Header file containing the functions used by both scheme's implementations. More...

#include <string.h>
#include <assert.h>
#include <pbc/pbc.h>
#include <nettle/sha1.h>
#include <nettle/sha2.h>
#include "data.h"

Functions
unsigned int	non_generic_dlog_secure_size_by_security_level (unsigned int sec_lvl)
	Get the size of the non generic dlog secure size based on the NIST suggestions. More...

uint16_t	hash (uint8_t digest[MAX_DIGEST_SIZE], const void *data, size_t len, hash_type_t hash_type)
	Generate the digest of the data using the hash_type algorithm. More...

uint16_t	hash_element (uint8_t digest[MAX_DIGEST_SIZE], element_t e, hash_type_t hash_type)
	Generate the digest of the element using the hash_type algorithm. More...

void	hash_warrant_and_r (element_t h, element_t r, warrant_t m, hash_type_t hash_type)
	hash both the warrant and the random value r and return the result in h, an element of Zq*. More...

void	calculate_beta (uint8_t beta[], const uint8_t msg[], size_t msg_size, sv_public_params_t public_p)
	Calculate the value of beta. Starting from the message to be signed and the public parameters of the scheme, beta is obtained as: beta = F1(msg) \|\| F2(F1(msg)) (+) msg) More...

void	params_init (pbc_param_t pairings_p, int sec_lvl)
	Initialize the pairings parameters. More...

void	setup (sv_public_params_t public_p, sv_secret_params_t secret_p, int sec_lvl, hash_type_t hash_type)
	Initialization function for the scheme. It takes as input a security parameter lambda and the hash function to use. It will take care of generating the parameters of the pairing. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2). More...

void	setup_from_params (sv_public_params_t public_p, sv_secret_params_t secret_p, hash_type_t hash_type, pbc_param_t pairing_p)
	Initialization function for the scheme. It takes as input the hash function to use and the parameters of the pairing. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2). More...

void	setup_from_str (sv_public_params_t public_p, sv_secret_params_t secret_p, char pairing_p_str[])
	Initialization function for the scheme. It takes as input the string representation of the parameters of the pairing, as well as the hash function to use. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2). More...

void	public_params_pp (sv_public_params_t public_p)
	Apply all possible precomputations on the public parameters. More...

void	extract_p (sv_user_t user, sv_public_params_t public_p)
	Produces the public key pk_id from an identity. It uses the hash function H0 to map the any string {0, 1}*, representing the identity, to an element of G1: pk_id = H0(identity). More...

void	extract_s (sv_user_t user, sv_secret_params_t secret_p)
	Produces the secret key sk_id from an identity. It uses the hash function H0 to map the any string {0, 1}, representing the identity, to an element of G1. Then multiplies the master key sk with the result of the hash function: sk_id = sk H0(identity). More...

void	delegate (delegation_t w, sv_user_t from, sv_user_t to, sv_public_params_t public_p)
	Delegates the right to sign messages to the identity id. The original signer selects k in Zq* and computes the following values: More...

int	del_verify (delegation_t w, sv_public_params_t public_p)
	Verifies the validity of a delegation. After receiving the delegation W = (m, r, S), the verifier computes the following values: More...

void	pk_gen (element_t k_sign, sv_user_t user, delegation_t w, sv_public_params_t public_p)
	Produces a proxy signing key from a delegation. If the delegate used accepts the delegation, it can produce a proxy signing key. It does so by computing the following values: More...

Detailed Description

Header file containing the functions used by both scheme's implementations.

Author: TendTo (https://github.com/TendTo)

Function Documentation

◆ calculate_beta()

void calculate_beta	(	uint8_t	beta[],
		const uint8_t	msg[],
		size_t	msg_size,
		sv_public_params_t	public_p
	)

Calculate the value of beta. Starting from the message to be signed and the public parameters of the scheme, beta is obtained as: beta = F1(msg) || F2(F1(msg)) (+) msg)

Parameters

beta	output of the hash function.
msg	message to be hashed.
msg_size	size of the message to be signed in bytes.
public_p	public parameters of the scheme.

◆ del_verify()

int del_verify	(	delegation_t	w,
		sv_public_params_t	public_p
	)

Verifies the validity of a delegation. After receiving the delegation W = (m, r, S), the verifier computes the following values:

h = H1(m, r)
q = H0(identity) The delegation is valid and 1 is returned if and only if the following equation holds: e(S, P) = e(pk_id, P)^h * r. In any other case, 0 is returned.

Parameters

w	delegation to be verified.
public_p	All the public parameters of the scheme.

Returns: whether the delegation has been created by the identity user (1) or not (0).

◆ delegate()

void delegate	(	delegation_t	w,
		sv_user_t	from,
		sv_user_t	to,
		sv_public_params_t	public_p
	)

Delegates the right to sign messages to the identity id. The original signer selects k in Zq* and computes the following values:

r = e(P, P)^k (in GT)
h = H1(m, r) (in Zq*)
S = h * sk + k * P (in G1) The resulting delegation is W = (m, r, S).

Parameters

w	delegation to be created.
from	user creating a delegation. The sk must be initialized.
to	user receiving the delegation.
public_p	All the public parameters of the scheme.

Warning: The secret key of the user creating the delegation must be initialized.

◆ extract_p()

void extract_p	(	sv_user_t	user,
		sv_public_params_t	public_p
	)

Produces the public key pk_id from an identity. It uses the hash function H0 to map the any string {0, 1}*, representing the identity, to an element of G1: pk_id = H0(identity).

Parameters

user	User struct that will contain the public key.
public_p	All the public parameters of the scheme.

◆ extract_s()

void extract_s	(	sv_user_t	user,
		sv_secret_params_t	secret_p
	)

Produces the secret key sk_id from an identity. It uses the hash function H0 to map the any string {0, 1}*, representing the identity, to an element of G1. Then multiplies the master key sk with the result of the hash function: sk_id = sk * H0(identity).

Parameters

user	User struct that will contain the secret key.
secret_p	All the secret parameters of the user.

◆ hash()

uint16_t hash	(	uint8_t	digest[MAX_DIGEST_SIZE],
		const void *	data,
		size_t	len,
		hash_type_t	hash_type
	)

Generate the digest of the data using the hash_type algorithm.

Parameters

digest	ouput digest obtained by applying the hash_type algorithm to data.
data	data to be hashed.
len	length of the data buffer in bytes.
hash_type	hash algorithm to be used.

Returns: uint16_t length of the digest in bytes.

◆ hash_element()

uint16_t hash_element	(	uint8_t	digest[MAX_DIGEST_SIZE],
		element_t	e,
		hash_type_t	hash_type
	)

Generate the digest of the element using the hash_type algorithm.

Parameters

digest	output digest obtained by applying the hash_type algorithm to the element.
e	element to be hashed.
hash_type	hash algorithm to be used.

Returns: uint16_t length of the digest in bytes.

◆ hash_warrant_and_r()

void hash_warrant_and_r	(	element_t	h,
		element_t	r,
		warrant_t	m,
		hash_type_t	hash_type
	)

hash both the warrant and the random value r and return the result in h, an element of Zq*.

Warning: h must be initialized before calling this function.

Parameters

h	element of Zq* where the hash is stored.
r	element r that will be hashed.
m	warrant to be hashed.
hash_type	hash algorithm to be used.

◆ non_generic_dlog_secure_size_by_security_level()

unsigned int non_generic_dlog_secure_size_by_security_level ( unsigned int sec_lvl )

Get the size of the non generic dlog secure size based on the NIST suggestions.

Parameters

sec_lvl security expressed as a number of bits.

Returns: unsigned int secure size of elements in the group in bits.

◆ params_init()

void params_init	(	pbc_param_t	pairings_p,
		int	sec_lvl
	)

Initialize the pairings parameters.

Parameters

pairings_p	Structure where the parameters are stored.
sec_lvl	The security level the scheme is expected to have.

◆ pk_gen()

void pk_gen	(	element_t	k_sign,
		sv_user_t	user,
		delegation_t	w,
		sv_public_params_t	public_p
	)

Produces a proxy signing key from a delegation. If the delegate used accepts the delegation, it can produce a proxy signing key. It does so by computing the following values:

h = H1(m, r)
psk = h * d + S

Parameters

k_sign	proxy signing key to be created.
user	delegated user who wants to sign a message. The sk must be initialized.
w	delegation that validates the proxy signing key.
public_p	All the public parameters of the scheme.

Warning: The delegated user must have the secret key initialized.

◆ public_params_pp()

void public_params_pp ( sv_public_params_t public_p )

Apply all possible precomputations on the public parameters.

Parameters

public_p All the public parameters of the scheme.

◆ setup()

void setup	(	sv_public_params_t	public_p,
		sv_secret_params_t	secret_p,
		int	sec_lvl,
		hash_type_t	hash_type
	)

Initialization function for the scheme. It takes as input a security parameter lambda and the hash function to use. It will take care of generating the parameters of the pairing. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2).

Parameters

public_p	All the public parameters created through the setup.
secret_p	Secret parameters created through the setup.
sec_lvl	The security level the scheme is expected to have.
hash_type	The hash function used by the scheme.

◆ setup_from_params()

void setup_from_params	(	sv_public_params_t	public_p,
		sv_secret_params_t	secret_p,
		hash_type_t	hash_type,
		pbc_param_t	pairing_p
	)

Initialization function for the scheme. It takes as input the hash function to use and the parameters of the pairing. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2).

Parameters

public_p	All the public parameters created through the setup.
secret_p	Secret parameters created through the setup.
hash_type	The hash function used by the scheme.
pairing_p	Parameters of the pairing.

◆ setup_from_str()

void setup_from_str	(	sv_public_params_t	public_p,
		sv_secret_params_t	secret_p,
		char	pairing_p_str[]
	)

Initialization function for the scheme. It takes as input the string representation of the parameters of the pairing, as well as the hash function to use. Produces the master key msk and the system's parameters (G1, G2, H0, H1, H2, F1, F2, e, P, pk, q, l1, l2).

Warning: If the string does not contain a master key msk, the secret parameters will not be initialized. This is not a problem if the msk is not needed.

Parameters

public_p	All the public parameters created through the setup.
secret_p	Secret parameters created through the setup.
pairing_p_str	String representation of the parameters of the pairing.

Functions

Detailed Description

Function Documentation

◆ calculate_beta()

◆ del_verify()

◆ delegate()

◆ extract_p()

◆ extract_s()

◆ hash()

◆ hash_element()

◆ hash_warrant_and_r()

◆ non_generic_dlog_secure_size_by_security_level()

◆ params_init()

◆ pk_gen()

◆ public_params_pp()

◆ setup()

◆ setup_from_params()

◆ setup_from_str()