static void do_vert(element_ptr z, element_ptr V, element_ptr Q)
{
element_ptr Vx = curve_x_coord(V);
element_ptr Qx = curve_x_coord(Q);
element_ptr Qy = curve_y_coord(Q);
element_t a, b, c;
element_init_same_as(a, Vx);
element_init_same_as(b, Vx);
element_init_same_as(c, Vx);
//a = 1
//b = 0;
//c = -Vx
element_set1(a);
element_set0(b);
element_neg(c, Vx);
element_printf("vert at %B: %B %B %B\n", Vx, a, b, c);
element_mul(a, a, Qx);
element_mul(b, b, Qy);
element_add(c, c, a);
element_add(z, c, b);
element_printf("vert eval = %B\n", z);
element_clear(a);
element_clear(b);
element_clear(c);
}
void millertate(element_t z, element_t P, element_t Q)
{
element_t Z;
element_t z0;
element_init_same_as(Z, P);
element_init_same_as(z0, z);
element_set(Z, P);
do_tangent(z, Z, Q);
element_double(Z, Z);
do_vert(z0, Z, Q);
element_div(z, z, z0);
element_printf("presquare: z = %B\n", z);
element_square(z, z);
element_printf("square: z = %B\n", z);
do_tangent(z0, Z, Q);
element_mul(z, z, z0);
element_clear(z0);
element_clear(Z);
}
int main(void)
{
field_t c;
field_t Z19;
element_t P, Q, R;
mpz_t q, z;
element_t a;
int i;
mpz_init(q);
mpz_init(z);
mpz_set_ui(q, 19);
field_init_fp(Z19, q);
element_init(a, Z19);
field_init_curve_singular_with_node(c, Z19);
element_init(P, c);
element_init(Q, c);
element_init(R, c);
//(3,+/-6) is a generator
//we have an isomorphism from E_ns to F_19^*
// (3,6) --> 3
//(generally (x,y) --> (y+x)/(y-x)
curve_set_si(R, 3, 6);
for (i=1; i<=18; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q, R, z);
element_printf("%dR = %B\n", i, Q);
}
mpz_set_ui(z, 6);
element_mul_mpz(P, R, z);
//P has order 3
element_printf("P = %B\n", P);
for (i=1; i<=3; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q, R, z);
tate_3(a, P, Q, R);
element_printf("e_3(P,%dP) = %B\n", i, a);
}
element_double(P, R);
//P has order 9
element_printf("P = %B\n", P);
for (i=1; i<=9; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q, P, z);
tate_9(a, P, Q, R);
element_printf("e_9(P,%dP) = %B\n", i, a);
}
return 0;
}
static void do_line(element_ptr z, element_ptr V, element_ptr P, element_ptr Q)
{
element_ptr Vx = curve_x_coord(V);
element_ptr Vy = curve_y_coord(V);
element_ptr Px = curve_x_coord(P);
element_ptr Py = curve_y_coord(P);
element_ptr Qx = curve_x_coord(Q);
element_ptr Qy = curve_y_coord(Q);
element_t a, b, c, e0;
element_init_same_as(a, Vx);
element_init_same_as(b, Vx);
element_init_same_as(c, Vx);
element_init_same_as(e0, Vx);
//a = -(B.y - A.y) / (B.x - A.x);
//b = 1;
//c = -(A.y + a * A.x);
element_sub(a, Py, Vy);
element_sub(b, Vx, Px);
element_div(a, a, b);
element_set1(b);
element_mul(c, a, Vx);
element_add(c, c, Vy);
element_neg(c, c);
/*
//but we could multiply by B.x - A.x to avoid division, so
//a = -(By - Ay)
//b = Bx - Ax
//c = -(Ay b + a Ax);
element_sub(a, Vy, Py);
element_sub(b, Px, Vx);
element_mul(c, Vx, Py);
element_mul(e0, Vy, Px);
element_sub(c, c, e0);
//
//actually no, since fasterweil won't work if we do this
*/
element_printf("line at %B: %B %B %B\n", V, a, b, c);
element_mul(a, a, Qx);
element_mul(b, b, Qy);
element_add(c, c, a);
element_add(z, c, b);
element_printf(" = %B\n", z);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(e0);
}
static void do_tangent(element_ptr z, element_ptr V, element_ptr Q)
{
element_ptr Vx = curve_x_coord(V);
element_ptr Vy = curve_y_coord(V);
element_ptr Qx = curve_x_coord(Q);
element_ptr Qy = curve_y_coord(Q);
element_t a, b, c;
element_init_same_as(a, Vx);
element_init_same_as(b, Vx);
element_init_same_as(c, Vx);
//a = -slope_tangent(V.x, V.y);
//b = 1;
//c = -(V.y + aV.x);
/*
//we could multiply by -2*V.y to avoid division so:
//a = -(3 Vx^2 + cc->a)
//b = 2 * Vy
//c = -(2 Vy^2 + a Vx);
//
//actually no, since fasterweil won't work if we do this
*/
element_square(a, Vx);
//element_mul_si(a, a, 3);
element_add(b, a, a);
element_add(a, b, a);
element_set1(b);
element_add(a, a, b);
element_neg(a, a);
element_double(b, Vy);
element_div(a, a, b);
element_set1(b);
element_mul(c, a, Vx);
element_add(c, c, Vy);
element_neg(c, c);
element_printf("tan at %B: %B %B %B\n", V, a, b, c);
element_mul(a, a, Qx);
element_mul(b, b, Qy);
element_add(c, c, a);
element_add(z, c, b);
element_printf("tan eval = %B\n", z);
element_clear(a);
element_clear(b);
element_clear(c);
}
static void record(element_t asum, element_t bsum, element_t snark,
darray_t hole, mpz_t counter) {
snapshot_ptr ss = pbc_malloc(sizeof(struct snapshot_s));
element_init_same_as(ss->a, asum);
element_init_same_as(ss->b, bsum);
element_init_same_as(ss->snark, snark);
element_set(ss->a, asum);
element_set(ss->b, bsum);
element_set(ss->snark, snark);
darray_append(hole, ss);
element_printf("snark %Zd: %B\n", counter, snark);
}
void fasterweil2(element_t w, element_t g, element_t h)
{
element_t gr;
element_t r;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(gr, g);
element_init_same_as(r, g);
element_random(r);
//point_random always takes the same square root
//why not take the other one for once?
element_set_str(r, "[[48,55],[28,51]]", 0);
element_printf("chose R = %B\n", r);
element_add(gr, g, r);
element_printf("P+R = %B\n", gr);
miller(w, gr, r, g, h);
element_printf("num: %B\n", w);
millertate(z, h, gr);
millertate(z0, h, r);
element_div(z1, z, z0);
element_printf("denom: %B\n", z1);
element_div(w, w, z1);
element_clear(z);
element_clear(z0);
element_clear(z1);
element_clear(gr);
element_clear(r);
}
void fasterweil(element_t w, element_t g, element_t h)
{
element_t hs;
element_t s;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(hs, h);
element_init_same_as(s, h);
element_random(s);
//point_random always takes the same square root
//why not take the other one for once?
element_set_str(s, "[[48,55],[28,51]]", 0);
element_printf("chose S = %B\n", s);
element_add(hs, h, s);
element_printf("Q+S = %B\n", hs);
millertate(z, g, hs);
millertate(z0, g, s);
element_div(z1, z, z0);
element_printf("num: %B\n", z1);
miller(w, hs, s, h, g);
element_printf("denom: %B\n", w);
element_div(w, z1, w);
element_clear(z);
element_clear(z0);
element_clear(z1);
element_clear(hs);
element_clear(s);
}
void miller(element_t z, element_t PR, element_t R, element_t P, element_t Q)
{
int m = mpz_sizeinbase(order, 2) - 2;
element_t Z;
element_t z1;
element_t x1;
element_init_same_as(Z, PR);
element_set(Z, P);
element_set1(z);
element_init_same_as(z1, z);
element_init_same_as(x1, z);
do_vert(x1, PR, Q);
element_printf("vert(P+R) %B\n", x1);
do_line(z1, P, R, Q);
element_printf("line(P,R) %B\n", z1);
element_div(x1, x1, z1);
element_printf("x1 %B\n", x1);
element_set(z, x1);
for (;;) {
printf("iteration %d: %d\n", m, mpz_tstbit(order,m));
element_square(z, z);
element_printf("squared: %B\n", z);
do_tangent(z1, Z, Q);
element_mul(z, z, z1);
element_double(Z, Z);
do_vert(z1, Z, Q);
element_div(z, z, z1);
element_printf("pre-if: %B\n", z);
if (mpz_tstbit(order, m)) {
element_mul(z, z, x1);
do_vert(z1, P, Q);
element_mul(z, z, z1);
element_printf("done %B\n", z);
/*
do_line(z1, Z, P, Q);
element_mul(z, z, z1);
element_add(Z, Z, P);
do_vert(z1, Z, Q);
element_div(z, z, z1);
*/
}
if (!m) break;
m--;
}
element_clear(x1);
element_clear(z1);
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
char m[80]={0};
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
printf("Enter the message to be encrypted : ");
gets(m);
size_t len_m = sizeof(m);
unsigned char hash[30];
SHA1(m, len_m, hash);
printf("The hash is : %s", hash);
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
element_printf("The public key is %B\n", public_key);
element_from_hash(h, hash, 30);
element_pow_zn(sig, h, secret_key);
pairing_apply(temp1, sig, g, pairing);
pairing_apply(temp2, h, public_key, pairing);
if(!element_cmp(temp1, temp2)){
printf("\nVerified\n");}
else{
printf("\nNot verified\n");
}
}
void weil(element_t w, element_t g, element_t h)
{
element_t gr;
element_t hs;
element_t r;
element_t s;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(gr, g);
element_init_same_as(hs, h);
element_init_same_as(r, g);
element_init_same_as(s, h);
element_random(r);
element_random(s);
//point_random always takes the same square root
//why not take the other one for once?
element_neg(r, r);
element_set_str(r, "[[40,0],[54,0]]", 0);
element_set_str(s, "[[48,55],[28,51]]", 0);
element_printf("chose R = %B\n", r);
element_printf("chose S = %B\n", s);
element_add(gr, g, r);
element_add(hs, h, s);
element_printf("P+R = %B\n", gr);
element_printf("Q+S = %B\n", hs);
miller(z, gr, r, g, hs);
miller(z0, gr, r, g, s);
element_div(z1, z, z0);
element_printf("num: %B\n", z1);
miller(z, hs, s, h, gr);
miller(z0, hs, s, h, r);
element_div(w, z, z0);
element_printf("denom: %B\n", w);
element_div(w, z1, w);
element_clear(gr);
element_clear(r);
element_clear(hs);
element_clear(s);
element_clear(z);
element_clear(z0);
element_clear(z1);
}
void test_secret_sharing(fenc_attribute_policy *policy, pairing_t pairing)
{
element_t secret, recovered_secret, tempZ, temp2Z;
FENC_ERROR err_code;
fenc_attribute_list attribute_list;
fenc_lsss_coefficient_list coefficient_list;
unsigned int i;
char *policy_str;
size_t str_len = 2048;
/* Print the policy. */
//fenc_attribute_policy_to_string(policy->root, NULL, &str_len, 100000);
fenc_attribute_policy_to_string(policy->root, NULL, 100000);
policy_str = (char*)SAFE_MALLOC(str_len);
fenc_attribute_policy_to_string(policy->root, policy_str, str_len);
//fenc_attribute_policy_to_string(policy->root, policy_str, &index, str_len);
printf("%s\n", policy_str);
/* Pick a random secret value. */
element_init_Zr(secret, pairing);
element_init_Zr(recovered_secret, pairing);
element_random(secret);
element_printf("Original secret: %B\n", secret);
/* Share the secret. The shares are placed within a newly-initialized attribute_list. */
memset(&attribute_list, 0, sizeof(fenc_attribute_list));
err_code = fenc_LSSS_calculate_shares_from_policy(&secret, policy, &attribute_list, pairing);
if (err_code != FENC_ERROR_NONE) {
printf("could not share secrets!\n");
return;
}
printf("\nCreated %d shares:\n", attribute_list.num_attributes);
for (i = 0; i < attribute_list.num_attributes; i++) {
element_printf("\t share %d:\t%B\n", i, attribute_list.attribute[i].share);
}
/* Take the resulting attribute_list and feed it as input to the coefficient recovery mechanism.
* Note that the coefficient recovery doesn't use the shares as input, it just looks at the
* attributes. */
err_code = LSSS_allocate_coefficient_list(&coefficient_list, attribute_list.num_attributes, pairing);
if (err_code != FENC_ERROR_NONE) {
printf("could not allocate coefficient list!\n");
return;
}
err_code = fenc_LSSS_calculate_coefficients_from_policy(policy, &attribute_list, &coefficient_list, pairing);
if (err_code != FENC_ERROR_NONE) {
printf("could not compute coefficients!\n");
return;
}
printf("\nComputed %d coefficients:\n", attribute_list.num_attributes);
for (i = 0; i < attribute_list.num_attributes; i++) {
if (coefficient_list.coefficients[i].is_set == TRUE) {
element_printf("\t coefficient %d: %B\n", i, coefficient_list.coefficients[i].coefficient);
} else {
printf("\t coefficient %d: <pruned>\n", i);
}
}
/* Now let's manually try to recover the secret. Unfortunately this requires some messy
* element arithmetic. */
printf("How many attributes in policy?: '%d'\n", attribute_list.num_attributes);
element_init_Zr(tempZ, pairing);
element_init_Zr(temp2Z, pairing);
element_set0(recovered_secret);
for (i = 0; i < attribute_list.num_attributes; i++) {
if (coefficient_list.coefficients[i].is_set == TRUE) {
element_mul(tempZ, coefficient_list.coefficients[i].coefficient, attribute_list.attribute[i].share);
element_add(temp2Z, tempZ, recovered_secret);
element_set(recovered_secret, temp2Z);
}
}
element_printf("Recovered secret: %B\n", recovered_secret);
element_clear(secret);
element_clear(recovered_secret);
element_clear(tempZ);
element_clear(temp2Z);
}
int main(void)
{
int i;
element_t g, h;
element_t w0, w1;
element_t a, b;
mpz_t prime, cofac;
mpz_init(prime);
mpz_init(order);
mpz_init(cofac);
mpz_set_ui(prime, 59);
field_init_fp(Fq, prime);
element_init(a, Fq);
element_init(b, Fq);
field_init_fi(Fq2, Fq);
element_set1(a);
element_set0(b);
mpz_set_ui(order, 5);
mpz_set_ui(cofac, 12);
field_init_curve_ab(E, a, b, order, cofac);
element_clear(a);
element_clear(b);
element_init(a, Fq2);
element_init(b, Fq2);
element_set1(a);
element_set0(b);
mpz_mul(cofac, cofac, cofac);
field_init_curve_ab(E2, a, b, order, NULL);
element_init(g, E2);
element_init(h, E2);
