def test_signature_str():
sk = SecretKey.random()
pk = sk.public_key()
signer = Signer(sk)
signature = signer.sign(b'peace at dawn')
s = str(signature)
assert 'Signature' in s
def test_sign_and_verify(execution_number):
sk = SecretKey.random()
pk = sk.public_key()
signer = Signer(sk)
message = b"peace at dawn" + str(execution_number).encode()
signature = signer.sign(message)
assert signature.verify(pk, message)
def test_sign_serialize_and_verify(execution_number):
sk = SecretKey.random()
pk = sk.public_key()
signer = Signer(sk)
message = b"peace at dawn" + str(execution_number).encode()
signature = signer.sign(message)
signature_bytes = bytes(signature)
signature_restored = Signature.from_bytes(signature_bytes)
assert signature_restored.verify(pk, message)
def grant():
json_data = json.loads(request.data.decode('utf-8'))
capsule_id, alice_pubkey, alice_privkey, bob_pubkey = json_data['capsule_id'], json_data[
'alice_pubkey'], json_data['alice_privkey'], json_data['bob_pubkey']
alice_pubkey = string_to_bytes(alice_pubkey)
alice_pubkey = keys.UmbralPublicKey.from_bytes(alice_pubkey)
alice_privkey = string_to_bytes(alice_privkey)
alice_privkey = keys.UmbralPrivateKey.from_bytes(alice_privkey)
bob_pubkey = string_to_bytes(bob_pubkey)
bob_pubkey = keys.UmbralPublicKey.from_bytes(bob_pubkey)
alice_signing_privkey = keys.UmbralPrivateKey.gen_key()
alice_signing_pubkey = alice_signing_privkey.get_pubkey()
alice_signer = Signer(alice_signing_privkey)
# Perform split-rekey and grant re-encryption policy
alice_kfrags = pre.generate_kfrags(
alice_privkey, bob_pubkey, 10, 20, alice_signer)
policy_id = mock_kms.grant(alice_kfrags)
alice_pubkey.from_bytes
response = {
"policy_id": policy_id,
"capsule_id": capsule_id,
"alice_pubkey": bytes_to_string(alice_pubkey.to_bytes()),
"alice_signing_pubkey": bytes_to_string(alice_signing_pubkey.to_bytes())
}
return jsonify(response)
def test_simple_api(N, M, curve=default_curve()):
"""Manually injects umbralparameters for multi-curve testing."""
params = UmbralParameters(curve=curve)
delegating_privkey = UmbralPrivateKey.gen_key(params=params)
delegating_pubkey = delegating_privkey.get_pubkey()
signing_privkey = UmbralPrivateKey.gen_key(params=params)
signing_pubkey = signing_privkey.get_pubkey()
signer = Signer(signing_privkey)
receiving_privkey = UmbralPrivateKey.gen_key(params=params)
receiving_pubkey = receiving_privkey.get_pubkey()
plain_data = b'peace at dawn'
ciphertext, capsule = pre.encrypt(delegating_pubkey, plain_data)
cleartext = pre.decrypt(ciphertext, capsule, delegating_privkey)
assert cleartext == plain_data
capsule.set_correctness_keys(delegating=delegating_pubkey,
receiving=receiving_pubkey,
verifying=signing_pubkey)
kfrags = pre.split_rekey(delegating_privkey, signer, receiving_pubkey, M, N)
for kfrag in kfrags:
cfrag = pre.reencrypt(kfrag, capsule)
capsule.attach_cfrag(cfrag)
reenc_cleartext = pre.decrypt(ciphertext, capsule, receiving_privkey)
assert reenc_cleartext == plain_data
def test_verify(testerchain, signature_verifier):
message = os.urandom(100)
# Generate Umbral key
umbral_privkey = UmbralPrivateKey.gen_key()
umbral_pubkey = umbral_privkey.get_pubkey()
umbral_pubkey_bytes = umbral_pubkey.to_bytes(is_compressed=False)
# Sign message using SHA-256 hash
signer = Signer(umbral_privkey)
signature = signer(message)
# Get recovery id (v) before using contract
v = get_signature_recovery_value(message, signature, umbral_pubkey)
recoverable_signature = bytes(signature) + v
# Verify signature
assert signature_verifier.functions.verify(message,
recoverable_signature,
umbral_pubkey_bytes[1:],
ALGORITHM_SHA256).call()
# Verify signature using wrong key
umbral_privkey = UmbralPrivateKey.gen_key()
umbral_pubkey_bytes = umbral_privkey.get_pubkey().to_bytes(is_compressed=False)
assert not signature_verifier.functions.verify(message,
recoverable_signature,
umbral_pubkey_bytes[1:],
ALGORITHM_SHA256).call()
def test_decryption_fails_when_it_expects_a_proof_and_there_isnt(N, M, alices_keys, bobs_keys):
"""Manually injects umbralparameters for multi-curve testing."""
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob, pub_key_bob = bobs_keys
plain_data = b'peace at dawn'
ciphertext, capsule = pre.encrypt(delegating_privkey.get_pubkey(), plain_data)
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N)
capsule.set_correctness_keys(delegating=delegating_privkey.get_pubkey(),
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
for kfrag in kfrags[:M]:
cfrag = pre.reencrypt(kfrag, capsule)
capsule.attach_cfrag(cfrag)
# Even thought we can successfully attach a CFrag, if the proof is lost
# (for example, it is chopped off a serialized CFrag or similar), then decrypt
# will still fail.
cfrag.proof = None
with pytest.raises(cfrag.NoProofProvided):
_cleartext = pre.decrypt(ciphertext, capsule, priv_key_bob)
def test_cfrag_serialization_no_proof_no_metadata(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
_receiving_privkey, receiving_pubkey = bobs_keys
signer_alice = Signer(signing_privkey)
_unused_key, capsule = pre._encapsulate(delegating_pubkey.point_key)
kfrags = pre.split_rekey(delegating_privkey, signer_alice,
receiving_pubkey, 1, 2)
cfrag = pre.reencrypt(kfrags[0], capsule, provide_proof=False)
cfrag_bytes = cfrag.to_bytes()
proof = cfrag.proof
assert proof is None
curve = default_curve()
assert len(cfrag_bytes) == CapsuleFrag.expected_bytes_length(curve)
new_cfrag = pre.CapsuleFrag.from_bytes(cfrag_bytes)
assert new_cfrag._point_e1 == cfrag._point_e1
assert new_cfrag._point_v1 == cfrag._point_v1
assert new_cfrag._kfrag_id == cfrag._kfrag_id
assert new_cfrag._point_noninteractive == cfrag._point_noninteractive
new_proof = new_cfrag.proof
assert new_proof is None
def encrypt():
# Get data from request
json_data = json.loads(request.data.decode('utf-8'))
data = json_data["hash"].encode(
'utf-8') #, json_data['alice_pubkey'], json_data['alice_privkey']
alice_pubkey, alice_privkey = gen_alice()
# Encrypt some data
plaintext = data
ciphertext, capsule = pre.encrypt(alice_pubkey, plaintext)
alice_signing_privkey = keys.UmbralPrivateKey.gen_key()
alice_signing_pubkey = alice_signing_privkey.get_pubkey()
alice_signer = Signer(alice_signing_privkey)
# Perform split-rekey and grant re-encryption policy
alice_kfrags = pre.split_rekey(alice_privkey, alice_signer, bob_pubkey, 10,
20)
policy_id = mock_kms.grant(alice_kfrags)
alice_pubkey.from_bytes
response = {
"ciphertext": bytes_to_string(ciphertext),
"policy_id": policy_id,
"capsule": bytes_to_string(capsule.to_bytes()),
"alice_pubkey": bytes_to_string(alice_pubkey.to_bytes()),
"alice_signing_pubkey":
bytes_to_string(alice_signing_pubkey.to_bytes())
}
return jsonify(response)
def test_kfrags_signed_without_correctness_keys(alices_keys, bobs_keys,
capsule):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
verifying_key = signing_privkey.get_pubkey()
receiving_privkey, receiving_pubkey = bobs_keys
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=Signer(signing_privkey),
receiving_pubkey=receiving_pubkey,
threshold=6,
N=10,
sign_delegating_key=False,
sign_receiving_key=False)
for kfrag in kfrags:
# You can verify the KFrag specifying only the verifying key
assert kfrag.verify(signing_pubkey=verifying_key)
# ... or if it is set in the capsule, using the capsule
capsule.set_correctness_keys(verifying=verifying_key)
assert kfrag.verify_for_capsule(capsule)
# It should even work when other keys are set in the capsule
assert kfrag.verify(signing_pubkey=verifying_key,
delegating_pubkey=delegating_pubkey,
receiving_pubkey=receiving_pubkey)
def test_m_of_n(N, M, alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob, pub_key_bob = bobs_keys
params = delegating_privkey.params
sym_key, capsule = pre._encapsulate(delegating_pubkey)
capsule.set_correctness_keys(delegating=delegating_privkey.get_pubkey(),
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N)
for kfrag in kfrags:
assert kfrag.verify(signing_privkey.get_pubkey(), delegating_privkey.get_pubkey(), pub_key_bob)
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata = "This is an example of metadata for re-encryption request #{}"
metadata = metadata.format(i).encode()
cfrag = pre.reencrypt(kfrag, capsule, metadata=metadata)
capsule.attach_cfrag(cfrag)
assert cfrag.verify_correctness(capsule)
sym_key_from_capsule = pre._open_capsule(capsule, priv_key_bob)
assert sym_key == sym_key_from_capsule
def test_correctness_proof_serialization(alices_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
params = delegating_privkey.params
_unused_key, capsule = pre._encapsulate(delegating_pubkey)
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, 1, 2)
# Example of potential metadata to describe the re-encryption request
metadata = b"This is an example of metadata for re-encryption request"
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
proof = cfrag.proof
proof_bytes = proof.to_bytes()
# A CorrectnessProof can be represented as
# the 228 total bytes of four Points (33 each) and three BigNums (32 each).
# TODO: Figure out final size for CorrectnessProofs
# assert len(proof_bytes) == (33 * 4) + (32 * 3) == 228
new_proof = CorrectnessProof.from_bytes(proof_bytes)
assert new_proof._point_e2 == proof._point_e2
assert new_proof._point_v2 == proof._point_v2
assert new_proof._point_kfrag_commitment == proof._point_kfrag_commitment
assert new_proof._point_kfrag_pok == proof._point_kfrag_pok
assert new_proof.bn_sig == proof.bn_sig
assert new_proof.kfrag_signature == proof.kfrag_signature
assert new_proof.metadata == proof.metadata
def _mock_ursula_reencrypts(ursula, corrupt_cfrag: bool = False):
delegating_privkey = UmbralPrivateKey.gen_key()
_symmetric_key, capsule = pre._encapsulate(delegating_privkey.get_pubkey())
signing_privkey = UmbralPrivateKey.gen_key()
signing_pubkey = signing_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob = UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=pub_key_bob,
threshold=2,
N=4,
sign_delegating_key=False,
sign_receiving_key=False)
capsule.set_correctness_keys(delegating_privkey.get_pubkey(), pub_key_bob,
signing_pubkey)
ursula_pubkey = ursula.stamp.as_umbral_pubkey()
alice_address = canonical_address_from_umbral_key(signing_pubkey)
blockhash = bytes(32)
specification = b''.join((bytes(capsule), bytes(ursula_pubkey),
bytes(ursula.decentralized_identity_evidence),
alice_address, blockhash))
bobs_signer = Signer(priv_key_bob)
task_signature = bytes(bobs_signer(specification))
metadata = bytes(ursula.stamp(task_signature))
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
if corrupt_cfrag:
cfrag.proof.bn_sig = CurveBN.gen_rand(capsule.params.curve)
cfrag_signature = bytes(ursula.stamp(bytes(cfrag)))
bob = Bob.from_public_keys(verifying_key=pub_key_bob)
task = WorkOrder.Task(capsule, task_signature, cfrag, cfrag_signature)
work_order = WorkOrder(bob, None, alice_address, [task], None, ursula,
blockhash)
evidence = IndisputableEvidence(task, work_order)
return evidence
def test_wrong_N_M_in_split_rekey(N, M, alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer = Signer(signing_privkey)
_receiving_privkey, receiving_pubkey = bobs_keys
with pytest.raises(ValueError):
_kfrags = pre.split_rekey(delegating_privkey, signer, receiving_pubkey,
M, N)
def test_verification_fail():
sk = SecretKey.random()
