Lines Matching refs:xb
9 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
30 BIGNUM *xb; /* Alice's x2 or Bob's x4 */
90 ctx->xb = BN_new();
99 BN_clear_free(ctx->xb);
254 /* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
267 /* ... and xb in [0, q-1) */
268 BN_rand_range(ctx->xb, qm1);
270 BN_add_word(ctx->xb, 1);
280 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
351 * X = g^{(xa + xc + xd) * xb * s}
359 /* t2 = xb * s */
360 BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
363 * ZKP(xb * s)
368 * as the generator, which means X is g'^{xb * s}
369 * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
380 /* gx = g^{xc + xa + xb} * xd * s */
388 * K = (gx/g^{xb * xd * s})^{xb}
389 * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
390 * = (g^{(xa + xc) * xd * s})^{xb}
391 * = g^{(xa + xc) * xb * xd * s}
395 /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
396 BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
399 /* t3 = t1^t2 = g^{-xb * xd * s} */
401 /* t1 = gx * t3 = X/g^{xb * xd * s} */
403 /* K = t1^{xb} */
404 BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
421 * g' = g^{xc + xa + xb} [from our POV]
422 * t1 = xa + xb
424 BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
425 /* t2 = g^{t1} = g^{xa+xb} */
427 /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