element_init(w0, Fq2);
element_init(w1, Fq2);
/*
do {
element_random(g);
} while (element_is1(g));
for (i=1; i<5; i++) {
element_mul(h, h, g);
element_printf("%d: %B\n", i, h);
element_printf("tangent = ");
do_tangent(h);
}
*/
element_set_str(g, "[[25,0],[30,0]", 0);
element_set_str(h, "[[34,0],[0,30]", 0);
weil(w0, g, h);
element_printf("weil: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
fasterweil(w0, g, h);
element_printf("fasterweil: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
fasterweil2(w0, g, h);
element_printf("fasterweil2: %B\n", w0);
tate(w0, g, h);
element_printf("tate: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
shipseystange(w0, g, h);
element_printf("ss-tate: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
return 0;
}
int main(int argc, char **argv) {
verbose = 0;
ifsize = 0;
int canrun =0;
clock_t start_t, end_t;
float total_t;
int user_num = 100;
int k;
int choose;
char *para1, *para2;
while ((choose = getopt (argc, argv, "vfn:hgs")) != -1) {
switch (choose) {
case 's':
ifsize = 1;
break;
case 'h':
usage();
exit(0);
break;
case 'v':
verbose = 1;
break;
case 'n':
user_num = atoi(optarg);
break;
case 'g':
//printf("Initializing pairing parameters...\n");
if(canrun) {
fprintf(stderr, "Pairing parameters have been set, \'-g\' should not set paring parameters again.\n");
break;
}
canrun = 1;
k=0;
for( ; optind<argc && !(*argv[optind] == '-'); optind++) k++;
if(k==2) {
int rbits = atoi(argv[optind-k]);
int qbits = atoi(argv[optind-k+1]);
pbc_param_t param;
// printf("rbits=%d qbits=%d\n",rbits,qbits);
pbc_param_init_a_gen(param, rbits, qbits);
pairing_init_pbc_param(pairing, param);
pairing_init_pbc_param(pairing2, param);
pbc_param_clear(param);
} else {
fprintf(stderr, "Input invalid!\n");
usage();
exit(-1);
}
break;
case 'f':
//printf("Initializing pairing parameters...\n");
if(canrun) {
fprintf(stderr, "Pairing parameters have been set, \'-f\' should not set paring parameters again.\n");
break;
}
canrun = 1;
k=0;
for( ; optind<argc && !(*argv[optind] == '-'); optind++) k++;
if(k==2) {
pbc_single_pairing_init(pairing, argc, argv[optind-k]);
pbc_single_pairing_init(pairing2, argc, argv[optind-k+1]);
}
else {
fprintf(stderr, "Input invalid!\n");
usage();
exit(-1);
}
break;
case '?':
fprintf(stderr, "Invalid parameters!\n");
usage();
exit(-1);
break;
default:
abort();
}
}
if(!canrun) {
printf("Please at least set \'-f\' or \'-g\'\n");
usage();
exit(-1);
}
//printf("Initializing system variable and public key....\n");
element_init_G2(g, pairing);
element_init_G2(X, pairing);
element_init_G2(Y, pairing);
element_init_Zr(x, pairing2);
element_init_Zr(y, pairing2);
element_random(x);
element_random(y);
printf("g=%lu X=%lu Y=%lu x=%lu y=%lu\n",sizeof(g),sizeof(X),sizeof(Y),sizeof(x),sizeof(y));
//system variable & public key generation
element_random(g);
if(verbose) element_printf("system parameter g = %B\n", g);
element_pow_zn(X, g, x);
element_pow_zn(Y, g, y);
// mpz_t mpz_g, mpz_X, mpz_Y;
// mpz_inits(mpz_g, mpz_X, mpz_Y, mpz_x, mpz_y, NULL);
// element_to_mpz(mpz_g, g);
// element_to_mpz(mpz_x, x);
// element_to_mpz(mpz_y, y);
// mpz_powm(mpz_X, mpz_g, mpz_x, pairing->r);
// element_set_mpz(X, mpz_X);
// //element_pow_zn(X, g, x);
// mpz_powm(mpz_Y, mpz_g, mpz_y, pairing->r);
// element_set_mpz(Y, mpz_Y);
// if(verbose) {
// gmp_printf("pair order %zd\n", pairing->r);
// gmp_printf("mpz g %zd\n", mpz_g);
// element_printf("x = %B\n", x);
// gmp_printf("mpz x %zd\n", mpz_x);
// gmp_printf("mpz y %zd\n", mpz_y);
// gmp_printf("mpz X %zd\n", mpz_X);
// element_printf("public key X = %B\n", X);
// element_printf("public key Y = %B\n", Y);
// }
// //element_pow_zn(Y, g, y);
// mpz_clear(mpz_g);mpz_clear(mpz_X);mpz_clear(mpz_Y);
unsigned char *a, *b, *c, *cu;
/*******Working********/
start_t = clock();
clock_t tmp_start;
clock_t bscurtotal = 0;
float bstotal;
clock_t tmp=0;
clock_t max;
clock_t min;
for(int i=0; i<user_num; i++) {
//printf("New user comes...\n");
UEActivity(&a, &b, &c, &cu);
tmp_start = clock();
BSActivity(a, b, c, cu);
tmp = clock() - tmp_start;
if(i==0) {min = tmp; max = tmp;}
else {
if(tmp > max) max = tmp;
if(tmp < min) min = tmp;
}
printf("Processing time for this user is %f ms \n",(float)tmp*1000 / CLOCKS_PER_SEC);
bscurtotal += tmp;
}
clock_t avg = bscurtotal / user_num;
printf("max single user time is %f ms \n",(float)max*1000 / CLOCKS_PER_SEC);
printf("min single user time is %f ms \n",(float)min*1000 / CLOCKS_PER_SEC);
printf("average single user time is %f ms \n",(float)avg*1000 / CLOCKS_PER_SEC);
//printf("************************\n");
end_t = clock();
total_t = (float)(end_t - start_t) / CLOCKS_PER_SEC;
bstotal = (float)bscurtotal / CLOCKS_PER_SEC;
//printf("User number: %d. \nTotal Generation & verification time taken by CPU: %f seconds.\n", user_num, total_t);
//printf("Total verification time at base station taken by CPU: %f seconds.\n", bstotal);
//printf("Exiting of the program...\n");
element_clear(g);
element_clear(X);
element_clear(Y);
element_clear(x);
element_clear(y);
return 0;
}
void shipseystange(element_t z, element_t P, element_t Q)
{
mpz_t q1r;
mpz_init(q1r);
mpz_set_ui(q1r, 696);
element_ptr x = curve_x_coord(P);
element_ptr y = curve_y_coord(P);
element_ptr x2 = curve_x_coord(Q);
element_ptr y2 = curve_y_coord(Q);
element_t v0m1, v0m2, v0m3;
element_t v00, v01, v02, v03, v04;
element_t v1m1, v10, v11;
element_t t0, t1, t2;
element_t W20inv;
element_t Wm11inv;
element_t W2m1inv;
element_t sm2, sm1, s0, s1, s2, s3;
element_t pm2, pm1, p0, p1, p2, p3;
element_init_same_as(sm2, z);
element_init_same_as(sm1, z);
element_init_same_as(s0, z);
element_init_same_as(s1, z);
element_init_same_as(s2, z);
element_init_same_as(s3, z);
element_init_same_as(pm2, z);
element_init_same_as(pm1, z);
element_init_same_as(p0, z);
element_init_same_as(p1, z);
element_init_same_as(p2, z);
element_init_same_as(p3, z);
element_init_same_as(v0m3, z);
element_init_same_as(v0m2, z);
element_init_same_as(v0m1, z);
element_init_same_as(v00, z);
element_init_same_as(v01, z);
element_init_same_as(v02, z);
element_init_same_as(v03, z);
element_init_same_as(v04, z);
element_init_same_as(v1m1, z);
element_init_same_as(v10, z);
element_init_same_as(v11, z);
element_init_same_as(W20inv, z);
element_init_same_as(Wm11inv, z);
element_init_same_as(W2m1inv, z);
element_init_same_as(t0, z);
element_init_same_as(t1, z);
element_init_same_as(t2, z);
element_set0(v0m1);
element_set1(v00);
element_neg(v0m2, v00);
element_double(v01, y);
element_neg(v0m3, v01);
element_invert(W20inv, v01);
element_sub(Wm11inv, x, x2);
element_square(t1, Wm11inv);
element_invert(Wm11inv, Wm11inv);
element_double(t0, x);
element_add(t0, t0, x2);
element_mul(t1, t0, t1);
element_add(t0, y, y2);
element_square(t0, t0);
element_sub(t0, t0, t1);
element_invert(W2m1inv, t0);
/* Let P=(x,y) since A=1, B=0 we have:
* W(3,0) = 3x^4 + 6x^2 - 1
* W(4,0) = 4y(x^6 + 5x^4 - 5x^2 - 1)
*/
//t0 = x^2
element_square(t0, x);
//t1 = x^4
element_square(t1, t0);
//t2 = x^4 + 2 x^2
element_double(t2, t0);
element_add(t2, t2, t1);
//v02 = W(3,0)
element_double(v02, t2);
element_add(v02, v02, t2);
element_add(v02, v02, v0m2);
//t2 = x^4 - x^2
element_sub(t2, t1, t0);
//v03 = 5(x^4 - x^2)
element_double(v03, t2);
element_double(v03, v03);
element_add(v03, v03, t2);
//t2 = x^6
element_mul(t2, t0, t1);
//v03 = W(4,0)
element_add(v03, v03, t2);
element_add(v03, v03, v0m2);
element_double(v03, v03);
element_double(v03, v03);
element_mul(v03, v03, y);
//v04 = W(5,0) = W(2,0)^3 W(4,0) - W(3,0)^3
element_square(t0, v01);
element_mul(t0, t0, v01);
element_mul(v04, t0, v03);
element_square(t0, v02);
element_mul(t0, t0, v02);
element_sub(v04, v04, t0);
element_set1(v1m1);
element_set1(v10);
element_printf("x y: %B %B\n", x, y);
element_printf("x2 y2: %B %B\n", x2, y2);
element_sub(t0, x2, x);
element_sub(t1, y2, y);
element_div(t0, t1, t0);
element_square(t0, t0);
element_double(v11, x);
element_add(v11, v11, x2);
element_sub(v11, v11, t0);
element_printf("VEC1: %B %B %B\n", v1m1, v10, v11);
element_printf("VEC0: %B %B %B %B %B %B %B %B\n",
v0m3, v0m2, v0m1, v00, v01, v02, v03, v04);
//Double
element_square(sm2, v0m2);
element_square(sm1, v0m1);
element_square(s0, v00);
element_square(s1, v01);
element_square(s2, v02);
element_square(s3, v03);
element_mul(pm2, v0m3, v0m1);
element_mul(pm1, v0m2, v00);
element_mul(p0, v0m1, v01);
element_mul(p1, v00, v02);
element_mul(p2, v01, v03);
element_mul(p3, v02, v04);
element_mul(t0, pm1, sm2);
element_mul(t1, pm2, sm1);
element_sub(v0m3, t0, t1);
element_mul(t1, pm2, s0);
element_mul(t0, p0, sm2);
element_sub(v0m2, t0, t1);
element_mul(v0m2, v0m2, W20inv);
element_mul(t0, p0, sm1);
element_mul(t1, pm1, s0);
element_sub(v0m1, t0, t1);
element_mul(t1, pm1, s1);
element_mul(t0, p1, sm1);
element_sub(v00, t0, t1);
element_mul(v00, v00, W20inv);
element_mul(t0, p1, s0);
element_mul(t1, p0, s1);
element_sub(v01, t0, t1);
element_mul(t1, p0, s2);
element_mul(t0, p2, s0);
element_sub(v02, t0, t1);
element_mul(v02, v02, W20inv);
element_mul(t0, p2, s1);
element_mul(t1, p1, s2);
element_sub(v03, t0, t1);
element_mul(t1, p1, s3);
element_mul(t0, p3, s1);
element_sub(v04, t0, t1);
element_mul(v04, v04, W20inv);
element_square(t0, v10);
element_mul(t1, v1m1, v11);
element_mul(t2, pm1, t0);
element_mul(v1m1, t1, sm1);
element_sub(v1m1, v1m1, t2);
element_mul(t2, p0, t0);
element_mul(v10, t1, s0);
element_sub(v10, v10, t2);
element_mul(t2, p1, t0);
element_mul(v11, t1, s1);
element_sub(v11, v11, t2);
element_mul(v11, v11, Wm11inv);
element_printf("VEC1: %B %B %B\n", v1m1, v10, v11);
element_printf("VEC0: %B %B %B %B %B %B %B %B\n",
v0m3, v0m2, v0m1, v00, v01, v02, v03, v04);
//DoubleAdd
element_square(sm2, v0m2);
element_square(sm1, v0m1);
element_square(s0, v00);
element_square(s1, v01);
element_square(s2, v02);
element_square(s3, v03);
element_mul(pm2, v0m3, v0m1);
element_mul(pm1, v0m2, v00);
element_mul(p0, v0m1, v01);
element_mul(p1, v00, v02);
element_mul(p2, v01, v03);
element_mul(p3, v02, v04);
element_mul(t1, pm2, s0);
element_mul(t0, p0, sm2);
element_sub(v0m3, t0, t1);
element_mul(v0m3, v0m3, W20inv);
element_mul(t0, p0, sm1);
element_mul(t1, pm1, s0);
element_sub(v0m2, t0, t1);
element_mul(t1, pm1, s1);
element_mul(t0, p1, sm1);
element_sub(v0m1, t0, t1);
element_mul(v0m1, v0m1, W20inv);
element_mul(t0, p1, s0);
element_mul(t1, p0, s1);
element_sub(v00, t0, t1);
element_mul(t1, p0, s2);
element_mul(t0, p2, s0);
element_sub(v01, t0, t1);
element_mul(v01, v01, W20inv);
element_mul(t0, p2, s1);
element_mul(t1, p1, s2);
element_sub(v02, t0, t1);
element_mul(t1, p1, s3);
element_mul(t0, p3, s1);
element_sub(v03, t0, t1);
element_mul(v03, v03, W20inv);
element_mul(t0, p3, s2);
element_mul(t1, p2, s3);
element_sub(v04, t0, t1);
element_square(t0, v10);
element_mul(t1, v1m1, v11);
element_mul(t2, p0, t0);
element_mul(v1m1, t1, s0);
element_sub(v1m1, v1m1, t2);
element_mul(t2, p1, t0);
element_mul(v10, t1, s1);
element_sub(v10, v10, t2);
element_mul(v10, v10, Wm11inv);
element_mul(t2, t1, s2);
element_mul(v11, p2, t0);
element_sub(v11, v11, t2);
element_mul(v11, v11, W2m1inv);
element_printf("VEC1: %B %B %B\n", v1m1, v10, v11);
element_printf("VEC0: %B %B %B %B %B %B %B %B\n",
v0m3, v0m2, v0m1, v00, v01, v02, v03, v04);
element_div(z, v11, v01);
element_printf("prepow: %B\n", z);
element_pow_mpz(z, z, q1r);
mpz_clear(q1r);
}
void UEActivity(unsigned char **da, unsigned char **db, unsigned char **dc, unsigned char **dcu) {
//printf("Generating keys.....\n");
element_t a, b, c, cu, r, A, B, C;
element_t ax, a1cuxy;
element_t xy, cuxy;
element_init_G1(a, pairing);
element_init_G1(b, pairing);
element_init_G1(c, pairing);
element_init_Zr(r, pairing);
element_init_G1(A, pairing);
element_init_G1(B, pairing);
element_init_G1(C, pairing);
element_init_G1(ax, pairing);
element_init_G1(a1cuxy, pairing);
//temporarily regard p and q are independent
//instead of p = 2q + 1
element_init_Zr(xy, pairing2);
element_init_Zr(cuxy, pairing2);
element_init_Zr(cu, pairing2);
//temporarily regard cu as a random number in Zr
//instead of Cu = r^k&^ru
element_random(cu);
element_random(a);
if(verbose) element_printf("sig component a = %B\n", a);
element_pow_zn(b, a, y);
// mpz_t mpz_a, mpz_b, mpz_c;
// mpz_inits(mpz_a, mpz_b, mpz_c, NULL);
// element_to_mpz(mpz_a, a);
// mpz_powm(mpz_b, mpz_a, mpz_y, pairing->r);
// element_set_mpz(b, mpz_b);
//element_pow_zn(b, a, y);
if(verbose) element_printf("sig component b = %B\n", b);
element_pow_zn(ax, a, x);
// mpz_t mpz_ax, mpz_a1cuxy, mpz_cuxy;
// mpz_inits(mpz_ax, mpz_a1cuxy, mpz_cuxy, NULL);
// mpz_powm(mpz_ax, mpz_a, mpz_x, pairing->r);
// element_set_mpz(ax, mpz_ax);
element_mul(xy, x, y);
element_mul(cuxy, xy, cu);
element_pow_zn(a1cuxy, a, cuxy);
// element_to_mpz(mpz_cuxy, cuxy);
// mpz_powm(mpz_a1cuxy, mpz_a, mpz_cuxy, pairing->r);
// element_set_mpz(a1cuxy, mpz_a1cuxy);
element_mul(c, ax, a1cuxy);
if(verbose) element_printf("sig component c = %B\n", c);
//blind the signature
// mpz_t mpz_A, mpz_B, mpz_C, mpz_r;
// mpz_inits(mpz_A, mpz_B, mpz_C, mpz_r, NULL);
element_random(r);
element_pow_zn(A, a, r);
element_pow_zn(B, b, r);
element_pow_zn(C, c, r);
// element_to_mpz(mpz_r, r);
// mpz_powm(mpz_A, mpz_a, mpz_r, pairing->r);
// mpz_powm(mpz_B, mpz_b, mpz_r, pairing->r);
// mpz_powm(mpz_C, mpz_c, mpz_r, pairing->r);
// element_set_mpz(A, mpz_A);
// element_set_mpz(B, mpz_B);
// element_set_mpz(C, mpz_C);
//clear meta elements
element_clear(ax);
element_clear(a1cuxy);
element_clear(xy);
element_clear(cuxy);
element_clear(r);
element_clear(a);
element_clear(b);
element_clear(c);
// mpz_clear(mpz_a);
// mpz_clear(mpz_b);
// mpz_clear(mpz_c);
// mpz_clear(mpz_ax);
// mpz_clear(mpz_a1cuxy);
// mpz_clear(mpz_cuxy);
// mpz_clear(mpz_A);
// mpz_clear(mpz_B);
// mpz_clear(mpz_C);
// mpz_clear(mpz_r);
//signature compress
int n = pairing_length_in_bytes_compressed_G1(pairing);
int m = pairing_length_in_bytes_Zr(pairing2);
*da = pbc_malloc(n);
*db = pbc_malloc(n);
*dc = pbc_malloc(n);
*dcu = pbc_malloc(m);
element_to_bytes_compressed(*da, A);
element_to_bytes_compressed(*db, B);
element_to_bytes_compressed(*dc, C);
element_to_bytes(*dcu, cu);
return;
}
int main(int argc, char **argv) {
pairing_t pairing;
double time1, time2;
element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
element_init_G1(P, pairing);
element_init_G1(t1, pairing);
element_init_G1(t2, pairing);
element_init_G1(t3, pairing);
element_init_Zr(a, pairing);
element_init_Zr(b, pairing);
element_init_Zr(c, pairing);
element_init_GT(t4, pairing);
element_init_GT(t5, pairing);
element_init_GT(t6, pairing);
element_init_GT(Ka, pairing);
element_init_GT(Kb, pairing);
element_init_GT(Kc, pairing);
time1 = pbc_get_time();
printf("Joux key agreement between A, B and C.\n");
element_random(P);
element_random(a);
element_random(b);
element_random(c);
element_mul_zn(t1, P, a);
printf("A sends B and C: aP\n");
element_printf("aP = %B\n", t1);
element_mul_zn(t2, P, b);
printf("B sends A and C: bP\n");
element_printf("bP = %B\n", t2);
element_mul_zn(t3, P, c);
printf("C sends A and B: cP\n");
element_printf("cP = %B\n", t3);
element_pairing(t4, t2, t3);
element_pow_zn(Ka, t4, a);
element_printf("Ka = %B\n", Ka);
element_pairing(t5, t1, t3);
element_pow_zn(Kb, t5, b);
element_printf("Kb = %B\n", Kb);
element_pairing(t6, t1, t2);
element_pow_zn(Kc, t6, c);
element_printf("Kc = %B\n", Kc);
printf("Shared key K = Ka = Kb = Kc\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(Ka);
element_clear(Kb);
element_clear(Kc);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
element_clear(t5);
element_clear(t6);
pairing_clear(pairing);
return 0;
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
double time1, time2;
element_t P, Ppub, x, S, H, t1, t2, t3, t4;
element_init_Zr(x, pairing);
element_init_Zr(H, pairing);
element_init_Zr(t1, pairing);
element_init_G1(S, pairing);
element_init_G1(P, pairing);
element_init_G1(Ppub, pairing);
element_init_G1(t2, pairing);
element_init_GT(t3, pairing);
element_init_GT(t4, pairing);
printf("ZSS short signature schema\n");
printf("KEYGEN\n");
time1 = pbc_get_time();
element_random(x);
element_random(P);
element_mul_zn(Ppub, P, x);
element_printf("P = %B\n", P);
element_printf("x = %B\n", x);
element_printf("Ppub = %B\n", Ppub);
printf("SIGN\n");
element_from_hash(H, "Message", 7);
element_add(t1, H, x);
element_invert(t1, t1);
element_mul_zn(S, P, t1);
printf("Signature of message \"Message\" is:\n");
element_printf("S = %B\n", S);
printf("VERIFY\n");
element_from_hash(H, "Message", 7);
element_mul_zn(t2, P, H);
element_add(t2, t2, Ppub);
element_pairing(t3, t2, S);
element_pairing(t4, P, P);
element_printf("e(H(m)P + Ppub, S) = %B\n", t3);
element_printf("e(P, P) = %B\n", t4);
if (!element_cmp(t3, t4)) printf("Signature is valid\n");
else printf("Signature is invalid\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(Ppub);
element_clear(x);
element_clear(S);
element_clear(H);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
pairing_clear(pairing);
return 0;
}
int main(int argc, char *argv[]){
//build the pairing function
pairing_t pairing;
if(argc < 2){
fprintf(stderr,"Wrong input arguments!\n");
fprintf(stderr,"Please input <./abe><supersinuglar> or <./abe><ordinary>\n");
}else{
if(!strcmp(argv[1],"ordinary")){
setupOrdinaryPairing(&pairing);
printf("Use ordinary curve...\n");
}else if(!strcmp(argv[1],"supersingular")){
setupSingularPairing(&pairing);//setup pairing first
printf("Use supersingular curve...\n");
}else{
fprintf(stderr,"Wrong input arguments!");
fprintf(stderr,"Please input <./abe><sinuglar> or <./abe><ordinary>\n");
}
}
//end of building the pairing funcion
//construct a CP-ABE scheme
//Pre-computation -> read the file of users
float difftime= 0.0;
int i,j,k = 0;//the index of the following loop
clock_t tStart,tEnd;
FILE *fTime = fopen("timeTate.txt","w+");
int loopNum = 100;
while(LOOP && loopNum){
tStart = clock();
MSP msp;//the monotone spanning program
mspSetup(&msp);
int rows = msp.rows;
FILE *fUser = fopen("user.file","r");//the pointer to read the user files
int userNo = 0;//the number of users
int* attrNo;//the number of attributes
char **userName;
char **attribute;
fscanf(fUser,"%d\n",&userNo);
attrNo = (int *)malloc(sizeof(int)*userNo);
userName = (char **)malloc(sizeof(char *)*userNo);
attribute = (char **)malloc(sizeof(char *)*userNo);
for( i = 0 ; i < userNo ; i++){
userName[i] = (char *)malloc(sizeof(char)*100);
fscanf(fUser,"%s\n",userName[i]);
fscanf(fUser,"%d\n",&attrNo[i]);
attribute[i] = (char *)malloc(sizeof(char)*attrNo[i]);
j = 0;//initialize the index of j
k = attrNo[i];
while(k != 0){
fscanf(fUser,"%c\n",&attribute[i][j]);
j++;
k--;
}
}
//1. Setup
setup(rows,&pairing,&msp);//the first step to set up the public key and master key
//2. KeyGen
for( i = 0; i<userNo;i++){
keyGen(pairing,attrNo[i],attribute[i],userName[i]);//genereate the private key according to user's attribute
}
element_t message;//the plaintext message;
element_init_GT(message,pairing);
element_random(message);
element_printf("M1 = %B\n",message);
//3.Encrypt
encrypt(message,pairing,&msp);
//4.Decrypt
decrypt(pairing,&msp,message,attrNo[1],attribute[1],userName[1]);
tEnd = clock();
//5.Time calculation presents
difftime = (float)(tEnd-tStart)/CLOCKS_PER_SEC;
printf("The cost time of tate pairing: %fs\n",difftime);
fprintf(fTime,"%f\r\n",difftime);
loopNum--;
}//end of while-loop
fclose(fTime);
return 0;
}
// interactive generation of group keys
int xsgs_generate_group_keys(void) {
pbc_param_ptr param;
XSGS_PUBLIC_KEY* gpk;
XSGS_ISSUER_KEY* ik;
XSGS_OPENER_KEY* ok;
DWORD ret = 0;
printf(
"\n\n+++ eXtremely Short Group Signature - Generate Group Keys +++\n\n");
// get interactively curve parameter
param = xsgs_select_curve_param("curves/", "xsgs_curve_", 11);
if (param == NULL) {
return 1;
}
// group public key generation
gpk = (XSGS_PUBLIC_KEY*) malloc(sizeof(XSGS_PUBLIC_KEY));
ik = (XSGS_ISSUER_KEY*) malloc(sizeof(XSGS_ISSUER_KEY));
xsgs_gm_gen(gpk, ik, param);
// group manager key generation
ok = (XSGS_OPENER_KEY*) malloc(sizeof(XSGS_OPENER_KEY));
xsgs_opener_gen(gpk, ok);
// print keys
printf("\nXSGS GROUP PUBLIC KEY (GPK):\n");
element_printf("G1 = \n%B\n", gpk->G1);
element_printf("K = \n%B\n", gpk->K);
element_printf("H = \n%B\n", gpk->H);
element_printf("G = \n%B\n", gpk->G);
element_printf("G2 = \n%B\n", gpk->G2);
element_printf("W = \n%B\n", gpk->W);
printf("\nXSGS ISSUER KEY (IK):\n");
element_printf("gamma = \n%B\n", ik->gamma);
printf("\nXSGS OPENER KEY (OK):\n");
element_printf("xi1 = \n%B\n", ok->xi1);
element_printf("xi2 = \n%B\n", ok->xi2);
// save keys to key store
if (xsgs_gpk_export_file("key_store/xsgs_gpk.key", gpk) == 0) {
printf("\nGPK saved to: key_store/xsgs_gpk.key\n");
} else {
printf("Error on saving GPK to: key_store/xsgs_gpk.key\n");
ret = 2;
}
if (xsgs_ik_export_file("key_store/xsgs_ik.key", ik) == 0) {
printf("IK saved to: key_store/xsgs_ik.key\n");
} else {
printf("Error on saving IK to: key_store/xsgs_ik.key\n");
ret = 3;
}
if (xsgs_ok_export_file("key_store/xsgs_ok.key", ok) == 0) {
printf("OK saved to: key_store/xsgs_ok.key\n");
} else {
printf("Error on saving OK to: key_store/xsgs_ok.key\n");
ret = 4;
}
// clear
//pbc_param_clear(param);
gpk_clear(gpk);
ik_clear(ik);
ok_clear(ok);
return ret;
}
void bbs_sign(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_ptr gpk, bbs_group_private_key_ptr gsk)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t alpha, beta;
element_t c;
element_t ralpha, rbeta, rx, rdelta1, rdelta2;
element_t z0, z1;
element_t e10, et0;
unsigned char *writeptr = sig;
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(alpha, Fp); element_random(alpha);
element_init(beta, Fp); element_random(beta);
//temp variables
element_init(z0, Fp);
element_init(z1, Fp);
element_init_GT(et0, pairing);
element_init_G1(e10, pairing);
element_init(ralpha, Fp); element_random(ralpha);
element_init(rbeta, Fp); element_random(rbeta);
element_init(rx, Fp); element_random(rx);
element_init(rdelta1, Fp); element_random(rdelta1);
element_init(rdelta2, Fp); element_random(rdelta2);
element_pow_zn(T1, gpk->u, alpha);
element_pow_zn(T2, gpk->v, beta);
element_add(z0, alpha, beta);
element_pow_zn(T3, gpk->h, z0);
element_mul(T3, T3, gsk->A);
element_pow_zn(R1, gpk->u, ralpha);
element_pow_zn(R2, gpk->v, rbeta);
/*
* rather than computing e(T3,g2), note that T3 = A h^{alpha+beta},
* use precomputed e(A,g2) and e(h,g2), and use appropriate
* exponentiations in GT.
*/
//pairing_apply(et0, T3, gpk->g2, pairing); /* precomputed */
element_pow_zn(et0, gpk->pr_h_g2, z0); /* NB. here z0 = alpha+beta */
element_mul(et0, et0, gsk->pr_A_g2);
//element_pow_zn(R3, et0, rx);
// pairing_apply(et0, gpk->h, gpk->w, pairing); /* precomputed */
element_add(z0, ralpha, rbeta);
element_neg(z0, z0);
//element_pow_zn(et0, gpk->pr_h_w, z0);
//element_mul(R3, R3, et0);
// pairing_apply(et0, gpk->h, gpk->g2, pairing); /* precomputed */
element_add(z1, rdelta1, rdelta2);
element_neg(z1, z1);
//element_pow_zn(et0, gpk->pr_h_g2, z1);
//element_mul(R3, R3, et0);
element_pow3_zn(R3, et0, rx, gpk->pr_h_w, z0, gpk->pr_h_g2, z1);
//element_pow_zn(R4, T1, rx);
element_neg(z0, rdelta1);
//element_pow_zn(e10, gpk->u, z0);
//element_mul(R4, R4, e10);
element_pow2_zn(R4, T1, rx, gpk->u, z0);
//element_pow_zn(R5, T2, rx);
element_neg(z0, rdelta2);
//element_pow_zn(e10, gpk->v, z0);
//element_mul(R5, R5, e10);
element_pow2_zn(R5, T2, rx, gpk->v, z0);
element_t M;
element_init_G1(M, pairing);
element_from_hash(M, hash, hashlen);
unsigned int hash_input_length = element_length_in_bytes(T1) +
element_length_in_bytes(T2) +
element_length_in_bytes(T3) +
element_length_in_bytes(R1) +
element_length_in_bytes(R2) +
element_length_in_bytes(R3) +
element_length_in_bytes(R4) +
element_length_in_bytes(R5) +
element_length_in_bytes(M);
unsigned char *hash_input = malloc(hash_input_length);
hash_input += element_to_bytes(hash_input, T1);
hash_input += element_to_bytes(hash_input, T2);
hash_input += element_to_bytes(hash_input, T3);
hash_input += element_to_bytes(hash_input, R1);
hash_input += element_to_bytes(hash_input, R2);
hash_input += element_to_bytes(hash_input, R3);
hash_input += element_to_bytes(hash_input, R4);
hash_input += element_to_bytes(hash_input, R5);
hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes
hash_input -= hash_input_length;
hash_ctx_t context;
unsigned char digest[hash_length];
hash_init(context);
hash_update(context, hash_input, hash_input_length);
hash_final(digest, context);
free(hash_input);
element_from_hash(c, digest, sizeof(digest));
element_clear(M);
//now the r's represent the values of the s's
//no need to allocate yet more variables
element_mul(z0, c, alpha);
element_add(ralpha, ralpha, z0);
element_mul(z0, c, beta);
element_add(rbeta, rbeta, z0);
element_mul(z1, c, gsk->x);
element_add(rx, rx, z1);
element_mul(z0, z1, alpha);
element_add(rdelta1, rdelta1, z0);
element_mul(z0, z1, beta);
element_add(rdelta2, rdelta2, z0);
writeptr += element_to_bytes(writeptr, T1);
writeptr += element_to_bytes(writeptr, T2);
writeptr += element_to_bytes(writeptr, T3);
writeptr += element_to_bytes(writeptr, c);
writeptr += element_to_bytes(writeptr, ralpha);
writeptr += element_to_bytes(writeptr, rbeta);
writeptr += element_to_bytes(writeptr, rx);
writeptr += element_to_bytes(writeptr, rdelta1);
writeptr += element_to_bytes(writeptr, rdelta2);
#ifdef DEBUG
element_printf("T1: %B\n", T1);
element_printf("T2: %B\n", T2);
element_printf("T3: %B\n", T3);
element_printf("R1: %B\n", R1);
element_printf("R2: %B\n", R2);
element_printf("R3: %B\n", R3);
element_printf("R4: %B\n", R4);
element_printf("R5: %B\n", R5);
element_printf("c: %B\n", c);
#endif
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(alpha);
element_clear(beta);
element_clear(c);
element_clear(ralpha);
element_clear(rbeta);
element_clear(rx);
element_clear(rdelta1);
element_clear(rdelta2);
//clear temp variables
element_clear(z0);
element_clear(z1);
element_clear(e10);
element_clear(et0);
}
int bbs_verify(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_t gpk)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, e20, e21, et0, z0, z1;
unsigned char *readptr = sig;
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_G2(e20, pairing);
element_init_G2(e21, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
element_init(z1, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
//element_pow_zn(R1, gpk->u, salpha);
//element_pow_zn(e10, T1, z0);
//element_mul(R1, R1, e10);
element_pow2_zn(R1, gpk->u, salpha, T1, z0);
//element_pow_zn(R2, gpk->v, sbeta);
//element_pow_zn(e10, T2, z0);
//element_mul(R2, R2, e10);
element_pow2_zn(R2, gpk->v, sbeta, T2, z0);
element_neg(z0, sdelta1);
//element_pow_zn(R4, gpk->u, z0);
//element_pow_zn(e10, T1, sx);
//element_mul(R4, R4, e10);
element_pow2_zn(R4, gpk->u, z0, T1, sx);
element_neg(z0, sdelta2);
//element_pow_zn(R5, gpk->v, z0);
//element_pow_zn(e10, T2, sx);
//element_mul(R5, R5, e10);
element_pow2_zn(R5, gpk->v, z0, T2, sx);
/*
* compute R3 more efficiently. use precomputed e(g1,g2)^{-1},
* e(h,g2), and e(h,w). this leaves e(T3,g2)^sx and e(T3,w)^c;
* compute these with one pairing as e(T3, g2^sx w^c).
*/
//element_pow_zn(e20, gpk->g2, sx);
//element_pow_zn(e21, gpk->w, c);
//element_mul(e20, e20, e21);
element_pow2_zn(e20, gpk->g2, sx, gpk->w, c);
pairing_apply(R3, T3, e20, pairing);
//element_pow_zn(et0, gpk->pr_g1_g2_inv, c);
//element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
//element_pow_zn(et0, gpk->pr_h_w, z0);
//element_mul(R3, R3, et0);
element_add(z1, sdelta1, sdelta2);
element_neg(z1, z1);
//element_pow_zn(et0, gpk->pr_h_g2, z1);
element_pow3_zn(et0, gpk->pr_g1_g2_inv, c, gpk->pr_h_w, z0, gpk->pr_h_g2, z1);
element_mul(R3, R3, et0);
#ifdef DEBUG
element_printf("T1: %B\n", T1);
element_printf("T2: %B\n", T2);
element_printf("T3: %B\n", T3);
element_printf("R1: %B\n", R1);
element_printf("R2: %B\n", R2);
element_printf("R3: %B\n", R3);
element_printf("R4: %B\n", R4);
element_printf("R5: %B\n", R5);
#endif
int result = 0;
element_t M;
element_init_G1(M, pairing);
element_from_hash(M, hash, hashlen);
unsigned int hash_input_length = element_length_in_bytes(T1) +
element_length_in_bytes(T2) +
element_length_in_bytes(T3) +
element_length_in_bytes(R1) +
element_length_in_bytes(R2) +
element_length_in_bytes(R3) +
element_length_in_bytes(R4) +
element_length_in_bytes(R5) +
element_length_in_bytes(M);
unsigned char *hash_input = malloc(hash_input_length);
hash_input += element_to_bytes(hash_input, T1);
hash_input += element_to_bytes(hash_input, T2);
hash_input += element_to_bytes(hash_input, T3);
hash_input += element_to_bytes(hash_input, R1);
hash_input += element_to_bytes(hash_input, R2);
hash_input += element_to_bytes(hash_input, R3);
hash_input += element_to_bytes(hash_input, R4);
hash_input += element_to_bytes(hash_input, R5);
hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes
hash_input -= hash_input_length;
hash_ctx_t context;
unsigned char digest[hash_length];
hash_init(context);
hash_update(context, hash_input, hash_input_length);
hash_final(digest, context);
free(hash_input);
element_t c1;
element_init(c1, Fp);
element_from_hash(c1, digest, sizeof(digest));
if (!element_cmp(c, c1)) {
result = 1;
}
element_clear(M);
element_clear(c1);
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(e20);
element_clear(e21);
element_clear(et0);
element_clear(z0);
element_clear(z1);
return result;
}
int main(void) {
field_t c;
field_t Z19;
element_t P, Q, R;
mpz_t q, z;
element_t a, b;
int i;
field_t Z19_2;
field_t c2;
element_t P2, Q2, R2;
element_t a2;
mpz_init(q);
mpz_init(z);
mpz_set_ui(q, 19);
field_init_fp(Z19, q);
element_init(a, Z19);
element_init(b, Z19);
element_set_si(a, 1);
element_set_si(b, 6);
mpz_set_ui(q, 18);
field_init_curve_ab(c, a, b, q, NULL);
element_init(P, c);
element_init(Q, c);
element_init(R, c);
printf("Y^2 = X^3 + X + 6 over F_19\n");
//(0,+/-5) is a generator
element_set0(a);
curve_from_x(R, a);
for (i=1; i<19; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q, R, z);
element_printf("%dR = %B\n", i, Q);
}
mpz_set_ui(z, 6);
element_mul_mpz(P, R, z);
//P has order 3
element_printf("P = %B\n", P);
for (i=1; i<=3; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q, R, z);
tate_3(a, P, Q, R);
element_printf("e_3(P,%dR) = %B\n", i, a);
}
element_double(P, R);
//P has order 9
element_printf("P = %B\n", P);
for (i=1; i<=9; i++) {
mpz_set_si(z, i);
//we're supposed to use multiples of R
//but 2R works just as well and it allows us
//to use R as the offset every time
element_mul_mpz(Q, P, z);
tate_9(a, P, Q, R);
element_printf("e_9(P,%dP) = %B\n", i, a);
}
//to do the pairing on all of E(F_19) we need to move to F_19^2
//or compute the rational function explicitly
printf("moving to F_19^2\n");
field_init_fi(Z19_2, Z19);
//don't need to tell it the real order
field_init_curve_ab_map(c2, c, element_field_to_fi, Z19_2, q, NULL);
element_init(P2, c2);
element_init(Q2, c2);
element_init(R2, c2);
element_init(a2, Z19_2);
element_set0(a2);
curve_from_x(P2, a2);
element_random(R2);
element_printf("P = %B\n", P2);
for (i=1; i<=18; i++) {
mpz_set_si(z, i);
element_mul_mpz(Q2, P2, z);
tate_18(a2, P2, Q2, R2, P2);
element_printf("e_18(P,%dP) = %B\n", i, a2);
}
element_clear(P2);
element_clear(Q2);
element_clear(R2);
element_clear(a2);
field_clear(c2);
field_clear(Z19_2);
field_clear(c);
element_clear(a);
element_clear(b);
element_clear(P);
element_clear(Q);
element_clear(R);
field_clear(Z19);
mpz_clear(q);
mpz_clear(z);
return 0;
}
void test_libfenc(char *policy)
{
FENC_ERROR result;
fenc_context context;
fenc_group_params group_params;
fenc_global_params global_params;
fenc_function_input policy_input;
pairing_t pairing;
FILE *fp;
char *public_params_buf = NULL;
size_t serialized_len;
memset(&context, 0, sizeof(fenc_context));
memset(&group_params, 0, sizeof(fenc_group_params));
memset(&global_params, 0, sizeof(fenc_global_params));
/* Initialize the library. */
result = libfenc_init();
report_error("Initializing library", result);
/* Create a Sahai-Waters context. */
result = libfenc_create_context(&context, FENC_SCHEME_WATERSCP);
report_error("Creating context for Waters CP scheme", result);
/* Load group parameters from a file. */
fp = fopen(PARAM, "r");
if (fp != NULL) {
libfenc_load_group_params_from_file(&group_params, fp);
libfenc_get_pbc_pairing(&group_params, pairing);
} else {
perror("Could not open type-d parameters file.\n");
return;
}
fclose(fp);
/* Set up the global parameters. */
result = context.generate_global_params(&global_params, &group_params);
result = libfenc_gen_params(&context, &global_params);
/* Set up the publci parameters */
fp = fopen(PUBLIC_FILE".cp", "r");
if(fp != NULL) {
size_t pub_len = read_file(fp, &public_params_buf);
/* base-64 decode */
uint8 *bin_public_buf = NewBase64Decode((const char *) public_params_buf, pub_len, &serialized_len);
/* Import the parameters from binary buffer: */
result = libfenc_import_public_params(&context, bin_public_buf, serialized_len);
report_error("Importing public parameters", result);
free(public_params_buf);
free(bin_public_buf);
}
else {
perror("Could not open public parameters\n");
return;
}
fclose(fp);
/* encrypt under given policy */
// fenc_attribute_policy *parsed_policy = construct_test_policy();
fenc_attribute_policy *parsed_policy = (fenc_attribute_policy *) malloc(sizeof(fenc_attribute_policy));
memset(parsed_policy, 0, sizeof(fenc_attribute_policy));
fenc_policy_from_string(parsed_policy, policy);
policy_input.input_type = FENC_INPUT_NM_ATTRIBUTE_POLICY;
policy_input.scheme_input = (void *) parsed_policy;
printf("START: test_secret_sharing\n");
test_secret_sharing(parsed_policy, pairing);
printf("END: test_secret_sharing\n");
/* simple test */
element_t ONE, TWO, THREE, ONEG2, TWOG2, THREEG2, ONEGT, TWOGT, FinalGT;
element_init_G1(ONE, pairing);
element_init_G1(TWO, pairing);
element_init_G1(THREE, pairing);
element_init_G2(ONEG2, pairing);
element_init_G2(TWOG2, pairing);
element_init_G2(THREEG2, pairing);
element_init_GT(ONEGT, pairing);
element_init_GT(TWOGT, pairing);
element_init_GT(FinalGT, pairing);
clock_t start, stop;
double timeG1, timeG2, timePairing;
element_random(ONE);
element_random(TWO);
element_random(ONEG2);
element_random(TWOG2);
// element_random(ONEGT);
// element_random(TWOGT);
/* time G1 */
start = clock();
element_mul(THREE, ONE, TWO);
stop = clock();
timeG1 = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("THREEG1: %B, ", THREE);
printf("G1 mul time: %f secs\n", timeG1);
/* time G2 */
start = clock();
element_mul(THREEG2, ONEG2, TWOG2);
stop = clock();
timeG2 = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("THREEG2: %B, ", THREEG2);
printf("G2 mul time: %f secs\n", timeG2);
/* time GT
start = clock();
element_mul(FinalGT, ONEGT, TWOGT);
stop = clock();
timeGT = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("FinalGT: %B, ", FinalGT);
printf("GT mul time: %f secs\n", timeGT); */
/* time pairings */
start = clock();
pairing_apply(FinalGT, THREE, THREEG2, pairing);
stop = clock();
timePairing = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("Pairing: %B, ", FinalGT);
printf("GT pairing time: %f secs\n", timePairing);
free(parsed_policy);
result = libfenc_shutdown();
report_error("Shutting down library", result);
}
int main(int argc, char **argv) {
FILE *fpairing, *ftag, *fdata, *fresult, *fplain, *fkey, *fcipher, *fpub;
pairing_t pairing;
paillier_pubkey_t *pub;
paillier_prvkey_t *priv;
element_t g, h, u, sig1, sig2, sig3, temp_pow, m, g1, g2;
element_t public_key, tag, tag_prod;
element_t secret_key;
paillier_get_rand_t get_rand;
paillier_ciphertext_t *cipher1, *cipher2;
paillier_plaintext_t *plain1, *plain2;
mpz_t pub_n, a, b, data2, nsquare;
int count = 0, val=5;
pairing_init_set_str(pairing, param_str);
//mpz_init_set_str(data_sum, "0", 10);
plain1 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
plain2 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
cipher1 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
cipher2 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
//pbc_demo_pairing_init(pairing, argc, argv);
element_init_G1(g1, pairing);
element_init_G1(g2, pairing);
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(u, pairing);
element_init_G1(temp_pow, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(m, pairing);
element_init_G1(sig1, pairing);
element_init_G1(sig2, pairing);
element_init_G1(sig3, pairing);
element_init_G1(tag, pairing);
element_init_G1(tag_prod, pairing);
element_init_Zr(secret_key, pairing);
// mpz_init(pub_n);
char *len;
mpz_init(a);
mpz_init(b);
mpz_init(data2);
printf("Short signature test\n");
len = (char *)malloc(2048*sizeof(char));
if((fpub = fopen("pub.txt", "r")))
{
pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
mpz_init(pub->n_squared);
mpz_init(pub->n);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->p, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->q, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->n_plusone, len, 10);
//printf("value of nplusone : \n");
//mpz_out_str(stdout, 10, pub->n_plusone);
paillier_keygen(&pub, &priv, get_rand, 0);
pub->bits = mpz_sizeinbase(pub->n, 2);
fclose(fpub);
}
//setting already known pairing parameters
if((fpairing = fopen("pairing.txt", "r")))
{
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(g, len, 10);
//element_printf(" g = %B\n", g);
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(u, len, 10);
//element_printf("\n u= %B\n", u);
fgets(len, 1000, fpairing);
element_set_str(secret_key, len, 10);
//element_printf(" secretkey %B\n",secret_key);
fgets(len, 1000, fpairing);
element_set_str(public_key, len, 10);
//element_printf(" publickey %B\n", public_key);
fgets(len, 1000, fpairing);
element_set_str(h, len, 10);
//element_printf(" \nh = %B\n", h);
fgets(len, 1000, fpairing);
mpz_init_set_str(pub_n, len, 10);
//printf("\n n = ");
//mpz_out_str(stdout, 10, pub_n);
fclose(fpairing);
}
element_set1(tag_prod);
ftag = fopen("./tag/output5.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g1, len, 10);
element_printf("\ng1 = %B\n", g1);
fclose(ftag);
ftag = fopen("./tag/output6.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g2, len, 10);
element_printf("\ng2 = %B\n", g2);
fclose(ftag);
fplain = fopen("./split/output5.txt", "r");
fgets(len, 1000, fplain);
// printf("\nlen %s", len);
mpz_set_str(a, len, 10);
//element_printf("\na = %Zd\n", a);
fclose(fplain);
fplain = fopen("./split/output6.txt", "r");
fgets(len, 1000, fplain);
mpz_set_str(b, len, 10);
fcipher = fopen("./cipher/copy1/output5.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher1->c, len, 10);
fclose(fcipher);
fcipher = fopen("./cipher/copy1/output6.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher2->c, len, 10);
fclose(fcipher);
paillier_mul(pub, cipher2, cipher2, cipher1);
plain1 = paillier_dec(plain1, pub, priv, cipher2);
//tag
mpz_t an;
mpz_init(an);
mpz_init(nsquare);
// mpz_mul(an, a, pub_n);
mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, plain1->m);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig1, temp_pow, secret_key);
element_printf("\n signature of plain = %B\n", sig1);
//mpz_mul(an, b, pub_n);
// mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, b);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig2, temp_pow, secret_key);
element_printf("\n signature of b = %B\n", sig2);
//element_printf("\nb = %Zd\n", b);
fclose(fplain);
mpz_add(a, a, b);
// mpz_mod(a, a, pub_n);
// mpz_mul(a, a, pub_n);
// mpz_mod(a, a, nsquare);
count = 2;
element_pow_mpz(temp_pow,u, a);
mpz_set_ui(data2, count);
// itoa(count, len, 10);+
//element_printf(" \nh = %B\n", h);
element_pow_mpz(h, h, data2);
element_mul(temp_pow, temp_pow, h);
//element_printf("\n h. u^bN = %B\n", temp_pow);
element_pow_zn(sig3, temp_pow, secret_key);
element_printf("\n sig 3 %B\n", sig3);
element_mul(g2, g2, g1);
element_printf("\n Direct Product %B\n", g2);
element_mul(sig2, sig1, sig2);
element_printf("\n Direct Product %B\n", sig2);
return 0;
}
int main() {
// declaring pairing parameters
pairing_t p;
pairing_init_set_str(p, param_str);
FILE *pf;
// declaring elements
element_t C, g1, g2, g3;
// element_init_G1(C, p);
element_init_G1(g1, p);
element_init_G1(g2, p);
char *len;
len = (char *) malloc(1000*sizeof(char));
//element_init_G1(g3, p);
pf = fopen("comp.txt", "r");
fgets(len, 1000,pf);
element_set_str(g1, len, 10);
fclose(pf);
element_printf("g1 = %B\n\n", g1);
pf = fopen("comp1.txt", "r");
fgets(len, 1000,pf);
element_set_str(g2, len, 10);
fclose(pf);
element_printf("g2 = %B\n\n", g2);
element_mul(g2, g2, g1);
element_printf("prod = %B\n\n", g2);
///element_t a, b;
//element_init_Zr(a, p);
//element_init_Zr(b, p);
//int i;
// for(i = 0; i < 10; i++) {
// randomizing elements
// element_random(g1);
// element_random(g2);
// element_random(g3);
//element_random(a);
//element_random(b);
// g1 <- g1 ^ a
//element_pow_zn(g1, g1, a);
// g2 <- g2 ^ b
//element_pow_zn(g2, g2, b);
// C <- g1^a * g2^b
//element_mul(C, g1, g2);
// C <- g1^a * g2^b * g3
//element_mul(C, C, g3);
/*
element_printf("g1 = %B\n", g1);
element_printf("g2 = %B\n", g2);
char buf1[element_length_in_bytes(g1)], buf2[element_length_in_bytes(g2)];
element_to_bytes(buf1, g1);
element_to_bytes(buf2, g2);
pf = fopen("comp.txt", "w");
element_fprintf(pf, "%s", buf1);
fclose(pf);
pf = fopen("comp1.txt", "w");
element_fprintf(pf, "%s", buf2);
fclose(pf);
element_mul(g2, g2, g1);
element_printf("prod = %B\n", g2);
// element_from_bytes(C, buf);
//element_printf("C = %B\n\n", C);
// }
*/
// element_clear(C);
element_clear(g1);
// element_clear(g2);
//element_clear(g3);
//element_clear(a);
//element_clear(b);
pairing_clear(p);
return 0;
}
