def schnorr_NIZK():
# setup
start = time.time()
grp = PairingGroup('MNT224')
ps = PS01(grp)
end = time.time()
print("Setup time elapse: ")
print(end - start)
# keygen
start = time.time()
(pk, sk) = ps.keygen(2)
end = time.time()
print("KeyGen over two attributes time elapse: ")
print(end - start)
# generate a secret
secret = grp.random()
# NIZK Schnorr prover
start = time.time()
na = grp.random()
a = pk['Y1'][0] ** na
# deterministic nb
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
# r
r = na + nb * secret
end = time.time()
print("NIZK Schnorr on one attribute Prover time elapse: ")
print(end - start)
# NIZK Schnorr verifier
start = time.time()
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
lh = pk['Y1'][0] ** r
rh = a * (pk['Y1'][0] ** secret) ** nb
end = time.time()
print("NIZK Schnorr Verifier time elapse: ")
print(end - start)
if lh == rh:
print('check success')
else:
print('lh:=', lh)
print('rh:=', rh)
def test_ps_sign_schnorr():
grp = PairingGroup('MNT224')
ps = PS01(grp)
messages = ["hi there"]
(pk, sk) = ps.keygen(len(messages) + 1)
if debug:
print("Keygen...")
print("pk :=", pk)
print("sk :=", sk)
t, commitment = ps.commitment(pk, *messages)
# append public information
commitment = commitment * (pk['Y1'][-1] ** grp.hash('3600', ZR))
if debug:
print("commitment: ", commitment)
be_signed = commitment
sig = ps.sign(sk, pk, commitment)
if debug:
print("Signature: ", sig)
sig = ps.unblind_signature(t, sig)
# append public information
messages.append('3600')
result = ps.verify(pk, sig, *messages)
assert result, "INVALID signature!"
if debug:
print("Successful Verification!!!")
# sec6.2 randomize
s1, s2 = sig
t = grp.random(ZR)
r = grp.random(ZR)
s1p = s1**r
s2p = (s2*(s1**t))**r
# sec6.2 verify
lh = pair(s1p, pk['X2'])
lh = lh * ps.product([pair(s1p, y**grp.hash(m, ZR)) for y, m in zip(pk['Y2'], messages)])
lh = lh * pair(s1p, pk['g2']**t)
rh = pair(s2p, pk['g2'])
if lh == rh:
print('check success')
else:
print('lh:=', lh)
print('rh:=', rh)
def test_batch_function():
grp = PairingGroup('MNT224')
g1 = grp.hash('g1', G1)
g2 = grp.hash('g2', G1)
h1 = grp.hash('h1', G2)
h2 = grp.hash('h2', G2)
h3 = grp.hash('h3', G2)
start = time.time()
lhs = pair(g1, h1) * pair(g1, h2) * pair(g1, h3) * pair(g2, h1)
end = time.time()
print(F'total time for un-batched: {end - start}')
start = time.time()
rhs = pair(g1, h1*h2*h3) * pair(g2, h1)
end = time.time()
print(F'total time for batched: {end - start}')
if lhs == rhs:
print('success')
else:
print('fail')
def test_speed_of_idp_user_lookup():
grp = PairingGroup('MNT224')
h = grp.hash('yelp', G1)
start = time.time()
for i in range(0, 100000):
r = grp.random()
result = h ** r
end = time.time()
print("Time for IdP to look up a user's gamma among 100k users: ")
print(end-start)
def keygen(pk, msk, S):
group = PairingGroup('SS512')
attributes = [unicode(a) for a in S]
z = group.random()
r = group.random()
alpha = msk['alpha']
K0 = ((pk['g'] ** alpha) * (pk['w'] ** r)) ** (1/z)
K1 = pk['g'] ** (r/z)
K_x_2, K_x_3 = {},{}
for attr in attributes:
ri = group.random()
K_x_2[attr] = pk['g'] ** (ri/z)
K_x_2[attr] = objectToBytes(K_x_2[attr], group)
K_x_3[attr] = ((((pk['u'] ** group.hash(unicode(attr),ZR))) * pk['h']) ** (ri/z)) * (pk['v'] ** (-r/z))
K_x_3[attr] = objectToBytes(K_x_3[attr], group)
ik = {'S':S,
'K0':objectToBytes(K0, group),
'K1':objectToBytes(K1, group),
'Ki2':K_x_2,
'Ki3':K_x_3}
sk = objectToBytes(z, group)
return {'ik':ik, 'sk':sk}
def encrypt(policy_str, pool, group=None):
print('policy_str in ABEnc=',policy_str)
if group is None:
group = PairingGroup('SS512')
util = SecretUtil(group, False)
policy = util.createPolicy(policy_str)
secret = pool.pop('s')
print('policy in ABEnc=',policy)
sshares = util.calculateSharesList(secret, policy)
