def schnorr_NIZK(): # setup start = time.time() grp = PairingGroup('MNT224') ps = PS01(grp) end = time.time() print("Setup time elapse: ") print(end - start) # keygen start = time.time() (pk, sk) = ps.keygen(2) end = time.time() print("KeyGen over two attributes time elapse: ") print(end - start) # generate a secret secret = grp.random() # NIZK Schnorr prover start = time.time() na = grp.random() a = pk['Y1'][0] ** na # deterministic nb m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) # r r = na + nb * secret end = time.time() print("NIZK Schnorr on one attribute Prover time elapse: ") print(end - start) # NIZK Schnorr verifier start = time.time() m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) lh = pk['Y1'][0] ** r rh = a * (pk['Y1'][0] ** secret) ** nb end = time.time() print("NIZK Schnorr Verifier time elapse: ") print(end - start) if lh == rh: print('check success') else: print('lh:=', lh) print('rh:=', rh)
def test_ps_sign_schnorr(): grp = PairingGroup('MNT224') ps = PS01(grp) messages = ["hi there"] (pk, sk) = ps.keygen(len(messages) + 1) if debug: print("Keygen...") print("pk :=", pk) print("sk :=", sk) t, commitment = ps.commitment(pk, *messages) # append public information commitment = commitment * (pk['Y1'][-1] ** grp.hash('3600', ZR)) if debug: print("commitment: ", commitment) be_signed = commitment sig = ps.sign(sk, pk, commitment) if debug: print("Signature: ", sig) sig = ps.unblind_signature(t, sig) # append public information messages.append('3600') result = ps.verify(pk, sig, *messages) assert result, "INVALID signature!" if debug: print("Successful Verification!!!") # sec6.2 randomize s1, s2 = sig t = grp.random(ZR) r = grp.random(ZR) s1p = s1**r s2p = (s2*(s1**t))**r # sec6.2 verify lh = pair(s1p, pk['X2']) lh = lh * ps.product([pair(s1p, y**grp.hash(m, ZR)) for y, m in zip(pk['Y2'], messages)]) lh = lh * pair(s1p, pk['g2']**t) rh = pair(s2p, pk['g2']) if lh == rh: print('check success') else: print('lh:=', lh) print('rh:=', rh)
def test_batch_function(): grp = PairingGroup('MNT224') g1 = grp.hash('g1', G1) g2 = grp.hash('g2', G1) h1 = grp.hash('h1', G2) h2 = grp.hash('h2', G2) h3 = grp.hash('h3', G2) start = time.time() lhs = pair(g1, h1) * pair(g1, h2) * pair(g1, h3) * pair(g2, h1) end = time.time() print(F'total time for un-batched: {end - start}') start = time.time() rhs = pair(g1, h1*h2*h3) * pair(g2, h1) end = time.time() print(F'total time for batched: {end - start}') if lhs == rhs: print('success') else: print('fail')
def test_speed_of_idp_user_lookup(): grp = PairingGroup('MNT224') h = grp.hash('yelp', G1) start = time.time() for i in range(0, 100000): r = grp.random() result = h ** r end = time.time() print("Time for IdP to look up a user's gamma among 100k users: ") print(end-start)
