예제 #1
0
파일: sig_test.go 프로젝트: Liamsi/crypto
func benchGenSigOpenSSL(nkeys int) []byte {
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))
	return Sign(suite, rand, benchMessage,
		Set(benchPubOpenSSL[:nkeys]), nil,
		0, benchPriOpenSSL)
}
예제 #2
0
파일: proof_test.go 프로젝트: Liamsi/crypto
// This code shows how to create and verify Or-predicate proofs,
// such as the one above.
// In this case, we know a secret x such that X=x*B,
// but we don't know a secret y such that Y=y*B,
// because we simply pick Y as a random point
// instead of generating it by scalar multiplication.
// (And if the group is cryptographically secure
// we won't find be able to find such a y.)
func ExampleOr_2() {
	// Create an Or predicate.
	pred := Or(Rep("X", "x", "B"), Rep("Y", "y", "B"))
	fmt.Println("Predicate: " + pred.String())

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))
	B := suite.Point().Base() // standard base point

	// Create a public/private keypair (X,x) and a random point Y
	x := suite.Secret().Pick(rand)        // create a private key x
	X := suite.Point().Mul(nil, x)        // corresponding public key X
	Y, _ := suite.Point().Pick(nil, rand) // pick a random point Y

	// We'll need to tell the prover which Or clause is actually true.
	// In this case clause 0, the first sub-predicate, is true:
	// i.e., we know a secret x such that X=x*B.
	choice := make(map[Predicate]int)
	choice[pred] = 0

	// Generate a proof that we know the discrete logarithm of X or Y.
	sval := map[string]abstract.Secret{"x": x}
	pval := map[string]abstract.Point{"B": B, "X": X, "Y": Y}
	prover := pred.Prover(suite, sval, pval, choice)
	proof, _ := HashProve(suite, "TEST", rand, prover)
	fmt.Print("Proof:\n" + hex.Dump(proof))

	// Verify this knowledge proof.
	// The verifier doesn't need the secret values or choice map, of course.
	verifier := pred.Verifier(suite, pval)
	err := HashVerify(suite, "TEST", verifier, proof)
	if err != nil {
		panic("proof failed to verify!")
	}
	fmt.Println("Proof verified.")

	// Output:
	// Predicate: X=x*B || Y=y*B
	// Proof:
	// 00000000  02 af 84 ed e5 86 04 cf  81 e4 18 17 84 0c 39 ab  |..............9.|
	// 00000010  fe 5c bc cc 00 85 e0 a2  ee aa d5 22 18 dd c4 a1  |.\........."....|
	// 00000020  5b 03 df 9c 59 21 0e 1c  44 99 23 a1 54 92 21 c9  |[...Y!..D.#.T.!.|
	// 00000030  d6 b3 84 85 ad 87 dd a3  64 c0 b9 eb 4d 92 5b cb  |........d...M.[.|
	// 00000040  c6 4f e7 67 95 36 6a e4  e7 ca b5 14 b7 99 16 60  |.O.g.6j........`|
	// 00000050  71 91 ad b0 f1 86 43 df  6a 45 1f cb a2 93 7e b3  |q.....C.jE....~.|
	// 00000060  b5 7b 32 17 7d 53 c5 e4  48 79 49 b2 3e 1e e2 62  |.{2.}S..HyI.>..b|
	// 00000070  39 08 13 d5 2e f8 c5 e9  c1 28 09 91 7a 95 c9 12  |9........(..z...|
	// 00000080  17 85 f5 eb 2d 8e 6b 37  3a b5 ff 45 25 e7 0c aa  |....-.k7:..E%...|
	// 00000090  94 43 cf 67 52 2e 1d 2c  1b a4 c0 ca 96 d6 03 08  |.C.gR..,........|
	// 000000a0  c0 0d 93 8b c6 f6 34 12  83 a0 32 2e 82 2c 4b fb  |......4...2..,K.|
	// 000000b0  b3 0c a1 4b a5 e3 27 43  b6 2f ed fa ca 4f 93 83  |...K..'C./...O..|
	// 000000c0  fd 56                                             |.V|
	// Proof verified.
}
예제 #3
0
파일: proof_test.go 프로젝트: Liamsi/crypto
func TestRep(t *testing.T) {
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher(abstract.RandomKey)

	x := suite.Secret().Pick(rand)
	y := suite.Secret().Pick(rand)
	B := suite.Point().Base()
	X := suite.Point().Mul(nil, x)
	Y := suite.Point().Mul(X, y)
	R := suite.Point().Add(X, Y)

	choice := make(map[Predicate]int)

	// Simple single-secret predicate: prove X=x*B
	log := Rep("X", "x", "B")

	// Two-secret representation: prove R=x*B+y*X
	rep := Rep("R", "x", "B", "y", "X")

	// Make an and-predicate
	and := And(log, rep)
	andx := And(and)

	// Make up a couple incorrect facts
	falseLog := Rep("Y", "x", "B")
	falseRep := Rep("R", "x", "B", "y", "B")

	falseAnd := And(falseLog, falseRep)

	or1 := Or(falseAnd, andx)
	choice[or1] = 1
	or1x := Or(or1) // test trivial case
	choice[or1x] = 0

	or2a := Rep("B", "y", "X")
	or2b := Rep("R", "x", "R")
	or2 := Or(or2a, or2b)
	or2x := Or(or2) // test trivial case

	pred := Or(or1x, or2x)
	choice[pred] = 0

	sval := map[string]abstract.Secret{"x": x, "y": y}
	pval := map[string]abstract.Point{"B": B, "X": X, "Y": Y, "R": R}
	prover := pred.Prover(suite, sval, pval, choice)
	proof, err := HashProve(suite, "TEST", rand, prover)
	if err != nil {
		panic("prover: " + err.Error())
	}

	verifier := pred.Verifier(suite, pval)
	if err := HashVerify(suite, "TEST", verifier, proof); err != nil {
		panic("verify: " + err.Error())
	}
}
예제 #4
0
파일: sig_test.go 프로젝트: Liamsi/crypto
// This example demonstrates how to create unlinkable anonymity-set signatures,
// and to verify them,
// using a small anonymity set containing three public keys.
func ExampleSign_anonSet() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// Create an anonymity set of random "public keys"
	X := make([]abstract.Point, 3)
	for i := range X { // pick random points
		X[i], _ = suite.Point().Pick(nil, rand)
	}

	// Make just one of them an actual public/private keypair (X[mine],x)
	mine := 1                           // only the signer knows this
	x := suite.Secret().Pick(rand)      // create a private key x
	X[mine] = suite.Point().Mul(nil, x) // corresponding public key X

	// Generate the signature
	M := []byte("Hello World!") // message we want to sign
	sig := Sign(suite, rand, M, Set(X), nil, mine, x)
	fmt.Print("Signature:\n" + hex.Dump(sig))

	// Verify the signature against the correct message
	tag, err := Verify(suite, M, Set(X), nil, sig)
	if err != nil {
		panic(err.Error())
	}
	if tag == nil || len(tag) != 0 {
		panic("Verify returned wrong tag")
	}
	fmt.Println("Signature verified against correct message.")

	// Verify the signature against the wrong message
	BAD := []byte("Goodbye world!")
	tag, err = Verify(suite, BAD, Set(X), nil, sig)
	if err == nil || tag != nil {
		panic("Signature verified against wrong message!?")
	}
	fmt.Println("Verifying against wrong message: " + err.Error())

	// Output:
	// Signature:
	// 00000000  05 e5 e3 f4 80 22 d8 38  03 63 e6 9d b5 2c 51 28  |.....".8.c...,Q(|
	// 00000010  7c f1 78 cd 7d f2 0e dd  a0 63 58 04 d7 79 ce 03  ||.x.}....cX..y..|
	// 00000020  56 b2 b5 3a e1 c8 8c f7  29 8a 13 75 59 98 ea ce  |V..:....)..uY...|
	// 00000030  f4 6d d5 d0 62 85 51 8e  fe d9 4a 02 1f 35 03 33  |.m..b.Q...J..5.3|
	// 00000040  bf 19 a6 0e b2 47 8d 8e  91 b1 a7 70 5c 62 6d d9  |.....G.....p\bm.|
	// 00000050  70 2a 39 f0 a0 60 59 c2  4e 76 2b d1 0e 06 29 2d  |p*9..`Y.Nv+...)-|
	// 00000060  71 eb 40 46 de 61 2f 08  8d 9a 04 09 d7 a1 62 83  |[email protected]/.......b.|
	// 00000070  48 e3 cc 09 af 64 26 df  df da d6 51 62 5d e6 2b  |H....d&....Qb].+|
	// Signature verified against correct message.
	// Verifying against wrong message: invalid signature
}
예제 #5
0
파일: enc_test.go 프로젝트: Liamsi/crypto
func ExampleEncrypt_anonSet() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// Create an anonymity set of random "public keys"
	X := make([]abstract.Point, 3)
	for i := range X { // pick random points
		X[i], _ = suite.Point().Pick(nil, rand)
	}

	// Make just one of them an actual public/private keypair (X[mine],x)
	mine := 1                           // only the signer knows this
	x := suite.Secret().Pick(rand)      // create a private key x
	X[mine] = suite.Point().Mul(nil, x) // corresponding public key X

	// Encrypt a message with all the public keys
	M := []byte("Hello World!") // message to encrypt
	C := Encrypt(suite, rand, M, Set(X), false)
	fmt.Printf("Encryption of '%s':\n%s", string(M), hex.Dump(C))

	// Decrypt the ciphertext with the known private key
	MM, err := Decrypt(suite, C, Set(X), mine, x, false)
	if err != nil {
		panic(err.Error())
	}
	if !bytes.Equal(M, MM) {
		panic("Decryption failed to reproduce message")
	}
	fmt.Printf("Decrypted: '%s'\n", string(MM))

	// Output:
	// Encryption of 'Hello World!':
	// 00000000  02 c2 6c b8 1b 87 94 1d  71 c8 50 63 75 e1 80 5e  |..l.....q.Pcu..^|
	// 00000010  b2 b8 1a d6 10 be 1a c6  35 bf b9 c0 cb af 67 d0  |........5.....g.|
	// 00000020  c1 38 04 f2 7e 70 c0 0e  ce 2a 3e 8d a4 1a 8f d8  |.8..~p...*>.....|
	// 00000030  c6 ca 2d 81 2a 50 d0 4e  96 74 2a 8b 44 22 12 5f  |..-.*P.N.t*.D"._|
	// 00000040  57 73 d1 1f a3 a9 21 96  2e e3 bd 77 bf 3b 3f a7  |Ws....!....w.;?.|
	// 00000050  b7 aa 91 37 7d d6 12 c6  73 db 9f 01 fd b3 f6 b6  |...7}...s.......|
	// 00000060  82 cf 0d e1 5c 57 ac 8e  82 72 20 06 af 70 90 15  |....\W...r ..p..|
	// 00000070  cb 5c f5 87 8d 39 3a 29  66 8e df 62 3d b0 ba fa  |.\...9:)f..b=...|
	// 00000080  3f 38 83 eb 92 62 fd 33  cb b0 76 ae e1 af 60 f3  |?8...b.3..v...`.|
	// 00000090  7b ba 1d ef b0 2a 7a 19  a5 92 23 fa d3           |{....*z...#..|
	// Decrypted: 'Hello World!'
}
예제 #6
0
파일: sig_test.go 프로젝트: Liamsi/crypto
// This example demonstrates signing and signature verification
// using a trivial "anonymity set" of size 1, i.e., no anonymity.
// In this special case the signing scheme devolves to
// producing traditional ElGamal signatures:
// the resulting signatures are exactly the same length
// and represent essentially the same computational cost.
func ExampleSign_1() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// Create a public/private keypair (X[mine],x)
	X := make([]abstract.Point, 1)
	mine := 0                           // which public key is mine
	x := suite.Secret().Pick(rand)      // create a private key x
	X[mine] = suite.Point().Mul(nil, x) // corresponding public key X

	// Generate the signature
	M := []byte("Hello World!") // message we want to sign
	sig := Sign(suite, rand, M, Set(X), nil, mine, x)
	fmt.Print("Signature:\n" + hex.Dump(sig))

	// Verify the signature against the correct message
	tag, err := Verify(suite, M, Set(X), nil, sig)
	if err != nil {
		panic(err.Error())
	}
	if tag == nil || len(tag) != 0 {
		panic("Verify returned wrong tag")
	}
	fmt.Println("Signature verified against correct message.")

	// Verify the signature against the wrong message
	BAD := []byte("Goodbye world!")
	tag, err = Verify(suite, BAD, Set(X), nil, sig)
	if err == nil || tag != nil {
		panic("Signature verified against wrong message!?")
	}
	fmt.Println("Verifying against wrong message: " + err.Error())

	// Output:
	// Signature:
	// 00000000  ca e3 63 fd 0f a9 25 bd  f0 c6 f4 e4 93 3a 3d c0  |..c...%......:=.|
	// 00000010  be 2d ee d1 7f 78 b5 d4  30 00 05 fa 2d ab f3 08  |.-...x..0...-...|
	// 00000020  ac 50 83 66 b9 9f 55 f4  79 48 28 66 cc 25 fb 16  |.P.f..U.yH(f.%..|
	// 00000030  60 d5 0f 88 d6 8d af 97  24 5d 00 ec de 2c 9b ed  |`.......$]...,..|
	// Signature verified against correct message.
	// Verifying against wrong message: invalid signature
}
예제 #7
0
파일: hash_test.go 프로젝트: Liamsi/crypto
// This example shows how to build classic ElGamal-style digital signatures
// using the Camenisch/Stadler proof framework and HashProver.
func ExampleHashProve_1() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))
	B := suite.Point().Base() // standard base point

	// Create a public/private keypair (X,x)
	x := suite.Secret().Pick(rand) // create a private key x
	X := suite.Point().Mul(nil, x) // corresponding public key X

