PyPI - charm-crypto-framework - Versions diffs - 0.61.1__cp313-cp313-macosx_10_13_universal2.whl - Mend

charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (323) hide show

charm/__init__.py +5 -0
charm/adapters/__init__.py +0 -0
charm/adapters/abenc_adapt_hybrid.py +90 -0
charm/adapters/dabenc_adapt_hybrid.py +145 -0
charm/adapters/ibenc_adapt_hybrid.py +72 -0
charm/adapters/ibenc_adapt_identityhash.py +80 -0
charm/adapters/kpabenc_adapt_hybrid.py +91 -0
charm/adapters/pkenc_adapt_bchk05.py +121 -0
charm/adapters/pkenc_adapt_chk04.py +91 -0
charm/adapters/pkenc_adapt_hybrid.py +98 -0
charm/adapters/pksig_adapt_naor01.py +89 -0
charm/config.py +7 -0
charm/core/__init__.py +0 -0
charm/core/benchmark/benchmark_util.c +353 -0
charm/core/benchmark/benchmark_util.h +61 -0
charm/core/benchmark/benchmarkmodule.c +476 -0
charm/core/benchmark/benchmarkmodule.h +162 -0
charm/core/benchmark.cpython-313-darwin.so +0 -0
charm/core/crypto/AES/AES.c +1464 -0
charm/core/crypto/AES.cpython-313-darwin.so +0 -0
charm/core/crypto/DES/DES.c +113 -0
charm/core/crypto/DES.cpython-313-darwin.so +0 -0
charm/core/crypto/DES3/DES3.c +26 -0
charm/core/crypto/DES3.cpython-313-darwin.so +0 -0
charm/core/crypto/__init__.py +0 -0
charm/core/crypto/cryptobase/XOR.c +80 -0
charm/core/crypto/cryptobase/_counter.c +496 -0
charm/core/crypto/cryptobase/_counter.h +54 -0
charm/core/crypto/cryptobase/block_template.c +900 -0
charm/core/crypto/cryptobase/block_template.h +69 -0
charm/core/crypto/cryptobase/cryptobasemodule.c +220 -0
charm/core/crypto/cryptobase/libtom/tomcrypt.h +90 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_argchk.h +44 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_cfg.h +186 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_cipher.h +941 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_custom.h +556 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_des.c +1912 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_hash.h +407 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_mac.h +496 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_macros.h +435 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_math.h +534 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_misc.h +103 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_pk.h +653 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_pkcs.h +90 -0
charm/core/crypto/cryptobase/libtom/tomcrypt_prng.h +199 -0
charm/core/crypto/cryptobase/stream_template.c +271 -0
charm/core/crypto/cryptobase/strxor.c +229 -0
charm/core/crypto/cryptobase.cpython-313-darwin.so +0 -0
charm/core/engine/__init__.py +5 -0
charm/core/engine/protocol.py +293 -0
charm/core/engine/util.py +174 -0
charm/core/math/__init__.py +0 -0
charm/core/math/elliptic_curve/ecmodule.c +1986 -0
charm/core/math/elliptic_curve/ecmodule.h +230 -0
charm/core/math/elliptic_curve.cpython-313-darwin.so +0 -0
charm/core/math/elliptic_curve.pyi +63 -0
charm/core/math/integer/integermodule.c +2539 -0
charm/core/math/integer/integermodule.h +145 -0
charm/core/math/integer.cpython-313-darwin.so +0 -0
charm/core/math/integer.pyi +76 -0
charm/core/math/pairing/miracl/miracl_config.h +37 -0
charm/core/math/pairing/miracl/miracl_interface.h +118 -0
charm/core/math/pairing/miracl/miracl_interface2.h +126 -0
charm/core/math/pairing/miracl/pairingmodule2.c +2094 -0
charm/core/math/pairing/miracl/pairingmodule2.h +307 -0
charm/core/math/pairing/pairingmodule.c +2230 -0
charm/core/math/pairing/pairingmodule.h +241 -0
charm/core/math/pairing/relic/pairingmodule3.c +1853 -0
charm/core/math/pairing/relic/pairingmodule3.h +233 -0
charm/core/math/pairing/relic/relic_interface.c +1337 -0
charm/core/math/pairing/relic/relic_interface.h +217 -0
charm/core/math/pairing/relic/test_relic.c +171 -0
charm/core/math/pairing.cpython-313-darwin.so +0 -0
charm/core/math/pairing.pyi +69 -0
charm/core/utilities/base64.c +248 -0
charm/core/utilities/base64.h +15 -0
charm/schemes/__init__.py +0 -0
charm/schemes/abenc/__init__.py +0 -0
charm/schemes/abenc/abenc_accountability_jyjxgd20.py +647 -0
charm/schemes/abenc/abenc_bsw07.py +146 -0
charm/schemes/abenc/abenc_ca_cpabe_ar17.py +684 -0
charm/schemes/abenc/abenc_dacmacs_yj14.py +298 -0
charm/schemes/abenc/abenc_lsw08.py +159 -0
charm/schemes/abenc/abenc_maabe_rw15.py +236 -0
charm/schemes/abenc/abenc_maabe_yj14.py +297 -0
charm/schemes/abenc/abenc_tbpre_lww14.py +309 -0
charm/schemes/abenc/abenc_unmcpabe_yahk14.py +223 -0
charm/schemes/abenc/abenc_waters09.py +144 -0
charm/schemes/abenc/abenc_yct14.py +208 -0
charm/schemes/abenc/abenc_yllc15.py +178 -0
charm/schemes/abenc/ac17.py +248 -0
charm/schemes/abenc/bsw07.py +141 -0
charm/schemes/abenc/cgw15.py +277 -0
charm/schemes/abenc/dabe_aw11.py +204 -0
charm/schemes/abenc/dfa_fe12.py +144 -0
charm/schemes/abenc/pk_hve08.py +179 -0
charm/schemes/abenc/waters11.py +143 -0
charm/schemes/aggrsign_MuSig.py +150 -0
charm/schemes/aggrsign_bls.py +267 -0
charm/schemes/blindsig_ps16.py +654 -0
charm/schemes/chamhash_adm05.py +113 -0
charm/schemes/chamhash_rsa_hw09.py +100 -0
charm/schemes/commit/__init__.py +0 -0
charm/schemes/commit/commit_gs08.py +77 -0
charm/schemes/commit/commit_pedersen92.py +53 -0
charm/schemes/encap_bchk05.py +62 -0
charm/schemes/grpsig/__init__.py +0 -0
charm/schemes/grpsig/groupsig_bgls04.py +114 -0
charm/schemes/grpsig/groupsig_bgls04_var.py +115 -0
charm/schemes/hibenc/__init__.py +0 -0
charm/schemes/hibenc/hibenc_bb04.py +105 -0
charm/schemes/hibenc/hibenc_lew11.py +193 -0
charm/schemes/ibenc/__init__.py +0 -0
charm/schemes/ibenc/clpkc_rp03.py +119 -0
charm/schemes/ibenc/ibenc_CW13_z.py +168 -0
charm/schemes/ibenc/ibenc_bb03.py +94 -0
charm/schemes/ibenc/ibenc_bf01.py +121 -0
charm/schemes/ibenc/ibenc_ckrs09.py +120 -0
charm/schemes/ibenc/ibenc_cllww12_z.py +172 -0
charm/schemes/ibenc/ibenc_lsw08.py +120 -0
charm/schemes/ibenc/ibenc_sw05.py +238 -0
charm/schemes/ibenc/ibenc_waters05.py +144 -0
charm/schemes/ibenc/ibenc_waters05_z.py +164 -0
charm/schemes/ibenc/ibenc_waters09.py +107 -0
charm/schemes/ibenc/ibenc_waters09_z.py +147 -0
charm/schemes/joye_scheme.py +106 -0
charm/schemes/lem_scheme.py +207 -0
charm/schemes/pk_fre_ccv11.py +107 -0
charm/schemes/pk_vrf.py +127 -0
charm/schemes/pkenc/__init__.py +0 -0
charm/schemes/pkenc/pkenc_cs98.py +108 -0
charm/schemes/pkenc/pkenc_elgamal85.py +122 -0
charm/schemes/pkenc/pkenc_gm82.py +98 -0
charm/schemes/pkenc/pkenc_paillier99.py +118 -0
charm/schemes/pkenc/pkenc_rabin.py +254 -0
charm/schemes/pkenc/pkenc_rsa.py +186 -0
charm/schemes/pksig/__init__.py +0 -0
charm/schemes/pksig/pksig_CW13_z.py +135 -0
charm/schemes/pksig/pksig_bls04.py +87 -0
charm/schemes/pksig/pksig_boyen.py +156 -0
charm/schemes/pksig/pksig_chch.py +97 -0
charm/schemes/pksig/pksig_chp.py +70 -0
charm/schemes/pksig/pksig_cl03.py +150 -0
charm/schemes/pksig/pksig_cl04.py +87 -0
charm/schemes/pksig/pksig_cllww12_z.py +142 -0
charm/schemes/pksig/pksig_cyh.py +132 -0
charm/schemes/pksig/pksig_dsa.py +76 -0
charm/schemes/pksig/pksig_ecdsa.py +71 -0
charm/schemes/pksig/pksig_hess.py +104 -0
charm/schemes/pksig/pksig_hw.py +110 -0
charm/schemes/pksig/pksig_lamport.py +63 -0
charm/schemes/pksig/pksig_ps01.py +135 -0
charm/schemes/pksig/pksig_ps02.py +124 -0
charm/schemes/pksig/pksig_ps03.py +119 -0
charm/schemes/pksig/pksig_rsa_hw09.py +206 -0
charm/schemes/pksig/pksig_schnorr91.py +77 -0
charm/schemes/pksig/pksig_waters.py +115 -0
charm/schemes/pksig/pksig_waters05.py +121 -0
charm/schemes/pksig/pksig_waters09.py +121 -0
charm/schemes/pre_mg07.py +150 -0
charm/schemes/prenc/pre_afgh06.py +126 -0
charm/schemes/prenc/pre_bbs98.py +123 -0
charm/schemes/prenc/pre_nal16.py +216 -0
charm/schemes/protocol_a01.py +272 -0
charm/schemes/protocol_ao00.py +215 -0
charm/schemes/protocol_cns07.py +274 -0
charm/schemes/protocol_schnorr91.py +125 -0
charm/schemes/sigma1.py +64 -0
charm/schemes/sigma2.py +129 -0
charm/schemes/sigma3.py +126 -0
charm/schemes/threshold/__init__.py +59 -0
charm/schemes/threshold/dkls23_dkg.py +556 -0
charm/schemes/threshold/dkls23_presign.py +1089 -0
charm/schemes/threshold/dkls23_sign.py +761 -0
charm/schemes/threshold/xrpl_wallet.py +967 -0
charm/test/__init__.py +0 -0
charm/test/adapters/__init__.py +0 -0
charm/test/adapters/abenc_adapt_hybrid_test.py +29 -0
charm/test/adapters/dabenc_adapt_hybrid_test.py +56 -0
charm/test/adapters/ibenc_adapt_hybrid_test.py +36 -0
charm/test/adapters/ibenc_adapt_identityhash_test.py +32 -0
charm/test/adapters/kpabenc_adapt_hybrid_test.py +30 -0
charm/test/benchmark/abenc_yllc15_bench.py +92 -0
charm/test/benchmark/benchmark_test.py +148 -0
charm/test/benchmark_threshold.py +260 -0
charm/test/conftest.py +38 -0
charm/test/fuzz/__init__.py +1 -0
charm/test/fuzz/conftest.py +5 -0
charm/test/fuzz/fuzz_policy_parser.py +76 -0
charm/test/fuzz/fuzz_serialization.py +83 -0
charm/test/schemes/__init__.py +0 -0
charm/test/schemes/abenc/__init__.py +0 -0
charm/test/schemes/abenc/abenc_bsw07_test.py +39 -0
charm/test/schemes/abenc/abenc_dacmacs_yj14_test.py +16 -0
charm/test/schemes/abenc/abenc_lsw08_test.py +33 -0
charm/test/schemes/abenc/abenc_maabe_yj14_test.py +16 -0
charm/test/schemes/abenc/abenc_tbpre_lww14_test.py +16 -0
charm/test/schemes/abenc/abenc_waters09_test.py +38 -0
charm/test/schemes/abenc/abenc_yllc15_test.py +74 -0
charm/test/schemes/chamhash_adm05_test.py +31 -0
charm/test/schemes/chamhash_rsa_hw09_test.py +29 -0
charm/test/schemes/commit/__init__.py +0 -0
charm/test/schemes/commit/commit_gs08_test.py +24 -0
charm/test/schemes/commit/commit_pedersen92_test.py +26 -0
charm/test/schemes/dabe_aw11_test.py +45 -0
charm/test/schemes/encap_bchk05_test.py +21 -0
charm/test/schemes/grpsig/__init__.py +0 -0
charm/test/schemes/grpsig/groupsig_bgls04_test.py +35 -0
