Last active
February 6, 2017 01:28
-
-
Save chris-wood/841399b61e44ccf78c97281fbe6167cb to your computer and use it in GitHub Desktop.
Randomizable ECC encryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sage -python | |
from sage.all import * | |
import random | |
def generate_blind(n): | |
r = 0 | |
rinv = 0 | |
while True: | |
r = random.randint(1, n - 1) | |
try: | |
rinv = inverse_mod(r, n) | |
break | |
except: | |
pass | |
return r, rinv | |
# Curve25519 domain parameters for the group | |
curve = EllipticCurve(GF(2**255-19), [0,486662,0,1,0]) | |
base = curve.gen(0) | |
n = base.order() | |
gen_random = lambda : random.randint(1, n - 1) | |
# Server generates a random key pair (k, kP) | |
k = gen_random() | |
pk = base * k | |
# Client generates random input to be encrypted (= sP) | |
token = base * gen_random() | |
# Client randomly blinds the input to be encrypted (= rsP) | |
r, rinv = generate_blind(n) | |
token = token * r | |
# Encrypt the token (= krsP) | |
sig = token * k | |
# Unblind the token and the encrypted value | |
token = token * rinv | |
sig = sig * rinv | |
# Assert that the unblinded message and ciphertext pair is valid | |
assert sig == (token * k) | |
# ... time passes | |
# Re-blind the token and encryption again | |
rp, rpinv = generate_blind(n) | |
tokenp = token * rp | |
sigp = sig * rp | |
# Assert that it's still a valid message, encryption tuple... | |
assert sigp == (tokenp * k) | |
# .. and that it's unique | |
assert token != tokenp | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment