charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- charm/__init__.py +5 -0
- charm/adapters/__init__.py +0 -0
- charm/adapters/abenc_adapt_hybrid.py +90 -0
- charm/adapters/dabenc_adapt_hybrid.py +145 -0
- charm/adapters/ibenc_adapt_hybrid.py +72 -0
- charm/adapters/ibenc_adapt_identityhash.py +80 -0
- charm/adapters/kpabenc_adapt_hybrid.py +91 -0
- charm/adapters/pkenc_adapt_bchk05.py +121 -0
- charm/adapters/pkenc_adapt_chk04.py +91 -0
- charm/adapters/pkenc_adapt_hybrid.py +98 -0
- charm/adapters/pksig_adapt_naor01.py +89 -0
- charm/config.py +7 -0
- charm/core/__init__.py +0 -0
- charm/core/benchmark/benchmark_util.c +353 -0
- charm/core/benchmark/benchmark_util.h +61 -0
- charm/core/benchmark/benchmarkmodule.c +476 -0
- charm/core/benchmark/benchmarkmodule.h +162 -0
- charm/core/benchmark.cpython-313-darwin.so +0 -0
- charm/core/crypto/AES/AES.c +1464 -0
- charm/core/crypto/AES.cpython-313-darwin.so +0 -0
- charm/core/crypto/DES/DES.c +113 -0
- charm/core/crypto/DES.cpython-313-darwin.so +0 -0
- charm/core/crypto/DES3/DES3.c +26 -0
- charm/core/crypto/DES3.cpython-313-darwin.so +0 -0
- charm/core/crypto/__init__.py +0 -0
- charm/core/crypto/cryptobase/XOR.c +80 -0
- charm/core/crypto/cryptobase/_counter.c +496 -0
- charm/core/crypto/cryptobase/_counter.h +54 -0
- charm/core/crypto/cryptobase/block_template.c +900 -0
- charm/core/crypto/cryptobase/block_template.h +69 -0
- charm/core/crypto/cryptobase/cryptobasemodule.c +220 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt.h +90 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_argchk.h +44 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_cfg.h +186 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_cipher.h +941 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_custom.h +556 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_des.c +1912 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_hash.h +407 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_mac.h +496 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_macros.h +435 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_math.h +534 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_misc.h +103 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_pk.h +653 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_pkcs.h +90 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_prng.h +199 -0
- charm/core/crypto/cryptobase/stream_template.c +271 -0
- charm/core/crypto/cryptobase/strxor.c +229 -0
- charm/core/crypto/cryptobase.cpython-313-darwin.so +0 -0
- charm/core/engine/__init__.py +5 -0
- charm/core/engine/protocol.py +293 -0
- charm/core/engine/util.py +174 -0
- charm/core/math/__init__.py +0 -0
- charm/core/math/elliptic_curve/ecmodule.c +1986 -0
- charm/core/math/elliptic_curve/ecmodule.h +230 -0
- charm/core/math/elliptic_curve.cpython-313-darwin.so +0 -0
- charm/core/math/elliptic_curve.pyi +63 -0
- charm/core/math/integer/integermodule.c +2539 -0
- charm/core/math/integer/integermodule.h +145 -0
- charm/core/math/integer.cpython-313-darwin.so +0 -0
- charm/core/math/integer.pyi +76 -0
- charm/core/math/pairing/miracl/miracl_config.h +37 -0
- charm/core/math/pairing/miracl/miracl_interface.h +118 -0
- charm/core/math/pairing/miracl/miracl_interface2.h +126 -0
- charm/core/math/pairing/miracl/pairingmodule2.c +2094 -0
- charm/core/math/pairing/miracl/pairingmodule2.h +307 -0
- charm/core/math/pairing/pairingmodule.c +2230 -0
- charm/core/math/pairing/pairingmodule.h +241 -0
- charm/core/math/pairing/relic/pairingmodule3.c +1853 -0
- charm/core/math/pairing/relic/pairingmodule3.h +233 -0
- charm/core/math/pairing/relic/relic_interface.c +1337 -0
- charm/core/math/pairing/relic/relic_interface.h +217 -0
- charm/core/math/pairing/relic/test_relic.c +171 -0
- charm/core/math/pairing.cpython-313-darwin.so +0 -0
- charm/core/math/pairing.pyi +69 -0
- charm/core/utilities/base64.c +248 -0
- charm/core/utilities/base64.h +15 -0
- charm/schemes/__init__.py +0 -0
- charm/schemes/abenc/__init__.py +0 -0
- charm/schemes/abenc/abenc_accountability_jyjxgd20.py +647 -0
- charm/schemes/abenc/abenc_bsw07.py +146 -0
- charm/schemes/abenc/abenc_ca_cpabe_ar17.py +684 -0
- charm/schemes/abenc/abenc_dacmacs_yj14.py +298 -0
- charm/schemes/abenc/abenc_lsw08.py +159 -0
- charm/schemes/abenc/abenc_maabe_rw15.py +236 -0
- charm/schemes/abenc/abenc_maabe_yj14.py +297 -0
- charm/schemes/abenc/abenc_tbpre_lww14.py +309 -0
- charm/schemes/abenc/abenc_unmcpabe_yahk14.py +223 -0
- charm/schemes/abenc/abenc_waters09.py +144 -0
- charm/schemes/abenc/abenc_yct14.py +208 -0
- charm/schemes/abenc/abenc_yllc15.py +178 -0
- charm/schemes/abenc/ac17.py +248 -0
- charm/schemes/abenc/bsw07.py +141 -0
- charm/schemes/abenc/cgw15.py +277 -0
- charm/schemes/abenc/dabe_aw11.py +204 -0
- charm/schemes/abenc/dfa_fe12.py +144 -0
- charm/schemes/abenc/pk_hve08.py +179 -0
- charm/schemes/abenc/waters11.py +143 -0
- charm/schemes/aggrsign_MuSig.py +150 -0
- charm/schemes/aggrsign_bls.py +267 -0
- charm/schemes/blindsig_ps16.py +654 -0
- charm/schemes/chamhash_adm05.py +113 -0
- charm/schemes/chamhash_rsa_hw09.py +100 -0
- charm/schemes/commit/__init__.py +0 -0
- charm/schemes/commit/commit_gs08.py +77 -0
- charm/schemes/commit/commit_pedersen92.py +53 -0
- charm/schemes/encap_bchk05.py +62 -0
- charm/schemes/grpsig/__init__.py +0 -0
- charm/schemes/grpsig/groupsig_bgls04.py +114 -0
- charm/schemes/grpsig/groupsig_bgls04_var.py +115 -0
- charm/schemes/hibenc/__init__.py +0 -0
- charm/schemes/hibenc/hibenc_bb04.py +105 -0
- charm/schemes/hibenc/hibenc_lew11.py +193 -0
- charm/schemes/ibenc/__init__.py +0 -0
- charm/schemes/ibenc/clpkc_rp03.py +119 -0
- charm/schemes/ibenc/ibenc_CW13_z.py +168 -0
- charm/schemes/ibenc/ibenc_bb03.py +94 -0
- charm/schemes/ibenc/ibenc_bf01.py +121 -0
- charm/schemes/ibenc/ibenc_ckrs09.py +120 -0
- charm/schemes/ibenc/ibenc_cllww12_z.py +172 -0
- charm/schemes/ibenc/ibenc_lsw08.py +120 -0
- charm/schemes/ibenc/ibenc_sw05.py +238 -0
- charm/schemes/ibenc/ibenc_waters05.py +144 -0
- charm/schemes/ibenc/ibenc_waters05_z.py +164 -0
- charm/schemes/ibenc/ibenc_waters09.py +107 -0
- charm/schemes/ibenc/ibenc_waters09_z.py +147 -0
- charm/schemes/joye_scheme.py +106 -0
- charm/schemes/lem_scheme.py +207 -0
- charm/schemes/pk_fre_ccv11.py +107 -0
- charm/schemes/pk_vrf.py +127 -0
- charm/schemes/pkenc/__init__.py +0 -0
- charm/schemes/pkenc/pkenc_cs98.py +108 -0
- charm/schemes/pkenc/pkenc_elgamal85.py +122 -0
- charm/schemes/pkenc/pkenc_gm82.py +98 -0
- charm/schemes/pkenc/pkenc_paillier99.py +118 -0
- charm/schemes/pkenc/pkenc_rabin.py +254 -0
- charm/schemes/pkenc/pkenc_rsa.py +186 -0
- charm/schemes/pksig/__init__.py +0 -0
- charm/schemes/pksig/pksig_CW13_z.py +135 -0
- charm/schemes/pksig/pksig_bls04.py +87 -0
- charm/schemes/pksig/pksig_boyen.py +156 -0
- charm/schemes/pksig/pksig_chch.py +97 -0
- charm/schemes/pksig/pksig_chp.py +70 -0
- charm/schemes/pksig/pksig_cl03.py +150 -0
- charm/schemes/pksig/pksig_cl04.py +87 -0
- charm/schemes/pksig/pksig_cllww12_z.py +142 -0
- charm/schemes/pksig/pksig_cyh.py +132 -0
- charm/schemes/pksig/pksig_dsa.py +76 -0
- charm/schemes/pksig/pksig_ecdsa.py +71 -0
- charm/schemes/pksig/pksig_hess.py +104 -0
- charm/schemes/pksig/pksig_hw.py +110 -0
- charm/schemes/pksig/pksig_lamport.py +63 -0
- charm/schemes/pksig/pksig_ps01.py +135 -0
- charm/schemes/pksig/pksig_ps02.py +124 -0
- charm/schemes/pksig/pksig_ps03.py +119 -0
- charm/schemes/pksig/pksig_rsa_hw09.py +206 -0
- charm/schemes/pksig/pksig_schnorr91.py +77 -0
- charm/schemes/pksig/pksig_waters.py +115 -0
- charm/schemes/pksig/pksig_waters05.py +121 -0
- charm/schemes/pksig/pksig_waters09.py +121 -0
- charm/schemes/pre_mg07.py +150 -0
- charm/schemes/prenc/pre_afgh06.py +126 -0
- charm/schemes/prenc/pre_bbs98.py +123 -0
- charm/schemes/prenc/pre_nal16.py +216 -0
- charm/schemes/protocol_a01.py +272 -0
- charm/schemes/protocol_ao00.py +215 -0
- charm/schemes/protocol_cns07.py +274 -0
- charm/schemes/protocol_schnorr91.py +125 -0
- charm/schemes/sigma1.py +64 -0
- charm/schemes/sigma2.py +129 -0
- charm/schemes/sigma3.py +126 -0
- charm/schemes/threshold/__init__.py +59 -0
- charm/schemes/threshold/dkls23_dkg.py +556 -0
- charm/schemes/threshold/dkls23_presign.py +1089 -0
- charm/schemes/threshold/dkls23_sign.py +761 -0
- charm/schemes/threshold/xrpl_wallet.py +967 -0
- charm/test/__init__.py +0 -0
- charm/test/adapters/__init__.py +0 -0
- charm/test/adapters/abenc_adapt_hybrid_test.py +29 -0
- charm/test/adapters/dabenc_adapt_hybrid_test.py +56 -0
- charm/test/adapters/ibenc_adapt_hybrid_test.py +36 -0
- charm/test/adapters/ibenc_adapt_identityhash_test.py +32 -0
- charm/test/adapters/kpabenc_adapt_hybrid_test.py +30 -0
- charm/test/benchmark/abenc_yllc15_bench.py +92 -0
- charm/test/benchmark/benchmark_test.py +148 -0
- charm/test/benchmark_threshold.py +260 -0
- charm/test/conftest.py +38 -0
- charm/test/fuzz/__init__.py +1 -0
- charm/test/fuzz/conftest.py +5 -0
- charm/test/fuzz/fuzz_policy_parser.py +76 -0
- charm/test/fuzz/fuzz_serialization.py +83 -0
- charm/test/schemes/__init__.py +0 -0
- charm/test/schemes/abenc/__init__.py +0 -0
- charm/test/schemes/abenc/abenc_bsw07_test.py +39 -0
- charm/test/schemes/abenc/abenc_dacmacs_yj14_test.py +16 -0
- charm/test/schemes/abenc/abenc_lsw08_test.py +33 -0
- charm/test/schemes/abenc/abenc_maabe_yj14_test.py +16 -0
- charm/test/schemes/abenc/abenc_tbpre_lww14_test.py +16 -0
- charm/test/schemes/abenc/abenc_waters09_test.py +38 -0
- charm/test/schemes/abenc/abenc_yllc15_test.py +74 -0
- charm/test/schemes/chamhash_adm05_test.py +31 -0
- charm/test/schemes/chamhash_rsa_hw09_test.py +29 -0
- charm/test/schemes/commit/__init__.py +0 -0
- charm/test/schemes/commit/commit_gs08_test.py +24 -0
- charm/test/schemes/commit/commit_pedersen92_test.py +26 -0
- charm/test/schemes/dabe_aw11_test.py +45 -0
- charm/test/schemes/encap_bchk05_test.py +21 -0
- charm/test/schemes/grpsig/__init__.py +0 -0
- charm/test/schemes/grpsig/groupsig_bgls04_test.py +35 -0
- charm/test/schemes/grpsig/groupsig_bgls04_var_test.py +39 -0
- charm/test/schemes/hibenc/__init__.py +0 -0
- charm/test/schemes/hibenc/hibenc_bb04_test.py +28 -0
- charm/test/schemes/ibenc/__init__.py +0 -0
- charm/test/schemes/ibenc/ibenc_bb03_test.py +26 -0
- charm/test/schemes/ibenc/ibenc_bf01_test.py +24 -0
