int main(int argc, char **argv) { pairing_t pairing; pbc_demo_pairing_init(pairing, argc, argv); char m[80]={0}; if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric"); printf("Enter the message to be encrypted : "); gets(m); size_t len_m = sizeof(m); unsigned char hash[30]; SHA1(m, len_m, hash); printf("The hash is : %s", hash); element_t g, h; element_t public_key, secret_key; element_t sig; element_t temp1, temp2; element_init_G2(g, pairing); element_init_G2(public_key, pairing); element_init_G1(h, pairing); element_init_G1(sig, pairing); element_init_GT(temp1, pairing); element_init_GT(temp2, pairing); element_init_Zr(secret_key, pairing); element_random(g); element_random(secret_key); element_pow_zn(public_key, g, secret_key); element_printf("The public key is %B\n", public_key); element_from_hash(h, hash, 30); element_pow_zn(sig, h, secret_key); pairing_apply(temp1, sig, g, pairing); pairing_apply(temp2, h, public_key, pairing); if(!element_cmp(temp1, temp2)){ printf("\nVerified\n");} else{ printf("\nNot verified\n"); } }
int main(int argc, char ** argv) { pbc_param_t ec_params; pairing_t pairing; unsigned int rbits = 40, qbits = 128; element_t *g1, *g2, *gt; for (int s = 10; s <= 1000; s += 10) { while (qbits <= 4096) { fprintf(stderr, "%d", qbits); pbc_param_init_a_gen(ec_params, rbits, qbits); pairing_init_pbc_param(pairing, ec_params); element_init_G1(g1, pairing); element_init_G2(g2, pairing); element_init_GT(gt, pairing); struct timeval tv1, tv2; int bc = element_length_in_bytes(g1); for (int i = 0; i < 100; i++) { if (0 == i % 10) fprintf(stderr, "."); element_random(g1); element_random(g2); gettimeofday(&tv1, NULL); pairing_apply(gt, g1, g2, pairing); gettimeofday(&tv2, NULL); double time = tv2.tv_sec - tv1.tv_sec; time *= (1000 * 1000); time += tv2.tv_usec - tv1.tv_usec; fprintf(stdout, "%d %d %d %d %d\n", bc, rbits, qbits, i, ((int) time)); } for (int j = 0; j < s; j++) { element_clear(g1[j]); element_clear(g2[j]); element_clear(gt[j]); } rbits *= 2; qbits *= 2; fprintf(stderr, "\n"); } free(g1); free(g2); free(g3); } }
int main(int argc, char **argv) { if(argc < 3){ fprintf(stderr,"Wrong input arguments!"); fprintf(stderr,"Please input <./curve><supersinuglar><rbits><qbits> or <./curve><ordinary><bits>\n"); }else{ //initialization pairing_t pairing; element_t g,h,temp1; int rbits, qbits; if(!strcmp(argv[1],"supersingular")&&argc==4){//to generate supersingualr curve rbits = atoi(argv[2]); qbits = atoi(argv[3]); generateSupersingular(&pairing,rbits,qbits); printf("generate supersingular curve..."); }else if(!strcmp(argv[1],"ordinary")&&argc==3){//to generate ordinary curve rbits = atoi(argv[2]); generateOrdinary(&pairing,256); printf("generate ordinary curve..."); }else{ fprintf(stderr,"Wrong input arguments!"); fprintf(stderr,"Please input <./curve><supersinuglar><rbits><qbits> or <./curve><ordinary><bits>\n"); return 0; } if(pairing_is_symmetric(pairing)){ printf("pairing is symmetric\n"); }else{ printf("pairing is NOT symmetric\n"); } FILE *fTime = fopen("curve.txt","w+"); clock_t start,end;//start:the start of pairing, end:the end of pairing float difftime=0.0; int loopnum = 100;//the numbers for the while-loop int i;//the index for the for-loop element_init_G1(g, pairing); element_init_G2(h, pairing); element_init_GT(temp1, pairing); element_random(g); element_random(h); for(i = 0;i<100;i++){ while(loopnum--){ start = clock(); element_pairing(temp1, g, h); end = clock(); } difftime = (float)(end-start)/CLOCKS_PER_SEC; printf("The time of using pairing is %f\n",difftime); fprintf(fTime,"%f\r\n",difftime); difftime = 0.0; loopnum = 100; } }//end of main-else return 0; }
Manager::Manager() { pairing_init_set_str(pairing, _PAIRING_PARAM_); //init public key element_init_G1(g, pairing); element_init_GT(gt, pairing); element_init_G1(X, pairing); element_init_G1(Y, pairing); element_init_GT(h, pairing); element_init_GT(y1, pairing); element_init_GT(y2, pairing); element_init_GT(y3, pairing); //init issuer key element_init_Zr(x, pairing); element_init_Zr(y, pairing); //init open key element_init_Zr(x1, pairing); element_init_Zr(x2, pairing); element_init_Zr(x3, pairing); element_init_Zr(x4, pairing); element_init_Zr(x5, pairing); }
// USER JOIN PHASE 5 - user key generation (Join) int xsgs_user_join_phase5(XSGS_PUBLIC_KEY* gpk, XSGS_USER_CERT* ucert, XSGS_USER_KEY* uk, XSGS_JOIN_PHASE4* jpd4) { int ret; pairing_ptr pairing = gpk->pairing; field_ptr Fp = pairing->Zr; element_t gt1, gt2, y_neg, g1; element_init(ucert->x, Fp); element_set(ucert->x, jpd4->x); // check A^(x + gamma) = G1 * H^y // i.e.: e(A, G2)^x * e(A, W) * e(H, G2)^-y == e(G1, G2) element_init(y_neg, Fp); element_init_G1(g1, pairing); element_init_GT(gt1, pairing); element_init_GT(gt2, pairing); // gt1 = e(A, G2)^x * e(A, W) * e(H, G2)^-y // = e(A^x * H^-y, G2) * e(A, W) element_neg(y_neg, uk->y); element_pow_naf2(g1, ucert->A, ucert->x, gpk->H, y_neg); element_pairing(gt1, g1, gpk->G2); element_pairing(gt2, ucert->A, gpk->W); element_mul(gt1, gt1, gt2); // gt2 = e(G1, G2) element_pairing(gt2, gpk->G1, gpk->G2); // check gt1 == gt2 ret = element_cmp(gt1, gt2); element_clear(g1); element_clear(y_neg); element_clear(gt1); element_clear(gt2); return ret; }
CipherText::CipherText(unsigned char* buf, pairing_t* p){ this->p = p; this->m = NULL; this->s = NULL; element_init_GT(this->c1, *p); element_init_G1(this->c0, *p); int pos = 0; pos += element_from_bytes(this->c1, buf + pos); // element_printf("c1:%B\n", this->c1); pos += element_from_bytes(this->c0, buf + pos); // element_printf("c0:%B\n", this->c0); printf("pos: %d -> reconstruct c1 and c0 ok\n", pos); this->policy = new Policy(buf + pos, p); printf("reconstruct policy ok\n"); }
void consumerShares(signed long int *codeword){ pairing_t pairing; element_t g, r, a, e_g_g, share; char *argv = "./param/a.param"; char s[16384]; signed long int temp_share; FILE *fp = stdin; fp = fopen(argv, "r"); if (!fp) pbc_die("error opening %s\n", argv); size_t count = fread(s, 1, 16384, fp); if(!count) pbc_die("read parameter failure\n"); fclose(fp); if(pairing_init_set_buf(pairing, s, count)) pbc_die("pairing init failed\n"); if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n"); element_init_G1(g, pairing); element_init_Zr(r, pairing); element_init_Zr(a, pairing); element_init_Zr(share, pairing); element_init_GT(e_g_g, pairing); //find the generator of the group element_set(g, ((curve_data_ptr)((a_pairing_data_ptr) pairing->data)->Eq->data)->gen); element_random(r); element_random(a); //compute e(g, g) element_pairing(e_g_g, g, g); //compute e(g, g)^r element_pow_zn(e_g_g, e_g_g, r); //compute e(g,g)^ra element_pow_zn(e_g_g, e_g_g, a); temp_share = codeword[0]; //transfer signed long int type ecret shares to an element_t type before we do the power of //e_g_g element_set_si(share, temp_share); element_pow_zn(e_g_g, e_g_g, share); }
void Manager::KeyGeneration(string & PK, string & IK, string & OK) { element_t gt_new; element_t g_new; element_t X_new; element_t Y_new; element_t h_new; element_t y1_new; element_t y2_new; element_t y3_new; //issuer secret element_t x_new; element_t y_new; //open secret element_t x1_new; element_t x2_new; element_t x3_new; element_t x4_new; element_t x5_new; //init public key element_init_G1(g_new, pairing); element_init_GT(gt_new, pairing); element_init_G1(X_new, pairing); element_init_G1(Y_new, pairing); element_init_GT(h_new, pairing); element_init_GT(y1_new, pairing); element_init_GT(y2_new, pairing); element_init_GT(y3_new, pairing); //init issuer key element_init_Zr(x_new, pairing); element_init_Zr(y_new, pairing); //init open key element_init_Zr(x1_new, pairing); element_init_Zr(x2_new, pairing); element_init_Zr(x3_new, pairing); element_init_Zr(x4_new, pairing); element_init_Zr(x5_new, pairing); //set tmp variables element_t temp_y1; element_t temp_y2; element_init_GT(temp_y1, pairing); element_init_GT(temp_y2, pairing); //generate system parameters element_random(g_new); element_pairing(gt_new,g_new,g_new); //generate private keys of group manager element_random(x_new); element_random(y_new); //compute X Y element_pow_zn(X_new,g_new,x_new); element_pow_zn(Y_new,g_new,y_new); //generate h != 1 do { element_random(h_new); } while(element_is1(h_new)); //rand of secret set x1...x5 element_random(x1_new); element_random(x2_new); element_random(x3_new); element_random(x4_new); element_random(x5_new); //compute y1 element_pow_zn(temp_y1,gt_new,x1_new); element_pow_zn(temp_y2,h_new,x2_new); element_mul(y1_new,temp_y1,temp_y2); //compute y2 element_pow_zn(temp_y1,gt_new,x3_new); element_pow_zn(temp_y2,h_new,x4_new); element_mul(y2_new,temp_y1,temp_y2); //compute y3 element_pow_zn(y3_new,gt_new,x5_new); //Write keys PK=GroupPublicKeyToString(g_new, gt_new, X_new, Y_new, h_new, y1_new, y2_new, y3_new); IK=SecretIssuerKeyToString(x_new,y_new); OK=SecretOpenKeyToString(x1_new,x2_new,x3_new,x4_new,x5_new); //clear elements //clear public key element_clear(g_new); element_clear(gt_new); element_clear(X_new); element_clear(Y_new); element_clear(h_new); element_clear(y1_new); element_clear(y2_new); element_clear(y3_new); //clear issuer key element_clear(x_new); element_clear(y_new); //clear open key element_clear(x1_new); element_clear(x2_new); element_clear(x3_new); element_clear(x4_new); element_clear(x5_new); //clear tmps element_clear(temp_y1); element_clear(temp_y2); }
int Manager::Open(string sign, char*mes, int len_mes) { int ret; if(Verification(sign, mes, len_mes)!=true) return -1; //compare variable bool cmp_var=0; //elements element_t T1,T2,T3,T4; element_t T5, T6, T7; element_t H; element_t Sp; element_t Sm; element_t Sv; element_t c_H; element_t tmp_pow; element_t check_T4; element_t tmp_T2; element_init_GT(T1, pairing); element_init_GT(T2, pairing); element_init_GT(T3, pairing); element_init_GT(T4, pairing); element_init_G1(T5, pairing); element_init_G1(T6, pairing); element_init_G1(T7, pairing); element_init_Zr(H, pairing); element_init_Zr(Sp,pairing); element_init_Zr(Sm,pairing); element_init_Zr(Sv,pairing); element_init_Zr(c_H, pairing); element_init_Zr(tmp_pow, pairing); element_init_GT(check_T4, pairing); element_init_GT(tmp_T2, pairing); //read sign SignatureFromString(sign, c_H, Sp, Sm, Sv, T1, T2, T3, T4, T5, T6, T7); //add verify sign Helper::Hash_T1_T2_T3(H,T1,T2,T3); //T4 check element_mul(tmp_pow, x5,H); element_add(tmp_pow, tmp_pow,x3); element_pow_zn(check_T4, T1, tmp_pow); element_pow_zn(tmp_T2, T2, x4); element_mul(check_T4, check_T4,tmp_T2); cmp_var=element_cmp(check_T4,T4);//0==ok //compute Pi2 element_t check_Pi2; element_init_GT(check_Pi2, pairing); element_pow_zn(tmp_T2, T1, x1); element_pow_zn(check_Pi2, T2, x2); element_mul(tmp_T2, tmp_T2,check_Pi2); element_div(check_Pi2, T3,tmp_T2); //find Pi2 in reg list if(cmp_var) ret=-1; else ret=SearchInRegistrationList(check_Pi2); //clear elements element_clear(T1); element_clear(T2); element_clear(T3); element_clear(T4); element_clear(T5); element_clear(T6); element_clear(T7); element_clear(H); element_clear(c_H); element_clear(Sp); element_clear(Sm); element_clear(Sv); element_clear(tmp_pow); element_clear(check_T4); element_clear(tmp_T2); return ret; }
bool Manager::Verification(string signature, char*mes, int len_mes) { //compare variables bool cmp_value_1=0; bool cmp_value_2=0; //elements element_t T1,T2,T3,T4; element_t T5, T6, T7; element_t c_H; element_t H; element_t Sp; element_t Sm; element_t Sv; //init element_init_GT(T1, pairing); element_init_GT(T2, pairing); element_init_GT(T3, pairing); element_init_GT(T4, pairing); element_init_G1(T5, pairing); element_init_G1(T6, pairing); element_init_G1(T7, pairing); element_init_Zr(Sp,pairing); element_init_Zr(Sm,pairing); element_init_Zr(Sv,pairing); element_init_Zr(H, pairing); element_init_Zr(c_H, pairing); SignatureFromString(signature, c_H,Sp,Sm,Sv,T1,T2,T3,T4,T5,T6,T7); //heshing Helper::Hash_T1_T2_T3(H,T1,T2,T3); //compute R1' element_t tmp_1; element_t tmp_2; element_t tmp_3; element_t R1_; element_init_GT(R1_, pairing); element_init_GT(tmp_1, pairing); element_init_GT(tmp_2, pairing); element_init_GT(tmp_3, pairing); element_pairing(tmp_1, g, T7); element_pow_zn(tmp_2, tmp_1, Sp); element_pairing(tmp_1, X, T6); element_pow_zn(tmp_3, tmp_1, Sm); element_div(R1_, tmp_2, tmp_3); element_pairing(tmp_3, X, T5); element_pow_zn(tmp_3, tmp_3, c_H); element_div(R1_, R1_, tmp_3); //compute R2' element_t R2_; element_init_GT(R2_, pairing); element_pow_zn(R2_, gt, Sv); element_pow_zn(tmp_1, T1, c_H); element_div(R2_, R2_, tmp_1); //compute R3' element_t R3_; element_init_GT(R3_, pairing); element_pow_zn(tmp_1, h, Sv); element_pow_zn(tmp_2, T2, c_H); element_sub(R3_, tmp_1, tmp_2); //compute R4' element_t R4_; element_init_GT(R4_, pairing); element_pow_zn(tmp_1, y1, Sv); element_pow_zn(tmp_2, gt, Sm); element_mul(tmp_3, tmp_1, tmp_2); element_pow_zn(tmp_1,T3, c_H); element_sub(R4_, tmp_3, tmp_1); //compute R5' element_t R5_; element_init_GT(R5_, pairing); element_t tmp_pow; element_init_Zr(tmp_pow, pairing); element_t tmp_div; element_init_GT(tmp_div, pairing); element_pow_zn(R5_, y2, Sv); element_pow_zn(tmp_div,y3,H); element_pow_zn(tmp_div,tmp_div,Sv); element_mul(R5_,R5_,tmp_div); element_pow_zn(tmp_div,T4, c_H); element_div(R5_, R5_, tmp_div); //check c_H == c_H' element_t check_c_H; element_init_Zr(check_c_H, pairing); Helper::Hash_C(check_c_H,R1_,R2_,R3_,R4_,R5_,g,gt,X,Y,h,y1,y2,y3,mes,len_mes); //check e(T 5 , Y ) == e(g, T 6 ) element_t check_1; element_init_GT(check_1, pairing); element_t check_2; element_init_GT(check_2, pairing); element_pairing(check_1, T5,Y); element_pairing(check_2, g,T6); //cmp_value_1 cmp_value_1=element_cmp(check_c_H,c_H);//0==ok //cmp_value_2 cmp_value_2=element_cmp(check_1,check_2);//0==ok //clear elements element_clear(T1); element_clear(T2); element_clear(T3); element_clear(T4); element_clear(T5); element_clear(T6); element_clear(T7); element_clear(Sp); element_clear(Sm); element_clear(Sv); element_clear(H); element_clear(c_H); element_clear(R1_); element_clear(R2_); element_clear(R3_); element_clear(R4_); element_clear(R5_); element_clear(tmp_1); element_clear(tmp_2); element_clear(tmp_3); element_clear(tmp_pow); element_clear(tmp_div); element_clear(check_c_H); element_clear(check_1); element_clear(check_2); if(cmp_value_1||cmp_value_2) return 0; else return 1; }
int bbs_verify(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_t gpk) { bbs_sys_param_ptr param = gpk->param; pairing_ptr pairing = param->pairing; field_ptr Fp = pairing->Zr; element_t T1, T2, T3; element_t R1, R2, R3, R4, R5; element_t c, salpha, sbeta, sx, sdelta1, sdelta2; element_t e10, e20, e21, et0, z0, z1; unsigned char *readptr = sig; element_init_G1(T1, pairing); element_init_G1(T2, pairing); element_init_G1(T3, pairing); element_init_G1(R1, pairing); element_init_G1(R2, pairing); element_init_GT(R3, pairing); element_init_G1(R4, pairing); element_init_G1(R5, pairing); element_init(c, Fp); element_init(salpha, Fp); element_init(sbeta, Fp); element_init(sx, Fp); element_init(sdelta1, Fp); element_init(sdelta2, Fp); element_init_G1(e10, pairing); element_init_G2(e20, pairing); element_init_G2(e21, pairing); element_init_GT(et0, pairing); element_init(z0, Fp); element_init(z1, Fp); readptr += element_from_bytes(T1, readptr); readptr += element_from_bytes(T2, readptr); readptr += element_from_bytes(T3, readptr); readptr += element_from_bytes(c, readptr); readptr += element_from_bytes(salpha, readptr); readptr += element_from_bytes(sbeta, readptr); readptr += element_from_bytes(sx, readptr); readptr += element_from_bytes(sdelta1, readptr); readptr += element_from_bytes(sdelta2, readptr); element_neg(z0, c); //element_pow_zn(R1, gpk->u, salpha); //element_pow_zn(e10, T1, z0); //element_mul(R1, R1, e10); element_pow2_zn(R1, gpk->u, salpha, T1, z0); //element_pow_zn(R2, gpk->v, sbeta); //element_pow_zn(e10, T2, z0); //element_mul(R2, R2, e10); element_pow2_zn(R2, gpk->v, sbeta, T2, z0); element_neg(z0, sdelta1); //element_pow_zn(R4, gpk->u, z0); //element_pow_zn(e10, T1, sx); //element_mul(R4, R4, e10); element_pow2_zn(R4, gpk->u, z0, T1, sx); element_neg(z0, sdelta2); //element_pow_zn(R5, gpk->v, z0); //element_pow_zn(e10, T2, sx); //element_mul(R5, R5, e10); element_pow2_zn(R5, gpk->v, z0, T2, sx); /* * compute R3 more efficiently. use precomputed e(g1,g2)^{-1}, * e(h,g2), and e(h,w). this leaves e(T3,g2)^sx and e(T3,w)^c; * compute these with one pairing as e(T3, g2^sx w^c). */ //element_pow_zn(e20, gpk->g2, sx); //element_pow_zn(e21, gpk->w, c); //element_mul(e20, e20, e21); element_pow2_zn(e20, gpk->g2, sx, gpk->w, c); pairing_apply(R3, T3, e20, pairing); //element_pow_zn(et0, gpk->pr_g1_g2_inv, c); //element_mul(R3, R3, et0); element_add(z0, salpha, sbeta); element_neg(z0, z0); //element_pow_zn(et0, gpk->pr_h_w, z0); //element_mul(R3, R3, et0); element_add(z1, sdelta1, sdelta2); element_neg(z1, z1); //element_pow_zn(et0, gpk->pr_h_g2, z1); element_pow3_zn(et0, gpk->pr_g1_g2_inv, c, gpk->pr_h_w, z0, gpk->pr_h_g2, z1); element_mul(R3, R3, et0); #ifdef DEBUG element_printf("T1: %B\n", T1); element_printf("T2: %B\n", T2); element_printf("T3: %B\n", T3); element_printf("R1: %B\n", R1); element_printf("R2: %B\n", R2); element_printf("R3: %B\n", R3); element_printf("R4: %B\n", R4); element_printf("R5: %B\n", R5); #endif int result = 0; element_t M; element_init_G1(M, pairing); element_from_hash(M, hash, hashlen); unsigned int hash_input_length = element_length_in_bytes(T1) + element_length_in_bytes(T2) + element_length_in_bytes(T3) + element_length_in_bytes(R1) + element_length_in_bytes(R2) + element_length_in_bytes(R3) + element_length_in_bytes(R4) + element_length_in_bytes(R5) + element_length_in_bytes(M); unsigned char *hash_input = malloc(hash_input_length); hash_input += element_to_bytes(hash_input, T1); hash_input += element_to_bytes(hash_input, T2); hash_input += element_to_bytes(hash_input, T3); hash_input += element_to_bytes(hash_input, R1); hash_input += element_to_bytes(hash_input, R2); hash_input += element_to_bytes(hash_input, R3); hash_input += element_to_bytes(hash_input, R4); hash_input += element_to_bytes(hash_input, R5); hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes hash_input -= hash_input_length; hash_ctx_t context; unsigned char digest[hash_length]; hash_init(context); hash_update(context, hash_input, hash_input_length); hash_final(digest, context); free(hash_input); element_t c1; element_init(c1, Fp); element_from_hash(c1, digest, sizeof(digest)); if (!element_cmp(c, c1)) { result = 1; } element_clear(M); element_clear(c1); element_clear(T1); element_clear(T2); element_clear(T3); element_clear(R1); element_clear(R2); element_clear(R3); element_clear(R4); element_clear(R5); element_clear(c); element_clear(salpha); element_clear(sbeta); element_clear(sx); element_clear(sdelta1); element_clear(sdelta2); element_clear(e10); element_clear(e20); element_clear(e21); element_clear(et0); element_clear(z0); element_clear(z1); return result; }
bool Manager::JoinMember(string request, string & respond) { //elements element_t Pi1; element_t Pi2; element_t Sk; element_t R; element_init_G1(Pi1,pairing); element_init_GT(Pi2, pairing); element_init_Zr(Sk, pairing); element_init_G1(R,pairing); //read & check SoK string hash; string hash_check; RequestFromString(request,hash,Sk,Pi1); //check Pi1 is point of curve if(element_item_count(Pi1)!=2) { element_clear(Pi1); element_clear(Pi2); element_clear(Sk); element_clear(R); return 1;//failure } element_t tmp1, tmp2; element_t c_Hsok; element_init_G1(tmp1, pairing); element_init_G1(tmp2, pairing); element_init_Zr(c_Hsok, pairing); element_from_hash(c_Hsok,(void*)hash.c_str(),hash.length()); element_pow_zn(tmp1,g,Sk); element_pow_zn(tmp2,Pi1,c_Hsok); element_div(R,tmp1,tmp2); hash_check=Helper::Hash_g_R(g,R); if(hash.compare(hash_check)) { element_clear(Pi1); element_clear(Pi2); element_clear(Sk); element_clear(R); element_clear(tmp1); element_clear(tmp2); element_clear(c_Hsok); return 1;//failure } //generate r_issuer element_t issuer_r; element_init_Zr(issuer_r, pairing); element_random(issuer_r); //create a b c element_t ai; element_t bi; element_t ci; element_t temp_ci1; element_t temp_ci2; //init element_init_G1(ai, pairing); element_init_G1(bi, pairing); element_init_G1(ci, pairing); element_init_G1(temp_ci1, pairing); element_init_G1(temp_ci2, pairing); //compute ai bi ci element_pow_zn(ai,g,issuer_r);//ai element_pow_zn(bi,ai,y);//bi element_pow_zn(temp_ci1,ai,x); element_pow_zn(temp_ci2,Pi1,issuer_r); element_pow_zn(temp_ci2,temp_ci2,x); element_pow_zn(temp_ci2,temp_ci2,y); element_mul(ci,temp_ci1,temp_ci2);//ci //create RESPOND respond=MemberSecretToString(ai,bi,ci); //compute Pi2 element_pairing(Pi2,Pi1,g); //Write_to_reg_list AddToRegistrationList(Pi1, Pi2); //clear elements element_clear(issuer_r); element_clear(Pi1); element_clear(Pi2); element_clear(temp_ci1); element_clear(temp_ci2); element_clear(tmp1); element_clear(tmp2); element_clear(c_Hsok); element_clear(Sk); element_clear(R); element_clear(ai); element_clear(bi); element_clear(ci); return 0;//success }
void bbs_sign(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_ptr gpk, bbs_group_private_key_ptr gsk) { bbs_sys_param_ptr param = gpk->param; pairing_ptr pairing = param->pairing; field_ptr Fp = pairing->Zr; element_t T1, T2, T3; element_t R1, R2, R3, R4, R5; element_t alpha, beta; element_t c; element_t ralpha, rbeta, rx, rdelta1, rdelta2; element_t z0, z1; element_t e10, et0; unsigned char *writeptr = sig; element_init_G1(T1, pairing); element_init_G1(T2, pairing); element_init_G1(T3, pairing); element_init_G1(R1, pairing); element_init_G1(R2, pairing); element_init_GT(R3, pairing); element_init_G1(R4, pairing); element_init_G1(R5, pairing); element_init(c, Fp); element_init(alpha, Fp); element_random(alpha); element_init(beta, Fp); element_random(beta); //temp variables element_init(z0, Fp); element_init(z1, Fp); element_init_GT(et0, pairing); element_init_G1(e10, pairing); element_init(ralpha, Fp); element_random(ralpha); element_init(rbeta, Fp); element_random(rbeta); element_init(rx, Fp); element_random(rx); element_init(rdelta1, Fp); element_random(rdelta1); element_init(rdelta2, Fp); element_random(rdelta2); element_pow_zn(T1, gpk->u, alpha); element_pow_zn(T2, gpk->v, beta); element_add(z0, alpha, beta); element_pow_zn(T3, gpk->h, z0); element_mul(T3, T3, gsk->A); element_pow_zn(R1, gpk->u, ralpha); element_pow_zn(R2, gpk->v, rbeta); /* * rather than computing e(T3,g2), note that T3 = A h^{alpha+beta}, * use precomputed e(A,g2) and e(h,g2), and use appropriate * exponentiations in GT. */ //pairing_apply(et0, T3, gpk->g2, pairing); /* precomputed */ element_pow_zn(et0, gpk->pr_h_g2, z0); /* NB. here z0 = alpha+beta */ element_mul(et0, et0, gsk->pr_A_g2); //element_pow_zn(R3, et0, rx); // pairing_apply(et0, gpk->h, gpk->w, pairing); /* precomputed */ element_add(z0, ralpha, rbeta); element_neg(z0, z0); //element_pow_zn(et0, gpk->pr_h_w, z0); //element_mul(R3, R3, et0); // pairing_apply(et0, gpk->h, gpk->g2, pairing); /* precomputed */ element_add(z1, rdelta1, rdelta2); element_neg(z1, z1); //element_pow_zn(et0, gpk->pr_h_g2, z1); //element_mul(R3, R3, et0); element_pow3_zn(R3, et0, rx, gpk->pr_h_w, z0, gpk->pr_h_g2, z1); //element_pow_zn(R4, T1, rx); element_neg(z0, rdelta1); //element_pow_zn(e10, gpk->u, z0); //element_mul(R4, R4, e10); element_pow2_zn(R4, T1, rx, gpk->u, z0); //element_pow_zn(R5, T2, rx); element_neg(z0, rdelta2); //element_pow_zn(e10, gpk->v, z0); //element_mul(R5, R5, e10); element_pow2_zn(R5, T2, rx, gpk->v, z0); element_t M; element_init_G1(M, pairing); element_from_hash(M, hash, hashlen); unsigned int hash_input_length = element_length_in_bytes(T1) + element_length_in_bytes(T2) + element_length_in_bytes(T3) + element_length_in_bytes(R1) + element_length_in_bytes(R2) + element_length_in_bytes(R3) + element_length_in_bytes(R4) + element_length_in_bytes(R5) + element_length_in_bytes(M); unsigned char *hash_input = malloc(hash_input_length); hash_input += element_to_bytes(hash_input, T1); hash_input += element_to_bytes(hash_input, T2); hash_input += element_to_bytes(hash_input, T3); hash_input += element_to_bytes(hash_input, R1); hash_input += element_to_bytes(hash_input, R2); hash_input += element_to_bytes(hash_input, R3); hash_input += element_to_bytes(hash_input, R4); hash_input += element_to_bytes(hash_input, R5); hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes hash_input -= hash_input_length; hash_ctx_t context; unsigned char digest[hash_length]; hash_init(context); hash_update(context, hash_input, hash_input_length); hash_final(digest, context); free(hash_input); element_from_hash(c, digest, sizeof(digest)); element_clear(M); //now the r's represent the values of the s's //no need to allocate yet more variables element_mul(z0, c, alpha); element_add(ralpha, ralpha, z0); element_mul(z0, c, beta); element_add(rbeta, rbeta, z0); element_mul(z1, c, gsk->x); element_add(rx, rx, z1); element_mul(z0, z1, alpha); element_add(rdelta1, rdelta1, z0); element_mul(z0, z1, beta); element_add(rdelta2, rdelta2, z0); writeptr += element_to_bytes(writeptr, T1); writeptr += element_to_bytes(writeptr, T2); writeptr += element_to_bytes(writeptr, T3); writeptr += element_to_bytes(writeptr, c); writeptr += element_to_bytes(writeptr, ralpha); writeptr += element_to_bytes(writeptr, rbeta); writeptr += element_to_bytes(writeptr, rx); writeptr += element_to_bytes(writeptr, rdelta1); writeptr += element_to_bytes(writeptr, rdelta2); #ifdef DEBUG element_printf("T1: %B\n", T1); element_printf("T2: %B\n", T2); element_printf("T3: %B\n", T3); element_printf("R1: %B\n", R1); element_printf("R2: %B\n", R2); element_printf("R3: %B\n", R3); element_printf("R4: %B\n", R4); element_printf("R5: %B\n", R5); element_printf("c: %B\n", c); #endif element_clear(T1); element_clear(T2); element_clear(T3); element_clear(R1); element_clear(R2); element_clear(R3); element_clear(R4); element_clear(R5); element_clear(alpha); element_clear(beta); element_clear(c); element_clear(ralpha); element_clear(rbeta); element_clear(rx); element_clear(rdelta1); element_clear(rdelta2); //clear temp variables element_clear(z0); element_clear(z1); element_clear(e10); element_clear(et0); }
void wSetup(char *string,int attrNo,pairing_t *pairing, MSP *msp){ int count = 0;//the index of the attribute array /* if(!strcmp(string,"ordinary")){ setupOrdinaryPairing(pairing);//setup pairing first printf("Use ordinary curve...\n"); }else if(!strcmp(string,"singular")){ setupSingularPairing(pairing);//setup pairing first printf("Use singular curve...\n"); }else{ fprintf(stderr,"Wrong input arguments!"); fprintf(stderr,"Please input <./wAbe><sinuglar> or <./wAbe><ordinary>\n"); } */ element_t g;//the generator of G element_init_G2(g,*pairing);//initial the generator g element_random(g); /* initial the random group elements h_1...h_attrNo which belog to G and are associated with the attrNo attributes in the system. */ element_t h; element_init_G2(h,*pairing); //initial the h element_t alpha; element_t a; //initial the alpha and a in Z_p element_init_Zr(alpha,*pairing); element_init_Zr(a,*pairing); element_random(alpha); element_random(a); //public key e(g,g)^alpha element_t pubKey; element_t gAlpha; element_t gA; element_init_GT(pubKey,*pairing);//initial the publicKey element_init_G2(gAlpha,*pairing);//initial the gAlpha element_init_G2(gA,*pairing);//initial the gA element_pow_zn(gAlpha,g,alpha);//gAlpha=g^alpha element_pow_zn(gA,g,a);//gA=g^a weilPairing(&pubKey,g,gAlpha,*pairing);//publicKey = e(g,g^alpha) = e(g,g)^alpha //Master secret key element_t msk; element_init_G2(msk,*pairing); element_set(msk,gAlpha);//msk = g^alpha //write the master key and public key to file FILE* fG = fopen("publicKey/g.key","w");//file pointer to the public key g FILE* fGA = fopen("publicKey/gA.key","w");//file pointer to the public key gA FILE* fPub = fopen("publicKey/eGG.key","w");//file pointer to the public key e(g,gALPHA) FILE* fH;//file pointer the the attribute key FILE* fMsk = fopen("MSK/msk.key","w");//file pointer to the master key element_fprintf(fG,"%B\n",g); element_fprintf(fPub,"%B\n",pubKey); element_fprintf(fGA,"%B\n",gA); count = 0; char hCmd[100];//the command line for the pointer of FILE* fH char attrName[2];//the name of attribute memset(hCmd,'\0',100); memset(attrName,'\0',2); strcpy(hCmd,"publicKey/h"); while(count!=attrNo){ sprintf(attrName,"%c",msp->label[count]); strcat(hCmd,attrName); strcat(hCmd,".key"); fH = fopen(hCmd,"w"); element_random(h); element_fprintf(fH,"%B",h); memset(hCmd,'\0',100); strcpy(hCmd,"publicKey/h"); memset(attrName,'\0',2); fclose(fH); count++; } element_clear(h); element_fprintf(fMsk,"%B\n",msk); //close the file pointer and clear all the element fclose(fG); fclose(fGA); fclose(fPub); fclose(fMsk); element_clear(g); element_clear(a); element_clear(alpha); element_clear(gAlpha); element_clear(gA); element_clear(pubKey); element_clear(msk); }//end of setup
void test_libfenc(char *policy) { FENC_ERROR result; fenc_context context; fenc_group_params group_params; fenc_global_params global_params; fenc_function_input policy_input; pairing_t pairing; FILE *fp; char *public_params_buf = NULL; size_t serialized_len; memset(&context, 0, sizeof(fenc_context)); memset(&group_params, 0, sizeof(fenc_group_params)); memset(&global_params, 0, sizeof(fenc_global_params)); /* Initialize the library. */ result = libfenc_init(); report_error("Initializing library", result); /* Create a Sahai-Waters context. */ result = libfenc_create_context(&context, FENC_SCHEME_WATERSCP); report_error("Creating context for Waters CP scheme", result); /* Load group parameters from a file. */ fp = fopen(PARAM, "r"); if (fp != NULL) { libfenc_load_group_params_from_file(&group_params, fp); libfenc_get_pbc_pairing(&group_params, pairing); } else { perror("Could not open type-d parameters file.\n"); return; } fclose(fp); /* Set up the global parameters. */ result = context.generate_global_params(&global_params, &group_params); result = libfenc_gen_params(&context, &global_params); /* Set up the publci parameters */ fp = fopen(PUBLIC_FILE".cp", "r"); if(fp != NULL) { size_t pub_len = read_file(fp, &public_params_buf); /* base-64 decode */ uint8 *bin_public_buf = NewBase64Decode((const char *) public_params_buf, pub_len, &serialized_len); /* Import the parameters from binary buffer: */ result = libfenc_import_public_params(&context, bin_public_buf, serialized_len); report_error("Importing public parameters", result); free(public_params_buf); free(bin_public_buf); } else { perror("Could not open public parameters\n"); return; } fclose(fp); /* encrypt under given policy */ // fenc_attribute_policy *parsed_policy = construct_test_policy(); fenc_attribute_policy *parsed_policy = (fenc_attribute_policy *) malloc(sizeof(fenc_attribute_policy)); memset(parsed_policy, 0, sizeof(fenc_attribute_policy)); fenc_policy_from_string(parsed_policy, policy); policy_input.input_type = FENC_INPUT_NM_ATTRIBUTE_POLICY; policy_input.scheme_input = (void *) parsed_policy; printf("START: test_secret_sharing\n"); test_secret_sharing(parsed_policy, pairing); printf("END: test_secret_sharing\n"); /* simple test */ element_t ONE, TWO, THREE, ONEG2, TWOG2, THREEG2, ONEGT, TWOGT, FinalGT; element_init_G1(ONE, pairing); element_init_G1(TWO, pairing); element_init_G1(THREE, pairing); element_init_G2(ONEG2, pairing); element_init_G2(TWOG2, pairing); element_init_G2(THREEG2, pairing); element_init_GT(ONEGT, pairing); element_init_GT(TWOGT, pairing); element_init_GT(FinalGT, pairing); clock_t start, stop; double timeG1, timeG2, timePairing; element_random(ONE); element_random(TWO); element_random(ONEG2); element_random(TWOG2); // element_random(ONEGT); // element_random(TWOGT); /* time G1 */ start = clock(); element_mul(THREE, ONE, TWO); stop = clock(); timeG1 = ((double)(stop - start))/CLOCKS_PER_SEC; element_printf("THREEG1: %B, ", THREE); printf("G1 mul time: %f secs\n", timeG1); /* time G2 */ start = clock(); element_mul(THREEG2, ONEG2, TWOG2); stop = clock(); timeG2 = ((double)(stop - start))/CLOCKS_PER_SEC; element_printf("THREEG2: %B, ", THREEG2); printf("G2 mul time: %f secs\n", timeG2); /* time GT start = clock(); element_mul(FinalGT, ONEGT, TWOGT); stop = clock(); timeGT = ((double)(stop - start))/CLOCKS_PER_SEC; element_printf("FinalGT: %B, ", FinalGT); printf("GT mul time: %f secs\n", timeGT); */ /* time pairings */ start = clock(); pairing_apply(FinalGT, THREE, THREEG2, pairing); stop = clock(); timePairing = ((double)(stop - start))/CLOCKS_PER_SEC; element_printf("Pairing: %B, ", FinalGT); printf("GT pairing time: %f secs\n", timePairing); free(parsed_policy); result = libfenc_shutdown(); report_error("Shutting down library", result); }
int main(int argc, char **argv) { pairing_t pairing; double time1, time2; element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6; pbc_demo_pairing_init(pairing, argc, argv); if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric"); element_init_G1(P, pairing); element_init_G1(t1, pairing); element_init_G1(t2, pairing); element_init_G1(t3, pairing); element_init_Zr(a, pairing); element_init_Zr(b, pairing); element_init_Zr(c, pairing); element_init_GT(t4, pairing); element_init_GT(t5, pairing); element_init_GT(t6, pairing); element_init_GT(Ka, pairing); element_init_GT(Kb, pairing); element_init_GT(Kc, pairing); time1 = pbc_get_time(); printf("Joux key agreement between A, B and C.\n"); element_random(P); element_random(a); element_random(b); element_random(c); element_mul_zn(t1, P, a); printf("A sends B and C: aP\n"); element_printf("aP = %B\n", t1); element_mul_zn(t2, P, b); printf("B sends A and C: bP\n"); element_printf("bP = %B\n", t2); element_mul_zn(t3, P, c); printf("C sends A and B: cP\n"); element_printf("cP = %B\n", t3); element_pairing(t4, t2, t3); element_pow_zn(Ka, t4, a); element_printf("Ka = %B\n", Ka); element_pairing(t5, t1, t3); element_pow_zn(Kb, t5, b); element_printf("Kb = %B\n", Kb); element_pairing(t6, t1, t2); element_pow_zn(Kc, t6, c); element_printf("Kc = %B\n", Kc); printf("Shared key K = Ka = Kb = Kc\n"); time2 = pbc_get_time(); printf("All time = %fs\n", time2 - time1); element_clear(P); element_clear(a); element_clear(b); element_clear(c); element_clear(Ka); element_clear(Kb); element_clear(Kc); element_clear(t1); element_clear(t2); element_clear(t3); element_clear(t4); element_clear(t5); element_clear(t6); pairing_clear(pairing); return 0; }
int main(void) { pairing_t pairing; char param[50000]; size_t count = fread(param, 1, 50000, stdin); if (!count) pbc_die("input error"); pairing_init_set_buf(pairing, param, count); // int cont = 0; struct timeval tvBegin, tvEnd; element_t g, h; element_t public_key, secret_key; element_t sig; element_t temp1, temp2; element_init_G2(g, pairing); element_init_G2(public_key, pairing); element_init_G1(h, pairing); element_init_G1(sig, pairing); element_init_GT(temp1, pairing); element_init_GT(temp2, pairing); element_init_Zr(secret_key, pairing); // Generating key element_random(g); element_random(secret_key); element_pow_zn(public_key, g, secret_key); // Generating message element_from_hash(h, "ABCDEF", 6); element_pow_zn(sig, h, secret_key); // RANDOM TESTS /* // Fp element_t p1, p2; element_init(p1, element_x(h)->field); element_init(p2, p1->field); element_random(p1); element_random(p2); // multiplication element_t puntos[2000]; for(cont = 0; cont < 1000; cont++){ element_init(puntos[cont], element_x(h)->field); element_init(puntos[2*cont], element_x(h)->field); element_random(puntos[cont]); element_random(puntos[2*cont]); } gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++){ element_mul(puntos[cont], puntos[cont], puntos[2*cont]); } gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); //square gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[2*cont]); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // add gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) element_add(puntos[cont], puntos[cont], puntos[2*cont]); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // invers gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // Fpk element_t q1, q2; element_init_GT(q1, pairing); element_init_GT(q2, pairing); element_random(q1); element_random(q2); // multiplication for(cont = 0; cont < 1000; cont++){ element_init_GT(puntos[cont], pairing); element_init_GT(puntos[2*cont], pairing); element_random(puntos[cont]); element_random(puntos[2*cont]); } gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) { element_mul(puntos[cont], puntos[cont], puntos[2*cont]); } gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); //square gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[cont]); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // add gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++){ element_add(element_x(puntos[cont]), element_x(puntos[cont]), element_x(puntos[2*cont])); element_add(element_y(puntos[cont]), element_y(puntos[cont]), element_y(puntos[2*cont])); } gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // invers gettimeofday(&tvBegin, NULL); for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // CURVE OPERATIONS element_t punto, punto2; element_init(punto, h->field); element_random(punto); element_init(punto2, h->field); element_random(punto2); // add gettimeofday(&tvBegin, NULL); element_mul(punto, punto, punto2); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // double gettimeofday(&tvBegin, NULL); element_double(punto, punto2); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1); // SIZE GROUP int m = mpz_sizeinbase(pairing->r, 2) - 2; printf("%i\n", m); int contador = 0; for(;;){ if(!m) break; if(mpz_tstbit(pairing->r,m)) contador++; m--; } printf("%i\n", contador); */ // One pairing gettimeofday(&tvBegin, NULL); eval_miller(temp1, sig, g, pairing); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1000); //print_contador(); // One pairing (with precomputed values) // Original method pairing_pp_t pp; // Precomp gettimeofday(&tvBegin, NULL); pairing_pp_init(pp, sig, pairing); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1000); // Eval gettimeofday(&tvBegin, NULL); pairing_pp_apply(temp1, g, pp); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1000); pairing_pp_clear(pp); void do_precomp(){ lpoly *list; // precomputation gettimeofday(&tvBegin, NULL); list = lpoly_init(); precompute(list, pairing->r, sig, g); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1000); // DMAX printf("%i\n", list->MAXD); // eval gettimeofday(&tvBegin, NULL); compute_miller(temp2, list, g, pairing); gettimeofday(&tvEnd, NULL); timeval_subtract(&tvEnd, &tvBegin, 1000); lpoly_free(list); }
void BSActivity(unsigned char *da, unsigned char *db, unsigned char *dc, unsigned char *dcu) { //signature decompress //printf("Verifying....\n"); element_t cu, A, B, C; element_init_G1(A, pairing); element_init_G1(B, pairing); element_init_G1(C, pairing); element_init_Zr(cu, pairing2); element_from_bytes_compressed(A, da); element_from_bytes_compressed(B, db); element_from_bytes_compressed(C, dc); element_from_bytes(cu, dcu); pbc_free(da); pbc_free(db); pbc_free(dc); pbc_free(dcu); //verification I element_t exbcu; element_t tmp1, tmp2, right, left; element_init_GT(exbcu, pairing); element_init_GT(tmp1, pairing); element_init_GT(tmp2, pairing); element_init_GT(right, pairing); element_init_GT(left, pairing); element_pairing(tmp1, X, A); element_pairing(tmp2, X, B); element_pow_zn(exbcu, tmp2, cu); element_mul(left, tmp1, exbcu); element_pairing(right, g, C); if (!element_cmp(left, right)) { //printf("part 1 verifies\n"); } else { printf("*BUG* part 1 does not verify *BUG*\n"); } //verification II element_pairing(left, A, Y); element_pairing(right, g, B); if (!element_cmp(left, right)) { //printf("part 2 verifies\n"); } else { printf("*BUG* part 2 does not verify *BUG*\n"); } if(ifsize) { int totalsize = sizeof(tmp1) + sizeof(tmp2) + sizeof(right) + sizeof(left) + sizeof(A) + sizeof(B) + sizeof(C) + sizeof(cu); printf("Memory used at base station is %d bytes. \n", totalsize); } element_clear(exbcu); element_clear(tmp1); element_clear(tmp2); element_clear(right); element_clear(left); element_clear(A); element_clear(B); element_clear(C); element_clear(cu); return; }
void pbc_decrypt(struct crypto *pbc, int tl, int *nse, int ts, int use_caching, int use_product) { /* e(C_0, K_0) -> pairing(C, K[i]) * e(C_{i1}, K_{i1}) -> pairing(Ci[i], Ki[i]) * e(C_{i2}, K_{i2}) -> pairing(Ci[i], Ki[i]) */ element_t C, K[ts], Ci[tl], Ki[tl], R, A, B, M, T; int num_mul=0, num_pair=0; struct timeval st, en; int i, j; /* -------------------- setup --------------------- */ gettimeofday(&st, NULL); element_init_G1(C, pbc->pairing); element_random(C); for (i = 0; i < ts; i++) { element_init_G2(K[i], pbc->pairing); element_random(K[i]); } for (i = 0; i < tl; i++) { element_init_G1(Ci[i], pbc->pairing); element_random(Ci[i]); } for (i = 0; i < tl; i++) { element_init_G2(Ki[i], pbc->pairing); element_random(Ki[i]); } element_init_GT(R, pbc->pairing); element_init_GT(A, pbc->pairing); element_init_GT(B, pbc->pairing); element_init_GT(M, pbc->pairing); element_init_GT(T, pbc->pairing); gettimeofday(&en, NULL); printf("Setup: %lu us\n", time_diff(&st, &en)); printf("tl=%d ts=%d|", tl, ts); for (i = 0; i < ts; i++) printf("%d ", nse[i]); printf("\n"); /* ------------------ decryption ------------------ */ gettimeofday(&st, NULL); /* e(C0, K0) across all tokens */ if (use_caching) { pairing_pp_t pp; pairing_pp_init(pp, C, pbc->pairing); for (i = 0; i < ts; i++) pairing_pp_apply(R, K[i], pp); pairing_pp_clear(pp); } else for (i = 0; i < ts; i++) { pairing_apply(R, C, K[i], pbc->pairing); num_pair++; } /* prod{e(Ci1, Ki1)}prod{e(Ci2, Ki2)} across all tokens */ if (use_product) { for (i = 0; i < ts; i++) { if (!nse[i])continue; element_prod_pairing(A, Ci, Ki, nse[i]); element_prod_pairing(B, Ci, Ki, nse[i]); element_mul(M, A, B); } } else for (i = 0; i < ts; i++) { element_set1(A); for (j = 0; j < nse[i]; j++) { element_pairing(T, Ci[j], Ki[j]); element_mul(A, A, T); num_pair++; num_mul++; } element_set1(B); for (j = 0; j < nse[i]; j++) { element_pairing(T, Ci[j], Ki[j]); element_mul(B, B, T); num_pair++; num_mul++; } element_mul(M, A, B); num_mul++; } gettimeofday(&en, NULL); printf("Decryption: %lu us\n", time_diff(&st, &en)); if (use_caching || use_product) { num_pair = -1; num_mul = -1; } printf("Used %d pairings and %d multiplications\n", num_pair, num_mul); /* ------------------- cleanup -------------------- */ gettimeofday(&st, NULL); element_clear(T); element_clear(M); element_clear(B); element_clear(A); element_clear(R); element_clear(C); for (i = 0; i < ts; i++) element_clear(K[i]); for (i = 0; i < tl; i++) element_clear(Ci[i]); for (i = 0; i < tl; i++) element_clear(Ki[i]); gettimeofday(&en, NULL); printf("Cleanup: %lu us\n", time_diff(&st, &en)); }
int main(int argc, char *argv[]){ //build the pairing function pairing_t pairing; if(argc < 2){ fprintf(stderr,"Wrong input arguments!\n"); fprintf(stderr,"Please input <./abe><supersinuglar> or <./abe><ordinary>\n"); }else{ if(!strcmp(argv[1],"ordinary")){ setupOrdinaryPairing(&pairing); printf("Use ordinary curve...\n"); }else if(!strcmp(argv[1],"supersingular")){ setupSingularPairing(&pairing);//setup pairing first printf("Use supersingular curve...\n"); }else{ fprintf(stderr,"Wrong input arguments!"); fprintf(stderr,"Please input <./abe><sinuglar> or <./abe><ordinary>\n"); } } //end of building the pairing funcion //construct a CP-ABE scheme //Pre-computation -> read the file of users float difftime= 0.0; int i,j,k = 0;//the index of the following loop clock_t tStart,tEnd; FILE *fTime = fopen("timeTate.txt","w+"); int loopNum = 100; while(LOOP && loopNum){ tStart = clock(); MSP msp;//the monotone spanning program mspSetup(&msp); int rows = msp.rows; FILE *fUser = fopen("user.file","r");//the pointer to read the user files int userNo = 0;//the number of users int* attrNo;//the number of attributes char **userName; char **attribute; fscanf(fUser,"%d\n",&userNo); attrNo = (int *)malloc(sizeof(int)*userNo); userName = (char **)malloc(sizeof(char *)*userNo); attribute = (char **)malloc(sizeof(char *)*userNo); for( i = 0 ; i < userNo ; i++){ userName[i] = (char *)malloc(sizeof(char)*100); fscanf(fUser,"%s\n",userName[i]); fscanf(fUser,"%d\n",&attrNo[i]); attribute[i] = (char *)malloc(sizeof(char)*attrNo[i]); j = 0;//initialize the index of j k = attrNo[i]; while(k != 0){ fscanf(fUser,"%c\n",&attribute[i][j]); j++; k--; } } //1. Setup setup(rows,&pairing,&msp);//the first step to set up the public key and master key //2. KeyGen for( i = 0; i<userNo;i++){ keyGen(pairing,attrNo[i],attribute[i],userName[i]);//genereate the private key according to user's attribute } element_t message;//the plaintext message; element_init_GT(message,pairing); element_random(message); element_printf("M1 = %B\n",message); //3.Encrypt encrypt(message,pairing,&msp); //4.Decrypt decrypt(pairing,&msp,message,attrNo[1],attribute[1],userName[1]); tEnd = clock(); //5.Time calculation presents difftime = (float)(tEnd-tStart)/CLOCKS_PER_SEC; printf("The cost time of tate pairing: %fs\n",difftime); fprintf(fTime,"%f\r\n",difftime); loopNum--; }//end of while-loop fclose(fTime); return 0; }
/** * In this scheme every signer can aggregate a signature on a different message. * * This __cannot__ verify multiple messages from the same AS. * * We have __one__ signer -> __one__ message but as the message could be the same * for every signer, we can aggregate on it. * * @param store here we insert all the messages and all the signers * (as we __must__ verify every message of every signer) * * @return 0 if verify = success. * */ int pbgp_ibe_verify(setup_params_t *setup, ibe_signature_t *sign, store_t *store) { assert(sign && setup && store); element_t sumID, sumCi, sumTot, Pubi0, Pubi1, Pm, t1, p1, p2, e1, e2, ci; pairing_pp_t pp1, pp2, pp3; element_init_G1(sumID, setup->pairing); element_init_G1(sumCi, setup->pairing); element_init_G1(sumTot, setup->pairing); element_init_G1(Pubi0, setup->pairing); element_init_G1(Pubi1, setup->pairing); element_init_G1(Pm, setup->pairing); element_init_G1(t1, setup->pairing); element_init_GT(p1, setup->pairing); element_init_GT(p2, setup->pairing); element_init_GT(e1, setup->pairing); element_init_GT(e2, setup->pairing); element_init_Zr(ci, setup->pairing); element_set0(sumID); element_set0(sumCi); // // For each ASNUM in the list // store_iterator_t *iterator = pbgp_store_iterator_open(store); store_key_t key = STORE_KEY_INIT; while (1) { uint32_t id = 0; size_t ksize = 0, dsize = 0; // This mess is to avoid __any__ malloc call >:/ int ret = pbgp_store_iterator_uget_next_size(iterator, &ksize, &dsize); if (ret != 0) { break ; } // compute key data size ksize -= STORE_KEY_METADATA_LENGTH; if (sizeof(id) != ksize) { continue ; } // key buffer unsigned char kbuf[ksize]; memset (kbuf, 0, ksize); key.data = kbuf; key.dsize = sizeof(kbuf); // data buffer unsigned char message[dsize]; memset (message, 0, dsize); // get asnum + message ret = pbgp_store_iterator_uget_next(iterator, &key, message, &dsize); if (ret != 0) { break ; } char id0[BUFSIZ], id1[BUFSIZ]; memcpy(&id, kbuf, sizeof id); _ibe_get_id_pair(id, id0, sizeof (id0), id1, sizeof (id1)); // // Computes public keys for this AS from its identity // unsigned char hash[EVP_MAX_MD_SIZE + 1]; // hash(id0) memset(hash, 0, sizeof (hash)); _element_from_hash(Pubi0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash)); // hash(id1) memset(hash, 0, sizeof (hash)); _element_from_hash(Pubi1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash)); // ci = hash(m) memset(hash, 0, sizeof (hash)); element_from_hash(ci, hash, pbgp_rsa_uhash(message, dsize, hash)); // Computes sum(Pi_0) sum(ci * Pi_1) element_mul_zn(t1, Pubi1, ci); element_add(sumID, sumID, Pubi0); element_add(sumCi, sumCi, t1); } pbgp_store_iterator_close(iterator); element_add(sumTot, sumID, sumCi); pairing_pp_init(pp1, sumTot, setup->pairing); pairing_pp_init(pp2, sign->v, setup->pairing); pairing_pp_init(pp3, sign->u, setup->pairing); // e(Q = ibePub, sumTot) pairing_pp_apply(p1, setup->ibePub, pp1); // e(Tn = v, Pw) pairing_pp_apply(p2, sign->w, pp2); // e(Q = ibePub, sumTot) * e(Tn = v, Pw) element_mul(e2, p1, p2); // e(Sn = u, P) pairing_pp_apply(e1, setup->g, pp3); int rv = element_cmp(e1, e2); pairing_pp_clear(pp1); pairing_pp_clear(pp2); pairing_pp_clear(pp3); element_clear(sumID); element_clear(sumCi); element_clear(sumTot); element_clear(t1); element_clear(ci); element_clear(Pubi0); element_clear(Pubi1); element_clear(Pm); element_clear(p1); element_clear(p2); element_clear(e1); element_clear(e2); return rv; }
void bbs_gen(bbs_group_public_key_ptr gpk, bbs_manager_private_key_ptr gmsk, int n, bbs_group_private_key_t *gsk, bbs_sys_param_ptr param) { pairing_ptr pairing = param->pairing; element_t z0; element_t gamma; int i; gpk->param = param; gmsk->param = param; element_init_G1(gpk->g1, pairing); element_init_G2(gpk->g2, pairing); element_init_G1(gpk->h, pairing); element_init_G1(gpk->u, pairing); element_init_G1(gpk->v, pairing); element_init_G2(gpk->w, pairing); element_init_Zr(gmsk->xi1, pairing); element_init_Zr(gmsk->xi2, pairing); element_init_Zr(z0, pairing); element_init_Zr(gamma, pairing); element_random(gpk->g2); element_random(gpk->g1); element_random(gpk->h); element_random(gmsk->xi1); element_random(gmsk->xi2); element_invert(z0, gmsk->xi1); element_pow_zn(gpk->u, gpk->h, z0); element_invert(z0, gmsk->xi2); element_pow_zn(gpk->v, gpk->h, z0); element_random(gamma); element_pow_zn(gpk->w, gpk->g2, gamma); for (i=0; i<n; i++) { gsk[i]->param = param; element_init_G1(gsk[i]->A, pairing); element_init_Zr(gsk[i]->x, pairing); element_random(gsk[i]->x); element_add(z0, gamma, gsk[i]->x); element_invert(z0, z0); element_pow_zn(gsk[i]->A, gpk->g1, z0); /* do some precomputation */ /* TODO: could instead compute from e(g1,g2) ... */ element_init_GT(gsk[i]->pr_A_g2, pairing); pairing_apply(gsk[i]->pr_A_g2, gsk[i]->A, gpk->g2, pairing); } /* do some precomputation */ element_init_GT(gpk->pr_g1_g2, pairing); element_init_GT(gpk->pr_g1_g2_inv, pairing); element_init_GT(gpk->pr_h_g2, pairing); element_init_GT(gpk->pr_h_w, pairing); pairing_apply(gpk->pr_g1_g2, gpk->g1, gpk->g2, pairing); element_invert(gpk->pr_g1_g2_inv, gpk->pr_g1_g2); pairing_apply(gpk->pr_h_g2, gpk->h, gpk->g2, pairing); pairing_apply(gpk->pr_h_w, gpk->h, gpk->w, pairing); element_clear(z0); element_clear(gamma); }
void BilinearMappingHandler::initRandomMemberElementFromGT(memberElement& elem) { element_init_GT(elem, pairing); element_random(elem); }//end of initRandomMemberElementFromGT()
void CipherText::init_c1(){ element_init_GT(this->c1, *(this->p));//e(g1,g2) element_pow_zn(this->c1, this->pub->y, *(this->s));//e(g1,g2)^alpha*s y = e^(g1,g2)^alpha element_mul(this->c1, *(this->m), this->c1);//m*e(g1,g2)^alpha*s // element_printf("c1:%B\n", this->c1); }
int bbs_open(element_t A, bbs_group_public_key_t gpk, bbs_manager_private_key_t gmsk, int hashlen, void *hash, unsigned char *sig) { bbs_sys_param_ptr param = gpk->param; pairing_ptr pairing = param->pairing; field_ptr Fp = pairing->Zr; element_t T1, T2, T3; element_t R1, R2, R3, R4, R5; element_t c, salpha, sbeta, sx, sdelta1, sdelta2; element_t e10, et0, z0; unsigned char *readptr = sig; int result; UNUSED_VAR (hashlen); UNUSED_VAR (hash); //TODO: consolidate with verify element_init_G1(T1, pairing); element_init_G1(T2, pairing); element_init_G1(T3, pairing); element_init_G1(R1, pairing); element_init_G1(R2, pairing); element_init_GT(R3, pairing); element_init_G1(R4, pairing); element_init_G1(R5, pairing); element_init(c, Fp); element_init(salpha, Fp); element_init(sbeta, Fp); element_init(sx, Fp); element_init(sdelta1, Fp); element_init(sdelta2, Fp); element_init_G1(e10, pairing); element_init_GT(et0, pairing); element_init(z0, Fp); readptr += element_from_bytes(T1, readptr); readptr += element_from_bytes(T2, readptr); readptr += element_from_bytes(T3, readptr); readptr += element_from_bytes(c, readptr); readptr += element_from_bytes(salpha, readptr); readptr += element_from_bytes(sbeta, readptr); readptr += element_from_bytes(sx, readptr); readptr += element_from_bytes(sdelta1, readptr); readptr += element_from_bytes(sdelta2, readptr); element_neg(z0, c); element_pow_zn(R1, gpk->u, salpha); element_pow_zn(e10, T1, z0); element_mul(R1, R1, e10); element_pow_zn(R2, gpk->v, sbeta); element_pow_zn(e10, T2, z0); element_mul(R2, R2, e10); element_neg(z0, sdelta1); element_pow_zn(R4, gpk->u, z0); element_pow_zn(e10, T1, sx); element_mul(R4, R4, e10); element_neg(z0, sdelta2); element_pow_zn(R5, gpk->v, z0); element_pow_zn(e10, T2, sx); element_mul(R5, R5, e10); pairing_apply(R3, T3, gpk->w, pairing); pairing_apply(et0, gpk->g1, gpk->g2, pairing); element_invert(et0, et0); element_mul(R3, R3, et0); element_pow_zn(R3, R3, c); pairing_apply(et0, T3, gpk->g2, pairing); element_pow_zn(et0, et0, sx); element_mul(R3, R3, et0); element_add(z0, salpha, sbeta); element_neg(z0, z0); pairing_apply(et0, gpk->h, gpk->w, pairing); element_pow_zn(et0, et0, z0); element_mul(R3, R3, et0); element_add(z0, sdelta1, sdelta2); element_neg(z0, z0); pairing_apply(et0, gpk->h, gpk->g2, pairing); element_pow_zn(et0, et0, z0); element_mul(R3, R3, et0); //if mismatch result = 0; //} else { element_pow_zn(A, T1, gmsk->xi1); element_pow_zn(e10, T2, gmsk->xi2); element_mul(A, A, e10); element_invert(A, A); element_mul(A, A, T3); result =1; //} element_clear(T1); element_clear(T2); element_clear(T3); element_clear(R1); element_clear(R2); element_clear(R3); element_clear(R4); element_clear(R5); element_clear(c); element_clear(salpha); element_clear(sbeta); element_clear(sx); element_clear(sdelta1); element_clear(sdelta2); element_clear(e10); element_clear(et0); element_clear(z0); return result; }
// USER JOIN PHASE 3 - user key generation (Join) int xsgs_user_join_phase3(XSGS_PUBLIC_KEY* gpk, XSGS_USER_CERT* ucert, XSGS_JOIN_PHASE1* jpd1, XSGS_JOIN_PHASE2* jpd2, XSGS_JOIN_PHASE3* jpd3, char* usk_pem_filename) { int ret; pairing_ptr pairing = gpk->pairing; field_ptr Fp = pairing->Zr; element_t B, D, R1, R2, h, g1, gt; // B = e(G1 * C, G2) / e(A, W) = e(G1 * C, G2) * e(A^-1, W) element_init_GT(B, pairing); element_init_G1(g1, pairing); element_init_GT(gt, pairing); element_mul(g1, gpk->G1, jpd1->C); element_pairing(B, g1, gpk->G2); element_invert(g1, jpd2->A); element_pairing(gt, g1, gpk->W); element_mul(B, B, gt); // D = e(A, G2) element_init_GT(D, pairing); element_pairing(D, jpd2->A, gpk->G2); // verifies A e Group1, Checks V element_init(h, Fp); element_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8); element_neg(h, h); // R1 = B^s * T1^h element_init_GT(R1, pairing); element_pow_naf2(R1, B, jpd2->V.s, jpd2->V.T1, h); // R2 = D^s * T2^h element_init_GT(R2, pairing); element_pow_naf2(R2, D, jpd2->V.s, jpd2->V.T2, h); // clear tmp element_clear(g1); element_clear(gt); element_clear(h); // h = H(B, D, T1, T2, R1, R2) DWORD data_len = element_length_in_bytes(B) + element_length_in_bytes(D) + element_length_in_bytes(jpd2->V.T1) + element_length_in_bytes(jpd2->V.T2) + element_length_in_bytes(R1) + element_length_in_bytes(R2); BYTE* data_buf = (BYTE*) malloc(data_len); data_buf += element_to_bytes(data_buf, B); data_buf += element_to_bytes(data_buf, D); data_buf += element_to_bytes(data_buf, jpd2->V.T1); data_buf += element_to_bytes(data_buf, jpd2->V.T2); data_buf += element_to_bytes(data_buf, R1); data_buf += element_to_bytes(data_buf, R2); data_buf -= data_len; BYTE* hash = (BYTE*) malloc(JOIN_HASH_BITS / 8); xsgs_hash(data_buf, data_len * 8, hash, JOIN_HASH_BITS); free(data_buf); element_clear(B); element_clear(D); element_clear(R1); element_clear(R2); // compare hashes ret = memcmp(jpd2->V.hash, hash, JOIN_HASH_BITS / 8); free(hash); if (!ret) { element_init_G1(ucert->A, pairing); element_set(ucert->A, jpd2->A); // S = sign(A) DWORD msg_len = element_length_in_bytes(ucert->A); BYTE* msg = (BYTE*) malloc(msg_len); element_to_bytes(msg, ucert->A); ret = xsgs_rsa_sign(usk_pem_filename, msg, msg_len, &(jpd3->S.sig), &(jpd3->S.len)); free(msg); } // return ( S = (rsa signature length, rsa signature) ) return ret; }
int main(int argc, char **argv) { pairing_t pairing; pbc_demo_pairing_init(pairing, argc, argv); if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric"); double time1, time2; element_t P, Ppub, x, S, H, t1, t2, t3, t4; element_init_Zr(x, pairing); element_init_Zr(H, pairing); element_init_Zr(t1, pairing); element_init_G1(S, pairing); element_init_G1(P, pairing); element_init_G1(Ppub, pairing); element_init_G1(t2, pairing); element_init_GT(t3, pairing); element_init_GT(t4, pairing); printf("ZSS short signature schema\n"); printf("KEYGEN\n"); time1 = pbc_get_time(); element_random(x); element_random(P); element_mul_zn(Ppub, P, x); element_printf("P = %B\n", P); element_printf("x = %B\n", x); element_printf("Ppub = %B\n", Ppub); printf("SIGN\n"); element_from_hash(H, "Message", 7); element_add(t1, H, x); element_invert(t1, t1); element_mul_zn(S, P, t1); printf("Signature of message \"Message\" is:\n"); element_printf("S = %B\n", S); printf("VERIFY\n"); element_from_hash(H, "Message", 7); element_mul_zn(t2, P, H); element_add(t2, t2, Ppub); element_pairing(t3, t2, S); element_pairing(t4, P, P); element_printf("e(H(m)P + Ppub, S) = %B\n", t3); element_printf("e(P, P) = %B\n", t4); if (!element_cmp(t3, t4)) printf("Signature is valid\n"); else printf("Signature is invalid\n"); time2 = pbc_get_time(); printf("All time = %fs\n", time2 - time1); element_clear(P); element_clear(Ppub); element_clear(x); element_clear(S); element_clear(H); element_clear(t1); element_clear(t2); element_clear(t3); element_clear(t4); pairing_clear(pairing); return 0; }
// USER JOIN PHASE 2 - user key generation (Join) int xsgs_user_join_phase2(XSGS_PUBLIC_KEY* gpk, XSGS_USER_DB_ENTRY* udbe, XSGS_ISSUER_KEY* ik, XSGS_PAILLIER_PUBKEY* ppk, XSGS_JOIN_PHASE1* jpd1, XSGS_JOIN_PHASE2* jpd2) { int ret; pairing_ptr pairing = gpk->pairing; field_ptr Fp = pairing->Zr; mpz_t r1, h; //, t; element_t R1, R2, g1, B, D, zp, gt, hp; mpz_init(h); mpz_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8); // 1. verify C e G1 and check U // R1 = g^s * c^h mod n^2 mpz_init(r1); mpz_powm2(r1, ppk->g, jpd1->U.s, jpd1->U.c, h, ppk->n_squared); // R2 = H^s * C^h element_init_G1(R2, pairing); element_pow_naf2_mpz(R2, gpk->H, jpd1->U.s, jpd1->C, h); mpz_clear(h); // h = H(g, n, c, C, H, R1, R2) DWORD data_len = mpz_length_in_bytes(ppk->g) + mpz_length_in_bytes(ppk->n_squared) + mpz_length_in_bytes(jpd1->U.c) + element_length_in_bytes(jpd1->C) + element_length_in_bytes(gpk->H) + mpz_length_in_bytes(r1) + element_length_in_bytes(R2); BYTE* data_buf = (BYTE*) malloc(data_len); data_buf += mpz_to_bytes(data_buf, ppk->g); data_buf += mpz_to_bytes(data_buf, ppk->n_squared); data_buf += mpz_to_bytes(data_buf, jpd1->U.c); data_buf += element_to_bytes(data_buf, jpd1->C); data_buf += element_to_bytes(data_buf, gpk->H); data_buf += mpz_to_bytes(data_buf, r1); data_buf += element_to_bytes(data_buf, R2); data_buf -= data_len; BYTE* hash = (BYTE*) malloc(JOIN_HASH_BITS / 8); xsgs_hash(data_buf, data_len * 8, hash, JOIN_HASH_BITS); free(data_buf); mpz_clear(r1); element_clear(R2); // compare hashes ret = memcmp(jpd1->U.hash, hash, JOIN_HASH_BITS / 8); free(hash); if (!ret) { element_t r; // initialization element_init(udbe->UCert.x, Fp); element_init_G1(udbe->UCert.A, pairing); element_init_G1(udbe->C, pairing); element_init_G1(jpd2->A, pairing); element_init_G1(g1, pairing); element_init_GT(B, pairing); element_init_GT(gt, pairing); element_init(zp, Fp); // save jpd1->C to ubde->C element_set(udbe->C, jpd1->C); // 2. x eR Zp and element_random(udbe->UCert.x); // A <- (G1 * C)^{1/(gamma + x)} element_add(zp, ik->gamma, udbe->UCert.x); element_invert(zp, zp); element_mul(jpd2->A, gpk->G1, jpd1->C); element_pow_naf(jpd2->A, jpd2->A, zp); element_set(udbe->UCert.A, jpd2->A); // 3. B <- e(G1 * C, G2) / e(A, W) = e(G1 * C, G2) * e(A^-1, W) element_mul(g1, gpk->G1, jpd1->C); element_pairing(B, g1, gpk->G2); element_invert(g1, jpd2->A); element_pairing(gt, g1, gpk->W); element_mul(B, B, gt); element_clear(g1); element_clear(zp); element_clear(gt); // 4. D <- e(A, G2) element_init_GT(D, pairing); element_pairing(D, jpd2->A, gpk->G2); // 5. V <- NIZKPoKDL(B, D) // T1 = B^gamma element_init_GT(jpd2->V.T1, pairing); element_pow_zn(jpd2->V.T1, B, ik->gamma); // T2 = D^gamma element_init_GT(jpd2->V.T2, pairing); element_pow_zn(jpd2->V.T2, D, ik->gamma); // r eR Zp element_init(r, Fp); element_random(r); // R1 = B^r element_init_GT(R1, pairing); element_pow_zn(R1, B, r); // R2 = D^r element_init_GT(R2, pairing); element_pow_zn(R2, D, r); // h = H(B, D, T1, T2, R1, R2) data_len = element_length_in_bytes(B) + element_length_in_bytes(D) + element_length_in_bytes(jpd2->V.T1) + element_length_in_bytes(jpd2->V.T2) + element_length_in_bytes(R1) + element_length_in_bytes(R2); data_buf = (BYTE*) malloc(data_len); data_buf += element_to_bytes(data_buf, B); data_buf += element_to_bytes(data_buf, D); data_buf += element_to_bytes(data_buf, jpd2->V.T1); data_buf += element_to_bytes(data_buf, jpd2->V.T2); data_buf += element_to_bytes(data_buf, R1); data_buf += element_to_bytes(data_buf, R2); data_buf -= data_len; jpd2->V.hash = (BYTE*) malloc(JOIN_HASH_BITS / 8); xsgs_hash(data_buf, data_len * 8, jpd2->V.hash, JOIN_HASH_BITS); element_init(hp, Fp); element_from_hash(hp, jpd1->U.hash, JOIN_HASH_BITS / 8); free(data_buf); element_clear(B); element_clear(D); element_clear(R1); element_clear(R2); // s = r - hash * gamma mod p element_init(jpd2->V.s, Fp); element_mul(jpd2->V.s, hp, ik->gamma); element_add(jpd2->V.s, r, jpd2->V.s); element_clear(r); element_clear(hp); } // return (A, V = (T1, T2, hash, s) ) return ret; }
int main(int argc, char **argv) { pairing_t pairing; element_t g1; element_t s, r; element_t id; element_t pri_id; element_t gID; element_t Ppub; element_t C1; element_t gIDr; pbc_demo_pairing_init(pairing, argc, argv); element_init_G1(g1, pairing); element_init_Zr(s, pairing); element_init_Zr(r, pairing); element_init_G1(id, pairing); element_init_G1(pri_id, pairing); element_init_GT(gID, pairing); element_init_G1(Ppub, pairing); element_init_G1(C1, pairing); element_init_GT(gIDr, pairing); double t0, t1, ttotal, ttotalpp; element_random(g1); element_random(s); element_random(r); element_random(id); element_pow_zn(Ppub, g1, s); ttotal = 0.0; t0 = pbc_get_time(); element_pow_zn(pri_id, id, s); element_pairing(gID, id, Ppub); element_pow_zn(gIDr, gID, r); t1 = pbc_get_time(); int i = 0; int n = 1000; for(i; i<n; i++) { t0 = pbc_get_time(); element_pow_zn(C1, g1, r); t1 = pbc_get_time(); ttotal += t1 - t0; } printf("if we only have one user and the user is cached, average enc time = %f\n", ttotal / n); i = 0; ttotal = 0.0; for(i; i<n; i++) { element_random(id); t0 = pbc_get_time(); element_pow_zn(pri_id, id, s); element_pairing(gID, id, Ppub); element_pow_zn(gIDr, gID, r); element_pow_zn(C1, g1, r); t1 = pbc_get_time(); ttotal += t1 - t0; } printf("100 diff users, average enc time = %f\n", ttotal / n); //dec ttotal = 0.0; element_t gIDr_prime; element_init_GT(gIDr_prime, pairing); i = 0; for(i; i<n; i++) { element_random(pri_id); element_random(C1); t0 = pbc_get_time(); element_pairing(gIDr_prime, pri_id, C1); t1 = pbc_get_time(); ttotal += t1 - t0; } printf("dec random messages, average dec time = %f\n", ttotal / n); /*if (!element_cmp(gIDr_prime, gIDr)) { printf("----------Confirm----------------\n");} else{ printf("----------damn--------\n"); }*/ }