def aos_ring_signature(M, decoy_group, PK_hex, sk_hex, index_pi=-1): M_encoded = M.encode() index_pi = random.randint(0, len(decoy_group)) if index_pi == -1 else index_pi PK_pi = PK_hex decoy_group.insert(index_pi, PK_pi) e = [0] * len(decoy_group) s = [0] * len(decoy_group) u_hex = rand(0) uG_hex = scalarmult_base(u_hex) index_start = (index_pi + 1) % len(decoy_group) e[index_start] = H(M_encoded + uG_hex) s[index_start] = rand(0) for cnt in range(1, len(decoy_group)): i = (index_start + cnt) % len(decoy_group) prev_i = (i - 1) % len(decoy_group) s[i] = rand(0) if i != index_pi else 0 temp = pt_add_hex(scalarmult_base(s[prev_i]), scalarmult(decoy_group[prev_i], e[prev_i])) e[i] = H(M_encoded + temp) u_int = ed25519.decodeint(binascii.unhexlify(u_hex)) e_int = ed25519.decodeint(binascii.unhexlify(e[index_pi])) sk_int = ed25519.decodeint(binascii.unhexlify(sk_hex)) s[index_pi] = binascii.hexlify( ed25519.encodeint((u_int - e_int * sk_int) % ed25519.l)) return e[0], s, decoy_group
def multiply_int(a_hex, b_hex): a_int = ed25519.decodeint(binascii.unhexlify(a_hex)) b_int = ed25519.decodeint(binascii.unhexlify(b_hex)) mult_int = (a_int * b_int) % ed25519.l mult_hex = binascii.hexlify(ed25519.encodeint(mult_int)) return mult_hex
def schnorr_signature(M, sk_hex): alpha_hex = rand() Q_hex = scalarmult_base(alpha_hex) e_hex = H(M.encode() + Q_hex) alpha_int = ed25519.decodeint(binascii.unhexlify(alpha_hex)) e_int = ed25519.decodeint(binascii.unhexlify(e_hex)) sk_int = ed25519.decodeint(binascii.unhexlify(sk_hex)) s_int = (alpha_int - e_int * sk_int) % ed25519.l s_hex = binascii.hexlify(ed25519.encodeint(s_int)) return e_hex, s_hex
def test_curve1(): sk = b'd17f7ee37fc904cd04692a0db2a8aa003008de6865d7b0ed7c1515b9892cca03' PK = scalarmult_base(sk) # sk, PK = gen_keypair() alpha_hex = rand() print(sk) print(PK) print(alpha_hex) print('------ ------ ------') alpha_int_1 = ed25519.decodeint(binascii.unhexlify(alpha_hex)) # alpha_int_2 = ed25519.decodeint(alpha_hex) # alpha_int_3 = int.from_hexs(alpha_hex,byteorder='big') # print('{',alpha_int_1) # print('{',alpha_int_2) # print('{',alpha_int_3) # print(':',binascii.hexlify(ed25519.encodeint(alpha_int_1))) sk_int_1 = ed25519.decodeint(binascii.unhexlify(sk)) alphaPK_hex = scalarmult(PK, alpha_hex) print('1: ', alphaPK_hex) PK_pt = ed25519.decodepoint(binascii.unhexlify(PK)) alphaPK_pt = ed25519.decodepoint(binascii.unhexlify(alphaPK_hex)) print(ed25519.isoncurve(PK_pt)) print(ed25519.isoncurve(alphaPK_pt)) print('------ ------ ------') # (alpha * sk) mod l sk_x_alpha_int = (alpha_int_1 * sk_int_1) % ed25519.l print(sk_x_alpha_int) sk_x_alpha_hex = binascii.hexlify(ed25519.encodeint(sk_x_alpha_int)) print(sk_x_alpha_hex) print(ed25519.decodeint(binascii.unhexlify(sk_x_alpha_hex))) sk_x_alpha_x_G_hex = scalarmult_base(sk_x_alpha_hex) print('2: ', sk_x_alpha_x_G_hex) sk_x_alpha_x_G_pt = ed25519.decodepoint( binascii.unhexlify(sk_x_alpha_x_G_hex)) print(ed25519.isoncurve(sk_x_alpha_x_G_pt)) print('------ ------ ------') print(alphaPK_pt == sk_x_alpha_x_G_pt)
