charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

charm/schemes/abenc/abenc_unmcpabe_yahk14.py

@@ -0,0 +1,223 @@
+'''
+**Non-monotonic CP-ABE (YAHK14)**
+
+*Authors:* Shota Yamada, Nuttapong Attrapadung, Goichiro Hanaoka, Noboru Kunihiro
+
+| **Title:** "A Framework and Compact Constructions for Non-monotonic Attribute-Based Encryption"
+| **Published in:** Public-Key Cryptography (PKC) 2014, Pages 275-292
+| **Available from:** http://eprint.iacr.org/2014/181 (Section 7)
+| **Notes:** Supports non-monotonic access structures (with negation)
+
+.. rubric:: Scheme Properties
+
+* **Type:** ciphertext-policy attribute-based encryption (public key)
+* **Setting:** Bilinear pairing group of prime order
+* **Assumption:** Complex q-type assumption
+
+.. rubric:: Implementation
+
+:Authors: al, artjomb
+:Date: 07/2015
+'''
+
+from charm.toolbox.pairinggroup import *
+from charm.toolbox.secretutil import SecretUtil
+from charm.toolbox.ABEnc import *
+
+
+debug = False
+class CPABE_YAHK14(ABEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+    >>> group = PairingGroup('SS512')
+    >>> cpabe = CPABE_YAHK14(group)
+    >>> msg = group.random(GT)
+    >>> attributes = ['2', '3'] # must be integer strings
+    >>> access_policy = '2 and !1' # must be integer strings
+    >>> (master_public_key, master_key) = cpabe.setup()
+    >>> secret_key = cpabe.keygen(master_public_key, master_key, attributes)
+    >>> cipher_text = cpabe.encrypt(master_public_key, msg, access_policy)
+    >>> decrypted_msg = cpabe.decrypt(master_public_key, secret_key, cipher_text)
+    >>> msg == decrypted_msg
+    True
+    """ 
+    
+    def __init__(self, groupObj, verbose = False):
+        ABEnc.__init__(self)
+        global util, group
+        group = groupObj
+        util = SecretUtil(group, verbose)
+
+    # Defining a function to pick explicit exponents in the group
+    def exp(self,value):
+        return group.init(ZR, value)
+
+    def setup(self):
+        g = group.random(G1) # this element can also be in G2 and then PairingGroup('MNT224') can be used
+        g2, u, h, w, v = group.random(G1), group.random(G1), group.random(G1), group.random(G1), group.random(G1)
+        alpha, beta = group.random( ), group.random( )#from ZR
+        vDot = u ** beta
+        egg = pair(g2,g)**alpha
+        pp = {'g':g, 'g2':g2, 'u':u, 'h':h, 'w':w, 'v':v, 'vDot':vDot,'egg':egg}
+        mk = {'g2_alpha':g2 ** alpha, 'beta': beta }
+        return (pp, mk)
+
+    def keygen(self, pp, mk, S):
+        # S is a set of attributes written as STRINGS i.e. {'1', '2', '3',...}
+        r = group.random( )
+
+        D1 = mk['g2_alpha'] * (pp['w']**r)
+        D2 = pp['g']**r
+
+        vR = pp['v']**(-r)
+
+        K1, K1Dot, K2, K2Dot = {}, {}, {}, {}
+        rDotCumulative = r
+        for i, idx in zip(S, range(len(S))):
+            ri = group.random( )
+            if idx + 1 is len(S):
+                riDot = rDotCumulative
+            else:
+                riDot = group.random( )
+                rDotCumulative -= riDot
+
+            omega_i = self.exp(int(i))
+            K1[i] = vR * (pp['u']**omega_i  * pp['h'])**ri
+            K1Dot[i] = (pp['u']**(omega_i * mk['beta']) * pp['h']**mk['beta'])**riDot
+
+            K2[i] = pp['g']**ri
+            K2Dot[i] = pp['g']**(mk['beta']*riDot)
+        S = [s for s in S] #Have to be an array for util.prune
+
+        return { 'S':S, 'D1': D1, 'D2' : D2, 'K1':K1, 'K1Dot':K1Dot, 'K2':K2, 'K2Dot':K2Dot }
+
+    def encrypt(self, pp, message, policy_str):
+        s = group.random()
+
+        policy = util.createPolicy(policy_str)
+        a_list = util.getAttributeList(policy)
+
+        shares = util.calculateSharesDict(s, policy) #These are correctly set to be exponents in Z_p
+
+        C0 = message * (pp['egg']**s)
+        C1 = pp['g']**s
+
+        C_1, C_2, C_3 = {}, {}, {}
+        for i in a_list:
+            ti = group.random()
+            if i[0] == '!':
+                inti = util.strip_index(i[1:])
+                C_1[i] = pp['w']**shares[i] * pp['vDot']**ti
+            else:
+                inti = util.strip_index(i)
+                C_1[i] = pp['w']**shares[i] * pp['v']**ti
+            
+            inti = self.exp(int(inti))
+            C_2[i] = (pp['u']**inti * pp['h'])**(-ti)
+            C_3[i] = pp['g']**ti
+
+            #print('The exponent is ',inti)
+
+        return { 'Policy':policy_str, 'C0':C0, 'C1':C1, 'C_1':C_1, 'C_2':C_2, 'C_3':C_3 }
+
+    def decrypt(self, pp, sk, ct):
+        policy = util.createPolicy(ct['Policy'])
+        z = util.getCoefficients(policy)
+
+        # workaround to let the charm policy parser successfully parse the non-monotonic attributes
+        a_list = util.getAttributeList(policy)
+        nS = sk['S'][:]
+        for att in a_list:
+            if att[0] == '!' and att[1:] not in sk['S']:
+                nS.append(att)
+
+        pruned_list = util.prune(policy, nS)
+
+        if (pruned_list == False):
+            return group.init(GT,1)
+
+        B = pair(ct['C1'], sk['D1'])
+        for i in range(len(pruned_list)):
+            x = pruned_list[i].getAttribute( ) #without the underscore
+            y = pruned_list[i].getAttributeAndIndex( ) #with the underscore
+
+            a = pair( ct['C_1'][x], sk['D2'])
+            if x[0] == '!':
+                b = group.init(GT, 1)
+                inti = self.exp(int(x[1:]))
+                for xj in sk['S']:
+                    if xj[0] == '!':
+                        intj = self.exp(int(xj[1:]))
+                    else:
+                        intj = self.exp(int(xj))
+                    b *= ( pair( ct['C_2'][x], sk['K2Dot'][str(intj)]) * pair( ct['C_3'][x], sk['K1Dot'][str(intj)]) ) ** (1 / (inti - intj))
+            else:
+                b = pair( ct['C_2'][x], sk['K2'][x]) * pair( ct['C_3'][x], sk['K1'][x])
+            d = - z[y]
+            B *= ( a * b )**d
+
+        return ct['C0'] / B
+
+    def randomMessage(self):
+        return group.random(GT)
+
+def main():
+    curve = 'SS512'
+
+    groupObj = PairingGroup(curve)
+    scheme = CPABE_YAHK14(groupObj)
+
+    (pp, mk) = scheme.setup()
+
+    testCases = [
+        ( '2 and !1', [
+            ({'1', '2'}, False),
+            ({'1'}, False),
+            ({'2'}, True),
+            ({'3'}, False),
+            ({'2', '3'}, True)
+        ] ),
+        ( '2 and 1', [
+            ({'1', '2'}, True),
+            ({'1'}, False),
+            ({'2'}, False),
+            ({'3'}, False)
+        ] ),
+        ( '2', [
+            ({'1', '2'}, True),
+            ({'1'}, False),
+            ({'2'}, True)
+        ] ),
+        ( '!2', [
+            ({'1', '2'}, False),
+            ({'1'}, True),
+            ({'2'}, False)
+        ] ),
+    ]
+
+    for policy_str, users in testCases:
+        for S, success in users:
+            m = group.random(GT)
+            sk = scheme.keygen(pp, mk, S)
+            ct = scheme.encrypt(pp, m, policy_str)
+            res = scheme.decrypt(pp, sk, ct)
+
+            if (m == res) == success:
+                print("PASS", S, '' if success else 'not', "in '" + policy_str + "'")
+            else:
+                print("FAIL", S, '' if success else 'not', "in '" + policy_str + "'")
+
+    m = group.random(GT)
+    sk = scheme.keygen(pp, mk, {'1', '2'})
+    ct = scheme.encrypt(pp, m, '!1 and 2')
+    sk['S'].remove('1')
+    res = scheme.decrypt(pp, sk, ct)
+
+    if (m == res) == False:
+        print("PASS: attack failed")
+    else:
+        print("FAIL: attack succeeded")
+
+if __name__ == '__main__':
+    debug = True
+    main()

charm/schemes/abenc/abenc_waters09.py

@@ -0,0 +1,144 @@
+'''
+**Ciphertext-Policy Attribute-Based Encryption (Waters09)**
+
+*Authors:* Brent Waters
+
+| **Title:** "Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization"
+| **Published in:** Cryptology ePrint Archive, 2008 (Appendix C)
+| **Available from:** http://eprint.iacr.org/2008/290.pdf
+| **Notes:** The sole disadvantage of this scheme is the high number of pairings that must be computed during the decryption process (2 + N) for N attributes matching in the key.
+
+.. rubric:: Scheme Properties
+
+* **Type:** ciphertext-policy attribute-based encryption (public key)
+* **Setting:** Pairing groups
+* **Assumption:** parallel q-DBDHE
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 11/2010
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.secretutil import SecretUtil
+from charm.toolbox.ABEnc import ABEnc
+
+debug = False
+class CPabe09(ABEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup,GT
+    >>> group = PairingGroup('SS512')
+    >>> cpabe = CPabe09(group)
+    >>> msg = group.random(GT)
+    >>> (master_secret_key, master_public_key) = cpabe.setup()
+    >>> policy = '((ONE or THREE) and (TWO or FOUR))'
+    >>> attr_list = ['THREE', 'ONE', 'TWO']
+    >>> secret_key = cpabe.keygen(master_public_key, master_secret_key, attr_list)
+    >>> cipher_text = cpabe.encrypt(master_public_key, msg, policy)
+    >>> decrypted_msg = cpabe.decrypt(master_public_key, secret_key, cipher_text)
+    >>> decrypted_msg == msg
+    True
+    """
+    
+    def __init__(self, groupObj):
+        ABEnc.__init__(self)
+        global util, group
+        util = SecretUtil(groupObj, debug)        
+        group = groupObj
+                        
+    def setup(self):
+        g1, g2 = group.random(G1), group.random(G2)
+        alpha, a = group.random(), group.random()        
+        e_gg_alpha = pair(g1,g2) ** alpha
+        msk = {'g1^alpha':g1 ** alpha, 'g2^alpha':g2 ** alpha}        
+        pk = {'g1':g1, 'g2':g2, 'e(gg)^alpha':e_gg_alpha, 'g1^a':g1 ** a, 'g2^a':g2 ** a}
+        return (msk, pk)
+    
+    def keygen(self, pk, msk, attributes):        
+        t = group.random()
+        K = msk['g2^alpha'] * (pk['g2^a'] ** t)
+        L = pk['g2'] ** t
+        k_x = [group.hash(s, G1) ** t for s in attributes]
+        
+        K_x = {}
+        for i in range(0, len(k_x)):
+            K_x[ attributes[i] ] = k_x[i]    
+
+        key = { 'K':K, 'L':L, 'K_x':K_x, 'attributes':attributes }
+        return key
+    
+    def encrypt(self, pk, M, policy_str):
+        # Extract the attributes as a list
+        policy = util.createPolicy(policy_str)        
+        p_list = util.getAttributeList(policy)
+        s = group.random()
+        C_tilde = (pk['e(gg)^alpha'] ** s) * M
+        C_0 = pk['g1'] ** s
+        C, D = {}, {}
+        secret = s
+        shares = util.calculateSharesList(secret, policy)
+
+        # ciphertext
+        for i in range(len(p_list)):
+            r = group.random()
+            if shares[i][0] == p_list[i]:
+               attr = shares[i][0].getAttribute() 
+               C[ p_list[i] ] = ((pk['g1^a'] ** shares[i][1]) * (group.hash(attr, G1) ** -r))
+               D[ p_list[i] ] = (pk['g2'] ** r)
+        
+        if debug: print("SessionKey: %s" % C_tilde)
+        return { 'C0':C_0, 'C':C, 'D':D , 'C_tilde':C_tilde, 'policy':policy_str, 'attribute':p_list }
+    
+    def decrypt(self, pk, sk, ct):
+        policy = util.createPolicy(ct['policy'])
+        pruned = util.prune(policy, sk['attributes'])
+        if pruned == False:
+            return False
+        coeffs = util.getCoefficients(policy)
+        numerator = pair(ct['C0'], sk['K'])
+        
+        # create list for attributes in order...
+        k_x, w_i = {}, {}
+        for i in pruned:
+            j = i.getAttributeAndIndex()
+            k = i.getAttribute()
+            k_x[ j ] = sk['K_x'][k]
+            w_i[ j ] = coeffs[j]
+            #print('Attribute %s: coeff=%s, k_x=%s' % (j, w_i[j], k_x[j]))
+            
+        C, D = ct['C'], ct['D']
+        denominator = 1
+        for i in pruned:
+            j = i.getAttributeAndIndex()
+            denominator *= ( pair(C[j] ** w_i[j], sk['L']) * pair(k_x[j] ** w_i[j], D[j]) )   
+        return ct['C_tilde'] / (numerator / denominator)
+
+def main():
+    #Get the eliptic curve with the bilinear mapping feature needed.
+    groupObj = PairingGroup('SS512')
+
+    cpabe = CPabe09(groupObj)
+    (msk, pk) = cpabe.setup()
+    pol = '((ONE or THREE) and (TWO or FOUR))'
+    attr_list = ['THREE', 'ONE', 'TWO']
+
+    if debug: print('Acces Policy: %s' % pol)
+    if debug: print('User credential list: %s' % attr_list)
+    m = groupObj.random(GT)
+
+    cpkey = cpabe.keygen(pk, msk, attr_list)
+    if debug: print("\nSecret key: %s" % attr_list)
+    if debug:groupObj.debug(cpkey)
+    cipher = cpabe.encrypt(pk, m, pol)
+
+    if debug: print("\nCiphertext...")
+    if debug:groupObj.debug(cipher)
+    orig_m = cpabe.decrypt(pk, cpkey, cipher)
+
+    assert m == orig_m, 'FAILED Decryption!!!'
+    if debug: print('Successful Decryption!')
+    del groupObj
+
+if __name__ == '__main__':
+    debug = True
+    main()

charm/schemes/abenc/abenc_yct14.py

@@ -0,0 +1,208 @@
+'''
+**Lightweight Key-Policy ABE for IoT (YCT14)**
+
+*Authors:* Xuanxia Yao, Zhi Chen, Ye Tian
+
+| **Title:** "A lightweight attribute-based encryption scheme for the Internet of things"
+| **Published in:** Future Generation Computer Systems, 2014
+| **Available from:** http://www.sciencedirect.com/science/article/pii/S0167739X14002039
+| **Notes:** Designed for resource-constrained IoT devices
+
+.. rubric:: Scheme Properties
+
+* **Type:** key-policy attribute-based encryption (public key)
+* **Setting:** No Pairing (lightweight)
+* **Assumption:** Computational Diffie-Hellman
+
+.. rubric:: Implementation
+
+:Authors: artjomb
+:Date: 10/2014
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.secretutil import SecretUtil
+from charm.toolbox.symcrypto import SymmetricCryptoAbstraction
+from charm.toolbox.ABEnc import ABEnc
+from charm.schemes.abenc.abenc_lsw08 import KPabe
+from charm.core.math.pairing import hashPair as extractor
+
+from time import time
+
+debug = False
+class EKPabe(ABEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup,GT
+    >>> group = PairingGroup('MNT224')
+    >>> kpabe = EKPabe(group)
+    >>> attributes = [ 'ONE', 'TWO', 'THREE', 'FOUR' ]
+    >>> (master_public_key, master_key) = kpabe.setup(attributes)
+    >>> policy = '(ONE or THREE) and (THREE or TWO)'
+    >>> secret_key = kpabe.keygen(master_public_key, master_key, policy)
+    >>> msg = b"Some Random Message"
+    >>> cipher_text = kpabe.encrypt(master_public_key, msg, attributes)
+    >>> decrypted_msg = kpabe.decrypt(cipher_text, secret_key)
+    >>> decrypted_msg == msg
+    True
+    """
+
+    def __init__(self, groupObj, verbose=False):
+        ABEnc.__init__(self)
+        global group, util
+        group = groupObj
+        util = SecretUtil(group, verbose)        
+
+    def setup(self, attributes):
+        s = group.random(ZR)
+        g = group.random(G1)
+        
+        self.attributeSecrets = {}
+        self.attribute = {}
+        for attr in attributes:
+            si = group.random(ZR)
+            self.attributeSecrets[attr] = si
+            self.attribute[attr] = g**si
+        return (g**s, s) # (pk, mk)
+    
+    def keygen(self, pk, mk, policy_str):
+        policy = util.createPolicy(policy_str)
+        attr_list = util.getAttributeList(policy)
+        
+        s = mk
+        shares = util.calculateSharesDict(s, policy)
+        
+        d = {}
+        D = { 'policy': policy_str, 'Du': d }
+        for x in attr_list:
+            y = util.strip_index(x)
+            d[y] = shares[x]/self.attributeSecrets[y]
+            if debug: print(str(y) + " d[y] " + str(d[y]))
+        if debug: print("Access Policy for key: %s" % policy)
+        if debug: print("Attribute list: %s" % attr_list)
+        return D
+    
+    def encrypt(self, pk, M, attr_list): 
+        if debug: print('Encryption Algorithm...')
