def distributed_Paillier_key_generation(self):
self.generator = self.N + 1
self.modulus_KN = self.secure_K * self.N
self.modulus_KKN = self.secure_K * self.secure_K * self.N
random_state = gmpy2.random_state(int(time.time() * 100000))
self.beta = gmpy2.mpz_random(random_state, self.modulus_KN)
random_state = gmpy2.random_state(int(time.time() * 100000))
self.ri = gmpy2.mpz_random(random_state, self.modulus_KKN)
self.ri_delta = self.delta * self.ri
self.pq_sum = self.pi + self.qi
self.send_pq_sum(self.pq_sum)
pq_sum_list = self.receive_pq_sum_list()
self.phi = self.N + 1 - pq_sum_list[0] - pq_sum_list[1] - pq_sum_list[2]
self.thetai = self.delta * self.phi * self.beta + self.N * self.delta * self.ri
self.send_thetai(self.thetai)
thetai_list = self.receive_thetai_list()
self.theta = thetai_list[0] + thetai_list[1] + thetai_list[2]
self.fi = self.N * self.Ri_sharing(self.ri_delta,
self.modulus_KKN) - self.theta
# verification key
self.r_vk = self.gen_coprime(self.N * self.N)
self.vk = gmpy2.powmod(self.r_vk, 2, self.N * self.N)
self.vki = gmpy2.powmod(self.vk, self.delta * self.fi, self.N * self.N)
def generate_random(bit_size, include_negative_range, seeded, full_range):
global global_random_state
if not seeded or global_random_state is None:
global_random_state = gmpy2.random_state()
x = zero
if full_range:
x = gmpy2.mul_2exp(one, bit_size - 1)
tmp = 0
if bit_size < 33:
tmp = gmpy2.mpz_random(global_random_state, RAND_MAX)
temp = (1 << bit_size)
x = gmpy2.f_mod(tmp, temp)
if include_negative_range:
tmp = gmpy2.mul_2exp(one, bit_size - 1)
x = gmpy2.sub(x, tmp)
return x
for i in range(bit_size - 32, 0 - 1, -32):
tmp = gmpy2.mpz_random(global_random_state, RAND_MAX)
tmp = gmpy2.mul_2exp(tmp, i)
x = gmpy2.add(x, tmp)
x = gmpy2.add(x, gmpy2.mpz_random(global_random_state, RAND_MAX))
if include_negative_range:
tmp = gmpy2.mul_2exp(one, bit_size - 1)
x = gmpy2.sub(x, tmp)
return mpz(x)
def __init__(self,prime,prim_root,random_state):
self.p=mpz(prime)
self.g=mpz(prim_root)
self.k1=gmpy2.mpz_random(random_state,prime)
self.x1=gmpy2.powmod(self.g,self.k1,self.p)
self.k11=gmpy2.mpz_random(random_state,prime)
self.x11=gmpy2.powmod(self.g,self.k1,self.p)
def elliptical_curve(n, process_id):
# I decided not to finish the implementation of this algo as the learning curve for implementation was steep
# and not worth it. I left this code here to show that I tried though.
print("Pollard p-1 Part 2: The Lenstra Boogolo")
print(process_id, "ECM Called")
# vars to maintain the generation loop
coor_x, coor_y = 0, 0
# generate curve
# TODO: Not sure if these random ranges are correct
coor_x, coor_y = gmpy2.mpz_random(gmpy2.random_state(),
n), gmpy2.mpz_random(
gmpy2.random_state(), n)
a = gmpy2.mpz_random(gmpy2.random_state(), n)
# b = y^2 - ax - x^3
b = gmpy2.f_mod((coor_y * coor_y - a * coor_x - coor_x * coor_x * coor_x),
n)
# TODO: The wikipedia says there's checks you can do for the curve at this point by I don't want to put in the
# effort, however this note is here as a reminder in case things aren't working
# (while loop to check this stuff?)
# is this the right check? (delta)
# generate point
curr_x = coor_x
curr_y = coor_y
# range to loop to
current = 2
work_limit = random.randint(10000000, 1000000000)
# loop to do the monster math
# TODO: loop to do the actual ECM stuff
# return value since this is broken and un finished
return 1
def share(x, N):
# P1
random_state = gmpy2.random_state(int(time.time() * 10000))
x1 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
x2 = gmpy2.mpz_random(random_state, N)
x3 = (x - x1 - x2) % N
return [x1, x2, x3]
def mult(share_tuple, N):
share_sum = (share_tuple[0] + share_tuple[1] + share_tuple[2]) % N
share_sum_square = (share_sum * share_sum) % N
random_state = gmpy2.random_state(int(time.time() * 10000))
share1 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
share2 = gmpy2.mpz_random(random_state, N)
share0 = (share_sum_square - share1 - share2) % N
return [share0, share1, share2]
def enc(pub, plain): #(public key, plaintext)
cipher = mpz()
r = mpz_random(rand, pub.n)
while (gcd(r, pub.n) != 1):
r = mpz_random(rand, pub.n)
cipher = powmod(
mul(powmod(pub.g, plain, pub.n_sq), powmod(r, pub.n, pub.n_sq)), 1,
pub.n_sq)
return cipher
def generate_keys(q, p, g):
# generates private key x and public key y
x = gmp.mpz_random(gmp.random_state(random.randint(0, 367263292)), q)
while x == 0:
x = gmp.mpz_random(random.randint(0, 367263292), q)
y = gmp.powmod(g, x, p)
return x, y
def pick_pq(self):
pq = mpz(2)
random_state = gmpy2.random_state(int(time.time()*100000))
if self.PartyIndex == 1:
while gmpy2.f_mod(pq, 4) != 3 or (pq - pow(2, self.KeyLength - 1) <= 0):
pq = gmpy2.mpz_random(random_state, pow(2, self.KeyLength))
else:
while gmpy2.f_mod(pq, 4) != 0 or (pq - pow(2, self.KeyLength - 1) <= 0):
pq = gmpy2.mpz_random(random_state, pow(2, self.KeyLength))
return pq
def ranp(N):
# P1
random_state = gmpy2.random_state(int(time.time() * 10000))
a11 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
a12 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10002))
a13 = gmpy2.mpz_random(random_state, N)
# P2
random_state = gmpy2.random_state(int(time.time() * 10000))
a21 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
a22 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10002))
a23 = gmpy2.mpz_random(random_state, N)
# P3
random_state = gmpy2.random_state(int(time.time() * 10000))
a31 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
a32 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10002))
a33 = gmpy2.mpz_random(random_state, N)
# compute sharing
a1 = (a11 + a21 + a31) % N
a2 = (a12 + a22 + a32) % N
a3 = (a13 + a23 + a33) % N
return (a1, a2, a3)
def PRandFld(modulus):
# P1
random_state = gmpy2.random_state(int(time.time() * 10000))
a1 = gmpy2.mpz_random(random_state, int(modulus/3))
# P2
random_state = gmpy2.random_state(int(time.time() * 10000))
a2 = gmpy2.mpz_random(random_state, int(modulus/3))
# P3
random_state = gmpy2.random_state(int(time.time() * 10000))
a3 = gmpy2.mpz_random(random_state, int(modulus/3))
return (a1, a2, a3)
def encrypt(pub, plain):
one = gmpy2.mpz(1)
state = gmpy2.random_state(int_time())
r = gmpy2.mpz_random(state, pub.n)
while gmpy2.gcd(r, pub.n) != one:
state = gmpy2.random_state(int_time())
r = gmpy2.mpz_random(state, pub.n)
x = gmpy2.powmod(r, pub.n, pub.n_sq)
cipher = gmpy2.f_mod(gmpy2.mul(gmpy2.powmod(pub.g, plain, pub.n_sq), x),
pub.n_sq)
return cipher
def generate_secret_key(self):
tmp = mpz()
self.sk = gmpy2.mul_2exp(1, eta - 1)
random_state = gmpy2.random_state(mpz(time.time()))
i = eta - 32
while i >= 0:
tmp = gmpy2.mpz_random(random_state, RAND_MAX)
tmp = gmpy2.mul_2exp(tmp, i)
self.sk += tmp
i -= 32
self.sk += gmpy2.mpz_random(random_state, RAND_MAX)
self.sk = mpz(self.sk * 2 + 1)
def solver():
(e, d, N) = rsa_init(e=3)
original_message = "A" * 20
enc = encrypt(original_message, e, N)
msg = mpz(a2h(original_message), base=16)
s = mpz_random(rstate, N)
while s < 2:
s = mpz_random(rstate, N)
new_enc = t_mod(pow(s, e, N) * enc, N)
assert new_enc != enc
dec = decrypt(new_enc, d, N)
assert msg == t_mod(dec * invert(s, N), N)
return
def process_f(N):
while True:
j = gmpy2.mpz_random(random_state, int(lg(N))) + 1
r = gmpy2.mpz_random(random_state, 2**j)
q = 2**j + r
if q > N:
continue
p, alpha = prime_power(q)
if not p:
continue
l = gmpy2.mpfr_random(random_state)
if l < delta_n(N, p, alpha) * 2**int(lg(q)):
return p, alpha
def gen_keys():
rs = gmpy2.random_state(hash(gmpy2.random_state()))
P = gmpy2.mpz_urandomb(rs, mpz('128'))
P = gmpy2.next_prime(P)
Q = gmpy2.mpz_urandomb(rs, mpz('128'))
Q = gmpy2.next_prime(Q)
N = P*Q
Fi = (P-1)*(Q-1)
Pkey = gmpy2.mpz_random(rs, Fi)
while not (gmpy2.gcd(Fi, Pkey) == 1):
Pkey = gmpy2.mpz_random(rs, Fi)
Skey = gmpy2.invert(Pkey, Fi)
assert gmpy2.t_mod(Skey*Pkey,Fi) == 1
return Pkey, Skey, N
def new_prime(n_bits=1024):
"""
is_prime: Miller-Rabin's test (default=25 times)
"""
upper_bound = gmpy2.mpz(2**n_bits)
state = gmpy2.random_state(int_time())
rand_num = gmpy2.mpz_random(state, upper_bound)
rand_num = gmpy2.bit_set(rand_num, n_bits - 1)
while not gmpy2.is_prime(rand_num):
state = gmpy2.random_state(int_time())
rand_num = gmpy2.mpz_random(state, upper_bound)
rand_num = gmpy2.bit_set(rand_num, n_bits - 1)
return rand_num
def _generate_random_number(self):
"""
:return: random number
"""
rstate = random_state()
r = randint(40, 100)
return f_mod(mpz_random(rstate, 2 << r).bit_set(0).bit_set(r), self.N)
def generate_sparse_matrix(u_1, modified_secret_key, x_p):
global global_random_state
seed = mpz(time.time())
global_random_state = gmpy2.random_state(seed)
Theta_vector = [0 for _ in range(Theta)]
for i in range(1, Theta):
Theta_vector[i] = generate_random(kappa + 1, False, True, False)
modified_secret_key[0] = True
for i in range(1, Theta):
modified_secret_key[i] = False
count = theta - 1
gmpy2.random_state()
while count > 0:
index = gmpy2.mpz_random(global_random_state, RAND_MAX) % Theta
