def test_1(self):
"""test_1 Test Vector test"""
for vector in self.tv:
print(f"Test vector {vector['TEST']}")
PUB1, PRIV1 = mpc.paillier_key_pair(None, vector['P1'],
vector['Q1'])
PUB2, PRIV2 = mpc.paillier_key_pair(None, vector['P2'],
vector['Q2'])
# ALPHA1 + BETA2 = K1 * W2
ca11 = mpc.mpc_mta_client1(None, PUB1, vector['K1'], vector['R11'])
cb12, beta2 = mpc.mpc_mta_server(None, PUB1, vector['W2'], ca11,
vector['Z12'], vector['R12'])
alpha1 = mpc.mpc_mta_client2(PRIV1, cb12)
self.assertEqual(vector['ALPHA1'], alpha1)
self.assertEqual(vector['BETA2'], beta2)
# ALPHA2 + BETA1 = K2 * W1
ca22 = mpc.mpc_mta_client1(None, PUB2, vector['K2'], vector['R22'])
cb21, beta1 = mpc.mpc_mta_server(None, PUB2, vector['W1'], ca22,
vector['Z21'], vector['R21'])
alpha2 = mpc.mpc_mta_client2(PRIV2, cb21)
self.assertEqual(vector['ALPHA2'], alpha2)
self.assertEqual(vector['BETA1'], beta1)
# sum1 = K1.W1 + alpha1 + beta1
SUM1 = mpc.mpc_sum_mta(vector['K1'], vector['W1'], alpha1, beta1)
self.assertEqual(vector['SUM1'], SUM1)
# sum2 = K2.W2 + alpha2 + beta2
SUM2 = mpc.mpc_sum_mta(vector['K2'], vector['W2'], alpha2, beta2)
self.assertEqual(vector['SUM2'], SUM2)
# Calculate the message hash
HM = mpc.mpc_hash(vector['M'])
# Calculate the S1 signature component
rc, SIG_S1 = mpc.mpc_s(HM, vector['SIG_R'], vector['K1'], SUM1)
self.assertEqual(vector['SIG_S1'], SIG_S1)
self.assertEqual(rc, 0)
# Calculate the S2 signature component
rc, SIG_S2 = mpc.mpc_s(HM, vector['SIG_R'], vector['K2'], SUM2)
self.assertEqual(vector['SIG_S2'], SIG_S2)
self.assertEqual(rc, 0)
# Sum S signature component
SIG_S = mpc.mpc_sum_s(SIG_S1, SIG_S2)
self.assertEqual(vector['SIG_S'], SIG_S)
self.assertEqual(rc, 0)
def test_1(self):
"""test_1 Test Vector test"""
for vector in self.tv:
print(f"Test vector {vector['TEST']}")
PUB1, PRIV1 = mpc.paillier_key_pair(None, vector['P1'],
vector['Q1'])
PUB2, PRIV2 = mpc.paillier_key_pair(None, vector['P2'],
vector['Q2'])
# ALPHA1 + BETA2 = A1 * B2
ca11 = mpc.mpc_mta_client1(None, PUB1, vector['A1'], vector['R11'])
cb12, beta2 = mpc.mpc_mta_server(None, PUB1, vector['B2'], ca11,
vector['Z12'], vector['R12'])
alpha1 = mpc.mpc_mta_client2(PRIV1, cb12)
self.assertEqual(vector['ALPHA1'], alpha1)
self.assertEqual(vector['BETA2'], beta2)
# ALPHA2 + BETA1 = A2 * B1
ca22 = mpc.mpc_mta_client1(None, PUB2, vector['A2'], vector['R22'])
cb21, beta1 = mpc.mpc_mta_server(None, PUB2, vector['B1'], ca22,
vector['Z21'], vector['R21'])
alpha2 = mpc.mpc_mta_client2(PRIV2, cb21)
self.assertEqual(vector['ALPHA2'], alpha2)
self.assertEqual(vector['BETA1'], beta1)
# sum1 = A1.B1 + alpha1 + beta1
sum1 = mpc.mpc_sum_mta(vector['A1'], vector['B1'], alpha1, beta1)
self.assertEqual(vector['SUM1'], sum1)
# sum2 = A2.B2 + alpha2 + beta2
sum2 = mpc.mpc_sum_mta(vector['A2'], vector['B2'], alpha2, beta2)
self.assertEqual(vector['SUM2'], sum2)
# Calculate the inverse of kgamma
invkgamma = mpc.mpc_invkgamma(sum1, sum2)
self.assertEqual(vector['INVKGAMMA'], invkgamma)
