Topic: Using wc_ecc_mulmod() function in wolfssl produces some errors

When I use the wc_ecc_mulmod() function to perform calculations, some errors will occur. Ra1 and ra2 are two 32-bit random numbers, and G is the generator of the elliptic curve. The calculation (ra1ra2)G is not equal to ra1(ra2G). I noticed that when using wc_ecc_mulmod, the number cannot exceed the number of digits of the large prime number modulus, but I just need the product of two large prime numbers (ra1a2) , and then multiplied by the generator G. I did a test, ra3 = ra1ra2 mod prime, ra3G!=ra1(ra2G), is there any other way for wolfssl to achieve (ra1ra2)G= ra1(ra2*G) ? when ra1 and ra2 are relatively small numbers, there is no problem. For example, point A and point C in the following code are equal.thank you very much

#include <iostream>
#include <string>
#include <unistd.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/sp_int.h>
#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/wolfmath.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/aes.h>

using namespace std;

int main(){
ecc_key key;
int ret;
WC_RNG rng;
wc_ecc_init(&key);
wc_InitRng(&rng);
int curveId = ECC_SECP256R1;
int keySize = wc_ecc_get_curve_size_from_id(curveId);
ret = wc_ecc_make_key_ex(&rng, keySize, &key, curveId);

//get param of ecc curve
mp_int a,b,prime,order,ra,s;
mp_init_multi(&a,&b,&prime,&order,&ra,&s);
ret = mp_read_radix(&a,key.dp->Af,16);
cout<<"get mp_int af: "<<ret<<endl;
ret = mp_read_radix(&b,key.dp->Bf,16);
cout<<"get mp_int bf: "<<ret<<endl;
ret = mp_read_radix(&prime,key.dp->prime,16);
cout<<"get mp_int prime: "<<ret<<endl;
ret = mp_read_radix(&order,key.dp->order,16);
cout<<"get mp_int order: "<<ret<<endl;
ret = wc_ecc_gen_k(&rng,32,&ra,&order);
cout<<"get mp_int ra: "<<ret<<endl;
ret = mp_copy(&key.k,&s);
cout<<"get mp_int s: "<<ret<<endl;

ecc_point* pointG = wc_ecc_new_point();
ret = wc_ecc_get_generator(pointG,wc_ecc_get_curve_idx(ECC_SECP256R1));
cout<<"get ecc_point pointG: "<<ret<<endl;
ret = wc_ecc_is_point(pointG,&a,&b,&prime);
cout<<"point is on curve: "<<ret<<endl;

//tes1:n1 = 10,n2 = 33,n3 = n1*n2, A = n3*G,B = n2*G,C = n1*B=> A == C
mp_int n1,n2,n3;
mp_init_multi(&n1,&n2,&n3,NULL,NULL,NULL);
mp_set_int(&n1,10);
mp_set_int(&n2,33);
ret = mp_mulmod(&n1,&n2,&prime,&n3);
ecc_point* A = wc_ecc_new_point();
ecc_point* B =wc_ecc_new_point();
ecc_point* C =wc_ecc_new_point();
ret = wc_ecc_mulmod(&n3,pointG,A,&a,&prime,1);
cout<<"n3*G: "<<ret<<endl;
ret = wc_ecc_mulmod(&n1,pointG,B,&a,&prime,1);
cout<<"n1*G: "<<ret<<endl;
ret = wc_ecc_mulmod(&n2,B,C,&a,&prime,1);
cout<<"n2*B: "<<ret<<endl;
ret = wc_ecc_cmp_point(A,C);
cout<<"A is equal to C: "<<ret<<endl;

//test2:ra1,ra2 are big number ra3 = ra1*ra2, D = ra3*G,E = ra2*G,F = ra1*E=> D != F
mp_int ra1,ra2,ra3;
mp_init_multi(&ra1,&ra2,&ra3,NULL,NULL,NULL);
ret = wc_ecc_gen_k(&rng,32,&ra1,&order);
cout<<"get mp_int ra1: "<<ret<<endl;
ret = wc_ecc_gen_k(&rng,32,&ra2,&order);
cout<<"get mp_int ra2: "<<ret<<endl;
ret = mp_mulmod(&ra1,&ra2,&prime,&ra3);
ecc_point* D = wc_ecc_new_point();
ecc_point* E =wc_ecc_new_point();
ecc_point* F =wc_ecc_new_point();
ret = wc_ecc_mulmod(&ra3,pointG,D,&a,&prime,1);
cout<<"ra3*G: "<<ret<<endl;
ret = wc_ecc_mulmod(&ra1,pointG,E,&a,&prime,1);
cout<<"ra1*G: "<<ret<<endl;
ret = wc_ecc_mulmod(&ra2,E,F,&a,&prime,1);
cout<<"ra2*E: "<<ret<<endl;
ret = wc_ecc_cmp_point(D,F);
cout<<"D is equal to F: "<<ret<<endl;
return 0;

}

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hi Wangzihao,
Thank you very much for using wolfSSL! 

I tried reproducing what you are seeing. Here is what I did :

cd wolfssl
git checkout master
./autogen.sh 
./configure --enable-static --enable-sp-math-all --enable-opensslall
make all
make check 
sudo make install

I then copied the code supplied in your post into a file called `forum.c` and did the following:

g++ forum.cpp /usr/local/lib/libwolfssl.a  -o forum
./forum

Here are the results I got:


get mp_int af: 0
get mp_int bf: 0
get mp_int prime: 0
get mp_int order: 0
get mp_int ra: 0
get mp_int s: 0
get ecc_point pointG: 0
point is on curve: 0
n3*G: 0
n1*G: 0
n2*B: 0
A is equal to C: 0
get mp_int ra1: 0
get mp_int ra2: 0
ra3*G: 0
ra1*G: 0
ra2*E: 0
D is equal to F: -1

Is this what you are seeing as well? 

I will need to confer with my colleagues. Please stay tuned.

Warm regards, Anthony

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hi Wangzihao,

How are you? We would love to get on a call with you to better understand how you are using wolfSSL. Would you be open to such a call? Don't worry about potential language issues. I can speak Mandarin. Please let me know.

Warm regards, Anthony

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hello anthony,
      The result of my program is the same as yours, I sent you an email, thank you very much.
Wang Zihao

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hi Wang Zihao,

Thank you for confirming you got the same result. 
Unfortunately, I don't think I got any message from you. 
Did you send it to anthony@wolfssl.com ?

Can you please re-send to that address?

Warm regards, Anthony

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hello anthony,
Thank you very much for your enthusiastic help recently, my problem has been solved, due to my lack of mathematical knowledge and carelessness, the calculation of ra3 = ra1*ra2 mod prime is problematic, ra3 = ra1*ra2 mod order is correct
Reference: https://stackoverflow.com/questions/762 … ome-errors
Thank you again for your concern and help recently.
Wang Zihao

Share

Re: Using wc_ecc_mulmod() function in wolfssl produces some errors

Hi Zihao,

You're very welcome. We'd still love to have a chat.  If you have a chance, please send me a meeting invite to anthony@wolfssl.com.

Warm regards, Anthony

Share