charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl

charm/schemes/ibenc/ibenc_bf01.py

@@ -0,0 +1,121 @@
+'''
+**Boneh-Franklin Identity-Based Encryption (BF-IBE)**
+
+*Authors:* Dan Boneh, Matthew Franklin
+
+| **Title:** "Identity-Based Encryption from the Weil Pairing"
+| **Published in:** Crypto 2001
+| **Available from:** https://crypto.stanford.edu/~dabo/papers/bfibe.pdf
+| **Notes:** Section 4.2 - BasicIdent scheme with Fujisaki-Okamoto transformation
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** BDH (Bilinear Diffie-Hellman)
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 2/2011
+'''
+from charm.toolbox.pairinggroup import ZR,G1,G2,pair
+from charm.core.math.integer import randomBits,integer,bitsize
+from charm.toolbox.hash_module import Hash,int2Bytes,integer
+from charm.toolbox.IBEnc import IBEnc
+
+debug = False
+class IBE_BonehFranklin(IBEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup
+    >>> group = PairingGroup('MNT224', secparam=1024)    
+    >>> ibe = IBE_BonehFranklin(group)
+    >>> (master_public_key, master_secret_key) = ibe.setup()
+    >>> ID = 'user@email.com'
+    >>> private_key = ibe.extract(master_secret_key, ID)
+    >>> msg = b"hello world!!!!!"
+    >>> cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    >>> ibe.decrypt(master_public_key, private_key, cipher_text)
+    b'hello world!!!!!'
+    """
+    def __init__(self, groupObj):
+        IBEnc.__init__(self)
+        global group,h
+        group = groupObj
+        h = Hash(group)
+        
+    def setup(self):
+        s, P = group.random(ZR), group.random(G2)
+        P2 = s * P
+        # choose H1, H2 hash functions
+        pk = { 'P':P, 'P2':P2 }
+        sk = { 's':s }
+        if(debug):
+            print("Public parameters...")
+            group.debug(pk)
+            print("Secret parameters...")
+            group.debug(sk)
+        return (pk, sk)
+    
+    def extract(self, sk, ID):        
+        d_ID = sk['s'] * group.hash(ID, G1)
+        k = { 'id':d_ID, 'IDstr':ID }
+        if(debug):
+            print("Key for id => '%s'" % ID)
+            group.debug(k)
+        return k
+        
+    
+    def encrypt(self, pk, ID, M): # check length to make sure it is within n bits
+        Q_id = group.hash(ID, G1) #standard
+        g_id = pair(Q_id, pk['P2']) 
+        #choose sig = {0,1}^n where n is # bits
+        sig = integer(randomBits(group.secparam))
+        r = h.hashToZr(sig, M)
+
+        enc_M = self.encodeToZn(M)
+        if bitsize(enc_M) / 8 <= group.messageSize():
+            C = { 'U':r * pk['P'], 'V':sig ^ h.hashToZn(g_id ** r) , 'W':enc_M ^ h.hashToZn(sig) }
+        else:
+            print("Message cannot be encoded.")
+            return None
+
+        if(debug):
+            print('\nEncrypt...')
+            print('r => %s' % r)
+            print('sig => %s' % sig)
+            print("V'  =>", g_id ** r)
+            print('enc_M => %s' % enc_M)
+            group.debug(C)
+        return C
+    
+    def decrypt(self, pk, sk, ct):
+        U, V, W = ct['U'], ct['V'], ct['W']
+        sig = V ^ h.hashToZn(pair(sk['id'], U))
+        dec_M = W ^ h.hashToZn(sig)
+        M = self.decodeFromZn(dec_M)
+
+        r = h.hashToZr(sig, M)
+        if(debug):
+            print('\nDecrypt....')
+            print('V   =>', V)
+            print("V'  =>", pair(sk['id'], U))
+            print('sig => %s' % sig)
+            print('r => %s' % r)
+        if U == r * pk['P']:
+            if debug: print("Successful Decryption!!!")
+            return M
+        if debug: print("Decryption Failed!!!")
+        return None
+
+    def encodeToZn(self, message):
+        assert type(message) == bytes, "Input must be of type bytes"
+        return integer(message)
+        
+    def decodeFromZn(self, element):
+        if type(element) == integer:
+            msg = int2Bytes(element)
+            return msg
+        return None
+     
+

charm/schemes/ibenc/ibenc_ckrs09.py

@@ -0,0 +1,120 @@
+'''
+**Camenisch-Kohlweiss-Rial-Sheedy Blind Anonymous IBE (CKRS09)**
+
+*Authors:* Jan Camenisch, Markulf Kohlweiss, Alfredo Rial, Caroline Sheedy
+
+| **Title:** "Blind and Anonymous Identity-Based Encryption and Authorised Private Searches on Public Key Encrypted Data"
+| **Published in:** PKC 2009
+| **Available from:** http://www.iacr.org/archive/pkc2009/54430202/54430202.pdf
+| **Notes:** Section 4.1 - First blind and anonymous IBE scheme
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based, blind, anonymous)
+* **Setting:** bilinear groups (symmetric pairings)
+* **Assumption:** DBDH and related assumptions
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele, Mike Rushanan
+:Date: 02/2012
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.IBEnc import IBEnc
+from charm.toolbox.conversion import Conversion
+from charm.toolbox.bitstring import Bytes
+from charm.toolbox.iterate import dotprod2
+from charm.toolbox.hash_module import Waters
+import hashlib
+
+debug = False
+class IBE_CKRS(IBEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup, GT
+    >>> group = PairingGroup('SS512')
+    >>> ibe = IBE_CKRS(group)
+    >>> (master_public_key, master_secret_key) = ibe.setup()
+    >>> ID = "bob@mail.com"
+    >>> secret_key = ibe.extract(master_public_key, master_secret_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    >>> decrypted_msg = ibe.decrypt(master_public_key, secret_key, cipher_text)
+    >>> decrypted_msg == msg 
+    True
+    """
+    def __init__(self, groupObj):
+        global group,hashObj
+        group = groupObj
+    
+    def setup(self, n=5, l=32):
+        """n integers with each size l""" 
+        global lam_func, waters
+        lam_func = lambda i,x,y: x[i] ** y[i] 
+        waters = Waters(group, n, l)
+        alpha, t1, t2, t3, t4 = group.random(ZR, 5)
+        z = list(group.random(ZR, n))
+        g = group.random(G1)
+        h = group.random(G2)
+        omega = pair(g, h) ** (t1 * t2 * alpha)
+        g_l = [g ** i for i in z]
+        h_l = [h ** i for i in z]
+        v1, v2 = g ** t1, g ** t2
+        v3, v4 = g ** t3, g ** t4
+        msk = { 'alpha':alpha, 't1':t1, 't2':t2, 't3':t3, 't4':t4 }
+        mpk = { 'omega':omega, 'g':g, 'h':h, 'g_l':g_l, 'h_l':h_l, 
+               'v1':v1, 'v2':v2, 'v3':v3, 'v4':v4, 'n':n, 'l':l }
+        return (mpk, msk)
+    
+    def extract(self, mpk, msk, ID):
+        r1, r2 = group.random(ZR, 2) # should be params of extract
+        hID = waters.hash(ID)
+        hashID2 = mpk['h_l'][0] * dotprod2(range(1,mpk['n']), lam_func, mpk['h_l'], hID)        
+        d = {}
+        
+        d[0] = mpk['h'] ** ((r1 * msk['t1'] * msk['t2']) + (r2 * msk['t3'] * msk['t4']))
+        d[1] = (mpk['h'] ** (-msk['alpha'] * msk['t2'])) * (hashID2 ** (-r1 * msk['t2']))
+        d[2] = (mpk['h'] ** (-msk['alpha'] * msk['t1'])) * (hashID2 ** (-r1 * msk['t1']))
+        d[3] = hashID2 ** (-r2 * msk['t4'])
+        d[4] = hashID2 ** (-r2 * msk['t3'])
+        return { 'd':d }
+    
+    def encrypt(self, mpk, ID, msg):
+        s, s1, s2 = group.random(ZR, 3)
+        hID = waters.hash(ID)
+        hashID1 = mpk['g_l'][0] * dotprod2(range(1,mpk['n']), lam_func, mpk['g_l'], hID)
+        c = {}
+        c_pr = (mpk['omega'] ** s) * msg
+        c[0] = hashID1 ** s
+        c[1] = mpk['v1'] ** (s - s1)
+        c[2] = mpk['v2'] ** s1
+        c[3] = mpk['v3'] ** (s - s2)
+        c[4] = mpk['v4'] ** s2        
+        return {'c':c, 'c_prime':c_pr }
+    
+    def decrypt(self, mpk, sk, ct):
+        c, d = ct['c'], sk['d']
+        msg = ct['c_prime'] * pair(c[0], d[0]) * pair(c[1], d[1]) * pair(c[2], d[2]) * pair(c[3], d[3]) * pair(c[4], d[4])        
+        return msg
+    
+
+def main():
+    groupObj = PairingGroup('SS512')
+    ibe = IBE_CKRS(groupObj)
+    (mpk, msk) = ibe.setup()
+
+    # represents public identity
+    ID = "bob@mail.com"
+    sk = ibe.extract(mpk, msk, ID)
+
+    M = groupObj.random(GT)
+    ct = ibe.encrypt(mpk, ID, M)
+    m = ibe.decrypt(mpk, sk, ct)
+    if debug: print('m    =>', m)
+
+    assert m == M, "FAILED Decryption!"
+    if debug: print("Successful Decryption!!! m => '%s'" % m)
+
+if __name__ == "__main__":
+   debug = True
+   main()
+

charm/schemes/ibenc/ibenc_cllww12_z.py

@@ -0,0 +1,172 @@
+r'''
+**Chen-Lim-Ling-Wang-Wee Shorter IBE (CLLWW12)**
+
+*Authors:* Jie Chen, Hoon Wei Lim, San Ling, Huaxiong Wang, Hoeteck Wee
+
+| **Title:** "Shorter IBE and Signatures via Asymmetric Pairings"
+| **Published in:** Pairing 2012
+| **Available from:** http://eprint.iacr.org/2012/224
+| **Notes:** Section 4 - Shorter IBE construction based on SXDH assumption
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based)
+* **Setting:** bilinear groups (asymmetric)
+* **Assumption:** SXDH (Symmetric External Diffie-Hellman)
+
+.. rubric:: Implementation
+
+:Authors: Fan Zhang (zfwise@gwu.edu), supported by GWU computer science department
+:Date: 3/2013
+:Notes: Optimized implementation stores msk = {alpha, d_1*, d_2*} instead of
+    pre-computed group elements. Computes (alpha + r*ID)*d_1* - r*d_2* before
+    exponentiation, reducing G2 exponentials from 8 to 4.
+'''
+from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
+from charm.toolbox.matrixops import *
+from charm.core.crypto.cryptobase import *
+from charm.toolbox.IBEnc import IBEnc
+
+debug = False
+class IBE_Chen12_z(IBEnc):
+    """
+    >>> group = PairingGroup('MNT224', secparam=1024)    
+    >>> ibe = IBE_Chen12_z(group)
+    >>> (master_public_key, master_secret_key) = ibe.setup()
+    >>> ID = 'user@email.com'
+    >>> private_key = ibe.extract(master_secret_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    >>> decryptedMSG = ibe.decrypt(master_public_key, private_key, cipher_text)
+    >>> print (decryptedMSG==msg)
+    True
+    """
+    def __init__(self, groupObj):
+        IBEnc.__init__(self)
+        global group
+        group = groupObj
+        
+    def setup(self):
+        g1 = group.random(G1)
+        g2 = group.random(G2)
+        alpha = group.random(ZR)
+        #generate the 4*4 dual pairing vector spaces.
+        d11, d12, d13, d14, d21, d22, d23, d24 = group.random(ZR, 8)
+        d31, d32, d33, d34, d41, d42, d43, d44 = group.random(ZR, 8)
+        D11, D12, D13, D14 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D21, D22, D23, D24 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D31, D32, D33, D34 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+        D41, D42, D43, D44 = group.init(ZR),group.init(ZR),group.init(ZR),group.init(ZR)
+
+        one = group.random(ZR)
+        
+        [D11, D12, D13, D14] = GaussEliminationinGroups([[d11, d12, d13, d14, one],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D21, D22, D23, D24] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, one],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D31, D32, D33, D34] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, one],
+                                        [d41, d42, d43, d44, group.init(ZR, 0)]])
+        [D41, D42, D43, D44] = GaussEliminationinGroups([[d11, d12, d13, d14, group.init(ZR, 0)],
+                                        [d21, d22, d23, d24, group.init(ZR, 0)],
+                                        [d31, d32, d33, d34, group.init(ZR, 0)],
+                                        [d41, d42, d43, d44, one]])        
+        
+
+        #generate public parameters.
+        PP2 = (pair(g1, g2))**(alpha*one)
+        gd11 = g1**d11
+        gd12 = g1**d12
+        gd13 = g1**d13
+        gd14 = g1**d14
+        gd21 = g1**d21
+        gd22 = g1**d22
+        gd23 = g1**d23
+        gd24 = g1**d24
+        pk = { 'PP2':PP2,
+               'gd11':gd11, 'gd12':gd12,'gd13':gd13, 'gd14':gd14,
+               'gd21':gd21, 'gd22':gd22, 'gd23':gd23, 'gd24':gd24 }
+        #generate private parameters
+##        gD11 = g2**D11
+##        gD12 = g2**D12
+##        gD13 = g2**D13
+##        gD14 = g2**D14
+##        gD21 = g2**D21
+##        gD22 = g2**D22
+##        gD23 = g2**D23
+##        gD24 = g2**D24
+##        msk = { 'alpha':alpha, 'gD11':gD11, 'gD12':gD12, 'gD13':gD13, 'gD14':gD14,
+##               'gD21':gD21, 'gD22':gD22, 'gD23':gD23, 'gD24':gD24 }
+        msk = {'alpha': alpha, 'g2':g2,
+               'D11':D11, 'D12':D12, 'D13':D13, 'D14':D14,
+               'D21':D21, 'D22':D22, 'D23':D23, 'D24':D24}
+        if(debug):
+            print("Public parameters...")
+            group.debug(pk)
+            print("Secret parameters...")
+            group.debug(msk)
+        return (pk, msk)
+    
+    def extract(self, msk, ID):
+        _ID = group.hash(ID)
+        r = group.random(ZR)
+        sk_id1 = msk['g2']**((msk['alpha']+ r * _ID) * msk['D11'] - r * msk['D21'])
+        sk_id2 = msk['g2']**((msk['alpha']+ r * _ID) * msk['D12'] - r * msk['D22'])
+        sk_id3 = msk['g2']**((msk['alpha']+ r * _ID) * msk['D13'] - r * msk['D23'])
+        sk_id4 = msk['g2']**((msk['alpha']+ r * _ID) * msk['D14'] - r * msk['D24'])
+        
+        k = { 'sk_id1':sk_id1, 'sk_id2':sk_id2, 'sk_id3':sk_id3,
+              'sk_id4':sk_id4 }
+        
+        if(debug):
+            print("Generate User SK...")
+            group.debug(k)
+        return k
+        
+    
+    def encrypt(self, pk, ID, M):
+        s = group.random(ZR)
+        _ID = group.hash(ID)
+        #M is an element in GT
+        C0 = (pk['PP2']**s)*M
+        C11 = (pk['gd11']**s)*(pk['gd21']**(s*_ID))
+        C12 = (pk['gd12']**s)*(pk['gd22']**(s*_ID))
+        C13 = (pk['gd13']**s)*(pk['gd23']**(s*_ID))
+        C14 = (pk['gd14']**s)*(pk['gd24']**(s*_ID))
+
+        CT = { 'C0':C0, 'C11':C11, 'C12':C12, 'C13':C13, 'C14':C14 }
+        
+        if(debug):
+            print('\nEncrypt...')
+            group.debug(CT)
+        return CT
+    
+    def decrypt(self, pk, sk, ct):
+        Mprime = ct['C0']/(pair(ct['C11'],sk['sk_id1'])*pair(ct['C12'],sk['sk_id2'])*
+                           pair(ct['C13'],sk['sk_id3'])*pair(ct['C14'],sk['sk_id4']))
+
+        if(debug):
+            print('\nDecrypt....')
+        return Mprime
+
+def main():
+
+    group = PairingGroup('MNT224', secparam=1024)    
+    ibe = IBE_Chen12_z(group)
+    (master_public_key, master_secret_key) = ibe.setup()
+    ID = 'user@email.com'
+    private_key = ibe.extract(master_secret_key, ID)
+    msg = group.random(GT)
+    cipher_text = ibe.encrypt(master_public_key, ID, msg)
+    decryptedMSG = ibe.decrypt(master_public_key, private_key, cipher_text)
+    print (decryptedMSG==msg)
+    
+if __name__ == '__main__':
+    debug = True
+    main()   
+

charm/schemes/ibenc/ibenc_lsw08.py

@@ -0,0 +1,120 @@
+'''
+**Lewko-Sahai-Waters Revocable IBE (LSW08)**
+
+*Authors:* Allison Lewko, Amit Sahai, Brent Waters
+
+| **Title:** "Revocation Systems with Very Small Private Keys"
+| **Published in:** IEEE S&P 2010
+| **Available from:** http://eprint.iacr.org/2008/309.pdf
+| **Notes:** Fully secure IBE construction with revocable keys
+
+.. rubric:: Scheme Properties
+
+* **Type:** encryption (identity-based, revocable)
+* **Setting:** bilinear groups (symmetric pairings)
+* **Assumption:** DLIN and related assumptions
+
+.. rubric:: Implementation
+
+:Authors: J. Ayo Akinyele
+:Date: 1/2012
+'''
+from charm.toolbox.pairinggroup import ZR,G1,pair
+from charm.toolbox.IBEnc import *
+
+debug = False
+class IBE_Revoke(IBEnc):
+    """
+    >>> from charm.toolbox.pairinggroup import PairingGroup, GT, G2
+    >>> group = PairingGroup('SS512')
+    >>> num_users = 5 # total # of users
+    >>> ibe = IBE_Revoke(group)
+    >>> ID = "user2@email.com"
+    >>> S = ["user1@email.com", "user3@email.com", "user4@email.com"]
+    >>> (master_public_key, master_secret_key) = ibe.setup(num_users)
+    >>> secret_key = ibe.keygen(master_public_key, master_secret_key, ID)
+    >>> msg = group.random(GT)
+    >>> cipher_text = ibe.encrypt(master_public_key, msg, S)
+    >>> decrypted_msg = ibe.decrypt(S, cipher_text, secret_key)
+    >>> decrypted_msg == msg
+    True
+    """
+
+    def __init__(self, groupObj):
+        IBEnc.__init__(self)
+        global group, util
+        group = groupObj
+
+    def setup(self, n):
+        g, w, h, v, v1, v2 = group.random(G1, 6)
+        a1, a2, b, alpha = group.random(ZR, 4)
+        
+        tau1 = v * (v1 ** a1)
+        tau2 = v * (v2 ** a2)        
+        pk = {'n':n, 'g':g, 'g^b':g ** b, 'g^a1':g ** a1, 'g^a2':g ** a2, 
+              'g^ba1':g ** (b * a1), 'g^ba2':g ** (b * a2), 'tau1':tau1, 'tau2':tau2, 
+              'tau1^b':tau1 ** b, 'tau2^b':tau2 ** b, 'w':w, 'h':h,
+              'egg_alpha': pair(g, g) ** (alpha * a1 * b)}
+        sk = {'g^alph':g ** alpha, 'g^alph_a1':g ** (alpha * a1),
+              'g^b':g ** b,'v':v, 'v1':v1, 'v2':v2, 'alpha':alpha }
+        return (pk, sk)
+    
+    def keygen(self, mpk, msk, ID):
+        d1, d2, z1, z2 = group.random(ZR, 4)
+        d = d1 + d2
+        _ID = group.hash(ID.upper())
+        D = {}
+        D[1] = msk['g^alph_a1'] * (msk['v'] ** d)
+        D[2] = (mpk['g'] ** -msk['alpha']) * (msk['v1'] ** d) * (mpk['g'] ** z1)
+        D[3] = mpk['g^b'] ** -z1
+        D[4] = (msk['v2'] ** d) * (mpk['g'] ** z2)
+        D[5] = mpk['g^b'] ** -z2
+        D[6] = mpk['g^b'] ** d2
+        D[7] = mpk['g'] ** d1
+        K = ((mpk['w'] ** _ID) * mpk['h']) ** d1
+        
+        sk = { 'ID':_ID, 'D':D, 'K':K }
+        return sk
+
+    def encrypt(self, mpk, M, S):
+        s1, s2 = group.random(ZR, 2)
+        s = s1 + s2
+        # number of revoked users
+        r = len(S); t_r = group.random(ZR, r)
+        t = 0
+        for i in t_r: t += i 
+        
+        C = {}
+        C[0] = M * (mpk['egg_alpha'] ** s2)
+        C[1] = mpk['g^b'] ** s
+        C[2] = mpk['g^ba1'] ** s1
+        C[3] = mpk['g^a1'] ** s1
+        C[4] = mpk['g^ba2'] ** s2
+        C[5] = mpk['g^a2'] ** s2
+        C[6] = (mpk['tau1'] ** s1) * (mpk['tau2'] ** s2)
+        C[7] = (mpk['tau1^b'] ** s1) * (mpk['tau2^b'] ** s2) * (mpk['w'] ** -t)
+        
+        c1 = [i for i in range(r)]; c2 = [i for i in range(r)]
+        for i in range(len(t_r)):
+            c1[i] = mpk['g'] ** t_r[i]
+            S_hash = group.hash(S[i].upper())
+            c2[i] = ((mpk['w'] ** S_hash) * mpk['h']) ** t_r[i]
+        C['i1'] = c1
+        C['i2'] = c2
+        return C
+
+    def decrypt(self, S, ct, sk):
+        C, D, K = ct, sk['D'], sk['K']
+        _ID = sk['ID']
+        # hash IDs
+        S_id = [group.hash(i.upper()) for i in S]
+        if debug: print("hashed IDs: ", S_id)
+        if _ID in S_id: print("Your ID:", _ID, "is in revoked list!"); return
+        A1 = pair(C[1], D[1]) * pair(C[2], D[2]) * pair(C[3], D[3]) * pair(C[4], D[4]) * pair(C[5], D[5])
+        A2 = pair(C[6], D[6]) * pair(C[7], D[7])
+        A3 = A1 / A2
+        A4 = 1
+        for i in range(len(S_id)):
+            A4 *= (pair(C['i1'][i], K) / pair(C['i2'][i], D[7])) ** (1 / (_ID - S_id[i]))
+        return C[0] / (A3 / A4) 
+