charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

charm/schemes/hibenc/hibenc_bb04.py

@@ -0,0 +1,105 @@
+'''
+**Boneh-Boyen Hierarchical Identity-Based Encryption (BB04-HIBE)**
+
+*Authors:* Dan Boneh, Xavier Boyen
+
+| **Title:** "Efficient Selective Identity-Based Encryption Without Random Oracles"
+| **Published in:** Eurocrypt 2004
+| **Available from:** http://crypto.stanford.edu/~dabo/pubs/papers/bbibe.pdf
+| **Notes:** Section 4.1 - Core HIBE implementation
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (hierarchical identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** Decisional Bilinear Diffie-Hellman (DBDH)
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 3/2012
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.iterate import dotprod2
+from charm.toolbox.hash_module import Waters
+
+debug = False
+class HIBE_BB04:
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup, GT
+    >>> group = PairingGroup('SS512')
+    >>> hibe = HIBE_BB04(group)
+    >>> (master_public_key, master_key) = hibe.setup()
+    >>> ID = "bob@mail.com"
+    >>> (public_key, secret_key) = hibe.extract(3, master_public_key, master_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = hibe.encrypt(master_public_key, public_key, msg)
+    >>> decrypted_msg = hibe.decrypt(public_key, secret_key, cipher_text)
+    >>> decrypted_msg == msg 
+    True
+
+    """
+    def __init__(self, groupObj):
+        global group, hash_func
+        group = groupObj
+        hash_func = lambda k,w,x,y,z: ((w ** x[k]) * y[k]) ** z[k]
+    
+    def setup(self, l=5, z=32):
+        """ j represents maximum depth of HIBE system, 
+            z represents the bit size of each integer_j of identity.
+        """
+        assert l > 0, "invalid number of levels (need more than 0)"
+        alpha, beta = group.random(ZR, 2)
+        g = group.random(G1)
+        gb = group.random(G2)
+        g1 = g ** alpha
+        g1b = gb ** alpha
+        delta = [group.random(ZR) for i in range(l)]
+        h = [g ** delta[i] for i in range(l)]
+        hb = [gb ** delta[i] for i in range(l)]
+        g0b = gb ** (alpha * beta)
+        v = pair(g, g0b)
+    
+        mpk = { 'g': g, 'g1':g1, 'h':h, 'gb':gb, 'g1b':g1b, 'hb':hb, 'v':v, 'l':l, 'z':z }
+        mk = { 'g0b':g0b }
+        return (mpk, mk)
+    
+    def extract(self, level, mpk, mk, ID):
+        j = level
+        assert j >= 1 and j <= mpk['l'], "invalid level: 1 - %d" % mpk['l']
+        I = Waters(group, j, mpk['z']).hash(ID)
+        r = [group.random(ZR) for i in range(j)]
+        g_b = [mpk['gb'] ** r[i] for i in range(j)]
+        hashID = mk['g0b'] * dotprod2(range(j), hash_func, mpk['g1b'], I, mpk['hb'], r)
+        return { 'ID':ID, 'j':j }, { 'd0':hashID, 'dn':g_b }
+    
+    # TODO: come back to this
+    def derive(self, mpk, pk):
+        j = pk['j'] # pk[j-1] 
+        assert pk['j'] + 1 <= mpk['l'], "invalid level: 1 - %d" % mpk['l']
+        I = Waters(group, j, mpk['z']).hash(pk['ID'])
+
+        r = [group.random(ZR) for i in range(j)]
+        g_b = [pk['dn'][i] * (mpk['gb'] ** r[i]) for i in range(j)] # j-1
+        g_b.append( pk['gb'] ** r[j] ) # represents j
+        hashID = dID['d0'] * dotprod2(range(j+1), hash_func, mpk['g1b'], I, mpk['hb'], r)        
+        return { 'ID':ID, 'j':j }, { 'd0':hashID, 'dn':g_b}
+        
+    def encrypt(self, mpk, pk, M):
+        I = Waters(group, pk['j'], mpk['z']).hash(pk['ID'])
+        s = group.random(ZR)
+        A = M * (mpk['v'] ** s)
+        B = mpk['g'] ** s
+        C = {}
+        for i in range(pk['j']):
+            C[i] = ((mpk['g1'] ** I[i]) * mpk['h'][i]) ** s
+            
+        return {'A':A, 'B':B, 'C':C, 'j':pk['j'] }
+    
+    def decrypt(self, pk, sk, ct):
+        prod_result = 1
+        for i in range(ct['j']):
+            prod_result *= pair(ct['C'][i], sk['dn'][i])
+        M = ct['A'] * (prod_result / pair(ct['B'], sk['d0']))
+        return M
+

charm/schemes/hibenc/hibenc_lew11.py

@@ -0,0 +1,193 @@
+'''
+**Lewko-Waters Unbounded Hierarchical Identity-Based Encryption (LW11-HIBE)**
+
+*Authors:* Allison Lewko, Brent Waters
+
+| **Title:** "Unbounded HIBE and Attribute-Based Encryption"
+| **Published in:** Advances in Cryptology - EUROCRYPT 2011, Springer Berlin/Heidelberg
+| **Available from:** http://eprint.iacr.org/2011/049
+| **Notes:** Modified for prime order groups using techniques from "Tools for Simulating
+|     Features of Composite Order Bilinear Groups in the Prime Order Setting"
+|     (EUROCRYPT 2012, http://eprint.iacr.org/2011/490, Section B.3)
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (hierarchical identity-based)
+* **Setting:** bilinear groups (symmetric)
+* **Assumption:** Decisional Linear (DLIN)
+
+.. rubric:: Implementation
+
+:Authors: N. Fotiou
+:Date: 6/2014
+'''
+from charm.toolbox.pairinggroup import ZR,G1,G2,GT,pair
+from charm.core.math.integer import integer,bitsize
+from charm.toolbox.matrixops import *
+
+debug = False
+class HIBE_LW11:
+    """
+    >>> from charm.toolbox.pairinggroup import GT,PairingGroup
+    >>> group = PairingGroup('SS512', secparam=512)
+    >>> msg = group.random(GT)
+    >>> #print("Message to encrypt:")
+    >>> #print (msg)
+    >>> I = [".gr.edu.mmlab"]
+    >>> I2 = [".gr.edu.mmlab","mail"]
+    >>> I3 = [".gr.edu.mmlab","mail", "fotiou"]
+    >>> hibe  = HIBE_LW11(group)
+    >>> (MSK,PP) = hibe.setup()
+    >>> CT = hibe.encrypt(msg,I3,PP)
+    >>> SK = hibe.keyGen(I,MSK,PP)
+    >>> SK2 = hibe.delegate(PP,SK, I2)
+    >>> SK3 = hibe.delegate(PP,SK2, I3)
+    >>> M = hibe.decrypt(CT, SK3)
+    >>> M == msg
+    True
+    >>> M = hibe.decrypt(CT, SK2)
+    >>> M == msg
+    True
+    >>> M = hibe.decrypt(CT, SK)
+    >>> M == msg
+    True
+    """
+    def __init__(self, groupObj):
+        global group
+        group = groupObj
+        group._verbose = True
+        return
+
+    def setup(self):
+        d = [0 for x in range(10)]
+        D = [0 for x in range(10)]
+        gauss = [0 for x in range(10)]
+        g = [0 for x in range(6)]
+        G = [0 for x in range(8)]
+        one = group.random(ZR)
+        g_r = group.random(G1)
+        for x in range(10):
+            d[x] = [group.random(ZR) for y in range(10)]
+        for x in range(10):
+            for y in range(10):
+                gauss[y] = d[y]+[group.init(ZR, 0)]
+            gauss[x] = d[x] +[one]
+            D[x] = GaussEliminationinGroups(gauss)
+        a1, a2, theta, sigma, gamma, ksi = group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR),group.random(ZR), group.random(ZR)
+        for x in range(6):
+            g[x] = [g_r**d[x][y] for y in range(10)]
+        G[0] = [g_r**D[0][y] for y in range(10)]
+        G[1] = [g_r**D[1][y] for y in range(10)]
+        G[2] = [g_r**(D[0][y]*gamma) for y in range(10)]
+        G[3] = [g_r**(D[1][y]*ksi) for y in range(10)]
+        G[4] = [g_r**(D[2][y]*theta) for y in range(10)]
+        G[5] = [g_r**(D[3][y]*theta) for y in range(10)]
+        G[6] = [g_r**(D[4][y]*sigma) for y in range(10)]
+        G[7] = [g_r**(D[5][y]*sigma) for y in range(10)]
+        PP = { 'e1':pair(g_r,g_r)**(a1*one), 'e2':pair(g_r,g_r)**(a2*one), 'g':g}
+        MSK = {'a1':a1, 'a2':a2, 'g':G}
+        if(debug):
+            print("Public parameters:")
+            group.debug(PP)
+            print("Master Secret Key:")
+            group.debug(MSK)
+        return (MSK,PP)
+
+    def keyGen(self, I, MSK, PP):
+        r1,r2,y,w = [],[],[],[]
+        for i in range(len(I)):
+            r1.append(group.random(ZR))
+            r2.append(group.random(ZR))
+        for i in range(len(I)-1):
+            y.append(group.random(ZR))
+            w.append(group.random(ZR))
+        y.append(MSK['a1'] - sum(y))
+        w.append(MSK['a2'] - sum(w))
+        K = [0 for x in range(len(I))]
+        g = [0 for x in range(6)]
+        for i in range(len(I)):
+            g[0] = [MSK['g'][0][x]**y[i] for x in range(10)]
+            g[1] = [MSK['g'][1][x]**w[i] for x in range(10)]
+            g[2] = [MSK['g'][4][x]**(r1[i]* group.hash(I[i], ZR)) for x in range(10)]
+            g[3] = [MSK['g'][5][x]**(-r1[i]) for x in range(10)]
+            g[4] = [MSK['g'][6][x]**(r2[i]* group.hash(I[i], ZR)) for x in range(10)]
+            g[5] = [MSK['g'][7][x]**(-r2[i]) for x in range(10)]
+            K[i] = [g[0][x]*g[1][x]*g[2][x]*g[3][x]*g[4][x]*g[5][x]  for x in range(10)]
+        g = []
+        g.append(MSK['g'][2])
+        g.append(MSK['g'][3])
+        g.append(MSK['g'][4])
+        g.append(MSK['g'][5])
+        g.append(MSK['g'][6])
+        g.append(MSK['g'][7])
+        SK = {'g':g,'K':K}
+        if(debug):
+            print("Secret key:")
+            group.debug(SK)
+        return SK
+
+    def delegate (self, PP, SK, I):
+        y,w,w1, w2 = [],[],[],[]
+        for i in range(len(I) -1):
+            w1.append(group.random(ZR))
+            w2.append(group.random(ZR))
+            y.append(group.random(ZR))
+            w.append(group.random(ZR))
+        w1.append(group.random(ZR))
+        w2.append(group.random(ZR))
+        y.append (0 - sum(y))
+        w.append (0 - sum(w))
+        K = [0 for x in range(len(I))]
+        g = [0 for x in range(6)]
+        for i in range(len(I)-1):
+            g[0] = [SK['g'][0][x]**y[i] for x in range(10)]
+            g[1] = [SK['g'][1][x]**w[i] for x in range(10)]
+            g[2] = [SK['g'][2][x]**(w1[i]* group.hash(I[i], ZR)) for x in range(10)]
+            g[3] = [SK['g'][3][x]**(-w1[i]) for x in range(10)]
+            g[4] = [SK['g'][4][x]**(w2[i]* group.hash(I[i], ZR)) for x in range(10)]
+            g[5] = [SK['g'][5][x]**(-w2[i]) for x in range(10)]
+            K[i] = [SK['K'][i][x]*g[0][x]*g[1][x]*g[2][x]*g[3][x]*g[4][x]*g[5][x]  for x in range(10)]
+        i = len(I)-1
+        g[0] = [SK['g'][0][x]**y[i] for x in range(10)]
+        g[1] = [SK['g'][1][x]**w[i] for x in range(10)]
+        g[2] = [SK['g'][2][x]**(w1[i]* group.hash(I[i], ZR)) for x in range(10)]
+        g[3] = [SK['g'][3][x]**(-w1[i]) for x in range(10)]
+        g[4] = [SK['g'][4][x]**(w2[i]* group.hash(I[i], ZR)) for x in range(10)]
+        g[5] = [SK['g'][5][x]**(-w2[i]) for x in range(10)]
+        K[i] = [g[0][x]*g[1][x]*g[2][x]*g[3][x]*g[4][x]*g[5][x]  for x in range(10)]
+        SK = {'g':SK['g'],'K':K}
+        if(debug):
+            print("Secret key:")
+            group.debug(SK)
+        return SK
+    
+    def encrypt(self, M, I, PP):
