WCjrCK
diff --git a/‎PBCTest.py‎
Lines changed: 2 additions & 1 deletion b/‎PBCTest.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/main/java/scheme/CH/CH_FS_ECC_CCT_2024/MCL_GT.java‎
Lines changed: 118 additions & 0 deletions b/‎src/main/java/scheme/CH/CH_FS_ECC_CCT_2024/MCL_GT.java‎
Lines changed: 118 additions & 0 deletions
diff --git a/‎src/main/java/scheme/CH/CH_KEF_CZK_2004/MCL_GT.java‎
Lines changed: 81 additions & 0 deletions b/‎src/main/java/scheme/CH/CH_KEF_CZK_2004/MCL_GT.java‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎src/main/java/scheme/CH/CH_KEF_DLP_LLA_2012/MCL_GT.java‎
Lines changed: 146 additions & 0 deletions b/‎src/main/java/scheme/CH/CH_KEF_DLP_LLA_2012/MCL_GT.java‎
Lines changed: 146 additions & 0 deletions
@@ -13,7 +13,8 @@
     'CH_KEF_DLP_LLA_2012',
     'CH_KEF_MH_RSA_F_AM_2004',
     'CH_KEF_MH_RSANN_F_AM_2004',
-    'CH_KEF_MH_SDH_DL_AM_2004'
+    'CH_KEF_MH_SDH_DL_AM_2004',
+    'CHET_RSA_CDK_2017'
 ] + late
 
 os.system(f'mvn -Dtest=PBCTest.BasicTimeTest test')
 
@@ -0,0 +1,118 @@
+package scheme.CH.CH_FS_ECC_CCT_2024;
+
+import base.GroupParam.MCL.SingleGroup;
+import com.herumi.mcl.Fr;
+import com.herumi.mcl.GT;
+import com.herumi.mcl.Mcl;
+import utils.Hash;
+
+/*
+ * Reconstructing Chameleon Hash: Full Security and the Multi-Party Setting
+ * P6. 3.2 ECC-based Construction
+ */
+
+@SuppressWarnings("SuspiciousNameCombination")
+public class MCL_GT {
+    public static class PublicParam {
+        public SingleGroup.SingleGroupGT GP = new SingleGroup.SingleGroupGT();
+        public GT g = new GT();
+
+        public PublicParam() {
+            GP.GetGElement(g);
+        }
+
+        private void H_p(Fr res, String m) {
+            Hash.H_MCL_Zr_1(res, m);
+        }
+
+        public void H(GT res, Fr m) {
+            Hash.H_MCL_GT_1(res, m.toString());
+        }
+
+        public void H_p(Fr res, GT m1, GT m2, GT m3, Fr m4) {
+            H_p(res, String.format("%s|%s|%s|%s", m1, m2, m3, m4));
+        }
+    }
+
+    public static class PublicKey {
+        public GT g_x = new GT();
+    }
+
+    public static class SecretKey {
+        public Fr x = new Fr();
+    }
+
+    public static class HashValue {
+        public GT h = new GT();
+    }
+
+    public static class Randomness {
+        public Fr z_1 = new Fr(), z_2 = new Fr(), c_1 = new Fr();
+    }
+
+    private final GT[] G_tmp = new GT[]{new GT(), new GT(), new GT()};
+    private final Fr[] Fr_tmp = new Fr[]{new Fr(), new Fr()};
+
+    public void KeyGen(PublicKey pk, SecretKey sk, PublicParam pp) {
+        pp.GP.GetZrElement(sk.x);
+        Mcl.pow(pk.g_x, pp.g, sk.x);
+    }
+
+    public void Hash(HashValue H, Randomness R, PublicParam pp, PublicKey pk, Fr m) {
+        pp.GP.GetZrElement(Fr_tmp[0]);
+        Mcl.pow(H.h, pp.g, Fr_tmp[0]);
+
+        pp.GP.GetZrElement(Fr_tmp[1]);
+
+        Mcl.pow(G_tmp[0], pp.g, Fr_tmp[1]);
+        pp.H_p(R.c_1, G_tmp[0], pk.g_x, H.h, m);
+
+        pp.GP.GetZrElement(R.z_1);
