-
Notifications
You must be signed in to change notification settings - Fork 5
/
boyen.sdl
142 lines (122 loc) · 2.5 KB
/
boyen.sdl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name := boyen
setting := asymmetric
N := 100
l := 2
secparam := 80
# make sure list{G2} is pulled properly in Batcher
BEGIN :: types
g1 := G1
g2 := G2
M := Str
m := ZR
A := G1
B := G1
C := G1
Atlist := list{G2}
Btlist := list{G2}
Ctlist := list{G2}
Alist := list{G1}
Blist := list{G1}
Clist := list{G1}
D := GT
s := list{ZR}
S := list{G1}
t := list{ZR}
result1 := GT
index := Int
END :: types
BEGIN :: precompute
D := e(g1, g2)
m := H(M, ZR)
END :: precompute
constant := list{Atlist, Btlist, Ctlist, g1, g2}
public := list{Atlist, Btlist, Ctlist}
signature := list{S, t}
message := m
# different messages/sigs under different signers (ring)
BEGIN :: count
message_count := N
public_count := l
signature_count := N
END :: count
# m could be a list of messages over l
#verify := {{ prod{y:=0, l} on e(S_y, Atlist_y * (Btlist_y^m_y) * (Ctlist_y^t_y)) } == D}
verify := {{ prod{y:=0, l} on e(S_y, Atlist_y * (Btlist_y^m) * (Ctlist_y^t_y)) } == D}
BEGIN :: func:setup
input := None
g1 := random(G1)
g2 := random(G2)
a0 := random(ZR)
b0 := random(ZR)
c0 := random(ZR)
A0 := g1 ^ a0
B0 := g1 ^ b0
C0 := g1 ^ c0
At0 := g2 ^ a0
Bt0 := g2 ^ b0
Ct0 := g2 ^ c0
mpk := list{A0, B0, C0, At0, Bt0, Ct0}
output := list{mpk, g1, g2}
END :: func:setup
BEGIN :: func:keygen
input := list{g1, g2}
a := random(ZR)
b := random(ZR)
c := random(ZR)
A := g1 ^ a
At := g2 ^ a
B := g1 ^ b
Bt := g2 ^ b
C := g1 ^ c
Ct := g2 ^ c
sk := list{a, b, c}
pk := list{A, B, C, At, Bt, Ct}
output := list{pk, sk}
END :: func:keygen
BEGIN :: func:sign
input := list{g1, Alist, Blist, Clist, sk, M, index}
sk := expand{a, b, c}
prod0 := init(G1)
prod1 := init(G1)
m := H(M, ZR)
BEGIN :: for
for{y := 0, l}
BEGIN :: if
if {y != index}
s#y := random(ZR)
S#y := g1 ^ s#y
END :: if
END :: for
BEGIN :: for
for{y := 0, l}
t#y := random(ZR)
END :: for
prod0 := ((Alist#0 * (Blist#0 ^ m)) * (Clist#0 ^ t#0)) ^ -s#0
BEGIN :: for
for{y := 1, l}
BEGIN :: if
if {y != index}
prod1 := prod1 * ((Alist#y * (Blist#y ^ m#y) * (Clist#y ^ t#y)) ^ -s#y)
END :: if
END :: for
result0 := prod0 * prod1
d := ((a + (b * m)) + (c * t#index))
S#index? := (g1 * result0) ^ (1 / d)
output := list{S, t}
END :: func:sign
BEGIN :: func:verify
input := list{g1, g2, Atlist, Btlist, Ctlist, M, S, t}
D := e(g1, g2)
result1 := init(GT)
m := H(M, ZR)
BEGIN :: for
for{y := 0, l}
result1 := result1 * e(S#y, Atlist#y * (Btlist#y^m) * (Ctlist#y^t#y))
END :: for
BEGIN :: if
if { result1 == D}
output := True
else
output := False
END :: if
END :: func:verify