def main():
g, id, master = receive_params()
if master:
number = int(input("Enter the number of participants:\n"))
question = input("Enter the question: \n")
params = {"number": number, "question": question}
# print(params)
message = json.dumps(params).encode("utf-8")
c_socket.send(message)
sleep(0.1)
g_x, x = send_gx(g, id)
params = receive_gxs()
question = params["question"]
numbers = params["gxs"]
g_y = compute_g_y(numbers, id)
# print(g_y)
print("Question:")
print(question)
g_c_y = send_answer(g_y, x, id)
# print(g_c_y)
print("Waiting for other answers...")
answers = receive_gcy()
a = reduce(lambda x, y: x * y, answers, integer(1, G.p)) % G.p
if a == integer(1, G.p):
print("Answer: No")
else:
print("Answer: Yes")
def signer_state3(self, input):
print("SIGNER state #3")
rnd = (integer(randomBits(80)))
msg = integer(SHA1(Conversion.IP2OS(rnd)))
z1 = (msg**((p - 1) / q)) % p
(g, y, h, z) = Protocol.get(self, ['g', 'y', 'h', 'z'])
z2 = z / z1
u = self.group.random()
s1 = self.group.random()
s2 = self.group.random()
d = self.group.random()
a = g**u
b1 = (g**s1) * (z1**d)
b2 = (h**s2) * (z2**d)
Protocol.store(self, ('u', u), ('s1', s1), ('s2', s2), ('d', d))
Protocol.setState(self, 5)
return {'rnd': rnd, 'a': a, 'b1': b1, 'b2': b2}
def sumfree(self, x1, x2, pk):
'''Tests sum evaluations without encryption'''
msg1 = self.encode(x1, pk)
msg2 = self.encode(x2, pk)
prod = pai.encode(pk['n2'], msg1 * msg2)
sumres = integer(prod % pk['n2'] - integer(1) % pk['n2']) / pk['n']
return sumres
def collision(msg1, msg2, h):
#decrypt rand_key
rec_key = maabe.decrypt(public_parameters, user_sk, h['cipher']['rkc'])
#rec_key->symkey AE
rec_symcrypt = AuthenticatedCryptoAbstraction(extractor(rec_key))
#symdecrypt rec_etdsumstr
rec_etdsumbytes = rec_symcrypt.decrypt(h['cipher']['ec'])
rec_etdsumstr = str(rec_etdsumbytes, encoding="utf8")
#print("etdsumstr type=>",type(rec_etdsumstr))
#sumstr->etd str list
rec_etdtolist = cut_text(rec_etdsumstr, 309)
# print("rec_etdtolist=>",rec_etdtolist)
#etd str list->etd integer list
rec_etdint = {
'p1': integer(int(rec_etdtolist[0])),
'q1': integer(int(rec_etdtolist[1]))
}
#print("rec_etdint=>",rec_etdint)
r1 = chamHash.collision(msg1, msg2, h, rec_etdint, pk)
#if debug: print("new randomness =>", r1)
new_h = {
'h': h['h'],
'r': r1,
'cipher': h['cipher'],
'N1': h['N1'],
'e': h['e']
}
return new_h
def create_polynomial(G, fid, sk, z):
random.seed(str(sk) + fid)
coefficients = [integer(random.randrange(G.q), G.q) for _ in range(z + 1)]
for coeff in coefficients:
while coeff == 0:
coeff = integer(random.randrange(G.q), G.q)
return Polynomial(coefficients)
def main():
d_p = 5 # degree of polynomial P
k = 4 # Security parameter and degree of polynomial s
d = k * d_p # degree of polynomials P_x and Q
m = 2
# Sender has polynomial P of degree d_p
P = Polynomial(gen_coeffs(d_p))
# Sender generates random masking polynomial P_x of degree d
P_x = Polynomial(gen_coeffs(d))
# P_x(0) = 0
P_x[0] = integer(0, G.q)
# Sender defines bivariate polynomial Q which holds Q(0,y) = P(y)
Q = lambda x, y: reduce_mod(P_x(x) + P(y))
# Receiver generates alpha
alpha = G.random()
# Receiver chooses random polynomial S of degree k
S = Polynomial(gen_coeffs(k))