def keygen(pk, msk, S): group = PairingGroup('SS512') attributes = [unicode(a) for a in S] z = group.random() r = group.random() alpha = msk['alpha'] K0 = ((pk['g'] ** alpha) * (pk['w'] ** r)) ** (1/z) K1 = pk['g'] ** (r/z) K_x_2, K_x_3 = {},{} for attr in attributes: ri = group.random() K_x_2[attr] = pk['g'] ** (ri/z) K_x_2[attr] = objectToBytes(K_x_2[attr], group) K_x_3[attr] = ((((pk['u'] ** group.hash(unicode(attr),ZR))) * pk['h']) ** (ri/z)) * (pk['v'] ** (-r/z)) K_x_3[attr] = objectToBytes(K_x_3[attr], group) ik = {'S':S, 'K0':objectToBytes(K0, group), 'K1':objectToBytes(K1, group), 'Ki2':K_x_2, 'Ki3':K_x_3} sk = objectToBytes(z, group) return {'ik':ik, 'sk':sk}
def encrypt(policy_str, pool, group=None): print('policy_str in ABEnc=',policy_str) if group is None: group = PairingGroup('SS512') util = SecretUtil(group, False) policy = util.createPolicy(policy_str) secret = pool.pop('s') print('policy in ABEnc=',policy) sshares = util.calculateSharesList(secret, policy) sshares = dict([(x[0].getAttributeAndIndex(), x[1]) for x in sshares]) print('sshares in ABEnc=',sshares) C0 = pool.pop('C0') C_x_1, C_x_2, C_x_3, C_x_4, C_x_5 = {},{},{},{},{} for attr, s_share in sshares.items(): component = pool['components'].pop() C_x_1[attr] = component['C_j_1'] C_x_2[attr] = component['C_j_2'] C_x_3[attr] = component['C_j_3'] C_x_4[attr] = s_share - component['lambda_prime_j'] C_x_5[attr] = component['t_j'] * (group.hash(unicode(attr),ZR) - component['x_j']) ct = {'policy':policy_str, 'C0':C0,'C_j_1':C_x_1, 'C_j_2':C_x_2, 'C_j_3':C_x_3, 'C_j_4':C_x_4, 'C_j_5':C_x_5} print('ct in ABEnc=',ct) return (pool, ct)
def test_ps_sign_with_public_info(): # setup start = time.time() grp = PairingGroup('MNT224') ps = PS01(grp) end = time.time() print("Setup time elapse: ") print(end - start) # messages = ['Hi there', 'Not there', 'Some message ................', 'Dont know .............', 'great!!!!'] messages = ["hi there"] # keygen start = time.time() (pk, sk) = ps.keygen(len(messages) + 1) end = time.time() print("KeyGen time elapse: ") print(end - start) if debug: print("Keygen...") print("pk :=", pk) print("sk :=", sk) # requestID start = time.time() t, commitment = ps.commitment(pk, *messages) end = time.time() print("requestID time elapse: ") print(end - start) # append public information start = time.time() commitment = commitment * (pk['Y1'][-1] ** grp.hash('3600', ZR)) sig = ps.sign(sk, pk, commitment) end = time.time() print("ProvideID time elapse: ") print(end - start) if debug: print("commitment: ", commitment) if debug: print("Signature: ", sig) # unblind signature start = time.time() sig = ps.unblind_signature(t, sig) end = time.time() print("Unblind time elapse: ") print(end - start) # append public information messages.append('3600') result = ps.verify(pk, sig, *messages) assert result, "INVALID signature!" if debug: print("Successful Verification!!!") # prove ID start = time.time() rand_sig = ps.randomize_sig(sig) end = time.time() print("Credential Randomize time elapse: ") print(end - start) assert sig != rand_sig if debug: print("Randomized Signature: ", rand_sig) # cred.verify start = time.time() result = ps.verify(pk, rand_sig, *messages) end = time.time() print("RP's Credential Verify time elapse: ") print(end - start) assert result, "INVALID signature!" if debug: print("Successful Verification!!!")
from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, GT, pair from charm.toolbox.secretutil import SecretUtil from charm.toolbox.ABEnc import ABEnc import numpy as np group = PairingGroup('SS512') H4 = lambda x: group.hash(x + str(group.random(ZR)), ZR) def f(x, AP): roots = [] for i in xrange(1, len(AP) + 1): roots.insert(i, H4(str(i))) F = np.poly(roots) return F def flattenAttributes(setOfAttributes): attributes, attributes_, k = [], [], 0 N = len(numberOfAttributesAtAA_) for attributesForAA_k in setOfAttributes: assert len(attributesForAA_k) == numberOfAttributesAtAA_[ k], 'Incompatable setOfAttributes' attributes_k = [] for j in xrange(k): attributes_k += [False for i in xrange(numberOfAttributesAtAA_[j])] for a in attributesForAA_k: attributes.append(a) attributes_k.append(a) for j in xrange(k + 1, N): attributes_k += [False for i in xrange(numberOfAttributesAtAA_[j])]
return group.deserialize(b"0:" + encodebytes(g)) def deserialize1(g): """ """ # Only work in G1 here return group.deserialize(b"1:" + encodebytes(g)) def deserialize2(g): """ """ # Only work in G1 here return group.deserialize(b"2:" + encodebytes(g)) g1 = group.hash("geng1", G1) g1.initPP() # g2 = g1 g2 = group.hash("geng2", G2) g2.initPP() ZERO = group.random(ZR, seed=59) * 0 ONE = group.random(ZR, seed=60) * 0 + 1 def polynom_eval(x, coefficients): """Polynomial evaluation.""" y = ZERO xx = ONE for coeff in coefficients: y += coeff * xx xx *= x
# Only work in G1 here return decodestring(group.serialize(g)[2:]) def deserialize0(g): # Only work in G1 here return group.deserialize('0:'+encodestring(g)) def deserialize1(g): # Only work in G1 here return group.deserialize('1:'+encodestring(g)) def deserialize2(g): # Only work in G1 here return group.deserialize('2:'+encodestring(g)) g1 = group.hash('geng1', G1) g1.initPP() g2 = g1 #g2 = group.hash('geng2', G2) #g2.initPP() ZERO = group.random(ZR, seed=59)*0 ONE = group.random(ZR, seed=60)*0+1 class TBLSPublicKey(object): def __init__(self, l, k, VK, VKs): self.l = l self.k = k self.VK = VK self.VKs = VKs def __getstate__(self):
async def main(): # group setup and secret generation setup_start_time = time.time() global grp, ps, pk, secret, messages, sig, gamma, expires_in grp = PairingGroup('MNT224') messages = ['random_string'] secret = grp.hash(messages[0], ZR) ps = PS01(grp) pk = None setup_end_time = time.time() print("Setup total time: {0}s ".format(str(setup_end_time - setup_start_time))) # communicate with IdP print("****Communication with IdP****") idp_start_time = time.time() async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session: # first rt: get idp public key pk = await fetch(session, 'https://' + idp_ip + ':6000/') for key, value in pk.items(): if key in {'X2', 'g1', 'g2'}: pk[key] = grp.deserialize(value.encode()) else: pk[key] = [grp.deserialize(item.encode()) for item in value] if debug: print('idp pk:=', pk) # generate t and commitment start = time.time() t = grp.random(ZR) gt = (pk['g1'] ** t) commitment_secret = pk['Y1'][0] ** secret commitment = gt * commitment_secret if debug: print("commitment: ", commitment) end = time.time() print("CRED.PrepareBlindSign over {0} attributes time elapse: {1}s ".format(str(1), str(end - start))) # second rt: schnorr proof start = time.time() na = grp.random() a = pk['Y1'][0] ** na # schnorr NIZK: generate nb m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) r = na + nb * secret end = time.time() print("NIZK Schnorr Prover (User-IdP) over {0} element time elapse: {1}s ".format(str(1), str(end - start))) json_param = {'g_t': grp.serialize(gt).decode(), 'commitment_secret': grp.serialize(commitment_secret).decode(), 'a': grp.serialize(a).decode(), 'r': grp.serialize(r).decode()} average_time = 0 counter = 0 for i in range(0, 20): time1 = time.time() print(time.time()) json_rep = await fetch(session, 'https://' + idp_ip + ':6000/token', json_param) time2 = time.time() counter += 1 average_time += (time2 - time1) if 1/running_frequency - (time2 - time1) > 0: time.sleep(1/running_frequency - (time2 - time1)) print("average time per credential: ", str(average_time/counter)) idp_end_time = time.time() print("IdP total time: {0}s ".format(str(idp_end_time - idp_start_time)))
