'''
**Chen-Wee Dual System Signature (CW13)**
*Authors:* J. Chen, H. Wee
| **Title:** "Dual System Groups and its Applications - Compact HIBE and More"
| **Published in:** Manuscript, 2013
| **Available from:** Manuscript
| **Notes:** Optimized implementation reducing exponential and multiplication operations.
.. rubric:: Scheme Properties
* **Type:** signature (identity-based)
* **Setting:** bilinear groups (asymmetric)
* **Assumption:** SXDH
.. rubric:: Implementation
:Authors: Fan Zhang (zfwise@gwu.edu), Hoeteck Wee
:Date: 5/2013
'''
from charm.toolbox.pairinggroup import PairingGroup,ZR,G1,G2,GT,pair
from charm.core.crypto.cryptobase import *
from charm.toolbox.PKSig import PKSig
from charm.toolbox.matrixops import *
debug = False
[docs]
class Sign_CW13(PKSig):
def __init__(self, groupObj):
PKSig.__init__(self)
global group
group = groupObj
[docs]
def keygen(self):
g2 = group.random(G1) #generator in G1
g1 = group.random(G2) #generator in G2
#generate B and B*
B = [[group.random(ZR), group.random(ZR)],[group.random(ZR), group.random(ZR)]]
Bt = MatrixTransGroups(B)
Bstar= [GaussEliminationinGroups([[Bt[0][0], Bt[0][1], group.init(ZR, 1)],
[Bt[1][0], Bt[1][1], group.init(ZR, 0)]]),
GaussEliminationinGroups([[Bt[0][0], Bt[0][1], group.init(ZR, 0)],
[Bt[1][0], Bt[1][1], group.init(ZR, 1)]])]
Bstar = MatrixTransGroups(Bstar)
## checks Bt * Bstar = identity matrix
# for i in self.MatrixMulGroups(Bt, Bstar):
# print("[%s,%s]"%(i[0],i[1]))
#generate R
R = [[group.random(ZR), group.init(ZR, 0)],
[group.init(ZR, 0), group.init(ZR, 1)]]
#generate A1 and A2
A1 =[[group.random(ZR), group.random(ZR)],
[group.random(ZR), group.random(ZR)]]
A2 =[[group.random(ZR), group.random(ZR)],
[group.random(ZR), group.random(ZR)]]
k = [group.random(ZR),group.random(ZR)] #k is a 2 dimentional vector
BA1 = MatrixMulGroups(B,A1)
BA2 = MatrixMulGroups(B,A2)
BsR = MatrixMulGroups(Bstar,R)
BsA1R = MatrixMulGroups(MatrixMulGroups(Bstar, MatrixTransGroups(A1)),R)
BsA2R = MatrixMulGroups(MatrixMulGroups(Bstar, MatrixTransGroups(A2)),R)
b0 = [B[0][0],B[1][0]]
b1 = [BA1[0][0],BA1[1][0]]
b2 = [BA2[0][0],BA2[1][0]]
b0s = [BsR[0][0],BsR[1][0]]
b1s = [BsA1R[0][0],BsA1R[1][0]]
b2s = [BsA2R[0][0],BsA2R[1][0]]
#generate the mpk
g1b0 = [g1**b0[0], g1**b0[1]]
g1b1 = [g1**b1[0], g1**b1[1]]
g1b2 = [g1**b2[0], g1**b2[1]]
egg = (pair(g2, g1)) ** (k[0]*b0[0] + k[1]*b0[1])
pk = {'g1':g1, 'g2':g2, 'g1b0':g1b0, 'g1b1':g1b1, 'g1b2': g1b2, 'egg':egg}
#generate private parameters
sk = { 'k':k, 'b0s':b0s, 'b1s':b1s,'b2s':b2s}
if(debug):
print("Public parameters...")
group.debug(pk)
print("Secret parameters...")
group.debug(sk)
return (pk, sk)
[docs]
def sign(self, pk, sk, m):
#_ID is an element in ZR, r is an random number in ZR
M = group.hash(m, ZR)
r = group.random(ZR)
sig = {'K0': [pk['g2']**(sk['b0s'][0]*r),
pk['g2']**(sk['b0s'][1]*r)],
'K1': [pk['g2']**(sk['k'][0] + (sk['b2s'][0]+M*sk['b1s'][0])*r),
pk['g2']**(sk['k'][1] + (sk['b2s'][1]+M*sk['b1s'][1])*r)]}
return sig
[docs]
def verify(self, pk, sig, m):
M = group.hash(m,ZR)
C0 = [pk['g1b0'][0], pk['g1b0'][1]]
C1 = [(pk['g1b2'][0]*(pk['g1b1'][0]**M)),
(pk['g1b2'][1]*(pk['g1b1'][1]**M))]
C2 = (pk['egg'])
mask = self.vpair(C0, sig['K1']) / self.vpair(C1, sig['K0'])
return (C2 == mask)
[docs]
def vpair(self, g1v, g2v):
return pair(g2v[0],g1v[0]) * pair(g2v[1],g1v[1])
[docs]
def main():
group = PairingGroup('MNT224', secparam=1024)
m = "plese sign this message!!!!"
pksig = Sign_CW13(group)
(pk, sk) = pksig.keygen()
signature = pksig.sign(pk, sk, m)
assert pksig.verify(pk, signature, m), "Invalid Verification!!!!"
if debug: print("Successful Individual Verification!")
if __name__ == '__main__':
debug = True
main()