int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
char m[80]={0};
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
printf("Enter the message to be encrypted : ");
gets(m);
size_t len_m = sizeof(m);
unsigned char hash[30];
SHA1(m, len_m, hash);
printf("The hash is : %s", hash);
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
element_printf("The public key is %B\n", public_key);
element_from_hash(h, hash, 30);
element_pow_zn(sig, h, secret_key);
pairing_apply(temp1, sig, g, pairing);
pairing_apply(temp2, h, public_key, pairing);
if(!element_cmp(temp1, temp2)){
printf("\nVerified\n");}
else{
printf("\nNot verified\n");
}
}
int main(int argc, char ** argv) {
pbc_param_t ec_params;
pairing_t pairing;
unsigned int rbits = 40, qbits = 128;
element_t *g1, *g2, *gt;
for (int s = 10; s <= 1000; s += 10) {
while (qbits <= 4096) {
fprintf(stderr, "%d", qbits);
pbc_param_init_a_gen(ec_params, rbits, qbits);
pairing_init_pbc_param(pairing, ec_params);
element_init_G1(g1, pairing);
element_init_G2(g2, pairing);
element_init_GT(gt, pairing);
struct timeval tv1, tv2;
int bc = element_length_in_bytes(g1);
for (int i = 0; i < 100; i++) {
if (0 == i % 10)
fprintf(stderr, ".");
element_random(g1);
element_random(g2);
gettimeofday(&tv1, NULL);
pairing_apply(gt, g1, g2, pairing);
gettimeofday(&tv2, NULL);
double time = tv2.tv_sec - tv1.tv_sec;
time *= (1000 * 1000);
time += tv2.tv_usec - tv1.tv_usec;
fprintf(stdout, "%d %d %d %d %d\n", bc, rbits, qbits, i, ((int) time));
}
for (int j = 0; j < s; j++) {
element_clear(g1[j]);
element_clear(g2[j]);
element_clear(gt[j]);
}
rbits *= 2;
qbits *= 2;
fprintf(stderr, "\n");
}
free(g1);
free(g2);
free(g3);
}
}
/*
* Calculates the bilinear mapping e(a,b)
* @param a - a memberElement of G1
* @param b - a memberElement of G2
* @param result - the result will be saved here. This is a member of GT
*/
void BilinearMappingHandler::bilinearMap(memberElement& result,memberElement& a, memberElement& b)
{
pairing_apply(result, a, b, pairing); //perform bilinear mapping
}//end of bilinearMap()
void pbc_decrypt(struct crypto *pbc, int tl, int *nse, int ts,
int use_caching, int use_product)
{
/* e(C_0, K_0) -> pairing(C, K[i])
* e(C_{i1}, K_{i1}) -> pairing(Ci[i], Ki[i])
* e(C_{i2}, K_{i2}) -> pairing(Ci[i], Ki[i])
*/
element_t C, K[ts], Ci[tl], Ki[tl], R, A, B, M, T;
int num_mul=0, num_pair=0;
struct timeval st, en;
int i, j;
/* -------------------- setup --------------------- */
gettimeofday(&st, NULL);
element_init_G1(C, pbc->pairing);
element_random(C);
for (i = 0; i < ts; i++) {
element_init_G2(K[i], pbc->pairing);
element_random(K[i]);
}
for (i = 0; i < tl; i++) {
element_init_G1(Ci[i], pbc->pairing);
element_random(Ci[i]);
}
for (i = 0; i < tl; i++) {
element_init_G2(Ki[i], pbc->pairing);
element_random(Ki[i]);
}
element_init_GT(R, pbc->pairing);
element_init_GT(A, pbc->pairing);
element_init_GT(B, pbc->pairing);
element_init_GT(M, pbc->pairing);
element_init_GT(T, pbc->pairing);
gettimeofday(&en, NULL);
printf("Setup: %lu us\n", time_diff(&st, &en));
printf("tl=%d ts=%d|", tl, ts);
for (i = 0; i < ts; i++)
printf("%d ", nse[i]);
printf("\n");
/* ------------------ decryption ------------------ */
gettimeofday(&st, NULL);
/* e(C0, K0) across all tokens */
if (use_caching) {
pairing_pp_t pp;
pairing_pp_init(pp, C, pbc->pairing);
for (i = 0; i < ts; i++)
pairing_pp_apply(R, K[i], pp);
pairing_pp_clear(pp);
} else
for (i = 0; i < ts; i++) {
pairing_apply(R, C, K[i], pbc->pairing);
num_pair++;
}
/* prod{e(Ci1, Ki1)}prod{e(Ci2, Ki2)} across all tokens */
if (use_product) {
for (i = 0; i < ts; i++) {
if (!nse[i])continue;
element_prod_pairing(A, Ci, Ki, nse[i]);
element_prod_pairing(B, Ci, Ki, nse[i]);
element_mul(M, A, B);
}
} else
for (i = 0; i < ts; i++) {
element_set1(A);
for (j = 0; j < nse[i]; j++) {
element_pairing(T, Ci[j], Ki[j]);
element_mul(A, A, T);
num_pair++;
num_mul++;
}
element_set1(B);
for (j = 0; j < nse[i]; j++) {
element_pairing(T, Ci[j], Ki[j]);
element_mul(B, B, T);
num_pair++;
num_mul++;
}
element_mul(M, A, B);
num_mul++;
}
gettimeofday(&en, NULL);
printf("Decryption: %lu us\n", time_diff(&st, &en));
if (use_caching || use_product) {
num_pair = -1;
num_mul = -1;
}
printf("Used %d pairings and %d multiplications\n", num_pair, num_mul);
/* ------------------- cleanup -------------------- */
gettimeofday(&st, NULL);
element_clear(T);
element_clear(M);
element_clear(B);
element_clear(A);
element_clear(R);
element_clear(C);
for (i = 0; i < ts; i++)
element_clear(K[i]);
for (i = 0; i < tl; i++)
element_clear(Ci[i]);
for (i = 0; i < tl; i++)
element_clear(Ki[i]);
gettimeofday(&en, NULL);
printf("Cleanup: %lu us\n", time_diff(&st, &en));
}
int bbs_open(element_t A, bbs_group_public_key_t gpk, bbs_manager_private_key_t gmsk, int hashlen, void *hash, unsigned char *sig)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, et0, z0;
unsigned char *readptr = sig;
int result;
UNUSED_VAR (hashlen);
UNUSED_VAR (hash);
//TODO: consolidate with verify
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
element_pow_zn(R1, gpk->u, salpha);
element_pow_zn(e10, T1, z0);
element_mul(R1, R1, e10);
element_pow_zn(R2, gpk->v, sbeta);
element_pow_zn(e10, T2, z0);
element_mul(R2, R2, e10);
element_neg(z0, sdelta1);
element_pow_zn(R4, gpk->u, z0);
element_pow_zn(e10, T1, sx);
element_mul(R4, R4, e10);
element_neg(z0, sdelta2);
element_pow_zn(R5, gpk->v, z0);
element_pow_zn(e10, T2, sx);
element_mul(R5, R5, e10);
pairing_apply(R3, T3, gpk->w, pairing);
pairing_apply(et0, gpk->g1, gpk->g2, pairing);
element_invert(et0, et0);
element_mul(R3, R3, et0);
element_pow_zn(R3, R3, c);
pairing_apply(et0, T3, gpk->g2, pairing);
element_pow_zn(et0, et0, sx);
element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->w, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
element_add(z0, sdelta1, sdelta2);
element_neg(z0, z0);
pairing_apply(et0, gpk->h, gpk->g2, pairing);
element_pow_zn(et0, et0, z0);
element_mul(R3, R3, et0);
//if mismatch result = 0;
//} else {
element_pow_zn(A, T1, gmsk->xi1);
element_pow_zn(e10, T2, gmsk->xi2);
element_mul(A, A, e10);
element_invert(A, A);
element_mul(A, A, T3);
result =1;
//}
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(et0);
element_clear(z0);
return result;
}
int bbs_verify(unsigned char *sig, int hashlen, void *hash, bbs_group_public_key_t gpk)
{
bbs_sys_param_ptr param = gpk->param;
pairing_ptr pairing = param->pairing;
field_ptr Fp = pairing->Zr;
element_t T1, T2, T3;
element_t R1, R2, R3, R4, R5;
element_t c, salpha, sbeta, sx, sdelta1, sdelta2;
element_t e10, e20, e21, et0, z0, z1;
unsigned char *readptr = sig;
