def issuerHandler(issueparam):
group = ECGroup(security_dict[issueparam.L])
g = group.deserialize(str.encode(issueparam.sg))
h = group.deserialize(str.encode(issueparam.sh))
# print(issueparam.yt)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
# xt = group.random(ZR)
# yt = g ** xt
# print('xt: ----====>>>')
# print(xt)
yt = point2Obj(int(issueparam.yt), group)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
gamma = group.init(ZR, int(issueparam.gamma))
z = group.deserialize(str.encode(issueparam.sz))
zu = z**(gamma**-1)
v, u, d, s1, s2 = (group.random(ZR) for i in range(5))
t1, t2, t3, t4, t5 = (group.random(ZR) for i in range(5))
z1 = yt**v
z2 = zu / z1
a = g**u
b1 = (g**s1) * (z1**d)
b2 = (h**s2) * (z2**d)
ret = [zu, v, u, d, s1, s2, \
t1, t2, t3, t4, t5, \
z1, z2, a, b1, b2,\
bytes.decode(group.serialize(zu)), bytes.decode(group.serialize(z1)), bytes.decode(group.serialize(z2)),\
bytes.decode(group.serialize(a)), bytes.decode(group.serialize(b1)), bytes.decode(group.serialize(b2))]
return (str(k) for k in ret)
def keygen(self):
group = ECGroup(prime192v2)
g = group.random(G)
x = group.random(ZR)
h = g ** x
pk = {'g': g, 'h': h, 'group': group, 'order': 6277101735386680763835789423078825936192100537584385056049}
sk = {'x': x}
return pk, sk
def initHandler(kappa):
group = ECGroup(kappa)
g, h = group.random(G), group.random(G)
x, gamma = group.random(ZR), group.random(ZR)
y, xi = g**x, g**gamma
z = group.hash((g, h, y), G)
ret = [g, h,\
bytes.decode(group.serialize(g)), bytes.decode(group.serialize(h)),\
x, y, gamma, xi,\
bytes.decode(group.serialize(y)), bytes.decode(group.serialize(xi)),\
z, bytes.decode(group.serialize(z))]
return (str(k) for k in ret)
def keygen(self):
group = ECGroup(prime192v2)
g = group.random(G)
x = group.random(ZR)
h = g**x
pk = {
'g': g,
'h': h,
'group': group,
'order': 6277101735386680763835789423078825936192100537584385056049
}
sk = {'x': x}
return pk, sk
def testRandomGroupDecode(self):
group = ECGroup(prime192v1)
for i in range(runs):
r = group.random(G)
m = group.decode(r, True)
n = group.encode(m, True)
assert r == n, "Failed to encode/decode properly including counter"
def testECGroup(self):
groupObj = ECGroup(prime192v1)
p=groupObj.random()
data={'p':p,'String':"foo",'list':[p,{},1,1.7, b'dfa',]}
x=objectToBytes(data,groupObj)
data2=bytesToObject(x,groupObj)
self.assertEqual(data,data2)
def setup(self, curve, subscribers):
"""
Setup the scheme using a trusted third party.
"""
group = ECGroup(curve)
g = group.random(G)
ak = 0
sk = list()
for i in range(subscribers):
key = group.random(ZR)
ak -= key
sk.append(key)
self.pp = {'subscribers': subscribers, 'group': group, 'g': g}
self.ak = ak
self.sk = sk
self.baby_steps = None
return (self.pp, self.ak, self.sk)
def testECGroup(self):
trials = 10
group = ECGroup(prime192v2)
g = group.random(G)
h = group.random(G)
i = group.random(G)
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials):
j = g * h
k = h ** group.random(ZR)
t = (j ** group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
self.assertTrue(isSaneBenchmark(msmtDict))
granDict = group.GetGranularBenchmarks()
self.assertTrue(isSaneBenchmark(granDict))
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials*2):
j = g * h
k = h ** group.random(ZR)
t = (j ** group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
granDict = group.GetGranularBenchmarks()
del group
self.assertTrue(isSaneBenchmark(msmtDict))
self.assertTrue(isSaneBenchmark(granDict))
def testECGroup(self):
trials = 10
group = ECGroup(prime192v2)
g = group.random(G)
h = group.random(G)
i = group.random(G)
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials):
j = g * h
k = h**group.random(ZR)
t = (j**group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
self.assertTrue(isSaneBenchmark(msmtDict))
granDict = group.GetGranularBenchmarks()
self.assertTrue(isSaneBenchmark(granDict))
self.assertTrue(group.InitBenchmark())
group.StartBenchmark(["RealTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials * 2):
j = g * h
k = h**group.random(ZR)
t = (j**group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
granDict = group.GetGranularBenchmarks()
del group
self.assertTrue(isSaneBenchmark(msmtDict))
self.assertTrue(isSaneBenchmark(granDict))
def main():
grp = ECGroup(secp256k1)
ms = MuSig(grp)
g = grp.random(G)
if debug:
print('Generator...', g)
msg = 'hello there'
num_signers = 5
if debug:
print('{} signers will sign {}'.format(num_signers, msg))
signers = [ms.keygen(g) for _ in range(num_signers)]
nonces = [ms.new_nonce() for _ in range(num_signers)]
an = ms.aggregate_nonce(g, nonces)
all_pub_keys = [signer[0] for signer in signers]
if debug:
print('Public keys...')
