def setup():
print("SETUP:")
print("1. Select random l_p-bit primes and modulus n = pq")
while True:
p, q = randomPrime(l_p), randomPrime(l_p)
if isPrime(p) and isPrime(q) and p != q:
n = p * q
phi_n = (p - 1) * (q - 1)
break
print("2. Choose random a, a_0, g, h in QR(n)")
while True:
g = random(n)
if is_cyclic(g, n):
g = g**2
break
a, a_0, h = [(g**random(n)) % n for _ in range(3)]
print("3. Choose random secret element x and set public key y = g**x")
x = random(phi_n)
y = (g**x) % n
print("4. The group public key Y: (n, a, a_0, y, g, h)")
Y = {"n": n, "a": a, "a_0": a_0, "y": y, "g": g, "h": h}
print("5. Corresponding secret key S: (p, q, phi_n, x)")
S = {"p": p, "q": q, "phi_n": phi_n, "x": x}
return (Y, S)
def join_0(u):
print("JOIN:")
print("1. User generates x and r and sends C_1 with proof")
u["x"] = random(u["n"]**2)
u["r"] = random(2**(2 * l_p))
u["C_1"] = (u['g']**u['x'] * u['h']**u['r']) % u['n']
return {"C_1": u["C_1"], "status": "OK"}
def join_1(gm):
print("2. GM checks C1 and selects alpha and beta")
if not is_cyclic(gm["C_1"], gm['n']):
raise ValueError("FUCKUP")
return {"status": "JOIN ERROR"}
gm['alpha'], gm['beta'] = random(2**lambda_2), random(2**lambda_2)
return {'alpha': gm['alpha'], 'beta': gm['beta'], 'status': 'OK'}
def randomGen(self):
while True:
h = random(self.p)
g = (h ** self.r) % self.p
if not g == 1:
break
return g
def setup(self, secparam=None, N=0):
Xz = integer(random(N))
S = randomQR(N)
Z = S**Xz
return {'S': S, 'Z': Z, 'N': N}
def setup(self, secparam=None, N=0):
Xz = integer(random(N))
S = randomQR(N)
Z = S ** Xz
return { 'S': S, 'Z': Z, 'N': N }
def main():
d, N, e = generate_RSA(256)
k_a = generate_keys(16)
k_b = generate_keys(16)
k_c = generate_keys(16)
table = [
enc(k_a[0], k_b[0], k_c[0]),
enc(k_a[0], k_b[1], k_c[0]),
enc(k_a[1], k_b[0], k_c[0]),
enc(k_a[1], k_b[1], k_c[1])
]
shuffle(table)
key_a = secrets.choice(k_a)
# OT
xs = generate_random(N)
bit = secrets.randbelow(2)
k = random(N)
v = choose(bit, k, xs, e)
ks = mask_messages(v, xs, N, d, k_b)
key_b = int(ks[bit] - k)
#Bob has k_b_bit
print(k_c)
for ct in table:
try:
key_c = int.from_bytes(dec(key_a, key_b, ct), byteorder='big')
for key in k_c:
if key_c == key:
print(key_c)
break
except:
pass
def randomGen(self):
while True:
h = random(self.p)
g = (h**self.r) % self.p
if not g == 1:
break
return g
def sign(u, m):
print("SIGN:")
print("1. Generate random value w")
w = random(2**l_p)
T_1 = (u['A'] * u['y']**w) % u['n']
T_2 = (u['g']**w) % u['n']
T_3 = ((u['g']**u['e']) * (u['h']**w)) % u['n']
print("2. Randomly choose r_1, r_2, r_3, and r_4")
r_1 = random(2**(eps * (gamma_2 + k)))
r_2 = random(2**(eps * (lambda_2 + k)))
r_3 = random(2**(eps * (gamma_1 + 2 * l_p + k + 1)))
r_4 = random(2**(eps * (2 * l_p + k)))
print("(a) d_1, d_2, d_3, d_4")
d_1 = ((T_1**r_1) / ((u['a']**r_2) * (u['y']**r_3))) % u['n']
d_2 = ((T_2**r_1) / (u['g']**r_3)) % u['n']
d_3 = (u['g']**r_4) % u['n']
d_4 = ((u['g']**r_1) * (u['h']**r_4)) % u['n']
print("(b) c = HASH()")
c = integer(
int(
hashlib.sha1(
serialize(u['g']) + serialize(u['h']) + serialize(u['y']) +
serialize(u['a_0']) + serialize(u['a']) + serialize(T_1) +
serialize(T_2) + serialize(T_3) + serialize(d_1) +
serialize(d_2) + serialize(d_3) + serialize(d_4) +
m.encode()).hexdigest(), 16))
print("(c) s_1, s_2, s_3, s_4")
