Skip to content

Commit fd849ab

Browse files
WCjrCKWCjrCK
committed
add MCL PBCH test
Skip Action
1 parent c36b56f commit fd849ab

38 files changed

Lines changed: 7223 additions & 15 deletions

PBCTest.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
import os
22

33
late = [
4-
# "CH_KEF_NoMH_AM_2004",
5-
"PCHBA_TLL_2020",
64
]
75

86
done = [
@@ -31,6 +29,10 @@
3129

3230
'DPCH_MXN_2022',
3331
'MAPCH_ZLW_2021',
32+
'PCH_DSS_2019',
33+
'PCHBA_TLL_2020',
34+
'RPCH_TMM_2022',
35+
'RPCH_XNM_2021'
3436

3537
] + late
3638

src/main/java/ABE/FAME/MCL.java

Lines changed: 336 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,336 @@
1+
package ABE.FAME;
2+
3+
import com.herumi.mcl.*;
4+
import utils.BooleanFormulaParser;
5+
import utils.Func;
6+
import utils.Hash;
7+
8+
import java.util.HashMap;
9+
10+
/*
11+
* FAME: Fast Attribute-based Message Encryption
12+
* P6. 3 FAME: OUR CP-ABE SCHEME
13+
*/
14+
15+
public class MCL {
16+
public static class PublicParam {
17+
public void H(G1 res, String m) {
18+
Hash.H_MCL_G1_1(res, m);
19+
}
20+
}
21+
22+
public static class MasterPublicKey {
23+
public G1 g = new G1();
24+
public G2 h = new G2(), H_1 = new G2(), H_2 = new G2();
25+
public GT T_1 = new GT(), T_2 = new GT();
26+
}
27+
28+
public static class MasterSecretKey {
29+
public G1 g_d1 = new G1(), g_d2 = new G1(), g_d3 = new G1();
30+
public Fr a_1 = new Fr(), a_2 = new Fr(), b_1 = new Fr(), b_2 = new Fr();
31+
}
32+
33+
public static class SecretKey {
34+
public HashMap<String, Integer> Attr2id;
35+
public BooleanFormulaParser.AttributeList S = new BooleanFormulaParser.AttributeList();
36+
public G1[][] sk_y;
37+
public G1[] sk_p = new G1[]{new G1(), new G1(), new G1()};
38+
public G2[] sk_0 = new G2[]{new G2(), new G2(), new G2()};
39+
40+
public void Init(BooleanFormulaParser.AttributeList S) {
41+
Attr2id = new HashMap<>();
42+
sk_y = new G1[S.attrs.size()][3];
43+
for (int i = 0; i < S.attrs.size(); i++) for (int j = 0;j < 3;++j) sk_y[i][j] = new G1();
44+
this.S.attrs.addAll(S.attrs);
45+
}
46+
47+
public void CopyFrom(SecretKey sk) {
48+
Attr2id = new HashMap<>(sk.Attr2id);
49+
S.CopyFrom(sk.S);
50+
sk_y = new G1[sk.sk_y.length][sk.sk_y[0].length];
51+
for (int i = 0; i < sk.sk_y.length; i++) for (int j = 0;j < sk.sk_y[i].length; ++j) {
52+
sk_y[i][j] = new G1();
53+
Mcl.neg(sk_y[i][j], sk.sk_y[i][j]);
54+
Mcl.neg(sk_y[i][j], sk_y[i][j]);
55+
}
56+
for (int i = 0; i < sk.sk_0.length; i++) {
57+
Mcl.neg(sk_0[i], sk.sk_0[i]);
58+
Mcl.neg(sk_0[i], sk_0[i]);
59+
}
60+
for (int i = 0; i < sk.sk_p.length; i++) {
61+
Mcl.neg(sk_p[i], sk.sk_p[i]);
62+
Mcl.neg(sk_p[i], sk_p[i]);
63+
}
64+
}
65+
}
66+
67+
public static class CipherText {
68+
public G2[] ct_0 = new G2[]{new G2(), new G2(), new G2()};
69+
public G1[][] ct;
70+
public GT ct_p = new GT();
71+
72+
public boolean isEqual(CipherText CT_p) {
73+
if(ct_0.length != CT_p.ct_0.length) return false;
74+
if(ct.length != CT_p.ct.length) return false;
75+
if(ct[0].length != CT_p.ct[0].length) return false;
76+
for(int i = 0; i < ct_0.length; ++i) {
77+
if(!ct_0[i].equals(CT_p.ct_0[i])) return false;
78+
}
79+
for(int i = 0; i < ct.length; ++i) {
80+
for(int j = 0; j < ct[i].length; ++j) {
81+
if(!ct[i][j].equals(CT_p.ct[i][j])) return false;
82+
}
83+
}
84+
return ct_p.equals(CT_p.ct_p);
85+
}
86+
}
87+
88+
public static class PlainText {
89+
public GT m = new GT();
90+
91+
public PlainText() {
92+
Func.GetMCLGTRandomElement(m);
93+
}
94+
95+
public PlainText(GT m) {
96+
this.m = m;
97+
}
98+
99+
public boolean isEqual(PlainText p) {
100+
return m.equals(p.m);
101+
}
102+
}
103+
104+
private final G1[] G1_tmp = new G1[]{new G1(), new G1()};
105+
private final GT[] GT_tmp = new GT[]{new GT(), new GT()};
106+
private final Fr[] Fr_tmp = new Fr[]{new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr(), new Fr()};
107+
108+
public void SetUp(MasterPublicKey mpk, MasterSecretKey msk) {
109+
Func.GetMCLZrRandomElement(Fr_tmp[2]);
110+
Func.GetMCLZrRandomElement(Fr_tmp[3]);
111+
Func.GetMCLZrRandomElement(Fr_tmp[4]);
112+
Fr_tmp[5].setInt(1);
113+
SetUp(mpk, msk, Fr_tmp[2], Fr_tmp[3], Fr_tmp[4], Fr_tmp[5]);
114+
}
115+
116+
public void SetUp(MasterPublicKey mpk, MasterSecretKey msk, Fr d_1, Fr d_2, Fr d_3, Fr alpha) {
117+
Func.GetMCLG2RandomElement(mpk.h);
118+
Func.GetMCLG1RandomElement(mpk.g);
119+
120+
Mcl.pairing(GT_tmp[0], mpk.g, mpk.h);
121+
122+
Func.GetMCLZrRandomElement(msk.a_1);
123+
Func.GetMCLZrRandomElement(msk.a_2);
124+
Func.GetMCLZrRandomElement(msk.b_1);
125+
Func.GetMCLZrRandomElement(msk.b_2);
126+
127+
Mcl.mul(mpk.H_1, mpk.h, msk.a_1);
128+
Mcl.mul(mpk.H_2, mpk.h, msk.a_2);
129+
130+
Mcl.mul(Fr_tmp[0], d_1, msk.a_1);
131+
Mcl.div(Fr_tmp[1], d_3, alpha);
132+
Mcl.add(Fr_tmp[0], Fr_tmp[0], Fr_tmp[1]);
133+
Mcl.pow(mpk.T_1, GT_tmp[0], Fr_tmp[0]);
134+
Mcl.mul(Fr_tmp[0], d_2, msk.a_2);
135+
Mcl.add(Fr_tmp[0], Fr_tmp[0], Fr_tmp[1]);
136+