# S(0) = alpha
S[0] = alpha
# The receiver wants use univariate polynomial R(x) = Q(x,S(x))
# R(0) = Q(0,S(0)) = P(alpha)
# So if receiver is able to interpolate R, then can learn R(0) = P(alpha)
# Degree of R is d_r = d = k * d_p
# Receiver want to learn n values of R to interpolate the polynomial.
# To achieve that, receiver uses n-of-N OT
n = k * d_p + 1 # number of values of R required to interpolate R.
N = n * m # number of distinct random values x, all different from 0.
xs = [G.random() for _ in range(N)]
for x in xs:
while x == integer(0, G.q):
x = G.random()
# The receiver chooses a random set T of n indices between 1 and N.
T = list(range(N))
shuffle(T)
T = T[:n]
# Receiver defines N values y. The value yi is defined as
# S(xi) if i is in T, and is a random value if F otherwise.
# The receiver sends the N points (x,y) to the sender
Y = [(x, S(x) if i in T else G.random()) for i, x in enumerate(xs)]
# Sender evaluates Q(x,y) for each pair x,y in Y
Qs = [(x, Q(x, y)) for x, y in Y]
# Receiver chooses to learn R(x_i) values for i in T.
R_values = [v for i, v in enumerate(Qs) if i in T]
# Receiver interpolates R in order to learn R(0) = P(alpha)
R_0 = LI(integer(0, G.q), R_values)
P_alpha = P(alpha)
assert R_0 == P_alpha
def compute_g_y(numbers, id):
before = []
after = []
for element in numbers:
if element["id"] < id:
before.append(integer(element["g_x"], G.p))
elif element["id"] > id:
after.append(integer(element["g_x"], G.p))
mult_before = multiply(before)
mult_after = multiply(after)
return mult_before / mult_after
def testElGamal(self):
p = integer(148829018183496626261556856344710600327516732500226144177322012998064772051982752493460332138204351040296264880017943408846937646702376203733370973197019636813306480144595809796154634625021213611577190781215296823124523899584781302512549499802030946698512327294159881907114777803654670044046376468983244647367)
q = integer(74414509091748313130778428172355300163758366250113072088661006499032386025991376246730166069102175520148132440008971704423468823351188101866685486598509818406653240072297904898077317312510606805788595390607648411562261949792390651256274749901015473349256163647079940953557388901827335022023188234491622323683)
groupObj = IntegerGroupQ()
el = ElGamal(groupObj, p, q)
(pk, sk) = el.keygen()
msg = b"hello world!"
cipher1 = el.encrypt(pk, msg)
m = el.decrypt(pk, sk, cipher1)
assert m == msg, "Failed Decryption!!!"
if debug: print("SUCCESSFULLY DECRYPTED!!!")
def testDSA(self):
p = integer(156053402631691285300957066846581395905893621007563090607988086498527791650834395958624527746916581251903190331297268907675919283232442999706619659475326192111220545726433895802392432934926242553363253333261282122117343404703514696108330984423475697798156574052962658373571332699002716083130212467463571362679)
q = integer(78026701315845642650478533423290697952946810503781545303994043249263895825417197979312263873458290625951595165648634453837959641616221499853309829737663096055610272863216947901196216467463121276681626666630641061058671702351757348054165492211737848899078287026481329186785666349501358041565106233731785681339)
dsa = DSA(p, q)
(pk, sk) = dsa.keygen(1024)
m = "hello world test message!!!"
sig = dsa.sign(pk, sk, m)
assert dsa.verify(pk, sig, m), "Failed verification!"
if debug: print("Signature Verified!!!")
def destruction_keys(self, pk):
k = {}
for i in range(self.users):
k['k' + str(i)] = integer(
group.random(102)
) #exponentiation works only for small keys (needs investigation)
k[0] = integer(-1) * (
sum(k.values())
) #inverse of the sum of all user keys. Acts as annihilation for keys.
k[1] = (sum(k.values()))
#self.ak=integer(1)/integer(self.r)**integer(k[0])
return k
def test_3_homomorphic_multiplication(self):
"""Tests homomorphic multiplication of Paillier ciphertexts."""
output = "Paillier homomorphic multiplication failed on {0} and {1}."
# Each test case is (num1, num2, mul)
cases = [(1, 1, 1), (2, 4, 8), (-5, 5, -25), (6, -4, -24)]
for (a, b, m) in cases:
c1 = self.enc_scheme.encrypt(self.pk, integer(a, self.pk['n']))
c2 = c1 * integer(b, self.pk['n'])
d = self.enc_scheme.decrypt(self.pk, self.sk, c2)
self.assertEqual(d, integer(m, self.pk['n']), output.format(a, b))
def test_2_homomorphic_addition(self):
"""Tests homomorphic addition of Paillier ciphertexts."""
output = "Paillier homomorphic addition failed on {0} and {1}."
cases = [(1, 1, 2), (-1, 2, 1), (-3, 30, 27), (22, 22, 44)]
# Each test case is (num1, num2, sum)
for (a, b, s) in cases:
c1 = self.enc_scheme.encrypt(self.pk, integer(a, self.pk['n']))
c2 = self.enc_scheme.encrypt(self.pk, integer(b, self.pk['n']))
c3 = c1 + c2
d = self.enc_scheme.decrypt(self.pk, self.sk, c3)
self.assertEqual(d, integer(s, self.pk['n']), output.format(a, b))
def testCS98(self):
p = integer(156053402631691285300957066846581395905893621007563090607988086498527791650834395958624527746916581251903190331297268907675919283232442999706619659475326192111220545726433895802392432934926242553363253333261282122117343404703514696108330984423475697798156574052962658373571332699002716083130212467463571362679)
q = integer(78026701315845642650478533423290697952946810503781545303994043249263895825417197979312263873458290625951595165648634453837959641616221499853309829737663096055610272863216947901196216467463121276681626666630641061058671702351757348054165492211737848899078287026481329186785666349501358041565106233731785681339)
groupObj = IntegerGroup()
pkenc = CS98(groupObj, p, q)
(pk, sk) = pkenc.keygen(1024)
M = b"hello world. test message"
ciphertext = pkenc.encrypt(pk, M)
message = pkenc.decrypt(pk, sk, ciphertext)
assert M == message, "UNSUCCESSFUL!!!! :-( why?"
if debug: print("SUCCESSFULLY RECOVERED => %s" % message)
def server_to_client_1(self, server_set):
# Initialize the cryptosystem.
enc_scheme = Paillier()
pk, sk = enc_scheme.keygen(self.sec_param)
# Map the server set to the ring of Paillier ciphertexts, interpolate the unique
# polynomial representing the set, and encrypt its coefficients.
server_set_mapped = [integer(a, pk['n']) for a in server_set]
coefs = poly_from_roots(server_set_mapped, integer(-1, pk['n']), integer(1, pk['n']))
coef_cts = [enc_scheme.encrypt(pk, c) for c in coefs]
out = {'pk': pk, 'coef_cts': coef_cts}
server_state = {'pk': pk, 'sk': sk, 'server_set': server_set}
return out, server_state
def testElGamal(self):
p = integer(
148829018183496626261556856344710600327516732500226144177322012998064772051982752493460332138204351040296264880017943408846937646702376203733370973197019636813306480144595809796154634625021213611577190781215296823124523899584781302512549499802030946698512327294159881907114777803654670044046376468983244647367
)
q = integer(
74414509091748313130778428172355300163758366250113072088661006499032386025991376246730166069102175520148132440008971704423468823351188101866685486598509818406653240072297904898077317312510606805788595390607648411562261949792390651256274749901015473349256163647079940953557388901827335022023188234491622323683
)
groupObj = IntegerGroupQ()
el = ElGamal(groupObj, p, q)
(pk, sk) = el.keygen()
msg = b"hello world!"
cipher1 = el.encrypt(pk, msg)
m = el.decrypt(pk, sk, cipher1)
assert m == msg, "Failed Decryption!!!"
if debug: print("SUCCESSFULLY DECRYPTED!!!")
def client_to_server(self, client_set):
# Initialize the cryptosystem.
enc_scheme = Paillier()
pk, sk = enc_scheme.keygen(self.sec_param)
# Map the client set to the ring of Paillier ciphertexts, interpolate the unique
# polynomial representing the set, and encrypt its coefficients.
slient_set_mapped = [integer(a, pk['n']) for a in client_set]
coefs = poly_from_roots(slient_set_mapped, integer(-1, pk['n']), integer(1, pk['n']))
coef_cts = [enc_scheme.encrypt(pk, c) for c in coefs]
out = {'pk': pk, 'coef_cts': coef_cts}
client_state = {'pk': pk, 'sk': sk, 'client_set': client_set}
return out, client_state
def testSchnorrSig(self):
# test only parameters for p,q
p = integer(156816585111264668689583680968857341596876961491501655859473581156994765485015490912709775771877391134974110808285244016265856659644360836326566918061490651852930016078015163968109160397122004869749553669499102243382571334855815358562585736488447912605222780091120196023676916968821094827532746274593222577067)
q = integer(78408292555632334344791840484428670798438480745750827929736790578497382742507745456354887885938695567487055404142622008132928329822180418163283459030745325926465008039007581984054580198561002434874776834749551121691285667427907679281292868244223956302611390045560098011838458484410547413766373137296611288533)
pksig = SchnorrSig()
pksig.params(p, q)
(pk, sk) = pksig.keygen()
M = "hello world."
sig = pksig.sign(pk, sk, M)
assert pksig.verify(pk, sig, M), "Failed verification!"
if debug: print("Signature verified!!!!")
def generate_phi_set(G, g_r_Lf0, Tf, g_r):
phi_set = [(integer(0, G.q), g_r_Lf0)]
for m, t in Tf:
element = (m, g_r**t)
phi_set.append(element)
return phi_set
def client_to_server(self, client_set):
# Initialize the cryptosystem.
enc_scheme = ElGamalExp()
pk, sk = enc_scheme.keygen()
# Map the client set to the ring of ElGamal exponents, interpolate the unique
# polynomial representing the set, and encrypt its coefficients.
set_a_mapped = [integer(a, pk['order']) for a in client_set]
coefs = poly_from_roots(set_a_mapped, integer(-1, pk['order']),
integer(1, pk['order']))
coef_cts = [enc_scheme.encrypt(pk, int(c)) for c in coefs]
out = {'pk': pk, 'coef_cts': coef_cts}
client_state = {'pk': pk, 'sk': sk, 'client_set': client_set}
return out, client_state
def user_state4(self, input):
print("USER state #4")
p = self.group.p
q = self.group.q
a = input.get('a')
b = input.get('b')
s = input.get('s')
g, y = Protocol.get(self, ['g', 'y'])
t1 = self.group.random()
t2 = self.group.random()
t3 = self.group.random()
t4 = self.group.random()
str = "info"
msg = integer(SHA2(str))
z = (msg**((p - 1) / q)) % p
alpha = a * (g**t1) * (y**t2) % p
beta = b * (g**t3) * (z**t4) % p
epsilon = self.group.hash(alpha, beta, z, "msg")
e = epsilon - t2 - t4
Protocol.store(self, ('z', z), ('s', s), ('t1', t1), ('t2', t2),
('t3', t3), ('t4', t4), ('alpha', alpha),
('beta', beta))
Protocol.setState(self, 6)
return {'e': e}
def sum(self, x1, x2, pk, k0):
prod = pai.encode(pk['n2'], x1 * x2)
inter = pai.encode(pk['n2'],
integer(self.r)**integer(integer(-1) * k0))
inter2 = (integer(prod) / integer(inter))
sumres = integer(inter2 % pk['n2'] - integer(1) % pk['n2']) / pk['n']
return sumres
def testCS98(self):
p = integer(
156053402631691285300957066846581395905893621007563090607988086498527791650834395958624527746916581251903190331297268907675919283232442999706619659475326192111220545726433895802392432934926242553363253333261282122117343404703514696108330984423475697798156574052962658373571332699002716083130212467463571362679
)
q = integer(
78026701315845642650478533423290697952946810503781545303994043249263895825417197979312263873458290625951595165648634453837959641616221499853309829737663096055610272863216947901196216467463121276681626666630641061058671702351757348054165492211737848899078287026481329186785666349501358041565106233731785681339
)
groupObj = IntegerGroup()
pkenc = CS98(groupObj, p, q)
(pk, sk) = pkenc.keygen(1024)
M = b"hello world. test message"
ciphertext = pkenc.encrypt(pk, M)
message = pkenc.decrypt(pk, sk, ciphertext)
assert M == message, "UNSUCCESSFUL!!!! :-( why?"
if debug: print("SUCCESSFULLY RECOVERED => %s" % message)
def testIntegerGroup(self):
self.maxDiff=None
groupObj = IntegerGroup()
p = integer(148829018183496626261556856344710600327516732500226144177322012998064772051982752493460332138204351040296264880017943408846937646702376203733370973197019636813306480144595809796154634625021213611577190781215296823124523899584781302512549499802030946698512327294159881907114777803654670044046376468983244647367)
data={'p':p,'String':"foo",'list':[p,{},1,1.7, b'dfa']}
x=objectToBytes(data,groupObj)
data2=bytesToObject(x,groupObj)
self.assertEqual(data,data2)
def testChamHash_HW09(self):
# test p and q primes for unit tests only
p = integer(164960892556379843852747960442703555069442262500242170785496141408191025653791149960117681934982863436763270287998062485836533436731979391762052869620652382502450810563192532079839617163226459506619269739544815249458016088505187490329968102214003929285843634017082702266003694786919671197914296386150563930299)
q = integer(82480446278189921926373980221351777534721131250121085392748070704095512826895574980058840967491431718381635143999031242918266718365989695881026434810326191251225405281596266039919808581613229753309634869772407624729008044252593745164984051107001964642921817008541351133001847393459835598957148193075281965149)
chamHash = ChamHash_HW09()
(pk, sk) = chamHash.paramgen(1024, p, q)
msg = "Hello world this is the message!"
(h, r) = chamHash.hash(pk, msg)
if debug: print("Hash...")
if debug: print("sig =>", h)
(h1, r1) = chamHash.hash(pk, msg, r)
if debug: print("sig 2 =>", h1)
assert h == h1, "Signature failed!!!"
if debug: print("Signature generated correctly!!!")
def testCL03(self):
pksig = Sig_CL03()
p = integer(21281327767482252741932894893985715222965623124768085901716557791820905647984944443933101657552322341359898014680608292582311911954091137905079983298534519)
q = integer(25806791860198780216123533220157510131833627659100364815258741328806284055493647951841418122944864389129382151632630375439181728665686745203837140362092027)
(pk, sk) = pksig.keygen(1024, p, q)
if debug:
print("Public parameters...")
print("pk =>", pk)
print("sk =>", sk)
m = integer(SHA1(b'This is the message I want to hash.'))
sig = pksig.sign(pk, sk, m)
if debug:
print("Signature...")
print("sig =>", sig)
assert pksig.verify(pk, m, sig), "FAILED VERIFICATION!!!"
if debug: print("Successful Verification!!!")
def testIntegerGroup(self):
self.maxDiff = None
groupObj = IntegerGroup()
p = integer(
148829018183496626261556856344710600327516732500226144177322012998064772051982752493460332138204351040296264880017943408846937646702376203733370973197019636813306480144595809796154634625021213611577190781215296823124523899584781302512549499802030946698512327294159881907114777803654670044046376468983244647367
)
data = {'p': p, 'String': "foo", 'list': [p, {}, 1, 1.7, b'dfa']}
x = objectToBytes(data, groupObj)
data2 = bytesToObject(x, groupObj)
self.assertEqual(data, data2)
def __init__(self, group, k, degree_of_polynomial):
self.group = group
# create Alices polynomial
self.polynomial = Polynomial(
[group.random() for _ in range(degree_of_polynomial + 1)])
# create masked polynomial
self.masked_polynomial = Polynomial(
[group.random() for _ in range(degree_of_polynomial * k + 1)])
# add point 0,0 to polynomial
self.masked_polynomial.__set_item__(0, integer(0, group.q))
def testChamHash_Adm05(self):
# fixed params for unit tests
p = integer(141660875619984104245410764464185421040193281776686085728248762539241852738181649330509191671665849071206347515263344232662465937366909502530516774705282764748558934610432918614104329009095808618770549804432868118610669336907161081169097403439689930233383598055540343198389409225338204714777812724565461351567)
q = integer(70830437809992052122705382232092710520096640888343042864124381269620926369090824665254595835832924535603173757631672116331232968683454751265258387352641382374279467305216459307052164504547904309385274902216434059305334668453580540584548701719844965116691799027770171599194704612669102357388906362282730675783)
chamHash = ChamHash_Adm05(p, q)
#TODO: how long is paramgen supposed to take?
(pk, sk) = chamHash.paramgen()
if debug: print("pk => ", pk)
if debug: print("sk => ", sk)
msg = "Hello world this is the message!"
(h, r, s) = chamHash.hash(pk, msg)
if debug: print("Hash...")
if debug: print("sig =>", h)
(h1, r1, s1) = chamHash.hash(pk, msg, r, s)
if debug: print("sig 2 =>", h1)
assert h == h1, "Signature failed!!!"
if debug: print("Signature generated correctly!!!")
def challenge_response(self, input, message):
rnd = input.get('rnd')
a = input.get('a')
b1 = input.get('b1')
b2 = input.get('b2')
msg = integer(Conversion.OS2IP(SHA1(Conversion.IP2OS(rnd))))
z1 = (msg**((self.p - 1) / self.q)) % self.p
gamma = self.group.random()
tau = self.group.random()
t1 = self.group.random()
t2 = self.group.random()
t3 = self.group.random()
t4 = self.group.random()
t5 = self.group.random()
zeta = self.z**gamma
zeta1 = z1**gamma
zeta2 = zeta / zeta1
alpha = a * (self.g**t1) * (self.y**t2) % self.p
beta1 = (b1**gamma) * (self.g**t3) * (zeta1**t4) % self.p
beta2 = (b2**gamma) * (self.h**t5) * (zeta2**t4) % self.p
eta = self.z**tau
epsilon = integer(
hash_int([zeta, zeta1, alpha, beta1, beta2, eta, message
])) % self.q
e = (epsilon - t2 - t4) % self.q
self.__store__(self, ('z1', z1), ('zeta', zeta), ('zeta1', zeta1))
self.__store__(self, ('zeta2', zeta2), ('alpha', alpha),
('beta1', beta1), ('beta2', beta2))
self.__store__(self, ('t1', t1), ('t2', t2), ('t3', t3), ('t4', t4),
('t5', t5))
self.__store__(self, ('gamma', gamma), ('tau', tau), ('eta', eta))
return {'e': e}
def receive_params():
while True:
try:
msg = c_socket.recv(BUFSIZ).decode("utf-8")
params = json.loads(msg)
G.setparam(params["p"], params["q"])
G.r = 2
g = integer(params["g"], G.p)
print("Received Parameters")
return g, params["id"], params["master"]
except OSError: # Possibly client has left the chat.
break
def receive_gcy():
while True:
try:
msg = c_socket.recv(BUFSIZ).decode("utf-8")
params = json.loads(msg)
# print(params)
answers = []
for element in params:
answers.append(integer(element["gcy"], G.p))
return answers
except OSError: # Possibly client has left the chat.
break
def __init__(self, group=None, p=0, q=0, secparam=512):
self.group = group if group is not None else IntegerGroupQ()
self.group.p, self.group.q, self.group.r = p, q, 2
if self.group.p == 0 or self.group.q == 0:
self.group.paramgen(secparam)
self.p = self.group.p
self.q = self.group.q
self.x, self.g, = self.group.random(), self.group.randomGen()
self.z, self.h, = self.group.randomGen(), self.group.randomGen()
self.y = (self.g ** self.x) % self.p
hs1 = hashlib.new('sha256')
hs1.update(Conversion.IP2OS(integer(self.p)))
hs1.update(Conversion.IP2OS(integer(self.q)))
hs1.update(Conversion.IP2OS(integer(self.g)))
hs1.update(Conversion.IP2OS(integer(self.h)))
hs1.update(Conversion.IP2OS(integer(self.y)))
msg = integer(Conversion.OS2IP(hs1.digest()))
self.z = ((msg ** ((self.p - 1) / self.q)) % self.p)
self.u = None
self.d = None
self.s1 = None
self.s2 = None
def testChamHash_HW09(self):
# test p and q primes for unit tests only
p = integer(
164960892556379843852747960442703555069442262500242170785496141408191025653791149960117681934982863436763270287998062485836533436731979391762052869620652382502450810563192532079839617163226459506619269739544815249458016088505187490329968102214003929285843634017082702266003694786919671197914296386150563930299
)
q = integer(
82480446278189921926373980221351777534721131250121085392748070704095512826895574980058840967491431718381635143999031242918266718365989695881026434810326191251225405281596266039919808581613229753309634869772407624729008044252593745164984051107001964642921817008541351133001847393459835598957148193075281965149
)
chamHash = ChamHash_HW09()
(pk, sk) = chamHash.paramgen(1024, p, q)
msg = "Hello world this is the message!"
(h, r) = chamHash.hash(pk, msg)
if debug: print("Hash...")
if debug: print("sig =>", h)
(h1, r1) = chamHash.hash(pk, msg, r)
if debug: print("sig 2 =>", h1)
assert h == h1, "Signature failed!!!"
if debug: print("Signature generated correctly!!!")
def testChamHash_Adm05(self):
# fixed params for unit tests
p = integer(
141660875619984104245410764464185421040193281776686085728248762539241852738181649330509191671665849071206347515263344232662465937366909502530516774705282764748558934610432918614104329009095808618770549804432868118610669336907161081169097403439689930233383598055540343198389409225338204714777812724565461351567
)
q = integer(
70830437809992052122705382232092710520096640888343042864124381269620926369090824665254595835832924535603173757631672116331232968683454751265258387352641382374279467305216459307052164504547904309385274902216434059305334668453580540584548701719844965116691799027770171599194704612669102357388906362282730675783
)
chamHash = ChamHash_Adm05(p, q)
#TODO: how long is paramgen supposed to take?
(pk, sk) = chamHash.paramgen()
if debug: print("pk => ", pk)
if debug: print("sk => ", sk)
msg = "Hello world this is the message!"
