void
Ipdb::GenPar(PFC *pp, miracl *mp, G1 gg1, G2 gg2, Big om)
{
pfc=pp;
mip=mp;
order=pfc->order();
#ifdef VERBOSE
printf("GenParam (start):\n");
#endif
pfc->random(delta1); pfc->random(delta2);
pfc->random(g1); pfc->random(g2);
pfc->random(g2_2);
pfc->random(theta1); pfc->random(theta2);
pfc->random(omega);
omega=om;
g1=gg1; g2=gg2;
for(int i=0;i<len;i++){
pfc->random(w1[i]); pfc->random(t1[i]); pfc->random(f1[i]); pfc->random(h1[i]);
w2[i]=moddiv(omega+modmult(delta2,w1[i],order),delta1,order);
t2[i]=moddiv(omega+modmult(theta2,t1[i],order),theta1,order);
pfc->random(f2[i]); pfc->random(h2[i]);
W1[i]=pfc->mult(g1,w1[i]);
W2[i]=pfc->mult(g1,w2[i]);
pfc->precomp_for_mult(W1[i]); // precompute on everything!
pfc->precomp_for_mult(W2[i]);
T1[i]=pfc->mult(g1,t1[i]);
T2[i]=pfc->mult(g1,t2[i]);
pfc->precomp_for_mult(T1[i]);
pfc->precomp_for_mult(T2[i]);
F1[i]=pfc->mult(g1,f1[i]);
F2[i]=pfc->mult(g1,f2[i]);
pfc->precomp_for_mult(F1[i]);
pfc->precomp_for_mult(F2[i]);
H1[i]=pfc->mult(g1,h1[i]);
H2[i]=pfc->mult(g1,h2[i]);
pfc->precomp_for_mult(H1[i]);
pfc->precomp_for_mult(H2[i]);
}
U1=pfc->mult(g1,delta1);
U2=pfc->mult(g1,delta2);
V1=pfc->mult(g1,theta1);
V2=pfc->mult(g1,theta2);
g1_1=pfc->mult(g1,omega);
alpha=pfc->pairing(g2_2,g1);
pfc->precomp_for_power(alpha);
pfc->precomp_for_mult(U1); pfc->precomp_for_mult(U2);
pfc->precomp_for_mult(V1); pfc->precomp_for_mult(V2);
pfc->precomp_for_mult(g1); pfc->precomp_for_mult(g2);
pfc->precomp_for_mult(g1_1);
#ifdef VERBOSE
printf("GenParam (end) :\n");
#endif
}
void
Ipdb::GenPar(PFC *pp, miracl *mp)
{
pfc=pp;
mip=mp;
order=pfc->order();
printf("GenParam (start) with ell=%d\n",ell);
pfc->random(g1);
pfc->random(g2_2);
pfc->random(g2);
pfc->random(delta1); pfc->random(delta2);
pfc->random(theta1); pfc->random(theta2);
pfc->random(omega);
for(int i=0;i<ell;i++){
pfc->random(w1[i]); pfc->random(t1[i]); pfc->random(f1[i]); pfc->random(h1[i]);
pfc->random(f2[i]); pfc->random(h2[i]);
w2[i]=moddiv(omega+modmult(delta2,w1[i],order),delta1,order);
t2[i]=moddiv(omega+modmult(theta2,t1[i],order),theta1,order);
W1[i]=pfc->mult(g1,w1[i]);
W2[i]=pfc->mult(g1,w2[i]);
pfc->precomp_for_mult(W1[i]); // precompute on everything!
pfc->precomp_for_mult(W2[i]);
T1[i]=pfc->mult(g1,t1[i]);
T2[i]=pfc->mult(g1,t2[i]);
pfc->precomp_for_mult(T1[i]);
pfc->precomp_for_mult(T2[i]);
F1[i]=pfc->mult(g1,f1[i]);
F2[i]=pfc->mult(g1,f2[i]);
pfc->precomp_for_mult(F1[i]);
pfc->precomp_for_mult(F2[i]);
H1[i]=pfc->mult(g1,h1[i]);
H2[i]=pfc->mult(g1,h2[i]);
pfc->precomp_for_mult(H1[i]);
pfc->precomp_for_mult(H2[i]);
}
U1=pfc->mult(g1,delta1);
U2=pfc->mult(g1,delta2);
V1=pfc->mult(g1,theta1);
V2=pfc->mult(g1,theta2);
g1_1=pfc->mult(g1,omega);
alpha=pfc->pairing(g2_2,g1);
pfc->precomp_for_power(alpha);
pfc->precomp_for_mult(U1); pfc->precomp_for_mult(U2);
pfc->precomp_for_mult(V1); pfc->precomp_for_mult(V2);
pfc->precomp_for_mult(g2); pfc->precomp_for_mult(g1);
pfc->precomp_for_mult(g1_1);
printf("GenParam (end) :\n");
}
void inner_product(Big *x,Big *v,Big& order)
{
Big prod=0;
for (int i=0;i<3-1;i++)
prod+=modmult(x[i],v[i],order);
v[3-1]=moddiv(order-prod,x[3-1],order);
}
// Lagrange interpolation
Big lagrange(int i,int *S,int d,Big order)
{
int j,k;
Big z=1;
for (k=0;k<d;k++)
{
j=S[k];
if (j!=i) z=modmult(z,moddiv(order-j,(Big)(i-j),order),order);
}
return z;
}
IpeBMsk *
Ipe::BasicSetup(Big o, Big d1, Big d2){
IpeBMsk *bmsk;
Big w1,w2,f1,f2;
pfc->random(w1);
pfc->random(f1);
pfc->random(f2);
w2=moddiv(o+modmult(d2,w1,order),d1,order);
bmsk = new IpeBMsk(w1,w2,f1,f2);
return bmsk;
}
int main(void) {
size_t size;
uint64_t *primes = primesieve_generate_primes(5, MAX + 100, &size, UINT64_PRIMES);
if(!primes) {
puts("Could not allocate primes.");
return 1;
}
uint64_t s = 0;
for(uint64_t i = 0, p1, p2, t;; ++i) {
p1 = primes[i];
if(p1 > MAX) {
break;
}
p2 = primes[i + 1];
t = l10(p1);
s += p2*moddiv(p1, p2, t);
}
primesieve_free(primes);
printf("%"PRIu64"\n", s);
}
ZR PairingGroup::div(ZR g, ZR h)
{
ZR o = pfcObject->order();
return moddiv(g, h, o);
}
BOOL gauss(Big &order,int n,Big *matrix[],Big *w)
{
int i,ii,j,jj,k,m;
int *row;
BOOL ok,pivot;
Big s,p;
ok=TRUE;
w[0]=1;
row=new int[n];
for (i=1;i<n;i++) w[i]=0;
for (i=0;i<n;i++) {matrix[i][n]=w[i];row[i]=i;}
for (i=0;i<n;i++)
{ /* Gaussian elimination */
m=i; ii=row[i];
pivot=TRUE;
if (matrix[ii][i]==0)
{ // look for non-zero pivot..
pivot=FALSE;
for (j=i+1;j<n;j++)
{
jj=row[j];
if (matrix[jj][i]!=0)
{
m=j;
pivot=TRUE;
k=row[i]; row[i]=row[m]; row[m]=k; // swap row indices
break;
}
}
}
if (!pivot)
{ // no non-zero pivot found
ok=FALSE;
break;
}
ii=row[i];
p=inverse(matrix[ii][i],order);
for (j=i+1;j<n;j++)
{
jj=row[j];
s=modmult(matrix[jj][i],p,order);
for (k=n;k>=i;k--) matrix[jj][k]-=modmult(s,matrix[ii][k],order);
}
}
if (ok) for (j=n-1;j>=0;j--)
{ /* Backward substitution */
s=0;
for (k=j+1;k<n;k++) s+=modmult(w[k],matrix[row[j]][k],order);
if (matrix[row[j]][j]==0)
{
ok=FALSE;
break;
}
w[j]=moddiv(matrix[row[j]][n]-s,matrix[row[j]][j],order);
// try and make them small
if (abs(w[j])>order/2)
{
if (w[j]<0) w[j]+=order;
else if (w[j]>0) w[j]-=order;
}
}
delete [] row;
return ok;
}
int main()
{
PFC pfc(AES_SECURITY); // initialise pairing-friendly curve
miracl *mip=get_mip(); // get handle on mip (Miracl Instance Pointer)
Big order=pfc.order(); // get pairing-friendly group order
time_t seed; // crude randomisation
time(&seed);
irand((long)seed);
// setup - for 20 attributes 1-20
int i,j,k,n,ik,S[NBOB];
Big s,y,qi,M,ED,t[NATTR];
Big poly[Nd];
G1 P,T[NATTR],E[Nd],AE[NALICE];
G2 Q,AD[NALICE],BD[NBOB];
GT Y,DB;
pfc.random(P);
pfc.random(Q);
pfc.precomp_for_mult(Q); // Q is fixed, so precompute on it
pfc.random(y);
Y=pfc.power(pfc.pairing(Q,P),y);
for (i=0;i<NATTR;i++)
{
pfc.random(t[i]); // Note t[i] will be 2*AES_SECURITY bits long
T[i]=pfc.mult(P,t[i]); // which may be less than the group order.
pfc.precomp_for_mult(T[i],TRUE); // T[i] are system params, so precompute on them
// Note second parameter indicates that all multipliers
// must be <=2*AES_SECURITY bits, which may be shorter
// than the full group size.
}
// key generation for Alice
// A d-1 degree polynomial is randomly chosen such that q(0)=y
poly[0]=y;
for (i=1;i<Nd;i++)
pfc.random(poly[i]);
// Private key consists of components D_i where D_i=g^(q(i)/t_i)
for (j=0;j<NALICE;j++)
{
i=Alice[j];
qi=y; ik=i;
for (k=1;k<Nd;k++)
{ // evaluate polynomial a0+a1*x+a2*x^2... for x=i; => result is q(i)
qi+=modmult(poly[k],(Big)ik,order);
ik*=i;
qi%=order;
}
// D_i=g^(q(i)/t_i)
AD[j]=pfc.mult(Q,moddiv(qi,t[i],order)); // exploits precomputation
}
// key generation for Bob
poly[0]=y;
for (i=1;i<Nd;i++)
pfc.random(poly[i]);
for (j=0;j<NBOB;j++)
{
i=Bob[j];
qi=y; ik=i;
for (k=1;k<Nd;k++)
{ // evaluate polynomial a0+a1*x+a2*x^2... for x=i;
qi+=modmult(poly[k],(Big)ik,order);
ik*=i;
qi%=order;
}
BD[j]=pfc.mult(Q,moddiv(qi,t[i],order));
pfc.precomp_for_pairing(BD[j]); // Bob precomputes on his private key
}
// Encryption to Alice
mip->IOBASE=256;
M=(char *)"test message";
cout << "Message to be encrypted= " << M << endl;
mip->IOBASE=16;
pfc.random(s);
ED=lxor(M,pfc.hash_to_aes_key(pfc.power(Y,s)));
for (j=0;j<NALICE;j++)
{
i=Alice[j];
// calculate T_i^s
AE[j]=pfc.mult(T[i],s); // exploit precomputation
}
// Decryption by Bob
// set up to exploit multi-pairing
G1 *g1[5];
G2 *g2[5];
k=0;
for (j=0;j<NBOB;j++)
{ // check for common attributes
i=Bob[j];
n=has_attribute(NALICE,Alice,i);
if (n<0) continue; // Alice doesn't have it
S[k]=i;
E[k]=AE[n];
g2[k]=&BD[j];
k++;
}
if (k<Nd)
{
cout << "Bob does not have enough attributes in common with Alice to decrypt successfully" << endl;
exit(0);
}
// faster to multiply in G1 than to exponentiate in GT
for (j=0;j<Nd;j++)
{
i=S[j];
E[j]=pfc.mult(E[j],lagrange(i,S,Nd,order));
g1[j]=&E[j];
}
DB=pfc.multi_pairing(Nd,g2,g1);
M=lxor(ED,pfc.hash_to_aes_key(DB));
mip->IOBASE=256;
cout << "Decrypted message= " << M << endl;
return 0;
}