Commit 69889ef39d3c608e4845d819ce4745762654f335
- Diff rendering mode:
- inline
- side by side
KSW.py
(53 / 22)
| 86 | 86 | # choose the random H's | |
| 87 | 87 | Hs = [] | |
| 88 | 88 | for i in range(security): | |
| 89 | hi1 = g_G_p**get_random(p) | ||
| 90 | hi2 = g_G_p**get_random(p) | ||
| 89 | hi1 = g_G_p**Element.random(self.pairing, Zr) | ||
| 90 | hi2 = g_G_p**Element.random(self.pairing, Zr) | ||
| 91 | 91 | Hs.append((hi1, hi2)) | |
| 92 | 92 | # calculate Q | |
| 93 | 93 | Q = g_G_q * R0 | |
| … | … | ||
| 108 | 108 | Rs = [] | |
| 109 | 109 | for i in range(self.security): | |
| 110 | 110 | # build r1 | |
| 111 | r1 = get_random(self.sk.p) | ||
| 111 | r1 = Element(self.pairing, Zr, get_random(self.sk.p)) | ||
| 112 | 112 | # build r2 | |
| 113 | r2 = get_random(self.sk.p) | ||
| 113 | r2 = Element(self.pairing, Zr, get_random(self.sk.p)) | ||
| 114 | 114 | Rs.append((r1, r2)) | |
| 115 | f1 = get_random(self.sk.q) | ||
| 116 | f2 = get_random(self.sk.q) | ||
| 115 | f1 = Element(self.pairing, Zr, get_random(self.sk.q)) | ||
| 116 | f2 = Element(self.pairing, Zr, get_random(self.sk.q)) | ||
| 117 | 117 | K = R5*Q6 | |
| 118 | 118 | for pos in range(self.security): | |
| 119 | 119 | # get h1, h2 | |
| … | … | ||
| 121 | 121 | # get r1, r2 | |
| 122 | 122 | r1, r2 = Rs[pos] | |
| 123 | 123 | # form the intermediate value | |
| 124 | ir1 = -r1 | ||
| 125 | ir2 = -r2 | ||
| 126 | i = (h1**(-r1)) * (h2**(-r2)) | ||
| 127 | K = K * i | ||
| 124 | i1 = h1**(-r1) | ||
| 125 | i2 = h2**(-r2) | ||
| 126 | K += i1 * i2 | ||
| 128 | 127 | Ks = [] | |
| 129 | 128 | for pos in range(self.security): | |
| 130 | 129 | r1, r2 = Rs[pos] | |
| … | … | ||
| 146 | 146 | Cs = [] | |
| 147 | 147 | for i in range(self.security): | |
| 148 | 148 | c1i = (self.pk.vector[i][0]**s) | |
| 149 | c1i2 = (self.pk.Q**(a*x[i]))*Rs[i][0] | ||
| 150 | c1 = c1i*c1i2 | ||
| 149 | c1i2 = (self.pk.Q**(a*x[i])) | ||
| 150 | c1 = c1i*c1i2*Rs[i][0] | ||
| 151 | 151 | c2i = (self.pk.vector[i][1]**s) | |
| 152 | c2i2 = (self.pk.Q**(b*x[i]))*Rs[i][1] | ||
| 153 | c2 = c2i*c2i2 | ||
| 152 | c2i2 = (self.pk.Q**(b*x[i])) | ||
| 153 | c2 = c2i*c2i2*Rs[i][1] | ||
| 154 | 154 | Cs.append((c1, c2)) | |
| 155 | 155 | return (C0, Cs) | |
| 156 | 156 | ||
| … | … | ||
| 159 | 159 | for i in range(self.security): | |
| 160 | 160 | j = self.pairing.apply(c[1][i][0], sk_f[1][i][0]) | |
| 161 | 161 | k = self.pairing.apply(c[1][i][1], sk_f[1][i][1]) | |
| 162 | output = output * j * k | ||
| 162 | output *= j*k | ||
| 163 | 163 | return output | |
| 164 | 164 | ||
| 165 | 165 | ############################################# | |
| … | … | ||
| 169 | 169 | def test(): | |
| 170 | 170 | # we're testing the ability to evaluate a polynomial, | |
| 171 | 171 | # specifically: | |
| 172 | # X^2 + 27X + 152 | ||
| 172 | # X^2 - 27X + 152 | ||
| 173 | 173 | c = Cryptosystem(3) | |
| 174 | 174 | # build the secret key corresponding to the above polynomial | |
| 175 | skf = c.keygen([0, 27, 152]) | ||
| 175 | skf = c.keygen([1, -27, 152]) | ||
| 176 | 176 | print(skf) | |
| 177 | 177 | # we now build the vector corresponding to 19, a solution to | |
| 178 | 178 | # the above | |
| … | … | ||
| 206 | 206 | # test the generators | |
| 207 | 207 | assert(pairing.apply(g_G_p, g_G_r) == 1) | |
| 208 | 208 | assert(pairing.apply(g_G_r, g_G_q) == 1) | |
| 209 | # select the random integers modulo n | ||
| 209 | # select the random integers from Zn | ||
| 210 | 210 | a = Element.random(pairing, Zr) | |
| 211 | 211 | b = Element.random(pairing, Zr) | |
| 212 | # get random integers modulo q | ||
| 213 | f1 = Element.random(pairing, Zr) | ||
| 214 | f2 = Element.random(pairing, Zr) | ||
| 212 | # get random integers from Zq | ||
| 213 | f1 = Element(pairing, Zr, get_random(q)) | ||
| 214 | f2 = Element(pairing, Zr, get_random(q)) | ||
| 215 | 215 | # perform the check | |
| 216 | 216 | result = Element.zero(pairing, GT) | |
| 217 | 217 | for pos, i in enumerate(Pv): | |
| 218 | 218 | result += pairing.apply(g_G_q, g_G_q)**(((a*f1+b*f2)) * Xv[pos]*i) | |
| 219 | return result | ||
| 219 | assert(result == 1) | ||
| 220 | # work backwards one step | ||
| 221 | # make s | ||
| 222 | s = Element.random(pairing, Zr) | ||
| 223 | # make the h vector | ||
| 224 | hv = [(g_G_p**Element.random(pairing, Zr), g_G_p**Element.random(pairing, Zr)) for i in range(3)] | ||
| 225 | # make the r vector | ||
| 226 | rv = [(Element(pairing, Zr, get_random(p)), Element(pairing, Zr, get_random(p))) for i in range(3)] | ||
| 227 | # perform the hv<>rv product operation | ||
| 228 | product = Element.one(pairing, G1) | ||
| 229 | for pos, i in enumerate(hv): | ||
| 230 | h1, h2 = i | ||
| 231 | r1, r2 = rv[pos] | ||
| 232 | product *= (h1**-r1)*(h2**-r2) | ||
| 233 | # get the initial result | ||
| 234 | result = pairing.apply(g_G_p**s, product) | ||
| 235 | # perform the secondary product operation | ||
| 236 | for pos, i in enumerate(hv): | ||
| 237 | h1, h2 = i | ||
| 238 | r1, r2 = rv[pos] | ||
| 239 | x = Xv[pos] | ||
| 240 | v = Pv[pos] | ||
| 241 | arg1 = (h1**s)*(g_G_q**(a*x)) | ||
| 242 | arg2 = (g_G_p**r1)*(g_G_q**(f1*v)) | ||
| 243 | part1 = pairing.apply(arg1, arg2) | ||
| 244 | arg1 = (h2**s)*(g_G_q**(b*x)) | ||
| 245 | arg2 = (g_G_p**r2)*(g_G_q**(f2*v)) | ||
| 246 | part2 = pairing.apply(arg1, arg2) | ||
| 247 | result += part1*part2 | ||
| 248 | assert(result == 1) | ||
| 249 | # work backwards another step | ||
| 250 | |||
| 251 | |||
| 220 | 252 | ||
| 221 | 253 | if __name__ == "__main__": | |
| 222 | 254 | test() |