- charm/test/schemes/ibenc/ibenc_ckrs09_test.py +25 -0
- charm/test/schemes/ibenc/ibenc_lsw08_test.py +31 -0
- charm/test/schemes/ibenc/ibenc_sw05_test.py +32 -0
- charm/test/schemes/ibenc/ibenc_waters05_test.py +31 -0
- charm/test/schemes/ibenc/ibenc_waters09_test.py +27 -0
- charm/test/schemes/pk_vrf_test.py +29 -0
- charm/test/schemes/pkenc/__init__.py +0 -0
- charm/test/schemes/pkenc_test.py +255 -0
- charm/test/schemes/pksig/__init__.py +0 -0
- charm/test/schemes/pksig_test.py +376 -0
- charm/test/schemes/rsa_alg_test.py +340 -0
- charm/test/schemes/threshold_test.py +1792 -0
- charm/test/serialize/__init__.py +0 -0
- charm/test/serialize/serialize_test.py +40 -0
- charm/test/toolbox/__init__.py +0 -0
- charm/test/toolbox/conversion_test.py +30 -0
- charm/test/toolbox/ecgroup_test.py +53 -0
- charm/test/toolbox/integer_arithmetic_test.py +441 -0
- charm/test/toolbox/paddingschemes_test.py +238 -0
- charm/test/toolbox/policy_parser_stress_test.py +969 -0
- charm/test/toolbox/secretshare_test.py +28 -0
- charm/test/toolbox/symcrypto_test.py +108 -0
- charm/test/toolbox/test_policy_expression.py +16 -0
- charm/test/vectors/__init__.py +1 -0
- charm/test/vectors/test_bls_vectors.py +289 -0
- charm/test/vectors/test_pedersen_vectors.py +315 -0
- charm/test/vectors/test_schnorr_vectors.py +368 -0
- charm/test/zkp_compiler/__init__.py +9 -0
- charm/test/zkp_compiler/benchmark_zkp.py +258 -0
- charm/test/zkp_compiler/test_and_proof.py +240 -0
- charm/test/zkp_compiler/test_batch_verify.py +248 -0
- charm/test/zkp_compiler/test_dleq_proof.py +264 -0
- charm/test/zkp_compiler/test_or_proof.py +231 -0
- charm/test/zkp_compiler/test_proof_serialization.py +121 -0
- charm/test/zkp_compiler/test_range_proof.py +241 -0
- charm/test/zkp_compiler/test_representation_proof.py +325 -0
- charm/test/zkp_compiler/test_schnorr_proof.py +221 -0
- charm/test/zkp_compiler/test_thread_safety.py +169 -0
- charm/test/zkp_compiler/test_zkp_parser.py +139 -0
- charm/toolbox/ABEnc.py +26 -0
- charm/toolbox/ABEncMultiAuth.py +66 -0
- charm/toolbox/ABEnumeric.py +800 -0
- charm/toolbox/Commit.py +24 -0
- charm/toolbox/DFA.py +89 -0
- charm/toolbox/FSA.py +1254 -0
- charm/toolbox/Hash.py +39 -0
- charm/toolbox/IBEnc.py +62 -0
- charm/toolbox/IBSig.py +64 -0
- charm/toolbox/PKEnc.py +66 -0
- charm/toolbox/PKSig.py +56 -0
- charm/toolbox/PREnc.py +32 -0
- charm/toolbox/ZKProof.py +289 -0
- charm/toolbox/__init__.py +0 -0
- charm/toolbox/bitstring.py +49 -0
- charm/toolbox/broadcast.py +220 -0
- charm/toolbox/conversion.py +100 -0
- charm/toolbox/eccurve.py +149 -0
- charm/toolbox/ecgroup.py +143 -0
- charm/toolbox/enum.py +60 -0
- charm/toolbox/hash_module.py +91 -0
- charm/toolbox/integergroup.py +323 -0
- charm/toolbox/iterate.py +22 -0
- charm/toolbox/matrixops.py +76 -0
- charm/toolbox/mpc_utils.py +296 -0
- charm/toolbox/msp.py +175 -0
- charm/toolbox/mta.py +985 -0
- charm/toolbox/node.py +120 -0
- charm/toolbox/ot/__init__.py +22 -0
- charm/toolbox/ot/base_ot.py +374 -0
- charm/toolbox/ot/dpf.py +642 -0
- charm/toolbox/ot/mpfss.py +228 -0
- charm/toolbox/ot/ot_extension.py +589 -0
- charm/toolbox/ot/silent_ot.py +378 -0
- charm/toolbox/paddingschemes.py +423 -0
- charm/toolbox/paddingschemes_test.py +238 -0
- charm/toolbox/pairingcurves.py +85 -0
- charm/toolbox/pairinggroup.py +186 -0
- charm/toolbox/policy_expression_spec.py +70 -0
- charm/toolbox/policytree.py +189 -0
- charm/toolbox/reCompiler.py +346 -0
- charm/toolbox/redundancyschemes.py +65 -0
- charm/toolbox/schemebase.py +188 -0
- charm/toolbox/secretshare.py +104 -0
- charm/toolbox/secretutil.py +174 -0
- charm/toolbox/securerandom.py +73 -0
- charm/toolbox/sigmaprotocol.py +46 -0
- charm/toolbox/specialprimes.py +45 -0
- charm/toolbox/symcrypto.py +279 -0
- charm/toolbox/threshold_sharing.py +553 -0
- charm/toolbox/xmlserialize.py +94 -0
- charm/toolbox/zknode.py +105 -0
- charm/zkp_compiler/__init__.py +89 -0
- charm/zkp_compiler/and_proof.py +460 -0
- charm/zkp_compiler/batch_verify.py +324 -0
- charm/zkp_compiler/dleq_proof.py +423 -0
- charm/zkp_compiler/or_proof.py +305 -0
- charm/zkp_compiler/range_proof.py +417 -0
- charm/zkp_compiler/representation_proof.py +466 -0
- charm/zkp_compiler/schnorr_proof.py +273 -0
- charm/zkp_compiler/thread_safe.py +150 -0
- charm/zkp_compiler/zk_demo.py +489 -0
- charm/zkp_compiler/zkp_factory.py +330 -0
- charm/zkp_compiler/zkp_generator.py +370 -0
- charm/zkp_compiler/zkparser.py +269 -0
- charm_crypto_framework-0.61.1.dist-info/METADATA +337 -0
- charm_crypto_framework-0.61.1.dist-info/RECORD +323 -0
- charm_crypto_framework-0.61.1.dist-info/WHEEL +5 -0
- charm_crypto_framework-0.61.1.dist-info/licenses/LICENSE.txt +165 -0
- charm_crypto_framework-0.61.1.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Elliptic Curve Digital Signature Algorithm (ECDSA)**
|
|
3
|
+
|
|
4
|
+
*Authors:* NIST
|
|
5
|
+
|
|
6
|
+
| **Title:** "Digital Signature Standard (DSS)"
|
|
7
|
+
| **Published in:** FIPS 186, 1994
|
|
8
|
+
| **Available from:** https://csrc.nist.gov/publications/detail/fips/186/4/final
|
|
9
|
+
| **Notes:** Elliptic curve variant of DSA.
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (public key)
|
|
14
|
+
* **Setting:** elliptic curve groups
|
|
15
|
+
* **Assumption:** ECDLP (Elliptic Curve Discrete Logarithm)
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: J. Ayo Akinyele
|
|
20
|
+
:Date: 5/2011
|
|
21
|
+
'''
|
|
22
|
+
from charm.toolbox.ecgroup import ECGroup,ZR,G
|
|
23
|
+
from charm.toolbox.PKSig import PKSig
|
|
24
|
+
|
|
25
|
+
debug = False
|
|
26
|
+
class ECDSA(PKSig):
|
|
27
|
+
"""
|
|
28
|
+
>>> from charm.toolbox.eccurve import prime192v2
|
|
29
|
+
>>> group = ECGroup(prime192v2)
|
|
30
|
+
>>> ecdsa = ECDSA(group)
|
|
31
|
+
>>> (public_key, secret_key) = ecdsa.keygen(0)
|
|
32
|
+
>>> msg = "hello world! this is a test message."
|
|
33
|
+
>>> signature = ecdsa.sign(public_key, secret_key, msg)
|
|
34
|
+
>>> ecdsa.verify(public_key, signature, msg)
|
|
35
|
+
True
|
|
36
|
+
"""
|
|
37
|
+
def __init__(self, groupObj):
|
|
38
|
+
PKSig.__init__(self)
|
|
39
|
+
global group
|
|
40
|
+
group = groupObj
|
|
41
|
+
|
|
42
|
+
def keygen(self, bits):
|
|
43
|
+
group.paramgen(bits)
|
|
44
|
+
x, g = group.random(), group.random(G)
|
|
45
|
+
y = (g ** x)
|
|
46
|
+
return ({'g':g, 'y':y}, x)
|
|
47
|
+
|
|
48
|
+
def sign(self, pk, x, M):
|
|
49
|
+
while True:
|
|
50
|
+
k = group.random()
|
|
51
|
+
r = group.zr(pk['g'] ** k)
|
|
52
|
+
e = group.hash(M)
|
|
53
|
+
s = (k ** -1) * (e + x * r)
|
|
54
|
+
if (r == 0 or s == 0):
|
|
55
|
+
print ("unlikely error r = %s, s = %s" % (r,s))
|
|
56
|
+
continue
|
|
57
|
+
else:
|
|
58
|
+
break
|
|
59
|
+
return { 'r':r, 's':s }
|
|
60
|
+
|
|
61
|
+
def verify(self, pk, sig, M):
|
|
62
|
+
w = sig['s'] ** -1
|
|
63
|
+
u1 = group.hash(M) * w
|
|
64
|
+
u2 = sig['r'] * w
|
|
65
|
+
v = (pk['g'] ** u1) * (pk['y'] ** u2)
|
|
66
|
+
|
|
67
|
+
if group.zr(v) == sig['r']:
|
|
68
|
+
return True
|
|
69
|
+
else:
|
|
70
|
+
return False
|
|
71
|
+
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Hess Identity-Based Signature (Hess02)**
|
|
3
|
+
|
|
4
|
+
*Authors:* F. Hess
|
|
5
|
+
|
|
6
|
+
| **Title:** "Efficient Identity Based Signature Schemes Based on Pairings"
|
|
7
|
+
| **Published in:** Selected Areas in Cryptography, 2002
|
|
8
|
+
| **Available from:** LNCS Vol. 2595, pages 310-324
|
|
9
|
+
| **Notes:**
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (identity-based)
|
|
14
|
+
* **Setting:** bilinear groups (asymmetric)
|
|
15
|
+
* **Assumption:** BDH
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: J. Ayo Akinyele
|
|
20
|
+
:Date: 11/2011
|
|
21
|
+
'''
|
|
22
|
+
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,pair
|
|
23
|
+
from charm.toolbox.PKSig import PKSig
|
|
24
|
+
#import gc
|
|
25
|
+
#gc.disable()
|
|
26
|
+
#gc.set_debug(gc.DEBUG_LEAK)
|
|
27
|
+
|
|
28
|
+
debug = False
|
|
29
|
+
|
|
30
|
+
class Hess(PKSig):
|
|
31
|
+
"""
|
|
32
|
+
>>> from charm.toolbox.pairinggroup import PairingGroup
|
|
33
|
+
>>> group = PairingGroup('SS512')
|
|
34
|
+
>>> hess = Hess(group)
|
|
35
|
+
>>> (master_public_key, master_secret_key) = hess.setup()
|
|
36
|
+
>>> ID = "janedoe@email.com"
|
|
37
|
+
>>> (public_key, secret_key) = hess.keygen(master_secret_key, ID)
|
|
38
|
+
>>> msg = "this is a message!"
|
|
39
|
+
>>> signature = hess.sign(master_public_key, secret_key, msg)
|
|
40
|
+
>>> hess.verify(master_public_key, public_key, msg, signature)
|
|
41
|
+
True
|
|
42
|
+
"""
|
|
43
|
+
def __init__(self, groupObj):
|
|
44
|
+
global group,H1,H2
|
|
45
|
+
group = groupObj
|
|
46
|
+
H1 = lambda x: group.hash(x, G1)
|
|
47
|
+
H2 = lambda x,y: group.hash((x,y), ZR)
|
|
48
|
+
|
|
49
|
+
def setup(self):
|
|
50
|
+
g2, alpha = group.random(G2), group.random(ZR)
|
|
51
|
+
msk = alpha
|
|
52
|
+
P = g2 ** alpha
|
|
53
|
+
mpk = {'P':P, 'g2':g2}
|
|
54
|
+
return (mpk, msk)
|
|
55
|
+
|
|
56
|
+
def keygen(self, msk, ID):
|
|
57
|
+
alpha = msk
|
|
58
|
+
sk = H1(ID) ** alpha
|
|
59
|
+
pk = H1(ID)
|
|
60
|
+
return (pk, sk)
|
|
61
|
+
|
|
62
|
+
def sign(self, pk, sk, M):
|
|
63
|
+
if debug: print("sign...")
|
|
64
|
+
h, s = group.random(G1), group.random(ZR)
|
|
65
|
+
S1 = pair(h,pk['g2']) ** s
|
|
66
|
+
a = H2(M, S1)
|
|
67
|
+
S2 = (sk ** a) * (h ** s)
|
|
68
|
+
return {'S1':S1, 'S2':S2}
|
|
69
|
+
# return (S1, S2)
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
def verify(self, mpk, pk, M, sig):
|
|
73
|
+
if debug: print("verify...")
|
|
74
|
+
(S1, S2) = sig['S1'], sig['S2']
|
|
75
|
+
a = H2(M, S1)
|
|
76
|
+
if pair(S2, mpk['g2']) == (pair(pk, mpk['P']) ** a) * S1:
|
|
77
|
+
return True
|
|
78
|
+
return False
|
|
79
|
+
|
|
80
|
+
def main():
|
|
81
|
+
|
|
82
|
+
groupObj = PairingGroup('SS512')
|
|
83
|
+
chch = Hess(groupObj)
|
|
84
|
+
(mpk, msk) = chch.setup()
|
|
85
|
+
|
|
86
|
+
_id = "janedoe@email.com"
|
|
87
|
+
(pk, sk) = chch.keygen(msk, _id)
|
|
88
|
+
if debug:
|
|
89
|
+
print("Keygen...")
|
|
90
|
+
print("pk =>", pk)
|
|
91
|
+
print("sk =>", sk)
|
|
92
|
+
|
|
93
|
+
M = "this is a message!"
|
|
94
|
+
sig = chch.sign(mpk, sk, M)
|
|
95
|
+
if debug:
|
|
96
|
+
print("Signature...")
|
|
97
|
+
print("sig =>", sig)
|
|
98
|
+
|
|
99
|
+
assert chch.verify(mpk, pk, M, sig), "invalid signature!"
|
|
100
|
+
if debug: print("Verification successful!")
|
|
101
|
+
|
|
102
|
+
if __name__ == "__main__":
|
|
103
|
+
debug = True
|
|
104
|
+
main()
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Hohenberger-Waters Hash-and-Sign Signature (HW09)**
|
|
3
|
+
|
|
4
|
+
*Authors:* S. Hohenberger, B. Waters
|
|
5
|
+
|
|
6
|
+
| **Title:** "Realizing Hash-and-Sign Signatures under Standard Assumptions"
|
|
7
|
+
| **Published in:** EUROCRYPT, 2009
|
|
8
|
+
| **Available from:** pages 333-350
|
|
9
|
+
| **Notes:** CDH construction.
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (public key)
|
|
14
|
+
* **Setting:** bilinear groups (asymmetric)
|
|
15
|
+
* **Assumption:** CDH
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: J. Ayo Akinyele
|
|
20
|
+
:Date: 11/2011
|
|
21
|
+
'''
|
|
22
|
+
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,pair
|
|
23
|
+
from charm.toolbox.PKSig import PKSig
|
|
24
|
+
from math import ceil, log
|
|
25
|
+
|
|
26
|
+
debug=False
|
|
27
|
+
class HW(PKSig):
|
|
28
|
+
"""
|
|
29
|
+
>>> from charm.toolbox.pairinggroup import PairingGroup, GT
|
|
30
|
+
>>> group = PairingGroup('SS512')
|
|
31
|
+
>>> hw = HW(group)
|
|
32
|
+
>>> (public_key, secret_key) = hw.setup()
|
|
33
|
+
>>> msg = "please sign this message now please!"
|
|
34
|
+
>>> signature = hw.sign(public_key, secret_key, public_key['s'], msg)
|
|
35
|
+
>>> hw.verify(public_key, msg, signature)
|
|
36
|
+
True
|
|
37
|
+
"""
|
|
38
|
+
def __init__(self, groupObj):
|
|
39
|
+
global group
|
|
40
|
+
group = groupObj
|
|
41
|
+
|
|
42
|
+
def ceilog(self, value):
|
|
43
|
+
return group.init(ZR, ceil(log(value, 2)))
|
|
44
|
+
|
|
45
|
+
def setup(self):
|
|
46
|
+
s = 0
|
|
47
|
+
g1, a = group.random(G1), group.random(ZR)
|
|
48
|
+
g2 = group.random(G2)
|
|
49
|
+
A = g2 ** a
|
|
50
|
+
u, v, d = group.random(G1), group.random(G1), group.random(G1)
|
|
51
|
+
U = pair(u, A)
|
|
52
|
+
V = pair(v, A)
|
|
53
|
+
D = pair(d, A)
|
|
54
|
+
w, z, h = group.random(ZR), group.random(ZR), group.random(ZR)
|
|
55
|
+
w1, w2 = g1 ** w, g2 ** w
|
|
56
|
+
z1, z2 = g1 ** z, g2 ** z
|
|
57
|
+
h1, h2 = g1 ** h, g2 ** h
|
|
58
|
+
pk = {'U':U, 'V':V, 'D':D, 'g1':g1, 'g2':g2, 'A':A,
|
|
59
|
+
'w1':w1, 'w2':w2, 'z1':z1, 'z2':z2,
|
|
60
|
+
'h1':h1, 'h2':h2, 'u':u, 'v':v, 'd':d, 's':s }
|
|
61
|
+
sk = {'a':a }
|
|
62
|
+
return (pk, sk)
|
|
63
|
+
|
|
64
|
+
def sign(self, pk, sk, s, msg):
|
|
65
|
+
s += 1
|
|
66
|
+
S = group.init(ZR, s)
|
|
67
|
+
if debug: print("S =>", S)
|
|
68
|
+
M = group.hash(msg, ZR)
|
|
69
|
+
r, t = group.random(ZR), group.random(ZR)
|
|
70
|
+
sigma1a = ((pk['u'] ** M) * (pk['v'] ** r) * pk['d']) ** sk['a']
|
|
71
|
+
sigma1b = ((pk['w1'] ** self.ceilog(s)) * (pk['z1'] ** S) * pk['h1']) ** t
|
|
72
|
+
sigma1 = sigma1a * sigma1b
|
|
73
|
+
sigma2 = pk['g1'] ** t
|
|
74
|
+
|
|
75
|
+
return { 1:sigma1, 2:sigma2, 'r':r, 'i':s }
|
|
76
|
+
|
|
77
|
+
def verify(self, pk, msg, sig):
|
|
78
|
+
M = group.hash(msg, ZR)
|
|
79
|
+
sigma1, sigma2 = sig[1], sig[2]
|
|
80
|
+
r, s = sig['r'], sig['i']
|
|
81
|
+
S = group.init(ZR, s)
|
|
82
|
+
U, V, D = pk['U'], pk['V'], pk['D']
|
|
83
|
+
rhs_pair = pair(sigma2, (pk['w2'] * self.ceilog(s)) * (pk['z2'] ** S) * pk['h2'])
|
|
84
|
+
|
|
85
|
+
if( pair(sigma1, pk['g2']) == (U ** M) * (V ** r) * D * rhs_pair ):
|
|
86
|
+
return True
|
|
87
|
+
else:
|
|
88
|
+
return False
|
|
89
|
+
|
|
90
|
+
def main():
|
|
91
|
+
groupObj = PairingGroup('SS512')
|
|
92
|
+
hw = HW(groupObj)
|
|
93
|
+
|
|
94
|
+
(pk, sk) = hw.setup()
|
|
95
|
+
if debug:
|
|
96
|
+
print("Public parameters")
|
|
97
|
+
print("pk =>", pk)
|
|
98
|
+
|
|
99
|
+
m = "please sign this message now please!"
|
|
100
|
+
sig = hw.sign(pk, sk, pk['s'], m)
|
|
101
|
+
if debug:
|
|
102
|
+
print("Signature...")
|
|
103
|
+
print("sig =>", sig)
|
|
104
|
+
|
|
105
|
+
assert hw.verify(pk, m, sig), "invalid signature"
|
|
106
|
+
if debug: print("Verification Successful!!")
|
|
107
|
+
|
|
108
|
+
if __name__ == "__main__":
|
|
109
|
+
debug = True
|
|
110
|
+
main()
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Lamport One-Time Signature (Lamport79)**
|
|
3
|
+
|
|
4
|
+
*Authors:* L. Lamport
|
|
5
|
+
|
|
6
|
+
| **Title:** "Constructing Digital Signatures from a One Way Function"
|
|
7
|
+
| **Published in:** Technical Report, 1979
|
|
8
|
+
| **Available from:** http://lamport.azurewebsites.net/pubs/dig-sig.pdf
|
|
9
|
+
| **Notes:** One-time signature scheme based on one-way functions.
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (public key)
|
|
14
|
+
* **Setting:** hash functions
|
|
15
|
+
* **Assumption:** One-Way Function
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: Jonas Thuresson, Martin Örndahl
|
|
20
|
+
:Date: 03/2018
|
|
21
|
+
'''
|
|
22
|
+
from charm.toolbox.PKSig import PKSig
|
|
23
|
+
from hashlib import sha256
|
|
24
|
+
import os
|
|
25
|
+
|
|
26
|
+
byte_masks = [2 ** b for b in range(8)]
|
|
27
|
+
byte_masks.reverse()
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
def _h(x):
|
|
31
|
+
return sha256(x).digest()
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
def _bytes_to_booleans(x):
|
|
35
|
+
return [byte & mask != 0 for byte in x for mask in byte_masks]
|
|
36
|
+
|
|
37
|
+
|
|
38
|
+
class Lamport(PKSig):
|
|
39
|
+
'''
|
|
40
|
+
>>> sig = Lamport()
|
|
41
|
+
>>> pk, sk = sig.keygen()
|
|
42
|
+
>>> msg = 'hello'.encode('utf-8')
|
|
43
|
+
>>> s = sig.sign(None, sk, msg)
|
|
44
|
+
>>> assert sig.verify(pk, msg, s), "Signature could not be verified"
|
|
45
|
+
'''
|
|
46
|
+
|
|
47
|
+
def __init__(self):
|
|
48
|
+
super().__init__()
|
|
49
|
+
|
|
50
|
+
def keygen(self, securityparam=256):
|
|
51
|
+
nbr_bytes = securityparam // 8
|
|
52
|
+
sk = [(os.urandom(nbr_bytes), os.urandom(nbr_bytes)) for _ in range(securityparam)]
|
|
53
|
+
pk = [(_h(i), _h(j)) for i, j in sk]
|
|
54
|
+
return pk, sk
|
|
55
|
+
|
|
56
|
+
def sign(self, pk, sk, message):
|
|
57
|
+
msg_hash = _h(message)
|
|
58
|
+
return [sk1 if not b else sk2 for ((sk1, sk2), b) in zip(sk, _bytes_to_booleans(msg_hash))]
|
|
59
|
+
|
|
60
|
+
def verify(self, pk, message, sig):
|
|
61
|
+
msg_hash = _h(message)
|
|
62
|
+
expected = [pk1 if not b else pk2 for ((pk1, pk2), b) in zip(pk, _bytes_to_booleans(msg_hash))]
|
|
63
|
+
return all([_h(s) == p for (s, p) in zip(sig, expected)])
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Pointcheval-Sanders Signature (PS16) - Known Messages**
|
|
3
|
+
|
|
4
|
+
*Authors:* D. Pointcheval, O. Sanders
|
|
5
|
+
|
|
6
|
+
| **Title:** "Short Randomizable Signatures"
|
|
7
|
+
| **Published in:** CT-RSA, 2016
|
|
8
|
+
| **Available from:** https://eprint.iacr.org/2015/525.pdf
|
|
9
|
+
| **Notes:** Section 4 - Signatures over known messages.
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (public key)
|
|
14
|
+
* **Setting:** bilinear groups (asymmetric)
|
|
15
|
+
* **Assumption:** PS assumption
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: Lovesh Harchandani
|
|
20
|
+
:Date: 6/2018
|
|
21
|
+
'''
|
|
22
|
+
from functools import reduce
|
|
23
|
+
|
|
24
|
+
from charm.toolbox.pairinggroup import PairingGroup, ZR, G1, G2, pair
|
|
25
|
+
|
|
26
|
+
debug = False
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
class PS01:
|
|
30
|
+
"""
|
|
31
|
+
Signatures over known messages, section 4 of the paper
|
|
32
|
+
"""
|
|
33
|
+
|
|
34
|
+
def __init__(self, groupObj):
|
|
35
|
+
global group
|
|
36
|
+
group = groupObj
|
|
37
|
+
|
|
38
|
+
@staticmethod
|
|
39
|
+
def keygen(num_messages=1):
|
|
40
|
+
x = group.random(ZR)
|
|
41
|
+
ys = [group.random(ZR) for _ in range(num_messages)]
|
|
42
|
+
sk = {'x': x, 'y': ys}
|
|
43
|
+
g2 = group.random(G2)
|
|
44
|
+
pk = {'X': g2 ** x, 'Y': [g2 ** y for y in ys], 'g2': g2}
|
|
45
|
+
return pk, sk
|
|
46
|
+
|
|
47
|
+
def sign(self, sk, *messages):
|
|
48
|
+
h = group.random(G1)
|
|
49
|
+
ms = [group.hash(m, ZR) for m in messages]
|
|
50
|
+
exp = sk['x'] + sum([sk['y'][i] * ms[i] for i in range(len(messages))])
|
|
51
|
+
return h, h ** exp
|
|
52
|
+
|
|
53
|
+
def verify(self, pk, sig, *messages):
|
|
54
|
+
s1, s2 = sig
|
|
55
|
+
if group.init(G1) == s1:
|
|
56
|
+
return False
|
|
57
|
+
ms = [group.hash(m, ZR) for m in messages]
|
|
58
|
+
l2 = pk['X'] * self.product([pk['Y'][i] ** ms[i] for i in range(len(messages))])
|
|
59
|
+
return pair(s1, l2) == pair(pk['g2'], s2)
|
|
60
|
+
|
|
61
|
+
def randomize_sig(self, sig):
|
|
62
|
+
s1, s2 = sig
|
|
63
|
+
t = group.random(ZR)
|
|
64
|
+
return s1 ** t, s2 ** t
|
|
65
|
+
|
|
66
|
+
@staticmethod
|
|
67
|
+
def product(seq):
|
|
68
|
+
return reduce(lambda x, y: x * y, seq)
|
|
69
|
+
|
|
70
|
+
|
|
71
|
+
def main():
|
|
72
|
+
grp = PairingGroup('MNT224')
|
|
73
|
+
ps = PS01(grp)
|
|
74
|
+
|
|
75
|
+
print("Signing a single message")
|
|
76
|
+
|
|
77
|
+
(pk, sk) = ps.keygen()
|
|
78
|
+
|
|
79
|
+
if debug:
|
|
80
|
+
print("Keygen...")
|
|
81
|
+
print("pk :=", pk)
|
|
82
|
+
print("sk :=", sk)
|
|
83
|
+
|
|
84
|
+
M = "Please sign this stupid message!"
|
|
85
|
+
sig = ps.sign(sk, M)
|
|
86
|
+
if debug:
|
|
87
|
+
print("Signature: ", sig)
|
|
88
|
+
|
|
89
|
+
result = ps.verify(pk, sig, M)
|
|
90
|
+
assert result, "INVALID signature!"
|
|
91
|
+
if debug:
|
|
92
|
+
print("Successful Verification!!!")
|
|
93
|
+
|
|
94
|
+
rand_sig = ps.randomize_sig(sig)
|
|
95
|
+
assert sig != rand_sig
|
|
96
|
+
if debug:
|
|
97
|
+
print("Randomized Signature: ", rand_sig)
|
|
98
|
+
|
|
99
|
+
result = ps.verify(pk, rand_sig, M)
|
|
100
|
+
assert result, "INVALID signature!"
|
|
101
|
+
if debug:
|
|
102
|
+
print("Successful Verification!!!")
|
|
103
|
+
|
|
104
|
+
print("Signing multiple messages")
|
|
105
|
+
|
|
106
|
+
messages = ['Hi there', 'Not there', 'Some message ................', 'Dont know .............']
|
|
107
|
+
(pk, sk) = ps.keygen(len(messages))
|
|
108
|
+
if debug:
|
|
109
|
+
print("Keygen...")
|
|
110
|
+
print("pk :=", pk)
|
|
111
|
+
print("sk :=", sk)
|
|
112
|
+
|
|
113
|
+
sig = ps.sign(sk, *messages)
|
|
114
|
+
if debug:
|
|
115
|
+
print("Signature: ", sig)
|
|
116
|
+
|
|
117
|
+
result = ps.verify(pk, sig, *messages)
|
|
118
|
+
assert result, "INVALID signature!"
|
|
119
|
+
if debug:
|
|
120
|
+
print("Successful Verification!!!")
|
|
121
|
+
|
|
122
|
+
rand_sig = ps.randomize_sig(sig)
|
|
123
|
+
assert sig != rand_sig
|
|
124
|
+
if debug:
|
|
125
|
+
print("Randomized Signature: ", rand_sig)
|
|
126
|
+
|
|
127
|
+
result = ps.verify(pk, rand_sig, *messages)
|
|
128
|
+
assert result, "INVALID signature!"
|
|
129
|
+
if debug:
|
|
130
|
+
print("Successful Verification!!!")
