Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-08-11 15:00:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4097

Browse source 
61caab8 crypto: remove slight bias in key generation due to modulo (moneromooo-monero)
This commit is contained in:
luigi1111 2018-07-27 14:23:54 -05:00
commit 3fde902394
No known key found for this signature in database
GPG key ID: F4ACA0183641E010
5 changed files with 77 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/crypto/crypto.cpp
View file

@ -93,12 +93,32 @@ namespace crypto {
generate_random_bytes_not_thread_safe(N, bytes);
}
static inline bool less32(const unsigned char *k0, const unsigned char *k1)
{
for (int n = 31; n >= 0; --n)
{
if (k0[n] < k1[n])
return true;
if (k0[n] > k1[n])
return false;
}
return false;
}
void random32_unbiased(unsigned char *bytes)
{
// l = 2^252 + 27742317777372353535851937790883648493.
// it fits 15 in 32 bytes
static const unsigned char limit[32] = { 0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0 };
do
{
generate_random_bytes_thread_safe(32, bytes);
} while (!less32(bytes, limit)); // should be good about 15/16 of the time
sc_reduce32(bytes);
}
/* generate a random 32-byte (256-bit) integer and copy it to res */
static inline void random_scalar(ec_scalar &res) {
unsigned char tmp[64];
generate_random_bytes_thread_safe(64, tmp);
sc_reduce(tmp);
memcpy(&res, tmp, 32);
random32_unbiased((unsigned char*)res.data);
}
void hash_to_scalar(const void *data, size_t length, ec_scalar &res) {