s_1 = integer(r_1) - c * (integer(u['e']) - 2**gamma_1)
s_2 = integer(r_2) - c * (integer(u['x']) - 2**lambda_1)
s_3 = integer(r_3) - c * integer(u['e']) * integer(w)
s_4 = integer(r_4) - c * integer(w)
print("3. Output signature")
return {
"c": c,
"s_1": s_1,
"s_2": s_2,
"s_3": s_3,
"s_4": s_4,
"T_1": T_1,
"T_2": T_2,
"T_3": T_3
}
def Encrypt(self, pk, plaintext): #公钥加密
r = random(self.N / 4) % self.N2
A = (self.g**r) % self.N2
B1 = (self.N * plaintext + 1) % (self.N2)
B2 = (pk**r) % (self.N2)
B = B1 * B2 % self.N2
ciphertext = {"A": A, "B": B}
return ciphertext
def randomGen(self):
while True:
h = random(self.p)
g = (h ** self.r) % self.p
if not g == 1:
#print "g => %s" % g
break
return g
def randomGen(self):
while True:
h = random(self.p)
g = (h**self.r) % self.p
if not g == 1:
#print "g => %s" % g
break
return g
def generate_key (self, pk,h,ks): BCStart(group) r=random(pk['N']) #x=h*(r**pk['e']) x=1 y=ks.sign(x) #z=y*(r**-1) BCEnd (group, benchmarkResult, "KS") # we should add network delay for interaction with KS benchmarkResult['KS']=benchmarkResult['KS']+options.KS_delay1/1000
def getV(self, x0, x1):
# self.b = 0
self.b = 1
if self.b == 0:
self.xb = x0
else:
self.xb = x1
self.k = random(self.pk['N'])
self.v = (self.xb + self.k**self.pk['e']) % self.pk['N']
return self.v
def setupBlock(self, secparam=None, N=0, l=16):
Xr = {}
for i in range(1, l + 1):
Xr[str(i)] = integer(random(N))
S = randomQR(N)
R = {}
for i in range(1, l + 1):
R[str(i)] = S ** Xr[str(i)]
return { 'S': S, 'R': R, 'N': N }
def setupBlock(self, secparam=None, N=0, l=16):
Xr = {}
for i in range(1, l + 1):
Xr[str(i)] = integer(random(N))
S = randomQR(N)
R = {}
for i in range(1, l + 1):
R[str(i)] = S**Xr[str(i)]
return {'S': S, 'R': R, 'N': N}
def keygen(self, p, q):
N = p * q
Xz = integer(random(N))
Xr = {}
for i in range(1, l + 1):
Xr[str(i)] = integer(random(N))
S = randomQR(N)
Z = S**Xz
R = {}
for i in range(1, l + 1):
R[str(i)] = S**Xr[str(i)]
pk = {'N': N, 'R': R, 'S': S, 'Z': Z}
sk = {'p': p, 'q': q}
return (pk, sk)
def keygen(self, p, q):
N = p * q
Xz = integer(random(N))
Xr = {}
for i in range(1, l + 1):
Xr[str(i)] = integer(random(N))
S = randomQR(N)
Z = S ** Xz
R = {}
for i in range(1, l + 1):
R[str(i)] = S ** Xr[str(i)]
pk = { 'N':N, 'R':R,'S':S, 'Z':Z }
sk = { 'p':p, 'q':q }
return (pk, sk)
def key_gen(key_size, message_elem_bit_len, vector_len):
"""
Generate keys for vector commitment
:param key_size: security key size (k in the paper)
:param message_elem_bit_len: length of message in bits (l in the paper)
:param vector_len: length of commitment vector (q in the paper)
:return:
"""
k = key_size
l = message_elem_bit_len
q = vector_len
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=k,
backend=default_backend())
private_numbers = private_key.private_numbers()
n = private_numbers.public_numbers.n
p_1 = private_numbers.p
p_2 = private_numbers.q
# logger.info(p_1)
# logger.info(p_2)
phi_n = (p_1 - 1) * (p_2 - 1)
# generate list of primes [e_1,...,e_q], each has length (l+1)
e = list()
while True:
tmp_prime = reduce(randomPrime(l + 1) % n)
if isPrime(tmp_prime) and phi_n % int(tmp_prime) != 0:
e.append(int(tmp_prime))
if len(e) == q:
break
a = random(n)
s = list()
for i in range(q):
tmp_exponent = integer(1) % n
for j in range(q):
if j != i:
tmp_exponent = reduce(tmp_exponent * (integer(e[j]) % n))
