Exemple #1
0
int main(int argc,char** argv)
{
    /*
    arg1 : ID
    */
    if(argc < 2)
    {
        showUsage();
        exit(0);
    }

    pairing_t pairing;
    element_t s,Sa,Qa;
    pairing_from_file(pairing,"globalParam/pairingParam");
    element_init_G1(Sa,pairing);
    element_init_G1(Qa,pairing);
    element_init_Zr(s,pairing);

    element_from_file(s,"masterKey/s");
    element_from_hash(Qa,argv[1],strlen(argv[1]));
    element_mul_zn(Sa,Qa,s);

    char loc[100] = "privateKey/";
    strcat(loc,argv[1]);
    strcat(loc,".priv");
    element_to_file(Sa,loc);

    return 0;
}
Exemple #2
0
// GROUP MANAGER INIT - group key generation part1
void xsgs_gm_gen(XSGS_PUBLIC_KEY* gpk, XSGS_ISSUER_KEY* ik, pbc_param_ptr param) {
	// 1. generate prime p, pairing group G1, G2, GT, e and a hash function H: {0,1}* -> Zp
	gpk->param = param;
	gpk->pairing = (pairing_ptr) malloc(sizeof(pairing_t));
	pairing_init_pbc_param(gpk->pairing, gpk->param);

	// 2. select a generator G2 e group 2 at random
	element_init_G2(gpk->G2, gpk->pairing);
	element_random(gpk->G2);
	// and select a generator G1 e group 1 at random (G1 <- psi(G2) not applicable)
	element_init_G1(gpk->G1, gpk->pairing);
	element_random(gpk->G1);

	// 3. choose gamma e Zp* at random and set ik = gamma
	element_init_Zr(ik->gamma, gpk->pairing);
	element_random(ik->gamma);

	// 4. select K e Group1
	element_init_G1(gpk->K, gpk->pairing);
	element_random(gpk->K);
	// and W = G2^gamma (e Group2)
	element_init_G2(gpk->W, gpk->pairing);
	element_pow_naf(gpk->W, gpk->G2, ik->gamma);

	return;
}
Exemple #3
0
/**
 *  @param witness gets modified
 */
void
pbgp_witness_update(setup_params_t *setup,
                    store_t *added, store_t *revoked,
                    uint32_t id, element_t witness)
{
  element_t num, den, witt;

  element_init_G1(num, setup->pairing);
  element_init_G1(den, setup->pairing);
  element_init_G1(witt, setup->pairing);

  _witness_set_product(setup, added, id, num);
  _witness_set_product(setup, revoked, id, den);

  // Multiply
  //
  //       g[np1 - j + i] added
  // w *=  ---------------------
  //       g[np1 - j + i] revoked
  //
  //    asnum(s) during last epoch

  element_div(witt, num, den);
  element_mul(witness, witness, witt);

  element_clear(num);
  element_clear(den);
  element_clear(witt);
}
Exemple #4
0
void
pbgp_ibe_keypair_init(setup_params_t *setup, ibe_keypair_t **keys)
{
  assert(setup);
  *keys = xmalloc(sizeof (ibe_keypair_t));
  element_init_G1((*keys)->pub0, setup->pairing);
  element_init_G1((*keys)->priv0, setup->pairing);
  element_init_G1((*keys)->pub1, setup->pairing);
  element_init_G1((*keys)->priv1, setup->pairing);
}
Exemple #5
0
void
pbgp_ibe_signature_init(setup_params_t *setup, ibe_signature_t **sign)
{
  assert(setup);
  *sign = xmalloc(sizeof (ibe_signature_t));
  element_init_G1((*sign)->u, setup->pairing);
  element_init_G1((*sign)->v, setup->pairing);
  element_init_G1((*sign)->w, setup->pairing);
  element_set0((*sign)->u);
  element_set0((*sign)->v);
  element_set0((*sign)->w);
}
Exemple #6
0
void Hmki(element_t* out, public_key pk, element_t* key) {
	// pk and key check
	element_init_Zr(*out, pairing);
	int len = (pk.level + 1) * sizeof(unsigned int) / sizeof(char);
	element_t x;
	element_init_G1(x,pairing);
	element_from_hash(x, pk.ID_tuple, len);
	len = element_length_in_bytes(x);
	unsigned char* str = (unsigned char* ) malloc(len);
	element_to_bytes(str, x);
	int len1  = element_length_in_bytes(*key);
	unsigned char* key_str = (unsigned char*) malloc(len1);
	element_to_bytes(key_str, *key);
	unsigned char* sum = (unsigned char*) malloc(len1 + len);
	memcpy(sum, str, len);
	memcpy(sum + len, key_str, len1);
	element_clear(x);
	free(str);
	free(key_str);
	unsigned char o[MD5_DIGEST_LENGTH + 1];
	MD5(sum, len + len1, o);
	o[MD5_DIGEST_LENGTH] = '\0';
	element_from_hash(*out, o, MD5_DIGEST_LENGTH);
	/////////////////////////	
}
Exemple #7
0
void H_pk_to_G1(element_t* out, public_key pk) {
	element_init_G1(*out, pairing);
	int len = (pk.level + 1) * sizeof(unsigned int) / sizeof(char);
	unsigned char o[MD5_DIGEST_LENGTH];
	MD5((unsigned char*) pk.ID_tuple, len, o);
	element_from_hash(*out, (unsigned char*) o, MD5_DIGEST_LENGTH);
}
Exemple #8
0
/**
 * Witness (used for AS list)
 *
 * @param witness     must be uninitialized
 * @asnums            asnum list
 * @param id          integer (id) to add to asnum list
 *
 *  Remember to call element_clear(witness) once used
 */
void
pbgp_witness_create(setup_params_t *setup,
                    store_t *asnums, uint32_t id, element_t witness)
{
  element_init_G1(witness, setup->pairing);
  _witness_set_product(setup, asnums, id, witness);
}
Exemple #9
0
int main(int argc, char **argv) {
  pairing_t pairing;
  pbc_demo_pairing_init(pairing, argc, argv);
  char m[80]={0};


  if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");

  printf("Enter the message to be encrypted : ");
  gets(m);
  size_t len_m = sizeof(m);

  unsigned char hash[30];
  SHA1(m, len_m, hash);
  printf("The hash is : %s", hash);

  element_t g, h;
  element_t public_key, secret_key;
  element_t sig;
  element_t temp1, temp2;

  element_init_G2(g, pairing);
  element_init_G2(public_key, pairing);
  element_init_G1(h, pairing);
  element_init_G1(sig, pairing);
  element_init_GT(temp1, pairing);
  element_init_GT(temp2, pairing);
  element_init_Zr(secret_key, pairing);

  element_random(g);
  element_random(secret_key);
  element_pow_zn(public_key, g, secret_key);

  element_printf("The public key is %B\n", public_key);

  element_from_hash(h, hash, 30);
  element_pow_zn(sig, h, secret_key);

  pairing_apply(temp1, sig, g, pairing);
  pairing_apply(temp2, h, public_key, pairing);
  if(!element_cmp(temp1, temp2)){
	  printf("\nVerified\n");}
  else{
	  printf("\nNot verified\n");
  }
}
Exemple #10
0
// OPENER INIT - group key generation part 2
void xsgs_opener_gen(XSGS_PUBLIC_KEY* gpk, XSGS_OPENER_KEY* ok) {
	pairing_ptr pairing = gpk->pairing;

	// 1. choose xi1, xi2 e Zp at random
	element_init_Zr(ok->xi1, pairing);
	element_random(ok->xi1);
	element_init_Zr(ok->xi2, pairing);
	element_random(ok->xi2);

	// 2. set H = K^xi1 and G = K^xi2
	element_init_G1(gpk->H, pairing);
	element_pow_naf(gpk->H, gpk->K, ok->xi1);
	element_init_G1(gpk->G, pairing);
	element_pow_naf(gpk->G, gpk->K, ok->xi2);

	return;
}
Exemple #11
0
int main(int argc, char ** argv) {
  pbc_param_t ec_params;
  pairing_t pairing;
  unsigned int rbits = 40, qbits = 128;
  element_t *g1, *g2, *gt;
  
  for (int s = 10; s <= 1000; s += 10) {
  while (qbits <= 4096) {
    fprintf(stderr, "%d", qbits);
    pbc_param_init_a_gen(ec_params, rbits, qbits);

    pairing_init_pbc_param(pairing, ec_params);


    element_init_G1(g1, pairing);
    element_init_G2(g2, pairing);
    element_init_GT(gt, pairing);

    struct timeval tv1, tv2;
    int bc = element_length_in_bytes(g1);

    for (int i = 0; i < 100; i++) {
      if (0 == i % 10)
	fprintf(stderr, ".");

      element_random(g1);
      element_random(g2);

      gettimeofday(&tv1, NULL);
      pairing_apply(gt, g1, g2, pairing);
      gettimeofday(&tv2, NULL);

      double time = tv2.tv_sec - tv1.tv_sec;
      time *= (1000 * 1000);
      time += tv2.tv_usec - tv1.tv_usec;

      fprintf(stdout, "%d %d %d %d %d\n", bc, rbits, qbits, i, ((int) time));
    }

    for (int j = 0; j < s; j++) {
      element_clear(g1[j]);
      element_clear(g2[j]);
      element_clear(gt[j]);
    }

    rbits *= 2;
    qbits *= 2;

    fprintf(stderr, "\n");
  }
  free(g1);
  free(g2);
  free(g3);
  }
}
Exemple #12
0
int main(int argc, char **argv) {

 if(argc < 3){
 	fprintf(stderr,"Wrong input arguments!");		
	fprintf(stderr,"Please input <./curve><supersinuglar><rbits><qbits> or <./curve><ordinary><bits>\n");
 }else{
	//initialization
	pairing_t pairing;
	element_t g,h,temp1;
	int rbits, qbits;
	if(!strcmp(argv[1],"supersingular")&&argc==4){//to generate supersingualr curve
		rbits = atoi(argv[2]);
		qbits = atoi(argv[3]);
		generateSupersingular(&pairing,rbits,qbits);
		printf("generate supersingular curve...");
	}else if(!strcmp(argv[1],"ordinary")&&argc==3){//to generate ordinary curve
		rbits = atoi(argv[2]);
		generateOrdinary(&pairing,256);
		printf("generate ordinary curve...");
	}else{
		fprintf(stderr,"Wrong input arguments!");		
		fprintf(stderr,"Please input  <./curve><supersinuglar><rbits><qbits> or <./curve><ordinary><bits>\n");
		return 0;
	}
	if(pairing_is_symmetric(pairing)){
		printf("pairing is symmetric\n");
	}else{
		printf("pairing is NOT symmetric\n");
	}
	FILE *fTime = fopen("curve.txt","w+");
	clock_t start,end;//start:the start of pairing, end:the end of pairing
	float difftime=0.0;
	int loopnum = 100;//the numbers for the while-loop
	int i;//the index for the for-loop
	element_init_G1(g, pairing);
	element_init_G2(h, pairing);
	element_init_GT(temp1, pairing);
	element_random(g);
	element_random(h);
	for(i = 0;i<100;i++){	
		while(loopnum--){
			start = clock();
			element_pairing(temp1, g, h);
			end = clock();
		}
		difftime = (float)(end-start)/CLOCKS_PER_SEC;
		printf("The time of using pairing is %f\n",difftime);
		fprintf(fTime,"%f\r\n",difftime);
		difftime = 0.0;
		loopnum = 100;
	} 
}//end of main-else

  return 0;
}
Exemple #13
0
Manager::Manager()
{
	pairing_init_set_str(pairing, _PAIRING_PARAM_);
	//init public key
	element_init_G1(g, pairing);
	element_init_GT(gt, pairing);
	element_init_G1(X, pairing);
	element_init_G1(Y, pairing);
	element_init_GT(h, pairing);
	element_init_GT(y1, pairing);
	element_init_GT(y2, pairing);
	element_init_GT(y3, pairing);
	//init issuer key
	element_init_Zr(x, pairing);
	element_init_Zr(y, pairing);
	//init open key
	element_init_Zr(x1, pairing);
	element_init_Zr(x2, pairing);
	element_init_Zr(x3, pairing);
	element_init_Zr(x4, pairing);
	element_init_Zr(x5, pairing);
}
Exemple #14
0
    // Multipairing
    void do_multi(int m){
        int i = 0;
        lpoly list[m];
        lpoly *tmp_list;

        // prevalues

        element_t gg[m];
        element_ptr ggg[m];
        element_t hh[m];
        for(i = 0; i < m; i++){
            element_init_G2(gg[i], pairing);
            element_random(gg[i]);
            ggg[i] = malloc(sizeof(element_ptr));
            element_init(ggg[i], gg[i]->field);
            element_set(ggg[i], gg[i]);

            element_init_G1(hh[i], pairing);
            element_random(hh[i]);
        }


        // precomputation
        gettimeofday(&tvBegin, NULL);

        for(i = 0; i < m; i++){
            tmp_list = lpoly_init();
            precompute(tmp_list, pairing->r, hh[i], gg[i]);
            list[i] = *tmp_list;
        }

        gettimeofday(&tvEnd, NULL);
        timeval_subtract(&tvEnd, &tvBegin, 1000);

        // compute
        gettimeofday(&tvBegin, NULL);
        compute_millers(temp2, list, ggg, m, pairing);
        gettimeofday(&tvEnd, NULL);
        timeval_subtract(&tvEnd, &tvBegin, 1000);

        gettimeofday(&tvBegin, NULL);
        element_prod_pairing(temp1, hh, gg, m);
        gettimeofday(&tvEnd, NULL);
        timeval_subtract(&tvEnd, &tvBegin, 1000);

        for(i = 0; i < m; i++){
            lpoly_free2(list[i]);
        }
    }
Exemple #15
0
CipherText::CipherText(unsigned char* buf, pairing_t* p){
  this->p = p;
  this->m = NULL;
  this->s = NULL;
  element_init_GT(this->c1, *p);
  element_init_G1(this->c0, *p);
  int pos = 0;
  pos += element_from_bytes(this->c1, buf + pos);
//  element_printf("c1:%B\n", this->c1);
  pos += element_from_bytes(this->c0, buf + pos);
//  element_printf("c0:%B\n", this->c0);
  printf("pos: %d -> reconstruct c1 and c0 ok\n", pos);
  this->policy = new Policy(buf + pos, p);
  printf("reconstruct policy ok\n");
}
Exemple #16
0
void consumerShares(signed long int *codeword){
    pairing_t pairing;
    element_t g, r, a, e_g_g, share;
    char *argv = "./param/a.param";
    char s[16384];
    signed long int temp_share;
    FILE *fp = stdin;

    fp = fopen(argv, "r");
    if (!fp) 
        pbc_die("error opening %s\n", argv);
    size_t count = fread(s, 1, 16384, fp);
    if(!count) 
        pbc_die("read parameter failure\n");
    fclose(fp);
    if(pairing_init_set_buf(pairing, s, count)) 
        pbc_die("pairing init failed\n");
    if(!pairing_is_symmetric(pairing)) pbc_die("pairing is not symmetric\n");
    
    element_init_G1(g, pairing);
    element_init_Zr(r, pairing);
    element_init_Zr(a, pairing);
    element_init_Zr(share, pairing);
    element_init_GT(e_g_g, pairing);
    
