def issuerHandler(issueparam):
group = ECGroup(security_dict[issueparam.L])
g = group.deserialize(str.encode(issueparam.sg))
h = group.deserialize(str.encode(issueparam.sh))
# print(issueparam.yt)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
# xt = group.random(ZR)
# yt = g ** xt
# print('xt: ----====>>>')
# print(xt)
yt = point2Obj(int(issueparam.yt), group)
#####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!#######
gamma = group.init(ZR, int(issueparam.gamma))
z = group.deserialize(str.encode(issueparam.sz))
zu = z**(gamma**-1)
v, u, d, s1, s2 = (group.random(ZR) for i in range(5))
t1, t2, t3, t4, t5 = (group.random(ZR) for i in range(5))
z1 = yt**v
z2 = zu / z1
a = g**u
b1 = (g**s1) * (z1**d)
b2 = (h**s2) * (z2**d)
ret = [zu, v, u, d, s1, s2, \
t1, t2, t3, t4, t5, \
z1, z2, a, b1, b2,\
bytes.decode(group.serialize(zu)), bytes.decode(group.serialize(z1)), bytes.decode(group.serialize(z2)),\
bytes.decode(group.serialize(a)), bytes.decode(group.serialize(b1)), bytes.decode(group.serialize(b2))]
return (str(k) for k in ret)
def oneHandler(oneParameter):
group = ECGroup(security_dict[oneParameter.L])
t1 = group.init(ZR, int(oneParameter.t1))
t2 = group.init(ZR, int(oneParameter.t2))
t3 = group.init(ZR, int(oneParameter.t3))
t4 = group.init(ZR, int(oneParameter.t4))
t5 = group.init(ZR, int(oneParameter.t5))
gamma = group.init(ZR, int(oneParameter.gamma))
z1 = group.deserialize(str.encode(oneParameter.sz1))
z = group.deserialize(str.encode(oneParameter.sz))
a = group.deserialize(str.encode(oneParameter.sa))
b1 = group.deserialize(str.encode(oneParameter.sb1))
b2 = group.deserialize(str.encode(oneParameter.sb2))
g = group.deserialize(str.encode(oneParameter.sg))
h = group.deserialize(str.encode(oneParameter.sh))
y = group.deserialize(str.encode(oneParameter.sy))
message = oneParameter.M
d = group.init(ZR, int(oneParameter.d))
u = group.init(ZR, int(oneParameter.u))
x = group.init(ZR, int(oneParameter.x))
s1 = group.init(ZR, int(oneParameter.s1))
s2 = group.init(ZR, int(oneParameter.s2))
zeta1 = z1**gamma
zeta2 = z / zeta1
alpha = a * (g**t1) * (y**t2)
beta1 = (b1**gamma) * (g**t3) * (zeta1**t5)
beta2 = (b2**gamma) * (h**t4) * (zeta2**t5)
epsilon = group.hash((zeta1, alpha, beta1, beta2, message), ZR)
e = epsilon - t2 - t5
####---------------------------------------
c = e - d
r = u - c * x
####=======================================
roi = r + t1
omega = c + t2
sigma1 = gamma * s1 + t3
sigma2 = gamma * s2 + t4
delta = d + t5
####----------------------------------------
xi = group.deserialize(str.encode(oneParameter.sxi))
v = group.init(ZR, int(oneParameter.v))
xiv = xi**v
ret = [
zeta1, zeta2, alpha, beta1, beta2, epsilon, e, c, r, roi, omega,
sigma1, sigma2, delta, xiv,
bytes.decode(group.serialize(xiv)),
bytes.decode(group.serialize(zeta1)),
bytes.decode(group.serialize(zeta2))
]
return (str(i) for i in ret)
def initHandler(kappa):
group = ECGroup(kappa)
g, h = group.random(G), group.random(G)
x, gamma = group.random(ZR), group.random(ZR)
y, xi = g**x, g**gamma
z = group.hash((g, h, y), G)
ret = [g, h,\
bytes.decode(group.serialize(g)), bytes.decode(group.serialize(h)),\
x, y, gamma, xi,\
bytes.decode(group.serialize(y)), bytes.decode(group.serialize(xi)),\
z, bytes.decode(group.serialize(z))]
return (str(k) for k in ret)
start_mul256 = time.process_time()
for i in range(1000):
A = a * b
end_mul256 = time.process_time()
total_time_mul256 = (end_mul256 - start_mul256) * 1000
start_rand256 = time.process_time()
for i in range(1000):
b = group256.random(ZR)
end_rand256 = time.process_time()
total_time_rand256 = (end_rand256 - start_rand256) * 1000
b = group256.random(G)
start_ser256 = time.process_time()
for i in range(1000):
bs = group256.serialize(b)
end_ser256 = time.process_time()
total_time_ser256 = (end_ser256 - start_ser256) * 1000
g = g283
a = group283.random(ZR)
B = g**a
start_exp283 = time.process_time()
for i in range(1000):
A = g**a
end_exp283 = time.process_time()
total_time_exp283 = (end_exp283 - start_exp283) * 1000
b = group283.random(ZR)
start_mul283 = time.process_time()
class Intersection(NonInteractiveSetIntersection):
"""Two-Client Set Intersect scheme"""
client_count = 2
def __init__(self, curve=prime256v1):
super().__init__()
self.group = ECGroup(curve)
self.g = self.group.random(G)
def setup(self, secpar):
"""Generate the clients' keys"""
self.secpar = secpar
sigma = self.group.random(ZR)
msk = os.urandom(secpar // 8)
return ((msk, sigma), (msk, 1 - sigma))
def _phi(self, cipher, pt):
"""PRF mapping pt to a group element"""
padding_len = 16 - (len(pt) % 16)
pt = pt + b'\0' * padding_len
encryptor = cipher.encryptor()
ct = encryptor.update(pt) + encryptor.finalize()
exponent = int.from_bytes(ct, 'big') % self.group.order()
return self.g**exponent
def _H(self, g):
"""Mapping of g to bytes
Can be used to map a group element g to an AE key."""
