def __compute_or_proof(m, c2, s, h, g1, h1):
assert m == 0 | m == 1
e0, e1, t0, t1, w0, w1 = None, None, None, None, None, None
b = randint(n_u_ - 1)
if m == 0:
e1 = randint(n_u_ - 1)
t1 = randint(n_u_ - 1)
w0 = h * b
w1 = h * t1 + (c2 - (h1 * 1)) * (-e1)
longstring = g1.__repr__() + h1.__repr__() + c2.__repr__() + w0.__repr__() + w1.__repr__()
e0 = int((sha256(longstring).hexdigest()), 16) - e1
# TODO faut il faire modulo n_u_ ?
t0 = b + e0 * s
else:
e0 = randint(n_u_ - 1)
t0 = randint(n_u_ - 1)
w1 = h * b
w0 = h * t0 + (c2 - (h1 * 0)) * (-e0)
longstring = g1.__repr__() + h1.__repr__() + c2.__repr__() + w0.__repr__() + w1.__repr__()
e0 = int((sha256(longstring).hexdigest()), 16) - e0
# TODO faut il faire modulo n_u_ ?
t1 = b + e1 * s
return (e0, e1, t0, t1)
def ccsva_enc(m, g, g1, h, h1):
r = randint(n_u_)
s = randint(n_u_)
c = (c0, c1, c2) = ccs_enc(m, r, s, g, h, g1, h1)
sigmacc = (ecc, zm, zr, zs) = __compute_cc_proof(m, r, s, c, g, h, g1, h1)
sigmaor = (e0, e1, t0, t1) = __compute_or_proof(m, c2, s, h, g1, h1)
return (c, sigmacc, sigmaor)
def __compute_cc_proof(m, r, s, c, g, h, g1, h1):
j = randint(n_u_ - 1)
u = randint(n_u_ - 1)
v = randint(n_u_ - 1)
d = ccs_enc(j, u, v, g, h, g1, h1)
longstring = g1.__repr__() + h1.__repr__() + c.__repr__() + d.__repr__()
ecc = int((sha256(longstring).hexdigest()), 16)
# TODO faut il faire modulo n_u_ ?
(zm, zr, zs) = (j + ecc * m, u + ecc * r, v + ecc * s)
return (ecc, zm, zr, zs)
def ccs_gen():
''' Key generator for CCS Cryptosystem
This algorithms selects:
- two public generators g and h
- the public key g1 and h1
- the private key x1
'''
# Curve initialisation
(_, _, C, C2) = init_curves()
# Keys generation
g = C(None, representation = 'affine', infinite = False, random = True)
h = C2(None, representation = 'affine', infinite = False, random = True)
x1 = randint(n_u_ - 1)
g1 = g * x1
h1 = C2(None, representation = 'affine', infinite = False, random = True)
return ((g.affine(), h.affine(), g1.affine(), h1.affine()), x1) # (pk, sk)
