def verify(self, m, pair):
r = crypturd.bigendian2int(pair[1:ord(pair[0]) + 1])
s = crypturd.bigendian2int(pair[ord(pair[0]) + 1:])
if not (0 < r and r < self.q and 0 < s and s < self.q):
return False
w = crypturd.modinv(s, self.q)
u1 = (crypturd.littleendian2int(self.h(m)) * w) % self.q
u2 = (r * w) % self.q
v = ((crypturd.modexp(self.g, u1, self.p) *
crypturd.modexp(self.y, u2, self.p)) % self.p) % self.q
return r == v
def ECDH_calculate_common_secret(pk, secret, curve=Ed25519):
# calculate G*a*b as an integer
gab = (pk * crypturd.bigendian2int(secret))
# Convert to string
common_secret = crypturd.sha.sha256(
crypturd.common.int2bigendian(gab.y, 32) +
crypturd.common.int2bigendian(gab.x, 32))
return common_secret
def sign_right(msg2, sk):
"Sign 2 256-bit values using hash-bash signatures (second part)"
msg2 = crypturd.fixed_length_key(msg2, 32)
sig = ""
M2 = crypturd.bigendian2int(msg2)
for i in range(256):
zero = sk[i * 64 + 16384:i * 64 + 16416]
one = sk[i * 64 + 16416:i * 64 + 16448]
if ((1 << i) & M2) > 0:
zero = crypturd.sha256(zero)
else:
one = crypturd.sha256(one)
sig += zero + one
return sig
def sign_left(msg1, sk):
"Sign 2 256-bit values using hash-bash signatures (first part)"
msg1 = crypturd.fixed_length_key(msg1, 32)
M1 = crypturd.bigendian2int(msg1)
sig = ""
for i in range(256):
zero = sk[i * 64:i * 64 + 32]
one = sk[i * 64 + 32:i * 64 + 64]
if ((1 << i) & M1) > 0:
zero = crypturd.sha256(zero)
else:
one = crypturd.sha256(one)
sig += zero + one
return sig
def digest_right(msg2, sig):
"verify 2 256-bit values using hash-bash signatures (second part)"
msg1 = crypturd.fixed_length_key(msg2, 32)
digest2 = ""
M2 = crypturd.bigendian2int(msg2)
for i in range(256):
zero = sig[i * 64 + 16384:i * 64 + 16416]
one = sig[i * 64 + 16416:i * 64 + 16448]
if ((1 << i) & M2) > 0:
one = crypturd.sha256(one)
else:
zero = crypturd.sha256(zero)
digest2 += zero + one
return sha256(digest2)
def digest_left(msg1, sig):
"verify 2 256-bit values using hash-bash signatures (first part)"
msg1 = crypturd.fixed_length_key(msg1, 32)
digest1 = ""
M1 = crypturd.bigendian2int(msg1)
for i in range(256):
zero = sig[i * 64:i * 64 + 32]
one = sig[i * 64 + 32:i * 64 + 64]
if ((1 << i) & M1) > 0:
one = crypturd.sha256(one)
else:
zero = crypturd.sha256(zero)
digest1 += zero + one
return sha256(digest1)
def decode_tuple(pair):
"Decode string into tuple of integers"
r = crypturd.bigendian2int(pair[1:ord(pair[0])+1])
s = crypturd.bigendian2int(pair[ord(pair[0])+1:])
return r,s