Questo sito utilizza cookies, anche di terze parti, per mostrare pubblicità e servizi in linea con il tuo account. Leggi l'informativa sui cookies.
Username: Password: oppure
Algoritmi - Generazione di numeri pseudocasuali
Forum - Algoritmi - Generazione di numeri pseudocasuali

Avatar
drewnik99 (Normal User)
Pro


Messaggi: 69
Iscritto: 28/03/2008

Segnala al moderatore
Postato alle 18:59
Domenica, 21/10/2012
Ho trovato in rete questa implementazione in C dell'algoritmo Blum Blum Shum, per la generazione di numeri pseudocasuali: http://www.connotech.com/PEKEPRGM.HTM.
Questo programma, però, stampa stringhe pseudocasuali, mentre io devo ottenere un intero di una sequenza pseudocasuale ad ogni chiamata della funzione di generazione.
Qualche suggerimento su come modificare il codice proposto?
Grazie in anticipo per le risposte.

PM Quote
Avatar
drewnik99 (Normal User)
Pro


Messaggi: 69
Iscritto: 28/03/2008

Segnala al moderatore
Postato alle 14:59
Giovedì, 25/10/2012
Ecco il codice:

Codice sorgente - presumibilmente C++

  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <limits.h>
  5. #include <assert.h>  /* assert(...) intended to raise
  6.                         confidence in the source code
  7.                         correctness.                        */
  8.  
  9. #if (UINT_MAX<0xFFFFFFFF)
  10. #error This source code requires a 32-bit integer format
  11. #endif
  12.  
  13. /* ********************************************************
  14.                           Utilities
  15.    ******************************************************** */
  16.  
  17. #define mod %
  18. #define and &&
  19. #define or ||
  20. #define not !
  21.  
  22. /* --------------------------------------------------------
  23.   Pseudo-random number generation from the C standard example
  24.    -------------------------------------------------------- */
  25. static unsigned long int next = 1;
  26. #undef RAND_MAX /* overrides the definition from <stdlib.h> */
  27. #define RAND_MAX 32767
  28.  
  29. int rand(void)
  30. {
  31.   next = next * 1103515245 + 12345;
  32.   return (unsigned int)(next/65536) mod 32768;
  33. }
  34.  
  35. void srand(unsigned int seed)
  36. {
  37.   next = seed;
  38. }
  39.  
  40. /* --------------------------------------------------------
  41.             Linear distribution of random integers
  42.    -------------------------------------------------------- */
  43.  
  44. static unsigned int linear_distribution( unsigned int min
  45.                                        , unsigned int max)
  46. {
  47.   unsigned int return_value;
  48.   assert(max>min);
  49.   do
  50.   {
  51.     /* get at least 32 random bits irrespective of RAND_MAX */
  52.     return_value = (rand()*(RAND_MAX+1)+rand())
  53.                                          *(RAND_MAX+1)+rand();
  54.   } /* but disregard any draw above an exact number of ranges,
  55.        since such a draw would not make the distribution
  56.        uniform                                              */
  57.   while (return_value>=(UINT_MAX-UINT_MAX mod (max-min+1)));
  58.  
  59.   return return_value mod (max-min+1) + min;
  60. }
  61.  
  62.  
  63. /* --------------------------------------------------------
  64.                     Greatest common divisor
  65.    -------------------------------------------------------- */
  66.  
  67. static unsigned int gcd(unsigned int a, unsigned int b)
  68. {
  69.    int i;
  70.    unsigned int x[4]; /* need x[0], x[1], x[i-1] */
  71.  
  72.    if (a>b)
  73.    {
  74.      x[0] = a; x[1] = b;
  75.    }
  76.    else
  77.    {
  78.      x[0] = b; x[1] = a;
  79.    }
  80.  
  81.    i = 1;
  82.  
  83.    /* mapping 0123456789... into 0123232323... (a trick to
  84.       maintain "elegant" programming style with limited-size
  85.       memory)                                               */
  86.    #define w(x) ((x<4)?x:(2+(x&1)))
  87.  
  88.    while( x[w(i)] != 0 )
  89.    {
  90.  
  91.        x[w(i+1)] = x[w(i-1)] mod x[w(i)];
  92.  
