void CipherText::langrange(element_t* ys, int index, int k, int num){
element_t delta;
element_t numerator;
element_t denominator;
element_t temp;
element_init_Zr(delta, *(this->p));
element_init_Zr(numerator, *(this->p));
element_init_Zr(denominator, *(this->p));
element_init_Zr(temp, *(this->p));
element_init_Zr(ys[index], *(this->p));
element_set0(ys[index]);
int i, j;
for(i = 0; i < k; i++){
//compute the langrange coefficent l
element_set1(delta);
for(j = 0; j < k; j++){
if( j != i){
element_set_si(numerator, index - j);
element_set_si(denominator, i - j);
element_div(numerator, numerator, denominator);
element_mul(delta, delta, numerator);
}
}
element_mul(temp, ys[i], delta);
element_add(ys[index], ys[index], temp);
}
}
// GROUP MANAGER INIT - group key generation part1
void xsgs_gm_gen(XSGS_PUBLIC_KEY* gpk, XSGS_ISSUER_KEY* ik, pbc_param_ptr param) {
// 1. generate prime p, pairing group G1, G2, GT, e and a hash function H: {0,1}* -> Zp
gpk->param = param;
gpk->pairing = (pairing_ptr) malloc(sizeof(pairing_t));
pairing_init_pbc_param(gpk->pairing, gpk->param);
// 2. select a generator G2 e group 2 at random
element_init_G2(gpk->G2, gpk->pairing);
element_random(gpk->G2);
// and select a generator G1 e group 1 at random (G1 <- psi(G2) not applicable)
element_init_G1(gpk->G1, gpk->pairing);
element_random(gpk->G1);
// 3. choose gamma e Zp* at random and set ik = gamma
element_init_Zr(ik->gamma, gpk->pairing);
element_random(ik->gamma);
// 4. select K e Group1
element_init_G1(gpk->K, gpk->pairing);
element_random(gpk->K);
// and W = G2^gamma (e Group2)
element_init_G2(gpk->W, gpk->pairing);
element_pow_naf(gpk->W, gpk->G2, ik->gamma);
return;
}
int main(int argc,char** argv)
{
/*
arg1 : ID
*/
if(argc < 2)
{
showUsage();
exit(0);
}
pairing_t pairing;
element_t s,Sa,Qa;
pairing_from_file(pairing,"globalParam/pairingParam");
element_init_G1(Sa,pairing);
element_init_G1(Qa,pairing);
element_init_Zr(s,pairing);
element_from_file(s,"masterKey/s");
element_from_hash(Qa,argv[1],strlen(argv[1]));
element_mul_zn(Sa,Qa,s);
char loc[100] = "privateKey/";
strcat(loc,argv[1]);
strcat(loc,".priv");
element_to_file(Sa,loc);
return 0;
}
void H_A(element_t* out, public_key pk) {
element_init_Zr(*out, pairing);
int len = (pk.level + 1) * sizeof(unsigned int) / sizeof(char);
unsigned char o[MD5_DIGEST_LENGTH];
MD5((unsigned char*) pk.ID_tuple, len, o);
element_from_hash(*out, (unsigned char*) o, MD5_DIGEST_LENGTH);
}
void CipherText::compute_node(element_t& v, Node* node){//v amounts to s
if(node->getType() == LEAF){
Leaf* leaf = (Leaf*)node;
leaf->compute(&v, this->pub, this->p);
// printf("leaf: %d, %d, computed\n", leaf->getK(), leaf->getNum());
} else if (node->getType() == INTERNAL_NODE){
InternalNode* internalNode = (InternalNode*)node;
int num = internalNode->getNum();
int k = internalNode->getK();
Node** sons = internalNode->getSons();//??
// printf("internal Node: %d, %d\n", k, num);
element_t* ys = (element_t*)malloc(sizeof(element_t) * (num + 1));
element_init_Zr(ys[0], *(this->p));
element_set(ys[0], v); //set ys[0] to v
computePoints(ys, k, num); //compute other num point,
int i = 1;
for (i = 1; i <= num; i++){
compute_node(ys[i], sons[i - 1]);
}
}
}
void Hmki(element_t* out, public_key pk, element_t* key) {
// pk and key check
element_init_Zr(*out, pairing);
int len = (pk.level + 1) * sizeof(unsigned int) / sizeof(char);
element_t x;
element_init_G1(x,pairing);
element_from_hash(x, pk.ID_tuple, len);
len = element_length_in_bytes(x);
unsigned char* str = (unsigned char* ) malloc(len);
element_to_bytes(str, x);
int len1 = element_length_in_bytes(*key);
unsigned char* key_str = (unsigned char*) malloc(len1);
element_to_bytes(key_str, *key);
unsigned char* sum = (unsigned char*) malloc(len1 + len);
memcpy(sum, str, len);
memcpy(sum + len, key_str, len1);
element_clear(x);
free(str);
free(key_str);
unsigned char o[MD5_DIGEST_LENGTH + 1];
MD5(sum, len + len1, o);
o[MD5_DIGEST_LENGTH] = '\0';
element_from_hash(*out, o, MD5_DIGEST_LENGTH);
/////////////////////////
}
// OPENER INIT - group key generation part 2
void xsgs_opener_gen(XSGS_PUBLIC_KEY* gpk, XSGS_OPENER_KEY* ok) {
pairing_ptr pairing = gpk->pairing;
// 1. choose xi1, xi2 e Zp at random
element_init_Zr(ok->xi1, pairing);
element_random(ok->xi1);
element_init_Zr(ok->xi2, pairing);
element_random(ok->xi2);
// 2. set H = K^xi1 and G = K^xi2
element_init_G1(gpk->H, pairing);
element_pow_naf(gpk->H, gpk->K, ok->xi1);
element_init_G1(gpk->G, pairing);
element_pow_naf(gpk->G, gpk->K, ok->xi2);
return;
}
void consumerShares(signed long int *codeword){
pairing_t pairing;
element_t g, r, a, e_g_g, share;
char *argv = "./param/a.param";
char s[16384];
signed long int temp_share;
FILE *fp = stdin;
fp = fopen(argv, "r");
if (!fp)
pbc_die("error opening %s\n", argv);
size_t count = fread(s, 1, 16384, fp);
if(!count)
pbc_die("read parameter failure\n");
fclose(fp);
if(pairing_init_set_buf(pairing, s, count))
pbc_die("pairing init failed\n");
if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n");
element_init_G1(g, pairing);
element_init_Zr(r, pairing);
element_init_Zr(a, pairing);
element_init_Zr(share, pairing);
element_init_GT(e_g_g, pairing);
//find the generator of the group
element_set(g, ((curve_data_ptr)((a_pairing_data_ptr)
pairing->data)->Eq->data)->gen);
element_random(r);
element_random(a);
//compute e(g, g)
element_pairing(e_g_g, g, g);
//compute e(g, g)^r
