Add safe keygen

MechFroG88 · MechFroG88 · commit 2ef1d8a488f6 · 2024-03-13T14:51:22.000+08:00
diff --git a/mife/multiclient/damgard.py b/mife/multiclient/damgard.py
@@ -7,7 +7,8 @@
 from mife.data.zmod import Zmod
 from mife.misc.cprf import CPRF
 
-from mife.single.damgard import _FeDamgard_MK, FeDamgard, _FeDamgard_C, _FeDamgard_SK
+from mife.single.damgard import _FeDamgard_MK, FeDamgard, _FeDamgard_C, _FeDamgard_SK, _FeDamgard_SK_Safe
+
 
 # References:
 # https://eprint.iacr.org/2019/487.pdf
@@ -53,6 +54,15 @@ def __init__(self, k: _FeDamgard_SK):
     def export(self):
         pass
 
+
+class _FeDamgardMultiClient_SK_Safe:
+    def __init__(self, k: List[_FeDamgard_SK_Safe]):
+        self.k = k
+
+    def export(self):
+        pass
+
+
 class _FeDamgardMultiClient_C:
     def __init__(self, tag: bytes, c: _FeDamgard_C):
         self.c = c
@@ -61,6 +71,7 @@ def __init__(self, tag: bytes, c: _FeDamgard_C):
     def export(self):
         pass
 
+
 class FeDamgardMultiClient:
 
     @staticmethod
@@ -112,10 +123,36 @@ def decrypt(c: List[_FeDamgardMultiClient_C], pub: _FeDamgardMultiClient_MK,
 
         return discrete_log_bound(actual_cul, pub.ipfe.g, bound)
 
+    @staticmethod
+    def decrypt_safe(c: List[_FeDamgardMultiClient_C], pub: _FeDamgardMultiClient_MK,
+                     sk: _FeDamgardMultiClient_SK_Safe, bound: Tuple[int, int]) -> int:
+
+        for i in range(pub.n):
+            if c[i].tag != c[0].tag:
+                raise Exception("All cipher text must have the same tag")
+
+        actual_cul = pub.ipfe.F.identity()
+        for k in range(pub.n):
+            cul = pub.ipfe.F.identity()
+            for i in range(pub.ipfe.n):
+                cul = cul + sk.k[k].y[i] * c[k].c.c[i]
+            cul = cul - sk.k[k].g_r_sx - sk.k[k].h_r_tx
+            actual_cul = actual_cul + cul
+
+        return discrete_log_bound(actual_cul, pub.ipfe.g, bound)
+
     @staticmethod
     def keygen(y: List[List[int]], key: _FeDamgardMultiClient_MK) -> _FeDamgardMultiClient_SK:
         actual_y = [y[i][j] for i in range(key.n) for j in range(key.m)]
         if len(y) != key.n or len(actual_y) != key.n * key.m:
             raise Exception(f"Function vector must be a {key.n} x {key.m} matrix")
         k = FeDamgard.keygen(actual_y, key.ipfe)
         return _FeDamgardMultiClient_SK(k)
+
+    @staticmethod
+    def keygen_safe(y: List[List[int]], key: _FeDamgardMultiClient_MK, c: List[_FeDamgardMultiClient_C]):
+        actual_y = [y[i][j] for i in range(key.n) for j in range(key.m)]
+        if len(y) != key.n or len(actual_y) != key.n * key.m:
+            raise Exception(f"Function vector must be a {key.n} x {key.m} matrix")
+        k = [FeDamgard.keygen_safe(actual_y, key.ipfe, c[i].c) for i in range(key.n)]
+        return _FeDamgardMultiClient_SK_Safe(k)
diff --git a/mife/multiclient/rom/ddh.py b/mife/multiclient/rom/ddh.py
@@ -87,7 +87,8 @@ def export(self):
             "m": self.m,
             "F": self.F.export(),
             "hash": self.hash.export(),
-            "msk": [[[int(vec2[0]), int(vec2[1])] for vec2 in vec] for vec in self.msk] if self.msk is not None else None
+            "msk": [[[int(vec2[0]), int(vec2[1])] for vec2 in vec] for vec in
+                    self.msk] if self.msk is not None else None
         }
 
 
@@ -132,6 +133,24 @@ def export(self):
         }
 
 
+class _FeDDHMultiClient_SK_Safe:
+    def __init__(self, y: List[List[int]], td: Tuple[int, int]):
+        """
+        Initialize FeDDHMultiClient decryption key
+
+        :param y: Function vector
+        :param td: g1 * <msk, y>, g2 * <msk, y>
+        """
+        self.y = y
+        self.td = td
+
+    def export(self):
+        return {
+            "y": self.y,
+            "d": self.d
+        }
+
+
 class _FeDDHMultiClient_C:
     def __init__(self, tag: bytes, c: List[GroupElem]):
         """
@@ -221,6 +240,26 @@ def decrypt(c: List[_FeDDHMultiClient_C], tag: bytes,
         cul = cul - (sk.d[0] * u1 + sk.d[1] * u2)
         return discrete_log_bound(cul, key.g, bound)
 
