Created
December 28, 2017 12:37
-
-
Save HarryR/8e76cd0ed98e019dc76bc26a781266c1 to your computer and use it in GitHub Desktop.
AOS ring signature using two keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
from py_ecc import bn128 | |
from random import randint | |
from hashlib import sha256 | |
from py_ecc.bn128 import add, multiply, curve_order, G1 | |
def bytes_to_int(x): | |
o = 0 | |
for b in x: | |
o = (o << 8) + ord(b) | |
return o | |
rands = lambda: randint(1, curve_order - 1) | |
sbmul = lambda s: multiply(G1, s) | |
hashs = lambda *x: bytes_to_int(sha256('.'.join(['%X' for _ in range(0, len(x))]) % x).digest()) % curve_order | |
hashp = lambda *x: hashs(*[item.n for sublist in x for item in sublist]) | |
addmod = lambda x, y: (x + y) % curve_order | |
mulmod = lambda x, y: (x * y) % curve_order | |
submod = lambda x, y: (x - y) % curve_order | |
# Secret keys | |
x0 = rands() | |
x1 = rands() | |
# Public keys | |
P0 = sbmul(x0) | |
P1 = sbmul(x1) | |
# Random intermediate scalars | |
alpha = rands() | |
t0 = rands() | |
t1 = rands() | |
# Initial ring computation, using random values | |
link1 = add(sbmul(t1), multiply(P1, alpha)) | |
result1 = hashp(link1) | |
link0 = add(sbmul(t0), multiply(P0, result1)) | |
result0 = hashp(link0) | |
# Then close the ring, which proves we know the secret for one ring item | |
t1 = addmod(t1, mulmod(x1, submod(alpha, result0))) | |
# Then re-verify the ring | |
seed = result1 | |
vlink0 = add(sbmul(t0), multiply(P0, seed)) | |
vresult0 = hashp(vlink0) | |
vlink1 = add(sbmul(t1), multiply(P1, vresult0)) | |
vresult1 = hashp(vlink1) | |
# Ring consists of: | |
# P0, P1, t0, t1, seed | |
print("result0", result0) | |
print("vresult0", vresult0) | |
print("result1", result1) | |
print("vresult1", vresult1) | |
print("link0", link0) | |
print("link1", link1) | |
print("vlink0", vlink0) | |
print("vlink1", vlink1) | |
# Public verification | |
print("verify result 0", vresult0 == result0) | |
print("verify result 1", vresult1 == result1) | |
print("verify ring", seed == vresult1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment