def issuerHandler(issueparam): group = ECGroup(security_dict[issueparam.L]) g = group.deserialize(str.encode(issueparam.sg)) h = group.deserialize(str.encode(issueparam.sh)) # print(issueparam.yt) #####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!####### # xt = group.random(ZR) # yt = g ** xt # print('xt: ----====>>>') # print(xt) yt = point2Obj(int(issueparam.yt), group) #####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!####### gamma = group.init(ZR, int(issueparam.gamma)) z = group.deserialize(str.encode(issueparam.sz)) zu = z**(gamma**-1) v, u, d, s1, s2 = (group.random(ZR) for i in range(5)) t1, t2, t3, t4, t5 = (group.random(ZR) for i in range(5)) z1 = yt**v z2 = zu / z1 a = g**u b1 = (g**s1) * (z1**d) b2 = (h**s2) * (z2**d) ret = [zu, v, u, d, s1, s2, \ t1, t2, t3, t4, t5, \ z1, z2, a, b1, b2,\ bytes.decode(group.serialize(zu)), bytes.decode(group.serialize(z1)), bytes.decode(group.serialize(z2)),\ bytes.decode(group.serialize(a)), bytes.decode(group.serialize(b1)), bytes.decode(group.serialize(b2))] return (str(k) for k in ret)
def keygen(self): group = ECGroup(prime192v2) g = group.random(G) x = group.random(ZR) h = g ** x pk = {'g': g, 'h': h, 'group': group, 'order': 6277101735386680763835789423078825936192100537584385056049} sk = {'x': x} return pk, sk
def initHandler(kappa): group = ECGroup(kappa) g, h = group.random(G), group.random(G) x, gamma = group.random(ZR), group.random(ZR) y, xi = g**x, g**gamma z = group.hash((g, h, y), G) ret = [g, h,\ bytes.decode(group.serialize(g)), bytes.decode(group.serialize(h)),\ x, y, gamma, xi,\ bytes.decode(group.serialize(y)), bytes.decode(group.serialize(xi)),\ z, bytes.decode(group.serialize(z))] return (str(k) for k in ret)
def keygen(self): group = ECGroup(prime192v2) g = group.random(G) x = group.random(ZR) h = g**x pk = { 'g': g, 'h': h, 'group': group, 'order': 6277101735386680763835789423078825936192100537584385056049 } sk = {'x': x} return pk, sk
def testRandomGroupDecode(self): group = ECGroup(prime192v1) for i in range(runs): r = group.random(G) m = group.decode(r, True) n = group.encode(m, True) assert r == n, "Failed to encode/decode properly including counter"
def testECGroup(self): groupObj = ECGroup(prime192v1) p=groupObj.random() data={'p':p,'String':"foo",'list':[p,{},1,1.7, b'dfa',]} x=objectToBytes(data,groupObj) data2=bytesToObject(x,groupObj) self.assertEqual(data,data2)
def setup(self, curve, subscribers): """ Setup the scheme using a trusted third party. """ group = ECGroup(curve) g = group.random(G) ak = 0 sk = list() for i in range(subscribers): key = group.random(ZR) ak -= key sk.append(key) self.pp = {'subscribers': subscribers, 'group': group, 'g': g} self.ak = ak self.sk = sk self.baby_steps = None return (self.pp, self.ak, self.sk)
def testECGroup(self): trials = 10 group = ECGroup(prime192v2) g = group.random(G) h = group.random(G) i = group.random(G) self.assertTrue(group.InitBenchmark()) group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"]) for a in range(trials): j = g * h k = h ** group.random(ZR) t = (j ** group.random(ZR)) / k group.EndBenchmark() msmtDict = group.GetGeneralBenchmarks() self.assertTrue(isSaneBenchmark(msmtDict)) granDict = group.GetGranularBenchmarks() self.assertTrue(isSaneBenchmark(granDict)) self.assertTrue(group.InitBenchmark()) group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"]) for a in range(trials*2): j = g * h k = h ** group.random(ZR) t = (j ** group.random(ZR)) / k group.EndBenchmark() msmtDict = group.GetGeneralBenchmarks() granDict = group.GetGranularBenchmarks() del group self.assertTrue(isSaneBenchmark(msmtDict)) self.assertTrue(isSaneBenchmark(granDict))
def testECGroup(self): trials = 10 group = ECGroup(prime192v2) g = group.random(G) h = group.random(G) i = group.random(G) self.assertTrue(group.InitBenchmark()) group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"]) for a in range(trials): j = g * h k = h**group.random(ZR) t = (j**group.random(ZR)) / k group.EndBenchmark() msmtDict = group.GetGeneralBenchmarks() self.assertTrue(isSaneBenchmark(msmtDict)) granDict = group.GetGranularBenchmarks() self.assertTrue(isSaneBenchmark(granDict)) self.assertTrue(group.InitBenchmark()) group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"]) for a in range(trials * 2): j = g * h k = h**group.random(ZR) t = (j**group.random(ZR)) / k group.EndBenchmark() msmtDict = group.GetGeneralBenchmarks() granDict = group.GetGranularBenchmarks() del group self.assertTrue(isSaneBenchmark(msmtDict)) self.assertTrue(isSaneBenchmark(granDict))
def main(): grp = ECGroup(secp256k1) ms = MuSig(grp) g = grp.random(G) if debug: print('Generator...', g) msg = 'hello there' num_signers = 5 if debug: print('{} signers will sign {}'.format(num_signers, msg)) signers = [ms.keygen(g) for _ in range(num_signers)] nonces = [ms.new_nonce() for _ in range(num_signers)] an = ms.aggregate_nonce(g, nonces) all_pub_keys = [signer[0] for signer in signers] if debug: print('Public keys...') for pk in all_pub_keys: print(pk) apk = ms.aggregated_pub_key(all_pub_keys) if debug: print('Aggregated Public key: ', apk) challenge = ms.compute_challenge(apk, an, msg) sigs = [ ms.sign(nonces[i], signers[i][1], signers[i][0], challenge, all_pub_keys) for i in range(num_signers) ] if debug: print('Signatures...') for sig in sigs: print(sig) asig = ms.aggregate_sigs(sigs) if debug: print('Aggregated signature: ', asig) assert ms.verify(all_pub_keys, (an, asig), msg), 'Aggregated sig verification failed' if debug: print('Verification succeeded')
def testCM_Ped92(self): groupObj = ECGroup(410) cm = CM_Ped92(groupObj) pk = cm.setup() if debug: print("Public parameters...") print("pk =>", pk) m = groupObj.random(ZR) if debug: print("Commiting to =>", m) (c, d) = cm.commit(pk, m) assert cm.decommit(pk, c, d, m), "FAILED to decommit" if debug: print("Successful and Verified decommitment!!!") del groupObj
def testECGroup(self): groupObj = ECGroup(prime192v1) p = groupObj.random() data = { 'p': p, 'String': "foo", 'list': [ p, {}, 1, 1.7, b'dfa', ] } x = objectToBytes(data, groupObj) data2 = bytesToObject(x, groupObj) self.assertEqual(data, data2)
def initParams(): group = ECGroup(prime192v1) g = Params.readPoint( "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811") h = Params.readPoint( "87656f2b5fee3821b53b00d78bd61a8d407ce4393ea48906", "b52e5b337ca8f667935a63d02d6f6fec689c7f18a640a8a5") # g = group.random(G) # h = group.random(G) params = {'g': g, 'h': h} # generators for the proof of shuffling for i in range(-4, 100): # FIXME: make this 101 params['f' + str(i)] = group.random(G) f = open('pc.param', 'wb') f.write(objectToBytes(params, group)) f.close() return [params, group]
from charm.toolbox.ecgroup import ECGroup, ZR, G from charm.toolbox.eccurve import prime256v1 from base64 import encodestring, decodestring import random import time group = ECGroup(prime256v1) g = group.random(G) g1 = group.random(G) ZERO = group.init(ZR, 0) ONE = group.init(ZR, 1) def serialize(g): # Only work in G1 here return decodestring(group.serialize(g)[2:]) def serialize1(g): return group.serialize(g) def deserialize(g): return group.deserialize(g) def deserialize2(g): # Only work in G1 here return group.deserialize('2:' + encodestring(g))
#h = group1.randomGen(); r = group1.random() c = (G**S) ##creates commitment c return S, c def create_y1(group1, R_1, g): ##Bob creates y1 sends to Ingrid G = g r1 = R_1 y1 = G**r1 return y1 group1 = ECGroup(694) g = group1.random(G) ## generates g step 0 #print(g) #Bob =[]; ##step 1 : Bob creates a secret ti ti = create_t(group1) #Bob.append(ti); ## Adds ti to Bob's list A = create_A(group1, ti, g) ## step 1 #Bob.append(A); #Ingrid =[]; #Ingrid.appe nd(A); ## Bob sends A to Ingrid s, com = create_com(group1, g) #print("commitment")
class Cardinality(NonInteractiveSetIntersection): """Multi-client Set Intersect Cardinality scheme""" def __init__(self, curve=prime256v1): super().__init__() self.group = ECGroup(curve) self.g = self.group.random(G) def setup(self, secpar, client_count): """Generate the clients' keys""" self.client_count = client_count usks = [self.group.random(ZR) for _ in range(client_count - 1)] usks.append(-sum(usks)) return usks def encrypt(self, usk, gid, pt_set): """Encrypt a plaintext set under a gid using usk Returns a set of ciphertexts.""" H = self.group.hash ct_set = {self.group.serialize(H(gid + pt, G)**usk) for pt in pt_set} return ct_set def eval(self, ct_sets): """Evaluates the ciphertexts for determining the cardinality of the set intersection Expects a list or set of ciphertexts.""" one = self.g**0 def intersection_count(ct_sets, product=one): # Recursive function call to compute the Cartesian product # Features: # 1) remember the partial product; # 2) avoid computations with elements for which we know that they # belong to the intersection. ct_set, ct_sets = set(ct_sets[-1]), ct_sets[:-1] count = 0 if ct_sets == []: for ct_str in ct_set: ct = self.group.deserialize(ct_str) if product * ct == one: ct_set.remove(ct_str) count = 1 break else: for ct_str in ct_set.copy(): ct = self.group.deserialize(ct_str) found, ct_sets = intersection_count(ct_sets, product * ct) if found == 1: ct_set.remove(ct_str) count += 1 # Note that we cannot break here: if we would break # here, we might skip other ct's that are in the set. ct_sets.append(ct_set) return (count, ct_sets) cardinality, _ = intersection_count(list(ct_sets)) return cardinality
def initialization(kappa): group = ECGroup(kappa) g, h = group.random(G), group.random(G) parameters = Parameters(kappa, group, g, h) return parameters
t = tuple(bytesToObject(t_bytes, group)) return t if __name__ == '__main__': import requests #wc = WebClient("https://[fd00:638:a000:b101::2b75]/", requests) #m, t, n = wc.enrollment("s3kr1t") #print(m,t,n) #print(wc.validation("s3kr1t", t, n)) #m, t, n = wc.enrollment("Eleonora") #print(m,t,n) #print(wc.validation("Eleonora", t, n)) #m, t, n = wc.enrollment("Eleonora") m = group.random(G) n1 = group.random(G) n2 = group.random(G) n = (n1,n2) #print(m) #byte__m = objectToBytes(m,group) #orig_m = bytesToObject(byte__m, group) #print(orig_m) #read_dk('eleonora',byte__m) print(n) byte__n = objectToBytes(n,group) print(byte__n) orig_n = tuple(bytesToObject(byte__n, group))
#!/usr/bin/python3 from charm.toolbox.ecgroup import ECGroup,ZR,G from charm.toolbox.eccurve import prime192v1 trials = 10 group = ECGroup(prime192v1) g = group.random(G) h = group.random(G) i = group.random(G) assert group.InitBenchmark(), "failed to initialize benchmark" group.StartBenchmark(["RealTime", "CpuTime", "Mul", "Div", "Exp", "Granular"]) for a in range(trials): j = g * h k = h ** group.random(ZR) t = (j ** group.random(ZR)) / k group.EndBenchmark() msmtDict = group.GetGeneralBenchmarks() print("<=== General Benchmarks ===>") print("Mul := ", msmtDict["Mul"]) print("Div := ", msmtDict["Div"]) print("Exp := ", msmtDict["Exp"]) print("RealTime := ", msmtDict["RealTime"]) print("CpuTime := ", msmtDict["CpuTime"]) granDict = group.GetGranularBenchmarks() print("<=== Granular Benchmarks ===>") print("G mul := ", granDict["Mul"][G]) print("G exp := ", granDict["Exp"][G])
