summaryrefslogtreecommitdiffstats
path: root/moon-abe/pbc-0.5.14/example/yuanli.c
diff options
context:
space:
mode:
Diffstat (limited to 'moon-abe/pbc-0.5.14/example/yuanli.c')
-rw-r--r--moon-abe/pbc-0.5.14/example/yuanli.c165
1 files changed, 165 insertions, 0 deletions
diff --git a/moon-abe/pbc-0.5.14/example/yuanli.c b/moon-abe/pbc-0.5.14/example/yuanli.c
new file mode 100644
index 00000000..a3606377
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/yuanli.c
@@ -0,0 +1,165 @@
+/* Contributed by Dmitry Kosolapov
+ *
+ * I haven't tested this much, and I'm personally not familiar with
+ * this particular cryptosystem. -Ben Lynn
+ */
+/* Here we represent the original Yuan-Li ID-Based Authenticated Key Agreement Protocol, 2005.
+ * This protocol has 2 stages: Setup and Extract. We represent them inside one code block with demo and time outputs.
+ */
+
+/*Yuan-Li protocol description according to:
+Quan Yuan and Songping Li, A New Efficient ID-Based Authenticated Key Agreement Protocol, Cryptology ePrint Archive, Report 2005/309
+
+SETUP:
+KGS chooses G1, G2, e: G1*G1 -> G2, P, H: {0, 1}* -> G1, s, H - some function for key calculation.
+KGS calculates Ppub = s*P, publishes {G1, G2, e, P, Ppub, H1, H} and saves s as master key.
+
+EXTRACT:
+
+For the user with ID public key can be calculated with Qid = H1(ID). KGS generates bound public key Sid = s*Qid.
+1. A chooses random a from Z_p*, calculates Ta = a*P.
+ A -> B: Ta
+2. B chooses random b from Z_p*, calculates Tb = b*P.
+ B -> A: Tb
+3. A calculates h = a*Tb = a*b*P and shared secret key Kab = e(a*Ppub + Sa, Tb + Qb)
+4. B calculates h = b*Ta = a*b*P and shared secret key Kba = e(Ta + Qa, b*Ppub + Sb)
+Session key is K = H(A, B, h, Kab).
+H was not defined in the original article.
+I've defined it as H(A, B, h, Kab)=e(h,H1(A)+H1(B))+Kab.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double t0, t1;
+ element_t s, a, b, P, Ppub, Qa, Qb, Sa, Sb, Ta, Tb, Kab, Kba, K, temp1,
+ temp2, temp3, temp4, temp5, h;
+
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+
+ element_init_Zr(s, pairing);
+ element_init_Zr(a, pairing);
+ element_init_Zr(b, pairing);
+
+ element_init_G1(P, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(Qa, pairing);
+ element_init_G1(Qb, pairing);
+ element_init_G1(Sa, pairing);
+ element_init_G1(Sb, pairing);
+ element_init_G1(Ta, pairing);
+ element_init_G1(Tb, pairing);
+ element_init_G1(temp1, pairing);
+ element_init_G1(temp2, pairing);
+ element_init_G1(temp3, pairing);
+ element_init_G1(h, pairing);
+
+ element_init_GT(Kab, pairing);
+ element_init_GT(Kba, pairing);
+ element_init_GT(K, pairing);
+ element_init_GT(temp4, pairing);
+ element_init_GT(temp5, pairing);
+
+ printf("Yuan-Li key agreement protocol\n");
+
+ t0 = pbc_get_time();
+
+//Setup, system parameters generation
+ printf("SETUP STAGE\n");
+ element_random(P);
+ element_printf("P = %B\n", P);
+ element_random(s);
+ element_mul_zn(Ppub, P, s);
+ element_printf("Ppub = %B\n", Ppub);
+
+//Extract, key calculation
+ printf("EXTRACT STAGE\n");
+ element_from_hash(Qa, "A", 1);
+ element_from_hash(Qb, "B", 1);
+ element_mul_zn(Sa, Qa, s);
+ element_mul_zn(Sb, Qb, s);
+ element_printf("Sa = %B\n", Sa);
+ element_printf("Sb = %B\n", Sb);
+
+ printf("-----1-----\n");
+
+ element_random(a);
+ element_mul_zn(Ta, P, a);
+ element_printf("A sends B Ta = %B\n", Ta);
+
+ printf("-----2-----\n");
+
+ element_random(b);
+ element_mul_zn(Tb, P, b);
+ element_printf("B sends A Tb = %B\n", Tb);
+
+ printf("-----3-----\n");
+
+ printf("A calculates h and Kab\n");
+ element_mul_zn(h, Tb, a);
+ element_printf("h = %B\n", h);
+ element_mul_zn(temp1, Ppub, a);
+ element_add(temp1, temp1, Sa);
+ element_add(temp2, Tb, Qb);
+ element_pairing(Kab, temp1, temp2);
+ element_printf("Kab = %B\n", Kab);
+
+ printf("-----4-----\n");
+
+ printf("B calculates h and Kba\n");
+ element_mul_zn(h, Ta, b);
+ element_printf("h = %B\n", h);
+ element_add(temp1, Ta, Qa);
+ element_mul_zn(temp2, Ppub, b);
+ element_add(temp2, temp2, Sb);
+ element_pairing(Kba, temp1, temp2);
+ element_printf("Kba = %B\n", Kba);
+
+ printf("-----FINAL-----\n");
+
+ element_add(temp3, Qa, Qb);
+ element_pairing(temp4, h, temp3);
+
+ element_add(K, temp4, Kab);
+ element_printf("A has the key K = %B\n", K);
+ element_set(temp5, K);
+
+ element_add(K, temp4, Kba);
+ element_printf("B has the key K = %B\n", K);
+
+ if (!element_cmp(temp5, K))
+ printf("The keys are the same. Start session...\n");
+ else
+ printf("The keys aren't the same. Try again, please.\n");
+
+ element_clear(K);
+ element_clear(Kab);
+ element_clear(Kba);
+ element_clear(h);
+ element_clear(temp1);
+ element_clear(temp2);
+ element_clear(temp3);
+ element_clear(temp4);
+ element_clear(temp5);
+ element_clear(s);
+ element_clear(a);
+ element_clear(b);
+ element_clear(P);
+ element_clear(Ppub);
+ element_clear(Qa);
+ element_clear(Qb);
+ element_clear(Sa);
+ element_clear(Sb);
+ element_clear(Ta);
+ element_clear(Tb);
+
+ t1 = pbc_get_time();
+
+ printf("All time = %fs\n", t1 - t0);
+ printf("Have a good day!\n");
+
+ return 0;
+}