def params(self, p=0, q=0, bits=1024):
global group
group = IntegerGroupQ(0)
if p == 0 or q == 0:
group.paramgen(bits)
else:
group.p, group.q, group.r = p, q, 2
def init1():
group = IntegerGroupQ()
group.paramgen(bit)
alpha = group.randomGen()
key = group.random()
beta = alpha ** key
x = [ odd_random(group) for _ in range(numbers['cards']) ]
room = Room(request.environ.get('beaker.session'), False)
try:
room.get('win')
except:
room.set('win', 0)
[room.set(n, v) for n, v in [('p', group.p), ('q', group.q), ('alpha', alpha), ('key', key), ('beta_i', beta), ('x', x)]]
room.save()
response.content_type = 'application/json'
return json.dumps(map(toStr, {
'p' : group.p,
'q' : group.q,
'alpha' : alpha,
'beta' : beta,
'x' : x,
}))
def params(self, p=0, q=0, bits=1024):
global group
group = IntegerGroupQ(0)
if p == 0 or q == 0:
group.paramgen(bits)
else:
group.p, group.q, group.r = p, q, 2
class Protocol:
def __init__(self):
self.groupObj = IntegerGroupQ()
self.groupObj.paramgen(256)
self.signer = SignerBlindSignature(self.groupObj, 0, 0, 256)
self.user = UserBlindSignature(self.signer.get_public_key())
self.verify = BlindSignatureVerifier(self.signer.get_public_key())
self.user = UserBlindSignature(self.signer.get_public_key())
self.sig, self.e, self.message = None, None, None
self.zeta, self.zeta1, self.rho = None, None, None
self.omega, self.sigma1, self.sigma2 = None, None, None
self.delta, self.mu, self.tmp1 = None, None, None
self.tmp2, self.tmp3, self.tmp4 = None, None, None
def setup_method(self, message=None):
key = ECC.generate(curve='P-256')
self.message = Conversion.OS2IP(key.public_key().export_key(
format='DER')) if message is None else message
challenge = self.signer.get_challenge()
self.e = self.user.challenge_response(challenge, self.message)
proofs = self.signer.get_proofs(self.e)
self.sig = self.user.gen_signature(proofs)
def values(self):
self.zeta = self.sig.get('zeta')
self.zeta1 = self.sig.get('zeta1')
self.rho = self.sig.get('rho')
self.omega = self.sig.get('omega')
self.sigma1 = self.sig.get('sigma1')
self.sigma2 = self.sig.get('sigma2')
self.delta = self.sig.get('delta')
self.mu = self.sig.get('mu')
self.tmp1 = (self.verify.g**self.rho) * (
self.verify.y**self.omega) % self.verify.p
self.tmp2 = (self.verify.g**self.sigma1) * (
self.zeta1**self.delta) % self.verify.p
self.tmp3 = (self.verify.h**self.sigma2) * (
(self.zeta / self.zeta1)**self.delta) % self.verify.p
self.tmp4 = (self.verify.z**self.mu) * (self.zeta**
self.delta) % self.verify.p
def main():
nr_of_clients = 200
G = IntegerGroupQ()
G.paramgen(1024)
g = G.randomG()
clients_list = [Client(G, g, i) for i in range(nr_of_clients)]
for client in clients_list:
g_v , r = client.proof_x
g_x, id = client.g_x, client.id
hash = G.hash(g, g_v, g_x, id)
assert g_v == (g**r) * (g_x **hash)
g_xs = [client.g_x for client in clients_list]
hashes = []
for client in clients_list:
client.compute_g_y(g_xs)
hashes.append(client.answer())
# print(hashes)
answers = []
for client in clients_list:
assert G.hash(client.g_c_y) == hashes[client.id]
answers.append(client.g_c_y)
print(reduce(lambda x, y: x * y, answers, integer(1, G.p)) % G.p)
Receiver chooses random poly S of degree k such that S(0) = alpha Receiver's plan is to use R(x) = Q(x, S(x)) to learn P(alpha) R(0) = Q(0, S(0)) = P(S(0)) = P(alpha) """ import random from charm.toolbox.integergroup import IntegerGroupQ from charm.core.math.integer import integer from charm.core.math.integer import reduce as reduce_modulus from utils import Poly, LI SECURITY_PARAM = 20 G = IntegerGroupQ() G.paramgen(SECURITY_PARAM) g = G.randomGen() k = 4 m = 4 d_p = 12 # Degree of P d = d_p * k # Degree of P_x def main(): # Receiver has alpha. alpha = G.random() # Sender has polynomial P. P = Poly([G.random() for _ in range(d_p + 1)]) # Sender generates random masking poly P_x
from charm.toolbox.integergroup import IntegerGroupQ, integer
G = IntegerGroupQ()
G.paramgen(1024)
def generate_sets(number_of_mutual, number_of_x, number_of_y):
mutual_elements = generate_elements(number_of_mutual)
X = generate_elements(number_of_y) + mutual_elements
Y = [e for e in generate_elements(number_of_y) if e not in X] + mutual_elements
return X, Y, mutual_elements
def generate_elements(number_of_elements):
return [G.random() for _ in range(number_of_elements)]
def hash_elements(elements):
return [G.hash(element) for element in elements]
def generate_Gs(X):
# hash each element of the set
gs = hash_elements(X)
# pick a random a
a = G.random()
# generate big G = g ** a
def setup(security_parameter):
G = IntegerGroupQ()
G.paramgen(security_parameter)
g = G.randomG()
sk = G.random()
return G, g, sk