s_i = reduce(a**tmp_exponent)
s.append(int(s_i))
return n, int(a), s, e, p_1, p_2
def gen_key_pair(self):
self.pk_i = {}
self.sk_i = {}
self.pksig = Sig_CL03_Idmx(lin=self.l)
(self.pk_i, self.sk_i) = self.pksig.keygen(self.p, self.q)
self.S = self.pk_i['S']
self.Z = self.pk_i['Z']
self.R = self.pk_i['R']
self.N = self.pk_i['N']
self.Ro = self.pk_i['S'] ** integer(random(self.pk_i['N']))
self.pk_i['Ro'] = self.Ro
return (self.pk_i, self.sk_i)
def genKeyPair(self):
self.pk_i = {}
self.sk_i = {}
self.pksig = Sig_CL03_Idmx(lin = self.l)
(self.pk_i, self.sk_i) = self.pksig.keygen(self.p, self.q)
self.S = self.pk_i['S']
self.Z = self.pk_i['Z']
self.R = self.pk_i['R']
self.N = self.pk_i['N']
self.Ro = self.pk_i['S'] ** integer(random(self.pk_i['N']))
self.pk_i['Ro'] = self.Ro
return (self.pk_i, self.sk_i)
def keygen(self, secparam=1024, params=None):
if params:
(N, e, d, p, q) = self.convert(params)
phi_N = (p - 1) * (q - 1)
pk = {'N': N, 'e': e}
sk = {'phi_N': phi_N, 'd': d, 'N': N}
return (pk, sk)
(p, q, N, phi_N) = self.paramgen(secparam)
while True:
e = random(phi_N)
if not gcd(e, phi_N) == 1:
continue
d = e**-1
break
pk = {'N': N, 'e': toInt(e)} # strip off \phi
sk = {'phi_N': phi_N, 'd': d, 'N': N}
return (pk, sk)
def keygen(self, secparam=1024, params=None):
if params:
(N, e, d, p, q) = self.convert(params)
phi_N = (p - 1) * (q - 1)
pk = { 'N':N, 'e':e }
sk = { 'phi_N':phi_N, 'd':d , 'N':N}
return (pk, sk)
(p, q, N, phi_N) = self.paramgen(secparam)
while True:
e = random(phi_N)
if not gcd(e, phi_N) == 1:
continue
d = e ** -1
break
pk = { 'N':N, 'e':toInt(e) } # strip off \phi
sk = { 'phi_N':phi_N, 'd':d , 'N':N}
return (pk, sk)
def __init__(self, secparam):
# generate p,q
while True:
p, q = randomPrime(secparam), randomPrime(secparam)
if isPrime(p) and isPrime(q) and p != q:
N = p * q
phi = (p - 1) * (q - 1)
break
# calculate private key and public key
while True:
e = random(phi)
if not gcd(e, phi) == 1:
continue
d = e**-1
break
# prepare public key
self.pk = {'N': N, 'e': toInt(e)}
# prepare private key
self.sk = {'phi': phi, 'd': d, 'N': N}
'''
@Descripttion:
@version:
@Author: HuiKwok
@Date: 2019-10-10 06:53:46
@LastEditors: HuiKwok
@LastEditTime: 2019-10-10 07:01:56
'''
from charm.toolbox.integergroup import IntegerGroup
from charm.schemes.pkenc.pkenc_rsa import RSA_Enc, RSA_Sig
from charm.core.math.integer import integer, randomBits, random, randomPrime, isPrime, encode, decode, hashInt, bitsize, legendre, gcd, lcm, serialize, deserialize, int2Bytes, toInt
secparam = 1024
p, q = randomPrime(int(secparam / 2),
True), randomPrime(int(secparam / 2), True)
N = p * q
N2 = N * N
g = random(N2)
print(type(g))
int(g) - 1
def randomQR(n):
return random(n) ** 2
while True:
q = randomPrime(prime_bits, 1)
q_prime = (q - 1) / 2
if (isPrime(q) and isPrime(q_prime)):
break
N = p * q
group_order = 2 * p_prime * q_prime # order of L_DCR
N_square = N * N
print('p = ', p)
print('q = ', q)
# search the generator for L_DCR
tmp = 0
while True:
tmp = random(N_square)
if (gcd(tmp, N_square) == 1):
break
val1 = (tmp**(2 * N)) % N_square
print('val1 = ', val1)
print('toInt(val1) = ', toInt(val1))
g = N_square - toInt(val1)
g = g % N_square
print('g = ', g)
alpha_value = random(N_square / 2) # of length bits
beta_value = random(N_square / 2)
hp_1_value = (g**alpha_value) % N_square
