Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update poc/ code to be compatible with python3 #201

Merged
merged 2 commits into from Jan 22, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
47 changes: 30 additions & 17 deletions poc/hash_to_base.py
Expand Up @@ -8,8 +8,21 @@
import hmac
import struct
import sys
if sys.version_info[0] != 2:
raise RuntimeError("this code is geared toward Python2/Sage, not Python3")
if sys.version_info[0] == 3:
xrange = range
NULL_BYTE = b'\x00'
NULL_STRING = b''
H2C_STRING = b'H2C'
X0B_STRING = b'\x0b'
X0C_STRING = b'\x0c'
_as_bytes = lambda x: bytes(x, "utf-8")
else:
NULL_BYTE = '\x00'
NULL_STRING = ''
H2C_STRING = 'H2C'
X0B_STRING = '\x0b'
X0C_STRING = '\x0c'
_as_bytes = lambda x: x

# defined in RFC 3447, section 4.1
def I2OSP(val, length):
Expand Down Expand Up @@ -38,7 +51,7 @@ def OS2IP(octets, skip_assert=False):
# per RFC5869
def hkdf_extract(salt, ikm, hash_fn):
if salt is None:
salt = '\x00' * hash_fn().digest_size
salt = NULL_BYTE * hash_fn().digest_size
return hmac.HMAC(salt, ikm, hash_fn).digest()
def hkdf_expand(prk, info, length, hash_fn):
digest_size = hash_fn().digest_size
Expand All @@ -48,8 +61,8 @@ def hkdf_expand(prk, info, length, hash_fn):
if nreps == 0 or nreps > 255:
raise ValueError("length arg to hkdf_expand cannot be longer than 255 * Hashlen")
if info is None:
info = ''
last = okm = ''
info = NULL_STRING
last = okm = NULL_STRING
for rep in range(0, nreps):
last = hmac.HMAC(prk, last + info + I2OSP(rep + 1, 1), hash_fn).digest()
okm += last
Expand All @@ -58,8 +71,8 @@ def hkdf_expand(prk, info, length, hash_fn):
# from draft-irtf-cfrg-hash-to-curve-05
def hash_to_base(msg, ctr, dst, modulus, degree, blen, hash_fn):
rets = [None] * degree
msg_prime = hkdf_extract(dst, msg + '\x00', hash_fn)
info_pfx = 'H2C' + I2OSP(ctr, 1)
msg_prime = hkdf_extract(_as_bytes(dst), _as_bytes(msg) + NULL_BYTE, hash_fn)
info_pfx = H2C_STRING + I2OSP(ctr, 1)
for i in range(0, degree):
info = info_pfx + I2OSP(i + 1, 1)
t = hkdf_expand(msg_prime, info, blen, hash_fn)
Expand All @@ -69,7 +82,7 @@ def hash_to_base(msg, ctr, dst, modulus, degree, blen, hash_fn):
def test_hkdf():
# test cases from RFC5869
test_cases = [ ( hashlib.sha256
, '\x0b' * 22
, X0B_STRING * 22
, I2OSP(0x000102030405060708090a0b0c, 13)
, I2OSP(0xf0f1f2f3f4f5f6f7f8f9, 10)
, 42
Expand All @@ -85,15 +98,15 @@ def test_hkdf():
, I2OSP(0xb11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87, 82)
),
( hashlib.sha256
, '\x0b' * 22
, ''
, ''
, X0B_STRING * 22
, NULL_STRING
, NULL_STRING
, 42
, I2OSP(0x19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04, 32)
, I2OSP(0x8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8, 42)
),
( hashlib.sha1
, '\x0b' * 11
, X0B_STRING * 11
, I2OSP(0x000102030405060708090a0b0c, 13)
, I2OSP(0xf0f1f2f3f4f5f6f7f8f9, 10)
, 42
Expand All @@ -109,17 +122,17 @@ def test_hkdf():
, I2OSP(0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4, 82)
),
( hashlib.sha1
, '\x0b' * 22
, ''
, ''
, X0B_STRING * 22
, NULL_STRING
, NULL_STRING
, 42
, I2OSP(0xda8c8a73c7fa77288ec6f5e7c297786aa0d32d01, 20)
, I2OSP(0x0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918, 42)
),
( hashlib.sha1
, '\x0c' * 22
, X0C_STRING * 22
, None
, ''
, NULL_STRING
, 42
, I2OSP(0x2adccada18779e7c2077ad2eb19d3f3e731385dd, 20)
, I2OSP(0x2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48, 42)
Expand Down
16 changes: 8 additions & 8 deletions poc/iso_values.sage
Expand Up @@ -32,7 +32,7 @@ def show_iso(iso):
continue
if jdx > max_jdx:
max_jdx = jdx
print "- k\\_(%d,%d) = %s" % (idx, jdx, show_elm(val))
print("- k\\_(%d,%d) = %s" % (idx, jdx, show_elm(val)))
if skipped_one:
max_jdx += 1
ostr = "x'^%d" % (max_jdx)
Expand All @@ -50,10 +50,10 @@ def show_iso(iso):
ostr += " + ..."
ostr += " + k\\_(%d,0)" % idx
mstr += " - %s = %s\n" % (s, ostr)
print
print
print mstr
print
print()
print()
print(mstr)
print()