sshares = dict([(x[0].getAttributeAndIndex(), x[1]) for x in sshares])
print('sshares in ABEnc=',sshares)
C0 = pool.pop('C0')
C_x_1, C_x_2, C_x_3, C_x_4, C_x_5 = {},{},{},{},{}
for attr, s_share in sshares.items():
component = pool['components'].pop()
C_x_1[attr] = component['C_j_1']
C_x_2[attr] = component['C_j_2']
C_x_3[attr] = component['C_j_3']
C_x_4[attr] = s_share - component['lambda_prime_j']
C_x_5[attr] = component['t_j'] * (group.hash(unicode(attr),ZR) - component['x_j'])
ct = {'policy':policy_str, 'C0':C0,'C_j_1':C_x_1, 'C_j_2':C_x_2, 'C_j_3':C_x_3, 'C_j_4':C_x_4, 'C_j_5':C_x_5}
print('ct in ABEnc=',ct)
return (pool, ct)
def test_ps_sign_with_public_info():
# setup
start = time.time()
grp = PairingGroup('MNT224')
ps = PS01(grp)
end = time.time()
print("Setup time elapse: ")
print(end - start)
# messages = ['Hi there', 'Not there', 'Some message ................', 'Dont know .............', 'great!!!!']
messages = ["hi there"]
# keygen
start = time.time()
(pk, sk) = ps.keygen(len(messages) + 1)
end = time.time()
print("KeyGen time elapse: ")
print(end - start)
if debug:
print("Keygen...")
print("pk :=", pk)
print("sk :=", sk)
# requestID
start = time.time()
t, commitment = ps.commitment(pk, *messages)
end = time.time()
print("requestID time elapse: ")
print(end - start)
# append public information
start = time.time()
commitment = commitment * (pk['Y1'][-1] ** grp.hash('3600', ZR))
sig = ps.sign(sk, pk, commitment)
end = time.time()
print("ProvideID time elapse: ")
print(end - start)
if debug:
print("commitment: ", commitment)
if debug:
print("Signature: ", sig)
# unblind signature
start = time.time()
sig = ps.unblind_signature(t, sig)
end = time.time()
print("Unblind time elapse: ")
print(end - start)
# append public information
messages.append('3600')
result = ps.verify(pk, sig, *messages)
assert result, "INVALID signature!"
if debug:
print("Successful Verification!!!")
# prove ID
start = time.time()
rand_sig = ps.randomize_sig(sig)
end = time.time()
print("Credential Randomize time elapse: ")
print(end - start)
assert sig != rand_sig
if debug:
print("Randomized Signature: ", rand_sig)
# cred.verify
start = time.time()
result = ps.verify(pk, rand_sig, *messages)
end = time.time()
print("RP's Credential Verify time elapse: ")
print(end - start)
assert result, "INVALID signature!"
if debug:
print("Successful Verification!!!")
from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, GT, pair
from charm.toolbox.secretutil import SecretUtil
from charm.toolbox.ABEnc import ABEnc
import numpy as np
group = PairingGroup('SS512')
H4 = lambda x: group.hash(x + str(group.random(ZR)), ZR)
def f(x, AP):
roots = []
for i in xrange(1, len(AP) + 1):
roots.insert(i, H4(str(i)))
F = np.poly(roots)
return F
def flattenAttributes(setOfAttributes):
attributes, attributes_, k = [], [], 0
N = len(numberOfAttributesAtAA_)
for attributesForAA_k in setOfAttributes:
assert len(attributesForAA_k) == numberOfAttributesAtAA_[
k], 'Incompatable setOfAttributes'
attributes_k = []
for j in xrange(k):
attributes_k += [False for i in xrange(numberOfAttributesAtAA_[j])]
for a in attributesForAA_k:
attributes.append(a)
attributes_k.append(a)
for j in xrange(k + 1, N):
attributes_k += [False for i in xrange(numberOfAttributesAtAA_[j])]
return group.deserialize(b"0:" + encodebytes(g))
def deserialize1(g):
""" """
# Only work in G1 here
return group.deserialize(b"1:" + encodebytes(g))
def deserialize2(g):
""" """
# Only work in G1 here
return group.deserialize(b"2:" + encodebytes(g))
g1 = group.hash("geng1", G1)
g1.initPP()
# g2 = g1
g2 = group.hash("geng2", G2)
g2.initPP()
ZERO = group.random(ZR, seed=59) * 0
ONE = group.random(ZR, seed=60) * 0 + 1
def polynom_eval(x, coefficients):
"""Polynomial evaluation."""
y = ZERO
xx = ONE
for coeff in coefficients:
y += coeff * xx
xx *= x
# Only work in G1 here
return decodestring(group.serialize(g)[2:])
def deserialize0(g):
# Only work in G1 here
return group.deserialize('0:'+encodestring(g))
def deserialize1(g):
# Only work in G1 here
return group.deserialize('1:'+encodestring(g))
def deserialize2(g):
# Only work in G1 here
return group.deserialize('2:'+encodestring(g))
g1 = group.hash('geng1', G1)
g1.initPP()
g2 = g1
#g2 = group.hash('geng2', G2)
#g2.initPP()
ZERO = group.random(ZR, seed=59)*0
ONE = group.random(ZR, seed=60)*0+1
class TBLSPublicKey(object):
def __init__(self, l, k, VK, VKs):
self.l = l
self.k = k
self.VK = VK
self.VKs = VKs
def __getstate__(self):
async def main():
# group setup and secret generation
setup_start_time = time.time()
global grp, ps, pk, secret, messages, sig, gamma, expires_in
grp = PairingGroup('MNT224')
messages = ['random_string']
secret = grp.hash(messages[0], ZR)
ps = PS01(grp)
pk = None
setup_end_time = time.time()
print("Setup total time: {0}s ".format(str(setup_end_time - setup_start_time)))
# communicate with IdP
print("****Communication with IdP****")
idp_start_time = time.time()
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session:
# first rt: get idp public key
pk = await fetch(session, 'https://' + idp_ip + ':6000/')
for key, value in pk.items():
if key in {'X2', 'g1', 'g2'}:
pk[key] = grp.deserialize(value.encode())
else:
pk[key] = [grp.deserialize(item.encode()) for item in value]
if debug:
print('idp pk:=', pk)
# generate t and commitment
start = time.time()
t = grp.random(ZR)
gt = (pk['g1'] ** t)
commitment_secret = pk['Y1'][0] ** secret
commitment = gt * commitment_secret
if debug:
print("commitment: ", commitment)
end = time.time()
print("CRED.PrepareBlindSign over {0} attributes time elapse: {1}s ".format(str(1), str(end - start)))
# second rt: schnorr proof
start = time.time()
na = grp.random()
a = pk['Y1'][0] ** na
# schnorr NIZK: generate nb
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
r = na + nb * secret
end = time.time()
print("NIZK Schnorr Prover (User-IdP) over {0} element time elapse: {1}s ".format(str(1), str(end - start)))
json_param = {'g_t': grp.serialize(gt).decode(),
'commitment_secret': grp.serialize(commitment_secret).decode(),
'a': grp.serialize(a).decode(),
'r': grp.serialize(r).decode()}
average_time = 0
counter = 0
for i in range(0, 20):
time1 = time.time()
print(time.time())
json_rep = await fetch(session, 'https://' + idp_ip + ':6000/token', json_param)
time2 = time.time()
counter += 1
average_time += (time2 - time1)
if 1/running_frequency - (time2 - time1) > 0:
time.sleep(1/running_frequency - (time2 - time1))
print("average time per credential: ", str(average_time/counter))
idp_end_time = time.time()
print("IdP total time: {0}s ".format(str(idp_end_time - idp_start_time)))
# Only work in G1 here
return group.deserialize('0:'+encodestring(g))
def deserialize1(g):
# Only work in G1 here
return group.deserialize('1:'+encodestring(g))
def deserialize2(g):
# Only work in G1 here
return group.deserialize('2:'+encodestring(g))
def xor(x,y):
assert len(x) == len(y) == 32
return ''.join(chr(ord(x_)^ord(y_)) for x_,y_ in zip(x,y))
g1 = group.hash('geng1', G1)
g1.initPP()
g2 = g1
#g2 = group.hash('geng2', G2)
#g2.initPP()
ZERO = group.random(ZR)*0
ONE = group.random(ZR)*0+1
def hashG(g):
return SHA256.new(serialize(g)).digest()
def hashH(g, x):
assert len(x) == 32
return group.hash(serialize(g) + x, G2)
class TPKEPublicKey(object):
# Only work in G1 here
return decodestring(group.serialize(g)[2:])
def deserialize0(g):
# Only work in G1 here
return group.deserialize('0:'+encodestring(g))
def deserialize1(g):
# Only work in G1 here
return group.deserialize('1:'+encodestring(g))
def deserialize2(g):
# Only work in G1 here
return group.deserialize('2:'+encodestring(g))
g1 = group.hash('geng1', G1)
g1.initPP()
#g2 = g1
g2 = group.hash('geng2', G2)
g2.initPP()
ZERO = group.random(ZR)*0
ONE = group.random(ZR)*0+1
class TBLSPublicKey(object):
def __init__(self, l, k, VK, VKs):
self.l = l
self.k = k
self.VK = VK
self.VKs = VKs
def __getstate__(self):
class BLS():
"""Класс, реализующий формирование и проверку ЭЦП по схеме Боне-Линна-Шахема
Атрибуты:
debug вывод дополнительной информации.
group содержит в себе данные об точках на эллиптической кривой,
порядке множества точек эллиптической кривой и так далее.
P произвольная точка эллиптической кривой.
sk секретный ключ.
pk публичный ключ.
"""
def __init__(self, param_id, debug):
"""Конструктор класс
Атрибуты:
param_id параметры эллиптической кривой:
{SS512, SS1024, MNT159, MNT201, MNT224}.
debug вывод дополнительной информации.
"""
self.group = PairingGroup(param_id)
self.debug = debug
def keygen(self):
"""Генерация ключей
Результат:
P произвольная точка эллиптической кривой.
sk секретный ключ.
pk публичный ключ.
"""
P = self.group.random(G2)
sk = self.group.random()
pk = {'P^sk': P ** sk, 'P':P}
if self.debug: self.output(1, sk, pk)
return (pk, sk)
def sign(self, message, sk):
"""Формирование подписи
Аргументы:
message сообщение, на основании
которого необходимо создать
цифровую подпись.
sk секретный ключ.
Результат:
sign цифровая подпись.
"""
messageBytes = objectToBytes(message, self.group)
sign = self.group.hash(messageBytes, G1) ** sk
if self.debug: self.output(2, 0, 0, message, sign)
return sign
def verify(self, message, sign, pk):
"""Проверка подписи
Аргументы:
message сообщение, на основании
которого необходимо создать
цифровую подпись.
sign цифровая подпись.
pk публичный ключ.
Результат:
True при успешной проверки цифровой подписи.
Fase при неудачной проверки цифровой подписи.
"""
messageBytes = objectToBytes(message, self.group)
h = self.group.hash(messageBytes, G1)
ver = pair(sign, pk['P']) == pair(h, pk['P^sk'])
if self.debug: self.output(3, 0, pk, message, sign, ver)
if ver:
return True
return False
def output(self, phase, sk=0, pk=0, message='', sign=0, ver=False):
"""Режим дебага
Аргументы:
type 1 этап генерации ключей.
2 этап формирования подписи.
3 этап проверки подписи.
Результат:
вывод на экран полной информации о работе программы.
