def main():
  l = 2201426263
  p = 6 * l - 1
  F = ExtendedFiniteField(p, "x^2+x+1")
  E = EllipticCurve(F, 0, 1)
  i = 3
  while True:
    y = E.get_corresponding_y(i)
    if y != None:
      P = E(i, y)
      if (l * P).is_infinity():
        break
    i += 1
  print P

  rand = [randint(2**31, 2**32) for _ in xrange(10)]

  print "[+] Weil Pairing: "
  for x in rand:
    print weil_pairing(E, P, (x * P).distortion_map(), l)
Beispiel #2
0
def reencrypt(c, rk):
	global E, l
	return weil_pairing(E, c[0], rk, l), c[1]
Beispiel #3
0
def encrypt(m, pk):
 	global E, l, p, P
	r = random.randint(1, p-1)
	c = r * P, m * weil_pairing(E, P, r * pk, l)
	return c
Beispiel #4
0
def decrypt(c, sk):
	global E, l, P
	return c[1] / weil_pairing(E, c[0], sk * P, l)
Beispiel #5
0
# [!] type-1 pairing
p = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
l = 52435875175126190479447740508185965837690552500527637822603658699938581184513 
F = FiniteField(p)
E = EllipticCurve(F, 0, 4)
P = E(3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507, 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569)

# BLS12-381 curve
# [!] type-2 pairing
#p = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
#l = 52435875175126190479447740508185965837690552500527637822603658699938581184513 
#F = ExtendedFiniteField(p, "x^2+1")
#E = EllipticCurve(F, 0, 4)
#P = E((352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160, 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758), (1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905, 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582))

Z = weil_pairing(E,P,P,l)

#----------------------------------------------
# return (x,y,d) such that a*x+b*y = d = gcd(a,b)
def exGcd(a, b):
    if (b==0):
        return (1,0,a);
    else:
        (y,x,d) = exGcd(b, a%b)   # which means y*b + x*(a%b) = d, i.e. y*b + x*(a-a/b*b) = d <=> a*x + b*(y-a/b*x) = d
        return (x, y-a/b*x, d)

# return x such that x^n = a mod p
def nth_root(a, n, p):
	if (exGcd(n, p-1)[2] != 1): sys.exit("gcd(n, p-1) != 1")
	#return powermod(a, exGcd(n, p-1)[0], p)
	return a**exGcd(n, p-1)[0]