Source code for chamhash_rsa_hw09

''' 
Hohenberger-Waters Chameleon Hash (RSA-based)
based on the scheme of Ateneise and de Medeiros
 
 | From: "S. Hohenberger, B. Waters. Realizing Hash-and-Sign Signatures under Standard Assumptions", Appendix A.
 | Published in: Eurocrypt 2009
 | Available from: http://eprint.iacr.org/2009/028.pdf
 | Notes: 

 * type:       hash function (chameleon)
 * setting:      RSA
 * assumption:   RSA

:Author:    J. Ayo Akinyele
:Date:      1/2011
'''

from charm.toolbox.Hash import ChamHash,Hash
from charm.toolbox.integergroup import IntegerGroupQ,gcd
from charm.toolbox.conversion import Conversion

debug=False
[docs]class ChamHash_HW09(ChamHash): """ >>> from charm.core.math.integer import integer >>> p = integer(164960892556379843852747960442703555069442262500242170785496141408191025653791149960117681934982863436763270287998062485836533436731979391762052869620652382502450810563192532079839617163226459506619269739544815249458016088505187490329968102214003929285843634017082702266003694786919671197914296386150563930299) >>> q = integer(82480446278189921926373980221351777534721131250121085392748070704095512826895574980058840967491431718381635143999031242918266718365989695881026434810326191251225405281596266039919808581613229753309634869772407624729008044252593745164984051107001964642921817008541351133001847393459835598957148193075281965149) >>> chamHash = ChamHash_HW09() >>> (public_key, secret_key) = chamHash.paramgen(1024, p, q) >>> msg = "Hello world this is the message!" >>> (hash1, r) = chamHash.hash(public_key, msg) >>> (hash2, r) = chamHash.hash(public_key, msg, r) >>> hash1 == hash2 True """ def __init__(self): global group group = IntegerGroupQ(0)
[docs] def paramgen(self, secparam, p = 0, q = 0): # If we're given p, q, compute N = p*q. Otherwise select random p, q if not (p == 0 or q == 0): N = p * q if debug: print("p :=", p) if debug: print("q :=", q) else: group.paramgen(secparam) p, q = group.p, group.q N = p * q phi_N = (p-1)*(q-1) J = group.random(N) e = group.random(phi_N) while (not gcd(e, phi_N) == 1): e = group.random(phi_N) pk = { 'secparam': secparam, 'N': N, 'J': J, 'e': e } sk = { 'p': p, 'q': q } return (pk, sk)
[docs] def hash(self, pk, message, r = 0): N, J, e = pk['N'], pk['J'], pk['e'] if r == 0: r = group.random(N) M = Conversion.bytes2integer(message) h = ((J ** M) * (r ** e)) % N return (h, r)