def test_tv(self):
""" Test using test vectors """
for vector in self.tv:
r = bytes.fromhex(vector["R"])
e = bytes.fromhex(vector["E"])
x = bytes.fromhex(vector["X"])
p_golden = bytes.fromhex(vector["P"])
p = schnorr.prove(r, e, x)
self.assertEqual(p, p_golden)
def generate_key_material_zkp(rng, key_material, ID, AD=None):
""" Generate ZK Proofs for key material
Generate a commitment to the ECDSA PK, a Schnorr's
Proof for the ECDSA PK and a factoring Proof for the
Paillier PK
The key material dictionary must have keys:
* paillier_sk
* paillier_pk
* ecdsa_sk
* ecdsa_pk
Args::
rng: pointer to CSPRNG
key_material: dictionary with the key material
Returns::
r: secret value for the ECDSA PK commitment
c: commitment for the ECDSA PK
sc: commitment for the Schnorr's Proof
sp: Schnorr's Proof
fe: Factoring Proof. First component
fy: Factoring Proof. Second component
"""
# Commit to ECDSA PK
r, c = commitments.nm_commit(rng, key_material['ecdsa_pk'])
# Generate Schnorr's proof for ECDSA PK
sr, sc = schnorr.commit(rng)
e = schnorr.challenge(key_material['ecdsa_pk'], sc, ID, AD=AD)
sp = schnorr.prove(sr, e, key_material['ecdsa_sk'])
# Generate ZKP of knowledge of factorization for
# Paillier key pair
psk_p, psk_q = mpc.mpc_dump_paillier_sk(key_material['paillier_sk'])
fe, fy = factoring_zk.prove(rng, psk_p, psk_q, ID, ad=AD)
return r, c, sc, sp, fe, fy
x_hex = "fab4ce512dff74bd9c71c89a14de5b877af45dca0329ee3fcb72611c0784fef3"
V_hex = "032cf4b348c9d00718f01ed98923e164df53b5e8bc4c2250662ed2df784e1784f4"
ID = b"unique_user_identifier"
AD_hex = "d7d3155616778fb436a1eb2070892205"
if __name__ == "__main__":
r = bytes.fromhex(r_hex)
x = bytes.fromhex(x_hex)
V = bytes.fromhex(V_hex)
AD = bytes.fromhex(AD_hex)
# Generate quantities for benchmark
r, C = schnorr.commit(None, r)
e = schnorr.challenge(V, C, ID, AD=AD)
p = schnorr.prove(r, e, x)
# Check consistency of the generated quantities
assert schnorr.verify(V, C, e, p) == schnorr.OK
# Run benchmark
fncall = lambda: schnorr.commit(None, r)
time_func("commit ", fncall, unit="us")
fncall = lambda: schnorr.challenge(V, C, ID, AD=AD)
time_func("challenge", fncall, unit="us")
fncall = lambda: schnorr.prove(r, e, x)
time_func("prove ", fncall, unit="us")
fncall = lambda: schnorr.verify(V, C, e, p)
alpha2 = mpc.mpc_mta_client2(key_material2['paillier_sk'], cb)
# Partial sums
print("[Alice] Combine partial sum sigma1 for kw")
sigma1 = mpc.mpc_sum_mta(k1, key_material1['ecdsa_sk'], alpha1, beta1)
print("[Bob] Combine partial sum sigma2 for kw")
sigma2 = mpc.mpc_sum_mta(k2, key_material2['ecdsa_sk'], alpha2, beta2)
## Decommitment and Proofs for R component
# Generate Schnorr's Proofs
print("[Alice] Generate Schnorr's Proof")
GAMMA_schnorr_r1, GAMMA_schnorr_c1 = schnorr.commit(rng)
GAMMA_schnorr_e1 = schnorr.challenge(GAMMA1, GAMMA_schnorr_c1, alice_id, AD = alice_ad)
GAMMA_schnorr_p1 = schnorr.prove(GAMMA_schnorr_r1, GAMMA_schnorr_e1, gamma1)
print("[Bob] Generate Schnorr's Proof")
GAMMA_schnorr_r2, GAMMA_schnorr_c2 = schnorr.commit(rng)
GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD = bob_ad)
GAMMA_schnorr_p2 = schnorr.prove(GAMMA_schnorr_r2, GAMMA_schnorr_e2, gamma2)
print("[Alice] Transmit decommitment and Schnorr Proof for GAMMA1")
print("[Bob] Transmit decommitment and Schnorr Proof for GAMMA2")
# Decommit GAMMAi and verify Schnorr Proof
rc = commitments.nm_decommit(GAMMA2, GAMMAR2, GAMMAC2)
assert rc == commitments.OK, f'[Alice] Error decommitting GAMMA2. rc {rc}'
GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD=bob_ad)
rc = schnorr.verify(GAMMA2, GAMMA_schnorr_c2, GAMMA_schnorr_e2, GAMMA_schnorr_p2)
# Generate commitment C = r.G, r random in [0, ..., q]
r, C = schnorr.commit(rng)
print("\n[Prover] Commitment C = r.G")
print(f"\tr = {r.hex()}")
print(f"\tC = {C.hex()}")
# Generate deterministic challenge e = H(G, V, C, ID, AD)
e = schnorr.challenge(V, C, ID, AD=AD)
print("\n[Prover] Deterministic Challenge e = H(G, V, C, ID, AD)")
print(f"\te = {e.hex()}")
# Generate proof p = r - ex mod q
p = schnorr.prove(r, e, x)
print("\n[Prover] Generate proof p = r - ex")
print(f"\tp = {p.hex()}")
# Verifier regenerates deterministic challenge
e = schnorr.challenge(V, C, ID, AD=AD)
print("\n[Verifier] Deterministic Challenge e = H(G, V, C, ID, AD)")
print(f"\te = {e.hex()}")
# Verify
rc = schnorr.verify(V, C, e, p)
print("\n[Verifier] Verify proof p")
if rc == schnorr.OK:
print("\tSuccess")