Cryptography in and C C++ MICHAEL WELSCHENBACH Translated by DAVID KRAMER APress Media, LLC Cryptography in C and C++ Copyright © 2001 by Michael Welschenbach Originally published by Apress in 2001 All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Additiooa.l. material. to tbis book can be downloaded &om http://extras.springer.com ISBN 978-1-893115-95-8 ISBN 978-1-4302-1157-0 (eBook) DOI 10.1007/978-1-4302-1157-0 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Editorial Directors: Dan Appleman, Gary Cornell, Karen Watterson Translator and Compositor: David Kramer Proofreader: Anne Friedman T}3X Support: Fred Bartlett and Arthur Ogawa Cover Designer: Karl Miyajima Distributed to the book trade in the United States by Springer-Verlag New York, inc.,175 Fifth Avenue, New York, NY, 10010 and outside the United States by Springer-Verlag GmbH & Co. KG, Tiergartenstr. 17,69112 Heidelberg, Germany In the United States, phone 1-800-SPRINGER; [email protected]; http://www.springer-ny.com Outside the United States, contact orders@springer . de; http: / /www. springer. de; fax +49 6221 345229 The information in this book is distributed on an "as is" basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author nor Apress shall have any liability to any person or entity with respect to any 10ss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. For Helga, Daniel, and Lukas, from whom I borrowed the time for writing this book Contents list of Figures ix list of Tables xi Preface to the Translation of the Second Edition xiii Preface to the First Edition xvii I Arithmetic and Number Theory in C 1 1 Introduction 3 2 Number Formats: The Representation of Large Numbers inC 11 3 Interface Semantics 17 4 The Fundamental Operations 21 4.1 Addition and Subtraction. 22 4.2 Multiplication . . . . . . . 32 4.2.1 The Grade School Method 33 4.2.2 Squaring Is Faster . . . . . 39 4.2.3 Do Things Go Better with Karatsuba? 44 4.3 Division with Remainder . . . . . . . . . . . 49 5 Modular Arithmetic: Calculating with Residue Classes 65 6 Where All Roads Meet: Modular Exponentiation 79 6.1 FirstApproaches ....... . 79 6.2 M-ary Exponentiation . . . . . . . . . . . 85 6.3 Addition Chains and Windows . . . . . . . 98 6.4 Montgomery Reduction and Exponentiation 103 6.5 Cryptographic Application of Exponentiation . 114 7 Bitwise and Logical Functions 123 7.1 Shift Operations ............ . 123 7.2 All or Nothing: Bitwise Relations .... . 129 7.3 Direct Access to Individual Binary Digits . 135 7.4 Comparison Operators . . . . . . . . . . 138 Contents 8 Input, Output, Assignment, Conversion 143 9 Dynamic Registers 155 10 Basic Number-Theoretic Functions 165 1001 Greatest Common Divisor 0 0 0 0 0 0 0 0 0 0 166 1002 Multiplicative Inverse in Residue Class Rings 173 10o3 Roots and Logarithms 0 0 0 0 0 0 0 181 10o4 Square Roots in Residue Class Rings 187 10o4o1 The Jacobi Symbol o 0 o 188 100402 Square Roots Modulo pk 0 0 194 10o4o3 Square Roots Modulo n 0 o o 199 10.4.4 Cryptography with Quadratic Residues 207 10o5 APrimalityTest 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 210 11 Large Random Numbers 229 12 Strategies for Testing UNT 243 1201 StaticAnalysis 0 0 245 12o2 Run-TimeTests 0 0 0 247 II Arithmetic in C++ with the Class LINT 255 13 Let C++ Simplify Your life 257 13o1 Not a Public Affair: The Representation of Numbers in LINT 262 13o2 Constructors o 0 0 0 o 263 13o3 Overloaded Operators 0 0 0 0 0 0 0 0 0 0 0 267 14 The LINT Public Interface: Members and Friends 275 14o1 Arithmetic 0 0 0 0 0 0 0 0 275 14o2 NumberTheory 0 0 0 0 0 0 0 0 0 0 0 0 0 0 285 14o3 Stream 110 ofLINT Objects 0 0 0 0 0 0 0 0 290 14o3o1 Formatted Output of LINT Objects 292 14o3o2 Manipulators 0 0 0 0 0 0 299 14o3o3 File 1/0 for LINT Objects 302 15 Error Handling 307 1501 (Don't) Panic 00 0 307 15o2 User-Defined Error Handling 0 309 15o3 LINT Exceptions 0 0 0 0 0 0 0 0 311 16 An Application Example: The RSA Cryptosystem 317 16o1 Asymmetric Cryptosystems 318 16o2 The RSA Algorithm 0 0 0 0 0 0 0 0 0 0 0 0 0 320 vi Contents 16.3 Digital RSA Signatures 334 16.4 RSA Classes in C++ 341 17 Do It Yourself: Test LINT 351 18 Approaches for Further Extensions 355 19 Rijndael: A Successor to the Data Encryption Standard 357 19.1 Arithmetic with Polynomials . 