def encrypt(self, pk, m, salt=None):
octetlen = int(ceil(int(pk['N']).bit_length() / 8.0))
EM = self.paddingscheme.encode(m, octetlen, "", salt)
if debug: print("EM == >", EM)
i = Conversion.OS2IP(EM)
ip = integer(i) % pk['N'] #Convert to modular integer
return (ip**pk['e']) % pk['N']
def eval(self, k, input1):
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input1)
return Conversion.bytes2integer(h.hexdigest())
def verify(self, pk, M, S):
modbits = int(pk['N']).bit_length()
k = int(ceil(modbits / 8.0))
emLen = int(ceil((modbits - 1) / 8.0))
if len(S) != k:
if debug: print("Sig is %s octets long, not %" % (len(S), k))
return False
s = Conversion.OS2IP(S)
s = integer(s) % pk['N'] #Convert to modular integer
m = (s**pk['e']) % pk['N']
EM = Conversion.IP2OS(m, emLen)
if debug:
print("Verifying")
print("k =>", k)
print("emLen =>", emLen)
print("s =>", s)
print("m =>", m)
print("em =>", EM)
print("S =>", S)
return self.paddingscheme.verify(M, EM, modbits - 1)
def sign(self, sk, M, salt=None):
#apply encoding
modbits = int(sk['N']).bit_length()
k = int(ceil(modbits / 8.0))
emLen = int(ceil((modbits - 1) / 8.0))
em = self.paddingscheme.encode(M, modbits - 1, salt)
m = Conversion.OS2IP(em)
m = integer(m) % sk['N'] #ERRROR m is larger than N
s = (m**sk['d']) % sk['N']
S = Conversion.IP2OS(s, k)
if debug:
print("Signing")
print("k =>", k)
print("emLen =>", emLen)
print("m =>", m)
print("em =>", em)
print("s =>", s)
print("S =>", S)
return S
def eval(self, k, input, outputLen):
if outputLen % 8 != 0:
return False
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input)
seed = Conversion.bytes2integer(h.hexdigest())
#print("Prf result =>", seed)
return seed
def eval(self, k, input, outputLen):
if outputLen%8 != 0:
return False
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input)
seed = Conversion.bytes2integer(h.hexdigest())
#print("Prf result =>", seed)
return seed
def strToId( pk , strID ) : '''Hash the identity string and break it up in to l bit pieces''' hash = sha1( strID ) val = Conversion.OS2IP( hash ) #Convert to integer format bstr = bin( val ) [ 2 : ] #cut out the 0b header v = [ ] for i in range( pk [ 'z' ] ) : #z must be greater than or e qual to 1 binsubstr = bstr [ pk [ 'l' ] * i : pk [ 'l' ] *( i + 1 ) ] intval = int( binsubstr , 2 ) intelement = group.init( ZR , intval ) v.append( intelement ) return v
def strToId(self, pk, strID):
h = hashObj.copy()
h.update(bytes(strID, 'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(pk['x']):
binsubstr = bstr[pk['l'] * i:pk['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
return v
def verify(self, mpk, ID, M, sig):
h = hashObj.copy()
h.update(bytes(ID, 'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(mpk['x']):
binsubstr = bstr[mpk['l'] * i:mpk['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
k = v
h = hashObj.copy()
h.update(bytes(M, 'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(mpk['x']):
binsubstr = bstr[mpk['l'] * i:mpk['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
m = v
S1 = sig['S1']
S2 = sig['S2']
S3 = sig['S3']
A = mpk['A']
g2 = mpk['g2']
comp1 = dotprod(group.init(G2), -1, mpk['x'], lam_func, mpk['ub'], k)
comp2 = dotprod(group.init(G2), -1, mpk['x'], lam_func, mpk['ub'], m)
if (pair(S1, g2) * pair(S2, mpk['u1b'] * comp1) *
pair(S3, mpk['u2b'] * comp2)) == A:
return True
return False
def decrypt(self, pk, sk, c):
octetlen = int(ceil(int(pk['N']).bit_length() / 8.0))
p = sk['p']
q = sk['q']
yp = sk['yp']
yq = sk['yq']
mp = (c ** ((p+1)/4)) % p
mq = (c ** ((q+1)/4)) % q
r1 = ((int(yp)*int(p)*int(mq)) + ((int(yq)*int(q)*int(mp)))) % int(sk['N'])
r2 = int(sk['N']) - int(r1)
s1 = (int(yp)*int(p)*int(mq) - int(yq)*int(q)*int(mp)) % int(sk['N'])
s2 = int(sk['N']) - int(s1)
m1 = r1 % int(sk['N'])
m2 = r2 % int(sk['N'])
m3 = s1 % int(sk['N'])
m4 = s2 % int(sk['N'])
os1 = Conversion.IP2OS(int(m1), octetlen)
os2 = Conversion.IP2OS(int(m2), octetlen)
os3 = Conversion.IP2OS(int(m3), octetlen)
os4 = Conversion.IP2OS(int(m4), octetlen)
if debug:
print("OS1 =>", os1)
print("OS2 =>", os2)
print("OS3 =>", os3)
print("OS4 =>", os4)
for i in [os1, os2, os3, os4]:
(isMessage, message) = self.redundancyscheme.decode(self.paddingscheme.decode(i))
if(isMessage):
return message
def verify(self, pk, M, S, salt=None):
#M = b'This is a malicious message'
octetlen = int(ceil(int(pk['N']).bit_length() / 8.0))
sig_mess = (integer(S['s1']) ** 2) % pk['N']
sig_mess = Conversion.IP2OS(int(sig_mess), octetlen)
if debug: print("OS1 =>", sig_mess)
dec_mess = self.paddingscheme.decode(sig_mess)
if debug:
print("Verifying")
print("sig_mess =>", sig_mess)
print("dec_mess =>", dec_mess)
print("S =>", S)
return (dec_mess == M)
def keygen(self, mpk, msk, ID):
h = hashObj.copy()
h.update(bytes(ID, 'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(mpk['x']):
binsubstr = bstr[mpk['l'] * i:mpk['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
k = v
r = group.random(ZR)
k1 = msk * (
(mpk['u1t'] *
dotprod(group.init(G1), -1, mpk['x'], lam_func, mpk['u'], k))**r)
k2 = mpk['g1']**-r
sk = (k1, k2)
return sk
def sign(self, mpk, sk, M):
h = hashObj.copy()
h.update(bytes(M, 'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(mpk['x']):
binsubstr = bstr[mpk['l'] * i:mpk['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
m = v
(k1, k2) = sk
s = group.random(ZR)
S1 = k1 * (
(mpk['u2t'] *
dotprod(group.init(G1), -1, mpk['x'], lam_func, mpk['u'], m))**s)
S2 = k2
S3 = mpk['g1']**-s
sig = {'S1': S1, 'S2': S2, 'S3': S3}
return sig
def sign(self,sk, M, salt=None):
#apply encoding
while True:
octetlen = int(ceil(int(sk['N']).bit_length() / 8.0))
em = self.paddingscheme.encode(M, octetlen, "", salt)
m = Conversion.OS2IP(em)
m = integer(m) % sk['N'] #ERRROR m is larger than N
p = sk['p']
q = sk['q']
yp = sk['yp']
yq = sk['yq']
mp = (m ** ((p+1)/4)) % p
mq = (m ** ((q+1)/4)) % q
r1 = ((int(yp)*int(p)*int(mq)) + ((int(yq)*int(q)*int(mp)))) % int(sk['N'])
r2 = int(sk['N']) - int(r1)
s1 = (int(yp)*int(p)*int(mq) - int(yq)*int(q)*int(mp)) % int(sk['N'])
s2 = int(sk['N']) - int(s1)
if(((int((integer(r1) ** 2) % sk['N'] - m)) == 0) or ((int((integer(r2) ** 2) % sk['N'] - m)) == 0) or ((int((integer(s1) ** 2) % sk['N'] - m)) == 0) or ((int((integer(s2) ** 2) % sk['N'] - m)) == 0)):
break
S = { 's1':r1, 's2':r2, 's3':s1, 's4':s2 }
if debug:
print("Signing")
print("m =>", m)
print("em =>", em)
print("S =>", S)
return S
def verifySigsRecursive(group, deltaz, verifyFuncArgs, argSigIndexMap,
verifyArgsDict, dotA, dotB, dotD, sumE, mpk_1, mpk_6,
mpk_7, A, startIndex, endIndex):
l = 5
sigNumKey = 'Signature_Number'
hashObj = hashlib.new('sha1')
lam_func = lambda i, a, b: a[i]**b[i]
for arg in verifyFuncArgs:
argSigIndexMap[arg] = 0
dotA_runningProduct = group.init(G1, 1)
dotB_runningProduct = group.init(G1, 1)
dotF_runningProduct = group.init(GT, 1)
dotD_runningProduct = group.init(G1, 1)
sumE_runningProduct = group.init(ZR, 0)
dotF_runningProduct = group.init(GT, 1)
for y in range(0, l):
dotC_runningProduct = group.init(G1, 1)
for z in range(startIndex, endIndex):
for arg in verifyFuncArgs:
if (sigNumKey in verifyArgsDict[z][arg]):
argSigIndexMap[arg] = int(
verifyArgsDict[z][arg][sigNumKey])
else:
argSigIndexMap[arg] = z
h = hashObj.copy()
h.update(
bytes(verifyArgsDict[argSigIndexMap['ID']]['ID'][bodyKey],
