def params(self, p=0, q=0, bits=1024): global group group = IntegerGroupQ(0) if p == 0 or q == 0: group.paramgen(bits) else: group.p, group.q, group.r = p, q, 2
def init1(): group = IntegerGroupQ() group.paramgen(bit) alpha = group.randomGen() key = group.random() beta = alpha ** key x = [ odd_random(group) for _ in range(numbers['cards']) ] room = Room(request.environ.get('beaker.session'), False) try: room.get('win') except: room.set('win', 0) [room.set(n, v) for n, v in [('p', group.p), ('q', group.q), ('alpha', alpha), ('key', key), ('beta_i', beta), ('x', x)]] room.save() response.content_type = 'application/json' return json.dumps(map(toStr, { 'p' : group.p, 'q' : group.q, 'alpha' : alpha, 'beta' : beta, 'x' : x, }))
class Protocol: def __init__(self): self.groupObj = IntegerGroupQ() self.groupObj.paramgen(256) self.signer = SignerBlindSignature(self.groupObj, 0, 0, 256) self.user = UserBlindSignature(self.signer.get_public_key()) self.verify = BlindSignatureVerifier(self.signer.get_public_key()) self.user = UserBlindSignature(self.signer.get_public_key()) self.sig, self.e, self.message = None, None, None self.zeta, self.zeta1, self.rho = None, None, None self.omega, self.sigma1, self.sigma2 = None, None, None self.delta, self.mu, self.tmp1 = None, None, None self.tmp2, self.tmp3, self.tmp4 = None, None, None def setup_method(self, message=None): key = ECC.generate(curve='P-256') self.message = Conversion.OS2IP(key.public_key().export_key( format='DER')) if message is None else message challenge = self.signer.get_challenge() self.e = self.user.challenge_response(challenge, self.message) proofs = self.signer.get_proofs(self.e) self.sig = self.user.gen_signature(proofs) def values(self): self.zeta = self.sig.get('zeta') self.zeta1 = self.sig.get('zeta1') self.rho = self.sig.get('rho') self.omega = self.sig.get('omega') self.sigma1 = self.sig.get('sigma1') self.sigma2 = self.sig.get('sigma2') self.delta = self.sig.get('delta') self.mu = self.sig.get('mu') self.tmp1 = (self.verify.g**self.rho) * ( self.verify.y**self.omega) % self.verify.p self.tmp2 = (self.verify.g**self.sigma1) * ( self.zeta1**self.delta) % self.verify.p self.tmp3 = (self.verify.h**self.sigma2) * ( (self.zeta / self.zeta1)**self.delta) % self.verify.p self.tmp4 = (self.verify.z**self.mu) * (self.zeta** self.delta) % self.verify.p
def main(): nr_of_clients = 200 G = IntegerGroupQ() G.paramgen(1024) g = G.randomG() clients_list = [Client(G, g, i) for i in range(nr_of_clients)] for client in clients_list: g_v , r = client.proof_x g_x, id = client.g_x, client.id hash = G.hash(g, g_v, g_x, id) assert g_v == (g**r) * (g_x **hash) g_xs = [client.g_x for client in clients_list] hashes = [] for client in clients_list: client.compute_g_y(g_xs) hashes.append(client.answer()) # print(hashes) answers = [] for client in clients_list: assert G.hash(client.g_c_y) == hashes[client.id] answers.append(client.g_c_y) print(reduce(lambda x, y: x * y, answers, integer(1, G.p)) % G.p)
Receiver chooses random poly S of degree k such that S(0) = alpha Receiver's plan is to use R(x) = Q(x, S(x)) to learn P(alpha) R(0) = Q(0, S(0)) = P(S(0)) = P(alpha) """ import random from charm.toolbox.integergroup import IntegerGroupQ from charm.core.math.integer import integer from charm.core.math.integer import reduce as reduce_modulus from utils import Poly, LI SECURITY_PARAM = 20 G = IntegerGroupQ() G.paramgen(SECURITY_PARAM) g = G.randomGen() k = 4 m = 4 d_p = 12 # Degree of P d = d_p * k # Degree of P_x def main(): # Receiver has alpha. alpha = G.random() # Sender has polynomial P. P = Poly([G.random() for _ in range(d_p + 1)]) # Sender generates random masking poly P_x
from charm.toolbox.integergroup import IntegerGroupQ, integer G = IntegerGroupQ() G.paramgen(1024) def generate_sets(number_of_mutual, number_of_x, number_of_y): mutual_elements = generate_elements(number_of_mutual) X = generate_elements(number_of_y) + mutual_elements Y = [e for e in generate_elements(number_of_y) if e not in X] + mutual_elements return X, Y, mutual_elements def generate_elements(number_of_elements): return [G.random() for _ in range(number_of_elements)] def hash_elements(elements): return [G.hash(element) for element in elements] def generate_Gs(X): # hash each element of the set gs = hash_elements(X) # pick a random a a = G.random() # generate big G = g ** a
def setup(security_parameter): G = IntegerGroupQ() G.paramgen(security_parameter) g = G.randomG() sk = G.random() return G, g, sk
class Params: def __init__(self, p=0, q=0, g=0, num_bits=2048): # IntegerGroupQ seems to be used as the Schnorr subgroup of order q self.group = IntegerGroupQ(0) self.num_bits = num_bits # Pick or set the Z_p and Z_q groups, along with the # residuosity parameter 'r' of the generator 'g' of Z_q if (p == 0 and q != 0) or (p != 0 and q == 0): raise ValueError('p and q must be either both set or unset') else: self.group.p, self.group.q, self.group.r = p, q, 2 self.p = self.group.p self.q = self.group.q self.r = self.group.r self.g = g; def generate(self, num_bits=None): # Passing r=2 here, even though it defaults to 2 if num_bits is not None: self.num_bits = num_bits self.group.paramgen(self.num_bits, 2) self.p = self.group.p self.q = self.group.q self.r = self.group.r # Randomly pick a generator g for Z_q # g \in [0, p), g = h^2 mod p, h \in [0, p) self.g = self.group.randomG() def __str__(self): return str({ 'p': str(self.p), 'q': str(self.q), 'g': str(self.g), 'r': str(self.r), 'num_bits': str(self.num_bits)}) def setParams(self, params=None): global default if params is None: params = default self.p = params.p self.q = params.q self.g = params.g self.group = params.group def groupHash(self, msg, r): msg = Conversion.siginput2integer(msg) if isinstance(r, integer) == False: raise TypeError("Expected r to be of type 'integer', got " + type(r)) return self.group.hash(msg, r) def serialize(self): return json.dumps({ 'p': serialize(self.p), 'q': serialize(self.q), 'g': serialize(self.g), 'r': str(self.r), 'num_bits': str(self.num_bits) }) @classmethod def unserialize(cls, data): params = json.loads(data) p = deserialize(params['p']) q = deserialize(params['q']) r = int(params['r']) g = deserialize(params['g']) num_bits = int(params['num_bits']) # TODO: assert num_bits is 'correctish' w.r.t. p/q/g ret = Params(p, q, g, num_bits) ret.r = r return ret def __eq__(self, other): return isinstance(other, self.__class__) and\ self.group.p == other.group.p and\ self.group.q == other.group.q and\ self.group.r == other.group.r and\ self.p == other.p and\ self.q == other.q and\ getMod(self.g) == getMod(other.g) and\ self.g == other.g def __ne__(self, other): return not self.__eq__(other)
self.X = [self.group.random() for _ in range(self.N)] random.shuffle(self.T) self.T = self.T[:self.n] R = [(x, self.S(x) if i in self.T else self.group.random()) for i, x in enumerate(self.X)] return R def getValue(self, Q): A = [xq for i, xq in enumerate(Q) if i in self.T] value = lagrange_interpolation(A, integer(0, self.group.q)) return value group = IntegerGroupQ() group.paramgen(256) # security parameter k = 5 degree_of_polynomial = 10 m = 5 start = time.time() # generate polynomial and masked polynomial with point (0,0) alice = Alice(group, k, degree_of_polynomial) bob = Bob(group, k) # polynomial used to calculate P(A) R = bob.generateR(m, degree_of_polynomial)
class OneOfTwo(Protocol): def __init__(self): super().__init__(None) sender_states = { 1: self.sender_state_1, 3: self.sender_state_3, 5: self.sender_state_5, } receiver_states = { 2: self.receiver_state_2, 4: self.receiver_state_4, } sender_trans = {1: 3, 3: 5} receiver_trans = {2: 4} self.group = IntegerGroupQ() self.group.paramgen(SECURITY_PARAM) Protocol.addPartyType(self, SENDER, sender_states, sender_trans, True) Protocol.addPartyType(self, RECEIVER, receiver_states, receiver_trans) def sender_state_1(self): print('Sender generates random value c and computes C = g ^ c.') g = self.group.randomGen() c = self.group.random() C = g**c super().setState(3) super().store(('g', g)) return {'g': g, 'C': C} def receiver_state_2(self, data): print('Receiver got C, generates PKs and sends to sender.') C, g = data['C'], data['g'] k = self.group.random() super().store(('g', g), ('k', k)) PK_0 = g**k PK_1 = C / (g**k) super().setState(4) return {'PK_0': PK_0, 'PK_1': PK_1} def sender_state_3(self, data): PK_0, PK_1 = data['PK_0'], data['PK_1'] print('Sender receives PKs, gets messages and calculates.') g = self.db['g'] r0 = self.group.random() r1 = self.group.random() m0 = b"message 0" m1 = b"message 1" super().store( ('m0', m0), ('m1', m1), ) c0 = (g**r0, xor(get_hash(PK_0**r0), m0).hex()) c1 = (g**r1, xor(get_hash(PK_1**r1), m1).hex()) super().setState(5) return {'c0': c0, 'c1': c1} def receiver_state_4(self, data): c0 = data['c0'] k, = super().get(['k']) w0 = bytes.fromhex(c0[1]) H = c0[0]**k decoded_msg = xor(get_hash(H), w0) super().setState(None) return {'decoded_msg': decoded_msg.hex()} def sender_state_5(self, data): decoded_msg = bytes.fromhex(data['decoded_msg']) m0, m1 = super().get(['m0', 'm1']) assert decoded_msg == m0 super().setState(None) return None