class BlindSignatureVerifier:
def __init__(self, pubk: dict):
self.p = pubk.get('p')
self.q = pubk.get('q')
self.g = pubk.get('g')
self.y = pubk.get('y')
self.h = pubk.get('h')
self.z = pubk.get('z')
self.group = IntegerGroupQ()
self.group.setparam(p=self.p, q=self.q)
def verify(self, signature, message):
zeta = signature.get('zeta')
zeta1 = signature.get('zeta1')
rho = signature.get('rho')
omega = signature.get('omega')
sigma1 = signature.get('sigma1')
sigma2 = signature.get('sigma2')
delta = signature.get('delta')
mu = signature.get('mu')
tmp1 = (self.g ** rho) * (self.y ** omega) % self.p
tmp2 = (self.g ** sigma1) * (zeta1 ** delta) % self.p
tmp3 = (self.h ** sigma2) * ((zeta / zeta1) ** delta) % self.p
tmp4 = (self.z ** mu) * (zeta ** delta) % self.p
p1 = (omega + delta) % self.q
p2 = integer(hash_int([zeta, zeta1, tmp1, tmp2, tmp3, tmp4, message])) % self.q
return p1 == p2
def __init__(self, p=0, q=0):
ChamHash.__init__(self)
global group;
group = IntegerGroupQ(0)
# if p and q parameters have already been selected
group.p, group.q, group.r = p, q, 2
self.group = group
def __init__(self, p=0, q=0):
ChamHash.__init__(self)
global group
group = IntegerGroupQ(0)
# if p and q parameters have already been selected
group.p, group.q, group.r = p, q, 2
self.group = group
def params(self, p=0, q=0, bits=1024):
global group
group = IntegerGroupQ(0)
if p == 0 or q == 0:
group.paramgen(bits)
else:
group.p, group.q, group.r = p, q, 2
def init1():
group = IntegerGroupQ()
group.paramgen(bit)
alpha = group.randomGen()
key = group.random()
beta = alpha ** key
x = [ odd_random(group) for _ in range(numbers['cards']) ]
room = Room(request.environ.get('beaker.session'), False)
try:
room.get('win')
except:
room.set('win', 0)
[room.set(n, v) for n, v in [('p', group.p), ('q', group.q), ('alpha', alpha), ('key', key), ('beta_i', beta), ('x', x)]]
room.save()
response.content_type = 'application/json'
return json.dumps(map(toStr, {
'p' : group.p,
'q' : group.q,
'alpha' : alpha,
'beta' : beta,
'x' : x,
}))
def params(self, p=0, q=0, bits=1024):
global group
group = IntegerGroupQ(0)
if p == 0 or q == 0:
group.paramgen(bits)
else:
group.p, group.q, group.r = p, q, 2
def __init__(self, pubk: dict):
self.p = pubk.get('p')
self.q = pubk.get('q')
self.g = pubk.get('g')
self.y = pubk.get('y')
self.h = pubk.get('h')
self.z = pubk.get('z')
self.group = IntegerGroupQ()
self.group.setparam(p=self.p, q=self.q)
def __init__(self):
self.groupObj = IntegerGroupQ()
self.groupObj.paramgen(256)
self.signer = SignerBlindSignature(self.groupObj, 0, 0, 256)
self.user = UserBlindSignature(self.signer.get_public_key())
self.verify = BlindSignatureVerifier(self.signer.get_public_key())
self.user = UserBlindSignature(self.signer.get_public_key())
self.sig, self.e, self.message = None, None, None
self.zeta, self.zeta1, self.rho = None, None, None
self.omega, self.sigma1, self.sigma2 = None, None, None
self.delta, self.mu, self.tmp1 = None, None, None
self.tmp2, self.tmp3, self.tmp4 = None, None, None
def __init__(self, input_=None):
if input_ is not None:
self.p = input_.get('p')
self.q = input_.get('q')
self.g = input_.get('g')
self.y = input_.get('y')
self.h = input_.get('h')
self.z = input_.get('z')
self.group = IntegerGroupQ()
self.group.setparam(p=self.p, q=self.q)
self.db = input_.get('db')
if self.db is None:
self.db = {}
def __init__(self, group=None, p=0, q=0, secparam=512):