if not modified_secret_key[index]:
modified_secret_key[index] = True
count -= 1
sum_ = zero
temp = gmpy2.mul_2exp(one, kappa + 1)
for i in range(1, Theta):
if modified_secret_key[i]:
sum_ = gmpy2.add(sum_, Theta_vector[i])
sum_ %= temp
u_1 = gmpy2.sub(x_p, sum_)
if u_1 < zero:
u_1 = gmpy2.add(temp, u_1)
return mpz(seed), mpz(u_1)
def mult_share(share_tuple_1, share_tuple_2, N):
if not isinstance(share_tuple_1, list):
share_1 = share_tuple_1
else:
share_1 = (share_tuple_1[0] + share_tuple_1[1] + share_tuple_1[2]) % N
if not isinstance(share_tuple_2, list):
share_2 = share_tuple_2
else:
share_2 = (share_tuple_2[0] + share_tuple_2[1] + share_tuple_2[2]) % N
share_mult = (share_1 * share_2) % N
random_state = gmpy2.random_state(int(time.time() * 10000))
share1 = gmpy2.mpz_random(random_state, N)
random_state = gmpy2.random_state(int(time.time() * 10001))
share2 = gmpy2.mpz_random(random_state, N)
share0 = (share_mult - share1 - share2) % N
return [share0, share1, share2]
def step_2():
a = gmpy2.mpz_random(rstate, N)
A = powmod(g, a, N)
Client['A'] = A
Client['a'] = a
Client['M'] = M
return (M, A)
def algorithmRabin_Miller(n, s): random_state = gmpy2.random_state(int(round(time() * 1000))) for j in range (1, s+1): a = gmpy2.mpz_random(random_state, n) if algorithmWitness(a, n) == 1: return 1 return 0
def step_3(M, A):
Server['M'] = M
Server['A'] = A
b = gmpy2.mpz_random(rstate, N)
B = (k * Server['v']) + powmod(g, b, N)
Server['b'] = b
Server['B'] = B
return (Server['salt'], B)
def generate_keys(prime=PRIME):
while True:
e = gmpy2.mpz_random(state, prime - 2)
if gmpy2.gcd(e, prime - 1) == 1 and e > 2:
break
d = gmpy2.invert(e, prime - 1)
# return encryption and decryption keys
return e, d
def genKeys(p, q, g, B=None):
priv = None
if B is None:
d = mpz_random(rstate, q - 1) + 1
priv = d
B = pow(g, d, p)
pub = (p, q, g, B)
return (pub, priv)
def genP(L, q):
minK = (pow(2, L - 1) + (q - 1)) // q
maxK = (pow(2, L) - 1) // q
while True:
k = mpz_random(rstate, maxK - minK) + minK
p = k * q + 1
if is_prime(p):
return (k, p)
def KeyGen(self):
p = self.PP['p']
g = self.PP['g']
state = self.random_state
x = gmpy2.mpz_random(state, 999)
g_x = g**x
return {'pk': g_x, 'sk': x}
def KeyGen(self, PP):
p = PP['p']
g = PP['g']
state = self.random_state
x = gmpy2.mpz_random(state, random_SIZE)
g_x = g**x
return {'pk': g_x, 'sk': x}
def primoRelativo(self, phi):
x = 0
mdc = 0
seed = gmpy2.random_state(int(datetime.now().microsecond))
while mdc != 1:
x = gmpy2.mpz_random(seed,phi ) + 1
mdc = self.euclides(x, phi)
return x
def gen_keys():
rs = gmpy2.random_state(hash(gmpy2.random_state()))
P = gmpy2.mpz_urandomb(rs, mpz('256'))
P = gmpy2.next_prime(P)
Q = gmpy2.mpz_urandomb(rs, mpz('256'))
Q = gmpy2.next_prime(Q)
N = P*Q
Fi = (P-1)*(Q-1)
Pkey = gmpy2.mpz_random(rs, Fi)
while not (gmpy2.gcd(Fi, Pkey) == 1):
Pkey = gmpy2.mpz_random(rs, Fi)
Skey = gmpy2.invert(Pkey, Fi)
print('Публичный ключ: ')
print(Pkey)
print('Приватный ключ:')
print(Skey)
print('N:')
print(N)
def process_f_with_multiplicative_group(N):
while True:
j = gmpy2.mpz_random(random_state, int(lg(N))) + 1
r = gmpy2.mpz_random(random_state, 2**j)
if j < threshold_bits:
# For small numbers, run the old process_f
# Multiplicative group hint can be computed later
r = gmpy2.mpz_random(random_state, 2**j)
q = 2**j + r
if q > N:
continue
p, alpha = prime_power(q)
if not p:
continue
l = gmpy2.mpfr_random(random_state)
if l < delta_n(N, p, alpha) * 2**int(lg(q)):
return p, alpha, {}
else:
# Generate a random factored number between (2 ** j - 1) and (2 ** (j + 1) - 2)
# This is so that we get the multiplicative group of q
x, xf = process_r(2**(j + 1) - 2)
q = x + 1
if q > N:
continue
p, alpha = prime_power(q)
if not p:
continue
l = gmpy2.mpfr_random(random_state)
if l < delta_n(N, p, alpha) * 2**int(lg(q)):
if alpha == 1:
phi_hint = xf
else:
# This is a special case: in this case xf isn't the multiplicative group
# But luckily since p^alpha - 1 = (p - 1) * (1 + p + ... + p^(alpha - 1))
# we will still have all the factors to get the factorisation of p - 1
phi_hint = []
remaining_x = x
for f in xf:
if remaining_x % f == 0:
phi_hint.append(f)
remaining_x /= f
if remaining_x == 1:
break
return p, alpha, {p: phi_hint}
def generate_keypair(seed: int):
rand_state = seed
# m = bytes_to_long(input.encode('utf-8'))
p, q = generate_prime(bit_count,
rand_state), generate_prime(bit_count, rand_state)
flag = good_pair(p, q)
while not flag:
p, q = generate_prime(bit_count, rand_state), generate_prime(
bit_count, rand_state)
flag = good_pair(p, q)
n = gmpy2.mul(p, q)
phi = gmpy2.mul(p - 1, q - 1)
# print("p:", p)
# print("q:", q)
print("n:", n)
# print("phi:", phi)
e = gmpy2.mpz_random(rand_state, phi)
while e <= 1 or gmpy2.gcd(e, phi) != 1:
e = gmpy2.mpz_random(rand_state, phi)
assert (e > 1)
assert (gmpy2.gcd(e, phi) == 1)
d = gmpy2.invert(e, phi)
assert (d != 1)
assert (gmpy2.t_mod(e * d, phi) == 1)
# print("PK(e):", e)
# print("SK(d):", d)
return {
'public': {
'n': n,
'e': e,
},
'private': {
'n': n,
'd': d,
}
}
def aby_prng(Len):
"""Generates a random mpz with bitlength Len."""
global global_random_state
if global_random_state is None:
global_random_state = gmpy2.random_state(int(time.time()))
result = mpz(0)
for i in range(Len):
if gmpy2.mpz_random(global_random_state, 2) == 1:
result += gmpy2.exp2(i)
return mpz(result)
def get_random_int(n):
i = random.randint(0,2**30) # better random nunber generator
return gmpy2.mpz_random(gmpy2.random_state(i), n)
def randg(n):
y = gmpy2.mpz_random(rs, n)
while gmpy2.gcd(y, n) != 1:
y = gmpy2.mpz_random(rs, n)
return y
def RandomInteger(Min = rand_min, Max = rand_max): return Min + gmpy2.mpz_random(random_state, Max - Min + 1)
def get_prime(length):
a = gmpy2.mpz_random(rstate,2<<length).bit_set(0).bit_set(length)
while not gmpy2.is_prime(a):
a = a+2
return a
def gerarPrimo(self, limInf, limSup):
seed = gmpy2.random_state(int(datetime.now().microsecond))
primo = gmpy2.mpz_random(seed,(limSup - limInf + 1)) + limInf
while not gmpy2.is_prime(primo):
primo = gmpy2.mpz_random(seed,(limSup - limInf + 1)) + limInf
return primo