pk = sk.public_key()
signer = Signer(sk)
message = b"peace at dawn"
signature = signer.sign(message)
# wrong message
wrong_message = b"no peace at dawn"
assert not signature.verify(pk, wrong_message)
# bad signature
signature_bytes = bytes(signature)
signature_bytes = b'\x00' + signature_bytes[1:]
signature_restored = Signature.from_bytes(signature_bytes)
assert not signature_restored.verify(pk, message)
def kfrags(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer_alice = Signer(signing_privkey)
receiving_privkey, receiving_pubkey = bobs_keys
yield pre.split_rekey(delegating_privkey, signer_alice, receiving_pubkey,
6, 10)
def kfrags(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer_alice = Signer(signing_privkey)
receiving_privkey, receiving_pubkey = bobs_keys
yield pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer_alice,
receiving_pubkey=receiving_pubkey,
threshold=6, N=10)
def ursula(mocker):
identity_evidence = os.urandom(LENGTH_ECDSA_SIGNATURE_WITH_RECOVERY)
ursula_privkey = UmbralPrivateKey.gen_key()
ursula_stamp = SignatureStamp(verifying_key=ursula_privkey.pubkey,
signer=Signer(ursula_privkey))
ursula = mocker.Mock(stamp=ursula_stamp,
decentralized_identity_evidence=identity_evidence)
ursula.mature = lambda: True
ursula._stamp_has_valid_signature_by_worker = lambda: True
return ursula
def mock_ursula(testerchain, account):
ursula_privkey = UmbralPrivateKey.gen_key()
ursula_stamp = SignatureStamp(verifying_key=ursula_privkey.pubkey,
signer=Signer(ursula_privkey))
signed_stamp = testerchain.client.sign_message(account=account,
message=bytes(ursula_stamp))
ursula = Mock(stamp=ursula_stamp, decentralized_identity_evidence=signed_stamp)
return ursula
def test_signature_is_hashable():
sk = SecretKey.random()
pk = sk.public_key()
signer = Signer(sk)
message = b'peace at dawn'
message2 = b'no peace at dawn'
signature = signer.sign(message)
signature2 = signer.sign(message2)
assert hash(signature) != hash(signature2)
signature_restored = Signature.from_bytes(bytes(signature))
assert signature == signature_restored
assert hash(signature) == hash(signature_restored)
# Different hash, since signing involves some randomness
signature3 = signer.sign(message)
assert hash(signature) != hash(signature3)
def test_cheating_ursula_sends_garbage(N, M, alices_keys):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
params = delegating_privkey.params
sym_key, capsule_alice = pre._encapsulate(delegating_pubkey)
kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N)
capsule_alice.set_correctness_keys(delegating=delegating_pubkey,
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
cfrags, metadata = [], []
for i, kfrag in enumerate(kfrags[:M]):
# Example of potential metadata to describe the re-encryption request
metadata_i = "This is an example of metadata for re-encryption request #{}"
metadata_i = metadata_i.format(i).encode()
metadata.append(metadata_i)
cfrag = pre.reencrypt(kfrag, capsule_alice, metadata=metadata_i)
capsule_alice.attach_cfrag(cfrag)
cfrags.append(cfrag)
# Let's put random garbage in one of the cfrags
cfrags[0]._point_e1 = Point.gen_rand()
cfrags[0]._point_v1 = Point.gen_rand()
capsule_alice._reconstruct_shamirs_secret(priv_key_bob) # activate capsule
with pytest.raises(pre.GenericUmbralError):
_unused_key = pre._decapsulate_reencrypted(priv_key_bob, capsule_alice)
assert not cfrags[0].verify_correctness(capsule_alice)
# The response of cheating Ursula is in cfrags[0],
# so the rest of CFrags chould be correct:
for cfrag_i, metadata_i in zip(cfrags[1:], metadata[1:]):
assert cfrag_i.verify_correctness(capsule_alice)
# Alternatively, we can try to open the capsule directly.
# We should get an exception with an attached list of incorrect cfrags
with pytest.raises(pre.UmbralCorrectnessError) as exception_info:
_decapsulated_key = pre._open_capsule(capsule_alice, priv_key_bob)
correctness_error = exception_info.value
assert cfrags[0] in correctness_error.offending_cfrags
assert len(correctness_error.offending_cfrags) == 1
def get_instance(self):
if not self._unique_instance:
set_default_curve()
self.bb = BulletinBoard.get_instance()
self.proxy = Proxy.get_instance()
self.private_key = UmbralPrivateKey.gen_key()
self.public_key = self.private_key.get_pubkey()
self.singning_key = UmbralPrivateKey.gen_key()
self.verifying_key = self.singning_key.get_pubkey()
self.signer = Signer(private_key=self.singning_key)
self.voters = []
self._unique_instance = self.__internal_new__()
return self._unique_instance
def __init__(self):
# Generate keys for Alice
self.priv_key = keys.UmbralPrivateKey.gen_key()
self.pub_key = self.priv_key.get_pubkey()
self.signing_priv_key = self.priv_key
self.signer = Signer(self.signing_priv_key)
self.signing_pub_key = self.signing_priv_key.get_pubkey()
self.box_private = hashlib.sha256(
('private' + str(time.time())).encode('utf-8')).hexdigest()
self.box_public = hashlib.sha256(
('public' + str(time.time())).encode('utf-8')).hexdigest()
self.capsules = {"strange_hash": (None, None)}
def test_recover(testerchain, signature_verifier):
message = os.urandom(100)
# Prepare message hash
hash_ctx = hashes.Hash(hashes.SHA256(), backend=backend)
hash_ctx.update(message)
message_hash = hash_ctx.finalize()
# Generate Umbral key and extract "address" from the public key
umbral_privkey = UmbralPrivateKey.gen_key()
umbral_pubkey = umbral_privkey.get_pubkey()
umbral_pubkey_bytes = umbral_privkey.get_pubkey().to_bytes(
is_compressed=False)
signer_address = keccak_digest(umbral_pubkey_bytes[1:])
signer_address = to_normalized_address(signer_address[12:])
# Sign message
signer = Signer(umbral_privkey)
signature = signer(message)
# Get recovery id (v) before using contract
# If we don't have recovery id while signing then we should try to recover public key with different v
# Only the correct v will match the correct public key
v = get_signature_recovery_value(message, signature, umbral_pubkey)
recoverable_signature = bytes(signature) + v
# Check recovery method in the contract
assert signer_address == to_normalized_address(
signature_verifier.functions.recover(message_hash,
recoverable_signature).call())
# Also numbers 27 and 28 can be used for v
recoverable_signature = recoverable_signature[:-1] + bytes(
[recoverable_signature[-1] + 27])
assert signer_address == to_normalized_address(
signature_verifier.functions.recover(message_hash,
recoverable_signature).call())
# Only number 0,1,27,28 are supported for v
recoverable_signature = bytes(signature) + bytes([2])
with pytest.raises((TransactionFailed, ValueError)):
signature_verifier.functions.recover(message_hash,
recoverable_signature).call()
# Signature must include r, s and v
recoverable_signature = bytes(signature)
with pytest.raises((TransactionFailed, ValueError)):
signature_verifier.functions.recover(message_hash,
recoverable_signature).call()
def __standard_encryption_api() -> tuple:
delegating_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
delegating_pubkey = delegating_privkey.get_pubkey()
signing_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
signer = Signer(signing_privkey)
receiving_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
receiving_pubkey = receiving_privkey.get_pubkey()
plain_data = os.urandom(32)
ciphertext, capsule = pre.encrypt(delegating_pubkey, plain_data)
return delegating_privkey, signer, receiving_pubkey, ciphertext, capsule
def test_prehashed_message(execution_number):
privkey = UmbralPrivateKey.gen_key()
pubkey = privkey.get_pubkey()
signer = Signer(private_key=privkey)
message = b"peace at dawn"
hash_function = hashes.Hash(DEFAULT_HASH_ALGORITHM(), backend=backend)
hash_function.update(message)
prehashed_message = hash_function.finalize()
signature = signer(message=prehashed_message, is_prehashed=True)
assert signature.verify(message=prehashed_message,
verifying_key=pubkey,
is_prehashed=True)
def test_bad_capsule_fails_reencryption(alices_keys, bobs_keys):
delegating_privkey, _signing_privkey = alices_keys
signer_alice = Signer(_signing_privkey)
_receiving_privkey, receiving_pubkey = bobs_keys
kfrags = pre.split_rekey(delegating_privkey, signer_alice,
receiving_pubkey, 1, 2)
bollocks_capsule = Capsule(point_e=Point.gen_rand(),
point_v=Point.gen_rand(),
bn_sig=CurveBN.gen_rand())
with pytest.raises(Capsule.NotValid):
pre.reencrypt(kfrags[0], bollocks_capsule)
def test_compute_proof_challenge_scalar(testerchain, reencryption_validator,
mock_ursula_reencrypts):
ursula_privkey = UmbralPrivateKey.gen_key()
ursula_stamp = SignatureStamp(verifying_key=ursula_privkey.pubkey,
signer=Signer(ursula_privkey))
ursula = Mock(stamp=ursula_stamp)
# Bob prepares supporting Evidence
evidence = mock_ursula_reencrypts(ursula)
capsule = evidence.task.capsule
cfrag = evidence.task.cfrag
capsule_bytes = capsule.to_bytes()
cfrag_bytes = cfrag.to_bytes()
proof_challenge_scalar = int(evidence.get_proof_challenge_scalar())
computeProofChallengeScalar = reencryption_validator.functions.computeProofChallengeScalar
assert proof_challenge_scalar == computeProofChallengeScalar(
capsule_bytes, cfrag_bytes).call()
def fragments(metadata):
delegating_privkey = UmbralPrivateKey.gen_key()
_symmetric_key, capsule = pre._encapsulate(delegating_privkey.get_pubkey())
signing_privkey = UmbralPrivateKey.gen_key()
signer = Signer(signing_privkey)
priv_key_bob = UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=pub_key_bob,
threshold=2,
N=4,
sign_delegating_key=False,
sign_receiving_key=False)
capsule.set_correctness_keys(delegating_privkey.get_pubkey(), pub_key_bob, signing_privkey.get_pubkey())
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
return capsule, cfrag
def test_kfrag_serialization(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer_alice = Signer(signing_privkey)
_receiving_privkey, receiving_pubkey = bobs_keys
kfrags = pre.split_rekey(delegating_privkey, signer_alice,
receiving_pubkey, 1, 2)
kfrag_bytes = kfrags[0].to_bytes()
curve = default_curve()
assert len(kfrag_bytes) == KFrag.expected_bytes_length(curve)
new_frag = pre.KFrag.from_bytes(kfrag_bytes)
assert new_frag._id == kfrags[0]._id
assert new_frag._bn_key == kfrags[0]._bn_key
assert new_frag._point_noninteractive == kfrags[0]._point_noninteractive
assert new_frag._point_commitment == kfrags[0]._point_commitment
assert new_frag._point_xcoord == kfrags[0]._point_xcoord