for pk in all_pub_keys:
print(pk)
apk = ms.aggregated_pub_key(all_pub_keys)
if debug:
print('Aggregated Public key: ', apk)
challenge = ms.compute_challenge(apk, an, msg)
sigs = [
ms.sign(nonces[i], signers[i][1], signers[i][0], challenge,
all_pub_keys) for i in range(num_signers)
]
if debug:
print('Signatures...')
for sig in sigs:
print(sig)
asig = ms.aggregate_sigs(sigs)
if debug:
print('Aggregated signature: ', asig)
assert ms.verify(all_pub_keys, (an, asig),
msg), 'Aggregated sig verification failed'
if debug:
print('Verification succeeded')
def testCM_Ped92(self):
groupObj = ECGroup(410)
cm = CM_Ped92(groupObj)
pk = cm.setup()
if debug:
print("Public parameters...")
print("pk =>", pk)
m = groupObj.random(ZR)
if debug: print("Commiting to =>", m)
(c, d) = cm.commit(pk, m)
assert cm.decommit(pk, c, d, m), "FAILED to decommit"
if debug: print("Successful and Verified decommitment!!!")
del groupObj
def testCM_Ped92(self):
groupObj = ECGroup(410)
cm = CM_Ped92(groupObj)
pk = cm.setup()
if debug:
print("Public parameters...")
print("pk =>", pk)
m = groupObj.random(ZR)
if debug: print("Commiting to =>", m)
(c, d) = cm.commit(pk, m)
assert cm.decommit(pk, c, d, m), "FAILED to decommit"
if debug: print("Successful and Verified decommitment!!!")
del groupObj
def testECGroup(self):
groupObj = ECGroup(prime192v1)
p = groupObj.random()
data = {
'p': p,
'String': "foo",
'list': [
p,
{},
1,
1.7,
b'dfa',
]
}
x = objectToBytes(data, groupObj)
data2 = bytesToObject(x, groupObj)
self.assertEqual(data, data2)
def initParams():
group = ECGroup(prime192v1)
g = Params.readPoint(
"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
"7192B95FFC8DA78631011ED6B24CDD573F977A11E794811")
h = Params.readPoint(
"87656f2b5fee3821b53b00d78bd61a8d407ce4393ea48906",
"b52e5b337ca8f667935a63d02d6f6fec689c7f18a640a8a5")
# g = group.random(G)
# h = group.random(G)
params = {'g': g, 'h': h}
# generators for the proof of shuffling
for i in range(-4, 100): # FIXME: make this 101
params['f' + str(i)] = group.random(G)
f = open('pc.param', 'wb')
f.write(objectToBytes(params, group))
f.close()
return [params, group]
from charm.toolbox.ecgroup import ECGroup, ZR, G
from charm.toolbox.eccurve import prime256v1
from base64 import encodestring, decodestring
import random
import time
group = ECGroup(prime256v1)
g = group.random(G)
g1 = group.random(G)
ZERO = group.init(ZR, 0)
ONE = group.init(ZR, 1)
def serialize(g):
# Only work in G1 here
return decodestring(group.serialize(g)[2:])
def serialize1(g):
return group.serialize(g)
def deserialize(g):
return group.deserialize(g)
def deserialize2(g):
# Only work in G1 here
return group.deserialize('2:' + encodestring(g))
#h = group1.randomGen();
r = group1.random()
c = (G**S)
##creates commitment c
return S, c
def create_y1(group1, R_1, g): ##Bob creates y1 sends to Ingrid
G = g
r1 = R_1
y1 = G**r1
return y1
group1 = ECGroup(694)
g = group1.random(G) ## generates g step 0
#print(g)
#Bob =[];
##step 1 : Bob creates a secret ti
ti = create_t(group1)
#Bob.append(ti); ## Adds ti to Bob's list
A = create_A(group1, ti, g)
## step 1
#Bob.append(A);
#Ingrid =[];
#Ingrid.appe nd(A);
## Bob sends A to Ingrid
s, com = create_com(group1, g)
#print("commitment")
class Cardinality(NonInteractiveSetIntersection):
"""Multi-client Set Intersect Cardinality scheme"""
def __init__(self, curve=prime256v1):
super().__init__()
self.group = ECGroup(curve)
self.g = self.group.random(G)
def setup(self, secpar, client_count):
"""Generate the clients' keys"""
self.client_count = client_count
usks = [self.group.random(ZR) for _ in range(client_count - 1)]
usks.append(-sum(usks))
return usks
def encrypt(self, usk, gid, pt_set):
"""Encrypt a plaintext set under a gid using usk
Returns a set of ciphertexts."""
