Created
December 29, 2017 21:43
-
-
Save HarryR/be147a3a2704c15b87f139c3703fdc96 to your computer and use it in GitHub Desktop.
Borrito ring signature test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
from py_ecc import bn128 | |
from random import randint | |
from hashlib import sha256 | |
from py_ecc.bn128 import add, multiply, curve_order, G1 | |
from py_ecc.bn128.bn128_field_elements import inv | |
bytes_to_int = lambda x: reduce(lambda o, b: (o << 8) + ord(b), [0] + list(x)) | |
rands = lambda: randint(1, curve_order - 1) | |
sbmul = lambda s: multiply(G1, s) | |
hashs = lambda *x: bytes_to_int(sha256('.'.join(['%X' for _ in range(0, len(x))]) % x).digest()) % curve_order | |
hashp = lambda *x: hashs(*[item.n for sublist in x for item in sublist]) | |
addmod = lambda x, y: (x + y) % curve_order | |
mulmod = lambda x, y: (x * y) % curve_order | |
submod = lambda x, y: (x - y) % curve_order | |
def borrito_randkeys(n=4): | |
skeys = [rands() for _ in range(0, n)] | |
pkeys = [sbmul(sk) for sk in skeys] | |
i = randint(0, n-1) | |
return pkeys, (pkeys[i], skeys[i]) | |
def borrito_sign(pkeys, mypair, tees=None, alpha=None): | |
mypk, mysk = mypair | |
myidx = pkeys.index(mypk) | |
tees = tees or [rands() for _ in range(0, len(pkeys))] | |
cees = [0 for _ in range(0, len(pkeys))] | |
alpha = alpha or rands() | |
i = myidx | |
n = 0 | |
while n < len(pkeys): | |
idx = i % len(pkeys) | |
c = alpha if n == 0 else cees[idx-1] | |
cees[idx] = hashp(add(sbmul(c), multiply(pkeys[idx], tees[idx]))) | |
n += 1 | |
i += 1 | |
# Then close the ring, which proves we know the secret for one ring item | |
alpha_gap = submod(alpha, cees[myidx-1]) | |
tees[myidx] = mulmod(addmod(alpha_gap, mulmod(mysk, tees[myidx])), inv(mysk, curve_order)) | |
return pkeys, tees, cees[-1] | |
def borrito_check(pkeys, tees, seed): | |
c = seed | |
for i, pkey in enumerate(pkeys): | |
c = hashp(add(sbmul(c or seed), multiply(pkey, tees[i]))) | |
return c == seed | |
if __name__ == "__main__": | |
print(borrito_check(*borrito_sign(*borrito_randkeys(10)))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment