def test_1(self): """test_1 Test Vector test""" for vector in self.tv: print(f"Test vector {vector['TEST']}") PUB1, PRIV1 = mpc.paillier_key_pair(None, vector['P1'], vector['Q1']) PUB2, PRIV2 = mpc.paillier_key_pair(None, vector['P2'], vector['Q2']) # ALPHA1 + BETA2 = K1 * W2 ca11 = mpc.mpc_mta_client1(None, PUB1, vector['K1'], vector['R11']) cb12, beta2 = mpc.mpc_mta_server(None, PUB1, vector['W2'], ca11, vector['Z12'], vector['R12']) alpha1 = mpc.mpc_mta_client2(PRIV1, cb12) self.assertEqual(vector['ALPHA1'], alpha1) self.assertEqual(vector['BETA2'], beta2) # ALPHA2 + BETA1 = K2 * W1 ca22 = mpc.mpc_mta_client1(None, PUB2, vector['K2'], vector['R22']) cb21, beta1 = mpc.mpc_mta_server(None, PUB2, vector['W1'], ca22, vector['Z21'], vector['R21']) alpha2 = mpc.mpc_mta_client2(PRIV2, cb21) self.assertEqual(vector['ALPHA2'], alpha2) self.assertEqual(vector['BETA1'], beta1) # sum1 = K1.W1 + alpha1 + beta1 SUM1 = mpc.mpc_sum_mta(vector['K1'], vector['W1'], alpha1, beta1) self.assertEqual(vector['SUM1'], SUM1) # sum2 = K2.W2 + alpha2 + beta2 SUM2 = mpc.mpc_sum_mta(vector['K2'], vector['W2'], alpha2, beta2) self.assertEqual(vector['SUM2'], SUM2) # Calculate the message hash HM = mpc.mpc_hash(vector['M']) # Calculate the S1 signature component rc, SIG_S1 = mpc.mpc_s(HM, vector['SIG_R'], vector['K1'], SUM1) self.assertEqual(vector['SIG_S1'], SIG_S1) self.assertEqual(rc, 0) # Calculate the S2 signature component rc, SIG_S2 = mpc.mpc_s(HM, vector['SIG_R'], vector['K2'], SUM2) self.assertEqual(vector['SIG_S2'], SIG_S2) self.assertEqual(rc, 0) # Sum S signature component SIG_S = mpc.mpc_sum_s(SIG_S1, SIG_S2) self.assertEqual(vector['SIG_S'], SIG_S) self.assertEqual(rc, 0)
def test_1(self): """test_1 Test Vector test""" for vector in self.tv: print(f"Test vector {vector['TEST']}") PUB1, PRIV1 = mpc.paillier_key_pair(None, vector['P1'], vector['Q1']) PUB2, PRIV2 = mpc.paillier_key_pair(None, vector['P2'], vector['Q2']) # ALPHA1 + BETA2 = A1 * B2 ca11 = mpc.mpc_mta_client1(None, PUB1, vector['A1'], vector['R11']) cb12, beta2 = mpc.mpc_mta_server(None, PUB1, vector['B2'], ca11, vector['Z12'], vector['R12']) alpha1 = mpc.mpc_mta_client2(PRIV1, cb12) self.assertEqual(vector['ALPHA1'], alpha1) self.assertEqual(vector['BETA2'], beta2) # ALPHA2 + BETA1 = A2 * B1 ca22 = mpc.mpc_mta_client1(None, PUB2, vector['A2'], vector['R22']) cb21, beta1 = mpc.mpc_mta_server(None, PUB2, vector['B1'], ca22, vector['Z21'], vector['R21']) alpha2 = mpc.mpc_mta_client2(PRIV2, cb21) self.assertEqual(vector['ALPHA2'], alpha2) self.assertEqual(vector['BETA1'], beta1) # sum1 = A1.B1 + alpha1 + beta1 sum1 = mpc.mpc_sum_mta(vector['A1'], vector['B1'], alpha1, beta1) self.assertEqual(vector['SUM1'], sum1) # sum2 = A2.B2 + alpha2 + beta2 sum2 = mpc.mpc_sum_mta(vector['A2'], vector['B2'], alpha2, beta2) self.assertEqual(vector['SUM2'], sum2) # Calculate the inverse of kgamma invkgamma = mpc.mpc_invkgamma(sum1, sum2) self.assertEqual(vector['INVKGAMMA'], invkgamma) # Calculate the R signature component rc, sig_r, _ = mpc.mpc_r(invkgamma, vector['GAMMAPT1'], vector['GAMMAPT2']) self.assertEqual(vector['SIG_R'], sig_r) self.assertEqual(rc, 0)
def generate_key_material(rng, player): """ Generate Paillier and ECDSA Key Pairs Generate key material and commitment to the ECDSA PK. The key material dictionary has keys: * paillier_sk * paillier_pk * ecdsa_sk * ecdsa_pk Args:: rng: pointer to CSPRNG Returns:: key_material: dictionary with the generated key material """ # Paillier keys paillier_pk, paillier_sk = mpc.paillier_key_pair(rng) # ECDSA keys ecdsa_pk, ecdsa_sk = mpc.mpc_ecdsa_key_pair_generate(rng) rc = mpc.ecp_secp256k1_public_key_validate(ecdsa_pk) assert rc == 0, f"[{player}] Invalid ECDSA public key. rc {rc}" key_material = { 'paillier_pk' : paillier_pk, 'paillier_sk' : paillier_sk, 'ecdsa_pk' : ecdsa_pk, 'ecdsa_sk' : ecdsa_sk } return key_material
def test_1(self): """test_1 Test Vector test""" for vector in self.tv: print(f"Test vector {vector['TEST']}") paillier_pk, paillier_sk = mpc.paillier_key_pair( None, vector['P'], vector['Q']) ca = mpc.mpc_mta_client1(None, paillier_pk, vector['A'], vector['R1']) self.assertEqual(vector['CA'], ca) cb, beta = mpc.mpc_mta_server(None, paillier_pk, vector['B'], vector['CA'], vector['Z'], vector['R2']) self.assertEqual(vector['CB'], cb) self.assertEqual(vector['BETA'], beta) alpha = mpc.mpc_mta_client2(paillier_sk, vector['CB']) self.assertEqual(vector['ALPHA'], alpha)
def test_1(self): """test_1 Test MPC ECDSA""" for i in range(1, 11): print(f"Test {i}") seed = os.urandom(16) rng = core_utils.create_csprng(seed) # Paillier keys paillier_pk1, paillier_sk1 = mpc.paillier_key_pair(rng) paillier_pk2, paillier_sk2 = mpc.paillier_key_pair(rng) # ECDSA keys PK1, W1 = mpc.mpc_ecdsa_key_pair_generate(rng) PK2, W2 = mpc.mpc_ecdsa_key_pair_generate(rng) # Gamma values GAMMAPT1, GAMMA1 = mpc.mpc_ecdsa_key_pair_generate(rng) GAMMAPT2, GAMMA2 = mpc.mpc_ecdsa_key_pair_generate(rng) # K values K1 = mpc.mpc_k_generate(rng) K2 = mpc.mpc_k_generate(rng) # Message M = b'test message' # ALPHA1 + BETA2 = K1 * GAMMA2 CA11 = mpc.mpc_mta_client1(rng, paillier_pk1, K1) CB12, BETA2 = mpc.mpc_mta_server(rng, paillier_pk1, GAMMA2, CA11) ALPHA1 = mpc.mpc_mta_client2(paillier_sk1, CB12) # ALPHA2 + BETA1 = K2 * GAMMA1 CA22 = mpc.mpc_mta_client1(rng, paillier_pk2, K2) CB21, BETA1 = mpc.mpc_mta_server(rng, paillier_pk2, GAMMA1, CA22) ALPHA2 = mpc.mpc_mta_client2(paillier_sk2, CB21) # sum = K1.GAMMA1 + alpha1 + beta1 SUM1 = mpc.mpc_sum_mta(K1, GAMMA1, ALPHA1, BETA1) # sum = K2.GAMMA2 + alpha2 + beta2 SUM2 = mpc.mpc_sum_mta(K2, GAMMA2, ALPHA2, BETA2) # Calculate the inverse of kgamma INVKGAMMA = mpc.mpc_invkgamma(SUM1, SUM2) # Calculate the R signature component rc, SIG_R, _ = mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) # ALPHA1 + BETA2 = K1 * W2 CA11 = mpc.mpc_mta_client1(rng, paillier_pk1, K1) CB12, BETA2 = mpc.mpc_mta_server(rng, paillier_pk1, W2, CA11) ALPHA1 = mpc.mpc_mta_client2(paillier_sk1, CB12) # ALPHA2 + BETA1 = K2 * W1 CA22 = mpc.mpc_mta_client1(rng, paillier_pk2, K2) CB21, BETA1 = mpc.mpc_mta_server(rng, paillier_pk2, W1, CA22) ALPHA2 = mpc.mpc_mta_client2(paillier_sk2, CB21) # sum = K1.W1 + alpha1 + beta1 SUM1 = mpc.mpc_sum_mta(K1, W1, ALPHA1, BETA1) # sum = K2.W2 + alpha2 + beta2 SUM2 = mpc.mpc_sum_mta(K2, W2, ALPHA2, BETA2) # Calculate the message hash HM = mpc.mpc_hash(M) # Calculate the S1 signature component rc, SIG_S1 = mpc.mpc_s(HM, SIG_R, K1, SUM1) # Calculate the S2 signature component rc, SIG_S2 = mpc.mpc_s(HM, SIG_R, K2, SUM2) # Sum S signature component SIG_S = mpc.mpc_sum_s(SIG_S1, SIG_S2) # Sum ECDSA public keys rc, PK = mpc.mpc_sum_pk(PK1, PK2) # Verify final signature rc = mpc.mpc_ecdsa_verify(HM, PK, SIG_R, SIG_S) self.assertEqual(rc, 0)
if __name__ == "__main__": p0 = bytes.fromhex(P_hex) q0 = bytes.fromhex(Q_hex) a = bytes.fromhex(a_hex) b = bytes.fromhex(b_hex) z = bytes.fromhex(z_hex) r = bytes.fromhex(R_hex) ai = int(a_hex, 16) bi = int(b_hex, 16) expected = ai * bi % mpc.curve_order print(f"expected {hex(expected)}") # Deterministic paillier_pk1, paillier_sk1 = mpc.paillier_key_pair(None, p0, q0) # Dump and load Paillier public key n = mpc.paillier_pk_to_octet(paillier_pk1) print(f"paillier_pk1.n {n.hex()}") paillier_pk2 = mpc.paillier_pk_from_octet(n) # Dump and load Paillier secret key p, q = mpc.mpc_dump_paillier_sk(paillier_sk1) print(f"paillier_sk1.p {p.hex()}") print(f"paillier_sk1.q {q.hex()}") paillier_pk3, paillier_sk2 = mpc.paillier_key_pair(None, p, q)
a_hex = "0000000000000000000000000000000000000000000000000000000000000002" b_hex = "0000000000000000000000000000000000000000000000000000000000000003" if __name__ == "__main__": seed = bytes.fromhex(seed_hex) p = bytes.fromhex(P_hex) q = bytes.fromhex(Q_hex) a = bytes.fromhex(a_hex) b = bytes.fromhex(b_hex) # random number generator rng = core_utils.create_csprng(seed) # Generate quantities for benchmark paillier_pk, paillier_sk = mpc.paillier_key_pair(None, p, q) ca = mpc.mpc_mta_client1(rng, paillier_pk, a) cb, beta = mpc.mpc_mta_server(rng, paillier_pk, b, ca) alpha = mpc.mpc_mta_client2(paillier_sk, cb) # Check consistency of the generated quantities ai = int(a_hex, 16) bi = int(b_hex, 16) expected = ai * bi % mpc.curve_order alphai = int(alpha.hex(), 16) betai = int(beta.hex(), 16) got = ( alphai + betai ) % mpc.curve_order assert got == expected, f"expected {hex(expected)} got {hex(got)}"