+        Mcl.pow(G_tmp[0], pp.g, R.z_1);
+        Mcl.pow(G_tmp[1], pk.g_x, R.c_1);
+        Mcl.mul(G_tmp[0], G_tmp[0], G_tmp[1]);
+        pp.H_p(R.z_2, G_tmp[0], pk.g_x, H.h, m);
+
+        Mcl.mul(R.z_2, R.z_2, Fr_tmp[0]);
+        Mcl.sub(R.z_2, Fr_tmp[1], R.z_2);
+
+        pp.H(G_tmp[0], m);
+        Mcl.mul(H.h, H.h, G_tmp[0]);
+    }
+
+    public boolean Check(HashValue H, Randomness R, PublicParam pp, PublicKey pk, Fr m) {
+        pp.H(G_tmp[0], m);
+        Mcl.inv(G_tmp[0], G_tmp[0]);
+        Mcl.mul(G_tmp[0], H.h, G_tmp[0]);
+
+        Mcl.pow(G_tmp[1], pp.g, R.z_1);
+        Mcl.pow(G_tmp[2], pk.g_x, R.c_1);
+        Mcl.mul(G_tmp[1], G_tmp[1], G_tmp[2]);
+        pp.H_p(Fr_tmp[0], G_tmp[1], pk.g_x, G_tmp[0], m);
+
+        Mcl.pow(G_tmp[1], pp.g, R.z_2);
+        Mcl.pow(G_tmp[2], G_tmp[0], Fr_tmp[0]);
+        Mcl.mul(G_tmp[1], G_tmp[1], G_tmp[2]);
+        pp.H_p(Fr_tmp[0], G_tmp[1], pk.g_x, G_tmp[0], m);
+        return R.c_1.equals(Fr_tmp[0]);
+    }
+
+    public void Adapt(Randomness R_p, HashValue H, Randomness R, PublicParam pp, PublicKey pk, SecretKey sk, Fr m, Fr m_p) {
+        if(!Check(H, R, pp, pk, m)) throw new RuntimeException("wrong hash value");
+        pp.H(G_tmp[0], m_p);
+        Mcl.inv(G_tmp[0], G_tmp[0]);
+        Mcl.mul(G_tmp[0], H.h, G_tmp[0]);
+        pp.GP.GetZrElement(Fr_tmp[0]);
+        pp.GP.GetZrElement(R_p.z_2);
+        Mcl.pow(G_tmp[1], pp.g, Fr_tmp[0]);
+        pp.H_p(Fr_tmp[1], G_tmp[1], pk.g_x, G_tmp[0], m_p);
+
+        Mcl.pow(G_tmp[1], pp.g, R_p.z_2);
+        Mcl.pow(G_tmp[2], G_tmp[0], Fr_tmp[1]);
+        Mcl.mul(G_tmp[1], G_tmp[1], G_tmp[2]);
+        pp.H_p(R_p.c_1, G_tmp[1], pk.g_x, G_tmp[0], m_p);
+
+        Mcl.mul(R_p.z_1, R_p.c_1, sk.x);
+        Mcl.sub(R_p.z_1, Fr_tmp[0], R_p.z_1);
+    }
+}
@@ -0,0 +1,81 @@
+package scheme.CH.CH_KEF_CZK_2004;
+
+import base.GroupParam.MCL.SingleGroup;
+import com.herumi.mcl.Fr;
+import com.herumi.mcl.GT;
+import com.herumi.mcl.Mcl;
+import utils.Hash;
+
+/*
+ * Chameleon Hashing without Key Exposure
+ * P7. 3.3.1 The scheme
+ */
+
+@SuppressWarnings("SuspiciousNameCombination")
+public class MCL_GT {
+    public static class PublicParam {
+        public SingleGroup.SingleGroupGT GP = new SingleGroup.SingleGroupGT();
+        GT g = new GT();
+
+        public PublicParam() {
+            GP.GetGElement(g);
+        }
+
+        public void H(GT res, String m) {
+            Hash.H_MCL_GT_1(res, m);
+        }
+    }
+
+    public static class PublicKey {
+        public GT y = new GT();
+    }
+
+    public static class SecretKey {
+        public Fr x = new Fr();
+    }
+
+    public static class HashValue {
+        public GT h = new GT();
+    }
+
+    public static class Randomness {
+        public GT g_a = new GT(), y_a = new GT();
+    }
+
+    private final GT[] G_tmp = new GT[]{new GT()};
+    private final Fr[] Fr_tmp = new Fr[]{new Fr()};
+
+    private static void getHashValue(GT res, Randomness R, PublicParam SP, GT I, Fr m) {
+        Mcl.mul(res, SP.g, I);
+        Mcl.pow(res, res, m);
+        Mcl.mul(res, res, R.y_a);
+    }
+
+    public void KeyGen(PublicKey pk, SecretKey sk, PublicParam SP) {
+        SP.GP.GetZrElement(sk.x);
+        Mcl.pow(pk.y, SP.g, sk.x);
+    }
+
+    public void Hash(HashValue H, Randomness R, PublicParam SP, PublicKey pk, GT I, Fr m) {
+        SP.GP.GetZrElement(Fr_tmp[0]);
+        Mcl.pow(R.g_a, SP.g, Fr_tmp[0]);
+        Mcl.pow(R.y_a, pk.y, Fr_tmp[0]);
+        getHashValue(H.h, R, SP, I, m);
+    }
+
+    public boolean Check(HashValue H, Randomness R, PublicParam SP, GT I, Fr m) {
+        getHashValue(G_tmp[0], R, SP, I, m);
+        return H.h.equals(G_tmp[0]);
+    }
+
+    public void Adapt(Randomness R_p, Randomness R, PublicParam SP, SecretKey sk, GT I, Fr m, Fr m_p) {
+        Mcl.mul(R_p.g_a, SP.g, I);
+        Mcl.sub(Fr_tmp[0], m, m_p);
+        Mcl.pow(R_p.y_a, R_p.g_a, Fr_tmp[0]);
+        Mcl.mul(R_p.y_a, R_p.y_a, R.y_a);
+
+        Mcl.div(Fr_tmp[0], Fr_tmp[0], sk.x);
+        Mcl.pow(R_p.g_a, R_p.g_a, Fr_tmp[0]);
+        Mcl.mul(R_p.g_a, R_p.g_a, R.g_a);
+    }
+}
@@ -0,0 +1,146 @@
+package scheme.CH.CH_KEF_DLP_LLA_2012;
+
+import base.GroupParam.MCL.SingleGroup;
+import com.herumi.mcl.Fr;
+import com.herumi.mcl.GT;
+import com.herumi.mcl.Mcl;
+import utils.Hash;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@SuppressWarnings({"DuplicatedCode", "SuspiciousNameCombination"})
+public class MCL_GT {
+    public static class Label {
+        public GT L = new GT(), R = new GT();
+    }
+
+    public static class LabelGen {
+        public GT y_1 = new GT(), omega_1 = new GT();
+    }
+
+    public static class LabelManager {
+        public Map<String, LabelGen> Dict = new HashMap<>();
+        public PublicParam pp;
+
+        public LabelManager(PublicParam pp) {
+            this.pp = pp;
+        }
+
+        public void add(PublicKey pk, LabelGen lg) {
+            Dict.put(pk.toString(), lg);
+        }
+
+        public void get(Label L, PublicKey pk) {
+            get(L, pk, new GT[]{new GT()}, new Fr[]{new Fr()});
+        }
+
+        public void get(Label L, PublicKey pk, GT[] G_tmp, Fr[] Fr_tmp) {
+            pp.GP.GetGElement(G_tmp[0]);
+            pp.H2(Fr_tmp[0], G_tmp[0]);
+            LabelGen lg = Dict.get(pk.toString());
+            Mcl.pow(L.L, lg.y_1, Fr_tmp[0]);
+            Mcl.pow(L.R, lg.omega_1, Fr_tmp[0]);
+            Mcl.mul(L.R, G_tmp[0], L.R);
+        }
+    }
+
+    public static class PublicParam {
+        public SingleGroup.SingleGroupGT GP = new SingleGroup.SingleGroupGT();
+
+        public void H1(Fr res, GT m1, GT m2, GT m3) {
+            Hash.H_MCL_Zr_1(res, String.format("%s|%s|%s", m1, m2, m3));
+        }
+
+        public void H2(Fr res, GT m1) {
+            Hash.H_MCL_Zr_1(res, m1.toString());
+        }
+    }
+
+    public static class PublicKey {
+        public GT g = new GT(), y_2 = new GT();
+
