def collision(self, m, m1, xi, etd, pk):
phi_NN1 = pk['phi_N'] * (xi['N1'] - etd['p1'] - etd['q1'] + 1)
d = (xi['e'] ** -1) % (phi_NN1)
print('d=>',d)
if d == 1 / xi['e']:
print('reverse')
M1 = Conversion.bytes2integer(m1)
M = Conversion.bytes2integer(m)
h = (group.hash(M) * (xi['r'] ** xi['e'])) % (pk['N'] * xi['N1'])
r1 = (((group.hash(M1) ** (-1)) * h) ** d) % (pk['N'] * xi['N1'])
print("r1 =>", r1)
return r1
def hashcheck(self, pk, message, xi):
M = Conversion.bytes2integer(message)
h1 = group.hash(M) * (xi['r']**xi['e']) % (pk['N'] * xi['N1'])
if h1 == xi['h']:
return True
else:
return False
def hash(self, pk, message, r = 0):
N, J, e = pk['N'], pk['J'], pk['e']
if r == 0:
r = group.random(N)
M = Conversion.bytes2integer(message)
h = ((J ** M) * (r ** e)) % N
return (h, r)
def eval(self, k, input1):
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input1)
return Conversion.bytes2integer(h.hexdigest())
def eval(self, k, input1):
if type(k) == integer:
h = hmac.new(serialize(k), b'', hashlib.sha1)
else:
h = hmac.new(serialize(integer(k)), b'', hashlib.sha1)
h.update(input1)
return Conversion.bytes2integer(h.hexdigest())
def hash(self, pk, sk, message, r=0):
# generate ephemeral trapdoors(p1,q1)
while True:
p1, q1 = randomPrime(pk['secparam']), randomPrime(pk['secparam'])
# print("p1,q1=>",p1,q1)
if isPrime(p1) and isPrime(q1) and p1 != q1:
N1 = p1 * q1
if not gcd(N1, pk['N']) == 1:
continue
break
if r == 0:
r = random(N1 * pk['N'])
# print("r=>",r)
# print("(p1,q1,N1)=>", (p1,q1,N1))
# print("N*N1=>",N1 * pk['N'])
phi_NN1 = pk['phi_N'] * (N1 - p1 - q1 + 1)
# print("phi_NN1=>", phi_NN1)
# find e inverse mod N1 * N, so gcd(e,phi_NN1)==1
while True:
e = random(phi_NN1)
if not gcd(e, phi_NN1) == 1:
continue
break
M = Conversion.bytes2integer(message)
# print("M =>",M)
# to set hash modular N * N1()
group.q = N1 * pk['N']
group.p = group.q * 2 + 1
# print("q=>",group.q)
# print("M hash=>", group.hash(M))
h = (group.hash(M) * (r**e)) % (N1 * pk['N'])
xi = {'h': h, 'r': r, 'N1': N1, 'p1': p1, 'q1': q1, 'e': e}
# print("e=>",xi['e'])
return xi
from charm.core.math.integer import integer, randomBits
from charm.toolbox.conversion import Conversion
from idemix.issuer import Issuer
from idemix.recipient import Recipient
from idemix.settings import lm, l, secparam
from idemix.verifier import Verifier
context = integer(randomBits(lm))
attr = {'1': 'student', '2': 'italian', '3': 'age'}
for id, value in attr.iteritems():
h_challenge = hashlib.new('sha256')
h_challenge.update(str(value))
attr[id] = Conversion.bytes2integer(h_challenge.digest())
issuer = Issuer(len(attr), 0, 0, secparam, context)
pk_i, sk_i = issuer.gen_key_pair()
# print sk_i
assert issuer.selfTest()
user = Recipient(pk_i, context)
user.gen_master_secret()
user.set_attributes(attr)
# attr = user.gen_random_attributes(l)
# ISSUING PROTOCOL
n1 = issuer.round_0() # Generate nonce
p1, n2 = user.round_1(n1)
from charm.core.math.integer import integer, randomBits
from charm.toolbox.conversion import Conversion
from idemix.issuer import Issuer
from idemix.recipient import Recipient
from idemix.settings import lm, l, secparam
from idemix.verifier import Verifier
context = integer(randomBits(lm))
attr = {'1': 'student', '2': 'italian', '3': 'age'}
for id, value in attr.iteritems():
h_challenge = hashlib.new('sha256')
h_challenge.update(str(value))
attr[id] = Conversion.bytes2integer(h_challenge.digest())
issuer = Issuer(len(attr), 0, 0, secparam, context)
pk_i, sk_i = issuer.gen_key_pair()
# print sk_i
assert issuer.selfTest()
user = Recipient(pk_i, context)
user.gen_master_secret()
user.set_attributes(attr)
# attr = user.gen_random_attributes(l)
# ISSUING PROTOCOL
n1 = issuer.round_0() # Generate nonce
p1, n2 = user.round_1(n1)
signature, P2 = issuer.round_2(p1['U'], p1, attr, n2)