You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/26 20:02:15 UTC
[incubator-milagro-MPC] branch issue18-add-python-flow-example
created (now 0a180eb)
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a change to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git.
at 0a180eb do not copy .so files to python dir
This branch includes the following new commits:
new 177a37e Add custom functions for keys and k generation
new b0fc890 Fix doxygen
new c0edc6e Wrap custom functions for keys and k generation. Lint code
new 916cb35 Add full flow using python wrappers
new 0a180eb do not copy .so files to python dir
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[incubator-milagro-MPC] 05/05: do not copy .so files to python dir
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 0a180ebce80c10d385886b15243ea8224a7ba08f
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 19:58:58 2020 +0000
do not copy .so files to python dir
---
src/CMakeLists.txt | 7 -------
1 file changed, 7 deletions(-)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index f6c45db..1311df2 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -39,10 +39,3 @@ install(TARGETS ${target} DESTINATION lib PERMISSIONS
OWNER_WRITE OWNER_READ OWNER_EXECUTE
GROUP_READ GROUP_EXECUTE
WORLD_READ WORLD_EXECUTE)
-
-if(BUILD_PYTHON)
- message(STATUS "Copy ${target} library to python directory for testing")
- add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/lib*" "${PROJECT_BINARY_DIR}/python/test")
- add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/lib*" "${PROJECT_BINARY_DIR}/python/benchmark")
- add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/lib*" "${PROJECT_BINARY_DIR}/python/examples")
-endif(BUILD_PYTHON)
[incubator-milagro-MPC] 03/05: Wrap custom functions for keys and k
generation. Lint code
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit c0edc6e8d403f7afc714597895b124fb07630fc5
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 16:23:32 2020 +0000
Wrap custom functions for keys and k generation. Lint code
---
python/amcl/mpc.py | 128 ++++++++++++++++++++++++++++++++++++---
python/examples/example_ecdsa.py | 12 ++--
python/test/test_ecdsa.py | 17 ++----
3 files changed, 133 insertions(+), 24 deletions(-)
diff --git a/python/amcl/mpc.py b/python/amcl/mpc.py
index a77f1a8..c0f5ec7 100644
--- a/python/amcl/mpc.py
+++ b/python/amcl/mpc.py
@@ -28,6 +28,24 @@ from . import core_utils
_ffi = core_utils._ffi
_ffi.cdef("""
+#define EFS_SECP256K1 32
+
+typedef signed int sign32;
+typedef long unsigned int BIG_256_56[5];
+
+typedef struct
+{
+ BIG_256_56 g;
+ sign32 XES;
+} FP_SECP256K1;
+
+typedef struct
+{
+ FP_SECP256K1 x;
+ FP_SECP256K1 y;
+ FP_SECP256K1 z;
+} ECP_SECP256K1;
+
typedef struct
{
BIG_512_60 n[8];
@@ -54,14 +72,15 @@ extern void PAILLIER_PRIVATE_KEY_KILL(PAILLIER_private_key *PRIV);
extern void PAILLIER_PK_toOctet(octet *PK, PAILLIER_public_key *PUB);
extern void PAILLIER_PK_fromOctet(PAILLIER_public_key *PUB, octet *PK);
-extern int ECP_SECP256K1_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-extern int ECP_SECP256K1_PUBLIC_KEY_VALIDATE(octet *W);
+extern int ECP_SECP256K1_PUBLIC_KEY_VALIDATE(octet *W);
+extern void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet *S, octet *W);
extern int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
extern void MPC_MTA_CLIENT1(csprng *RNG, PAILLIER_public_key* PUB, octet* A, octet* CA, octet* R);
extern void MPC_MTA_CLIENT2(PAILLIER_private_key *PRIV, octet* CB, octet *ALPHA);
extern void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA);
extern void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
+extern void MPC_K_GENERATE(csprng *RNG, octet *K);
extern void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
extern void MPC_HASH(int sha, octet *M, octet *HM);
@@ -85,7 +104,7 @@ else:
_libamcl_curve_secp256k1 = _ffi.dlopen("libamcl_curve_SECP256K1.so")
# Constants
-FS_2048 = 256 # Size of an FF_2048 in bytes
+FS_2048 = 256 # Size of an FF_2048 in bytes
HFS_2048 = 128 # Half-suze of an FF_2048 in bytes
FS_4096 = 512 # Size of an FF_4096 in bytes
EGS_SECP256K1 = 32 # Size of an element of Z/qZ in bytes
@@ -117,6 +136,7 @@ def paillier_key_pair(rng, p=None, q=None):
if p:
p1, p1_val = core_utils.make_octet(None, p)
q1, q1_val = core_utils.make_octet(None, q)
+ _ = p1_val, q1_val
rng = _ffi.NULL
else:
p1 = _ffi.NULL
@@ -127,8 +147,15 @@ def paillier_key_pair(rng, p=None, q=None):
_libamcl_paillier.PAILLIER_KEY_PAIR(rng, p1, q1, paillier_pk, paillier_sk)
+ if p1 is not _ffi.NULL:
+ core_utils.clear_octet(p1)
+
+ if q1 is not _ffi.NULL:
+ core_utils.clear_octet(q1)
+
return paillier_pk, paillier_sk
+
def paillier_private_key_kill(paillier_sk):
"""Kill a Paillier secret key
@@ -167,6 +194,7 @@ def paillier_pk_to_octet(paillier_pk):
"""
n1, n1_val = core_utils.make_octet(FS_4096)
+ _ = n1_val
_libamcl_paillier.PAILLIER_PK_toOctet(n1, paillier_pk)
@@ -174,6 +202,7 @@ def paillier_pk_to_octet(paillier_pk):
return n2
+
def paillier_pk_from_octet(n):
"""Read Paillier public key from byte array
@@ -193,12 +222,14 @@ def paillier_pk_from_octet(n):
paillier_pk = _ffi.new('PAILLIER_public_key*')
n1, n1_val = core_utils.make_octet(None, n)
+ _ = n1_val
_libamcl_paillier.PAILLIER_PK_fromOctet(paillier_pk, n1)
return paillier_pk
-def ecp_secp256k1_key_pair_generate(rng, ecdsa_sk=None):
+
+def mpc_ecdsa_key_pair_generate(rng, ecdsa_sk=None):
"""Generate ECDSA key pair
Generate ECDSA key pair
@@ -212,7 +243,6 @@ def ecp_secp256k1_key_pair_generate(rng, ecdsa_sk=None):
ecdsa_sk: ECDSA secret key
ecdsa_pk: ECDSA public key
- rc: Zero for success or else an error code
Raises:
@@ -224,13 +254,17 @@ def ecp_secp256k1_key_pair_generate(rng, ecdsa_sk=None):
ecdsa_sk1, ecdsa_sk1_val = core_utils.make_octet(EGS_SECP256K1)
ecdsa_pk1, ecdsa_pk1_val = core_utils.make_octet(2 * EFS_SECP256K1 + 1)
+ _ = ecdsa_pk1_val, ecdsa_sk1_val # Suppress warnings
- rc = _libamcl_curve_secp256k1.ECP_SECP256K1_KEY_PAIR_GENERATE(rng, ecdsa_sk1, ecdsa_pk1)
+ _libamcl_mpc.MPC_ECDSA_KEY_PAIR_GENERATE(rng, ecdsa_sk1, ecdsa_pk1)
ecdsa_sk2 = core_utils.to_str(ecdsa_sk1)
ecdsa_pk2 = core_utils.to_str(ecdsa_pk1)
- return rc, ecdsa_pk2, ecdsa_sk2
+ core_utils.clear_octet(ecdsa_sk1)
+
+ return ecdsa_pk2, ecdsa_sk2
+
def ecp_secp256k1_public_key_validate(ecdsa_pk):
"""Validate an ECDSA public key
@@ -249,11 +283,13 @@ def ecp_secp256k1_public_key_validate(ecdsa_pk):
"""
ecdsa_pk1, ecdsa_pk1_val = core_utils.make_octet(None, ecdsa_pk)
+ _ = ecdsa_pk1_val
rc = _libamcl_curve_secp256k1.ECP_SECP256K1_PUBLIC_KEY_VALIDATE(ecdsa_pk1)
return rc
+
def mpc_mta_client1(rng, paillier_pk, a, r=None):
"""Client MTA first pass
@@ -276,19 +312,28 @@ def mpc_mta_client1(rng, paillier_pk, a, r=None):
"""
if r:
r1, r1_val = core_utils.make_octet(None, r)
+ _ = r1_val
rng = _ffi.NULL
else:
r1 = _ffi.NULL
a1, a1_val = core_utils.make_octet(None, a)
ca1, ca1_val = core_utils.make_octet(FS_4096)
+ _ = a1_val, ca1_val
_libamcl_mpc.MPC_MTA_CLIENT1(rng, paillier_pk, a1, ca1, r1)
ca2 = core_utils.to_str(ca1)
+ # Clear memory
+ core_utils.clear_octet(a1)
+
+ if r1 is not _ffi.NULL:
+ core_utils.clear_octet(r1)
+
return ca2
+
def mpc_mta_client2(paillier_sk, cb):
"""Client MtA second pass
@@ -308,13 +353,16 @@ def mpc_mta_client2(paillier_sk, cb):
"""
cb1, cb1_val = core_utils.make_octet(None, cb)
alpha1, alpha1_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = cb1_val, alpha1_val # Suppress warnings
_libamcl_mpc.MPC_MTA_CLIENT2(paillier_sk, cb1, alpha1)
alpha2 = core_utils.to_str(alpha1)
+ core_utils.clear_octet(alpha1)
return alpha2
+
def mpc_mta_server(rng, paillier_pk, b, ca, z=None, r=None):
"""Server MtA
@@ -340,6 +388,7 @@ def mpc_mta_server(rng, paillier_pk, b, ca, z=None, r=None):
if r:
r1, r1_val = core_utils.make_octet(None, r)
z1, z1_val = core_utils.make_octet(None, z)
+ _ = r1_val, z1_val
rng = _ffi.NULL
else:
r1 = _ffi.NULL
@@ -349,14 +398,26 @@ def mpc_mta_server(rng, paillier_pk, b, ca, z=None, r=None):
ca1, ca1_val = core_utils.make_octet(None, ca)
beta1, beta1_val = core_utils.make_octet(EGS_SECP256K1)
cb1, cb1_val = core_utils.make_octet(FS_4096)
+ _ = b1_val, ca1_val, beta1_val, cb1_val
_libamcl_mpc.MPC_MTA_SERVER(rng, paillier_pk, b1, ca1, z1, r1, cb1, beta1)
beta2 = core_utils.to_str(beta1)
cb2 = core_utils.to_str(cb1)
+ # Clear memory
+ core_utils.clear_octet(b1)
+ core_utils.clear_octet(beta1)
+
+ if r1 is not _ffi.NULL:
+ core_utils.clear_octet(r1)
+
+ if z1 is not _ffi.NULL:
+ core_utils.clear_octet(z1)
+
return cb2, beta2
+
def mpc_sum_mta(a, b, alpha, beta):
"""Sum of secret shares
@@ -382,13 +443,43 @@ def mpc_sum_mta(a, b, alpha, beta):
beta1, beta1_val = core_utils.make_octet(None, beta)
sum1, sum1_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = a1_val, b1_val, alpha1_val, beta1_val, sum1_val # Suppress warnings
_libamcl_mpc.MPC_SUM_MTA(a1, b1, alpha1, beta1, sum1)
sum2 = core_utils.to_str(sum1)
+ core_utils.clear_octet(a1)
+ core_utils.clear_octet(b1)
+
return sum2
+
+def mpc_k_generate(rng):
+ """ Generate random k mod curve order
+
+ Args::
+
+ rng: pointer to a cryptographically secure prng
+
+ Returns::
+
+ k: a random value modulo the curve order
+
+ Raises:
+
+ """
+ k, k_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = k_val
+
+ _libamcl_mpc.MPC_K_GENERATE(rng, k)
+
+ k_str = core_utils.to_str(k)
+ core_utils.clear_octet(k)
+
+ return k_str
+
+
def mpc_invkgamma(kgamma1, kgamma2):
"""Calculate the inverse of the sum of kgamma values
@@ -410,6 +501,7 @@ def mpc_invkgamma(kgamma1, kgamma2):
kgamma21, kgamma21_val = core_utils.make_octet(None, kgamma2)
invkgamma1, invkgamma1_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = kgamma11_val, kgamma21_val, invkgamma1_val # Suppress warnings
_libamcl_mpc.MPC_INVKGAMMA(kgamma11, kgamma21, invkgamma1)
@@ -417,6 +509,7 @@ def mpc_invkgamma(kgamma1, kgamma2):
return invkgamma2
+
def mpc_r(invkgamma, gammapt1, gammapt2):
"""R component
@@ -442,6 +535,7 @@ def mpc_r(invkgamma, gammapt1, gammapt2):
r1, r1_val = core_utils.make_octet(EGS_SECP256K1)
rp, rp_val = core_utils.make_octet(EFS_SECP256K1 + 1)
+ _ = invkgamma1_val, gammapt11_val, gammapt21_val, r1_val, rp_val
rc = _libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1, rp)
@@ -450,6 +544,7 @@ def mpc_r(invkgamma, gammapt1, gammapt2):
return rc, r2, rp_str
+
def mpc_hash(message):
"""Hash the message value
@@ -468,6 +563,7 @@ def mpc_hash(message):
"""
message1, message1_val = core_utils.make_octet(None, message)
hm1, hm1_val = core_utils.make_octet(SHA256)
+ _ = message1_val, hm1_val
_libamcl_mpc.MPC_HASH(SHA256, message1, hm1)
@@ -475,6 +571,7 @@ def mpc_hash(message):
return hm2
+
def mpc_s(hm, r, k, sigma):
"""S component
@@ -501,13 +598,17 @@ def mpc_s(hm, r, k, sigma):
sigma1, sigma1_val = core_utils.make_octet(None, sigma)
s1, s1_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = hm1_val, r1_val, k1_val, sigma1_val, s1_val
rc = _libamcl_mpc.MPC_S(hm1, r1, k1, sigma1, s1)
s2 = core_utils.to_str(s1)
+ core_utils.clear_octet(k1)
+
return rc, s2
+
def mpc_ecdsa_verify(hm, pk, r, s):
"""ECDSA Verify signature
@@ -531,11 +632,13 @@ def mpc_ecdsa_verify(hm, pk, r, s):
pk1, pk1_val = core_utils.make_octet(None, pk)
r1, r1_val = core_utils.make_octet(None, r)
s1, s1_val = core_utils.make_octet(None, s)
+ _ = hm1_val, pk1_val, r1_val, s1_val
rc = _libamcl_mpc.MPC_ECDSA_VERIFY(hm1, pk1, r1, s1)
return rc
+
def mpc_sum_s(s1, s2):
"""Sum of ECDSA s components
@@ -557,6 +660,7 @@ def mpc_sum_s(s1, s2):
s21, s21_val = core_utils.make_octet(None, s2)
s1, s1_val = core_utils.make_octet(EGS_SECP256K1)
+ _ = s11_val, s21_val, s1_val
_libamcl_mpc.MPC_SUM_S(s11, s21, s1)
@@ -564,6 +668,7 @@ def mpc_sum_s(s1, s2):
return s2
+
def mpc_sum_pk(pk1, pk2):
"""Sum of ECDSA public key shares
@@ -586,6 +691,7 @@ def mpc_sum_pk(pk1, pk2):
pk21, pk21_val = core_utils.make_octet(None, pk2)
pk1, pk1_val = core_utils.make_octet(EFS_SECP256K1 + 1)
+ _ = pk11_val, pk21_val, pk1_val
rc = _libamcl_mpc.MPC_SUM_PK(pk11, pk21, pk1)
@@ -593,6 +699,7 @@ def mpc_sum_pk(pk1, pk2):
return rc, pk2
+
def mpc_dump_paillier_sk(paillier_sk):
"""Write Paillier public key to byte array
@@ -612,10 +719,17 @@ def mpc_dump_paillier_sk(paillier_sk):
"""
p, p_val = core_utils.make_octet(HFS_2048)
q, q_val = core_utils.make_octet(HFS_2048)
+ _ = p_val, q_val
_libamcl_mpc.MPC_DUMP_PAILLIER_SK(paillier_sk, p, q)
p2 = core_utils.to_str(p)
q2 = core_utils.to_str(q)
+ # Clear memory
+ core_utils.clear_octet(p)
+ core_utils.clear_octet(q)
+ core_utils.clear_octet(p2)
+ core_utils.clear_octet(q2)
+
return p2, q2
diff --git a/python/examples/example_ecdsa.py b/python/examples/example_ecdsa.py
index 3f984fb..f098223 100755
--- a/python/examples/example_ecdsa.py
+++ b/python/examples/example_ecdsa.py
@@ -40,21 +40,21 @@ if __name__ == "__main__":
paillier_pk2, paillier_sk2 = amcl.mpc.paillier_key_pair(rng)
# ECDSA keys
- rc, PK1, W1 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
+ PK1, W1 = amcl.mpc.mpc_ecdsa_key_pair_generate(rng)
rc = amcl.mpc.ecp_secp256k1_public_key_validate(PK1)
assert rc == 0, f"Invalid ECDSA public key"
- rc, PK2, W2 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
+ PK2, W2 = amcl.mpc.mpc_ecdsa_key_pair_generate(rng)
rc = amcl.mpc.ecp_secp256k1_public_key_validate(PK2)
assert rc == 0, f"Invalid ECDSA public key"
# Gamma values
- rc, GAMMAPT1, GAMMA1 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
- rc, GAMMAPT2, GAMMA2 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
+ GAMMAPT1, GAMMA1 = amcl.mpc.mpc_ecdsa_key_pair_generate(rng)
+ GAMMAPT2, GAMMA2 = amcl.mpc.mpc_ecdsa_key_pair_generate(rng)
# K values
- rc, TMP1, K1 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
- rc, TMP2, K2 = amcl.mpc.ecp_secp256k1_key_pair_generate(rng)
+ K1 = amcl.mpc.mpc_k_generate(rng)
+ K2 = amcl.mpc.mpc_k_generate(rng)
# Message
M = b'test message'
diff --git a/python/test/test_ecdsa.py b/python/test/test_ecdsa.py
index 1a21470..64fb1ae 100755
--- a/python/test/test_ecdsa.py
+++ b/python/test/test_ecdsa.py
@@ -45,21 +45,16 @@ class TestECDSA(unittest.TestCase):
paillier_pk2, paillier_sk2 = mpc.paillier_key_pair(rng)
# ECDSA keys
- rc, PK1, W1 = mpc.ecp_secp256k1_key_pair_generate(rng)
- rc = mpc.ecp_secp256k1_public_key_validate(PK1)
- assert rc == 0, f"Invalid ECDSA public key"
-
- rc, PK2, W2 = mpc.ecp_secp256k1_key_pair_generate(rng)
- rc = mpc.ecp_secp256k1_public_key_validate(PK2)
- assert rc == 0, f"Invalid ECDSA public key"
+ PK1, W1 = mpc.mpc_ecdsa_key_pair_generate(rng)
+ PK2, W2 = mpc.mpc_ecdsa_key_pair_generate(rng)
# Gamma values
- rc, GAMMAPT1, GAMMA1 = mpc.ecp_secp256k1_key_pair_generate(rng)
- rc, GAMMAPT2, GAMMA2 = mpc.ecp_secp256k1_key_pair_generate(rng)
+ GAMMAPT1, GAMMA1 = mpc.mpc_ecdsa_key_pair_generate(rng)
+ GAMMAPT2, GAMMA2 = mpc.mpc_ecdsa_key_pair_generate(rng)
# K values
- rc, _, K1 = mpc.ecp_secp256k1_key_pair_generate(rng)
- rc, _, K2 = mpc.ecp_secp256k1_key_pair_generate(rng)
+ K1 = mpc.mpc_k_generate(rng)
+ K2 = mpc.mpc_k_generate(rng)
# Message
M = b'test message'
[incubator-milagro-MPC] 04/05: Add full flow using python wrappers
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 916cb3561989f0e04d4f0cf948cb87220b713fa5
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 16:24:20 2020 +0000
Add full flow using python wrappers
---
python/examples/example_full.py | 359 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 359 insertions(+)
diff --git a/python/examples/example_full.py b/python/examples/example_full.py
new file mode 100755
index 0000000..cece81b
--- /dev/null
+++ b/python/examples/example_full.py
@@ -0,0 +1,359 @@
+#!/usr/bin/env python3
+
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+"""
+
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+from amcl import core_utils, mpc, schnorr, factoring_zk, commitments
+
+seed_hex = "78d0fb6705ce77dee47d03eb5b9c5d30"
+
+
+def generate_key_material(rng, player):
+ """ Generate Paillier and ECDSA Key Pairs
+
+ Generate key material and commitment to the ECDSA PK.
+ The key material dictionary has keys:
+ * paillier_sk
+ * paillier_pk
+ * ecdsa_sk
+ * ecdsa_pk
+
+ Args::
+
+ rng: pointer to CSPRNG
+
+ Returns::
+
+ key_material: dictionary with the generated key material
+
+ """
+ # Paillier keys
+ paillier_pk, paillier_sk = mpc.paillier_key_pair(rng)
+
+ # ECDSA keys
+ ecdsa_pk, ecdsa_sk = mpc.mpc_ecdsa_key_pair_generate(rng)
+ rc = mpc.ecp_secp256k1_public_key_validate(ecdsa_pk)
+ assert rc == 0, f"[{player}] Invalid ECDSA public key. rc {rc}"
+
+ key_material = {
+ 'paillier_pk' : paillier_pk,
+ 'paillier_sk' : paillier_sk,
+ 'ecdsa_pk' : ecdsa_pk,
+ 'ecdsa_sk' : ecdsa_sk
+ }
+
+ return key_material
+
+
+def generate_key_material_zkp(rng, key_material):
+ """ Generate ZK Proofs for key material
+
+ Generate a commitment to the ECDSA PK, a Schnorr's
+ Proof for the ECDSA PK and a factoring Proof for the
+ Paillier PK
+ The key material dictionary must have keys:
+ * paillier_sk
+ * paillier_pk
+ * ecdsa_sk
+ * ecdsa_pk
+
+ Args::
+
+ rng: pointer to CSPRNG
+ key_material: dictionary with the key material
+
+ Returns::
+
+ r: secret value for the ECDSA PK commitment
+ c: commitment for the ECDSA PK
+ sc: commitment for the Schnorr's Proof
+ sp: Schnorr's Proof
+ fe: Factoring Proof. First component
+ fy: Factoring Proof. Second component
+
+ """
+ # Commit to ECDSA PK
+ r, c = commitments.nm_commit(rng, key_material['ecdsa_pk'])
+
+ # Generate Schnorr's proof for ECDSA PK
+ sr, sc = schnorr.commit(rng)
+ e = schnorr.challenge(key_material['ecdsa_pk'], sc)
+ sp = schnorr.prove(sr, e, key_material['ecdsa_sk'])
+
+ # Generate ZKP of knowledge of factorization for
+ # Paillier key pair
+ psk_p, psk_q = mpc.mpc_dump_paillier_sk(key_material['paillier_sk'])
+
+ fe, fy = factoring_zk.prove(rng, psk_p, psk_q)
+
+ return r, c, sc, sp, fe, fy
+
+
+def verify_key_material(key_material, r, c, sc, sp, fe, fy, player):
+ """ Verify key material
+
+ Verify the conunterparty key material using the
+ proof received
+ The key material dictionary must have keys:
+ * paillier_pk
+ * ecdsa_pk
+
+ Args::
+
+ key_material: dictionary with the key material
+ r: secret value for the ECDSA PK commitment
+ c: commitment for the ECDSA PK
+ sc: commitment for the Schnorr's Proof
+ sp: Schnorr's Proof