# Only work in G1 here return group.deserialize('0:'+encodestring(g)) def deserialize1(g): # Only work in G1 here return group.deserialize('1:'+encodestring(g)) def deserialize2(g): # Only work in G1 here return group.deserialize('2:'+encodestring(g)) def xor(x,y): assert len(x) == len(y) == 32 return ''.join(chr(ord(x_)^ord(y_)) for x_,y_ in zip(x,y)) g1 = group.hash('geng1', G1) g1.initPP() g2 = g1 #g2 = group.hash('geng2', G2) #g2.initPP() ZERO = group.random(ZR)*0 ONE = group.random(ZR)*0+1 def hashG(g): return SHA256.new(serialize(g)).digest() def hashH(g, x): assert len(x) == 32 return group.hash(serialize(g) + x, G2) class TPKEPublicKey(object):
# Only work in G1 here return decodestring(group.serialize(g)[2:]) def deserialize0(g): # Only work in G1 here return group.deserialize('0:'+encodestring(g)) def deserialize1(g): # Only work in G1 here return group.deserialize('1:'+encodestring(g)) def deserialize2(g): # Only work in G1 here return group.deserialize('2:'+encodestring(g)) g1 = group.hash('geng1', G1) g1.initPP() #g2 = g1 g2 = group.hash('geng2', G2) g2.initPP() ZERO = group.random(ZR)*0 ONE = group.random(ZR)*0+1 class TBLSPublicKey(object): def __init__(self, l, k, VK, VKs): self.l = l self.k = k self.VK = VK self.VKs = VKs def __getstate__(self):
class BLS(): """Класс, реализующий формирование и проверку ЭЦП по схеме Боне-Линна-Шахема Атрибуты: debug вывод дополнительной информации. group содержит в себе данные об точках на эллиптической кривой, порядке множества точек эллиптической кривой и так далее. P произвольная точка эллиптической кривой. sk секретный ключ. pk публичный ключ. """ def __init__(self, param_id, debug): """Конструктор класс Атрибуты: param_id параметры эллиптической кривой: {SS512, SS1024, MNT159, MNT201, MNT224}. debug вывод дополнительной информации. """ self.group = PairingGroup(param_id) self.debug = debug def keygen(self): """Генерация ключей Результат: P произвольная точка эллиптической кривой. sk секретный ключ. pk публичный ключ. """ P = self.group.random(G2) sk = self.group.random() pk = {'P^sk': P ** sk, 'P':P} if self.debug: self.output(1, sk, pk) return (pk, sk) def sign(self, message, sk): """Формирование подписи Аргументы: message сообщение, на основании которого необходимо создать цифровую подпись. sk секретный ключ. Результат: sign цифровая подпись. """ messageBytes = objectToBytes(message, self.group) sign = self.group.hash(messageBytes, G1) ** sk if self.debug: self.output(2, 0, 0, message, sign) return sign def verify(self, message, sign, pk): """Проверка подписи Аргументы: message сообщение, на основании которого необходимо создать цифровую подпись. sign цифровая подпись. pk публичный ключ. Результат: True при успешной проверки цифровой подписи. Fase при неудачной проверки цифровой подписи. """ messageBytes = objectToBytes(message, self.group) h = self.group.hash(messageBytes, G1) ver = pair(sign, pk['P']) == pair(h, pk['P^sk']) if self.debug: self.output(3, 0, pk, message, sign, ver) if ver: return True return False def output(self, phase, sk=0, pk=0, message='', sign=0, ver=False): """Режим дебага Аргументы: type 1 этап генерации ключей. 2 этап формирования подписи. 3 этап проверки подписи. Результат: вывод на экран полной информации о работе программы. """ if phase == 1: title = 'ГЕНЕРАЦИЯ КЛЮЧЕЙ' out = 'Точка эллиптической кривой:\n' + str(pk['P']) + '\nСекретный ключ:\n' + str(sk) + '\nПубличный ключ:\n' + str(pk['P^sk']) elif phase == 2: title = 'ФОРМИРОВАНИЕ ПОДПИСИ' out = 'Сообщение:\n' + str(message) + '\nЦифровая подпись:\n' + str(sign) elif phase == 3: title = 'ПРОВЕРКА ПОДПИСИ' out = 'Публичный ключ:\n' + str(pk['P^sk']) + '\nСообщение:\n' + str(message) + '\nЦифровая подпись:\n' + str(sign) + '\nПроверка:' if ver: out += 'Успешно' else: out += 'Неудачно' else: return print '=========={0}==========\n{1}'.format(title, out) print '=======================================\n'
def measure_time(attribute_num): # setup start = time.time() grp = PairingGroup('MNT224') ps = PS01(grp) end = time.time() print("Setup time elapse: ") print(end - start) # keygen start = time.time() (pk, sk) = ps.keygen(attribute_num) end = time.time() print("KeyGen over {0} attributes time elapse: {1}s ".format(str(attribute_num), str(end - start))) # generate a secret secret = grp.random() # NIZK Schnorr prover start = time.time() na = grp.random() a = pk['Y1'][0] ** na # deterministic nb m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) # r r = na + nb * secret end = time.time() print("NIZK Schnorr over {0} attributes Prover time elapse: {1}s".format(str(attribute_num), str((end - start)*attribute_num))) # NIZK Schnorr verifier start = time.time() m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) lh = pk['Y1'][0] ** r rh = a * (pk['Y1'][0] ** secret) ** nb end = time.time() print("NIZK Schnorr over {0} attributes Verifier time elapse: {1}s".format(str(attribute_num), str((end - start)*attribute_num))) if lh == rh: print('NIZK check success') else: print('NIZK check failure') # request ID messages = ["hello" + str(i) for i in range(0, attribute_num)] start = time.time() t, commitment = ps.commitment(pk, *messages) end = time.time() print("requestID over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start))) # prove ID start = time.time() sig = ps.sign(sk, pk, commitment) end = time.time() print("ProvideID over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start))) # unblind signature start = time.time() sig = ps.unblind_signature(t, sig) end = time.time() print("Unblind over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start))) # prove ID start = time.time() rand_sig = ps.randomize_sig(sig) cipher_sk = grp.random() cipher_1 = pk['Y2'][1] ** cipher_sk cipher_pk = (pk['Y2'][1] ** grp.hash('authority')) ** cipher_sk cipher_2 = cipher_pk * (pk['Y2'][0] ** grp.hash(messages[0], ZR)) end = time.time() print("Credential Randomize over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start))) # cred.verify start = time.time() result = ps.verify(pk, rand_sig, *messages) end = time.time() print("RP's Credential Verify over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair from charm.core.engine.util import objectToBytes,bytesToObject import time, json, pickle, os, random, csv, copy from sys import getsizeof groupObj='SS512' global group group = PairingGroup(groupObj) r = group.random(ZR) i=0 for i in xrange(1,10): r_i = group.hash(str(r) + str(i), ZR) print r_i
class TRC(): """docstring for TRC :example: trc = TRC('MNT159', 8, 'salt') """ def __init__(self, kappa, btLevel, salt): """Generate a group and an empty tree :kappa: MNT159, SS512, SS1024 :btLevel: the level of initial binary tree :salt: the salt to generate random-like nodes :self.N: the level of the tree :self.rest: available leaves in the tree :self.kunodes: a list to predict whether a node is revoked or not :self.bt: the binary tree """ self.group = PairingGroup(kappa) self.P, self.Q, self.msk = self.group.random(G1), self.group.random(G2) ,self.group.random(ZR) self.PK1 = self.msk * self.P self.PK2 = self.msk * self.Q self.N = btLevel self.rest = list(range(2 ** btLevel)) self.yellowPages = [] def preHandle(ids, preNodes): if len(ids) == 1: return preNodes else: i = 0 temp = [] while i < len(ids): newNodes = hashlib.sha256((str(ids[i] + ids[i+1]) + salt).encode('utf-8')) temp.append(newNodes.hexdigest()) # temp.append(ids[i] + ids[i+1]) i += 2 preNodes.append(temp) preHandle(temp, preNodes) basket = [str(x) for x in self.rest] retList = [] preHandle(self.rest, basket) for i in basket[::-1]: retList.extend(i) self.bt = build([int(binascii.b2a_hex(x.encode('utf-8'))) for x in retList]) self.kunodes = {self.bt.value} def keygen(self, id, flag): """According to id, generate a corresponding pseudonym """ Recorder = namedtuple('Recorder', 'id pk flag') pid = (hashlib.sha256(str(id).encode('utf-8'))).hexdigest() pk_i = self.group.hash(str(id), G1) if flag == 'V' else self.group.hash(str(id), G2) sk_i = self.msk * pk_i self.yellowPages.append(Recorder(id, pk_i, flag)) return (int(binascii.b2a_hex(pid.encode('utf-8'))), pk_i, sk_i) def keyUp(self, rl): """Kunode Algorithm :rl: revocation list, contains the instance of OBU """ X = [] Y = [] for obu in rl: X.extend(obu.path) X = list(set(X)) for x in X: if x.left and x.left not in X: Y.append(x.left.value) elif x.right and x.right not in X: Y.append(x.right.value) else: pass if Y == []: Y.append(self.bt.value) self.kunodes = set(Y) - set(self.rest)
else: labeled_instance = [label] + instance[0] hashed_instance = group.hash(labeled_instance, ZR) c = hadamard_product(crs[3], basematrix_pow_exp(crs[4], hashed_instance)) # pi=[PI]1, crs[5]=[(1,a)]2, y=[Y]1, c=[C]2 # print(pairing_matrix(pi, crs[5])) # print(pairing_matrix(instance, c)) return pairing_matrix(pi, crs[5]) == pairing_matrix(instance, c) if __name__ == '__main__': # 'MNT159' represents an asymmetric curve with 159-bit base field group = PairingGroup('MNT159') g1 = group.random(G1) g2 = group.random(G2) t = group.random(ZR) # Third-Party-Section crs = generate_crs(group, g1, g2, t) # Certification-Section r = group.random(ZR) y = generate_instance(crs, r) alpha = group.hash(y[0], ZR) pi = generate_pi(group, crs, y, r) # Verification-Section print("accept" if check_certificate(group, crs, pi, y) else "reject")
#!./venv/bin/python3 from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, GT, pair def irange(a, b): return range(a, b + 1) group = PairingGroup('BN254') _G = group.hash("G", G1) _H = group.hash("H", G2) def generate_crs(G, H, d): crs_g = { (0, 0, 0): G(0, 0, 0), (1, 0, 0): G(1, 0, 0), (0, 0, 1): G(0, 0, 1), } for i in irange(0, 2 * d): for j in irange(1, 12): if j == 7: continue crs_g[(i, j, 0)] = G(i, j, 0) for i in irange(0, 2 * d): for j in irange(1, 6): for k in irange(1, 3 * d): if (i, j) == (d, 4): continue crs_g[(i, j, k)] = G(i, j, k)
async def main(): # group setup and secret generation setup_start_time = time.time() global grp, ps, pk, secret, messages, sig, gamma, expires_in grp = PairingGroup('MNT224') messages = ['random_string'] secret = grp.hash(messages[0], ZR) ps = PS01(grp) pk = None setup_end_time = time.time() print("Setup total time: {0}s ".format(str(setup_end_time - setup_start_time))) # communicate with IdP print("****Communication with IdP****") idp_start_time = time.time() async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session: # first rt: get idp public key pk = await fetch(session, 'https://' + idp_ip + ':6000/') for key, value in pk.items(): if key in {'X2', 'g1', 'g2'}: pk[key] = grp.deserialize(value.encode()) else: pk[key] = [grp.deserialize(item.encode()) for item in value] if debug: print('idp pk:=', pk) # generate t and commitment start = time.time() t = grp.random(ZR) gt = (pk['g1'] ** t) commitment_secret = pk['Y1'][0] ** secret commitment = gt * commitment_secret if debug: print("commitment: ", commitment) end = time.time() print("CRED.PrepareBlindSign over {0} attributes time elapse: {1}s ".format(str(1), str(end - start))) # second rt: schnorr proof start = time.time() na = grp.random() a = pk['Y1'][0] ** na # schnorr NIZK: generate nb m = hashlib.sha256() m.update(grp.serialize(pk['Y1'][0])) m.update(grp.serialize(a)) m.update(grp.serialize(pk['Y1'][0] ** secret)) m.update(b'userid') # replaced with real values nb = m.digest() nb = grp.hash(nb) r = na + nb * secret end = time.time() print("NIZK Schnorr Prover (User-IdP) over {0} element time elapse: {1}s ".format(str(1), str(end - start))) json_param = {'g_t': grp.serialize(gt).decode(), 'commitment_secret': grp.serialize(commitment_secret).decode(), 'a': grp.serialize(a).decode(), 'r': grp.serialize(r).decode()} json_rep = await fetch(session, 'https://' + idp_ip + ':6000/token', json_param) # parse the reply id_token = json_rep['id_token'] id_token = [grp.deserialize(item.encode()) for item in id_token] expires_in = json_rep['expires_in'] gamma = json_rep['gamma'] if debug: print('user id token:=', id_token) print('expires_in:=', expires_in) print('gamma:=', gamma) # unblind signature start = time.time() sig = ps.unblind_signature(t, id_token) end = time.time() print("CRED.Unblind time elapse: {0}s ".format(str(end - start))) messages.append(gamma) messages.append(expires_in) for i in range(3, len(pk['Y1'])): messages.append(str(i - 3) + 'th-element') if debug: print(messages) result = ps.verify(pk, sig, *messages) assert result, 'invalid signature' print('Successfully verification') gamma = grp.hash(gamma, ZR) idp_end_time = time.time() print("IdP total time: {0}s ".format(str(idp_end_time - idp_start_time))) # communicate with RP rp_start_time = time.time() for i in range(running_times): print("\n****Communication with RP****") async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session: json_param = generate_params_for_RP() json_rep = await fetch(session, 'https://' + rp_ip + ':6001/authenticate', json_param) if debug: print(json_rep) rp_end_time = time.time() print("RP total time: {0}s ".format(str(rp_end_time - rp_start_time)))
class mPECK: def __init__(self): self.group = PairingGroup('SS512') def keygen(self, n, g=None): if(g == None): g = self.g_gen() keyPair_list = list() for a in range(n): keyPair_list.append(self.single_keygen(g)) return keyPair_list def single_keygen(self, g): x = self.group.random() h = g ** x pk = {'g':g, 'h':h } sk = {'x':x} return (pk, sk) def g_gen(self): return self.group.random(G1) def m_peck(self, X): g, m, W, pks = X s = self.group.random() r = self.group.random() E = self.m_enc(g, m, pks, r, s) A = g ** r B = list() for b in pks: B.append(b ** s) C = list() for w in W: h = self.group.hash(w, G1) ** r f = self.hash2(w, G1) ** s C.append(h * f) return (E,(A,B,C)) def trapdoor(self,X): g, Q, sk = X t = self.group.random() Q1 = g ** t Q2 = 1 Q3 = 1 for w in range(len(Q[0])): Q2 *= self.group.hash(Q[1][w], G1) Q3 *= self.hash2(Q[1][w], G1) Q2 = Q2 ** t Q3 = Q3 ** (t/sk) return (Q1,Q2,Q3,Q[0]) def test(self,X): ES, TQ, pk = X P = 1 for I in TQ[3]: P *= ES[1][2][I] lhs = pair(TQ[0], P) rhs = pair(ES[1][0], TQ[1]) for B in ES[1][1]: if lhs == rhs * pair(B, TQ[2]): return (ES[1][0],B,ES[0]) #this output format is described on page 16 return None def m_enc(self, g, m, pks, r, s): return self.bytes_xor(objectToBytes(self.group.hash(pair(g,g) ** (r*s), G1), self.group), m) # TODO find suitable hashing function mapping to M def m_dec(self, sk, A, B, E): X = objectToBytes(self.group.hash(pair(A, B) ** (1/sk), G1), self.group) xor = self.bytes_xor(E, X) return xor #if user is legitimate, this will be equal to m def hash2(self, m, type): return self.group.hash(self.group.hash(m, type), type) # does this count as a second (different) hash function that maps to G1? def bytes_xor(self, a, b): return ''.join(chr(ord(x) ^ ord(y)) for x,y in zip(a,b)) def toBytes(self, m): return objectToBytes(m, self.group) def fromBytes(self, m): return bytesToObject(m.ljust(2, b"\x3d"), self.group)