arnaucube
/
cryptofun
mirror of https://github.com/arnaucube/cryptofun.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
0 Tags
100 KiB
Tree: 3dfb1e5875
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3dfb1e5875'
${ noResults }
cryptofun/README.md

572 lines
13 KiB
Raw Normal View History

Schnorr signature implemented. ECC point multiplication with big int. Refactor of the code.
5 years ago
rsa encrypt & decrypt, blind signatures, homomorphic multiplication
5 years ago
docs updated
5 years ago
bn128 G1 and G2 operations
5 years ago
rsa encrypt & decrypt, blind signatures, homomorphic multiplication
5 years ago
docs updated
5 years ago
rsa encrypt & decrypt, blind signatures, homomorphic multiplication
5 years ago
docs updated
5 years ago
bn128 G1 and G2 operations
5 years ago
paillier encrypt & decrypt, homomorphic addition
5 years ago
docs updated
5 years ago
rsa encrypt & decrypt, blind signatures, homomorphic multiplication
5 years ago
bn128 G1 and G2 operations
5 years ago
added Diffie-Hellman. Started impl ECC
5 years ago
shamir secret sharing: create secret sharing, and reconstruct secret from shares with Langrange Interpolation
5 years ago
docs updated
5 years ago
docs updated
5 years ago
docs updated
5 years ago
docs updated
5 years ago
docs updated
5 years ago
added Diffie-Hellman. Started impl ECC
5 years ago
bn128 G1 and G2 operations
5 years ago
added Diffie-Hellman. Started impl ECC
5 years ago
shamir secret sharing: create secret sharing, and reconstruct secret from shares with Langrange Interpolation
5 years ago
bn128 G1 and G2 operations
5 years ago
added Diffie-Hellman. Started impl ECC
5 years ago
added ECDSA Sign and Verify signature
5 years ago
added Diffie-Hellman. Started impl ECC
5 years ago
ECC fixed Add, added Mul
5 years ago
docs updated
5 years ago
added ECC ElGamal Encryption and Decryption
5 years ago
bn128 G1 and G2 operations
5 years ago
added ECC ElGamal Encryption and Decryption
5 years ago
docs updated
5 years ago
added ECDSA Sign and Verify signature
5 years ago
bn128 G1 and G2 operations
5 years ago
added ECDSA Sign and Verify signature
5 years ago
docs updated
5 years ago
Schnorr signature implemented. ECC point multiplication with big int. Refactor of the code.
5 years ago
bn128 G1 and G2 operations
5 years ago
Schnorr signature implemented. ECC point multiplication with big int. Refactor of the code.
5 years ago
added ECDSA Sign and Verify signature
5 years ago
bn128 finite fields operations
5 years ago
docs updated
5 years ago
bn128 finite fields operations
5 years ago
docs updated
5 years ago
bn128 finite fields operations
5 years ago
bn128 G1 and G2 operations
5 years ago
bn128 finite fields operations
5 years ago
bn128 G1 and G2 operations
5 years ago
bn128 finite fields operations
5 years ago
docs updated
5 years ago
added ECC ElGamal Encryption and Decryption
5 years ago
ECC fixed Add, added Mul
5 years ago
  1. # cryptofun [![Go Report Card](https://goreportcard.com/badge/github.com/arnaucube/cryptofun)](https://goreportcard.com/report/github.com/arnaucube/cryptofun)
  3. Crypto algorithms from scratch. Academic purposes only.
  7. - [RSA cryptosystem & Blind signature & Homomorphic Multiplication](#rsa-cryptosystem--blind-signature--homomorphic-multiplication)
  8. - [Paillier cryptosystem & Homomorphic Addition](#paillier-cryptosystem--homomorphic-addition)
  9. - [Shamir Secret Sharing](#shamir-secret-sharing)
  10. - [Diffie-Hellman](#diffie-hellman)
  11. - [ECC](#ecc)
  12. - [ECC ElGamal](#ecc-elgamal)
  13. - [ECC ECDSA](#ecc-ecdsa)
  14. - [Schnorr signature](#schnorr-signature)
  15. - [Bn128](#bn128)
  17. ---
  19. ## RSA cryptosystem & Blind signature & Homomorphic Multiplication
  20. - https://en.wikipedia.org/wiki/RSA_(cryptosystem)#
  21. - https://en.wikipedia.org/wiki/Blind_signature
  22. - https://en.wikipedia.org/wiki/Homomorphic_encryption
  24. - [x] GenerateKeyPair
  25. - [x] Encrypt
  26. - [x] Decrypt
  27. - [x] Blind
  28. - [x] Blind Signature
  29. - [x] Unblind Signature
  30. - [x] Verify Signature
  31. - [x] Homomorphic Multiplication
  34. #### Usage
  35. - Key generation, Encryption, Decryption
  36. ```go
  37. // generate key pair
  38. key, err := GenerateKeyPair()
  39. if err!=nil {
  40. fmt.Println(err)
  41. }
  42. mBytes := []byte("Hi")
  43. m := new(big.Int).SetBytes(mBytes)
  45. // encrypt message
  46. c := Encrypt(m, key.PubK)
  48. // decrypt ciphertext
  49. d := Decrypt(c, key.PrivK)
  50. if m == d {
  51. fmt.Println("correctly decrypted")
  52. }
  53. ```
  55. - Blind signatures
  56. ```go
  57. // key generation [Alice]
  58. key, err := GenerateKeyPair()
  59. if err!=nil {
  60. fmt.Println(err)
  61. }
  63. // create new message [Alice]
  64. mBytes := []byte("Hi")
  65. m := new(big.Int).SetBytes(mBytes)
  67. // define r value [Alice]
  68. rVal := big.NewInt(int64(101))
  70. // blind message [Alice]
  71. mBlinded := Blind(m, rVal, key.PubK)
  73. // Blind Sign the blinded message [Bob]
  74. sigma := BlindSign(mBlinded, key.PrivK)
  76. // unblind the blinded signed message, and get the signature of the message [Alice]
  77. mSigned := Unblind(sigma, rVal, key.PubK)
  79. // verify the signature [Alice/Bob/Trudy]
  80. verified := Verify(m, mSigned, key.PubK)
  81. if !verified {
  82. fmt.Println("signature could not be verified")
  83. }
  84. ```
  86. - Homomorphic Multiplication
  87. ```go
  88. // key generation [Alice]
  89. key, err := GenerateKeyPair()
  90. if err!=nil {
  91. fmt.Println(err)
  92. }
  94. // define values [Alice]
  95. n1 := big.NewInt(int64(11))
  96. n2 := big.NewInt(int64(15))
  98. // encrypt the values [Alice]
  99. c1 := Encrypt(n1, key.PubK)
  100. c2 := Encrypt(n2, key.PubK)
  102. // compute homomorphic multiplication with the encrypted values [Bob]
  103. c3c4 := HomomorphicMul(c1, c2, key.PubK)
  105. // decrypt the result [Alice]
  106. d := Decrypt(c3c4, key.PrivK)
  108. // check that the result is the expected
  109. if !bytes.Equal(new(big.Int).Mul(n1, n2).Bytes(), d.Bytes()) {
  110. fmt.Println("decrypted result not equal to expected result")
  111. }
  112. ```
  114. ## Paillier cryptosystem & Homomorphic Addition
  115. - https://en.wikipedia.org/wiki/Paillier_cryptosystem
  116. - https://en.wikipedia.org/wiki/Homomorphic_encryption
  118. - [x] GenerateKeyPair
  119. - [x] Encrypt
  120. - [x] Decrypt
  121. - [x] Homomorphic Addition
  123. #### Usage
  124. - Encrypt, Decrypt
  125. ```go
  126. // key generation
  127. key, err := GenerateKeyPair()
  128. if err!=nil {
  129. fmt.Println(err)
  130. }
  132. mBytes := []byte("Hi")
  133. m := new(big.Int).SetBytes(mBytes)
  135. // encryption
  136. c := Encrypt(m, key.PubK)
  138. // decryption
  139. d := Decrypt(c, key.PubK, key.PrivK)
  140. if m == d {
  141. fmt.Println("ciphertext decrypted correctly")
  142. }
  143. ```
  145. - Homomorphic Addition
  146. ```go
  147. // key generation [Alice]
  148. key, err := GenerateKeyPair()
  149. if err!=nil {
  150. fmt.Println(err)
  151. }
  153. // define values [Alice]
  154. n1 := big.NewInt(int64(110))
  155. n2 := big.NewInt(int64(150))
  157. // encrypt values [Alice]
  158. c1 := Encrypt(n1, key.PubK)
  159. c2 := Encrypt(n2, key.PubK)
  161. // compute homomorphic addition [Bob]
  162. c3c4 := HomomorphicAddition(c1, c2, key.PubK)
  164. // decrypt the result [Alice]
  165. d := Decrypt(c3c4, key.PubK, key.PrivK)
  166. if !bytes.Equal(new(big.Int).Add(n1, n2).Bytes(), d.Bytes()) {
  167. fmt.Println("decrypted result not equal to expected result")
  168. }
  169. ```
  172. ## Shamir Secret Sharing
  173. - https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
  175. - [x] create secret sharing from number of secrets needed, number of shares, random point p, secret to share
  176. - [x] Lagrange Interpolation to restore the secret from the shares
  178. #### Usage
  179. ```go
  180. // define secret to share
  181. k := 123456789
  183. // define random prime
  184. p, err := rand.Prime(rand.Reader, bits/2)
  185. if err!=nil {
  186. fmt.Println(err)
  187. }
  189. // define how many shares want to generate
  190. nShares := big.NewInt(int64(6))
  192. // define how many shares are needed to recover the secret
  193. nNeededShares := big.NewInt(int64(3))
  195. // create the shares
  196. shares, err := Create(
  197. nNeededShares,
  198. nShares,
  199. p,
  200. big.NewInt(int64(k)))
  201. assert.Nil(t, err)
  202. if err!=nil {
  203. fmt.Println(err)
  204. }
  206. // select shares to use
  207. var sharesToUse [][]*big.Int
  208. sharesToUse = append(sharesToUse, shares[2])
  209. sharesToUse = append(sharesToUse, shares[1])
  210. sharesToUse = append(sharesToUse, shares[0])
  212. // recover the secret using Lagrange Interpolation
  213. secr := LagrangeInterpolation(sharesToUse, p)
  215. // check that the restored secret matches the original secret
  216. if !bytes.Equal(k.Bytes(), secr.Bytes()) {
  217. fmt.Println("reconstructed secret not correspond to original secret")
  218. }
  219. ```
  221. ## Diffie-Hellman
  222. - https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
  224. - [x] key exchange
  226. ## ECC
  227. - https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
  229. - [x] define elliptic curve
  230. - [x] get point at X
  231. - [x] get order of a Point on the elliptic curve
  232. - [x] Add two points on the elliptic curve
  233. - [x] Multiply a point n times on the elliptic curve
  235. #### Usage
  236. - ECC basic operations
  237. ```go
  238. // define new ec
  239. ec := NewEC(big.NewInt(int64(0)), big.NewInt(int64(7)), big.NewInt(int64(11)))
  241. // define two points over the curve
  242. p1 := Point{big.NewInt(int64(4)), big.NewInt(int64(7))}
  243. p2 := Point{big.NewInt(int64(2)), big.NewInt(int64(2))}
  245. // add the two points
  246. q, err := ec.Add(p1, p2)
  247. if err!=nil {
  248. fmt.Println(err)
  249. }
  251. // multiply the two points
  252. q, err := ec.Mul(p, big.NewInt(int64(1)))
  253. if err!=nil {
  254. fmt.Println(err)
  255. }
  257. // get order of a generator point over the elliptic curve
  258. g := Point{big.NewInt(int64(7)), big.NewInt(int64(8))}
  259. order, err := ec.Order(g)
  260. if err!=nil {
  261. fmt.Println(err)
  262. }
  263. ```
  268. ## ECC ElGamal
  269. - https://en.wikipedia.org/wiki/ElGamal_encryption
  271. - [x] ECC ElGamal key generation
  272. - [x] ECC ElGamal Encrypton
  273. - [x] ECC ElGamal Decryption
  276. #### Usage
  277. - NewEG, Encryption, Decryption
  278. ```go
  279. // define new elliptic curve
  280. ec := ecc.NewEC(big.NewInt(int64(1)), big.NewInt(int64(18)), big.NewInt(int64(19)))
  282. // define new point
  283. g := ecc.Point{big.NewInt(int64(7)), big.NewInt(int64(11))}
  285. // define new ElGamal crypto system with the elliptic curve and the point
  286. eg, err := NewEG(ec, g)
  287. if err!=nil {
  288. fmt.Println(err)
  289. }
  291. // define privK&pubK over the elliptic curve
  292. privK := big.NewInt(int64(5))
  293. pubK, err := eg.PubK(privK)
  294. if err!=nil {
  295. fmt.Println(err)
  296. }
  298. // define point to encrypt
  299. m := ecc.Point{big.NewInt(int64(11)), big.NewInt(int64(12))}
  301. // encrypt
  302. c, err := eg.Encrypt(m, pubK, big.NewInt(int64(15)))
  303. if err!=nil {
  304. fmt.Println(err)
  305. }
  307. // decrypt
  308. d, err := eg.Decrypt(c, privK)
  309. if err!=nil {
  310. fmt.Println(err)
  311. }
  313. // check that decryption is correct
  314. if !m.Equal(d) {
  315. fmt.Println("decrypted not equal to original")
  316. }
  317. ```
  321. ## ECC ECDSA
  322. - https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
  324. - [x] define ECDSA data structure
  325. - [x] ECDSA Sign
  326. - [x] ECDSA Verify signature
  329. #### Usage
  330. ```go
  331. // define new elliptic curve
  332. ec := ecc.NewEC(big.NewInt(int64(1)), big.NewInt(int64(18)), big.NewInt(int64(19)))
  333. // define new point
  334. g := ecc.Point{big.NewInt(int64(7)), big.NewInt(int64(11))}
  336. // define new ECDSA system
  337. dsa, err := NewDSA(ec, g)
  338. if err!=nil {
  339. fmt.Println(err)
  340. }
  342. // define privK&pubK over the elliptic curve
  343. privK := big.NewInt(int64(5))
  344. pubK, err := dsa.PubK(privK)
  345. if err!=nil {
  346. fmt.Println(err)
  347. }
  349. // hash value to sign
  350. hashval := big.NewInt(int64(40))
  352. // define r
  353. r := big.NewInt(int64(11))
  355. // sign hashed value
  356. sig, err := dsa.Sign(hashval, privK, r)
  357. if err!=nil {
  358. fmt.Println(err)
  359. }
  361. // verify signature
  362. verified, err := dsa.Verify(hashval, sig, pubK)
  363. if err!=nil {
  364. fmt.Println(err)
  365. }
  366. if verified {
  367. fmt.Println("signature correctly verified")
  368. }
  369. ```
  371. ## Schnorr signature
  372. - https://en.wikipedia.org/wiki/Schnorr_signature
