如何使用 .NET Core 支持 ECC 中的安全曲线(例如 Curve25519)
How can you use .NET Core to support Safe Curves in ECC (eg. Curve25519)
.NET Core 似乎支持在 ECC 中创建自定义曲线。
我试过定义Curve25519,如下图:
public class Curves
{
// TODO: check the key gen rand.
public static ECCurve Curve25519
{
get
{
return new ECCurve()
{
CurveType = ECCurve.ECCurveType.PrimeMontgomery,
B = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1},
A = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,109,6},
G = new ECPoint()
{
X = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9},
Y = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }},
Prime = new byte[] { 127, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 237 },
Order = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8},
Cofactor = new byte[] { 1 } // fix later
};
}
}
然而,当我尝试定义它时
var ecc2 = ECDsa.Create(Curves.Curve25519);
我得到一个空指针异常。
有没有人看到任何明显的错误,或者 .NET Core 中对显式曲线的支持仍然不多?
出现错误是因为 Curve25519 是为 ECDH 密钥交换计算而设计的,特别是 X25519。此用法的详细信息位于 .
ECDSA 应该用于扭曲的 Edwards 版本的 Curve25519,即 Ed25519。该曲线可以在 .Net Core 中定义和使用,如下所示。
ECCurve ecCurve = new ECCurve() // Ed25519, 32 bytes, 256 bit
{
CurveType = ECCurve.ECCurveType.PrimeTwistedEdwards,
A = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xec }, // GF(-1)
B = new byte[] { 0x52, 0x03, 0x6C, 0xEE, 0x2B, 0x6F, 0xFE, 0x73, 0x8C, 0xC7, 0x40, 0x79, 0x77, 0x79, 0xE8, 0x98,
0x00, 0x70, 0x0A, 0x4D, 0x41, 0x41, 0xD8, 0xAB, 0x75, 0xEB, 0x4D, 0xCA, 0x13, 0x59, 0x78, 0xA3 },
G = new ECPoint()
{
X = new byte[] { 0x21, 0x69, 0x36, 0xD3, 0xCD, 0x6E, 0x53, 0xFE, 0xC0, 0xA4, 0xE2, 0x31, 0xFD, 0xD6, 0xDC, 0x5C,
0x69, 0x2C, 0xC7, 0x60, 0x95, 0x25, 0xA7, 0xB2, 0xC9, 0x56, 0x2D, 0x60, 0x8F, 0x25, 0xD5, 0x1A },
Y = new byte[] { 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x58 }
},
Prime = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xed },
Order = new byte[] { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed },
Cofactor = new byte[] { 8 }
};
参数A为-1,以上表示在2^255-19的伽罗瓦域中为-1。这可以通过在 SageMathCell.
处评估以下代码来计算
gf=GF(2^255-19)
print (hex(gf(-1)))
但是,应该使用documentation says explicit curves are not supported on below Windows 10 and macOS, and my tries show they throw exceptions on Linux. So, if platforms other than Windows 10 or inter-platform operability is needed, libraries like NSec or libsodium-core。
.NET Core 似乎支持在 ECC 中创建自定义曲线。
我试过定义Curve25519,如下图:
public class Curves
{
// TODO: check the key gen rand.
public static ECCurve Curve25519
{
get
{
return new ECCurve()
{
CurveType = ECCurve.ECCurveType.PrimeMontgomery,
B = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1},
A = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,109,6},
G = new ECPoint()
{
X = new byte[] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9},
Y = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }},
Prime = new byte[] { 127, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 237 },
Order = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8},
Cofactor = new byte[] { 1 } // fix later
};
}
}
然而,当我尝试定义它时
var ecc2 = ECDsa.Create(Curves.Curve25519);
我得到一个空指针异常。
有没有人看到任何明显的错误,或者 .NET Core 中对显式曲线的支持仍然不多?
出现错误是因为 Curve25519 是为 ECDH 密钥交换计算而设计的,特别是 X25519。此用法的详细信息位于
ECDSA 应该用于扭曲的 Edwards 版本的 Curve25519,即 Ed25519。该曲线可以在 .Net Core 中定义和使用,如下所示。
ECCurve ecCurve = new ECCurve() // Ed25519, 32 bytes, 256 bit
{
CurveType = ECCurve.ECCurveType.PrimeTwistedEdwards,
A = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xec }, // GF(-1)
B = new byte[] { 0x52, 0x03, 0x6C, 0xEE, 0x2B, 0x6F, 0xFE, 0x73, 0x8C, 0xC7, 0x40, 0x79, 0x77, 0x79, 0xE8, 0x98,
0x00, 0x70, 0x0A, 0x4D, 0x41, 0x41, 0xD8, 0xAB, 0x75, 0xEB, 0x4D, 0xCA, 0x13, 0x59, 0x78, 0xA3 },
G = new ECPoint()
{
X = new byte[] { 0x21, 0x69, 0x36, 0xD3, 0xCD, 0x6E, 0x53, 0xFE, 0xC0, 0xA4, 0xE2, 0x31, 0xFD, 0xD6, 0xDC, 0x5C,
0x69, 0x2C, 0xC7, 0x60, 0x95, 0x25, 0xA7, 0xB2, 0xC9, 0x56, 0x2D, 0x60, 0x8F, 0x25, 0xD5, 0x1A },
Y = new byte[] { 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x58 }
},
Prime = new byte[] { 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xed },
Order = new byte[] { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed },
Cofactor = new byte[] { 8 }
};
参数A为-1,以上表示在2^255-19的伽罗瓦域中为-1。这可以通过在 SageMathCell.
处评估以下代码来计算gf=GF(2^255-19)
print (hex(gf(-1)))
但是,应该使用documentation says explicit curves are not supported on below Windows 10 and macOS, and my tries show they throw exceptions on Linux. So, if platforms other than Windows 10 or inter-platform operability is needed, libraries like NSec or libsodium-core。