def test_blog_post():
# Define an EC group
G = EcGroup(713)
print (EcGroup.list_curves()[713])
order = G.order()
## Define the Zero-Knowledge proof statement
zk = ZKProof(G)
g, h = zk.get(ConstGen, ["g", "h"])
x, o = zk.get(Sec, ["x", "o"])
Cxo = zk.get(ConstGen, "Cxo")
zk.add_proof(Cxo, x*g + o*h)
## Render the proof statement in Latex
print(zk.render_proof_statement())
# A concrete Pedersen commitment
ec_g = G.generator()
ec_h = order.random() * ec_g
bn_x = order.random()
bn_o = order.random()
ec_Cxo = bn_x * ec_g + bn_o * ec_h
## Bind the concrete variables to the Proof
env = ZKEnv(zk)
env.g, env.h = ec_g, ec_h
env.Cxo = ec_Cxo
env.x = bn_x
env.o = bn_o
# Create the Non-Interactive Zero-Knowledge (NIZK) proof
sig = zk.build_proof(env.get())
# Execute the verification on the proof 'sig'
env = ZKEnv(zk)
env.g, env.h = ec_g, ec_h
env.Cxo = ec_Cxo
assert zk.verify_proof(env.get(), sig)
from petlib.ec import EcGroup, EcPt
from petlib.bn import Bn
import time
timings = []
curves = EcGroup.list_curves()
for gid in curves:
G = EcGroup(gid)
gx = G.order().random() * G.generator()
rnd = [G.order().random() for _ in range(100)]
t0 = time.clock()
for r in rnd:
dud = r * gx
t1 = time.clock()
repreats = 1000
t = []
for x in [2, 200]:
o = Bn(2) ** x
tests = [o.random() for _ in range(repreats)]
tx = time.clock()
for y in tests:
dud = y * gx
t += [time.clock() - tx]
# print(x, t[-1] / repreats)
if abs(t[0] - t[-1]) < 5.0 / 100:
const = "CONST"
from petlib.ec import EcGroup, EcPt
from petlib.bn import Bn
import time
if __name__ == "__main__":
fails = 0
print("List of curves passing the constant-time scalar mult test:")
for (nid, name) in sorted(EcGroup.list_curves().items()):
G = EcGroup(nid)
g = G.generator()
order = G.order()
h = order.random() * g
repreats = 100
t = []
for x in range(0, 400, 100):
o = Bn(2)**x
tests = [o.random() for _ in range(repreats)]
t0 = time.clock()
for y in tests:
y * h
t += [time.clock() - t0]
# print x, t[-1] / repreats
res = abs(t[0] - t[-1]) < 1.0 / 100
if res:
ps = 1.0 / (t[-1] / repreats)
res = ["FAIL", "PASS"][res]
print("%3d\t%s\t%2.1f/s\t%s" % (nid, res, ps, name))
from petlib.ec import EcGroup, EcPt
from petlib.bn import Bn
import time
if __name__ == "__main__":
fails = 0
print("List of curves passing the constant-time scalar mult test:")
for (nid, name) in sorted(EcGroup.list_curves().items()):
G = EcGroup(nid)
g = G.generator()
order = G.order()
h = order.random() * g
repreats = 100
t = []
for x in range(0, 400, 100):
o = Bn(2) ** x
tests = [o.random() for _ in range(repreats)]
t0 = time.clock()
for y in tests:
y * h
t += [time.clock() - t0]
# print x, t[-1] / repreats
res = abs(t[0] - t[-1]) < 1.0 / 100
if res:
ps = 1.0 / (t[-1] / repreats)
res = ["FAIL", "PASS"][res]
print("%3d\t%s\t%2.1f/s\t%s" % (nid, res, ps, name))
from petlib.ec import EcGroup from genzkp import ZKProof, ZKEnv, ConstGen, Sec # Define an EC group G = EcGroup(713) print(EcGroup.list_curves()[713]) order = G.order() ## Define the Zero-Knowledge proof statement zk = ZKProof(G) g, h = zk.get(ConstGen, ["g", "h"]) x, o = zk.get(Sec, ["x", "o"]) Cxo = zk.get(ConstGen, "Cxo") zk.add_proof(Cxo, x * g + o * h) print(zk.render_proof_statement()) # A concrete Pedersen commitment ec_g = G.generator() ec_h = order.random() * ec_g bn_x = order.random() bn_o = order.random() ec_Cxo = bn_x * ec_g + bn_o * ec_h ## Bind the concrete variables to the Proof env = ZKEnv(zk) env.g, env.h = ec_g, ec_h env.Cxo = ec_Cxo env.x = bn_x env.o = bn_o
def key_gen(params):
""" generate a private / public key pair """
(G, g, hs, o) = params
priv = o.random()
pub = priv * g
return (priv, pub)
"""An important part of the setup is selecting the rigth elliptic curve to use - so as to match with other systems that want to verify your signature.
You can see what curves petlib supports like this:
"""
EcGroup.list_curves()
"""The default in petlib http://petlib.readthedocs.io/en/latest/#module-petlib-ec is 713, which is 'NIST/SECG curve over a 224 bit prime field'
If we want interaction with milagro we will need to usea curve that it supports, like from https://github.com/milagro-crypto/milagro-crypto-js
One that it supports is NIST256 which in openssl (what petlib uses underneath) is listed as "prime256v1: X9.62/SECG curve over a 256 bit prime field", from https://security.stackexchange.com/questions/78621/which-elliptic-curve-should-i-use
Which would be item 415 in petlib
Ok, lets do some crypto!!
"""
params = setup()
(private_key, public_key) = key_gen(params)