element_pow_zn(e_g_g, e_g_g, r);
//compute e(g,g)^ra
element_pow_zn(e_g_g, e_g_g, a);
temp_share = codeword[0];
//transfer signed long int type ecret shares to an element_t type before we do the power of
//e_g_g
element_set_si(share, temp_share);
element_pow_zn(e_g_g, e_g_g, share);
}
void BroadcastKEM_using_product(global_broadcast_params_t gbp,
broadcast_system_t sys,
ct_t myct, element_t key)
{
if(!gbp) {
printf("ACK! You gave me no broadcast params! I die.\n");
return;
}
if(!sys) {
printf("ACK! You gave me no broadcast system! I die.\n");
return;
}
if(!myct) {
printf("ACK! No struct to store return vals! I die.\n");
return;
}
element_t t;
element_init_Zr(t, gbp->pairing);
element_random(t);
element_init(key, gbp->pairing->GT);
element_init(myct->C0, gbp->pairing->G2);
element_init(myct->C1, gbp->pairing->G1);
//COMPUTE K
element_pairing(key, gbp->gs[gbp->num_users-1], gbp->gs[0]);
element_pow_zn(key, key, t);
//COMPUTE C0
element_pow_zn(myct->C0, gbp->g, t);
//COMPUTE C1
if(DEBUG && 0) {
printf("\npub_key = ");
element_out_str(stdout, 0, sys->pub_key);
printf("\nencr_prod = ");
element_out_str(stdout, 0, sys->encr_prod);
}
element_mul(myct->C1, sys->pub_key, sys->encr_prod);
if(DEBUG && 0) {
printf("\npub_key = ");
element_out_str(stdout, 0, sys->pub_key);
printf("\nencr_prod = ");
element_out_str(stdout, 0, sys->encr_prod);
printf("\nhdr_c1 = ");
element_out_str(stdout, 0, myct->C1);
printf("\n");
}
element_pow_zn(myct->C1, myct->C1, t);
element_clear(t);
}
void CipherText::computePoints(element_t* ys, int k, int num){
int i = 1;
//select k - 1 random points in polynomial curve. Positions are (1, random1),(2, random2) ... (k - 1, random(k - 1))
for (i = 1; i < k ; i++){
element_init_Zr(ys[i], *(this->p));
element_random(ys[i]);
}
//compute other num -k + 1 points
for( i = k; i <= num; i ++){
langrange(ys, i, k, num);
}
}
int BCESetup(byte *curve_file_name, int num_user, byte *sys_params_path, byte * global_params_path, byte *sys_priv_key_out)
{
global_broadcast_params_t gbs;
broadcast_system_t sys;
//char recip[num_user / NUM_USER_DIVISOR];
char *recip;
element_t sys_priv_key;
if (curve_file_name == NULL)
return 1;
if (num_user % NUM_USER_DIVISOR != 0)
return 2;
if (sys_params_path == NULL)
return 3;
if (global_params_path == NULL)
return 4;
if (sys_priv_key_out == NULL)
return 5;
Setup_global_broadcast_params(&gbs, num_user, (char *) curve_file_name);
Gen_broadcast_system(gbs, &sys);
recip = (char *) malloc(num_user / NUM_USER_DIVISOR);
memset(recip, BIT_VECTOR_UNIT_VALUE, num_user / NUM_USER_DIVISOR);
Gen_encr_prod_from_bitvec(gbs, sys, recip);
StoreParams((char *) sys_params_path, gbs, sys);
StoreGlobalParams((char *) global_params_path, gbs);
element_init_Zr(sys_priv_key, gbs->pairing);
element_set(sys_priv_key, sys->priv_key);
element_to_bytes(sys_priv_key_out, sys_priv_key);
memset(recip, BIT_VECTOR_CLEAR_UNIT_VALUE, num_user / NUM_USER_DIVISOR);
free(recip);
element_random(sys_priv_key);
element_clear(sys_priv_key);
FreeBCS(sys);
pbc_free(sys);
FreeGBP(gbs);
pbc_free(gbs);
return 0;
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
char m[80]={0};
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
printf("Enter the message to be encrypted : ");
gets(m);
size_t len_m = sizeof(m);
unsigned char hash[30];
SHA1(m, len_m, hash);
printf("The hash is : %s", hash);
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
element_printf("The public key is %B\n", public_key);
element_from_hash(h, hash, 30);
element_pow_zn(sig, h, secret_key);
pairing_apply(temp1, sig, g, pairing);
pairing_apply(temp2, h, public_key, pairing);
if(!element_cmp(temp1, temp2)){
printf("\nVerified\n");}
else{
printf("\nNot verified\n");
}
}
//Called in file encryption function to generate C0,C1,C0',C1' and EK
//returns CT,EK
void EK_CT_generate(char *gamma, int *shared_users, int num_users, unsigned char *pps, ct CT, element_t EK, char *t_str)
{
global_broadcast_params_t gbs;
element_t t;
int j;
//Global Setup of gbs params
setup_global_broadcast_params(&gbs, pps);
element_set_str(gbs->gamma, gamma, PBC_CONVERT_BASE); //it is important to set user gamma here else a random value will be used
//pick a random value of t from Zr
element_init_Zr(t, gbs->pairing);
element_random(t);
element_snprint(t_str,MAX_ELEMENT_LEN,t);
//compute C0=g^t
element_init(CT->OC0, gbs->pairing->G1);
element_pow_zn(CT->OC0, gbs->g, t);
//compute C1=(g^gamma)x(g[num_users+1-j]) for j in all shared users
element_init(CT->OC1, gbs->pairing->G1);
element_pow_zn(CT->OC1, gbs->g, gbs->gamma); //at this step C1 = g^gamma = v as given in paper
for(j=0;j<num_users;j++)
element_mul(CT->OC1, CT->OC1, gbs->gs[(gbs->num_users)-shared_users[j]]);
element_pow_zn(CT->OC1, CT->OC1, t);
//Duplicate C0'=C0
element_init(CT->C0, gbs->pairing->G1);
element_set(CT->C0,CT->OC0);
//Duplicate C1'=C1
element_init(CT->C1, gbs->pairing->G1);
element_set(CT->C1,CT->OC1);
//COMPUTE EK = e(g[n], g[1])^(t)
element_init(EK, gbs->pairing->GT);
element_pairing(EK, gbs->gs[0],gbs->gs[gbs->num_users-1]); //at this step EK = e(g[1],g[n])
element_pow_zn(EK,EK,t); //EK = e(g[1],g[n])^t
//free the memory for global broadcast params
element_clear(t);
FreeGBP(gbs);
return;
}
void setup_global_broadcast_params(global_broadcast_params_t *sys, int num_users)
{
global_broadcast_params_t gbs;
gbs = pbc_malloc(sizeof(struct global_broadcast_params_s));
// Setup curve in gbp
size_t count = strlen(PBC_PAIRING_PARAMS);
if (!count) pbc_die("input error");
if (pairing_init_set_buf(gbs->pairing, PBC_PAIRING_PARAMS, count))
pbc_die("pairing init failed");
gbs->num_users = num_users;
element_t *lgs;
int i;
lgs = pbc_malloc(2 * num_users * sizeof(element_t));
if(!(lgs)) {
printf("\nMalloc Failed\n");
printf("Didn't finish system setup\n\n");
}
//Set g as a chosen public value
element_init(gbs->g, gbs->pairing->G1);
i=element_set_str(gbs->g, PUBLIC_G, PBC_CONVERT_BASE);
//Get alpha from Zp as mentioned in the paper
element_init_Zr(gbs->alpha, gbs->pairing);
element_random(gbs->alpha); //pick random alpha value and later delete from memory
//i=element_set_str(gbs->alpha, PRIVATE_ALPHA, PBC_CONVERT_BASE); //alpha is initialised as secret and later removed from memory
//Make the 0th element equal to g^alpha
element_init(lgs[0], gbs->pairing->G1);
element_pow_zn(lgs[0],gbs->g, gbs->alpha);
//Fill in the gs and the hs arrays
for(i = 1; i < 2*num_users; i++) {
//raise alpha to one more power
element_init(lgs[i], gbs->pairing->G1);
element_pow_zn(lgs[i], lgs[i-1], gbs->alpha);
}
element_clear(lgs[num_users]); //remove g^(alpha^(n+1)) as it can leak info about parameters
//For simplicity & so code was easy to read
gbs->gs = lgs;
*sys = gbs;
}
//This function sets the global broadcast parameters downloaded as a file from the server
//Sets up the gamma value, dont forget to randomize gamma and store locally later please
void setup_global_broadcast_params(global_broadcast_params_t *sys,
unsigned char* gbs_header)
{
global_broadcast_params_t gbs;
gbs = pbc_malloc(sizeof(struct global_broadcast_params_s));
// Setup curve in gbp
size_t count = strlen(PBC_PAIRING_PARAMS);
if (pairing_init_set_buf(gbs->pairing, PBC_PAIRING_PARAMS, count))
pbc_die("pairing init failed");
int num_users;
memcpy(&num_users, gbs_header, 4);
gbs->num_users = num_users;
gbs_header= gbs_header+4;
element_t *lgs;
int i;
lgs = pbc_malloc(2 * num_users * sizeof(element_t));
//generate g from the file contents
element_init(gbs->g, gbs->pairing->G1);
gbs_header += in(gbs->g, gbs_header);
//Fill in the gi values in lgs[]
for(i = 0; i < 2*num_users; i++) {
element_init(lgs[i], gbs->pairing->G1);
if(i == num_users)
continue;
gbs_header += in(lgs[i], gbs_header);
}
element_init_Zr(gbs->gamma, gbs->pairing); //initialise gamma
element_random(gbs->gamma); //pick random value of gamma
//For simplicity & so code was easy to read
gbs->gs = lgs;
*sys = gbs;
return;
}
Manager::Manager()
{
pairing_init_set_str(pairing, _PAIRING_PARAM_);
//init public key
element_init_G1(g, pairing);
element_init_GT(gt, pairing);
element_init_G1(X, pairing);
element_init_G1(Y, pairing);
element_init_GT(h, pairing);
element_init_GT(y1, pairing);
element_init_GT(y2, pairing);
element_init_GT(y3, pairing);
//init issuer key
element_init_Zr(x, pairing);
element_init_Zr(y, pairing);
//init open key
element_init_Zr(x1, pairing);
element_init_Zr(x2, pairing);
element_init_Zr(x3, pairing);
element_init_Zr(x4, pairing);
element_init_Zr(x5, pairing);
}
CipherText::CipherText(Policy* policy, element_t* m, PubParam* pub, pairing_t* p){
this->pub = pub;
this->p = p;
this->m = m;
this->policy = policy;
//init random s
this->s = (element_t*)malloc(sizeof(element_t));
element_init_Zr(*(this->s),*(this->p));
element_random(*(this->s));
// printf("excute before init_c1\n");
//init c1
init_c1();
// printf("ciphertext::init_c1() ok\n");
//init c0
init_c0();
// printf("ciphertext::init_c0() ok\n");
apply_policy();
printf("ciphertext: apply_policy ok\n");
}
int main(int argc, char **argv) {
pairing_t pairing;
double time1, time2;
element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
element_init_G1(P, pairing);
element_init_G1(t1, pairing);
element_init_G1(t2, pairing);
element_init_G1(t3, pairing);
element_init_Zr(a, pairing);
element_init_Zr(b, pairing);
element_init_Zr(c, pairing);
element_init_GT(t4, pairing);
element_init_GT(t5, pairing);
element_init_GT(t6, pairing);
element_init_GT(Ka, pairing);
element_init_GT(Kb, pairing);
element_init_GT(Kc, pairing);
time1 = pbc_get_time();
printf("Joux key agreement between A, B and C.\n");
element_random(P);
element_random(a);
element_random(b);
element_random(c);
element_mul_zn(t1, P, a);
printf("A sends B and C: aP\n");
element_printf("aP = %B\n", t1);
element_mul_zn(t2, P, b);
printf("B sends A and C: bP\n");
element_printf("bP = %B\n", t2);
element_mul_zn(t3, P, c);
printf("C sends A and B: cP\n");
element_printf("cP = %B\n", t3);
element_pairing(t4, t2, t3);
element_pow_zn(Ka, t4, a);
element_printf("Ka = %B\n", Ka);
element_pairing(t5, t1, t3);
element_pow_zn(Kb, t5, b);
element_printf("Kb = %B\n", Kb);
element_pairing(t6, t1, t2);
element_pow_zn(Kc, t6, c);
element_printf("Kc = %B\n", Kc);
printf("Shared key K = Ka = Kb = Kc\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(Ka);
element_clear(Kb);
element_clear(Kc);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
element_clear(t5);
element_clear(t6);
pairing_clear(pairing);
return 0;
}
/*
* Initializes an exponent element of Zr to an empty value. Works with all groups
* @param elem - the element to be initialized
* EXP ELEMENT MEANS THIS ELEMENT WILL ONLY BE USED AS AN EXPONENT
*/
void BilinearMappingHandler::initEmptyExpElement(memberElement& elem)
{
element_init_Zr(elem, pairing);
}//end of initEmptyExpElementFromG1()
bool Manager::Verification(string signature, char*mes, int len_mes)
{
//compare variables
bool cmp_value_1=0;
bool cmp_value_2=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t c_H;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
//init
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(H, pairing);
element_init_Zr(c_H, pairing);
SignatureFromString(signature, c_H,Sp,Sm,Sv,T1,T2,T3,T4,T5,T6,T7);
//heshing
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//compute R1'
element_t tmp_1;
element_t tmp_2;
element_t tmp_3;
element_t R1_;
element_init_GT(R1_, pairing);
element_init_GT(tmp_1, pairing);
element_init_GT(tmp_2, pairing);
element_init_GT(tmp_3, pairing);
element_pairing(tmp_1, g, T7);
element_pow_zn(tmp_2, tmp_1, Sp);
element_pairing(tmp_1, X, T6);
element_pow_zn(tmp_3, tmp_1, Sm);
element_div(R1_, tmp_2, tmp_3);
element_pairing(tmp_3, X, T5);
element_pow_zn(tmp_3, tmp_3, c_H);
element_div(R1_, R1_, tmp_3);
//compute R2'
element_t R2_;
element_init_GT(R2_, pairing);
element_pow_zn(R2_, gt, Sv);
element_pow_zn(tmp_1, T1, c_H);
element_div(R2_, R2_, tmp_1);
//compute R3'
element_t R3_;
element_init_GT(R3_, pairing);
element_pow_zn(tmp_1, h, Sv);
element_pow_zn(tmp_2, T2, c_H);
element_sub(R3_, tmp_1, tmp_2);
//compute R4'
element_t R4_;
element_init_GT(R4_, pairing);
element_pow_zn(tmp_1, y1, Sv);
element_pow_zn(tmp_2, gt, Sm);
element_mul(tmp_3, tmp_1, tmp_2);
element_pow_zn(tmp_1,T3, c_H);
element_sub(R4_, tmp_3, tmp_1);
//compute R5'
element_t R5_;
element_init_GT(R5_, pairing);
element_t tmp_pow;
element_init_Zr(tmp_pow, pairing);
element_t tmp_div;
element_init_GT(tmp_div, pairing);
element_pow_zn(R5_, y2, Sv);
element_pow_zn(tmp_div,y3,H);
element_pow_zn(tmp_div,tmp_div,Sv);
element_mul(R5_,R5_,tmp_div);
element_pow_zn(tmp_div,T4, c_H);
element_div(R5_, R5_, tmp_div);
//check c_H == c_H'
element_t check_c_H;
element_init_Zr(check_c_H, pairing);
Helper::Hash_C(check_c_H,R1_,R2_,R3_,R4_,R5_,g,gt,X,Y,h,y1,y2,y3,mes,len_mes);
//check e(T 5 , Y ) == e(g, T 6 )
element_t check_1;
element_init_GT(check_1, pairing);
element_t check_2;
element_init_GT(check_2, pairing);
element_pairing(check_1, T5,Y);
element_pairing(check_2, g,T6);
//cmp_value_1
cmp_value_1=element_cmp(check_c_H,c_H);//0==ok
//cmp_value_2
cmp_value_2=element_cmp(check_1,check_2);//0==ok
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(H);
element_clear(c_H);
element_clear(R1_);
element_clear(R2_);
element_clear(R3_);
element_clear(R4_);
element_clear(R5_);
element_clear(tmp_1);
element_clear(tmp_2);
element_clear(tmp_3);
element_clear(tmp_pow);
element_clear(tmp_div);
element_clear(check_c_H);
element_clear(check_1);
element_clear(check_2);
if(cmp_value_1||cmp_value_2)
return 0;
else
return 1;
}
void Manager::KeyGeneration(string & PK, string & IK, string & OK)
{
element_t gt_new;
element_t g_new;
element_t X_new;
element_t Y_new;
element_t h_new;
element_t y1_new;
element_t y2_new;
element_t y3_new;
//issuer secret
element_t x_new;
element_t y_new;
//open secret
element_t x1_new;
element_t x2_new;
element_t x3_new;
element_t x4_new;
element_t x5_new;
//init public key
element_init_G1(g_new, pairing);
element_init_GT(gt_new, pairing);
element_init_G1(X_new, pairing);
element_init_G1(Y_new, pairing);
element_init_GT(h_new, pairing);
element_init_GT(y1_new, pairing);
element_init_GT(y2_new, pairing);
element_init_GT(y3_new, pairing);
//init issuer key
element_init_Zr(x_new, pairing);
element_init_Zr(y_new, pairing);
//init open key
element_init_Zr(x1_new, pairing);
element_init_Zr(x2_new, pairing);
element_init_Zr(x3_new, pairing);
element_init_Zr(x4_new, pairing);
element_init_Zr(x5_new, pairing);
//set tmp variables
element_t temp_y1;
element_t temp_y2;
element_init_GT(temp_y1, pairing);
element_init_GT(temp_y2, pairing);
//generate system parameters
element_random(g_new);
element_pairing(gt_new,g_new,g_new);
//generate private keys of group manager
element_random(x_new);
element_random(y_new);
//compute X Y
element_pow_zn(X_new,g_new,x_new);
element_pow_zn(Y_new,g_new,y_new);
//generate h != 1
do
{
element_random(h_new);
}
while(element_is1(h_new));
//rand of secret set x1...x5
element_random(x1_new);
element_random(x2_new);
element_random(x3_new);
element_random(x4_new);
element_random(x5_new);
//compute y1
element_pow_zn(temp_y1,gt_new,x1_new);
element_pow_zn(temp_y2,h_new,x2_new);
element_mul(y1_new,temp_y1,temp_y2);
//compute y2
element_pow_zn(temp_y1,gt_new,x3_new);
element_pow_zn(temp_y2,h_new,x4_new);
element_mul(y2_new,temp_y1,temp_y2);
//compute y3
element_pow_zn(y3_new,gt_new,x5_new);
//Write keys
PK=GroupPublicKeyToString(g_new, gt_new, X_new, Y_new, h_new, y1_new, y2_new, y3_new);
IK=SecretIssuerKeyToString(x_new,y_new);
OK=SecretOpenKeyToString(x1_new,x2_new,x3_new,x4_new,x5_new);
//clear elements
//clear public key
element_clear(g_new);
element_clear(gt_new);
element_clear(X_new);
element_clear(Y_new);
element_clear(h_new);
element_clear(y1_new);
element_clear(y2_new);
element_clear(y3_new);
//clear issuer key
element_clear(x_new);
element_clear(y_new);
//clear open key
element_clear(x1_new);
element_clear(x2_new);
element_clear(x3_new);
element_clear(x4_new);
element_clear(x5_new);
//clear tmps
element_clear(temp_y1);
element_clear(temp_y2);
}
int Manager::Open(string sign, char*mes, int len_mes)
{
int ret;
if(Verification(sign, mes, len_mes)!=true)
return -1;
//compare variable
bool cmp_var=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
element_t c_H;
element_t tmp_pow;
element_t check_T4;
element_t tmp_T2;
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(H, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(c_H, pairing);
element_init_Zr(tmp_pow, pairing);
element_init_GT(check_T4, pairing);
element_init_GT(tmp_T2, pairing);
//read sign
SignatureFromString(sign, c_H, Sp, Sm, Sv, T1, T2, T3, T4, T5, T6, T7);
//add verify sign
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//T4 check
element_mul(tmp_pow, x5,H);
element_add(tmp_pow, tmp_pow,x3);
element_pow_zn(check_T4, T1, tmp_pow);
element_pow_zn(tmp_T2, T2, x4);
element_mul(check_T4, check_T4,tmp_T2);
cmp_var=element_cmp(check_T4,T4);//0==ok
//compute Pi2
element_t check_Pi2;
element_init_GT(check_Pi2, pairing);
element_pow_zn(tmp_T2, T1, x1);
element_pow_zn(check_Pi2, T2, x2);
element_mul(tmp_T2, tmp_T2,check_Pi2);
element_div(check_Pi2, T3,tmp_T2);
//find Pi2 in reg list
if(cmp_var)
ret=-1;
else
ret=SearchInRegistrationList(check_Pi2);
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(H);
element_clear(c_H);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(tmp_pow);
element_clear(check_T4);
element_clear(tmp_T2);
return ret;
}
int main(void){
pairing_t pairing;
element_t g, h, f, beta, beta_inverse;
char s[16384];
signed long int temp_share;
FILE *fp = stdin;
fp = fopen("../public/a.param", "r");
if (!fp)
pbc_die("error opening parameter file", "r");
size_t count = fread(s, 1, 16384, fp);
if(!count)
pbc_die("read parameter failure\n");
fclose(fp);
if(pairing_init_set_buf(pairing, s, count))
pbc_die("pairing init failed\n");
if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n");
element_init_G1(g, pairing);
element_init_G1(h, pairing);
element_init_G1(f, pairing);
element_init_Zr(beta, pairing);
element_init_Zr(beta_inverse, pairing);
//(G1, g, h, f) is the public key of authorizer
//find the generator of the group
element_set(g, ((curve_data_ptr)((a_pairing_data_ptr)\
pairing->data)->Eq->data)->gen);
element_random(beta);
element_invert(beta_inverse, beta);
//h = g^beta
element_pow_zn(h, g, beta);
//f = g^(1/beta)
element_pow_zn(f, g, beta_inverse);
fp = NULL;
fp = fopen("./authorizer_public_keys.txt", "w+");
if(!fp)
pbc_die("error creating public key files");
else{
fprintf(fp, "g:");
element_out_str(fp, 10, g);
fprintf(fp, "\n\nh:");
element_out_str(fp, 10, h);
fprintf(fp, "\n\nf:");
element_out_str(fp, 10, f);
fclose(fp);
}
fp = fopen("./authorizer_secret_key.txt", "w+");
if(!fp)
pbc_die("error creating secret key files");
else{
fprintf(fp, "beta:");
element_out_str(fp, 10, beta);
}
element_clear(g);
element_clear(h);
element_clear(f);
element_clear(beta);
element_clear(beta_inverse);
return 1;
}
void wSetup(char *string,int attrNo,pairing_t *pairing, MSP *msp){
int count = 0;//the index of the attribute array
/*
if(!strcmp(string,"ordinary")){
setupOrdinaryPairing(pairing);//setup pairing first
printf("Use ordinary curve...\n");
}else if(!strcmp(string,"singular")){
setupSingularPairing(pairing);//setup pairing first
printf("Use singular curve...\n");
}else{
fprintf(stderr,"Wrong input arguments!");
fprintf(stderr,"Please input <./wAbe><sinuglar> or <./wAbe><ordinary>\n");
}
*/
element_t g;//the generator of G
element_init_G2(g,*pairing);//initial the generator g
element_random(g);
/* initial the random group elements h_1...h_attrNo
which belog to G and are associated with the attrNo
attributes in the system.
*/
element_t h;
element_init_G2(h,*pairing);
//initial the h
element_t alpha;
element_t a;
//initial the alpha and a in Z_p
element_init_Zr(alpha,*pairing);
element_init_Zr(a,*pairing);
element_random(alpha);
element_random(a);
//public key e(g,g)^alpha
element_t pubKey;
element_t gAlpha;
element_t gA;
element_init_GT(pubKey,*pairing);//initial the publicKey
element_init_G2(gAlpha,*pairing);//initial the gAlpha
element_init_G2(gA,*pairing);//initial the gA
element_pow_zn(gAlpha,g,alpha);//gAlpha=g^alpha
element_pow_zn(gA,g,a);//gA=g^a
weilPairing(&pubKey,g,gAlpha,*pairing);//publicKey = e(g,g^alpha) = e(g,g)^alpha
//Master secret key
element_t msk;
element_init_G2(msk,*pairing);
element_set(msk,gAlpha);//msk = g^alpha
//write the master key and public key to file
FILE* fG = fopen("publicKey/g.key","w");//file pointer to the public key g
FILE* fGA = fopen("publicKey/gA.key","w");//file pointer to the public key gA
FILE* fPub = fopen("publicKey/eGG.key","w");//file pointer to the public key e(g,gALPHA)
FILE* fH;//file pointer the the attribute key
FILE* fMsk = fopen("MSK/msk.key","w");//file pointer to the master key
element_fprintf(fG,"%B\n",g);
element_fprintf(fPub,"%B\n",pubKey);
element_fprintf(fGA,"%B\n",gA);
count = 0;
char hCmd[100];//the command line for the pointer of FILE* fH
char attrName[2];//the name of attribute
memset(hCmd,'\0',100);
memset(attrName,'\0',2);
strcpy(hCmd,"publicKey/h");
while(count!=attrNo){
sprintf(attrName,"%c",msp->label[count]);
strcat(hCmd,attrName);
strcat(hCmd,".key");
fH = fopen(hCmd,"w");
element_random(h);
element_fprintf(fH,"%B",h);
memset(hCmd,'\0',100);
strcpy(hCmd,"publicKey/h");
memset(attrName,'\0',2);
fclose(fH);
count++;
}
element_clear(h);
element_fprintf(fMsk,"%B\n",msk);
//close the file pointer and clear all the element
fclose(fG);
fclose(fGA);
fclose(fPub);
fclose(fMsk);
element_clear(g);
element_clear(a);
element_clear(alpha);
element_clear(gAlpha);
element_clear(gA);
element_clear(pubKey);
element_clear(msk);
}//end of setup
/**
* In this scheme every signer can aggregate a signature on a different message.
*
* This __cannot__ verify multiple messages from the same AS.
*
* We have __one__ signer -> __one__ message but as the message could be the same
* for every signer, we can aggregate on it.
*
* @param store here we insert all the messages and all the signers
* (as we __must__ verify every message of every signer)
*
* @return 0 if verify = success.
*
*/
int
pbgp_ibe_verify(setup_params_t *setup, ibe_signature_t *sign, store_t *store)
{
assert(sign && setup && store);
element_t sumID, sumCi, sumTot, Pubi0,
Pubi1, Pm, t1, p1, p2, e1, e2, ci;
pairing_pp_t pp1, pp2, pp3;
element_init_G1(sumID, setup->pairing);
element_init_G1(sumCi, setup->pairing);
element_init_G1(sumTot, setup->pairing);
element_init_G1(Pubi0, setup->pairing);
element_init_G1(Pubi1, setup->pairing);
element_init_G1(Pm, setup->pairing);
element_init_G1(t1, setup->pairing);
element_init_GT(p1, setup->pairing);
element_init_GT(p2, setup->pairing);
element_init_GT(e1, setup->pairing);
element_init_GT(e2, setup->pairing);
element_init_Zr(ci, setup->pairing);
element_set0(sumID);
element_set0(sumCi);
//
// For each ASNUM in the list
//
store_iterator_t *iterator = pbgp_store_iterator_open(store);
store_key_t key = STORE_KEY_INIT;
while (1)
{
uint32_t id = 0;
size_t ksize = 0, dsize = 0;
// This mess is to avoid __any__ malloc call >:/
int ret = pbgp_store_iterator_uget_next_size(iterator, &ksize, &dsize);
if (ret != 0) {
break ;
}
// compute key data size
ksize -= STORE_KEY_METADATA_LENGTH;
if (sizeof(id) != ksize) {
continue ;
}
// key buffer
unsigned char kbuf[ksize];
memset (kbuf, 0, ksize);
key.data = kbuf;
key.dsize = sizeof(kbuf);
// data buffer
unsigned char message[dsize];
memset (message, 0, dsize);
// get asnum + message
ret = pbgp_store_iterator_uget_next(iterator, &key, message, &dsize);
if (ret != 0) {
break ;
}
char id0[BUFSIZ],
id1[BUFSIZ];
memcpy(&id, kbuf, sizeof id);
_ibe_get_id_pair(id, id0, sizeof (id0), id1, sizeof (id1));
//
// Computes public keys for this AS from its identity
//
unsigned char hash[EVP_MAX_MD_SIZE + 1];
// hash(id0)
memset(hash, 0, sizeof (hash));
_element_from_hash(Pubi0, hash, pbgp_rsa_uhash((unsigned char *) id0, strlen(id0), hash));
// hash(id1)
memset(hash, 0, sizeof (hash));
_element_from_hash(Pubi1, hash, pbgp_rsa_uhash((unsigned char *) id1, strlen(id1), hash));
// ci = hash(m)
memset(hash, 0, sizeof (hash));
element_from_hash(ci, hash, pbgp_rsa_uhash(message, dsize, hash));
// Computes sum(Pi_0) sum(ci * Pi_1)
element_mul_zn(t1, Pubi1, ci);
element_add(sumID, sumID, Pubi0);
element_add(sumCi, sumCi, t1);
}
pbgp_store_iterator_close(iterator);
element_add(sumTot, sumID, sumCi);
pairing_pp_init(pp1, sumTot, setup->pairing);
pairing_pp_init(pp2, sign->v, setup->pairing);
pairing_pp_init(pp3, sign->u, setup->pairing);
// e(Q = ibePub, sumTot)
pairing_pp_apply(p1, setup->ibePub, pp1);
// e(Tn = v, Pw)
pairing_pp_apply(p2, sign->w, pp2);
// e(Q = ibePub, sumTot) * e(Tn = v, Pw)
element_mul(e2, p1, p2);
// e(Sn = u, P)
pairing_pp_apply(e1, setup->g, pp3);
int rv = element_cmp(e1, e2);
pairing_pp_clear(pp1);
pairing_pp_clear(pp2);
pairing_pp_clear(pp3);
element_clear(sumID);
element_clear(sumCi);
element_clear(sumTot);
element_clear(t1);
element_clear(ci);
element_clear(Pubi0);
element_clear(Pubi1);
element_clear(Pm);
element_clear(p1);
element_clear(p2);
element_clear(e1);
element_clear(e2);
return rv;
}
int main(void)
{
pairing_t pairing;
char param[50000];
size_t count = fread(param, 1, 50000, stdin);
if (!count) pbc_die("input error");
pairing_init_set_buf(pairing, param, count);
// int cont = 0;
struct timeval tvBegin, tvEnd;
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
// Generating key
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
// Generating message
element_from_hash(h, "ABCDEF", 6);
element_pow_zn(sig, h, secret_key);
// RANDOM TESTS
/*
// Fp
element_t p1, p2;
element_init(p1, element_x(h)->field);
element_init(p2, p1->field);
element_random(p1);
element_random(p2);
// multiplication
element_t puntos[2000];
for(cont = 0; cont < 1000; cont++){
element_init(puntos[cont], element_x(h)->field);
element_init(puntos[2*cont], element_x(h)->field);
element_random(puntos[cont]);
element_random(puntos[2*cont]);
}
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++){
element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
//square
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// add
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_add(puntos[cont], puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// invers
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// Fpk
element_t q1, q2;
element_init_GT(q1, pairing);
element_init_GT(q2, pairing);
element_random(q1);
element_random(q2);
// multiplication
for(cont = 0; cont < 1000; cont++){
element_init_GT(puntos[cont], pairing);
element_init_GT(puntos[2*cont], pairing);
element_random(puntos[cont]);
element_random(puntos[2*cont]);
}
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) {
element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
//square
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// add
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++){
element_add(element_x(puntos[cont]), element_x(puntos[cont]), element_x(puntos[2*cont]));
element_add(element_y(puntos[cont]), element_y(puntos[cont]), element_y(puntos[2*cont]));
}
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// invers
gettimeofday(&tvBegin, NULL);
for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// CURVE OPERATIONS
element_t punto, punto2;
element_init(punto, h->field); element_random(punto);
element_init(punto2, h->field); element_random(punto2);
// add
gettimeofday(&tvBegin, NULL);
