFV 明文…

数据一致性解决方案总结

数据一致性解决方案总结 我们在系统中&#xff0c;主要进行了数据冗余&#xff0c;那么就会带来数据一致性的问题。常见的数据一致性问题有&#xff1a;数据库主从同步延迟导致的读数据不一致&#xff1b;数据库主主之间数据的不一致&#xff1b;缓存和数据库之间的数据不一致。…

17.Spring Boot的Bean详解(新手版)

文章目录1. 什么是Bean&#xff1f;从零开始理解1.1 Bean的定义1.2 为什么需要Bean&#xff1f;1.3 Bean vs 普通对象的区别2. Spring容器&#xff1a;Bean的家2.1 什么是Spring容器&#xff1f;2.2 容器的工作流程3. Bean的声明方式详解3.1 使用Component及其专门化注解3.1.1 …

cherryStudio electron因为环境问题无法安装解决方法或打包失败解决方法

$env:ELECTRON_MIRROR"https://npmmirror.com/mirrors/electron/"; $env:ELECTRON_CUSTOM_DIR"{{ version }}"; yarn install1. 上面是关于electron安装失败的解决方法. 也可以通过到git上下面包,解压后,放到对应的目录下面,并把里面的build文件夹删除, b…

微服务架构中数据一致性保证机制深度解析

在微服务架构中&#xff0c;数据一致性是分布式系统设计的核心挑战。由于服务拆分后数据自治&#xff08;每个服务独立数据库&#xff09;&#xff0c;跨服务操作的一致性保障需突破传统单体事务的局限。本文从一致性模型、核心解决方案、技术实现及面试高频问题四个维度&#…

【Gin】HTTP 请求调试器

文章目录 项目概述代码功能详解1. 导入必要的包2. 主函数和路由设置3. 请求信息捕获4. 请求参数和头信息5. 请求体处理5.1 JSON 数据处理5.2 表单数据处理5.3 Multipart 表单数据处理5.4 其他类型数据处理6. 构造响应对象7. 返回 JSON 响应功能特点使用场景完整代码项目概述 这…

物联网(IoT)领域的协议

物联网&#xff08;IoT&#xff09;领域的通信协议种类繁多&#xff0c;不同协议适用于不同的应用场景&#xff08;如低功耗设备、工业自动化、家庭智能设备等&#xff09;。以下是主要物联网协议的分类及详细解释&#xff1a;一、物联网协议分类物联网协议通常分为两大类&…

专题一_双指针_四数之和

一&#xff1a;题目解析 题目链接&#xff1a;18. 四数之和 - 力扣&#xff08;LeetCode&#xff09; 注&#xff1a;本题是在上题的基础上讲解的&#xff1a;专题一_双指针_三数之和-CSDN博客 解析&#xff1a;和三数之区别在于找四元组和为targe的数字 而不是0 二&#xff1a…

Spring Boot多数据源配置详解

Spring Boot多数据源配置详解 在实际企业开发中&#xff0c;随着业务复杂度提升&#xff0c;单一数据源已无法满足所有场景需求。比如&#xff1a;读写分离、分库分表、数据迁移、微服务整合等&#xff0c;这时就需要用到多数据源配置。本文将从原理、配置、常见问题和最佳实践…

项目进度严重依赖关键人,如何分散风险

项目进度严重依赖关键人的风险&#xff0c;可以通过建立知识共享机制、强化团队协作模式、实施交叉培训和培养后备人才、优化流程标准化等措施有效分散。其中&#xff0c;实施交叉培训和培养后备人才尤为重要&#xff0c;通过培养多个成员具备相似的关键技能&#xff0c;能够迅…

【RK3568+PG2L50H开发板实验例程】FPGA部分 | 以太网传输实验例程

本原创文章由深圳市小眼睛科技有限公司创作&#xff0c;版权归本公司所有&#xff0c;如需转载&#xff0c;需授权并注明出处&#xff08;www.meyesemi.com)1.实验简介实验目的&#xff1a;完成 DDR3 的读写测试。实验环境&#xff1a;Window11 PDS2022.2-SP6.4芯片型号&#x…

《每日AI-人工智能-编程日报》--2025年7月9日

介绍:AI 方面1. Manus 通用智能体初成型&#xff0c;开启 AIAgent 新时代​中泰证券发布研报称&#xff0c;首款通用型 AI 智能体 Manus 已问世&#xff0c;能够将复杂任务拆解为可执行的步骤链&#xff0c;并在虚拟环境中灵活调用工具&#xff0c;标志着 AI 从 “Reasoner” 走…

MyBatis之数据操作增删改查基础全解

目录 1. ➕MyBatis添加数据 1.1. 持久层接口添加方法 1.2. 映射文件添加标签 1.3. 编写测试方法 2. ✏️MyBatis修改数据 2.1. 代码的优化 2.2. 持久层接口添加方法 2.3. 映射文件添加标签 2.4. 编写测试方法 3. &#x1f5d1;️MyBatis删除数据与根据Id查询 3.1. 删…

kbmMemTable Pro 7.82 Delphi 11 源代码

kbmMemTable Pro 7.82 Delphi 11 源代码KbmMemTable 是一个用于在 Win 32/64、Mac OS、Android 和 iOS 32/64 应用程序中存储临时数据的组件&#xff0c;这些应用程序可以使用 RAD Studio、Delphi、C Builder 或 FPC 等编程语言创建&#xff0c;同时您还可以高速访问存储在数据…

LeetCode Hot 100 除自身以外数组的乘积

给你一个整数数组 nums&#xff0c;返回 数组 answer &#xff0c;其中 answer[i] 等于 nums 中除 nums[i] 之外其余各元素的乘积 。题目数据 保证 数组 nums之中任意元素的全部前缀元素和后缀的乘积都在 32 位 整数范围内。请 不要使用除法&#xff0c;且在 O(n) 时间复杂度内…

VC Code--常用的配置

原文网址&#xff1a;VC Code--常用的配置-CSDN博客 简介 本文介绍VC Cod常用的配置。 1.字体大小 整体字体大小 左下角齿轮> Settings> Windows> Window: Zoom Level> 改为&#xff1a;2 编辑器字体大小&#xff08;如果调整了整体字体大小&#xff0c;此处…

大模型驱动的智能体:从GPT-4到o1的能力跃升

大模型驱动的智能体&#xff1a;从GPT-4到o1的能力跃升 &#x1f31f; 嗨&#xff0c;我是IRpickstars&#xff01; &#x1f30c; 总有一行代码&#xff0c;能点亮万千星辰。 &#x1f50d; 在技术的宇宙中&#xff0c;我愿做永不停歇的探索者。 ✨ 用代码丈量世界&#xf…