def test_cfrag_str(capsule, kfrags):
cfrag0 = reencrypt(capsule, kfrags[0])
s = str(cfrag0)
assert 'VerifiedCapsuleFrag' in s
s = str(CapsuleFrag.from_bytes(bytes(cfrag0)))
assert "VerifiedCapsuleFrag" not in s
assert "CapsuleFrag" in s
def test_decrypt_unverified_cfrag(verification_keys, bobs_keys,
capsule_and_ciphertext, kfrags):
verifying_pk, delegating_pk, receiving_pk = verification_keys
receiving_sk, _receiving_pk = bobs_keys
capsule, ciphertext = capsule_and_ciphertext
cfrags = [reencrypt(capsule, kfrag) for kfrag in kfrags]
cfrags[0] = CapsuleFrag.from_bytes(bytes(cfrags[0]))
with pytest.raises(TypeError):
plaintext_reenc = decrypt_reencrypted(
receiving_sk=receiving_sk,
delegating_pk=delegating_pk,
capsule=capsule,
verified_cfrags=cfrags,
ciphertext=ciphertext,
)
def test_cfrag_with_wrong_capsule(verification_keys, kfrags, capsule_and_ciphertext, message):
capsule, ciphertext = capsule_and_ciphertext
verifying_pk, delegating_pk, receiving_pk = verification_keys
capsule_alice1 = capsule
capsule_alice2, _unused_key2 = Capsule.from_public_key(delegating_pk)
cfrag = reencrypt(capsule_alice2, kfrags[0])
cfrag = CapsuleFrag.from_bytes(bytes(cfrag)) # de-verify
with pytest.raises(VerificationError):
cfrag.verify(capsule_alice1,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
)
def test_cfrag_with_wrong_data(verification_keys, kfrags, capsule_and_ciphertext, message):
capsule, ciphertext = capsule_and_ciphertext
verifying_pk, delegating_pk, receiving_pk = verification_keys
cfrag = reencrypt(capsule, kfrags[0])
# Let's put random garbage in one of the cfrags
cfrag = CapsuleFrag.from_bytes(bytes(cfrag)) # de-verify
cfrag.point_e1 = CurvePoint.random()
cfrag.point_v1 = CurvePoint.random()
with pytest.raises(VerificationError):
cfrag.verify(capsule,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
)
def test_cfrag_is_hashable(verification_keys, capsule, kfrags):
verifying_pk, delegating_pk, receiving_pk = verification_keys
cfrag0 = reencrypt(capsule, kfrags[0])
cfrag1 = reencrypt(capsule, kfrags[1])
assert hash(cfrag0) != hash(cfrag1)
new_cfrag = CapsuleFrag.from_bytes(bytes(cfrag0))
assert hash(new_cfrag) != hash(cfrag0)
verified_cfrag = new_cfrag.verify(capsule,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
)
assert hash(verified_cfrag) == hash(cfrag0)
def test_cfrag_serialization(verification_keys, capsule, kfrags):
verifying_pk, delegating_pk, receiving_pk = verification_keys
for kfrag in kfrags:
cfrag = reencrypt(capsule, kfrag)
cfrag_bytes = bytes(cfrag)
new_cfrag = CapsuleFrag.from_bytes(cfrag_bytes)
verified_cfrag = new_cfrag.verify(capsule,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
)
assert verified_cfrag == cfrag
# Wrong delegating key
with pytest.raises(VerificationError):
new_cfrag.verify(capsule,
verifying_pk=verifying_pk,
delegating_pk=receiving_pk,
receiving_pk=receiving_pk,
)
# Wrong receiving key
with pytest.raises(VerificationError):
new_cfrag.verify(capsule,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=delegating_pk,
)
# Wrong signing key
with pytest.raises(VerificationError):
new_cfrag.verify(capsule,
verifying_pk=receiving_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
)
def test_serialized_size(capsule, kfrags):
verified_cfrag = reencrypt(capsule, kfrags[0])
cfrag = CapsuleFrag.from_bytes(bytes(verified_cfrag))
assert verified_cfrag.serialized_size() == cfrag.serialized_size()
# Bob must gather at least `threshold` `cfrags` in order to open the capsule.
cfrags = list() # Bob's cfrag collection
for kfrag in kfrags:
cfrag = reencrypt(capsule=capsule, kfrag=kfrag)
cfrags.append(cfrag) # Bob collects a cfrag
assert len(cfrags) == 10
# Bob checks the capsule fragments
# --------------------------------
# If Bob received the capsule fragments in serialized form,
# he can verify that they are valid and really originate from Alice,
# using Alice's public keys.
suspicious_cfrags = [CapsuleFrag.from_bytes(bytes(cfrag)) for cfrag in cfrags]
cfrags = [cfrag.verify(capsule,
verifying_pk=alices_verifying_key,
delegating_pk=alices_public_key,
receiving_pk=bobs_public_key,
)
for cfrag in suspicious_cfrags]
# Bob opens the capsule
# ------------------------------------
# Finally, Bob decrypts the re-encrypted ciphertext using his key.
bob_cleartext = decrypt_reencrypted(receiving_sk=bobs_secret_key,
delegating_pk=alices_public_key,
capsule=bob_capsule,
verifying_pk = signing_sk.public_key()
delegating_pk = delegating_sk.public_key()
receiving_pk = receiving_sk.public_key()
kfrags = generate_kfrags(delegating_sk=delegating_sk,
receiving_pk=receiving_pk,
signer=Signer(signing_sk),
threshold=6,
shares=10,
)
plain_data = b'peace at dawn'
capsule, ciphertext = encrypt(delegating_pk, plain_data)
cfrag = CapsuleFrag.from_bytes(bytes(reencrypt(capsule, kfrags[0])))
points = [capsule.point_e, cfrag.point_e1, cfrag.proof.point_e2,
capsule.point_v, cfrag.point_v1, cfrag.proof.point_v2,
cfrag.proof.kfrag_commitment, cfrag.proof.kfrag_pok]
z = cfrag.proof.signature
###########################
# CurveScalar arithmetics #
###########################
# Let's generate two random CurveScalars
bn1 = CurveScalar.random_nonzero()
bn2 = CurveScalar.random_nonzero()
