def keygen(self, secparam=512, p=0, q=0): if (p == 0): pprime = randomPrime(secparam) while (not isPrime(2 * pprime + 1)): pprime = randomPrime(secparam) p = 2 * pprime + 1 print(p) if (q == 0): qprime = randomPrime(secparam) while (not isPrime(2 * qprime + 1)): qprime = randomPrime(secparam) q = 2 * qprime + 1 print(q) N = p * q a = randomQR(N) b = randomQR(N) c = randomQR(N) pk = {'N': N, 'a': a, 'b': b, 'c': c} sk = {'p': p, 'q': q} return (pk, sk)
def keygen(self, secparam=512, p=0, q=0): if(p == 0): pprime = randomPrime(secparam) while(not isPrime(2*pprime + 1)): pprime = randomPrime(secparam) p = 2 * pprime + 1 print(p) if(q == 0): qprime = randomPrime(secparam) while(not isPrime(2*qprime + 1)): qprime = randomPrime(secparam) q = 2 * qprime + 1 print(q) N = p * q a = randomQR(N) b = randomQR(N) c = randomQR(N) pk = { 'N':N, 'a':a, 'b':b, 'c':c } sk = { 'p':p, 'q':q } return (pk, sk)
def setup(): print("SETUP:") print("1. Select random l_p-bit primes and modulus n = pq") while True: p, q = randomPrime(l_p), randomPrime(l_p) if isPrime(p) and isPrime(q) and p != q: n = p * q phi_n = (p - 1) * (q - 1) break print("2. Choose random a, a_0, g, h in QR(n)") while True: g = random(n) if is_cyclic(g, n): g = g**2 break a, a_0, h = [(g**random(n)) % n for _ in range(3)] print("3. Choose random secret element x and set public key y = g**x") x = random(phi_n) y = (g**x) % n print("4. The group public key Y: (n, a, a_0, y, g, h)") Y = {"n": n, "a": a, "a_0": a_0, "y": y, "g": g, "h": h} print("5. Corresponding secret key S: (p, q, phi_n, x)") S = {"p": p, "q": q, "phi_n": phi_n, "x": x} return (Y, S)
def paramgen(self, secparam): while True: p, q = randomPrime(secparam), randomPrime(secparam) if isPrime(p) and isPrime(q) and gcd(p * q, (p - 1) * (q - 1)) == 1: break self.p = p self.q = q return (p, q, p * q)
def paramgen(self, secparam): while True: p, q = randomPrime(secparam), randomPrime(secparam) if isPrime(p) and isPrime(q) and p != q: N = p * q phi_N = (p - 1) * (q - 1) break return (p, q, N, phi_N)
def generatePrimes(self, n): while True: p = randomPrime(n) if (isPrime(p) and (((p - 3) % 4) == 0)): break while True: q = randomPrime(n) if (isPrime(q) and (((q - 3) % 4) == 0) and not (q == p)): break return (p, q)
def generatePrimes(self, n): while True: p = randomPrime(n) if isPrime(p) and (((p - 3) % 4) == 0): break while True: q = randomPrime(n) if isPrime(q) and (((q - 3) % 4) == 0) and not (q == p): break return (p, q)
def roundNumber2(self, U, attr, n2): # TODO: Adaptar IRMA e = randomPrime(le) vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde R = self.pk_i['R'] Cx = 1 % self.pk_i['N'] for i in range(1, len(attr) + 1): Cx = Cx*(R[str(i)] ** attr[str(i)]) sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p']-1)*(self.sk_i['q']-1) e2 = e % phi_N # The issuer creates an SPK for proving the knowledge of # e^(-1) according to the equivalence of A and Q^{e-1} r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] s3 = hashlib.new('sha256') s3.update(Conversion.IP2OS(self.context)) s3.update(Conversion.IP2OS(Q)) s3.update(Conversion.IP2OS(A)) s3.update(Conversion.IP2OS(n2)) s3.update(Conversion.IP2OS(Atilde)) #print "issuer Q #1", Q #print "issuer A", A #print "issuer n2", n2 #print "issuer Atilde", Atilde cPrime = integer(s3.digest()) e2Prime = e2 ** - 1 Se = r - (cPrime * integer(e2Prime)) signature = { 'A':A, 'e':e, 'vPrimePrime':vPrimePrime } P2 = { 'Se':Se, 'cPrime':cPrime } return (signature, P2)