  93.        i++;
  94.    };
  95.    return x[w(i-1)];
  96.    #undef w
  97. }
  98.  
  99. /* --------------------------------------------------------
  100.                   Generalized Euclid algorithm
  101.    -------------------------------------------------------- */
  102.  
  103. static void generalized_euclid(unsigned int P, unsigned int Q
  104.                                        ,int*a          ,int*b)
  105. {
  106.    unsigned int x[4]; /* need x[0], x[1], x[i-1] */
  107.    int  u[4],         /* need u[i-1] */
  108.         v[4];         /* need v[i-1] */
  109.    int i;
  110.  
  111.    if (P>Q)
  112.    {
  113.      x[0] = P; x[1] = Q;
  114.    }
  115.    else
  116.    {
  117.      x[0] = Q; x[1] = P;
  118.    }
  119.  
  120.    u[0] = 1; u[1] = 0;
  121.    v[0] = 0; v[1] = 1;
  122.  
  123.    i = 1;
  124.  
  125.    /* mapping 0123456789... into 0123232323... (a trick to
  126.       maintain "elegant" programming style with limited-size
  127.       memory)                                               */
  128.    #define w(x) ((x<4)?x:(2+(x&1)))
  129.  
  130.    while( x[w(i)] != 0 )
  131.    {
  132.        int y;
  133.  
  134.        assert(x[w(i)]==u[w(i)]*x[0]+v[w(i)]*x[1]);
  135.  
  136.        y = x[w(i-1)]/x[w(i)];
  137.  
  138.        x[w(i+1)] = x[w(i-1)] mod x[w(i)];
  139.  
  140.        u[w(i+1)] = u[w(i-1)] - (y*u[w(i)]);
  141.        v[w(i+1)] = v[w(i-1)] - (y*v[w(i)]);
  142.  
  143.        i++;
  144.    };
  145.    assert(x[w(i)]==u[w(i)]*x[0]+v[w(i)]*x[1]);
  146.  
  147.    if (P>Q)
  148.    {
  149.      *a = u[w(i-1)];
  150.      *b = v[w(i-1)];
  151.    }
  152.    else
  153.    {
  154.      *a = v[w(i-1)];
  155.      *b = u[w(i-1)];
  156.    }
  157.    #undef w
  158. }
  159.  
  160. /* --------------------------------------------------------
  161.                       Modular Multiplication
  162.    -------------------------------------------------------- */
  163.  
  164. /* this version is limited to 16 bits multiplicands a and b */
  165. #define mult_modulo(a,b,m) (((a)*(b))mod(m))
  166.  
  167. /* --------------------------------------------------------
  168.                      Modular Exponentiation
  169.    -------------------------------------------------------- */
  170.  
  171. static unsigned int expmod(unsigned int base
  172.                           ,unsigned int exponent
  173.                           ,unsigned int prepmod)
  174. {
  175.    unsigned int mask;
  176.    unsigned int result = 1;
  177.  
  178.    mask=UINT_MAX-UINT_MAX/2; /* only the highest bit is set */
  179.  
  180.    while (mask)
  181.    {
  182.        result = mult_modulo(result,result,prepmod);
  183.  
  184.        if(exponent&mask)
  185.        {
  186.           result=mult_modulo(result,base,prepmod);
  187.        }
  188.        mask >>= 1;
  189.    }
  190.    return result;
  191. }
  192.  
  193. /* --------------------------------------------------------
  194.                  Number theoretic signed modulo
  195.    -------------------------------------------------------- */
  196.  
  197. unsigned int number_theoretic_mod(int num, unsigned int denom)
  198. {
  199.   div_t d;  /* a C portable construct for
  200.                                     signed integer division */
  201.   d=div(num,denom);
  202.   if (d.rem>=0)
  203.     return d.rem;
  204.   else
  205.     return d.rem+denom;
  206. }
  207.  
  208. /* ********************************************************
  209.                 Definitions of Common Parameters
  210.    ******************************************************** */
  211.  
  212. #define L (128)    /* Number of bits
  213.                                 in the resulting bit string */
  214. #define k (4)      /* Number of bits to retain in each step */
  215. #define t ((L+k-1)/k) /* Number of steps
  216.                                 of the x**2 mod N generator */
  217.  
  218. static unsigned int N;/* Public key of the Initiator, user A*/
  219.  
  220. /* ********************************************************
  221.   Code for the Responder (user B) in the Secret Key Exchange
  222.    ******************************************************** */
  223.  
  224. /* the resulting jointly determined, secret, shared, and
  225.    unique bit string as computed by the responder, user B
  226.    (one bit per byte)                                       */
  227. static char resp_secret_bit_string[L];              /* #204 */
  228.  
  229. /* --------------------------------------------------------
  230.                             Bit_Shuffling
  231.    -------------------------------------------------------- */
  232.  
  233. static unsigned int Bit_Shuffling(unsigned int S    /* #202 */
  234.                                  ,unsigned int C
  235.                                  ,unsigned int xA_B
  236.                                  ,unsigned int xB_)
  237. {
  238.   return ((xB_/S)*C*S) + (xA_B*S) + (xB_ mod S);
  239. }
  240.  
  241. /* --------------------------------------------------------
  242.                      responder_procedures
  243.    -------------------------------------------------------- */
  244.  
  245. static unsigned int responder_procedures(unsigned int S
  246.                                         ,unsigned int C
  247.                                         ,unsigned int xA_B)
  248. {
  249.   unsigned int xi;
  250.   do
  251.   {
  252.    int i_t;
  253.    do
  254.    {
  255.     unsigned int xB_;
  256.  
  257.     xB_ = linear_distribution(0,N/C);               /* #201 */
  258.  
  259.     xi = Bit_Shuffling(S,C,xA_B,xB_);               /* #202 */
  260.  
  261.    } while (not((1<xi)and(xi<(N-1))
  262.                       and(gcd(xi,N)==1)
  263.                       /* this gcd test should be omitted in a
  264.                          full-scale implementation          */
  265.                )
  266.            );
  267.    for (i_t=0; i_t<t; i_t++)
  268.    {
  269.     int i_bit;
  270.     xi = mult_modulo(xi,xi,N);                      /* #203 */
  271.     for (i_bit=0;i_bit<k;i_bit++)                   /* #204 */
  272.     {
  273.       resp_secret_bit_string[i_t*k+i_bit]= (xi&(1<<i_bit))!=0;
  274.     }
  275.    }
  276.   } while (xi == 1); /* unlikely event where the period
  277.                         of the x**2 mod N generator is 1    */
  278.   xi = mult_modulo(xi,xi,N);
  279.   return xi;
  280. }
  281.  
  282. /* ********************************************************
  283.   Code for the Passive Eavesdropper Role in the Key Exchange
  284.    ******************************************************** */
  285. /* The passive eavesdropper is one who tries to break the
  286.    system by exhaustive search. In this small scale model, the
  287.    eavesdropper is allowed a fixed number of attempts on each
  288.    message exchange. In a full-scale implementation,
  289.    exhaustive search as illustrated here makes no more sense
  290.    than with other cryptosystems.                           */
  291. #define EAVESDROPPER_NB_OF_ATTEMPTS (40)
  292.  
  293. static int count_samples;
  294. static int count_successes;
  295.  
  296. /* --------------------------------------------------------
  297.                     eavesdropper_opportunity
  298.    -------------------------------------------------------- */
  299.  
  300. static void eavesdropper_opportunity(unsigned int S
  301.                                     ,unsigned int C
  302.                                     ,unsigned int xA_B
  303.                                     ,unsigned int xt)
  304. /* nota bene: this function spoils the global variable
  305.               resp_secret_bit_string                        */
  306. {
  307.   int i;
  308.   count_samples++;
  309.   for (i=0;i<EAVESDROPPER_NB_OF_ATTEMPTS;i++)
  310.   {
  311.     if (xt==responder_procedures(S,C,xA_B))
  312.     {
  313.       count_successes++;
  314.       break;
  315.     }
  316.   }
  317. }
  318.  
  319. /* ********************************************************
  320.     Code for the Adversary role in the Secret Key Exchange
  321.    ******************************************************** */
  322. /* The adversary knows some algorithm to find the prime
  323.    factors of N from information he hopes to gather using the
  324.    following attack. Only the first step of the information
  325.    search is illustrated. The next step of the information
  326.    gathering process is to eavesdrop (either actively or
  327.    passively) the subsequent cryptographic exchanges and
  328.    extract some hints about the shared bit string. A
  329.    successful information gathering attack is an extremely
  330.    remote possibility if the adversary process is considered
  331.    during the cryptographic application design.
