def test_m_of_n(N, M, alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob, pub_key_bob = bobs_keys
params = delegating_privkey.params
sym_key, capsule = pre._encapsulate(delegating_pubkey)
capsule.set_correctness_keys(delegating=delegating_privkey.get_pubkey(),
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N)
for kfrag in kfrags:
assert kfrag.verify(signing_privkey.get_pubkey(), delegating_privkey.get_pubkey(), pub_key_bob)
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata = "This is an example of metadata for re-encryption request #{}"
metadata = metadata.format(i).encode()
cfrag = pre.reencrypt(kfrag, capsule, metadata=metadata)
capsule.attach_cfrag(cfrag)
assert cfrag.verify_correctness(capsule)
sym_key_from_capsule = pre._open_capsule(capsule, priv_key_bob)
assert sym_key == sym_key_from_capsule
def test_cheating_ursula_sends_garbage(N, M):
priv_key_alice = keys.UmbralPrivateKey.gen_key()
pub_key_alice = priv_key_alice.get_pubkey()
# Bob
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
sym_key, capsule_alice = pre._encapsulate(pub_key_alice.point_key)
kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N)
cfrags, metadata = [], []
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata_i = "This is an example of metadata for re-encryption request #{}"
metadata_i = metadata_i.format(i).encode()
cfrag = pre.reencrypt(kfrag, capsule_alice, metadata=metadata_i)
capsule_alice.attach_cfrag(cfrag)
cfrags.append(cfrag)
# Let's put random garbage in one of the cfrags
cfrags[0]._point_e1 = Point.gen_rand()
cfrags[0]._point_v1 = Point.gen_rand()
capsule_alice._reconstruct_shamirs_secret(pub_key_alice,
priv_key_bob) # activate capsule
with pytest.raises(pre.GenericUmbralError):
_unused_key = pre._decapsulate_reencrypted(pub_key_bob.point_key,
priv_key_bob.bn_key,
pub_key_alice.point_key,
capsule_alice)
assert not pre._verify_correctness(
capsule_alice,
cfrags[0],
pub_key_alice.point_key,
pub_key_bob.point_key,
)
# The response of cheating Ursula is in cfrags[0],
# so the rest of CFrags chould be correct:
for cfrag_i, metadata_i in zip(cfrags[1:], metadata[1:]):
assert pre._verify_correctness(
capsule_alice,
cfrag_i,
pub_key_alice.point_key,
pub_key_bob.point_key,
)
# Alternatively, we can try to open the capsule directly.
# We should get an exception with an attached list of incorrect cfrags
with pytest.raises(pre.UmbralCorrectnessError) as exception_info:
_ = pre._open_capsule(capsule_alice, priv_key_bob, pub_key_alice)
correctness_error = exception_info.value
assert cfrags[0] in correctness_error.offending_cfrags
assert len(correctness_error.offending_cfrags) == 1
def test_m_of_n(N, M, alices_keys, bobs_keys):
priv_key_alice, pub_key_alice = alices_keys
priv_key_bob, pub_key_bob = bobs_keys
sym_key, capsule = pre._encapsulate(pub_key_alice.point_key)
kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N)
for kfrag in kfrags:
assert kfrag.verify(pub_key_alice.point_key, pub_key_bob.point_key)
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata = "This is an example of metadata for re-encryption request #{}"
metadata = metadata.format(i).encode()
cfrag = pre.reencrypt(kfrag, capsule, metadata=metadata)
capsule.attach_cfrag(cfrag)
assert pre._verify_correctness(
capsule,
cfrag,
pub_key_alice.point_key,
pub_key_bob.point_key,
)
