charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

charm/__init__.py

@@ -0,0 +1,5 @@
+# This fixes an issue where certain python interpeters/operating systems
+# fail to properly load shared modules that c extensions depend on.
+# In this case, the benchmark module is not handeled properly on osx
+# as such we import it preimptively to force its symbols to be loaded. 
+import charm.core.benchmark 

charm/adapters/abenc_adapt_hybrid.py

@@ -0,0 +1,90 @@
+'''
+**Hybrid Encryption Adapter for CP-ABE (CP-ABE Hybrid)**
+
+*Description:* Converts a Ciphertext-Policy Attribute-Based Encryption scheme into a hybrid
+encryption scheme capable of encrypting arbitrary-length messages.
+
+| **Notes:** Uses symmetric encryption (AES) with a randomly generated session key.
+| The session key is encrypted using the underlying CP-ABE scheme.
+
+.. rubric:: Adapter Properties
+
+* **Type:** hybrid encryption adapter
+* **Underlying Scheme:** any Ciphertext-Policy ABE scheme
+* **Purpose:** enables CP-ABE schemes to encrypt arbitrary-length byte messages
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2011
+'''
+
+
+from charm.toolbox.ABEnc import ABEnc
+from charm.schemes.abenc.abenc_bsw07 import CPabe_BSW07
+from charm.toolbox.pairinggroup import PairingGroup,GT
+from charm.toolbox.symcrypto import AuthenticatedCryptoAbstraction
+from charm.core.math.pairing import hashPair as sha2
+from math import ceil
+
+debug = False
+class HybridABEnc(ABEnc):
+    """
+    >>> group = PairingGroup("SS512")
+    >>> cpabe = CPabe_BSW07(group)
+    >>> hyb_abe = HybridABEnc(cpabe, group)
+    >>> access_policy = '((four or three) and (two or one))'
+    >>> msg = b"hello world this is an important message."
+    >>> (master_public_key, master_key) = hyb_abe.setup()
+    >>> secret_key = hyb_abe.keygen(master_public_key, master_key, ['ONE', 'TWO', 'THREE'])
+    >>> cipher_text = hyb_abe.encrypt(master_public_key, msg, access_policy)
+    >>> hyb_abe.decrypt(master_public_key, secret_key, cipher_text)
+    b'hello world this is an important message.'
+    """
+    def __init__(self, scheme, groupObj):
+        ABEnc.__init__(self)
+        # check properties (TODO)
+        self.abenc = scheme
+        self.group = groupObj
+
+    def setup(self):
+        return self.abenc.setup()
+
+    def keygen(self, pk, mk, object):
+        return self.abenc.keygen(pk, mk, object)
+
+    def encrypt(self, pk, M, object):
+        key = self.group.random(GT)
+        c1 = self.abenc.encrypt(pk, key, object)
+        # instantiate a symmetric enc scheme from this key
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        c2 = cipher.encrypt(M)
+        return { 'c1':c1, 'c2':c2 }
+
+    def decrypt(self, pk, sk, ct):
+        c1, c2 = ct['c1'], ct['c2']
+        key = self.abenc.decrypt(pk, sk, c1)
+        if key is False:
+            raise Exception("failed to decrypt!")
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        return cipher.decrypt(c2)
+
+def main():
+    groupObj = PairingGroup('SS512')
+    cpabe = CPabe_BSW07(groupObj)
+    hyb_abe = HybridABEnc(cpabe, groupObj)
+    access_policy = '((four or three) and (two or one))'
+    message = b"hello world this is an important message."
+    (pk, mk) = hyb_abe.setup()
+    if debug: print("pk => ", pk)
+    if debug: print("mk => ", mk)
+    sk = hyb_abe.keygen(pk, mk, ['ONE', 'TWO', 'THREE'])
+    if debug: print("sk => ", sk)
+    ct = hyb_abe.encrypt(pk, message, access_policy)
+    mdec = hyb_abe.decrypt(pk, sk, ct)
+    assert mdec == message, "Failed Decryption!!!"
+    if debug: print("Successful Decryption!!!")
+
+if __name__ == "__main__":
+    debug = True
+    main()

charm/adapters/dabenc_adapt_hybrid.py

@@ -0,0 +1,145 @@
+'''
+**Hybrid Encryption Adapter for Multi-Authority ABE (MA-ABE Hybrid)**
+
+*Description:* Converts a Decentralized/Multi-Authority Attribute-Based Encryption scheme
+into a hybrid encryption scheme capable of encrypting arbitrary-length messages.
+
+| **Notes:** Uses symmetric encryption (AES) with a randomly generated session key.
+| The session key is encrypted using the underlying Multi-Authority ABE scheme.
+
+.. rubric:: Adapter Properties
+
+* **Type:** hybrid encryption adapter
+* **Underlying Scheme:** any Decentralized/Multi-Authority ABE scheme
+* **Purpose:** enables Multi-Authority ABE schemes to encrypt arbitrary-length byte messages
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2011
+'''
+
+from charm.core.math.pairing import hashPair as sha2
+from charm.schemes.abenc.dabe_aw11 import Dabe
+from charm.toolbox.ABEncMultiAuth import ABEncMultiAuth
+from charm.toolbox.pairinggroup import PairingGroup,GT
+from charm.toolbox.symcrypto import AuthenticatedCryptoAbstraction
+
+debug = False
+class HybridABEncMA(ABEncMultiAuth):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup,GT
+    >>> group = PairingGroup('SS512')
+    >>> dabe = Dabe(group)
+
+        Setup master authority.
+    >>> hyb_abema = HybridABEncMA(dabe, group)
+    >>> global_parameters = hyb_abema.setup()
+
+        Generate attributes for two different sub-authorities:
+        Johns Hopkins University, and Johns Hopkins Medical Institutions.
+    >>> jhu_attributes = ['jhu.professor', 'jhu.staff', 'jhu.student']
+    >>> jhmi_attributes = ['jhmi.doctor', 'jhmi.nurse', 'jhmi.staff', 'jhmi.researcher']
+
+        Johns Hopkins sub-authorities master key.
+    >>> (jhu_secret_key, jhu_public_key) = hyb_abema.authsetup(global_parameters, jhu_attributes)
+
+         JHMI sub-authorities master key
+    >>> (jhmi_secret_key, jhmi_public_key) = hyb_abema.authsetup(global_parameters, jhmi_attributes)
+
+        To encrypt messages we need all of the authorities' public keys.
+    >>> allAuth_public_key = {};
+    >>> allAuth_public_key.update(jhu_public_key);
+    >>> allAuth_public_key.update(jhmi_public_key)
+
+        An example user, Bob, who is both a professor at JHU and a researcher at JHMI.
+    >>> ID = "20110615 bob@gmail.com cryptokey"
+    >>> secrets_keys = {}
+    >>> hyb_abema.keygen(global_parameters, jhu_secret_key,'jhu.professor', ID, secrets_keys)
+    >>> hyb_abema.keygen(global_parameters, jhmi_secret_key,'jhmi.researcher', ID, secrets_keys)
+
+        Encrypt a message to anyone who is both a profesor at JHU and a researcher at JHMI.
+    >>> msg = b'Hello World, I am a sensitive record!'
+    >>> policy_str = "(jhmi.doctor or (jhmi.researcher and jhu.professor))"
+    >>> cipher_text = hyb_abema.encrypt(global_parameters, allAuth_public_key, msg, policy_str)
+    >>> hyb_abema.decrypt(global_parameters, secrets_keys, cipher_text)
+    b'Hello World, I am a sensitive record!'
+    """
+    def __init__(self, scheme, groupObj):
+        global abencma, group
+        # check properties (TODO)
+        abencma = scheme
+        group = groupObj
+
+    def setup(self):
+        return abencma.setup()
+
+    def authsetup(self, gp, attributes):
+        return abencma.authsetup(gp, attributes)
+
+    def keygen(self, gp, sk, i, gid, pkey):
+        return abencma.keygen(gp, sk, i, gid, pkey)
+
+    def encrypt(self, gp, pk, M, policy_str):
+        if type(M) != bytes and type(policy_str) != str:
+            raise Exception("message and policy not right type!")
+        key = group.random(GT)
+        c1 = abencma.encrypt(gp, pk, key, policy_str)
+        # instantiate a symmetric enc scheme from this key
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        c2 = cipher.encrypt(M)
+        return { 'c1':c1, 'c2':c2 }
+
+    def decrypt(self, gp, sk, ct):
+        c1, c2 = ct['c1'], ct['c2']
+        key = abencma.decrypt(gp, sk, c1)
+        if key is False:
+            raise Exception("failed to decrypt!")
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        return cipher.decrypt(c2)
+
+def main():
+    groupObj = PairingGroup('SS512')
+    dabe = Dabe(groupObj)
+
+    hyb_abema = HybridABEncMA(dabe, groupObj)
+
+    #Setup global parameters for all new authorities
+    gp = hyb_abema.setup()
+
+    #Instantiate a few authorities
+    #Attribute names must be globally unique.  HybridABEncMA
+    #Two authorities may not issue keys for the same attribute.
+    #Otherwise, the decryption algorithm will not know which private key to use
+    jhu_attributes = ['jhu.professor', 'jhu.staff', 'jhu.student']
+    jhmi_attributes = ['jhmi.doctor', 'jhmi.nurse', 'jhmi.staff', 'jhmi.researcher']
+    (jhuSK, jhuPK) = hyb_abema.authsetup(gp, jhu_attributes)
+    (jhmiSK, jhmiPK) = hyb_abema.authsetup(gp, jhmi_attributes)
+    allAuthPK = {}; allAuthPK.update(jhuPK); allAuthPK.update(jhmiPK)
+
+    #Setup a user with a few keys
+    bobs_gid = "20110615 bob@gmail.com cryptokey"
+    K = {}
+    hyb_abema.keygen(gp, jhuSK,'jhu.professor', bobs_gid, K)
+    hyb_abema.keygen(gp, jhmiSK,'jhmi.researcher', bobs_gid, K)
+
+
+    msg = b'Hello World, I am a sensitive record!'
+    size = len(msg)
+    policy_str = "(jhmi.doctor OR (jhmi.researcher AND jhu.professor))"
+    ct = hyb_abema.encrypt(allAuthPK, gp, msg, policy_str)
+
+    if debug:
+        print("Ciphertext")
+        print("c1 =>", ct['c1'])
+        print("c2 =>", ct['c2'])
+
+    orig_msg = hyb_abema.decrypt(gp, K, ct)
+    if debug: print("Result =>", orig_msg)
+    assert orig_msg == msg, "Failed Decryption!!!"
+    if debug: print("Successful Decryption!!!")
+
+if __name__ == "__main__":
+    debug = True
+    main()
+

charm/adapters/ibenc_adapt_hybrid.py

@@ -0,0 +1,72 @@
+'''
+**Hybrid Encryption Adapter for IBE (IBE Hybrid)**
+
+*Description:* Converts an Identity-Based Encryption scheme into a hybrid encryption
+scheme capable of encrypting arbitrary-length messages.
+
+| **Notes:** Uses symmetric encryption (AES) with a randomly generated session key.
+| The session key is encrypted using the underlying IBE scheme.
+
+.. rubric:: Adapter Properties
+
+* **Type:** hybrid encryption adapter
+* **Underlying Scheme:** any Identity-Based Encryption scheme
+* **Purpose:** enables IBE schemes to encrypt arbitrary-length byte messages
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2011
+'''
+
+from charm.toolbox.symcrypto import AuthenticatedCryptoAbstraction
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.core.math.pairing import hashPair as sha2
+from charm.adapters.ibenc_adapt_identityhash import HashIDAdapter
+from charm.toolbox.IBEnc import IBEnc
+from charm.core.crypto.cryptobase import *
+
+debug = False
+class HybridIBEnc(IBEnc):
+    """
+    >>> from charm.schemes.ibenc.ibenc_bb03 import IBE_BB04
+    >>> group = PairingGroup('SS512')
+    >>> ibe = IBE_BB04(group)
+    >>> hashID = HashIDAdapter(ibe, group)
+    >>> hyb_ibe = HybridIBEnc(hashID, group)
+    >>> (master_public_key, master_key) = hyb_ibe.setup()
+    >>> ID = 'john.doe@example.com'
+    >>> secret_key = hyb_ibe.extract(master_key, ID)
+    >>> msg = b"Hello World!"
+    >>> cipher_text = hyb_ibe.encrypt(master_public_key, ID, msg)
+    >>> decrypted_msg = hyb_ibe.decrypt(master_public_key, secret_key, cipher_text)
+    >>> decrypted_msg == msg
+    True
+
+    """
+    def __init__(self, scheme, groupObj):
+        global ibenc, group
+        ibenc = scheme
+        group = groupObj
+
+    def setup(self):
+        return ibenc.setup()
+
+    def extract(self, mk, ID):
+        return ibenc.extract(mk, ID)
+
+    def encrypt(self, pk, ID, M):
+        if type(M) != bytes: raise "message not right type!"
+        key = group.random(GT)
+        c1 = ibenc.encrypt(pk, ID, key)
+        # instantiate a symmetric enc scheme from this key
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        c2 = cipher.encrypt(M)
+        return { 'c1':c1, 'c2':c2 }
+
+    def decrypt(self, pk, ID, ct):
+        c1, c2 = ct['c1'], ct['c2']
+        key = ibenc.decrypt(pk, ID, c1)
+        cipher = AuthenticatedCryptoAbstraction(sha2(key))
+        return cipher.decrypt(c2)
+

charm/adapters/ibenc_adapt_identityhash.py

@@ -0,0 +1,80 @@
+'''
+**Identity Hashing Adapter for IBE (HashID Adapter)**
+
+*Description:* Converts an Identity-Based Encryption scheme that requires ZR (integer)
+identities into one that accepts arbitrary string identities via cryptographic hashing.
+
+| **Notes:** Hashes string identities to ZR elements using the pairing group's hash function.
+| Transforms security from selective-ID (IND-sID-CPA) to full-ID (IND-ID-CPA) under ROM.
+
+.. rubric:: Adapter Properties
+
+* **Type:** identity transform adapter
+* **Underlying Scheme:** any IBE scheme with ZR identity space
+* **Purpose:** enables use of human-readable string identities (e.g., email addresses)
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2011
+'''
+
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.IBEnc import *
+
+debug = False
+class HashIDAdapter(IBEnc):
+    """
+    >>> from charm.schemes.ibenc.ibenc_bb03 import IBE_BB04
+    >>> group = PairingGroup('SS512')
+    >>> ibe = IBE_BB04(group)
+    >>> hashID = HashIDAdapter(ibe, group)
+    >>> (master_public_key, master_key) = hashID.setup()
+    >>> ID = 'john.doe@example.com'
+    >>> secret_key = hashID.extract(master_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = hashID.encrypt(master_public_key, ID, msg)
+    >>> decrypted_msg = hashID.decrypt(master_public_key, secret_key, cipher_text)
+    >>> msg == decrypted_msg
+    True
+    """
+    def __init__(self, scheme, group):
+        global ibe
+        IBEnc.__init__(self)
+        self.group = group
+        ibe = None
+        # validate that we have the appropriate object
+        criteria = [('secDef', IND_sID_CPA), ('scheme', 'IBEnc'), ('secModel', SM), ('id',ZR)]
+        if IBEnc.checkProperty(self, scheme, criteria):
+            # change our property as well
+            IBEnc.updateProperty(self, scheme, secDef=IND_ID_CPA, id=str, secModel=ROM)
+            ibe = scheme
+            #IBEnc.printProperties(self)
+        else:
+            assert False, "Input scheme does not satisfy adapter properties: %s" % criteria
+
+    def setup(self):
+        assert ibe != None, "IBEnc alg not set"
+        return ibe.setup()
+
+    def extract(self, mk, ID):
+        assert ibe != None, "IBEnc alg not set"
+        if type(ID) in [str, bytes]:
+            ID2 = self.group.hash(ID)
+            sk = ibe.extract(mk, ID2); sk['IDstr'] = ID
+            return sk
+        else:
+            assert False, "invalid type on ID."
+
+    def encrypt(self, pk, ID, msg):
+        assert ibe != None, "IBEnc alg not set"
+        if type(ID) in [str, bytes]:
+            ID2 = self.group.hash(ID)
+            return ibe.encrypt(pk, ID2, msg)
+        else:
+            assert False, "invalid type on ID."
+
+    def decrypt(self, pk, sk, ct):
+        assert ibe != None, "IBEnc alg not set"
+        return ibe.decrypt(pk, sk, ct)
+

charm/adapters/kpabenc_adapt_hybrid.py

@@ -0,0 +1,91 @@
+'''
+**Hybrid Encryption Adapter for KP-ABE (KP-ABE Hybrid)**
+
+*Description:* Converts a Key-Policy Attribute-Based Encryption scheme into a hybrid
+encryption scheme capable of encrypting arbitrary-length messages.
+
+| **Notes:** Uses symmetric encryption (AES) with a randomly generated session key.
+| The session key is encrypted using the underlying KP-ABE scheme.
+
+.. rubric:: Adapter Properties
+
+* **Type:** hybrid encryption adapter
+* **Underlying Scheme:** any Key-Policy ABE scheme
+* **Purpose:** enables KP-ABE schemes to encrypt arbitrary-length byte messages
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2011
+'''
+
+
+from charm.toolbox.pairinggroup import PairingGroup,GT,extract_key
+from charm.toolbox.symcrypto import AuthenticatedCryptoAbstraction
+from charm.toolbox.ABEnc import ABEnc
+from charm.schemes.abenc.abenc_lsw08 import KPabe
+
+debug = False
+class HybridABEnc(ABEnc):
+    """
+    >>> from charm.schemes.abenc.abenc_lsw08 import KPabe
+    >>> group = PairingGroup('SS512')
+    >>> kpabe = KPabe(group)
+    >>> hyb_abe = HybridABEnc(kpabe, group)
+    >>> access_policy =  ['ONE', 'TWO', 'THREE']
+    >>> access_key = '((FOUR or THREE) and (TWO or ONE))'
+    >>> msg = b"hello world this is an important message."
+    >>> (master_public_key, master_key) = hyb_abe.setup()
+    >>> secret_key = hyb_abe.keygen(master_public_key, master_key, access_key)
+    >>> cipher_text = hyb_abe.encrypt(master_public_key, msg, access_policy)
+    >>> hyb_abe.decrypt(cipher_text, secret_key)
+    b'hello world this is an important message.'
+    """
+
+    def __init__(self, scheme, groupObj):
+        ABEnc.__init__(self)
+        global abenc
+        # check properties (TODO)
+        abenc = scheme
+        self.group = groupObj
+
+    def setup(self):
+        return abenc.setup()
+
+    def keygen(self, pk, mk, object):
+        return abenc.keygen(pk, mk, object)
+
+    def encrypt(self, pk, M, object):
+        key = self.group.random(GT)
+        c1 = abenc.encrypt(pk, key, object)
+        # instantiate a symmetric enc scheme from this key
+        cipher = AuthenticatedCryptoAbstraction(extract_key(key))
+        c2 = cipher.encrypt(M)
+        return { 'c1':c1, 'c2':c2 }
+
+    def decrypt(self, ct, sk):
+        c1, c2 = ct['c1'], ct['c2']
+        key = abenc.decrypt(c1, sk)
+        cipher = AuthenticatedCryptoAbstraction(extract_key(key))
+        return cipher.decrypt(c2)
+
+def main():
+    groupObj = PairingGroup('SS512')
+    kpabe = KPabe(groupObj)
+    hyb_abe = HybridABEnc(kpabe, groupObj)
+    access_key = '((ONE or TWO) and THREE)'
+    access_policy = ['ONE', 'TWO', 'THREE']
+    message = b"hello world this is an important message."
+    (pk, mk) = hyb_abe.setup()
+    if debug: print("pk => ", pk)
+    if debug: print("mk => ", mk)
+    sk = hyb_abe.keygen(pk, mk, access_key)
+    if debug: print("sk => ", sk)
+    ct = hyb_abe.encrypt(pk, message, access_policy)
+    mdec = hyb_abe.decrypt(ct, sk)
+    assert mdec == message, "Failed Decryption!!!"
+    if debug: print("Successful Decryption!!!")
+
+if __name__ == "__main__":
+    debug = True
+    main()

charm/adapters/pkenc_adapt_bchk05.py

@@ -0,0 +1,121 @@
+'''
+**Boneh-Canetti-Halevi-Katz IBE-to-PKE Transform (BCHK05)**
+
+*Description:* Transforms an Identity-Based Encryption scheme into a CCA-secure
+Public Key Encryption scheme using the BCHK construction.
+
+| **Based on:** Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption
+| **Published in:** Topics in Cryptology, CT-RSA 2005
+| **Available from:** https://eprint.iacr.org/2004/261.pdf
+| **Notes:** Section 4 of the paper; more efficient than CHK04 transform
+
+.. rubric:: Adapter Properties
+
+* **Type:** IBE-to-PKE transform
+* **Underlying Scheme:** any selective-ID secure IBE scheme
+* **Purpose:** constructs CCA-secure public key encryption from IBE
+
+.. rubric:: Implementation
+
+:Authors: Christina Garman
+:Date: 12/2011
+'''
+from charm.core.engine.util import pickleObject, serializeObject 
+import hmac, hashlib, math
+from charm.schemes.ibenc.ibenc_bb03 import IBEnc, ZR, GT, sha2
+
+debug = False
+class BCHKIBEnc(IBEnc):
+    """
+    >>> from charm.schemes.encap_bchk05 import EncapBCHK 
+    >>> from charm.schemes.ibenc.ibenc_bb03 import PairingGroup, IBE_BB04
+    >>> group = PairingGroup('SS512')
+    >>> ibe = IBE_BB04(group)
+    >>> encap = EncapBCHK()
+    >>> hyb_ibe = BCHKIBEnc(ibe, group, encap)
+    >>> (public_key, secret_key) = hyb_ibe.keygen()
+    >>> msg = b"Hello World!"
+    >>> cipher_text = hyb_ibe.encrypt(public_key, msg)
+    >>> decrypted_msg = hyb_ibe.decrypt(public_key, secret_key, cipher_text)
+    >>> decrypted_msg == msg
+    True
+    """
+    def str_XOR(self, m, k):
+        output = ""
+        for character in m:
+            for letter in k:
+                if(not type(character) == int):
+                    character = ord(character)
+                if(not type(letter) == int):
+                    letter = ord(letter)
+
+                character = chr(character ^ letter)
+            output += character
+        return output
+
+    def elmtToString(self, g, length):
+        hash_len = 20
+        b = math.ceil(length / hash_len)
+        gStr = b''
+        for i in range(1, b+1):
+            gStr += sha2(g, i)
+        return gStr[:length]
+    
+    def __init__(self, scheme, groupObj, encscheme):
+        global ibenc, group, encap
+        ibenc = scheme
+        group = groupObj
+        encap = encscheme
+
+    def keygen(self):
+        (PK, msk) = ibenc.setup()
+        pub = encap.setup()
+        pk = { 'PK':PK, 'pub':pub }
+        sk = { 'msk': msk }
+        return (pk, sk)
+
+    def encrypt(self, pk, m):
+        (k, ID, x) = encap.S(pk['pub'])
+        if type(m) != bytes:
+           m = bytes(m, 'utf8')	
+        if type(x) != bytes:
+           x = bytes(x, 'utf8')	
+
+        ID2 = group.hash(ID, ZR)
+
+        m2 = m + b':' + x
+
+        kprime = group.random(GT)
+        kprimeStr = self.elmtToString(kprime, len(m2))
+
+        C1 = ibenc.encrypt(pk['PK'], ID2, kprime)
+
+        C2 = self.str_XOR(m2, kprimeStr)
+        C2 = C2.encode('utf8')
+        
+        C1prime = pickleObject(serializeObject(C1, group))
+        
+        tag = hmac.new(k, C1prime+C2, hashlib.sha256).digest()
+        
+        cipher = { 'ID':ID, 'C1':C1, 'C2':C2, 'tag':tag }
+        return cipher
+
+    def decrypt(self, pk, sk, c):
+        ID2 = group.hash(c['ID'], ZR)
+        SK = ibenc.extract(sk['msk'], ID2)
+        kprime = ibenc.decrypt(pk, SK, c['C1'])
+
+        kprimeStr = self.elmtToString(kprime, len(c['C2']))
+
+        m2 = self.str_XOR(c['C2'], kprimeStr)
+
+        x = m2.split(':')[1]
+        k = encap.R(pk['pub'], c['ID'], x)
+
+        C1prime = pickleObject(serializeObject(c['C1'], group))
+        
+        if hmac.compare_digest(c['tag'], hmac.new(k, C1prime+c['C2'], hashlib.sha256).digest()):
+            return bytes(m2.split(':')[0], 'utf8')
+        else:
+            return b'FALSE'
+