    //find the generator of the group
    element_set(g, ((curve_data_ptr)((a_pairing_data_ptr)
    pairing->data)->Eq->data)->gen);
    element_random(r);
    element_random(a);
    //compute e(g, g)
    element_pairing(e_g_g, g, g);
    //compute e(g, g)^r
    element_pow_zn(e_g_g, e_g_g, r);
    //compute e(g,g)^ra
    element_pow_zn(e_g_g, e_g_g, a);
    temp_share = codeword[0];
    //transfer signed long int type ecret shares to an element_t type before we do the power of
    //e_g_g
    element_set_si(share, temp_share);
    element_pow_zn(e_g_g, e_g_g, share);
    
}
Exemple #17
0
// USER JOIN PHASE 5 - user key generation (Join)
int xsgs_user_join_phase5(XSGS_PUBLIC_KEY* gpk, XSGS_USER_CERT* ucert,
		XSGS_USER_KEY* uk, XSGS_JOIN_PHASE4* jpd4) {
	int ret;
	pairing_ptr pairing = gpk->pairing;
	field_ptr Fp = pairing->Zr;
	element_t gt1, gt2, y_neg, g1;

	element_init(ucert->x, Fp);
	element_set(ucert->x, jpd4->x);

	// check A^(x + gamma) = G1 * H^y
	// i.e.: e(A, G2)^x * e(A, W) * e(H, G2)^-y == e(G1, G2)
	element_init(y_neg, Fp);
	element_init_G1(g1, pairing);
	element_init_GT(gt1, pairing);
	element_init_GT(gt2, pairing);

	// gt1 = e(A, G2)^x * e(A, W) * e(H, G2)^-y
	//     = e(A^x * H^-y, G2) * e(A, W)
	element_neg(y_neg, uk->y);
	element_pow_naf2(g1, ucert->A, ucert->x, gpk->H, y_neg);
	element_pairing(gt1, g1, gpk->G2);
	element_pairing(gt2, ucert->A, gpk->W);
	element_mul(gt1, gt1, gt2);

	// gt2 = e(G1, G2)
	element_pairing(gt2, gpk->G1, gpk->G2);

	// check gt1 == gt2
	ret = element_cmp(gt1, gt2);

	element_clear(g1);
	element_clear(y_neg);
	element_clear(gt1);
	element_clear(gt2);

	return ret;
}
Exemple #18
0
void window(element_t ap,element_t p,int a,pairing_t pairing)
{
    static const int W = 1;
    static const int D = 1<<W;

    element_t dp[D];
    for(int i=0;i<D;i++)
        element_init_G1(dp[i],pairing);

    pre_process(dp,p,D);

    element_set0(ap);
    
    for(int i = 32/W-1;i>=0;i--)
    {
        int tmp = (a>>(i*W)) & ((1<<W)-1);

        for(int j=0;j<W;j++) element_double(ap,ap);
        if(tmp)
            element_add(ap,ap,dp[tmp]);
    }

}
Exemple #19
0
// just in user_add_attribute useable
void  add_attribute( user_secret_key * out, public_key pk, public_key att) {
  //trick it s just a fake public_key
  public_key par_pk;
  par_pk.ID_tuple = att.ID_tuple;
  par_pk.level = att.level - 1;
  public_key_copy(&(out->pk), &par_pk);
  domain_manager* par = dm_from_publickey(par_pk);
  Q_tuple SK_u;
  generate_SK_u(&SK_u,par, pk);
  //	free_Q_tuple(out->Q_tuple);
  element_t SK_a;
  generate_SK_ua(&SK_a, par, pk, att);
  out-> SK_a = (element_t* ) malloc( sizeof(element_t));
  out->number_of_attributes = 1;
  element_init_G1(out->SK_a[0], pairing);
  element_set(out->SK_a[0], SK_a);
  element_clear(SK_a);
  out->Q_tuple = SK_u;
  attribute temp;
  attribute_from_pk(&temp, att);
  out->attribute = (attribute*) malloc(sizeof(attribute));
  attribute_copy(out->attribute, &temp);
  free_attribute(temp);
}
Exemple #20
0
int main(void)
{

	pairing_t pairing;
    char param[50000];
    size_t count = fread(param, 1, 50000, stdin);
    if (!count) pbc_die("input error");
    pairing_init_set_buf(pairing, param, count);

//    int cont = 0;

    struct timeval tvBegin, tvEnd;

    element_t g, h;
    element_t public_key, secret_key;
    element_t sig;
    element_t temp1, temp2;

    element_init_G2(g, pairing);
    element_init_G2(public_key, pairing);
    element_init_G1(h, pairing);
    element_init_G1(sig, pairing);
    element_init_GT(temp1, pairing);
    element_init_GT(temp2, pairing);
    element_init_Zr(secret_key, pairing);

    // Generating key
    element_random(g);
    element_random(secret_key);
    element_pow_zn(public_key, g, secret_key);

    // Generating message
    element_from_hash(h, "ABCDEF", 6);

    element_pow_zn(sig, h, secret_key);


    // RANDOM TESTS
    /*

    // Fp

    element_t p1, p2;
    element_init(p1, element_x(h)->field);
    element_init(p2, p1->field);
    element_random(p1);
    element_random(p2);

    // multiplication

    element_t puntos[2000];
    for(cont = 0; cont < 1000; cont++){
        element_init(puntos[cont], element_x(h)->field);
        element_init(puntos[2*cont], element_x(h)->field);
        element_random(puntos[cont]);
        element_random(puntos[2*cont]);
    }

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++){
        element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
    }

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    //square

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[2*cont]);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    // add

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) element_add(puntos[cont], puntos[cont], puntos[2*cont]);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    // invers

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);






    // Fpk

    element_t q1, q2;
    element_init_GT(q1, pairing);
    element_init_GT(q2, pairing);
    element_random(q1);
    element_random(q2);

    // multiplication

    for(cont = 0; cont < 1000; cont++){
        element_init_GT(puntos[cont], pairing);
        element_init_GT(puntos[2*cont], pairing);
        element_random(puntos[cont]);
        element_random(puntos[2*cont]);
    }

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) {
        element_mul(puntos[cont], puntos[cont], puntos[2*cont]);
    }

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    //square

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) element_square(puntos[cont], puntos[cont]);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    // add

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++){
        element_add(element_x(puntos[cont]), element_x(puntos[cont]), element_x(puntos[2*cont]));
        element_add(element_y(puntos[cont]), element_y(puntos[cont]), element_y(puntos[2*cont]));
    }

