def generate_safe_prime(bits):
while True:
print 'trying prime'
p_ = millerrabin.generateLargePrime(bits-1)
if type(p_) is str:
print 'failed to find prime, trying again'
continue
p = 2*p_ + 1
if millerrabin.is_probable_prime(p):
return p
else:
'not a safe prime, trying again'
def generate_safe_prime(bits):
while True:
print 'trying prime'
p_ = millerrabin.generateLargePrime(bits - 1)
if type(p_) is str:
print 'failed to find prime, trying again'
continue
p = 2 * p_ + 1
if millerrabin.is_probable_prime(p):
return p
else:
'not a safe prime, trying again'
def dealer(bits=2048, players=10, k=5):
#random.seed(1203103)
global n, m, p, q, e, d, shares
assert bits == 2048, 'need different parameters'
p = safe_prime_1
q = safe_prime_2
assert p.bit_length() == q.bit_length() == 1024
n = p*q # RSA modulus
m = (p-1)/2 * (q-1)/2
trapdoors = dict(p=p, q=q)
# Public exponent
e = millerrabin.generateLargePrime(players.bit_length()+1)
# Compute d such that de == 1 mod m
d = gmpy2.divm(1, e, m)
assert (d*e) % m == 1
public_key = (n,e)
#print 'public_key', public_key
trapdoor = dict(d=d, p=p, q=q)
# Random polynomial coefficients
a = [d]
for i in range(1,k):
a.append(random.randrange(0,m))
assert len(a) == k
# Polynomial evaluation
def f(x):
y = 0
xx = 1
for coeff in a:
y += coeff * xx
xx *= x
return y
# Shares of master secret key
SKs = []
for i in range(1,players+1):
SKs.append(f(i))
# Random quadratic residue
VK = v = random_Qn(n)
# Verification keys
VKs = []
for i in range(players):
VKs.append(gmpy2.powmod(v, SKs[i], n))
public_key = ShoupPublicKey(n, e, players, k, VK, VKs)
secret_keys = [ShoupPrivateKey(n, e, players, k, VK, VKs, SK, i)
for i, SK in enumerate(SKs,start=1)]
for i in [0]:
S = set(range(1,k+1))
lhs = (public_key.Delta() * f(i)) % m
rhs = sum(public_key.lambdaS(S,i,j) * f(j) for j in S) % m
assert lhs == rhs
#print i, 'ok'
return public_key, secret_keys
def dealer(bits=2048, players=10, k=5):
#random.seed(1203103)
global n, m, p, q, e, d, shares
assert bits == 2048, 'need different parameters'
p = safe_prime_1
q = safe_prime_2
assert p.bit_length() == q.bit_length() == 1024
n = p * q # RSA modulus
m = (p - 1) / 2 * (q - 1) / 2
trapdoors = dict(p=p, q=q)
# Public exponent
e = millerrabin.generateLargePrime(players.bit_length() + 1)
# Compute d such that de == 1 mod m
d = gmpy2.divm(1, e, m)
assert (d * e) % m == 1
public_key = (n, e)
#print 'public_key', public_key
trapdoor = dict(d=d, p=p, q=q)
# Random polynomial coefficients
a = [d]
for i in range(1, k):
a.append(random.randrange(0, m))
assert len(a) == k
# Polynomial evaluation
def f(x):
y = 0
xx = 1
for coeff in a:
y += coeff * xx
xx *= x
return y
# Shares of master secret key
SKs = []
for i in range(1, players + 1):
SKs.append(f(i))
# Random quadratic residue
VK = v = random_Qn(n)
# Verification keys
VKs = []
for i in range(players):
VKs.append(gmpy2.powmod(v, SKs[i], n))
public_key = ShoupPublicKey(n, e, players, k, VK, VKs)
secret_keys = [
ShoupPrivateKey(n, e, players, k, VK, VKs, SK, i)
for i, SK in enumerate(SKs, start=1)
]
for i in [0]:
S = set(range(1, k + 1))
lhs = (public_key.Delta() * f(i)) % m
rhs = sum(public_key.lambdaS(S, i, j) * f(j) for j in S) % m
assert lhs == rhs
#print i, 'ok'
return public_key, secret_keys