self.group = group if group is not None else IntegerGroupQ()
self.group.p, self.group.q, self.group.r = p, q, 2
if self.group.p == 0 or self.group.q == 0:
self.group.paramgen(secparam)
self.p = self.group.p
self.q = self.group.q
self.x, self.g, = self.group.random(), self.group.randomGen()
self.z, self.h, = self.group.randomGen(), self.group.randomGen()
self.y = (self.g ** self.x) % self.p
hs1 = hashlib.new('sha256')
hs1.update(Conversion.IP2OS(integer(self.p)))
hs1.update(Conversion.IP2OS(integer(self.q)))
hs1.update(Conversion.IP2OS(integer(self.g)))
hs1.update(Conversion.IP2OS(integer(self.h)))
hs1.update(Conversion.IP2OS(integer(self.y)))
msg = integer(Conversion.OS2IP(hs1.digest()))
self.z = ((msg ** ((self.p - 1) / self.q)) % self.p)
self.u = None
self.d = None
self.s1 = None
self.s2 = None
def __init__(self, s, b = True):
self.s = s
self.group = IntegerGroupQ()
if b and not self.s.get('p') is None and not self.s.get('q') is None:
self.p = self.group.deserialize(fromBase64(self.s['p']))
self.q = self.group.deserialize(fromBase64(self.s['q']))
self.group.setparam(self.p, self.q)
def setup_key_handler(timestamp: int, number: int, policy: int):
"""
:param timestamp: (int) Timestamp of when the first knowledge proofs should be available on the ledger
:param number: (int) Number of requested credentials
:param policy: (int) The policy that a user is requesting credentials for.
:return: (dict)
"""
resp = []
policy = PolicyModel.query.get(policy)
sigvars = UserModel.query.get(current_user.id).get_sigvar(
timestamp, policy)
if not policy:
raise Exception("Couldn't find policy")
if sigvars:
raise Exception("Key already exists")
for i in range(0, number):
# Retrieve key for particular timestamp and policy combination
time = timestamp + (i * policy.publication_interval * 60
) # publication_interval is in minutes
# If no KeyModel exists for a given policy at a set time we create one
key_model = policy.get_key(time)
if key_model is None:
signer = SignerBlindSignature(IntegerGroupQ())
new = KeyModel(time, policy, signer)
policy.keys.append(new)
new.save_to_db()
policy.save_to_db()
else:
signer = key_model.signer
# Retrieve pubkey and generate challenge to send in the response
pubkey = SigConversion.convert_dict_strlist(signer.get_public_key())
challenge = SigConversion.convert_dict_strlist(signer.get_challenge())
# Save
sigvars = SigVarsModel(timestamp=time,
policy=policy.policy,
u=signer.u,
d=signer.d,
s1=signer.s1,
s2=signer.s2,
user_id=current_user.id)
sigvars.save_to_db()
data = {
'timestamp': time,
'public_key': pubkey,
'challenge': challenge
}
resp.append(data)
return resp
class Protocol:
def __init__(self):
self.groupObj = IntegerGroupQ()
self.groupObj.paramgen(256)
self.signer = SignerBlindSignature(self.groupObj, 0, 0, 256)
self.user = UserBlindSignature(self.signer.get_public_key())
self.verify = BlindSignatureVerifier(self.signer.get_public_key())
self.user = UserBlindSignature(self.signer.get_public_key())
self.sig, self.e, self.message = None, None, None
self.zeta, self.zeta1, self.rho = None, None, None
self.omega, self.sigma1, self.sigma2 = None, None, None
self.delta, self.mu, self.tmp1 = None, None, None
self.tmp2, self.tmp3, self.tmp4 = None, None, None
def setup_method(self, message=None):
key = ECC.generate(curve='P-256')
self.message = Conversion.OS2IP(key.public_key().export_key(
format='DER')) if message is None else message
challenge = self.signer.get_challenge()
self.e = self.user.challenge_response(challenge, self.message)
proofs = self.signer.get_proofs(self.e)
self.sig = self.user.gen_signature(proofs)
def values(self):
self.zeta = self.sig.get('zeta')
self.zeta1 = self.sig.get('zeta1')
self.rho = self.sig.get('rho')
self.omega = self.sig.get('omega')
self.sigma1 = self.sig.get('sigma1')
self.sigma2 = self.sig.get('sigma2')
self.delta = self.sig.get('delta')
self.mu = self.sig.get('mu')
self.tmp1 = (self.verify.g**self.rho) * (
self.verify.y**self.omega) % self.verify.p
self.tmp2 = (self.verify.g**self.sigma1) * (
self.zeta1**self.delta) % self.verify.p
self.tmp3 = (self.verify.h**self.sigma2) * (
(self.zeta / self.zeta1)**self.delta) % self.verify.p
self.tmp4 = (self.verify.z**self.mu) * (self.zeta**
self.delta) % self.verify.p
def __init__(self):
super().__init__(None)
sender_states = {
1: self.sender_state_1,
3: self.sender_state_3,
5: self.sender_state_5,
}
receiver_states = {
2: self.receiver_state_2,
4: self.receiver_state_4,
}
sender_trans = {1: 3, 3: 5}
receiver_trans = {2: 4}
self.group = IntegerGroupQ()
self.group.paramgen(SECURITY_PARAM)
Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True)
Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans)
class Room:
def __init__(self, s, b = True):
self.s = s
self.group = IntegerGroupQ()
if b and not self.s.get('p') is None and not self.s.get('q') is None:
self.p = self.group.deserialize(fromBase64(self.s['p']))
self.q = self.group.deserialize(fromBase64(self.s['q']))
self.group.setparam(self.p, self.q)
def state(self, s):
self.set('state', s)
self.save()
def check(self, v):
try:
return self.get('state') == v
except:
print(v, self.s.get('state'))
return False
def get(self, n, f = None):
if f is None:
f = lambda x: self.group.deserialize(x) if type(x) == bytes else x
return map( f, fromBase64(self.s.get(n)) )
def set(self, n, v, f = None):
if f is None:
f = lambda x: self.group.serialize(x) if type(x) == integer else x
self.s[n] = toBase64( map(f, v) )
def save(self):
self.s.save()
def clear(self):
self.s.clear()
self.s.save()
def get_key(self, timestamp: int) -> KeyModel:
"""
Find a policy key model based on the timestamp given.
:param timestamp: (int)
:return: (KeyModel) or None
"""
key = self.__get_from_list(self.keys, timestamp)
if key is None:
signer = SignerBlindSignature(IntegerGroupQ())
key = KeyModel(timestamp, self.policy, signer)
key.save_to_db()
self.keys.append(key)
self.save_to_db()
return key
def testElGamal(self):
p = integer(
148829018183496626261556856344710600327516732500226144177322012998064772051982752493460332138204351040296264880017943408846937646702376203733370973197019636813306480144595809796154634625021213611577190781215296823124523899584781302512549499802030946698512327294159881907114777803654670044046376468983244647367
)
q = integer(
74414509091748313130778428172355300163758366250113072088661006499032386025991376246730166069102175520148132440008971704423468823351188101866685486598509818406653240072297904898077317312510606805788595390607648411562261949792390651256274749901015473349256163647079940953557388901827335022023188234491622323683
)
groupObj = IntegerGroupQ()
el = ElGamal(groupObj, p, q)
(pk, sk) = el.keygen()
msg = b"hello world!"
cipher1 = el.encrypt(pk, msg)
m = el.decrypt(pk, sk, cipher1)
assert m == msg, "Failed Decryption!!!"
if debug: print("SUCCESSFULLY DECRYPTED!!!")
def decode(self, jsn):
obj = json.loads(jsn)
db = obj.pop('db') if obj.get('db') is not None else None
if isinstance(self, SignerBlindSignature):
new = SignerBlindSignature(IntegerGroupQ())
elif isinstance(self, UserBlindSignature):
new = UserBlindSignature()
else:
raise Exception("Unexpected argument")
for key in obj:
if obj[key] == 'null':
attr_val = None
else:
attr_val = SigConversion.strlist2modint(obj[key])
setattr(new, key, attr_val)
if db:
for key in db:
db[key] = SigConversion.strlist2modint(db[key])
setattr(new, 'db', db)
new.group = IntegerGroupQ()
new.group.setparam(p=new.p, q=new.q)
return new
def __init__(self, p=0, q=0, g=0, num_bits=2048):
# IntegerGroupQ seems to be used as the Schnorr subgroup of order q
self.group = IntegerGroupQ(0)
self.num_bits = num_bits
# Pick or set the Z_p and Z_q groups, along with the
# residuosity parameter 'r' of the generator 'g' of Z_q
if (p == 0 and q != 0) or (p != 0 and q == 0):
raise ValueError('p and q must be either both set or unset')
else:
self.group.p, self.group.q, self.group.r = p, q, 2
self.p = self.group.p
self.q = self.group.q
self.r = self.group.r
self.g = g;
def main():
nr_of_clients = 200
G = IntegerGroupQ()
G.paramgen(1024)
g = G.randomG()
clients_list = [Client(G, g, i) for i in range(nr_of_clients)]
for client in clients_list:
g_v , r = client.proof_x
g_x, id = client.g_x, client.id
hash = G.hash(g, g_v, g_x, id)
assert g_v == (g**r) * (g_x **hash)
g_xs = [client.g_x for client in clients_list]
hashes = []
for client in clients_list:
client.compute_g_y(g_xs)
hashes.append(client.answer())
# print(hashes)
answers = []
for client in clients_list:
assert G.hash(client.g_c_y) == hashes[client.id]
answers.append(client.g_c_y)
print(reduce(lambda x, y: x * y, answers, integer(1, G.p)) % G.p)
class OneOfTwo(Protocol):
def __init__(self):
super().__init__(None)
sender_states = {
1: self.sender_state_1,
3: self.sender_state_3,
5: self.sender_state_5,
}
receiver_states = {
2: self.receiver_state_2,
4: self.receiver_state_4,
}
sender_trans = {1: 3, 3: 5}
receiver_trans = {2: 4}
self.group = IntegerGroupQ()
self.group.paramgen(SECURITY_PARAM)
Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True)
Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans)
def sender_state_1(self):
print('Sender generates random value c and computes C = g ^ c.')
g = self.group.randomGen()
c = self.group.random()
C = g**c
super().setState(3)
super().store(('g', g))
return {'g': g, 'C': C}
def receiver_state_2(self, data):
print('Receiver got C, generates PKs and sends to sender.')
C, g = data['C'], data['g']
k = self.group.random()
super().store(('g', g), ('k', k))
PK_0 = g**k
PK_1 = C / (g**k)
super().setState(4)
return {'PK_0': PK_0, 'PK_1': PK_1}
def sender_state_3(self, data):
PK_0, PK_1 = data['PK_0'], data['PK_1']
print('Sender receives PKs, gets messages and calculates.')
g = self.db['g']
r0 = self.group.random()
r1 = self.group.random()
m0 = b"message 0"
m1 = b"message 1"
super().store(
('m0', m0),
('m1', m1),
)
c0 = (g**r0, xor(get_hash(PK_0**r0), m0).hex())
c1 = (g**r1, xor(get_hash(PK_1**r1), m1).hex())
super().setState(5)
return {'c0': c0, 'c1': c1}
def receiver_state_4(self, data):
c0 = data['c0']
k, = super().get(['k'])
w0 = bytes.fromhex(c0[1])
H = c0[0]**k
decoded_msg = xor(get_hash(H), w0)
super().setState(None)
return {'decoded_msg': decoded_msg.hex()}
def sender_state_5(self, data):
decoded_msg = bytes.fromhex(data['decoded_msg'])
m0, m1 = super().get(['m0', 'm1'])
assert decoded_msg == m0
super().setState(None)
return None
# pylint: disable=invalid-name
"""Implementation Proof of possession algorithm for Cloud Storage."""
import random
import hashlib
from charm.core.math.integer import integer # pylint: disable=no-name-in-module
from charm.toolbox.integergroup import IntegerGroupQ
from utils import Poly, LI_exp
SECURITY_PARAM = 5
G = IntegerGroupQ()
G.paramgen(SECURITY_PARAM)
g = G.randomG()
SECRET_KEY = G.random()
NUM_OF_BLOCKS = 4
NUM_OF_SUBBLOCKS = 4
z = NUM_OF_SUBBLOCKS
def ID(block):
return hashlib.sha512(str(block).encode('utf-8')).hexdigest()
def poly(secret_key, block_id):
"""Yields an secret polynomial Lf over Zq for a given block f."""
random.seed(str(secret_key) + block_id)
return Poly(
[integer(random.randrange(G.q), G.q) for _ in range(NUM_OF_SUBBLOCKS)]) # pylint: disable=not-callable
from charm.toolbox.integergroup import IntegerGroupQ, integer
G = IntegerGroupQ()
G.paramgen(1024)
def generate_sets(number_of_mutual, number_of_x, number_of_y):
mutual_elements = generate_elements(number_of_mutual)
X = generate_elements(number_of_y) + mutual_elements
Y = [e for e in generate_elements(number_of_y) if e not in X] + mutual_elements
return X, Y, mutual_elements
def generate_elements(number_of_elements):
return [G.random() for _ in range(number_of_elements)]
def hash_elements(elements):
return [G.hash(element) for element in elements]
def generate_Gs(X):
# hash each element of the set
gs = hash_elements(X)
# pick a random a
a = G.random()
# generate big G = g ** a
def __init__(self, p=0, q=0):
global group
group = IntegerGroupQ()
group.p, group.q, group.r = p, q, 2
import random
import pdb
from charm.schemes.pkenc.pkenc_rsa import RSA
from charm.toolbox.integergroup import IntegerGroupQ, integer
RSA_LEN = 2048
NUMBER_OF_MESSAGES = 20
SECURITY_PARAM = 20
G = IntegerGroupQ()
G.paramgen(SECURITY_PARAM)
def generate_messages(g, N):
messages = [g**G.random(N) for _ in range(NUMBER_OF_MESSAGES)]
return messages
def generate_RSA_stuff():
pk, sk = RSA().keygen(RSA_LEN)
return sk['d'], pk['N'], pk['e']
def compute_v(x_b, k, e, N):
v = (x_b + (k**e))
return v
def compute_ks(v, random_messages, d):
return [(v - r_msg)**d for r_msg in random_messages]
def setup(security_parameter):
G = IntegerGroupQ()
G.paramgen(security_parameter)
g = G.randomG()
sk = G.random()
return G, g, sk
self.T = list(range(self.N))
self.X = [self.group.random() for _ in range(self.N)]
random.shuffle(self.T)
self.T = self.T[:self.n]
R = [(x, self.S(x) if i in self.T else self.group.random())
for i, x in enumerate(self.X)]
return R
def getValue(self, Q):
A = [xq for i, xq in enumerate(Q) if i in self.T]
value = lagrange_interpolation(A, integer(0, self.group.q))
return value
group = IntegerGroupQ()
group.paramgen(256)
# security parameter
k = 5
degree_of_polynomial = 10
m = 5
start = time.time()
# generate polynomial and masked polynomial with point (0,0)
alice = Alice(group, k, degree_of_polynomial)
bob = Bob(group, k)
# polynomial used to calculate P(A)
class Params:
def __init__(self, p=0, q=0, g=0, num_bits=2048):
# IntegerGroupQ seems to be used as the Schnorr subgroup of order q
self.group = IntegerGroupQ(0)
self.num_bits = num_bits
# Pick or set the Z_p and Z_q groups, along with the
# residuosity parameter 'r' of the generator 'g' of Z_q
if (p == 0 and q != 0) or (p != 0 and q == 0):
raise ValueError('p and q must be either both set or unset')
else:
self.group.p, self.group.q, self.group.r = p, q, 2
self.p = self.group.p
self.q = self.group.q
self.r = self.group.r
self.g = g;
def generate(self, num_bits=None):
# Passing r=2 here, even though it defaults to 2
if num_bits is not None:
self.num_bits = num_bits
self.group.paramgen(self.num_bits, 2)
self.p = self.group.p
self.q = self.group.q
self.r = self.group.r
# Randomly pick a generator g for Z_q
# g \in [0, p), g = h^2 mod p, h \in [0, p)
self.g = self.group.randomG()
def __str__(self):
return str({ 'p': str(self.p), 'q': str(self.q), 'g': str(self.g), 'r': str(self.r), 'num_bits': str(self.num_bits)})
def setParams(self, params=None):
global default
if params is None:
params = default
self.p = params.p
self.q = params.q
self.g = params.g
self.group = params.group
def groupHash(self, msg, r):
