def main():
pksig = Sig_RSA_Stateless_HW09()
# fixed params for unit tests
p = integer(13075790812874903063868976368194105132206964291400106069285054021531242344673657224376055832139406140158530256050580761865568307154219348003780027259560207)
q = integer(12220150399144091059083151334113293594120344494042436487743750419696868216757186059428173175925369884682105191510729093971051869295857706815002710593321543)
(pk, sk) = pksig.keygen(1024, p, q)
if debug:
print("Public parameters...")
print("pk =>", pk)
print("sk =>", sk)
m = SHA1(b'this is the message I want to hash.')
m2 = SHA1(b'please sign this message too!')
#m = b'This is a message to hash'
sig = pksig.sign(pk, sk, m)
if debug:
print("Signature...")
print("sig =>", sig)
sig2 = pksig.sign(pk, sk, m2)
if debug:
print("Signature 2...")
print("sig2 =>", sig2)
assert pksig.verify(pk, m, sig), "FAILED VERIFICATION!!!"
assert pksig.verify(pk, m2, sig2), "FAILED VERIFICATION!!!"
if debug: print("Successful Verification!!!")
def setparam(self, p, q):
if p == (2 * q) + 1 and isPrime(p) and isPrime(q):
self.p = integer(p)
self.q = integer(q)
return True
else:
print("p and q are not safe primes!")
return False
def setparam(self, p, q):
if isPrime(p) and isPrime(q) and p != q:
self.p = integer(p)
self.q = integer(q)
self.n = self.p * self.q
return True
else:
print("p and q are not primes!")
return False
def hashToZn(self, value):
if type(value) == pairing:
h = hashlib.new(self.hash_type)
h.update(self.e.serialize(value))
#print "digest => %s" % h.hexdigest()
# get raw bytes of digest and hash to Zr
val = h.digest()
return integer(int(self.e.H(val, ZR)))
# do something related to that
if type(value) == integer:
str_value = int2Bytes(value)
return integer(int(self.e.H(str_value, ZR)))
return None
def hashToZn(self, value):
if type(value) == pairing:
h = hashlib.new(self.hash_type)
h.update(self.e.serialize(value))
#print "digest => %s" % h.hexdigest()
# get raw bytes of digest and hash to Zr
val = h.digest()
return integer(int(self.e.H(val, ZR)))
# do something related to that
if type(value) == integer:
str_value = int2Bytes(value)
return integer(int(self.e.H(str_value, ZR)))
return None
def verify(self, pk, message, sig):
if debug: print("\nVERIFY\n\n")
sigma1, r, s, e = sig['sigma1'], sig['r'], sig['s'], sig['e']
K, L, c, keyLength, u, h, N = pk['K'], pk['L'], pk['c'], pk['length'], pk['u'], pk['h'], pk['N']
# Make sure that 0 < s < 2^{keylength/2}, else reject the signature
if not (0 < s and s < (2 ** (keyLength/2))):
return False
# Compute e = H_k(s) and reject the signature if it's not prime
ei = self.HW_hash(K, c, s, keyLength) % N
if not isPrime(ei):
if debug: print("ei not prime")
return False
# Compute Y = sigma1^{2*ceil(log2(s))}
s1 = integer(2 ** (math.ceil(log[2](s))))
Y = (sigma1 ** s1) % N
# Hash the mesage using the chameleon hash with fixed randomness r
(x, r2) = self.ChameleonHash.hash(L, message, r)
lhs = (Y ** ei) % N
rhs = ((u ** x) * h) % N
if debug:
print("lhs =>", lhs)
print("rhs =>", rhs)
# Verify that Y^e = (u^x h) mod N. If so, accept the signature
if lhs == rhs:
return True
# Default: reject the signature
return False
def pow(self, modularInt):
# TODO: Verify that this is a blum integer!!!!!!!
p, q = self.p, self.q
result = integer(modularInt) % (p * q)
for repeat in range(self.raisedToThePower):
result = result**(((p - 1) * (q - 1) + 4) / 8)
return result
def pow(self, modularInt):
# TODO: Verify that this is a blum integer!!!!!!!
p, q = self.p, self.q
result = integer(modularInt) % (p * q)
for repeat in range(self.raisedToThePower):
result = result ** (((p-1)*(q-1)+4)/8)
return result
def HW_hash(self, key, c, input, keyLen):
C = integer(c)
input_size = bitsize(c)
input_b = Conversion.IP2OS(input, input_size)
# Return c XOR PRF(k, input), where the output of PRF is keyLength bits
result = C ^ self.Prf.eval(key, input_b)
return result
def eval(self, k, input1):
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input1)
return Conversion.bytes2integer(h.hexdigest())
def main():
pksig = Sig_CL03()
p = integer(21281327767482252741932894893985715222965623124768085901716557791820905647984944443933101657552322341359898014680608292582311911954091137905079983298534519)
q = integer(25806791860198780216123533220157510131833627659100364815258741328806284055493647951841418122944864389129382151632630375439181728665686745203837140362092027)
(pk, sk) = pksig.keygen(1024, p, q)
if debug:
print("Public parameters...")
print("pk =>", pk)
print("sk =>", sk)
m = integer(SHA1(b'This is the message I want to hash.'))
sig = pksig.sign(pk, sk, m)
if debug:
print("Signature...")
print("sig =>", sig)
assert pksig.verify(pk, m, sig), "FAILED VERIFICATION!!!"
if debug: print("Successful Verification!!!")