def paramgen(self, secparam): while True: p = randomPrime(secparam) if isPrime(p) and (((p-3)%4) == 0): break while True: q = randomPrime(secparam) if isPrime(q) and (((q-3)%4) == 0) and not(q == p): break N = p * q yp = (p % q) ** -1 yq = (q % p) ** -1 return (p, yp, q, yq, N)
def round_2(self, U, p1, attr, n2): if self.__verify_p1(p1): pass # print "P1 verified" else: return None e = randomPrime(le) vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde R = self.pk_i['R'] Cx = 1 % self.pk_i['N'] for i in range(1, len(attr) + 1): Cx = Cx * (R[str(i)] ** attr[str(i)]) sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p'] - 1) * (self.sk_i['q'] - 1) e2 = e % phi_N r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] s3 = hashlib.new('sha256') s3.update(Conversion.IP2OS(self.context)) s3.update(Conversion.IP2OS(Q)) s3.update(Conversion.IP2OS(A)) s3.update(Conversion.IP2OS(n2)) s3.update(Conversion.IP2OS(Atilde)) cPrime = integer(s3.digest()) e2Prime = e2 ** - 1 Se = r - (cPrime * integer(e2Prime)) signature = {'A': A, 'e': e, 'vPrimePrime': vPrimePrime} P2 = {'Se': Se, 'cPrime': cPrime} print signature print P2 return signature, P2
def sign(self, pk, sk, m, v=0, u=0, e=0): if (e == 0): e = randomPrime(le) lv = ln + lm + lr if (v == 0): v = integer(randomBits(lv)) R = pk['R'] Cx = 1 % pk['N'] for i in range(1, len(m) + 1): Cx = Cx * (R[str(i)] ** m[str(i)]) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N if (u != 0): u = u % pk['N'] Cx = Cx*u q = pk['Z'] / (Cx*(pk['S'] ** v)) % pk['N'] a = q ** (e2 ** -1) % pk['N'] sig = { 'A':a, 'Q':q, 'e':e, 'v':v } return sig
def sign(self, pk, sk, m, v=0, u=0, e=0): if (e == 0): e = randomPrime(le) lv = ln + lm + lr if (v == 0): v = integer(randomBits(lv)) R = pk['R'] Cx = 1 % pk['N'] for i in range(1, len(m) + 1): Cx = Cx * (R[str(i)]**m[str(i)]) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N if (u != 0): u = u % pk['N'] Cx = Cx * u q = pk['Z'] / (Cx * (pk['S']**v)) % pk['N'] a = q**(e2**-1) % pk['N'] sig = {'A': a, 'Q': q, 'e': e, 'v': v} return sig
def paramgen(self, bits, r=2): # determine which group while True: self.p = randomPrime(bits, 1) self.q = (self.p - 1) / 2 if (isPrime(self.p) and isPrime(self.q)): break self.r = r return None
def sign(self, pk, sk, m): e = randomPrime(le) ls = ln + lm + l s = integer(randomBits(ls)) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N v = (((pk['a'] ** m)*(pk['b'] ** s)*pk['c']) ** (e2 ** -1)) % pk['N'] sig = { 'e':e, 's':s, 'v':v } return sig
def signCommit(self, pk, sk, Cx): e = randomPrime(le) ls = ln + lm + l rprime = integer(randomBits(ls)) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N v = (((Cx) * (pk['b']**rprime) * pk['c'])**(e2**-1)) % pk['N'] sig = {'e': e, 'rprime': rprime, 'v': v} return sig
def __init__(self, secparam): # generate p,q while True: p, q = randomPrime(secparam), randomPrime(secparam) if isPrime(p) and isPrime(q) and p != q: N = p * q phi = (p - 1) * (q - 1) break # calculate private key and public key while True: e = random(phi) if not gcd(e, phi) == 1: continue d = e**-1 break # prepare public key self.pk = {'N': N, 'e': toInt(e)} # prepare private key self.sk = {'phi': phi, 'd': d, 'N': N}
def sign(self, pk, sk, m): e = randomPrime(le) ls = ln + lm + l s = integer(randomBits(ls)) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N v = (((pk['a']**m) * (pk['b']**s) * pk['c'])**(e2**-1)) % pk['N'] sig = {'e': e, 's': s, 'v': v} return sig
def signCommit(self, pk, sk, Cx): e = randomPrime(le) ls = ln + lm + l rprime = integer(randomBits(ls)) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N v = (((Cx)*(pk['b'] ** rprime)*pk['c']) ** (e2 ** -1)) % pk['N'] sig = { 'e':e, 'rprime':rprime, 'v':v } return sig
def __init__(self, l, p, q, secparam, context): self.secparam = secparam self.l = l self.context = context self.pksig = 0 if (p == 0): pprime = randomPrime(secparam) while (not isPrime(2 * pprime + 1)): pprime = randomPrime(secparam) self.p = integer(2 * pprime + 1) else: self.p = p if (q == 0): qprime = randomPrime(secparam) while (not isPrime(2 * qprime + 1)): qprime = randomPrime(secparam) self.q = integer(2 * qprime + 1) else: self.q = q
def __init__(self, l, p, q, secparam, context): self.secparam = secparam self.l = l self.context = context self.pksig = 0 if(p == 0): pprime = randomPrime(secparam) while(not isPrime(2*pprime + 1)): pprime = randomPrime(secparam) self.p = integer(2 * pprime + 1) else: self.p = p if(q == 0): qprime = randomPrime(secparam) while(not isPrime(2*qprime + 1)): qprime = randomPrime(secparam) self.q = integer(2 * qprime + 1) else: self.q = q
def key_gen(key_size, message_elem_bit_len, vector_len): """ Generate keys for vector commitment :param key_size: security key size (k in the paper) :param message_elem_bit_len: length of message in bits (l in the paper) :param vector_len: length of commitment vector (q in the paper) :return: """ k = key_size l = message_elem_bit_len q = vector_len private_key = rsa.generate_private_key(public_exponent=65537, key_size=k, backend=default_backend()) private_numbers = private_key.private_numbers() n = private_numbers.public_numbers.n p_1 = private_numbers.p p_2 = private_numbers.q # logger.info(p_1) # logger.info(p_2) phi_n = (p_1 - 1) * (p_2 - 1) # generate list of primes [e_1,...,e_q], each has length (l+1) e = list() while True: tmp_prime = reduce(randomPrime(l + 1) % n) if isPrime(tmp_prime) and phi_n % int(tmp_prime) != 0: e.append(int(tmp_prime)) if len(e) == q: break a = random(n) s = list() for i in range(q): tmp_exponent = integer(1) % n for j in range(q): if j != i: tmp_exponent = reduce(tmp_exponent * (integer(e[j]) % n)) s_i = reduce(a**tmp_exponent) s.append(int(s_i)) return n, int(a), s, e, p_1, p_2
security_level = 128 # this value can be 80, 112, 128, 256 # calculate length of group elements bits = 1024 if security_level == 80: bits = 1024 elif security_level == 112: bits = 2048 elif security_level == 128: bits = 3072 elif security_level == 256: bits = 15360 group_order_bits = 2 * security_level group_p = 0 # the prime number for mod calculation group_order = randomPrime(group_order_bits) #print('group_order = ', group_order) while True: random_k_value = randomBits(bits - group_order_bits) group_p = random_k_value * group_order + 1 if isPrime(group_p): break #print('group_p = ', group_p) group_g = 0 while True: i = random(group_p) tmp1 = (group_p - 1) / group_order tmp2 = (i**tmp1) % group_p if tmp2 != 1 and i > 1:
''' @Descripttion: @version: @Author: HuiKwok @Date: 2019-10-10 06:53:46 @LastEditors: HuiKwok @LastEditTime: 2019-10-10 07:01:56 ''' from charm.toolbox.integergroup import IntegerGroup from charm.schemes.pkenc.pkenc_rsa import RSA_Enc, RSA_Sig from charm.core.math.integer import integer, randomBits, random, randomPrime, isPrime, encode, decode, hashInt, bitsize, legendre, gcd, lcm, serialize, deserialize, int2Bytes, toInt secparam = 1024 p, q = randomPrime(int(secparam / 2), True), randomPrime(int(secparam / 2), True) N = p * q N2 = N * N g = random(N2) print(type(g)) int(g) - 1
bits = 2048 elif security_level == 128: bits = 3072 elif security_level == 256: bits = 15360 prime_bits = bits // 2 group_order_bits = 2 * security_level # generate p, p_prime, q, q_prime p = 0 p_prime = 0 q = 0 q_prime = 0 while True: p = randomPrime(prime_bits, 1) p_prime = (p - 1) / 2 if (isPrime(p) and isPrime(p_prime)): break while True: q = randomPrime(prime_bits, 1) q_prime = (q - 1) / 2 if (isPrime(q) and isPrime(q_prime)): break N = p * q group_order = 2 * p_prime * q_prime # order of L_DCR N_square = N * N print('p = ', p) print('q = ', q)
def __init__(self, secparam=1024, param=None): if param: self.N2 = param.N2 self.N = param.N self.g = param.g self.k = param.k else: self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime( int(secparam / 2), True) self.pp = (self.p - 1) / 2 self.qq = (self.q - 1) / 2 self.N = self.p * self.q while True: # choose a good N if bitsize(self.N) == secparam and len(int2Bytes( self.N)) == int( secparam / 8) and int2Bytes(self.N)[0] & 128 != 0: break self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime( int(secparam / 2), True) self.pp = (self.p - 1) / 2 self.qq = (self.q - 1) / 2 self.N = self.p * self.q self.N2 = self.N**2 self.g = random(self.N2) one = integer(1) % self.N2 while True: #choose a good g self.g = random(self.N2) self.g = integer( (int(self.g) - 1) * (int(self.g) - 1)) % self.N2 if self.g == one: continue tmp = self.g**self.p % self.N2 if tmp == one: continue tmp = self.g**self.pp % self.N2 if tmp == one: continue tmp = self.g**self.q % self.N2 if tmp == one: continue tmp = self.g**self.qq % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp * self.q) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.pp * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.p * self.q * self.qq) % self.N2 if tmp == one: continue tmp = self.g**(self.pp * self.q * self.qq) % self.N2 if tmp == one: continue break self.k = integer( (int(self.g**(self.pp * self.qq)) - 1)) / self.N % self.N self.MK = {"pp": self.pp, "qq": self.qq}
def roundNumber2IRMA(self, U, attr, n2): offset = integer(1 << (le - 1)) while True: e = randomBits(lePrime - 1) e = e + offset if isPrime(e): break vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p']-1)*(self.sk_i['q']-1) e2 = e % phi_N r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] list_ints = [] list_ints.append(int(self.context)) list_ints.append(int(Q)) list_ints.append(int(A)) list_ints.append(int(n2)) list_ints.append(int(Atilde)) ber_context = univ.Integer(list_ints[0]) ber_q = univ.Integer(list_ints[1]) ber_a = univ.Integer(list_ints[2]) ber_n2 = univ.Integer(list_ints[3]) ber_atilde = univ.Integer(list_ints[4]) # ints subheader = "0201" + "{:02x}".format(len(list_ints)) asn1_rep = subheader + ber_encoder.encode(ber_context).encode('hex') + \ ber_encoder.encode(ber_q).encode('hex') + \ ber_encoder.encode(ber_a).encode('hex') + \ ber_encoder.encode(ber_n2).encode('hex') + \ ber_encoder.encode(ber_atilde).encode('hex') # header asn1_rep_h = asn1_rep.decode("hex") m_len = len(asn1_rep_h) i = 0 len_code = [] if (m_len <= 0x7f): len_code[i] = hex(m_len) else: j = 0x80; while (0 < m_len): len_code.append("{:02x}".format(m_len & 0xff)) m_len = m_len >> 8 j = j + 1 len_code.append("{:02x}".format(j)) len_code.reverse() header = "30" + "".join(len_code) # 0x30, SEQ asn1_rep = header + asn1_rep s6 = hashlib.new('sha256') s6.update(asn1_rep.decode("hex")) cPrimeHex = s6.hexdigest() cPrime = integer(s6.digest()) e2Prime = e2 ** - 1 pPrimeQprime = ((self.sk_i['p'] - 1)/2)*((self.sk_i['q'] - 1)/2) Se = (r - (cPrime * integer(e2Prime))) % pPrimeQprime signature = { 'A':A, 'e':e, 'vPrimePrime':vPrimePrime } P2 = { 'Se':Se, 'cPrime':cPrimeHex } return (signature, P2)