msg = Conversion.siginput2integer(msg)
if isinstance(r, integer) == False:
raise TypeError("Expected r to be of type 'integer', got " +
type(r))
return self.group.hash(msg, r)
def serialize(self):
return json.dumps({
'p': serialize(self.p),
'q': serialize(self.q),
'g': serialize(self.g),
'r': str(self.r),
'num_bits': str(self.num_bits)
})
@classmethod
def unserialize(cls, data):
params = json.loads(data)
p = deserialize(params['p'])
q = deserialize(params['q'])
r = int(params['r'])
g = deserialize(params['g'])
num_bits = int(params['num_bits'])
# TODO: assert num_bits is 'correctish' w.r.t. p/q/g
ret = Params(p, q, g, num_bits)
ret.r = r
return ret
def __eq__(self, other):
return isinstance(other, self.__class__) and\
self.group.p == other.group.p and\
self.group.q == other.group.q and\
self.group.r == other.group.r and\
self.p == other.p and\
self.q == other.q and\
getMod(self.g) == getMod(other.g) and\
self.g == other.g
def __ne__(self, other):
return not self.__eq__(other)
from random import shuffle
from charm.toolbox.integergroup import IntegerGroupQ, integer
from charm.core.math.integer import reduce as reduce_mod
from utils import Polynomial, LI
G = IntegerGroupQ()
G.paramgen(1024)
g = G.randomG()
def gen_coeffs(degree):
return [G.random() for _ in range(degree + 1)]
def main():
d_p = 5 # degree of polynomial P
k = 4 # Security parameter and degree of polynomial s
d = k * d_p # degree of polynomials P_x and Q
m = 2
# Sender has polynomial P of degree d_p
P = Polynomial(gen_coeffs(d_p))
# Sender generates random masking polynomial P_x of degree d
P_x = Polynomial(gen_coeffs(d))
# P_x(0) = 0
P_x[0] = integer(0, G.q)
# Sender defines bivariate polynomial Q which holds Q(0,y) = P(y)
Q = lambda x, y: reduce_mod(P_x(x) + P(y))
# Receiver generates alpha
alpha = G.random()
def send(): # event is passed by binders.
"""Handles sending of messages."""
msg = my_msg.get()
my_msg.set("") # Clears input field.
client_socket.send(bytes(msg, "utf8"))
if msg == "{quit}":
client_socket.close()
top.quit()
def on_closing(event=None):
"""This function is to be called when the window is closed."""
my_msg.set("{quit}")
send()
#----Now comes the sockets part----
HOST = "0.0.0.0"
PORT = 33000
BUFSIZ = 1024
ADDR = (HOST, PORT)
G = IntegerGroupQ()
g = None
client_socket = socket(AF_INET, SOCK_STREAM)
client_socket.connect(ADDR)
receive_thread = Thread(target=receive)
receive_thread.start()
print("Verification OK:", p1 == p2)
Protocol.setState(self, None)
return None
if __name__ == "__main__":
p = integer(
156053402631691285300957066846581395905893621007563090607988086498527791650834395958624527746916581251903190331297268907675919283232442999706619659475326192111220545726433895802392432934926242553363253333261282122117343404703514696108330984423475697798156574052962658373571332699002716083130212467463571362679
)
q = integer(
78026701315845642650478533423290697952946810503781545303994043249263895825417197979312263873458290625951595165648634453837959641616221499853309829737663096055610272863216947901196216467463121276681626666630641061058671702351757348054165492211737848899078287026481329186785666349501358041565106233731785681339
)
groupObj = IntegerGroupQ()
sp = Asig(groupObj, p, q, 1024)
if sys.argv[1] == "-s":
print("Operating as signer...")
svr = socket(AF_INET, SOCK_STREAM)
svr.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
svr.bind((HOST, PORT))
svr.listen(1)
svr_sock, addr = svr.accept()
print("Connected by ", addr)
_name, _type, _sock = "signer", SIGNER, svr_sock
elif sys.argv[1] == "-u":
print("Operating as user...")
clt = socket(AF_INET, SOCK_STREAM)
clt.connect((HOST, PORT))
Receiver hides alpha in a univariate polynomial: Receiver chooses random poly S of degree k such that S(0) = alpha Receiver's plan is to use R(x) = Q(x, S(x)) to learn P(alpha) R(0) = Q(0, S(0)) = P(S(0)) = P(alpha) """ import random from charm.toolbox.integergroup import IntegerGroupQ from charm.core.math.integer import integer from charm.core.math.integer import reduce as reduce_modulus from utils import Poly, LI SECURITY_PARAM = 20 G = IntegerGroupQ() G.paramgen(SECURITY_PARAM) g = G.randomGen() k = 4 m = 4 d_p = 12 # Degree of P d = d_p * k # Degree of P_x def main(): # Receiver has alpha. alpha = G.random() # Sender has polynomial P. P = Poly([G.random() for _ in range(d_p + 1)])
class UserBlindSignature(BlindSigner):
"""
This class represents the entity who wishes to have a certain message blindly signed.
"""
def __init__(self, input_=None):
if input_ is not None:
self.p = input_.get('p')
self.q = input_.get('q')
self.g = input_.get('g')
self.y = input_.get('y')
self.h = input_.get('h')
self.z = input_.get('z')
self.group = IntegerGroupQ()
self.group.setparam(p=self.p, q=self.q)
self.db = input_.get('db')
if self.db is None:
self.db = {}
def __store__(self, *args):
for i in args:
if isinstance(i, tuple):
self.db[i[0]] = i[1]
return None
def __get__(self, keys, _type=tuple):
if not type(keys) == list:
return
if _type == tuple:
ret = []
else:
ret = {}
# get the data
for i in keys:
if _type == tuple:
ret.append(self.db[i])
else: # dict
ret[i] = self.db[i]
# return data
if _type == tuple:
return tuple(ret)
return ret
def challenge_response(self, input, message):
rnd = input.get('rnd')
a = input.get('a')
b1 = input.get('b1')
b2 = input.get('b2')
msg = integer(Conversion.OS2IP(SHA1(Conversion.IP2OS(rnd))))
z1 = (msg ** ((self.p - 1) / self.q)) % self.p
gamma = self.group.random()
tau = self.group.random()
t1 = self.group.random()
t2 = self.group.random()
t3 = self.group.random()
t4 = self.group.random()
t5 = self.group.random()
zeta = self.z ** gamma
zeta1 = z1 ** gamma
zeta2 = zeta / zeta1
alpha = a * (self.g ** t1) * (self.y ** t2) % self.p
beta1 = (b1 ** gamma) * (self.g ** t3) * (zeta1 ** t4) % self.p
beta2 = (b2 ** gamma) * (self.h ** t5) * (zeta2 ** t4) % self.p
eta = self.z ** tau
epsilon = integer(hash_int([zeta, zeta1, alpha, beta1, beta2, eta, message])) % self.q
e = (epsilon - t2 - t4) % self.q
self.__store__(self, ('z1', z1), ('zeta', zeta), ('zeta1', zeta1))
self.__store__(self, ('zeta2', zeta2), ('alpha', alpha), ('beta1', beta1), ('beta2', beta2))
self.__store__(self, ('t1', t1), ('t2', t2), ('t3', t3), ('t4', t4), ('t5', t5))
self.__store__(self, ('gamma', gamma), ('tau', tau), ('eta', eta))
return {'e': e}
def gen_signature(self, proofs: dict) -> dict:
r = proofs.get('r')
c = proofs.get('c')
d = proofs.get('d')
s1 = proofs.get('s1')
s2 = proofs.get('s2')
(zeta, zeta1, z, z1) = self.__get__(['zeta', 'zeta1', 'zeta2', 'z1'])
(t1, t2, t3, t4, t5) = self.__get__(['t1', 't2', 't3', 't4', 't5'])
(gamma, tau, eta) = self.__get__(['gamma', 'tau', 'eta'])
rho = (r + t1) % self.q
omega = (c + t2) % self.q
sigma1 = ((gamma * s1) + t3) % self.q
sigma2 = ((gamma * s2) + t5) % self.q
delta = (d + t4) % self.q
mu = (tau - (delta * gamma)) % self.q
return {'zeta': zeta, 'zeta1': zeta1, 'rho': rho, 'omega': omega,
'sigma1': sigma1, 'sigma2': sigma2, 'delta': delta, 'mu': mu}
def __init__(self):
global group
group = IntegerGroupQ(0)