def eval(self, k, input, outputLen):
if outputLen % 8 != 0:
return False
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input)
seed = Conversion.bytes2integer(h.hexdigest())
#print("Prf result =>", seed)
return seed
def eval(self, k, input, outputLen):
if outputLen%8 != 0:
return False
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input)
seed = Conversion.bytes2integer(h.hexdigest())
#print("Prf result =>", seed)
return seed
def signCommit(self, pk, sk, Cx):
e = randomPrime(le)
ls = ln + lm + l
rprime = integer(randomBits(ls))
phi_N = (sk['p']-1)*(sk['q']-1)
e2 = e % phi_N
v = (((Cx)*(pk['b'] ** rprime)*pk['c']) ** (e2 ** -1)) % pk['N']
sig = { 'e':e, 'rprime':rprime, 'v':v }
return sig
def HW_hash(self, key, c, input, keyLen):
# Return c XOR PRF(k, input), where the output of PRF is keyLength bits
if type(input) != str:
input_temp = input
input_s = ''
while input_temp > 0:
input_s = chr(input_temp & 0xff) + input_s
input_temp = input_temp >> 8
input_b = Bytes(input_s, 'utf8')
else:
assert False, "Invalid input: need an integer."
result = integer(c) ^ self.Prf.eval(key, input_b, keyLen)
#print("HW_hash =>", result)
return result
def HW_hash(self, key, c, input, keyLen):
# Return c XOR PRF(k, input), where the output of PRF is keyLength bits
if type(input) != str:
input_temp = input
input_s = ''
while input_temp > 0:
input_s = chr(input_temp & 0xff) + input_s
input_temp = input_temp >> 8
input_b = Bytes(input_s, 'utf8')
else:
assert False, "Invalid input: need an integer."
result = integer(c) ^ self.Prf.eval(key, input_b, keyLen)
#print("HW_hash =>", result)
return result
def sign(self, pk, sk, m):
e = randomPrime(le)
ls = ln + lm + l
s = integer(randomBits(ls))
phi_N = (sk['p']-1)*(sk['q']-1)
e2 = e % phi_N
v = (((pk['a'] ** m)*(pk['b'] ** s)*pk['c']) ** (e2 ** -1)) % pk['N']
sig = { 'e':e, 's':s, 'v':v }
return sig
def verify(self, pk, message, sig):
print("\nVERIFY\n\n")
sigma1, r, s, e = sig['sigma1'], sig['r'], sig['s'], sig['e']
K, L, c, keyLength, u, h, N = pk['K'], pk['L'], pk['c'], pk[
'length'], pk['u'], pk['h'], pk['N']
# Make sure that 0 < s < 2^{keylength/2}, else reject the signature
if not (0 < s and s < (2**(keyLength / 2))):
return False
# Compute Y = sigma1^{2*ceil(log2(s))}
s1 = integer(2**math.ceil(math.log(s, 2)))
print("s1 =>", s1)
Y = sigma1**s1
print("Y =>", Y)
# Hash the mesage using the chameleon hash with fixed randomness r
(x, r) = self.ChameleonHash.hash(L, message, r)
print("x =>", x)
print("r =>", r)
# Compute e = H_k(s) and reject the signature if it's not prime
#e = self.HW_hash(K, c, s, keyLength)
print("verify: e =>", e)
if not isPrime(e):
return False
print("Final check")
print()
lhs = (Y**e) % N
print("lhs =>", lhs)
rhs = ((u**x) * h) % N
print("rhs =>", rhs)
# Verify that Y^e = (u^x h) mod N. If so, accept the signature
if lhs == rhs:
return True
# Default: reject the signature
return False
def verify(self, pk, message, sig):
print("\nVERIFY\n\n")
sigma1, r, s, e = sig['sigma1'], sig['r'], sig['s'], sig['e']
K, L, c, keyLength, u, h, N = pk['K'], pk['L'], pk['c'], pk['length'], pk['u'], pk['h'], pk['N']
# Make sure that 0 < s < 2^{keylength/2}, else reject the signature
if not (0 < s and s < (2 ** (keyLength/2))):
return False
# Compute Y = sigma1^{2*ceil(log2(s))}
s1 = integer(2 ** math.ceil(math.log(s,2)))
print("s1 =>", s1)
Y = sigma1 ** s1
print("Y =>", Y)
# Hash the mesage using the chameleon hash with fixed randomness r
(x, r) = self.ChameleonHash.hash(L, message, r)
print("x =>", x)
print("r =>", r)
# Compute e = H_k(s) and reject the signature if it's not prime
#e = self.HW_hash(K, c, s, keyLength)
print("verify: e =>", e)
if not isPrime(e):
return False
print("Final check")
print()
lhs = (Y ** e) % N
print("lhs =>", lhs)
rhs = ((u ** x) * h) % N
print("rhs =>", rhs)
# Verify that Y^e = (u^x h) mod N. If so, accept the signature
if lhs == rhs:
return True
# Default: reject the signature
return False
def keygen(self, bits):
return integer(randomBits(bits))
def randomize(self, r): # need to provide random value
lhs = dict.__getitem__(self, self.key)
rhs = (integer(r) ** self.pk['n']) % self.pk['n2']
return Ciphertext({self.key:(lhs * rhs) % self.pk['n2']})
def L(self, u, n):
return integer(int(u - 1)) / n
def encode(self, modulus, message):
# takes a string and represents as a bytes object
elem = integer(message)
return elem % modulus
def pow(self, modularInt):
p, q = self.p, self.q
result = integer(modularInt) % (p * q)
for repeat in range(self.raisedToThePower):
result = result ** (((p-1)*(q-1)+4)/8)
return result
def keygen(self, bits): return integer(randomBits(bits))