def sign(siging_key, key_idx, M, y, G=curve.generator(), hash_func=hashlib.sha3_256): start = time.time() n = len(y) c = [0] * n s = [0] * n h = H2(y, hash_func=hash_func) # print(h) Y = h * siging_key u = randrange(curve.order()) c[(key_idx + 1) % n] = H([y, Y, M, G * u, h * u], hash_func=hash_func) for i in [i for i in range(key_idx + 1, n)] + [i for i in range(key_idx)]: s[i] = randrange(curve.order()) z_1 = (G * s[i]) + (y[i] * c[i]) z_2 = (h * s[i]) + (Y * c[i]) c[(i + 1) % n] = H([y, Y, M, z_1, z_2], hash_func=hash_func) s[key_idx] = (u - siging_key * c[key_idx]) % curve.order() end = time.time() print("Signature generation: ", end - start) return (c[0], s, Y)
def sign_number(self, number, entropy=None, k=None, ensure_low_s_according_to_bip62=False): # returns a pair of numbers order = self.privkey.order # privkey.sign() may raise RuntimeError in the amazingly unlikely # (2**-192) event that r=0 or s=0, because that would leak the key. # We could re-try with a different 'k', but we couldn't test that # code, so I choose to allow the signature to fail instead. # If k is set, it is used directly. In other cases # it is generated using entropy function if k is not None: _k = k else: _k = randrange(order, entropy) assert 1 <= _k < order sig = self.privkey.sign( number, _k, ensure_low_s_according_to_bip62=ensure_low_s_according_to_bip62) return sig.r, sig.s
def generate_keys(number_participants): start = time.time() x = [randrange(curve.order()) for i in range(number_participants)] y = list(map(lambda xi: curve.generator() * xi, x)) export_private_keys(x) end = time.time() print("Keys generation: ", end - start) return x, y
def test_randrange(self): # util.randrange does not provide long-term stability: we might # change the algorithm in the future. for i in range(1000): entropy = util.PRNG("seed-%d" % i) for order in (2 ** 8 - 2, 2 ** 8 - 1, 2 ** 8, 2 ** 16 - 1, 2 ** 16 + 1): # that oddball 2**16+1 takes half our runtime n = util.randrange(order, entropy=entropy) self.failUnless(1 <= n < order, (1, n, order))
def sign_number(self, number, entropy=None): # returns a pair of numbers order = self.privkey.order # privkey.sign() may raise RuntimeError in the amazingly unlikely # (2**-192) event that r=0 or s=0, because that would leak the key. # We could re-try with a different 'k', but we couldn't test that # code, so I choose to allow the signature to fail instead. k = randrange(order, entropy) assert 1 <= k < order sig = self.privkey.sign(number, k) return sig.r, sig.s
def test_randrange(self): # util.randrange does not provide long-term stability: we might # change the algorithm in the future. for i in range(1000): entropy = util.PRNG("seed-%d" % i) for order in ( 2**8 - 2, 2**8 - 1, 2**8, 2**16 - 1, 2**16 + 1, ): # that oddball 2**16+1 takes half our runtime n = util.randrange(order, entropy=entropy) self.assertTrue(1 <= n < order, (1, n, order))
def generate(klass, curve=NIST192p, entropy=None): secexp = randrange(curve.order, entropy) return klass.from_secret_exponent(secexp, curve)
def generate(klass, curve=NIST192p, entropy=None, hashfunc=sha1): secexp = randrange(curve.order, entropy) return klass.from_secret_exponent(secexp, curve, hashfunc)