def sample(self, gtype=ZR) -> list:
# group.G.init() seems invalid :(
# group = PairingGroup(self.group.curve) seems invalid too!
group = PairingGroup('SS512') # toggle comment
#group = PairingGroup('SS1024') # toggle comment
one = group.init(gtype, 1)
zero = group.init(gtype, 0)
return [[one if i == j else zero for i in range(self.n)]
for j in range(self.n)]
def testSecretShare(self):
# Testing Secret sharing python API
k = 3
n = 4
group = PairingGroup('SS512')
s = SecretShare(group, False)
sec = group.random(ZR)
shares = s.genShares(sec, k, n)
K = shares[0]
if debug: print('\nOriginal secret: %s' % K)
y = {group.init(ZR, long(1)):shares[1], group.init(ZR, long(2)):shares[2], group.init(ZR, long(3)):shares[3]}
secret = s.recoverSecret(y)
assert K == secret, "Could not recover the secret!"
if debug: print("Successfully recovered secret: ", secret)
def testSecretShare(self):
# Testing Secret sharing python API
k = 3
n = 4
group = PairingGroup('SS512')
s = SecretShare(group, False)
sec = group.random(ZR)
shares = s.genShares(sec, k, n)
K = shares[0]
if debug: print('\nOriginal secret: %s' % K)
y = {
group.init(ZR, long(1)): shares[1],
group.init(ZR, long(2)): shares[2],
group.init(ZR, long(3)): shares[3]
}
secret = s.recoverSecret(y)
assert K == secret, "Could not recover the secret!"
if debug: print("Successfully recovered secret: ", secret)
secret = self.elem.init(ZR, 0)
# secret = 0
for i in list:
secret += (coeff[i] * shares[i])
return secret
if __name__ == "__main__":
# Testing Secret sharing python API
k = 3
n = 4
group = PairingGroup('SS512')
s = SecretShare(group, True)
sec = group.random(ZR)
shares = s.genShares(sec, k, n)
K = shares[0]
print('\nOriginal secret: %s' % K)
y = {group.init(ZR, 1):shares[1], group.init(ZR, 2):shares[2], group.init(ZR, 3):shares[3]}
secret = s.recoverSecret(y)
if(K == secret):
print('\nSuccessfully recovered secret: %s' % secret)
else:
print('\nCould not recover the secret!')
# ========== MODULE DECRYPTION ========== #
ciphertext['policy'] = '(DEPT1 and TEAM1)'
for k in range(sample_num):
# Their solution
starting = time() * 1000.0
for i in range(iterations):
c = abe.decrypt(ciphertext, pk, sk, pairing_group)
sample_mod_dec += ((time() * 1000.0) - starting)
print('MODULE DEC =', sample_mod_dec / sample_num)
# ========== HASH CHAIN DECRYPTION ========== #
for k in range(sample_num):
# Our solution
starting = time() * 1000.0
cpabe.decrypt(pk, sk, ciphertext)
for j in range(iterations - 1):
r = pairing_group.init(ZR, int(hashPair(pg_elem).decode('utf-8'), 16))
res_pg_elem = pg_elem ** r
sample_hc_dec += ((time() * 1000.0) - starting)
print('HASH CHAIN DEC =', sample_hc_dec / sample_num)
# ========== MODULE HASH CHAIN DECRYPTION ========== #
for k in range(sample_num):
# Our solution
starting = time() * 1000.0
c = abe.decrypt(ciphertext, pk, sk, pairing_group)
d = pg.hash_chain(pairing_group, c, iterations - 1)
sample_mod_hc_dec += ((time() * 1000.0) - starting)
print('MODULE HASH CHAIN DEC =', sample_mod_hc_dec / sample_num)
def query(edb: dict, keywords: list, key: tuple, iv: bytes, bf: BloomFilter,
g_serialized: bytes) -> list:
"""
Query OXT for some keywords
:param g_serialized:
:param bf:
:param iv:
:type key: tuple
:param key:
:param edb:
:param keywords:
:return:
"""
pairing = PairingGroup('SS512')
# ------ CLIENT ------
g = pairing.deserialize(g_serialized)
assert g.initPP(), "ERROR: Failed to init pre-computation table for g."
