def __init__(self, P, Q, s=1, strict=False):
'''
if strict == True:
use Carmichael Number
else:
use Euler Number
'''
N = P * Q
# Lam = lcm(P-1, Q-1)
G = field(N**s, "G") # n ** s == n if s = 1
# multiplicative group
MG = field(N**(s + 1), "N^{s+1}") # n ** (s +1 ) == n2 in pailer case
H = field(N, "H")
# https://crypto.stackexchange.com/questions/29591/lcm-versus-phi-in-rsa
if strict:
LG = field(rsa_lambda(P, Q), "PhiGroup")
else:
LG = field(rsa_phi(P, Q), "PhiGroup")
j = generate_prime(length(P))
assert gcd(j, N) == 1
x = randfield(H)
g = MG((MG(1 + N)**j) * x)
d = crt(a_list=[0, 1], n_list=[LG.P, G.P])
assert d % G.P == 1
assert d % LG.P == 0
self.s = s
self.privkey = d
self.N = N
self.G = g
self.pubkey = (N, g)
def __init__(self, P, Q):
assert gcd(P * Q, (P - 1) * (Q - 1)) == 1
N = P * Q
Lam = lcm(P - 1, Q - 1)
F = field(N)
DF = field(N**2)
G = randfield(DF)
M = ~F(L(pow(G, Lam).value, N))
self.N = N
self.G = G
self.privkey = Lam
self.pubkey = (self.N, self.G)
def encrypt(cls, m, pub):
g, h = pub
y = randfield(field(g.N)).value
m_ = map_to_curve(m)
s = h**y
c1 = g**y
c2 = s * m_
return (c1, c2)
def test_ssss():
F = field(P)
s = SSSS(F)
k = random.randint(1, 100)
n = k * 3
secret = randfield(F)
s.setup(secret, k, n)
assert s.decrypt([s.join() for _ in range(k - 1)]) != secret
assert s.decrypt([s.join() for _ in range(k + 1)]) == secret
assert s.decrypt([s.join() for _ in range(k + 2)]) == secret
def decrypt(cls, c, priv, pub, s=1):
N, G = pub
d = priv
F = field(N**s, "N^s")
return F(damgard_jurik_reduce(
(c**d).value, N, s)) * ~F(damgard_jurik_reduce((G**d).value, N, s))
def decrypt(cls, c, priv, pub):
Lam = priv
N, G = pub
F = field(N, "N")
return F(L((c ** Lam).value, N)) * ~F(L(pow(G, Lam).value, N))