rsa-accumulator 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/workflows/ruby.yml +22 -0
- data/.gitignore +11 -0
- data/.rspec +3 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +9 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +6 -0
- data/LICENSE.txt +21 -0
- data/README.md +68 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/rsa/acc.rb +12 -0
- data/lib/rsa/acc/ext.rb +20 -0
- data/lib/rsa/acc/functions.rb +84 -0
- data/lib/rsa/acc/poe.rb +41 -0
- data/lib/rsa/acc/poke2.rb +71 -0
- data/lib/rsa/acc/proof.rb +51 -0
- data/lib/rsa/acc/version.rb +5 -0
- data/lib/rsa/accumulator.rb +141 -0
- data/rsa-accumulatorrb.gemspec +31 -0
- metadata +121 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 6b5bb2ad698c4440d30bdbd29b3be321a3829b78bad6e188d06b351e8d81f337
|
4
|
+
data.tar.gz: e9270d41f253c25b4f2a44ca51d4fd03bc8ff323a173b8fff845ba5c8af5ef3c
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 3bf39ed19c73847ec804b63032d940e55595f38f6b3e4abce3aba7bceb7524f06bc7a7b015264309e4b2c0123b22c999a110d08bb5982a16790deee658b00bc7
|
7
|
+
data.tar.gz: b91fac654230b7f9e5837eb4249881f71e915e3f7911dd63e7bf4065ce8b7daa50bdd8beb0c3ff59283b39ff73972afec66bb4558824ac75918e0b43c1580761
|
@@ -0,0 +1,22 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on: [push]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
strategy:
|
10
|
+
matrix:
|
11
|
+
ruby: ['2.5.x', '2.6.x']
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v1
|
14
|
+
- name: Set up Ruby environment
|
15
|
+
uses: actions/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: ${{ matrix.ruby }}
|
18
|
+
- name: Build and test with Rake
|
19
|
+
run: |
|
20
|
+
gem install bundler
|
21
|
+
bundle install --jobs 4 --retry 3
|
22
|
+
bundle exec rake
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
rsa-accumulator
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.6.3
|
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at azuchi@chaintope.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2019 azuchi
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
# RSA Accumulator for Ruby [![Build Status](https://travis-ci.org/chaintope/rsa-accumulatorrb.svg?branch=master)](https://travis-ci.org/chaintope/rsa-accumulatorrb) [![Gem Version](https://badge.fury.io/rb/rsa-accumulator.svg)](https://badge.fury.io/rb/rsa-accumulator) [![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE)
|
2
|
+
|
3
|
+
|
4
|
+
Cryptographic accumulator based on the strong RSA assumption [BBF18](https://eprint.iacr.org/2018/1188.pdf) in Ruby.
|
5
|
+
|
6
|
+
## Installation
|
7
|
+
|
8
|
+
Add this line to your application's Gemfile:
|
9
|
+
|
10
|
+
```ruby
|
11
|
+
gem 'rsa-accumulator'
|
12
|
+
```
|
13
|
+
|
14
|
+
And then execute:
|
15
|
+
|
16
|
+
$ bundle
|
17
|
+
|
18
|
+
Or install it yourself as:
|
19
|
+
|
20
|
+
$ gem install rsa-accumulator
|
21
|
+
|
22
|
+
## Usage
|
23
|
+
|
24
|
+
### Setup accumulator
|
25
|
+
|
26
|
+
First, initialize the accumulator. Since the accumulator uses groups of unknown order, it can be generated in following ways:
|
27
|
+
|
28
|
+
require 'rsa-accumulator'
|
29
|
+
|
30
|
+
# using RSA modulus published by RSA Laboratory
|
31
|
+
acc = RSA::Accumulator.generate_rsa2048
|
32
|
+
|
33
|
+
# using Random RSA modulus with a specified bit length(default value is )
|
34
|
+
acc = RSA::Accumulator.generate_random(2048)
|
35
|
+
|
36
|
+
### Adding elements and membership proof
|
37
|
+
|
38
|
+
You can add arbitrary String data to the accumulator.
