void BroadcastKEM_using_product(global_broadcast_params_t gbp,
broadcast_system_t sys,
ct_t myct, element_t key)
{
if(!gbp) {
printf("ACK! You gave me no broadcast params! I die.\n");
return;
}
if(!sys) {
printf("ACK! You gave me no broadcast system! I die.\n");
return;
}
if(!myct) {
printf("ACK! No struct to store return vals! I die.\n");
return;
}
element_t t;
element_init_Zr(t, gbp->pairing);
element_random(t);
element_init(key, gbp->pairing->GT);
element_init(myct->C0, gbp->pairing->G2);
element_init(myct->C1, gbp->pairing->G1);
//COMPUTE K
element_pairing(key, gbp->gs[gbp->num_users-1], gbp->gs[0]);
element_pow_zn(key, key, t);
//COMPUTE C0
element_pow_zn(myct->C0, gbp->g, t);
//COMPUTE C1
if(DEBUG && 0) {
printf("\npub_key = ");
element_out_str(stdout, 0, sys->pub_key);
printf("\nencr_prod = ");
element_out_str(stdout, 0, sys->encr_prod);
}
element_mul(myct->C1, sys->pub_key, sys->encr_prod);
if(DEBUG && 0) {
printf("\npub_key = ");
element_out_str(stdout, 0, sys->pub_key);
printf("\nencr_prod = ");
element_out_str(stdout, 0, sys->encr_prod);
printf("\nhdr_c1 = ");
element_out_str(stdout, 0, myct->C1);
printf("\n");
}
element_pow_zn(myct->C1, myct->C1, t);
element_clear(t);
}
void bb_sign(unsigned char *sig, unsigned int hashlen, unsigned char *hash, bb_public_key_t pk, bb_private_key_t sk)
{
int len;
element_t sigma;
element_t r, z, m;
bb_sys_param_ptr param = pk->param;
pairing_ptr pairing = param->pairing;
element_init(r, pairing->Zr);
element_init(z, pairing->Zr);
element_init(m, pairing->Zr);
element_random(r);
element_from_hash(m, hash, hashlen);
element_mul(z, sk->y, r);
element_add(z, z, sk->x);
element_add(z, z, m);
element_invert(z, z);
element_init(sigma, pairing->G1);
element_pow_zn(sigma, pk->g1, z);
len = element_to_bytes_x_only(sig, sigma);
element_to_bytes(&sig[len], r);
element_clear(sigma);
element_clear(r);
element_clear(z);
element_clear(m);
}
void setup_global_broadcast_params(global_broadcast_params_t *sys, int num_users)
{
global_broadcast_params_t gbs;
gbs = pbc_malloc(sizeof(struct global_broadcast_params_s));
// Setup curve in gbp
size_t count = strlen(PBC_PAIRING_PARAMS);
if (!count) pbc_die("input error");
if (pairing_init_set_buf(gbs->pairing, PBC_PAIRING_PARAMS, count))
pbc_die("pairing init failed");
gbs->num_users = num_users;
element_t *lgs;
int i;
lgs = pbc_malloc(2 * num_users * sizeof(element_t));
if(!(lgs)) {
printf("\nMalloc Failed\n");
printf("Didn't finish system setup\n\n");
}
//Set g as a chosen public value
element_init(gbs->g, gbs->pairing->G1);
i=element_set_str(gbs->g, PUBLIC_G, PBC_CONVERT_BASE);
//Get alpha from Zp as mentioned in the paper
element_init_Zr(gbs->alpha, gbs->pairing);
element_random(gbs->alpha); //pick random alpha value and later delete from memory
//i=element_set_str(gbs->alpha, PRIVATE_ALPHA, PBC_CONVERT_BASE); //alpha is initialised as secret and later removed from memory
//Make the 0th element equal to g^alpha
element_init(lgs[0], gbs->pairing->G1);
element_pow_zn(lgs[0],gbs->g, gbs->alpha);
//Fill in the gs and the hs arrays
for(i = 1; i < 2*num_users; i++) {
//raise alpha to one more power
element_init(lgs[i], gbs->pairing->G1);
element_pow_zn(lgs[i], lgs[i-1], gbs->alpha);
}
element_clear(lgs[num_users]); //remove g^(alpha^(n+1)) as it can leak info about parameters
//For simplicity & so code was easy to read
gbs->gs = lgs;
*sys = gbs;
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
char m[80]={0};
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
printf("Enter the message to be encrypted : ");
gets(m);
size_t len_m = sizeof(m);
unsigned char hash[30];
SHA1(m, len_m, hash);
printf("The hash is : %s", hash);
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
element_printf("The public key is %B\n", public_key);
element_from_hash(h, hash, 30);
element_pow_zn(sig, h, secret_key);
pairing_apply(temp1, sig, g, pairing);
pairing_apply(temp2, h, public_key, pairing);
if(!element_cmp(temp1, temp2)){
printf("\nVerified\n");}
else{
printf("\nNot verified\n");
}
}
//Called in file encryption function to generate C0,C1,C0',C1' and EK
//returns CT,EK
void EK_CT_generate(char *gamma, int *shared_users, int num_users, unsigned char *pps, ct CT, element_t EK, char *t_str)
{
global_broadcast_params_t gbs;
element_t t;
int j;
//Global Setup of gbs params
setup_global_broadcast_params(&gbs, pps);
element_set_str(gbs->gamma, gamma, PBC_CONVERT_BASE); //it is important to set user gamma here else a random value will be used
//pick a random value of t from Zr
element_init_Zr(t, gbs->pairing);
element_random(t);
element_snprint(t_str,MAX_ELEMENT_LEN,t);
//compute C0=g^t
element_init(CT->OC0, gbs->pairing->G1);
element_pow_zn(CT->OC0, gbs->g, t);
//compute C1=(g^gamma)x(g[num_users+1-j]) for j in all shared users
element_init(CT->OC1, gbs->pairing->G1);
element_pow_zn(CT->OC1, gbs->g, gbs->gamma); //at this step C1 = g^gamma = v as given in paper
for(j=0;j<num_users;j++)
element_mul(CT->OC1, CT->OC1, gbs->gs[(gbs->num_users)-shared_users[j]]);
element_pow_zn(CT->OC1, CT->OC1, t);
//Duplicate C0'=C0
element_init(CT->C0, gbs->pairing->G1);
element_set(CT->C0,CT->OC0);
//Duplicate C1'=C1
element_init(CT->C1, gbs->pairing->G1);
element_set(CT->C1,CT->OC1);
//COMPUTE EK = e(g[n], g[1])^(t)
element_init(EK, gbs->pairing->GT);
element_pairing(EK, gbs->gs[0],gbs->gs[gbs->num_users-1]); //at this step EK = e(g[1],g[n])
element_pow_zn(EK,EK,t); //EK = e(g[1],g[n])^t
//free the memory for global broadcast params
element_clear(t);
FreeGBP(gbs);
return;
}
int bb_verify(unsigned char *sig, unsigned int hashlen, unsigned char *hash, bb_public_key_t pk)
{
element_t sigma, r;
element_t m;
element_t t0, t1, t2;
int res;
int len;
pairing_ptr pairing = pk->param->pairing;
element_init(m, pairing->Zr);
element_from_hash(m, hash, hashlen);
element_init(sigma, pairing->G1);
len = element_from_bytes_x_only(sigma, sig);
element_init(r, pairing->Zr);
element_from_bytes(r, sig + len);
element_init(t0, pairing->G2);
element_init(t1, pairing->G2);
element_init(t2, pairing->GT);
element_pow_zn(t0, pk->g2, m);
element_pow_zn(t1, pk->v, r);
element_mul(t0, t0, t1);
element_mul(t0, t0, pk->u);
element_pairing(t2, sigma, t0);
if (!element_cmp(t2, pk->z)) {
res = 1;
} else {
element_mul(t2, t2, pk->z);
res = element_is1(t2);
}
element_clear(t0);
element_clear(t1);
element_clear(t2);
element_clear(m);
element_clear(sigma);
element_clear(r);
return res;
}
void consumerShares(signed long int *codeword){
pairing_t pairing;
element_t g, r, a, e_g_g, share;
char *argv = "./param/a.param";
char s[16384];
signed long int temp_share;
FILE *fp = stdin;
fp = fopen(argv, "r");
if (!fp)
pbc_die("error opening %s\n", argv);
size_t count = fread(s, 1, 16384, fp);
if(!count)
pbc_die("read parameter failure\n");
fclose(fp);
if(pairing_init_set_buf(pairing, s, count))
pbc_die("pairing init failed\n");
if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n");
element_init_G1(g, pairing);
element_init_Zr(r, pairing);
element_init_Zr(a, pairing);
element_init_Zr(share, pairing);
element_init_GT(e_g_g, pairing);
//find the generator of the group
element_set(g, ((curve_data_ptr)((a_pairing_data_ptr)
pairing->data)->Eq->data)->gen);
element_random(r);
element_random(a);
//compute e(g, g)
element_pairing(e_g_g, g, g);
//compute e(g, g)^r
element_pow_zn(e_g_g, e_g_g, r);
//compute e(g,g)^ra
element_pow_zn(e_g_g, e_g_g, a);
temp_share = codeword[0];
//transfer signed long int type ecret shares to an element_t type before we do the power of
//e_g_g
element_set_si(share, temp_share);
element_pow_zn(e_g_g, e_g_g, share);
}
void bb_gen(bb_public_key_t pk, bb_private_key_t sk, bb_sys_param_t param)
{
pairing_ptr pairing = param->pairing;
pk->param = sk->param = param;
element_init(sk->x, pairing->Zr);
element_init(sk->y, pairing->Zr);
element_random(sk->x);
element_random(sk->y);
element_init(pk->g1, param->pairing->G1);
element_init(pk->g2, param->pairing->G2);
element_init(pk->z, param->pairing->GT);
element_random(pk->g2);
element_random(pk->g1);
element_init(pk->u, param->pairing->G2);
element_init(pk->v, param->pairing->G2);
element_pow_zn(pk->u, pk->g2, sk->x);
element_pow_zn(pk->v, pk->g2, sk->y);
element_pairing(pk->z, pk->g1, pk->g2);
}
void Manager::KeyGeneration(string & PK, string & IK, string & OK)
{
element_t gt_new;
element_t g_new;
element_t X_new;
element_t Y_new;
element_t h_new;
element_t y1_new;
element_t y2_new;
element_t y3_new;
//issuer secret
element_t x_new;
element_t y_new;
//open secret
element_t x1_new;
element_t x2_new;
element_t x3_new;
element_t x4_new;
element_t x5_new;
//init public key
element_init_G1(g_new, pairing);
element_init_GT(gt_new, pairing);
element_init_G1(X_new, pairing);
element_init_G1(Y_new, pairing);
element_init_GT(h_new, pairing);
element_init_GT(y1_new, pairing);
element_init_GT(y2_new, pairing);
element_init_GT(y3_new, pairing);
//init issuer key
element_init_Zr(x_new, pairing);
element_init_Zr(y_new, pairing);
//init open key
element_init_Zr(x1_new, pairing);
element_init_Zr(x2_new, pairing);
element_init_Zr(x3_new, pairing);
element_init_Zr(x4_new, pairing);
element_init_Zr(x5_new, pairing);
//set tmp variables
element_t temp_y1;
element_t temp_y2;
element_init_GT(temp_y1, pairing);
element_init_GT(temp_y2, pairing);
//generate system parameters
element_random(g_new);
element_pairing(gt_new,g_new,g_new);
//generate private keys of group manager
element_random(x_new);
element_random(y_new);
//compute X Y
element_pow_zn(X_new,g_new,x_new);
element_pow_zn(Y_new,g_new,y_new);
//generate h != 1
do
{
element_random(h_new);
}
while(element_is1(h_new));
//rand of secret set x1...x5
element_random(x1_new);
element_random(x2_new);
element_random(x3_new);
element_random(x4_new);
element_random(x5_new);
//compute y1
element_pow_zn(temp_y1,gt_new,x1_new);
element_pow_zn(temp_y2,h_new,x2_new);
element_mul(y1_new,temp_y1,temp_y2);
//compute y2
element_pow_zn(temp_y1,gt_new,x3_new);
element_pow_zn(temp_y2,h_new,x4_new);
element_mul(y2_new,temp_y1,temp_y2);
//compute y3
element_pow_zn(y3_new,gt_new,x5_new);
//Write keys
PK=GroupPublicKeyToString(g_new, gt_new, X_new, Y_new, h_new, y1_new, y2_new, y3_new);
IK=SecretIssuerKeyToString(x_new,y_new);
OK=SecretOpenKeyToString(x1_new,x2_new,x3_new,x4_new,x5_new);
//clear elements
//clear public key
element_clear(g_new);
element_clear(gt_new);
element_clear(X_new);
element_clear(Y_new);
element_clear(h_new);
element_clear(y1_new);
element_clear(y2_new);
element_clear(y3_new);
//clear issuer key
element_clear(x_new);
element_clear(y_new);
//clear open key
element_clear(x1_new);
element_clear(x2_new);
element_clear(x3_new);
element_clear(x4_new);
element_clear(x5_new);
//clear tmps
element_clear(temp_y1);
element_clear(temp_y2);
}
int Manager::Open(string sign, char*mes, int len_mes)
{
int ret;
if(Verification(sign, mes, len_mes)!=true)
return -1;
//compare variable
bool cmp_var=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
element_t c_H;
element_t tmp_pow;
element_t check_T4;
element_t tmp_T2;
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(H, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(c_H, pairing);
element_init_Zr(tmp_pow, pairing);
element_init_GT(check_T4, pairing);
element_init_GT(tmp_T2, pairing);
//read sign
SignatureFromString(sign, c_H, Sp, Sm, Sv, T1, T2, T3, T4, T5, T6, T7);
//add verify sign
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//T4 check
element_mul(tmp_pow, x5,H);
element_add(tmp_pow, tmp_pow,x3);
element_pow_zn(check_T4, T1, tmp_pow);
element_pow_zn(tmp_T2, T2, x4);
element_mul(check_T4, check_T4,tmp_T2);
cmp_var=element_cmp(check_T4,T4);//0==ok
//compute Pi2
element_t check_Pi2;
element_init_GT(check_Pi2, pairing);
element_pow_zn(tmp_T2, T1, x1);
element_pow_zn(check_Pi2, T2, x2);
element_mul(tmp_T2, tmp_T2,check_Pi2);
element_div(check_Pi2, T3,tmp_T2);
//find Pi2 in reg list
if(cmp_var)
ret=-1;
else
ret=SearchInRegistrationList(check_Pi2);
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(H);
element_clear(c_H);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(tmp_pow);
element_clear(check_T4);
element_clear(tmp_T2);
return ret;
}
bool Manager::Verification(string signature, char*mes, int len_mes)
{
//compare variables
bool cmp_value_1=0;
bool cmp_value_2=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t c_H;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
//init
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(H, pairing);
element_init_Zr(c_H, pairing);
SignatureFromString(signature, c_H,Sp,Sm,Sv,T1,T2,T3,T4,T5,T6,T7);
//heshing
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//compute R1'
element_t tmp_1;
element_t tmp_2;
element_t tmp_3;
element_t R1_;
element_init_GT(R1_, pairing);
element_init_GT(tmp_1, pairing);
element_init_GT(tmp_2, pairing);
element_init_GT(tmp_3, pairing);
element_pairing(tmp_1, g, T7);
element_pow_zn(tmp_2, tmp_1, Sp);
element_pairing(tmp_1, X, T6);
element_pow_zn(tmp_3, tmp_1, Sm);
element_div(R1_, tmp_2, tmp_3);
element_pairing(tmp_3, X, T5);
element_pow_zn(tmp_3, tmp_3, c_H);
element_div(R1_, R1_, tmp_3);
//compute R2'
element_t R2_;
element_init_GT(R2_, pairing);
element_pow_zn(R2_, gt, Sv);
element_pow_zn(tmp_1, T1, c_H);
element_div(R2_, R2_, tmp_1);
//compute R3'
element_t R3_;
element_init_GT(R3_, pairing);
element_pow_zn(tmp_1, h, Sv);
element_pow_zn(tmp_2, T2, c_H);
element_sub(R3_, tmp_1, tmp_2);
//compute R4'
element_t R4_;
element_init_GT(R4_, pairing);
element_pow_zn(tmp_1, y1, Sv);
element_pow_zn(tmp_2, gt, Sm);
element_mul(tmp_3, tmp_1, tmp_2);
element_pow_zn(tmp_1,T3, c_H);
element_sub(R4_, tmp_3, tmp_1);
//compute R5'
element_t R5_;
element_init_GT(R5_, pairing);
element_t tmp_pow;
element_init_Zr(tmp_pow, pairing);
element_t tmp_div;
element_init_GT(tmp_div, pairing);
element_pow_zn(R5_, y2, Sv);
element_pow_zn(tmp_div,y3,H);
element_pow_zn(tmp_div,tmp_div,Sv);
element_mul(R5_,R5_,tmp_div);
element_pow_zn(tmp_div,T4, c_H);
element_div(R5_, R5_, tmp_div);
//check c_H == c_H'
element_t check_c_H;
element_init_Zr(check_c_H, pairing);
Helper::Hash_C(check_c_H,R1_,R2_,R3_,R4_,R5_,g,gt,X,Y,h,y1,y2,y3,mes,len_mes);
//check e(T 5 , Y ) == e(g, T 6 )
element_t check_1;
element_init_GT(check_1, pairing);
element_t check_2;
element_init_GT(check_2, pairing);
element_pairing(check_1, T5,Y);
element_pairing(check_2, g,T6);
//cmp_value_1
cmp_value_1=element_cmp(check_c_H,c_H);//0==ok
//cmp_value_2
cmp_value_2=element_cmp(check_1,check_2);//0==ok
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(H);
element_clear(c_H);
element_clear(R1_);
element_clear(R2_);
element_clear(R3_);
element_clear(R4_);
element_clear(R5_);
element_clear(tmp_1);
element_clear(tmp_2);
element_clear(tmp_3);
element_clear(tmp_pow);
element_clear(tmp_div);
element_clear(check_c_H);
element_clear(check_1);
element_clear(check_2);
if(cmp_value_1||cmp_value_2)
return 0;
else
return 1;
}
void BSActivity(unsigned char *da, unsigned char *db, unsigned char *dc, unsigned char *dcu) {
//signature decompress
//printf("Verifying....\n");
element_t cu, A, B, C;
element_init_G1(A, pairing);
element_init_G1(B, pairing);
element_init_G1(C, pairing);
element_init_Zr(cu, pairing2);
element_from_bytes_compressed(A, da);
element_from_bytes_compressed(B, db);
element_from_bytes_compressed(C, dc);
element_from_bytes(cu, dcu);
pbc_free(da);
pbc_free(db);
pbc_free(dc);
pbc_free(dcu);
//verification I
element_t exbcu;
element_t tmp1, tmp2, right, left;
element_init_GT(exbcu, pairing);
element_init_GT(tmp1, pairing);
element_init_GT(tmp2, pairing);
element_init_GT(right, pairing);
element_init_GT(left, pairing);
element_pairing(tmp1, X, A);
element_pairing(tmp2, X, B);
element_pow_zn(exbcu, tmp2, cu);
element_mul(left, tmp1, exbcu);
element_pairing(right, g, C);
if (!element_cmp(left, right)) {
//printf("part 1 verifies\n");
} else {
printf("*BUG* part 1 does not verify *BUG*\n");
}
//verification II
element_pairing(left, A, Y);
element_pairing(right, g, B);
if (!element_cmp(left, right)) {
//printf("part 2 verifies\n");
} else {
printf("*BUG* part 2 does not verify *BUG*\n");
}
if(ifsize) {
int totalsize = sizeof(tmp1) + sizeof(tmp2) + sizeof(right) + sizeof(left) +
sizeof(A) + sizeof(B) + sizeof(C) + sizeof(cu);
printf("Memory used at base station is %d bytes. \n", totalsize);
}
element_clear(exbcu);
element_clear(tmp1);
element_clear(tmp2);
element_clear(right);
element_clear(left);
element_clear(A);
element_clear(B);
element_clear(C);
element_clear(cu);
return;
}
bool Manager::JoinMember(string request, string & respond)
{
//elements
element_t Pi1;
element_t Pi2;
element_t Sk;
element_t R;
element_init_G1(Pi1,pairing);
element_init_GT(Pi2, pairing);
element_init_Zr(Sk, pairing);
element_init_G1(R,pairing);
//read & check SoK
string hash;
string hash_check;
RequestFromString(request,hash,Sk,Pi1);
//check Pi1 is point of curve
if(element_item_count(Pi1)!=2)
{
element_clear(Pi1);
element_clear(Pi2);
element_clear(Sk);
element_clear(R);
return 1;//failure
}
element_t tmp1, tmp2;
element_t c_Hsok;
element_init_G1(tmp1, pairing);
element_init_G1(tmp2, pairing);
element_init_Zr(c_Hsok, pairing);
element_from_hash(c_Hsok,(void*)hash.c_str(),hash.length());
element_pow_zn(tmp1,g,Sk);
element_pow_zn(tmp2,Pi1,c_Hsok);
element_div(R,tmp1,tmp2);
hash_check=Helper::Hash_g_R(g,R);
if(hash.compare(hash_check))
{
element_clear(Pi1);
element_clear(Pi2);
element_clear(Sk);
element_clear(R);
element_clear(tmp1);
element_clear(tmp2);
element_clear(c_Hsok);
return 1;//failure
}
//generate r_issuer
element_t issuer_r;
element_init_Zr(issuer_r, pairing);
element_random(issuer_r);
//create a b c
element_t ai;
element_t bi;
element_t ci;
element_t temp_ci1;
element_t temp_ci2;
//init
element_init_G1(ai, pairing);
element_init_G1(bi, pairing);
element_init_G1(ci, pairing);
element_init_G1(temp_ci1, pairing);
element_init_G1(temp_ci2, pairing);
//compute ai bi ci
element_pow_zn(ai,g,issuer_r);//ai
element_pow_zn(bi,ai,y);//bi
element_pow_zn(temp_ci1,ai,x);
element_pow_zn(temp_ci2,Pi1,issuer_r);
element_pow_zn(temp_ci2,temp_ci2,x);
element_pow_zn(temp_ci2,temp_ci2,y);
element_mul(ci,temp_ci1,temp_ci2);//ci
//create RESPOND
respond=MemberSecretToString(ai,bi,ci);
//compute Pi2
element_pairing(Pi2,Pi1,g);
//Write_to_reg_list
AddToRegistrationList(Pi1, Pi2);
//clear elements
element_clear(issuer_r);
element_clear(Pi1);
element_clear(Pi2);
element_clear(temp_ci1);
element_clear(temp_ci2);
element_clear(tmp1);
element_clear(tmp2);
element_clear(c_Hsok);
element_clear(Sk);
element_clear(R);
element_clear(ai);
element_clear(bi);
element_clear(ci);
return 0;//success
}
int main(int argc, char *argv[])
{
///list all the files in the directory///
DIR *d;
FILE *fpub, *fpriv, *fciph, *fplain, *ftag, *fpairing, *ftemp, *frand;//, *fp6, *fp7;
paillier_pubkey_t *pub;
paillier_prvkey_t *priv;
paillier_get_rand_t get_rand;
paillier_plaintext_t *plain;
paillier_ciphertext_t *cipher, *cipher_copy;
paillier_tag* tag;
mpz_t tag_sig, *rand_prf;
gmp_randstate_t rand;
char *len;
struct stat st= {0};
unsigned char *data;
int count=0, count1=0, gbytes, n, no_copies=10;
struct dirent *dir;
///pairing parameters
pairing_t pairing;
//pairing_t p;
//printf("setting pairing parameters\n");
//pairing_init_set_str(pairing, param_str);
// printf("after pairing setup\n");
element_t g, h, u, temp_pow, test1, test2;
element_t public_key, sig;
element_t secret_key;
///end of pairing parameters
//initialize pairing parametrs
pbc_demo_pairing_init(pairing, argc, argv);
element_init_G2(g, pairing);
element_init_G1(u, pairing);
element_init_G1(test1, pairing);
element_init_G2(test2, pairing);
element_init_G1(temp_pow, pairing);
element_init_G2(public_key, pairing);
// element_from_hash(h, "hashofmessage", 13);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_Zr(secret_key, pairing);
//end of pairing parameters initialization
//set up pairing parameters
//generate system parameters
element_random(g);
// n = pairing_length_in_bytes_x_only_G1(pairing);
// data = pbc_malloc(n);
// gbytes = pairing_length_in_bytes_G2(pairing);
// printf(" \n g in bytes %d \n", gbytes);
// element_printf("system parameter g = %B\n", g);
//generate private key
element_random(secret_key);
//generate u
element_random(u);
//calculating hash of a file name and mapping it to element in group G1
// element_from_hash(h, "FileName", 8);
element_random(h);
//element_printf("private key = %B\n", secret_key);
//compute corresponding public key
element_pow_zn(public_key, g, secret_key);
//element_printf("public key = %B\n", public_key);
//end of setup
tag = (paillier_tag*) malloc(sizeof(paillier_tag));
plain = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
cipher = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
mpz_init(plain->m);
mpz_init(tag->t);
mpz_init(cipher->c);
mpz_init(tag_sig);
rand_prf = (mpz_t*) malloc(n*sizeof(mpz_t));
len = (char *)malloc(2048*sizeof(char));
//****paillier key generation****
if(!(fpub = fopen("pub.txt", "r")))
{
//fputs("Not able to read public key file!\n", stderr);
paillier_keygen(&pub, &priv, get_rand,450);
//fclose(fpub);
fpub = fopen("pub.txt", "w");
gmp_fprintf(fpub, "%Zd\n", pub->p);
gmp_fprintf(fpub, "%Zd\n", pub->q);
gmp_fprintf(fpub, "%Zd\n", pub->n_plusone);
//***Writing private keys into a file***
fpriv = fopen("priv.txt", "w");
gmp_fprintf(fpriv, "%Zd\n", priv->lambda);
gmp_fprintf(fpriv, "%Zd\n", priv->x);
fclose(fpriv);
//****End of writing private key in a file***
}
else
{
printf("\n in else");
pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
mpz_init(pub->n_squared);
mpz_init(pub->n);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->p, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->q, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->n_plusone, len, 10);
//printf("value of nplusone : \n");
//mpz_out_str(stdout, 10, pub->n_plusone);
paillier_keygen(&pub, &priv, get_rand, 0);
pub->bits = mpz_sizeinbase(pub->n, 2);
}
fclose(fpub);
//****end of paillier key generation****
//printf("writing pairing parameters to a file\n");
//writing pairing keys to file
fpairing = fopen("pairing.txt", "w");
/* n = pairing_length_in_bytes_compressed_G2(pairing);
data = pbc_malloc(n);
element_to_bytes_compressed(data, g);
element_printf(" decomp g %B\n", g);
element_from_bytes_compressed(test2, data);
element_printf(" decomp g %B\n", test2); */
//writing compressed g to file
element_fprintf(fpairing, "%B\n", g);
// element_printf(" g = %B\n", g);
/*n = pairing_length_in_bytes_compressed_G1(pairing);
data = pbc_malloc(n);
element_to_bytes_compressed(data, u);
element_printf(" decomp g %B\n", u);
element_from_bytes_compressed(test1, data);
element_printf(" decomp g %B\n", test1);
//writing compressed u to file */
element_fprintf(fpairing, "%B\n", u);
//element_printf(" u = %B\n", u);
//writing secret key to file
element_fprintf(fpairing, "%B\n", secret_key);
//element_printf(" sk = %B\n", secret_key);
// printf("secret key = %s\n",secret_key);
/* n = pairing_length_in_bytes_compressed_G2(pairing);
data = pbc_malloc(n);
element_to_bytes_compressed(data, public_key);
//writing compressed public key to file */
element_fprintf(fpairing, "%B\n", public_key);
//element_printf("pk = %B\n", public_key);
/* n = pairing_length_in_bytes_compressed_G1(pairing);
data = pbc_malloc(n);
element_to_bytes_compressed(data, h);
element_printf(" decomp g %B\n", h);
element_from_bytes_compressed(test1, data);
element_printf(" decomp g %B\n", test1);
//writing compressed h to file */
element_fprintf(fpairing, "%B\n", h);
//element_printf("h = %B\n", h);
//writing n to file
gmp_fprintf(fpairing, "%Zd\n", pub->n);
fclose(fpairing);
//end of writing pairing keys to file
cipher_copy = (paillier_ciphertext_t*)malloc(no_copies*sizeof(paillier_ciphertext_t));
frand = fopen("rand.txt","w");
int i;
init_rand(rand, get_rand, pub->bits / 8 + 1);
for(i = 0; i< no_copies; i++)
{
mpz_init(rand_prf[i]);
do
mpz_urandomb(rand_prf[i], rand, pub->bits);
while( mpz_cmp(rand_prf[i], pub->n) >= 0 );
gmp_fprintf(frand, "%Zd\n", rand_prf[i]);
//printf("\nrandom : \n");
//mpz_out_str(stdout, 10, rand_prf[i]);
}
fclose(frand);
//****Opening files to read files and encrypt*****
d = opendir("./split");
if (d)
{
while ((dir = readdir(d)) != NULL)
{
//printf("%s\n", dir->d_name);
char fileName[1000], copy[1000];
strcpy(fileName, "./split/");
strcat(fileName,dir->d_name);
//printf("\nfile name %s", fileName);
if(!(fplain = fopen(fileName, "r")))
{
printf("\n not able to read %s", fileName);
// fputs("not possible to read file!\n", stderr);
count1++;
}
else
{
//printf("\n able to read %s", fileName);
fgets(len, 2048, fplain);
mpz_init_set_str(plain->m, len, 10);
// mpz_out_str(stdout, 10, plain->m);
fclose(fplain);
//Writing cipher text to files
strcpy(fileName, "./cipher/");
//strcat(fileName,dir->d_name);
//printf("\nfilename %s",fileName);
paillier_enc(tag, cipher_copy, pub,plain, get_rand, no_copies, rand_prf);
// mpz_out_str(stdout, 10, tag->t);
int j;
for(j=0;j < no_copies; j++)
{
char num[20];
strcpy(copy, fileName);
sprintf(num, "copy%d/", (j+1));
// strcat(copy, );
strcat(copy, num);
if(stat(copy, &st) == -1)
mkdir(copy,0777);
strcat(copy,dir->d_name);
if(!(fciph = fopen(copy, "w")))
{
printf("\nnot able to open file for writing cipher text %s", copy);
}
else
{
// printf("\nbefore enc");
gmp_fprintf(fciph, "%Zd\n", cipher_copy[j].c);
fclose(fciph);
}
}
//writing tags to files
strcpy(fileName, "./tag/");
strcat(fileName,dir->d_name);
//printf("\nfilename %s",fileName);
if(!(ftag = fopen(fileName, "w")))
{
printf("not able to open file for writing tag %s", fileName);
}
else
{
element_pow_mpz(temp_pow,u, tag->t);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig, temp_pow, secret_key);
element_fprintf(ftag, "%B", sig);
fclose(ftag);
}
}
count++;
}
closedir(d);
}
printf("\nTotal number of files : %d, unreadable files %d", count, count1);
return 0;
}
void wSetup(char *string,int attrNo,pairing_t *pairing, MSP *msp){
int count = 0;//the index of the attribute array
/*
if(!strcmp(string,"ordinary")){
setupOrdinaryPairing(pairing);//setup pairing first
printf("Use ordinary curve...\n");
}else if(!strcmp(string,"singular")){
setupSingularPairing(pairing);//setup pairing first
printf("Use singular curve...\n");
}else{
fprintf(stderr,"Wrong input arguments!");
fprintf(stderr,"Please input <./wAbe><sinuglar> or <./wAbe><ordinary>\n");
}
*/
element_t g;//the generator of G
element_init_G2(g,*pairing);//initial the generator g
element_random(g);
/* initial the random group elements h_1...h_attrNo
which belog to G and are associated with the attrNo
attributes in the system.
*/
element_t h;
element_init_G2(h,*pairing);
//initial the h
element_t alpha;
element_t a;
//initial the alpha and a in Z_p
element_init_Zr(alpha,*pairing);
element_init_Zr(a,*pairing);
element_random(alpha);
element_random(a);
//public key e(g,g)^alpha
element_t pubKey;
element_t gAlpha;
element_t gA;
element_init_GT(pubKey,*pairing);//initial the publicKey
element_init_G2(gAlpha,*pairing);//initial the gAlpha
element_init_G2(gA,*pairing);//initial the gA
element_pow_zn(gAlpha,g,alpha);//gAlpha=g^alpha
element_pow_zn(gA,g,a);//gA=g^a
weilPairing(&pubKey,g,gAlpha,*pairing);//publicKey = e(g,g^alpha) = e(g,g)^alpha
//Master secret key
element_t msk;
element_init_G2(msk,*pairing);
element_set(msk,gAlpha);//msk = g^alpha
//write the master key and public key to file
FILE* fG = fopen("publicKey/g.key","w");//file pointer to the public key g
FILE* fGA = fopen("publicKey/gA.key","w");//file pointer to the public key gA
FILE* fPub = fopen("publicKey/eGG.key","w");//file pointer to the public key e(g,gALPHA)
FILE* fH;//file pointer the the attribute key
FILE* fMsk = fopen("MSK/msk.key","w");//file pointer to the master key
element_fprintf(fG,"%B\n",g);
element_fprintf(fPub,"%B\n",pubKey);
element_fprintf(fGA,"%B\n",gA);
count = 0;
char hCmd[100];//the command line for the pointer of FILE* fH
char attrName[2];//the name of attribute
memset(hCmd,'\0',100);
memset(attrName,'\0',2);
strcpy(hCmd,"publicKey/h");
while(count!=attrNo){
sprintf(attrName,"%c",msp->label[count]);
strcat(hCmd,attrName);
strcat(hCmd,".key");
fH = fopen(hCmd,"w");
element_random(h);
element_fprintf(fH,"%B",h);
memset(hCmd,'\0',100);
strcpy(hCmd,"publicKey/h");
memset(attrName,'\0',2);
fclose(fH);
count++;
}
element_clear(h);
element_fprintf(fMsk,"%B\n",msk);
//close the file pointer and clear all the element
fclose(fG);
fclose(fGA);
fclose(fPub);
fclose(fMsk);
element_clear(g);
element_clear(a);
element_clear(alpha);
element_clear(gAlpha);
element_clear(gA);
element_clear(pubKey);
element_clear(msk);
}//end of setup
void UEActivity(unsigned char **da, unsigned char **db, unsigned char **dc, unsigned char **dcu) {
//printf("Generating keys.....\n");
element_t a, b, c, cu, r, A, B, C;
element_t ax, a1cuxy;
element_t xy, cuxy;
element_init_G1(a, pairing);
element_init_G1(b, pairing);
element_init_G1(c, pairing);
element_init_Zr(r, pairing);
element_init_G1(A, pairing);
element_init_G1(B, pairing);
element_init_G1(C, pairing);
element_init_G1(ax, pairing);
element_init_G1(a1cuxy, pairing);
//temporarily regard p and q are independent
//instead of p = 2q + 1
element_init_Zr(xy, pairing2);
element_init_Zr(cuxy, pairing2);
element_init_Zr(cu, pairing2);
//temporarily regard cu as a random number in Zr
//instead of Cu = r^k&^ru
element_random(cu);
element_random(a);
if(verbose) element_printf("sig component a = %B\n", a);
element_pow_zn(b, a, y);
// mpz_t mpz_a, mpz_b, mpz_c;
// mpz_inits(mpz_a, mpz_b, mpz_c, NULL);
// element_to_mpz(mpz_a, a);
// mpz_powm(mpz_b, mpz_a, mpz_y, pairing->r);
// element_set_mpz(b, mpz_b);
//element_pow_zn(b, a, y);
if(verbose) element_printf("sig component b = %B\n", b);
element_pow_zn(ax, a, x);
// mpz_t mpz_ax, mpz_a1cuxy, mpz_cuxy;
// mpz_inits(mpz_ax, mpz_a1cuxy, mpz_cuxy, NULL);
// mpz_powm(mpz_ax, mpz_a, mpz_x, pairing->r);
// element_set_mpz(ax, mpz_ax);
element_mul(xy, x, y);
element_mul(cuxy, xy, cu);
element_pow_zn(a1cuxy, a, cuxy);
// element_to_mpz(mpz_cuxy, cuxy);
// mpz_powm(mpz_a1cuxy, mpz_a, mpz_cuxy, pairing->r);
// element_set_mpz(a1cuxy, mpz_a1cuxy);
element_mul(c, ax, a1cuxy);
if(verbose) element_printf("sig component c = %B\n", c);
//blind the signature
// mpz_t mpz_A, mpz_B, mpz_C, mpz_r;
// mpz_inits(mpz_A, mpz_B, mpz_C, mpz_r, NULL);
element_random(r);
element_pow_zn(A, a, r);
element_pow_zn(B, b, r);
element_pow_zn(C, c, r);
// element_to_mpz(mpz_r, r);
// mpz_powm(mpz_A, mpz_a, mpz_r, pairing->r);
// mpz_powm(mpz_B, mpz_b, mpz_r, pairing->r);
// mpz_powm(mpz_C, mpz_c, mpz_r, pairing->r);
// element_set_mpz(A, mpz_A);
// element_set_mpz(B, mpz_B);
// element_set_mpz(C, mpz_C);
//clear meta elements
element_clear(ax);
element_clear(a1cuxy);
element_clear(xy);
element_clear(cuxy);
element_clear(r);
element_clear(a);
element_clear(b);
element_clear(c);
// mpz_clear(mpz_a);
// mpz_clear(mpz_b);
// mpz_clear(mpz_c);
// mpz_clear(mpz_ax);
// mpz_clear(mpz_a1cuxy);
// mpz_clear(mpz_cuxy);
// mpz_clear(mpz_A);
// mpz_clear(mpz_B);
// mpz_clear(mpz_C);
// mpz_clear(mpz_r);
//signature compress
int n = pairing_length_in_bytes_compressed_G1(pairing);
int m = pairing_length_in_bytes_Zr(pairing2);
*da = pbc_malloc(n);
*db = pbc_malloc(n);
*dc = pbc_malloc(n);
*dcu = pbc_malloc(m);
element_to_bytes_compressed(*da, A);
element_to_bytes_compressed(*db, B);
element_to_bytes_compressed(*dc, C);
element_to_bytes(*dcu, cu);
return;
}
int main(int argc, char **argv) {
pairing_t pairing;
double time1, time2;
element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
element_init_G1(P, pairing);
element_init_G1(t1, pairing);
element_init_G1(t2, pairing);
element_init_G1(t3, pairing);
element_init_Zr(a, pairing);
element_init_Zr(b, pairing);
element_init_Zr(c, pairing);
element_init_GT(t4, pairing);
element_init_GT(t5, pairing);
element_init_GT(t6, pairing);
element_init_GT(Ka, pairing);
element_init_GT(Kb, pairing);
element_init_GT(Kc, pairing);
time1 = pbc_get_time();
printf("Joux key agreement between A, B and C.\n");
element_random(P);
element_random(a);
element_random(b);
element_random(c);
element_mul_zn(t1, P, a);
printf("A sends B and C: aP\n");
element_printf("aP = %B\n", t1);
element_mul_zn(t2, P, b);
printf("B sends A and C: bP\n");
element_printf("bP = %B\n", t2);
element_mul_zn(t3, P, c);
printf("C sends A and B: cP\n");
element_printf("cP = %B\n", t3);
