diff --git a/.github/workflows/type_check.yml b/.github/workflows/type_check.yml new file mode 100644 index 0000000..3df9280 --- /dev/null +++ b/.github/workflows/type_check.yml @@ -0,0 +1,33 @@ +name: Type Check + +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: + +jobs: + type-check: + name: Type Check + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Display python version + run: python -c "import sys; print(sys.version)" + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install poetry + poetry install + + - name: Type check + run: poetry run mypy src diff --git a/.python-version b/.python-version new file mode 100644 index 0000000..6bd1074 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.9.1 diff --git a/poetry.lock b/poetry.lock index 4ec3fa0..e2bdc64 100644 --- a/poetry.lock +++ b/poetry.lock @@ -6,12 +6,132 @@ category = "main" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +[[package]] +name = "mypy" +version = "0.910" +description = "Optional static typing for Python" +category = "dev" +optional = false +python-versions = ">=3.5" + +[package.dependencies] +mypy-extensions = ">=0.4.3,<0.5.0" +toml = "*" +typed-ast = {version = ">=1.4.0,<1.5.0", markers = "python_version < \"3.8\""} +typing-extensions = ">=3.7.4" + +[package.extras] +dmypy = ["psutil (>=4.0)"] +python2 = ["typed-ast (>=1.4.0,<1.5.0)"] + +[[package]] +name = "mypy-extensions" +version = "0.4.3" +description = "Experimental type system extensions for programs checked with the mypy typechecker." +category = "dev" +optional = false +python-versions = "*" + +[[package]] +name = "toml" +version = "0.10.2" +description = "Python Library for Tom's Obvious, Minimal Language" +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" + +[[package]] +name = "typed-ast" +version = "1.4.3" +description = "a fork of Python 2 and 3 ast modules with type comment support" +category = "dev" +optional = false +python-versions = "*" + +[[package]] +name = "typing-extensions" +version = "3.10.0.2" +description = "Backported and Experimental Type Hints for Python 3.5+" +category = "dev" +optional = false +python-versions = "*" + [metadata] lock-version = "1.1" python-versions = ">= 2.7" -content-hash = "a136c9669f2194b7edf5f8075eb9de298b3fd729814215cb779cbb5c91bbd154" +content-hash = "bfb83542f91ce939617ed8f19828e960072ddea3cb5bad3e17d5396ca69f4657" [metadata.files] future = [ {file = "future-0.18.2.tar.gz", hash = "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d"}, ] +mypy = [ + {file = "mypy-0.910-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a155d80ea6cee511a3694b108c4494a39f42de11ee4e61e72bc424c490e46457"}, + {file = "mypy-0.910-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:b94e4b785e304a04ea0828759172a15add27088520dc7e49ceade7834275bedb"}, + {file = "mypy-0.910-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:088cd9c7904b4ad80bec811053272986611b84221835e079be5bcad029e79dd9"}, + {file = "mypy-0.910-cp35-cp35m-win_amd64.whl", hash = "sha256:adaeee09bfde366d2c13fe6093a7df5df83c9a2ba98638c7d76b010694db760e"}, + {file = "mypy-0.910-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:ecd2c3fe726758037234c93df7e98deb257fd15c24c9180dacf1ef829da5f921"}, + {file = "mypy-0.910-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d9dd839eb0dc1bbe866a288ba3c1afc33a202015d2ad83b31e875b5905a079b6"}, + {file = "mypy-0.910-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:3e382b29f8e0ccf19a2df2b29a167591245df90c0b5a2542249873b5c1d78212"}, + {file = "mypy-0.910-cp36-cp36m-win_amd64.whl", hash = "sha256:53fd2eb27a8ee2892614370896956af2ff61254c275aaee4c230ae771cadd885"}, + {file = "mypy-0.910-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b6fb13123aeef4a3abbcfd7e71773ff3ff1526a7d3dc538f3929a49b42be03f0"}, + {file = "mypy-0.910-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:e4dab234478e3bd3ce83bac4193b2ecd9cf94e720ddd95ce69840273bf44f6de"}, + {file = "mypy-0.910-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:7df1ead20c81371ccd6091fa3e2878559b5c4d4caadaf1a484cf88d93ca06703"}, + {file = "mypy-0.910-cp37-cp37m-win_amd64.whl", hash = "sha256:0aadfb2d3935988ec3815952e44058a3100499f5be5b28c34ac9d79f002a4a9a"}, + {file = "mypy-0.910-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ec4e0cd079db280b6bdabdc807047ff3e199f334050db5cbb91ba3e959a67504"}, + {file = "mypy-0.910-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:119bed3832d961f3a880787bf621634ba042cb8dc850a7429f643508eeac97b9"}, + {file = "mypy-0.910-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:866c41f28cee548475f146aa4d39a51cf3b6a84246969f3759cb3e9c742fc072"}, + {file = "mypy-0.910-cp38-cp38-win_amd64.whl", hash = "sha256:ceb6e0a6e27fb364fb3853389607cf7eb3a126ad335790fa1e14ed02fba50811"}, + {file = "mypy-0.910-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1a85e280d4d217150ce8cb1a6dddffd14e753a4e0c3cf90baabb32cefa41b59e"}, + {file = "mypy-0.910-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:42c266ced41b65ed40a282c575705325fa7991af370036d3f134518336636f5b"}, + {file = "mypy-0.910-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:3c4b8ca36877fc75339253721f69603a9c7fdb5d4d5a95a1a1b899d8b86a4de2"}, + {file = "mypy-0.910-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:c0df2d30ed496a08de5daed2a9ea807d07c21ae0ab23acf541ab88c24b26ab97"}, + {file = "mypy-0.910-cp39-cp39-win_amd64.whl", hash = "sha256:c6c2602dffb74867498f86e6129fd52a2770c48b7cd3ece77ada4fa38f94eba8"}, + {file = "mypy-0.910-py3-none-any.whl", hash = "sha256:ef565033fa5a958e62796867b1df10c40263ea9ded87164d67572834e57a174d"}, + {file = "mypy-0.910.tar.gz", hash = "sha256:704098302473cb31a218f1775a873b376b30b4c18229421e9e9dc8916fd16150"}, +] +mypy-extensions = [ + {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, + {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"}, +] +toml = [ + {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, + {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, +] +typed-ast = [ + {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:2068531575a125b87a41802130fa7e29f26c09a2833fea68d9a40cf33902eba6"}, + {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:c907f561b1e83e93fad565bac5ba9c22d96a54e7ea0267c708bffe863cbe4075"}, + {file = "typed_ast-1.4.3-cp35-cp35m-manylinux2014_aarch64.whl", hash = "sha256:1b3ead4a96c9101bef08f9f7d1217c096f31667617b58de957f690c92378b528"}, + {file = "typed_ast-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:dde816ca9dac1d9c01dd504ea5967821606f02e510438120091b84e852367428"}, + {file = "typed_ast-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:777a26c84bea6cd934422ac2e3b78863a37017618b6e5c08f92ef69853e765d3"}, + {file = "typed_ast-1.4.3-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:f8afcf15cc511ada719a88e013cec87c11aff7b91f019295eb4530f96fe5ef2f"}, + {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:52b1eb8c83f178ab787f3a4283f68258525f8d70f778a2f6dd54d3b5e5fb4341"}, + {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:01ae5f73431d21eead5015997ab41afa53aa1fbe252f9da060be5dad2c730ace"}, + {file = "typed_ast-1.4.3-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c190f0899e9f9f8b6b7863debfb739abcb21a5c054f911ca3596d12b8a4c4c7f"}, + {file = "typed_ast-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:398e44cd480f4d2b7ee8d98385ca104e35c81525dd98c519acff1b79bdaac363"}, + {file = "typed_ast-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:bff6ad71c81b3bba8fa35f0f1921fb24ff4476235a6e94a26ada2e54370e6da7"}, + {file = "typed_ast-1.4.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:0fb71b8c643187d7492c1f8352f2c15b4c4af3f6338f21681d3681b3dc31a266"}, + {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:760ad187b1041a154f0e4d0f6aae3e40fdb51d6de16e5c99aedadd9246450e9e"}, + {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:5feca99c17af94057417d744607b82dd0a664fd5e4ca98061480fd8b14b18d04"}, + {file = "typed_ast-1.4.3-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:95431a26309a21874005845c21118c83991c63ea800dd44843e42a916aec5899"}, + {file = "typed_ast-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:aee0c1256be6c07bd3e1263ff920c325b59849dc95392a05f258bb9b259cf39c"}, + {file = "typed_ast-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9ad2c92ec681e02baf81fdfa056fe0d818645efa9af1f1cd5fd6f1bd2bdfd805"}, + {file = "typed_ast-1.4.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b36b4f3920103a25e1d5d024d155c504080959582b928e91cb608a65c3a49e1a"}, + {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_i686.whl", hash = "sha256:067a74454df670dcaa4e59349a2e5c81e567d8d65458d480a5b3dfecec08c5ff"}, + {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:7538e495704e2ccda9b234b82423a4038f324f3a10c43bc088a1636180f11a41"}, + {file = "typed_ast-1.4.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:af3d4a73793725138d6b334d9d247ce7e5f084d96284ed23f22ee626a7b88e39"}, + {file = "typed_ast-1.4.3-cp38-cp38-win32.whl", hash = "sha256:f2362f3cb0f3172c42938946dbc5b7843c2a28aec307c49100c8b38764eb6927"}, + {file = "typed_ast-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:dd4a21253f42b8d2b48410cb31fe501d32f8b9fbeb1f55063ad102fe9c425e40"}, + {file = "typed_ast-1.4.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f328adcfebed9f11301eaedfa48e15bdece9b519fb27e6a8c01aa52a17ec31b3"}, + {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:2c726c276d09fc5c414693a2de063f521052d9ea7c240ce553316f70656c84d4"}, + {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:cae53c389825d3b46fb37538441f75d6aecc4174f615d048321b716df2757fb0"}, + {file = "typed_ast-1.4.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9574c6f03f685070d859e75c7f9eeca02d6933273b5e69572e5ff9d5e3931c3"}, + {file = "typed_ast-1.4.3-cp39-cp39-win32.whl", hash = "sha256:209596a4ec71d990d71d5e0d312ac935d86930e6eecff6ccc7007fe54d703808"}, + {file = "typed_ast-1.4.3-cp39-cp39-win_amd64.whl", hash = "sha256:9c6d1a54552b5330bc657b7ef0eae25d00ba7ffe85d9ea8ae6540d2197a3788c"}, + {file = "typed_ast-1.4.3.tar.gz", hash = "sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65"}, +] +typing-extensions = [ + {file = "typing_extensions-3.10.0.2-py2-none-any.whl", hash = "sha256:d8226d10bc02a29bcc81df19a26e56a9647f8b0a6d4a83924139f4a8b01f17b7"}, + {file = "typing_extensions-3.10.0.2-py3-none-any.whl", hash = "sha256:f1d25edafde516b146ecd0613dabcc61409817af4766fbbcfb8d1ad4ec441a34"}, + {file = "typing_extensions-3.10.0.2.tar.gz", hash = "sha256:49f75d16ff11f1cd258e1b988ccff82a3ca5570217d7ad8c5f48205dd99a677e"}, +] diff --git a/pyproject.toml b/pyproject.toml index 2217b39..bfe009c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,6 +32,7 @@ python = ">= 2.7" future = { version = ">= 0.18.0", python = "~2" } [tool.poetry.dev-dependencies] +mypy = { version = ">= 0.910", python = ">= 3.5" } [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/src/ecpy/borromean.py b/src/ecpy/borromean.py index 62e1c30..3053622 100644 --- a/src/ecpy/borromean.py +++ b/src/ecpy/borromean.py @@ -30,14 +30,14 @@ def _h(b): def _point_to_bytes(point, compressed = True): """ Point serialisation. - + Serialization is the standard one: - + - O2 x for even x in compressed form - 03 x for odd x in compressed form - 04 x y for uncompressed form - - + + """ if compressed: b = point.x.to_bytes(32,'big') @@ -52,14 +52,14 @@ def _point_to_bytes(point, compressed = True): def _borromean_hash(m,e,i,j, H): """ All params are bytes. - + m: bytes message e: bytes point i: int ring index j: int secret index """ i = int(i).to_bytes(4,'big') - j = int(j).to_bytes(4,'big') + j = int(j).to_bytes(4,'big') sha256 = H() sha256.update(e) sha256.update(m) @@ -70,7 +70,7 @@ def _borromean_hash(m,e,i,j, H): class Borromean: """ Borromean Ring signer implementation according to: - + https://github.com/Blockstream/borromean_paper/blob/master/borromean_draft_0.01_9ade1e49.pdf https://github.com/ElementsProject/secp256k1-zkp/blob/secp256k1-zkp/src/modules/rangeproof/borromean_impl.h @@ -88,30 +88,30 @@ def __init__(self, fmt="BTUPLE") : self.fmt = fmt self._curve = Curve.get_curve('secp256k1') self._hash = hashlib.sha256 - + def sign(self, msg, rings, pv_keys, pv_keys_index): """ Signs a message hash. - The public `rings` argument is a tuple of public key array. In other + The public `rings` argument is a tuple of public key array. In other words each element of the ring tuple is an array containing the public keys list of that ring A Private key must be given for each provided ring. For each private key, the corresponding public key is specified by its index in the ring. - + Exemple: let r1 be the first ring with 2 keys: pu11, pu12 let 21 be the second ring with 3 keys: pu21,pu22,pu23 - let say we want to produce a signature with sec12 and sec21 + let say we want to produce a signature with sec12 and sec21 `sign` should be called as:: - borromean.sign(m, - ([pu11,pu12],[pu21,pu22,pu23]), + borromean.sign(m, + ([pu11,pu12],[pu21,pu22,pu23]), [sec12, sec21], [1,0]) The return value is a tuple (e0, [s0,s1....]). Each value is encoded as binary (bytes). - + Args: msg (bytes) : the message hash to sign rings (tuple of (ecpy.keys.ECPublicKey[]): public key rings @@ -136,7 +136,7 @@ def sign(self, msg, rings, pv_keys, pv_keys_index): e0 = None s = [None]*len(pubkeys) k = [None]*len(rings) - + #step2-3 r0 = 0 sha256_e0 = self._hash() @@ -144,17 +144,17 @@ def sign(self, msg, rings, pv_keys, pv_keys_index): k[i] = random.randint(1,order) kiG = k[i]*G j0 = pv_keys_index[i] - e_ij = _point_to_bytes(kiG) + e_ij = _point_to_bytes(kiG) for j in range(j0+1, rsizes[i]): s[r0+j] = random.randint(1,order) - e_ij = _borromean_hash(m,e_ij,i,j, self._hash) + e_ij = _borromean_hash(m,e_ij,i,j, self._hash) e_ij = int.from_bytes(e_ij,'big') sG_eP = s[r0+j]*G + e_ij*pubkeys[r0+j].W e_ij = _point_to_bytes(sG_eP) sha256_e0.update(e_ij) r0 += rsizes[i] sha256_e0.update(m) - e0 = sha256_e0.digest() + e0 = sha256_e0.digest() #step 4 r0 = 0 for i in range (0, ring_count): @@ -162,7 +162,7 @@ def sign(self, msg, rings, pv_keys, pv_keys_index): e_ij = _borromean_hash(m,e0,i,0, self._hash) e_ij = int.from_bytes(e_ij,'big') for j in range(0, j0): - s[r0+j] = random.randint(1,order) + s[r0+j] = random.randint(1,order) sG_eP = s[r0+j]*G + e_ij*pubkeys[r0+j].W e_ij = _borromean_hash(m,_point_to_bytes(sG_eP),i,j+1, self._hash) e_ij = int.from_bytes(e_ij,'big') @@ -172,7 +172,7 @@ def sign(self, msg, rings, pv_keys, pv_keys_index): return (e0,s) def verify(self, msg, sig, rings): - """ Verifies a message signature. + """ Verifies a message signature. Args: msg (bytes) : the message hash to verify the signature @@ -197,14 +197,14 @@ def verify(self, msg, sig, rings): sha256_e0 = self._hash() r0 = 0 for i in range (0,ring_count): - e_ij = _borromean_hash(m,e0,i,0, self._hash) + e_ij = _borromean_hash(m,e0,i,0, self._hash) for j in range(0,rsizes[i]): e_ij = int.from_bytes(e_ij,'big') s_ij = int.from_bytes(s[r0+j],'big') sG_eP = s_ij*G + e_ij*pubkeys[r0+j].W e_ij = _point_to_bytes(sG_eP) if j != rsizes[i]-1: - e_ij = _borromean_hash(m,e_ij,i,j+1, self._hash) + e_ij = _borromean_hash(m,e_ij,i,j+1, self._hash) else: sha256_e0.update(e_ij) r0 += rsizes[i] @@ -215,7 +215,7 @@ def verify(self, msg, sig, rings): if __name__ == "__main__": import sys - + def strsig(sigma): print("e0: %s"%h(sigma[0])) i=0 @@ -225,23 +225,23 @@ def strsig(sigma): try: # - # layout: + # layout: # nrings = 2 # ring 1 has 2 keys # ring 2 has 3 keys # - # pubs=[ring1-key1, ring1-key2, + # pubs=[ring1-key1, ring1-key2, # ring2-key1, ring2-key2, ring2-key3] - # + # # k = [ring1-rand, ring2-rand] # sec = [ring1-sec2, ring2-sec1] # rsizes = [2,3] # secidx = [1,0] - # + # # cv = Curve.get_curve('secp256k1') - + seckey0 = ECPrivateKey(0xf026a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) seckey1 = ECPrivateKey(0xf126a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) seckey2 = ECPrivateKey(0xf226a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) @@ -251,7 +251,7 @@ def strsig(sigma): seckey6 = ECPrivateKey(0xf626a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) seckey7 = ECPrivateKey(0xf726a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) seckey8 = ECPrivateKey(0xf826a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) - + pubkey0 = seckey0.get_public_key() pubkey1 = seckey1.get_public_key() pubkey2 = seckey2.get_public_key() @@ -261,15 +261,14 @@ def strsig(sigma): pubkey6 = seckey6.get_public_key() pubkey7 = seckey7.get_public_key() pubkey8 = seckey8.get_public_key() - + allpubs = [pubkey0, pubkey1, pubkey2, pubkey3, pubkey4, pubkey5,pubkey6, pubkey7] allsecs = [seckey0, seckey1, seckey2, seckey3, seckey4, seckey5,seckey6, seckey7] - m = int(0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f) - m = m.to_bytes(32,'big') + m = int(0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f).to_bytes(32, 'big') borromean = Borromean() - + for l in range(2,len(allpubs)): pubs = allpubs[:l] @@ -280,7 +279,7 @@ def strsig(sigma): pubring2 = pubs[i:] secring1 = secs[0:i] secring2 = secs[i:] - + print("ring1 has %d keys"%len(pubring1)) print("ring2 has %d keys"%len(pubring2)) for s1 in range(0,len(pubring1)): @@ -290,15 +289,15 @@ def strsig(sigma): secset = [secring1[s1] , secring2[s2]] secidx = [s1,s2] sigma = borromean.sign(m, pubset, secset, secidx ) - assert(borromean.verify( m, sigma, pubset, )) - + assert(borromean.verify( m, sigma, pubset, )) + e0 = sigma[0] e0 = e0[1:]+e0[:1] sigma = (e0,sigma[1]) assert(not borromean.verify(m, sigma, pubset)) - - + + # ##OK! print("All internal assert OK!") diff --git a/src/ecpy/curves.py b/src/ecpy/curves.py index 1228eed..cb22984 100644 --- a/src/ecpy/curves.py +++ b/src/ecpy/curves.py @@ -26,12 +26,11 @@ import binascii import random +from typing import Dict, Optional from . import curve_defs - - class Curve: """Elliptic Curve abstraction @@ -55,7 +54,7 @@ class Curve: """ - _curves_cache = {} + _curves_cache: Dict[str, Optional[Curve]] = {} @staticmethod @@ -1365,9 +1364,9 @@ def __str__(self): assert(_eQ == eQ) #0x449a44ba44226a50185afcc10a4c1462dd5e46824b15163b9d7c52f06be346a0 - k = binascii.unhexlify("a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4") - k = TwistedEdwardCurve.decode_scalar_25519(k) - assert(k == 0x449a44ba44226a50185afcc10a4c1462dd5e46824b15163b9d7c52f06be346a0) + k_bytes = binascii.unhexlify("a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4") + k_bytes = TwistedEdwardCurve.decode_scalar_25519(k_bytes) + assert(k_bytes == 0x449a44ba44226a50185afcc10a4c1462dd5e46824b15163b9d7c52f06be346a0) eP = binascii.unhexlify("e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c") P = cv.decode_point(eP) @@ -1376,7 +1375,7 @@ def __str__(self): eQ = binascii.unhexlify("c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552") Q = cv.decode_point(eQ) - kP = k*P + kP = k_bytes*P assert(kP.x == Q.x) ekP = cv.encode_point(kP) assert(ekP == eQ) diff --git a/src/ecpy/ecdsa.py b/src/ecpy/ecdsa.py index 7ef1b54..d97a776 100644 --- a/src/ecpy/ecdsa.py +++ b/src/ecpy/ecdsa.py @@ -200,10 +200,8 @@ def verify(self,msg,sig,pu_key): # 0221 # 008dffe3c592a0c7e5168dcb3d4121a60ee727082be4fbf79eae564929156305fc - msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad) - sig = int(0x304502200623b4159c7112125be51716d1e706d68e52f5b321da68d8b86b3c7c7019a9da0221008dffe3c592a0c7e5168dcb3d4121a60ee727082be4fbf79eae564929156305fc) - msg = msg.to_bytes(32,'big') - sig = sig.to_bytes(0x47,'big') + msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad).to_bytes(32, 'big') + sig = int(0x304502200623b4159c7112125be51716d1e706d68e52f5b321da68d8b86b3c7c7019a9da0221008dffe3c592a0c7e5168dcb3d4121a60ee727082be4fbf79eae564929156305fc).to_bytes(0x47, 'big') assert(signer.verify(msg,sig,pu_key)) @@ -219,8 +217,7 @@ def verify(self,msg,sig,pu_key): # 4f123ed9de853836447782f0a436508d34e6609083cf97c9b9cd69673d8f04a5 # 0220, # 6b4fad69fadf3053de1d4adf89aa3809c782b067778355cfd66486c86712c082 - expected_sig = int(0x304402204f123ed9de853836447782f0a436508d34e6609083cf97c9b9cd69673d8f04a502206b4fad69fadf3053de1d4adf89aa3809c782b067778355cfd66486c86712c082) - expected_sig = expected_sig.to_bytes(0x46,'big') + expected_sig = int(0x304402204f123ed9de853836447782f0a436508d34e6609083cf97c9b9cd69673d8f04a502206b4fad69fadf3053de1d4adf89aa3809c782b067778355cfd66486c86712c082).to_bytes(0x46, 'big') k = int(0xe5a8d1d529971c10ca2af378444fb544a211707892c8898f91dcb171584e3db9) sig = signer.sign_k(msg,pv_key,k) assert(sig == expected_sig) @@ -246,8 +243,7 @@ def verify(self,msg,sig,pu_key): W = pv_key.d * cv.generator assert(W == pu_key.W) - msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015adabcd) - msg = msg.to_bytes(34,'big') + msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015adabcd).to_bytes(34, 'big') sig = signer.sign(msg,pv_key) assert(signer.verify(msg,sig,pu_key)) @@ -262,8 +258,7 @@ def verify(self,msg,sig,pu_key): W = pv_key.d * cv.generator assert(W == pu_key.W) - msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad) - msg = msg.to_bytes(32,'big') + msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad).to_bytes(32, 'big') sig = signer.sign(msg,pv_key) assert(signer.verify(msg,sig,pu_key)) diff --git a/src/ecpy/ecrand.py b/src/ecpy/ecrand.py index 518a08b..3b8f5fe 100644 --- a/src/ecpy/ecrand.py +++ b/src/ecpy/ecrand.py @@ -145,8 +145,7 @@ def bits2octets(bs) : if __name__ == "__main__": import hashlib - h = 0xaf9ae10ca04f826d5ff4727f97fb568c79e9ffa9686b9d5deb4ea4db44d6f23d - h = h.to_bytes(32,'big') + h = 0xaf9ae10ca04f826d5ff4727f97fb568c79e9ffa9686b9d5deb4ea4db44d6f23d.to_bytes(32, 'big') secret = 0xe7244dd97b3558788fbf02f443d9a6ebd12a1ab01703a683aa12412354a43218 q = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f diff --git a/src/ecpy/ecschnorr.py b/src/ecpy/ecschnorr.py index 77c7ce0..264bb7b 100644 --- a/src/ecpy/ecschnorr.py +++ b/src/ecpy/ecschnorr.py @@ -325,8 +325,7 @@ def verify(self,msg,sig,pu_key): pv_key = ECPrivateKey(0x5202a3d8acaf6909d12c9a774cd886f9fba61137ffd3e8e76aed363fb47ac492, cv) - msg = int(0x616263) - msg = msg.to_bytes(3,'big') + msg = int(0x616263).to_bytes(3, 'big') k = int(0xde7e0e5e663f24183414b7c72f24546b81e9e5f410bebf26f3ca5fa82f5192c8) @@ -361,8 +360,7 @@ def verify(self,msg,sig,pu_key): pv_key = ECPrivateKey(0x2eef7823f82ed254524fad3d11cc17e897e582a0cd52b93f07cc030370d170bd, cv) pu_key = pv_key.get_public_key() - msg = int(0xb46d1525379e02e232d97928265b7254ea2ed97813454388c1a08f62dccd70b3) - msg = msg.to_bytes(32,'big') + msg = int(0xb46d1525379e02e232d97928265b7254ea2ed97813454388c1a08f62dccd70b3).to_bytes(32, 'big') signer = ECSchnorr(hashlib.sha256,"Z","ITUPLE") sig = signer.sign_k(msg,pv_key,k) assert(signer.verify(msg,sig,pu_key)) @@ -376,8 +374,7 @@ def verify(self,msg,sig,pu_key): pv_key = ECPrivateKey(0xfb26a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) - msg = int(0x0101010101010101010101010101010101010101010101010101010101010101) - msg = msg.to_bytes(32,'big') + msg = int(0x0101010101010101010101010101010101010101010101010101010101010101).to_bytes(32, 'big') k = int(0x4242424242424242424242424242424242424242424242424242424242424242) expect_r = 0x24653eac434488002cc06bbfb7f10fe18991e35f9fe4302dbea6d2353dc0ab1c expect_s = 0xacd417b277ab7e7d993cc4a601dd01a71696fd0dd2e93561d9de9b69dd4dc75c @@ -409,8 +406,7 @@ def _round8(v): d = random.randint(0, curveobj.order) priv_key = ECPrivateKey(d, curveobj) pub_key = priv_key.get_public_key() - msg = random.randint(0, pow(2, 256)) - msg = msg.to_bytes(32, 'big') + msg = random.randint(0, pow(2, 256)).to_bytes(32, 'big') hasher.update(msg) msg = hasher.digest() sig_host = signer.sign(msg, priv_key) diff --git a/src/ecpy/eddsa.py b/src/ecpy/eddsa.py index 95222a4..52d04ab 100644 --- a/src/ecpy/eddsa.py +++ b/src/ecpy/eddsa.py @@ -24,14 +24,14 @@ class EDDSA: """EDDSA signer implemenation according to: - + - IETF `draft-irtf-cfrg-eddsa-05 `_. Args: hasher (hashlib): callable constructor returning an object with update(), digest() interface. Example: hashlib.sha256, hashlib.sha512... fmt (str): in/out signature format. See :mod:`ecpy.formatters`. """ - + def __init__(self, hasher, hash_len = None, fmt="EDDSA"): self._hasher = hasher self._hash_len = hash_len @@ -41,13 +41,13 @@ def __init__(self, hasher, hash_len = None, fmt="EDDSA"): @staticmethod def get_public_key(pv_key, hasher = hashlib.sha512, hash_len=None) : - """ Returns the public key corresponding to this private key - + """ Returns the public key corresponding to this private key + This method compute the public key according to draft-irtf-cfrg-eddsa-05. - + The hash parameter shall be the same as the one used for signing and verifying. - + Args: hasher (hashlib): callable constructor returning an object with update(), digest() interface. Example: hashlib.sha256, hashlib.sha512... pv_key (ecpy.keys.ECPrivateKey): key to use for signing @@ -60,12 +60,12 @@ def get_public_key(pv_key, hasher = hashlib.sha512, hash_len=None) : @staticmethod def _get_materials(pv_key, hasher = hashlib.sha512, hash_len=None) : - """ Returns the internal private scalar a(int), the public point A(ECPoint) = a.B and the + """ Returns the internal private scalar a(int), the public point A(ECPoint) = a.B and the signature prefix h(bytes) - + The hash parameter shall be the same as the one used for signing and verifying. - + Args: hasher (hashlib): callable constructor returning an object with update(), digest() interface. Example: hashlib.sha256, hashlib.sha512... pv_key (ecpy.keys.ECPrivateKey): key to use for signing @@ -77,7 +77,7 @@ def _get_materials(pv_key, hasher = hashlib.sha512, hash_len=None) : B = curve.generator n = curve.order size = curve._coord_size() - + k = pv_key.d.to_bytes(size,'big') hasher = hasher() hasher.update(k) @@ -87,7 +87,7 @@ def _get_materials(pv_key, hasher = hashlib.sha512, hash_len=None) : h = hasher.digest() #retrieve encoded pub key - + if curve.name == 'Ed25519': a = bytearray(h[:32]) h = h[32:] @@ -96,7 +96,7 @@ def _get_materials(pv_key, hasher = hashlib.sha512, hash_len=None) : elif curve.name == 'Ed448': a = bytearray(h[:57]) h = h[57:] - a[0] &= 0xFC; + a[0] &= 0xFC; a[56] = 0; a[55] |= 0x80; elif curve.name == 'Ed521': @@ -107,11 +107,11 @@ def _get_materials(pv_key, hasher = hashlib.sha512, hash_len=None) : a[65] |= 0x80 else : assert False, '%s not supported'%curve.name - + a = bytes(a) a = int.from_bytes(a,'little') A = a * B - + return a,A,h def sign(self, msg, pv_key): @@ -123,18 +123,18 @@ def sign(self, msg, pv_key): """ return self._do_sign(msg, pv_key) - + def _do_sign(self,msg,pv_key): curve = pv_key.curve B = curve.generator n = curve.order size = curve._coord_size() - + a, A, prefix = EDDSA._get_materials(pv_key, self._hasher, self._hash_len) eA = curve.encode_point(A) #compute R hasher = self._hasher() - if curve.name =='Ed448': + if curve.name =='Ed448': hasher.update(b'SigEd448\x00\x00') hasher.update(prefix) hasher.update(msg) @@ -144,7 +144,7 @@ def _do_sign(self,msg,pv_key): hasher.update(prefix) hasher.update(msg) r = hasher.digest(self._hash_len) - elif curve.name =='Ed25519': + elif curve.name =='Ed25519': hasher.update(prefix) hasher.update(msg) r = hasher.digest() @@ -155,10 +155,10 @@ def _do_sign(self,msg,pv_key): r = r % n R = r*B eR = curve.encode_point(R) - + #compute S hasher = self._hasher() - if curve.name =='Ed448': + if curve.name =='Ed448': hasher.update(b'SigEd448\x00\x00') hasher.update(eR) hasher.update(eA) @@ -170,7 +170,7 @@ def _do_sign(self,msg,pv_key): hasher.update(eA) hasher.update(msg) H_eR_eA_m = hasher.digest(self._hash_len) - elif curve.name =='Ed25519': + elif curve.name =='Ed25519': hasher.update(eR) hasher.update(eA) hasher.update(msg) @@ -180,16 +180,16 @@ def _do_sign(self,msg,pv_key): i = int.from_bytes(H_eR_eA_m, 'little') S = (r + i*a)%n - + #S = S.to_bytes(size,'little') #return eR+S eR = int.from_bytes(eR,'little') sig = encode_sig(eR,S,self.fmt,size) return sig - + def verify(self,msg,sig,pu_key): - """ Verifies a message signature. + """ Verifies a message signature. Args: msg (bytes) : the message to verify the signature @@ -205,7 +205,7 @@ def verify(self,msg,sig,pu_key): #left eR = eR.to_bytes(size,'little') R = curve.decode_point(eR) - + hasher = self._hasher() eA = curve.encode_point(pu_key.W) if curve.name =='Ed448': @@ -227,19 +227,19 @@ def verify(self,msg,sig,pu_key): h = hasher.digest() else: assert False, '%s not supported'%curve.name - + h = int.from_bytes(h,'little') h = h%n - A = pu_key.W + A = pu_key.W left = R+h*A #right right = S*curve.generator - + return left == right - + if __name__ == "__main__": try: ### EDDSA @@ -260,18 +260,16 @@ def verify(self,msg,sig,pu_key): pu = EDDSA.get_public_key(pv_key) assert(pu.W == pu_key.W); - + # sig: # 0x92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da # 0x085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00 - expected_sig = int(0x92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00) - expected_sig = expected_sig.to_bytes(64,'big') - + expected_sig = int(0x92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00).to_bytes(64, 'big') + #msg: # 72 - msg = int(0x72) - msg = msg.to_bytes(1,'big') + msg = int(0x72).to_bytes(1, 'big') signer = EDDSA(hashlib.sha512) sig = signer.sign(msg,pv_key) @@ -299,24 +297,22 @@ def verify(self,msg,sig,pu_key): pu = EDDSA.get_public_key(pv_key) assert(pu.W == pu_key.W); - + # sig: # 477dedac6d8332708e00a7c06ceeda54f2086ba73e71e8988b3760ccd23e0c44 # 08cf09c22ef497328579f6178e8a2a4d611d0c6cce0c684f958d150c5daf4902 - expected_sig = int(0x477dedac6d8332708e00a7c06ceeda54f2086ba73e71e8988b3760ccd23e0c4408cf09c22ef497328579f6178e8a2a4d611d0c6cce0c684f958d150c5daf4902 ) - expected_sig = expected_sig.to_bytes(64,'big') - + expected_sig = int(0x477dedac6d8332708e00a7c06ceeda54f2086ba73e71e8988b3760ccd23e0c4408cf09c22ef497328579f6178e8a2a4d611d0c6cce0c684f958d150c5daf4902 ).to_bytes(64, 'big') + #msg: # 72 - msg = int(0xe8898b646cc2274b5daf7fb6e30f738b24203604d7849391056d0fe8093f6693) - msg = msg.to_bytes(32,'big') + msg = int(0xe8898b646cc2274b5daf7fb6e30f738b24203604d7849391056d0fe8093f6693).to_bytes(32, 'big') signer = EDDSA(hashlib.sha512) sig = signer.sign(msg,pv_key) assert(sig == expected_sig) assert(signer.verify(msg,sig,pu_key)) - + ### EDDSA cv = Curve.get_curve('Ed25519') @@ -336,25 +332,23 @@ def verify(self,msg,sig,pu_key): pu = EDDSA.get_public_key(pv_key) assert(pu.W == pu_key.W); - + # sig: - # - # - expected_sig = int(0xa2ce8472cf883cca5f98ca76d5834831d9d121a755c00daa385d0bac145203269e572a3d1f221af1b1ca6feaae05141a9aa9d6990163a85ab8690da44c056d0f) - expected_sig = expected_sig.to_bytes(64,'big') - + # + # + expected_sig = int(0xa2ce8472cf883cca5f98ca76d5834831d9d121a755c00daa385d0bac145203269e572a3d1f221af1b1ca6feaae05141a9aa9d6990163a85ab8690da44c056d0f).to_bytes(64, 'big') + #msg: # 72 - msg = int(0xe8898b646cc2274b5daf7fb6e30f738b24203604d7849391056d0fe8093f669338b24203604d7849391056d0fe8093f6693e8898b646cc2274b5daf7fb6e30f7) - msg = msg.to_bytes(64,'big') + msg = int(0xe8898b646cc2274b5daf7fb6e30f738b24203604d7849391056d0fe8093f669338b24203604d7849391056d0fe8093f6693e8898b646cc2274b5daf7fb6e30f7).to_bytes(64, 'big') signer = EDDSA(hashlib.sha512) sig = signer.sign(msg,pv_key) assert(signer.verify(msg,sig,pu_key)) assert(sig == expected_sig) - + ### EDDSA cv = Curve.get_curve('Ed521') @@ -372,9 +366,8 @@ def verify(self,msg,sig,pu_key): assert(pu.W == pu_key.W) # sig: - # - expected_sig = int(0xc2fb4f7d03dd31f25753b9972aeb650ac3632eef945e7f94e426a865bb95e66241149c7eed24d98fed2ee8b9ef949b83ba556d045b72df6e6b8b9026414b26463d0088d2ed5ea88fcc6b2f343d308209dacd5fadadac352d497d2049831eca3536e7be5a7faef56d6c6786c60415e0febee8a45f9971ae4872e0b6cf09cc0a9407342000) - expected_sig = expected_sig.to_bytes(132,'big') + # + expected_sig = int(0xc2fb4f7d03dd31f25753b9972aeb650ac3632eef945e7f94e426a865bb95e66241149c7eed24d98fed2ee8b9ef949b83ba556d045b72df6e6b8b9026414b26463d0088d2ed5ea88fcc6b2f343d308209dacd5fadadac352d497d2049831eca3536e7be5a7faef56d6c6786c60415e0febee8a45f9971ae4872e0b6cf09cc0a9407342000).to_bytes(132, 'big') # msg: # Message for Ed521 signing @@ -395,14 +388,13 @@ def verify(self,msg,sig,pu_key): pu_key = ECPublicKey(Point(x, y, cv)) # sig: - # + # sig = int(0xa7e7f16597a9b70f9e6437de6e85239def223d68263cf49b3b8575e49a34d23bb79de2f3e59ecba4b5358e0eaea575b4645a6e420ff88632fe8725b0fe3ee92a510116969cba3cdc6c7b644d50efa27908dbceef807b180ec1e7e63c5badf058ea97112fbba153e3d672552c1ff49c754fdc1b891e470cfdd058fd788da6f98fa8e73200) sig = sig.to_bytes(132,'big') # msg: # tbs certificate - msg = int(0x308202bfa003020102020900e4ac9a3346c92509300c060a2b0601040182dc2c0201308197310b300906035504061302425231133011060355040a0c0a4943502d42726173696c313d303b060355040b0c34496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493134303206035504030c2b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261207637301e170d3138313232383133343733355a170d3338313232383132303033355a308197310b300906035504061302425231133011060355040a0c0a4943502d42726173696c313d303b060355040b0c34496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493134303206035504030c2b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c656972612076373053300c060a2b0601040182dc2c02010343009b6afd5a1935f195728dd2f2e28d15bd7c00610f78430235b00f128eaf77f07eb1ceba7ce0904cc4e5f890401dc7b22315ed83c128f63986dc1884aceec0b0e02c01a381f53081f2304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303f0603551d1f043830363034a032a030862e687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a76372e63726c301f0603551d2304183016801475513119e1c71321873e415fa31be67bfdb0d9c8301d0603551d0e0416041475513119e1c71321873e415fa31be67bfdb0d9c8300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106) - msg = msg.to_bytes(707,'big') + msg = int(0x308202bfa003020102020900e4ac9a3346c92509300c060a2b0601040182dc2c0201308197310b300906035504061302425231133011060355040a0c0a4943502d42726173696c313d303b060355040b0c34496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493134303206035504030c2b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261207637301e170d3138313232383133343733355a170d3338313232383132303033355a308197310b300906035504061302425231133011060355040a0c0a4943502d42726173696c313d303b060355040b0c34496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493134303206035504030c2b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c656972612076373053300c060a2b0601040182dc2c02010343009b6afd5a1935f195728dd2f2e28d15bd7c00610f78430235b00f128eaf77f07eb1ceba7ce0904cc4e5f890401dc7b22315ed83c128f63986dc1884aceec0b0e02c01a381f53081f2304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303f0603551d1f043830363034a032a030862e687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a76372e63726c301f0603551d2304183016801475513119e1c71321873e415fa31be67bfdb0d9c8301d0603551d0e0416041475513119e1c71321873e415fa31be67bfdb0d9c8300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106).to_bytes(707, 'big') signer = EDDSA(hashlib.shake_256, hash_len=132) diff --git a/src/ecsnipet/c25519.py b/src/ecsnipet/c25519.py index 31fe761..39d9cb5 100644 --- a/src/ecsnipet/c25519.py +++ b/src/ecsnipet/c25519.py @@ -1,9 +1,8 @@ import hashlib, binascii -from ecpy.curves import Curve,Point,decode_scalar_25519 +from ecpy.curves import Curve, Point import sys - ### ECS cv = Curve.get_curve('Curve25519') @@ -25,10 +24,10 @@ def t1(): def t2(): kalice = binascii.unhexlify("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a") - kalice = decode_scalar_25519(kalice) + kalice = cv.decode_scalar_25519(kalice) kbob = binascii.unhexlify("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb") - kbob = decode_scalar_25519(kbob) + kbob = cv.decode_scalar_25519(kbob) u = 9 G = Point(u,None,cv) @@ -57,4 +56,4 @@ def t2(): -t2() \ No newline at end of file +t2() diff --git a/src/ecsnipet/draft/borromean-draft.py b/src/ecsnipet/draft/borromean-draft.py index 37eb08d..c09f1ec 100644 --- a/src/ecsnipet/draft/borromean-draft.py +++ b/src/ecsnipet/draft/borromean-draft.py @@ -26,7 +26,7 @@ from ecpy.curves import ECPyException - + # m: bytes message # e: bytes point # i: int ring index @@ -75,7 +75,7 @@ def borromean_verify(pubkeys,rings_size,ring_count, r0 = 0 for i in range (0,ring_count): tell("\nstep2-3 / ring %d"%i) - e_ij = borromean_hash(m,e0,i,0) + e_ij = borromean_hash(m,e0,i,0) for j in range(0,rings_size[i]): tell("\n step2-3 / ring %d / sec %d"%(i,j)) e_ij = int.from_bytes(e_ij,'big') @@ -88,7 +88,7 @@ def borromean_verify(pubkeys,rings_size,ring_count, tell(" sG_eP :\n %s"% sG_eP) e_ij = point_to_bytes(sG_eP) if j != rings_size[i]-1: - e_ij = borromean_hash(m,e_ij,i,j+1) + e_ij = borromean_hash(m,e_ij,i,j+1) else: tell(" e_ij0 : %s"%h(e_ij)) sha256_e0.update(e_ij) @@ -96,7 +96,7 @@ def borromean_verify(pubkeys,rings_size,ring_count, sha256_e0.update(m) e0x = sha256_e0.digest() return e0 == e0x - + def borromean_sign(pubkeys, privkeys, rings_size,private_keys_index,ring_count, msg): @@ -105,19 +105,19 @@ def borromean_sign(pubkeys, privkeys, curve = Curve.get_curve('secp256k1') G = curve.generator order = curve.order - + e0=None s = [] k = [] - #just declare + #just declare for i in range (0,ring_count): k.append(None) for j in range (0,rings_size[i]): s.append(None) - + #step2-3 shuffle = random.randint - + r0 = 0 sha256_e0 = hashlib.sha256() for i in range (0,ring_count): @@ -132,7 +132,7 @@ def borromean_sign(pubkeys, privkeys, for j in range(j0+1, rings_size[i]): tell("\n step2-3 / ring %d / sec %d"%(i,j)) s[r0+j] = prand(r0+j) - e_ij = borromean_hash(m,e_ij,i,j) + e_ij = borromean_hash(m,e_ij,i,j) e_ij = int.from_bytes(e_ij,'big') tell(" index : %d"%(r0+j)) tell(" pubkeys[]: %s"%pubkeys[r0+j]) @@ -141,11 +141,11 @@ def borromean_sign(pubkeys, privkeys, sG_eP = s[r0+j]*G + e_ij*pubkeys[r0+j].W tell(" sG_eP :\n %s"% sG_eP) e_ij = point_to_bytes(sG_eP) - tell("\ne0ij :\n %s"% h(e_ij)) + tell("\ne0ij :\n %s"% h(e_ij)) sha256_e0.update(e_ij) r0 += rings_size[i] sha256_e0.update(m) - e0 = sha256_e0.digest() + e0 = sha256_e0.digest() tell("\ne0: %s"%h(e0)) #step 4 tell("") @@ -157,7 +157,7 @@ def borromean_sign(pubkeys, privkeys, e_ij = int.from_bytes(e_ij,'big') for j in range(0, j0): tell("\n step 4 / ring %d / sec %d"%(i,j)) - s[r0+j] = prand(r0+j) + s[r0+j] = prand(r0+j) tell(" index : %d"%(r0+j)) tell(" pubkeys[]: %s"%pubkeys[r0+j]) tell(" s[] : %x"%s[r0+j]) @@ -200,13 +200,13 @@ def tell(m): global trace if trace: print("%s%s"%(tab,m)) - + def enter(f): global tab, trace if trace: print("%sEntering: %s"%(tab,f)) tab = tab + " " - + def leave(f): global tab, trace if trace: @@ -224,19 +224,19 @@ def strsig(sigma): if __name__ == "__main__": # - # layout: + # layout: # nrings = 2 # ring 1 has 2 keys # ring 2 has 3 keys # - # pubs=[ring1-key1, ring1-key2, + # pubs=[ring1-key1, ring1-key2, # ring2-key1, ring2-key2, ring2-key3] - # + # # k = [ring1-rand, ring2-rand] # sec = [ring1-sec2, ring2-sec1] # rsizes = [2,3] # secidx = [1,0] - # + # # cv = Curve.get_curve('secp256k1') @@ -264,8 +264,7 @@ def strsig(sigma): pubs = [pubkey0, pubkey1, pubkey2, pubkey3, pubkey4, pubkey5,pubkey6, pubkey7] secs = [seckey0, seckey1, seckey2, seckey3, seckey4, seckey5,seckey6, seckey7] - m = 0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f - m = m.to_bytes(32,'big') + m = 0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f.to_bytes(32, 'big') i =0 for pu,pv in zip(pubs,secs): @@ -273,7 +272,7 @@ def strsig(sigma): print ("%d %s"%(i,pu)) print ("") i += 1 - + # ring1: 2 keys # ring2: 3 keys sigma = borromean_sign( [pubkey0, pubkey1, pubkey2, pubkey3, pubkey4], @@ -314,4 +313,4 @@ def strsig(sigma): # print("NOK for %d, %d"%(s1,s2)) # else: # print(" OK for %d, %d"%(s1,s2)) - + diff --git a/src/ecsnipet/draft/borromean-draft2.py b/src/ecsnipet/draft/borromean-draft2.py index 6cf8572..097fba9 100644 --- a/src/ecsnipet/draft/borromean-draft2.py +++ b/src/ecsnipet/draft/borromean-draft2.py @@ -26,7 +26,7 @@ from ecpy.curves import ECPyException - + # m: bytes message # e: bytes point # i: int ring index @@ -75,7 +75,7 @@ def borromean_verify(pubkeys,rings_size,ring_count, r0 = 0 for i in range (0,ring_count): tell("\nstep2-3 / ring %d"%i) - e_ij = borromean_hash(m,e0,i,0) + e_ij = borromean_hash(m,e0,i,0) for j in range(0,rings_size[i]): tell("\n step2-3 / ring %d / sec %d"%(i,j)) e_ij = int.from_bytes(e_ij,'big') @@ -88,7 +88,7 @@ def borromean_verify(pubkeys,rings_size,ring_count, tell(" sG_eP :\n %s"% sG_eP) e_ij = point_to_bytes(sG_eP) if j != rings_size[i]-1: - e_ij = borromean_hash(m,e_ij,i,j+1) + e_ij = borromean_hash(m,e_ij,i,j+1) else: tell(" e_ij0 : %s"%h(e_ij)) sha256_e0.update(e_ij) @@ -96,26 +96,26 @@ def borromean_verify(pubkeys,rings_size,ring_count, sha256_e0.update(m) e0x = sha256_e0.digest() return e0 == e0x - + def borromean_sign(pubkeys, privkeys, rings_size,private_keys_index,ring_count, msg): - + tell("*** BORROMEAN SIGN ***\n") enter("borromean_sign") curve = Curve.get_curve('secp256k1') G = curve.generator order = curve.order - + e0=None s = [] k = [] - #just declare + #just declare for i in range (0,ring_count): k.append(None) for j in range (0,rings_size[i]): s.append(None) - + #step2-3 r0 = 0 sha256_e0 = hashlib.sha256() @@ -126,11 +126,11 @@ def borromean_sign(pubkeys, privkeys, kiG = k[i]*G tell("ki.G :\n %s"%kiG) j0 = private_keys_index[i] - e_ij = point_to_bytes(kiG) + e_ij = point_to_bytes(kiG) for j in range(j0+1, rings_size[i]): tell("\n step2-3 / ring %d / sec %d"%(i,j)) s[r0+j] = prand(r0+j) - e_ij = borromean_hash(m,e_ij,i,j) + e_ij = borromean_hash(m,e_ij,i,j) e_ij = int.from_bytes(e_ij,'big') tell(" index : %d"%(r0+j)) tell(" pubkeys[]: %s"%pubkeys[r0+j]) @@ -139,11 +139,11 @@ def borromean_sign(pubkeys, privkeys, sG_eP = s[r0+j]*G + e_ij*pubkeys[r0+j].W tell(" sG_eP :\n %s"% sG_eP) e_ij = point_to_bytes(sG_eP) - tell("\ne0ij :\n %s"% h(e_ij)) + tell("\ne0ij :\n %s"% h(e_ij)) sha256_e0.update(e_ij) r0 += rings_size[i] sha256_e0.update(m) - e0 = sha256_e0.digest() + e0 = sha256_e0.digest() tell("\ne0: %s"%h(e0)) #step 4 tell("") @@ -155,7 +155,7 @@ def borromean_sign(pubkeys, privkeys, e_ij = int.from_bytes(e_ij,'big') for j in range(0, j0): tell("\n step 4 / ring %d / sec %d"%(i,j)) - s[r0+j] = prand(r0+j) + s[r0+j] = prand(r0+j) tell(" index : %d"%(r0+j)) tell(" pubkeys[]: %s"%pubkeys[r0+j]) tell(" s[] : %x"%s[r0+j]) @@ -198,13 +198,13 @@ def tell(m): global trace if trace: print("%s%s"%(tab,m)) - + def enter(f): global tab, trace if trace: print("%sEntering: %s"%(tab,f)) tab = tab + " " - + def leave(f): global tab, trace if trace: @@ -222,19 +222,19 @@ def strsig(sigma): if __name__ == "__main__": # - # layout: + # layout: # nrings = 2 # ring 1 has 2 keys # ring 2 has 3 keys # - # pubs=[ring1-key1, ring1-key2, + # pubs=[ring1-key1, ring1-key2, # ring2-key1, ring2-key2, ring2-key3] - # + # # k = [ring1-rand, ring2-rand] # sec = [ring1-sec2, ring2-sec1] # rsizes = [2,3] # secidx = [1,0] - # + # # cv = Curve.get_curve('secp256k1') @@ -262,8 +262,7 @@ def strsig(sigma): pubs = [pubkey0, pubkey1, pubkey2, pubkey3, pubkey4, pubkey5,pubkey6, pubkey7] secs = [seckey0, seckey1, seckey2, seckey3, seckey4, seckey5,seckey6, seckey7] - m = 0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f - m = m.to_bytes(32,'big') + m = 0x800102030405060708090a0b0c0d0e0f800102030405060708090a0b0c0d0e0f.to_bytes(32, 'big') # ring1: 2 keys @@ -272,7 +271,7 @@ def strsig(sigma): [ seckey1, seckey2 ], [2,3], [1,0], 2, m) - + assert(borromean_verify([pubkey0, pubkey1, pubkey2, pubkey3, pubkey4], [2,3], 2, @@ -296,11 +295,11 @@ def strsig(sigma): rsizes = [len(pubring1), len( pubring2)] sigma = borromean_sign( pubset, secset, rsizes, secidx, 2, - m ) + m) if not borromean_verify( pubset, rsizes, 2, m, sigma) : print("NOK for %d, %d"%(s1,s2)) else: print(" OK for %d, %d"%(s1,s2)) - + diff --git a/src/ecsnipet/ecdsa.py b/src/ecsnipet/ecdsa.py index 6d7e667..4cb266d 100644 --- a/src/ecsnipet/ecdsa.py +++ b/src/ecsnipet/ecdsa.py @@ -32,11 +32,9 @@ print("Public key ok") -msg = 0x8c7632afe967e2e16ae7f39dc32c252b3d751fa6e01daa0efc3c174e230f4617 -msg = msg.to_bytes(32,'big') +msg = 0x8c7632afe967e2e16ae7f39dc32c252b3d751fa6e01daa0efc3c174e230f4617.to_bytes(32, 'big') -sig = 0x304402203a329589dbc6f3bb88bf90b45b5d4935a18e13e2cb8fcee0b94b3102ec19645702202f61af55df0e56e71d40a9f5f111faeb2f831c1fd314c55227ac44110fb33049 -sig = sig.to_bytes(70,'big') +sig = 0x304402203a329589dbc6f3bb88bf90b45b5d4935a18e13e2cb8fcee0b94b3102ec19645702202f61af55df0e56e71d40a9f5f111faeb2f831c1fd314c55227ac44110fb33049.to_bytes(70, 'big') ## verify signer = ECDSA() diff --git a/src/ecsnipet/ecs-vect.py b/src/ecsnipet/ecs-vect.py index 28293be..d25a510 100644 --- a/src/ecsnipet/ecs-vect.py +++ b/src/ecsnipet/ecs-vect.py @@ -6,14 +6,13 @@ ### ECS cv = Curve.get_curve('secp256k1') pu_key = ECPublicKey(Point(0x65d5b8bf9ab1801c9f168d4815994ad35f1dcb6ae6c7a1a303966b677b813b00, - + 0xe6b865e529b8ecbf71cf966e900477d49ced5846d7662dd2dd11ccd55c0aff7f, cv)) pv_key = ECPrivateKey(0xfb26a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) -msg = int(0x0101010101010101010101010101010101010101010101010101010101010101) -msg = msg.to_bytes(32,'big') +msg = int(0x0101010101010101010101010101010101010101010101010101010101010101).to_bytes(32, 'big') k = int(0x4242424242424242424242424242424242424242424242424242424242424242) diff --git a/src/ecsnipet/ecschnorr.py b/src/ecsnipet/ecschnorr.py index ac62f89..094fe40 100644 --- a/src/ecsnipet/ecschnorr.py +++ b/src/ecsnipet/ecschnorr.py @@ -6,25 +6,24 @@ ### ECS cv = Curve.get_curve('secp256k1') pu_key = ECPublicKey(Point(0x65d5b8bf9ab1801c9f168d4815994ad35f1dcb6ae6c7a1a303966b677b813b00, - + 0xe6b865e529b8ecbf71cf966e900477d49ced5846d7662dd2dd11ccd55c0aff7f, cv)) pv_key = ECPrivateKey(0xfb26a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5, cv) #sha256("abc") -msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad) -msg = msg.to_bytes(32,'big') +msg = int(0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad).to_bytes(32, 'big') signer = ECSchnorr(hashlib.sha256) -#Sign +#Sign k = int(0xe5a8d1d529971c10ca2af378444fb544a211707892c8898f91dcb171584e3db9) sig = signer.sign_k(msg,pv_key,k) print("sig: %x"%int.from_bytes(sig,'big')) -assert(signer.verify(msg,sig,pu_key)) +assert(signer.verify(msg,sig,pu_key)) #Sign with krand #sig = signer.sign(msg,pv_key) -#assert(signer.verify(msg,sig,pu_key)) +#assert(signer.verify(msg,sig,pu_key))