'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(verifyArgsDict[argSigIndexMap['mpk']]['mpk']
[bodyKey]['x']):
binsubstr = bstr[verifyArgsDict[
argSigIndexMap['mpk']]['mpk'][bodyKey]['l'] *
i:verifyArgsDict[argSigIndexMap['mpk']]['mpk']
[bodyKey]['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
k = v
h = hashObj.copy()
h.update(
bytes(verifyArgsDict[argSigIndexMap['M']]['M'][bodyKey],
'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(verifyArgsDict[argSigIndexMap['mpk']]['mpk']
[bodyKey]['x']):
binsubstr = bstr[verifyArgsDict[
argSigIndexMap['mpk']]['mpk'][bodyKey]['l'] *
i:verifyArgsDict[argSigIndexMap['mpk']]['mpk']
[bodyKey]['l'] * (i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
m = v
S2 = verifyArgsDict[argSigIndexMap['sig']]['sig'][bodyKey]['S2']
S3 = verifyArgsDict[argSigIndexMap['sig']]['sig'][bodyKey]['S3']
dotC_runningProduct = dotC_runningProduct * (
S2**(deltaz[z] * k[y]) * S3**(deltaz[z] * m[y]))
dotF_runningProduct = dotF_runningProduct * pair(
dotC_runningProduct,
verifyArgsDict[argSigIndexMap['mpk']]['mpk'][bodyKey]['ub'][y])
for index in range(startIndex, endIndex):
dotA_runningProduct = dotA_runningProduct * dotA[index]
dotB_runningProduct = dotB_runningProduct * dotB[index]
dotD_runningProduct = dotD_runningProduct * dotD[index]
sumE_runningProduct = sumE_runningProduct + sumE[index]
if (pair(dotA_runningProduct, mpk_1) *
((pair(dotB_runningProduct, mpk_6) * dotF_runningProduct) *
pair(dotD_runningProduct, mpk_7))) == A**sumE_runningProduct:
return
else:
midWay = int((endIndex - startIndex) / 2)
if (midWay == 0):
print("sig " + str(startIndex) + " failed\n")
return
midIndex = startIndex + midWay
verifySigsRecursive(group, deltaz, verifyFuncArgs, argSigIndexMap,
verifyArgsDict, dotA, dotB, dotD, sumE, mpk_1,
mpk_6, mpk_7, A, startIndex, midIndex)
verifySigsRecursive(group, deltaz, verifyFuncArgs, argSigIndexMap,
verifyArgsDict, dotA, dotB, dotD, sumE, mpk_1,
mpk_6, mpk_7, A, midIndex, endIndex)
lam_func = lambda i, a, b: a[i]**b[i]
for sigIndex in range(0, numSigs):
for arg in verifyFuncArgs:
if (sigNumKey in verifyArgsDict[sigIndex][arg]):
argSigIndexMap[arg] = int(
verifyArgsDict[sigIndex][arg][sigNumKey])
else:
argSigIndexMap[arg] = sigIndex
h = hashObj.copy()
h.update(
bytes(verifyArgsDict[argSigIndexMap['ID']]['ID'][bodyKey],
'utf-8'))
hash = Bytes(h.digest())
val = Conversion.OS2IP(hash)
bstr = bin(val)[2:]
v = []
for i in range(
verifyArgsDict[argSigIndexMap['mpk']]['mpk'][bodyKey]['x']):
binsubstr = bstr[
verifyArgsDict[argSigIndexMap['mpk']]['mpk'][bodyKey]['l'] *
i:verifyArgsDict[argSigIndexMap['mpk']]['mpk'][bodyKey]['l'] *
(i + 1)]
intval = int(binsubstr, 2)
intelement = group.init(ZR, intval)
v.append(intelement)
k = v
h = hashObj.copy()
h.update(
bytes(verifyArgsDict[argSigIndexMap['M']]['M'][bodyKey], 'utf-8'))
def decrypt(self, pk, sk, c):
octetlen = int(ceil(int(pk['N']).bit_length() / 8.0))
M = (c**(sk['d'] % sk['phi_N'])) % pk['N']
os = Conversion.IP2OS(int(M), octetlen)
if debug: print("OS =>", os)
return self.paddingscheme.decode(os)
def testIP2OS(self):
#9,202,000 = (0x)8c 69 50.
os = Conversion.IP2OS(9202000)
self.assertEqual(os, b'\x8c\x69\x50')
def testOS2IP(self):
#9,202,000 = (0x)8c 69 50.
i = Conversion.OS2IP(b'\x8c\x69\x50')
self.assertEqual(i, 9202000)
def getRandomBits(self, length):
i = randomBits(length)
len = math.ceil(length / 8)
return Conversion.IP2OS(i, len)
def testIP2OSLen(self):
i = 9202000
os = Conversion.IP2OS(i, 200)
i2 = Conversion.OS2IP(os)
self.assertEqual(i, i2)
def getRandomBytes(self, length):
bits = length * 8
val = randomBits(bits)
return Conversion.IP2OS(val, length)
