Implement Review

kvac/__init__.py

@@ -1,4 +1,5 @@
 __version__ = "0.0.1"
 
-from .parameters import *
-from .ristretto_sho import *
+from .issuer_key_pair import IssuerPublicKey, IssuerKeyPair
+from .system_params import SystemParams
+from .ristretto_sho import RistrettoSho

kvac/issuer_key_pair.py

@@ -0,0 +1,58 @@
+from typing import List, NamedTuple
+from curve25519_dalek.ristretto import RistrettoPoint
+from curve25519_dalek.scalar import Scalar
+
+from .ristretto_sho import RistrettoSho
+from .system_params import SystemParams
+
+
+class IssuerPublicKey(NamedTuple):
+    C_w: RistrettoPoint
+    I: RistrettoPoint
+
+
+class IssuerKeyPair(NamedTuple):
+    """
+    Represents a Server's key pair, including private and public values.
+    """
+
+    # private
+    w: Scalar
+    wprime: Scalar
+    W: RistrettoPoint
+
+    x0: Scalar
+    x1: Scalar
+
+    ys: List[Scalar]
+
+    # public
+    C_w: RistrettoPoint
+    I: RistrettoPoint
+
+    @classmethod
+    def generate(
+            cls,
+            system: SystemParams,
+            sho: RistrettoSho
+    ) -> 'IssuerKeyPair':
+
+        # private
+        w = sho.get_scalar()
+        wprime = sho.get_scalar()
+        W = system.G_w * w
+        x0 = sho.get_scalar()
+        x1 = sho.get_scalar()
+
+        ys = [sho.get_scalar() for _ in range(system.max_messages)]
+
+        # public
+        C_w = W + (system.G_wprime * wprime)
+        I = system.G_V - (system.G_x0 * x0) - (system.G_x1 * x1)
+        for G_y, y in zip(system.G_ys, ys):
+            I -= G_y * y
+
+        return cls(w, wprime, W, x0, x1, ys, C_w, I)
+
+    def get_public_key(self) -> IssuerPublicKey:
+        return IssuerPublicKey(self.C_w, self.I)

kvac/system_params.py

@@ -0,0 +1,65 @@
+from typing import List, NamedTuple
+from curve25519_dalek.ristretto import RistrettoPoint
+
+from .ristretto_sho import RistrettoSho
+
+
+class SystemParams(NamedTuple):
+    """
+    Encapsulates all public parameters of the system.
+    """
+
+    # documented in Signal's paper
+    G_w: RistrettoPoint
+    G_wprime: RistrettoPoint
+
+    G_x0: RistrettoPoint
+    G_x1: RistrettoPoint
+
+    G_ys: List[RistrettoPoint]
+    G_ms: List[RistrettoPoint]
+
+    G_V: RistrettoPoint
+
+    # not mentioned in the paper, but used in the reference implementation
+    G_z: RistrettoPoint  # used to prove a commitment on z
+
+    @classmethod
+    def generate(
+            cls,
+            max_messages: int,
+            sho: RistrettoSho
+    ) -> 'SystemParams':
+
+        G_w, G_wprime, G_x0, G_x1, G_V, G_z = [sho.get_point() for _ in range(6)]
+        G_ys = [sho.get_point() for _ in range(max_messages)]
+        G_ms = [sho.get_point() for _ in range(max_messages)]
+
+        return cls(G_w, G_wprime, G_x0, G_x1, G_ys, G_ms, G_V, G_z)
+
+    @classmethod
+    def generate_signal_parameters(cls) -> 'SystemParams':
+        sho = RistrettoSho(
+            b'Signal_ZKGroup_20200424_Constant_Credentials_SystemParams_Generate',
+            b''
+        )
+        G_w = sho.get_point()
+        G_wprime = sho.get_point()
+
+        G_x0 = sho.get_point()
+        G_x1 = sho.get_point()
+
+        G_ys = [sho.get_point() for _ in range(4)]
+        G_ms = [sho.get_point() for _ in range(4)]
+
+        G_V = sho.get_point()
+        G_z = sho.get_point()
+
+        G_ys.extend([sho.get_point() for _ in range(2)])
+        G_ms.append(sho.get_point())
+
+        return cls(G_w, G_wprime, G_x0, G_x1, G_ys, G_ms, G_V, G_z)
+
+    @property
+    def max_messages(self) -> int:
+        return len(self.G_ys)