+        k = group.random(ZR);
+        Cs = pk ** k
+        
+        Ci = {}
+        for attr in attr_list:
+            Ci[attr] = self.attribute[attr] ** k
+        
+        symcrypt = SymmetricCryptoAbstraction(extractor(Cs))
+        C = symcrypt.encrypt(M)
+        
+        return { 'C': C, 'Ci': Ci, 'attributes': attr_list }
+    
+    def decrypt(self, C, D):
+        policy = util.createPolicy(D['policy'])
+        attrs = util.prune(policy, C['attributes'])
+        if attrs == False:
+            return False
+        coeff = util.getCoefficients(policy)
+        
+        Z = {}
+        prodT = 1
+        for i in range(len(attrs)):
+            x = attrs[i].getAttribute()
+            y = attrs[i].getAttributeAndIndex()
+            Z[y] = C['Ci'][x] ** D['Du'][x]
+            prodT *= Z[y] ** coeff[y]
+        
+        symcrypt = SymmetricCryptoAbstraction(extractor(prodT))
+        
+        return symcrypt.decrypt(C['C'])
+
+def main():
+    groupObj = PairingGroup('MNT224')
+    kpabe = EKPabe(groupObj)
+
+    attributes = [ 'ONE', 'TWO', 'THREE', 'FOUR' ]
+
+    (pk, mk) = kpabe.setup(attributes)
+
+    # policy = '(ONE or THREE) and (THREE or TWO)'
+    policy = 'THREE and (ONE or TWO)'
+    msg = b"Some Random Message"
+
+    mykey = kpabe.keygen(pk, mk, policy)
+
+    if debug: print("Encrypt under these attributes: ", attributes)
+    ciphertext = kpabe.encrypt(pk, msg, attributes)
+    if debug: print(ciphertext)
+
+    rec_msg = kpabe.decrypt(ciphertext, mykey)
+    assert rec_msg
+    if debug: print("rec_msg=%s" % str(rec_msg))
+
+    assert msg == rec_msg
+    if debug: print("Successful Decryption!")
+
+def benchmark():
+    groupObj1 = PairingGroup('MNT224')
+    groupObj2 = PairingGroup('MNT224')
+    ekpabe = EKPabe(groupObj1)
+    kpabe = KPabe(groupObj2)
+    
+    t1_s = 0
+    t1_k = 0
+    t1_e = 0
+    t1_d = 0
+    t2_s = 0
+    t2_k = 0
+    t2_e = 0
+    t2_d = 0
+
+    attributes = [ 'ONE', 'TWO', 'THREE', 'FOUR' ]
+    policy = 'THREE and (ONE or TWO)'
+    msg1 = b"Some Random Message"
+    msg2 = groupObj2.random(GT)
+
+    for b in range(4):
+        start = time()
+        (epk, emk) = ekpabe.setup(attributes)
+        t1_s += time() - start
+        
+        start = time()
+        (pk, mk) = kpabe.setup()
+        t2_s += time() - start
+
+        start = time()
+        emykey = ekpabe.keygen(epk, emk, policy)
+        t1_k += time() - start
+        
+        start = time()
+        mykey = kpabe.keygen(pk, mk, policy)
+        t2_k += time() - start
+        
+        for i in range(50):
+            start = time()
+            eciphertext = ekpabe.encrypt(epk, msg1, attributes)
+            t1_e += time() - start
+            
+            start = time()
+            ciphertext = kpabe.encrypt(pk, msg2, attributes)
+            t2_e += time() - start
+            
+            start = time()
+            erec_msg = ekpabe.decrypt(eciphertext, emykey)
+            t1_d += time() - start
+            
+            start = time()
+            rec_msg = kpabe.decrypt(ciphertext, mykey)
+            t2_d += time() - start
+
+            assert msg1 == erec_msg
+            assert msg2 == rec_msg
+    
+    print ("yct14 s=%s k=%s e=%s d=%s" % (t1_s, t1_k, t1_e, t1_d))
+    print ("lsw08 s=%s k=%s e=%s d=%s" % (t2_s, t2_k, t2_e, t2_d))
+    
+    # Result in VM:
+    # yct14 s=0.1 k=0.02 e=3.44 d=2.91
+    # lsw08 s=0.42 k=0.41 e=10.32 d=21.25
+
+if __name__ == "__main__":
+    # debug = True
+    # main()
+    benchmark()