Commit 6c765645 authored by Gijs Van Laer's avatar Gijs Van Laer
Browse files

signBlind

parent 80bbda24
......@@ -25,113 +25,43 @@ import edu.jhu.isi.CLSign.entities.KeyPair;
import edu.jhu.isi.CLSign.entities.PublicKey;
import edu.jhu.isi.CLSign.entities.SecretKey;
import edu.jhu.isi.CLSign.entities.Signature;
import edu.jhu.isi.CLSign.keygen.KeyGen;
import edu.jhu.isi.CLSign.sign.Sign;
import edu.jhu.isi.CLSign.verify.Verify;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.jpbc.Pairing;
import it.unisa.dia.gas.jpbc.PairingParameters;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;
import it.unisa.dia.gas.plaf.jpbc.pairing.a.TypeACurveGenerator;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
public class CLSign {
public static KeyPair keyGen(final int messageSize) {
final Pairing pairing = createPairing();
final SecretKey sk = createSecretKey(pairing, messageSize);
final PublicKey pk = createPublicKey(pairing, sk);
final Pairing pairing = KeyGen.createPairing();
final SecretKey sk = KeyGen.createSecretKey(pairing, messageSize);
final PublicKey pk = KeyGen.createPublicKey(pairing, sk);
return new KeyPair(pk, sk);
}
private static PublicKey createPublicKey(final Pairing pairing, final SecretKey sk) {
final Element generator = pairing.getG1().newRandomElement().getImmutable();
final Element generatorT = pairing.getGT().newRandomElement().getImmutable();
final Element X = generator.powZn(sk.getX());
final Element Y = generator.powZn(sk.getY());
final List<Element> Z = sk.getZ().stream()
.map(generator::powZn).collect(Collectors.toList());
final List<Element> W = sk.getZ().stream()
.map(Y::powZn).collect(Collectors.toList());
return new PublicKey(pairing, generator, generatorT,
X, Y, Z, W);
}
private static SecretKey createSecretKey(final Pairing pairing, final int messageSize) {
final ZrElement[] z = new ZrElement[messageSize];
for (int i = 0; i < messageSize; i++) {
z[i] = (ZrElement) pairing.getZr().newRandomElement().getImmutable();
}
return new SecretKey((ZrElement) pairing.getZr().newRandomElement().getImmutable(),
(ZrElement) pairing.getZr().newRandomElement().getImmutable(), z);
}
private static Pairing createPairing() {
int rBits = 160;
int qBits = 512;
final TypeACurveGenerator pairingGenerator = new TypeACurveGenerator(rBits, qBits);
final PairingParameters params = pairingGenerator.generate();
return PairingFactory.getPairing(params);
}
public static Signature sign(final List<ZrElement> messages, final KeyPair keys) {
final PublicKey pk = keys.getPk();
final SecretKey sk = keys.getSk();
final Element a = pk.getPairing().getG1().newRandomElement().getImmutable();
final List<Element> A = sk.getZ().stream().map(a::powZn).collect(Collectors.toCollection(ArrayList::new));
final Element b = a.powZn(sk.getY()).getImmutable();
final List<Element> B = A.stream().map(Ai -> Ai.powZn(sk.getY())).collect(Collectors.toCollection(ArrayList::new));
final Element cPart = pk.getPairing().getG1().newOneElement();
final ZrElement xTimesY = sk.getX().mul(sk.getY());
public static Element commit(final List<ZrElement> messages, final PublicKey pk) {
Element commitment = pk.getGenerator().powZn(messages.get(0));
for (int i = 1; i < messages.size(); i++) {
cPart.mul(A.get(i).powZn(xTimesY.mul(messages.get(i))));
commitment = commitment.mul(pk.getZ(i).powZn(messages.get(i)));
}
final Element c = a.powZn(sk.getX().add(xTimesY.mul(messages.get(0)))).mul(cPart).getImmutable();
return new Signature(a, b, c, A, B);
return commitment.getImmutable();
}
public static boolean verify(final List<ZrElement> messages, final Signature sigma, final PublicKey pk) {
return aFormedCorrectly(sigma, pk)
&& bFormedCorrectly(sigma, pk)
&& cFormedCorrectly(messages, sigma, pk);
}
private static boolean aFormedCorrectly(final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
for (int i = 0; i < sigma.getAList().size(); i++) {
if (!p.pairing(sigma.getA(), pk.getZ(i))
.isEqual(p.pairing(pk.getGenerator(), sigma.getAList().get(i)))) {
return false;
}
}
return true;
public static Signature sign(final List<ZrElement> messages, final KeyPair keys) {
final Element commitment = commit(messages, keys.getPk());
return signBlind(commitment, keys);
}
private static boolean bFormedCorrectly(final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
if (!p.pairing(sigma.getA(), pk.getY()).isEqual(p.pairing(pk.getGenerator(), sigma.getB()))) {
return false;
}
for (int i = 0; i < sigma.getBList().size(); i++) {
if (!p.pairing(sigma.getAList().get(i), pk.getY())
.isEqual(p.pairing(pk.getGenerator(), sigma.getBList().get(i)))) {
return false;
}
}
return true;
public static Signature signBlind(final Element commitment, final KeyPair keys) {
return Sign.sign(commitment, keys);
}
private static boolean cFormedCorrectly(final List<ZrElement> messages, final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
final Element product = p.getGT().newOneElement();
