def ot_bob(socket, b):
"""Oblivious transfer, Bob's side.
Keyword arguments:
socket -- socket for exchanges between A and B
b -- Bob's input bit used to select one of Alice's messages
Returns:
msg -- the message selected by Bob
"""
# Receive the prime group from Alice
G = socket.receive()
socket.send(True)
# OT protocol based on
# Nigel Smart’s "Cryptography Made Simple" implementation
c = socket.receive()
x = G.rand_int()
h_b = G.gen_pow(x)
h_notb = G.mul(c, G.inv(h_b))
if b:
c1, e0, e1 = socket.send_wait(h_notb)
mb = util.xor_bytes(e1, util.ot_hash(G.pow(c1, x), len(e1)))
else:
c1, e0, e1 = socket.send_wait(h_b)
mb = util.xor_bytes(e0, util.ot_hash(G.pow(c1, x), len(e0)))
return mb
def send_bob_values(bob_index, all_bob_values, socket):
#Send all values in circuit
for index in bob_index:
#Extract values of 0 and 1 respectively
values = all_bob_values[index]
#Begin OT
#Phase1
c = util.prime_group.rand_int()
#Phase3
h0 = socket.send_wait([c,util.prime_group])
h1 = util.prime_group.mul(c, util.prime_group.inv(h0))
k = util.prime_group.rand_int()
c1 = util.prime_group.gen_pow(k)
e = [0,0]
value = pickle.dumps(values[0])
hash0 = util.ot_hash(util.prime_group.pow(h0, k), len(value))
e[0] = util.xor_bytes(value, bytes(hash0))
value = pickle.dumps(values[1])
hash1 = util.ot_hash(util.prime_group.pow(h1, k), len(value))
e[1] = util.xor_bytes(value, bytes(hash1))
socket.send_wait([c1, e])
def bob_decode(self, c1, e0, e1):
if self.b == 0:
H = util.ot_hash(self.G.pow(c1, self.x), len(e0))
mb = util.xor_bytes(e0, H)
else:
H = util.ot_hash(self.G.pow(c1, self.x), len(e1))
mb = util.xor_bytes(e1, H)
return mb
def receive_bob_values(bob_index, chosen_values, socket):
result = [0] * len(bob_index)
for index in range(len(bob_index)):
chosen_value = chosen_values[index]
#Begin OT
#Phase2
encoded_value = socket.receive()
c = encoded_value[0]
prime_group = encoded_value[1]
x = prime_group.rand_int()
h = [0,0]
h[chosen_value] = prime_group.gen_pow(x)
h[1-chosen_value] = prime_group.mul(c, prime_group.inv(h[chosen_value]))
socket.send(h[0])
#Phase4
encoded_value = socket.receive()
c1 = encoded_value[0]
e = encoded_value[1]
hash = util.ot_hash(prime_group.pow(c1, x), len(e[chosen_value]))
result_pr = util.xor_bytes(e[chosen_value], bytes(hash))
result[index] = pickle.loads(result_pr)
socket.send("Done")
return result
def sendMessage(self, h0):
# h0 (h_1b) is send to sender
h_0 = h0
h_1 = self.G_sender.mul(self.c, self.G_sender.inv(h_0))
k = self.G_sender.primeM1
# g is a generator of cyclic finite abelian group G of prime order q.
# c_1 = g**k
c_1 = self.G_sender.gen_pow(k)
# msg1 = self.msg1.encode() ## this should be your input message
# msg2 = self.msg2.encode()
msg1 = self.msg1
msg2 = self.msg2
msg_length = len(self.msg1)
# encrypt the message
e_0 = util.xor_bytes(msg1, util.ot_hash(self.G_sender.pow(h_0, k), msg_length))
e_1 = util.xor_bytes(msg2, util.ot_hash(self.G_sender.pow(h_1, k), msg_length))
# send encrypted message e0 e1 and c1 to the receiver
return c_1, [e_0, e_1],msg_length
def ot_alice(socket, msgs):
"""Oblivious transfer, Alice's side.
Keyword arguments:
socket -- socket for exchanges between A and B
msgs -- a pair (msg1, msg2) to suggest to Bob
"""
# Create the prime group and send it to Bob
G = util.PrimeGroup()
socket.send_wait(G)
# OT protocol based on
# Nigel Smart’s "Cryptography Made Simple" implementation
c = G.gen_pow(G.rand_int())
h0 = socket.send_wait(c)
h1 = G.mul(c, G.inv(h0))
k = G.rand_int()
c1 = G.gen_pow(k)
e0 = util.xor_bytes(msgs[0], util.ot_hash(G.pow(h0, k), len(msgs[0])))
e1 = util.xor_bytes(msgs[1], util.ot_hash(G.pow(h1, k), len(msgs[1])))
socket.send((c1, e0, e1))
def alice_sende(self, h0):
# print("received h0:" + str(type(h0)))
h1 = self.G.mul(self.G.inv(h0), self.c)
k = self.G.primeM1
c1 = self.G.gen_pow(k)
# m0 = bytes(str(self.M[0]), 'utf-8')
# m1 = bytes(str(self.M[1]), 'utf-8')
m0 = self.M[0]
m1 = self.M[1]
h0k = self.G.pow(h0, k)
H0 = util.ot_hash(h0k, len(str(m0)))
e0 = util.xor_bytes(m0, H0)
h1k = self.G.pow(h1, k)
H1 = util.ot_hash(h1k, len(str(m1)))
e1 = util.xor_bytes(m1, H1)
j = {"c1": c1, "e0": e0, "e1": e1}
# print("c1:"+str(type(c1))+"e0:"+str(type(e0))+"e1:"+str(type(e1)))
return c1, e0, e1
def getMessage(self, c_1, encryMsg, msg_length):
#get the encrypted message and decrypt it
trueMessage = util.xor_bytes(encryMsg[self.choice], util.ot_hash(pow(c_1, self.x, 2), msg_length))
return trueMessage