Mcl.pow(mpk.T_2, GT_tmp[0], Fr_tmp[0]);
137+
138+
Mcl.mul(msk.g_d1, mpk.g, d_1);
139+
Mcl.mul(msk.g_d2, mpk.g, d_2);
140+
Mcl.mul(msk.g_d3, mpk.g, d_3);
141+
}
142+
143+
public void KeyGen(SecretKey sk, PublicParam SP, MasterPublicKey mpk, MasterSecretKey msk, BooleanFormulaParser.AttributeList S) {
144+
Func.GetMCLZrRandomElement(Fr_tmp[9]);
145+
Func.GetMCLZrRandomElement(Fr_tmp[10]);
146+
Fr_tmp[11].setInt(1);
147+
KeyGen(sk, SP, mpk, msk, S, Fr_tmp[9], Fr_tmp[10], Fr_tmp[11]);
148+
}
149+
150+
public void KeyGen(SecretKey sk, PublicParam SP, MasterPublicKey mpk, MasterSecretKey msk, BooleanFormulaParser.AttributeList S, Fr r_1, Fr r_2, Fr alpha) {
151+
sk.Init(S);
152+
153+
Mcl.mul(Fr_tmp[0], msk.b_1, r_1);
154+
Mcl.mul(sk.sk_0[0], mpk.h, Fr_tmp[0]);
155+
Mcl.div(Fr_tmp[1], Fr_tmp[0], msk.a_2);
156+
Mcl.div(Fr_tmp[0], Fr_tmp[0], msk.a_1);
157+
158+
Mcl.mul(Fr_tmp[2], msk.b_2, r_2);
159+
Mcl.mul(sk.sk_0[1], mpk.h, Fr_tmp[2]);
160+
Mcl.div(Fr_tmp[3], Fr_tmp[2], msk.a_2);
161+
Mcl.div(Fr_tmp[2], Fr_tmp[2], msk.a_1);
162+
163+
Mcl.add(Fr_tmp[4], r_1, r_2);
164+
Mcl.div(Fr_tmp[5], Fr_tmp[4], alpha);
165+
Mcl.mul(sk.sk_0[2], mpk.h, Fr_tmp[5]);
166+
167+
Mcl.mul(Fr_tmp[5], alpha, msk.a_1);
168+
Mcl.mul(Fr_tmp[6], alpha, msk.a_2);
169+
170+
Mcl.div(Fr_tmp[8], Fr_tmp[4], Fr_tmp[5]);
171+
Mcl.div(Fr_tmp[10], Fr_tmp[4], Fr_tmp[6]);
172+
173+
int i = 0;
174+
for(String y : S.attrs) {
175+
sk.Attr2id.put(y, i);
176+
Func.GetMCLZrRandomElement(Fr_tmp[7]);
177+
Mcl.div(Fr_tmp[9], Fr_tmp[7], Fr_tmp[5]);
178+
Mcl.div(Fr_tmp[11], Fr_tmp[7], Fr_tmp[6]);
179+
180+
SP.H(sk.sk_y[i][0], y + "11");
181+
Mcl.mul(sk.sk_y[i][0], sk.sk_y[i][0], Fr_tmp[0]);
182+
SP.H(G1_tmp[0], y + "21");
183+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[2]);
184+
Mcl.add(sk.sk_y[i][0], sk.sk_y[i][0], G1_tmp[0]);
185+
SP.H(G1_tmp[0], y + "31");
186+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[8]);
187+
Mcl.add(sk.sk_y[i][0], sk.sk_y[i][0], G1_tmp[0]);
188+
Mcl.mul(G1_tmp[0], mpk.g, Fr_tmp[9]);
189+
Mcl.add(sk.sk_y[i][0], sk.sk_y[i][0], G1_tmp[0]);
190+
191+
SP.H(sk.sk_y[i][1], y + "12");
192+
Mcl.mul(sk.sk_y[i][1], sk.sk_y[i][1], Fr_tmp[1]);
193+
SP.H(G1_tmp[0], y + "22");
194+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[3]);
195+
Mcl.add(sk.sk_y[i][1], sk.sk_y[i][1], G1_tmp[0]);
196+
SP.H(G1_tmp[0], y + "32");
197+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[10]);
198+
Mcl.add(sk.sk_y[i][1], sk.sk_y[i][1], G1_tmp[0]);
199+
Mcl.mul(G1_tmp[0], mpk.g, Fr_tmp[11]);
200+
Mcl.add(sk.sk_y[i][1], sk.sk_y[i][1], G1_tmp[0]);
201+
202+
Mcl.neg(Fr_tmp[7], Fr_tmp[7]);
203+
Mcl.mul(sk.sk_y[i][2], mpk.g, Fr_tmp[7]);
204+
++i;
205+
}
206+
207+
Func.GetMCLZrRandomElement(Fr_tmp[7]);
208+
Mcl.div(Fr_tmp[9], Fr_tmp[7], Fr_tmp[5]);
209+
Mcl.div(Fr_tmp[11], Fr_tmp[7], Fr_tmp[6]);
210+
211+
SP.H(sk.sk_p[0], "0111");
212+
Mcl.mul(sk.sk_p[0], sk.sk_p[0], Fr_tmp[0]);
213+
SP.H(G1_tmp[0], "0121");
214+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[2]);
215+
Mcl.add(sk.sk_p[0], sk.sk_p[0], G1_tmp[0]);
216+
SP.H(G1_tmp[0], "0131");
217+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[8]);
218+
Mcl.add(sk.sk_p[0], sk.sk_p[0], G1_tmp[0]);
219+
Mcl.mul(G1_tmp[0], mpk.g, Fr_tmp[9]);
220+
Mcl.add(sk.sk_p[0], sk.sk_p[0], G1_tmp[0]);
221+
Mcl.add(sk.sk_p[0], msk.g_d1, sk.sk_p[0]);
222+
223+
SP.H(sk.sk_p[1], "0112");
224+
Mcl.mul(sk.sk_p[1], sk.sk_p[1], Fr_tmp[1]);
225+
SP.H(G1_tmp[0], "0122");
226+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[3]);
227+
Mcl.add(sk.sk_p[1], sk.sk_p[1], G1_tmp[0]);
228+
SP.H(G1_tmp[0], "0132");
229+
Mcl.mul(G1_tmp[0], G1_tmp[0], Fr_tmp[10]);
230+
Mcl.add(sk.sk_p[1], sk.sk_p[1], G1_tmp[0]);
231+
Mcl.mul(G1_tmp[0], mpk.g, Fr_tmp[11]);
232+
Mcl.add(sk.sk_p[1], sk.sk_p[1], G1_tmp[0]);
233+
Mcl.add(sk.sk_p[1], msk.g_d2, sk.sk_p[1]);
234+
235+
Mcl.mul(sk.sk_p[2], mpk.g, Fr_tmp[7]);
236+
Mcl.sub(sk.sk_p[2], msk.g_d3, sk.sk_p[2]);
237+
}
238+
239+
public void Encrypt(CipherText CT, PublicParam SP, MasterPublicKey mpk, base.LSSS.MCL.Matrix MSP, PlainText PT) {
240+
Func.GetMCLZrRandomElement(Fr_tmp[1]);
241+
Func.GetMCLZrRandomElement(Fr_tmp[2]);
242+
Encrypt(CT, SP, mpk, MSP, PT, Fr_tmp[1], Fr_tmp[2]);
243+
}
244+
245+
public void Encrypt(CipherText CT, PublicParam SP, MasterPublicKey mpk, base.LSSS.MCL.Matrix MSP, PlainText PT, Fr s_1, Fr s_2) {
246+
Mcl.mul(CT.ct_0[0], mpk.H_1, s_1);
247+
Mcl.mul(CT.ct_0[1], mpk.H_2, s_2);
248+
Mcl.add(Fr_tmp[0], s_1, s_2);
249+
Mcl.mul(CT.ct_0[2], mpk.h, Fr_tmp[0]);
250+
251+
Mcl.pow(CT.ct_p, mpk.T_1, s_1);
252+
Mcl.pow(GT_tmp[0], mpk.T_2, s_2);
253+
Mcl.mul(CT.ct_p, CT.ct_p, GT_tmp[0]);
254+
Mcl.mul(CT.ct_p, CT.ct_p, PT.m);
255+
256+
int n1 = MSP.M.length, n2 = MSP.M[0].length;
257+
CT.ct = new G1[n1][3];
258+
for (int i = 0;i < n1;i++) for (int j = 0;j < 3;j++) CT.ct[i][j] = new G1();
259+
260+
G1[][] Hjl = new G1[n2][3];
261+
for(int l = 1;l <= 3;++l) {
262+