(h, r, s) = chamHash.hash(pk, msg)
if debug: print("Hash...")
if debug: print("sig =>", h)
(h1, r1, s1) = chamHash.hash(pk, msg, r, s)
if debug: print("sig 2 =>", h1)
assert h == h1, "Signature failed!!!"
if debug: print("Signature generated correctly!!!")
def encrypt(self, pk, M):
r = group.random()
ka=bytes(str(int(pk['h'] ** r)), 'utf-8')
salt=b'This is salt'
salt2=b'This is salty'
k=group.encode(pbkdf2.pbkdf2(hashlib.sha256,ka, salt, 32000, 16))
K=group.encode(pbkdf2.pbkdf2(hashlib.sha256,ka, salt2, 32000, 16))
u1 = pk['g1'] ** r
u2 = pk['g2'] ** r
alpha = group.hash((u1, u2))
#msg = group.encode(M)
chi = K ^ integer(M)
v = (pk['c'] ** r) * (pk['d'] ** (r * alpha))
t=hmac.new(bytes(str(int(k)),'utf-8'),bytes(str(chi),"utf-8"),digestmod=sha1hashlib).hexdigest()
c = { 'u1' : u1, 'u2' : u2, 'v' : v, 'chi' : chi, 't' : t}
return c
def user_state4(self, input):
print("USER state #4")
(g, y, h, z) = Protocol.get(self, ['g', 'y', 'h', 'z'])
rnd = input.get('rnd')
a = input.get('a')
b1 = input.get('b1')
b2 = input.get('b2')
msg = integer(SHA1(Conversion.IP2OS(rnd)))
z1 = (msg**((p - 1) / q)) % p
gamma = self.group.random()
tau = self.group.random()
t1 = self.group.random()
t2 = self.group.random()
t3 = self.group.random()
t4 = self.group.random()
t5 = self.group.random()
zeta = z**gamma
zeta1 = z1**gamma
zeta2 = zeta / zeta1
alpha = a * (g**t1) * (y**t2) % p
beta1 = (b1**gamma) * (g**t3) * (zeta1**t4) % p
beta2 = (b2**gamma) * (h**t5) * (zeta2**t4) % p
eta = z**tau
epsilon = self.group.hash(zeta, zeta1, alpha, beta1, beta2, eta, "msg")
e = epsilon - t2 - t4
Protocol.store(self, ('z', z), ('z1', z1), ('zeta', zeta),
('zeta1', zeta1))
Protocol.store(self, ('zeta2', zeta2), ('alpha', alpha),
('beta1', beta1), ('beta2', beta2))
Protocol.store(self, ('t1', t1), ('t2', t2), ('t3', t3), ('t4', t4),
('t5', t5))
Protocol.store(self, ('gamma', gamma), ('tau', tau), ('eta', eta))
Protocol.setState(self, 6)
return {'e': e}
def verify(self, signature, message):
zeta = signature.get('zeta')
zeta1 = signature.get('zeta1')
rho = signature.get('rho')
omega = signature.get('omega')
sigma1 = signature.get('sigma1')
sigma2 = signature.get('sigma2')
delta = signature.get('delta')
mu = signature.get('mu')
tmp1 = (self.g ** rho) * (self.y ** omega) % self.p
tmp2 = (self.g ** sigma1) * (zeta1 ** delta) % self.p
tmp3 = (self.h ** sigma2) * ((zeta / zeta1) ** delta) % self.p
tmp4 = (self.z ** mu) * (zeta ** delta) % self.p
p1 = (omega + delta) % self.q
p2 = integer(hash_int([zeta, zeta1, tmp1, tmp2, tmp3, tmp4, message])) % self.q
return p1 == p2
def encode(self, modulus, message):
# takes a string and represents as a bytes object
elem = integer(message)
return elem % modulus
def randomize(self, r): # need to provide random value
lhs = dict.__getitem__(self, self.key)
rhs = (integer(r) ** self.pk['n']) % self.pk['n2']
return Ciphertext({self.key:(lhs * rhs) % self.pk['n2']})
def L(self, u, n):
return integer(int(u - 1)) / n