(K_P, K_S, K_X, K_I, K_Z, K_T) = key
stag = cal_cmac_aes(K_T, convert_to_bytes(keywords[0]))
if not stag:
return []
# ---------------- SERVER -------------
# get keys with stag
t_set_result = list()
c = 0
while True:
key = base64.encodebytes(stag).decode() + KEY_CONNECTOR + str(c)
if key in edb:
t_set_result.append(edb[key])
c += 1
else:
break
# ---------------- CLIENT -------------
# list of (e, y) with y is Element
oxt_t_set_tuples = t_set_result
if not oxt_t_set_tuples:
return []
# Concat xtoken with OXT Tuple
xtoken_tuples = list()
xterms = keywords[1:]
for c in range(len(oxt_t_set_tuples)):
z = cal_cmac_aes(K_Z,
convert_to_bytes(keywords[0]) + convert_to_bytes(c))
e_z = pairing.init(ZR, convert_int_from_bytes(z))
xtokens_serialized = list()
for xterm in xterms:
kxw = cal_cmac_aes(K_X, convert_to_bytes(xterm))
e_kxw = pairing.init(ZR, convert_int_from_bytes(kxw))
xtoken = g**(e_z * e_kxw)
xtokens_serialized.append(pairing.serialize(xtoken))
xtoken_tuples.append((oxt_t_set_tuples[c][1], xtokens_serialized))
# ---------------- SERVER -------------
# match xtags in BF
es = list()
for c in range(len(xtoken_tuples)):
# check matched in bloomfilter immediately
xtag_matched = True
y_c = pairing.deserialize(xtoken_tuples[c][0])
xtokens_serialized = xtoken_tuples[c][1]
for xtoken_serialized in xtokens_serialized:
xtag = pairing.deserialize(xtoken_serialized)**y_c
xtag_matched = xtag_matched and (str(xtag) in bf)
if xtag_matched:
es.append(oxt_t_set_tuples[c][0])
# ---------------- CLIENT -------------
# client decrypt e
K_e = cal_cmac_aes(K_S, convert_to_bytes(keywords[0]))
rinds = [decrypt_aes(K_e, iv, e) for e in es]
result = [
get_rind(base64.decodebytes(rind), K_P).decode() for rind in rinds
]
return result
for i in list:
secret += (coeff[i] * shares[i])
return secret
if __name__ == "__main__":
# Testing Secret sharing python API
k = 3
n = 4
group = PairingGroup('SS512')
s = SecretShare(group, True)
sec = group.random(ZR)
shares = s.genShares(sec, k, n)
K = shares[0]
print('\nOriginal secret: %s' % K)
y = {
group.init(ZR, 1): shares[1],
group.init(ZR, 2): shares[2],
group.init(ZR, 3): shares[3]
}
secret = s.recoverSecret(y)
if (K == secret):
print('\nSuccessfully recovered secret: %s' % secret)
else:
print('\nCould not recover the secret!')
class ObliviousTransfer(Protocol):
def __init__(self, messages=None, groupObj=None, common_input=None):
Protocol.__init__(self, None)
receiver_states = { 2:self.receiver_init2, 4:self.receiver_transfer4, 6:self.receiver_transfer6, 8:self.receiver_transfer8 }
sender_states = { 1:self.sender_init1, 3:self.sender_init3, 5:self.sender_transfer5, 7:self.sender_transfer7, 9:self.sender_transfer9 }
receiver_trans = { 2:4, 4:6, 6:8 }
sender_trans = { 1:3, 3:[3,5], 5:7, 7:9 }
# describe the parties involved and the valid transitions
Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans)
Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True)
# Protocol.setSerializers(self, self.serialize, self.deserialize)
# make sure
if groupObj == None:
self.group = PairingGroup('SS512')
else:
self.group = groupObj
# proof parameter generation
if common_input == None: # generate common parameters to P and V
db = {}
self.__gen_setup = True
else: # can be used as a sub-protocol if common_input is specified by caller
db = common_input
self.__gen_setup = False
Protocol.setSubclassVars(self, self.group, db)
if messages != None:
self.M, self.sig = [], []
for i in range(0, len(messages)):
self.M.append( bytes(messages[i], 'utf8') )
print("bytes =>", self.M[i],", message =>", messages[i])
# self.M.append(self.group.hash(messages[i], ZR))
# self.sig.append(messages[i])
# dict to hold variables from interaction
def get_common(self):
if self.__gen_setup:
g, h = self.group.random(G1), self.group.random(G2)
H = pair(g, h)
Protocol.store(self, ('g', g), ('h', h), ('H', H) )
return (g, h, H)
else: # common parameters generated already
return Protocol.get(self, ['g', 'h', 'H'])
# msgs => dict of M -> H(M)
def sender_init1(self):
M = self.M
print("SENDER 1: ")
(g, h, H) = self.get_common()
x = self.group.random(ZR)
y = g ** x
print("send g =>", g)
print("send h =>", h)
print("send H =>", H)
print("send x =>", x)
print("send y =>", y)
A, B, C = {}, {}, {}
for i in range(0, len(self.M)):
j = self.group.init(ZR, i+1)
print("j =>", j)
A[i] = g ** ~(x + j)
B[i] = pair(A[i], h) #, M[i])
C[i] = { 'A':A[i], 'B':B[i] }
S = { 'g':g, 'h':h, 'H':H, 'y':y }
Protocol.store(self, ('x', y), ('y',y), ('C', C) )
Protocol.setState(self, 3)
return { 'S':S, 'C':C , 'PoK':'SigmaProtocol1' }
def sender_init3(self, input):
print("SENDER 3: ", input)
result = 'FAIL'
pk = Protocol.get(self, ['g', 'H', 'h'], dict)
if input == 'GO':
PoK1 = SigmaProtocol1(self.group, pk)
PoK1.setup( {'name':'prover', 'type':PoK1.PROVER, 'socket':self._socket} )
PoK1.execute(PoK1.PROVER, close_sock=False)
# print("PoK1 prover result =>", PoK1.result)
if PoK1.result == 'OK':
# transition to transfer phase
Protocol.setState(self, 5)
result = PoK1.result
# else: # JAA - something to this effect (Error case doesn't work yet)
# Protocol.setState(self, 3); return {'PoK': 'REDO' }
# need store and get functions for db
return {'PoK': result }
def sender_transfer5(self, input):
print("SENDER 5: query =>", input)
if input.get('PoK') != None: # continue
Protocol.setState(self, 7)
return 'OK'
Protocol.setState(self, None)
return None
def sender_transfer7(self, input):
# print("SENDER 7: input =>", input)
if input.get('PoK2') != None:
# pk = Protocol.get(self, ['g','g2','y'], dict)
V = Protocol.get(self, ['V'])
pk = { 'V':V }
PoK2 = SigmaProtocol2(self.group, pk)
PoK2.setup( {'name':'verifier', 'type':PoK2.VERIFIER, 'socket':self._socket} )
Protocol.send_msg(self, 'GO')
PoK2.execute(PoK2.VERIFIER, close_sock=False)
# print("PoK2 verifier result =>", PoK2.result)
result = PoK2.result
if result == 'OK':
# print("transitioning to transfer9 result =>", result)
h, V = Protocol.get(self, ['h','V'])
W = pair(V, h)
Protocol.setState(self, 9)
return { 'PoK2':result, 'W':W, 'PoM':'SigmaProtocol3' }
Protocol.setState(self, None)
return None
def sender_transfer9(self, input):
# print("SENDER 9: PoM init =>", input)
if input == 'GO':
# print("Executing the PoM interactive proof.")
pk = Protocol.get(self, ['h','g','H','V'], dict)
PoM = SigmaProtocol3(self.group, pk)
PoM.setup( {'name':'prover', 'type':PoM.PROVER, 'socket':self._socket} )
PoM.execute(PoM.PROVER)
print("PoM prover result =>", PoM.result)
Protocol.setState(self, None)
return None
#################################
# END of SENDER state functions #
#################################
def receiver_init2(self, input):
print("RECEIVER 2: ")
pk = Sigma.get(self, ['S'])
if input['PoK'] == 'SigmaProtocol1':
PoK1 = SigmaProtocol1(self.group, pk)
PoK1.setup( {'name':'verifier', 'type':PoK1.VERIFIER, 'socket': self._socket} )
Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket
PoK1.execute(PoK1.VERIFIER, close_sock=False)
print("PoK1 verifier result =>", PoK1.result)
result = PoK1.result
if result == 'OK':
Protocol.setState(self, 4) # desired: 4 (TBD)
return {'PoK': result } # result should be R0 (state info) for Receiver
# let sender know to expect a PoK2 interaction next
def receiver_transfer4(self, input): # rec_tran4 -> sender_tran5
print("RECEIVER 4: Get query from end user.")
index = 0 # maps to position 0 in array (+1 indexed)
C = Protocol.get(self, ['C'])[0]
v = self.group.random(ZR) # secret for Receiver
V = C[index]['A'] ** v # public value
Protocol.setState(self, 6)
Protocol.store( self, ('v',v), ('V',V), ('query', index+1) )
return { 'V':V, 'PoK2':'SigmaProtocol2' }
def receiver_transfer6(self, input):
print("RECEIVER 6: input =>",input)
if input == 'GO':
(pk, V, v, query) = Protocol.get(self, ['S','V','v','query'])
pk['V'], pk['v'], pk['sigma'] = V, v, query
# set up client end of PoK2
PoK2 = SigmaProtocol2(self.group, pk)
PoK2.setup( {'name':'prover', 'type':PoK2.PROVER, 'socket':self._socket} )
PoK2.execute(PoK2.PROVER, close_sock=False)
print("PoK2 prover result =>", PoK2.result)
result = PoK2.result
Protocol.setState(self, 8)
return {'Pok2':result}
Protocol.setState(self, None)
return None
def receiver_transfer8(self, input):
print("RECEIVER 8:")
if input['PoK2'] != 'OK':
Protocol.setState(self, None)
return None
if input.get('PoM') != None:
# print("Executing the PoM interactive proof.")
pk = Protocol.get(self, ['W'], dict)
PoM = SigmaProtocol3(self.group, pk)
PoM.setup( {'name':'verifier', 'type':PoM.VERIFIER, 'socket': self._socket} )
Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket
PoM.execute(PoM.VERIFIER, close_sock=False)
result = PoM.result
print("PoM verifier result =>", result)
if result == 'OK':
# print("Now we recover ")
# W allows us to unlock the appropriate keyword, right?
# get query, B_query, and v
(W, v, C) = Protocol.get(self, ['W','v','C'])
index = 0
B = C[index]['B']
w = W ** ~v
# m = self.xor(B, w)
print("Query =>", index)
print("Corresponding B =>", B)
print("Original message key =>", w)
print("Search complete!!!")
Protocol.setState(self, None)
return None
def hash_Zn(keyword: str, group: PairingGroup) -> pairing.pc_element:
sha = hashlib.sha3_512()
sha.update(keyword.encode())
digest = sha.digest()
digest_int = int.from_bytes(digest, byteorder="big")
return group.init(ZR, digest_int)
class ObliviousTransfer(Protocol):
def __init__(self, messages=None, groupObj=None, common_input=None):
Protocol.__init__(self, None)
receiver_states = { 2:self.receiver_init2, 4:self.receiver_transfer4, 6:self.receiver_transfer6, 8:self.receiver_transfer8 }
sender_states = { 1:self.sender_init1, 3:self.sender_init3, 5:self.sender_transfer5, 7:self.sender_transfer7, 9:self.sender_transfer9 }
receiver_trans = { 2:4, 4:6, 6:8 }
sender_trans = { 1:3, 3:[3,5], 5:7, 7:9 }
# describe the parties involved and the valid transitions
Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans)
Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True)
# Protocol.setSerializers(self, self.serialize, self.deserialize)
# make sure
if groupObj == None:
self.group = PairingGroup('SS512')
else:
self.group = groupObj
# proof parameter generation
if common_input == None: # generate common parameters to P and V
db = {}
self.__gen_setup = True
else: # can be used as a sub-protocol if common_input is specified by caller
db = common_input
self.__gen_setup = False
Protocol.setSubclassVars(self, self.group, db)
if messages != None:
self.M, self.sig = [], []
for i in range(0, len(messages)):
self.M.append(messages[i])
print("bytes =>", self.M[i],", message =>", messages[i])
# self.M.append(self.group.hash(messages[i], ZR))
# self.sig.append(messages[i])
# dict to hold variables from interaction
def get_common(self):
if self.__gen_setup:
g, h = self.group.random(G1), self.group.random(G2)
H = pair(g, h)
