MAGK3

1.  
2.  
3. def GenerateCurve(k, z):
4.     #p + N + T
5.     p = 4 * z ** 2 + 1
6.     r1 = 4 * z ** 2 - 2 * z + 1
7.     r2 = 4 * z ** 2 + 2 * z + 1
8.     if r1 in Primes():
9.         r = r1
10.         T = 1 + 2 * z
11.     elif r2 in Primes():
12.         r = r2
13.         T = 1 - 2 * z
14.     #discr + j-inv
15.     D = 4 * p - T ** 2
16.     polynomHilb = hilbert_class_polynomial(-D)
17.     K = GF(p)
18.     j_invariants = polynomHilb.roots(K, multiplicities = False)
19.     j = j_invariants[0]
20.     #coefs
21.     A = K(3 * j / (1728 - j))
22.     B = K(2 * j / (1728 - j))
23.     #EC
24.     E = EllipticCurve(K, [A, B])
25.     if E.order() != r:
26.         return 0, 0, 0, 0, 0
27.     KK.<t> = GF(p**k)
28.     Ek = EllipticCurve(KK, [A, B])
29.     if gcd(Ek.order(), r**2) == 1:
30.         return 0, 0, 0, 0, 0
31.     return E, Ek, T, r, j
32.  
33. def CreatePoint(E, ord, flag):
34.     if flag == 0:
35.         point = E.random_point()
36.         while 1:
37.             if point.order() == ord:
38.                 return point
39.             point = E.random_point()
40.     elif flag == 6:
41.         point = E.random_point()
42.         while 1:
43.             if point.order() == ord:
44.                 return point
45.             else:
46.                 point *= E.order() // ord ** 2
47.                 if point.order() == ord:
48.                     return point
49.             point = E.random_point()
50.  
51. def CreateTorsionGroup(P1, P2, r):
52.     tors = list()
53.     for i in range(1, 3):
54.         j = list()
55.         for k in range(1, r):
56.             j.append(i * P1 + k * P2)
57.         tors.append(j)
58.     return tors
59.  
60. def Tate(EK, tors, k, r):
61.     R = tors[0][0]
62.     S = tors[0][1]
63.     T = tors[0][2]
64.     print("R = {}".format(R))
65.     print("S = {}".format(S))
66.     print("T = {}\n".format(T))
67.     RS = R + S
68.     RST1 = RS.tate_pairing(T, r, k)
69.     RT = R.tate_pairing(T, r, k)
70.     ST = S.tate_pairing(T, r, k)
71.     RST2 = RT * ST
72.     print("e(R + S, T) = {}".format(RST1))
73.     print("e(R,T) * e(S, T) = {}".format(RST2))
74.     if RST1 == RST2:
75.         print("Bilinear\n")
76.     P0 = EK([0, 1, 0])
77.     RP = R.tate_pairing(P0, r, k)
78.     PR = P0.tate_pairing(R, r, k)
79.     print("RP: {}".format(PR))
80.     print("PR: {}".format(RP))
81.     if RP == 1 and PR == 1:
82.         print("Non-degeneracy\n")
83.     Z = T.tate_pairing(T, r, k)
84.     print("Value: {}".format(Z))
85.     if Z == 1:
86.         print("Alternating")
87.    
88. def Weil(EK, tors, r):
89.     R = tors[0][1]
90.     S = tors[0][2]
91.     T = tors[0][3]
92.     print("R = {}".format(R))
93.     print("S = {}".format(S))
94.     print("T = {}\n".format(T))
95.     RS = R + S
96.     RST1 = RS.weil_pairing(T, r)
97.     RT = R.weil_pairing(T, r)
98.     ST = S.weil_pairing(T, r)
99.     RST2 = RT * ST
100.     print("e(R+S, T) = {}".format(RST1))
101.     print("e(R, T) * e(S, T) = {}".format(RST2))
102.     if RST1 == RST2:
103.         print("Bilinear\n")
104.     P0 = EK([0, 1, 0])
105.     RP = R.weil_pairing(P0, r)
106.     PR = P0.weil_pairing(R, r)
107.     print("RP: {}".format(PR))
108.     print("PR: {}".format(RP))
109.     if RP == 1 and PR == 1:
110.         print("Non-degeneracy")
111.     Z = T.weil_pairing(T, r)
112.     print("Value: {}".format(Z))
113.     if Z == 1:
114.         print("Alternating")
115.    
116. def Hash(message, i):
117.     s = 0
118.     for m in message:
119.         s = s + ord(m)
120.     return s % i
121.    
122. def func(mes, EK):
123.     p = int(EK.base_field().characteristic())
124.     A = int(EK.a4())
125.     B = int(EK.a6())
126.     for i in range(2, p):
127.         h = Hash(mes, i)
128.         t = kronecker_symbol(h**3 + A*h + B, p)
129.         if t == 1:
130.             var('y')
131.             x = h
132.             E = x**3 + A*x + B == y**2
133.             y_res = E.roots(ring = GF(p), multiplicities = False)
134.             yr = y_res[randint(0, p) % len(y_res)]
135.             try:
136.                 P = EK([h, yr])
137.                 return P
138.             except:
139.                 continue
140.     P0 = EK([0,1,0])
141.     return P0
142.        
143.    
144. def CreateSign(mes, E, tors, r):
145.     print("Create signature for message: {}".format(mes))
146.     res = list()
147.     M = func(mes, E)
148.     a = randint(1, r - 1)
149.     res.append(a * M)
150.     P = tors[0][0]
151.     res.append(a * P)
152.     res.append(P)
153.     print("Signature = {}".format(res[0][0]))
154.     print("Key = {}".format(res[1]))
155.     return res
156.  
157.  
158. def CheckSS(mes, E, r, x, P, T):
159.     print("Check signature for message: {}".format(mes))
160.     p = E.base_field().characteristic()
161.     A = E.a4()
162.     B = E.a6()
163.     try:
164.         y = GF(p)(x ** 3 + A * x + B)
165.         y = GF(p)(sqrt(y))
166.         S = E([x, y, 1])
167.     except:
168.         y = GF(p)(x ** 3 + A * x + B)
169.         y = GF(p)(sqrt(y))
170.         y = GF(p)(-y)
171.         S = E([x, y, 1])
172.     M = func(mes, E)
173.     P1 = P.weil_pairing(S, r)
174.     P2 = T.weil_pairing(M, r)
175.     if P1 == P2 or P1 == P2^(-1):
176.         print("Right signature")
177.     else:
178.         print("Message was changed")
179.  
180. def main():
181.     k = 6
182.     z = 10
183.     E, Ek, T, r, j = GenerateCurve(k, z)
184.     print("z: {}" . format(z))
185.     print("E: {}" . format(E))
186.     print("Ek: {}" . format(Ek))
187.     print("T: {}" . format(T))
188.     print("r: {}" . format(r))
189.     print("j: {}" . format(j))
190.    
191.     #Points for torsion group
192.     P1 = CreatePoint(E, r, 0)
193.     P2 = CreatePoint(Ek, r, 6)
194.     print("P1: {}" . format(P1))
195.     print("P2: {}\n" . format(P2))
196.  
197.     P1 = Ek(list([P1[0], P1[1], P1[2]]))
198.     F.<t> = GF(Ek.base_field().characteristic()).extension(k)
199.     F = Ek.base_field()
200.     P2x = F(P2[0])
201.     P2y = F(P2[1])
202.     P2z = F(P2[2])
203.     P2 = Ek(list([P2x, P2y, P2z]))
204.  
205.     TorsGroup = CreateTorsionGroup(P1, Ek(P2), r)
206.     #print("Tors: {}\n" . format(TorsGroup))
207.     print("Tate pairing:")
208.     Tate(Ek, TorsGroup, k, r)
209.     print("Weil pairing:")
210.     Weil(Ek, TorsGroup, r)
211.     print("Short signature:")
212.     message = "Hello there"
213.     SSResult = CreateSign(message, Ek, TorsGroup, r)
214.     mess = "He"
215.     CheckSS(mess, Ek, r, SSResult[0][0], SSResult[2], SSResult[1])
216. #main
217. main()