def sign(siging_key,
key_idx,
M,
y,
G=curve.generator(),
hash_func=hashlib.sha3_256):
start = time.time()
n = len(y)
c = [0] * n
s = [0] * n
h = H2(y, hash_func=hash_func)
# print(h)
Y = h * siging_key
u = randrange(curve.order())
c[(key_idx + 1) % n] = H([y, Y, M, G * u, h * u], hash_func=hash_func)
for i in [i for i in range(key_idx + 1, n)] + [i for i in range(key_idx)]:
s[i] = randrange(curve.order())
z_1 = (G * s[i]) + (y[i] * c[i])
z_2 = (h * s[i]) + (Y * c[i])
c[(i + 1) % n] = H([y, Y, M, z_1, z_2], hash_func=hash_func)
s[key_idx] = (u - siging_key * c[key_idx]) % curve.order()
end = time.time()
print("Signature generation: ", end - start)
return (c[0], s, Y)
def sign_number(self,
number,
entropy=None,
k=None,
ensure_low_s_according_to_bip62=False):
# returns a pair of numbers
order = self.privkey.order
# privkey.sign() may raise RuntimeError in the amazingly unlikely
# (2**-192) event that r=0 or s=0, because that would leak the key.
# We could re-try with a different 'k', but we couldn't test that
# code, so I choose to allow the signature to fail instead.
# If k is set, it is used directly. In other cases
# it is generated using entropy function
if k is not None:
_k = k
else:
_k = randrange(order, entropy)
assert 1 <= _k < order
sig = self.privkey.sign(
number,
_k,
ensure_low_s_according_to_bip62=ensure_low_s_according_to_bip62)
return sig.r, sig.s
def generate_keys(number_participants):
start = time.time()
x = [randrange(curve.order()) for i in range(number_participants)]
y = list(map(lambda xi: curve.generator() * xi, x))
export_private_keys(x)
end = time.time()
print("Keys generation: ", end - start)
return x, y
def test_randrange(self):
# util.randrange does not provide long-term stability: we might
# change the algorithm in the future.
for i in range(1000):
entropy = util.PRNG("seed-%d" % i)
for order in (2 ** 8 - 2, 2 ** 8 - 1, 2 ** 8, 2 ** 16 - 1, 2 ** 16 + 1):
# that oddball 2**16+1 takes half our runtime
n = util.randrange(order, entropy=entropy)
self.failUnless(1 <= n < order, (1, n, order))
def sign_number(self, number, entropy=None):
# returns a pair of numbers
order = self.privkey.order
# privkey.sign() may raise RuntimeError in the amazingly unlikely
# (2**-192) event that r=0 or s=0, because that would leak the key.
# We could re-try with a different 'k', but we couldn't test that
# code, so I choose to allow the signature to fail instead.
k = randrange(order, entropy)
assert 1 <= k < order
sig = self.privkey.sign(number, k)
return sig.r, sig.s
def sign_number(self, number, entropy=None):
# returns a pair of numbers
order = self.privkey.order
# privkey.sign() may raise RuntimeError in the amazingly unlikely
# (2**-192) event that r=0 or s=0, because that would leak the key.
# We could re-try with a different 'k', but we couldn't test that
# code, so I choose to allow the signature to fail instead.
k = randrange(order, entropy)
assert 1 <= k < order
sig = self.privkey.sign(number, k)
return sig.r, sig.s
def test_randrange(self):
# util.randrange does not provide long-term stability: we might
# change the algorithm in the future.
for i in range(1000):
entropy = util.PRNG("seed-%d" % i)
for order in (
2**8 - 2,
2**8 - 1,
2**8,
2**16 - 1,
2**16 + 1,
):
# that oddball 2**16+1 takes half our runtime
n = util.randrange(order, entropy=entropy)
self.assertTrue(1 <= n < order, (1, n, order))
def generate(klass, curve=NIST192p, entropy=None):
secexp = randrange(curve.order, entropy)
return klass.from_secret_exponent(secexp, curve)
def generate(klass, curve=NIST192p, entropy=None, hashfunc=sha1):
secexp = randrange(curve.order, entropy)
return klass.from_secret_exponent(secexp, curve, hashfunc)