class SchnorrZK(Protocol): def __init__(self, builtin_cv, common_input=None): Protocol.__init__(self, None) verifier_states = { 2: self.verifier_state2, 4: self.verifier_state4, 6: self.verifier_state6 } prover_states = { 1: self.prover_state1, 3: self.prover_state3, 5: self.prover_state5 } verifier_trans = {2: 4, 4: [2, 6]} prover_trans = {1: 3, 3: 5, 5: 1} # describe the parties involved and the valid transitions Protocol.addPartyType(self, VERIFIER, verifier_states, verifier_trans) Protocol.addPartyType(self, PROVER, prover_states, prover_trans, True) self.group = ECGroup(builtin_cv) #db = {} Protocol.setSubclassVars(self, self.group) #, db) # PROVER states def prover_state1(self): x = self.group.random() r, g = self.group.random(), self.group.random(G) t = g**r print('prover: ', "hello to verifier.") Protocol.store(self, ('r', r), ('x', x)) Protocol.setState(self, 3) return {'t': t, 'g': g, 'y': g**x} # output goes to the next state. def prover_state3(self, input): print("state3 => ", input) (r, x, c) = Protocol.get(self, ['r', 'x', 'c']) s = r + c * x Protocol.setState(self, 5) return {'s': s} def prover_state5(self, input): print("state5 => ", input) result = input.split(':')[1] if result == 'ACCEPTED': Protocol.setState(self, None) else: Protocol.setState(self, 1) return 'REPEAT' return None # VERIFIER states def verifier_state2(self, input): #print("state2 received => ", input) # compute challenge c and send to prover c = self.group.random() print("state2 generate c :=", c) Protocol.store(self, ('c', c)) Protocol.setState(self, 4) return {'c': c} def verifier_state4(self, input): (t, g, y, c, s) = Protocol.get(self, ['t', 'g', 'y', 'c', 's']) print("state4: s :=", s) if (g**s == t * (y**c)): print("SUCCESSFUL VERIFICATION!!!") output = "verifier : ACCEPTED!" else: print("FAILED TO VERIFY!!!") output = "verifier : FAILED!" Protocol.setState(self, 6) return output def verifier_state6(self, input): print("state6: => ", input) Protocol.setState(self, None) return None
class Intersection(NonInteractiveSetIntersection): """Two-Client Set Intersect scheme""" client_count = 2 def __init__(self, curve=prime256v1): super().__init__() self.group = ECGroup(curve) self.g = self.group.random(G) def setup(self, secpar): """Generate the clients' keys""" self.secpar = secpar sigma = self.group.random(ZR) msk = os.urandom(secpar // 8) return ((msk, sigma), (msk, 1 - sigma)) def _phi(self, cipher, pt): """PRF mapping pt to a group element""" padding_len = 16 - (len(pt) % 16) pt = pt + b'\0' * padding_len encryptor = cipher.encryptor() ct = encryptor.update(pt) + encryptor.finalize() exponent = int.from_bytes(ct, 'big') % self.group.order() return self.g**exponent def _H(self, g): """Mapping of g to bytes Can be used to map a group element g to an AE key.""" prefix = b'\x00' hashable = prefix + self.group.serialize(g) h = hashlib.sha256(hashable).digest() return h[:16] def _H_bytes(self, g): """Mapping of g to bytes Can be used to map a group element g to an AE nonce.""" prefix = b'\x01' hashable = prefix + self.group.serialize(g) h = hashlib.sha256(hashable).digest() return h def encrypt(self, usk, gid, pt_set): """Encrypt a plaintext set under a gid using usk Returns a dict of ciphertexts.""" msk, sigma = usk iv = gid cipher = Cipher(algorithms.AES(msk), modes.CBC(iv), backend=default_backend()) ct_dict = {} for pt in pt_set: k = self._phi(cipher, pt) ct1 = self.group.serialize(k**sigma) # use deterministic