Lines Matching defs:xb
10 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
29 BIGNUM *xb; /* Alice's x2 or Bob's x4 */
89 ctx->xb = BN_new();
98 BN_clear_free(ctx->xb);
257 /* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
270 /* ... and xb in [0, q-1) */
271 BN_rand_range(ctx->xb, qm1);
273 BN_add_word(ctx->xb, 1);
283 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
350 * X = g^{(xa + xc + xd) * xb * s}
358 /* t2 = xb * s */
359 BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
362 * ZKP(xb * s)
367 * as the generator, which means X is g'^{xb * s}
368 * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
379 /* gx = g^{xc + xa + xb} * xd * s */
387 * K = (gx/g^{xb * xd * s})^{xb}
388 * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
389 * = (g^{(xa + xc) * xd * s})^{xb}
390 * = g^{(xa + xc) * xb * xd * s}
394 /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
395 BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
398 /* t3 = t1^t2 = g^{-xb * xd * s} */
400 /* t1 = gx * t3 = X/g^{xb * xd * s} */
402 /* K = t1^{xb} */
403 BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
420 * g' = g^{xc + xa + xb} [from our POV]
421 * t1 = xa + xb
423 BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
424 /* t2 = g^{t1} = g^{xa+xb} */
426 /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */