def test_random(self):
""" test using PRNG """
e, y = factoring_zk.prove(self.rng,
self.p,
self.q,
self.id,
ad=self.ad)
self.assertEqual(e, self.e)
self.assertEqual(y, self.y)
def test_tv(self):
""" test using test vectors """
for vector in self.tv:
if not vector['AD']:
vector['AD'] = None
e, y = factoring_zk.prove(None,
vector['P'],
vector['Q'],
vector['ID'],
ad=vector['AD'],
r=vector['R'])
self.assertEqual(e, vector['E'])
self.assertEqual(y, vector['Y'])
def generate_key_material_zkp(rng, key_material, ID, AD=None):
""" Generate ZK Proofs for key material
Generate a commitment to the ECDSA PK, a Schnorr's
Proof for the ECDSA PK and a factoring Proof for the
Paillier PK
The key material dictionary must have keys:
* paillier_sk
* paillier_pk
* ecdsa_sk
* ecdsa_pk
Args::
rng: pointer to CSPRNG
key_material: dictionary with the key material
Returns::
r: secret value for the ECDSA PK commitment
c: commitment for the ECDSA PK
sc: commitment for the Schnorr's Proof
sp: Schnorr's Proof
fe: Factoring Proof. First component
fy: Factoring Proof. Second component
"""
# Commit to ECDSA PK
r, c = commitments.nm_commit(rng, key_material['ecdsa_pk'])
# Generate Schnorr's proof for ECDSA PK
sr, sc = schnorr.commit(rng)
e = schnorr.challenge(key_material['ecdsa_pk'], sc, ID, AD=AD)
sp = schnorr.prove(sr, e, key_material['ecdsa_sk'])
# Generate ZKP of knowledge of factorization for
# Paillier key pair
psk_p, psk_q = mpc.mpc_dump_paillier_sk(key_material['paillier_sk'])
fe, fy = factoring_zk.prove(rng, psk_p, psk_q, ID, ad=AD)
return r, c, sc, sp, fe, fy
p = bytes.fromhex(p_hex)
q = bytes.fromhex(q_hex)
n = bytes.fromhex(n_hex)
ad = core_utils.generate_random(rng, 32)
print("Example ZK Proof of Knowledge of factoring")
print("Parameters")
print(f"\tP = {p.hex()}")
print(f"\tQ = {q.hex()}")
print(f"\tN = {n.hex()}")
print(f"\tID = {uid.decode('utf-8')}")
print(f"\tAD = {ad.hex()}")
# Prove
e, y = factoring_zk.prove(rng, p, q, uid, ad=ad)
print("\nGenerate proof")
print(f"\tE = {e.hex()}")
print(f"\tY = {y.hex()}")
# Verify
ec = factoring_zk.verify(n, e, y, uid, ad=ad)
print("\nVerify proof")
if ec == factoring_zk.OK:
print("\tSuccess")
else:
print("\tFailure")
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from amcl import factoring_zk
p_hex = "e008507e09c24d756280f3d94912fb9ac16c0a8a1757ee01a350736acfc7f65880f87eca55d6680253383fc546d03fd9ebab7d8fa746455180888cb7c17edf58d3327296468e5ab736374bc9a0fa02606ed5d3a4a5fb1677891f87fbf3c655c3e0549a86b17b7ddce07c8f73e253105e59f5d3ed2c7ba5bdf8495df40ae71a7f"
q_hex = "dbffe278edd44c2655714e5a4cc82e66e46063f9ab69df9d0ed20eb3d7f2d8c7d985df71c28707f32b961d160ca938e9cf909cd77c4f8c630aec34b67714cbfd4942d7147c509db131bc2d6a667eb30df146f64b710f8f5247848b0a75738a38772e31014fd63f0b769209928d586499616dcc90700b393156e12eea7e15a835"
n_hex = "c0870b552afb6c8c09f79e39ad6ca17ca93085c2cd7a726ade69574961ff9ce8ad33c7dda2e0703a3b0010c2e5bb7552c74164ce8dd011d85e5969090df53fe10e39cbe530704da32ff07228a6b6da34a5929e8a231c3080d812dc6e93affd81682339a6aee192927c582da8941bebf46e13c4ea3918a1477951fa66d367e70d8551b1869316d48317e0702d7bce242a326000f3dc763c44eba2044a1df713a94c1339edd464b145dcadf94e6e61be73dc270c878e1a28be720df2209202d00e101c3b255b757eaf547acd863d51eb676b851511b3dadeda926714719dceddd3af7908893ae65f2b95ee5c4d36cc6862cbe6886a62d7c1e2d0db48c399a6d44b"
r_hex = "c05f6c79e81fab2f1aa6af48dc5afa89a21c0aee03e93944cacfefef1be90f41ec8c2055760beafa9ed87dd67dbd56b33a2568dfec62a03f06c4f8449a93eee858507f4b602bf305e1c9968d9f5b6dc3120c27e053a1d7e51590e0bacb8d36c27bccce1a57c1e3aeb0832905d4e2bb8eaee883b4df042d8660cf3e0c9777b6be34c18bef02347f92cb71f372f61c018860211932dd46de8f925212d7afe6dd2f3cda05f8d5a6bd1b138b66c5efd7fca31f926c721f6d4207b97fc01cdf325da21233f6df37adbcd67472b332f7490a4a96e0fef31beef55b9446067b8e8d807384e3d31051c7a1f27296a6ae111b30c3d1f3f81666fd9ad99df531bb68428029"
uid = b"unique_user_identifier"
ad_hex = "d7d3155616778fb436a1eb2070892205"
if __name__ == "__main__":
p = bytes.fromhex(p_hex)
q = bytes.fromhex(q_hex)
n = bytes.fromhex(n_hex)
r = bytes.fromhex(r_hex)
ad = bytes.fromhex(ad_hex)
# Generate quantities for benchmark
e, y = factoring_zk.prove(None, p, q, uid, ad=ad, r=r)
assert factoring_zk.verify(n, e, y, uid, ad=ad) == factoring_zk.OK
# Run benchmark
fncall = lambda: factoring_zk.prove(None, p, q, uid, ad=ad, r=r)
time_func("prove ", fncall)
fncall = lambda: factoring_zk.verify(n, e, y, uid, ad=ad)
time_func("verify", fncall)