|
39
|
+
|
40
|
+
acc.add('a', 'b')
|
41
|
+
proof = acc.add('c')
|
42
|
+
|
43
|
+
You can use inclusion proof to prove that an element exists in an accumulator.
|
44
|
+
|
45
|
+
acc.member?(proof)
|
46
|
+
|
47
|
+
### Non membership proof
|
48
|
+
|
49
|
+
You can generate non-membership proof and prove that the elements does not exist in the accumulator.
|
50
|
+
|
51
|
+
members = %w(a b)
|
52
|
+
non_members = %w(c, d)
|
53
|
+
acc.add(*members)
|
54
|
+
proof = acc.prove_non_membership(members, non_members)
|
55
|
+
acc.non_member?(non_members, proof)
|
56
|
+
=> true
|
57
|
+
|
58
|
+
### Delete element from accumulator
|
59
|
+
|
60
|
+
You can remove elements from the accumulator by providing the inclusion proof.
|
61
|
+
|
62
|
+
acc.add('a', 'b')
|
63
|
+
proof = acc.add('c')
|
64
|
+
acc.delete(proof)
|
65
|
+
|
66
|
+
acc.member?(proof)
|
67
|
+
=> false
|
68
|
+
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "rsa/accumulator"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/lib/rsa/acc.rb
ADDED
data/lib/rsa/acc/ext.rb
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# Extending an existing class
|
2
|
+
module RSA
|
3
|
+
module ACC
|
4
|
+
|
5
|
+
module Ext
|
6
|
+
|
7
|
+
refine Integer do
|
8
|
+
def pow(*several_variants)
|
9
|
+
return super(*several_variants) if several_variants.size == 1
|
10
|
+
return super(*several_variants) unless several_variants.first.negative?
|
11
|
+
exp = several_variants.first
|
12
|
+
inv = self.to_bn.mod_inverse(several_variants[1]).to_i
|
13
|
+
inv.pow(-exp, several_variants[1])
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require 'rbnacl'
|
2
|
+
|
3
|
+
module RSA
|
4
|
+
module ACC
|
5
|
+
module Functions
|
6
|
+
|
7
|
+
using RSA::ACC::Ext
|
8
|
+
|
9
|
+
# Convert element to prime number.
|
10
|
+
# @param [Array[String] elements an element to be converted.
|
11
|
+
# @return [Integer] prime number.
|
12
|
+
def hash_to_prime(element)
|
13
|
+
nonce = 0
|
14
|
+
loop do
|
15
|
+
candidate = RbNaCl::Hash.blake2b(element + even_hex(nonce)).unpack("C*")
|
16
|
+
candidate[-1] |= 1
|
17
|
+
candidate = candidate.pack('c*').unpack("H*").first.to_i(16)
|
18
|
+
if candidate.to_bn.prime?
|
19
|
+
return candidate
|
20
|
+
end
|
21
|
+
nonce += 1
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
# Converts a list of elements to an product of prime numbers.
|
26
|
+
# @param [Array[String]] elements a list of element.
|
27
|
+
# @return [Integer] an product of prime numbers
|
28
|
+
def elements_to_prime(elements)
|
29
|
+
elements.map{|e|hash_to_prime(e)}.inject(:*)
|
30
|
+
end
|
31
|
+
|
32
|
+
# Computes (xy) th root of g given xth and yth roots of g. x and y is co-prime.
|
33
|
+
# (a, b) ← Bezout(x, y)
|
34
|
+
#
|
35
|
+
# @param [Integer] w1 first witness.
|
36
|
+
# @param [Integer] w2 second witness.
|
37
|
+
# @param [Integer] x
|
38
|
+
# @param [Integer] y
|
39
|
+
# @return [Integer] w1^b * w2^a
|
40
|
+
def shamir_trick(w1, w2, x, y, modulus)
|
41
|
+
raise ArgumentError, 'w1^x != w2^y' unless w1.pow(x, modulus) == w2.pow(y, modulus)
|
42
|
+
a, b = egcd(x, y)
|
43
|
+
raise ArgumentError, 'Inputs does not co-prime.' unless a * x + b * y == 1
|
44
|
+
(w1.pow(b, modulus) * w2.pow(a, modulus)) % modulus
|
45
|
+
end
|
46
|
+
|
47
|
+
# Computes Bezout coefficients.
|
48
|
+
# see: https://github.com/dryruby/rsa.rb/blob/b1366970d31dba0078fd06d9f5d3ddd4952fb087/lib/rsa/math.rb#L143
|
49
|
+
# @param [Integer] x
|
50
|
+
# @param [Integer] y
|
51
|
+
# @return [Array[Integer, Integer]] Bezout coefficients
|
52
|
+
def egcd(x, y)
|
53
|
+
return [0, 1] if x.modulo(y).zero?
|
54
|
+
a, b = egcd(y, x.modulo(y))
|
55
|
+
[b, a - b * x.div(y)]
|
56
|
+
end
|
57
|
+
|
58
|
+
# Computes a challenge from +params+.
|
59
|
+
# @param [Array[Integer]] params
|
60
|
+
# @return [Integer] prime number of challenge.
|
61
|
+
def compute_challenge(*params)
|
62
|
+
hash_to_prime(params.map{|p|even_hex(p)}.join)
|
63
|
+
end
|
64
|
+
|
65
|
+
# Computes hash value from +params+.
|
66
|
+
# @param [Array[Integer]] params
|
67
|
+
# @return [Integer] hash value.
|
68
|
+
def blake2_hash(*params)
|
69
|
+
RbNaCl::Hash.blake2b(params.map{|p|even_hex(p)}.join).unpack("H*").first.to_i(16)
|
70
|
+
end
|
71
|
+
|
72
|
+
private
|
73
|
+
|
74
|
+
# Convert +num+ to even hex string.
|
75
|
+
# @param [Integer] num
|
76
|
+
# @return [String] hex string.
|
77
|
+
def even_hex(num)
|
78
|
+
hex = num.to_s(16)
|
79
|
+
hex.rjust((hex.length / 2.0).ceil * 2, '0')
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
data/lib/rsa/acc/poe.rb
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
module RSA
|
2
|
+
module ACC
|
3
|
+
|
4
|
+
# Non-Interactive Proof of Exponentiation
|
5
|
+
module PoE
|
6
|
+
|
7
|
+
using RSA::ACC::Ext
|
8
|
+
|
9
|
+
include RSA::ACC::Functions
|
10
|
+
extend RSA::ACC::Functions
|
11
|
+
|
12
|
+
module_function
|
13
|
+
|
14
|
+
# Computes a proof +base+ ^ H(+exp+) was performed to derive +result+.
|
15
|
+
# @param [Integer] base The known base.
|
16
|
+
# @param [Integer] exp The exponentiation.
|
17
|
+
# @param [Integer] result such as result = base^exp.
|
18
|
+
# @param [Integer] modulus modulus using computation.
|
19
|
+
def prove(base, exp, result, modulus)
|
20
|
+
l = compute_challenge(base, exp, result)
|
21
|
+
q = exp / l
|
22
|
+
base.pow(q, modulus)
|
23
|
+
end
|
24
|
+
|
25
|
+
# Verifies that base^exp = result using the given proof to avoid computation.
|
26
|
+
# @param [Integer] base The known base.
|
27
|
+
# @param [Integer] exp The exponentiation.
|
28
|
+
# @param [Integer] result such as result = base^exp.
|
29
|
+
# @param [Integer] proof an proof.
|
30
|
+
# @param [Integer] modulus modulus using computation.
|
31
|
+
def verify(base, exp, result, proof, modulus)
|
32
|
+
l = compute_challenge(base, exp, result)
|
33
|
+
r = exp % l
|
34
|
+
w = (proof.pow(l, modulus) * base.pow(r, modulus)) % modulus
|
35
|
+
w == result
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
module RSA
|
2
|
+
module ACC
|
3
|
+
|
4
|
+
class PoKE2Proof
|
5
|
+
|
6
|
+
using RSA::ACC::Ext
|
7
|
+
|
8
|
+
attr_reader :z
|
9
|
+
attr_reader :q
|
10
|
+
attr_reader :r
|
11
|
+
|
12
|
+
def initialize(z, q, r)
|
13
|
+
@z = z
|
14
|
+
@q = q
|
15
|
+
@r = r
|
16
|
+
end
|
17
|
+
|
18
|
+
# Check whether same proof.
|
19
|
+
# @param [RSA::ACC::PoKE2Proof] other other proof.
|
20
|
+
# @return [Boolean] whether same proof.
|
21
|
+
def ==(other)
|
22
|
+
return false unless other.is_a?(RSA::ACC::PoKE2Proof)
|
23
|
+
z == other.z && q == other.q && r == other.r
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
# Non-Interactive Proof of knowledge of exponent2.
|
29
|
+
module PoKE2
|
30
|
+
|
31
|
+
using RSA::ACC::Ext
|
32
|
+
|
33
|
+
include RSA::ACC::Functions
|
34
|
+
extend RSA::ACC::Functions
|
35
|
+
|
36
|
+
module_function
|
37
|
+
|
38
|
+
# Computes a proof that you know +exp+ s.t. +base+ ^ +exp+ = +result+.
|
39
|
+
# @param [Integer] base
|
40
|
+
# @param [Integer] exp
|
41
|
+
# @param [Integer] result
|
42
|
+
# @param [Integer] modulus
|
43
|
+
# @return [RSA::ACC::PoKE2Proof] a proof.
|
44
|
+
def prove(base, exp, result, modulus)
|
45
|
+
g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
|
46
|
+
z = g.pow(exp, modulus)
|
47
|
+
l = compute_challenge(base, result, z)
|
48
|
+
alpha = blake2_hash(base, result, z, l)
|
49
|
+
q, r = exp.divmod(l)
|
50
|
+
RSA::ACC::PoKE2Proof.new(z, ((base * g.pow(alpha, modulus)) % modulus).pow(q, modulus), r)
|
51
|
+
end
|
52
|
+
|
53
|
+
# Verifies that the prover knows +exp+ s.t. +base+ ^ +exp+ = +result+
|
54
|
+
# @param [Integer] base
|
55
|
+
# @param [Integer] result
|
56
|
+
# @param [RSA::ACC::PoKE2Proof] proof
|
57
|
+
# @param [Integer] modulus
|
58
|
+
# @return [Boolean] Returns true for successful verification, false otherwise.
|
59
|
+
def verify(base, result, proof, modulus)
|
60
|
+
g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
|
61
|
+
l = compute_challenge(base, result, proof.z)
|
62
|
+
alpha = blake2_hash(base, result, proof.z, l)
|
63
|
+
lhs = (proof.q.pow(l, modulus) * ((base * g.pow(alpha, modulus) % modulus)).pow(proof.r, modulus)) % modulus
|
64
|
+
rhs = (result * proof.z.pow(alpha, modulus) % modulus)
|
65
|
+
lhs == rhs
|
66
|
+
end
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
module RSA
|
2
|
+
module ACC
|
3
|
+
|
4
|
+
# Proof of membership of the element's inclusion in the accumulator.
|
5
|
+
class MembershipProof
|
6
|
+
|
7
|
+
include Functions
|
8
|
+
|
9
|
+
# witness^H(element) == acc
|
10
|
+
attr_reader :element
|
11
|
+
attr_reader :witness
|
12
|
+
attr_reader :acc_value
|
13
|
+
attr_reader :proof # prof calculated by PoE
|
14
|
+
|
15
|
+
def initialize(element, witness, acc_value, proof)
|
16
|
+
@element = element
|
17
|
+
@witness = witness
|
18
|
+
@acc_value = acc_value
|
19
|
+
@proof = proof
|
20
|
+
end
|
21
|
+
|
22
|
+
# Convert element to prime number.
|
23
|
+
# @return [Integer] prime number of element.
|
24
|
+
def element_prime
|
25
|
+
return nil if element.nil?
