def Add_tgt(pk, C, C_prime):
Gt = pk['Gt']
G1 = pk['G1']
H1 = pk['H1']
g = pk['g']
h = pk['h']
a = randint(1, int(p))
b = randint(1, int(p))
#e(g,h1):
g1 = (e_hat(g, (H1[0] * a), Pair), e_hat(g, (H1[1] * a), Pair), Gt.one())
#e(g1,h):
h1 = (e_hat((G1[0] * b), h, Pair), e_hat((G1[1] * b), h, Pair), Gt.one())
C0 = C['C0'] * C_prime['C0'] * g1[0] * h1[0]
C1 = C['C1'] * C_prime['C1'] * g1[1] * h1[1]
C2 = C['C2'] * C_prime['C2'] * g1[2] * h1[2]
C_doubleprime = {
'C0': C0,
'C1': C1,
'C2': C2
} # C'' = e(C,C') * e(g,h1) * e(g1,h)
return C_doubleprime
def Multiply_src(pk, C0, C1):
Gt = pk['Gt']
G1 = pk['G1']
H1 = pk['H1']
g = pk['g']
h = pk['h']
a = randint(1, int(p))
b = randint(1, int(p))
#e(C0,C1):
#eC = (e_hat(C0[0],C1[0],Pair),e_hat(C0[0],C1[1],Pair)*e_hat(C0[1],C1[0],Pair),e_hat(C0[1],C1[1],Pair))
eC = e(C0, C1)
#e(g,h1):
g1 = (e_hat(g, H1[0] * a, Pair), e_hat(g, H1[1] * a, Pair), Gt.one())
#e(g1,h):
h1 = (e_hat(G1[0] * b, h, Pair), e_hat(G1[1] * b, h, Pair), Gt.one())
C = {
'C0': (eC[0] * g1[0]) * h1[0],
'C1': eC[1] * (g1[1] * h1[1]),
'C2': eC[2]
}
return C # C = e(C0,C1) * e(g,h1) * e(g1,h)
def en(g, h):
"""Evaluates the bilinear operator on pairs of elements of G and H.
Arguments:
g, a pair of elements of EFp
h, a pair of elements of EFp2
Returns a triple of elements of Fp12
"""
r0 = e_hat(g[0], h[0], Pair)
r1 = e_hat(g[0], h[1], Pair) * e_hat(g[1], h[0], Pair)
r2 = e_hat(g[1], h[1], Pair)
return (r0, r1, r2)
def e(g, h):
"""Evaluates the bilinear operator on pairs of elements of G and H.
Uses Karatsuba's trick.
Arguments:
pp, the public parameters describing the groups
g, a pair of elements of G
h, a pair of elements of H
Returns a triple of elements of Gt
"""
r0 = e_hat(g[0], h[0], Pair)
r2 = e_hat(g[1], h[1], Pair)
r1 = e_hat(g[0] + g[1], h[0] + h[1], Pair) * pp['Gt'].invert(r0 * r2)
return (r0, r1, r2)
def e(g, h):
"""Evaluates the bilinear operator on pairs of elements of G and H.