Protocol.store(self, ('g', g), ('h', h), ('H', H) )
return (g, h, H)
else: # common parameters generated already
return Protocol.get(self, ['g', 'h', 'H'])
# msgs => dict of M -> H(M)
def sender_init1(self):
M = self.M
print("SENDER 1: ")
(g, h, H) = self.get_common()
x = self.group.random(ZR)
y = g ** x
print("send g =>", g)
print("send h =>", h)
print("send H =>", H)
print("send x =>", x)
print("send y =>", y)
A, B, C = {}, {}, {}
for i in range(0, len(self.M)):
j = self.group.init(ZR, i+1)
print("j =>", j)
A[i] = g ** ~(x + j)
B[i] = pair(A[i], h) #, M[i])
C[i] = { 'A':A[i], 'B':B[i] }
S = { 'g':g, 'h':h, 'H':H, 'y':y }
Protocol.store(self, ('x', y), ('y',y), ('C', C) )
Protocol.setState(self, 3)
return { 'S':S, 'C':C , 'PoK':'SigmaProtocol1' }
def sender_init3(self, input):
print("SENDER 3: ", input)
result = 'FAIL'
pk = Protocol.get(self, ['g', 'H', 'h'], dict)
if input == 'GO':
PoK1 = SigmaProtocol1(self.group, pk)
PoK1.setup( {'name':'prover', 'type':PoK1.PROVER, 'socket':self._socket} )
PoK1.execute(PoK1.PROVER, close_sock=False)
# print("PoK1 prover result =>", PoK1.result)
if PoK1.result == 'OK':
# transition to transfer phase
Protocol.setState(self, 5)
result = PoK1.result
# else: # JAA - something to this effect (Error case doesn't work yet)
# Protocol.setState(self, 3); return {'PoK': 'REDO' }
# need store and get functions for db
return {'PoK': result }
def sender_transfer5(self, input):
print("SENDER 5: query =>", input)
if input.get('PoK') != None: # continue
Protocol.setState(self, 7)
return 'OK'
Protocol.setState(self, None)
return None
def sender_transfer7(self, input):
# print("SENDER 7: input =>", input)
if input.get('PoK2') != None:
# pk = Protocol.get(self, ['g','g2','y'], dict)
V = Protocol.get(self, ['V'])
pk = { 'V':V }
PoK2 = SigmaProtocol2(self.group, pk)
PoK2.setup( {'name':'verifier', 'type':PoK2.VERIFIER, 'socket':self._socket} )
Protocol.send_msg(self, 'GO')
PoK2.execute(PoK2.VERIFIER, close_sock=False)
# print("PoK2 verifier result =>", PoK2.result)
result = PoK2.result
if result == 'OK':
# print("transitioning to transfer9 result =>", result)
h, V = Protocol.get(self, ['h','V'])
W = pair(V, h)
Protocol.setState(self, 9)
return { 'PoK2':result, 'W':W, 'PoM':'SigmaProtocol3' }
Protocol.setState(self, None)
return None
def sender_transfer9(self, input):
# print("SENDER 9: PoM init =>", input)
if input == 'GO':
# print("Executing the PoM interactive proof.")
pk = Protocol.get(self, ['h','g','H','V'], dict)
PoM = SigmaProtocol3(self.group, pk)
PoM.setup( {'name':'prover', 'type':PoM.PROVER, 'socket':self._socket} )
PoM.execute(PoM.PROVER)
print("PoM prover result =>", PoM.result)
Protocol.setState(self, None)
return None
#################################
# END of SENDER state functions #
#################################
def receiver_init2(self, input):
print("RECEIVER 2: ")
pk = Sigma.get(self, ['S'])
if input['PoK'] == 'SigmaProtocol1':
PoK1 = SigmaProtocol1(self.group, pk)
PoK1.setup( {'name':'verifier', 'type':PoK1.VERIFIER, 'socket': self._socket} )
Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket
PoK1.execute(PoK1.VERIFIER, close_sock=False)
print("PoK1 verifier result =>", PoK1.result)
result = PoK1.result
if result == 'OK':
Protocol.setState(self, 4) # desired: 4 (TBD)
return {'PoK': result } # result should be R0 (state info) for Receiver
# let sender know to expect a PoK2 interaction next
def receiver_transfer4(self, input): # rec_tran4 -> sender_tran5
print("RECEIVER 4: Get query from end user.")