|
26
|
+
element.is_a?(Array) ? elements_to_prime(element) : hash_to_prime(element)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
|
31
|
+
# Proof of non-membership of the element's not inclusion in the accumulator.
|
32
|
+
class NonMembershipProof
|
33
|
+
|
34
|
+
attr_reader :d # d = g^b
|
35
|
+
attr_reader :v # v = A(current acc)^a
|
36
|
+
attr_reader :gv_inv # gv_inv = v^{-1}
|
37
|
+
attr_reader :poke2_proof # NI-PoKE2(A, v, a)
|
38
|
+
attr_reader :poe_proof # NI-PoE(d, x, g*v^{-1})
|
39
|
+
|
40
|
+
def initialize(d, v, gv_inv, poke2_proof, poe_proof)
|
41
|
+
@d = d
|
42
|
+
@v = v
|
43
|
+
@gv_inv = gv_inv
|
44
|
+
@poke2_proof = poke2_proof
|
45
|
+
@poe_proof = poe_proof
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require 'rsa/acc'
|
2
|
+
require 'openssl'
|
3
|
+
require 'securerandom'
|
4
|
+
|
5
|
+
module RSA
|
6
|
+
class Accumulator
|
7
|
+
|
8
|
+
using RSA::ACC::Ext
|
9
|
+
|
10
|
+
include RSA::ACC::Functions
|
11
|
+
include RSA::ACC::PoE
|
12
|
+
|
13
|
+
# RSA-2048 modulus(https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048).
|
14
|
+
RSA2048_MODULUS = 25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357
|
15
|
+
RSA2048_UNKNOWN_ELEM = 2
|
16
|
+
|
17
|
+
attr_reader :n
|
18
|
+
attr_accessor :value
|
19
|
+
attr_reader :g # Initial value
|
20
|
+
|
21
|
+
# Generate accumulator using RSA2048 modulus.
|
22
|
+
# @return [RSA::Accumulator]
|
23
|
+
def self.generate_rsa2048
|
24
|
+
new(RSA2048_MODULUS, RSA2048_UNKNOWN_ELEM)
|
25
|
+
end
|
26
|
+
|
27
|
+
# Generate accumulator with random modulus.
|
28
|
+
# @param [Integer] bit_length bit length of accumulator. Default: 3072 bits.
|
29
|
+
# @return [RSA::Accumulator]
|
30
|
+
def self.generate_random(bit_length = 3072)
|
31
|
+
n = OpenSSL::PKey::RSA.generate(bit_length).n.to_i
|
32
|
+
new(n, SecureRandom.random_number(n))
|
33
|
+
end
|
34
|
+
|
35
|
+
# Initialize accumulator
|
36
|
+
# @param [Integer] n modulus
|
37
|
+
# @param [Integer] value initial value
|
38
|
+
# @return [RSA::Accumulator]
|
39
|
+
def initialize(n, value)
|
40
|
+
@n = n
|
41
|
+
@value = value
|
42
|
+
@g = value
|
43
|
+
end
|
44
|
+
|
45
|
+
# Add element to accumulator and get inclusion proof.
|
46
|
+
# @param [Array[String]] elements a list of elements to be added.
|
47
|
+
# @return [RSA::ACC::MembershipProof] inclusion proof.
|
48
|
+
def add(*elements)
|
49
|
+
current_acc = value
|
50
|
+
p = elements_to_prime(elements)
|
51
|
+
@value = value.pow(p, n)
|
52
|
+
RSA::ACC::MembershipProof.new(elements, current_acc, value, RSA::ACC::PoE.prove(current_acc, p, value, n))
|
53
|
+
end
|
54
|
+
|
55
|
+
# Check whether +other+ is same accumulator.
|
56
|
+
# @param [RSA::ACC:Accumulator] other other accumulator.
|
57
|
+
# @return [Boolean] if same acc return true, otherwise return false.
|
58
|
+
def ==(other)
|
59
|
+
return false unless other.is_a?(Accumulator)
|
60
|
+
self.n == other.n && self.value == other.value
|
61
|
+
end
|
62
|
+
|
63
|
+
# Check whether +proof+#element include in accumulator.
|
64
|
+
# @param [RSA::ACC::MembershipProof] proof inclusion proof.
|
65
|
+
# @return [Boolean] If element exist in acc return true, otherwise false.
|
66
|
+
def member?(proof)
|
67
|
+
RSA::ACC::PoE.verify(proof.witness, proof.element_prime, value, proof.proof, n)
|
68
|
+
end
|
69
|
+
|
70
|
+
# Verifies a non-membership proof against the current accumulator and +elements+ whose non-inclusion is being proven.
|
71
|
+
# @param [Array[String]] elements elements whose non-inclusion is being proven.
|
72
|
+
# @param [RSA::ACC::NonMembershipProof] proof non-membership proof.
|
73
|
+
# @return [Boolean]
|
74
|
+
def non_member?(elements, proof)
|
75
|
+
x = elements_to_prime(elements)
|
76
|
+
RSA::ACC::PoKE2.verify(value, proof.v, proof.poke2_proof, n) &&
|
77
|
+
RSA::ACC::PoE.verify(proof.d, x, proof.gv_inv, proof.poe_proof, n)
|
78
|
+
end
|
79
|
+
|
80
|
+
# Generate non-membership proof using set of elements in current acc and non membership elements.
|
81
|
+
# @param [Array[String]] members The entire set of elements contained within this accumulator.
|
82
|
+
# @param [Array[String]] non_members Elements not included in this accumulator that you want to prove non-membership.
|
83
|
+
# @return [RSA::ACC::NonMembershipProof] Non-membership proof.
|
84
|
+
def prove_non_membership(members, non_members)
|
85
|
+
s = elements_to_prime(members)
|
86
|
+
x = elements_to_prime(non_members)
|
87
|
+
|
88
|
+
a, b = egcd(s, x)
|
89
|
+
raise ArgumentError, "Inputs not co-prime." unless a * s + b * x == 1
|
90
|
+
|
91
|
+
v = value.pow(a, n)
|
92
|
+
d = g.pow(b, n)
|
93
|
+
gv_inv = (g * v.pow(-1, n)) % n
|
94
|
+
|
95
|
+
poke2_proof = RSA::ACC::PoKE2.prove(value, a, v, n)
|
96
|
+
poe_proof = RSA::ACC::PoE.prove(d, x, gv_inv, n)
|
97
|
+
|
98
|
+
RSA::ACC::NonMembershipProof.new(d, v, gv_inv, poke2_proof, poe_proof)
|
99
|
+
end
|
100
|
+
|
101
|
+
# Remove the elements in +proofs+ from the accumulator.
|
102
|
+
# @param [RSA::ACC::MembershipProof] proofs proofs including the elements to be removed and the witnesses.
|
103
|
+
# @return [RSA::ACC::MembershipProof] Proof that the accumulator before the remove contained the deleted elements.
|
104
|
+
def delete(*proofs)
|
105
|
+
return RSA::ACC::MembershipProof.new(proofs.map(&:element).flatten, value, value, RSA::ACC::PoE.prove(value, 1, value, n)) if proofs.empty?
|
106
|
+
|
107
|
+
witnesses = proofs.map do |proof|
|
108
|
+
p = proof.element_prime
|
109
|
+
raise RSA::ACC::Error, 'Bad witness.' unless proof.witness.pow(p, n) == value
|
110
|
+
[p, proof.witness]
|
111
|
+
end
|
112
|
+
|
113
|
+
current_value = value
|
114
|
+
proof_product = witnesses.first[0]
|
115
|
+
new_value = witnesses.first[1]
|
116
|
+
if witnesses.size > 1
|
117
|
+
witnesses[1..-1].each do |w|
|
118
|
+
new_value = shamir_trick(new_value, w[1], proof_product, w[0], n)
|
119
|
+
proof_product *= w[0]
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
@value = new_value
|
124
|
+
RSA::ACC::MembershipProof.new(proofs.map{|p|p.element}.flatten, value, current_value, RSA::ACC::PoE.prove(value, proof_product, current_value, n))
|
125
|
+
end
|
126
|
+
|
127
|
+
# Computes an xi-th root of +y+ for all i = 1, ..., n in total time O(n log(n)).
|
128
|
+
# @param [Array[Integer]] f factorizations of the exponent x = x1, ..., xn.
|
129
|
+
# @return [Array{Integer}] array of xi-th root
|
130
|
+
def root_factor(*f)
|
131
|
+
return [value] if f.size == 1
|
132
|
+
half_n = f.size / 2
|
133
|
+
g_l = RSA::Accumulator.new(n, value.pow(f[0...half_n].map.inject(:*), n))
|
134
|
+
g_r = RSA::Accumulator.new(n, value.pow(f[half_n..-1].map.inject(:*), n))
|
135
|
+
l = g_r.root_factor(*f[0...half_n])
|
136
|
+
r = g_l.root_factor(*f[half_n..-1])
|
137
|
+
[l, r].flatten
|
138
|
+
end
|
139
|
+
|
140
|
+
end
|
141
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
|
2
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require "rsa/acc/version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "rsa-accumulator"
|
8
|
+
spec.version = RSA::ACC::VERSION
|
9
|
+
spec.authors = ["azuchi"]
|
10
|
+
spec.email = ["azuchi@chaintope.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{RSA accumulator implementation for Ruby.}
|
13
|
+
spec.description = %q{RSA accumulator implementation for Ruby.}
|
14
|
+
spec.homepage = "https://github.com/chaintope/rsa-accumulatorrb"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
# Specify which files should be added to the gem when it is released.
|
18
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
19
|
+
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
20
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
21
|
+
end
|
22
|
+
spec.bindir = "exe"
|
23
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
|
+
spec.require_paths = ["lib"]
|
25
|
+
|
26
|
+
spec.add_runtime_dependency "rbnacl"
|
27
|
+
|
28
|
+
spec.add_development_dependency "bundler"
|
29
|
+
spec.add_development_dependency "rake", ">= 12.3.3"
|
30
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
31
|
+
end
|
metadata
ADDED
@@ -0,0 +1,121 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rsa-accumulator
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- azuchi
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-06-23 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rbnacl
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 12.3.3
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 12.3.3
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.0'
|
69
|
+
description: RSA accumulator implementation for Ruby.
|
70
|
+
email:
|
71
|
+
- azuchi@chaintope.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- ".github/workflows/ruby.yml"
|
77
|
+
- ".gitignore"
|
78
|
+
- ".rspec"
|
79
|
+
- ".ruby-gemset"
|
80
|
+
- ".ruby-version"
|
81
|
+
- ".travis.yml"
|
82
|
+
- CODE_OF_CONDUCT.md
|
83
|
+
- Gemfile
|
84
|
+
- LICENSE.txt
|
85
|
+
- README.md
|
86
|
+
- Rakefile
|
87
|
+
- bin/console
|
88
|
+
- bin/setup
|
89
|
+
- lib/rsa/acc.rb
|
90
|
+
- lib/rsa/acc/ext.rb
|
91
|
+
- lib/rsa/acc/functions.rb
|
92
|
+
- lib/rsa/acc/poe.rb
|
93
|
+
- lib/rsa/acc/poke2.rb
|
94
|
+
- lib/rsa/acc/proof.rb
|
95
|
+
- lib/rsa/acc/version.rb
|
96
|
+
- lib/rsa/accumulator.rb
|
97
|
+
- rsa-accumulatorrb.gemspec
|
98
|
+
homepage: https://github.com/chaintope/rsa-accumulatorrb
|
99
|
+
licenses:
|
100
|
+
- MIT
|
101
|
+
metadata: {}
|
102
|
+
post_install_message:
|
103
|
+
rdoc_options: []
|
104
|
+
require_paths:
|
105
|
+
- lib
|
106
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
112
|
+
requirements:
|
113
|
+
- - ">="
|
114
|
+
- !ruby/object:Gem::Version
|
115
|
+
version: '0'
|
116
|
+
requirements: []
|
117
|
+
rubygems_version: 3.0.3
|
118
|
+
signing_key:
|
119
|
+
specification_version: 4
|
120
|
+
summary: RSA accumulator implementation for Ruby.
|
121
|
+
test_files: []
|