def test_encode_decode(): for i in range(0, 10): x = random.randint(-ed25519.q, ed25519.q) % ed25519.l x_encoded = ed25519.encodeint(x) x_hexlified = binascii.hexlify(x_encoded) x_decoded = ed25519.decodeint(x_encoded) if x != x_decoded: print('---NOT MATCH--- x=', x) print(x_encoded) print(x_hexlified) print(x_decoded) if i % 7 == 0: print(x_encoded) print(x_hexlified) print(str(x).encode()) print(x_decoded)
def borromean_ring_signature(M, PK_matrix, PK_vector, sk_vector, index_pi=-1): M_encoded = M.encode() index_pi = [0] * len(PK_matrix) u_hex = [0] * len(PK_matrix) uG_hex = [0] * len(PK_matrix) R = [0] * len(PK_matrix) e = [None] * len(PK_matrix) s = [None] * len(PK_matrix) # temp_s = [None]*len(PK_matrix) for row in range(0, len(PK_matrix)): # set index_pi index_pi[row] = random.randint(0, len( PK_matrix[row])) if index_pi == -1 else index_pi[row] # insert pk PK_matrix[row].insert(index_pi[row], PK_vector[row]) e_row = [0] * (len(PK_matrix[row])) s_row = [0] * (len(PK_matrix[row])) # temp_s_row = ['None']*(len(PK_matrix[row])) # for connecting point u_hex[row] = rand(0) uG_hex[row] = scalarmult_base(u_hex[row]) index_start = (index_pi[row] + 1) % len(PK_matrix[row]) ### case B1: [0,...,0,pi,st] if index_start == len(PK_matrix[row]) - 1: e_row[index_start] = H(M_encoded + uG_hex[row]) s_row[index_start] = rand(0) R[row] = pt_add_hex( scalarmult_base(s_row[index_start]), scalarmult(PK_matrix[row][index_start], e_row[index_start])) ### case B2: [0,...,pi,st,...,0] elif index_start > 0: e_row[index_start] = H(M_encoded + uG_hex[row]) s_row[index_start] = rand(0) for i in range(index_start + 1, len(PK_matrix[row])): temp = pt_add_hex( scalarmult_base(s_row[i - 1]), scalarmult(PK_matrix[row][i - 1], e_row[i - 1])) e_row[i] = H(M_encoded + temp) s_row[i] = rand(0) if i == len(PK_matrix[row]) - 1: R[row] = pt_add_hex( scalarmult_base(s_row[i]), scalarmult(PK_matrix[row][i], e_row[i])) ### case B3: [st,0,0,...,0,pi] else: R[row] = uG_hex[row] e[row] = e_row s[row] = s_row R_sum = b'' for i in range(0, len(R)): R_sum += R[i] # set common e0 e0 = H(M_encoded + R_sum) for row in range(0, len(PK_matrix)): e[row][0] = e0 s[row][0] = rand(0) ### case C1: [pi,st,0,...] if index_pi[row] == 0: u_int = ed25519.decodeint(binascii.unhexlify(u_hex[row])) e_int = ed25519.decodeint(binascii.unhexlify(e0)) sk_int = ed25519.decodeint(binascii.unhexlify(sk_vector[row])) s[row][0] = binascii.hexlify( ed25519.encodeint((u_int - e_int * sk_int) % ed25519.l)) ### case C2: [0,pi,st,0,...] or [st,0,0,...,0,pi] else: # i up to pi (inclusive) for i in range(1, index_pi[row] + 1): prev_i = i - 1 s[row][i] = rand(0) temp = pt_add_hex( scalarmult_base(s[row][prev_i]), scalarmult(PK_matrix[row][prev_i], e[row][prev_i])) e[row][i] = H(M_encoded + temp) u_int = ed25519.decodeint(binascii.unhexlify(u_hex[row])) e_int = ed25519.decodeint(binascii.unhexlify( e[row][index_pi[row]])) sk_int = ed25519.decodeint(binascii.unhexlify(sk_vector[row])) s[row][index_pi[row]] = binascii.hexlify( ed25519.encodeint((u_int - e_int * sk_int) % ed25519.l)) return e0, s, PK_matrix