class Params:
def __init__(self, p=0, q=0, g=0, num_bits=2048):
# IntegerGroupQ seems to be used as the Schnorr subgroup of order q
self.group = IntegerGroupQ(0)
self.num_bits = num_bits
# Pick or set the Z_p and Z_q groups, along with the
# residuosity parameter 'r' of the generator 'g' of Z_q
if (p == 0 and q != 0) or (p != 0 and q == 0):
raise ValueError('p and q must be either both set or unset')
else:
self.group.p, self.group.q, self.group.r = p, q, 2
self.p = self.group.p
self.q = self.group.q
self.r = self.group.r
self.g = g;
def generate(self, num_bits=None):
# Passing r=2 here, even though it defaults to 2
if num_bits is not None:
self.num_bits = num_bits
self.group.paramgen(self.num_bits, 2)
self.p = self.group.p
self.q = self.group.q
self.r = self.group.r
# Randomly pick a generator g for Z_q
# g \in [0, p), g = h^2 mod p, h \in [0, p)
self.g = self.group.randomG()
def __str__(self):
return str({ 'p': str(self.p), 'q': str(self.q), 'g': str(self.g), 'r': str(self.r), 'num_bits': str(self.num_bits)})
def setParams(self, params=None):
global default
if params is None:
params = default
self.p = params.p
self.q = params.q
self.g = params.g
self.group = params.group
def groupHash(self, msg, r):
msg = Conversion.siginput2integer(msg)
if isinstance(r, integer) == False:
raise TypeError("Expected r to be of type 'integer', got " +
type(r))
return self.group.hash(msg, r)
def serialize(self):
return json.dumps({
'p': serialize(self.p),
'q': serialize(self.q),
'g': serialize(self.g),
'r': str(self.r),
'num_bits': str(self.num_bits)
})
@classmethod
def unserialize(cls, data):
params = json.loads(data)
p = deserialize(params['p'])
q = deserialize(params['q'])
r = int(params['r'])
g = deserialize(params['g'])
num_bits = int(params['num_bits'])
# TODO: assert num_bits is 'correctish' w.r.t. p/q/g
ret = Params(p, q, g, num_bits)
ret.r = r
return ret
def __eq__(self, other):
return isinstance(other, self.__class__) and\
self.group.p == other.group.p and\
self.group.q == other.group.q and\
self.group.r == other.group.r and\
self.p == other.p and\
self.q == other.q and\
getMod(self.g) == getMod(other.g) and\
self.g == other.g
def __ne__(self, other):
return not self.__eq__(other)
self.X = [self.group.random() for _ in range(self.N)]
random.shuffle(self.T)
self.T = self.T[:self.n]
R = [(x, self.S(x) if i in self.T else self.group.random())
for i, x in enumerate(self.X)]
return R
def getValue(self, Q):
A = [xq for i, xq in enumerate(Q) if i in self.T]
value = lagrange_interpolation(A, integer(0, self.group.q))
return value
group = IntegerGroupQ()
group.paramgen(256)
# security parameter
k = 5
degree_of_polynomial = 10
m = 5
start = time.time()
# generate polynomial and masked polynomial with point (0,0)
alice = Alice(group, k, degree_of_polynomial)
bob = Bob(group, k)
# polynomial used to calculate P(A)
R = bob.generateR(m, degree_of_polynomial)
class OneOfTwo(Protocol):
def __init__(self):
super().__init__(None)
sender_states = {
1: self.sender_state_1,
3: self.sender_state_3,
5: self.sender_state_5,
}
receiver_states = {
2: self.receiver_state_2,
4: self.receiver_state_4,
}
sender_trans = {1: 3, 3: 5}
receiver_trans = {2: 4}
self.group = IntegerGroupQ()
self.group.paramgen(SECURITY_PARAM)
Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True)
Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans)
def sender_state_1(self):
print('Sender generates random value c and computes C = g ^ c.')
g = self.group.randomGen()
c = self.group.random()
C = g**c
super().setState(3)
super().store(('g', g))
return {'g': g, 'C': C}
def receiver_state_2(self, data):
print('Receiver got C, generates PKs and sends to sender.')
C, g = data['C'], data['g']
k = self.group.random()
super().store(('g', g), ('k', k))
PK_0 = g**k
PK_1 = C / (g**k)
super().setState(4)
return {'PK_0': PK_0, 'PK_1': PK_1}
def sender_state_3(self, data):
PK_0, PK_1 = data['PK_0'], data['PK_1']
print('Sender receives PKs, gets messages and calculates.')
g = self.db['g']
r0 = self.group.random()
r1 = self.group.random()
m0 = b"message 0"
m1 = b"message 1"
super().store(
('m0', m0),
('m1', m1),
)
c0 = (g**r0, xor(get_hash(PK_0**r0), m0).hex())
c1 = (g**r1, xor(get_hash(PK_1**r1), m1).hex())
super().setState(5)
return {'c0': c0, 'c1': c1}
def receiver_state_4(self, data):
c0 = data['c0']
k, = super().get(['k'])
w0 = bytes.fromhex(c0[1])
H = c0[0]**k
decoded_msg = xor(get_hash(H), w0)
super().setState(None)
return {'decoded_msg': decoded_msg.hex()}
def sender_state_5(self, data):
decoded_msg = bytes.fromhex(data['decoded_msg'])
m0, m1 = super().get(['m0', 'm1'])
assert decoded_msg == m0
super().setState(None)
return None