	// Generate a proof that we know the discrete logarithm of X.
	M := "Hello World!" // message we want to sign
	rep := Rep("X", "x", "B")
	sec := map[string]abstract.Secret{"x": x}
	pub := map[string]abstract.Point{"B": B, "X": X}
	prover := rep.Prover(suite, sec, pub, nil)
	proof, _ := HashProve(suite, M, rand, prover)
	fmt.Print("Signature:\n" + hex.Dump(proof))

	// Verify the signature against the correct message M.
	verifier := rep.Verifier(suite, pub)
	err := HashVerify(suite, M, verifier, proof)
	if err != nil {
		panic("signature failed to verify!")
	}
	fmt.Println("Signature verified against correct message M.")

	// Now verify the signature against the WRONG message.
	BAD := "Goodbye World!"
	verifier = rep.Verifier(suite, pub)
	err = HashVerify(suite, BAD, verifier, proof)
	fmt.Println("Signature verify against wrong message: " + err.Error())

	// Output:
	// Signature:
	// 00000000  02 23 62 b1 f9 cb f4 a2  6d 7f 3e 69 cb b6 77 ab  |.#b.....m.>i..w.|
	// 00000010  90 fc 7c db a0 c6 e8 12  f2 0a d4 40 a4 b6 c4 de  |..|........@....|
	// 00000020  9e ac 50 83 66 b9 9f 55  f4 79 48 28 66 cc 25 fb  |..P.f..U.yH(f.%.|
	// 00000030  16 60 d5 0f 88 d6 8d af  97 24 5d 00 ec de 2c 9b  |.`.......$]...,.|
	// 00000040  ed                                                |.|
	// Signature verified against correct message M.
	// Signature verify against wrong message: invalid proof: commit mismatch
}
예제 #8
0
파일: proof_test.go 프로젝트: Liamsi/crypto
// This example shows how to generate and verify noninteractive proofs
// of the statement in the example above, i.e.,
// a proof of ownership of public key X.
func ExampleRep_2() {
	pred := Rep("X", "x", "B")
	fmt.Println(pred.String())

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))
	B := suite.Point().Base() // standard base point

	// Create a public/private keypair (X,x)
	x := suite.Secret().Pick(rand) // create a private key x
	X := suite.Point().Mul(nil, x) // corresponding public key X

	// Generate a proof that we know the discrete logarithm of X.
	sval := map[string]abstract.Secret{"x": x}
	pval := map[string]abstract.Point{"B": B, "X": X}
	prover := pred.Prover(suite, sval, pval, nil)
	proof, _ := HashProve(suite, "TEST", rand, prover)
	fmt.Print("Proof:\n" + hex.Dump(proof))

	// Verify this knowledge proof.
	verifier := pred.Verifier(suite, pval)
	err := HashVerify(suite, "TEST", verifier, proof)
	if err != nil {
		panic("proof failed to verify!")
	}
	fmt.Println("Proof verified.")

	// Output:
	// X=x*B
	// Proof:
	// 00000000  02 23 62 b1 f9 cb f4 a2  6d 7f 3e 69 cb b6 77 ab  |.#b.....m.>i..w.|
	// 00000010  90 fc 7c db a0 c6 e8 12  f2 0a d4 40 a4 b6 c4 de  |..|........@....|
	// 00000020  9e 53 67 12 c7 31 0a 92  ed 76 c4 4d 2c 4b fc 2c  |.Sg..1...v.M,K.,|
	// 00000030  56 db 2d 8a 84 ec 5d e5  31 17 80 76 a8 ea 46 04  |V.-...].1..v..F.|
	// 00000040  c8                                                |.|
	// Proof verified.
}
예제 #9
0
파일: enc_test.go 프로젝트: Liamsi/crypto
func ExampleEncrypt_1() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// Create a public/private keypair (X[mine],x)
	X := make([]abstract.Point, 1)
	mine := 0                           // which public key is mine
	x := suite.Secret().Pick(rand)      // create a private key x
	X[mine] = suite.Point().Mul(nil, x) // corresponding public key X

	// Encrypt a message with the public key
	M := []byte("Hello World!") // message to encrypt
	C := Encrypt(suite, rand, M, Set(X), false)
	fmt.Printf("Encryption of '%s':\n%s", string(M), hex.Dump(C))

	// Decrypt the ciphertext with the private key
	MM, err := Decrypt(suite, C, Set(X), mine, x, false)
	if err != nil {
		panic(err.Error())
	}
	if !bytes.Equal(M, MM) {
		panic("Decryption failed to reproduce message")
	}
	fmt.Printf("Decrypted: '%s'\n", string(MM))