Uses Karatsuba's trick
Arguments:
g, a pair of elements of EFp
h, a pair of elements of EFp2
Returns a triple of elements of Fp12
"""
r0 = e_hat(g[0], h[0], Pair)
r2 = e_hat(g[1], h[1], Pair)
r1 = e_hat(g[0] + g[1], h[0] + h[1], Pair) * Fp12.invert(r0 * r2)
return (r0, r1, r2)
def Dec_tgt(sk, pk, C, table={}):
g = pk['g']
h = pk['h']
M = log_field(e_hat(g, h, Pair), sk['pi_t'](C), pk['Gt'], table)
return M
def KeyGen(pp):
G = pp['G'] # Representation of G
H = pp['H'] # Representation of H
s = getrandbits(MAX_BITS)
P1 = P * randint(0, int(n))
G1 = (G.neg(P1) * s, P1) # Description of G1 - (g^{-s},g)
Q1 = Q * randint(0, int(n))
H1 = (H.neg(Q1) * s, Q1) # Description of H1 - (h^{-s},h)
Gt = pp['Gt']
#g = P*randint(0,int(n)) # Random element of G
#h = Q*randint(0,int(n))# Random element of H
g = P1
h = Q1
gt = e_hat(g, h, Pair)
pk = {
'G': G,
'G1': G1,
'H': H,
'H1': H1,
'Gt': Gt,
'g': g,
'h': h,
'e': gt
}
def pi_1(g):
if g[1] == 1:
output = g[0]
else:
output = g[0] + (g[1] * s) # pi_1((g1,g2)) = g1 * g2^s
return output
def pi_2(h):
if h[1] == 1:
output = h[0]
else:
output = h[0] + (h[1] * s) # pi_2((h1,h2)) = h1 * h2^s
return output
def pi_t(gt):
if gt['C1'] == 1:
output = gt[0]
else:
output = gt['C0'] * (gt['C1']**s) * (gt['C2']**(
s**2)) # pi_t((gt1,gt2,gt3)) = gt1 * gt2^s * gt3^{s^2}
return output
sk = {'pi_1': pi_1, 'pi_2': pi_2, 'pi_t': pi_t}
return pk, sk
def Enc_tgt(pk, M):
a = randint(1, int(p))
b = randint(1, int(p))
G1 = pk['G1']
H1 = pk['H1']
Gt = pk['Gt']
gt = pk['e']
g1 = (G1[0] * a, G1[1] * a)
h1 = (H1[0] * b, H1[1] * b)
C0 = (gt**M) * e_hat(G1[1], h1[0], Pair) * e_hat(g1[0], H1[1], Pair)
C1 = e_hat(G1[1], h1[1], Pair) * e_hat(g1[1], H1[1], Pair)
C2 = Gt.one()
C = {'C0': C0, 'C1': C1, 'C2': C2}
return C
def test_bilinearity(self):
gta1 = e_hat(r * P, Q, Pair)
gta2 = e_hat(P, r * Q, Pair)
gta3 = gt**r
self.assertEqual(gta1, gta3, 'Not bilinear wrt G1')
self.assertEqual(gta2, gta3, 'Not bilinear wrt G2')
def test_pairing(self):
_ = e_hat(P, Q, Pair)
t = time.time() - self.startTime
print "%s: %.4f" % ("Pairing", t)
fp6_1 = Fp6.one()
fp6_xi = Fp6.elem(xi) # xi in Fp6
# Fp12
poly6 = field.polynom(Fp6, [fp6_1, fp6_0, -fp6_xi]) # X**2-xi
Fp12 = field.ExtensionField(Fp6, poly6)
fp12_0 = Fp12.zero()
fp12_1 = Fp12.one()
C12 = ellipticCurve.Curve(fp12_0, b * fp12_1, Fp12) # Y**2 = X**3+b
PInf12 = ellipticCurve.ECPoint(infty=True)
EFp12 = ellipticCurve.ECGroup(Fp12, C12, PInf12)
gamma = oEC.prec_gamma(Fp12, u, c, d)
Qpr = oEC.psi(EFp12, Q) # Qpr lives in E[Fp12b]
Pair = pairing.Pairing(EFp, EFp12, C, P, Q, n, Qpr, oEC.frobenius, gamma)
gt = e_hat(P, Q, Pair)
r = randint(0, int(n - 1))
gtr = gt**r
rgp = (randint(0, int(n - 1)) * P, randint(0, int(n - 1)) * P)
rhp = (randint(0, int(n - 1)) * Q, randint(0, int(n - 1)) * Q)
def en(g, h):
"""Evaluates the bilinear operator on pairs of elements of G and H.
Arguments:
g, a pair of elements of EFp
h, a pair of elements of EFp2
Returns a triple of elements of Fp12
"""