def keygen(self, secparam=1024):
while True:
p, q = randomPrime(secparam), randomPrime(secparam)
if isPrime(p) and isPrime(q) and gcd(p * q, (p - 1) * (q - 1)) == 1:
break
n = p * q
g = n + 1
n2 = n ** 2
lam = lcm(p - 1, q - 1)
u = (self.L(((g % n2) ** lam), n) % n) ** -1
pk = {'n': n, 'g': g, 'n2': n2}
sk = {'lam': lam, 'u': u}
return pk, sk
def hash(self, pk, sk, message, r=0):
# generate ephemeral trapdoors(p1,q1)
while True:
p1, q1 = randomPrime(pk['secparam']), randomPrime(pk['secparam'])
# print("p1,q1=>",p1,q1)
if isPrime(p1) and isPrime(q1) and p1 != q1:
N1 = p1 * q1
if not gcd(N1, pk['N']) == 1:
continue
break
if r == 0:
r = random(N1 * pk['N'])
# print("r=>",r)
# print("(p1,q1,N1)=>", (p1,q1,N1))
# print("N*N1=>",N1 * pk['N'])
phi_NN1 = pk['phi_N'] * (N1 - p1 - q1 + 1)
# print("phi_NN1=>", phi_NN1)
# find e inverse mod N1 * N, so gcd(e,phi_NN1)==1
while True:
e = random(phi_NN1)
if not gcd(e, phi_NN1) == 1:
continue
break
M = Conversion.bytes2integer(message)
# print("M =>",M)
# to set hash modular N * N1()
group.q = N1 * pk['N']
group.p = group.q * 2 + 1
# print("q=>",group.q)
# print("M hash=>", group.hash(M))
h = (group.hash(M) * (r**e)) % (N1 * pk['N'])
xi = {'h': h, 'r': r, 'N1': N1, 'p1': p1, 'q1': q1, 'e': e}
# print("e=>",xi['e'])
return xi
def keygen(self, secparam=1024):
while True:
p, q = randomPrime(secparam), randomPrime(secparam)
if isPrime(p) and isPrime(q) and gcd(p * q,
(p - 1) * (q - 1)) == 1:
break
n = p * q
g = n + 1
n2 = n**2
lam = lcm(p - 1, q - 1)
u = (self.L(((g % n2)**lam), n) % n)**-1
pk = {'n': n, 'g': g, 'n2': n2}
sk = {'lam': lam, 'u': u}
return pk, sk
def paramgen(self, secparam, p = 0, q = 0):
# If we're given p, q, compute N = p*q. Otherwise select random p, q
if not (p == 0 or q == 0):
N = p * q
if debug: print("p :=", p)
if debug: print("q :=", q)
else:
group.paramgen(secparam)
p, q = group.p, group.q
N = p * q
phi_N = (p-1)*(q-1)
J = group.random(N)
e = group.random(phi_N)
while (not gcd(e, phi_N) == 1):
e = group.random(phi_N)
pk = { 'secparam': secparam, 'N': N, 'J': J, 'e': e }
sk = { 'p': p, 'q': q }
return (pk, sk)
def decrypt(self, pk, sk, C):
if(importme.jacobi(int(C['R']),int(group.n))!=1):
print("ERROR1")
if(importme.jacobi(int(C['S']),int(group.n))!=1):
print("ERROR2")
m2 = hashlib.sha1()
m2.update(str(C['R']).encode('utf-8'))
t2=m2.hexdigest()
t2=(int(t2,16) % ((2 ** lt) -1))+1
t2=t2%group.n
eins=C['S'] ** ((2**(lt+lk)) % group.n)
eins = eins % group.n
zwei = C['R'] ** ((t2 % group.n)+(sk['alpha']*((2**(lt+lk)) % group.n)))
zwei = zwei % group.n
if(eins!=zwei):
print("ERROR3")
tst=gcd(int(t2),2**(lk+lt))
c=int(math.log(float(int(tst)))/math.log(2))
c=c % group.n
(gg,a,b)=importme.egcd(int(t2),2**(lk+lt))
a=(a % (2**(lk+lt))) % group.n
b=(b % int(t2)) % group.n
T = ((C['S']**a) * (C['R']**(b - (a * sk['alpha'])))) ** ((2%group.n) ** ((lt % group.n) - c))
K2=importme.bbs(T,lk,group.n)
M = C['c'] ^ K2
return M