# SECP256k1 iso
Expand Down Expand Up @@ -116,9 +116,9 @@ def iso_bls12381g2():
return iso

if __name__ == "__main__":
print "** SECP256k1\n"
print("** SECP256k1\n")
show_iso(iso_secp256k1())
print "** BLS12-381 G1\n"
print("** BLS12-381 G1\n")
show_iso(iso_bls12381g1())
print "** BLS12-381 G2\n"
print("** BLS12-381 G2\n")
show_iso(iso_bls12381g2())
10 changes: 5 additions & 5 deletions poc/sswu_opt.sage
Expand Up @@ -125,15 +125,15 @@ test_bls12381g1 = OptimizedSSWU(p_bls12381, Ap_bls12381g1, Bp_bls12381g1)
assert test_bls12381g1.Z == GF(p_bls12381)(11)

def test_sswu():
print "Testing P-256"
print("Testing P-256")
test_p256.test()
print "Testing P-384"
print("Testing P-384")
test_p384.test()
print "Testing P-521"
print("Testing P-521")
test_p521.test()
print "Testing secp256k1 isogeny"
print("Testing secp256k1 isogeny")
test_secp256k1.test()
print "Testing BLS12-381 G1 isogeny"
print("Testing BLS12-381 G1 isogeny")
test_bls12381g1.test()

if __name__ == "__main__":
Expand Down
38 changes: 19 additions & 19 deletions poc/test.sage
Expand Up @@ -30,56 +30,56 @@ except ImportError:
sys.exit("Error loading preprocessed sage files. Try running `make clean pyfiles`")

if __name__ == "__main__":
print "Testing hkdf"
print("Testing hkdf")
test_hkdf()

print "Testing Tonelli-Shanks"
print("Testing Tonelli-Shanks")
test_ts()

print "Checking maps"
print("Checking maps")
map_check()

print "Testing 'native' Montgomery curve impl"
print("Testing 'native' Montgomery curve impl")
MontgomeryCurve.test()

print "Testing 'native' Edwards curve impl"
print("Testing 'native' Edwards curve impl")
EdwardsCurve.test()

print "Testing optimized Elligator2"
print "Testing Curve25519"
print("Testing optimized Elligator2")
print("Testing Curve25519")
test_25519()
print "Testing Curve448"
print("Testing Curve448")
test_448()

print "Testing optimized SSWU"
print("Testing optimized SSWU")
test_sswu()

print "Testing generic maps"
print("Testing generic maps")
for m in (GenericBF, GenericEll2, GenericEll2C0, GenericEll2Edw, GenericSSWU, GenericSvdW):
print "Testing %s" % m.__name__
print("Testing %s" % m.__name__)
for _ in range(0, 32):
m.test_random()

print "Testing curve25519/edwards25519 suites"
print("Testing curve25519/edwards25519 suites")
test_suite_25519()

print "Testing curve448/edwards448 suites"
print("Testing curve448/edwards448 suites")
test_suite_448()

print "Testing P256 suites"
print("Testing P256 suites")
test_suite_p256()

print "Testing P384 suites"
print("Testing P384 suites")
test_suite_p384()

print "Testing P521 suites"
print("Testing P521 suites")
test_suite_p521()

print "Testing secp256k1 suites"
print("Testing secp256k1 suites")
test_suite_secp256k1()

print "Testing BLS12-381 G1 suites"
print("Testing BLS12-381 G1 suites")
test_suite_bls12381g1()

print "Testing BLS12-381 G2 suites"
print("Testing BLS12-381 G2 suites")
test_suite_bls12381g2()
60 changes: 30 additions & 30 deletions poc/z_values.sage
Expand Up @@ -19,40 +19,40 @@ def print_neg(x):
F = GF(2^256 - 2^224 + 2^192 + 2^96 - 1)
A = F(-3)
B = F(0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b)
print "** NIST P-256"
print "SSWU Z:", print_neg(find_z_sswu(F, A, B))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** NIST P-256")
print("SSWU Z:", print_neg(find_z_sswu(F, A, B)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()

# NIST P-384
F = GF(2^384 - 2^128 - 2^96 + 2^32 - 1)
A = F(-3)
B = F(0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef)
print "** NIST P-384"
print "SSWU Z:", print_neg(find_z_sswu(F, A, B))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** NIST P-384")
print("SSWU Z:", print_neg(find_z_sswu(F, A, B)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()

# NIST P-521
F = GF(2^521 - 1)
A = F(-3)
B = F(0x51953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00)
print "** NIST P-521"
print "SSWU Z:", print_neg(find_z_sswu(F, A, B))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** NIST P-521")
print("SSWU Z:", print_neg(find_z_sswu(F, A, B)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()

# Curve25519
F = GF(2^255 - 19)
print "** Curve25519"
print "Ell2 Z:", print_neg(find_z_ell2(F))
print
print("** Curve25519")
print("Ell2 Z:", print_neg(find_z_ell2(F)))
print()

# Curve448
F = GF(2^448 - 2^224 - 1)
print "** Curve448"
print "Ell2 Z:", print_neg(find_z_ell2(F))
print
print("** Curve448")
print("Ell2 Z:", print_neg(find_z_ell2(F)))
print()

# secp256k1
F = GF(2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1)
Expand All @@ -62,10 +62,10 @@ Ap = 0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533
Bp = 1771
# make sure E' is isogenous to E
assert EllipticCurve(F, [A, B]).order() == EllipticCurve(F, [Ap, Bp]).order()
print "** secp256k1"
print "SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** secp256k1")
print("SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()

# BLS12-381 G1
F = GF(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab)
Expand All @@ -75,10 +75,10 @@ Ap = 0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e
Bp = 0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0
# make sure that E' is isogenous to E
assert EllipticCurve(F, [A, B]).order() == EllipticCurve(F, [Ap, Bp]).order()
print "** BLS12-381 G1"
print "SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** BLS12-381 G1")
print("SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()

# BLS12-381 G2
p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
Expand All @@ -89,7 +89,7 @@ Ap = 240 * II
Bp = 1012 * (1 + II)
# make sure that E' is isogenous to E
assert EllipticCurve(F, [A, B]).order() == EllipticCurve(F, [Ap, Bp]).order()
print "** BLS12-381 G2"
print "SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp))
print "SvdW Z:", print_neg(find_z_svdw(F, A, B))
print
print("** BLS12-381 G2")
print("SSWU Z:", print_neg(find_z_sswu(F, Ap, Bp)))
print("SvdW Z:", print_neg(find_z_svdw(F, A, B)))
print()