def testDefaultParams(self): p = self.params.p q = self.params.q g = self.params.g assert getMod(g) == p assert isPrime(p) assert isPrime(q) assert p != q assert p == 2*q + 1 assert bitsize(p) >= 1024 assert bitsize(q) >= 1023
def HW_hash(self, key, c, input, keyLen): C = integer(c) input_size = bitsize(c) input_b = Conversion.IP2OS(input, input_size) # Return c XOR PRF(k, input), where the output of PRF is keyLength bits result = C ^ self.Prf.eval(key, input_b) return result
def encrypt(self, pk, ID, M): # check length to make sure it is within n bits Q_id = group.hash(ID, G1) #standard g_id = pair(Q_id, pk['P2']) #choose sig = {0,1}^n where n is # bits sig = integer(randomBits(group.secparam)) r = h.hashToZr(sig, M) enc_M = self.encodeToZn(M) if bitsize(enc_M) <= group.messageSize(): C = { 'U': r * pk['P'], 'V': sig ^ h.hashToZn(g_id**r), 'W': enc_M ^ h.hashToZn(sig) } else: print("Message cannot be encoded.") return None if (debug): print('\nEncrypt...') print('r => %s' % r) print('sig => %s' % sig) print("V' =>", g_id**r) print('enc_M => %s' % enc_M) group.debug(C) return C
def testBasic(self): msg = 'some message' assert msg != msg[::-1] # will assume this below pk = self.pk sk = self.sk p = self.params.p q = self.params.q signer = sk.getSigner() sig = signer.sign(msg) # Make sure this is a non-empty signature assert sig.getR() is not None assert sig.getS() is not None assert signer.getK() is not None assert getMod(signer.getK()) == q assert getMod(sig.getS()) == q assert getMod(sig.getR()) == p assert sig.getR() > integer(0) % p assert sig.getS() > integer(0) % q assert signer.getK() > integer(0) % q assert integer(sig.getR()) < p print "s=",sig.getS() print "integer(s)=",integer(sig.getS()) assert integer(sig.getS()) < q assert integer(signer.getK()) < q assert bitsize(sig.getR()) > 1 assert bitsize(sig.getS()) > 1 assert bitsize(signer.getK()) > 1 assert (self.params.g ** signer.getK()) == sig.getR() # Make sure verifying the signed message succeeds verifier = pk.getVerifier(sig) assert verifier.verify(msg) == True # Make sure verifying a different message fails assert verifier.verify(msg + 'a') == False assert verifier.verify('b' + msg) == False msg = msg[::-1] # reverses string assert verifier.verify(msg) == False
def encrypt(self, params, ID, M): enc_M = integer(M) if bitsize(enc_M)/8 > group.messageSize(): print("Message cannot be encoded.") return None sigma = group.random(GT) r = h.hashToZr(sigma,M) A = params['g'] ** r B = sigma * pair(params['g_s'], group.hash(ID, G1) ** r) C = enc_M ^ h.hashToZn(sigma) C_ = {'A':A, 'B':B, 'C':C} S = group.hash((ID, C_),G1) ** r ciphertext = {'S':S,'C':C_} if(debug): print('\nEncrypt...') print('r => %s' % r) print('sigma => %s' % sigma) print('enc_M => %s' % enc_M) group.debug(ciphertext) return ciphertext
def encrypt(self, pk, ID, M): # check length to make sure it is within n bits Q_id = group.hash(ID, G1) #standard g_id = pair(Q_id, pk['P2']) #choose sig = {0,1}^n where n is # bits sig = integer(randomBits(group.secparam)) r = h.hashToZr(sig, M) enc_M = self.encodeToZn(M) if bitsize(enc_M) <= group.messageSize(): C = { 'U':r * pk['P'], 'V':sig ^ h.hashToZn(g_id ** r) , 'W':enc_M ^ h.hashToZn(sig) } else: print("Message cannot be encoded.") return None if(debug): print('\nEncrypt...') print('r => %s' % r) print('sig => %s' % sig) print("V' =>", g_id ** r) print('enc_M => %s' % enc_M) group.debug(C) return C
def bitsize(self): return bitsize(self.q) / 8
def groupOrder(self): return bitsize(self.q)
def messageSize(self): return bitsize(self.q) / 8
def __init__(self, secparam=1024, param=None): if param: self.N2 = param.N2 self.N = param.N self.g = param.g self.k = param.k else: self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime( int(secparam / 2), True) self.pp = (self.p - 1) / 2 self.qq = (self.q - 1) / 2 self.N = self.p * self.q while True: # choose a good N if bitsize(self.N) == secparam and len(int2Bytes( self.N)) == int( secparam / 8) and int2Bytes(self.N)[0] & 128 != 0: break self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime( int(secparam / 2), True) self.pp = (self.p - 1) / 2 self.qq = (self.q - 1) / 2 self.N = self.p * self.q self.N2 = self.N**2 self.g = random(self.N2) one = integer(1) % self.N2 while True: #choose a good g self.g = random(self.N2) self.g = integer( (int(self.g) - 1) * (int(self.g) - 1)) % self.N2 if self.g == one: continue tmp = self.g**self.p % self.N2 if tmp == one: continue tmp = self.g**self.pp % self.N2 if tmp == one: continue tmp = self.g**self.q % self.N2 if tmp == one: continue tmp = self.g**self.qq % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.q * self.qq) % self.N2 if tmp == one: continue break self.k = integer( (int(self.g**(self.pp * self.qq)) - 1)) / self.N % self.N self.MK = {"pp": self.pp, "qq": self.qq}