def testDefaultParams(self):
p = self.params.p
q = self.params.q
g = self.params.g
assert getMod(g) == p
assert isPrime(p)
assert isPrime(q)
assert p != q
assert p == 2*q + 1
assert bitsize(p) >= 1024
assert bitsize(q) >= 1023
def HW_hash(self, key, c, input, keyLen):
C = integer(c)
input_size = bitsize(c)
input_b = Conversion.IP2OS(input, input_size)
# Return c XOR PRF(k, input), where the output of PRF is keyLength bits
result = C ^ self.Prf.eval(key, input_b)
return result
def encrypt(self, pk, ID,
M): # check length to make sure it is within n bits
Q_id = group.hash(ID, G1) #standard
g_id = pair(Q_id, pk['P2'])
#choose sig = {0,1}^n where n is # bits
sig = integer(randomBits(group.secparam))
r = h.hashToZr(sig, M)
enc_M = self.encodeToZn(M)
if bitsize(enc_M) <= group.messageSize():
C = {
'U': r * pk['P'],
'V': sig ^ h.hashToZn(g_id**r),
'W': enc_M ^ h.hashToZn(sig)
}
else:
print("Message cannot be encoded.")
return None
if (debug):
print('\nEncrypt...')
print('r => %s' % r)
print('sig => %s' % sig)
print("V' =>", g_id**r)
print('enc_M => %s' % enc_M)
group.debug(C)
return C
def HW_hash(self, key, c, input, keyLen):
C = integer(c)
input_size = bitsize(c)
input_b = Conversion.IP2OS(input, input_size)
# Return c XOR PRF(k, input), where the output of PRF is keyLength bits
result = C ^ self.Prf.eval(key, input_b)
return result
def testBasic(self):
msg = 'some message'
assert msg != msg[::-1] # will assume this below
pk = self.pk
sk = self.sk
p = self.params.p
q = self.params.q
signer = sk.getSigner()
sig = signer.sign(msg)
# Make sure this is a non-empty signature
assert sig.getR() is not None
assert sig.getS() is not None
assert signer.getK() is not None
assert getMod(signer.getK()) == q
assert getMod(sig.getS()) == q
assert getMod(sig.getR()) == p
assert sig.getR() > integer(0) % p
assert sig.getS() > integer(0) % q
assert signer.getK() > integer(0) % q
assert integer(sig.getR()) < p
print "s=",sig.getS()
print "integer(s)=",integer(sig.getS())
assert integer(sig.getS()) < q
assert integer(signer.getK()) < q
assert bitsize(sig.getR()) > 1
assert bitsize(sig.getS()) > 1
assert bitsize(signer.getK()) > 1
assert (self.params.g ** signer.getK()) == sig.getR()
# Make sure verifying the signed message succeeds
verifier = pk.getVerifier(sig)
assert verifier.verify(msg) == True
# Make sure verifying a different message fails
assert verifier.verify(msg + 'a') == False
assert verifier.verify('b' + msg) == False
msg = msg[::-1] # reverses string
assert verifier.verify(msg) == False
def encrypt(self, params, ID, M):
enc_M = integer(M)
if bitsize(enc_M)/8 > group.messageSize():
print("Message cannot be encoded.")
return None
sigma = group.random(GT)
r = h.hashToZr(sigma,M)
A = params['g'] ** r
B = sigma * pair(params['g_s'], group.hash(ID, G1) ** r)
C = enc_M ^ h.hashToZn(sigma)
C_ = {'A':A, 'B':B, 'C':C}
S = group.hash((ID, C_),G1) ** r
ciphertext = {'S':S,'C':C_}
if(debug):
print('\nEncrypt...')
print('r => %s' % r)
print('sigma => %s' % sigma)
print('enc_M => %s' % enc_M)
group.debug(ciphertext)
return ciphertext
def encrypt(self, params, ID, M):
enc_M = integer(M)
if bitsize(enc_M)/8 > group.messageSize():
print("Message cannot be encoded.")
return None
sigma = group.random(GT)
r = h.hashToZr(sigma,M)
A = params['g'] ** r
B = sigma * pair(params['g_s'], group.hash(ID, G1) ** r)
C = enc_M ^ h.hashToZn(sigma)
C_ = {'A':A, 'B':B, 'C':C}
S = group.hash((ID, C_),G1) ** r
ciphertext = {'S':S,'C':C_}
if(debug):
print('\nEncrypt...')
print('r => %s' % r)
print('sigma => %s' % sigma)
print('enc_M => %s' % enc_M)
group.debug(ciphertext)
return ciphertext
def encrypt(self, pk, ID, M): # check length to make sure it is within n bits
Q_id = group.hash(ID, G1) #standard
g_id = pair(Q_id, pk['P2'])
#choose sig = {0,1}^n where n is # bits
sig = integer(randomBits(group.secparam))
r = h.hashToZr(sig, M)
enc_M = self.encodeToZn(M)
if bitsize(enc_M) <= group.messageSize():
C = { 'U':r * pk['P'], 'V':sig ^ h.hashToZn(g_id ** r) , 'W':enc_M ^ h.hashToZn(sig) }
else:
print("Message cannot be encoded.")
return None
if(debug):
print('\nEncrypt...')
print('r => %s' % r)
print('sig => %s' % sig)
print("V' =>", g_id ** r)
print('enc_M => %s' % enc_M)
group.debug(C)
return C
def bitsize(self):
return bitsize(self.q) / 8
def groupOrder(self):
return bitsize(self.q)
def messageSize(self):
return bitsize(self.q) / 8
def bitsize(self):
return bitsize(self.q) / 8
def groupOrder(self):
return bitsize(self.q)
def messageSize(self):
return bitsize(self.q) / 8
def __init__(self, secparam=1024, param=None):
if param:
self.N2 = param.N2
self.N = param.N
self.g = param.g
self.k = param.k
else:
self.p, self.q = randomPrime(int(secparam / 2), True), randomPrime(
int(secparam / 2), True)
self.pp = (self.p - 1) / 2
self.qq = (self.q - 1) / 2
self.N = self.p * self.q
while True: # choose a good N
if bitsize(self.N) == secparam and len(int2Bytes(
self.N)) == int(
secparam / 8) and int2Bytes(self.N)[0] & 128 != 0:
break
self.p, self.q = randomPrime(int(secparam / 2),
True), randomPrime(
int(secparam / 2), True)
self.pp = (self.p - 1) / 2
self.qq = (self.q - 1) / 2
self.N = self.p * self.q
self.N2 = self.N**2
self.g = random(self.N2)
one = integer(1) % self.N2
while True: #choose a good g
self.g = random(self.N2)
self.g = integer(
(int(self.g) - 1) * (int(self.g) - 1)) % self.N2
if self.g == one:
continue
tmp = self.g**self.p % self.N2
if tmp == one:
continue
tmp = self.g**self.pp % self.N2
if tmp == one:
continue
tmp = self.g**self.q % self.N2
if tmp == one:
continue
tmp = self.g**self.qq % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp * self.q) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.pp * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.p * self.q * self.qq) % self.N2
if tmp == one:
continue
tmp = self.g**(self.pp * self.q * self.qq) % self.N2
if tmp == one:
continue
break
self.k = integer(
(int(self.g**(self.pp * self.qq)) - 1)) / self.N % self.N
self.MK = {"pp": self.pp, "qq": self.qq}