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    // invers

    gettimeofday(&tvBegin, NULL);

    for(cont = 0; cont < 1000; cont++) element_invert(puntos[cont], puntos[2*cont]);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);






    // CURVE OPERATIONS

    element_t punto, punto2;
    element_init(punto, h->field); element_random(punto);
    element_init(punto2, h->field); element_random(punto2);

    // add

    gettimeofday(&tvBegin, NULL);

    element_mul(punto, punto, punto2);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);

    // double

    gettimeofday(&tvBegin, NULL);

    element_double(punto, punto2);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1);










   // SIZE GROUP
    int m = mpz_sizeinbase(pairing->r, 2) - 2;
    printf("%i\n",  m);
    int contador = 0;
    for(;;){
        if(!m) break;
        if(mpz_tstbit(pairing->r,m)) contador++;
        m--;
    }
    printf("%i\n", contador);




*/


    // One pairing
    gettimeofday(&tvBegin, NULL);

    eval_miller(temp1, sig, g, pairing);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1000);

    //print_contador();



    // One pairing (with precomputed values)

    // Original method


    pairing_pp_t pp;
    // Precomp
    gettimeofday(&tvBegin, NULL);

    pairing_pp_init(pp, sig, pairing);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1000);

    // Eval
    gettimeofday(&tvBegin, NULL);

    pairing_pp_apply(temp1, g, pp);

    gettimeofday(&tvEnd, NULL);
    timeval_subtract(&tvEnd, &tvBegin, 1000);


    pairing_pp_clear(pp);



    void do_precomp(){
        lpoly *list;

        // precomputation
        gettimeofday(&tvBegin, NULL);

        list = lpoly_init();
        precompute(list, pairing->r, sig, g);

        gettimeofday(&tvEnd, NULL);
        timeval_subtract(&tvEnd, &tvBegin, 1000);

        // DMAX
        printf("%i\n", list->MAXD);

        // eval
        gettimeofday(&tvBegin, NULL);

        compute_miller(temp2, list, g, pairing);

        gettimeofday(&tvEnd, NULL);
        timeval_subtract(&tvEnd, &tvBegin, 1000);

        lpoly_free(list);
    }
Exemple #21
0
/*
 * Initializes a member element of G1 to no initial value.
 * @param elem - the element to be initialized
 * MEMBER ELEMENT MEANS THIS ELEMENT WON'T BE USED AS AN EXPONENT
 */
void BilinearMappingHandler::initEmptyMemberElementFromG1(memberElement& elem)
{
	element_init_G1(elem, pairing);
}//end of initEmptyMemberElementFromG1()
Exemple #22
0
void CipherText::init_c0(){
  element_init_G1(this->c0,*(this->p));
  element_pow_zn(this->c0, this->pub->g1, *(this->s));//g^s
//  element_printf("c0:%B\n", this->c0);
}
Exemple #23
0
void Manager::KeyGeneration(string & PK, string & IK, string & OK)
{
	element_t gt_new;
	element_t g_new;
	element_t X_new;
	element_t Y_new;
	element_t h_new;
	element_t y1_new;
	element_t y2_new;
	element_t y3_new;
	//issuer secret
	element_t x_new;
	element_t y_new;
	//open secret
	element_t x1_new;
	element_t x2_new;
	element_t x3_new;
	element_t x4_new;
	element_t x5_new;
	//init public key
	element_init_G1(g_new, pairing);
	element_init_GT(gt_new, pairing);
	element_init_G1(X_new, pairing);
	element_init_G1(Y_new, pairing);
	element_init_GT(h_new, pairing);
	element_init_GT(y1_new, pairing);
	element_init_GT(y2_new, pairing);
	element_init_GT(y3_new, pairing);
	//init issuer key
	element_init_Zr(x_new, pairing);
	element_init_Zr(y_new, pairing);
	//init open key
	element_init_Zr(x1_new, pairing);
	element_init_Zr(x2_new, pairing);
	element_init_Zr(x3_new, pairing);
	element_init_Zr(x4_new, pairing);
	element_init_Zr(x5_new, pairing);
	//set tmp variables
	element_t temp_y1;
	element_t temp_y2;
	element_init_GT(temp_y1, pairing);
	element_init_GT(temp_y2, pairing);
	//generate system parameters
	element_random(g_new);
	element_pairing(gt_new,g_new,g_new);
	//generate private keys of group manager
	element_random(x_new);
	element_random(y_new);
	//compute X Y
	element_pow_zn(X_new,g_new,x_new);
	element_pow_zn(Y_new,g_new,y_new);
	//generate h != 1
	do
	{
		element_random(h_new);
	}
	while(element_is1(h_new));
	//rand of secret set x1...x5
	element_random(x1_new);
	element_random(x2_new);
	element_random(x3_new);
	element_random(x4_new);
	element_random(x5_new);
	//compute y1
	element_pow_zn(temp_y1,gt_new,x1_new);
	element_pow_zn(temp_y2,h_new,x2_new);
	element_mul(y1_new,temp_y1,temp_y2);
	//compute y2
	element_pow_zn(temp_y1,gt_new,x3_new);
	element_pow_zn(temp_y2,h_new,x4_new);
	element_mul(y2_new,temp_y1,temp_y2);
	//compute y3
	element_pow_zn(y3_new,gt_new,x5_new);
	//Write keys
	PK=GroupPublicKeyToString(g_new, gt_new, X_new, Y_new, h_new, y1_new, y2_new, y3_new);
	IK=SecretIssuerKeyToString(x_new,y_new);
	OK=SecretOpenKeyToString(x1_new,x2_new,x3_new,x4_new,x5_new);
    //clear elements
	//clear public key
	element_clear(g_new);
	element_clear(gt_new);
	element_clear(X_new);
	element_clear(Y_new);
	element_clear(h_new);
	element_clear(y1_new);
	element_clear(y2_new);
	element_clear(y3_new);
	//clear issuer key
	element_clear(x_new);
	element_clear(y_new);
	//clear open key
	element_clear(x1_new);
	element_clear(x2_new);
	element_clear(x3_new);
	element_clear(x4_new);
	element_clear(x5_new);
	//clear tmps
    element_clear(temp_y1);
    element_clear(temp_y2);
}
Exemple #24
0
// USER JOIN PHASE 2 - user key generation (Join)
int xsgs_user_join_phase2(XSGS_PUBLIC_KEY* gpk, XSGS_USER_DB_ENTRY* udbe,
		XSGS_ISSUER_KEY* ik, XSGS_PAILLIER_PUBKEY* ppk, XSGS_JOIN_PHASE1* jpd1,
		XSGS_JOIN_PHASE2* jpd2) {
	int ret;
	pairing_ptr pairing = gpk->pairing;
	field_ptr Fp = pairing->Zr;
	mpz_t r1, h; //, t;
	element_t R1, R2, g1, B, D, zp, gt, hp;

	mpz_init(h);
	mpz_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8);

	// 1. verify C e G1 and check U
	// R1 = g^s * c^h mod n^2
	mpz_init(r1);
	mpz_powm2(r1, ppk->g, jpd1->U.s, jpd1->U.c, h, ppk->n_squared);

	// R2 = H^s * C^h
	element_init_G1(R2, pairing);
	element_pow_naf2_mpz(R2, gpk->H, jpd1->U.s, jpd1->C, h);

	mpz_clear(h);

	// h = H(g, n, c, C, H, R1, R2)
	DWORD data_len = mpz_length_in_bytes(ppk->g)
			+ mpz_length_in_bytes(ppk->n_squared)
			+ mpz_length_in_bytes(jpd1->U.c) + element_length_in_bytes(jpd1->C)
			+ element_length_in_bytes(gpk->H) + mpz_length_in_bytes(r1)
			+ element_length_in_bytes(R2);

	BYTE* data_buf = (BYTE*) malloc(data_len);

	data_buf += mpz_to_bytes(data_buf, ppk->g);
	data_buf += mpz_to_bytes(data_buf, ppk->n_squared);
	data_buf += mpz_to_bytes(data_buf, jpd1->U.c);
	data_buf += element_to_bytes(data_buf, jpd1->C);
	data_buf += element_to_bytes(data_buf, gpk->H);
	data_buf += mpz_to_bytes(data_buf, r1);
	data_buf += element_to_bytes(data_buf, R2);
	data_buf -= data_len;

	BYTE* hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
	xsgs_hash(data_buf, data_len * 8, hash, JOIN_HASH_BITS);

	free(data_buf);
	mpz_clear(r1);
	element_clear(R2);

	// compare hashes
	ret = memcmp(jpd1->U.hash, hash, JOIN_HASH_BITS / 8);
	free(hash);
	if (!ret) {
		element_t r;

		// initialization
		element_init(udbe->UCert.x, Fp);
		element_init_G1(udbe->UCert.A, pairing);
		element_init_G1(udbe->C, pairing);
		element_init_G1(jpd2->A, pairing);
		element_init_G1(g1, pairing);
		element_init_GT(B, pairing);
		element_init_GT(gt, pairing);
		element_init(zp, Fp);

		// save jpd1->C to ubde->C
		element_set(udbe->C, jpd1->C);

		// 2. x eR Zp and
		element_random(udbe->UCert.x);

		// A <- (G1 * C)^{1/(gamma + x)}
		element_add(zp, ik->gamma, udbe->UCert.x);
		element_invert(zp, zp);
		element_mul(jpd2->A, gpk->G1, jpd1->C);
		element_pow_naf(jpd2->A, jpd2->A, zp);
		element_set(udbe->UCert.A, jpd2->A);

		// 3. B <- e(G1 * C, G2) / e(A, W) = e(G1 * C, G2) * e(A^-1, W)
		element_mul(g1, gpk->G1, jpd1->C);
		element_pairing(B, g1, gpk->G2);
		element_invert(g1, jpd2->A);
		element_pairing(gt, g1, gpk->W);
		element_mul(B, B, gt);

		element_clear(g1);
		element_clear(zp);
		element_clear(gt);

		// 4. D <- e(A, G2)
		element_init_GT(D, pairing);
		element_pairing(D, jpd2->A, gpk->G2);

		// 5. V <- NIZKPoKDL(B, D)
		// T1 = B^gamma
		element_init_GT(jpd2->V.T1, pairing);
		element_pow_zn(jpd2->V.T1, B, ik->gamma);

		// T2 = D^gamma
		element_init_GT(jpd2->V.T2, pairing);
		element_pow_zn(jpd2->V.T2, D, ik->gamma);

		// r eR Zp
		element_init(r, Fp);
		element_random(r);

		// R1 = B^r
		element_init_GT(R1, pairing);
		element_pow_zn(R1, B, r);

		// R2 = D^r
		element_init_GT(R2, pairing);
		element_pow_zn(R2, D, r);

		// h = H(B, D, T1, T2, R1, R2)
		data_len = element_length_in_bytes(B) + element_length_in_bytes(D)
				+ element_length_in_bytes(jpd2->V.T1)
				+ element_length_in_bytes(jpd2->V.T2)
				+ element_length_in_bytes(R1) + element_length_in_bytes(R2);

		data_buf = (BYTE*) malloc(data_len);
		data_buf += element_to_bytes(data_buf, B);
		data_buf += element_to_bytes(data_buf, D);
		data_buf += element_to_bytes(data_buf, jpd2->V.T1);
		data_buf += element_to_bytes(data_buf, jpd2->V.T2);
		data_buf += element_to_bytes(data_buf, R1);
		data_buf += element_to_bytes(data_buf, R2);
		data_buf -= data_len;

		jpd2->V.hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
		xsgs_hash(data_buf, data_len * 8, jpd2->V.hash, JOIN_HASH_BITS);

		element_init(hp, Fp);
		element_from_hash(hp, jpd1->U.hash, JOIN_HASH_BITS / 8);

		free(data_buf);
		element_clear(B);
		element_clear(D);
		element_clear(R1);
		element_clear(R2);

		// s = r - hash * gamma mod p
		element_init(jpd2->V.s, Fp);
		element_mul(jpd2->V.s, hp, ik->gamma);
		element_add(jpd2->V.s, r, jpd2->V.s);

		element_clear(r);
		element_clear(hp);
	}

	// return (A, V = (T1, T2, hash, s) )
	return ret;
}
Exemple #25
0
// USER JOIN PHASE 3 - user key generation (Join)
int xsgs_user_join_phase3(XSGS_PUBLIC_KEY* gpk, XSGS_USER_CERT* ucert,
		XSGS_JOIN_PHASE1* jpd1, XSGS_JOIN_PHASE2* jpd2, XSGS_JOIN_PHASE3* jpd3,
		char* usk_pem_filename) {
	int ret;
	pairing_ptr pairing = gpk->pairing;
	field_ptr Fp = pairing->Zr;
	element_t B, D, R1, R2, h, g1, gt;

	// B = e(G1 * C, G2) / e(A, W) = e(G1 * C, G2) * e(A^-1, W)
	element_init_GT(B, pairing);
	element_init_G1(g1, pairing);
	element_init_GT(gt, pairing);

	element_mul(g1, gpk->G1, jpd1->C);
	element_pairing(B, g1, gpk->G2);
	element_invert(g1, jpd2->A);
	element_pairing(gt, g1, gpk->W);
	element_mul(B, B, gt);

	// D = e(A, G2)
	element_init_GT(D, pairing);
	element_pairing(D, jpd2->A, gpk->G2);

	// verifies A e Group1, Checks V
	element_init(h, Fp);
	element_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8);
	element_neg(h, h);

	// R1 = B^s * T1^h
	element_init_GT(R1, pairing);
	element_pow_naf2(R1, B, jpd2->V.s, jpd2->V.T1, h);

	// R2 = D^s * T2^h
	element_init_GT(R2, pairing);
	element_pow_naf2(R2, D, jpd2->V.s, jpd2->V.T2, h);

	// clear tmp
	element_clear(g1);
	element_clear(gt);
	element_clear(h);

	// h = H(B, D, T1, T2, R1, R2)
	DWORD data_len = element_length_in_bytes(B) + element_length_in_bytes(D)
			+ element_length_in_bytes(jpd2->V.T1)
			+ element_length_in_bytes(jpd2->V.T2) + element_length_in_bytes(R1)
			+ element_length_in_bytes(R2);

	BYTE* data_buf = (BYTE*) malloc(data_len);
	data_buf += element_to_bytes(data_buf, B);
	data_buf += element_to_bytes(data_buf, D);
	data_buf += element_to_bytes(data_buf, jpd2->V.T1);
	data_buf += element_to_bytes(data_buf, jpd2->V.T2);
	data_buf += element_to_bytes(data_buf, R1);
	data_buf += element_to_bytes(data_buf, R2);
	data_buf -= data_len;

	BYTE* hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
	xsgs_hash(data_buf, data_len * 8, hash, JOIN_HASH_BITS);

	free(data_buf);
	element_clear(B);
	element_clear(D);
	element_clear(R1);
	element_clear(R2);

	// compare hashes
	ret = memcmp(jpd2->V.hash, hash, JOIN_HASH_BITS / 8);
	free(hash);
	if (!ret) {
		element_init_G1(ucert->A, pairing);
		element_set(ucert->A, jpd2->A);

		// S = sign(A)
		DWORD msg_len = element_length_in_bytes(ucert->A);
		BYTE* msg = (BYTE*) malloc(msg_len);
		element_to_bytes(msg, ucert->A);
		ret = xsgs_rsa_sign(usk_pem_filename, msg, msg_len, &(jpd3->S.sig), &(jpd3->S.len));
		free(msg);
	}

	// return ( S = (rsa signature length, rsa signature) )
	return ret;
}
Exemple #26
0
bool Manager::JoinMember(string request, string & respond)
{
	//elements
	element_t Pi1;
	element_t Pi2;
	element_t Sk;
	element_t R;
	element_init_G1(Pi1,pairing);
	element_init_GT(Pi2, pairing);
	element_init_Zr(Sk, pairing);
	element_init_G1(R,pairing);
	//read & check SoK
	string hash;
	string hash_check;
	RequestFromString(request,hash,Sk,Pi1);
	//check Pi1 is point of curve
	if(element_item_count(Pi1)!=2)
	{
    	element_clear(Pi1);
    	element_clear(Pi2);
    	element_clear(Sk);
    	element_clear(R);
    	return 1;//failure
	}
	element_t tmp1, tmp2;
	element_t c_Hsok;
	element_init_G1(tmp1, pairing);
	element_init_G1(tmp2, pairing);
	element_init_Zr(c_Hsok, pairing);
	element_from_hash(c_Hsok,(void*)hash.c_str(),hash.length());
	element_pow_zn(tmp1,g,Sk);
	element_pow_zn(tmp2,Pi1,c_Hsok);
	element_div(R,tmp1,tmp2);
	hash_check=Helper::Hash_g_R(g,R);
	if(hash.compare(hash_check))
	{
    	element_clear(Pi1);
    	element_clear(Pi2);
    	element_clear(Sk);
    	element_clear(R);
    	element_clear(tmp1);
    	element_clear(tmp2);
    	element_clear(c_Hsok);
    	return 1;//failure
	}
	//generate r_issuer
	element_t issuer_r;
	element_init_Zr(issuer_r, pairing);
	element_random(issuer_r);
	//create a b c
	element_t ai;
	element_t bi;
	element_t ci;
	element_t temp_ci1;
	element_t temp_ci2;
	//init
	element_init_G1(ai, pairing);
	element_init_G1(bi, pairing);
	element_init_G1(ci, pairing);
	element_init_G1(temp_ci1, pairing);
	element_init_G1(temp_ci2, pairing);
	//compute ai bi ci
	element_pow_zn(ai,g,issuer_r);//ai
	element_pow_zn(bi,ai,y);//bi
	element_pow_zn(temp_ci1,ai,x);
	element_pow_zn(temp_ci2,Pi1,issuer_r);
	element_pow_zn(temp_ci2,temp_ci2,x);
	element_pow_zn(temp_ci2,temp_ci2,y);
	element_mul(ci,temp_ci1,temp_ci2);//ci
	//create RESPOND
	respond=MemberSecretToString(ai,bi,ci);
	//compute Pi2
	element_pairing(Pi2,Pi1,g);
	//Write_to_reg_list
	AddToRegistrationList(Pi1, Pi2);
    //clear elements
    element_clear(issuer_r);
    element_clear(Pi1);
    element_clear(Pi2);
    element_clear(temp_ci1);
    element_clear(temp_ci2);
    element_clear(tmp1);
    element_clear(tmp2);
    element_clear(c_Hsok);
    element_clear(Sk);
    element_clear(R);
    element_clear(ai);
    element_clear(bi);
    element_clear(ci);
    return 0;//success
}
Exemple #27
0
// USER JOIN PHASE 1 - user key generation (Join)
void xsgs_user_join_phase1(XSGS_PUBLIC_KEY* gpk, XSGS_USER_KEY* uk,
		XSGS_PAILLIER_PUBKEY* ppk, XSGS_JOIN_PHASE1* jpd1) {
	pairing_ptr pairing = gpk->pairing;
	field_ptr Fp = pairing->Zr;
	gmp_randstate_t rnd_state;
	mpz_t y, r, R1, h;
	element_t R2;

	// 1.choose y e Zp at random and
	element_init(uk->y, Fp);
	element_random(uk->y);
	// compute C <- H^y
	element_init_G1(jpd1->C, pairing);
	element_pow_naf(jpd1->C, gpk->H, uk->y);

	// 2. U = (c=ext-commit(y), NIZKPEqDL(c, C, H))
	// c = ext-commit(y) = g^y mod n^2
	mpz_init(y);
	mpz_init(jpd1->U.c);

	element_to_mpz(y, uk->y);
	mpz_powm(jpd1->U.c, ppk->g, y, ppk->n_squared);

	// zero-knowledge proof of c, C and H
	init_rand(rnd_state, PAILLIER_MODULO_BITS / 8 + 1);
	mpz_init(r);
	mpz_urandomb(r, rnd_state, PAILLIER_MODULO_BITS);
	gmp_randclear(rnd_state);

	// R1 = g^r mod n^2
	mpz_init(R1);
	mpz_powm(R1, ppk->g, r, ppk->n_squared);

	// R2 = H^r
	element_init_G1(R2, pairing);
	element_pow_naf_mpz(R2, gpk->H, r);

	// h = H(g, n, c, C, H, R1, R2)
	DWORD data_len = mpz_length_in_bytes(ppk->g)
			+ mpz_length_in_bytes(ppk->n_squared)
			+
			//mpz_length_in_bytes(ppk->n) +
			mpz_length_in_bytes(jpd1->U.c) + element_length_in_bytes(jpd1->C)
			+ element_length_in_bytes(gpk->H) + mpz_length_in_bytes(R1)
			+ element_length_in_bytes(R2);

	BYTE* data_buf = (BYTE*) malloc(data_len);

	data_buf += mpz_to_bytes(data_buf, ppk->g);
	data_buf += mpz_to_bytes(data_buf, ppk->n_squared);
	//data_buf += mpz_to_bytes(data_buf, ppk->n);
	data_buf += mpz_to_bytes(data_buf, jpd1->U.c);
	data_buf += element_to_bytes(data_buf, jpd1->C);
	data_buf += element_to_bytes(data_buf, gpk->H);
	data_buf += mpz_to_bytes(data_buf, R1);
	data_buf += element_to_bytes(data_buf, R2);
	data_buf -= data_len;

	jpd1->U.hash = (BYTE*) malloc(JOIN_HASH_BITS / 8);
	xsgs_hash(data_buf, data_len * 8, jpd1->U.hash, JOIN_HASH_BITS);

	free(data_buf);
	mpz_clear(R1);
	element_clear(R2);

	// s = r - h * y
	mpz_init(h);
	mpz_init(jpd1->U.s);
	mpz_from_hash(h, jpd1->U.hash, JOIN_HASH_BITS / 8);
	mpz_mul(jpd1->U.s, h, y);
	mpz_sub(jpd1->U.s, r, jpd1->U.s);

	mpz_clear(r);
	mpz_clear(y);
	mpz_clear(h);

	// return ( paillier = (pub, prv), C, U = (c, h, s) )
	return;
}
Exemple #28
0
int Manager::Open(string sign, char*mes, int len_mes)
{	
	int ret;
	if(Verification(sign, mes, len_mes)!=true)
		return -1;
	//compare variable
	bool cmp_var=0;
    //elements
    element_t T1,T2,T3,T4;
    element_t T5, T6, T7;
    element_t H;
    element_t Sp;
    element_t Sm;
    element_t Sv;
    element_t c_H;
    element_t tmp_pow;
    element_t check_T4;
    element_t tmp_T2;
    element_init_GT(T1, pairing);
    element_init_GT(T2, pairing);
    element_init_GT(T3, pairing);
    element_init_GT(T4, pairing);
    element_init_G1(T5, pairing);
    element_init_G1(T6, pairing);
    element_init_G1(T7, pairing);
    element_init_Zr(H, pairing);
    element_init_Zr(Sp,pairing);
    element_init_Zr(Sm,pairing);
    element_init_Zr(Sv,pairing);
    element_init_Zr(c_H, pairing);
    element_init_Zr(tmp_pow, pairing);
    element_init_GT(check_T4, pairing);
    element_init_GT(tmp_T2, pairing);
    //read sign
    SignatureFromString(sign, c_H, Sp, Sm, Sv, T1, T2, T3, T4, T5, T6, T7);
    //add verify sign
    Helper::Hash_T1_T2_T3(H,T1,T2,T3);
    //T4 check
    element_mul(tmp_pow, x5,H);
    element_add(tmp_pow, tmp_pow,x3);
    element_pow_zn(check_T4, T1, tmp_pow);
    element_pow_zn(tmp_T2, T2, x4);
    element_mul(check_T4, check_T4,tmp_T2);
    cmp_var=element_cmp(check_T4,T4);//0==ok
    //compute Pi2
    element_t check_Pi2;
    element_init_GT(check_Pi2, pairing);
    element_pow_zn(tmp_T2, T1, x1);
    element_pow_zn(check_Pi2, T2, x2);
    element_mul(tmp_T2, tmp_T2,check_Pi2);
    element_div(check_Pi2, T3,tmp_T2);
    //find Pi2 in reg list
    if(cmp_var)
    	ret=-1;
    else
    	ret=SearchInRegistrationList(check_Pi2);
    //clear elements
    element_clear(T1);
    element_clear(T2);
    element_clear(T3);
    element_clear(T4);
    element_clear(T5);
    element_clear(T6);
    element_clear(T7);
    element_clear(H);
    element_clear(c_H);
    element_clear(Sp);
    element_clear(Sm);
    element_clear(Sv);
    element_clear(tmp_pow);
    element_clear(check_T4);
    element_clear(tmp_T2);
    return ret;
}
Exemple #29
0
int main(int argc, char **argv) {
  
  FILE  *fpairing, *ftag, *fdata, *fresult, *fplain, *fkey, *fcipher, *fpub;
  pairing_t pairing;
  paillier_pubkey_t *pub;
  paillier_prvkey_t *priv;
  element_t g, h, u, sig1, sig2, sig3, temp_pow, m, g1, g2;
  element_t public_key, tag, tag_prod;
  element_t secret_key;
  paillier_get_rand_t get_rand;
  paillier_ciphertext_t *cipher1, *cipher2;
  paillier_plaintext_t *plain1, *plain2;
 
  mpz_t pub_n, a, b, data2, nsquare;
  

  int count = 0, val=5;
  pairing_init_set_str(pairing, param_str);
  //mpz_init_set_str(data_sum, "0", 10);

  plain1 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
  plain2 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
  cipher1 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
  cipher2 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));

  //pbc_demo_pairing_init(pairing, argc, argv);
  element_init_G1(g1, pairing);
  element_init_G1(g2, pairing);
  element_init_G2(g, pairing);
  element_init_G2(public_key, pairing);
  element_init_G1(u, pairing);
  element_init_G1(temp_pow, pairing);
  element_init_G2(public_key, pairing);
  element_init_G1(h, pairing);
  element_init_G1(m, pairing);
  element_init_G1(sig1, pairing);
  element_init_G1(sig2, pairing);
  element_init_G1(sig3, pairing); 
  element_init_G1(tag, pairing); 
  element_init_G1(tag_prod, pairing);
  element_init_Zr(secret_key, pairing);
//  mpz_init(pub_n);
  char *len;
  mpz_init(a);
  mpz_init(b);
  mpz_init(data2);
  printf("Short signature test\n");
  len = (char *)malloc(2048*sizeof(char));

 if((fpub = fopen("pub.txt", "r")))
    {
       	pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
	priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));	
	mpz_init(pub->n_squared);
	mpz_init(pub->n);
	fgets(len, 1000, fpub);
   	mpz_init_set_str(pub->p, len, 10);
	fgets(len, 1000, fpub);
   	mpz_init_set_str(pub->q, len, 10);
	fgets(len, 1000, fpub);
   	mpz_init_set_str(pub->n_plusone, len, 10);
	//printf("value of nplusone : \n");
	//mpz_out_str(stdout, 10, pub->n_plusone);
	paillier_keygen(&pub, &priv, get_rand, 0);
        pub->bits = mpz_sizeinbase(pub->n, 2);	
        fclose(fpub);
    }  

  
//setting already known pairing parameters
  if((fpairing = fopen("pairing.txt", "r")))
    {
	fgets(len, 1000, fpairing);
	//printf("\n %s\n", len);
   	element_set_str(g, len, 10);
	//element_printf(" g = %B\n", g);
	fgets(len, 1000, fpairing);
	//printf("\n %s\n", len);
   	element_set_str(u, len, 10);
	//element_printf("\n u= %B\n", u);
	fgets(len, 1000, fpairing);
	element_set_str(secret_key, len, 10);
	//element_printf(" secretkey %B\n",secret_key);
	fgets(len, 1000, fpairing);
	element_set_str(public_key, len, 10);
        //element_printf(" publickey %B\n", public_key);
	fgets(len, 1000, fpairing);
	element_set_str(h, len, 10);
        //element_printf(" \nh = %B\n", h);
	fgets(len, 1000, fpairing);
	mpz_init_set_str(pub_n, len, 10);
	//printf("\n n = ");
	//mpz_out_str(stdout, 10, pub_n);
	fclose(fpairing);
    }
   
  element_set1(tag_prod);
 
   ftag = fopen("./tag/output5.txt", "r");
   fgets(len, 1000, ftag);
   element_set_str(g1, len, 10);
   element_printf("\ng1 = %B\n", g1);
   fclose(ftag);  
 
   ftag = fopen("./tag/output6.txt", "r");
   fgets(len, 1000, ftag);
   element_set_str(g2, len, 10);
   element_printf("\ng2 = %B\n", g2);
   fclose(ftag);

   fplain = fopen("./split/output5.txt", "r");
   fgets(len, 1000, fplain);
//   printf("\nlen %s", len);
   mpz_set_str(a, len, 10);
   //element_printf("\na = %Zd\n", a);
   fclose(fplain);
  fplain = fopen("./split/output6.txt", "r");
   fgets(len, 1000, fplain);
   mpz_set_str(b, len, 10);

  fcipher = fopen("./cipher/copy1/output5.txt", "r");
   fgets(len, 1000, fcipher);
   mpz_init_set_str(cipher1->c, len, 10);
  fclose(fcipher);

   fcipher = fopen("./cipher/copy1/output6.txt", "r");
   fgets(len, 1000, fcipher);
   mpz_init_set_str(cipher2->c, len, 10);
   fclose(fcipher);
  
   paillier_mul(pub, cipher2, cipher2, cipher1);
   plain1 = paillier_dec(plain1, pub, priv, cipher2);
  //tag
    mpz_t an;
    mpz_init(an);
    mpz_init(nsquare);
   // mpz_mul(an, a, pub_n);
    mpz_mul(nsquare, pub_n, pub_n);
    element_pow_mpz(temp_pow,u, plain1->m); 
    element_mul(temp_pow, temp_pow, h);
    element_pow_zn(sig1, temp_pow, secret_key);
    element_printf("\n signature of plain = %B\n", sig1);  

    //mpz_mul(an, b, pub_n);
   // mpz_mul(nsquare, pub_n, pub_n);
    element_pow_mpz(temp_pow,u, b); 
    element_mul(temp_pow, temp_pow, h);
    element_pow_zn(sig2, temp_pow, secret_key);
    element_printf("\n signature of b = %B\n", sig2);  
   
   //element_printf("\nb = %Zd\n", b);
   fclose(fplain);
     mpz_add(a, a, b);
   //  mpz_mod(a, a, pub_n);
  // mpz_mul(a, a, pub_n);
  // mpz_mod(a, a, nsquare);
   count = 2;
   element_pow_mpz(temp_pow,u, a);
   mpz_set_ui(data2, count);
  //  itoa(count, len, 10);+
    //element_printf(" \nh = %B\n", h);
    element_pow_mpz(h, h, data2);
    element_mul(temp_pow, temp_pow, h);
    //element_printf("\n h. u^bN = %B\n", temp_pow);
    element_pow_zn(sig3, temp_pow, secret_key);
    element_printf("\n sig 3 %B\n", sig3); 
    element_mul(g2, g2, g1);
    element_printf("\n Direct Product %B\n", g2); 
    element_mul(sig2, sig1, sig2);
    element_printf("\n Direct Product %B\n", sig2); 
   
 return 0;
}
Exemple #30
0
bool Manager::Verification(string signature, char*mes, int len_mes)
{
    //compare variables
    bool cmp_value_1=0;
    bool cmp_value_2=0;
    //elements
    element_t T1,T2,T3,T4;
    element_t T5, T6, T7;
    element_t c_H;
    element_t H;
    element_t Sp;
    element_t Sm;
    element_t Sv;
    //init
    element_init_GT(T1, pairing);
    element_init_GT(T2, pairing);
    element_init_GT(T3, pairing);
    element_init_GT(T4, pairing);
    element_init_G1(T5, pairing);
    element_init_G1(T6, pairing);
    element_init_G1(T7, pairing);
    element_init_Zr(Sp,pairing);
    element_init_Zr(Sm,pairing);
    element_init_Zr(Sv,pairing);
    element_init_Zr(H, pairing);
    element_init_Zr(c_H, pairing);
    SignatureFromString(signature, c_H,Sp,Sm,Sv,T1,T2,T3,T4,T5,T6,T7);
    //heshing
    Helper::Hash_T1_T2_T3(H,T1,T2,T3);
    //compute R1'
    element_t tmp_1;
    element_t tmp_2;
    element_t tmp_3;
    element_t R1_;
    element_init_GT(R1_, pairing);
    element_init_GT(tmp_1, pairing);
    element_init_GT(tmp_2, pairing);
    element_init_GT(tmp_3, pairing);
    element_pairing(tmp_1, g, T7);
    element_pow_zn(tmp_2, tmp_1, Sp);
    element_pairing(tmp_1, X, T6);
    element_pow_zn(tmp_3, tmp_1, Sm);
    element_div(R1_, tmp_2, tmp_3);
    element_pairing(tmp_3, X, T5);
    element_pow_zn(tmp_3, tmp_3, c_H);
    element_div(R1_, R1_, tmp_3);
    //compute R2'
    element_t R2_;
    element_init_GT(R2_, pairing);
    element_pow_zn(R2_, gt, Sv);
    element_pow_zn(tmp_1, T1, c_H);
    element_div(R2_, R2_, tmp_1);
    //compute R3'
    element_t R3_;
    element_init_GT(R3_, pairing);
    element_pow_zn(tmp_1, h, Sv);
    element_pow_zn(tmp_2, T2, c_H);
    element_sub(R3_, tmp_1, tmp_2);
    //compute R4'
    element_t R4_;
    element_init_GT(R4_, pairing);
    element_pow_zn(tmp_1, y1, Sv);
    element_pow_zn(tmp_2, gt, Sm);
    element_mul(tmp_3, tmp_1, tmp_2);
    element_pow_zn(tmp_1,T3, c_H);
    element_sub(R4_, tmp_3, tmp_1);
    //compute R5'
    element_t R5_;
    element_init_GT(R5_, pairing);
    element_t tmp_pow;
    element_init_Zr(tmp_pow, pairing);
    element_t tmp_div;
    element_init_GT(tmp_div, pairing);
    element_pow_zn(R5_, y2, Sv);
    element_pow_zn(tmp_div,y3,H);
    element_pow_zn(tmp_div,tmp_div,Sv);
    element_mul(R5_,R5_,tmp_div);
    element_pow_zn(tmp_div,T4, c_H);
    element_div(R5_, R5_, tmp_div);
    //check c_H == c_H'
    element_t check_c_H;
    element_init_Zr(check_c_H, pairing);
    Helper::Hash_C(check_c_H,R1_,R2_,R3_,R4_,R5_,g,gt,X,Y,h,y1,y2,y3,mes,len_mes);
    //check e(T 5 , Y ) == e(g, T 6 )
    element_t check_1;
    element_init_GT(check_1, pairing);
    element_t check_2;
    element_init_GT(check_2, pairing);
    element_pairing(check_1, T5,Y);
    element_pairing(check_2, g,T6);
    //cmp_value_1
    cmp_value_1=element_cmp(check_c_H,c_H);//0==ok
    //cmp_value_2
    cmp_value_2=element_cmp(check_1,check_2);//0==ok
    //clear elements
    element_clear(T1);
    element_clear(T2);
    element_clear(T3);
    element_clear(T4);
    element_clear(T5);
    element_clear(T6);
    element_clear(T7);
    element_clear(Sp);
    element_clear(Sm);
    element_clear(Sv);
    element_clear(H);
    element_clear(c_H);
    element_clear(R1_);
    element_clear(R2_);
    element_clear(R3_);
    element_clear(R4_);
    element_clear(R5_);
    element_clear(tmp_1);
    element_clear(tmp_2);
    element_clear(tmp_3);
    element_clear(tmp_pow);
    element_clear(tmp_div);
    element_clear(check_c_H);
    element_clear(check_1);
    element_clear(check_2); 
    if(cmp_value_1||cmp_value_2)
        return 0;
    else
        return 1;
}