Last active
December 28, 2017 03:08
-
-
Save HarryR/ab46a08393648fbda120a44974fd5fbf to your computer and use it in GitHub Desktop.
Two key ring signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
from py_ecc import bn128 | |
from random import randint | |
from hashlib import sha256 | |
from py_ecc.bn128 import add, multiply, curve_order, G1 | |
def bytes_to_int(x): | |
o = 0 | |
for b in x: | |
o = (o << 8) + ord(b) | |
return o | |
rands = lambda: randint(1, curve_order - 1) | |
sbmul = lambda s: multiply(G1, s) | |
hashs = lambda *x: bytes_to_int(sha256('.'.join(['%X' for _ in range(0, len(x))]) % x).digest()) % curve_order | |
hashp = lambda *x: hashs(*[item.n for sublist in x for item in sublist]) | |
addmod = lambda x, y: (x + y) % curve_order | |
mulmod = lambda x, y: (x * y) % curve_order | |
submod = lambda x, y: (x - y) % curve_order | |
negmod = lambda x: -x % curve_order | |
# Secret keys | |
x0 = rands() | |
x1 = rands() | |
# Public keys | |
P0 = sbmul(x0) | |
P1 = sbmul(x1) | |
# Random intermediate scalars | |
c0 = rands() | |
c1 = rands() | |
t0 = rands() | |
t1 = rands() | |
# Initial ring computation, using random values | |
link0 = add(sbmul(t0), multiply(P0, c0)) | |
link1 = add(sbmul(t1), multiply(P1, c1)) | |
result = hashp(link0, link1) | |
# Then close the ring, which proves we know the secret for one ring item | |
tmpc1 = c1 | |
c1 = submod(result, c0) | |
t1 = addmod(t1, mulmod(x1, submod(tmpc1, c1))) | |
# Then re-verify the ring | |
vlink0 = add(sbmul(t0), multiply(P0, c0)) | |
vlink1 = add(sbmul(t1), multiply(P1, c1)) | |
vresult = hashp(vlink0, vlink1) | |
# Ring consists of: | |
# P0, P1, t0, t1, c0, c1 | |
print("result", result) | |
print("vresult", vresult) | |
print("link0", link0) | |
print("link1", link1) | |
print("vlink0", vlink0) | |
print("vlink1", vlink1) | |
print("c0", c0) | |
print("c1", c1) | |
print("c0+c1", addmod(c0, c1)) | |
# Public verification | |
verify = addmod(c0, c1) == result | |
print(verify) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment