def sample(self, gtype=ZR) -> list: # group.G.init() seems invalid :( # group = PairingGroup(self.group.curve) seems invalid too! group = PairingGroup('SS512') # toggle comment #group = PairingGroup('SS1024') # toggle comment one = group.init(gtype, 1) zero = group.init(gtype, 0) return [[one if i == j else zero for i in range(self.n)] for j in range(self.n)]
def testSecretShare(self): # Testing Secret sharing python API k = 3 n = 4 group = PairingGroup('SS512') s = SecretShare(group, False) sec = group.random(ZR) shares = s.genShares(sec, k, n) K = shares[0] if debug: print('\nOriginal secret: %s' % K) y = {group.init(ZR, long(1)):shares[1], group.init(ZR, long(2)):shares[2], group.init(ZR, long(3)):shares[3]} secret = s.recoverSecret(y) assert K == secret, "Could not recover the secret!" if debug: print("Successfully recovered secret: ", secret)
def testSecretShare(self): # Testing Secret sharing python API k = 3 n = 4 group = PairingGroup('SS512') s = SecretShare(group, False) sec = group.random(ZR) shares = s.genShares(sec, k, n) K = shares[0] if debug: print('\nOriginal secret: %s' % K) y = { group.init(ZR, long(1)): shares[1], group.init(ZR, long(2)): shares[2], group.init(ZR, long(3)): shares[3] } secret = s.recoverSecret(y) assert K == secret, "Could not recover the secret!" if debug: print("Successfully recovered secret: ", secret)
secret = self.elem.init(ZR, 0) # secret = 0 for i in list: secret += (coeff[i] * shares[i]) return secret if __name__ == "__main__": # Testing Secret sharing python API k = 3 n = 4 group = PairingGroup('SS512') s = SecretShare(group, True) sec = group.random(ZR) shares = s.genShares(sec, k, n) K = shares[0] print('\nOriginal secret: %s' % K) y = {group.init(ZR, 1):shares[1], group.init(ZR, 2):shares[2], group.init(ZR, 3):shares[3]} secret = s.recoverSecret(y) if(K == secret): print('\nSuccessfully recovered secret: %s' % secret) else: print('\nCould not recover the secret!')
# ========== MODULE DECRYPTION ========== # ciphertext['policy'] = '(DEPT1 and TEAM1)' for k in range(sample_num): # Their solution starting = time() * 1000.0 for i in range(iterations): c = abe.decrypt(ciphertext, pk, sk, pairing_group) sample_mod_dec += ((time() * 1000.0) - starting) print('MODULE DEC =', sample_mod_dec / sample_num) # ========== HASH CHAIN DECRYPTION ========== # for k in range(sample_num): # Our solution starting = time() * 1000.0 cpabe.decrypt(pk, sk, ciphertext) for j in range(iterations - 1): r = pairing_group.init(ZR, int(hashPair(pg_elem).decode('utf-8'), 16)) res_pg_elem = pg_elem ** r sample_hc_dec += ((time() * 1000.0) - starting) print('HASH CHAIN DEC =', sample_hc_dec / sample_num) # ========== MODULE HASH CHAIN DECRYPTION ========== # for k in range(sample_num): # Our solution starting = time() * 1000.0 c = abe.decrypt(ciphertext, pk, sk, pairing_group) d = pg.hash_chain(pairing_group, c, iterations - 1) sample_mod_hc_dec += ((time() * 1000.0) - starting) print('MODULE HASH CHAIN DEC =', sample_mod_hc_dec / sample_num)
def query(edb: dict, keywords: list, key: tuple, iv: bytes, bf: BloomFilter, g_serialized: bytes) -> list: """ Query OXT for some keywords :param g_serialized: :param bf: :param iv: :type key: tuple :param key: :param edb: :param keywords: :return: """ pairing = PairingGroup('SS512') # ------ CLIENT ------ g = pairing.deserialize(g_serialized) assert g.initPP(), "ERROR: Failed to init pre-computation table for g." (K_P, K_S, K_X, K_I, K_Z, K_T) = key stag = cal_cmac_aes(K_T, convert_to_bytes(keywords[0])) if not stag: return [] # ---------------- SERVER ------------- # get keys with stag t_set_result = list() c = 0 while True: key = base64.encodebytes(stag).decode() + KEY_CONNECTOR + str(c) if key in edb: t_set_result.append(edb[key]) c += 1 else: break # ---------------- CLIENT ------------- # list of (e, y) with y is Element oxt_t_set_tuples = t_set_result if not oxt_t_set_tuples: return [] # Concat xtoken with OXT Tuple xtoken_tuples = list() xterms = keywords[1:] for c in range(len(oxt_t_set_tuples)): z = cal_cmac_aes(K_Z, convert_to_bytes(keywords[0]) + convert_to_bytes(c)) e_z = pairing.init(ZR, convert_int_from_bytes(z)) xtokens_serialized = list() for xterm in xterms: kxw = cal_cmac_aes(K_X, convert_to_bytes(xterm)) e_kxw = pairing.init(ZR, convert_int_from_bytes(kxw)) xtoken = g**(e_z * e_kxw) xtokens_serialized.append(pairing.serialize(xtoken)) xtoken_tuples.append((oxt_t_set_tuples[c][1], xtokens_serialized)) # ---------------- SERVER ------------- # match xtags in BF es = list() for c in range(len(xtoken_tuples)): # check matched in bloomfilter immediately xtag_matched = True y_c = pairing.deserialize(xtoken_tuples[c][0]) xtokens_serialized = xtoken_tuples[c][1] for xtoken_serialized in xtokens_serialized: xtag = pairing.deserialize(xtoken_serialized)**y_c xtag_matched = xtag_matched and (str(xtag) in bf) if xtag_matched: es.append(oxt_t_set_tuples[c][0]) # ---------------- CLIENT ------------- # client decrypt e K_e = cal_cmac_aes(K_S, convert_to_bytes(keywords[0])) rinds = [decrypt_aes(K_e, iv, e) for e in es] result = [ get_rind(base64.decodebytes(rind), K_P).decode() for rind in rinds ] return result
for i in list: secret += (coeff[i] * shares[i]) return secret if __name__ == "__main__": # Testing Secret sharing python API k = 3 n = 4 group = PairingGroup('SS512') s = SecretShare(group, True) sec = group.random(ZR) shares = s.genShares(sec, k, n) K = shares[0] print('\nOriginal secret: %s' % K) y = { group.init(ZR, 1): shares[1], group.init(ZR, 2): shares[2], group.init(ZR, 3): shares[3] } secret = s.recoverSecret(y) if (K == secret): print('\nSuccessfully recovered secret: %s' % secret) else: print('\nCould not recover the secret!')
class ObliviousTransfer(Protocol): def __init__(self, messages=None, groupObj=None, common_input=None): Protocol.__init__(self, None) receiver_states = { 2:self.receiver_init2, 4:self.receiver_transfer4, 6:self.receiver_transfer6, 8:self.receiver_transfer8 } sender_states = { 1:self.sender_init1, 3:self.sender_init3, 5:self.sender_transfer5, 7:self.sender_transfer7, 9:self.sender_transfer9 } receiver_trans = { 2:4, 4:6, 6:8 } sender_trans = { 1:3, 3:[3,5], 5:7, 7:9 } # describe the parties involved and the valid transitions Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans) Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True) # Protocol.setSerializers(self, self.serialize, self.deserialize) # make sure if groupObj == None: self.group = PairingGroup('SS512') else: self.group = groupObj # proof parameter generation if common_input == None: # generate common parameters to P and V db = {} self.__gen_setup = True else: # can be used as a sub-protocol if common_input is specified by caller db = common_input self.__gen_setup = False Protocol.setSubclassVars(self, self.group, db) if messages != None: self.M, self.sig = [], [] for i in range(0, len(messages)): self.M.append( bytes(messages[i], 'utf8') ) print("bytes =>", self.M[i],", message =>", messages[i]) # self.M.append(self.group.hash(messages[i], ZR)) # self.sig.append(messages[i]) # dict to hold variables from interaction def get_common(self): if self.__gen_setup: g, h = self.group.random(G1), self.group.random(G2) H = pair(g, h) Protocol.store(self, ('g', g), ('h', h), ('H', H) ) return (g, h, H) else: # common parameters generated already return Protocol.get(self, ['g', 'h', 'H']) # msgs => dict of M -> H(M) def sender_init1(self): M = self.M print("SENDER 1: ") (g, h, H) = self.get_common() x = self.group.random(ZR) y = g ** x print("send g =>", g) print("send h =>", h) print("send H =>", H) print("send x =>", x) print("send y =>", y) A, B, C = {}, {}, {} for i in range(0, len(self.M)): j = self.group.init(ZR, i+1) print("j =>", j) A[i] = g ** ~(x + j) B[i] = pair(A[i], h) #, M[i]) C[i] = { 'A':A[i], 'B':B[i] } S = { 'g':g, 'h':h, 'H':H, 'y':y } Protocol.store(self, ('x', y), ('y',y), ('C', C) ) Protocol.setState(self, 3) return { 'S':S, 'C':C , 'PoK':'SigmaProtocol1' } def sender_init3(self, input): print("SENDER 3: ", input) result = 'FAIL' pk = Protocol.get(self, ['g', 'H', 'h'], dict) if input == 'GO': PoK1 = SigmaProtocol1(self.group, pk) PoK1.setup( {'name':'prover', 'type':PoK1.PROVER, 'socket':self._socket} ) PoK1.execute(PoK1.PROVER, close_sock=False) # print("PoK1 prover result =>", PoK1.result) if PoK1.result == 'OK': # transition to transfer phase Protocol.setState(self, 5) result = PoK1.result # else: # JAA - something to this effect (Error case doesn't work yet) # Protocol.setState(self, 3); return {'PoK': 'REDO' } # need store and get functions for db return {'PoK': result } def sender_transfer5(self, input): print("SENDER 5: query =>", input) if input.get('PoK') != None: # continue Protocol.setState(self, 7) return 'OK' Protocol.setState(self, None) return None def sender_transfer7(self, input): # print("SENDER 7: input =>", input) if input.get('PoK2') != None: # pk = Protocol.get(self, ['g','g2','y'], dict) V = Protocol.get(self, ['V']) pk = { 'V':V } PoK2 = SigmaProtocol2(self.group, pk) PoK2.setup( {'name':'verifier', 'type':PoK2.VERIFIER, 'socket':self._socket} ) Protocol.send_msg(self, 'GO') PoK2.execute(PoK2.VERIFIER, close_sock=False) # print("PoK2 verifier result =>", PoK2.result) result = PoK2.result if result == 'OK': # print("transitioning to transfer9 result =>", result) h, V = Protocol.get(self, ['h','V']) W = pair(V, h) Protocol.setState(self, 9) return { 'PoK2':result, 'W':W, 'PoM':'SigmaProtocol3' } Protocol.setState(self, None) return None def sender_transfer9(self, input): # print("SENDER 9: PoM init =>", input) if input == 'GO': # print("Executing the PoM interactive proof.") pk = Protocol.get(self, ['h','g','H','V'], dict) PoM = SigmaProtocol3(self.group, pk) PoM.setup( {'name':'prover', 'type':PoM.PROVER, 'socket':self._socket} ) PoM.execute(PoM.PROVER) print("PoM prover result =>", PoM.result) Protocol.setState(self, None) return None ################################# # END of SENDER state functions # ################################# def receiver_init2(self, input): print("RECEIVER 2: ") pk = Sigma.get(self, ['S']) if input['PoK'] == 'SigmaProtocol1': PoK1 = SigmaProtocol1(self.group, pk) PoK1.setup( {'name':'verifier', 'type':PoK1.VERIFIER, 'socket': self._socket} ) Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket PoK1.execute(PoK1.VERIFIER, close_sock=False) print("PoK1 verifier result =>", PoK1.result) result = PoK1.result if result == 'OK': Protocol.setState(self, 4) # desired: 4 (TBD) return {'PoK': result } # result should be R0 (state info) for Receiver # let sender know to expect a PoK2 interaction next def receiver_transfer4(self, input): # rec_tran4 -> sender_tran5 print("RECEIVER 4: Get query from end user.") index = 0 # maps to position 0 in array (+1 indexed) C = Protocol.get(self, ['C'])[0] v = self.group.random(ZR) # secret for Receiver V = C[index]['A'] ** v # public value Protocol.setState(self, 6) Protocol.store( self, ('v',v), ('V',V), ('query', index+1) ) return { 'V':V, 'PoK2':'SigmaProtocol2' } def receiver_transfer6(self, input): print("RECEIVER 6: input =>",input) if input == 'GO': (pk, V, v, query) = Protocol.get(self, ['S','V','v','query']) pk['V'], pk['v'], pk['sigma'] = V, v, query # set up client end of PoK2 PoK2 = SigmaProtocol2(self.group, pk) PoK2.setup( {'name':'prover', 'type':PoK2.PROVER, 'socket':self._socket} ) PoK2.execute(PoK2.PROVER, close_sock=False) print("PoK2 prover result =>", PoK2.result) result = PoK2.result Protocol.setState(self, 8) return {'Pok2':result} Protocol.setState(self, None) return None def receiver_transfer8(self, input): print("RECEIVER 8:") if input['PoK2'] != 'OK': Protocol.setState(self, None) return None if input.get('PoM') != None: # print("Executing the PoM interactive proof.") pk = Protocol.get(self, ['W'], dict) PoM = SigmaProtocol3(self.group, pk) PoM.setup( {'name':'verifier', 'type':PoM.VERIFIER, 'socket': self._socket} ) Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket PoM.execute(PoM.VERIFIER, close_sock=False) result = PoM.result print("PoM verifier result =>", result) if result == 'OK': # print("Now we recover ") # W allows us to unlock the appropriate keyword, right? # get query, B_query, and v (W, v, C) = Protocol.get(self, ['W','v','C']) index = 0 B = C[index]['B'] w = W ** ~v # m = self.xor(B, w) print("Query =>", index) print("Corresponding B =>", B) print("Original message key =>", w) print("Search complete!!!") Protocol.setState(self, None) return None
def hash_Zn(keyword: str, group: PairingGroup) -> pairing.pc_element: sha = hashlib.sha3_512() sha.update(keyword.encode()) digest = sha.digest() digest_int = int.from_bytes(digest, byteorder="big") return group.init(ZR, digest_int)
class ObliviousTransfer(Protocol): def __init__(self, messages=None, groupObj=None, common_input=None): Protocol.__init__(self, None) receiver_states = { 2:self.receiver_init2, 4:self.receiver_transfer4, 6:self.receiver_transfer6, 8:self.receiver_transfer8 } sender_states = { 1:self.sender_init1, 3:self.sender_init3, 5:self.sender_transfer5, 7:self.sender_transfer7, 9:self.sender_transfer9 } receiver_trans = { 2:4, 4:6, 6:8 } sender_trans = { 1:3, 3:[3,5], 5:7, 7:9 } # describe the parties involved and the valid transitions Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans) Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True) # Protocol.setSerializers(self, self.serialize, self.deserialize) # make sure if groupObj == None: self.group = PairingGroup('SS512') else: self.group = groupObj # proof parameter generation if common_input == None: # generate common parameters to P and V db = {} self.__gen_setup = True else: # can be used as a sub-protocol if common_input is specified by caller db = common_input self.__gen_setup = False Protocol.setSubclassVars(self, self.group, db) if messages != None: self.M, self.sig = [], [] for i in range(0, len(messages)): self.M.append(messages[i]) print("bytes =>", self.M[i],", message =>", messages[i]) # self.M.append(self.group.hash(messages[i], ZR)) # self.sig.append(messages[i]) # dict to hold variables from interaction def get_common(self): if self.__gen_setup: g, h = self.group.random(G1), self.group.random(G2) H = pair(g, h) Protocol.store(self, ('g', g), ('h', h), ('H', H) ) return (g, h, H) else: # common parameters generated already return Protocol.get(self, ['g', 'h', 'H']) # msgs => dict of M -> H(M) def sender_init1(self): M = self.M print("SENDER 1: ") (g, h, H) = self.get_common() x = self.group.random(ZR) y = g ** x print("send g =>", g) print("send h =>", h) print("send H =>", H) print("send x =>", x) print("send y =>", y) A, B, C = {}, {}, {} for i in range(0, len(self.M)): j = self.group.init(ZR, i+1) print("j =>", j) A[i] = g ** ~(x + j) B[i] = pair(A[i], h) #, M[i]) C[i] = { 'A':A[i], 'B':B[i] } S = { 'g':g, 'h':h, 'H':H, 'y':y } Protocol.store(self, ('x', y), ('y',y), ('C', C) ) Protocol.setState(self, 3) return { 'S':S, 'C':C , 'PoK':'SigmaProtocol1' } def sender_init3(self, input): print("SENDER 3: ", input) result = 'FAIL' pk = Protocol.get(self, ['g', 'H', 'h'], dict) if input == 'GO': PoK1 = SigmaProtocol1(self.group, pk) PoK1.setup( {'name':'prover', 'type':PoK1.PROVER, 'socket':self._socket} ) PoK1.execute(PoK1.PROVER, close_sock=False) # print("PoK1 prover result =>", PoK1.result) if PoK1.result == 'OK': # transition to transfer phase Protocol.setState(self, 5) result = PoK1.result # else: # JAA - something to this effect (Error case doesn't work yet) # Protocol.setState(self, 3); return {'PoK': 'REDO' } # need store and get functions for db return {'PoK': result } def sender_transfer5(self, input): print("SENDER 5: query =>", input) if input.get('PoK') != None: # continue Protocol.setState(self, 7) return 'OK' Protocol.setState(self, None) return None def sender_transfer7(self, input): # print("SENDER 7: input =>", input) if input.get('PoK2') != None: # pk = Protocol.get(self, ['g','g2','y'], dict) V = Protocol.get(self, ['V']) pk = { 'V':V } PoK2 = SigmaProtocol2(self.group, pk) PoK2.setup( {'name':'verifier', 'type':PoK2.VERIFIER, 'socket':self._socket} ) Protocol.send_msg(self, 'GO') PoK2.execute(PoK2.VERIFIER, close_sock=False) # print("PoK2 verifier result =>", PoK2.result) result = PoK2.result if result == 'OK': # print("transitioning to transfer9 result =>", result) h, V = Protocol.get(self, ['h','V']) W = pair(V, h) Protocol.setState(self, 9) return { 'PoK2':result, 'W':W, 'PoM':'SigmaProtocol3' } Protocol.setState(self, None) return None def sender_transfer9(self, input): # print("SENDER 9: PoM init =>", input) if input == 'GO': # print("Executing the PoM interactive proof.") pk = Protocol.get(self, ['h','g','H','V'], dict) PoM = SigmaProtocol3(self.group, pk) PoM.setup( {'name':'prover', 'type':PoM.PROVER, 'socket':self._socket} ) PoM.execute(PoM.PROVER) print("PoM prover result =>", PoM.result) Protocol.setState(self, None) return None ################################# # END of SENDER state functions # ################################# def receiver_init2(self, input): print("RECEIVER 2: ") pk = Sigma.get(self, ['S']) if input['PoK'] == 'SigmaProtocol1': PoK1 = SigmaProtocol1(self.group, pk) PoK1.setup( {'name':'verifier', 'type':PoK1.VERIFIER, 'socket': self._socket} ) Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket PoK1.execute(PoK1.VERIFIER, close_sock=False) print("PoK1 verifier result =>", PoK1.result) result = PoK1.result if result == 'OK': Protocol.setState(self, 4) # desired: 4 (TBD) return {'PoK': result } # result should be R0 (state info) for Receiver # let sender know to expect a PoK2 interaction next def receiver_transfer4(self, input): # rec_tran4 -> sender_tran5 print("RECEIVER 4: Get query from end user.") index = 0 # maps to position 0 in array (+1 indexed) C = Protocol.get(self, ['C'])[0] v = self.group.random(ZR) # secret for Receiver V = C[index]['A'] ** v # public value Protocol.setState(self, 6) Protocol.store( self, ('v',v), ('V',V), ('query', index+1) ) return { 'V':V, 'PoK2':'SigmaProtocol2' } def receiver_transfer6(self, input): print("RECEIVER 6: input =>",input) if input == 'GO': (pk, V, v, query) = Protocol.get(self, ['S','V','v','query']) pk['V'], pk['v'], pk['sigma'] = V, v, query # set up client end of PoK2 PoK2 = SigmaProtocol2(self.group, pk) PoK2.setup( {'name':'prover', 'type':PoK2.PROVER, 'socket':self._socket} ) PoK2.execute(PoK2.PROVER, close_sock=False) print("PoK2 prover result =>", PoK2.result) result = PoK2.result Protocol.setState(self, 8) return {'Pok2':result} Protocol.setState(self, None) return None def receiver_transfer8(self, input): print("RECEIVER 8:") if input['PoK2'] != 'OK': Protocol.setState(self, None) return None if input.get('PoM') != None: # print("Executing the PoM interactive proof.") pk = Protocol.get(self, ['W'], dict) PoM = SigmaProtocol3(self.group, pk) PoM.setup( {'name':'verifier', 'type':PoM.VERIFIER, 'socket': self._socket} ) Protocol.send_msg(self, 'GO') # important: 1. acknowledges sub-protocol transition, 2. sends a short message using this socket PoM.execute(PoM.VERIFIER, close_sock=False) result = PoM.result print("PoM verifier result =>", result) if result == 'OK': # print("Now we recover ") # W allows us to unlock the appropriate keyword, right? # get query, B_query, and v (W, v, C) = Protocol.get(self, ['W','v','C']) index = 0 B = C[index]['B'] w = W ** ~v # m = self.xor(B, w) print("Query =>", index) print("Corresponding B =>", B) print("Original message key =>", w) print("Search complete!!!") Protocol.setState(self, None) return None
from charm.toolbox.pairinggroup import G1, G2, GT, ZR, PairingGroup, pair group = PairingGroup("SS512") zero = group.init(ZR, 0) class Polynomial: def __init__(self, coefs): self.coefs = [ group.init(ZR, coef) if type(coef) is int else coef for coef in coefs ] while len(self.coefs) > 1 and self.coefs[-1] == zero: self.coefs.pop() @property def degree(self): return len(self.coefs) - 1 def coef(self, i): if i < len(self.coefs): return self.coefs[i] return zero def evaluate(self, x): if type(x) is int: x = group.init(ZR, x) result = zero for deg, coef in enumerate(self.coefs): result += coef * x ** deg return result
if self.verbose: print("coefficients: ", coeff) secret = 0 for i in list: secret += (coeff[i] * shares[i]) return secret if __name__ == "__main__": # Testing Secret sharing python API k = 3 n = 4 group = PairingGroup('SS512') s = SecretShare(group, True) sec = group.random(ZR) shares = s.genShares(sec, k, n) K = shares[0] print('\nOriginal secret: %s' % K) y = {group.init(ZR, 1):shares[1], group.init(ZR, 2):shares[2], group.init(ZR, 3):shares[3]} secret = s.recoverSecret(y) if(K == secret): print('\nSuccessfully recovered secret: %s' % secret) else: print('\nCould not recover the secret!')