+    @staticmethod
+    def decrypt_safe(c: List[_FeDDHMultiClient_C], key: _FeDDHMultiClient_MK, sk: _FeDDHMultiClient_SK_Safe,
+                     bound: Tuple[int, int]) -> int:
+        """
+        Decrypt FeDDHMultiClient cipher text
+
+        :param c: FeDDHMultiClient cipher text
+        :param key: FeDDHMultiClient public key
+        :param sk: FeDDHMultiClient decryption key
+        :param bound: Bound for the discrete log problem
+        :return: Decrypted message
+        """
+        cul = key.F.identity()
+
+        for i in range(key.n):
+            cul = cul + inner_product(c[i].c, sk.y[i], key.F.identity())
+
+        cul = cul - (sk.td[0] + sk.td[1])
+        return discrete_log_bound(cul, key.g, bound)
+
     @staticmethod
     def keygen(y: List[List[int]], key: _FeDDHMultiClient_MK) -> _FeDDHMultiClient_SK:
         """
@@ -244,3 +283,19 @@ def keygen(y: List[List[int]], key: _FeDDHMultiClient_MK) -> _FeDDHMultiClient_S
 
         d = (cul_1, cul_2)
         return _FeDDHMultiClient_SK(y, d)
+
+    @staticmethod
+    def keygen_safe(y: List[List[int]], key: _FeDDHMultiClient_MK, tag: bytes) -> _FeDDHMultiClient_SK_Safe:
+        """
+        Generate a safe FeDDHMultiClient decryption key
+
+        :param y: Function vector
+        :param key: FeDDHMultiClient master key
+        :param tag: Tag for the decryption key
+        :return: FeDDHMultiClient decryption key
+        """
+        normal_key = FeDDHMultiClient.keygen(y, key)
+        u1, u2 = key.hash(tag)
+        u1, u2 = key.g * u1, key.g * u2
+        td = (u1 * normal_key.d[0], u2 * normal_key.d[1])
+        return _FeDDHMultiClient_SK_Safe(y, td)
diff --git a/mife/single/damgard.py b/mife/single/damgard.py
@@ -65,6 +65,27 @@ def export(self):
             "tx": self.tx
         }
 
+class _FeDamgard_SK_Safe:
+    def __init__(self, y: List[int], g_r_sx: GroupElem, h_r_tx: GroupElem):
+        """
+        Initialize FeDamgard decryption key
+
+        :param y: Function vector
+        :param g_r_sx: g * (r + <s, y>)
+        :param h_r_tx: h * (r + <t, y>)
+        """
+        self.y = y
+        self.g_r_sx = g_r_sx
+        self.h_r_tx = h_r_tx
+
+    def export(self):
+        return {
+            "y": self.y,
+            "g_r_sx": self.g_r_sx,
+            "h_r_tx": self.h_r_tx
+        }
+
+
 
 class _FeDamgard_C:
     def __init__(self, g_r: GroupElem, h_r: GroupElem, c: List[GroupElem]):
@@ -145,6 +166,24 @@ def decrypt(c: _FeDamgard_C, pub: _FeDamgard_MK, sk: _FeDamgard_SK, bound: Tuple
         cul = cul - sk.sx * c.g_r - sk.tx * c.h_r
         return discrete_log_bound(cul, pub.g, bound)
 
+    @staticmethod
+    def decrypt_safe(c: _FeDamgard_C, pub: _FeDamgard_MK, sk: _FeDamgard_SK_Safe, bound: Tuple[int, int]):
+        """
+        Decrypt FeDamgard cipher text within a bound using safe key
+
+        :param c: FeDamgard cipher text
+        :param pub: FeDamgard public key
+        :param sk: FeDamgard decryption key
+        :param bound: Bound for discrete logarithm search, the decrypted text should be within the bound
+        :return: Decrypted message
+        """
+        cul = pub.F.identity()
+        for i in range(pub.n):
+            cul = cul + sk.y[i] * c.c[i]
+        cul = cul - sk.g_r_sx - sk.h_r_tx
+        return discrete_log_bound(cul, pub.g, bound)
+
+
     @staticmethod
     def keygen(y: List[int], key: _FeDamgard_MK) -> _FeDamgard_SK:
         """
@@ -161,3 +200,20 @@ def keygen(y: List[int], key: _FeDamgard_MK) -> _FeDamgard_SK:
         sx = inner_product([key.msk[i][0] for i in range(key.n)], y)
         tx = inner_product([key.msk[i][1] for i in range(key.n)], y)
         return _FeDamgard_SK(y, sx, tx)
+
+    @staticmethod
+    def keygen_safe(y: List[int], key: _FeDamgard_MK, c: _FeDamgard_C) -> _FeDamgard_SK_Safe:
+        """
+        Generate FeDamgard safer decryption key
+
+        :param y: Function vector
+        :param key: FeDamgard
+        :param c: FeDamgard cipher text
+        :return: FeDamgard decryption key
+        """
+        normal_key = FeDamgard.keygen(y, key)
+        g_r_sx = c.g_r * normal_key.sx
+        h_r_tx = c.h_r * normal_key.tx
+        return _FeDamgard_SK_Safe(y, g_r_sx, h_r_tx)
+
+
diff --git a/tests/multiclient/rom/test_ddh.py b/tests/multiclient/rom/test_ddh.py
@@ -124,6 +124,27 @@ def test_scheme_5(self):
 
         logging.info(f'FeDDHMultiClient test scheme 5 performance with P192 (n={n},m={m}): {end - start}s')
 
+        expected = 0
+        for i in range(n):
+            expected += sum([a * b for a, b in zip(x[i], y[i])])
+
+        self.assertEqual(expected, res)
+
+    def test_scheme_safe_1(self):
+        start = time.time()
+        n = 25
+        m = 25
+        x = [[i * 10 + j for j in range(m)] for i in range(n)]
+        y = [[i - j - 5 for j in range(m)] for i in range(n)]
+        tag = str(start).encode()
+        key = FeDDHMultiClient.generate(n, m)
+        cs = [FeDDHMultiClient.encrypt(x[i], tag, key.get_enc_key(i)) for i in range(n)]
+        sk = FeDDHMultiClient.keygen_safe(y, key, tag)
+        res = FeDDHMultiClient.decrypt_safe(cs, key.get_public_key(), sk, (-10000000, 10000000))
+        end = time.time()
+
+        logging.info(f'FeDDHMultiClient test scheme 2 performance with Prime Group (n={n},m={m}): {end - start}s')
+
         expected = 0
         for i in range(n):
             expected += sum([a * b for a, b in zip(x[i], y[i])])
diff --git a/tests/multiclient/test_damgard.py b/tests/multiclient/test_damgard.py
@@ -69,3 +69,24 @@ def test_scheme_3(self):
             expected += sum([a * b for a, b in zip(x[i], y[i])])
 
         self.assertEqual(expected, res)
+
+    def test_scheme_safe_1(self):
+        start = time.time()
+        n = 10
+        m = 10
+        x = [[i * 10 + j for j in range(m)] for i in range(n)]
+        y = [[i - j - 5 for j in range(m)] for i in range(n)]
+        tag = str(start).encode()
+        key = FeDamgardMultiClient.generate(n, m)
+        cs = [FeDamgardMultiClient.encrypt(x[i], tag, key.get_enc_key(i), key.get_public_key()) for i in range(n)]
+        sk = FeDamgardMultiClient.keygen_safe(y, key, cs)
+        res = FeDamgardMultiClient.decrypt_safe(cs, key.get_public_key(), sk, (-10000000, 10000000))
+        end = time.time()
+
+        logging.info(f'FeDamgardMultiClient test scheme 2 performance with Prime Group (n={n},m={m}): {end - start}s')
+
+        expected = 0
+        for i in range(n):
+            expected += sum([a * b for a, b in zip(x[i], y[i])])
+
+        self.assertEqual(expected, res)
diff --git a/tests/single/test_damgard.py b/tests/single/test_damgard.py
@@ -66,3 +66,19 @@ def test_scheme_3(self):
         expected = sum([a * b for a, b in zip(x, y)])
         self.assertEqual(expected, m)
 
+    def test_scheme_safe_1(self):
+        start = time.time()
+        n = 20
+        x = [i for i in range(n)]
+        y = [-(i * 10 + 2) for i in range(n)]
+        key = FeDamgard.generate(n)
+        c = FeDamgard.encrypt(x, key)
+        sk = FeDamgard.keygen_safe(y, key, c)
+        m = FeDamgard.decrypt_safe(c, key.get_public_key(), sk, (-100000, 100000))
+        end = time.time()
+
+        logging.info(f'FeDamgard test scheme 2 performance (n={n}): {end - start}s')
+
+        expected = sum([a * b for a, b in zip(x, y)])
+        self.assertEqual(expected, m)
+