# assert capsule.is_openable_by_bob() # TODO: Is it possible to check here if >= m cFrags have been attached?
sym_key_from_capsule = pre._open_capsule(capsule, priv_key_bob,
pub_key_alice)
assert sym_key == sym_key_from_capsule
def test_cheating_ursula_replays_old_reencryption(N, M):
priv_key_alice = keys.UmbralPrivateKey.gen_key()
pub_key_alice = priv_key_alice.get_pubkey()
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
sym_key_alice1, capsule_alice1 = pre._encapsulate(pub_key_alice.point_key)
sym_key_alice2, capsule_alice2 = pre._encapsulate(pub_key_alice.point_key)
kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N)
cfrags, metadata = [], []
for i, kfrag in enumerate(kfrags):
# Example of potential metadata to describe the re-encryption request
metadata_i = "This is an example of metadata for re-encryption request #{}"
metadata_i = metadata_i.format(i).encode()
if i == 0:
# Let's put the re-encryption of a different Alice ciphertext
cfrag = pre.reencrypt(kfrag, capsule_alice2, metadata=metadata_i)
else:
cfrag = pre.reencrypt(kfrag, capsule_alice1, metadata=metadata_i)
capsule_alice1.attach_cfrag(cfrag)
cfrags.append(cfrag)
# Let's activate the capsule
capsule_alice1._reconstruct_shamirs_secret(pub_key_alice, priv_key_bob)
with pytest.raises(pre.GenericUmbralError):
sym_key = pre._decapsulate_reencrypted(pub_key_bob.point_key,
priv_key_bob.bn_key,
pub_key_alice.point_key,
capsule_alice1)
assert not cfrags[0].verify_correctness(
capsule_alice1,
pub_key_alice,
pub_key_bob,
)
# The response of cheating Ursula is in cfrags[0],
# so the rest of CFrags should be correct:
for cfrag_i, metadata_i in zip(cfrags[1:], metadata[1:]):
assert cfrag_i.verify_correctness(
capsule_alice1,
pub_key_alice,
pub_key_bob,
)
# Alternatively, we can try to open the capsule directly.
# We should get an exception with an attached list of incorrect cfrags
with pytest.raises(pre.UmbralCorrectnessError) as exception_info:
_ = pre._open_capsule(capsule_alice1, priv_key_bob, pub_key_alice)
correctness_error = exception_info.value
assert cfrags[0] in correctness_error.offending_cfrags
assert len(correctness_error.offending_cfrags) == 1
def test_cheating_ursula_replays_old_reencryption(N, M, alices_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
params = delegating_privkey.params
_unused_key1, capsule_alice1 = pre._encapsulate(delegating_pubkey)
_unused_key2, capsule_alice2 = pre._encapsulate(delegating_pubkey)
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N)
capsule_alice1.set_correctness_keys(delegating=delegating_pubkey,
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
cfrags, metadata = [], []
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata_i = "This is an example of metadata for re-encryption request #{}"
metadata_i = metadata_i.format(i).encode()
metadata.append(metadata_i)
if i == 0:
# Let's put the re-encryption of a different Alice ciphertext
cfrag = pre.reencrypt(kfrag, capsule_alice2, metadata=metadata_i)
else:
cfrag = pre.reencrypt(kfrag, capsule_alice1, metadata=metadata_i)
# Next, we bypass the public method to attach CFrags to the capsule,
# -- called Capsule.append(cfrag) -- and insert it directly in the private
# list of CFrags. In case you were wondering...DON'T DO THIS!
capsule_alice1._attached_cfrags.append(cfrag)
cfrags.append(cfrag)
# Let's activate the capsule
capsule_alice1._reconstruct_shamirs_secret(priv_key_bob)
with pytest.raises(pre.GenericUmbralError):
sym_key = pre._decapsulate_reencrypted(priv_key_bob, capsule_alice1)
assert not cfrags[0].verify_correctness(capsule_alice1)
# The response of cheating Ursula is in cfrags[0],
# so the rest of CFrags should be correct:
correct_cases = 0
for cfrag_i, metadata_i in zip(cfrags[1:], metadata[1:]):
if cfrag_i.verify_correctness(capsule_alice1):
correct_cases += 1
else:
pytest.fail("One of the cfrags that was supposed to be correct wasn't.")
assert correct_cases == len(cfrags[1:])
# Alternatively, we can try to open the capsule directly.
# We should get an exception with an attached list of incorrect cfrags
with pytest.raises(pre.UmbralCorrectnessError) as exception_info:
_ = pre._open_capsule(capsule_alice1, priv_key_bob)
correctness_error = exception_info.value
assert cfrags[0] in correctness_error.offending_cfrags
assert len(correctness_error.offending_cfrags) == 1