authenticated encryption ae_key = self._H(k) ae_nonce = self._H_bytes(k)[:12] ae = AESGCM(ae_key) ct2 = (ae_nonce, ae.encrypt(ae_nonce, pt, None)) ct_dict[ae_key] = (ct1, ct2) return ct_dict def eval(self, ct_sets): """Evaluates the ciphertexts for determining the cardinality of the set intersection Expects two dicts of ciphertexts.""" pt_intersection = set() ct_intersection = ct_sets[0].keys() & ct_sets[1].keys() for k in ct_intersection: g1 = self.group.deserialize(ct_sets[0][k][0]) g2 = self.group.deserialize(ct_sets[1][k][0]) key = g1 * g2 # decrypt using ct_sets[0] ae_nonce, ct = ct_sets[0][k][1] ae_key = self._H(key) ae = AESGCM(ae_key) pt = ae.decrypt(ae_nonce, ct, None) pt_intersection.add(pt) return pt_intersection
import time from charm.toolbox.ecgroup import ECGroup, ZR, G from charm.toolbox.eccurve import prime192v1, secp256k1, sect283k1, sect571k1 #192 bit group: g, h decoded_g192 = b'\xab\xd0}\x86\xe1\x92,\xdd Ceael\x1a\xc3\xb9\xf5a\xe9K\xcd7\xa4' decoded_h192 = b'\x00\xa3\x0brz\xea\xb0\xba\x005\t\xf9\xe9\xd2\x84\x0b\x18\x02\x18\xc2\xd7E\x13D' group192 = ECGroup(prime192v1) group256 = ECGroup(secp256k1) group283 = ECGroup(sect283k1) group571 = ECGroup(sect571k1) g256 = group256.random(G) h256 = group256.random(G) #Cofactor is 4 #TODO: Just doing 8 change to 4 g283 = (group283.random(G))**(group283.init(ZR, int(4))) h283 = (group283.random(G))**(group283.init(ZR, int(4))) g571 = (group571.random(G))**(group571.init(ZR, int(4))) h571 = (group571.random(G))**(group571.init(ZR, int(4))) decoded_g256 = group256.decode(g256) decoded_h256 = group256.decode(h256) decoded_g283 = group283.decode(g283) decoded_h283 = group283.decode(h283)
class SchnorrZK(Protocol): def __init__(self, builtin_cv, common_input=None): Protocol.__init__(self, None) verifier_states = { 2:self.verifier_state2, 4:self.verifier_state4, 6:self.verifier_state6 } prover_states = { 1:self.prover_state1, 3:self.prover_state3, 5:self.prover_state5 } verifier_trans = { 2:4, 4:[2,6] } prover_trans = { 1:3, 3:5, 5:1 } # describe the parties involved and the valid transitions Protocol.addPartyType(self, VERIFIER, verifier_states, verifier_trans) Protocol.addPartyType(self, PROVER, prover_states, prover_trans, True) self.group = ECGroup(builtin_cv) #db = {} Protocol.setSubclassVars(self, self.group) #, db) # PROVER states def prover_state1(self): x = self.group.random() r, g = self.group.random(), self.group.random(G) t = g ** r print('prover: ',"hello to verifier.") Protocol.store(self, ('r',r), ('x',x)) Protocol.setState(self, 3) return {'t':t, 'g':g, 'y':g ** x } # output goes to the next state. def prover_state3( self, input): print("state3 => ", input) (r, x, c) = Protocol.get(self, ['r', 'x', 'c']) s = r + c * x Protocol.setState(self, 5) return {'s':s} def prover_state5( self, input ): print("state5 => ", input) result = input.split(':')[1] if result == 'ACCEPTED': Protocol.setState(self, None) else: Protocol.setState(self, 1); return 'REPEAT' return None # VERIFIER states def verifier_state2(self, input): #print("state2 received => ", input) # compute challenge c and send to prover c = self.group.random() print("state2 generate c :=", c) Protocol.store(self, ('c',c)) Protocol.setState(self, 4) return {'c':c} def verifier_state4( self, input ): (t,g,y,c,s) = Protocol.get(self, ['t','g','y','c','s']) print("state4: s :=", s) if (g ** s == t * (y ** c)): print("SUCCESSFUL VERIFICATION!!!") output = "verifier : ACCEPTED!" else: print("FAILED TO VERIFY!!!") output = "verifier : FAILED!" Protocol.setState(self, 6) return output def verifier_state6(self, input ): print("state6: => ", input) Protocol.setState(self, None) return None