def round_1(self, n1): Ro = self.pk_i['Ro'] df02_commit = CM_DF02() pk_commit = {'S': self.pk_i['S'], 'Z': Ro, 'N': self.pk_i['N']} (U, self.vPrime) = df02_commit.commit(pk_commit, self.ms, (ln + lo)) mTilde = integer(randomBits(lm + lo + lh + 1)) (Utilde, vPrimeTilde) = df02_commit.commit(pk_commit, mTilde, (lm + lo + lh + 1)) s1 = hashlib.new('sha256') s1.update(Conversion.IP2OS(self.context)) s1.update(Conversion.IP2OS(U)) s1.update(Conversion.IP2OS(Utilde)) s1.update(Conversion.IP2OS(n1)) c = integer(s1.digest()) # Responses to challenge vPrimeHat = vPrimeTilde + (c * self.vPrime) sHat = mTilde + (c * self.ms) p1 = {'c': c, 'vPrimeHat': vPrimeHat, 'sHat': sHat, 'U': U} n2 = integer(randomBits(lo)) return p1, n2
def roundNumber1(self, n1): Ro = self.pk_i['Ro'] df02_commit = CM_DF02() pk_commit = { 'S':self.pk_i['S'], 'Z':Ro, 'N':self.pk_i['N'] } (U, self.vPrime) = df02_commit.commit(pk_commit, self.ms, (ln + lo)) mTilde = integer(randomBits(lm + lo + lh + 1)) (Utilde, vPrimeTilde) = df02_commit.commit(pk_commit, mTilde, (lm + lo + lh + 1)) s1 = hashlib.new('sha256') s1.update(Conversion.IP2OS(self.context)) s1.update(Conversion.IP2OS(U)) s1.update(Conversion.IP2OS(Utilde)) s1.update(Conversion.IP2OS(n1)) c = integer(s1.digest()) # Responses to challenge vPrimeHat = vPrimeTilde + (c * self.vPrime) sHat = mTilde + (c * self.ms) p1 = { 'c':c, 'vPrimeHat':vPrimeHat, 'sHat':sHat, 'U':U } n2 = integer(randomBits(lo)) return (p1, n2)
def roundNumber1(self, n1): # U: as IRMA does ms and Ro only Ro = self.pk_i['Ro'] df02_commit = CM_DF02() pk_commit = { 'S':self.pk_i['S'], 'Z':Ro, 'N':self.pk_i['N'] } (U, self.vPrime) = df02_commit.commit(pk_commit, self.ms, (ln + lo)) #U = (self.pk_i['S'] ** self.vPrime) * (self.pk_i['Ro'] ** self.ms) #print "Recipient, U, round1", U #sU = deepcopy(int(U)) #print "bakcup justo despues, sU", sU #self.vPrime = vPrime # P1: mTilde = integer(randomBits(lm + lo + lh + 1)) (Utilde, vPrimeTilde) = df02_commit.commit(pk_commit, mTilde, (lm + lo + lh + 1)) # CTilde = no lo hacemos ahora, IRMA no lo hace # Fiat-Shamir challenge, c = H(context | U | UTilde | nonce) s1 = hashlib.new('sha256') s1.update(Conversion.IP2OS(self.context)) s1.update(Conversion.IP2OS(U)) s1.update(Conversion.IP2OS(Utilde)) s1.update(Conversion.IP2OS(n1)) c = integer(s1.digest()) # Responses to challenge vPrimeHat = vPrimeTilde + (c * self.vPrime) sHat = mTilde + (c * self.ms) p1 = { 'c':c, 'vPrimeHat':vPrimeHat, 'sHat':sHat, 'U':U } n2 = integer(randomBits(lo)) #print "Recipient, U, round1 - BEFORE RETURNING", U #print "backup", sU return (p1, n2)
def keygen(self, keyLength=1024, p=0, q=0): # Generate a Blum-Williams integer N of 'key_length' bits with factorization p,q if p == 0 or q == 0: (p, q) = self.BWInt.generatePrimes(int(keyLength / 2)) # Generate random u,h \in QR_N and a random c \in {0,1}^|N| N = p * q u = randomQR(N) h = randomQR(N) c = randomBits(keyLength) #PRNG_generate_bits(key_length) K = self.Prf.keygen(keyLength) self.state = 0 # Generate the Chameleon hash parameters. We do not need the secret params. (L, secret) = self.ChameleonHash.paramgen(keyLength, p, q) # Assemble the public and secret keys pk = { 'length': keyLength, 'N': N, 'u': u, 'h': h, 'c': c, 'K': K, 'L': L } sk = {'p': p, 'q': q} return (pk, sk)
def encrypt(self, pk, ID, M): # check length to make sure it is within n bits Q_id = group.hash(ID, G1) #standard g_id = pair(Q_id, pk['P2']) #choose sig = {0,1}^n where n is # bits sig = integer(randomBits(group.secparam)) r = h.hashToZr(sig, M) enc_M = self.encodeToZn(M) if bitsize(enc_M) <= group.messageSize(): C = { 'U': r * pk['P'], 'V': sig ^ h.hashToZn(g_id**r), 'W': enc_M ^ h.hashToZn(sig) } else: print("Message cannot be encoded.") return None if (debug): print('\nEncrypt...') print('r => %s' % r) print('sig => %s' % sig) print("V' =>", g_id**r) print('enc_M => %s' % enc_M) group.debug(C) return C
def sign(self, pk, sk, m, v=0, u=0, e=0): if (e == 0): e = randomPrime(le) lv = ln + lm + lr if (v == 0): v = integer(randomBits(lv)) R = pk['R'] Cx = 1 % pk['N'] for i in range(1, len(m) + 1): Cx = Cx * (R[str(i)] ** m[str(i)]) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N if (u != 0): u = u % pk['N'] Cx = Cx*u q = pk['Z'] / (Cx*(pk['S'] ** v)) % pk['N'] a = q ** (e2 ** -1) % pk['N'] sig = { 'A':a, 'Q':q, 'e':e, 'v':v } return sig
def sign(self, pk, sk, m, v=0, u=0, e=0): if (e == 0): e = randomPrime(le) lv = ln + lm + lr if (v == 0): v = integer(randomBits(lv)) R = pk['R'] Cx = 1 % pk['N'] for i in range(1, len(m) + 1): Cx = Cx * (R[str(i)]**m[str(i)]) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N if (u != 0): u = u % pk['N'] Cx = Cx * u q = pk['Z'] / (Cx * (pk['S']**v)) % pk['N'] a = q**(e2**-1) % pk['N'] sig = {'A': a, 'Q': q, 'e': e, 'v': v} return sig
def prng_bits(group, bits=80): assert group.InitBenchmark(), "failed to init benchmark" group.StartBenchmark(["CpuTime"]) for i in range(trials): a = group.init(ZR, randomBits(bits)) group.EndBenchmark() result = (group.GetBenchmark("CpuTime") / trials) * time_in_ms return result
def selfTest(self): mt = {} for i in range(1, self.l+1): mt[str(i)] = integer(randomBits(lm)) % self.pk_i['N'] signature = self.pksig.sign(self.pk_i, self.sk_i, mt) return self.verifySignature(mt, signature)
def rkGen(self, params, skid, IDsrc, IDdest): N = integer(randomBits(group.secparam)) K = pair(skid['skid'], group.hash(IDdest, G1)) if(debug): print("\nRe-encryption key for id1 => '%s' to id2 => '%s'" % (IDsrc,IDdest)) group.debug(skid) print('N => %s' % N) print('K => %s' % K) return {'N':N, 'R':group.hash((K, IDsrc, IDdest, N), G1) * skid['skid']}
def selfTest(self): mt = {} for i in range(1, self.l + 1): mt[str(i)] = integer(randomBits(lm)) % self.pk_i['N'] signature = self.pksig.sign(self.pk_i, self.sk_i, mt) return self.verifySignature(mt, signature)
def randomize(self, pk, sig): rA = integer(randomBits(ln + lo)) aP = (sig['A'] * (pk['S']**rA)) % pk['N'] vP = sig['v'] - (sig['e'] * rA) eP = sig['e'] - (2**(le - 1)) sigP = {'A': aP, 'e': eP, 'v': vP} return sigP
def gen_context(apdu): n3 = integer(randomBits(256)) n3 = int(n3) n3_hex = int2hex(n3) if apdu == 1: return map(ord, n3_hex) else: return n3_hex
def randomize(self, pk, sig): rA = integer(randomBits(ln + lo)) aP = (sig['A'] * (pk['S'] ** rA)) % pk['N'] vP = sig['v'] - (sig['e'] * rA) eP = sig['e'] - (2 ** (le - 1)) sigP = { 'A':aP, 'e':eP, 'v':vP } return sigP
def gen_nonce(len_nonce, apdu): n3 = integer(randomBits(len_nonce)) n3 = int(n3) n3_hex = int2hex(n3) if apdu == 1: return map(ord, n3_hex) else: return n3_hex
def S(self, pub): x = randomBits(448) x = str(x).zfill(135) r = hashlib.sha256(x.encode('utf-8')).digest() com = hashlib.sha1(x.encode('utf-8')).digest()[:128] dec = x return (r, com, dec)
def S(self, pub): x = randomBits(448) x = str(x).zfill(135) r = hashlib.md5(x.encode('utf-8')).digest() com = hashlib.sha1(x.encode('utf-8')).digest()[:128] dec = x return (r, com, dec)
def build_proof(self, credentials, predicate, n1): # step 0.1 for key, value in self.m.iteritems(): self.v_tilde[key] = integer(randomBits(lm + lo + lh)) # print self.v_hat self.v_tilde['0'] = integer(randomBits(lm + lo + lh)) cl_prover = CLProver() # print self.all # step 1.1: t-values t_value, common_value = cl_prover.prove(self.pk_i, credentials, predicate, self.m, self.v_tilde) self.t_values['Z_tilde'] = t_value self.common_value['A_prime'] = common_value # step 2.1: challenge h_challenge = hashlib.new('sha256') h_challenge.update(Conversion.IP2OS(self.context)) h_challenge = self.__add_dict_to_hash(self.common_value, h_challenge) h_challenge = self.__add_dict_to_hash(self.t_values, h_challenge) h_challenge = self.__add_list_to_hash( [], h_challenge) # committed, representation, nym, dnym, verenc, msg h_challenge.update(Conversion.IP2OS(n1)) c = integer(h_challenge.digest()) # print "t-value:", t_value # step 3.1: s-values s_values = cl_prover.prove(self.pk_i, credentials, predicate, self.m, self.v_tilde, self.ms, c) # step 4.1: return proof proof = {} proof['c'] = c proof['s'] = s_values proof['common'] = self.common_value return proof
def commit(self, pk, msg, lr, ri=0): S = pk['S'] Z = pk['Z'] if (lr == 0): r = ri else: r = integer(randomBits(lr)) c = ((Z ** msg) * (S ** r)) % pk['N'] d = r return (c, d)
def commit(self, pk, msg, lr, ri=0): S = pk['S'] Z = pk['Z'] if (lr == 0): r = ri else: r = integer(randomBits(lr)) c = ((Z**msg) * (S**r)) % pk['N'] d = r return (c, d)
def prove(self, pk_i, credential, cl_predicate, m, m_tilde, ms=None, c=None): if not c: r_a = integer(randomBits(ln + lo)) A_prime = (credential['signature']['A'] * (pk_i['S'] ** r_a)) % pk_i['N'] v_prime = credential['signature']['v'] - (credential['signature']['e'] * r_a) e_prime = credential['signature']['e'] - (2 ** (le - 1)) e_tilde = integer(randomBits(lePrime + lo + lh)) v_prime_tilde = integer(randomBits(lv + lo + lh)) R_tot = 1 % pk_i['N'] for id in credential['attributes']: if id not in cl_predicate: R_tot = R_tot * (pk_i['R'][id] ** m_tilde[id]) R_tot = R_tot * (pk_i['Ro'] ** m_tilde['0']) Z_tilde1 = A_prime ** e_tilde Z_tilde3 = pk_i['S'] ** v_prime_tilde Z_tilde = (Z_tilde1 * R_tot * Z_tilde3) % pk_i['N'] self.e_tilde = e_tilde self.e_prime = e_prime self.v_prime_tilde = v_prime_tilde self.v_prime = v_prime return Z_tilde, A_prime else: e_hat = self.e_tilde + (c * self.e_prime) v_prime_hat = self.v_prime_tilde + (c * self.v_prime) m_hat = {} for id in credential['attributes']: # TODO: not in Ar (not revealed!) if id not in cl_predicate: m_hat[id] = m_tilde[id] + (c * m[id]) m_hat['0'] = m_tilde['0'] + (c * ms) return {'e_hat': e_hat, 'v_prime_hat': v_prime_hat, 'm_hat': m_hat}
def roundNumber2(self, U, attr, n2): # TODO: Adaptar IRMA e = randomPrime(le) vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde R = self.pk_i['R'] Cx = 1 % self.pk_i['N'] for i in range(1, len(attr) + 1): Cx = Cx*(R[str(i)] ** attr[str(i)]) sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p']-1)*(self.sk_i['q']-1) e2 = e % phi_N # The issuer creates an SPK for proving the knowledge of # e^(-1) according to the equivalence of A and Q^{e-1} r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] s3 = hashlib.new('sha256') s3.update(Conversion.IP2OS(self.context)) s3.update(Conversion.IP2OS(Q)) s3.update(Conversion.IP2OS(A)) s3.update(Conversion.IP2OS(n2)) s3.update(Conversion.IP2OS(Atilde)) #print "issuer Q #1", Q #print "issuer A", A #print "issuer n2", n2 #print "issuer Atilde", Atilde cPrime = integer(s3.digest()) e2Prime = e2 ** - 1 Se = r - (cPrime * integer(e2Prime)) signature = { 'A':A, 'e':e, 'vPrimePrime':vPrimePrime } P2 = { 'Se':Se, 'cPrime':cPrime } return (signature, P2)
def sign(self, pk, sk, m): e = randomPrime(le) ls = ln + lm + l s = integer(randomBits(ls)) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N v = (((pk['a']**m) * (pk['b']**s) * pk['c'])**(e2**-1)) % pk['N'] sig = {'e': e, 's': s, 'v': v} return sig
def signCommit(self, pk, sk, Cx): e = randomPrime(le) ls = ln + lm + l rprime = integer(randomBits(ls)) phi_N = (sk['p'] - 1) * (sk['q'] - 1) e2 = e % phi_N v = (((Cx) * (pk['b']**rprime) * pk['c'])**(e2**-1)) % pk['N'] sig = {'e': e, 'rprime': rprime, 'v': v} return sig
def sign(self, pk, sk, m): e = randomPrime(le) ls = ln + lm + l s = integer(randomBits(ls)) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N v = (((pk['a'] ** m)*(pk['b'] ** s)*pk['c']) ** (e2 ** -1)) % pk['N'] sig = { 'e':e, 's':s, 'v':v } return sig
def signCommit(self, pk, sk, Cx): e = randomPrime(le) ls = ln + lm + l rprime = integer(randomBits(ls)) phi_N = (sk['p']-1)*(sk['q']-1) e2 = e % phi_N v = (((Cx)*(pk['b'] ** rprime)*pk['c']) ** (e2 ** -1)) % pk['N'] sig = { 'e':e, 'rprime':rprime, 'v':v } return sig
