/*
  Author:  Pate Williams (c) 1997

  Exercise 9.5
  "Suppose that Alice uses the Okamoto Scheme with
  p, q, t, alpha_1 and alpha_2 as in Exercise 9.4.
  Suppose also that v = 119504.
  (a) Verify that
      alpha_1 ^ 70 alpha_2 ^ 1033 v ^ 877 =
      alpha_1 ^ 248 alpha_2 ^ 882 v ^ 992 mod p.
  (b) Use this information to compute b_1 and b_2
      such that
      alpha_1 ^ - b_1 alpha_2 ^ - b_2 = v mod p.
  (c) Now suppose that Alice reveals that
      a_1 = 484 and a_2 = 935. Show how Alice and
      Olga together will compute
      log(alpha_1, alpha_2)." -Douglas R. Stinson-
  See "Cryptography: Theory and Practice" by
  Douglas R. Stinson page 304.
*/

#include <stdio.h>
#include "lip.h"

int main(void)
{
  long alpha1 = 60497, alpha2 = 17163;
  long p = 122503, q = 1201, r = 877, s = 992;
  long v = 119504;
  long a1 = 484, a2 = 935;
  long y1 = 70, y2 = 1033, z1 = 248, z2 = 883;
  verylong za = 0, zb = 0, zc = 0, zd = 0, ze = 0;
  verylong zf = 0, zp = 0, zq = 0, zr = 0, zs = 0;
  verylong zv = 0;
  verylong za1 = 0, za2 = 0, zb1 = 0, zb2 = 0;
  verylong zy1 = 0, zy2 = 0, zz1 = 0, zz2 = 0;
  verylong zalpha1 = 0, zalpha2 = 0;

  zintoz(alpha1, &zalpha1);
  zintoz(alpha2, &zalpha2);
  zintoz(p, &zp);
  zintoz(q, &zq);
  zintoz(r, &zr);
  zintoz(s, &zs);
  zintoz(v, &zv);
  zintoz(a1, &za1);
  zintoz(a2, &za2);
  zintoz(y1, &zy1);
  zintoz(y2, &zy2);
  zintoz(z1, &zz1);
  zintoz(z2, &zz2);
  zexpmod(zalpha1, zy1, zp, &za);
  zexpmod(zalpha2, zy2, zp, &zb);
  zexpmod(zv, zr, zp, &zc);
  zmulmod(za, zb, zp, &zd);
  zmulmod(zc, zd, zp, &ze);
  zexpmod(zalpha1, zz1, zp, &za);
  zexpmod(zalpha2, zz2, zp, &zb);
  zexpmod(zv, zs, zp, &zc);
  zmulmod(za, zb, zp, &zd);
  zmulmod(zc, zd, zp, &zf);
  zsubmod(zy1, zz1, zq, &za);
  zsubmod(zr, zs, zq, &zb);
  zinvmod(zb, zq, &zc);
  zmulmod(za, zc, zq, &zb1);
  zsubmod(zy2, zz2, zq, &za);
  zmulmod(za, zc, zq, &zb2);
  zsubmod(za1, zb1, zq, &za);
  zsubmod(zb2, za2, zq, &zb);
  zinvmod(zb, zq, &zd);
  zmulmod(za, zd, zq, &zc);
  zexpmod(zalpha1, zc, zp, &za);
  printf("alpha_1 = %ld\n", alpha1);
  printf("alpha_2 = %ld\n", alpha2);
  printf("p = %ld\n", p);
  printf("q = %ld\n", q);
  printf("r = %ld\n", r);
  printf("s = %ld\n", s);
  printf("v = %ld\n", v);
  printf("a_1 = %ld\n", a1);
  printf("a_2 = %ld\n", a2);
  printf("y_1 = %ld\n", y1);
  printf("y_2 = %ld\n", y2);
  printf("z_1 = %ld\n", z1);
  printf("z_2 = %ld\n", z2);
  if (zcompare(ze, zf) == 0)
    printf("equation verified\n");
  else
    printf("equation not verified\n");
  printf("b_1 = ");
  zwriteln(zb1);
  printf("b_2 = ");
  zwriteln(zb2);
  printf("log(alpha_1, alpha_2) = ");
  zwriteln(zc);
  if (zcompare(za, zalpha2) == 0)
    printf("log(alpha_1, alpha_2) verified\n");
  else
    printf("log(alpha_1, alpha_2) not verified\n");
  zfree(&za);
  zfree(&zb);
  zfree(&zc);
  zfree(&zd);
  zfree(&ze);
  zfree(&zf);
  zfree(&zp);
  zfree(&zq);
  zfree(&zr);
  zfree(&zs);
  zfree(&zv);
  zfree(&za1);
  zfree(&za2);
  zfree(&zb1);
  zfree(&zb2);
  zfree(&zy1);
  zfree(&zy2);
  zfree(&zz1);
  zfree(&zz2);
  zfree(&zalpha1);
  zfree(&zalpha2);
  return 0;
}