prefix = b'\x00'
hashable = prefix + self.group.serialize(g)
h = hashlib.sha256(hashable).digest()
return h[:16]
def _H_bytes(self, g):
"""Mapping of g to bytes
Can be used to map a group element g to an AE nonce."""
prefix = b'\x01'
hashable = prefix + self.group.serialize(g)
h = hashlib.sha256(hashable).digest()
return h
def encrypt(self, usk, gid, pt_set):
"""Encrypt a plaintext set under a gid using usk
Returns a dict of ciphertexts."""
msk, sigma = usk
iv = gid
cipher = Cipher(algorithms.AES(msk),
modes.CBC(iv),
backend=default_backend())
ct_dict = {}
for pt in pt_set:
k = self._phi(cipher, pt)
ct1 = self.group.serialize(k**sigma)
# use deterministic authenticated encryption
ae_key = self._H(k)
ae_nonce = self._H_bytes(k)[:12]
ae = AESGCM(ae_key)
ct2 = (ae_nonce, ae.encrypt(ae_nonce, pt, None))
ct_dict[ae_key] = (ct1, ct2)
return ct_dict
def eval(self, ct_sets):
"""Evaluates the ciphertexts for determining the cardinality of the set intersection
Expects two dicts of ciphertexts."""
pt_intersection = set()
ct_intersection = ct_sets[0].keys() & ct_sets[1].keys()
for k in ct_intersection:
g1 = self.group.deserialize(ct_sets[0][k][0])
g2 = self.group.deserialize(ct_sets[1][k][0])
key = g1 * g2
# decrypt using ct_sets[0]
ae_nonce, ct = ct_sets[0][k][1]
ae_key = self._H(key)
ae = AESGCM(ae_key)
pt = ae.decrypt(ae_nonce, ct, None)
pt_intersection.add(pt)
return pt_intersection
class Cardinality(NonInteractiveSetIntersection):
"""Multi-client Set Intersect Cardinality scheme"""
def __init__(self, curve=prime256v1):
super().__init__()
self.group = ECGroup(curve)
self.g = self.group.random(G)
def setup(self, secpar, client_count):
"""Generate the clients' keys"""
self.client_count = client_count
usks = [self.group.random(ZR) for _ in range(client_count - 1)]
usks.append(-sum(usks))
return usks
def encrypt(self, usk, gid, pt_set):
"""Encrypt a plaintext set under a gid using usk
Returns a set of ciphertexts."""
H = self.group.hash
ct_set = {self.group.serialize(H(gid + pt, G)**usk) for pt in pt_set}
return ct_set
def eval(self, ct_sets):
"""Evaluates the ciphertexts for determining the cardinality of the set intersection
Expects a list or set of ciphertexts."""
one = self.g**0
def intersection_count(ct_sets, product=one):
# Recursive function call to compute the Cartesian product
# Features:
# 1) remember the partial product;
# 2) avoid computations with elements for which we know that they
# belong to the intersection.
ct_set, ct_sets = set(ct_sets[-1]), ct_sets[:-1]
count = 0
if ct_sets == []:
for ct_str in ct_set:
ct = self.group.deserialize(ct_str)
if product * ct == one:
ct_set.remove(ct_str)
count = 1
break
else:
for ct_str in ct_set.copy():
ct = self.group.deserialize(ct_str)
found, ct_sets = intersection_count(ct_sets, product * ct)
if found == 1:
ct_set.remove(ct_str)
count += 1
# Note that we cannot break here: if we would break
# here, we might skip other ct's that are in the set.
ct_sets.append(ct_set)
return (count, ct_sets)
cardinality, _ = intersection_count(list(ct_sets))
return cardinality