  374. - [x] Hash[M || R] (where M is the msg bytes and R is a Point on the ECC, using sha256 hash function)
  375. - [x] Generate Schnorr scheme
  376. - [x] Sign
  377. - [x] Verify signature
  380. #### Usage
  381. ```go
  382. // define new elliptic curve
  383. ec := ecc.NewEC(big.NewInt(int64(0)), big.NewInt(int64(7)), big.NewInt(int64(11)))
  384. // define new point
  385. g := ecc.Point{big.NewInt(int64(11)), big.NewInt(int64(27))} // Generator
  386. // define new random r
  387. r := big.NewInt(int64(23)) // random r
  389. // define new Schnorr crypto system using the values
  390. schnorr, sk, err := Gen(ec, g, r)
  391. if err!=nil {
  392. fmt.println(err)
  393. }
  395. // define message to sign
  396. m := []byte("hola")
  398. // also we can hash the message, but it's not mandatory, as it will be done inside the schnorr.Sign, but we can perform it now, just to check the function
  399. h := Hash([]byte("hola"), c)
  400. if h.String() != "34719153732582497359642109898768696927847420320548121616059449972754491425079") {
  401. fmt.Println("not correctly hashed")
  402. }
  404. s, rPoint, err := schnorr.Sign(sk, m)
  405. if err!=nil {
  406. fmt.println(err)
  407. }
  409. // verify Schnorr signature
  410. verified, err := Verify(schnorr.EC, sk.PubK, m, s, rPoint)
  411. if err!=nil {
  412. fmt.println(err)
  413. }
  414. if verified {
  415. fmt.Println("Schnorr signature correctly verified")
  416. }
  417. ```
  421. ## Bn128
  422. **[not finished]**
  424. This is implemented followng the implementations and info from:
  425. - https://github.com/iden3/zksnark
  426. - https://github.com/zcash/zcash/tree/master/src/snark
  427. - https://github.com/ethereum/py_ecc/tree/master/py_ecc/bn128
  428. - `Multiplication and Squaring on Pairing-Friendly
  429. Fields`, Augusto Jun Devegili, Colm Ó hÉigeartaigh, Michael Scott, and Ricardo Dahab https://pdfs.semanticscholar.org/3e01/de88d7428076b2547b60072088507d881bf1.pdf
  430. - `Optimal Pairings`, Frederik Vercauteren https://www.cosic.esat.kuleuven.be/bcrypt/optimal.pdf
  431. - `Double-and-Add with Relative Jacobian
  432. Coordinates`, Björn Fay https://eprint.iacr.org/2014/1014.pdf
  433. - `Fast and Regular Algorithms for Scalar Multiplication
  434. over Elliptic Curves`, Matthieu Rivain https://eprint.iacr.org/2011/338.pdf
  436. - [x] Fq, Fq2, Fq6, Fq12 operations
  437. - [x] G1, G2 operations
  440. #### Usage
  441. First let's define three basic functions to convert integer compositions to big integer compositions:
  442. ```go
  443. func iToBig(a int) *big.Int {
  444. return big.NewInt(int64(a))
  445. }
  447. func iiToBig(a, b int) [2]*big.Int {
  448. return [2]*big.Int{iToBig(a), iToBig(b)}
  449. }
  451. func iiiToBig(a, b int) [2]*big.Int {
  452. return [2]*big.Int{iToBig(a), iToBig(b)}
  453. }
  454. ```
  456. - Finite Fields (1, 2, 6, 12) operations
  457. ```go
  458. // new finite field of order 1
  459. fq1 := NewFq(iToBig(7))
  461. // basic operations of finite field 1
  462. res := fq1.Add(iToBig(4), iToBig(4))
  463. res = fq1.Double(iToBig(5))
  464. res = fq1.Sub(iToBig(5), iToBig(7))
  465. res = fq1.Neg(iToBig(5))
  466. res = fq1.Mul(iToBig(5), iToBig(11))
  467. res = fq1.Inverse(iToBig(4))
