adds additional data support to IBE encryption for replay attack prevention

[alienx5499]

Summary

adds additional data support to IBE encryption for replay attack prevention

Changes

• added h3WithAD() - includes AD in hash when generating r
• added EncryptCCAonG1WithAD() and EncryptCCAonG2WithAD()
• added DecryptCCAonG1WithAD() and DecryptCCAonG2WithAD()

How It Works

// encryption: AD included in commitment
r = H("IBE-H3" || sigma || msg || additionalData)
U = r * P  // different AD = different ciphertext

// decryption: wrong AD fails cryptographically
r' = H("IBE-H3" || sigma || msg || additionalData)
if r' * P != U: error  // rP check fails

Tests

• encryption/decryption with correct AD
• wrong AD rejected (cryptographic failure)
• missing AD rejected
• different AD produces different ciphertexts
• replay attack prevention
• backward compatible (nil AD = original behavior)
• all existing tests pass

Usage

// encrypt with additional context
txHash := []byte("0x1234...")
ct, _ := ibe.EncryptCCAonG1WithAD(suite, pk, id, msg, txHash)

// decrypt with same context - works
pt, _ := ibe.DecryptCCAonG1WithAD(suite, private, ct, txHash)

// decrypt with wrong context - fails
_, err := ibe.DecryptCCAonG1WithAD(suite, private, ct, []byte("wrong"))
// error: "invalid proof: rP check failed"

Related

implements cryptographic approach discussed in:

• Add the possibility to have additional data in commitment tlock#55
• Add additional data support to timelock encryption for replay attack prevention tlock#93

follows Algorithm 1 from https://eprint.iacr.org/2023/189

[alienx5499]

Resolved! Refactored to follow the h3 pattern, core functions now accept optional additionalData parameter, and *WithAD functions are thin wrappers. This eliminates the code duplication as suggested.