H = self.group.hash
ct_set = {self.group.serialize(H(gid + pt, G)**usk) for pt in pt_set}
return ct_set
def eval(self, ct_sets):
"""Evaluates the ciphertexts for determining the cardinality of the set intersection
Expects a list or set of ciphertexts."""
one = self.g**0
def intersection_count(ct_sets, product=one):
# Recursive function call to compute the Cartesian product
# Features:
# 1) remember the partial product;
# 2) avoid computations with elements for which we know that they
# belong to the intersection.
ct_set, ct_sets = set(ct_sets[-1]), ct_sets[:-1]
count = 0
if ct_sets == []:
for ct_str in ct_set:
ct = self.group.deserialize(ct_str)
if product * ct == one:
ct_set.remove(ct_str)
count = 1
break
else:
for ct_str in ct_set.copy():
ct = self.group.deserialize(ct_str)
found, ct_sets = intersection_count(ct_sets, product * ct)
if found == 1:
ct_set.remove(ct_str)
count += 1
# Note that we cannot break here: if we would break
# here, we might skip other ct's that are in the set.
ct_sets.append(ct_set)
return (count, ct_sets)
cardinality, _ = intersection_count(list(ct_sets))
return cardinality
def initialization(kappa):
group = ECGroup(kappa)
g, h = group.random(G), group.random(G)
parameters = Parameters(kappa, group, g, h)
return parameters
t = tuple(bytesToObject(t_bytes, group))
return t
if __name__ == '__main__':
import requests
#wc = WebClient("https://[fd00:638:a000:b101::2b75]/", requests)
#m, t, n = wc.enrollment("s3kr1t")
#print(m,t,n)
#print(wc.validation("s3kr1t", t, n))
#m, t, n = wc.enrollment("Eleonora")
#print(m,t,n)
#print(wc.validation("Eleonora", t, n))
#m, t, n = wc.enrollment("Eleonora")
m = group.random(G)
n1 = group.random(G)
n2 = group.random(G)
n = (n1,n2)
#print(m)
#byte__m = objectToBytes(m,group)
#orig_m = bytesToObject(byte__m, group)
#print(orig_m)
#read_dk('eleonora',byte__m)
print(n)
byte__n = objectToBytes(n,group)
print(byte__n)
orig_n = tuple(bytesToObject(byte__n, group))
#!/usr/bin/python3
from charm.toolbox.ecgroup import ECGroup,ZR,G
from charm.toolbox.eccurve import prime192v1
trials = 10
group = ECGroup(prime192v1)
g = group.random(G)
h = group.random(G)
i = group.random(G)
assert group.InitBenchmark(), "failed to initialize benchmark"
group.StartBenchmark(["RealTime", "CpuTime", "Mul", "Div", "Exp", "Granular"])
for a in range(trials):
j = g * h
k = h ** group.random(ZR)
t = (j ** group.random(ZR)) / k
group.EndBenchmark()
msmtDict = group.GetGeneralBenchmarks()
print("<=== General Benchmarks ===>")
print("Mul := ", msmtDict["Mul"])
print("Div := ", msmtDict["Div"])
print("Exp := ", msmtDict["Exp"])
print("RealTime := ", msmtDict["RealTime"])
print("CpuTime := ", msmtDict["CpuTime"])
granDict = group.GetGranularBenchmarks()
print("<=== Granular Benchmarks ===>")
print("G mul := ", granDict["Mul"][G])
print("G exp := ", granDict["Exp"][G])
class SchnorrZK(Protocol):
def __init__(self, builtin_cv, common_input=None):
Protocol.__init__(self, None)
verifier_states = {
2: self.verifier_state2,
4: self.verifier_state4,
6: self.verifier_state6
}
prover_states = {
1: self.prover_state1,
3: self.prover_state3,
5: self.prover_state5
}
verifier_trans = {2: 4, 4: [2, 6]}
prover_trans = {1: 3, 3: 5, 5: 1}
# describe the parties involved and the valid transitions
Protocol.addPartyType(self, VERIFIER, verifier_states, verifier_trans)
Protocol.addPartyType(self, PROVER, prover_states, prover_trans, True)
self.group = ECGroup(builtin_cv)
#db = {}
Protocol.setSubclassVars(self, self.group) #, db)
# PROVER states
def prover_state1(self):
x = self.group.random()
r, g = self.group.random(), self.group.random(G)
t = g**r
print('prover: ', "hello to verifier.")