def round_2(self, U, p1, attr, n2): if self.__verify_p1(p1): pass # print "P1 verified" else: return None e = randomPrime(le) vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde R = self.pk_i['R'] Cx = 1 % self.pk_i['N'] for i in range(1, len(attr) + 1): Cx = Cx * (R[str(i)] ** attr[str(i)]) sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p'] - 1) * (self.sk_i['q'] - 1) e2 = e % phi_N r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] s3 = hashlib.new('sha256') s3.update(Conversion.IP2OS(self.context)) s3.update(Conversion.IP2OS(Q)) s3.update(Conversion.IP2OS(A)) s3.update(Conversion.IP2OS(n2)) s3.update(Conversion.IP2OS(Atilde)) cPrime = integer(s3.digest()) e2Prime = e2 ** - 1 Se = r - (cPrime * integer(e2Prime)) signature = {'A': A, 'e': e, 'vPrimePrime': vPrimePrime} P2 = {'Se': Se, 'cPrime': cPrime} print signature print P2 return signature, P2
def commitBlock(self, pk, msg, lr, ri=0): Cx = 1 % pk['N'] R = pk['R'] S = pk['S'] if (lr == 0): r = ri else: r = integer(randomBits(lr)) for i in range(1, len(msg) + 1): Cx = Cx * (R[str(i)]**msg[str(i)]) c = (Cx * (S**r)) % pk['N'] d = r return (c, d)
def genRandomAttributes(self, l): for i in range(1, l + 1): self.m[str(i)] = integer(randomBits(lm)) Ak = 1 % self.pk_i['N'] R = self.pk_i['R'] for i in range(1, len(self.m) + 1): Ak = Ak*(R[str(i)] ** self.m[str(i)]) Ro = self.pk_i['Ro'] All = Ak * (Ro ** self.ms) self.all = All self.ak = Ak return self.m
def gen_random_attributes(self, l): for i in range(1, l + 1): self.m[str(i)] = integer(randomBits(lm)) Ak = 1 % self.pk_i['N'] R = self.pk_i['R'] for i in range(1, len(self.m) + 1): Ak = Ak * (R[str(i)]**self.m[str(i)]) Ro = self.pk_i['Ro'] All = Ak * (Ro**self.ms) self.all = All self.ak = Ak return self.m
def commitBlock(self, pk, msg, lr, ri=0): Cx = 1 % pk['N'] R = pk['R'] S = pk['S'] if (lr == 0): r = ri else: r = integer(randomBits(lr)) for i in range(1, len(msg) + 1): Cx = Cx*(R[str(i)] ** msg[str(i)]) c = (Cx * (S ** r)) % pk['N'] d = r return (c, d)
def keygen(self, keyLength=1024, p=0, q=0): # Generate a Blum-Williams integer N of 'key_length' bits with factorization p,q if p == 0 or q == 0: (p, q) = self.BWInt.generatePrimes(int(keyLength/2)) # Generate random u,h \in QR_N and a random c \in {0,1}^|N| N = p * q u = randomQR(N) h = randomQR(N) c = randomBits(keyLength)#PRNG_generate_bits(key_length) K = self.Prf.keygen(keyLength) self.state = 0 # Generate the Chameleon hash parameters. We do not need the secret params. (L, secret) = self.ChameleonHash.paramgen(keyLength, p, q); # Assemble the public and secret keys pk = { 'length': keyLength, 'N': N, 'u': u, 'h': h, 'c': c, 'K': K, 'L': L } sk = { 'p': p, 'q': q } return (pk, sk);
def test_vector_commitment(): k = Config.benchmark_vector_commitment_key_sizes[0] l = Config.benchmark_vector_commitment_message_elem_bit_len q = Config.benchmark_vector_commitment_vector_lens[0] n, a, s, e, p_1, p_2 = vectorcommitment.key_gen(k, l, q) m = list() for i in range(q): m.append(int(randomBits(l))) c, aux = vectorcommitment.commit(m, s, n) for i in range(q): lamda_i = vectorcommitment.open(m, i, e[i], s, p_1, p_2) verification_result = vectorcommitment.verify(c, m[i], i, s, lamda_i, e, n, l) logging.info(verification_result) assert verification_result
def encrypt(self, pk, ID, M): # check length to make sure it is within n bits Q_id = group.hash(ID, G1) #standard g_id = pair(Q_id, pk['P2']) #choose sig = {0,1}^n where n is # bits sig = integer(randomBits(group.secparam)) r = h.hashToZr(sig, M) enc_M = self.encodeToZn(M) if bitsize(enc_M) <= group.messageSize(): C = { 'U':r * pk['P'], 'V':sig ^ h.hashToZn(g_id ** r) , 'W':enc_M ^ h.hashToZn(sig) } else: print("Message cannot be encoded.") return None if(debug): print('\nEncrypt...') print('r => %s' % r) print('sig => %s' % sig) print("V' =>", g_id ** r) print('enc_M => %s' % enc_M) group.debug(C) return C
bits = 1024 elif security_level == 112: bits = 2048 elif security_level == 128: bits = 3072 elif security_level == 256: bits = 15360 group_order_bits = 2 * security_level group_p = 0 # the prime number for mod calculation group_order = randomPrime(group_order_bits) #print('group_order = ', group_order) while True: random_k_value = randomBits(bits - group_order_bits) group_p = random_k_value * group_order + 1 if isPrime(group_p): break #print('group_p = ', group_p) group_g = 0 while True: i = random(group_p) tmp1 = (group_p - 1) / group_order tmp2 = (i**tmp1) % group_p if tmp2 != 1 and i > 1: group_g = tmp2 break #print('group_g = ', group_g)
from charm.core.math.integer import integer,isPrime,random,randomPrime,randomBits,bitsize from charm.toolbox.conversion import Conversion from smartcard.CardConnection import CardConnection from smartcard.System import readers from smartcard.util import toHexString from functools import wraps from irma import pin from idemix import protocol_ibm12 from copy import deepcopy import irma_util import binascii import time import sys context = integer(randomBits(256)) # constants CMD_SELECT = [0x00, 0xA4, 0x04, 0x00, 0x09, 0xF8, 0x49, 0x52, 0x4D, 0x41, 0x63, 0x61, 0x72, 0x64, 0x18] CMD_GET_CRED_LIST = [0x80, 0x3A, 0x00, 0x00] CMD_VERIFY_PIN_ATTR = [0x00, 0x20, 0x00, 0x00, 0x08] PIN_ATTR_DEFAULT = [0x30, 0x30, 0x30, 0x30, 0x00, 0x00, 0x00, 0x00] CMD_PROVE_COMMITMENT = [0x80, 0x2A, 0x00, 0x00] LEN_PC = [0x0A] CMD_ISSUE_CRED = [0x80, 0x10, 0x00, 0x00, 0x2B] CMD_PUBLIC_KEY_N = [0x80, 0x11, 0x00, 0x00, 0x80]
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. """ import hashlib from charm.core.math.integer import integer, randomBits from charm.toolbox.conversion import Conversion from idemix.issuer import Issuer from idemix.recipient import Recipient from idemix.settings import lm, l, secparam from idemix.verifier import Verifier context = integer(randomBits(lm)) attr = {'1': 'student', '2': 'italian', '3': 'age'} for id, value in attr.iteritems(): h_challenge = hashlib.new('sha256') h_challenge.update(str(value)) attr[id] = Conversion.bytes2integer(h_challenge.digest()) issuer = Issuer(len(attr), 0, 0, secparam, context) pk_i, sk_i = issuer.gen_key_pair() # print sk_i assert issuer.selfTest() user = Recipient(pk_i, context) user.gen_master_secret() user.set_attributes(attr)
def get_nonce(self): nv = integer(randomBits(lo)) return nv
def round_0(self): self.n1 = integer(randomBits(lo)) return self.n1
def getRandomBits(self, length): i = randomBits(length) len = math.ceil(length / 8) return Conversion.IP2OS(i, len)