element_init_G1(T1, pairing);
element_init_G1(T2, pairing);
element_init_G1(T3, pairing);
element_init_G1(R1, pairing);
element_init_G1(R2, pairing);
element_init_GT(R3, pairing);
element_init_G1(R4, pairing);
element_init_G1(R5, pairing);
element_init(c, Fp);
element_init(salpha, Fp);
element_init(sbeta, Fp);
element_init(sx, Fp);
element_init(sdelta1, Fp);
element_init(sdelta2, Fp);
element_init_G1(e10, pairing);
element_init_G2(e20, pairing);
element_init_G2(e21, pairing);
element_init_GT(et0, pairing);
element_init(z0, Fp);
element_init(z1, Fp);
readptr += element_from_bytes(T1, readptr);
readptr += element_from_bytes(T2, readptr);
readptr += element_from_bytes(T3, readptr);
readptr += element_from_bytes(c, readptr);
readptr += element_from_bytes(salpha, readptr);
readptr += element_from_bytes(sbeta, readptr);
readptr += element_from_bytes(sx, readptr);
readptr += element_from_bytes(sdelta1, readptr);
readptr += element_from_bytes(sdelta2, readptr);
element_neg(z0, c);
//element_pow_zn(R1, gpk->u, salpha);
//element_pow_zn(e10, T1, z0);
//element_mul(R1, R1, e10);
element_pow2_zn(R1, gpk->u, salpha, T1, z0);
//element_pow_zn(R2, gpk->v, sbeta);
//element_pow_zn(e10, T2, z0);
//element_mul(R2, R2, e10);
element_pow2_zn(R2, gpk->v, sbeta, T2, z0);
element_neg(z0, sdelta1);
//element_pow_zn(R4, gpk->u, z0);
//element_pow_zn(e10, T1, sx);
//element_mul(R4, R4, e10);
element_pow2_zn(R4, gpk->u, z0, T1, sx);
element_neg(z0, sdelta2);
//element_pow_zn(R5, gpk->v, z0);
//element_pow_zn(e10, T2, sx);
//element_mul(R5, R5, e10);
element_pow2_zn(R5, gpk->v, z0, T2, sx);
/*
* compute R3 more efficiently. use precomputed e(g1,g2)^{-1},
* e(h,g2), and e(h,w). this leaves e(T3,g2)^sx and e(T3,w)^c;
* compute these with one pairing as e(T3, g2^sx w^c).
*/
//element_pow_zn(e20, gpk->g2, sx);
//element_pow_zn(e21, gpk->w, c);
//element_mul(e20, e20, e21);
element_pow2_zn(e20, gpk->g2, sx, gpk->w, c);
pairing_apply(R3, T3, e20, pairing);
//element_pow_zn(et0, gpk->pr_g1_g2_inv, c);
//element_mul(R3, R3, et0);
element_add(z0, salpha, sbeta);
element_neg(z0, z0);
//element_pow_zn(et0, gpk->pr_h_w, z0);
//element_mul(R3, R3, et0);
element_add(z1, sdelta1, sdelta2);
element_neg(z1, z1);
//element_pow_zn(et0, gpk->pr_h_g2, z1);
element_pow3_zn(et0, gpk->pr_g1_g2_inv, c, gpk->pr_h_w, z0, gpk->pr_h_g2, z1);
element_mul(R3, R3, et0);
#ifdef DEBUG
element_printf("T1: %B\n", T1);
element_printf("T2: %B\n", T2);
element_printf("T3: %B\n", T3);
element_printf("R1: %B\n", R1);
element_printf("R2: %B\n", R2);
element_printf("R3: %B\n", R3);
element_printf("R4: %B\n", R4);
element_printf("R5: %B\n", R5);
#endif
int result = 0;
element_t M;
element_init_G1(M, pairing);
element_from_hash(M, hash, hashlen);
unsigned int hash_input_length = element_length_in_bytes(T1) +
element_length_in_bytes(T2) +
element_length_in_bytes(T3) +
element_length_in_bytes(R1) +
element_length_in_bytes(R2) +
element_length_in_bytes(R3) +
element_length_in_bytes(R4) +
element_length_in_bytes(R5) +
element_length_in_bytes(M);
unsigned char *hash_input = malloc(hash_input_length);
hash_input += element_to_bytes(hash_input, T1);
hash_input += element_to_bytes(hash_input, T2);
hash_input += element_to_bytes(hash_input, T3);
hash_input += element_to_bytes(hash_input, R1);
hash_input += element_to_bytes(hash_input, R2);
hash_input += element_to_bytes(hash_input, R3);
hash_input += element_to_bytes(hash_input, R4);
hash_input += element_to_bytes(hash_input, R5);
hash_input += element_to_bytes(hash_input, M); // Could avoid converting to bytes and from bytes
hash_input -= hash_input_length;
hash_ctx_t context;
unsigned char digest[hash_length];
hash_init(context);
hash_update(context, hash_input, hash_input_length);
hash_final(digest, context);
free(hash_input);
element_t c1;
element_init(c1, Fp);
element_from_hash(c1, digest, sizeof(digest));
if (!element_cmp(c, c1)) {
result = 1;
}
element_clear(M);
element_clear(c1);
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(R1);
element_clear(R2);
element_clear(R3);
element_clear(R4);
element_clear(R5);
element_clear(c);
element_clear(salpha);
element_clear(sbeta);
element_clear(sx);
element_clear(sdelta1);
element_clear(sdelta2);
element_clear(e10);
element_clear(e20);
element_clear(e21);
element_clear(et0);
element_clear(z0);
element_clear(z1);
return result;
}
void bbs_gen(bbs_group_public_key_ptr gpk, bbs_manager_private_key_ptr gmsk, int n, bbs_group_private_key_t *gsk, bbs_sys_param_ptr param)
{
pairing_ptr pairing = param->pairing;
element_t z0;
element_t gamma;
int i;
gpk->param = param;
gmsk->param = param;
element_init_G1(gpk->g1, pairing);
element_init_G2(gpk->g2, pairing);
element_init_G1(gpk->h, pairing);
element_init_G1(gpk->u, pairing);
element_init_G1(gpk->v, pairing);
element_init_G2(gpk->w, pairing);
element_init_Zr(gmsk->xi1, pairing);
element_init_Zr(gmsk->xi2, pairing);
element_init_Zr(z0, pairing);
element_init_Zr(gamma, pairing);
element_random(gpk->g2);
element_random(gpk->g1);
element_random(gpk->h);
element_random(gmsk->xi1);
element_random(gmsk->xi2);
element_invert(z0, gmsk->xi1);
element_pow_zn(gpk->u, gpk->h, z0);
element_invert(z0, gmsk->xi2);
element_pow_zn(gpk->v, gpk->h, z0);
element_random(gamma);
element_pow_zn(gpk->w, gpk->g2, gamma);
for (i=0; i<n; i++) {
gsk[i]->param = param;
element_init_G1(gsk[i]->A, pairing);
element_init_Zr(gsk[i]->x, pairing);
element_random(gsk[i]->x);
element_add(z0, gamma, gsk[i]->x);
element_invert(z0, z0);
element_pow_zn(gsk[i]->A, gpk->g1, z0);
/* do some precomputation */
/* TODO: could instead compute from e(g1,g2) ... */
element_init_GT(gsk[i]->pr_A_g2, pairing);
pairing_apply(gsk[i]->pr_A_g2, gsk[i]->A, gpk->g2, pairing);
}
/* do some precomputation */
element_init_GT(gpk->pr_g1_g2, pairing);
element_init_GT(gpk->pr_g1_g2_inv, pairing);
element_init_GT(gpk->pr_h_g2, pairing);
element_init_GT(gpk->pr_h_w, pairing);
pairing_apply(gpk->pr_g1_g2, gpk->g1, gpk->g2, pairing);
element_invert(gpk->pr_g1_g2_inv, gpk->pr_g1_g2);
pairing_apply(gpk->pr_h_g2, gpk->h, gpk->g2, pairing);
pairing_apply(gpk->pr_h_w, gpk->h, gpk->w, pairing);
element_clear(z0);
element_clear(gamma);
}
void test_libfenc(char *policy)
{
FENC_ERROR result;
fenc_context context;
fenc_group_params group_params;
fenc_global_params global_params;
fenc_function_input policy_input;
pairing_t pairing;
FILE *fp;
char *public_params_buf = NULL;
size_t serialized_len;
memset(&context, 0, sizeof(fenc_context));
memset(&group_params, 0, sizeof(fenc_group_params));
memset(&global_params, 0, sizeof(fenc_global_params));
/* Initialize the library. */
result = libfenc_init();