+ fe: Factoring Proof. First component
+ fy: Factoring Proof. Second component
+
+ Returns::
+
+ """
+ # Decommit ECDSA PK
+ rc = commitments.nm_decommit(key_material['ecdsa_pk'], r, c)
+ assert rc == commitments.OK, f"[{player}] Failure decommitting ecdsa_pk. rc {rc}"
+
+ # Verify ECDSA PK Schnorr's proof
+ e = schnorr.challenge(key_material['ecdsa_pk'], sc)
+ rc = schnorr.verify(key_material['ecdsa_pk'], sc, e, sp)
+ assert rc == schnorr.OK, f"[{player}] Invalid ECDSA PK Schnorr Proof. rc {rc}"
+
+ # Verify factoring ZKP
+ n = mpc.paillier_pk_to_octet(key_material['paillier_pk'])
+ rc = factoring_zk.verify(n, fe, fy)
+ assert rc == factoring_zk.OK, f"[{player}] Invalid Factoring ZKP. rc {rc}"
+
+
+if __name__ == "__main__":
+ seed = bytes.fromhex(seed_hex)
+ rng = core_utils.create_csprng(seed)
+
+
+ ### Key setup ###
+
+ print("Setup Key Material\n")
+
+ # Generate key material
+ key_material1 = generate_key_material(rng, "Alice")
+ key_material2 = generate_key_material(rng, "Bob")
+
+ print("[Alice] Generate ECDSA and Paillier key pairs")
+ print("[Bob] Generate ECDSA and Paillier key pairs")
+
+ # Generate key material ZKP
+ r1, c1, sc1, sp1, fe1, fy1 = generate_key_material_zkp(rng, key_material1)
+ r2, c2, sc2, sp2, fe2, fy2 = generate_key_material_zkp(rng, key_material2)
+
+ print("[Alice] Generate commitment to ECDSA PK and ZKPs")
+ print("[Bob] Generate commitment to ECDSA PK and ZKPs")
+
+ # Commit to ECDSA PK by transmitting c
+ print("[Alice] Commit to ECDSA PK. Transmit c")
+ print("[Bob] Commit to ECDSA PK. Transmit c")
+
+ # Transmit decommitment and ZKP
+ print("[Alice] Transmit decommitment for ECDSA PK and ZKPs")
+ print("[Bob] Transmit decommitment for ECDSA PK and ZKPs")
+
+ # Verify decommitment and ZKP
+ c_key_material1 = {
+ 'paillier_pk' : key_material2['paillier_pk'],
+ 'ecdsa_pk' : key_material2['ecdsa_pk'],
+ }
+
+ c_key_material2 = {
+ 'paillier_pk' : key_material1['paillier_pk'],
+ 'ecdsa_pk' : key_material1['ecdsa_pk'],
+ }
+
+ print("[Alice] Verify ZKP")
+ verify_key_material(c_key_material1, r2, c2, sc2, sp2, fe2, fy2, "Alice")
+
+ print("[Bob] Verify ZKP")
+ verify_key_material(c_key_material2, r1, c1, sc1, sp1, fe1, fy1, "Bob")
+
+ # Recombine full ECDSA PK
+ rc, ecdsa_full_pk1 = mpc.mpc_sum_pk(key_material1['ecdsa_pk'], c_key_material1['ecdsa_pk'])
+ assert rc == 0, '[Alice] Error recombining full ECDSA PK'
+
+ rc, ecdsa_full_pk2 = mpc.mpc_sum_pk(key_material2['ecdsa_pk'], c_key_material2['ecdsa_pk'])
+ assert rc == 0, '[Bob] Error recombining full ECDSA PK'
+
+
+ ### Signature ###
+
+ # Message
+ M = b'test message'
+
+ print(f"\nSign message '{M.encode('utf-8')}'")
+
+ # Generate k, gamma and gamma.G
+ print("[Alice] Generate k, gamma and gamma.G")
+ GAMMA1, gamma1 = mpc.mpc_ecdsa_key_pair_generate(rng)
+ k1 = mpc.mpc_k_generate(rng)
+
+ print("[Bob] Generate k, gamma and gamma.G")
+ GAMMA2, gamma2 = mpc.mpc_ecdsa_key_pair_generate(rng)
+ k2 = mpc.mpc_k_generate(rng)
+
+ ## Commit to GAMMA1, GAMMA2
+ print("[Alice] Commit to GAMMA1")
+ GAMMAR1, GAMMAC1 = commitments.nm_commit(rng, GAMMA1)
+
+ print("[Bob] Commit to GAMMA2")
+ GAMMAR2, GAMMAC2 = commitments.nm_commit(rng, GAMMA2)
+
+ ## Engage in MTA with k_i, gamma_j
+
+ # k1, gamma2
+ print("[Alice] Engage in MTA with shares k1, gamma2")
+
+ ca = mpc.mpc_mta_client1(rng, key_material1['paillier_pk'], k1)
+ cb, beta2 = mpc.mpc_mta_server(rng, c_key_material2['paillier_pk'], gamma2, ca)
+ alpha1 = mpc.mpc_mta_client2(key_material1['paillier_sk'], cb)
+
+ # k2, gamma1
+ print("[Bob] Engage in MTA with shares k2, gamma1")
+
+ ca = mpc.mpc_mta_client1(rng, key_material2['paillier_pk'], k2)
+ cb, beta1 = mpc.mpc_mta_server(rng, c_key_material1['paillier_pk'], gamma1, ca)
+ alpha2 = mpc.mpc_mta_client2(key_material2['paillier_sk'], cb)
+
+ # Partial sums
+ print("[Alice] Combine partial sum delta1 for kgamma")
+ delta1 = mpc.mpc_sum_mta(k1, gamma1, alpha1, beta1)
+
+ print("[Bob] Combine partial sum delta2 for kgamma")
+ delta2 = mpc.mpc_sum_mta(k2, gamma2, alpha2, beta2)
+
+ ## Engage in MTA with k_i, sk_j
+
+ # k1, sk2
+ print("[Alice] Engage in MTA with k1, s2")
+ ca = mpc.mpc_mta_client1(rng, key_material1['paillier_pk'], k1)
+ cb, beta2 = mpc.mpc_mta_server(rng, c_key_material2['paillier_pk'], key_material2['ecdsa_sk'], ca)
+ alpha1 = mpc.mpc_mta_client2(key_material1['paillier_sk'], cb)
+
+ # k2, sk1
+ print("[Bob] Engage in MTA with k2, s1")
+ ca = mpc.mpc_mta_client1(rng, key_material2['paillier_pk'], k2)
+ cb, beta1 = mpc.mpc_mta_server(rng, c_key_material1['paillier_pk'], key_material1['ecdsa_sk'], ca)