charm/test/schemes/grpsig/groupsig_bgls04_var_test.py +39 -0
charm/test/schemes/hibenc/__init__.py +0 -0
charm/test/schemes/hibenc/hibenc_bb04_test.py +28 -0
charm/test/schemes/ibenc/__init__.py +0 -0
charm/test/schemes/ibenc/ibenc_bb03_test.py +26 -0
charm/test/schemes/ibenc/ibenc_bf01_test.py +24 -0
charm/test/schemes/ibenc/ibenc_ckrs09_test.py +25 -0
charm/test/schemes/ibenc/ibenc_lsw08_test.py +31 -0
charm/test/schemes/ibenc/ibenc_sw05_test.py +32 -0
charm/test/schemes/ibenc/ibenc_waters05_test.py +31 -0
charm/test/schemes/ibenc/ibenc_waters09_test.py +27 -0
charm/test/schemes/pk_vrf_test.py +29 -0
charm/test/schemes/pkenc/__init__.py +0 -0
charm/test/schemes/pkenc_test.py +255 -0
charm/test/schemes/pksig/__init__.py +0 -0
charm/test/schemes/pksig_test.py +376 -0
charm/test/schemes/rsa_alg_test.py +340 -0
charm/test/schemes/threshold_test.py +1792 -0
charm/test/serialize/__init__.py +0 -0
charm/test/serialize/serialize_test.py +40 -0
charm/test/toolbox/__init__.py +0 -0
charm/test/toolbox/conversion_test.py +30 -0
charm/test/toolbox/ecgroup_test.py +53 -0
charm/test/toolbox/integer_arithmetic_test.py +441 -0
charm/test/toolbox/paddingschemes_test.py +238 -0
charm/test/toolbox/policy_parser_stress_test.py +969 -0
charm/test/toolbox/secretshare_test.py +28 -0
charm/test/toolbox/symcrypto_test.py +108 -0
charm/test/toolbox/test_policy_expression.py +16 -0
charm/test/vectors/__init__.py +1 -0
charm/test/vectors/test_bls_vectors.py +289 -0
charm/test/vectors/test_pedersen_vectors.py +315 -0
charm/test/vectors/test_schnorr_vectors.py +368 -0
charm/test/zkp_compiler/__init__.py +9 -0
charm/test/zkp_compiler/benchmark_zkp.py +258 -0
charm/test/zkp_compiler/test_and_proof.py +240 -0
charm/test/zkp_compiler/test_batch_verify.py +248 -0
charm/test/zkp_compiler/test_dleq_proof.py +264 -0
charm/test/zkp_compiler/test_or_proof.py +231 -0
charm/test/zkp_compiler/test_proof_serialization.py +121 -0
charm/test/zkp_compiler/test_range_proof.py +241 -0
charm/test/zkp_compiler/test_representation_proof.py +325 -0
charm/test/zkp_compiler/test_schnorr_proof.py +221 -0
charm/test/zkp_compiler/test_thread_safety.py +169 -0
charm/test/zkp_compiler/test_zkp_parser.py +139 -0
charm/toolbox/ABEnc.py +26 -0
charm/toolbox/ABEncMultiAuth.py +66 -0
charm/toolbox/ABEnumeric.py +800 -0
charm/toolbox/Commit.py +24 -0
charm/toolbox/DFA.py +89 -0
charm/toolbox/FSA.py +1254 -0
charm/toolbox/Hash.py +39 -0
charm/toolbox/IBEnc.py +62 -0
charm/toolbox/IBSig.py +64 -0
charm/toolbox/PKEnc.py +66 -0
charm/toolbox/PKSig.py +56 -0
charm/toolbox/PREnc.py +32 -0
charm/toolbox/ZKProof.py +289 -0
charm/toolbox/__init__.py +0 -0
charm/toolbox/bitstring.py +49 -0
charm/toolbox/broadcast.py +220 -0
charm/toolbox/conversion.py +100 -0
charm/toolbox/eccurve.py +149 -0
charm/toolbox/ecgroup.py +143 -0
charm/toolbox/enum.py +60 -0
charm/toolbox/hash_module.py +91 -0
charm/toolbox/integergroup.py +323 -0
charm/toolbox/iterate.py +22 -0
charm/toolbox/matrixops.py +76 -0
charm/toolbox/mpc_utils.py +296 -0
charm/toolbox/msp.py +175 -0
charm/toolbox/mta.py +985 -0
charm/toolbox/node.py +120 -0
charm/toolbox/ot/__init__.py +22 -0
charm/toolbox/ot/base_ot.py +374 -0
charm/toolbox/ot/dpf.py +642 -0
charm/toolbox/ot/mpfss.py +228 -0
charm/toolbox/ot/ot_extension.py +589 -0
charm/toolbox/ot/silent_ot.py +378 -0
charm/toolbox/paddingschemes.py +423 -0
charm/toolbox/paddingschemes_test.py +238 -0
charm/toolbox/pairingcurves.py +85 -0
charm/toolbox/pairinggroup.py +186 -0
charm/toolbox/policy_expression_spec.py +70 -0
charm/toolbox/policytree.py +189 -0
charm/toolbox/reCompiler.py +346 -0
charm/toolbox/redundancyschemes.py +65 -0
charm/toolbox/schemebase.py +188 -0
charm/toolbox/secretshare.py +104 -0
charm/toolbox/secretutil.py +174 -0
charm/toolbox/securerandom.py +73 -0
charm/toolbox/sigmaprotocol.py +46 -0
charm/toolbox/specialprimes.py +45 -0
charm/toolbox/symcrypto.py +279 -0
charm/toolbox/threshold_sharing.py +553 -0
charm/toolbox/xmlserialize.py +94 -0
charm/toolbox/zknode.py +105 -0
charm/zkp_compiler/__init__.py +89 -0
charm/zkp_compiler/and_proof.py +460 -0
charm/zkp_compiler/batch_verify.py +324 -0
charm/zkp_compiler/dleq_proof.py +423 -0
charm/zkp_compiler/or_proof.py +305 -0
charm/zkp_compiler/range_proof.py +417 -0
charm/zkp_compiler/representation_proof.py +466 -0
charm/zkp_compiler/schnorr_proof.py +273 -0
charm/zkp_compiler/thread_safe.py +150 -0
charm/zkp_compiler/zk_demo.py +489 -0
charm/zkp_compiler/zkp_factory.py +330 -0
charm/zkp_compiler/zkp_generator.py +370 -0
charm/zkp_compiler/zkparser.py +269 -0
charm_crypto_framework-0.61.1.dist-info/METADATA +337 -0
charm_crypto_framework-0.61.1.dist-info/RECORD +323 -0
charm_crypto_framework-0.61.1.dist-info/WHEEL +5 -0
charm_crypto_framework-0.61.1.dist-info/licenses/LICENSE.txt +165 -0
charm_crypto_framework-0.61.1.dist-info/top_level.txt +1 -0

charm/schemes/aggrsign_bls.py ADDED Viewed

@@ -0,0 +1,267 @@
+'''
+**BLS Multi-Signatures (BLS)**
+*Authors:* Dan Boneh, Manu Drijvers, Gregory Neven
+| **Title:** "BLS Multi-Signatures With Public-Key Aggregation"
+| **Available from:** https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
+| **Notes:** Includes both vulnerable and rogue-public-key-resistant aggregation methods
+.. rubric:: Scheme Properties
+* **Type:** aggregate signature
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** CDH in G1
+.. rubric:: Implementation
+:Authors: Lovesh Harchandani
+:Date: 5/2018
+'''
+from functools import reduce
+from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, pair
+from charm.core.engine.util import objectToBytes
+debug = False
+class BLSAggregation:
+    def __init__(self, groupObj):
+        global group
+        group = groupObj
+    def keygen(self, g, secparam=None):
+        x = group.random()
+        g_x = g ** x
+        pk = {'g^x': g_x, 'g': g, 'identity': str(g_x), 'secparam': secparam}
+        sk = {'x': x}
+        return pk, sk
+    def sign(self, x, message):
+        M = self.dump(message)
+        if debug:
+            print("Message => '%s'" % M)
+        return group.hash(M, G1) ** x
+    def verify(self, pk, sig, message):
+        M = self.dump(message)
+        h = group.hash(M, G1)
+        return pair(pk['g'], sig) == pair(h, pk['g^x'])
+    def aggregate_sigs_vulnerable(self, signatures):
+        """
+        This method of aggregation is vulnerable to rogue public key attack
+        """
+        return self.product(signatures)
+    def verify_aggregate_sig_vulnerable(self, message, aggregate_sig, public_keys):
+        # This method of verification is vulnerable to rogue public key attack
+        g = self.check_and_return_same_generator_in_public_keys(public_keys)
+        M = self.dump(message)
+        h = group.hash(M, G1)
+        combined_pk = self.product([pk['g^x'] for pk in public_keys])
+        return pair(g, aggregate_sig) == pair(combined_pk, h)
+    def aggregate_sigs_safe(self, pubkey_signatures):
+        # This method of aggregation is resistant to rogue public key attack
+        sigs = []
+        all_pubkeys = [i[0] for i in pubkey_signatures]
+        for pk, sig in pubkey_signatures:
+            e = sig ** self.hash_keys(pk, all_pubkeys)
+            sigs.append(e)
+        return self.product(sigs)
+    def verify_aggregate_sig_safe(self, message, aggregate_sig, public_keys):
+        # This method of verification is resistant to rogue public key attack
+        g = self.check_and_return_same_generator_in_public_keys(public_keys)
+        aggregated_pk = self.aggregate_pub_key(public_keys)
+        M = self.dump(message)
+        h = group.hash(M, G1)
+        return pair(g, aggregate_sig) == pair(aggregated_pk, h)
+    @staticmethod
+    def product(seq):
+        return reduce(lambda x, y: x * y, seq)
+    @staticmethod
+    def dump(obj):
+        return objectToBytes(obj, group)
+    @staticmethod
+    def check_and_return_same_generator_in_public_keys(public_keys):
+        gs = {pk['g'] for pk in public_keys}
+        assert len(gs) == 1, 'All public keys should have same generator'
+        return next(iter(gs))
+    @staticmethod
+    def hash_keys(pk, all_pks):
+        acc = BLSAggregation.dump(pk['g^x'])
+        for p in all_pks:
+            acc += BLSAggregation.dump(p['g^x'])
+        return group.hash(acc, ZR)
+    @staticmethod
+    def aggregate_pub_key(pks):
+        r = []
+        for pk in pks:
+            h = BLSAggregation.hash_keys(pk, pks)
+            r.append(pk['g^x'] ** h)
+        return BLSAggregation.product(r)
+def vulnerable():
+    groupObj = PairingGroup('MNT224')
+    m = {'a': "hello world!!!", 'b': "test message"}
+    bls = BLSAggregation(groupObj)
+    g = group.random(G2)
+    pk1, sk1 = bls.keygen(g)
+    pk2, sk2 = bls.keygen(g)
+    pk3, sk3 = bls.keygen(g)
+    sig1 = bls.sign(sk1['x'], m)
+    sig2 = bls.sign(sk2['x'], m)
+    sig3 = bls.sign(sk3['x'], m)
+    if debug:
+        print("Message: '%s'" % m)
+        print("Signature1: '%s'" % sig1)
+        print("Signature2: '%s'" % sig2)
+        print("Signature3: '%s'" % sig3)
+    assert bls.verify(pk1, sig1, m), 'Failure!!!'
+    assert bls.verify(pk2, sig2, m), 'Failure!!!'
+    assert bls.verify(pk3, sig3, m), 'Failure!!!'
+    if debug:
+        print('VERIFICATION SUCCESS!!!')
+    aggregate_sig = bls.aggregate_sigs_vulnerable([sig1, sig2, sig3])
+    if debug:
+        print("Aggregate signature: '%s'" % aggregate_sig)
+    assert bls.verify_aggregate_sig_vulnerable(m, aggregate_sig, [pk1, pk2, pk3]), \
+        'Failure!!!'
+    if debug:
+        print('AGGREGATION VERIFICATION SUCCESS!!!')
+    assert not bls.verify_aggregate_sig_vulnerable(m, aggregate_sig, [pk1, pk2])
+    if debug:
+        print('AGGREGATION VERIFICATION SUCCESS AGAIN!!!')
