def ot_bob(socket, b):
"""Oblivious transfer, Bob's side.
Keyword arguments:
socket -- socket for exchanges between A and B
b -- Bob's input bit used to select one of Alice's messages
Returns:
msg -- the message selected by Bob
"""
# Receive the prime group from Alice
G = socket.receive()
socket.send(True)
# OT protocol based on
# Nigel Smart’s "Cryptography Made Simple" implementation
c = socket.receive()
x = G.rand_int()
h_b = G.gen_pow(x)
h_notb = G.mul(c, G.inv(h_b))
if b:
c1, e0, e1 = socket.send_wait(h_notb)
mb = util.xor_bytes(e1, util.ot_hash(G.pow(c1, x), len(e1)))
else:
c1, e0, e1 = socket.send_wait(h_b)
mb = util.xor_bytes(e0, util.ot_hash(G.pow(c1, x), len(e0)))
return mb
def send_bob_values(bob_index, all_bob_values, socket):
#Send all values in circuit
for index in bob_index:
#Extract values of 0 and 1 respectively
values = all_bob_values[index]
#Begin OT
#Phase1
c = util.prime_group.rand_int()
#Phase3
h0 = socket.send_wait([c,util.prime_group])
h1 = util.prime_group.mul(c, util.prime_group.inv(h0))
k = util.prime_group.rand_int()
c1 = util.prime_group.gen_pow(k)
e = [0,0]
value = pickle.dumps(values[0])
hash0 = util.ot_hash(util.prime_group.pow(h0, k), len(value))
e[0] = util.xor_bytes(value, bytes(hash0))
value = pickle.dumps(values[1])
hash1 = util.ot_hash(util.prime_group.pow(h1, k), len(value))
e[1] = util.xor_bytes(value, bytes(hash1))
socket.send_wait([c1, e])
def bob_decode(self, c1, e0, e1):
if self.b == 0:
H = util.ot_hash(self.G.pow(c1, self.x), len(e0))
mb = util.xor_bytes(e0, H)
else:
H = util.ot_hash(self.G.pow(c1, self.x), len(e1))
mb = util.xor_bytes(e1, H)
return mb
def receive_bob_values(bob_index, chosen_values, socket):
result = [0] * len(bob_index)
for index in range(len(bob_index)):
chosen_value = chosen_values[index]
#Begin OT
#Phase2
encoded_value = socket.receive()
c = encoded_value[0]
prime_group = encoded_value[1]
x = prime_group.rand_int()
h = [0,0]
h[chosen_value] = prime_group.gen_pow(x)
h[1-chosen_value] = prime_group.mul(c, prime_group.inv(h[chosen_value]))
socket.send(h[0])
#Phase4
encoded_value = socket.receive()
c1 = encoded_value[0]
e = encoded_value[1]
hash = util.ot_hash(prime_group.pow(c1, x), len(e[chosen_value]))
result_pr = util.xor_bytes(e[chosen_value], bytes(hash))
result[index] = pickle.loads(result_pr)
socket.send("Done")
return result
def ot_evaluator(self, b):
"""Oblivious transfer, Bob's side.
Args:
b: Bob's input bit used to select one of Alice's messages.
Returns:
The message selected by Bob.
"""
logging.debug("OT protocol started")
G = self.socket.receive()
self.socket.send(True)
# OT protocol based on Nigel Smart’s "Cryptography Made Simple"
c = self.socket.receive()
x = G.rand_int()
x_pow = G.gen_pow(x)
h = (x_pow, G.mul(c, G.inv(x_pow)))
c1, e0, e1 = self.socket.send_wait(h[b])
e = (e0, e1)
ot_hash = self.ot_hash(G.pow(c1, x), len(e[b]))
mb = util.xor_bytes(e[b], ot_hash)
logging.debug("OT protocol ended")
return mb
def sendMessage(self, h0):
# h0 (h_1b) is send to sender
h_0 = h0
h_1 = self.G_sender.mul(self.c, self.G_sender.inv(h_0))
k = self.G_sender.primeM1
# g is a generator of cyclic finite abelian group G of prime order q.
# c_1 = g**k
c_1 = self.G_sender.gen_pow(k)
# msg1 = self.msg1.encode() ## this should be your input message
# msg2 = self.msg2.encode()
msg1 = self.msg1
msg2 = self.msg2
msg_length = len(self.msg1)
# encrypt the message
e_0 = util.xor_bytes(msg1, util.ot_hash(self.G_sender.pow(h_0, k), msg_length))
e_1 = util.xor_bytes(msg2, util.ot_hash(self.G_sender.pow(h_1, k), msg_length))
# send encrypted message e0 e1 and c1 to the receiver
return c_1, [e_0, e_1],msg_length
def ot_alice(socket, msgs):
"""Oblivious transfer, Alice's side.