  468. res = fq1.Square(iToBig(5))
  470. // new finite field of order 2
  471. nonResidueFq2str := "-1" // i / Beta
  472. nonResidueFq2, ok := new(big.Int).SetString(nonResidueFq2str, 10)
  473. fq2 := Fq2{fq1, nonResidueFq2}
  474. nonResidueFq6 := iiToBig(9, 1)
  476. // basic operations of finite field of order 2
  477. res := fq2.Add(iiToBig(4, 4), iiToBig(3, 4))
  478. res = fq2.Double(iiToBig(5, 3))
  479. res = fq2.Sub(iiToBig(5, 3), iiToBig(7, 2))
  480. res = fq2.Neg(iiToBig(4, 4))
  481. res = fq2.Mul(iiToBig(4, 4), iiToBig(3, 4))
  482. res = fq2.Inverse(iiToBig(4, 4))
  483. res = fq2.Div(iiToBig(4, 4), iiToBig(3, 4))
  484. res = fq2.Square(iiToBig(4, 4))
  487. // new finite field of order 6
  488. nonResidueFq6 := iiToBig(9, 1) // TODO
  489. fq6 := Fq6{fq2, nonResidueFq6}
  491. // define two new values of Finite Field 6, in order to be able to perform the operations
  492. a := [3][2]*big.Int{
  493. iiToBig(1, 2),
  494. iiToBig(3, 4),
  495. iiToBig(5, 6)}
  496. b := [3][2]*big.Int{
  497. iiToBig(12, 11),
  498. iiToBig(10, 9),
  499. iiToBig(8, 7)}
  501. // basic operations of finite field order 6
  502. res := fq6.Add(a, b)
  503. res = fq6.Sub(a, b)
  504. res = fq6.Mul(a, b)
  505. divRes := fq6.Div(mulRes, b)
  508. // new finite field of order 12
  509. q, ok := new(big.Int).SetString("21888242871839275222246405745257275088696311157297823662689037894645226208583", 10) // i
  510. if !ok {
  511. fmt.Println("error parsing string to big integer")
  512. }
  514. fq1 := NewFq(q)
  515. nonResidueFq2, ok := new(big.Int).SetString("21888242871839275222246405745257275088696311157297823662689037894645226208582", 10) // i
  516. assert.True(t, ok)
  517. nonResidueFq6 := iiToBig(9, 1)
  519. fq2 := Fq2{fq1, nonResidueFq2}
  520. fq6 := Fq6{fq2, nonResidueFq6}
  521. fq12 := Fq12{fq6, fq2, nonResidueFq6}
  523. ```
  525. - G1 operations
  526. ```go
  527. bn128, err := NewBn128()
  528. assert.Nil(t, err)
  530. r1 := big.NewInt(int64(33))
  531. r2 := big.NewInt(int64(44))
  533. gr1 := bn128.G1.MulScalar(bn128.G1.G, bn128.Fq1.Copy(r1))
  534. gr2 := bn128.G1.MulScalar(bn128.G1.G, bn128.Fq1.Copy(r2))
  536. grsum1 := bn128.G1.Add(gr1, gr2)
  537. r1r2 := bn128.Fq1.Add(r1, r2)
  538. grsum2 := bn128.G1.MulScalar(bn128.G1.G, r1r2)
  540. a := bn128.G1.Affine(grsum1)
  541. b := bn128.G1.Affine(grsum2)
  542. assert.Equal(t, a, b)
  543. assert.Equal(t, "0x2f978c0ab89ebaa576866706b14787f360c4d6c3869efe5a72f7c3651a72ff00", utils.BytesToHex(a[0].Bytes()))
  544. assert.Equal(t, "0x12e4ba7f0edca8b4fa668fe153aebd908d322dc26ad964d4cd314795844b62b2", utils.BytesToHex(a[1].Bytes()))
  545. ```
  547. - G2 operations
  548. ```go
  549. bn128, err := NewBn128()
  550. assert.Nil(t, err)
  552. r1 := big.NewInt(int64(33))
  553. r2 := big.NewInt(int64(44))
  555. gr1 := bn128.G2.MulScalar(bn128.G2.G, bn128.Fq1.Copy(r1))
  556. gr2 := bn128.G2.MulScalar(bn128.G2.G, bn128.Fq1.Copy(r2))
  558. grsum1 := bn128.G2.Add(gr1, gr2)
  559. r1r2 := bn128.Fq1.Add(r1, r2)
  560. grsum2 := bn128.G2.MulScalar(bn128.G2.G, r1r2)
  562. a := bn128.G2.Affine(grsum1)
  563. b := bn128.G2.Affine(grsum2)
  564. assert.Equal(t, a, b)
  565. ```
  567. ---
  569. To run all tests:
  570. ```
  571. go test ./... -v
  572. ```