  332.  
  333.    By contrast with the Blum-Goldwasser probabilistic
  334.    encryption cryptosystem, this one has two advantages for
  335.    this type of adversary:
  336.      1) there is a bit shuffling test to detect most
  337.         information gathering attempts,
  338.      2) the resulting bit string is not used to encipher a
  339.         message directly, but as secret cryptosystem keys, MAC
  340.         initial vectors, challenge data to be signed, and so
  341.         on (none of which should disclose any bit of the bit
  342.         string).                                            */
  343.  
  344. /* --------------------------------------------------------
  345.                      adversary_procedures
  346.    -------------------------------------------------------- */
  347.  
  348. static unsigned int adversary_procedures(unsigned int S
  349.                                         ,unsigned int C
  350.                                         ,unsigned int xA_B)
  351. {
  352.   unsigned int xt_pred; /* xt predecessor */
  353.   do
  354.   {
  355.     xt_pred = linear_distribution(2,N-2);
  356.   } while (not(   (gcd(xt_pred,N)==1)
  357.                and(mult_modulo(xt_pred,xt_pred,N)!=1)
  358.    /* and other mathematical criteria such as Jacobi symbol */
  359.               )
  360.           );
  361.   return mult_modulo(xt_pred,xt_pred,N);
  362. }
  363.  
  364. /* ********************************************************
  365.   Code for the Initiator (user A) in the Secret Key Exchange
  366.    ******************************************************** */
  367.  
  368. /* contents of the first message */                 /* #301 */
  369. static unsigned int xA_B;/* main item in first message sent */
  370. static unsigned int S
  371.                    ,C;   /* dynamically selected parameters */
  372.  
  373. /* the resulting jointly determined, secret, shared, and
  374.    unique bit string as computed by the initiator, user A
  375.    (one bit per byte)                                       */
  376. static char init_secret_bit_string[L];              /* #105 */
  377.  
  378. /* the private prime factors P and Q */
  379. static unsigned int P, Q;
  380.  
  381. /* pre-computed values to make computations more efficient  */
  382. static unsigned int a_P, b_Q, alpha, beta;
  383.  
  384. /* internal variables: the four possible values for B's x   */
  385. static unsigned int e,f,g,h;
  386.  
  387. /* --------------------------------------------------------
  388.                     initiator_pre_computations
  389.    -------------------------------------------------------- */
  390.  
  391. static void initiator_pre_computations(void)
  392. {
  393.    assert((P*Q)==N);
  394.    {
  395.  
  396. /* Find a, b such that a*P + b*Q = 1.
  397.  
  398.    Since further computations are modulo N, "scale" signed a
  399.    and b into positive numbers:
  400.  
  401. (b*Q*mu + a*P*nu) mod N
  402.  = (            b*Q*mu       +             a*P*nu      ) mod N
  403.  = (          (b*Q)*mu mod N +           (a*P)*nu mod N) mod N
  404.  = (    (b*Q mod N)*mu mod N +     (a*P mod N)*nu mod N) mod N
  405.  = ((b*Q mod (P*Q))*mu mod N + (a*P mod (Q*P))*nu mod N) mod N
  406.  = (  ((b mod P)*Q)*mu mod N +   ((a mod Q)*P)*nu mod N) mod N
  407.       =============              =============
  408.    pre-computed b_Q           pre-computed a_P              */
  409.  
  410.      int a, b;     generalized_euclid(P,Q,&a,&b);
  411.      assert((a*P+b*Q)==1);
  412.  
  413.      b_Q = number_theoretic_mod(b,P)*Q;
  414.      a_P = number_theoretic_mod(a,Q)*P;
  415.    }
  416.    alpha=expmod((P+1)/4,t+1,P-1);
  417.    beta =expmod((Q+1)/4,t+1,Q-1);
  418. }
  419.  
  420. /* --------------------------------------------------------
  421.                       initiator_step_101
  422.    -------------------------------------------------------- */
  423.  
  424. static void initiator_step_101(void)                /* #101 */
  425. {
  426.   /* This function illustrates implementation decisions about
  427.      S and C parameters. Obviously, these should not be
  428.      taken as recommended practice.                         */
  429.  
  430.   /* select parameter C among 19,21,23,25 with respective
  431.      probabilities 1/7, 2/7, 2/7, 2/7, 2/7                  */
  432.  
  433.   C=linear_distribution(19,25);
  434.   C=C|1; /* makes it odd */
  435.  
  436.   /* select parameter S as a multiple of 17,between 17 and
  437.      N/C                                                    */
  438.   {
  439.     unsigned int min = 17;
  440.     unsigned int max = N/C;
  441.     if (max<min)
  442.         max=min;
  443.  
  444.     S =17*linear_distribution(min/17,max/17);
  445.   }
  446.  
  447.   assert((C*S)<N);
  448.  
  449.   xA_B = linear_distribution(0,C-1);
  450. }
  451.  
  452. /* --------------------------------------------------------
  453.                     inverse_x_2_t__1_mod_N
  454.    -------------------------------------------------------- */
  455.  
  456. static unsigned int inverse_x_2_t__1_mod_N(unsigned int xt)
  457. {                                                   /* #102 */
  458.   unsigned int mu=expmod((xt mod P),alpha,P);
  459.   unsigned int nu=expmod((xt mod Q),beta ,Q);
  460.  
  461.   e=(b_Q*mu    +a_P*nu)     mod N;
  462.   f=(b_Q*(P-mu)+a_P*nu)     mod N;
  463.   g=(b_Q*mu    +a_P*(Q-nu)) mod N;
  464.   h=(b_Q*(P-mu)+a_P*(Q-nu)) mod N;
  465.  
  466.   assert(   (mult_modulo(e,e,N)==mult_modulo(f,f,N))
  467.          and(mult_modulo(f,f,N)==mult_modulo(g,g,N))
  468.          and(mult_modulo(g,g,N)==mult_modulo(h,h,N))
  469.         );
  470.  
  471.   return mult_modulo(e,e,N);
  472. }
  473.  
  474. /* --------------------------------------------------------
  475.                       bit_shuffling_test
  476.    -------------------------------------------------------- */
  477.  
  478. static int bit_shuffling_test(void)                 /* #103 */
  479. /* returns non-zero when adversary attack detected          */
  480. {
  481.   return (not(  (xA_B==(e/S)mod C)
  482.               or(xA_B==(f/S)mod C)
  483.               or(xA_B==(g/S)mod C)
  484.               or(xA_B==(h/S)mod C)
  485.              )
  486.          );
  487. }
  488.  
  489. /* --------------------------------------------------------
  490.                  initiator_steps_102_onwards
  491.    -------------------------------------------------------- */
  492.  
  493. static int initiator_steps_102_onwards(unsigned int xt)
  494. /* returns non-zero when adversary attack detected */
  495. {
  496.   unsigned int xi = inverse_x_2_t__1_mod_N(xt);     /* #102 */
  497.   int i_t;
  498.   if (bit_shuffling_test())                         /* #103 */
  499.     return 1;
  500.   for (i_t=0; i_t<t; i_t++)
  501.   {
  502.     int i_bit;
  503.     for (i_bit=0;i_bit<k;i_bit++)                   /* #105 */
  504.     {
  505.       init_secret_bit_string[i_t*k+i_bit]
  506.                                  = (xi&(1<<i_bit))!=0;
  507.     }
  508.     xi = mult_modulo(xi,xi,N);                      /* #104 */
  509.   }
  510.   if (xt!=xi)
  511.   {
  512.      return 2; /* most probably the xt selected by the
  513.                   adversary was not relatively prime with N */
  514.   }
  515.   return 0;
  516. }
  517.  
  518. /* ********************************************************
  519.                        Main program section
  520.    ******************************************************** */
  521.  
  522. #define DUPL_SAMPLE_SIZE (100)
  523. #define ADVERSARY_SAMPLE_SIZE (100)
  524.  
  525. static int cmp_strings(const void *a, const void *b)
  526. /*         -----------                                      */
  527. /* defined here for a function argument to qsort function   */
  528. {
  529.   return memcmp(a,b,L);
  530. }
  531.  
  532. static void print_bit_string(char *bit_string)
  533. /*          ----------------                                */
  534. {
  535.   /* packing and printing bits from an array */
  536.   int i;
  537.   int v;
  538.   for (i=0;i<L;i++)
  539.   {
  540.     if (0==(i mod 8))
  541.       v = 0;
  542.     if (bit_string[i])
  543.       v = v | (1<<(7-(i mod 8)));
  544.     if (7==(i mod 8))
  545.       printf("%2.2X",v);
  546.   }
  547.   if (0!=(i mod 8))
  548.     printf("%2.2X",v);
  549. }
  550.  
  551. /* --------------------------------------------------------
  552.                    The main program itself
  553.    -------------------------------------------------------- */
  554. int main(void)
  555. {
  556.  int i_param;
  557. /* --------------------------------------------------------
  558.                   Preprocessing of parameters
  559.    -------------------------------------------------------- */
  560.  static struct {unsigned int P_sample, Q_sample; }
  561.       spec_numbers[]=
  562.  /* all special numbers of the prescribed forms where N<2**16
  563.          P  *  Q  =   N      Ref. Blum Blum Shub, theorem 8 */
  564.       {{47 , 359}/*16873*/
  565.       ,{23 , 719}/*16537*/
  566.       ,{23 , 359}/* 8257*/
  567.       ,{47 , 167}/* 7849*/
  568.       ,{23 , 167}/* 3841*/
  569.       ,{47 ,  23}/* 1081*/
  570.       };
  571.       /* n.b. 2 is a quadratic residute with respect to
  572.          (47-1)/2 and (719-1)/2, so all these N should give
  573.          optimum periods                                    */
  574.  
  575.  for (i_param=0
  576.       ;i_param<2 /* first two entries of spec_numbers       */
  577.       ;i_param++)
  578.  {
  579.   int i;
  580.  
  581.   P = spec_numbers[i_param].P_sample;
  582.   Q = spec_numbers[i_param].Q_sample;
  583.   N = P*Q;
  584.  
  585.   count_samples=0;/* for eavesdropper success rate statistic*/
  586.   count_successes=0;
  587.  
  588.   initiator_pre_computations();
  589.   printf("\nTest results using the above program\n"
  590.            "with the x**2 mod %d generator\n\n",N);
  591.  
  592. /* --------------------------------------------------------
  593.            A small number of trial runs with printout
  594.    -------------------------------------------------------- */
  595.   for (i=0;i<4;i++)
  596.   {
  597.      unsigned int xt;
  598.      initiator_step_101();                          /* #101 */
  599.      /* the first message is S, C, xA_B                #301 */
  600.      xt=responder_procedures(S,C,xA_B);     /* #201 to #204 */
  601.      /* the second message is xt                       #302 */
  602.      if (initiator_steps_102_onwards(xt))   /* #102 to #105 */
  603.         {  assert(1);  }
  604.      assert(!memcmp(init_secret_bit_string
  605.                    ,resp_secret_bit_string,L));
  606.  
  607.      printf("Sample %d, secret bit string: ",i+1);
  608.      print_bit_string(resp_secret_bit_string);
  609.      printf("\n");
  610.  
  611.      eavesdropper_opportunity(S,C,xA_B,xt);
  612.   }
  613.  
  614. /* --------------------------------------------------------
  615.           A larger sample for accumulating statistics
  616.    -------------------------------------------------------- */
  617.   {
  618.     static char sample_bit_strings[DUPL_SAMPLE_SIZE][L];
  619.     int count_duplicates;
  620.     for (i=0;i<DUPL_SAMPLE_SIZE;i++)
  621.     {
  622.  
  623.      unsigned int xt;
  624.      initiator_step_101();                          /* #101 */
  625.      /* the first message is S, C, xA_B                #301 */
  626.      xt=responder_procedures(S,C,xA_B);     /* #201 to #204 */
  627.      /* the second message is xt                       #302 */
  628.      if (initiator_steps_102_onwards(xt))   /* #102 to #105 */
  629.         {  assert(1);  }
  630.      assert(!memcmp(init_secret_bit_string
  631.                    ,resp_secret_bit_string,L));
  632.  
  633.      memcpy(sample_bit_strings[i],init_secret_bit_string,L);
  634.  
  635.      eavesdropper_opportunity(S,C,xA_B,xt);
  636.     }
  637.  
  638.     qsort(sample_bit_strings,DUPL_SAMPLE_SIZE,L,cmp_strings);
  639.  
  640.     count_duplicates=0;
  641.     for (i=1;i<DUPL_SAMPLE_SIZE;i++)
  642.     {
  643.      if (0==memcmp(sample_bit_strings[i-1]
  644.                   ,sample_bit_strings[i],L))
  645.      {
  646.         count_duplicates++;
  647.         printf("Duplicate secret bit string: ");
  648.         print_bit_string(sample_bit_strings[i]);
  649.         printf("\n");
  650.      }
  651.     }
  652.     printf("Found %d duplicates in %d samples\n"
  653.                   ,count_duplicates,DUPL_SAMPLE_SIZE);
  654.   }
  655.  
  656.   printf("Eavesdropping was successful %d times "
  657.                                    "out of %d opportunities\n"
  658.                               ,count_successes,count_samples);
  659.  
  660. /* --------------------------------------------------------
  661.      Countering the attack of a "sophisticated" adversary
  662.    -------------------------------------------------------- */
  663.   {
  664.     int count_detect_1=0, count_detect_2=0;
  665.  
  666.     for (i=0;i<ADVERSARY_SAMPLE_SIZE;i++)
  667.     {
  668.       unsigned int xt;
  669.       initiator_step_101();                         /* #101 */
  670.       /* the first message is S, C, xA_B               #301 */
  671.       xt=adversary_procedures(S,C,xA_B);   /* unknown proc? */
  672.       /* the second message is xt                      #302 */
  673.       switch(initiator_steps_102_onwards(xt))   /* #102 ... */
  674.       {
  675.         case 0: /* undetected attack, the adversary could,
  676.                    if it was a general purpose probabilistic
  677.                    encryption application, gather some useful
  678.                    information to factorize N */
  679.           break;
  680.         case 1:
  681.           count_detect_1++; break;
  682.         case 2:
  683.           count_detect_2++; break;
  684.         default:
  685.           assert(1);
  686.       };
  687.     }
  688.     printf(
  689.     "Out of %d attacks, %d were detected (%d special)\n"
  690.             ,ADVERSARY_SAMPLE_SIZE
  691.                         ,count_detect_1+count_detect_2
  692.                                           ,count_detect_2
  693.           );
  694.   }
  695.  
  696. /* --------------------------------------------------------
  697.             Reaction to a non-sense responder action
  698.    -------------------------------------------------------- */
  699.   {
  700.     /* This test is similar to the previous one, but simply
  701.        intended to check any bug when the responder does not
  702.        give an xt response which is not mathematically
  703.        conforming (either a number not relatively prime with N
  704.        or a number which is not a quadratic residute modulo N)
  705.                                                             */
  706.     int count_detect_1=0, count_detect_2=0;
  707.  
  708.     for (i=0;i<ADVERSARY_SAMPLE_SIZE;i++)
  709.     {
  710.       unsigned int xt;
  711.       initiator_step_101();                         /* #101 */
  712.       /* the first message is S, C, xA_B               #301 */
  713.       xt=linear_distribution(2,N-2); /* non-sense is random */
  714.       /* the second message is xt                      #302 */
  715.       switch(initiator_steps_102_onwards(xt))   /* #102 ... */
  716.       {
  717.         case 0:
  718.           break;
  719.         case 1:
  720.           count_detect_1++; break;
  721.         case 2:
  722.           count_detect_2++; break;
  723.         default:
  724.           assert(1);
  725.       };
  726.     }
  727.     printf("Out of %d dumb responses, %d were detected "
  728.                                               "(%d special)\n"
  729.             ,ADVERSARY_SAMPLE_SIZE
  730.                                ,count_detect_1+count_detect_2
  731.                                               ,count_detect_2
  732.           );
  733.   }
  734.  }
  735.  
  736.  return EXIT_SUCCESS;
  737. }


PM Quote
Avatar
pierotofy (Admin)
Guru^2


Messaggi: 6223
Iscritto: 04/12/2003

Segnala al moderatore
Postato alle 17:38
Venerdì, 26/10/2012
Secondo me fai prima a trovare un'altro codice... questo non mi pare sia progettato per fare quello che dici tu.


Il mio blog: https://piero.dev
PM Quote