Protocol.store(self, ('r', r), ('x', x))
Protocol.setState(self, 3)
return {'t': t, 'g': g, 'y': g**x} # output goes to the next state.
def prover_state3(self, input):
print("state3 => ", input)
(r, x, c) = Protocol.get(self, ['r', 'x', 'c'])
s = r + c * x
Protocol.setState(self, 5)
return {'s': s}
def prover_state5(self, input):
print("state5 => ", input)
result = input.split(':')[1]
if result == 'ACCEPTED': Protocol.setState(self, None)
else:
Protocol.setState(self, 1)
return 'REPEAT'
return None
# VERIFIER states
def verifier_state2(self, input):
#print("state2 received => ", input)
# compute challenge c and send to prover
c = self.group.random()
print("state2 generate c :=", c)
Protocol.store(self, ('c', c))
Protocol.setState(self, 4)
return {'c': c}
def verifier_state4(self, input):
(t, g, y, c, s) = Protocol.get(self, ['t', 'g', 'y', 'c', 's'])
print("state4: s :=", s)
if (g**s == t * (y**c)):
print("SUCCESSFUL VERIFICATION!!!")
output = "verifier : ACCEPTED!"
else:
print("FAILED TO VERIFY!!!")
output = "verifier : FAILED!"
Protocol.setState(self, 6)
return output
def verifier_state6(self, input):
print("state6: => ", input)
Protocol.setState(self, None)
return None
class Intersection(NonInteractiveSetIntersection):
"""Two-Client Set Intersect scheme"""
client_count = 2
def __init__(self, curve=prime256v1):
super().__init__()
self.group = ECGroup(curve)
self.g = self.group.random(G)
def setup(self, secpar):
"""Generate the clients' keys"""
self.secpar = secpar
sigma = self.group.random(ZR)
msk = os.urandom(secpar // 8)
return ((msk, sigma), (msk, 1 - sigma))
def _phi(self, cipher, pt):
"""PRF mapping pt to a group element"""
padding_len = 16 - (len(pt) % 16)
pt = pt + b'\0' * padding_len
encryptor = cipher.encryptor()
ct = encryptor.update(pt) + encryptor.finalize()
exponent = int.from_bytes(ct, 'big') % self.group.order()
return self.g**exponent
def _H(self, g):
"""Mapping of g to bytes
Can be used to map a group element g to an AE key."""
prefix = b'\x00'
hashable = prefix + self.group.serialize(g)
h = hashlib.sha256(hashable).digest()
return h[:16]
def _H_bytes(self, g):
"""Mapping of g to bytes
Can be used to map a group element g to an AE nonce."""
prefix = b'\x01'
hashable = prefix + self.group.serialize(g)
h = hashlib.sha256(hashable).digest()
return h
def encrypt(self, usk, gid, pt_set):
"""Encrypt a plaintext set under a gid using usk
Returns a dict of ciphertexts."""
msk, sigma = usk
iv = gid
cipher = Cipher(algorithms.AES(msk),
modes.CBC(iv),
backend=default_backend())
ct_dict = {}
for pt in pt_set:
k = self._phi(cipher, pt)
ct1 = self.group.serialize(k**sigma)
# use deterministic authenticated encryption
ae_key = self._H(k)
ae_nonce = self._H_bytes(k)[:12]
ae = AESGCM(ae_key)
ct2 = (ae_nonce, ae.encrypt(ae_nonce, pt, None))
ct_dict[ae_key] = (ct1, ct2)
return ct_dict
def eval(self, ct_sets):
"""Evaluates the ciphertexts for determining the cardinality of the set intersection
Expects two dicts of ciphertexts."""
pt_intersection = set()
ct_intersection = ct_sets[0].keys() & ct_sets[1].keys()
for k in ct_intersection:
g1 = self.group.deserialize(ct_sets[0][k][0])
g2 = self.group.deserialize(ct_sets[1][k][0])
key = g1 * g2
# decrypt using ct_sets[0]
ae_nonce, ct = ct_sets[0][k][1]
ae_key = self._H(key)
ae = AESGCM(ae_key)
pt = ae.decrypt(ae_nonce, ct, None)
pt_intersection.add(pt)
return pt_intersection
import time from charm.toolbox.ecgroup import ECGroup, ZR, G from charm.toolbox.eccurve import prime192v1, secp256k1, sect283k1, sect571k1 #192 bit group: g, h decoded_g192 = b'\xab\xd0}\x86\xe1\x92,\xdd Ceael\x1a\xc3\xb9\xf5a\xe9K\xcd7\xa4' decoded_h192 = b'\x00\xa3\x0brz\xea\xb0\xba\x005\t\xf9\xe9\xd2\x84\x0b\x18\x02\x18\xc2\xd7E\x13D' group192 = ECGroup(prime192v1) group256 = ECGroup(secp256k1) group283 = ECGroup(sect283k1) group571 = ECGroup(sect571k1) g256 = group256.random(G) h256 = group256.random(G) #Cofactor is 4 #TODO: Just doing 8 change to 4 g283 = (group283.random(G))**(group283.init(ZR, int(4))) h283 = (group283.random(G))**(group283.init(ZR, int(4))) g571 = (group571.random(G))**(group571.init(ZR, int(4))) h571 = (group571.random(G))**(group571.init(ZR, int(4))) decoded_g256 = group256.decode(g256) decoded_h256 = group256.decode(h256) decoded_g283 = group283.decode(g283) decoded_h283 = group283.decode(h283)
class SchnorrZK(Protocol):
def __init__(self, builtin_cv, common_input=None):
Protocol.__init__(self, None)
verifier_states = { 2:self.verifier_state2, 4:self.verifier_state4, 6:self.verifier_state6 }
prover_states = { 1:self.prover_state1, 3:self.prover_state3, 5:self.prover_state5 }
verifier_trans = { 2:4, 4:[2,6] }
prover_trans = { 1:3, 3:5, 5:1 }
# describe the parties involved and the valid transitions
Protocol.addPartyType(self, VERIFIER, verifier_states, verifier_trans)
Protocol.addPartyType(self, PROVER, prover_states, prover_trans, True)
self.group = ECGroup(builtin_cv)
#db = {}
Protocol.setSubclassVars(self, self.group) #, db)
# PROVER states
def prover_state1(self):
x = self.group.random()
r, g = self.group.random(), self.group.random(G)
t = g ** r
print('prover: ',"hello to verifier.")
Protocol.store(self, ('r',r), ('x',x))
Protocol.setState(self, 3)
return {'t':t, 'g':g, 'y':g ** x } # output goes to the next state.
def prover_state3( self, input):
print("state3 => ", input)
(r, x, c) = Protocol.get(self, ['r', 'x', 'c'])
s = r + c * x
Protocol.setState(self, 5)
return {'s':s}
def prover_state5( self, input ):
print("state5 => ", input)
result = input.split(':')[1]
if result == 'ACCEPTED': Protocol.setState(self, None)
else: Protocol.setState(self, 1); return 'REPEAT'
return None
# VERIFIER states
def verifier_state2(self, input):
#print("state2 received => ", input)
# compute challenge c and send to prover
c = self.group.random()
print("state2 generate c :=", c)
Protocol.store(self, ('c',c))
Protocol.setState(self, 4)
return {'c':c}
def verifier_state4( self, input ):
(t,g,y,c,s) = Protocol.get(self, ['t','g','y','c','s'])
print("state4: s :=", s)
if (g ** s == t * (y ** c)):
print("SUCCESSFUL VERIFICATION!!!")
output = "verifier : ACCEPTED!"
else:
print("FAILED TO VERIFY!!!")
output = "verifier : FAILED!"
Protocol.setState(self, 6)
return output
def verifier_state6(self, input ):
print("state6: => ", input)
Protocol.setState(self, None)
return None