def roundNumber2IRMA(self, U, attr, n2): offset = integer(1 << (le - 1)) while True: e = randomBits(lePrime - 1) e = e + offset if isPrime(e): break vTilde = integer(randomBits(lv - 1)) vPrimePrime = (2 ** (lv - 1)) + vTilde sigA = self.signAttributesLong(attr, vPrimePrime, U, e) A = sigA['A'] Q = sigA['Q'] phi_N = (self.sk_i['p']-1)*(self.sk_i['q']-1) e2 = e % phi_N r = randomPrime(le) Atilde = (Q ** r) % self.pk_i['N'] list_ints = [] list_ints.append(int(self.context)) list_ints.append(int(Q)) list_ints.append(int(A)) list_ints.append(int(n2)) list_ints.append(int(Atilde)) ber_context = univ.Integer(list_ints[0]) ber_q = univ.Integer(list_ints[1]) ber_a = univ.Integer(list_ints[2]) ber_n2 = univ.Integer(list_ints[3]) ber_atilde = univ.Integer(list_ints[4]) # ints subheader = "0201" + "{:02x}".format(len(list_ints)) asn1_rep = subheader + ber_encoder.encode(ber_context).encode('hex') + \ ber_encoder.encode(ber_q).encode('hex') + \ ber_encoder.encode(ber_a).encode('hex') + \ ber_encoder.encode(ber_n2).encode('hex') + \ ber_encoder.encode(ber_atilde).encode('hex') # header asn1_rep_h = asn1_rep.decode("hex") m_len = len(asn1_rep_h) i = 0 len_code = [] if (m_len <= 0x7f): len_code[i] = hex(m_len) else: j = 0x80; while (0 < m_len): len_code.append("{:02x}".format(m_len & 0xff)) m_len = m_len >> 8 j = j + 1 len_code.append("{:02x}".format(j)) len_code.reverse() header = "30" + "".join(len_code) # 0x30, SEQ asn1_rep = header + asn1_rep s6 = hashlib.new('sha256') s6.update(asn1_rep.decode("hex")) cPrimeHex = s6.hexdigest() cPrime = integer(s6.digest()) e2Prime = e2 ** - 1 pPrimeQprime = ((self.sk_i['p'] - 1)/2)*((self.sk_i['q'] - 1)/2) Se = (r - (cPrime * integer(e2Prime))) % pPrimeQprime signature = { 'A':A, 'e':e, 'vPrimePrime':vPrimePrime } P2 = { 'Se':Se, 'cPrime':cPrimeHex } return (signature, P2)
def roundNumber0(self): n1 = integer(randomBits(lo)) return n1
def benchmark_vc_multiple(): """ Benchmark multiple configuration """ num_runs = 1000 assert 0 < num_runs for k in Config.benchmark_vector_commitment_key_sizes: for q in Config.benchmark_vector_commitment_vector_lens: l = Config.benchmark_vector_commitment_message_elem_bit_len logging.info( ('Benchmark k = {0}, q = {1}, l = {2}'.format(k, q, l))) time_gen = 0 num_runs_gen = min(num_runs, 10) for _ in range(num_runs_gen): start_key_gen = time() n, a, s, e, p_1, p_2 = vectorcommitment.key_gen(k, l, q) end_key_gen = time() time_gen += end_key_gen - start_key_gen avg_time_gen = time_gen / num_runs_gen n, a, s, e, p_1, p_2 = vectorcommitment.key_gen(k, l, q) m = list() for i in range(q): m.append(int(randomBits(l))) time_commit = 0 for num_run in range(num_runs): start_commit = time() c, aux = vectorcommitment.commit(m, s, n) end_commit = time() time_commit += end_commit - start_commit avg_time_commit = time_commit / num_runs c, aux = vectorcommitment.commit(m, s, n) commitment_size = int(math.ceil(c.bit_length() / 8)) time_open = 0 time_verify = 0 open_size = 0 for i in range(q): for num_run in range(num_runs): start_open = time() lamda_i = vectorcommitment.open(m, i, e[i], s, p_1, p_2) end_open = time() time_open += end_open - start_open lamda_i = vectorcommitment.open(m, i, e[i], s, p_1, p_2) open_size = int(math.ceil(lamda_i.bit_length() / 8)) for num_run in range(num_runs): start_verify = time() verification_result = vectorcommitment.verify( c, m[i], i, s, lamda_i, e, n, l) end_verify = time() time_verify += end_verify - start_verify assert verification_result avg_time_open = time_open / (num_runs * q) avg_time_verify = time_verify / (num_runs * q) # write header if not os.path.isfile(Config.benchmark_output_file): # file not exist, create it and add header with open(Config.benchmark_output_file, 'a+') as f: csv_writer = csv.writer(f, delimiter='\t') header = [ 'time', 'key_size', 'vector_len', 'message_elem_bit_len', 'avg_time_gen', 'avg_time_commit', 'avg_time_open', 'avg_time_verify', 'commitment_size', 'open_size' ] csv_writer.writerow(header) with open(Config.benchmark_output_file, 'a+') as f: csv_writer = csv.writer(f, delimiter='\t') row = [ datetime.strftime(datetime.now(), datasethelper.GOWALLA_TIME_PATTERN), str(k), str(q), str(l), '{0:.6f}'.format(avg_time_gen), '{0:.6f}'.format(avg_time_commit), '{0:.6f}'.format(avg_time_open), '{0:.6f}'.format(avg_time_verify), str(commitment_size), str(open_size) ] logging.info(str(row)) csv_writer.writerow(row)
def getRandomBytes(self, length): bits = length * 8; val = randomBits(bits) return Conversion.IP2OS(val, length)
def keygen(self, bits): return integer(randomBits(bits))
def getRandomBytes(self, length): bits = length * 8 val = randomBits(bits) return Conversion.IP2OS(val, length)
def genMasterSecret(self): self.ms = integer(randomBits(lm))
def prng_bits(bits=80): return group.init(ZR, randomBits(bits))
def gen_master_secret(self): self.ms = integer(randomBits(lm))
print('val1 = ', val1) print('toInt(val1) = ', toInt(val1)) g = N_square - toInt(val1) g = g % N_square print('g = ', g) alpha_value = random(N_square / 2) # of length bits beta_value = random(N_square / 2) hp_1_value = (g**alpha_value) % N_square hp_2_value = (g**beta_value) % N_square # t_1(k) and u(k) are calculated from the length of r and x t_1_length = 2 * group_order_bits - 128 # length of IV is 16 bytes u_length = 2 * group_order_bits - 128 r_1_value = randomBits(t_1_length) r_2_value = randomBits(640) # the length of r2 does not matter r_1_bytes = Conversion.IP2OS(r_1_value, t_1_length // 8) r_2_bytes = Conversion.IP2OS(r_2_value, 80) t_value = randomBits(160) # the length of t does not matter t_bytes = Conversion.IP2OS(t_value, 20) # session execution e_value = randomBits(u_length) e_bytes = Conversion.IP2OS(e_value, u_length // 8) # set l_1, l_2 (length of the output of extractor 1 and extractor 2) to be 128 bits, the length of AES key # hash alpha, beta, r_1 together to get lsk_A_prime group_for_hash = PairingGroup("SS512") waters = Waters(group_for_hash) alpha_bytes = Conversion.IP2OS(alpha_value, bits // 8)
def SmallExp(bits=80): return group.init(ZR, randomBits(bits))