具有NIST P256曲线的Java Card ECKey。如何编码负系数?

时间:2013-09-17 14:14:16

标签: public-key-encryption smartcard javacard

我尝试使用ECKey(http://www.win.tue.nl/pinpasjc/docs/apis/jc222/javacard/security/ECKey.html)和NIST在Java卡上定义的P-256曲线:

Curve P-256

p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
r = 115792089210356248762697446949407573529996955224135760342422259061068512044369
s = c49d3608 86e70493 6a6678e1 139d26b7 819f7e90
c = 7efba166 2985be94 03cb055c 75d4f7e0 ce8d84a9 c5114abc af317768 0104fa0d
b = 5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b
Gx = 6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296
Gy = 4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5

y²=x³-3x + b(mod p)

据我了解,我使用

  • p表示setFieldFP(),素数p对应于字段GF(p)
  • r表示setR(),曲线的固定点G的顺序,
  • b表示setB(),曲线的第二个系数,
  • 用于setG()的Gx和Gy,曲线的固定点(在将它们编码为ANSI X9.62之后),
  • 固定点G的顺序的辅助因子是1,所以setK(1)

系数A是-3(根据曲线的定义)。但是我如何编码-3(作为byte []),以便我可以用setA()设置它?

2 个答案:

答案 0 :(得分:3)

由于计算是以模p进行的,因此您可以随意添加p。

a = -3 - > a = -3 + p - > a = p - 3

答案 1 :(得分:2)

我想最简单的看一下现有的库。 P-256与secp256r1相同,可以在Bouncy Castle源代码中找到。或者,NIST还发布了一个名为Mathematical routines for the NIST prime elliptic curves的文档,其中包含十六进制的参数。谢谢转到this excelent answer on the OTN discussion forums

来自Bouncy Castle的代码粘贴,请尊重Bouncy Castle许可证。

/*
 * secp256r1
 */
static X9ECParametersHolder secp256r1 = new X9ECParametersHolder()
{
    protected X9ECParameters createParameters()
    {
        // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1
        BigInteger p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
        BigInteger a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
        BigInteger b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
        byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90");
        BigInteger n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
        BigInteger h = BigInteger.valueOf(1);

        ECCurve curve = new ECCurve.Fp(p, a, b);
        //ECPoint G = curve.decodePoint(Hex.decode("03"
        //+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"));
        ECPoint G = curve.decodePoint(Hex.decode("04"
            + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
            + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"));

        return new X9ECParameters(curve, G, n, h, S);
    }
};

请注意,此代码中的n是顺序,h(当然)是辅因子。种子S不应该是必需的。

相关问题
最新问题