+def demo_rogue_public_key_attack():
+    # Attack mentioned here https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
+    groupObj = PairingGroup('MNT224')
+    m = {'a': "hello world!!!", 'b': "test message"}
+    bls = BLSAggregation(groupObj)
+    g = group.random(G2)
+    pk0, sk0 = bls.keygen(g)
+    pk1, sk1 = bls.keygen(g)
+    # Construct the attacker's public key (pk2) as `g^beta * (pk1*pk2)^-1`,
+    # i.e inverse of the product of all public keys that the attacker wants
+    # to forge the multi-sig over
+    pk_inverse = 1 / (BLSAggregation.product([pk0['g^x'], pk1['g^x']]))
+    beta = group.random()
+    pk2, _ = bls.keygen(g)
+    pk2['g^x'] = (g ** beta) * pk_inverse
+    M = BLSAggregation.dump(m)
+    h = group.hash(M, G1)
+    fake_aggregate_sig = h ** beta
+    assert bls.verify_aggregate_sig_vulnerable(m, fake_aggregate_sig, [pk0, pk1, pk2]), \
+        'Failure!!!'
+    if debug:
+        print('ROGUE PUBLIC KEY ATTACK SUCCESS!!!')
+def safe():
+    groupObj = PairingGroup('MNT224')
+    m = {'a': "hello world!!!", 'b': "test message"}
+    bls = BLSAggregation(groupObj)
+    g = group.random(G2)
+    pk1, sk1 = bls.keygen(g)
+    pk2, sk2 = bls.keygen(g)
+    pk3, sk3 = bls.keygen(g)
+    sig1 = bls.sign(sk1['x'], m)
+    sig2 = bls.sign(sk2['x'], m)
+    sig3 = bls.sign(sk3['x'], m)
+    if debug:
+        print("Message: '%s'" % m)
+        print("Signature1: '%s'" % sig1)
+        print("Signature2: '%s'" % sig2)
+        print("Signature3: '%s'" % sig3)
+    assert bls.verify(pk1, sig1, m), 'Failure!!!'
+    assert bls.verify(pk2, sig2, m), 'Failure!!!'
+    assert bls.verify(pk3, sig3, m), 'Failure!!!'
+    if debug:
+        print('VERIFICATION SUCCESS!!!')
+    aggregate_sig = bls.aggregate_sigs_safe([(pk1, sig1), (pk2, sig2),
+                                             (pk3, sig3)])
+    if debug:
+        print("Aggregate signature: '%s'" % aggregate_sig)
+    assert bls.verify_aggregate_sig_safe(m, aggregate_sig, [pk1, pk2, pk3]), \
+        'Failure!!!'
+    if debug:
+        print('NEW AGGREGATION VERIFICATION SUCCESS!!!')
+    assert not bls.verify_aggregate_sig_safe(m, aggregate_sig, [pk1, pk2])
+    if debug:
+        print('NEW AGGREGATION VERIFICATION SUCCESS AGAIN!!!')
+def defend_rogue_public_key_attack():
+    # Defence mentioned here https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
+    groupObj = PairingGroup('MNT224')
+    m = {'a': "hello world!!!", 'b': "test message"}
+    bls = BLSAggregation(groupObj)
+    g = group.random(G2)
+    pk0, sk0 = bls.keygen(g)
+    pk1, sk1 = bls.keygen(g)
+    # Construct the attacker's public key (pk2) as `g^beta * (pk1*pk2)^-1`,
+    # i.e inverse of the product of all public keys that the attacker wants
+    # to forge the multi-sig over
+    pk_inverse = 1 / (BLSAggregation.product([pk0['g^x'], pk1['g^x']]))
+    beta = group.random()
+    pk2, _ = bls.keygen(g)
+    pk2['g^x'] = (g ** beta) * pk_inverse
+    M = BLSAggregation.dump(m)
+    h = group.hash(M, G1)
+    fake_aggregate_sig = h ** beta
+    assert not bls.verify_aggregate_sig_safe(m, fake_aggregate_sig, [pk0, pk1, pk2]), \
+        'Failure!!!'
+    if debug:
+        print('ROGUE PUBLIC KEY ATTACK DEFENDED!!!')
+if __name__ == "__main__":
+    debug = True
+    vulnerable()
+    demo_rogue_public_key_attack()
+    safe()
+    defend_rogue_public_key_attack()