+        public String toString() {
+            return String.format("%s|%s", g, y_2);
+        }
+    }
+
+    public static class SecretKey {
+        public Fr alpha = new Fr(), x_1 = new Fr(), x_2 = new Fr();
+    }
+
+    public static class HashValue {
+        public GT S = new GT();
+    }
+
+    public static class Randomness {
+        Fr r = new Fr();
+    }
+
+    private final GT[] G_tmp = new GT[]{new GT(), new GT()};
+    private final Fr[] Fr_tmp = new Fr[]{new Fr(), new Fr()};
+
+    private void getHashValue(GT res, Randomness r, Label L, PublicParam PP, PublicKey pk, Fr m) {
+        Mcl.pow(res, pk.g, m);
+        PP.H1(Fr_tmp[0], L.L, L.R, L.L);
+        Mcl.pow(G_tmp[0], pk.y_2, Fr_tmp[0]);
+        Mcl.mul(G_tmp[0], G_tmp[0], L.L);
+        Mcl.pow(G_tmp[0], G_tmp[0], r.r);
+        Mcl.mul(res, res, G_tmp[0]);
+    }
+
+    public void KeyGen(PublicKey pk, SecretKey sk, PublicParam PP, LabelManager LM) {
+        PP.GP.GetGElement(pk.g);
+        PP.GP.GetZrElement(sk.alpha);
+        PP.GP.GetZrElement(sk.x_1);
+        PP.GP.GetZrElement(sk.x_2);
+        LabelGen lg = new LabelGen();
+        Mcl.pow(lg.y_1, pk.g, sk.x_1);
+        Mcl.pow(pk.y_2, pk.g, sk.x_2);
+
+        Mcl.pow(lg.omega_1, lg.y_1, sk.alpha);
+        LM.add(pk, lg);
+    }
+
+    public void Hash(HashValue h, Randomness r, Label L, PublicParam PP, LabelManager LM, PublicKey pk, Fr m) {
+        LM.get(L, pk, G_tmp, Fr_tmp);
+        PP.GP.GetZrElement(r.r);
+        getHashValue(h.S, r, L, PP, pk, m);
+    }
+
+    public boolean Check(HashValue h, Randomness r, PublicParam PP, PublicKey pk, Label L, Fr m) {
+        getHashValue(G_tmp[1], r, L, PP, pk, m);
+        return h.S.equals(G_tmp[1]);
+    }
+
+    public void UForge(Randomness r_p, HashValue h, Randomness r, Label L, PublicParam PP, PublicKey pk, SecretKey sk, Fr m, Fr m_p) {
+        if (!Check(h, r, PP, pk, L, m)) throw new RuntimeException("illegal hash");
+        Mcl.pow(G_tmp[0], L.L, sk.alpha);
+        Mcl.inv(G_tmp[0], G_tmp[0]);
+        Mcl.mul(G_tmp[0], L.R, G_tmp[0]);
+
+        PP.H2(Fr_tmp[0], G_tmp[0]);
+
+        Mcl.pow(G_tmp[0], pk.g, sk.x_1);
+        Mcl.pow(G_tmp[0], G_tmp[0], Fr_tmp[0]);
+        Mcl.mul(Fr_tmp[0], sk.x_1, Fr_tmp[0]);
+        Mcl.pow(G_tmp[0], pk.g, Fr_tmp[0]);
+        if (!G_tmp[0].equals(L.L)) throw new RuntimeException("illegal label");
+
+        PP.H1(Fr_tmp[1], L.L, L.R, L.L);
+        Mcl.mul(Fr_tmp[1], sk.x_2, Fr_tmp[1]);
+        Mcl.add(Fr_tmp[1], Fr_tmp[0], Fr_tmp[1]);
+        Mcl.sub(r_p.r, m, m_p);
+        Mcl.div(r_p.r, r_p.r, Fr_tmp[1]);
+        Mcl.add(r_p.r, r.r, r_p.r);
+    }
+
+    public void IForge(Randomness r_pp, Randomness r, Randomness r_p, Fr m, Fr m_p, Fr m_pp) {
+        Mcl.sub(r_pp.r, r_p.r, r.r);
+        Mcl.sub(Fr_tmp[0], m_p, m_pp);
+        Mcl.mul(r_pp.r, r_pp.r, Fr_tmp[0]);
+        Mcl.sub(Fr_tmp[0], m, m_p);
+        Mcl.div(r_pp.r, r_pp.r, Fr_tmp[0]);
+        Mcl.add(r_pp.r, r_p.r, r_pp.r);
+    }
+}