Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 31 additions & 3 deletions src/ibe/boyen_waters.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use crate::{ibe::IBE, Compress};
use arrayref::{array_refs, mut_array_refs};
use pg_curve::{multi_miller_loop, pairing, G1Affine, G2Affine, G2Prepared, Scalar};
use rand::{CryptoRng, Rng};
use subtle::CtOption;
use subtle::{Choice, ConstantTimeEq, CtOption};

#[allow(unused_imports)]
use group::Group;
Expand Down Expand Up @@ -49,7 +49,7 @@ pub struct PublicKey {
}

/// Secret key parameter generated by the PKG used to extract user secret keys.
#[derive(Debug, Clone, Copy, PartialEq)]
#[derive(Debug, Clone, Copy)]
pub struct SecretKey {
alpha: Scalar,
t1: Scalar,
Expand All @@ -58,12 +58,40 @@ pub struct SecretKey {
t4: Scalar,
}

impl ConstantTimeEq for SecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.alpha.ct_eq(&other.alpha)
& self.t1.ct_eq(&other.t1)
& self.t2.ct_eq(&other.t2)
& self.t3.ct_eq(&other.t3)
& self.t4.ct_eq(&other.t4)
}
}

impl PartialEq for SecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Points on the paired curves that form the user secret key.
#[derive(Debug, Clone, Copy, PartialEq)]
#[derive(Debug, Clone, Copy)]
pub struct UserSecretKey {
d: [G2Affine; 5],
}

impl ConstantTimeEq for UserSecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.d[..].ct_eq(&other.d[..])
}
}

impl PartialEq for UserSecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Encrypted message. Can only be decrypted with an user secret key.
#[derive(Debug, Clone, Copy, PartialEq)]
pub struct CipherText {
Expand Down
30 changes: 27 additions & 3 deletions src/ibe/waters.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use crate::{ibe::IBE, Compress, Derive};
use arrayref::{array_mut_ref, array_ref, array_refs, mut_array_refs};
use pg_curve::{multi_miller_loop, G1Affine, G1Projective, G2Affine, G2Prepared, Gt, Scalar};
use rand::{CryptoRng, Rng};
use subtle::{Choice, ConditionallySelectable, CtOption};
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};

#[allow(unused_imports)]
use group::Group;
Expand Down Expand Up @@ -48,18 +48,42 @@ pub struct PublicKey {
}

/// Secret key parameter generated by the PKG used to extract user secret keys.
#[derive(Debug, Clone, Copy, PartialEq)]
#[derive(Debug, Clone, Copy)]
pub struct SecretKey {
g1prime: G1Affine,
}

impl ConstantTimeEq for SecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.g1prime.ct_eq(&other.g1prime)
}
}

impl PartialEq for SecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Points on the paired curves that form the user secret key.
#[derive(Debug, Clone, Copy, PartialEq)]
#[derive(Debug, Clone, Copy)]
pub struct UserSecretKey {
d1: G1Affine,
d2: G2Affine,
}

impl ConstantTimeEq for UserSecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.d1.ct_eq(&other.d1) & self.d2.ct_eq(&other.d2)
}
}

impl PartialEq for UserSecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Field parameters for an identity.
///
/// Effectively a hash of an identity, mapped to the curve field.
Expand Down
30 changes: 27 additions & 3 deletions src/ibe/waters_naccache.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use crate::{ibe::IBE, Compress, Derive};
use arrayref::{array_mut_ref, array_ref, array_refs, mut_array_refs};
use pg_curve::{multi_miller_loop, G1Affine, G2Affine, G2Prepared, G2Projective, Gt, Scalar};
use rand::{CryptoRng, Rng};
use subtle::{Choice, ConditionallySelectable, CtOption};
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};

#[allow(unused_imports)]
use group::Group;
Expand Down Expand Up @@ -58,18 +58,42 @@ pub struct PublicKey {
pub struct Identity([Scalar; CHUNKS]);

/// Secret key parameter generated by the PKG used to extract user secret keys.
#[derive(Clone, Copy, Debug, PartialEq)]
#[derive(Clone, Copy, Debug)]
pub struct SecretKey {
g2prime: G2Affine,
}

impl ConstantTimeEq for SecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.g2prime.ct_eq(&other.g2prime)
}
}

impl PartialEq for SecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Points on the paired curves that form the user secret key.
#[derive(Clone, Copy, Debug, PartialEq)]
#[derive(Clone, Copy, Debug)]
pub struct UserSecretKey {
d1: G2Affine,
d2: G1Affine,
}

impl ConstantTimeEq for UserSecretKey {
fn ct_eq(&self, other: &Self) -> Choice {
self.d1.ct_eq(&other.d1) & self.d2.ct_eq(&other.d2)
}
}

impl PartialEq for UserSecretKey {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Encrypted message. Can only be decrypted with an user secret key.
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct CipherText {
Expand Down
15 changes: 14 additions & 1 deletion src/kem/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ use crate::{Compress, Derive};
use core::ops::BitXorAssign;
use pg_curve::Gt;
use rand::{CryptoRng, Rng};
use subtle::{Choice, ConstantTimeEq};

/// Size of the shared secret in bytes.
pub const SS_BYTES: usize = 32;
Expand All @@ -34,9 +35,21 @@ pub const SS_BYTES: usize = 32;
///
/// This shared secret has roughly a 127 bits of security.
/// This is due to the fact that BLS12-381 targets this security level (optimistically).
#[derive(Clone, Copy, Debug, PartialEq)]
#[derive(Clone, Copy, Debug)]
pub struct SharedSecret(pub [u8; SS_BYTES]);

impl ConstantTimeEq for SharedSecret {
fn ct_eq(&self, other: &Self) -> Choice {
self.0.ct_eq(&other.0)
}
}

impl PartialEq for SharedSecret {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).into()
}
}

/// Uses SHAKE256 to derive a 32-byte shared secret from a target group element.
///
/// Internally compresses the target group element to byte representation.
Expand Down
Loading