element_pairing(t4, t2, t3);
element_pow_zn(Ka, t4, a);
element_printf("Ka = %B\n", Ka);
element_pairing(t5, t1, t3);
element_pow_zn(Kb, t5, b);
element_printf("Kb = %B\n", Kb);
element_pairing(t6, t1, t2);
element_pow_zn(Kc, t6, c);
element_printf("Kc = %B\n", Kc);
printf("Shared key K = Ka = Kb = Kc\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(Ka);
element_clear(Kb);
element_clear(Kc);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
element_clear(t5);
element_clear(t6);
pairing_clear(pairing);
return 0;
}
int main(void)
{
pairing_t pairing;
char param[50000];
size_t count = fread(param, 1, 50000, stdin);
if (!count) pbc_die("input error");
pairing_init_set_buf(pairing, param, count);
// int cont = 0;
struct timeval tvBegin, tvEnd;
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
// Generating key
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
// Generating message
element_from_hash(h, "ABCDEF", 6);
element_pow_zn(sig, h, secret_key);
// RANDOM TESTS
/*
// Fp
element_t p1, p2;
element_init(p1, element_x(h)->field);
element_init(p2, p1->field);
element_random(p1);
element_random(p2);
// multiplication
element_t puntos[2000];
for(cont = 0; cont < 1000; cont++){
element_init(puntos[cont], element_x(h)->field);
element_init(puntos[2*cont], element_x(h)->field);
element_random(puntos[cont]);
element_random(puntos[2*cont]);
}
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++){
element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
//square
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// add
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_add(puntos[cont], puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// invers
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// Fpk
element_t q1, q2;
element_init_GT(q1, pairing);
element_init_GT(q2, pairing);
element_random(q1);
element_random(q2);
// multiplication
for(cont = 0; cont < 1000; cont++){
element_init_GT(puntos[cont], pairing);
element_init_GT(puntos[2*cont], pairing);
element_random(puntos[cont]);
element_random(puntos[2*cont]);
}
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) {
element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
//square
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// add
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++){
element_add(element_x(puntos[cont]), element_x(puntos[cont]), element_x(puntos[2*cont]));
element_add(element_y(puntos[cont]), element_y(puntos[cont]), element_y(puntos[2*cont]));
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// invers
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// CURVE OPERATIONS
element_t punto, punto2;
element_init(punto, h->field); element_random(punto);
element_init(punto2, h->field); element_random(punto2);
// add
gettimeofday(&tvBegin, NULL);
element_mul(punto, punto, punto2);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// double
gettimeofday(&tvBegin, NULL);
element_double(punto, punto2);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// SIZE GROUP
int m = mpz_sizeinbase(pairing->r, 2) - 2;
printf("%i\n", m);
int contador = 0;
for(;;){
if(!m) break;
if(mpz_tstbit(pairing->r,m)) contador++;
m--;
}
printf("%i\n", contador);
*/
// One pairing
gettimeofday(&tvBegin, NULL);
eval_miller(temp1, sig, g, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
//print_contador();
// One pairing (with precomputed values)
// Original method
pairing_pp_t pp;
// Precomp
gettimeofday(&tvBegin, NULL);
pairing_pp_init(pp, sig, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
// Eval
gettimeofday(&tvBegin, NULL);
pairing_pp_apply(temp1, g, pp);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
pairing_pp_clear(pp);
void do_precomp(){
lpoly *list;
// precomputation
gettimeofday(&tvBegin, NULL);
list = lpoly_init();
precompute(list, pairing->r, sig, g);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
// DMAX
printf("%i\n", list->MAXD);
// eval
gettimeofday(&tvBegin, NULL);
compute_miller(temp2, list, g, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
lpoly_free(list);
}
// x in Z_r, g, h in some group of order r
// finds x such that g^x = h
void element_dlog_pollard_rho(element_t x, element_t g, element_t h) {
// see Blake, Seroussi and Smart
// only one snark for this implementation
int i, s = 20;
field_ptr Zr = x->field, G = g->field;
element_t asum;
element_t bsum;
element_t a[s];
element_t b[s];
element_t m[s];
element_t g0, snark;
darray_t hole;
int interval = 5;
mpz_t counter;
int found = 0;
mpz_init(counter);
element_init(g0, G);
element_init(snark, G);
element_init(asum, Zr);
element_init(bsum, Zr);
darray_init(hole);
//set up multipliers
for (i = 0; i < s; i++) {
element_init(a[i], Zr);
element_init(b[i], Zr);
element_init(m[i], G);
element_random(a[i]);
element_random(b[i]);
element_pow_zn(g0, g, a[i]);
element_pow_zn(m[i], h, b[i]);
element_mul(m[i], m[i], g0);
}
element_random(asum);
element_random(bsum);
element_pow_zn(g0, g, asum);
element_pow_zn(snark, h, bsum);
element_mul(snark, snark, g0);
record(asum, bsum, snark, hole, counter);
for (;;) {
int len = element_length_in_bytes(snark);
unsigned char *buf = pbc_malloc(len);
unsigned char hash = 0;
element_to_bytes(buf, snark);
for (i = 0; i < len; i++) {
hash += buf[i];
}
i = hash % s;
pbc_free(buf);
element_mul(snark, snark, m[i]);
element_add(asum, asum, a[i]);
element_add(bsum, bsum, b[i]);
for (i = 0; i < hole->count; i++) {
snapshot_ptr ss = hole->item[i];
if (!element_cmp(snark, ss->snark)) {
element_sub(bsum, bsum, ss->b);
element_sub(asum, ss->a, asum);
//answer is x such that x * bsum = asum
//complications arise if gcd(bsum, r) > 1
//which can happen if r is not prime
if (!mpz_probab_prime_p(Zr->order, 10)) {
mpz_t za, zb, zd, zm;
mpz_init(za);
mpz_init(zb);
mpz_init(zd);
mpz_init(zm);
element_to_mpz(za, asum);
element_to_mpz(zb, bsum);
mpz_gcd(zd, zb, Zr->order);
mpz_divexact(zm, Zr->order, zd);
mpz_divexact(zb, zb, zd);
//if zd does not divide za there is no solution
mpz_divexact(za, za, zd);
mpz_invert(zb, zb, zm);
mpz_mul(zb, za, zb);
mpz_mod(zb, zb, zm);
do {
element_pow_mpz(g0, g, zb);
if (!element_cmp(g0, h)) {
element_set_mpz(x, zb);
break;
}
mpz_add(zb, zb, zm);
mpz_sub_ui(zd, zd, 1);
} while (mpz_sgn(zd));
mpz_clear(zm);
mpz_clear(za);
mpz_clear(zb);
mpz_clear(zd);
} else {
element_div(x, asum, bsum);
}
found = 1;
break;
}
}
if (found) break;
mpz_add_ui(counter, counter, 1);
if (mpz_tstbit(counter, interval)) {
record(asum, bsum, snark, hole, counter);
interval++;
}
}
for (i = 0; i < s; i++) {
element_clear(a[i]);
element_clear(b[i]);
element_clear(m[i]);
}
element_clear(g0);
element_clear(snark);
for (i = 0; i < hole->count; i++) {
snapshot_ptr ss = hole->item[i];
element_clear(ss->a);
element_clear(ss->b);
element_clear(ss->snark);
pbc_free(ss);
}
darray_clear(hole);
element_clear(asum);
element_clear(bsum);
mpz_clear(counter);
}
void bbs_sign(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_ptr gpk, bbs_group_private_key_ptr gsk)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t alpha, beta;
element_t c;
element_t ralpha, rbeta, rx, rdelta1, rdelta2;
element_t z0, z1;
element_t e10, et0;
unsigned char *writeptr = sig;
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(alpha, Fp); element_random(alpha);
element_init(beta, Fp); element_random(beta);
//temp variables
element_init(z0, Fp);
element_init(z1, Fp);
element_init_GT(et0, pairing);
element_init_G1(e10, pairing);
element_init(ralpha, Fp); element_random(ralpha);
element_init(rbeta, Fp); element_random(rbeta);
element_init(rx, Fp); element_random(rx);
element_init(rdelta1, Fp); element_random(rdelta1);
element_init(rdelta2, Fp); element_random(rdelta2);
element_pow_zn(T1, gpk->u, alpha);
element_pow_zn(T2, gpk->v, beta);
element_add(z0, alpha, beta);
element_pow_zn(T3, gpk->h, z0);
element_mul(T3, T3, gsk->A);
element_pow_zn(R1, gpk->u, ralpha);
element_pow_zn(R2, gpk->v, rbeta);
/*
* rather than computing e(T3,g2), note that T3 = A h^{alpha+beta},
* use precomputed e(A,g2) and e(h,g2), and use appropriate
* exponentiations in GT.
*/
//pairing_apply(et0, T3, gpk->g2, pairing); /* precomputed */
element_pow_zn(et0, gpk->pr_h_g2, z0); /* NB. here z0 = alpha+beta */
element_mul(et0, et0, gsk->pr_A_g2);
//element_pow_zn(R3, et0, rx);
// pairing_apply(et0, gpk->h, gpk->w, pairing); /* precomputed */
element_add(z0, ralpha, rbeta);
element_neg(z0, z0);
//element_pow_zn(et0, gpk->pr_h_w, z0);
//element_mul(R3, R3, et0);
// pairing_apply(et0, gpk->h, gpk->g2, pairing); /* precomputed */
element_add(z1, rdelta1, rdelta2);
element_neg(z1, z1);
//element_pow_zn(et0, gpk->pr_h_g2, z1);
//element_mul(R3, R3, et0);
element_pow3_zn(R3, et0, rx, gpk->pr_h_w, z0, gpk->pr_h_g2, z1);
//element_pow_zn(R4, T1, rx);
element_neg(z0, rdelta1);
//element_pow_zn(e10, gpk->u, z0);
//element_mul(R4, R4, e10);
element_pow2_zn(R4, T1, rx, gpk->u, z0);
//element_pow_zn(R5, T2, rx);
element_neg(z0, rdelta2);
//element_pow_zn(e10, gpk->v, z0);
//element_mul(R5, R5, e10);
element_pow2_zn(R5, T2, rx, gpk->v, z0);
element_t M;
element_init_G1(M, pairing);
element_from_hash(M, hash, hashlen);
unsigned int hash_input_length = element_length_in_bytes(T1) +
element_length_in_bytes(T2) +
element_length_in_bytes(T3) +
element_length_in_bytes(R1) +
element_length_in_bytes(R2) +
element_length_in_bytes(R3) +
element_length_in_bytes(R4) +
element_length_in_bytes(R5) +
element_length_in_bytes(M);
unsigned char *hash_input = malloc(hash_input_length);
hash_input += element_to_bytes(hash_input, T1);
hash_input += element_to_bytes(hash_input, T2);
hash_input += element_to_bytes(hash_input, T3);
hash_input += element_to_bytes(hash_input, R1);
hash_input += element_to_bytes(hash_input, R2);
hash_input += element_to_bytes(hash_input, R3);
hash_input += element_to_bytes(hash_input, R4);
hash_input += element_to_bytes(hash_input, R5);
hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes
hash_input -= hash_input_length;
hash_ctx_t context;
unsigned char digest[hash_length];
hash_init(context);
hash_update(context, hash_input, hash_input_length);
hash_final(digest, context);
free(hash_input);
element_from_hash(c, digest, sizeof(digest));
element_clear(M);
//now the r's represent the values of the s's
//no need to allocate yet more variables
element_mul(z0, c, alpha);
element_add(ralpha, ralpha, z0);
element_mul(z0, c, beta);
element_add(rbeta, rbeta, z0);
element_mul(z1, c, gsk->x);
element_add(rx, rx, z1);
element_mul(z0, z1, alpha);
element_add(rdelta1, rdelta1, z0);
element_mul(z0, z1, beta);
element_add(rdelta2, rdelta2, z0);
writeptr += element_to_bytes(writeptr, T1);
writeptr += element_to_bytes(writeptr, T2);
writeptr += element_to_bytes(writeptr, T3);
writeptr += element_to_bytes(writeptr, c);
writeptr += element_to_bytes(writeptr, ralpha);
writeptr += element_to_bytes(writeptr, rbeta);
writeptr += element_to_bytes(writeptr, rx);
writeptr += element_to_bytes(writeptr, rdelta1);
writeptr += element_to_bytes(writeptr, rdelta2);
#ifdef DEBUG
element_printf("T1: %B\n", T1);
element_printf("T2: %B\n", T2);
element_printf("T3: %B\n", T3);
element_printf("R1: %B\n", R1);
element_printf("R2: %B\n", R2);
element_printf("R3: %B\n", R3);
element_printf("R4: %B\n", R4);
element_printf("R5: %B\n", R5);
element_printf("c: %B\n", c);
#endif
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(alpha);
element_clear(beta);
element_clear(c);
element_clear(ralpha);
element_clear(rbeta);
element_clear(rx);
element_clear(rdelta1);
element_clear(rdelta2);
//clear temp variables
element_clear(z0);
element_clear(z1);
element_clear(e10);
element_clear(et0);
}
int bbs_open(element_t A, bbs_group_public_key_t gpk, bbs_manager_private_key_t gmsk, int hashlen, void *hash, unsigned char *sig)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, et0, z0;
unsigned char *readptr = sig;
int result;
UNUSED_VAR (hashlen);
UNUSED_VAR (hash);
//TODO: consolidate with verify
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
element_pow_zn(R1, gpk->u, salpha);
element_pow_zn(e10, T1, z0);
element_mul(R1, R1, e10);
element_pow_zn(R2, gpk->v, sbeta);
element_pow_zn(e10, T2, z0);
element_mul(R2, R2, e10);
element_neg(z0, sdelta1);
element_pow_zn(R4, gpk->u, z0);
element_pow_zn(e10, T1, sx);
element_mul(R4, R4, e10);
element_neg(z0, sdelta2);
element_pow_zn(R5, gpk->v, z0);
element_pow_zn(e10, T2, sx);
element_mul(R5, R5, e10);
pairing_apply(R3, T3, gpk->w, pairing);
pairing_apply(et0, gpk->g1, gpk->g2, pairing);
element_invert(et0, et0);
element_mul(R3, R3, et0);
element_pow_zn(R3, R3, c);
pairing_apply(et0, T3, gpk->g2, pairing);
element_pow_zn(et0, et0, sx);
element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->w, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
element_add(z0, sdelta1, sdelta2);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->g2, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
//if mismatch result = 0;
//} else {
element_pow_zn(A, T1, gmsk->xi1);
element_pow_zn(e10, T2, gmsk->xi2);
element_mul(A, A, e10);
element_invert(A, A);
element_mul(A, A, T3);
result =1;
//}
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(et0);
element_clear(z0);
return result;
}
void bbs_gen(bbs_group_public_key_ptr gpk, bbs_manager_private_key_ptr gmsk, int n, bbs_group_private_key_t *gsk, bbs_sys_param_ptr param)
{
pairing_ptr pairing = param->pairing;
element_t z0;
element_t gamma;
int i;
gpk->param = param;
gmsk->param = param;
element_init_G1(gpk->g1, pairing);
element_init_G2(gpk->g2, pairing);
element_init_G1(gpk->h, pairing);
element_init_G1(gpk->u, pairing);
element_init_G1(gpk->v, pairing);
element_init_G2(gpk->w, pairing);
element_init_Zr(gmsk->xi1, pairing);
element_init_Zr(gmsk->xi2, pairing);
element_init_Zr(z0, pairing);
element_init_Zr(gamma, pairing);
element_random(gpk->g2);
element_random(gpk->g1);
element_random(gpk->h);
element_random(gmsk->xi1);
element_random(gmsk->xi2);
element_invert(z0, gmsk->xi1);
element_pow_zn(gpk->u, gpk->h, z0);
element_invert(z0, gmsk->xi2);
element_pow_zn(gpk->v, gpk->h, z0);
element_random(gamma);
element_pow_zn(gpk->w, gpk->g2, gamma);
for (i=0; i<n; i++) {
gsk[i]->param = param;
element_init_G1(gsk[i]->A, pairing);
element_init_Zr(gsk[i]->x, pairing);
element_random(gsk[i]->x);
element_add(z0, gamma, gsk[i]->x);
element_invert(z0, z0);
element_pow_zn(gsk[i]->A, gpk->g1, z0);
/* do some precomputation */
/* TODO: could instead compute from e(g1,g2) ... */
element_init_GT(gsk[i]->pr_A_g2, pairing);
pairing_apply(gsk[i]->pr_A_g2, gsk[i]->A, gpk->g2, pairing);
}
/* do some precomputation */
element_init_GT(gpk->pr_g1_g2, pairing);
element_init_GT(gpk->pr_g1_g2_inv, pairing);
element_init_GT(gpk->pr_h_g2, pairing);
element_init_GT(gpk->pr_h_w, pairing);
pairing_apply(gpk->pr_g1_g2, gpk->g1, gpk->g2, pairing);
element_invert(gpk->pr_g1_g2_inv, gpk->pr_g1_g2);
pairing_apply(gpk->pr_h_g2, gpk->h, gpk->g2, pairing);
pairing_apply(gpk->pr_h_w, gpk->h, gpk->w, pairing);
element_clear(z0);
element_clear(gamma);
}
void CipherText::init_c0(){
element_init_G1(this->c0,*(this->p));
element_pow_zn(this->c0, this->pub->g1, *(this->s));//g^s
// element_printf("c0:%B\n", this->c0);
}
/*
* Performs a power operation in Zn: base^exp mod N
* @param result - the result will be saved here
*/
void BilinearMappingHandler::power_Zn(memberElement& result, memberElement& base, expElement& exp)
{
element_pow_zn(result, base, exp); //result = base^exp
}//end of power_Zn()
void CipherText::init_c1(){
element_init_GT(this->c1, *(this->p));//e(g1,g2)
element_pow_zn(this->c1, this->pub->y, *(this->s));//e(g1,g2)^alpha*s y = e^(g1,g2)^alpha
element_mul(this->c1, *(this->m), this->c1);//m*e(g1,g2)^alpha*s
// element_printf("c1:%B\n", this->c1);
}
int main(int argc, char **argv) {
verbose = 0;
ifsize = 0;
int canrun =0;
clock_t start_t, end_t;
float total_t;
int user_num = 100;
int k;
int choose;
char *para1, *para2;
while ((choose = getopt (argc, argv, "vfn:hgs")) != -1) {
switch (choose) {
case 's':
ifsize = 1;
break;
case 'h':
usage();
exit(0);
break;
case 'v':
verbose = 1;
break;
case 'n':
user_num = atoi(optarg);
break;
case 'g':
//printf("Initializing pairing parameters...\n");
if(canrun) {
fprintf(stderr, "Pairing parameters have been set, \'-g\' should not set paring parameters again.\n");
break;
}
canrun = 1;
k=0;
for( ; optind<argc && !(*argv[optind] == '-'); optind++) k++;
if(k==2) {
int rbits = atoi(argv[optind-k]);
int qbits = atoi(argv[optind-k+1]);
pbc_param_t param;
// printf("rbits=%d qbits=%d\n",rbits,qbits);
pbc_param_init_a_gen(param, rbits, qbits);
pairing_init_pbc_param(pairing, param);
pairing_init_pbc_param(pairing2, param);
pbc_param_clear(param);
} else {
fprintf(stderr, "Input invalid!\n");
usage();
exit(-1);
}
break;
case 'f':
//printf("Initializing pairing parameters...\n");
if(canrun) {
fprintf(stderr, "Pairing parameters have been set, \'-f\' should not set paring parameters again.\n");
break;
}
canrun = 1;
k=0;
for( ; optind<argc && !(*argv[optind] == '-'); optind++) k++;
if(k==2) {
pbc_single_pairing_init(pairing, argc, argv[optind-k]);
pbc_single_pairing_init(pairing2, argc, argv[optind-k+1]);
}
else {
fprintf(stderr, "Input invalid!\n");
usage();
exit(-1);
}
break;
case '?':
fprintf(stderr, "Invalid parameters!\n");
usage();
exit(-1);
break;
default:
abort();
}
}
if(!canrun) {
printf("Please at least set \'-f\' or \'-g\'\n");
usage();
exit(-1);
}
//printf("Initializing system variable and public key....\n");
element_init_G2(g, pairing);
element_init_G2(X, pairing);
element_init_G2(Y, pairing);
element_init_Zr(x, pairing2);
element_init_Zr(y, pairing2);
element_random(x);
element_random(y);
printf("g=%lu X=%lu Y=%lu x=%lu y=%lu\n",sizeof(g),sizeof(X),sizeof(Y),sizeof(x),sizeof(y));
//system variable & public key generation
element_random(g);
if(verbose) element_printf("system parameter g = %B\n", g);
element_pow_zn(X, g, x);
element_pow_zn(Y, g, y);
// mpz_t mpz_g, mpz_X, mpz_Y;
// mpz_inits(mpz_g, mpz_X, mpz_Y, mpz_x, mpz_y, NULL);
// element_to_mpz(mpz_g, g);
// element_to_mpz(mpz_x, x);
// element_to_mpz(mpz_y, y);
// mpz_powm(mpz_X, mpz_g, mpz_x, pairing->r);
// element_set_mpz(X, mpz_X);
// //element_pow_zn(X, g, x);
// mpz_powm(mpz_Y, mpz_g, mpz_y, pairing->r);
// element_set_mpz(Y, mpz_Y);
// if(verbose) {
// gmp_printf("pair order %zd\n", pairing->r);
// gmp_printf("mpz g %zd\n", mpz_g);
// element_printf("x = %B\n", x);
// gmp_printf("mpz x %zd\n", mpz_x);
// gmp_printf("mpz y %zd\n", mpz_y);
// gmp_printf("mpz X %zd\n", mpz_X);
// element_printf("public key X = %B\n", X);
// element_printf("public key Y = %B\n", Y);
// }
// //element_pow_zn(Y, g, y);
// mpz_clear(mpz_g);mpz_clear(mpz_X);mpz_clear(mpz_Y);
unsigned char *a, *b, *c, *cu;
/*******Working********/
start_t = clock();
clock_t tmp_start;
clock_t bscurtotal = 0;
float bstotal;
clock_t tmp=0;
clock_t max;
clock_t min;
for(int i=0; i<user_num; i++) {
//printf("New user comes...\n");
UEActivity(&a, &b, &c, &cu);
tmp_start = clock();
BSActivity(a, b, c, cu);
tmp = clock() - tmp_start;
if(i==0) {min = tmp; max = tmp;}
else {
if(tmp > max) max = tmp;
if(tmp < min) min = tmp;
}
printf("Processing time for this user is %f ms \n",(float)tmp*1000 / CLOCKS_PER_SEC);
bscurtotal += tmp;
}
clock_t avg = bscurtotal / user_num;
printf("max single user time is %f ms \n",(float)max*1000 / CLOCKS_PER_SEC);
printf("min single user time is %f ms \n",(float)min*1000 / CLOCKS_PER_SEC);
printf("average single user time is %f ms \n",(float)avg*1000 / CLOCKS_PER_SEC);
//printf("************************\n");
end_t = clock();
total_t = (float)(end_t - start_t) / CLOCKS_PER_SEC;
bstotal = (float)bscurtotal / CLOCKS_PER_SEC;
//printf("User number: %d. \nTotal Generation & verification time taken by CPU: %f seconds.\n", user_num, total_t);
//printf("Total verification time at base station taken by CPU: %f seconds.\n", bstotal);
//printf("Exiting of the program...\n");
element_clear(g);
element_clear(X);
element_clear(Y);
element_clear(x);
element_clear(y);
return 0;
}
// USER JOIN PHASE 2 - user key generation (Join)
int xsgs_user_join_phase2(XSGS_PUBLIC_KEY* gpk, XSGS_USER_DB_ENTRY* udbe,
XSGS_ISSUER_KEY* ik, XSGS_PAILLIER_PUBKEY* ppk, XSGS_JOIN_PHASE1* jpd1,
XSGS_JOIN_PHASE2* jpd2) {
int ret;
pairing_ptr pairing = gpk->pairing;
field_ptr Fp = pairing->Zr;
mpz_t r1, h; //, t;
element_t R1, R2, g1, B, D, zp, gt, hp;
mpz_init(h);
mpz_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8);
// 1. verify C e G1 and check U
// R1 = g^s * c^h mod n^2
mpz_init(r1);
mpz_powm2(r1, ppk->g, jpd1->U.s, jpd1->U.c, h, ppk->n_squared);
// R2 = H^s * C^h
element_init_G1(R2, pairing);
element_pow_naf2_mpz(R2, gpk->H, jpd1->U.s, jpd1->C, h);
mpz_clear(h);
// h = H(g, n, c, C, H, R1, R2)
DWORD data_len = mpz_length_in_bytes(ppk->g)
+ mpz_length_in_bytes(ppk->n_squared)
+ mpz_length_in_bytes(jpd1->U.c) + element_length_in_bytes(jpd1->C)
+ element_length_in_bytes(gpk->H) + mpz_length_in_bytes(r1)
+ element_length_in_bytes(R2);
BYTE* data_buf = (BYTE*) malloc(data_len);
data_buf += mpz_to_bytes(data_buf, ppk->g);
data_buf += mpz_to_bytes(data_buf, ppk->n_squared);
data_buf += mpz_to_bytes(data_buf, jpd1->U.c);
data_buf += element_to_bytes(data_buf, jpd1->C);
data_buf += element_to_bytes(data_buf, gpk->H);
data_buf += mpz_to_bytes(data_buf, r1);
data_buf += element_to_bytes(data_buf, R2);
data_buf -= data_len;
BYTE* hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
xsgs_hash(data_buf, data_len * 8, hash, JOIN_HASH_BITS);
free(data_buf);
mpz_clear(r1);
element_clear(R2);
// compare hashes
ret = memcmp(jpd1->U.hash, hash, JOIN_HASH_BITS / 8);
free(hash);
if (!ret) {
element_t r;
// initialization
element_init(udbe->UCert.x, Fp);
element_init_G1(udbe->UCert.A, pairing);
element_init_G1(udbe->C, pairing);
element_init_G1(jpd2->A, pairing);
element_init_G1(g1, pairing);
element_init_GT(B, pairing);
element_init_GT(gt, pairing);
element_init(zp, Fp);
// save jpd1->C to ubde->C
element_set(udbe->C, jpd1->C);
// 2. x eR Zp and
element_random(udbe->UCert.x);
// A <- (G1 * C)^{1/(gamma + x)}
element_add(zp, ik->gamma, udbe->UCert.x);
element_invert(zp, zp);
element_mul(jpd2->A, gpk->G1, jpd1->C);
element_pow_naf(jpd2->A, jpd2->A, zp);
element_set(udbe->UCert.A, jpd2->A);
// 3. B <- e(G1 * C, G2) / e(A, W) = e(G1 * C, G2) * e(A^-1, W)
element_mul(g1, gpk->G1, jpd1->C);
element_pairing(B, g1, gpk->G2);
element_invert(g1, jpd2->A);
element_pairing(gt, g1, gpk->W);
element_mul(B, B, gt);
element_clear(g1);
element_clear(zp);
element_clear(gt);
// 4. D <- e(A, G2)
element_init_GT(D, pairing);
element_pairing(D, jpd2->A, gpk->G2);
// 5. V <- NIZKPoKDL(B, D)
// T1 = B^gamma
element_init_GT(jpd2->V.T1, pairing);
element_pow_zn(jpd2->V.T1, B, ik->gamma);
// T2 = D^gamma
element_init_GT(jpd2->V.T2, pairing);
element_pow_zn(jpd2->V.T2, D, ik->gamma);
// r eR Zp
element_init(r, Fp);
element_random(r);
// R1 = B^r
element_init_GT(R1, pairing);
element_pow_zn(R1, B, r);
// R2 = D^r
element_init_GT(R2, pairing);
element_pow_zn(R2, D, r);
// h = H(B, D, T1, T2, R1, R2)
data_len = element_length_in_bytes(B) + element_length_in_bytes(D)
+ element_length_in_bytes(jpd2->V.T1)
+ element_length_in_bytes(jpd2->V.T2)
+ element_length_in_bytes(R1) + element_length_in_bytes(R2);
data_buf = (BYTE*) malloc(data_len);
data_buf += element_to_bytes(data_buf, B);
data_buf += element_to_bytes(data_buf, D);
data_buf += element_to_bytes(data_buf, jpd2->V.T1);
data_buf += element_to_bytes(data_buf, jpd2->V.T2);
data_buf += element_to_bytes(data_buf, R1);
data_buf += element_to_bytes(data_buf, R2);
data_buf -= data_len;
jpd2->V.hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
xsgs_hash(data_buf, data_len * 8, jpd2->V.hash, JOIN_HASH_BITS);
element_init(hp, Fp);
element_from_hash(hp, jpd1->U.hash, JOIN_HASH_BITS / 8);
free(data_buf);
element_clear(B);
element_clear(D);
element_clear(R1);
element_clear(R2);
// s = r - hash * gamma mod p
element_init(jpd2->V.s, Fp);
element_mul(jpd2->V.s, hp, ik->gamma);
element_add(jpd2->V.s, r, jpd2->V.s);
element_clear(r);
element_clear(hp);
}
// return (A, V = (T1, T2, hash, s) )
return ret;
}
int main(void){
pairing_t pairing;
element_t g, h, f, beta, beta_inverse;
char s[16384];
signed long int temp_share;
FILE *fp = stdin;
fp = fopen("../public/a.param", "r");
if (!fp)
pbc_die("error opening parameter file", "r");
size_t count = fread(s, 1, 16384, fp);
if(!count)
pbc_die("read parameter failure\n");
fclose(fp);
if(pairing_init_set_buf(pairing, s, count))
pbc_die("pairing init failed\n");
if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n");
element_init_G1(g, pairing);
element_init_G1(h, pairing);
element_init_G1(f, pairing);
element_init_Zr(beta, pairing);
element_init_Zr(beta_inverse, pairing);
//(G1, g, h, f) is the public key of authorizer
//find the generator of the group
element_set(g, ((curve_data_ptr)((a_pairing_data_ptr)\
pairing->data)->Eq->data)->gen);
element_random(beta);
element_invert(beta_inverse, beta);
//h = g^beta
element_pow_zn(h, g, beta);
//f = g^(1/beta)
element_pow_zn(f, g, beta_inverse);
fp = NULL;
fp = fopen("./authorizer_public_keys.txt", "w+");
if(!fp)
pbc_die("error creating public key files");
else{
fprintf(fp, "g:");
element_out_str(fp, 10, g);
fprintf(fp, "\n\nh:");
element_out_str(fp, 10, h);
fprintf(fp, "\n\nf:");
element_out_str(fp, 10, f);
fclose(fp);
}
fp = fopen("./authorizer_secret_key.txt", "w+");
if(!fp)
pbc_die("error creating secret key files");
else{
fprintf(fp, "beta:");
element_out_str(fp, 10, beta);
}
element_clear(g);
element_clear(h);
element_clear(f);
element_clear(beta);
element_clear(beta_inverse);
return 1;
}
int main(int argc, char **argv) {
FILE *fpairing, *ftag, *fdata, *fresult, *fplain, *fkey, *fcipher, *fpub;
pairing_t pairing;
paillier_pubkey_t *pub;
paillier_prvkey_t *priv;
element_t g, h, u, sig1, sig2, sig3, temp_pow, m, g1, g2;
element_t public_key, tag, tag_prod;
element_t secret_key;
paillier_get_rand_t get_rand;
paillier_ciphertext_t *cipher1, *cipher2;
paillier_plaintext_t *plain1, *plain2;
mpz_t pub_n, a, b, data2, nsquare;
int count = 0, val=5;
pairing_init_set_str(pairing, param_str);
//mpz_init_set_str(data_sum, "0", 10);
plain1 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
plain2 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
cipher1 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
cipher2 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
//pbc_demo_pairing_init(pairing, argc, argv);
element_init_G1(g1, pairing);
element_init_G1(g2, pairing);
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(u, pairing);
element_init_G1(temp_pow, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(m, pairing);
element_init_G1(sig1, pairing);
element_init_G1(sig2, pairing);
element_init_G1(sig3, pairing);
element_init_G1(tag, pairing);
element_init_G1(tag_prod, pairing);
element_init_Zr(secret_key, pairing);
// mpz_init(pub_n);
char *len;
mpz_init(a);
mpz_init(b);
mpz_init(data2);
printf("Short signature test\n");
len = (char *)malloc(2048*sizeof(char));
if((fpub = fopen("pub.txt", "r")))
{
pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
mpz_init(pub->n_squared);
mpz_init(pub->n);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->p, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->q, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->n_plusone, len, 10);
//printf("value of nplusone : \n");
//mpz_out_str(stdout, 10, pub->n_plusone);
paillier_keygen(&pub, &priv, get_rand, 0);
pub->bits = mpz_sizeinbase(pub->n, 2);
fclose(fpub);
}
//setting already known pairing parameters
if((fpairing = fopen("pairing.txt", "r")))
{
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(g, len, 10);
//element_printf(" g = %B\n", g);
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(u, len, 10);
//element_printf("\n u= %B\n", u);
fgets(len, 1000, fpairing);
element_set_str(secret_key, len, 10);
//element_printf(" secretkey %B\n",secret_key);
fgets(len, 1000, fpairing);
element_set_str(public_key, len, 10);
//element_printf(" publickey %B\n", public_key);
fgets(len, 1000, fpairing);
element_set_str(h, len, 10);
//element_printf(" \nh = %B\n", h);
fgets(len, 1000, fpairing);
mpz_init_set_str(pub_n, len, 10);
//printf("\n n = ");
//mpz_out_str(stdout, 10, pub_n);
fclose(fpairing);
}
element_set1(tag_prod);
ftag = fopen("./tag/output5.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g1, len, 10);
element_printf("\ng1 = %B\n", g1);
fclose(ftag);
ftag = fopen("./tag/output6.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g2, len, 10);
element_printf("\ng2 = %B\n", g2);
fclose(ftag);
fplain = fopen("./split/output5.txt", "r");
fgets(len, 1000, fplain);
// printf("\nlen %s", len);
mpz_set_str(a, len, 10);
//element_printf("\na = %Zd\n", a);
fclose(fplain);
fplain = fopen("./split/output6.txt", "r");
fgets(len, 1000, fplain);
mpz_set_str(b, len, 10);
fcipher = fopen("./cipher/copy1/output5.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher1->c, len, 10);
fclose(fcipher);
fcipher = fopen("./cipher/copy1/output6.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher2->c, len, 10);
fclose(fcipher);
paillier_mul(pub, cipher2, cipher2, cipher1);
plain1 = paillier_dec(plain1, pub, priv, cipher2);
//tag
mpz_t an;
mpz_init(an);
mpz_init(nsquare);
// mpz_mul(an, a, pub_n);
mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, plain1->m);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig1, temp_pow, secret_key);
element_printf("\n signature of plain = %B\n", sig1);
//mpz_mul(an, b, pub_n);
// mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, b);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig2, temp_pow, secret_key);
element_printf("\n signature of b = %B\n", sig2);
//element_printf("\nb = %Zd\n", b);
fclose(fplain);
mpz_add(a, a, b);
// mpz_mod(a, a, pub_n);
// mpz_mul(a, a, pub_n);
// mpz_mod(a, a, nsquare);
count = 2;
element_pow_mpz(temp_pow,u, a);
mpz_set_ui(data2, count);
// itoa(count, len, 10);+
//element_printf(" \nh = %B\n", h);
element_pow_mpz(h, h, data2);
element_mul(temp_pow, temp_pow, h);
//element_printf("\n h. u^bN = %B\n", temp_pow);
element_pow_zn(sig3, temp_pow, secret_key);
element_printf("\n sig 3 %B\n", sig3);
element_mul(g2, g2, g1);
element_printf("\n Direct Product %B\n", g2);
element_mul(sig2, sig1, sig2);
element_printf("\n Direct Product %B\n", sig2);
return 0;
}
int main(int argc, char* argv[]) {
QTextStream err(stderr, QIODevice::WriteOnly);
if(argc != 2) {
err << "Usage: " << argv[0] << " qbits\n";
return 1;
}
int qbits;
QTextStream in(argv[1], QIODevice::ReadOnly);
in >> qbits;
if(qbits < 10) {
err << "qbits must be greater than 10\n";
return 1;
}
QTextStream out(stdout, QIODevice::WriteOnly);
out << "--- PBC Parameter Utility ---\n";
out << "r < q (for prime r and q)\n";
out << "Bits: " << qbits << "\n";
out << "\n\n";
out.flush();
pbc_param_t params;
pairing_t pairing;
const int rbits = qbits-8;
pbc_param_init_a_gen(params, rbits, qbits);
pbc_param_out_str(stdout, params);
pairing_init_pbc_param(pairing, params);
element_t gen1;
element_t neg1;
element_t gent;
element_t tmp, tmp2;
element_init_G1(tmp, pairing);
element_init_G1(tmp2, pairing);
element_init_Zr(neg1, pairing);
element_init_G1(gen1, pairing);
element_init_G1(gent, pairing);
// neg1 = 1
element_set1(neg1);
// neg1 = -1 mod r
element_neg(neg1, neg1);
do {
element_random(gen1);
// tmp = gen1^-1
element_pow_zn(tmp, gen1, neg1);
// tmp = (gen1^-1)*gen1 == gen1^r
element_mul(tmp2, tmp, gen1);
} while (!element_is1(tmp2));
element_fprintf(stdout, "g1 = %B\n", gen1);
do {
element_random(gent);
// tmp = gen1^-1
element_pow_zn(tmp, gent, neg1);
// tmp = (gen1^-1)*gen1 == gen1^r
element_mul(tmp2, tmp, gent);
} while (!element_is1(tmp2));
element_fprintf(stdout, "gT = %B\n", gent);
element_clear(gen1);
element_clear(gent);
element_clear(tmp);
element_clear(tmp2);
element_clear(neg1);
pbc_param_clear(params);
pairing_clear(pairing);
return 0;
}