Keyword arguments:
socket -- socket for exchanges between A and B
msgs -- a pair (msg1, msg2) to suggest to Bob
"""
# Create the prime group and send it to Bob
G = util.PrimeGroup()
socket.send_wait(G)
# OT protocol based on
# Nigel Smart’s "Cryptography Made Simple" implementation
c = G.gen_pow(G.rand_int())
h0 = socket.send_wait(c)
h1 = G.mul(c, G.inv(h0))
k = G.rand_int()
c1 = G.gen_pow(k)
e0 = util.xor_bytes(msgs[0], util.ot_hash(G.pow(h0, k), len(msgs[0])))
e1 = util.xor_bytes(msgs[1], util.ot_hash(G.pow(h1, k), len(msgs[1])))
socket.send((c1, e0, e1))
def alice_sende(self, h0):
# print("received h0:" + str(type(h0)))
h1 = self.G.mul(self.G.inv(h0), self.c)
k = self.G.primeM1
c1 = self.G.gen_pow(k)
# m0 = bytes(str(self.M[0]), 'utf-8')
# m1 = bytes(str(self.M[1]), 'utf-8')
m0 = self.M[0]
m1 = self.M[1]
h0k = self.G.pow(h0, k)
H0 = util.ot_hash(h0k, len(str(m0)))
e0 = util.xor_bytes(m0, H0)
h1k = self.G.pow(h1, k)
H1 = util.ot_hash(h1k, len(str(m1)))
e1 = util.xor_bytes(m1, H1)
j = {"c1": c1, "e0": e0, "e1": e1}
# print("c1:"+str(type(c1))+"e0:"+str(type(e0))+"e1:"+str(type(e1)))
return c1, e0, e1
def ot_garbler(self, msgs):
"""Oblivious transfer, Alice's side.
Args:
msgs: A pair (msg1, msg2) to suggest to Bob.
"""
logging.debug("OT protocol started")
G = util.PrimeGroup()
self.socket.send_wait(G)
# OT protocol based on Nigel Smart’s "Cryptography Made Simple"
c = G.gen_pow(G.rand_int())
h0 = self.socket.send_wait(c)
h1 = G.mul(c, G.inv(h0))
k = G.rand_int()
c1 = G.gen_pow(k)
e0 = util.xor_bytes(msgs[0], self.ot_hash(G.pow(h0, k), len(msgs[0])))
e1 = util.xor_bytes(msgs[1], self.ot_hash(G.pow(h1, k), len(msgs[1])))
self.socket.send((c1, e0, e1))
logging.debug("OT protocol ended")
def aesPlumbCFB_Decrypt512(inBlock_bytes, blockNumber, key, salt):
# decrypt second half of the block using preceeding
# bytes as IV_prev
iv1 = inBlock_bytes[SECTOR_SIZE // 2 - IV_SIZE:SECTOR_SIZE // 2]
second_half = DecryptCFBdbl(key, inBlock_bytes[512 // 2:], iv1)
# E(IV_prev) ^ C = E(IV_prev) ^ E(IV_prev) ^ P ^ sum = P ^ sum,
# so we recovered P ^ sum == IV_0
# invert half of IV
iv2 = second_half[-IV_SIZE // 2:]
iv2 += neg_bytes(iv2)
# now can decrypt first half
first_half = DecryptCFBdbl(key, inBlock_bytes[:512 // 2], iv2)
# finally fix the last block:
# get P from IV_0 == P ^ sum
sum16 = getSum16(first_half + second_half, salt, blockNumber)
last_block = xor_bytes(second_half[-16:], sum16)
return first_half + second_half[:-16] + last_block
def getMessage(self, c_1, encryMsg, msg_length):
#get the encrypted message and decrypt it
trueMessage = util.xor_bytes(encryMsg[self.choice], util.ot_hash(pow(c_1, self.x, 2), msg_length))
return trueMessage
def unmask(seed, msg):
mask = mgf1(seed, len(msg))
return xor_bytes(mask, msg)