[Server] Update comments to make sense at all

This commit is contained in:
Andrew 2023-06-07 12:27:45 +03:00
parent 3a7a37d814
commit f6755b0c22
2 changed files with 31 additions and 22 deletions

View File

@ -255,26 +255,32 @@ void generateServerKey(
BN_lebin2bn((BYTE *)&iSignature, sizeof(iSignature), e); BN_lebin2bn((BYTE *)&iSignature, sizeof(iSignature), e);
/* /*
* Signature * (Signature * G + H * K) = rG (mod p)
* K = kG
* *
* Signature * (Signature * G + H * k * G) = rG (mod p) * Scalars:
* Signature^2 * G + Signature * HkG = rG (mod p) * c = Random multiplier
* G(Signature^2 + Signature * HkG) = G (mod p) * r * e = Intermediate Signature
* G^(-1)(G (mod p)) = (mod n), n = genOrder of G * s = Signature
* n = Order of G
* k = Private Key
* *
* Signature^2 + Hk * Signature = r (mod n) * Points:
* Signature = -(e +- sqrt(D)) / 2a Signature = (-Hk +- sqrt((Hk)^2 + 4r)) / 2 * G(x, y) = Generator (Base Point)
* R(x, y) = Random derivative of the generator
* K(x, y) = Public Key
* *
* S = (-Hk +- sqrt((Hk)^2 + 4r)) (mod n) / 2 * Equation:
* s(sG + eK) = R (mod p)
* K = kG; R = cG
* *
* S = s * s(sG + ekG) = cG (mod p)
* H = e * s(s + ek)G = cG (mod p)
* k = privateKey * G cancels out, the scalar arithmetic shrinks to order n
* n = genOrder
* r = c
* *
* s = ( ( -e * privateKey +- sqrt( (e * privateKey)^2 + 4c ) ) / 2 ) % genOrder * s(s + ek) = c (mod n)
* s² + (ek)s - c = 0 (mod n)
* This is a quadratic equation in respect to the signature
*
* s = (-ek ± ((ek)² - 4c)) / 2 (mod n)
*/ */
// e = ek (mod n) // e = ek (mod n)
@ -283,10 +289,10 @@ void generateServerKey(
// s = e // s = e
BN_copy(s, e); BN_copy(s, e);
// s = (s (mod n))^2 // s = (ek (mod n))²
BN_mod_sqr(s, s, genOrder, numContext); BN_mod_sqr(s, s, genOrder, numContext);
// c <<= 2 (c *= 4) // c *= 4 (c <<= 2)
BN_lshift(c, c, 2); BN_lshift(c, c, 2);
// s += c // s += c
@ -294,18 +300,20 @@ void generateServerKey(
// Around half of numbers modulo a prime are not squares -> BN_sqrt_mod fails about half of the times, // Around half of numbers modulo a prime are not squares -> BN_sqrt_mod fails about half of the times,
// hence if BN_sqrt_mod returns NULL, we need to restart with a different seed. // hence if BN_sqrt_mod returns NULL, we need to restart with a different seed.
// s = sqrt(s (mod n)) // s = √((ek)² + 4c (mod n))
noSquare = BN_mod_sqrt(s, s, genOrder, numContext) == nullptr; noSquare = BN_mod_sqrt(s, s, genOrder, numContext) == nullptr;
// s = s (mod n) - e // s = -ek + √((ek)² + 4c) (mod n)
BN_mod_sub(s, s, e, genOrder, numContext); BN_mod_sub(s, s, e, genOrder, numContext);
// If s is odd, add order to it. // If s is odd, add order to it.
// s += n // The order is a prime, so it can't be even.
if (BN_is_odd(s)) if (BN_is_odd(s))
// s = -ek + √((ek)² + 4c) + n
BN_add(s, s, genOrder); BN_add(s, s, genOrder);
// s >>= 1 (s /= 2) // s /= 2 (s >>= 1)
BN_rshift1(s, s); BN_rshift1(s, s);
// Translate resulting scalar into a 64-bit integer (the byte order is little-endian). // Translate resulting scalar into a 64-bit integer (the byte order is little-endian).

View File

@ -194,10 +194,11 @@ void generateXPKey(
* s = Signature * s = Signature
* n = Order of G * n = Order of G
* k = Private Key * k = Private Key
* K = Public Key
* *
* Points: * Points:
* G(x, y) = Generator (Base Point) * G(x, y) = Generator (Base Point)
* R(x, y) = Random derivative of the generator
* K(x, y) = Public Key
* *
* We need to find the signature s that satisfies the equation with a given hash: * We need to find the signature s that satisfies the equation with a given hash:
* P = sG + eK * P = sG + eK