OpenSSL implementation of Shamir Secret Sharing
I'm attempting to implement Shamir Secret Sharing using OpenSSL. I'm having a lot of trouble getting the message to decrypt!
I have tried several implementations for decryption, both this one: http://www.cs.cornell.edu/courses/cs754/2001fa/307.pdf
And this one (which references the paper above, but uses a different method):
(Note i am aware of the typo for calculating u2)
I believe my problem might be a loss of precision when doing the Lagrange Interpolation on ik/(ik-ij) using BIGNUM values to represent the key numbers. I wrote a small function that converts an int like a key number to a BIGNUM value.
I'll spare you my key generating code because i'm pretty certain that's working correctly. The following is my implementation of the JPEG that i linked (not the PDF):
int i;
for (i = 0; i < 3; i++) {
aij[i] = BN_new();
BN_mod_exp(aij[i], c.c1, key[i].key, p, ctx);
}
BIGNUM *ik = BN_new();
BIGNUM *ij = BN_new();
BIGNUM *denomTmp = BN_new();
BIGNUM *numTmp = BN_new();
BIGNUM *divTmp = BN_new();
BIGNUM *accum = BN_new();
int j, k;
/* Lagrange Interpolation */
for (j = 0; j < 3; j++) {
BN_one(accum);
for (k = 0; k < 3; k++) {
if(j == k) continue;
else {
ik = int2BN(key[k].keynum); //int2BN is my function for converting ints to BNs
ij = int2BN(key[j].keynum);
BN_sub(denomTmp, ik, ij);
BN_div(divTmp, NULL, ik, denomTmp, ctx);
BN_mul(accum, accum, divTmp, ctx);
}
}
cij[j] = BN_new();
BN_mod(cij[j], accum, q, ctx); // accum % q = cij[j]
}
// Now for the second half...
int a;
u1 = BN_new();
BIGNUM *u1tmp = BN_new();
BN_one(u1);
for (a = 0; a < 3; a++) {
BN_mod_exp(u1tmp, aij[a], cij[a], p, ctx);
BN_mod_mul(u1, u1, u1tmp, p, ctx);
}
When i spit out the calculated values in cij[], i'm getting: 2, -5, 0 when using keys [2, 4, 5]. According to some math i did by hand it should actually be 10/3, 5, and 8/3. Is there any way to get around this?
Are there other problems with my code that you see? Thanks in advance.
You need to be doing modular arithmetic when you do sub, div, mul. i.e. BN_mod_sub, BN_mod_inverse on the denominator, and BN_mod_mul.
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Determine libraries to link against for a windows library function?
- Passing macro values to arm linker that places variable at a specific location
- running a program with wildcards as arguments
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
- Counting pulses using a swiss flow meter with an Arduino, how is it done?
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- How can I initialize all members of an array to the same value?
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Confused by difference between expression inside if and expression outside if
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?