def test_blog_post(): # Define an EC group G = EcGroup(713) print (EcGroup.list_curves()[713]) order = G.order() ## Define the Zero-Knowledge proof statement zk = ZKProof(G) g, h = zk.get(ConstGen, ["g", "h"]) x, o = zk.get(Sec, ["x", "o"]) Cxo = zk.get(ConstGen, "Cxo") zk.add_proof(Cxo, x*g + o*h) ## Render the proof statement in Latex print(zk.render_proof_statement()) # A concrete Pedersen commitment ec_g = G.generator() ec_h = order.random() * ec_g bn_x = order.random() bn_o = order.random() ec_Cxo = bn_x * ec_g + bn_o * ec_h ## Bind the concrete variables to the Proof env = ZKEnv(zk) env.g, env.h = ec_g, ec_h env.Cxo = ec_Cxo env.x = bn_x env.o = bn_o # Create the Non-Interactive Zero-Knowledge (NIZK) proof sig = zk.build_proof(env.get()) # Execute the verification on the proof 'sig' env = ZKEnv(zk) env.g, env.h = ec_g, ec_h env.Cxo = ec_Cxo assert zk.verify_proof(env.get(), sig)
from petlib.ec import EcGroup, EcPt from petlib.bn import Bn import time timings = [] curves = EcGroup.list_curves() for gid in curves: G = EcGroup(gid) gx = G.order().random() * G.generator() rnd = [G.order().random() for _ in range(100)] t0 = time.clock() for r in rnd: dud = r * gx t1 = time.clock() repreats = 1000 t = [] for x in [2, 200]: o = Bn(2) ** x tests = [o.random() for _ in range(repreats)] tx = time.clock() for y in tests: dud = y * gx t += [time.clock() - tx] # print(x, t[-1] / repreats) if abs(t[0] - t[-1]) < 5.0 / 100: const = "CONST"
from petlib.ec import EcGroup, EcPt from petlib.bn import Bn import time if __name__ == "__main__": fails = 0 print("List of curves passing the constant-time scalar mult test:") for (nid, name) in sorted(EcGroup.list_curves().items()): G = EcGroup(nid) g = G.generator() order = G.order() h = order.random() * g repreats = 100 t = [] for x in range(0, 400, 100): o = Bn(2)**x tests = [o.random() for _ in range(repreats)] t0 = time.clock() for y in tests: y * h t += [time.clock() - t0] # print x, t[-1] / repreats res = abs(t[0] - t[-1]) < 1.0 / 100 if res: ps = 1.0 / (t[-1] / repreats) res = ["FAIL", "PASS"][res] print("%3d\t%s\t%2.1f/s\t%s" % (nid, res, ps, name))
from petlib.ec import EcGroup, EcPt from petlib.bn import Bn import time if __name__ == "__main__": fails = 0 print("List of curves passing the constant-time scalar mult test:") for (nid, name) in sorted(EcGroup.list_curves().items()): G = EcGroup(nid) g = G.generator() order = G.order() h = order.random() * g repreats = 100 t = [] for x in range(0, 400, 100): o = Bn(2) ** x tests = [o.random() for _ in range(repreats)] t0 = time.clock() for y in tests: y * h t += [time.clock() - t0] # print x, t[-1] / repreats res = abs(t[0] - t[-1]) < 1.0 / 100 if res: ps = 1.0 / (t[-1] / repreats) res = ["FAIL", "PASS"][res] print("%3d\t%s\t%2.1f/s\t%s" % (nid, res, ps, name))
from petlib.ec import EcGroup from genzkp import ZKProof, ZKEnv, ConstGen, Sec # Define an EC group G = EcGroup(713) print(EcGroup.list_curves()[713]) order = G.order() ## Define the Zero-Knowledge proof statement zk = ZKProof(G) g, h = zk.get(ConstGen, ["g", "h"]) x, o = zk.get(Sec, ["x", "o"]) Cxo = zk.get(ConstGen, "Cxo") zk.add_proof(Cxo, x * g + o * h) print(zk.render_proof_statement()) # A concrete Pedersen commitment ec_g = G.generator() ec_h = order.random() * ec_g bn_x = order.random() bn_o = order.random() ec_Cxo = bn_x * ec_g + bn_o * ec_h ## Bind the concrete variables to the Proof env = ZKEnv(zk) env.g, env.h = ec_g, ec_h env.Cxo = ec_Cxo env.x = bn_x env.o = bn_o
def key_gen(params): """ generate a private / public key pair """ (G, g, hs, o) = params priv = o.random() pub = priv * g return (priv, pub) """An important part of the setup is selecting the rigth elliptic curve to use - so as to match with other systems that want to verify your signature. You can see what curves petlib supports like this: """ EcGroup.list_curves() """The default in petlib http://petlib.readthedocs.io/en/latest/#module-petlib-ec is 713, which is 'NIST/SECG curve over a 224 bit prime field' If we want interaction with milagro we will need to usea curve that it supports, like from https://github.com/milagro-crypto/milagro-crypto-js One that it supports is NIST256 which in openssl (what petlib uses underneath) is listed as "prime256v1: X9.62/SECG curve over a 256 bit prime field", from https://security.stackexchange.com/questions/78621/which-elliptic-curve-should-i-use Which would be item 415 in petlib Ok, lets do some crypto!! """ params = setup() (private_key, public_key) = key_gen(params)