tests/test_ristretto_sho.py

@@ -0,0 +1,30 @@
+from kvac import RistrettoSho
+from curve25519_dalek.ristretto import CompressedRistretto
+from curve25519_dalek.scalar import Scalar
+
+
+def test_ristretto_sho_get_point():
+    sho = RistrettoSho(b"test", b"")
+    assert sho.get_point() == CompressedRistretto(bytes([
+        0x6c, 0x46, 0x32, 0xe5, 0x57, 0xc6, 0x22, 0xc2, 0x8f, 0xf4, 0x3e,
+        0x67, 0xcf, 0xb5, 0x66, 0x9b, 0x3a, 0x24, 0xec, 0xff, 0x85, 0x56,
+        0xa6, 0xfe, 0xed, 0xef, 0x85, 0x26, 0xcf, 0xc0, 0xd3, 0x17
+    ])).decompress()
+
+
+def test_ristretto_sho_get_point_single_elligator():
+    sho = RistrettoSho(b"test", b"")
+    assert sho.get_point_single_elligator() == CompressedRistretto(bytes([
+        0x78, 0xe2, 0xe6, 0xb3, 0xa9, 0x8c, 0x82, 0xda, 0x9e, 0x70, 0x4c,
+        0x7c, 0x15, 0xaa, 0xc4, 0xf9, 0xea, 0xd7, 0x6f, 0xcc, 0x90, 0x30,
+        0x35, 0xb6, 0x48, 0x3d, 0xfe, 0xa0, 0x31, 0xe2, 0x19, 0x67
+    ])).decompress()
+
+
+def test_ristretto_sho_get_scalar():
+    sho = RistrettoSho(b"test", b"")
+    assert sho.get_scalar() == Scalar.from_bytes_mod_order(bytes([
+        0x3f, 0x23, 0xf7, 0x10, 0x9c, 0x26, 0xeb, 0x6f, 0x6e, 0x17, 0xe4,
+        0x92, 0x1b, 0x47, 0x41, 0xcf, 0x0f, 0xcd, 0xb7, 0x08, 0x58, 0xd2,
+        0x76, 0xac, 0x6b, 0x19, 0xa3, 0xe1, 0x76, 0xac, 0xc7, 0x0d
+    ]))

tests/test_system_params.py

@@ -61,24 +61,4 @@ def get_point_from_hardcoded_system(system_index: int) -> RistrettoPoint:
 
 def test_generate_signal_hardcoded_test_system():
     # assumption: kvac.RistrettoSho uses HMAC-SHA-256 SHO
-    sho = kvac.RistrettoSho(
-        b"Signal_ZKGroup_20200424_Constant_Credentials_SystemParams_Generate",
-        b""
-    )
-    G_w = sho.get_point()
-    G_wprime = sho.get_point()
-
-    G_x0 = sho.get_point()
-    G_x1 = sho.get_point()
-
-    G_ys = [sho.get_point() for _ in range(4)]
-    G_ms = [sho.get_point() for _ in range(4)]
-
-    G_V = sho.get_point()
-    G_z = sho.get_point()
-
-    G_ys.extend([sho.get_point() for _ in range(2)])
-    G_ms.append(sho.get_point())
-
-    assert kvac.SystemParams(G_w, G_wprime, G_x0, G_x1, G_ys, G_ms, G_V, G_z) == \
-        get_signal_system_hardcoded()
+    assert kvac.SystemParams.generate_signal_parameters() == get_signal_system_hardcoded()