def issuerHandler(issueparam):
group = ECGroup(security_dict[issueparam.L])
g = group.deserialize(str.encode(issueparam.sg))
h = group.deserialize(str.encode(issueparam.sh))
# print(issueparam.yt)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
# xt = group.random(ZR)
# yt = g ** xt
# print('xt: ----====>>>')
# print(xt)
yt = point2Obj(int(issueparam.yt), group)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
gamma = group.init(ZR, int(issueparam.gamma))
z = group.deserialize(str.encode(issueparam.sz))
zu = z**(gamma**-1)
v, u, d, s1, s2 = (group.random(ZR) for i in range(5))
t1, t2, t3, t4, t5 = (group.random(ZR) for i in range(5))
z1 = yt**v
z2 = zu / z1
a = g**u
b1 = (g**s1) * (z1**d)
b2 = (h**s2) * (z2**d)
ret = [zu, v, u, d, s1, s2, \
t1, t2, t3, t4, t5, \
z1, z2, a, b1, b2,\
bytes.decode(group.serialize(zu)), bytes.decode(group.serialize(z1)), bytes.decode(group.serialize(z2)),\
bytes.decode(group.serialize(a)), bytes.decode(group.serialize(b1)), bytes.decode(group.serialize(b2))]
return (str(k) for k in ret)
def testECGroup(self):
trials = 10
group = ECGroup(prime192v2)
g = group.random(G)
h = group.random(G)
i = group.random(G)
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials):
j = g * h
k = h**group.random(ZR)
t = (j**group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
self.assertTrue(isSaneBenchmark(msmtDict))
granDict = group.GetGranularBenchmarks()
self.assertTrue(isSaneBenchmark(granDict))
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials * 2):
j = g * h
k = h**group.random(ZR)
t = (j**group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
granDict = group.GetGranularBenchmarks()
del group
self.assertTrue(isSaneBenchmark(msmtDict))
self.assertTrue(isSaneBenchmark(granDict))
def parseFromXML(xmlObjectString, group=None):
assert type(xmlObjectString) == str, "Invalid type for XML object"
dom = parseString(xmlObjectString)
assert dom.documentElement.tagName == "charm", "Not a Charm element"
# print(dom.toprettyxml(indent=" "))
groupObj = dom.getElementsByTagName("group")
assert groupObj != None, "Error: could not find group tag."
groupObj = groupObj[0]
charmObj1 = dom.getElementsByTagName("object")
assert charmObj1 != None, "Error: could not find object tag."
charmObj1 = charmObj1[0]
structure = {}
setting = groupObj.getAttribute("setting")
param = groupObj.getAttribute("param")
charmObj2 = dom.getElementsByTagName("name")
structure['name'] = None
if charmObj2 != None:
charmObj2 = charmObj2[0] # what is this useful for?
structure['name'] = charmObj2.getAttribute("id")
bytesObj = getText(charmObj1.childNodes).strip()
if setting == 'pairing' and group == None:
group = PairingGroup(param)
elif structure['setting'] == 'elliptic_curve' and group == None:
group = ECGroup(param)
elif structure['setting'] == 'integer':
# TODO: this is a special case
pass
return bytesToObject(bytesObj, group)
def ecdsa():
group = ECGroup(prime192v2)
ecdsa = ECDSA(group)
results = 0.0
for i in range(0, number):
start = time.clock()
(public_key, secret_key) = ecdsa.keygen(0)
end = time.clock()
results += end - start
mean = results / number
logging.info("ECDSA key generation time: " + str(mean))
(public_key, secret_key) = ecdsa.keygen(0)
msg = "hello world! this is a test message."
results = 0.0
for i in range(0, number):
start = time.clock()
ecdsa.sign(public_key, secret_key, msg)
end = time.clock()
results += end - start
mean = results / number
logging.info("ECDSA signing time: " + str(mean))
signature = ecdsa.sign(public_key, secret_key, msg)
results = 0.0
for i in range(0, number):
start = time.clock()
ecdsa.verify(public_key, signature, msg)
end = time.clock()
results += end - start
mean = results / number
logging.info("ECDSA verify time: " + str(mean))
ecdsa.verify(public_key, signature, msg)
def testRandomMessageDecode(self):
group = ECGroup(prime192v2)
for i in range(runs):
msg_len = group.bitsize()
s = OpenSSLRand().getRandomBytes(msg_len)
g = group.encode(s)
t = group.decode(g)
assert s == t, "Failed to encode/decode %d properly" % i
def readPoint(pointX, pointY):
group = ECGroup(prime192v1)
point = group.deserialize(b'1:' +
b64encode(a2b_hex('03' + pointX.zfill(48))))
if str(group.coordinates(point)[1]) != str(int(pointY, 16)):
# print("inverting ("+str(group.coordinates(point)[1])+", "+str(int(pointY, 16))+")")
point = point**-1
return point
def testRandomGroupDecode(self):
group = ECGroup(prime192v1)
for i in range(runs):
r = group.random(G)
m = group.decode(r, True)
n = group.encode(m, True)
assert r == n, "Failed to encode/decode properly including counter"
def testElGamal(self):
groupObj = ECGroup(prime192v2)
el = ElGamal(groupObj)
(pk, sk) = el.keygen()
msg = b"hello world!"
