0

I've been working on implementing ECDH into my iOS project and have a small logic bug in my code for the point multiplication. From testing with the NIST List examples ("Link") I know that my double method and my add method is working correctly (tested with a various of curves) but somehow I can't get the actually multiplication algorithm to work. Here is the multiplication code:

- (NSArray *)multiplyPX:(BigInteger *)P_X PY:(BigInteger *)P_Y andD:(BigInteger *)D
{
    BigInteger *ZERO = [[BigInteger alloc] initWithInt32:0];
    BigInteger *curveA = [[BigInteger alloc] initWithString:@"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc" radix:16];

    //Getting the binary representation of the D value
    NSString *dBinary = [D toRadix:2];

    //Creating new Point Q = 0;
    BigInteger *Qx = ZERO;
    BigInteger *Qy = ZERO;

    //For every binary digit in D do "point doubling" & if dBinary[i] == 1 do "point addition"
    for (int i = [dBinary length]-1; i >= 0; i++) {

        //Check that you don't divide by 0
        if (![Qy isEqual:ZERO]) {

            //Point Doubling
            NSArray *arr = [self pointDoublingWithXp:Qx andYp:Qy andA:curveA];
            Qx = [arr objectAtIndex:0];
            Qy = [arr objectAtIndex:1];

        }
            //If dBinary[i] == 1
        if ([dBinary characterAtIndex:i] == 49) {

            //Point Addition
            NSArray *arr = [self pointAdditionWithXp:P_X andYp:P_Y andXq:Qx andYq:Qy];
            Qx = [arr objectAtIndex:0];
            Qy = [arr objectAtIndex:1];

        }
    }

    return [[NSArray alloc] initWithObjects:Qx, Qy, nil];
}

And here the point addition & point doubling.

- (NSArray *)pointAdditionWithXp:(BigInteger *)xp andYp:(BigInteger *)yp andXq:(BigInteger *)xq andYq:(BigInteger *)yq
{
    BigInteger *ONE = [[BigInteger alloc] initWithInt32:1];
    BigInteger *TWO = [[BigInteger alloc] initWithInt32:2];

    BigInteger *slope = [[yq sub:yp] multiply:[[xq sub:xp] inverseModulo:p] modulo:p];
    BigInteger *xout = [[[[slope exp:TWO modulo:p] sub:xq] sub:xp] multiply:ONE modulo:p];
    BigInteger *yout = [[yp negate] multiply:ONE modulo:p];
    yout = [yout add:[slope multiply:[xp sub:xout] modulo:p]];

    return [[NSArray alloc] initWithObjects:xout, yout, nil];
}

- (NSArray *)pointDoublingWithXp:(BigInteger *)xp andYp:(BigInteger *)yp andA:(BigInteger *)a
{
    BigInteger *ONE = [[BigInteger alloc] initWithInt32:1];
    BigInteger *TWO = [[BigInteger alloc] initWithInt32:2];
    BigInteger *THREE = [[BigInteger alloc] initWithInt32:3];

    BigInteger *slope = [[[[xp multiply:xp] multiply:THREE] add:a] multiply:[[yp multiply:TWO] inverseModulo:p]];

    BigInteger *xout = [[[slope multiply:slope] sub:[xp multiply:TWO]] multiply:ONE modulo:p];

    BigInteger *yout = [[[yp negate] add:[slope multiply:[xp sub:xout]]] multiply:ONE modulo:p];

    return [[NSArray alloc] initWithObjects:xout, yout, nil];
}

I don't really know what to do with the point Q at the beginning, maybe that's the bug.

But anyways, thank you very much. :)
Anton

user3207681
  • 21
  • 7
  • Is this for fun? Or why don't you use an existing ECC lib? Especially with weierstrass curves there are many subtle ways to screw it up without noticing it. For example the naive addition function will give wrong results in several cases, such as both points being equal. If you mess up even a single one of these, it'll turn into a security hole that allows extraction of your private key. – CodesInChaos May 20 '14 at 16:21
  • [dBinary characterAtIndex:i] returns the 49 if the character is 1. Im just checking the character at an index of a string. – user3207681 May 20 '14 at 16:27
  • And what library would you recommend ? – user3207681 May 20 '14 at 16:27
  • Depends on the curve. But OpenSSL has a bunch of ECC implementations including NIST curves, calling it from objective c shouldn't be too hard. If you don't need to use a NIST curve, I recommend Curve25519 which is for example implemented in LibSodium. – CodesInChaos May 20 '14 at 16:29
  • I'll check them out. The LibSodium one sounds pretty good. Thank you a lot :) – user3207681 May 20 '14 at 16:35
  • Your point addition function clearly doesn't handle special cases. As one example compute `add(x, x) ` and `double(x)` and compare them. There are several more cases, such as `add(x, -x)` or `add(x, inf)`. – CodesInChaos May 20 '14 at 16:55
  • Ok thank you. What library would you prefer when using Objective C in iOS? (OpenSSL etc) They all seem to be hard to implement, I can't find an easy to understand (for non native speaker) documentation. – user3207681 May 20 '14 at 17:08
  • I don't use iOS. But I'd recommend using a library with a c API and figuring out how to call it. Just because your code is in objective c doesn't mean the crypto lib needs to be. – CodesInChaos May 20 '14 at 17:09
  • yes, I know since its based of c they will work :) – user3207681 May 20 '14 at 17:10
  • is there a existing Swift or objective c Library to achieve ECC Multiplication operation in iOS ? – Max Jun 04 '20 at 12:30

0 Answers0