-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide discrete logarithm k such that H = kG #6
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,6 +30,7 @@ dependencies: | |
- random | ||
- memory | ||
- mtl | ||
- arithmoi | ||
|
||
library: | ||
source-dirs: src | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,6 +29,7 @@ import qualified Data.ByteString as BS | |
import Data.Monoid | ||
import Data.List | ||
import Protolude hiding (hash, head) | ||
import Math.NumberTheory.Moduli.Sqrt (sqrtModP) | ||
|
||
-- | Generates a ring signature for a message given a specific set of | ||
-- public keys and a signing key belonging to one of the public keys | ||
|
@@ -82,8 +83,8 @@ sign pubKeys (pubKey, privKey) msg = | |
|
||
where | ||
curve = ECDSA.public_curve pubKey | ||
-- h = [Hash(L)] * g | ||
h = ECC.pointBaseMul curve (hashPubKeys curve pubKeys) | ||
-- h = [Hash(L)] | ||
h = generateH g curve (show $ hashPubKeys curve pubKeys) | ||
-- y = [x] * h | ||
y = ECC.pointMul curve (ECDSA.private_d privKey) h | ||
n = ECC.ecc_n (ECC.common_curve curve) | ||
|
@@ -116,8 +117,10 @@ verify pubKeys (ch0, [s], y) msg = panic "Invalid input" | |
verify pubKeys (ch0, s0:s1:s2ToEnd, y) msg = ch0 == ch0' | ||
where | ||
curve0 = ECDSA.public_curve $ head pubKeys | ||
-- h = [H(L)] * g | ||
h = ECC.pointBaseMul curve0 (hashPubKeys curve0 pubKeys) | ||
-- h = [H(L)] | ||
h = generateH g curve0 (show $ hashPubKeys curve0 pubKeys) | ||
|
||
-- h = ECC.pointBaseMul curve0 (hashPubKeys curve0 pubKeys) | ||
y0 = ECDSA.public_q $ head pubKeys | ||
-- z0' = [s0] * g + [ch0] * y0 | ||
z0' = ECC.pointAdd curve0 | ||
|
@@ -157,7 +160,7 @@ genChallenges pubKeys y msg ss = do | |
genChallenges pubKeys y msg ss | ||
where | ||
g curve = ECC.ecc_g (ECC.common_curve curve) | ||
h curve = ECC.pointBaseMul curve (hashPubKeys curve pubKeys) | ||
h curve = generateH (g curve) curve (show $ hashPubKeys curve pubKeys) | ||
gs curve prevK prevS prevCh = | ||
ECC.pointAdd curve | ||
(ECC.pointMul curve prevS (g curve)) | ||
|
@@ -204,6 +207,25 @@ pointToBS (ECC.Point x y) = show x <> show y | |
pubKeysToBS :: [ECDSA.PublicKey] -> BS.ByteString | ||
pubKeysToBS = foldMap (pointToBS . ECDSA.public_q) | ||
|
||
|
||
-- | Iterative algorithm to generate H. | ||
-- The important to hide its discrete logarithm "k" such that H = kG | ||
generateH :: ECC.Point -> ECC.Curve -> [Char] -> ECC.Point | ||
generateH g curve extra = | ||
case yM of | ||
Nothing -> generateH g curve (toS $ '1':extra) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The use of this magic There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, I see. This makes sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you have any suggestions to make it more sensible? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added a name to the magic number |
||
Just y -> if ECC.isPointValid curve (ECC.Point x y) | ||
then ECC.Point x y | ||
else generateH g curve (toS $ '1':extra) | ||
where | ||
x = oracle curve (pointToBS g <> toS extra) `mod` p | ||
yM = sqrtModP (x ^ 3 + 7) p | ||
p = ECC.ecc_p cp | ||
where | ||
cp = case curve of | ||
ECC.CurveFP c -> c | ||
ECC.CurveF2m _ -> panic "Not a FP curve" | ||
|
||
-- | Hash list of public keys | ||
hashPubKeys :: ECC.Curve -> [ECDSA.PublicKey] -> Integer | ||
hashPubKeys c = oracle c . pubKeysToBS | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably don't need this anymore.