|
|
@ -15,7 +15,6 @@ |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
#include <vector> |
|
|
|
#include <vector> |
|
|
|
#include <iosfwd> |
|
|
|
#include <iosfwd> |
|
|
|
#include <cybozu/itoa.hpp> |
|
|
|
|
|
|
|
#ifdef MCL_USE_BN384 |
|
|
|
#ifdef MCL_USE_BN384 |
|
|
|
#include <mcl/bn384.hpp> |
|
|
|
#include <mcl/bn384.hpp> |
|
|
|
#else |
|
|
|
#else |
|
|
@ -47,7 +46,7 @@ class EcHashTable { |
|
|
|
public: |
|
|
|
public: |
|
|
|
EcHashTable() : hashSize(0), tryNum(0) {} |
|
|
|
EcHashTable() : hashSize(0), tryNum(0) {} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
compute log_P(xP) for |x| <= hashSize * (tryNum + 1) |
|
|
|
compute log_P(xP) for |x| <= hashSize * tryNum |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
void init(const G& P, int hashSize, size_t tryNum = 0) |
|
|
|
void init(const G& P, int hashSize, size_t tryNum = 0) |
|
|
|
{ |
|
|
|
{ |
|
|
@ -120,7 +119,7 @@ public: |
|
|
|
} |
|
|
|
} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
compute log_P(xP) |
|
|
|
compute log_P(xP) |
|
|
|
call basicLog at most 2 * tryNum + 1 |
|
|
|
call basicLog at most 2 * tryNum |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
int64_t log(const G& xP) const |
|
|
|
int64_t log(const G& xP) const |
|
|
|
{ |
|
|
|
{ |
|
|
@ -133,7 +132,7 @@ public: |
|
|
|
int64_t posCenter = 0; |
|
|
|
int64_t posCenter = 0; |
|
|
|
int64_t negCenter = 0; |
|
|
|
int64_t negCenter = 0; |
|
|
|
int64_t next = hashSize * 2 + 1; |
|
|
|
int64_t next = hashSize * 2 + 1; |
|
|
|
for (size_t i = 0; i < tryNum; i++) { |
|
|
|
for (size_t i = 1; i < tryNum; i++) { |
|
|
|
posP -= nextP; |
|
|
|
posP -= nextP; |
|
|
|
posCenter += next; |
|
|
|
posCenter += next; |
|
|
|
c = basicLog(posP, &ok); |
|
|
|
c = basicLog(posP, &ok); |
|
|
@ -163,7 +162,7 @@ class GTHashTable { |
|
|
|
public: |
|
|
|
public: |
|
|
|
GTHashTable() : hashSize(0), tryNum(0) {} |
|
|
|
GTHashTable() : hashSize(0), tryNum(0) {} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
compute log_P(g^x) for |x| <= hashSize * (tryNum + 1) |
|
|
|
compute log_P(g^x) for |x| <= hashSize * tryNum |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
void init(const GT& g, int hashSize, size_t tryNum = 0) |
|
|
|
void init(const GT& g, int hashSize, size_t tryNum = 0) |
|
|
|
{ |
|
|
|
{ |
|
|
@ -232,7 +231,7 @@ public: |
|
|
|
} |
|
|
|
} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
compute log_P(g^x) |
|
|
|
compute log_P(g^x) |
|
|
|
call basicLog at most 2 * tryNum + 1 |
|
|
|
call basicLog at most 2 * tryNum |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
int64_t log(const GT& gx) const |
|
|
|
int64_t log(const GT& gx) const |
|
|
|
{ |
|
|
|
{ |
|
|
@ -245,7 +244,7 @@ public: |
|
|
|
int64_t posCenter = 0; |
|
|
|
int64_t posCenter = 0; |
|
|
|
int64_t negCenter = 0; |
|
|
|
int64_t negCenter = 0; |
|
|
|
int64_t next = hashSize * 2 + 1; |
|
|
|
int64_t next = hashSize * 2 + 1; |
|
|
|
for (size_t i = 0; i < tryNum; i++) { |
|
|
|
for (size_t i = 1; i < tryNum; i++) { |
|
|
|
pos *= nextgInv; |
|
|
|
pos *= nextgInv; |
|
|
|
posCenter += next; |
|
|
|
posCenter += next; |
|
|
|
c = basicLog(pos, &ok); |
|
|
|
c = basicLog(pos, &ok); |
|
|
@ -399,13 +398,11 @@ public: |
|
|
|
class SecretKey { |
|
|
|
class SecretKey { |
|
|
|
Fr x1, y1, z1; |
|
|
|
Fr x1, y1, z1; |
|
|
|
Fr x2, y2, z2; |
|
|
|
Fr x2, y2, z2; |
|
|
|
size_t hashSize; |
|
|
|
|
|
|
|
size_t tryNum; |
|
|
|
|
|
|
|
G1 B1; // (x1 y1 - z1) P
|
|
|
|
G1 B1; // (x1 y1 - z1) P
|
|
|
|
G2 B2; // (x2 y2 - z2) Q
|
|
|
|
G2 B2; // (x2 y2 - z2) Q
|
|
|
|
Fr x1x2; |
|
|
|
Fr x1x2; |
|
|
|
GT g; // e(B1, B2)
|
|
|
|
GT g; // e(B1, B2)
|
|
|
|
local::EcHashTable<G1> ecHashTbl; |
|
|
|
local::EcHashTable<G1> g1HashTbl; |
|
|
|
local::GTHashTable<GT> gtHashTbl; |
|
|
|
local::GTHashTable<GT> gtHashTbl; |
|
|
|
void initInner() |
|
|
|
void initInner() |
|
|
|
{ |
|
|
|
{ |
|
|
@ -415,7 +412,6 @@ public: |
|
|
|
BN::pairing(g, B1, B2); |
|
|
|
BN::pairing(g, B1, B2); |
|
|
|
} |
|
|
|
} |
|
|
|
public: |
|
|
|
public: |
|
|
|
SecretKey() : hashSize(0), tryNum(0) {} |
|
|
|
|
|
|
|
template<class RG> |
|
|
|
template<class RG> |
|
|
|
void setByCSPRNG(RG& rg) |
|
|
|
void setByCSPRNG(RG& rg) |
|
|
|
{ |
|
|
|
{ |
|
|
@ -428,16 +424,30 @@ public: |
|
|
|
initInner(); |
|
|
|
initInner(); |
|
|
|
} |
|
|
|
} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
decode message m for |m| <= hasSize * (tryNum + 1) |
|
|
|
set range for G1-DLP |
|
|
|
decode time = O(log(hasSize) * tryNum) |
|
|
|
*/ |
|
|
|
|
|
|
|
void setRangeForG1DLP(size_t hashSize, size_t tryNum = 0) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
g1HashTbl.init(B1, hashSize, tryNum); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
set range for GT-DLP |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
void setDecodeRange(size_t hashSize, size_t tryNum = 0) |
|
|
|
void setRangeForGTDLP(size_t hashSize, size_t tryNum = 0) |
|
|
|
{ |
|
|
|
{ |
|
|
|
this->hashSize = hashSize; |
|
|
|
|
|
|
|
this->tryNum = tryNum; |
|
|
|
|
|
|
|
ecHashTbl.init(B1, hashSize, tryNum); |
|
|
|
|
|
|
|
gtHashTbl.init(g, hashSize, tryNum); |
|
|
|
gtHashTbl.init(g, hashSize, tryNum); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
set range for G1/GT DLP |
|
|
|
|
|
|
|
decode message m for |m| <= hasSize * tryNum |
|
|
|
|
|
|
|
decode time = O(log(hasSize) * tryNum) |
|
|
|
|
|
|
|
@note if tryNum = 0 then fast but require more memory(TBD) |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
void setRangeForDLP(size_t hashSize, size_t tryNum = 0) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
setRangeForG1DLP(hashSize, tryNum); |
|
|
|
|
|
|
|
setRangeForGTDLP(hashSize, tryNum); |
|
|
|
|
|
|
|
} |
|
|
|
/*
|
|
|
|
/*
|
|
|
|
set (xP, yP, zP) and (xQ, yQ, zQ) |
|
|
|
set (xP, yP, zP) and (xQ, yQ, zQ) |
|
|
|
*/ |
|
|
|
*/ |
|
|
@ -479,7 +489,7 @@ public: |
|
|
|
G1 R; |
|
|
|
G1 R; |
|
|
|
G1::mul(R, c.S, x1); |
|
|
|
G1::mul(R, c.S, x1); |
|
|
|
R -= c.T; |
|
|
|
R -= c.T; |
|
|
|
return ecHashTbl.log(R); |
|
|
|
return g1HashTbl.log(R); |
|
|
|
} |
|
|
|
} |
|
|
|
int64_t dec(const CipherTextA& c) const |
|
|
|
int64_t dec(const CipherTextA& c) const |
|
|
|
{ |
|
|
|
{ |
|
|
@ -523,8 +533,6 @@ public: |
|
|
|
x2.readStream(is, ioMode); |
|
|
|
x2.readStream(is, ioMode); |
|
|
|
y2.readStream(is, ioMode); |
|
|
|
y2.readStream(is, ioMode); |
|
|
|
z2.readStream(is, ioMode); |
|
|
|
z2.readStream(is, ioMode); |
|
|
|
is >> hashSize >> tryNum; |
|
|
|
|
|
|
|
setDecodeRange(hashSize, tryNum); |
|
|
|
|
|
|
|
return is; |
|
|
|
return is; |
|
|
|
} |
|
|
|
} |
|
|
|
void getStr(std::string& str, int ioMode = 0) const |
|
|
|
void getStr(std::string& str, int ioMode = 0) const |
|
|
@ -541,10 +549,6 @@ public: |
|
|
|
str += y2.getStr(ioMode); |
|
|
|
str += y2.getStr(ioMode); |
|
|
|
str += sep; |
|
|
|
str += sep; |
|
|
|
str += z2.getStr(ioMode); |
|
|
|
str += z2.getStr(ioMode); |
|
|
|
str += ' '; |
|
|
|
|
|
|
|
str += cybozu::itoa(hashSize); |
|
|
|
|
|
|
|
str += ' '; |
|
|
|
|
|
|
|
str += cybozu::itoa(tryNum); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
void setStr(const std::string& str, int ioMode = 0) |
|
|
|
void setStr(const std::string& str, int ioMode = 0) |
|
|
|
{ |
|
|
|
{ |
|
|
@ -568,8 +572,7 @@ public: |
|
|
|
bool operator==(const SecretKey& rhs) const |
|
|
|
bool operator==(const SecretKey& rhs) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
return x1 == rhs.x1 && y1 == rhs.y1 && z1 == rhs.z1 |
|
|
|
return x1 == rhs.x1 && y1 == rhs.y1 && z1 == rhs.z1 |
|
|
|
&& x2 == rhs.x2 && y2 == rhs.y2 && z2 == rhs.z2 |
|
|
|
&& x2 == rhs.x2 && y2 == rhs.y2 && z2 == rhs.z2; |
|
|
|
&& hashSize == rhs.hashSize && tryNum == rhs.tryNum; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
bool operator!=(const SecretKey& rhs) const { return !operator==(rhs); } |
|
|
|
bool operator!=(const SecretKey& rhs) const { return !operator==(rhs); } |
|
|
|
}; |
|
|
|
}; |
|
|
|