for (int i = 1; i < messages.size(); i++) {
product.mul(p.pairing(pk.getX(), sigma.getBList().get(i)).powZn(messages.get(i)));
}
final Element lhs = p.pairing(pk.getX(), sigma.getA())
.mul(p.pairing(pk.getX(), sigma.getB()).powZn(messages.get(0)))
.mul(product);
return lhs.isEqual(p.pairing(pk.getGenerator(), sigma.getC()));
public static boolean verify(final List<ZrElement> messages, final Signature sigma, final PublicKey pk) {
return Verify.aFormedCorrectly(sigma, pk)
&& Verify.bFormedCorrectly(sigma, pk)
&& Verify.cFormedCorrectly(messages, sigma, pk);
}
}
package edu.jhu.isi.CLSign.keygen;
import edu.jhu.isi.CLSign.entities.PublicKey;
import edu.jhu.isi.CLSign.entities.SecretKey;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.jpbc.Pairing;
import it.unisa.dia.gas.jpbc.PairingParameters;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;
import it.unisa.dia.gas.plaf.jpbc.pairing.a.TypeACurveGenerator;
import java.util.List;
import java.util.stream.Collectors;
public class KeyGen {
public static PublicKey createPublicKey(final Pairing pairing, final SecretKey sk) {
final Element generator = pairing.getG1().newRandomElement().getImmutable();
final Element generatorT = pairing.getGT().newRandomElement().getImmutable();
final Element X = generator.powZn(sk.getX());
final Element Y = generator.powZn(sk.getY());
final List<Element> Z = sk.getZ().stream()
.map(generator::powZn).collect(Collectors.toList());
final List<Element> W = sk.getZ().stream()
.map(Y::powZn).collect(Collectors.toList());
return new PublicKey(pairing, generator, generatorT,
X, Y, Z, W);
}
public static SecretKey createSecretKey(final Pairing pairing, final int messageSize) {
final ZrElement[] z = new ZrElement[messageSize];
for (int i = 0; i < messageSize; i++) {
z[i] = (ZrElement) pairing.getZr().newRandomElement().getImmutable();
}
return new SecretKey((ZrElement) pairing.getZr().newRandomElement().getImmutable(),
(ZrElement) pairing.getZr().newRandomElement().getImmutable(), z);
}
public static Pairing createPairing() {
int rBits = 160;
int qBits = 512;
final TypeACurveGenerator pairingGenerator = new TypeACurveGenerator(rBits, qBits);
final PairingParameters params = pairingGenerator.generate();
return PairingFactory.getPairing(params);
}
}
package edu.jhu.isi.CLSign.sign;
import edu.jhu.isi.CLSign.entities.KeyPair;
import edu.jhu.isi.CLSign.entities.PublicKey;
import edu.jhu.isi.CLSign.entities.SecretKey;
import edu.jhu.isi.CLSign.entities.Signature;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
public class Sign {
public static Signature sign(final Element commitment, final KeyPair keys) {
final PublicKey pk = keys.getPk();
final SecretKey sk = keys.getSk();
final ZrElement alpha = (ZrElement) pk.getPairing().getZr().newRandomElement().getImmutable();
final Element a = pk.getGenerator().powZn(alpha);
final List<Element> A = sk.getZ().stream().map(a::powZn).collect(Collectors.toCollection(ArrayList::new));
final Element b = a.powZn(sk.getY()).getImmutable();
final List<Element> B = A.stream().map(Ai -> Ai.powZn(sk.getY())).collect(Collectors.toCollection(ArrayList::new));
final ZrElement xTimesY = alpha.mul(sk.getX().mul(sk.getY()));
final Element c = a.powZn(sk.getX()).mul(commitment.powZn(xTimesY)).getImmutable();
return new Signature(a, b, c, A, B);
}
}
package edu.jhu.isi.CLSign.verify;
import edu.jhu.isi.CLSign.entities.PublicKey;
import edu.jhu.isi.CLSign.entities.Signature;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.jpbc.Pairing;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import java.util.List;
public class Verify {
public static boolean aFormedCorrectly(final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
for (int i = 0; i < sigma.getAList().size(); i++) {
if (!p.pairing(sigma.getA(), pk.getZ(i))
.isEqual(p.pairing(pk.getGenerator(), sigma.getAList().get(i)))) {
return false;
}
}
return true;
}
public static boolean bFormedCorrectly(final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
if (!p.pairing(sigma.getA(), pk.getY()).isEqual(p.pairing(pk.getGenerator(), sigma.getB()))) {
return false;
}
for (int i = 0; i < sigma.getBList().size(); i++) {
if (!p.pairing(sigma.getAList().get(i), pk.getY())
.isEqual(p.pairing(pk.getGenerator(), sigma.getBList().get(i)))) {
return false;
}
}
return true;
}
public static boolean cFormedCorrectly(final List<ZrElement> messages, final Signature sigma, final PublicKey pk) {
final Pairing p = pk.getPairing();
final Element product = p.getGT().newOneElement();
for (int i = 1; i < messages.size(); i++) {
product.mul(p.pairing(pk.getX(), sigma.getBList().get(i)).powZn(messages.get(i)));
}
final Element lhs = p.pairing(pk.getX(), sigma.getA())
.mul(p.pairing(pk.getX(), sigma.getB()).powZn(messages.get(0)))
.mul(product);
return lhs.isEqual(p.pairing(pk.getGenerator(), sigma.getC()));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment