# Basic Proxy Signature Protocol for Partial Delegation

In [1]:
# import necessary libraries
import random
import hashlib

## Helper Functions
The following functions are used to provide utility functions for the protocol.
1. Miller-Rabin primality test
2. Large prime number generation function
3. Prime factorization function
4. Find the generator of a group
5. Modular exponentiation function

### Miller-Rabin primality test
This function takes a number `n` and a number of iterations `k` as input and tests if the number is prime using the Miller-Rabin primality test. The function returns `True` if the number is prime and `False` if the number is composite. The function uses the following steps to test for primality:

### Large prime number generation function
This function takes the number of bits as its input and generates a random number and tests for primality using the Miller-Rabin primality test. If the number is prime, it returns the number, else it generates another random number and repeats the process until a prime number is found.

In [3]:
# Function to perform Miller-Rabin primality test
def miller_rabin_test(n, k=5):
    # If n is 2 or 3, it's prime
    if n == 2 or n == 3:
        return True
    # If n is less than 2 or even, it's not prime
    if n <= 1 or n % 2 == 0:
        return False
    
    # Write n-1 as d * 2^r
    r, d = 0, n - 1
    while d % 2 == 0:
        r += 1
        d //= 2
    
    # Perform k rounds of Miller-Rabin test
    for _ in range(k):
        a = random.randint(2, n - 2)
        x = pow(a, d, n)
        if x == 1 or x == n - 1:
            continue
        for _ in range(r - 1):
            x = pow(x, 2, n)
            if x == n - 1:
                break
        else:
            return False
    return True

# Function to find a large prime number using Miller-Rabin
def find_large_prime(bits):
    while True:
        # Generate a random number with the specified bit length
        p = random.getrandbits(bits)
        # Ensure p is odd
        p |= (1 << bits - 1) | 1
        # Check if p is prime using Miller-Rabin test
        if miller_rabin_test(p):
            return p

In [5]:
# Tests for the Miller-Rabin primality test (set of known tests)
def test_miller_rabin():
    # Known prime numbers
    primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97]
    # Known composite numbers
    composites = [1, 4, 6, 8, 9, 10, 12, 14, 15, 16, 18, 20, 21, 22, 24, 25, 26, 27, 28, 30, 32, 33, 34, 35, 36, 38, 39, 40, 42, 44, 45, 46, 48, 49, 50, 51, 52, 54, 55, 56, 57, 58, 60, 62, 63, 64, 65, 66, 68, 69, 70, 72, 74, 75, 76, 77, 78, 80, 81, 82, 84, 85, 86, 87, 88, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100]
    
    # Test known prime numbers
    for p in primes:
        assert miller_rabin_test(p), f"{p} is prime"
    # Test known composite numbers
    for c in composites:
        assert not miller_rabin_test(c), f"{c} is composite"
    print("Miller Rabin - All tests passed")

# Tests for the find_large_prime function
def test_find_large_prime():
    # Test for a 32-bit prime number
    p = find_large_prime(32)
    assert miller_rabin_test(p), f"{p} is prime"
    # Test for a 64-bit prime number
    p = find_large_prime(64)
    assert miller_rabin_test(p), f"{p} is prime"
    # Test for a 128-bit prime number
    p = find_large_prime(128)
    assert miller_rabin_test(p), f"{p} is prime"
    print("Find Large prime - All tests passed")

# Run the tests
test_miller_rabin()
test_find_large_prime()


Miller Rabin - All tests passed
Find Large prime - All tests passed


### Prime factorization function
This function takes a number `n` as input and returns the prime factorization of the number. The function uses the following steps to find the prime factorization of the number:

### Find the generator of a group
This function takes a prime number `p` as input and finds a generator of the group modulo `p`. The function uses the following steps to find a generator:

In [6]:
# Function to perform prime factorization of n using trial division
def prime_factors(n):
    factors = []
    
    # Start with the smallest prime number
    i = 2
    
    # Perform trial division to find all prime factors
    while i * i <= n:
        if n % i == 0:
            # If i is a divisor of n, it's a prime factor
            factors.append(i)
            while n % i == 0:
                n //= i
        i += 1
    
    # If n is still greater than 1, then n is a prime factor
    if n > 1:
        factors.append(n)
    
    return factors


# Function to find a generator for the multiplicative group modulo p
def find_generator(p):
    n = p - 1
    factors = prime_factors(n)
    unique_factors = set(factors)
    while True:
        g = random.randint(2, p - 2)
        is_generator = True
        for q in unique_factors:
            b = pow(g, n // q, p)
            if b == 1:
                is_generator = False
                break
        if is_generator:
            return g

In [7]:
# Tests for the prime_factors function
def test_prime_factors():
    # Test for prime factors of 12
    assert prime_factors(12) == [2, 3]
    # Test for prime factors of 15
    assert prime_factors(15) == [3, 5]
    # Test for prime factors of 21
    assert prime_factors(21) == [3, 7]
    # Test for prime factors of 35
    assert prime_factors(35) == [5, 7]
    # Test for prime factors of 77
    assert prime_factors(77) == [7, 11]
    # Test for prime factors of 143
    assert prime_factors(143) == [11, 13]
    print("Prime Factorization - All tests passed")

# Tests for the find_generator function
def test_find_generator():
    # Test for a 8-bit prime number
    p = find_large_prime(8)
    g = find_generator(p)
    assert pow(g, p - 1, p) == 1, f"{g} is a generator of {p}"
    # Test for a 16-bit prime number
    p = find_large_prime(16)
    g = find_generator(p)
    assert pow(g, p - 1, p) == 1, f"{g} is a generator of {p}"
    # Test for a 32-bit prime number
    p = find_large_prime(32)
    g = find_generator(p)
    assert pow(g, p - 1, p) == 1, f"{g} is a generator of {p}"
    print("Find Generator - All tests passed")

# Run the tests
test_prime_factors()
test_find_generator()

Prime Factorization - All tests passed
Find Generator - All tests passed


### Modular exponentiation function
This function takes three numbers `g`, `s`, and `p` as input and calculates the modular exponentiation of `g^s mod p`. The algorithm efficiently calculates the modular exponentiation using **Exponentiation by Squaring**


In [9]:
# Function for modular exponentiation
def modular_exponentiation(g, s, p):
    result = 1
    
    # Update g to be within the modulus
    g = g % p 

    while s > 0:
        # If s is odd, multiply g with the result
        if s % 2 == 1:
            result = (result * g) % p

        # s must be even now
        s = s // 2
        g = (g * g) % p  # Square g
    return result


In [11]:
# Tests for the modular_exponentiation function
def test_modular_exponentiation():
    # Test for 2^3 mod 5
    assert modular_exponentiation(2, 3, 5) == 3
    # Test for 3^4 mod 7
    assert modular_exponentiation(3, 4, 7) == 4
    # Test for 5^5 mod 11
    assert modular_exponentiation(5, 5, 11) == 1
    # Test for 7^6 mod 13
    assert modular_exponentiation(7, 6, 13) == 12
    # Test for 11^7 mod 17
    assert modular_exponentiation(11, 7, 17) == 3
    print("Modular Exponentiation - All tests passed")

# Run the tests
test_modular_exponentiation()

Modular Exponentiation - All tests passed


## Greatest Common Divisor

We need this function in the signature scheme as a utility function.

In [7]:
def gcd(a, b):
    if((a<0) or (b<0) or (a<b)):
        print("wrong parameter input")
        return

    while(b != 0):
        r = a % b
        a = b
        b = r
        
    return a

# Protocol

## Setup: Key pair generation of original signer

public parameter - modulus: prime $p$

public parameter - generator for $Z^*_p$: $g$

public key: v

secret key: s

__In this test implementation, only input needs to be given by the user is the prime modulus $p$.__

In [12]:
# Find a large prime number
p = find_large_prime(32)

# Find a generator for the multiplicative group modulo p
g = find_generator(p)

# Generate a secret key s in Z_{p-1}/{0}
s = random.randint(1,p-2) 

# Compute the public key v = g^s mod p
v = modular_exponentiation(g,s,p)

print('*public parameters*')
print('prime modulus (p):',p)
print('generator     (g):',g)

print('*key pair of original signer*')
print('public key    (v):',v)
print('secret key    (s):',s)

*public parameters*
prime modulus (p): 2565451199
generator     (g): 1205221578
*key pair of original signer*
public key    (v): 459246786
secret key    (s): 546360169


## Step 1: Proxy generation

Proxy: ($\sigma$, K)

In [None]:
k = random.randint(1,p-2) # random number, Z_{p-1}/{0}
print('(just any) random number k:',k)

print('*proxy value pair for proxy signer*')

bigk = (g**k)%p
print('K    :',bigk)

sigma = (s + k*bigk)%(p-1)
print('sigma:',sigma)

(just any) random number k: 6
*proxy value pair for proxy signer*
K    : 15
sigma: 8


## Step 2: Proxy delivery

The proxy $(\sigma,K)$, must be given by original signer to proxy signer securely.

For example, using Diffie-Hellman to create a secure tunnel, this can be done.

## Step 3: Proxy verification

In [None]:
lhs = (g**sigma)%p

rhs = (v*(bigk**bigk))%p

print('LHS:',lhs)
print('RHS:',rhs)

if(lhs==rhs):
    print('Proxy Verification: Passed')
else:
    print('Proxy Verification: Failed')

LHS: 16
RHS: 16
Proxy Verification: Passed


## Step 4: Signing by the proxy signer

We are going to use __ElGamal signature scheme__.

The __ElGamal signing__ protocol to sign message $m$ where the secret key of the signer is $x$:
1. Choose an integer $k$ randomly from $\{ 2 \ldots p−2 \}$  with $k$ relatively prime to $p−1$.
2. Compute $r \equiv g^{k} \pmod p$.
3. Compute $s \equiv (H(m)-xr)k^{-1} \pmod {p-1}$.
If s = 0, then start again with a different random k.

The signature is $(r,s)$. 

When generating the proxy signature, use $\sigma$ instead of the secret key $x$.

In [None]:
m = random.randint(1,p-1) # message for signing. Consider this as H(m) in 1 ... p-1
print('message (m):',m)

k = 0

for i in range (1000): # this number 1000 is just a random value for the number of tries
    k = random.randint(2,p-2) # random number k is in {2 ... (p-2)} and gcd(k,(p-1))=1
    #print('testing',i,'th random number k:',k)

    d = gcd(p-1,k)
    if(d==1):
        break
        
print('(a special) random number k:',k,'(found after',i,'tries. This is relatively prime to p-1 =',p-1,')')

r = (g**k)%p
print('r :',r)

s1 = m - (sigma*r) # in place of s, use sigma, theproxy secret
print('s1:',s1)

message (m): 9
(a special) random number k: 3 (found after 1 tries. This is relatively prime to p-1 = 16 )
r : 10
s1: -71


In [None]:
# calculate k * i mod q for i = 0 to q-1
q = p-1
invk = 0
for i in range(0,q):
    l = (k*i)%q
    if(l==1):
        invk = i
        print('Modulo inverse of k mod q:',invk,'(for',k,'mod',q,')')
        break

Modulo inverse of k mod q: 11 (for 3 mod 16 )


In [None]:
s = (s1*invk)%(p-1)
print('s:',s)
print('The proxy signed message is (m,(r,s),K):(',m,'(',r,',',s,')',bigk,')')

s: 3
The proxy signed message is (m,(r,s),K):( 9 ( 10 , 3 ) 15 )


## Step 5: Verification of the proxy signature

The new public key $v' \equiv vK^K \pmod p$

The __ElGamal signature verification__ protocol to verify a signed message $m$ with signature $(r,s)$ where the public key of the signer is $y$:
1. Verify that $0 < r < p$ and $0 < s < p − 1$.
2. Verify that $g^{H(m)} \equiv y^r r^s \pmod p$.

In [None]:
print('r =',r,', s =',s,', p =',p)
check1 = False
check2 = False
# Verification Check 1
if (0<r) & (r<p):
    if (0<s) & (s<(p-1)):
        check1 = True
        print('Verification Check 1: Passed')
    else:
        print('Verification Check 1: Failed')
else:
    print('Verification Check 1: Failed')

r = 10 , s = 3 , p = 17
Verification Check 1: Passed


In [None]:
# Verification check 2
y = rhs # this is the proxy public key y = VK^K mod p

lhs = (g**m)%p

rhs = ((y**r)*(r**s))%p

print('LHS:',lhs)
print('RHS:',rhs)

if(lhs==rhs):
    check2 = True
    print('Verification Check 2: Passed')
else:
    print('Verification Check 2: Failed')

LHS: 14
RHS: 14
Verification Check 2: Passed


In [None]:
if(check1 & check2):
    print('Proxy signature verification: Passed')
else:
    print('Proxy signature verification: Failed')

Proxy signature verification: Passed