"""
if phase == 1:
title = 'ГЕНЕРАЦИЯ КЛЮЧЕЙ'
out = 'Точка эллиптической кривой:\n' + str(pk['P']) + '\nСекретный ключ:\n' + str(sk) + '\nПубличный ключ:\n' + str(pk['P^sk'])
elif phase == 2:
title = 'ФОРМИРОВАНИЕ ПОДПИСИ'
out = 'Сообщение:\n' + str(message) + '\nЦифровая подпись:\n' + str(sign)
elif phase == 3:
title = 'ПРОВЕРКА ПОДПИСИ'
out = 'Публичный ключ:\n' + str(pk['P^sk']) + '\nСообщение:\n' + str(message) + '\nЦифровая подпись:\n' + str(sign) + '\nПроверка:'
if ver: out += 'Успешно'
else: out += 'Неудачно'
else: return
print '=========={0}==========\n{1}'.format(title, out)
print '=======================================\n'
def measure_time(attribute_num):
# setup
start = time.time()
grp = PairingGroup('MNT224')
ps = PS01(grp)
end = time.time()
print("Setup time elapse: ")
print(end - start)
# keygen
start = time.time()
(pk, sk) = ps.keygen(attribute_num)
end = time.time()
print("KeyGen over {0} attributes time elapse: {1}s ".format(str(attribute_num), str(end - start)))
# generate a secret
secret = grp.random()
# NIZK Schnorr prover
start = time.time()
na = grp.random()
a = pk['Y1'][0] ** na
# deterministic nb
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
# r
r = na + nb * secret
end = time.time()
print("NIZK Schnorr over {0} attributes Prover time elapse: {1}s".format(str(attribute_num), str((end - start)*attribute_num)))
# NIZK Schnorr verifier
start = time.time()
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
lh = pk['Y1'][0] ** r
rh = a * (pk['Y1'][0] ** secret) ** nb
end = time.time()
print("NIZK Schnorr over {0} attributes Verifier time elapse: {1}s".format(str(attribute_num), str((end - start)*attribute_num)))
if lh == rh:
print('NIZK check success')
else:
print('NIZK check failure')
# request ID
messages = ["hello" + str(i) for i in range(0, attribute_num)]
start = time.time()
t, commitment = ps.commitment(pk, *messages)
end = time.time()
print("requestID over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
# prove ID
start = time.time()
sig = ps.sign(sk, pk, commitment)
end = time.time()
print("ProvideID over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
# unblind signature
start = time.time()
sig = ps.unblind_signature(t, sig)
end = time.time()
print("Unblind over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
# prove ID
start = time.time()
rand_sig = ps.randomize_sig(sig)
cipher_sk = grp.random()
cipher_1 = pk['Y2'][1] ** cipher_sk
cipher_pk = (pk['Y2'][1] ** grp.hash('authority')) ** cipher_sk
cipher_2 = cipher_pk * (pk['Y2'][0] ** grp.hash(messages[0], ZR))
end = time.time()
print("Credential Randomize over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
# cred.verify
start = time.time()
result = ps.verify(pk, rand_sig, *messages)
end = time.time()
print("RP's Credential Verify over {0} attributes time elapse: {1}s".format(str(attribute_num), str(end - start)))
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair from charm.core.engine.util import objectToBytes,bytesToObject import time, json, pickle, os, random, csv, copy from sys import getsizeof groupObj='SS512' global group group = PairingGroup(groupObj) r = group.random(ZR) i=0 for i in xrange(1,10): r_i = group.hash(str(r) + str(i), ZR) print r_i
class TRC():
"""docstring for TRC
:example: trc = TRC('MNT159', 8, 'salt')
"""
def __init__(self, kappa, btLevel, salt):
"""Generate a group and an empty tree
:kappa: MNT159, SS512, SS1024
:btLevel: the level of initial binary tree
:salt: the salt to generate random-like nodes
:self.N: the level of the tree
:self.rest: available leaves in the tree
:self.kunodes: a list to predict whether a node is revoked or not
:self.bt: the binary tree
"""
self.group = PairingGroup(kappa)
self.P, self.Q, self.msk = self.group.random(G1), self.group.random(G2) ,self.group.random(ZR)
self.PK1 = self.msk * self.P
self.PK2 = self.msk * self.Q
self.N = btLevel
self.rest = list(range(2 ** btLevel))
self.yellowPages = []
def preHandle(ids, preNodes):
if len(ids) == 1:
return preNodes
else:
i = 0
temp = []
while i < len(ids):
newNodes = hashlib.sha256((str(ids[i] + ids[i+1]) + salt).encode('utf-8'))
temp.append(newNodes.hexdigest())
# temp.append(ids[i] + ids[i+1])
i += 2
preNodes.append(temp)
preHandle(temp, preNodes)
basket = [str(x) for x in self.rest]
retList = []
preHandle(self.rest, basket)
for i in basket[::-1]:
retList.extend(i)
self.bt = build([int(binascii.b2a_hex(x.encode('utf-8'))) for x in retList])
self.kunodes = {self.bt.value}
def keygen(self, id, flag):
"""According to id, generate a corresponding pseudonym
"""
Recorder = namedtuple('Recorder', 'id pk flag')
pid = (hashlib.sha256(str(id).encode('utf-8'))).hexdigest()
pk_i = self.group.hash(str(id), G1) if flag == 'V' else self.group.hash(str(id), G2)
sk_i = self.msk * pk_i
self.yellowPages.append(Recorder(id, pk_i, flag))
return (int(binascii.b2a_hex(pid.encode('utf-8'))), pk_i, sk_i)
def keyUp(self, rl):
"""Kunode Algorithm
:rl: revocation list, contains the instance of OBU
"""
X = []
Y = []
for obu in rl:
X.extend(obu.path)
X = list(set(X))
for x in X:
if x.left and x.left not in X:
Y.append(x.left.value)
elif x.right and x.right not in X:
Y.append(x.right.value)
else:
pass
if Y == []:
Y.append(self.bt.value)
self.kunodes = set(Y) - set(self.rest)
else:
labeled_instance = [label] + instance[0]
hashed_instance = group.hash(labeled_instance, ZR)
c = hadamard_product(crs[3], basematrix_pow_exp(crs[4], hashed_instance))
# pi=[PI]1, crs[5]=[(1,a)]2, y=[Y]1, c=[C]2
# print(pairing_matrix(pi, crs[5]))
# print(pairing_matrix(instance, c))
return pairing_matrix(pi, crs[5]) == pairing_matrix(instance, c)
if __name__ == '__main__':
# 'MNT159' represents an asymmetric curve with 159-bit base field
group = PairingGroup('MNT159')
g1 = group.random(G1)
g2 = group.random(G2)
t = group.random(ZR)
# Third-Party-Section
crs = generate_crs(group, g1, g2, t)
# Certification-Section
r = group.random(ZR)
y = generate_instance(crs, r)
alpha = group.hash(y[0], ZR)
pi = generate_pi(group, crs, y, r)
# Verification-Section
print("accept" if check_certificate(group, crs, pi, y) else "reject")
#!./venv/bin/python3
from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, GT, pair
def irange(a, b):
return range(a, b + 1)
group = PairingGroup('BN254')
_G = group.hash("G", G1)
_H = group.hash("H", G2)
def generate_crs(G, H, d):
crs_g = {
(0, 0, 0): G(0, 0, 0),
(1, 0, 0): G(1, 0, 0),
(0, 0, 1): G(0, 0, 1),
}
for i in irange(0, 2 * d):
for j in irange(1, 12):
if j == 7: continue
crs_g[(i, j, 0)] = G(i, j, 0)
for i in irange(0, 2 * d):
for j in irange(1, 6):
for k in irange(1, 3 * d):
if (i, j) == (d, 4): continue
crs_g[(i, j, k)] = G(i, j, k)
async def main():
# group setup and secret generation
setup_start_time = time.time()
global grp, ps, pk, secret, messages, sig, gamma, expires_in
grp = PairingGroup('MNT224')
messages = ['random_string']
secret = grp.hash(messages[0], ZR)
ps = PS01(grp)
pk = None
setup_end_time = time.time()
print("Setup total time: {0}s ".format(str(setup_end_time - setup_start_time)))
# communicate with IdP
print("****Communication with IdP****")
idp_start_time = time.time()
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session:
# first rt: get idp public key
pk = await fetch(session, 'https://' + idp_ip + ':6000/')
for key, value in pk.items():
if key in {'X2', 'g1', 'g2'}:
pk[key] = grp.deserialize(value.encode())
else:
pk[key] = [grp.deserialize(item.encode()) for item in value]
if debug:
print('idp pk:=', pk)
# generate t and commitment
start = time.time()
t = grp.random(ZR)
gt = (pk['g1'] ** t)
commitment_secret = pk['Y1'][0] ** secret
commitment = gt * commitment_secret
if debug:
print("commitment: ", commitment)
end = time.time()
print("CRED.PrepareBlindSign over {0} attributes time elapse: {1}s ".format(str(1), str(end - start)))
# second rt: schnorr proof
start = time.time()
na = grp.random()
a = pk['Y1'][0] ** na
# schnorr NIZK: generate nb
m = hashlib.sha256()
m.update(grp.serialize(pk['Y1'][0]))
m.update(grp.serialize(a))
m.update(grp.serialize(pk['Y1'][0] ** secret))
m.update(b'userid') # replaced with real values
nb = m.digest()
nb = grp.hash(nb)
r = na + nb * secret
end = time.time()
print("NIZK Schnorr Prover (User-IdP) over {0} element time elapse: {1}s ".format(str(1), str(end - start)))
json_param = {'g_t': grp.serialize(gt).decode(),
'commitment_secret': grp.serialize(commitment_secret).decode(),
'a': grp.serialize(a).decode(),
'r': grp.serialize(r).decode()}
json_rep = await fetch(session, 'https://' + idp_ip + ':6000/token', json_param)
# parse the reply
id_token = json_rep['id_token']
id_token = [grp.deserialize(item.encode()) for item in id_token]
expires_in = json_rep['expires_in']
gamma = json_rep['gamma']
if debug:
print('user id token:=', id_token)
print('expires_in:=', expires_in)
print('gamma:=', gamma)
# unblind signature
start = time.time()
sig = ps.unblind_signature(t, id_token)
end = time.time()
print("CRED.Unblind time elapse: {0}s ".format(str(end - start)))
messages.append(gamma)
messages.append(expires_in)
for i in range(3, len(pk['Y1'])):
messages.append(str(i - 3) + 'th-element')
if debug:
print(messages)
result = ps.verify(pk, sig, *messages)
assert result, 'invalid signature'
print('Successfully verification')
gamma = grp.hash(gamma, ZR)
idp_end_time = time.time()
print("IdP total time: {0}s ".format(str(idp_end_time - idp_start_time)))
# communicate with RP
rp_start_time = time.time()
for i in range(running_times):
print("\n****Communication with RP****")
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=False)) as session:
json_param = generate_params_for_RP()
json_rep = await fetch(session, 'https://' + rp_ip + ':6001/authenticate', json_param)
if debug:
print(json_rep)
rp_end_time = time.time()
print("RP total time: {0}s ".format(str(rp_end_time - rp_start_time)))
class mPECK:
def __init__(self):
self.group = PairingGroup('SS512')
def keygen(self, n, g=None):
if(g == None):
g = self.g_gen()
keyPair_list = list()
for a in range(n):
keyPair_list.append(self.single_keygen(g))
return keyPair_list
def single_keygen(self, g):
x = self.group.random()
h = g ** x
pk = {'g':g, 'h':h }
sk = {'x':x}
return (pk, sk)
def g_gen(self):
return self.group.random(G1)
def m_peck(self, X):
g, m, W, pks = X
s = self.group.random()
r = self.group.random()
E = self.m_enc(g, m, pks, r, s)
A = g ** r
B = list()
for b in pks:
B.append(b ** s)
C = list()
for w in W:
h = self.group.hash(w, G1) ** r
f = self.hash2(w, G1) ** s
C.append(h * f)
return (E,(A,B,C))
def trapdoor(self,X):
g, Q, sk = X
t = self.group.random()
Q1 = g ** t
Q2 = 1
Q3 = 1
for w in range(len(Q[0])):
Q2 *= self.group.hash(Q[1][w], G1)
Q3 *= self.hash2(Q[1][w], G1)
Q2 = Q2 ** t
Q3 = Q3 ** (t/sk)
return (Q1,Q2,Q3,Q[0])
def test(self,X):
ES, TQ, pk = X
P = 1
for I in TQ[3]:
P *= ES[1][2][I]
lhs = pair(TQ[0], P)
rhs = pair(ES[1][0], TQ[1])
for B in ES[1][1]:
if lhs == rhs * pair(B, TQ[2]):
return (ES[1][0],B,ES[0]) #this output format is described on page 16
return None
def m_enc(self, g, m, pks, r, s):
return self.bytes_xor(objectToBytes(self.group.hash(pair(g,g) ** (r*s), G1), self.group), m) # TODO find suitable hashing function mapping to M
def m_dec(self, sk, A, B, E):
X = objectToBytes(self.group.hash(pair(A, B) ** (1/sk), G1), self.group)
xor = self.bytes_xor(E, X)
return xor #if user is legitimate, this will be equal to m
def hash2(self, m, type):
return self.group.hash(self.group.hash(m, type), type) # does this count as a second (different) hash function that maps to G1?
def bytes_xor(self, a, b):
return ''.join(chr(ord(x) ^ ord(y)) for x,y in zip(a,b))
def toBytes(self, m):
return objectToBytes(m, self.group)
def fromBytes(self, m):
return bytesToObject(m.ljust(2, b"\x3d"), self.group)
