255 lines
10 KiB
Python
255 lines
10 KiB
Python
''' Cryptic -- Cryptographic tools and protocols
|
|
Copyright (C) 2011 Mikael Ates <mates@entrouvert.com>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software Foundation,
|
|
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.'''
|
|
|
|
''' $ PYTHONPATH=.libs/ python test.py'''
|
|
|
|
import cryptic
|
|
|
|
print 'Test1:'
|
|
c = cryptic.retRandom(80)
|
|
g = cryptic.PrimeOrderGroup(256)
|
|
g.moreBases(5)
|
|
s = cryptic.ZkpkSchnorr(g.bases,3,g.p)
|
|
s.round1()
|
|
q1 = cryptic.retRandom(100)
|
|
q2 = cryptic.retRandom(100)
|
|
q3 = cryptic.retRandom(100)
|
|
s.round2(g.order,c,(q1,q2,q3))
|
|
dlrep = cryptic.getDlrep(3,(q1,q2,q3),g.bases,g.p)
|
|
s2 = cryptic.ZkpkSchnorr(g.bases,3,g.p)
|
|
rc = s2.verifyInteractiveProof(dlrep,s.commitment,c,s.responses)
|
|
print 'result: ' + str(rc)
|
|
|
|
print '\nTest2:'
|
|
g = cryptic.PrimeOrderGroup(1024)
|
|
g.moreBases(3)
|
|
s = cryptic.ZkpkSchnorr(g.bases,3,g.p)
|
|
s.round1()
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
q3 = cryptic.intToBn(1992021900)
|
|
dlrep = cryptic.getDlrep(3,(q1,q2,q3),g.bases,g.p)
|
|
h = cryptic.HashForNiProofs(256)
|
|
h.addProof(s,dlrep)
|
|
h.computeHash()
|
|
s.round2(g.order,h.hValue,(q1,q2,q3))
|
|
s2 = cryptic.ZkpkSchnorr(g.bases,3,g.p)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)
|
|
|
|
print '\nTest3:'
|
|
c = cryptic.Clsig(1024,80,298,0,0,0,3)
|
|
c.generateParameters()
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
c.computeDlrepByIndex((q1,q2),(0,2),2)
|
|
c.sign()
|
|
c.verifySignatureNotRandomized()
|
|
c.randomizeSignature()
|
|
c.verifySignatureRandomized()
|
|
dlrep = c.correctDlrepBeforeProving(c.z)
|
|
s = cryptic.ZkpkSchnorr((c.aRand,c.s,c.bases[0],c.bases[2]),4,c.modulus)
|
|
s.round1()
|
|
chal = cryptic.retRandom(80)
|
|
s.round2WithoutOrder(chal,(c.eCorrected,c.vRand,q1,q2))
|
|
s2 = cryptic.ZkpkSchnorr((c.aRand,c.s,c.bases[0],c.bases[2]),4,c.modulus)
|
|
'''s2.verifyInteractiveProof(dlrep,s.commitment,chal,s.responses)
|
|
print 'result: ' + str(rc)'''
|
|
|
|
print '\nTest4:'
|
|
c = cryptic.Clsig(1024,256,600,0,0,0,3)
|
|
c.generateParameters()
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
c.computeDlrepByIndex((q1,q2),(0,2),2)
|
|
c.sign()
|
|
c.verifySignatureNotRandomized()
|
|
c.randomizeSignature()
|
|
c.verifySignatureRandomized()
|
|
dlrep = c.correctDlrepBeforeProving(c.z)
|
|
s = cryptic.ZkpkSchnorr((c.aRand,c.s,c.bases[0],c.bases[2]),4,c.modulus)
|
|
s.round1()
|
|
h = cryptic.HashForNiProofs(256)
|
|
'''h.addProof(s,dlrep)
|
|
h.computeHash()
|
|
s.round2WithoutOrder(h.hValue,(c.eCorrected,c.vRand,q1,q2))
|
|
s2 = cryptic.ZkpkSchnorr((c.aRand,c.s,c.bases[0],c.bases[2]),4,c.modulus)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)'''
|
|
|
|
print '\nTest5:'
|
|
c = cryptic.Clsig(1024,256,600,0,0,0,5)
|
|
c.generateParameters()
|
|
q1 = cryptic.charToBn("Mikael")
|
|
q2 = cryptic.charToBn("Ates")
|
|
q3 = cryptic.charToBn("Clermont-Ferrand")
|
|
q4 = cryptic.intToBn(1982280100)
|
|
c.computeDlrepByIndex((q1,q2,q3,q4),(0,2,3,4),4)
|
|
c.sign()
|
|
c.verifySignatureNotRandomized()
|
|
c2 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,5,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
c2.loadCertificateWithIndex(c.a,c.e,c.v,c.quantities,4,(0,2,3,4),1)
|
|
c2.randomizeSignature()
|
|
c2.verifySignatureRandomized()
|
|
tmp = cryptic.invMod(c2.bases[2],c2.modulus)
|
|
dlrep = cryptic.getDlrep(2, (cryptic.intToBn(1),q2), (c2.z, tmp), c2.modulus)
|
|
dlrep = c2.correctDlrepBeforeProving(dlrep)
|
|
s = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4]),5,c2.modulus)
|
|
s.round1()
|
|
h = cryptic.HashForNiProofs(256)
|
|
'''h.addProof(s,dlrep)
|
|
h.computeHash()
|
|
s.round2WithoutOrder(h.hValue,(c2.eCorrected,c2.vRand,q1,q3,q4))
|
|
s2 = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4]),5,c2.modulus)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)'''
|
|
|
|
print '\nTest6:'
|
|
c = cryptic.Clsig(1024,256,600,0,0,0,5)
|
|
c.generateParameters()
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
q3 = cryptic.charToBn("Clermont-Fd")
|
|
q4 = cryptic.intToBn(1982280100)
|
|
c.computeDlrepByIndex((q1,q2,q3,q4),(0,2,3,4),4)
|
|
c.sign()
|
|
c.verifySignatureNotRandomized()
|
|
c2 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,5,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
c2.loadCertificateWithIndex(c.a,c.e,c.v,c.quantities,4,(0,2,3,4),1)
|
|
c2.randomizeSignature()
|
|
c2.verifySignatureRandomized()
|
|
dlrep = c2.buildDlrepBeforeProving((1,),(2,),1)
|
|
s = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4]),5,c2.modulus)
|
|
s.round1()
|
|
h = cryptic.HashForNiProofs(256)
|
|
h.addProof(s,dlrep)
|
|
h.computeHash()
|
|
s.round2WithoutOrder(h.hValue,(c2.eCorrected,c2.vRand,q1,q3,q4))
|
|
s2 = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4]),5,c2.modulus)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)
|
|
|
|
print '\nTest7:'
|
|
c = cryptic.Clsig(1024,256,600,0,0,0,5)
|
|
c.generateParameters()
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
q3 = cryptic.charToBn("Clermont-Fd")
|
|
q4 = cryptic.intToBn(1982280100)
|
|
c.computeDlrepByIndex((q1,q2,q3,q4),(0,2,3,4),4)
|
|
c.sign()
|
|
c.verifySignatureNotRandomized()
|
|
c2 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,5,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
c2.loadCertificateWithIndex(c.a,c.e,c.v,c.quantities,4,(0,2,3,4),1)
|
|
c2.randomizeSignature()
|
|
c2.verifySignatureRandomized()
|
|
dlrep = c2.buildDlrepBeforeProving((1,),(2,),1)
|
|
fixed_add_size = c2.lgZkSecParam + c2.lgQuantities
|
|
r0 = cryptic.retRandom(c2.intervalExponent + fixed_add_size)
|
|
r1 = cryptic.retRandom(c2.lgBlind + fixed_add_size)
|
|
r2 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r3 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r4 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
s = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4]),5,c2.modulus)
|
|
s.round1RandomsChosen((r0,r1,r2,r3,r4))
|
|
pr = cryptic.ProofrangeQrg(c2.s,c2.z,c2.modulus)
|
|
b = cryptic.intToBn(1992040400)
|
|
pr.round1(cryptic.PROOF_RANGE_LT,q4,b,s.randoms[4],c2.lgSecParam,c2.lgZkSecParam,256)
|
|
h = cryptic.HashForNiProofs(256)
|
|
h.addProof(s,dlrep)
|
|
h.addProofrangeProver(pr)
|
|
h.computeHash()
|
|
s.round2WithoutOrder(h.hValue,(c2.eCorrected,c2.vRand,q1,q3,q4))
|
|
pr.round2(h.hValue)
|
|
c3 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,5,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
s2 = cryptic.ZkpkSchnorr((c2.aRand,c3.s,c3.bases[0],c3.bases[3],c3.bases[4]),5,c3.modulus)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
pr2 = cryptic.ProofrangeQrg(c3.s,c3.z,c3.modulus)
|
|
pr2.verifyNoninteractiveProof(cryptic.PROOF_RANGE_LT,b,pr.dlreps,h.hValue,pr.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.addProofrangeVerifier(pr2,pr.dlreps)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)
|
|
|
|
print '\nTest8:'
|
|
c = cryptic.Clsig(1024,256,600,0,0,0,10)
|
|
c.generateParameters()
|
|
c2 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,10,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
qa = cryptic.charToBn("Kirk")
|
|
qb = cryptic.charToBn("Captain")
|
|
pdc = cryptic.CommitDataStore()
|
|
c2.computeCommittedValue(pdc,(c2.bases[1],c2.bases[5]),(qa,qb),2)
|
|
q1 = cryptic.charToBn("Mik")
|
|
q2 = cryptic.charToBn("Ates")
|
|
q3 = cryptic.charToBn("Clermont-Fd")
|
|
q4 = cryptic.intToBn(1982280100)
|
|
c.computeDlrepByIndex((q1,q2,q3,q4),(0,2,3,4),4)
|
|
c.signWithCommittedValue(pdc.dlrep)
|
|
c.verifySignatureNotRandomized()
|
|
c2.loadCertificateWithIndexWithCommittedValue(c.a,c.e,c.v,c.quantities,4,(qa,qb),2,pdc.dlrep,pdc.vprime,(0,2,3,4))
|
|
c2.randomizeSignature()
|
|
c2.verifySignatureRandomized()
|
|
dlrep = c2.buildDlrepBeforeProving((1,),(2,),1)
|
|
fixed_add_size = c2.lgZkSecParam + c2.lgQuantities
|
|
r0 = cryptic.retRandom(c2.intervalExponent + fixed_add_size)
|
|
r1 = cryptic.retRandom(c2.lgBlind + fixed_add_size)
|
|
r2 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r3 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r4 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r5 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
r6 = cryptic.retRandom(c2.lgQuantities + fixed_add_size)
|
|
s = cryptic.ZkpkSchnorr((c2.aRand,c2.s,c2.bases[0],c2.bases[3],c2.bases[4],c2.bases[1],c2.bases[5]),7,c2.modulus)
|
|
s.round1RandomsChosen((r0,r1,r2,r3,r4,r5,r6))
|
|
pr = cryptic.ProofrangeQrg(c2.s,c2.z,c2.modulus)
|
|
b = cryptic.intToBn(1992040400)
|
|
pr.round1(cryptic.PROOF_RANGE_LT,q4,b,s.randoms[4],c2.lgSecParam,c2.lgZkSecParam,256)
|
|
h = cryptic.HashForNiProofs(256)
|
|
h.addProof(s,dlrep)
|
|
h.addProofrangeProver(pr)
|
|
h.computeHash()
|
|
s.round2WithoutOrder(h.hValue,(c2.eCorrected,c2.vRand,q1,q3,q4,qa,qb))
|
|
pr.round2(h.hValue)
|
|
c3 = cryptic.Clsig.newLoadPublicParameters(c.z,c.s,10,c.bases,c.lgQuantities,c.lgExponent,c.modulus,c.lgSecParam,c.lgZkSecParam,c.lgClsigSecParam)
|
|
s2 = cryptic.ZkpkSchnorr((c2.aRand,c3.s,c3.bases[0],c3.bases[3],c3.bases[4],c2.bases[1],c2.bases[5]),7,c3.modulus)
|
|
s2.verifyNoninteractiveProof(dlrep,h.hValue,s.responses)
|
|
pr2 = cryptic.ProofrangeQrg(c3.s,c3.z,c3.modulus)
|
|
pr2.verifyNoninteractiveProof(cryptic.PROOF_RANGE_LT,b,pr.dlreps,h.hValue,pr.responses)
|
|
h2 = cryptic.HashForNiProofs(256)
|
|
h2.addProof(s2,dlrep)
|
|
h2.addProofrangeVerifier(pr2,pr.dlreps)
|
|
h2.computeHash()
|
|
rc = cryptic.cmpBn(h.hValue,h2.hValue)
|
|
print 'result: ' + str(rc)
|