+ alpha2 = mpc.mpc_mta_client2(key_material2['paillier_sk'], cb)
+
+ # Partial sums
+ print("[Alice] Combine partial sum sigma1 for kw")
+ sigma1 = mpc.mpc_sum_mta(k1, key_material1['ecdsa_sk'], alpha1, beta1)
+
+ print("[Bob] Combine partial sum sigma2 for kw")
+ sigma2 = mpc.mpc_sum_mta(k2, key_material2['ecdsa_sk'], alpha2, beta2)
+
+ ## Decommitment and Proofs for R component
+
+ # Generate Schnorr's Proofs
+ print("[Alice] Generate Schnorr's Proof")
+ GAMMA_schnorr_r1, GAMMA_schnorr_c1 = schnorr.commit(rng)
+ GAMMA_schnorr_e1 = schnorr.challenge(GAMMA1, GAMMA_schnorr_c1)
+ GAMMA_schnorr_p1 = schnorr.prove(GAMMA_schnorr_r1, GAMMA_schnorr_e1, gamma1)
+
+ print("[Bob] Generate Schnorr's Proof")
+ GAMMA_schnorr_r2, GAMMA_schnorr_c2 = schnorr.commit(rng)
+ GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2)
+ GAMMA_schnorr_p2 = schnorr.prove(GAMMA_schnorr_r2, GAMMA_schnorr_e2, gamma2)
+
+ print("[Alice] Transmit decommitment and Schnorr Proof for GAMMA1")
+ print("[Bob] Transmit decommitment and Schnorr Proof for GAMMA2")
+
+ # Decommit GAMMAi and verify Schnorr Proof
+ rc = commitments.nm_decommit(GAMMA2, GAMMAR2, GAMMAC2)
+ assert rc == commitments.OK, f'[Alice] Error decommitting GAMMA2. rc {rc}'
+
+ GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2)
+ rc = schnorr.verify(GAMMA2, GAMMA_schnorr_c2, GAMMA_schnorr_e2, GAMMA_schnorr_p2)
+ assert rc == schnorr.OK, f'[Alice] Error verifying Schnorr proof for GAMMA2'
+
+ rc = commitments.nm_decommit(GAMMA1, GAMMAR1, GAMMAC1)
+ assert rc == commitments.OK, f'[Bob] Error decommitting GAMMA1. rc {rc}'
+
+ GAMMA_schnorr_e1 = schnorr.challenge(GAMMA1, GAMMA_schnorr_c1)
+ rc = schnorr.verify(GAMMA1, GAMMA_schnorr_c1, GAMMA_schnorr_e1, GAMMA_schnorr_p1)
+ assert rc == schnorr.OK, f'[Bob] Error verifying Schnorr proof for GAMMA1'
+
+ ## Reconcile R component
+ print("[Alice] Recombine kgamma^(-1)")
+ ikgamma1 = mpc.mpc_invkgamma(delta1, delta2)
+ rc, R1, _ = mpc.mpc_r(ikgamma1, GAMMA1, GAMMA2)
+ assert rc == 0, f'[Alice] Error reconciling R. rc {rc}'
+
+ print("[Bob] Recombine kgamma^(-1)")
+ ikgamma2 = mpc.mpc_invkgamma(delta1, delta2)
+ rc, R2, _ = mpc.mpc_r(ikgamma2, GAMMA1, GAMMA2)
+ assert rc == 0, f'[Bob] Error reconciling R. rc {rc}'
+
+ ## Compute signature shares
+ hm = mpc.mpc_hash(M)
+
+ rc, s1 = mpc.mpc_s(hm, R1, k1, sigma1)
+ assert rc == 0, f'[Alice] Error computing signature share s1'
+
+ rc, s2 = mpc.mpc_s(hm, R2, k2, sigma2)
+ assert rc == 0, f'[Bob] Error computing signature share s1'
+
+ ## Reconcile S component
+
+ # Commit to signature shares
+ print("[Alice] Transmit commitment signature share s1")
+ SR1, SC1 = commitments.nm_commit(rng, s1)
+
+ print("[Bob] Transmit commitment signature share s2")
+ SR2, SC2 = commitments.nm_commit(rng, s2)
+
+ # Decommit signature shares and combine
+ print("[Alice] Decommit s2")
+ rc = commitments.nm_decommit(s2, SR2, SC2)
+ assert rc == 0, f'[Alice] Error decommitting s2. rc {rc}'
+
+ print("[Bob] Decommit s1")
+ rc = commitments.nm_decommit(s1, SR1, SC1)
+ assert rc == 0, f'[Bob] Error decommitting s1. rc {rc}'
+
+ print("[Alice] Recombine S component")
+ S1 = mpc.mpc_sum_s(s1, s2)
+
+ print("[Bob] Recombine S component")
+ S2 = mpc.mpc_sum_s(s1, s2)
+
+ rc = mpc.mpc_ecdsa_verify(hm, ecdsa_full_pk1, R1, S1)
+ assert rc == 0, f'[Alice] Invalid reconstructed signature'
+
+ rc = mpc.mpc_ecdsa_verify(hm, ecdsa_full_pk2, R2, S2)
+ assert rc == 0, f'[Bob] Invalid reconstructed signature'
+
+ assert R1 == R2, f'R component is different:\n{R1}\n{R2}'
+ assert S1 == S2, f'S component is different:\n{S1}\n{S2}'
+
+ print('\nReconstructed signature')
+ print(f'\tR = {R1.hex()}')
+ print(f'\tS = {S1.hex()}')
[incubator-milagro-MPC] 01/05: Add custom functions for keys and k
generation
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 177a37e66421e98e45b6c973071f51d6bd6a0c1a
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 16:22:14 2020 +0000
Add custom functions for keys and k generation
---
examples/example_ecdsa.c | 65 +++++++-------------------------------
examples/example_ecdsa_mpc.c | 5 ++-
examples/example_full.c | 13 +++-----
include/amcl/mpc.h | 20 ++++++++++++
src/mpc.c | 43 ++++++++++++++++++++++++-
test/smoke/test_ecdsa_smoke.c | 73 +++++++++----------------------------------
6 files changed, 94 insertions(+), 125 deletions(-)
diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c
index be43f53..8da4bd2 100644
--- a/examples/example_ecdsa.c
+++ b/examples/example_ecdsa.c
@@ -136,11 +136,6 @@ int test(csprng *RNG)
char hm[32];
octet HM = {0,sizeof(hm),hm};
- char nc_ecp[2 * EFS_SECP256K1 + 1];
- octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp};
-
- ECP_SECP256K1 P;
-
printf("Generating Paillier key pair one\n");
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1);
@@ -148,16 +143,7 @@ int test(csprng *RNG)
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2);
printf("Generating ECDSA key pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK1, &P, true);
-
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1);
rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
if (rc!=0)
{
@@ -166,64 +152,37 @@ int test(csprng *RNG)
}
printf("Generating ECDSA key pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP);
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
- if (rc!=0)
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2);
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating K1\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K1);
printf("Generating K2\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K2);
OCT_jstring(&M,"test message");
printf("M: ");
diff --git a/examples/example_ecdsa_mpc.c b/examples/example_ecdsa_mpc.c
index 87dba95..cba4c96 100644
--- a/examples/example_ecdsa_mpc.c
+++ b/examples/example_ecdsa_mpc.c
@@ -30,7 +30,7 @@ int main()
char sk[EGS_SECP256K1];
octet SK = {0,sizeof(sk),sk};
- char pk[2*EFS_SECP256K1+1];
+ char pk[EFS_SECP256K1+1];
octet PK = {0,sizeof(pk),pk};
char k[EGS_SECP256K1];
@@ -49,8 +49,7 @@ int main()
char* sk_hex = "2f7b34cc0194179865128b63dc8af0c4062067291693e8043eda653d32a2b2d2";
OCT_fromHex(&SK,sk_hex);
- // ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&SK,&PK);
- ECP_SECP256K1_KEY_PAIR_GENERATE(NULL,&SK,&PK);
+ MPC_ECDSA_KEY_PAIR_GENERATE(NULL,&SK,&PK);
rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
if (rc!=0)
{
diff --git a/examples/example_full.c b/examples/example_full.c
index dd5dd9a..c45dd69 100644
--- a/examples/example_full.c
+++ b/examples/example_full.c
@@ -53,7 +53,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
{
int rc;
- char pk[2 * EFS_SECP256K1 + 1];
+ char pk[EFS_SECP256K1 + 1];
octet PK = {0, sizeof(pk), pk};
char out[2][FS_2048];
@@ -65,12 +65,7 @@ int generate_key_material(csprng *RNG, key_material *km, octet *P, octet *Q)
// ECDSA Key Pair
printf("\n\tGenerate ECDSA key pair\n");
- rc = ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
- if (rc != 0)
- {
- return rc;
- }
-
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, km->SK, &PK);
rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK);
if (rc != 0)
{
@@ -1297,7 +1292,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
BIG_256_56_toBytes(K1.val, k1);
K1.len = EGS_SECP256K1;
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &NCP);
ECP_SECP256K1_fromOctet(&P, &NCP);
ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
@@ -1327,7 +1322,7 @@ void signature(csprng *RNG, octet *M, key_material *alice_km, key_material *bob_
BIG_256_56_toBytes(K2.val, k2);
K2.len = EGS_SECP256K1;
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &NCP);
ECP_SECP256K1_fromOctet(&P, &NCP);
ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h
index 9e5045e..7203578 100644
--- a/include/amcl/mpc.h
+++ b/include/amcl/mpc.h
@@ -37,6 +37,17 @@ extern "C" {
#define MPC_FAIL 71 /**< Failure */
#define MPC_INVALID_ECP 72 /**< Input is not a valid point on the curve */
+/** @brief Generate an ECC public/private key pair
+ *
+ * Generat an ECC public/private key pair W = s.G, where
+ * G is a fixed public generator
+ *
+ * @param RNG is a pointer to a cryptographically secure random number generator
+ * @param S the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ * @param W the output public key, which is s.G, where G is a fixed generator
+ */
+void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W);
+
/** \brief ECDSA Sign message
*
* Generate the ECDSA signature on message, M, with outputs (R,S)
@@ -70,6 +81,15 @@ int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S);
*/
int MPC_ECDSA_VERIFY(octet *HM,octet *PK, octet *R,octet *S);
+/** \brief Generate a random K for and ECDSA signature
+ *
+ * Generate a random K modulo the curve order
+ *
+ * @param RNG Pointer to a cryptographically secure PRNG
+ * @param K Destination octet for the randomly generated value
+ */
+void MPC_K_GENERATE(csprng *RNG, octet *K);
+
/** \brief Calculate the inverse of the sum of kgamma values
*
* Calculate the inverse of the sum of kgamma values
diff --git a/src/mpc.c b/src/mpc.c
index 80babcc..6a97c46 100644
--- a/src/mpc.c
+++ b/src/mpc.c
@@ -23,6 +23,35 @@ under the License.