element_mul(punto, punto, punto2);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// double
gettimeofday(&tvBegin, NULL);
element_double(punto, punto2);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1);
// SIZE GROUP
int m = mpz_sizeinbase(pairing->r, 2) - 2;
printf("%i\n", m);
int contador = 0;
for(;;){
if(!m) break;
if(mpz_tstbit(pairing->r,m)) contador++;
m--;
}
printf("%i\n", contador);
*/
// One pairing
gettimeofday(&tvBegin, NULL);
eval_miller(temp1, sig, g, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
//print_contador();
// One pairing (with precomputed values)
// Original method
pairing_pp_t pp;
// Precomp
gettimeofday(&tvBegin, NULL);
pairing_pp_init(pp, sig, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
// Eval
gettimeofday(&tvBegin, NULL);
pairing_pp_apply(temp1, g, pp);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
pairing_pp_clear(pp);
void do_precomp(){
lpoly *list;
// precomputation
gettimeofday(&tvBegin, NULL);
list = lpoly_init();
precompute(list, pairing->r, sig, g);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
// DMAX
printf("%i\n", list->MAXD);
// eval
gettimeofday(&tvBegin, NULL);
compute_miller(temp2, list, g, pairing);
gettimeofday(&tvEnd, NULL);
timeval_subtract(&tvEnd, &tvBegin, 1000);
lpoly_free(list);
}
bool Manager::JoinMember(string request, string & respond)
{
//elements
element_t Pi1;
element_t Pi2;
element_t Sk;
element_t R;
element_init_G1(Pi1,pairing);
element_init_GT(Pi2, pairing);
element_init_Zr(Sk, pairing);
element_init_G1(R,pairing);
//read & check SoK
string hash;
string hash_check;
RequestFromString(request,hash,Sk,Pi1);
//check Pi1 is point of curve
if(element_item_count(Pi1)!=2)
{
element_clear(Pi1);
element_clear(Pi2);
element_clear(Sk);
element_clear(R);
return 1;//failure
}
element_t tmp1, tmp2;
element_t c_Hsok;
element_init_G1(tmp1, pairing);
element_init_G1(tmp2, pairing);
element_init_Zr(c_Hsok, pairing);
element_from_hash(c_Hsok,(void*)hash.c_str(),hash.length());
element_pow_zn(tmp1,g,Sk);
element_pow_zn(tmp2,Pi1,c_Hsok);
element_div(R,tmp1,tmp2);
hash_check=Helper::Hash_g_R(g,R);
if(hash.compare(hash_check))
{
element_clear(Pi1);
element_clear(Pi2);
element_clear(Sk);
element_clear(R);
element_clear(tmp1);
element_clear(tmp2);
element_clear(c_Hsok);
return 1;//failure
}
//generate r_issuer
element_t issuer_r;
element_init_Zr(issuer_r, pairing);
element_random(issuer_r);
//create a b c
element_t ai;
element_t bi;
element_t ci;
element_t temp_ci1;
element_t temp_ci2;
//init
element_init_G1(ai, pairing);
element_init_G1(bi, pairing);
element_init_G1(ci, pairing);
element_init_G1(temp_ci1, pairing);
element_init_G1(temp_ci2, pairing);
//compute ai bi ci
element_pow_zn(ai,g,issuer_r);//ai
element_pow_zn(bi,ai,y);//bi
element_pow_zn(temp_ci1,ai,x);
element_pow_zn(temp_ci2,Pi1,issuer_r);
element_pow_zn(temp_ci2,temp_ci2,x);
element_pow_zn(temp_ci2,temp_ci2,y);
element_mul(ci,temp_ci1,temp_ci2);//ci
//create RESPOND
respond=MemberSecretToString(ai,bi,ci);
//compute Pi2
element_pairing(Pi2,Pi1,g);
//Write_to_reg_list
AddToRegistrationList(Pi1, Pi2);
//clear elements
element_clear(issuer_r);
element_clear(Pi1);
element_clear(Pi2);
element_clear(temp_ci1);
element_clear(temp_ci2);
element_clear(tmp1);
element_clear(tmp2);
element_clear(c_Hsok);
element_clear(Sk);
element_clear(R);
element_clear(ai);
element_clear(bi);
element_clear(ci);
return 0;//success
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
double time1, time2;
element_t P, Ppub, x, S, H, t1, t2, t3, t4;
element_init_Zr(x, pairing);
element_init_Zr(H, pairing);
element_init_Zr(t1, pairing);
element_init_G1(S, pairing);
element_init_G1(P, pairing);
element_init_G1(Ppub, pairing);
element_init_G1(t2, pairing);
element_init_GT(t3, pairing);
element_init_GT(t4, pairing);
printf("ZSS short signature schema\n");
printf("KEYGEN\n");
time1 = pbc_get_time();
element_random(x);
element_random(P);
element_mul_zn(Ppub, P, x);
element_printf("P = %B\n", P);
element_printf("x = %B\n", x);
element_printf("Ppub = %B\n", Ppub);
printf("SIGN\n");
element_from_hash(H, "Message", 7);
element_add(t1, H, x);
element_invert(t1, t1);
element_mul_zn(S, P, t1);
printf("Signature of message \"Message\" is:\n");
element_printf("S = %B\n", S);
printf("VERIFY\n");
element_from_hash(H, "Message", 7);
element_mul_zn(t2, P, H);
element_add(t2, t2, Ppub);
element_pairing(t3, t2, S);
element_pairing(t4, P, P);
element_printf("e(H(m)P + Ppub, S) = %B\n", t3);
element_printf("e(P, P) = %B\n", t4);
if (!element_cmp(t3, t4)) printf("Signature is valid\n");
else printf("Signature is invalid\n");
time2 = pbc_get_time();
printf("All time = %fs\n", time2 - time1);
element_clear(P);
element_clear(Ppub);
element_clear(x);
element_clear(S);
element_clear(H);
element_clear(t1);
element_clear(t2);
element_clear(t3);
element_clear(t4);
pairing_clear(pairing);
return 0;
}
int main(int argc, char **argv) {
FILE *fpairing, *ftag, *fdata, *fresult, *fplain, *fkey, *fcipher, *fpub;
pairing_t pairing;
paillier_pubkey_t *pub;
paillier_prvkey_t *priv;
element_t g, h, u, sig1, sig2, sig3, temp_pow, m, g1, g2;
element_t public_key, tag, tag_prod;
element_t secret_key;
paillier_get_rand_t get_rand;
paillier_ciphertext_t *cipher1, *cipher2;
paillier_plaintext_t *plain1, *plain2;
mpz_t pub_n, a, b, data2, nsquare;
int count = 0, val=5;
pairing_init_set_str(pairing, param_str);
//mpz_init_set_str(data_sum, "0", 10);
plain1 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
plain2 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
cipher1 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
cipher2 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
//pbc_demo_pairing_init(pairing, argc, argv);
element_init_G1(g1, pairing);
element_init_G1(g2, pairing);
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(u, pairing);
element_init_G1(temp_pow, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(m, pairing);
element_init_G1(sig1, pairing);
element_init_G1(sig2, pairing);
element_init_G1(sig3, pairing);
element_init_G1(tag, pairing);
element_init_G1(tag_prod, pairing);
element_init_Zr(secret_key, pairing);
// mpz_init(pub_n);
char *len;
mpz_init(a);
mpz_init(b);
mpz_init(data2);
printf("Short signature test\n");
len = (char *)malloc(2048*sizeof(char));
if((fpub = fopen("pub.txt", "r")))
{
pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
mpz_init(pub->n_squared);
mpz_init(pub->n);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->p, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->q, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->n_plusone, len, 10);
//printf("value of nplusone : \n");
//mpz_out_str(stdout, 10, pub->n_plusone);
paillier_keygen(&pub, &priv, get_rand, 0);
pub->bits = mpz_sizeinbase(pub->n, 2);
fclose(fpub);
}
//setting already known pairing parameters
if((fpairing = fopen("pairing.txt", "r")))
{
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(g, len, 10);
//element_printf(" g = %B\n", g);
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(u, len, 10);
//element_printf("\n u= %B\n", u);
fgets(len, 1000, fpairing);
element_set_str(secret_key, len, 10);
//element_printf(" secretkey %B\n",secret_key);
fgets(len, 1000, fpairing);
element_set_str(public_key, len, 10);
//element_printf(" publickey %B\n", public_key);
fgets(len, 1000, fpairing);
element_set_str(h, len, 10);
//element_printf(" \nh = %B\n", h);
fgets(len, 1000, fpairing);
mpz_init_set_str(pub_n, len, 10);
//printf("\n n = ");
//mpz_out_str(stdout, 10, pub_n);
fclose(fpairing);
}
element_set1(tag_prod);
ftag = fopen("./tag/output5.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g1, len, 10);
element_printf("\ng1 = %B\n", g1);
fclose(ftag);
ftag = fopen("./tag/output6.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g2, len, 10);
element_printf("\ng2 = %B\n", g2);
fclose(ftag);
fplain = fopen("./split/output5.txt", "r");
fgets(len, 1000, fplain);
// printf("\nlen %s", len);
mpz_set_str(a, len, 10);
//element_printf("\na = %Zd\n", a);
fclose(fplain);
fplain = fopen("./split/output6.txt", "r");
fgets(len, 1000, fplain);
mpz_set_str(b, len, 10);
fcipher = fopen("./cipher/copy1/output5.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher1->c, len, 10);
fclose(fcipher);
fcipher = fopen("./cipher/copy1/output6.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher2->c, len, 10);
fclose(fcipher);
paillier_mul(pub, cipher2, cipher2, cipher1);
plain1 = paillier_dec(plain1, pub, priv, cipher2);
//tag
mpz_t an;
mpz_init(an);
mpz_init(nsquare);
// mpz_mul(an, a, pub_n);
mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, plain1->m);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig1, temp_pow, secret_key);
element_printf("\n signature of plain = %B\n", sig1);
//mpz_mul(an, b, pub_n);
// mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, b);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig2, temp_pow, secret_key);
element_printf("\n signature of b = %B\n", sig2);
//element_printf("\nb = %Zd\n", b);
fclose(fplain);
mpz_add(a, a, b);
// mpz_mod(a, a, pub_n);
// mpz_mul(a, a, pub_n);
// mpz_mod(a, a, nsquare);
count = 2;
element_pow_mpz(temp_pow,u, a);
mpz_set_ui(data2, count);
// itoa(count, len, 10);+
//element_printf(" \nh = %B\n", h);
element_pow_mpz(h, h, data2);
element_mul(temp_pow, temp_pow, h);
//element_printf("\n h. u^bN = %B\n", temp_pow);
element_pow_zn(sig3, temp_pow, secret_key);
element_printf("\n sig 3 %B\n", sig3);
element_mul(g2, g2, g1);
element_printf("\n Direct Product %B\n", g2);
element_mul(sig2, sig1, sig2);
element_printf("\n Direct Product %B\n", sig2);
return 0;
}
void LoadParams(char *systemFileName,
global_broadcast_params_t *gbp,
broadcast_system_t *sys)
{
if(!gbp) {
printf("ACK! You gave me no broadcast params! I die.\n");
return;
}
if(!gbp) {
printf("ACK! You gave me no broadcast system! I die.\n");
return;
}
if(!systemFileName) {
printf("ACK! You gave me no system filename! I die.\n");
return;
}
global_broadcast_params_t p;
broadcast_system_t s;
p = pbc_malloc(sizeof(struct global_broadcast_params_s));
s = pbc_malloc(sizeof(struct broadcast_system_s));
FILE *sysp = fopen(systemFileName, "r");
if(!sysp) {
printf("ACK! couldn't open %s I die\n", systemFileName);
return;
}
int leng;
fread(&leng, 4, 1, sysp);
p->pairFileName = (char *) pbc_malloc(leng);
fread(p->pairFileName, 1, leng, sysp);
FILE *params = fopen(p->pairFileName, "r");
if(!params) {
printf("ACK! couldn't open %s I die\n", p->pairFileName);
return;
}
// pairing_init_inp_str(p->pairing, params);
char _s[2048];
size_t count = fread(_s, 1, 2048, params);
if (!count) pbc_die("input error");
if (pairing_init_set_buf(p->pairing, _s, count)) pbc_die("pairing init failed");
fclose(params);
//restore num_users
fread(&(p->num_users),4,1, sysp);
//restore encr_prod
element_init(s->encr_prod, p->pairing->G1);
in(s->encr_prod, sysp);
//element_out_str(stdout, 0, s->encr_prod);
//restore pub_key
element_init(s->pub_key, p->pairing->G1);
in(s->pub_key, sysp);
//element_out_str(stdout, 0, s->pub_key);
//restore g
element_init(p->g, p->pairing->G1);
in(p->g, sysp);
p->gs = pbc_malloc(2 * p->num_users * sizeof(element_t));
//restore gs
int i;
for(i = 0; i < 2*p->num_users; i++) {
if(i == p->num_users) continue;
element_init(p->gs[i], p->pairing->G1);
in(p->gs[i], sysp);
}
fclose(sysp);
//now insert a dummy private key
element_init_Zr(s->priv_key, p->pairing);
*gbp = p;
*sys = s;
return;
}
