-
Notifications
You must be signed in to change notification settings - Fork 12
/
ecies.sage
60 lines (57 loc) · 1.14 KB
/
ecies.sage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Algorithm 4.42 ECIES encryption
# Require:
# generator point P of elliptic curve E
# order n of P and the field Zn defined by n
# Input:
# message m
# public key Q
# Output:
# Ciphertext (R,C,t).
#
def ecies_encrypt(Q, m):
k = randint(1, n - 1)
R = k * P
Z = h * k * Q
l = ceil(math.log(n, 2)/8)
(zx, zy) = Z.xy()
zxstr = I2OSP(zx, l)
rstr = point2str(R, l)
str = KDF(zxstr, l, rstr)
k1 = str[0:l]
k2 = str[l:2*l]
print k1
aesobj = AES.new(k1)
C = aesobj.encrypt(pad(m))
hmacobj = hmac.new(k2)
hmacobj.update(C)
t = hmacobj.digest()
print t
return [R, C, t]
# Algorithm 4.43 ECIES decryption
# Require:
# generator point P of elliptic curve E
# order n of P and the field Zn defined by n
# Input:
# private key d
# ciphertext (R,C,t)
# Output:
# Plaintext m or rejection of the ciphertext.
#
def ecies_decrypt(R, C, t, d):
Z = h * d * R
l = ceil(math.log(n, 2)/8)
(zx, zy) = Z.xy()
zxstr = I2OSP(zx, l)
rstr = point2str(R, l)
str = KDF(zxstr, l, rstr)
k1 = str[0:l]
k2 = str[l:2*l]
hmacobj = hmac.new(k2)
hmacobj.update(C)
t1 = hmacobj.digest()
print t1
if t1 != t:
return False
aesobj = AES.new(k1)
m = aesobj.decrypt(C)
return m