report_error("Initializing library", result);
/* Create a Sahai-Waters context. */
result = libfenc_create_context(&context, FENC_SCHEME_WATERSCP);
report_error("Creating context for Waters CP scheme", result);
/* Load group parameters from a file. */
fp = fopen(PARAM, "r");
if (fp != NULL) {
libfenc_load_group_params_from_file(&group_params, fp);
libfenc_get_pbc_pairing(&group_params, pairing);
} else {
perror("Could not open type-d parameters file.\n");
return;
}
fclose(fp);
/* Set up the global parameters. */
result = context.generate_global_params(&global_params, &group_params);
result = libfenc_gen_params(&context, &global_params);
/* Set up the publci parameters */
fp = fopen(PUBLIC_FILE".cp", "r");
if(fp != NULL) {
size_t pub_len = read_file(fp, &public_params_buf);
/* base-64 decode */
uint8 *bin_public_buf = NewBase64Decode((const char *) public_params_buf, pub_len, &serialized_len);
/* Import the parameters from binary buffer: */
result = libfenc_import_public_params(&context, bin_public_buf, serialized_len);
report_error("Importing public parameters", result);
free(public_params_buf);
free(bin_public_buf);
}
else {
perror("Could not open public parameters\n");
return;
}
fclose(fp);
/* encrypt under given policy */
// fenc_attribute_policy *parsed_policy = construct_test_policy();
fenc_attribute_policy *parsed_policy = (fenc_attribute_policy *) malloc(sizeof(fenc_attribute_policy));
memset(parsed_policy, 0, sizeof(fenc_attribute_policy));
fenc_policy_from_string(parsed_policy, policy);
policy_input.input_type = FENC_INPUT_NM_ATTRIBUTE_POLICY;
policy_input.scheme_input = (void *) parsed_policy;
printf("START: test_secret_sharing\n");
test_secret_sharing(parsed_policy, pairing);
printf("END: test_secret_sharing\n");
/* simple test */
element_t ONE, TWO, THREE, ONEG2, TWOG2, THREEG2, ONEGT, TWOGT, FinalGT;
element_init_G1(ONE, pairing);
element_init_G1(TWO, pairing);
element_init_G1(THREE, pairing);
element_init_G2(ONEG2, pairing);
element_init_G2(TWOG2, pairing);
element_init_G2(THREEG2, pairing);
element_init_GT(ONEGT, pairing);
element_init_GT(TWOGT, pairing);
element_init_GT(FinalGT, pairing);
clock_t start, stop;
double timeG1, timeG2, timePairing;
element_random(ONE);
element_random(TWO);
element_random(ONEG2);
element_random(TWOG2);
// element_random(ONEGT);
// element_random(TWOGT);
/* time G1 */
start = clock();
element_mul(THREE, ONE, TWO);
stop = clock();
timeG1 = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("THREEG1: %B, ", THREE);
printf("G1 mul time: %f secs\n", timeG1);
/* time G2 */
start = clock();
element_mul(THREEG2, ONEG2, TWOG2);
stop = clock();
timeG2 = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("THREEG2: %B, ", THREEG2);
printf("G2 mul time: %f secs\n", timeG2);
/* time GT
start = clock();
element_mul(FinalGT, ONEGT, TWOGT);
stop = clock();
timeGT = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("FinalGT: %B, ", FinalGT);
printf("GT mul time: %f secs\n", timeGT); */
/* time pairings */
start = clock();
pairing_apply(FinalGT, THREE, THREEG2, pairing);
stop = clock();
timePairing = ((double)(stop - start))/CLOCKS_PER_SEC;
element_printf("Pairing: %B, ", FinalGT);
printf("GT pairing time: %f secs\n", timePairing);
free(parsed_policy);
result = libfenc_shutdown();
report_error("Shutting down library", result);
}