+        s1, s2 = group.random(ZR), group.random(ZR)
+        t1, t2 = [],[]
+        for i in range(len(I)):
+            t1.append(group.random(ZR))
+            t2.append(group.random(ZR))
+        C0 =  M*(PP['e1']**s1)*(PP['e2']**s2)
+        C = [0 for x in range(len(I))]
+        g = [0 for x in range(6)]
+        g[0] = [PP['g'][0][x]**s1 for x in range(10)]
+        g[1] = [PP['g'][1][x]**s2 for x in range(10)]
+        for i in range(len(I)):
+            g[2] = [PP['g'][2][x]**t1[i] for x in range(10)]
+            g[3] = [PP['g'][3][x]**(t1[i]*group.hash(I[i], ZR)) for x in range(10)]
+            g[4] = [PP['g'][4][x]**t2[i] for x in range(10)]
+            g[5] = [PP['g'][5][x]**(t2[i]*group.hash(I[i], ZR)) for x in range(10)]
+            C[i] = [g[0][x]*g[1][x]*g[2][x]*g[3][x]*g[4][x]*g[5][x]  for x in range(10)]
+        CT = {'C0':C0, 'C':C}
+        if(debug):
+            print("CipherText:")
+            group.debug(CT)
+        return CT
+
+    def decrypt(self, CT, SK):
+        B = 1
+        for i in range(len(SK['K'])):
+            for x in range(10):
+                B*= pair(CT['C'][i][x], SK['K'][i][x])
+        M = CT['C0']/ B
+        return M

charm/schemes/ibenc/clpkc_rp03.py

@@ -0,0 +1,119 @@
+'''
+**Al-Riyami-Paterson Certificateless Public Key Cryptography (RP03)**
+
+*Authors:* Sattam S. Al-Riyami, Kenneth G. Paterson
+
+| **Title:** "Certificateless Public Key Cryptography"
+| **Published in:** Asiacrypt 2003
+| **Available from:** https://eprint.iacr.org/2003/126.pdf
+| **Notes:** Section 4.2 - CL-PKE scheme combining identity-based and public key encryption
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (certificateless, identity-based)
+* **Setting:** bilinear groups (symmetric)
+* **Assumption:** BDH (Bilinear Diffie-Hellman)
+
+.. rubric:: Implementation
+
+:Authors: Nikos Fotiou (https://www.fotiou.gr)
+:Date: 7/2022
+'''
+
+from charm.toolbox.pairinggroup import PairingGroup, ZR,G1,G2,pair
+from charm.core.math.integer import randomBits,integer,bitsize
+from charm.toolbox.hash_module import Hash,int2Bytes,integer
+
+debug = False
+class CLPKC_RP03():
+
+    def __init__(self, groupObj):
+        
+        global group, h
+        group = groupObj
+        h = Hash(group)
+        
+    def setup(self, secparam=None):
+        P = group.random(G1)
+        s = group.random(ZR)
+        P0 = s*P
+        params={'P':P, 'P0':P0}
+        master_key = s
+        return (params, master_key)
+    
+    def partial_private_key_extract(self, master_key, ID):
+        QA = group.hash(ID, G1)
+        DA = master_key * QA
+        return DA
+
+    '''
+    DA = partial_private_key
+    xA = secret_value
+    '''
+    def set_private_key(self, DA, xA):
+        SA = xA*DA
+        return SA
+    '''
+    xA = secret_value
+    '''
+    def set_public_key(self, params, xA):
+        XA = xA*params['P']
+        YA = xA*params['P0']
+        PA = {'XA':XA, 'YA': YA}
+        return PA
+
+    def encrypt(self, params, M, ID, P): # check length to make sure it is within n bits
+        QA = group.hash(ID, G1)
+        g_id = pair(QA, P['YA']) 
+        #choose σ = {0,1}^n where n is # bits
+        sig = integer(randomBits(group.secparam))
+        r = h.hashToZr(sig, M)
+        enc_M = self.encodeToZn(M)
+        if bitsize(enc_M) / 8 <= group.messageSize():
+            C = { 'U':r * params['P'], 'V':sig ^ h.hashToZn(g_id ** r) , 'W':enc_M ^ h.hashToZn(sig) }
+        else:
+            print("Message cannot be encoded.")
+            return None
+        return C
+    
+    def decrypt(self, params, SA, C):
+        U, V, W = C['U'], C['V'], C['W']
+        sig = V ^ h.hashToZn(pair(SA, U))
+        dec_M = W ^ h.hashToZn(sig)
+        M = self.decodeFromZn(dec_M)
+
+        r = h.hashToZr(sig, M)        
+        if U == r * params['P']:
+            if debug: print("Successful Decryption!!!")
+            return M
+        if debug: print("Decryption Failed!!!")
+        return None
+        
+
+    def encodeToZn(self, message):
+        assert type(message) == bytes, "Input must be of type bytes"
+        return integer(message)
+    
+    def decodeFromZn(self, element):
+        if type(element) == integer:
+            msg = int2Bytes(element)
+            return msg
+        return None
+
+
+def main():
+    group = PairingGroup('SS512', secparam=1024)
+    clpkc = CLPKC_RP03(group)
+    (params, master_key) = clpkc.setup()
+    ID = 'user@email.com'
+    partial_private_key = clpkc.partial_private_key_extract(master_key, ID)
+    secret_value = group.random(ZR)
+    private_key = clpkc.set_private_key(partial_private_key, secret_value)
+    public_key = clpkc.set_public_key(params, secret_value)
+    msg = b"hello world!!!!!"
+    cipher_text = clpkc.encrypt(params, msg, ID, public_key)
+    plain_text = clpkc.decrypt(params, private_key, cipher_text)
+    print (plain_text)
+
+if __name__=='__main__':
+    main()

charm/schemes/ibenc/ibenc_CW13_z.py

@@ -0,0 +1,168 @@
+'''
+**Chen-Wee Dual System Groups IBE (CW13)**
+
+*Authors:* Jie Chen, Hoeteck Wee
+
+| **Title:** "Dual System Groups and its Applications - Compact HIBE and More"
+| **Published in:** CRYPTO 2013
+| **Available from:** http://eprint.iacr.org/2013/394.pdf
+| **Notes:** Compact IBE using dual system groups methodology
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** SXDH (Symmetric External Diffie-Hellman)
+
+.. rubric:: Implementation
+
+:Authors: Fan Zhang (zfwise@gwu.edu), supported by GWU computer science department
+:Date: 5/2013
+:Notes: Implementation optimized to reduce exponentiation and multiplication operations.
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.core.crypto.cryptobase import *
+from charm.toolbox.IBEnc import IBEnc
+from charm.toolbox.matrixops import *
+
+debug = False
+class IBE_CW13(IBEnc):
+    """
+    >>> group = PairingGroup('MNT224', secparam=1024)    
+    >>> ibe = IBE_CW13(group)
+    >>> (master_public_key, master_secret_key) = ibe.setup()
+    >>> ID = 'user@email.com'
+    >>> private_key = ibe.extract(master_public_key, master_secret_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    >>> decryptedMSG = ibe.decrypt(master_public_key, private_key, cipher_text)
+    >>> print (decryptedMSG==msg)
+    True
+    """
+    def __init__(self, groupObj):
+        IBEnc.__init__(self)
+        #IBEnc.setProperty(self, message_space=[GT, 'KEM'], secdef='IND_sID_CPA', assumption='DBDH', secmodel='ROM', other={'id':ZR})
+        global group
+        group = groupObj
+        
+    def setup(self):
+        g1 = group.random(G1)   #generator in G1
+        g2 = group.random(G2)   #generator in G2
+        
+        #generate B and B*
+        B = [[group.random(ZR), group.random(ZR)],[group.random(ZR), group.random(ZR)]]
+       
+        Bt = MatrixTransGroups(B)
+        Bstar= [GaussEliminationinGroups([[Bt[0][0], Bt[0][1], group.init(ZR, 1)],
+                                                  [Bt[1][0], Bt[1][1], group.init(ZR, 0)]]),
+                GaussEliminationinGroups([[Bt[0][0], Bt[0][1], group.init(ZR, 0)],
+                                                  [Bt[1][0], Bt[1][1], group.init(ZR, 1)]])]
+        Bstar = MatrixTransGroups(Bstar)
+
+
+        ## checks Bt * Bstar = identity matrix
+#         for i in self.MatrixMulGroups(Bt, Bstar):
+#             print("[%s,%s]"%(i[0],i[1]))
+            
+        #generate R
+        R = [[group.random(ZR), group.init(ZR, 0)],
+            [group.init(ZR, 0), group.init(ZR, 1)]]
+        
+        #generate A1 and A2
+        A1 =[[group.random(ZR), group.random(ZR)],
+             [group.random(ZR), group.random(ZR)]]
+        A2 =[[group.random(ZR), group.random(ZR)],
+             [group.random(ZR), group.random(ZR)]]
+        k = [group.random(ZR),group.random(ZR)]    #k is a 2 dimentional vector
+        
+        #The following code differs from the paper. 
+        BA1 = MatrixMulGroups(B,A1)
+        BA2 = MatrixMulGroups(B,A2)
+        BsR = MatrixMulGroups(Bstar,R)
+        BsA1R = MatrixMulGroups(MatrixMulGroups(Bstar, MatrixTransGroups(A1)),R)
+        BsA2R = MatrixMulGroups(MatrixMulGroups(Bstar, MatrixTransGroups(A2)),R)
+        b0 = [B[0][0],B[1][0]]
+        b1 = [BA1[0][0],BA1[1][0]]
+        b2 = [BA2[0][0],BA2[1][0]]
+        b0s = [BsR[0][0],BsR[1][0]]
+        b1s = [BsA1R[0][0],BsA1R[1][0]]
+        b2s = [BsA2R[0][0],BsA2R[1][0]]
+
+        #generate the mpk
+        g1b0 = [g1**b0[0], g1**b0[1]]
+        g1b1 = [g1**b1[0], g1**b1[1]]
+        g1b2 = [g1**b2[0], g1**b2[1]]
+        egg = (pair(g1, g2)) ** (k[0]*b0[0] + k[1]*b0[1])
+
+        mpk = {'g1':g1, 'g2':g2, 'g1b0':g1b0, 'g1b1':g1b1, 'g1b2': g1b2, 'egg':egg}
+        
+        #generate private parameters
+        msk = { 'k':k, 'b0s':b0s, 'b1s':b1s,'b2s':b2s}
+        
+        if(debug):
+            print("Public parameters...")
+            group.debug(mpk)
+            print("Secret parameters...")
+            group.debug(msk)
+        return (mpk, msk)
+
+    def extract(self, mpk, msk, ID):
+        #_ID is an element in ZR, r is an random number in ZR
+        _ID = group.hash(ID, ZR)
+        r = group.random(ZR)
+        
+        sk_id = {'K0': [mpk['g2']**(msk['b0s'][0]*r),
+                        mpk['g2']**(msk['b0s'][1]*r)],
+                 'K1': [mpk['g2']**(msk['k'][0] + (msk['b2s'][0]+_ID*msk['b1s'][0])*r),
+                        mpk['g2']**(msk['k'][1] + (msk['b2s'][1]+_ID*msk['b1s'][1])*r)]}
+
+        if(debug):
+            print("Generate User SK...")
+            group.debug(sk_id)
+        return sk_id
+        
+    
+    def encrypt(self, mpk, ID, M):
+        #_ID is an element in ZR, s is an random number in ZR
+        s = group.random(ZR)
+        _ID = group.hash(ID,ZR)
+        #M is an element in GT
+        C0 = [mpk['g1b0'][0]**s, mpk['g1b0'][1]**s]
+        C1 = [(mpk['g1b2'][0]*(mpk['g1b1'][0]**_ID))**s,
+              (mpk['g1b2'][1]*(mpk['g1b1'][1]**_ID))**s]
+        C2 = (mpk['egg']**s) * M
+
+        ct_id = { 'C0':C0, 'C1':C1, 'C2':C2}
+        
+        if(debug):
+            print('\nEncrypt...')
+            group.debug(ct_id)
+        return ct_id
+    
+    def decrypt(self, mpk, sk_id, ct_id):
+        
+        mask = self.vpair(ct_id['C0'], sk_id['K1']) / self.vpair(ct_id['C1'], sk_id['K0'])
+        Mprime = ct_id['C2']/mask
+        if(debug):
+            print('\nDecrypt....')
+        return Mprime
+
+    def vpair(self, g1v, g2v):
+        return pair(g1v[0],g2v[0]) * pair(g1v[1],g2v[1])
+    
+def main():
+
+    group = PairingGroup('MNT224', secparam=1024)    
+    ibe = IBE_CW13(group)
+    (master_public_key, master_secret_key) = ibe.setup()
+    ID = 'user@email.com'
+    private_key = ibe.extract(master_public_key, master_secret_key, ID)
+    msg = group.random(GT)
+    cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    decryptedMSG = ibe.decrypt(master_public_key, private_key, cipher_text)
+    print (decryptedMSG==msg)
+    
+if __name__ == '__main__':
+    debug = True
+    main()   
+

charm/schemes/ibenc/ibenc_bb03.py

@@ -0,0 +1,94 @@
+'''
+**Boneh-Boyen Identity-Based Encryption (BB-IBE)**
+
+*Authors:* Dan Boneh, Xavier Boyen
+
+| **Title:** "Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles"
+| **Published in:** Eurocrypt 2004
+| **Available from:** http://crypto.stanford.edu/~dabo/pubs/papers/bbibe.pdf
+| **Notes:** Section 5.1 - IBE (1-level HIBE) implementation of the BB_2 scheme
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** DBDH (Decisional Bilinear Diffie-Hellman)
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 11/2010
+'''
+
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.IBEnc import *
+from charm.core.math.pairing import hashPair as sha2
+
+debug = False
+class IBE_BB04(IBEnc):
+    """
+    >>> group = PairingGroup('MNT224')
+    >>> ibe = IBE_BB04(group)
+    >>> (master_public_key, master_key) = ibe.setup()
+    >>> master_public_key_ID = group.random(ZR)
+    >>> key = ibe.extract(master_key, master_public_key_ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = ibe.encrypt(master_public_key, master_public_key_ID, msg)
+    >>> decrypted_msg = ibe.decrypt(master_public_key, key, cipher_text)
+    >>> decrypted_msg == msg
+    True
+    """
+    def __init__(self, groupObj):
+        IBEnc.__init__(self)
+        IBEnc.setProperty(self, secDef=IND_sID_CPA, assumption=DBDH, 
+                          messageSpace=[GT, 'KEM'], secModel=ROM, id=ZR)
+        global group
+        group = groupObj
+        
+    def setup(self, secparam=None):
+        #StartBenchmark(bID1, [CpuTime, NativeTime])
+        g, h = group.random(G1), group.random(G2)
+        v = pair(g, h)
+        x, y = group.random(), group.random()
+
+        X = g ** x
+        Y = g ** y 
+        pk = { 'g':g, 'X':X, 'Y':Y, 'v':v } # public params
+        mk = { 'x':x, 'y':y, 'h':h }         # master secret
+        return (pk, mk)
+    
+    # Note: ID is in Zp* and is the public key ID for the user
+    def extract(self, mk, ID):
+        r = group.random()
+        # compute K
+        K = mk['h'] ** ~(ID + mk['x'] + r*mk['y'])
+        return { 'id':ID, 'r':r, 'K':K }
+
+    # assume that M is in GT
+    def encrypt(self, params, ID, M):
+        s = group.random()
+
+        A = (params['v'] ** s) * M 
+        B = params['Y'] ** s
+        C = (params['X'] ** s) * (params['g'] ** (s * ID))
+        return { 'A':A, 'B':B, 'C':C }
+
+    def keyenc(self, params, ID, msg):
+        s = group.random()
+        A = sha2(params['v'] ** s) # session key
+        B = params['Y'] ** s
+        C = (params['X'] ** s) * (params['g'] ** (s * ID))
+        # use prf here?
+        ciph = { 'B': B, 'C': C }
+        return (A, ciph) # user must destroy A since it protects the msg
+
+    def decrypt(self, pk, dID, CT):
+        A, B, C = CT['A'], CT['B'], CT['C']
+        v_s = pair(((B ** dID['r']) * C), dID['K'])
+        return A / v_s
+    
+    def keydec(self, pk, dID, CT):
+        A, B, C = CT['A'], CT['B'], CT['C']
+        v_s = pair(((B ** dID['r']) * C), dID['K'])
+        return sha2(v_s)
+