#include <amcl/ecdh_support.h>
#include <amcl/mpc.h>
+/* Generate ECDSA key pair */
+void MPC_ECDSA_KEY_PAIR_GENERATE(csprng *RNG, octet* S, octet *W)
+{
+
+ BIG_256_56 s, q;
+
+ ECP_SECP256K1 G;
+
+ ECP_SECP256K1_generator(&G);
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+ if (RNG!=NULL)
+ {
+ BIG_256_56_randomnum(s, q, RNG);
+
+ S->len=EGS_SECP256K1;
+ BIG_256_56_toBytes(S->val,s);
+ }
+ else
+ {
+ BIG_256_56_fromBytesLen(s, S->val, S->len);
+ }
+
+ ECP_SECP256K1_mul(&G, s);
+ ECP_SECP256K1_toOctet(W, &G, true);
+
+ BIG_256_56_zero(s);
+}
+
/* ECDSA Signature, R and S are the signature on M using private key SK */
int MPC_ECDSA_SIGN(int sha, octet *K, octet *SK, octet *M, octet *R, octet *S)
{
@@ -157,6 +186,19 @@ int MPC_ECDSA_VERIFY(octet *HM, octet *PK, octet *R,octet *S)
return res;
}
+void MPC_K_GENERATE(csprng *RNG, octet *K)
+{
+ BIG_256_56 s, q;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(s, q, RNG);
+
+ K->len=EGS_SECP256K1;
+ BIG_256_56_toBytes(K->val, s);
+
+ BIG_256_56_zero(s);
+}
+
/* Calculate the inverse of kgamma */
void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA)
{
@@ -183,7 +225,6 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA)
BIG_256_56_toBytes(INVKGAMMA->val, kgamma1);
}
-
/* Calculate the r component of the signature */
int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP)
{
diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c
index eb20072..f4e1106 100644
--- a/test/smoke/test_ecdsa_smoke.c
+++ b/test/smoke/test_ecdsa_smoke.c
@@ -136,11 +136,6 @@ int test(csprng *RNG)
char hm[32];
octet HM = {0,sizeof(hm),hm};
- char nc_ecp[2 * EFS_SECP256K1 + 1];
- octet NC_ECP = {0, sizeof(nc_ecp), nc_ecp};
-
- ECP_SECP256K1 P;
-
printf("Generating Paillier key pair one\n");
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB1, &PRIV1);
@@ -148,90 +143,50 @@ int test(csprng *RNG)
PAILLIER_KEY_PAIR(RNG, NULL, NULL, &PUB2, &PRIV2);
printf("Generating ECDSA key pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W1,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W1, &PK1);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK1 rc\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating ECDSA key pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&W2,&NC_ECP);
-
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet PK2 rc");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&PK2, &P, true);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &W2, &PK2);
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&PK2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair one\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA1,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA1, &GAMMAPT1);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT1\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT1, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT1);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating GAMMA pair two\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&GAMMA2,&NC_ECP);
+ MPC_ECDSA_KEY_PAIR_GENERATE(RNG, &GAMMA2, &GAMMAPT2);
- // Convert to compressed form
- rc=ECP_SECP256K1_fromOctet(&P, &NC_ECP);
- if (!rc)
- {
- fprintf(stderr, "ERROR ECP_SECP256K1_fromOctet GAMMAPT2\n");
- exit(EXIT_FAILURE);
- }
-
- ECP_SECP256K1_toOctet(&GAMMAPT2, &P, true);
-
- rc=ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
- if (rc!=0)
+ rc = ECP_SECP256K1_PUBLIC_KEY_VALIDATE(&GAMMAPT2);
+ if (rc != 0)
{
fprintf(stderr, "ERROR ECP_SECP256K1_PUBLIC_KEY_VALIDATE rc: %d\n", rc);
exit(EXIT_FAILURE);
}
printf("Generating K1\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K1,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K1);
printf("Generating K2\n");
- ECP_SECP256K1_KEY_PAIR_GENERATE(RNG,&K2,&NC_ECP);
+ MPC_K_GENERATE(RNG, &K2);
OCT_jstring(&M,"test message");
printf("M: ");
[incubator-milagro-MPC] 02/05: Fix doxygen
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue18-add-python-flow-example
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit b0fc8903a90e10743fe02c723ec361e40c65ba59
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Feb 26 16:22:49 2020 +0000
Fix doxygen
---
include/amcl/commitments.h | 4 ++--
include/amcl/factoring_zk.h | 4 ++--
include/amcl/mta.h | 5 +++--
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/amcl/commitments.h b/include/amcl/commitments.h
index 25e7c75..b637ee2 100644
--- a/include/amcl/commitments.h
+++ b/include/amcl/commitments.h
@@ -34,8 +34,8 @@ extern "C"
{
#endif
-#define COMMITMENTS_OK 0 /** < Success */
-#define COMMITMENTS_FAIL 81 /** < Invalid Commitment */
+#define COMMITMENTS_OK 0 /**< Success */
+#define COMMITMENTS_FAIL 81 /**< Invalid Commitment */
/* NM Commitment Scheme API */
diff --git a/include/amcl/factoring_zk.h b/include/amcl/factoring_zk.h
index bd8a81e..6f9d100 100644
--- a/include/amcl/factoring_zk.h
+++ b/include/amcl/factoring_zk.h
@@ -45,8 +45,8 @@ extern "C"
#define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */
-#define FACTORING_ZK_OK 0 /** < Proof successfully verified */
-#define FACTORING_ZK_FAIL 91 /** < Invalid proof */
+#define FACTORING_ZK_OK 0 /**< Proof successfully verified */
+#define FACTORING_ZK_FAIL 91 /**< Invalid proof */
/** \brief Prove knowledge of the modulus m in ZK
*
diff --git a/include/amcl/mta.h b/include/amcl/mta.h
index 824989e..ea975b6 100644
--- a/include/amcl/mta.h
+++ b/include/amcl/mta.h
@@ -120,7 +120,7 @@ void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
*
* <ol>
* <li> \f$ e \in_R [0, \ldots, q] \f$
- * <ol>
+ * </ol>
*
* @param RNG csprng for random generation
* @param E Destination octet for the challenge.
@@ -481,7 +481,7 @@ typedef MTA_ZK_proof MTA_ZKWC_proof;
* <li> \f$ t = h_1^{y}h_2^{\sigma} \text{ }\mathrm{mod}\text{ }\tilde{N} \f$
* <li> \f$ w = h_1^{\gamma}h_2^{\tau} \text{ }\mathrm{mod}\text{ }\tilde{N} \f$
* <li> \f$ v = c1^{\alpha}g^{\gamma}\beta^{N} \text{ }\mathrm{mod}\text{ }N^2 \f$
- * <li> \f$ U = \alpha.G
+ * <li> \f$ U = \alpha.G \f$
* </ol>
*
* @param RNG csprng for random generation
@@ -507,6 +507,7 @@ extern void MTA_ZKWC_commit(csprng *RNG, PAILLIER_public_key *key, COMMITMENTS_B
* @param mod Public BC modulus of the verifier
* @param C1 Base Paillier Ciphertext
* @param C2 New Paillier Ciphertext to prove knowledge and range
+ * @param X Public exponent of the associated DLOG to prove knowledge
* @param c Commitment of the prover
* @param E Destination challenge
*/