for (int j = 1; j <= n2; ++j) {
263+
Hjl[j - 1][l - 1] = new G1();
264+
SP.H(Hjl[j - 1][l - 1], String.format("0%d%d1", j, l));
265+
Mcl.mul(Hjl[j - 1][l - 1], Hjl[j - 1][l - 1], s_1);
266+
SP.H(G1_tmp[0], String.format("0%d%d2", j, l));
267+
Mcl.mul(G1_tmp[0], G1_tmp[0], s_2);
268+
Mcl.add(Hjl[j - 1][l - 1], Hjl[j - 1][l - 1], G1_tmp[0]);
269+
}
270+
}
271+
272+
for(int i = 0; i < n1; ++i) {
273+
for(int l = 1;l <= 3;++l) {
274+
SP.H(CT.ct[i][l - 1], String.format("%s%d1", MSP.policy[i], l));
275+
Mcl.mul(CT.ct[i][l - 1], CT.ct[i][l - 1], s_1);
276+
SP.H(G1_tmp[0], String.format("%s%d2", MSP.policy[i], l));
277+
Mcl.mul(G1_tmp[0], G1_tmp[0], s_2);
278+
Mcl.add(CT.ct[i][l - 1], CT.ct[i][l - 1], G1_tmp[0]);
279+
280+
for(int j = 1; j <= n2; ++j) {
281+
Mcl.mul(G1_tmp[0], Hjl[j - 1][l - 1], MSP.M[i][j - 1]);
282+
Mcl.add(CT.ct[i][l - 1], CT.ct[i][l - 1], G1_tmp[0]);
283+
}
284+
}
285+
}
286+
}
287+
288+
public void Decrypt(PlainText PT, base.LSSS.MCL.Matrix MSP, CipherText CT, SecretKey sk) {
289+
base.LSSS.MCL.Matrix.Vector gamma = new base.LSSS.MCL.Matrix.Vector();
290+
MSP.Solve(gamma, sk.S);
291+
292+
for(int t = 0;t < 3;++t) {
293+
boolean fir = true;
294+
for(int i = 0;i < CT.ct.length;++i) {
295+
if(sk.Attr2id.get(MSP.policy[i]) == null) continue;
296+
if (fir) {
297+
fir = false;
298+
Mcl.mul(G1_tmp[0], sk.sk_y[sk.Attr2id.get(MSP.policy[i])][t], gamma.v[i]);
299+
} else {
300+
Mcl.mul(G1_tmp[1], sk.sk_y[sk.Attr2id.get(MSP.policy[i])][t], gamma.v[i]);
301+
Mcl.add(G1_tmp[0], G1_tmp[0], G1_tmp[1]);
302+
}
303+
}
304+
Mcl.add(G1_tmp[0], sk.sk_p[t], G1_tmp[0]);
305+
if (t == 0) Mcl.pairing(GT_tmp[0], G1_tmp[0], CT.ct_0[t]);
306+
else {
307+
Mcl.pairing(GT_tmp[1], G1_tmp[0], CT.ct_0[t]);
308+
Mcl.mul(GT_tmp[0], GT_tmp[0], GT_tmp[1]);
309+
}
310+
}
311+
312+
Mcl.inv(PT.m, GT_tmp[0]);
313+
314+
for(int t = 0;t < 3;++t) {
315+
boolean fir = true;
316+
for(int i = 0;i < CT.ct.length;++i) {
317+
if (fir) {
318+
Mcl.mul(G1_tmp[0], CT.ct[i][t], gamma.v[i]);
319+
fir = false;
320+
} else {
321+
Mcl.mul(G1_tmp[1], CT.ct[i][t], gamma.v[i]);
322+
Mcl.add(G1_tmp[0], G1_tmp[0], G1_tmp[1]);
323+
}
324+
}
325+
if (t == 0) Mcl.pairing(GT_tmp[0], G1_tmp[0], sk.sk_0[t]);
326+
else {
327+
Mcl.pairing(GT_tmp[1], G1_tmp[0], sk.sk_0[t]);
328+
Mcl.mul(GT_tmp[0], GT_tmp[0], GT_tmp[1]);
329+
}
330+
}
331+
332+
Mcl.mul(GT_tmp[0], CT.ct_p, GT_tmp[0]);
333+
334+
Mcl.mul(PT.m, GT_tmp[0], PT.m);
335+
}
336+
}

0 commit comments

Comments
 (0)