cipher1 = el.encrypt(pk, msg)
m = el.decrypt(pk, sk, cipher1)
assert m == msg, "Failed Decryption!!!"
if debug: print("SUCCESSFULLY DECRYPTED!!!")
def testECDSA(self):
groupObj = ECGroup(prime192v2)
ecdsa = ECDSA(groupObj)
(pk, sk) = ecdsa.keygen(0)
m = "hello world! this is a test message."
sig = ecdsa.sign(pk, sk, m)
assert ecdsa.verify(pk, sig, m), "Failed verification!"
if debug: print("Signature Verified!!!")
def testElGamal(self):
groupObj = ECGroup(prime192v2)
el = ElGamal(groupObj)
(pk, sk) = el.keygen()
# message len should be group.bitsize() len for prime192v1 (or 20 bytes)
msg = b'the hello world msg1'
cipher1 = el.encrypt(pk, msg)
m = el.decrypt(pk, sk, cipher1)
assert m == msg, "Failed Decryption!!!"
if debug: print("SUCCESSFULLY DECRYPTED!!!")
def oneHandler(oneParameter):
group = ECGroup(security_dict[oneParameter.L])
t1 = group.init(ZR, int(oneParameter.t1))
t2 = group.init(ZR, int(oneParameter.t2))
t3 = group.init(ZR, int(oneParameter.t3))
t4 = group.init(ZR, int(oneParameter.t4))
t5 = group.init(ZR, int(oneParameter.t5))
gamma = group.init(ZR, int(oneParameter.gamma))
z1 = group.deserialize(str.encode(oneParameter.sz1))
z = group.deserialize(str.encode(oneParameter.sz))
a = group.deserialize(str.encode(oneParameter.sa))
b1 = group.deserialize(str.encode(oneParameter.sb1))
b2 = group.deserialize(str.encode(oneParameter.sb2))
g = group.deserialize(str.encode(oneParameter.sg))
h = group.deserialize(str.encode(oneParameter.sh))
y = group.deserialize(str.encode(oneParameter.sy))
message = oneParameter.M
d = group.init(ZR, int(oneParameter.d))
u = group.init(ZR, int(oneParameter.u))
x = group.init(ZR, int(oneParameter.x))
s1 = group.init(ZR, int(oneParameter.s1))
s2 = group.init(ZR, int(oneParameter.s2))
zeta1 = z1**gamma
zeta2 = z / zeta1
alpha = a * (g**t1) * (y**t2)
beta1 = (b1**gamma) * (g**t3) * (zeta1**t5)
beta2 = (b2**gamma) * (h**t4) * (zeta2**t5)
epsilon = group.hash((zeta1, alpha, beta1, beta2, message), ZR)
e = epsilon - t2 - t5
####---------------------------------------
c = e - d
r = u - c * x
####=======================================
roi = r + t1
omega = c + t2
sigma1 = gamma * s1 + t3
sigma2 = gamma * s2 + t4
delta = d + t5
####----------------------------------------
xi = group.deserialize(str.encode(oneParameter.sxi))
v = group.init(ZR, int(oneParameter.v))
xiv = xi**v
ret = [
zeta1, zeta2, alpha, beta1, beta2, epsilon, e, c, r, roi, omega,
sigma1, sigma2, delta, xiv,
bytes.decode(group.serialize(xiv)),
bytes.decode(group.serialize(zeta1)),
bytes.decode(group.serialize(zeta2))
]
return (str(i) for i in ret)
def el_gamal_cryptosystem():
from charm.toolbox.eccurve import prime192v2
from charm.toolbox.ecgroup import ECGroup
from charm.schemes.pkenc.pkenc_elgamal85 import ElGamal
groupObj = ECGroup(prime192v2)
el = ElGamal(groupObj)
(public_key, secret_key) = el.keygen()
msg = b"hello world!12345678"
cipher_text = el.encrypt(public_key, msg)
decrypted_msg = el.decrypt(public_key, secret_key, cipher_text)
print(decrypted_msg == msg)
def main():
groupObj = ECGroup(prime192v1)
pkenc = CS98(groupObj)
hyenc = HybridEnc(pkenc)
(pk, sk) = hyenc.keygen()
m = b'this is a new message'
cipher = hyenc.encrypt(pk, m)
orig_m = hyenc.decrypt(pk, sk, cipher)
assert m == orig_m, "Failed Decryption"
if debug: print("Successful Decryption!!")
def readParams(filename='pc.param'):
if (os.path.isfile(filename)):
group = ECGroup(prime192v1)
f = open(filename, 'rb')
params = f.readline()
f.close()
params = bytesToObject(params, group)
return [params, group]
else:
raise Exception(
"I can't find the parameters file. You have to create them first using -n when starting."
)
def testIntEncryption():
from charm.toolbox.eccurve import secp256k1
from charm.toolbox.ecgroup import ECGroup
groupObj = ECGroup(secp256k1)
hike = HIKE(groupObj)
(secret_key, eval_key) = hike.keygen()
(secret_key_prime, eval_key_prime) = hike.keygen()
msg = 10
label = b"label1"
print('Public Key...')
Q = hike.publicKey(secret_key_prime)
print()
label = hike.generateLabel(secret_key, label, Q)
cipher_text = hike.encrypt(secret_key, label, msg)
program = {'f': [0, 1], 'labels': [label]}
decrypted_msg = hike.decrypt(secret_key, program, cipher_text)
print("Decrypted message {}".format(decrypted_msg))
print()
print('Eval...')
msg2 = 10
label2 = b"label2"
label2 = hike.generateLabel(secret_key, label2, Q)
program = {'f': [0, 1, 1], 'labels': [label, label2]}
cipher_text2 = hike.encrypt(secret_key, label2, msg2)
cipher_text_eval = hike.eval(program['f'], [cipher_text, cipher_text2])
decrypted_msg = hike.decrypt(secret_key, program, cipher_text_eval)
print("Decrypted message eval f(0,1,1) and msg[1,1]: {}".format(
decrypted_msg))
print()
print('Token Gen...')
tok = hike.tokenGen(secret_key, program)
print()
print('Token Dec...')
tokenDec = hike.tokenDec(secret_key_prime, cipher_text, tok)
print("TokenDec message {}".format(tokenDec))
print()
print('ct: {}'.format(cipher_text['ct']))
print('Destroying ct....')
ct = hike.destroyEnc(cipher_text)
print('ct: {}'.format(ct['ct']))
def keygen(self):
group = ECGroup(prime192v2)
g = group.random(G)
x = group.random(ZR)
h = g**x
pk = {
'g': g,
'h': h,
'group': group,
'order': 6277101735386680763835789423078825936192100537584385056049
}
sk = {'x': x}
return pk, sk
def initHandler(kappa):
group = ECGroup(kappa)
g, h = group.random(G), group.random(G)
x, gamma = group.random(ZR), group.random(ZR)
y, xi = g**x, g**gamma
z = group.hash((g, h, y), G)
ret = [g, h,\
bytes.decode(group.serialize(g)), bytes.decode(group.serialize(h)),\
x, y, gamma, xi,\
bytes.decode(group.serialize(y)), bytes.decode(group.serialize(xi)),\
z, bytes.decode(group.serialize(z))]
return (str(k) for k in ret)
def testHybridEnc(self):
groupObj = ECGroup(prime192v1)
pkenc = ElGamal(groupObj)
hyenc = HybridEnc(pkenc, msg_len=groupObj.bitsize())
(pk, sk) = hyenc.keygen()
# message len should be group.bitsize() len for prime192v1 (or 20 bytes)
m = b'the hello world msg1'
cipher = hyenc.encrypt(pk, m)
orig_m = hyenc.decrypt(pk, sk, cipher)
assert m == orig_m, "Failed Decryption"
if debug: print("Successful Decryption!!")
def testEC_CS98(self):
groupObj = ECGroup(prime192v1)
pkenc = CS98(groupObj)
(pk, sk) = pkenc.keygen()
M = b"hello world!!!"
ciphertext = pkenc.encrypt(pk, M)
message = pkenc.decrypt(pk, sk, ciphertext)
assert M == message, "Failed Decryption!!!"
if debug: print("SUCCESSFUL DECRYPTION!!! => %s" % message)
def testEC_CS98(self):
groupObj = ECGroup(prime192v1)
pkenc = CS98(groupObj)
(pk, sk) = pkenc.keygen()
# message len should be group.bitsize() len for prime192v1 (or 20 bytes)
M = b'the hello world msg1'
ciphertext = pkenc.encrypt(pk, M)
message = pkenc.decrypt(pk, sk, ciphertext)
assert M == message, "Failed Decryption!!!"
if debug: print("SUCCESSFUL DECRYPTION!!! => %s" % message)
def main():
grp = ECGroup(secp256k1)
ms = MuSig(grp)
g = grp.random(G)
if debug:
print('Generator...', g)
msg = 'hello there'
num_signers = 5
if debug:
print('{} signers will sign {}'.format(num_signers, msg))
signers = [ms.keygen(g) for _ in range(num_signers)]
nonces = [ms.new_nonce() for _ in range(num_signers)]
an = ms.aggregate_nonce(g, nonces)
all_pub_keys = [signer[0] for signer in signers]
if debug:
print('Public keys...')
for pk in all_pub_keys:
print(pk)
apk = ms.aggregated_pub_key(all_pub_keys)
if debug:
print('Aggregated Public key: ', apk)
challenge = ms.compute_challenge(apk, an, msg)
sigs = [
ms.sign(nonces[i], signers[i][1], signers[i][0], challenge,
all_pub_keys) for i in range(num_signers)
]
if debug:
print('Signatures...')
for sig in sigs:
print(sig)
asig = ms.aggregate_sigs(sigs)
if debug:
print('Aggregated signature: ', asig)
assert ms.verify(all_pub_keys, (an, asig),
msg), 'Aggregated sig verification failed'
if debug:
print('Verification succeeded')
def testCM_Ped92(self):
groupObj = ECGroup(410)
cm = CM_Ped92(groupObj)
pk = cm.setup()
if debug:
print("Public parameters...")
print("pk =>", pk)
m = groupObj.random(ZR)
if debug: print("Commiting to =>", m)
(c, d) = cm.commit(pk, m)
assert cm.decommit(pk, c, d, m), "FAILED to decommit"
if debug: print("Successful and Verified decommitment!!!")
del groupObj
def testECGroup(self):
groupObj = ECGroup(prime192v1)
p = groupObj.random()
data = {
'p': p,
'String': "foo",
'list': [
p,
{},
1,
1.7,
b'dfa',
]
}
x = objectToBytes(data, groupObj)
data2 = bytesToObject(x, groupObj)
self.assertEqual(data, data2)
def twoHandler(twoParameter):
group = ECGroup(security_dict[twoParameter.L])
omega = group.init(ZR, int(twoParameter.omega))
delta = group.init(ZR, int(twoParameter.delta))
g = group.deserialize(str.encode(twoParameter.sg))
h = group.deserialize(str.encode(twoParameter.sh))
y = group.deserialize(str.encode(twoParameter.sy))
zeta1 = group.deserialize(str.encode(twoParameter.szeta1))
zeta2 = group.deserialize(str.encode(twoParameter.szeta2))
roi = group.init(ZR, int(twoParameter.roi))
sigma1 = group.init(ZR, int(twoParameter.sigma1))
sigma2 = group.init(ZR, int(twoParameter.sigma2))
tmp1 = (g**roi) * (y**omega)
tmp2 = (g**sigma1) * (zeta1**delta)
tmp3 = (h**sigma2) * (zeta2**delta)
m = twoParameter.m
return (str(omega + delta),
str(group.hash((zeta1, tmp1, tmp2, tmp3, m), ZR)))
def initParams():
group = ECGroup(prime192v1)
g = Params.readPoint(
"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
"7192B95FFC8DA78631011ED6B24CDD573F977A11E794811")
h = Params.readPoint(
"87656f2b5fee3821b53b00d78bd61a8d407ce4393ea48906",
"b52e5b337ca8f667935a63d02d6f6fec689c7f18a640a8a5")
# g = group.random(G)
# h = group.random(G)
params = {'g': g, 'h': h}
# generators for the proof of shuffling
for i in range(-4, 100): # FIXME: make this 101
params['f' + str(i)] = group.random(G)
f = open('pc.param', 'wb')
f.write(objectToBytes(params, group))
f.close()
return [params, group]
def setup(self, curve, subscribers):
"""
Setup the scheme using a trusted third party.
"""
group = ECGroup(curve)
g = group.random(G)
ak = 0
sk = list()
for i in range(subscribers):
key = group.random(ZR)
ak -= key
sk.append(key)
self.pp = {'subscribers': subscribers, 'group': group, 'g': g}
self.ak = ak
self.sk = sk
self.baby_steps = None
return (self.pp, self.ak, self.sk)
def __init__(self, builtin_cv, common_input=None):
Protocol.__init__(self, None)
verifier_states = {
2: self.verifier_state2,
4: self.verifier_state4,
6: self.verifier_state6
}
prover_states = {
1: self.prover_state1,
3: self.prover_state3,
5: self.prover_state5
}
verifier_trans = {2: 4, 4: [2, 6]}
prover_trans = {1: 3, 3: 5, 5: 1}
# describe the parties involved and the valid transitions
Protocol.addPartyType(self, VERIFIER, verifier_states, verifier_trans)
Protocol.addPartyType(self, PROVER, prover_states, prover_trans, True)
self.group = ECGroup(builtin_cv)
#db = {}
Protocol.setSubclassVars(self, self.group) #, db)
def testStringEncryption():
from charm.toolbox.eccurve import secp256k1
from charm.toolbox.ecgroup import ECGroup
groupObj = ECGroup(secp256k1)
hike = HIKE(groupObj)
(secret_key, eval_key) = hike.keygen()
(secret_key_prime, eval_key_prime) = hike.keygen()
msg = b"hello world!1234567891234567"
label = b"label1"
print('Public Key...')
Q = hike.publicKey(secret_key_prime)
print()
label = hike.generateLabel(secret_key, label, Q)
cipher_text = hike.encrypt(secret_key, label, msg)
program = {'f': [0, 1], 'labels': [label]}
decrypted_msg = hike.decrypt(secret_key, program, cipher_text)
print("Decrypted message {}".format(decrypted_msg))
print()
tok = hike.tokenGen(secret_key, program)
msg = hike.tokenDec(secret_key_prime, cipher_text, tok)
print("TokenDec message {}".format(msg))
print()
print('Destroying ct....')
ct = hike.destroyEnc(cipher_text)
decrypted_msg = hike.decrypt(secret_key, program, ct)
print("Decrypted message {}".format(decrypted_msg))
print()
import time from charm.toolbox.ecgroup import ECGroup, ZR, G from charm.toolbox.eccurve import prime192v1, secp256k1, sect283k1, sect571k1 #192 bit group: g, h decoded_g192 = b'\xab\xd0}\x86\xe1\x92,\xdd Ceael\x1a\xc3\xb9\xf5a\xe9K\xcd7\xa4' decoded_h192 = b'\x00\xa3\x0brz\xea\xb0\xba\x005\t\xf9\xe9\xd2\x84\x0b\x18\x02\x18\xc2\xd7E\x13D' group192 = ECGroup(prime192v1) group256 = ECGroup(secp256k1) group283 = ECGroup(sect283k1) group571 = ECGroup(sect571k1) g256 = group256.random(G) h256 = group256.random(G) #Cofactor is 4 #TODO: Just doing 8 change to 4 g283 = (group283.random(G))**(group283.init(ZR, int(4))) h283 = (group283.random(G))**(group283.init(ZR, int(4))) g571 = (group571.random(G))**(group571.init(ZR, int(4))) h571 = (group571.random(G))**(group571.init(ZR, int(4))) decoded_g256 = group256.decode(g256) decoded_h256 = group256.decode(h256) decoded_g283 = group283.decode(g283) decoded_h283 = group283.decode(h283)
def setup(self, a):
a['r'] = [group.random(ZR) for _ in range(len(a['m']))]
a['r-1'] = [r**-1 for r in a['r']]
a['R'] = [a['g']**r for r in a['r']]
return {'R': a['R']}
def choose(self, b):
b['k'] = group.random(ZR)
b['v'] = b['R'][b['b']]**b['k']
b['m'] = b['g']**b['k']
return {'v': b['v']}
def mask(self, a):
a["m'"] = [a['v']**r1 for r1 in a['r-1']]
return {"m'": a["m'"]}
if __name__ == "__main__":
# Just testing
OT = DLP(ECGroup(prime256v1))
a, b = OT.gen_params()
OT.gen_msgs(a, 1000)
b.update({'b': 2})
b.update(OT.setup(a))
a.update(OT.choose(b))
b.update(OT.mask(a))
print(b["m"] == a["m'"][b["b"]])
