Example #1
0
def test_construct_root():
    H = lambda x, y, i: x - y
    minus_tree = list(hash_tree(H, range(16)))
    for i in range(16):
        leaf = minus_tree[0][i]
        path = auth_path(minus_tree, i)
        assert construct_root(H, path, leaf, i) == minus_tree[-1][0]
Example #2
0
 def keygen(self, seed, masks):
     assert len(seed) == self.n // 8
     assert len(masks) >= 2 * self.tau
     sk = self.Gt(seed)
     sk = chunkbytes(sk, self.n // 8)
     L = list(map(self.F, sk))
     H = lambda x, y, i: self.H(xor(x, masks[2*i]), xor(y, masks[2*i+1]))
     return root(hash_tree(H, L))
Example #3
0
 def keygen_pub(self, SK1, Q):
     addresses = [self.address(self.d - 1, 0, i)
                  for i in range(1 << (self.h//self.d))]
     leafs = [self.wots_leaf(A, SK1, Q) for A in addresses]
     Qtree = Q[2 * ceil(log(self.wots.l, 2)):]
     H = lambda x, y, i: self.H(xor(x, Qtree[2*i]), xor(y, Qtree[2*i+1]))
     PK1 = root(hash_tree(H, leafs))
     return PK1
Example #4
0
 def keygen_pub(self, SK1, Q):
     addresses = [self.address(self.d - 1, 0, i)
                  for i in range(1 << (self.h//self.d))]
     leafs = [self.wots_leaf(A, SK1, Q) for A in addresses]
     Qtree = Q[2 * ceil(log(self.wots.l, 2)):]
     H = lambda x, y, i: self.H(xor(x, Qtree[2*i]), xor(y, Qtree[2*i+1]))
     PK1 = root(hash_tree(H, leafs))
     return PK1
Example #5
0
 def keygen(self, seed, masks):
     assert len(seed) == self.n // 8
     assert len(masks) >= 2 * self.tau
     sk = self.Gt(seed)
     sk = chunkbytes(sk, self.n // 8)
     L = list(map(self.F, sk))
     H = lambda x, y, i: self.H(xor(x, masks[2 * i]),
                                xor(y, masks[2 * i + 1]))
     return root(hash_tree(H, L))
Example #6
0
 def wots_path(self, a, SK1, Q, subh):
     ta = dict(a)
     leafs = []
     for subleaf in range(1 << subh):
         ta['leaf'] = subleaf
         leafs.append(self.wots_leaf(self.address(**ta), SK1, Q))
     Qtree = Q[2 * ceil(log(self.wots.l, 2)):]
     H = lambda x, y, i: self.H(xor(x, Qtree[2*i]), xor(y, Qtree[2*i+1]))
     tree = list(hash_tree(H, leafs))
     return auth_path(tree, a['leaf']), root(tree)
Example #7
0
 def wots_path(self, a, SK1, Q, subh):
     ta = dict(a)
     leafs = []
     for subleaf in range(1 << subh):
         ta['leaf'] = subleaf
         leafs.append(self.wots_leaf(self.address(**ta), SK1, Q))
     Qtree = Q[2 * ceil(log(self.wots.l, 2)):]
     H = lambda x, y, i: self.H(xor(x, Qtree[2*i]), xor(y, Qtree[2*i+1]))
     tree = list(hash_tree(H, leafs))
     return auth_path(tree, a['leaf']), root(tree)
Example #8
0
 def sign(self, m, seed, masks):
     assert len(m) == self.m // 8
     assert len(seed) == self.n // 8
     assert len(masks) >= 2 * self.tau
     sk = self.Gt(seed)
     sk = chunkbytes(sk, self.n // 8)
     L = list(map(self.F, sk))
     H = lambda x, y, i: self.H(xor(x, masks[2*i]), xor(y, masks[2*i+1]))
     tree = hash_tree(H, L)
     trunk = list(itertools.islice(tree, 0, self.tau - self.x))
     sigma_k = next(tree)
     M = self.message_indices(m)
     pk = root(tree)
     # the SPHINCS paper suggests to put sigma_k at the end of sigma
     # but the reference code places it at the front
     return ([(sk[Mi], auth_path(trunk, Mi)) for Mi in M] + [sigma_k], pk)
Example #9
0
 def sign(self, m, seed, masks):
     assert len(m) == self.m // 8
     assert len(seed) == self.n // 8
     assert len(masks) >= 2 * self.tau
     sk = self.Gt(seed)
     sk = chunkbytes(sk, self.n // 8)
     L = list(map(self.F, sk))
     H = lambda x, y, i: self.H(xor(x, masks[2 * i]),
                                xor(y, masks[2 * i + 1]))
     tree = hash_tree(H, L)
     trunk = list(itertools.islice(tree, 0, self.tau - self.x))
     sigma_k = next(tree)
     M = self.message_indices(m)
     pk = root(tree)
     # the SPHINCS paper suggests to put sigma_k at the end of sigma
     # but the reference code places it at the front
     return ([(sk[Mi], auth_path(trunk, Mi)) for Mi in M] + [sigma_k], pk)
Example #10
0
 def verify(self, m, sig, masks):
     assert len(m) == self.m // 8
     assert len(masks) >= 2 * self.tau
     M = self.message_indices(m)
     H = lambda x, y, i: self.H(xor(x, masks[2*i]), xor(y, masks[2*i+1]))
     sigma_k = sig[-1]
     for (sk, path), Mi in zip(sig, M):
         leaf = self.F(sk)
         r = construct_root(H, path, leaf, Mi)
         # there is an error in the SPHINCS paper for this formula, as it
         # states that y_i = floor(M_i / 2^tau - x)
         # rather than y_i = floor(M_i / 2^{tau - x})
         yi = Mi // (1 << (self.tau - self.x))
         if r != sigma_k[yi]:
             return False
     Qtop = masks[2*(self.tau - self.x):]
     H = lambda x, y, i: self.H(xor(x, Qtop[2*i]), xor(y, Qtop[2*i+1]))
     return root(hash_tree(H, sigma_k))
Example #11
0
 def verify(self, m, sig, masks):
     assert len(m) == self.m // 8
     assert len(masks) >= 2 * self.tau
     M = self.message_indices(m)
     H = lambda x, y, i: self.H(xor(x, masks[2 * i]),
                                xor(y, masks[2 * i + 1]))
     sigma_k = sig[-1]
     for (sk, path), Mi in zip(sig, M):
         leaf = self.F(sk)
         r = construct_root(H, path, leaf, Mi)
         # there is an error in the SPHINCS paper for this formula, as it
         # states that y_i = floor(M_i / 2^tau - x)
         # rather than y_i = floor(M_i / 2^{tau - x})
         yi = Mi // (1 << (self.tau - self.x))
         if r != sigma_k[yi]:
             return False
     Qtop = masks[2 * (self.tau - self.x):]
     H = lambda x, y, i: self.H(xor(x, Qtop[2 * i]), xor(
         y, Qtop[2 * i + 1]))
     return root(hash_tree(H, sigma_k))
Example #12
0
def test_sum_tree():
    sum_tree = list(hash_tree(lambda x, y, i: x + y, range(16)))
    assert sum_tree[-1][0] == sum(range(16))
Example #13
0
def test_auth_path():
    tree = list(hash_tree(lambda x, y, i: x >> 1, range(15, 31)))
    assert list(auth_path(tree, 5)) == [19, 10, 3, 2]