359 19.2 The RijndaelAlgorithm .. 363 19.3 Calculating the Round Key . . 365 19.4 The S-Box .......... . 367 19.5 The Shi ftRow Transformation 368 19.6 The MixColumn Transformation . 370 19.7 The AddRoundKey Step ..... . 371 19.8 Encryption of a Block as a Complete Process 371 19.9 Decryption ................. . 375 III Appendices 379 A Directory of C Functions 381 A.1 Input/Output, Assignment, Conversions, Comparisons . 381 A.2 Basic Calculations . 382 A.3 Modular Arithmetic . . . . . . 383 A.4 Bitwise Operations . . . . . . 386 A.5 Number-Theoretic Functions 387 A.6 Generation of Pseudorandom Numbers 388 A.7 Register Management 389 B Directory of C++ Functions 391 B.1 Input/Output, Conversion, Comparison: Member Functions . 391 B.2 Input/Output, Conversion, Comparison: Friend Functions . 394 B.3 Basic Operations: Member Functions . . 396 B.4 Basic Operations: Friend Functions . . . 397 B.5 Modular Arithmetic: Member Functions . 398 B.6 Modular Arithmetic: Friend Functions . 399 B. 7 Bitwise Operations: Member Functions 401 B.8 Bitwise Operations: Friend Functions . 402 B.9 Number-Theoretic Member Functions 402 B.10 Number-Theoretic Friend Functions . 404 B.11 Generation of Pseudorandom Numbers 407 B.l2 Miscellaneous Functions ....... . 408 vii Contents c Macros 409 C.1 Error Codes and Status Values 409 C.2 Additional Constants . . 409 C.3 Macros with Parameters 411 D Calculation Times 415 E Notation 417 F Arithmetic and Number-Theoretic Packages 419 References 421 Index 427 viii List of Figures 4.1 Calculations for multiplication .... 33 4.2 Calculations for squaring . . . . . . . 39 4.3 CPU time for Karatsuba multiplication 48 4.4 Calculational schema for division . . . 50 11.1 Periodic behavior of a pseudorandom sequence 231 16.1 Example of the construction of a certificate . 340 16.2 Certification of a digital signature . . . . . . 340 19.1 Layering of transformations in the Rijndael rounds . 364 19.2 Diagram for round keys for Lk = 4 . . . . . . . . . 367 List of Tables 1.1 Arithmetic and Number Theory in C in Directory flint/ src . . . . 6 1.2 Arithmetic and Number Theory in C++ in Directory flint/ src . . . 7 1.3 Arithmetic Module in 80x86 Assembler (see Chapter 18) in Direc- toryflint/src/asm . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.4 Arithmetic libraries in 80x86 Assembler (see Chapter 18) in Direc- tory flint/lib . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.5 Tests (see Section 12.2 and Chapter 17) in Directory flint/test 7 1.6 RSA Implementation (see Chapter 16) in Directory flint/ rsa 7 3.1 FUNT/Cerrorcodes. . . . . . . . . . . . 19 5.1 Composition table for addition modulo 5 . 69 5.2 Composition table for multiplication modulo 5 . 69 6.1 Requirements for exponentiation . . . . . . . . 86 6.2 Numbers of multiplications for typical sizes of exponents and various bases 2k . . . . . . . . . . . . . . . . . . . . . . . . . . 87 6.3 Values for the factorization of the exponent digits into products of a power of 2 and an odd factor . . . . . . . . . . . . . . . . . . . 88 6.4 Numbers of multiplications for typical sizes of exponents and various bases 2k . . . . . . . . . . . . 89 6.5 Exponentiation functions in FUNT/C . 115 7.1 Values of a Boolean function . . . . . 130 7.2 Values of the CLINT function and_l() 130 7.3 Values of the CLINT function or_l() 130 7.4 Values of the CLINT function xor _l () 131 8.1 Diagnostic values of the function vcheck _l () 152 10.1 The largest known primes (as of August 2000) . 212 10.2 The number of primes up to various limits x 217 12.1 Group law for the integers to help in testing. 252 12.2 PUNT I C test functions . 253 13.1 LINT constructors .... 265 13.2 LINT arithmetic operators 268