-1

Im trying to implement mutual authentication between server and tag using Elliptic Curve Cryptography. I found already prepared algorithm and now Im trying to implement it in Java. I stucked on calculating authentication parameter as: A = R (XOR) X where R and X are points on elliptic curve.

I can't use simple ^ operator or separate it like this (Rt && !X1) || (!Rt && X1) because I can't negate ECPoint. Do you have any idea how can I implement this XOR? Im using bouncy castle library and I was trying to look for some xor method for ECPoint but I couldn't find any. I will be gratefull for any clues.

Gosia
  • 25
  • 3
  • You can't *negate* ECPoint but you *can* write your own boolean-return method that evaluates to true/false depending on some conditions of your devising. – sleepToken Jan 03 '20 at 12:41
  • 1
    XORing two elliptic curve points doesn't make any sense and is very unlikely to be part of any secure authentication protocol. You claim to have found such an algorithm, but you don't provide any description or links to the algorithm. For this reason I must downvote and vote to close the question. – President James K. Polk Jan 05 '20 at 14:36

1 Answers1

1
A = xor(R, X);

static ECPoint xor(ECPoint r, ECPoint x) {
    return new ECPoint(r.getAffineX().xor(x.getAffineX()),
                       r.getAffineY().xor(x.getAffineY()));
}

This is xor-ing on the coordinates, actually yielding two new coordinates.

See the comments @Kelalaka, XOR-ing not part of the elliptic curve algorithm.

Joop Eggen
  • 107,315
  • 7
  • 83
  • 138
  • 1
    x-or operation is not an EC operation that is an additive group. The result must be checked so that the point is actually on the curve. Even worse, the point can lie on the small order subgroup that can be exploited by the attackers. – kelalaka Jan 03 '20 at 13:50
  • 1
    As @kelalaka stated, when you XOR the coordinates like this you end up with something of a random (x,y) pair that is unlikely to be a point on the curve. I didn't downvote because the questioner seems to be asking for this. A elliptic curve point is more than just a pair (x,y), the pair must also satisfy the curve equation y^2 = x^3 + ax + b in the curve field. – President James K. Polk Jan 05 '20 at 14:37