hp_2_value = (g**beta_value) % N_square
def __init__(self, sk):
self.sk = sk
self.m0 = random(sk['N'])
self.m1 = random(sk['N'])
def randomQR(n):
return random(n)**2
def generate_messages(self, nr_of_messages):
self.messages = [random(self.N) for _ in range(nr_of_messages)]
def random(self, max=0):
if max == 0:
return random(self.p)
else:
return random(max)
def KeyGen(self): #公私钥生成
tmp = self.N2 / 2
sk = random(tmp) % self.N2
pk = (self.g**sk) % self.N2
return pk, sk
def __init__(self, secparam=1024, param=None):
if param:
self.N2 = param.N2
self.N = param.N
self.g = param.g
self.k = param.k
else:
self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime(
int(secparam / 2), True)
self.pp = (self.p - 1) / 2
self.qq = (self.q - 1) / 2
self.N = self.p * self.q
while True: # choose a good N
if bitsize(self.N) == secparam and len(int2Bytes(
self.N)) == int(
secparam / 8) and int2Bytes(self.N)[0] & 128 != 0:
break
self.p, self.q = randomPrime(int(secparam / 2),
True), randomPrime(
int(secparam / 2), True)
self.pp = (self.p - 1) / 2
self.qq = (self.q - 1) / 2
self.N = self.p * self.q
self.N2 = self.N**2
self.g = random(self.N2)
one = integer(1) % self.N2
while True: #choose a good g
self.g = random(self.N2)
self.g = integer(
(int(self.g) - 1) * (int(self.g) - 1)) % self.N2
if self.g == one:
continue
tmp = self.g**self.p % self.N2
if tmp == one:
continue
tmp = self.g**self.pp % self.N2
if tmp == one:
continue
tmp = self.g**self.q % self.N2
if tmp == one:
continue
tmp = self.g**self.qq % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.q * self.qq) % self.N2
if tmp == one:
continue
break
self.k = integer(
(int(self.g**(self.pp * self.qq)) - 1)) / self.N % self.N
self.MK = {"pp": self.pp, "qq": self.qq}
def generate_random(self, nr_of_messages):
self.xs = [random(self.N) for _ in range(nr_of_messages)]
return self.xs
def choose(self, xs, nr_of_messages):
self.xs = xs
self.b = secrets.randbelow(nr_of_messages)
self.k = random(self.N)
self.v = self.xs[self.b] + (self.k ** self.e)
return self.v
group_order_bits = 2 * security_level
group_p = 0 # the prime number for mod calculation
group_order = randomPrime(group_order_bits)
#print('group_order = ', group_order)
while True:
random_k_value = randomBits(bits - group_order_bits)
group_p = random_k_value * group_order + 1
if isPrime(group_p):
break
#print('group_p = ', group_p)
group_g = 0
while True:
i = random(group_p)
tmp1 = (group_p - 1) / group_order
tmp2 = (i**tmp1) % group_p
if tmp2 != 1 and i > 1:
group_g = tmp2
break
#print('group_g = ', group_g)
time1 = time.time()
alpha_1_value = randomBits(group_order_bits) % group_order
alpha_2_value = randomBits(group_order_bits) % group_order
beta_1_value = randomBits(group_order_bits) % group_order
beta_2_value = randomBits(group_order_bits) % group_order
alpha_1_bytes = Conversion.IP2OS(alpha_1_value, group_order_bits // 8)
alpha_2_bytes = Conversion.IP2OS(alpha_2_value, group_order_bits // 8)
def generate_random(value):
xs = [random(value) for _ in range(2)]
return xs
def random(self, max=0):
if max == 0:
return random(self.p)
else:
return random(max)
def getV(self, A, index):
self.index = index
self.k = random(self.pk['N'])
v = (A[index] + self.k**self.pk['e']) % self.pk['N']
return v
def getRandomMessages(self):
self.x0 = random(self.sk['N'])
self.x1 = random(self.sk['N'])
return self.x0, self.x1