def issuerHandler(issueparam): group = ECGroup(security_dict[issueparam.L]) g = group.deserialize(str.encode(issueparam.sg)) h = group.deserialize(str.encode(issueparam.sh)) # print(issueparam.yt) #####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!####### # xt = group.random(ZR) # yt = g ** xt # print('xt: ----====>>>') # print(xt) yt = point2Obj(int(issueparam.yt), group) #####!!!!!!!!!!!!!!!!!!!!!!!Danger!!!!!!!!!!!!!!####### gamma = group.init(ZR, int(issueparam.gamma)) z = group.deserialize(str.encode(issueparam.sz)) zu = z**(gamma**-1) v, u, d, s1, s2 = (group.random(ZR) for i in range(5)) t1, t2, t3, t4, t5 = (group.random(ZR) for i in range(5)) z1 = yt**v z2 = zu / z1 a = g**u b1 = (g**s1) * (z1**d) b2 = (h**s2) * (z2**d) ret = [zu, v, u, d, s1, s2, \ t1, t2, t3, t4, t5, \ z1, z2, a, b1, b2,\ bytes.decode(group.serialize(zu)), bytes.decode(group.serialize(z1)), bytes.decode(group.serialize(z2)),\ bytes.decode(group.serialize(a)), bytes.decode(group.serialize(b1)), bytes.decode(group.serialize(b2))] return (str(k) for k in ret)
def oneHandler(oneParameter): group = ECGroup(security_dict[oneParameter.L]) t1 = group.init(ZR, int(oneParameter.t1)) t2 = group.init(ZR, int(oneParameter.t2)) t3 = group.init(ZR, int(oneParameter.t3)) t4 = group.init(ZR, int(oneParameter.t4)) t5 = group.init(ZR, int(oneParameter.t5)) gamma = group.init(ZR, int(oneParameter.gamma)) z1 = group.deserialize(str.encode(oneParameter.sz1)) z = group.deserialize(str.encode(oneParameter.sz)) a = group.deserialize(str.encode(oneParameter.sa)) b1 = group.deserialize(str.encode(oneParameter.sb1)) b2 = group.deserialize(str.encode(oneParameter.sb2)) g = group.deserialize(str.encode(oneParameter.sg)) h = group.deserialize(str.encode(oneParameter.sh)) y = group.deserialize(str.encode(oneParameter.sy)) message = oneParameter.M d = group.init(ZR, int(oneParameter.d)) u = group.init(ZR, int(oneParameter.u)) x = group.init(ZR, int(oneParameter.x)) s1 = group.init(ZR, int(oneParameter.s1)) s2 = group.init(ZR, int(oneParameter.s2)) zeta1 = z1**gamma zeta2 = z / zeta1 alpha = a * (g**t1) * (y**t2) beta1 = (b1**gamma) * (g**t3) * (zeta1**t5) beta2 = (b2**gamma) * (h**t4) * (zeta2**t5) epsilon = group.hash((zeta1, alpha, beta1, beta2, message), ZR) e = epsilon - t2 - t5 ####--------------------------------------- c = e - d r = u - c * x ####======================================= roi = r + t1 omega = c + t2 sigma1 = gamma * s1 + t3 sigma2 = gamma * s2 + t4 delta = d + t5 ####---------------------------------------- xi = group.deserialize(str.encode(oneParameter.sxi)) v = group.init(ZR, int(oneParameter.v)) xiv = xi**v ret = [ zeta1, zeta2, alpha, beta1, beta2, epsilon, e, c, r, roi, omega, sigma1, sigma2, delta, xiv, bytes.decode(group.serialize(xiv)), bytes.decode(group.serialize(zeta1)), bytes.decode(group.serialize(zeta2)) ] return (str(i) for i in ret)
def initHandler(kappa): group = ECGroup(kappa) g, h = group.random(G), group.random(G) x, gamma = group.random(ZR), group.random(ZR) y, xi = g**x, g**gamma z = group.hash((g, h, y), G) ret = [g, h,\ bytes.decode(group.serialize(g)), bytes.decode(group.serialize(h)),\ x, y, gamma, xi,\ bytes.decode(group.serialize(y)), bytes.decode(group.serialize(xi)),\ z, bytes.decode(group.serialize(z))] return (str(k) for k in ret)
start_mul256 = time.process_time() for i in range(1000): A = a * b end_mul256 = time.process_time() total_time_mul256 = (end_mul256 - start_mul256) * 1000 start_rand256 = time.process_time() for i in range(1000): b = group256.random(ZR) end_rand256 = time.process_time() total_time_rand256 = (end_rand256 - start_rand256) * 1000 b = group256.random(G) start_ser256 = time.process_time() for i in range(1000): bs = group256.serialize(b) end_ser256 = time.process_time() total_time_ser256 = (end_ser256 - start_ser256) * 1000 g = g283 a = group283.random(ZR) B = g**a start_exp283 = time.process_time() for i in range(1000): A = g**a end_exp283 = time.process_time() total_time_exp283 = (end_exp283 - start_exp283) * 1000 b = group283.random(ZR) start_mul283 = time.process_time()
class Intersection(NonInteractiveSetIntersection): """Two-Client Set Intersect scheme""" client_count = 2 def __init__(self, curve=prime256v1): super().__init__() self.group = ECGroup(curve) self.g = self.group.random(G) def setup(self, secpar): """Generate the clients' keys""" self.secpar = secpar sigma = self.group.random(ZR) msk = os.urandom(secpar // 8) return ((msk, sigma), (msk, 1 - sigma)) def _phi(self, cipher, pt): """PRF mapping pt to a group element""" padding_len = 16 - (len(pt) % 16) pt = pt + b'\0' * padding_len encryptor = cipher.encryptor() ct = encryptor.update(pt) + encryptor.finalize() exponent = int.from_bytes(ct, 'big') % self.group.order() return self.g**exponent def _H(self, g): """Mapping of g to bytes Can be used to map a group element g to an AE key.""" prefix = b'\x00' hashable = prefix + self.group.serialize(g) h = hashlib.sha256(hashable).digest() return h[:16] def _H_bytes(self, g): """Mapping of g to bytes Can be used to map a group element g to an AE nonce.""" prefix = b'\x01' hashable = prefix + self.group.serialize(g) h = hashlib.sha256(hashable).digest() return h def encrypt(self, usk, gid, pt_set): """Encrypt a plaintext set under a gid using usk Returns a dict of ciphertexts.""" msk, sigma = usk iv = gid cipher = Cipher(algorithms.AES(msk), modes.CBC(iv), backend=default_backend()) ct_dict = {} for pt in pt_set: k = self._phi(cipher, pt) ct1 = self.group.serialize(k**sigma) # use deterministic authenticated encryption ae_key = self._H(k) ae_nonce = self._H_bytes(k)[:12] ae = AESGCM(ae_key) ct2 = (ae_nonce, ae.encrypt(ae_nonce, pt, None)) ct_dict[ae_key] = (ct1, ct2) return ct_dict def eval(self, ct_sets): """Evaluates the ciphertexts for determining the cardinality of the set intersection Expects two dicts of ciphertexts.""" pt_intersection = set() ct_intersection = ct_sets[0].keys() & ct_sets[1].keys() for k in ct_intersection: g1 = self.group.deserialize(ct_sets[0][k][0]) g2 = self.group.deserialize(ct_sets[1][k][0]) key = g1 * g2 # decrypt using ct_sets[0] ae_nonce, ct = ct_sets[0][k][1] ae_key = self._H(key) ae = AESGCM(ae_key) pt = ae.decrypt(ae_nonce, ct, None) pt_intersection.add(pt) return pt_intersection
class Cardinality(NonInteractiveSetIntersection): """Multi-client Set Intersect Cardinality scheme""" def __init__(self, curve=prime256v1): super().__init__() self.group = ECGroup(curve) self.g = self.group.random(G) def setup(self, secpar, client_count): """Generate the clients' keys""" self.client_count = client_count usks = [self.group.random(ZR) for _ in range(client_count - 1)] usks.append(-sum(usks)) return usks def encrypt(self, usk, gid, pt_set): """Encrypt a plaintext set under a gid using usk Returns a set of ciphertexts.""" H = self.group.hash ct_set = {self.group.serialize(H(gid + pt, G)**usk) for pt in pt_set} return ct_set def eval(self, ct_sets): """Evaluates the ciphertexts for determining the cardinality of the set intersection Expects a list or set of ciphertexts.""" one = self.g**0 def intersection_count(ct_sets, product=one): # Recursive function call to compute the Cartesian product # Features: # 1) remember the partial product; # 2) avoid computations with elements for which we know that they # belong to the intersection. ct_set, ct_sets = set(ct_sets[-1]), ct_sets[:-1] count = 0 if ct_sets == []: for ct_str in ct_set: ct = self.group.deserialize(ct_str) if product * ct == one: ct_set.remove(ct_str) count = 1 break else: for ct_str in ct_set.copy(): ct = self.group.deserialize(ct_str) found, ct_sets = intersection_count(ct_sets, product * ct) if found == 1: ct_set.remove(ct_str) count += 1 # Note that we cannot break here: if we would break # here, we might skip other ct's that are in the set. ct_sets.append(ct_set) return (count, ct_sets) cardinality, _ = intersection_count(list(ct_sets)) return cardinality