本文整理汇总了Golang中github.com/dedis/crypto/abstract.Suite.Cipher方法的典型用法代码示例。如果您正苦于以下问题:Golang Suite.Cipher方法的具体用法?Golang Suite.Cipher怎么用?Golang Suite.Cipher使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/dedis/crypto/abstract.Suite的用法示例。
在下文中一共展示了Suite.Cipher方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: SchnorrVerify
// Checks the signature against
// the message
func SchnorrVerify(suite abstract.Suite,
kp SchnorrPublicKey,
msg []byte, sig []byte) (bool, error) {
buf := bytes.NewBuffer(sig)
signature := SchnorrSignature{}
err := abstract.Read(buf, &signature, suite)
if err != nil {
return false, err
}
s := signature.S
e := signature.E
var gs, ye, r abstract.Point
gs = suite.Point().Mul(nil, s) // g^s
ye = suite.Point().Mul(kp.Y, e) // y^e
r = suite.Point().Add(gs, ye) // g^xy^e
r_bin, _ := r.MarshalBinary()
msg_and_r := append(msg, r_bin...)
hasher := sha3.New256()
hasher.Write(msg_and_r)
h := hasher.Sum(nil)
// again I'm hoping this just reads the state out
// and doesn't actually perform any ops
lct := suite.Cipher(h)
ev := suite.Secret().Pick(lct)
return ev.Equal(e), nil
}示例2: ShuffleDecrypt
// ShuffleDecrypt performs a shuffle and partial decyption of the given ciphertexts, producing correctness
// proofs in the process
func ShuffleDecrypt(suite abstract.Suite, ciphertexts []*elgamal.CipherText,
pks []*elgamal.PubKey, sk *elgamal.PriKey, nonce string, position int) (*VerifiableShuffle, error) {
amount := len(ciphertexts)
if amount == 0 {
panic("Can't shuffle 0 ciphertexts")
}
c1, c2 := elgamal.Unpack(ciphertexts)
// The ciphertexts are encrypted against these public keys; it still includes ours
// The proof of the shuffle will also be w.r.t. this public key
sumpk := elgamal.SumKeys(pks[position:])
// Do the shuffle, create a proof of its correctness
shuffledC1, shuffledC2, prover := shuffle.Shuffle(suite, sumpk.Base, sumpk.Key, c1, c2, suite.Cipher(nil))
shuffleProof, err := proof.HashProve(suite, "ElGamalShuffle"+nonce, suite.Cipher(nil), prover)
if err != nil {
return nil, err
}
shuffled := elgamal.Pack(shuffledC1, shuffledC2)
// Do the partial decryption, create a proof of its correctness
decryptionProofs, decrypted := make([][]byte, amount), make([]*elgamal.CipherText, amount)
for i := range shuffledC1 {
decrypted[i], decryptionProofs[i], err = sk.PartialProofDecrypt(shuffled[i], nonce)
if err != nil {
return nil, err
}
}
return &VerifiableShuffle{shuffled, decrypted, decryptionProofs, shuffleProof}, nil
}示例3: GenerateZ
/* GenerateZ takes some random agreed information and creates
Z the "public-only" key that is witness-independent as per
the paper. We've probably broken that slightly in this implementation
because I could not pick a point without generating it
via a Secret, instead of directly via a Point - that is, even as a
32-byte string, we cannot decode on C25519 (and this wouldn't work
for abstract suites anyway).
However, it demonstrates the idea.
*/
func GenerateZ(suite abstract.Suite, info []byte) (abstract.Point, error) {
hasher := sha3.New256()
hasher.Write(info)
zraw := hasher.Sum(nil)
//I think this might be cheating
zrawCt := suite.Cipher(zraw)
zfactor := suite.Secret().Pick(zrawCt)
Z := suite.Point()
Z.Mul(nil, zfactor)
// every 32-bit integer exists on Curve25519 only if we have the fullgroup
// this should work, but doesn't.
/*var Z abstract.Point
zrawBuf := bytes.NewBuffer(zraw)
err := abstract.Read(zrawBuf, &Z, suite);
if err != nil {
return nil, err
}*/
return Z, nil
}示例4: NewShuffler
func NewShuffler(suite abstract.Suite, id, k, N int) *shuffler {
rand := suite.Cipher([]byte(fmt.Sprintf("key%d", id)))
// This server's own keypair.
h := suite.Secret().Pick(rand)
H := suite.Point().Mul(nil, h)
// The keypairs for the other servers.
HH := make([]abstract.Point, N)
for i := 0; i < N; i++ {
r := suite.Cipher([]byte(fmt.Sprintf("key%d", i)))
x := suite.Secret().Pick(r)
HH[i] = suite.Point().Mul(nil, x)
}
// Constructors for use with protobuf.
cons := func(t reflect.Type) interface{} {
switch t {
case tSecret:
return suite.Secret()
case tPoint:
return suite.Point()
default:
return nil
}
}
s := &shuffler{suite, id, k, N, h, H, HH, cons, nil, nil, nil}
return s
}示例5: init
// Determine all the alternative DH point positions for a ciphersuite.
func (si *suiteInfo) init(ste abstract.Suite, nlevels int) {
si.ste = ste
si.tag = make([]uint32, nlevels)
si.pos = make([]int, nlevels)
si.plen = ste.Point().(abstract.Hiding).HideLen() // XXX
// Create a pseudo-random stream from which to pick positions
str := fmt.Sprintf("NegoCipherSuite:%s", ste.String())
rand := ste.Cipher([]byte(str))
// Alternative 0 is always at position 0, so start with level 1.
levofs := 0 // starting offset for current level
//fmt.Printf("Suite %s positions:\n", ste.String())
for i := 0; i < nlevels; i++ {
// Pick a random position within this level
var buf [4]byte
rand.XORKeyStream(buf[:], buf[:])
levlen := 1 << uint(i) // # alt positions at this level
levmask := levlen - 1 // alternative index mask
si.tag[i] = binary.BigEndian.Uint32(buf[:])
levidx := int(si.tag[i]) & levmask
si.pos[i] = levofs + levidx*si.plen
//fmt.Printf("%d: idx %d/%d pos %d\n",
// i, levidx, levlen, si.pos[i])
levofs += levlen * si.plen // next level table offset
}
// Limit of highest point field
si.max = si.pos[nlevels-1] + si.plen
}示例6: benchSign
func benchSign(suite abstract.Suite, pub []abstract.Point, pri abstract.Secret,
niter int) {
rand := suite.Cipher([]byte("example"))
for i := 0; i < niter; i++ {
Sign(suite, rand, benchMessage, Set(pub), nil, 0, pri)
}
}示例7: Decrypt
// Decrypt a message encrypted for a particular anonymity set.
// Returns the cleartext message on success, or an error on failure.
//
// The caller provides the anonymity set for which the message is intended,
// and the private key corresponding to one of the public keys in the set.
// Decrypt verifies that the message is encrypted correctly for this set -
// in particular, that it could be decrypted by ALL of the listed members -
// before returning successfully with the decrypted message.
// This verification ensures that a malicious sender
// cannot de-anonymize a receiver by constructing a ciphertext incorrectly
// so as to be decryptable by only some members of the set.
// As a side-effect, this verification also ensures plaintext-awareness:
// that is, it is infeasible for a sender to construct any ciphertext
// that will be accepted by the receiver without knowing the plaintext.
//
func Decrypt(suite abstract.Suite, ciphertext []byte, anonymitySet Set,
mine int, privateKey abstract.Secret, hide bool) ([]byte, error) {
// Decrypt and check the encrypted key-header.
xb, hdrlen, err := decryptKey(suite, ciphertext, anonymitySet,
mine, privateKey, hide)
if err != nil {
return nil, err
}
// Determine the message layout
cipher := suite.Cipher(xb)
maclen := cipher.KeySize()
if len(ciphertext) < hdrlen+maclen {
return nil, errors.New("ciphertext too short")
}
hdrhi := hdrlen
msghi := len(ciphertext) - maclen
// Decrypt the message and check the MAC
ctx := ciphertext[hdrhi:msghi]
mac := ciphertext[msghi:]
msg := make([]byte, len(ctx))
cipher.Message(msg, ctx, ctx)
cipher.Partial(mac, mac, nil)
if subtle.ConstantTimeAllEq(mac, 0) == 0 {
return nil, errors.New("invalid ciphertext: failed MAC check")
}
return msg, nil
}示例8: newHashProver
func newHashProver(suite abstract.Suite, protoName string,
rand abstract.Cipher) *hashProver {
var sc hashProver
sc.suite = suite
sc.pubrand = suite.Cipher([]byte(protoName))
sc.prirand = rand
return &sc
}示例9: Verify
// Verify checks a signature generated by Sign.
//
// The caller provides the message, anonymity set, and linkage scope
// with which the signature was purportedly produced.
// If the signature is a valid linkable signature (linkScope != nil),
// this function returns a linkage tag that uniquely corresponds
// to the signer within the given linkScope.
// If the signature is a valid unlinkable signature (linkScope == nil),
// returns an empty but non-nil byte-slice instead of a linkage tag on success.
// Returns a nil linkage tag and an error if the signature is invalid.
func Verify(suite abstract.Suite, message []byte, anonymitySet Set,
linkScope []byte, signatureBuffer []byte) ([]byte, error) {
n := len(anonymitySet) // anonymity set size
L := []abstract.Point(anonymitySet) // public keys in ring
// Decode the signature
buf := bytes.NewBuffer(signatureBuffer)
var linkBase, linkTag abstract.Point
sig := lSig{}
sig.S = make([]abstract.Scalar, n)
if linkScope != nil { // linkable ring signature
if err := suite.Read(buf, &sig); err != nil {
return nil, err
}
linkStream := suite.Cipher(linkScope)
linkBase, _ = suite.Point().Pick(nil, linkStream)
linkTag = sig.Tag
} else { // unlinkable ring signature
if err := suite.Read(buf, &sig.C0); err != nil {
return nil, err
}
if err := suite.Read(buf, &sig.S); err != nil {
return nil, err
}
}
// Pre-hash the ring-position-invariant parameters to H1.
H1pre := signH1pre(suite, linkScope, linkTag, message)
// Verify the signature
var P, PG, PH abstract.Point
P = suite.Point()
PG = suite.Point()
if linkScope != nil {
PH = suite.Point()
}
s := sig.S
ci := sig.C0
for i := 0; i < n; i++ {
PG.Add(PG.Mul(nil, s[i]), P.Mul(L[i], ci))
if linkScope != nil {
PH.Add(PH.Mul(linkBase, s[i]), P.Mul(linkTag, ci))
}
ci = signH1(suite, H1pre, PG, PH)
}
if !ci.Equal(sig.C0) {
return nil, errors.New("invalid signature")
}
// Return the re-encoded linkage tag, for uniqueness checking
if linkScope != nil {
tag, _ := linkTag.MarshalBinary()
return tag, nil
} else {
return []byte{}, nil
}
}示例10: GenerateKeyPair
// GenerateKeyPair generates a new random private/public keypair in the specified group
func GenerateKeyPair(suite abstract.Suite) (*PriKey, *PubKey) {
secret := suite.Secret().Pick(suite.Cipher(nil))
base := suite.Point().Base()
pk := PubKey{suite, base, suite.Point().Mul(base, secret)}
sk := PriKey{pk, secret}
return &sk, &pk
}示例11: signH1pre
func signH1pre(suite abstract.Suite, linkScope []byte, linkTag abstract.Point,
message []byte) abstract.Cipher {
H1pre := suite.Cipher(message) // m
if linkScope != nil {
H1pre.Write(linkScope) // L
tag, _ := linkTag.MarshalBinary()
H1pre.Write(tag) // ~y
}
return H1pre
}示例12: ClientSignBlindly
/* This is the function that given the client's challenge and response from the server is able to
compute the final blind signature. This is done on the user side (blindly to the signer). */
func ClientSignBlindly(suite abstract.Suite, clientParameters WISchnorrClientParamersList, responseMsg WISchnorrResponseMessage, pubKey SchnorrPublicKey, msg []byte) (WIBlindSignature, bool) {
rho := suite.Secret()
omega := suite.Secret()
sigma := suite.Secret()
delta := suite.Secret()
rho.Add(responseMsg.R, clientParameters.T1)
omega.Add(responseMsg.C, clientParameters.T2)
sigma.Add(responseMsg.S, clientParameters.T3)
delta.Add(responseMsg.D, clientParameters.T4)
gp := suite.Point()
gp.Mul(nil, rho)
yw := suite.Point()
yw.Mul(pubKey.Y, omega)
gpyw := suite.Point()
gpyw.Add(gp, yw)
bGpyw, _ := gpyw.MarshalBinary()
gs := suite.Point()
gs.Mul(nil, sigma)
zd := suite.Point()
zd.Mul(clientParameters.Z, delta)
gszd := suite.Point()
gszd.Add(gs, zd)
bGszd, _ := gszd.MarshalBinary()
bZ, _ := clientParameters.Z.MarshalBinary()
var combinedmsg []byte
combinedmsg = append(combinedmsg, bGpyw...)
combinedmsg = append(combinedmsg, bGszd...)
combinedmsg = append(combinedmsg, bZ...)
combinedmsg = append(combinedmsg, msg...)
hasher := sha3.New256()
hasher.Write(combinedmsg)
bSig := hasher.Sum(nil)
bSigCt := suite.Cipher(bSig)
sig := suite.Secret().Pick(bSigCt)
vsig := suite.Secret()
vsig.Add(omega, delta)
//fmt.Println(sig)
//fmt.Println(vsig)
return WIBlindSignature{rho, omega, sigma, delta}, sig.Equal(vsig)
}示例13: newHashVerifier
func newHashVerifier(suite abstract.Suite, protoName string,
proof []byte) *hashVerifier {
var c hashVerifier
if _, err := c.proof.Write(proof); err != nil {
panic("Buffer.Write failed")
}
c.suite = suite
c.prbuf = c.proof.Bytes()
c.pubrand = suite.Cipher([]byte(protoName))
return &c
}示例14: SchnorrMUnmarshallCCComputeResponse
// (Server side) This function reads the collective challenge
// from the wire, generates and serializes a response
// to that as a raw "secret"
func SchnorrMUnmarshallCCComputeResponse(suite abstract.Suite,
kv SchnorrKeyset,
privatecommit SchnorrMPrivateCommitment,
cc []byte) SchnorrMResponse {
hct := suite.Cipher(cc)
c := suite.Secret().Pick(hct)
r := suite.Secret()
r.Mul(c, kv.X).Sub(privatecommit.V, r)
return SchnorrMResponse{r}
}示例15: hash
func hash(suite abstract.Suite, r abstract.Point, msg []byte) (abstract.Scalar, error) {
rBuf, err := r.MarshalBinary()
if err != nil {
return nil, err
}
cipher := suite.Cipher(rBuf)
cipher.Message(nil, nil, msg)
// (re)compute challenge (e)
e := suite.Scalar().Pick(cipher)
return e, nil
}