def split_rekey(self, priv_a, priv_b, threshold, N):
coeffs = [priv_a * (~priv_b)] # Standard rekey
coeffs += [
ec.random(self.ecgroup, ec.ZR) for _ in range(threshold - 1)
]
ids = [ec.random(self.ecgroup, ec.ZR) for _ in range(N)]
rk_shares = [
RekeyFrag(id, key=poly_eval(coeffs, id), pre=self) for id in ids
]
return rk_shares
def split_rekey(self, priv_a, priv_b, threshold, N):
coeffs = [priv_a * (~priv_b)] # Standard rekey
coeffs += [
ec.random(self.ecgroup, ec.ZR) for _ in range(threshold - 1)
]
# TODO: change this!
h = self.g
vKeys = [h**coeff for coeff in coeffs]
ids = [ec.random(self.ecgroup, ec.ZR) for _ in range(N)]
rk_shares = [RekeyFrag(id, key=poly_eval(coeffs, id)) for id in ids]
return rk_shares, vKeys
def __init__(self, curve=curves.secp256k1, g=None):
self.curve = curves.secp256k1
self.ecgroup = ec.elliptic_curve(nid=self.curve)
if g is None:
self.g = ec.random(self.ecgroup, ec.G)
else:
self.g = ec.deserialize(self.ecgroup, g)
self.bitsize = ec.bitsize(self.ecgroup)
def encapsulate(self, pub_key, key_length=32):
"""Generare an ephemeral key pair and symmetric key"""
priv_e = ec.random(self.ecgroup, ec.ZR)
pub_e = self.g**priv_e
# DH between eph_private_key and public_key
shared_key = pub_key**priv_e
# Key to be used for symmetric encryption
key = self.kdf(shared_key, key_length)
return key, EncryptedKey(pub_e, re_id=None)
def encrypt(self, pub, msg, padding=True):
if type(msg) is str:
msg = msg.encode()
if padding:
msg = pad(self.bitsize, msg)
chunks = [
msg[i * self.bitsize:i * self.bitsize + self.bitsize]
for i in range(len(msg) // self.bitsize)
]
else:
chunks = [msg]
r = ec.random(self.ecgroup, ec.ZR)
c1 = self.load_key(pub)**r
c2 = [(self.g**r) * ec.encode(self.ecgroup, m, False) for m in chunks]
c2 = map(ec.serialize, c2)
return msgpack.dumps([ec.serialize(c1)] + list(c2))
def test_alice_sends_fake_kFrag_to_Ursula(N, threshold):
pre = umbral.PRE()
priv_alice = pre.gen_priv()
pub_alice = pre.priv2pub(priv_alice)
priv_bob = pre.gen_priv()
rk_ab = pre.rekey(priv_alice, priv_bob)
sym_key, ekey_alice = pre.encapsulate(pub_alice)
kfrags, vkeys = pre.split_rekey(priv_alice, priv_bob, threshold, N)
for kfrag in kfrags:
assert pre.check_kFrag_consistency(kfrag, vkeys)
# Alice tries to frame the first Ursula by sending her a random kFrag
fake_kfrag = kfrags[0]._replace(key=ec.random(pre.ecgroup, ec.ZR))
assert not pre.check_kFrag_consistency(fake_kfrag, vkeys)
def gen_priv(self, dtype='ec'):
# Same as in BBS98
priv = ec.random(self.ecgroup, ec.ZR)
return priv
def gen_priv(self, dtype='ec'):
priv = ec.random(self.ecgroup, ec.ZR)
if dtype in ('bytes', bytes):
return ec.serialize(priv)
else:
return priv