# Calculate the R signature component
rc, sig_r, _ = mpc.mpc_r(invkgamma, vector['GAMMAPT1'],
vector['GAMMAPT2'])
self.assertEqual(vector['SIG_R'], sig_r)
self.assertEqual(rc, 0)
def test_1(self):
"""test_1 Test Vector test"""
for vector in self.tv:
print(f"Test vector {vector['TEST']}")
paillier_pk, paillier_sk = mpc.paillier_key_pair(
None, vector['P'], vector['Q'])
ca = mpc.mpc_mta_client1(None, paillier_pk, vector['A'],
vector['R1'])
self.assertEqual(vector['CA'], ca)
cb, beta = mpc.mpc_mta_server(None, paillier_pk, vector['B'],
vector['CA'], vector['Z'],
vector['R2'])
self.assertEqual(vector['CB'], cb)
self.assertEqual(vector['BETA'], beta)
alpha = mpc.mpc_mta_client2(paillier_sk, vector['CB'])
self.assertEqual(vector['ALPHA'], alpha)
def test_1(self):
"""test_1 Test MPC ECDSA"""
for i in range(1, 11):
print(f"Test {i}")
seed = os.urandom(16)
rng = core_utils.create_csprng(seed)
# Paillier keys
paillier_pk1, paillier_sk1 = mpc.paillier_key_pair(rng)
paillier_pk2, paillier_sk2 = mpc.paillier_key_pair(rng)
# ECDSA keys
PK1, W1 = mpc.mpc_ecdsa_key_pair_generate(rng)
PK2, W2 = mpc.mpc_ecdsa_key_pair_generate(rng)
# Gamma values
GAMMAPT1, GAMMA1 = mpc.mpc_ecdsa_key_pair_generate(rng)
GAMMAPT2, GAMMA2 = mpc.mpc_ecdsa_key_pair_generate(rng)
# K values
K1 = mpc.mpc_k_generate(rng)
K2 = mpc.mpc_k_generate(rng)
# Message
M = b'test message'
# ALPHA1 + BETA2 = K1 * GAMMA2
CA11 = mpc.mpc_mta_client1(rng, paillier_pk1, K1)
CB12, BETA2 = mpc.mpc_mta_server(rng, paillier_pk1, GAMMA2, CA11)
ALPHA1 = mpc.mpc_mta_client2(paillier_sk1, CB12)
# ALPHA2 + BETA1 = K2 * GAMMA1
CA22 = mpc.mpc_mta_client1(rng, paillier_pk2, K2)
CB21, BETA1 = mpc.mpc_mta_server(rng, paillier_pk2, GAMMA1, CA22)
ALPHA2 = mpc.mpc_mta_client2(paillier_sk2, CB21)
# sum = K1.GAMMA1 + alpha1 + beta1
SUM1 = mpc.mpc_sum_mta(K1, GAMMA1, ALPHA1, BETA1)
# sum = K2.GAMMA2 + alpha2 + beta2
SUM2 = mpc.mpc_sum_mta(K2, GAMMA2, ALPHA2, BETA2)
# Calculate the inverse of kgamma
INVKGAMMA = mpc.mpc_invkgamma(SUM1, SUM2)
# Calculate the R signature component
rc, SIG_R, _ = mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
# ALPHA1 + BETA2 = K1 * W2
CA11 = mpc.mpc_mta_client1(rng, paillier_pk1, K1)
CB12, BETA2 = mpc.mpc_mta_server(rng, paillier_pk1, W2, CA11)
ALPHA1 = mpc.mpc_mta_client2(paillier_sk1, CB12)
# ALPHA2 + BETA1 = K2 * W1
CA22 = mpc.mpc_mta_client1(rng, paillier_pk2, K2)
CB21, BETA1 = mpc.mpc_mta_server(rng, paillier_pk2, W1, CA22)
ALPHA2 = mpc.mpc_mta_client2(paillier_sk2, CB21)
# sum = K1.W1 + alpha1 + beta1
SUM1 = mpc.mpc_sum_mta(K1, W1, ALPHA1, BETA1)
# sum = K2.W2 + alpha2 + beta2
SUM2 = mpc.mpc_sum_mta(K2, W2, ALPHA2, BETA2)
# Calculate the message hash
HM = mpc.mpc_hash(M)
# Calculate the S1 signature component
rc, SIG_S1 = mpc.mpc_s(HM, SIG_R, K1, SUM1)
# Calculate the S2 signature component
rc, SIG_S2 = mpc.mpc_s(HM, SIG_R, K2, SUM2)
# Sum S signature component
SIG_S = mpc.mpc_sum_s(SIG_S1, SIG_S2)
# Sum ECDSA public keys
rc, PK = mpc.mpc_sum_pk(PK1, PK2)
# Verify final signature
rc = mpc.mpc_ecdsa_verify(HM, PK, SIG_R, SIG_S)
self.assertEqual(rc, 0)
GAMMAR1, GAMMAC1 = commitments.nm_commit(rng, GAMMA1)
bob_ad = core_utils.generate_random(rng, 32)
print("[Bob] Commit to GAMMA2")
GAMMAR2, GAMMAC2 = commitments.nm_commit(rng, GAMMA2)
alice_ad = core_utils.generate_random(rng, 32)
## Engage in MTA with k_i, gamma_j
# k1, gamma2
print("[Alice] Engage in MTA with shares k1, gamma2")
ca = mpc.mpc_mta_client1(rng, key_material1['paillier_pk'], k1)
cb, beta2 = mpc.mpc_mta_server(rng, c_key_material2['paillier_pk'], gamma2, ca)
alpha1 = mpc.mpc_mta_client2(key_material1['paillier_sk'], cb)
# k2, gamma1
print("[Bob] Engage in MTA with shares k2, gamma1")
ca = mpc.mpc_mta_client1(rng, key_material2['paillier_pk'], k2)
cb, beta1 = mpc.mpc_mta_server(rng, c_key_material1['paillier_pk'], gamma1, ca)
alpha2 = mpc.mpc_mta_client2(key_material2['paillier_sk'], cb)
# Partial sums
print("[Alice] Combine partial sum delta1 for kgamma")
delta1 = mpc.mpc_sum_mta(k1, gamma1, alpha1, beta1)
print("[Bob] Combine partial sum delta2 for kgamma")
delta2 = mpc.mpc_sum_mta(k2, gamma2, alpha2, beta2)
n = mpc.paillier_pk_to_octet(paillier_pk1)
print(f"paillier_pk1.n {n.hex()}")
paillier_pk2 = mpc.paillier_pk_from_octet(n)
# Dump and load Paillier secret key
p, q = mpc.mpc_dump_paillier_sk(paillier_sk1)
print(f"paillier_sk1.p {p.hex()}")
print(f"paillier_sk1.q {q.hex()}")
paillier_pk3, paillier_sk2 = mpc.paillier_key_pair(None, p, q)
ca = mpc.mpc_mta_client1(None, paillier_pk2, a, r)
ca1_hex = ca.hex()
assert ca_hex == ca1_hex, f"expected {ca_hex} got {ca1_hex}"
cb, beta = mpc.mpc_mta_server(None, paillier_pk2, b, ca, z, r)
cb1_hex = cb.hex()
assert cb_hex == cb1_hex, f"expected {cb_hex} got {cb1_hex}"
alpha = mpc.mpc_mta_client2(paillier_sk2, cb)
print(f"alpha {alpha.hex()}")
print(f"beta {beta.hex()}")
alphai = int(alpha.hex(), 16)
betai = int(beta.hex(), 16)
got = (alphai + betai) % mpc.curve_order
print(f"got {hex(got)}")
assert got == expected, f"expected {hex(expected)} got {hex(got)}"
b_hex = "0000000000000000000000000000000000000000000000000000000000000003"
if __name__ == "__main__":
seed = bytes.fromhex(seed_hex)
p = bytes.fromhex(P_hex)
q = bytes.fromhex(Q_hex)
a = bytes.fromhex(a_hex)
b = bytes.fromhex(b_hex)
# random number generator
rng = core_utils.create_csprng(seed)
# Generate quantities for benchmark
paillier_pk, paillier_sk = mpc.paillier_key_pair(None, p, q)
ca = mpc.mpc_mta_client1(rng, paillier_pk, a)
cb, beta = mpc.mpc_mta_server(rng, paillier_pk, b, ca)
alpha = mpc.mpc_mta_client2(paillier_sk, cb)
# Check consistency of the generated quantities
ai = int(a_hex, 16)
bi = int(b_hex, 16)
expected = ai * bi % mpc.curve_order
alphai = int(alpha.hex(), 16)
betai = int(beta.hex(), 16)
got = ( alphai + betai ) % mpc.curve_order
assert got == expected, f"expected {hex(expected)} got {hex(got)}"
# Run benchmark
fncall = lambda: mpc.mpc_mta_client1(rng, paillier_pk, a)