|
|
131
|
+
|
|
132
|
+
|
|
133
|
+
if __name__ == "__main__":
|
|
134
|
+
debug = True
|
|
135
|
+
main()
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
'''
|
|
2
|
+
**Pointcheval-Sanders Signature (PS16) - Sequential Aggregate**
|
|
3
|
+
|
|
4
|
+
*Authors:* D. Pointcheval, O. Sanders
|
|
5
|
+
|
|
6
|
+
| **Title:** "Short Randomizable Signatures"
|
|
7
|
+
| **Published in:** CT-RSA, 2016
|
|
8
|
+
| **Available from:** https://eprint.iacr.org/2015/525.pdf
|
|
9
|
+
| **Notes:** Section 5 - Sequential aggregate signatures over known messages.
|
|
10
|
+
|
|
11
|
+
.. rubric:: Scheme Properties
|
|
12
|
+
|
|
13
|
+
* **Type:** signature (public key)
|
|
14
|
+
* **Setting:** bilinear groups (asymmetric)
|
|
15
|
+
* **Assumption:** PS assumption
|
|
16
|
+
|
|
17
|
+
.. rubric:: Implementation
|
|
18
|
+
|
|
19
|
+
:Authors: Lovesh Harchandani
|
|
20
|
+
:Date: 6/2018
|
|
21
|
+
'''
|
|
22
|
+
from functools import reduce
|
|
23
|
+
|
|
24
|
+
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,pair
|
|
25
|
+
|
|
26
|
+
debug = False
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
class PS02:
|
|
30
|
+
"""
|
|
31
|
+
Sequential Aggregate signatures over known messages, section 5 of the paper
|
|
32
|
+
"""
|
|
33
|
+
|
|
34
|
+
def __init__(self, groupObj):
|
|
35
|
+
global group
|
|
36
|
+
group = groupObj
|
|
37
|
+
|
|
38
|
+
def setup(self):
|
|
39
|
+
x = group.random(ZR)
|
|
40
|
+
g1 = group.random(G1)
|
|
41
|
+
g2 = group.random(G2)
|
|
42
|
+
self.x = x
|
|
43
|
+
self.g1 = g1
|
|
44
|
+
self.X1 = g1 ** x
|
|
45
|
+
self.g2 = g2
|
|
46
|
+
self.X2 = g2 ** x
|
|
47
|
+
|
|
48
|
+
def keygen(self, num_messages):
|
|
49
|
+
ys = [group.random(ZR) for _ in range(num_messages)]
|
|
50
|
+
sk = {'y': ys}
|
|
51
|
+
pk = {'Y': [self.g2 ** y for y in ys]}
|
|
52
|
+
return pk, sk
|
|
53
|
+
|
|
54
|
+
def sign(self, sk, pk, messages):
|
|
55
|
+
if not (len(pk['Y']) == len(messages) == len(sk['y'])):
|
|
56
|
+
raise ValueError('Missing or extra messages or keys')
|
|
57
|
+
for m in messages:
|
|
58
|
+
if m == 0:
|
|
59
|
+
raise ValueError('message cant be 0')
|
|
60
|
+
for i in range(len(messages)):
|
|
61
|
+
for j in range(i+1, len(messages)):
|
|
62
|
+
if pk['Y'][i] == pk['Y'][j]:
|
|
63
|
+
raise ValueError('all public keys should be distinct')
|
|
64
|
+
|
|
65
|
+
prev_sig = (self.g1, self.X1)
|
|
66
|
+
|
|
67
|
+
for i in range(len(messages)):
|
|
68
|
+
if i > 0 and not self.verify({'Y': pk['Y'][:i]}, prev_sig, messages[:i]):
|
|
69
|
+
raise ValueError('Intermediate verification error')
|
|
70
|
+
t = group.random(ZR)
|
|
71
|
+
s1, s2 = prev_sig
|
|
72
|
+
m = group.hash(messages[i], ZR)
|
|
73
|
+
prev_sig = (s1 ** t, (s2 * (s1 ** (sk['y'][i] * m))) ** t)
|
|
74
|
+
|
|
75
|
+
return prev_sig
|
|
76
|
+
|
|
77
|
+
def verify(self, pk, sig, messages):
|
|
78
|
+
if len(pk['Y']) != len(messages):
|
|
79
|
+
raise ValueError('Missing or extra messages or keys')
|
|
80
|
+
s1, s2 = sig
|
|
81
|
+
if group.init(G1) == s1:
|
|
82
|
+
return False
|
|
83
|
+
l2 = self.X2 * self.product([pk['Y'][i] ** group.hash(messages[i], ZR) for i in range(len(messages))])
|
|
84
|
+
return pair(s1, l2) == pair(self.g2, s2)
|
|
85
|
+
|
|
86
|
+
@staticmethod
|
|
87
|
+
def product(seq):
|
|
88
|
+
return reduce(lambda x, y: x * y, seq)
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
def main():
|
|
92
|
+
grp = PairingGroup('MNT224')
|
|
93
|
+
ps = PS02(grp)
|
|
94
|
+
ps.setup()
|
|
95
|
+
|
|
96
|
+
if debug:
|
|
97
|
+
print("Setup...")
|
|
98
|
+
print("x :=", ps.x)
|
|
99
|
+
print("g1 :=", ps.g1)
|
|
100
|
+
print("X1 :=", ps.X1)
|
|
101
|
+
print("g2 :=", ps.g2)
|
|
102
|
+
print("X2 :=", ps.X2)
|
|
103
|
+
|
|
104
|
+
messages = ['Hi there', 'Not there', 'Some message ................', 'Dont know .............']
|
|
105
|
+
|
|
106
|
+
(pk, sk) = ps.keygen(len(messages))
|
|
107
|
+
if debug:
|
|
108
|
+
print("Keygen...")
|
|
109
|
+
print("pk :=", pk)
|
|
110
|
+
print("sk :=", sk)
|
|
111
|
+
|
|
112
|
+
sig = ps.sign(sk, pk, messages)
|
|
113
|
+
if debug:
|
|
114
|
+
print("Signature: ", sig)
|
|
115
|
+
|
|
116
|
+
result = ps.verify(pk, sig, messages)
|
|
117
|
+
assert result, "INVALID signature!"
|
|
118
|
+
if debug:
|
|
119
|
+
print("Successful Verification!!!")
|
|
120
|
+
|
|
121
|
+
|
|
122
|
+
if __name__ == "__main__":
|
|
123
|
+
debug = True
|
|
124
|
+
main()
|