index = 0 # maps to position 0 in array (+1 indexed)
C = Protocol.get(self, ['C'])[0]
v = self.group.random(ZR) # secret for Receiver
V = C[index]['A'] ** v # public value
Protocol.setState(self, 6)
Protocol.store( self, ('v',v), ('V',V), ('query', index+1) )
return { 'V':V, 'PoK2':'SigmaProtocol2' }
def receiver_transfer6(self, input):
print("RECEIVER 6: input =>",input)
if input == 'GO':
(pk, V, v, query) = Protocol.get(self, ['S','V','v','query'])
pk['V'], pk['v'], pk['sigma'] = V, v, query
# set up client end of PoK2
PoK2 = SigmaProtocol2(self.group, pk)
PoK2.setup( {'name':'prover', 'type':PoK2.PROVER, 'socket':self._socket} )
PoK2.execute(PoK2.PROVER, close_sock=False)
print("PoK2 prover result =>", PoK2.result)
result = PoK2.result
Protocol.setState(self, 8)
return {'Pok2':result}
Protocol.setState(self, None)
return None
def receiver_transfer8(self, input):
print("RECEIVER 8:")
if input['PoK2'] != 'OK':
Protocol.setState(self, None)
return None
if input.get('PoM') != None:
# print("Executing the PoM interactive proof.")
pk = Protocol.get(self, ['W'], dict)
PoM = SigmaProtocol3(self.group, pk)
PoM.setup( {'name':'verifier', 'type':PoM.VERIFIER, 'socket': self._socket} )
Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket
PoM.execute(PoM.VERIFIER, close_sock=False)
result = PoM.result
print("PoM verifier result =>", result)
if result == 'OK':
# print("Now we recover ")
# W allows us to unlock the appropriate keyword, right?
# get query, B_query, and v
(W, v, C) = Protocol.get(self, ['W','v','C'])
index = 0
B = C[index]['B']
w = W ** ~v
# m = self.xor(B, w)
print("Query =>", index)
print("Corresponding B =>", B)
print("Original message key =>", w)
print("Search complete!!!")
Protocol.setState(self, None)
return None
from charm.toolbox.pairinggroup import G1, G2, GT, ZR, PairingGroup, pair
group = PairingGroup("SS512")
zero = group.init(ZR, 0)
class Polynomial:
def __init__(self, coefs):
self.coefs = [
group.init(ZR, coef) if type(coef) is int else coef for coef in coefs
]
while len(self.coefs) > 1 and self.coefs[-1] == zero:
self.coefs.pop()
@property
def degree(self):
return len(self.coefs) - 1
def coef(self, i):
if i < len(self.coefs):
return self.coefs[i]
return zero
def evaluate(self, x):
if type(x) is int:
x = group.init(ZR, x)
result = zero
for deg, coef in enumerate(self.coefs):
result += coef * x ** deg
return result
if self.verbose: print("coefficients: ", coeff)
secret = 0
for i in list:
secret += (coeff[i] * shares[i])
return secret
if __name__ == "__main__":
# Testing Secret sharing python API
k = 3
n = 4
group = PairingGroup('SS512')
s = SecretShare(group, True)
sec = group.random(ZR)
shares = s.genShares(sec, k, n)
K = shares[0]
print('\nOriginal secret: %s' % K)
y = {group.init(ZR, 1):shares[1], group.init(ZR, 2):shares[2], group.init(ZR, 3):shares[3]}
secret = s.recoverSecret(y)
if(K == secret):
print('\nSuccessfully recovered secret: %s' % secret)
else:
print('\nCould not recover the secret!')