	// Output:
	// Encryption of 'Hello World!':
	// 00000000  02 23 62 b1 f9 cb f4 a2  6d 7f 3e 69 cb b6 77 ab  |.#b.....m.>i..w.|
	// 00000010  90 fc 7c db a0 c6 e8 12  f2 0a d4 40 a4 b6 c4 de  |..|........@....|
	// 00000020  9e 5a 8a 1d 5b e4 96 f7  a9 cb 78 4e 8e ee 23 6b  |.Z..[.....xN..#k|
	// 00000030  f3 5c fc 85 95 59 b0 81  72 bc e2 7b bf d5 1f c1  |.\...Y..r..{....|
	// 00000040  5f d2 08 9a e5 f0 d9 3c  6b 0d 83 35 6d 15 b1 93  |_......<k..5m...|
	// 00000050  af 1d a2 17 df db 3c 2b  89 32 1b 62 1b           |......<+.2.b.|
	// Decrypted: 'Hello World!'
}
예제 #10
0
파일: sig_test.go 프로젝트: Liamsi/crypto
func BenchmarkVerify100OpenSSL(b *testing.B) {
	benchVerify(openssl.NewAES128SHA256P256(),
		benchPubOpenSSL[:100], benchSig100OpenSSL, b.N)
}
예제 #11
0
파일: sig_test.go 프로젝트: Liamsi/crypto
func BenchmarkSign100OpenSSL(b *testing.B) {
	benchSign(openssl.NewAES128SHA256P256(),
		benchPubOpenSSL[:100], benchPriOpenSSL, b.N)
}
예제 #12
0
파일: sig_test.go 프로젝트: Liamsi/crypto
func benchGenKeysOpenSSL(nkeys int) ([]abstract.Point, abstract.Secret) {
	return benchGenKeys(openssl.NewAES128SHA256P256(), nkeys)
}
예제 #13
0
파일: sig_test.go 프로젝트: Liamsi/crypto
// This example demonstrates the creation of linkable anonymity set signatures,
// and verification, using an anonymity set containing three public keys.
// We produce four signatures, two from each of two private key-holders,
// demonstrating how the resulting verifiable tags distinguish
// signatures by the same key-holder from signatures by different key-holders.
func ExampleSign_linkable() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// Create an anonymity set of random "public keys"
	X := make([]abstract.Point, 3)
	for i := range X { // pick random points
		X[i], _ = suite.Point().Pick(nil, rand)
	}

	// Make two actual public/private keypairs (X[mine],x)
	mine1 := 1 // only the signer knows this
	mine2 := 2
	x1 := suite.Secret().Pick(rand) // create a private key x
	x2 := suite.Secret().Pick(rand)
	X[mine1] = suite.Point().Mul(nil, x1) // corresponding public key X
	X[mine2] = suite.Point().Mul(nil, x2)

	// Generate two signatures using x1 and two using x2
	M := []byte("Hello World!")     // message we want to sign
	S := []byte("My Linkage Scope") // scope for linkage tags
	var sig [4][]byte
	sig[0] = Sign(suite, rand, M, Set(X), S, mine1, x1)
	sig[1] = Sign(suite, rand, M, Set(X), S, mine1, x1)
	sig[2] = Sign(suite, rand, M, Set(X), S, mine2, x2)
	sig[3] = Sign(suite, rand, M, Set(X), S, mine2, x2)
	for i := range sig {
		fmt.Printf("Signature %d:\n%s", i, hex.Dump(sig[i]))
	}

	// Verify the signatures against the correct message
	var tag [4][]byte
	for i := range sig {
		goodtag, err := Verify(suite, M, Set(X), S, sig[i])
		if err != nil {
			panic(err.Error())
		}
		tag[i] = goodtag
		if tag[i] == nil || len(tag[i]) != suite.PointLen() {
			panic("Verify returned invalid tag")
		}
		fmt.Printf("Sig%d tag: %s\n", i,
			hex.EncodeToString(tag[i]))

		// Verify the signature against the wrong message
		BAD := []byte("Goodbye world!")
		badtag, err := Verify(suite, BAD, Set(X), S, sig[i])
		if err == nil || badtag != nil {
			panic("Signature verified against wrong message!?")
		}
	}
	if !bytes.Equal(tag[0], tag[1]) || !bytes.Equal(tag[2], tag[3]) ||
		bytes.Equal(tag[0], tag[2]) {
		panic("tags aren't coming out right!")
	}

	// Output:
	// Signature 0:
	// 00000000  7f 0d 4b b1 47 ca 5e f5  4c 2f b3 71 44 1a 08 04  |..K.G.^.L/.qD...|
	// 00000010  02 d2 67 43 3b 58 19 69  56 44 73 b3 49 bd 19 ce  |..gC;X.iVDs.I...|
	// 00000020  d3 63 d3 5a 0e 97 78 e6  74 ce a0 24 34 c1 66 7d  |.c.Z..x.t..$4.f}|
	// 00000030  af 32 9e 59 22 f2 9a 67  3c ea e5 4f 54 6d 3e 07  |.2.Y"..g<..OTm>.|
	// 00000040  dc db 8a df 92 93 55 e0  19 8d 7c f5 58 a1 5a aa  |......U...|.X.Z.|
	// 00000050  80 97 d9 48 84 2b f0 0d  ab 39 2e d4 40 67 08 f4  |...H.+...9..@g..|
	// 00000060  56 b2 b5 3a e1 c8 8c f7  29 8a 13 75 59 98 ea ce  |V..:....)..uY...|
	// 00000070  f4 6d d5 d0 62 85 51 8e  fe d9 4a 02 1f 35 03 33  |.m..b.Q...J..5.3|
	// 00000080  03 37 8f df 75 d4 0b 9d  6c ba f1 c9 07 77 37 59  |.7..u...l....w7Y|
	// 00000090  1e cd 2a 18 75 93 18 c0  6d ee d8 d0 fc ad d5 00  |..*.u...m.......|
	// 000000a0  ab                                                |.|
	// Signature 1:
	// 00000000  c0 c4 72 60 8e 83 8c 15  bf 56 d2 6f 1e 1a 9b 63  |..r`.....V.o...c|
	// 00000010  07 5f f4 6d fb 5b d4 fc  35 e2 46 52 53 41 3a 67  |._.m.[..5.FRSA:g|
	// 00000020  27 56 c5 3f 08 bb 99 6d  7d 0a f8 ac c5 29 e8 94  |'V.?...m}....)..|
	// 00000030  54 3e 4d fb ca b5 1d 9a  29 56 a0 09 f9 ec 6d b5  |T>M.....)V....m.|
	// 00000040  ac c5 1e 6a 65 72 46 a7  9c 11 d0 8c d0 d8 89 ad  |...jerF.........|
	// 00000050  61 0c 2a 89 1a 4d af 86  49 8f 14 87 dd 64 0e 2f  |a.*..M..I....d./|
	// 00000060  78 fd f8 95 ec ee a5 50  a8 65 b0 63 35 f2 83 05  |x......P.e.c5...|
	// 00000070  21 9d cf f1 0d a1 85 6a  3f ca 8d 68 31 1f e0 e2  |!......j?..h1...|
	// 00000080  03 37 8f df 75 d4 0b 9d  6c ba f1 c9 07 77 37 59  |.7..u...l....w7Y|
	// 00000090  1e cd 2a 18 75 93 18 c0  6d ee d8 d0 fc ad d5 00  |..*.u...m.......|
	// 000000a0  ab                                                |.|
	// Signature 2:
	// 00000000  a4 8e 61 72 a4 72 18 81  55 df 8c e0 3a 01 92 05  |..ar.r..U...:...|
	// 00000010  f2 73 29 5a 6f 27 fd 55  d9 b4 a3 62 f2 e0 7f d3  |.s)Zo'.U...b....|
	// 00000020  1b 1e 8f 0b b0 e6 16 78  31 46 7f b6 32 90 f7 5e  |.......x1F..2..^|
	// 00000030  ad fb ea 42 2b a6 46 ba  fd c0 26 f3 21 af 31 9c  |...B+.F...&.!.1.|
	// 00000040  a4 8b 48 7e 5a 4f eb 1d  1f c8 6c 96 e6 38 86 a9  |..H~ZO....l..8..|
	// 00000050  50 dc 69 e8 2d c9 ed 41  51 38 9d 5c 5f 9b e6 93  |P.i.-..AQ8.\_...|
	// 00000060  ef 3e 03 10 5e b1 0b 03  19 2c bb db 46 ef ad 1b  |.>..^....,..F...|
	// 00000070  d6 25 92 98 92 aa 96 b5  d8 38 f8 5c b9 68 7a c2  |.%.......8.\.hz.|
	// 00000080  02 55 a2 af 44 5e 5b fb  65 b1 d5 6f ea 18 21 4a  |.U..D^[.e..o..!J|
	// 00000090  4b 0a 75 3b 6e 50 b7 ed  9f e7 49 aa 03 83 d1 76  |K.u;nP....I....v|
	// 000000a0  7f                                                |.|
	// Signature 3:
	// 00000000  43 cb 80 12 94 b9 f7 da  e1 93 84 66 75 22 8b 8e  |C..........fu"..|
	// 00000010  61 ff ed 65 f1 4e e4 3e  ed 4d 98 3e 5c 6c 7a 2c  |a..e.N.>.M.>\lz,|
	// 00000020  69 56 c6 9e 1b eb dd cd  02 42 d4 50 cf 66 7f 4f  |iV.......B.P.f.O|
	// 00000030  c4 33 92 36 a0 b7 94 a5  3e fb 9b 19 bd 7c ea ce  |.3.6....>....|..|
	// 00000040  69 84 bd 96 a9 6b 6e c2  47 03 9f 18 33 73 a5 2b  |i....kn.G...3s.+|
	// 00000050  ee 11 e1 99 36 bf 44 42  26 5e f8 cc 25 1e 8a 97  |....6.DB&^..%...|
	// 00000060  30 06 bf af 76 ed 06 2d  f6 ed 72 33 53 e4 8a e0  |0...v..-..r3S...|
	// 00000070  a8 88 84 48 69 dd 4b d9  ff e3 d7 4a cf 04 88 c9  |...Hi.K....J....|
	// 00000080  02 55 a2 af 44 5e 5b fb  65 b1 d5 6f ea 18 21 4a  |.U..D^[.e..o..!J|
	// 00000090  4b 0a 75 3b 6e 50 b7 ed  9f e7 49 aa 03 83 d1 76  |K.u;nP....I....v|
	// 000000a0  7f                                                |.|
	// Sig0 tag: 03378fdf75d40b9d6cbaf1c9077737591ecd2a18759318c06deed8d0fcadd500ab
	// Sig1 tag: 03378fdf75d40b9d6cbaf1c9077737591ecd2a18759318c06deed8d0fcadd500ab
	// Sig2 tag: 0255a2af445e5bfb65b1d56fea18214a4b0a753b6e50b7ed9fe749aa0383d1767f
	// Sig3 tag: 0255a2af445e5bfb65b1d56fea18214a4b0a753b6e50b7ed9fe749aa0383d1767f
}
예제 #14
0
파일: hash_test.go 프로젝트: Liamsi/crypto
// This example implements Linkable Ring Signatures (LRS) generically
// using the Camenisch/Stadler proof framework and HashProver.
//
// A ring signature proves that the signer owns one of a list of public keys,
// without revealing anything about which public key the signer actually owns.
// A linkable ring signature (LRS) is the same but includes a linkage tag,
// which the signer proves to correspond 1-to-1 with the signer's key,
// but whose relationship to the private key remains secret
// from anyone who does not hold the private key.
// A key-holder who signs multiple messages in the same public "linkage scope"
// will be forced to use the same linkage tag in each such signature,
// enabling others to tell whether two signatures in a given scope
// were produced by the same or different signers.
//
// This scheme is conceptually similar to that of Liu/Wei/Wong in
// "Linkable and Anonymous Signature for Ad Hoc Groups".
// This example implementation is less space-efficient, however,
// because it uses the generic HashProver for Fiat-Shamir noninteractivity
// instead of Liu/Wei/Wong's customized hash-ring structure.
//
func ExampleHashProve_2() {

	// Crypto setup
	suite := openssl.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))
	B := suite.Point().Base() // standard base point

	// Create an anonymity ring of random "public keys"
	X := make([]abstract.Point, 3)
	for i := range X { // pick random points
		X[i], _ = suite.Point().Pick(nil, rand)
	}

	// Make just one of them an actual public/private keypair (X[mine],x)
	mine := 2                           // only the signer knows this
	x := suite.Secret().Pick(rand)      // create a private key x
	X[mine] = suite.Point().Mul(nil, x) // corresponding public key X

	// Produce the correct linkage tag for the signature,
	// as a pseudorandom base point multiplied by our private key.
	linkScope := []byte("The Linkage Scope")
	linkHash := suite.Cipher(linkScope)
	linkBase, _ := suite.Point().Pick(nil, linkHash)
	linkTag := suite.Point().Mul(linkBase, x)

	// Generate the proof predicate: an OR branch for each public key.
	sec := map[string]abstract.Secret{"x": x}
	pub := map[string]abstract.Point{"B": B, "BT": linkBase, "T": linkTag}
	preds := make([]Predicate, len(X))
	for i := range X {
		name := fmt.Sprintf("X[%d]", i) // "X[0]","X[1]",...
		pub[name] = X[i]                // public point value

		// Predicate indicates knowledge of the private key for X[i]
		// and correspondence of the key with the linkage tag
		preds[i] = And(Rep(name, "x", "B"), Rep("T", "x", "BT"))
	}
	pred := Or(preds...) // make a big Or predicate
	fmt.Printf("Linkable Ring Signature Predicate:\n\t%s\n", pred.String())

	// The prover needs to know which Or branch (mine) is actually true.
	choice := make(map[Predicate]int)
	choice[pred] = mine

	// Generate the signature
	M := "Hello World!" // message we want to sign
	prover := pred.Prover(suite, sec, pub, choice)
	proof, _ := HashProve(suite, M, rand, prover)
	fmt.Print("Linkable Ring Signature:\n" + hex.Dump(proof))

	// Verify the signature
	verifier := pred.Verifier(suite, pub)
	err := HashVerify(suite, M, verifier, proof)
	if err != nil {
		panic("signature failed to verify!")
	}
	fmt.Println("Linkable Ring Signature verified.")

	// Output:
	// Linkable Ring Signature Predicate:
	//	(X[0]=x*B && T=x*BT) || (X[1]=x*B && T=x*BT) || (X[2]=x*B && T=x*BT)
	// Linkable Ring Signature:
	// 00000000  02 22 17 82 90 fd 63 78  91 37 12 26 0b 85 a4 5f  |."....cx.7.&..._|
	// 00000010  c4 50 5d 4f 7c da 22 75  81 bd 85 a6 25 b3 ca d8  |.P]O|."u....%...|
	// 00000020  1b 02 d8 91 b8 82 2e 88  69 ba 47 5d 68 f7 8e 56  |........i.G]h..V|
	// 00000030  b5 f0 b9 93 c2 94 10 65  6f 1d 98 5f 17 a8 ef ec  |.......eo.._....|
	// 00000040  45 04 03 f5 a9 11 32 0b  f0 e6 87 a9 0f cd d7 c3  |E.....2.........|
	// 00000050  e8 9e 1f 47 0c 1b 10 52  de e0 4e fe 25 d4 4e 89  |...G...R..N.%.N.|
	// 00000060  97 35 6a 03 ef 39 35 1f  fb 84 5c 1c 55 4d a4 d0  |.5j..95...\.UM..|
	// 00000070  36 9d 5b 2b 34 be 10 bf  6a bd 7f d9 a8 11 51 7c  |6.[+4...j.....Q||
	// 00000080  6c e7 6f b8 02 2f fc 10  c8 d6 40 23 e4 37 05 c5  |l.o../....@#.7..|
	// 00000090  b4 39 de a6 d1 85 f5 c0  be 57 76 83 c0 d4 8e ff  |.9.......Wv.....|
	// 000000a0  2f 82 1e db 29 02 33 5b  1f 1b c5 b8 b5 fd 7b 77  |/...).3[......{w|
	// 000000b0  1c 32 06 3d b6 c0 6b 9b  a6 d6 47 0c 51 69 2f 4f  |.2.=..k...G.Qi/O|
	// 000000c0  2d 38 f5 46 82 a4 c6 f6  34 12 83 a0 32 2e 82 2c  |-8.F....4...2..,|
	// 000000d0  4b fb b3 0c a1 4b a5 e3  27 43 b6 2f ed fa ca 4f  |K....K..'C./...O|
	// 000000e0  93 83 fd 56 cc 43 71 eb  40 46 de 61 2f 08 8d 9a  |[email protected]/...|
	// 000000f0  04 09 d7 a1 62 83 48 e3  cc 09 af 64 26 df df da  |....b.H....d&...|
	// 00000100  d6 51 62 5d e6 2b 9f 75  01 e9 5a b8 dc ec 95 df  |.Qb].+.u..Z.....|
	// 00000110  9d c9 4c f8 45 5e 3e fa  93 d6 5b 02 af 7b 66 26  |..L.E^>...[..{f&|
	// 00000120  b3 b4 5a a2 c0 1c 56 b2  b5 3a e1 c8 8c f7 29 8a  |..Z...V..:....).|
	// 00000130  13 75 59 98 ea ce f4 6d  d5 d0 62 85 51 8e fe d9  |.uY....m..b.Q...|
	// 00000140  4a 02 1f 35 03 33 d3 63  d3 5a 0e 97 78 e6 74 ce  |J..5.3.c.Z..x.t.|
	// 00000150  a0 24 34 c1 66 7d af 32  9e 59 22 f2 9a 67 3c ea  |.$4.f}.2.Y"..g<.|
	// 00000160  e5 4f 54 6d 3e 07 56 29  e3 95 12 f5 35 39 58 8a  |.OTm>.V)....59X.|
	// 00000170  e3 a2 6e c0 4e b1 74 51  d8 2b 1e f7 7c 1d fe fc  |..n.N.tQ.+..|...|
	// 00000180  75 29 8d f7 3e 18                                 |u)..>.|
	// Linkable Ring Signature verified.
}
예제 #15
0
func Benchmark10PairShuffleOSSLP256(b *testing.B) {
	TestShuffle(openssl.NewAES128SHA256P256(), 10, b.N)
}