aboutsummaryrefslogtreecommitdiffstats
path: root/moon-abe/pbc-0.5.14/example
diff options
context:
space:
mode:
Diffstat (limited to 'moon-abe/pbc-0.5.14/example')
-rw-r--r--moon-abe/pbc-0.5.14/example/Makefile.am16
-rw-r--r--moon-abe/pbc-0.5.14/example/bls.c133
-rw-r--r--moon-abe/pbc-0.5.14/example/hess.c109
-rw-r--r--moon-abe/pbc-0.5.14/example/joux.c80
-rw-r--r--moon-abe/pbc-0.5.14/example/paterson.c114
-rw-r--r--moon-abe/pbc-0.5.14/example/yuanli.c165
-rw-r--r--moon-abe/pbc-0.5.14/example/zhangkim.c139
-rw-r--r--moon-abe/pbc-0.5.14/example/zss.c70
8 files changed, 826 insertions, 0 deletions
diff --git a/moon-abe/pbc-0.5.14/example/Makefile.am b/moon-abe/pbc-0.5.14/example/Makefile.am
new file mode 100644
index 00000000..a1b60dbc
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/Makefile.am
@@ -0,0 +1,16 @@
+CLEANFILES = *~
+maintainer-clean-local:
+ -rm -rf Makefile.in
+
+AM_CPPFLAGS = -I../include
+LDADD = ../libpbc.la -lgmp
+
+noinst_PROGRAMS = bls hess joux paterson yuanli zhangkim zss
+
+bls_SOURCES = bls.c
+hess_SOURCES = hess.c
+joux_SOURCES = joux.c
+paterson_SOURCES = paterson.c
+yuanli_SOURCES = yuanli.c
+zhangkim_SOURCES = zhangkim.c
+zss_SOURCES = zss.c
diff --git a/moon-abe/pbc-0.5.14/example/bls.c b/moon-abe/pbc-0.5.14/example/bls.c
new file mode 100644
index 00000000..8b62a097
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/bls.c
@@ -0,0 +1,133 @@
+// Boneh-Lynn-Shacham short signatures demo.
+//
+// See the PBC_sig library for a practical implementation.
+//
+// Ben Lynn
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ element_t g, h;
+ element_t public_key, sig;
+ element_t secret_key;
+ element_t temp1, temp2;
+
+ pbc_demo_pairing_init(pairing, argc, argv);
+
+ element_init_G2(g, pairing);
+ element_init_G2(public_key, pairing);
+ element_init_G1(h, pairing);
+ element_init_G1(sig, pairing);
+ element_init_GT(temp1, pairing);
+ element_init_GT(temp2, pairing);
+ element_init_Zr(secret_key, pairing);
+
+ printf("Short signature test\n");
+
+ //generate system parameters
+ element_random(g);
+ element_printf("system parameter g = %B\n", g);
+
+ //generate private key
+ element_random(secret_key);
+ element_printf("private key = %B\n", secret_key);
+
+ //compute corresponding public key
+ element_pow_zn(public_key, g, secret_key);
+ element_printf("public key = %B\n", public_key);
+
+ //generate element from a hash
+ //for toy pairings, should check that pairing(g, h) != 1
+ element_from_hash(h, "hashofmessage", 13);
+ element_printf("message hash = %B\n", h);
+
+ //h^secret_key is the signature
+ //in real life: only output the first coordinate
+ element_pow_zn(sig, h, secret_key);
+ element_printf("signature = %B\n", sig);
+
+ {
+ int n = pairing_length_in_bytes_compressed_G1(pairing);
+ //int n = element_length_in_bytes_compressed(sig);
+ int i;
+ unsigned char *data = pbc_malloc(n);
+
+ element_to_bytes_compressed(data, sig);
+ printf("compressed = ");
+ for (i = 0; i < n; i++) {
+ printf("%02X", data[i]);
+ }
+ printf("\n");
+
+ element_from_bytes_compressed(sig, data);
+ element_printf("decompressed = %B\n", sig);
+
+ pbc_free(data);
+ }
+
+ //verification part 1
+ element_pairing(temp1, sig, g);
+ element_printf("f(sig, g) = %B\n", temp1);
+
+ //verification part 2
+ //should match above
+ element_pairing(temp2, h, public_key);
+ element_printf("f(message hash, public_key) = %B\n", temp2);
+
+ if (!element_cmp(temp1, temp2)) {
+ printf("signature verifies\n");
+ } else {
+ printf("*BUG* signature does not verify *BUG*\n");
+ }
+
+ {
+ int n = pairing_length_in_bytes_x_only_G1(pairing);
+ //int n = element_length_in_bytes_x_only(sig);
+ int i;
+ unsigned char *data = pbc_malloc(n);
+
+ element_to_bytes_x_only(data, sig);
+ printf("x-coord = ");
+ for (i = 0; i < n; i++) {
+ printf("%02X", data[i]);
+ }
+ printf("\n");
+
+ element_from_bytes_x_only(sig, data);
+ element_printf("de-x-ed = %B\n", sig);
+
+ element_pairing(temp1, sig, g);
+ if (!element_cmp(temp1, temp2)) {
+ printf("signature verifies on first guess\n");
+ } else {
+ element_invert(temp1, temp1);
+ if (!element_cmp(temp1, temp2)) {
+ printf("signature verifies on second guess\n");
+ } else {
+ printf("*BUG* signature does not verify *BUG*\n");
+ }
+ }
+
+ pbc_free(data);
+ }
+
+ //a random signature shouldn't verify
+ element_random(sig);
+ element_pairing(temp1, sig, g);
+ if (element_cmp(temp1, temp2)) {
+ printf("random signature doesn't verify\n");
+ } else {
+ printf("*BUG* random signature verifies *BUG*\n");
+ }
+
+ element_clear(sig);
+ element_clear(public_key);
+ element_clear(secret_key);
+ element_clear(g);
+ element_clear(h);
+ element_clear(temp1);
+ element_clear(temp2);
+ pairing_clear(pairing);
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/hess.c b/moon-abe/pbc-0.5.14/example/hess.c
new file mode 100644
index 00000000..8d5a437e
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/hess.c
@@ -0,0 +1,109 @@
+/*
+ Hess ID-based signature.
+ Based on papers "F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. SAC 2002, LNCS 2595, Springer-Verlag, 2000"
+ Contributed by Dmitry Kosolapov.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double time1, time2;
+ pbc_demo_pairing_init(pairing, argc, argv);
+
+ element_t Qid, P, P1, Ppub, s, k, Did, r, v, u, t1, t3, t4, t5, t6, t7, t8;
+ mpz_t t2;
+
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+
+ mpz_init(t2);
+ element_init_G1(P, pairing);
+ element_init_G1(P1, pairing);
+ element_init_G1(Qid, pairing);
+ element_init_G1(Did, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(t4, pairing);
+ element_init_G1(t5, pairing);
+ element_init_G1(u, pairing);
+
+ element_init_Zr(s, pairing);
+ element_init_Zr(k, pairing);
+ element_init_Zr(v, pairing);
+ element_init_Zr(t3, pairing);
+ element_init_Zr(t8, pairing);
+
+ element_init_GT(r, pairing);
+ element_init_GT(t1, pairing);
+ element_init_GT(t6, pairing);
+ element_init_GT(t7, pairing);
+
+ time1 = pbc_get_time();
+ printf("Hess ID-based signature protocol\n");
+ printf("KEYGEN\n");
+ element_random(P);
+ element_random(s);
+ element_random(Qid);
+ element_mul_zn(Ppub, P, s);
+ element_mul_zn(Did, Qid, s);
+ element_printf("Qid = %B\n", Qid);
+ element_printf("P = %B\n", P);
+ element_printf("Ppub = %B\n", Ppub);
+
+ printf("SIGN\n");
+ element_random(P1);
+ element_random(k);
+ element_pairing(t1, P1, P);
+ element_pow_zn(r, t1, k);
+ element_to_mpz(t2, r);
+
+ //h3=h(m)*mpz(r);
+ element_from_hash(t3, "Message", 7);
+ element_mul_mpz(v, t3, t2);
+ element_mul_zn(t4, Did, v);
+ element_mul_zn(t5, P1, k);
+ element_add(u, t4, t5);
+ printf("Signature of message \"Message\" is:\n");
+ element_printf("u = %B\n", u);
+ element_printf("v = %B\n", v);
+
+ printf("VERIFY\n");
+ element_pairing(t6, u, P);
+ element_neg(Ppub, Ppub);
+ element_pairing(t7, Qid, Ppub);
+ element_pow_zn(t7, t7, v);
+ element_mul(r, t6, t7);
+ element_to_mpz(t2, r);
+ element_from_hash(t3, "Message", 7);
+ element_mul_mpz(t8, t3, t2);
+ element_printf("h3(m,r) = %B\n", t8);
+ element_printf("v = %B\n", v);
+ if (!element_cmp(t8, v)) {
+ printf("Signature is valid!\n");
+ } else {
+ printf("Signature is invalid!\n");
+ }
+ time2 = pbc_get_time();
+ printf("All time = %fs\n", time2 - time1);
+
+ element_clear(P);
+ element_clear(P1);
+ element_clear(Qid);
+ element_clear(Did);
+ element_clear(Ppub);
+ element_clear(t4);
+ element_clear(t5);
+ element_clear(u);
+ element_clear(s);
+ element_clear(k);
+ element_clear(v);
+ element_clear(t3);
+ element_clear(t8);
+ element_clear(r);
+ element_clear(t1);
+ element_clear(t6);
+ element_clear(t7);
+ pairing_clear(pairing);
+
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/joux.c b/moon-abe/pbc-0.5.14/example/joux.c
new file mode 100644
index 00000000..4c7a46b9
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/joux.c
@@ -0,0 +1,80 @@
+/*
+ Joux one round protocol for tripartite Diffie-Hellman
+ Based on papers "A. Joux. A One Round Protocol for Tripartie Diffie-Hellman. Proceedings of ANTS 4. LNCS 1838, pp. 385-394, 2000."
+ Contributed by Dmitry Kosolapov.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double time1, time2;
+ element_t P, a, b, c, Ka, Kb, Kc, t1, t2, t3, t4, t5, t6;
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+
+ element_init_G1(P, pairing);
+ element_init_G1(t1, pairing);
+ element_init_G1(t2, pairing);
+ element_init_G1(t3, pairing);
+
+ element_init_Zr(a, pairing);
+ element_init_Zr(b, pairing);
+ element_init_Zr(c, pairing);
+
+ element_init_GT(t4, pairing);
+ element_init_GT(t5, pairing);
+ element_init_GT(t6, pairing);
+ element_init_GT(Ka, pairing);
+ element_init_GT(Kb, pairing);
+ element_init_GT(Kc, pairing);
+
+ time1 = pbc_get_time();
+ printf("Joux key agreement between A, B and C.\n");
+ element_random(P);
+ element_random(a);
+ element_random(b);
+ element_random(c);
+ element_mul_zn(t1, P, a);
+ printf("A sends B and C: aP\n");
+ element_printf("aP = %B\n", t1);
+ element_mul_zn(t2, P, b);
+ printf("B sends A and C: bP\n");
+ element_printf("bP = %B\n", t2);
+ element_mul_zn(t3, P, c);
+ printf("C sends A and B: cP\n");
+ element_printf("cP = %B\n", t3);
+
+ element_pairing(t4, t2, t3);
+ element_pow_zn(Ka, t4, a);
+ element_printf("Ka = %B\n", Ka);
+ element_pairing(t5, t1, t3);
+ element_pow_zn(Kb, t5, b);
+ element_printf("Kb = %B\n", Kb);
+ element_pairing(t6, t1, t2);
+ element_pow_zn(Kc, t6, c);
+ element_printf("Kc = %B\n", Kc);
+
+ printf("Shared key K = Ka = Kb = Kc\n");
+ time2 = pbc_get_time();
+ printf("All time = %fs\n", time2 - time1);
+
+
+ element_clear(P);
+ element_clear(a);
+ element_clear(b);
+ element_clear(c);
+ element_clear(Ka);
+ element_clear(Kb);
+ element_clear(Kc);
+ element_clear(t1);
+ element_clear(t2);
+ element_clear(t3);
+ element_clear(t4);
+ element_clear(t5);
+ element_clear(t6);
+ pairing_clear(pairing);
+
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/paterson.c b/moon-abe/pbc-0.5.14/example/paterson.c
new file mode 100644
index 00000000..4e21fc9f
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/paterson.c
@@ -0,0 +1,114 @@
+/*
+ Paterson ID-based signature.
+ Based on papers "K. G. Paterson. ID-Based Signatures from Pairings on Elliptic Curvers. Electron. Lett., Vol. 38". Available at http://eprint.iacr.org/2002/004."
+ Contributed by Dmitry Kosolapov.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double time1, time2;
+ element_t Ppub, s, P, R, k, S, Did, Qid, t1, t2, t4, t5, t6, t7, t8,
+ t9, t10, t11;
+ mpz_t t3;
+ mpz_init(t3);
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+
+ element_init_G1(P, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(Qid, pairing);
+ element_init_G1(Did, pairing);
+ element_init_G1(R, pairing);
+ element_init_G1(S, pairing);
+ element_init_G1(t2, pairing);
+ element_init_G1(t4, pairing);
+ element_init_G1(t5, pairing);
+ element_init_G1(t7, pairing);
+
+ element_init_Zr(s, pairing);
+ element_init_Zr(k, pairing);
+ element_init_Zr(t1, pairing);
+
+ element_init_GT(t6, pairing);
+ element_init_GT(t8, pairing);
+ element_init_GT(t9, pairing);
+ element_init_GT(t10, pairing);
+ element_init_GT(t11, pairing);
+
+ time1 = pbc_get_time();
+ printf("Paterson ID-based signature.\n");
+ printf("KEYGEN\n");
+ element_random(P);
+ element_random(s);
+ element_mul_zn(Ppub, P, s);
+ element_printf("P = %B\n", P);
+ element_printf("Ppub = %B\n", Ppub);
+ element_from_hash(Qid, "ID", 2);
+ element_printf("Qid = %B\n", Qid);
+ element_mul_zn(Did, Qid, s);
+
+ printf("SIGN\n");
+ element_random(k);
+ element_mul_zn(R, P, k);
+ element_from_hash(t1, "Message", 7);
+ element_mul_zn(t2, P, t1);
+ //H3(R)=mpz(R);
+// int n = element_length_in_bytes(R);
+// unsigned char *data=malloc(n);
+// element_to_bytes(data, R);
+// printf("data = %s\n", data);
+ element_to_mpz(t3, R);
+ element_mul_mpz(t4, Did, t3);
+ element_add(t5, t4, t2);
+ element_invert(k, k);
+ element_mul_zn(S, t5, k);
+ printf("Signature of message \"Message\" is:\n");
+ element_printf("R = %B\n", R);
+ element_printf("S = %B\n", S);
+
+ printf("VERIFY\n");
+ element_from_hash(t1, "Message", 7);
+ element_mul_zn(t7, P, t1);
+ element_pairing(t6, P, t7);
+ element_pairing(t8, Ppub, Qid);
+ element_to_mpz(t3, R);
+ element_pow_mpz(t9, t8, t3);
+ element_printf("t8 = %B\n", t8);
+ element_printf("t9 = %B\n", t9);
+ element_mul(t10, t6, t9);
+ element_printf("t10 = %B\n", t10);
+ element_pairing(t11, R, S);
+ element_printf("[e(P, P)^H2(M)][e(Ppub, Qid)^H3(R)] = %B\n", t10);
+ element_printf("e(R, S) = %B\n", t11);
+ if (!element_cmp(t10, t11)) {
+ printf("Signature is valid!\n");
+ } else {
+ printf("Signature is invalid!\n");
+ }
+ time2 = pbc_get_time();
+ printf("All time = %fs\n", time2 - time1);
+
+ element_clear(P);
+ element_clear(Ppub);
+ element_clear(Qid);
+ element_clear(Did);
+ element_clear(R);
+ element_clear(t2);
+ element_clear(t4);
+ element_clear(t5);
+ element_clear(s);
+ element_clear(k);
+ element_clear(t1);
+ element_clear(t6);
+ element_clear(t7);
+ element_clear(t8);
+ element_clear(t9);
+ element_clear(t10);
+ element_clear(t11);
+ pairing_clear(pairing);
+
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/yuanli.c b/moon-abe/pbc-0.5.14/example/yuanli.c
new file mode 100644
index 00000000..a3606377
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/yuanli.c
@@ -0,0 +1,165 @@
+/* Contributed by Dmitry Kosolapov
+ *
+ * I haven't tested this much, and I'm personally not familiar with
+ * this particular cryptosystem. -Ben Lynn
+ */
+/* Here we represent the original Yuan-Li ID-Based Authenticated Key Agreement Protocol, 2005.
+ * This protocol has 2 stages: Setup and Extract. We represent them inside one code block with demo and time outputs.
+ */
+
+/*Yuan-Li protocol description according to:
+Quan Yuan and Songping Li, A New Efficient ID-Based Authenticated Key Agreement Protocol, Cryptology ePrint Archive, Report 2005/309
+
+SETUP:
+KGS chooses G1, G2, e: G1*G1 -> G2, P, H: {0, 1}* -> G1, s, H - some function for key calculation.
+KGS calculates Ppub = s*P, publishes {G1, G2, e, P, Ppub, H1, H} and saves s as master key.
+
+EXTRACT:
+
+For the user with ID public key can be calculated with Qid = H1(ID). KGS generates bound public key Sid = s*Qid.
+1. A chooses random a from Z_p*, calculates Ta = a*P.
+ A -> B: Ta
+2. B chooses random b from Z_p*, calculates Tb = b*P.
+ B -> A: Tb
+3. A calculates h = a*Tb = a*b*P and shared secret key Kab = e(a*Ppub + Sa, Tb + Qb)
+4. B calculates h = b*Ta = a*b*P and shared secret key Kba = e(Ta + Qa, b*Ppub + Sb)
+Session key is K = H(A, B, h, Kab).
+H was not defined in the original article.
+I've defined it as H(A, B, h, Kab)=e(h,H1(A)+H1(B))+Kab.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double t0, t1;
+ element_t s, a, b, P, Ppub, Qa, Qb, Sa, Sb, Ta, Tb, Kab, Kba, K, temp1,
+ temp2, temp3, temp4, temp5, h;
+
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+
+ element_init_Zr(s, pairing);
+ element_init_Zr(a, pairing);
+ element_init_Zr(b, pairing);
+
+ element_init_G1(P, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(Qa, pairing);
+ element_init_G1(Qb, pairing);
+ element_init_G1(Sa, pairing);
+ element_init_G1(Sb, pairing);
+ element_init_G1(Ta, pairing);
+ element_init_G1(Tb, pairing);
+ element_init_G1(temp1, pairing);
+ element_init_G1(temp2, pairing);
+ element_init_G1(temp3, pairing);
+ element_init_G1(h, pairing);
+
+ element_init_GT(Kab, pairing);
+ element_init_GT(Kba, pairing);
+ element_init_GT(K, pairing);
+ element_init_GT(temp4, pairing);
+ element_init_GT(temp5, pairing);
+
+ printf("Yuan-Li key agreement protocol\n");
+
+ t0 = pbc_get_time();
+
+//Setup, system parameters generation
+ printf("SETUP STAGE\n");
+ element_random(P);
+ element_printf("P = %B\n", P);
+ element_random(s);
+ element_mul_zn(Ppub, P, s);
+ element_printf("Ppub = %B\n", Ppub);
+
+//Extract, key calculation
+ printf("EXTRACT STAGE\n");
+ element_from_hash(Qa, "A", 1);
+ element_from_hash(Qb, "B", 1);
+ element_mul_zn(Sa, Qa, s);
+ element_mul_zn(Sb, Qb, s);
+ element_printf("Sa = %B\n", Sa);
+ element_printf("Sb = %B\n", Sb);
+
+ printf("-----1-----\n");
+
+ element_random(a);
+ element_mul_zn(Ta, P, a);
+ element_printf("A sends B Ta = %B\n", Ta);
+
+ printf("-----2-----\n");
+
+ element_random(b);
+ element_mul_zn(Tb, P, b);
+ element_printf("B sends A Tb = %B\n", Tb);
+
+ printf("-----3-----\n");
+
+ printf("A calculates h and Kab\n");
+ element_mul_zn(h, Tb, a);
+ element_printf("h = %B\n", h);
+ element_mul_zn(temp1, Ppub, a);
+ element_add(temp1, temp1, Sa);
+ element_add(temp2, Tb, Qb);
+ element_pairing(Kab, temp1, temp2);
+ element_printf("Kab = %B\n", Kab);
+
+ printf("-----4-----\n");
+
+ printf("B calculates h and Kba\n");
+ element_mul_zn(h, Ta, b);
+ element_printf("h = %B\n", h);
+ element_add(temp1, Ta, Qa);
+ element_mul_zn(temp2, Ppub, b);
+ element_add(temp2, temp2, Sb);
+ element_pairing(Kba, temp1, temp2);
+ element_printf("Kba = %B\n", Kba);
+
+ printf("-----FINAL-----\n");
+
+ element_add(temp3, Qa, Qb);
+ element_pairing(temp4, h, temp3);
+
+ element_add(K, temp4, Kab);
+ element_printf("A has the key K = %B\n", K);
+ element_set(temp5, K);
+
+ element_add(K, temp4, Kba);
+ element_printf("B has the key K = %B\n", K);
+
+ if (!element_cmp(temp5, K))
+ printf("The keys are the same. Start session...\n");
+ else
+ printf("The keys aren't the same. Try again, please.\n");
+
+ element_clear(K);
+ element_clear(Kab);
+ element_clear(Kba);
+ element_clear(h);
+ element_clear(temp1);
+ element_clear(temp2);
+ element_clear(temp3);
+ element_clear(temp4);
+ element_clear(temp5);
+ element_clear(s);
+ element_clear(a);
+ element_clear(b);
+ element_clear(P);
+ element_clear(Ppub);
+ element_clear(Qa);
+ element_clear(Qb);
+ element_clear(Sa);
+ element_clear(Sb);
+ element_clear(Ta);
+ element_clear(Tb);
+
+ t1 = pbc_get_time();
+
+ printf("All time = %fs\n", t1 - t0);
+ printf("Have a good day!\n");
+
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/zhangkim.c b/moon-abe/pbc-0.5.14/example/zhangkim.c
new file mode 100644
index 00000000..caaa0b9f
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/zhangkim.c
@@ -0,0 +1,139 @@
+/*
+ Zhang and Kim ID-based Blind Signature scheme.
+ Based on papers "F. Zang, K. Kim. ID-based Blind Signature and Ring Signature from Pairings. Advances in Cryptology - Asiacrypt 2002, LNCS Vol. 2510, Springer-Verlag, 2002".
+ Contributed by Dmitry Kosolapov.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ double time1, time2;
+ element_t P, Ppub, s, R, Qid, Sid, a, b, r, c, S, negc, t1, t2, t3, t5,
+ t6, t7, t8, t9, t10, t11, t12, t14;
+ mpz_t t4, t13;
+ mpz_init(t4);
+ mpz_init(t13);
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+ element_init_G1(P, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(Qid, pairing);
+ element_init_G1(Sid, pairing);
+ element_init_G1(R, pairing);
+ element_init_G1(S, pairing);
+ element_init_G1(t1, pairing);
+ element_init_G1(t2, pairing);
+ element_init_G1(t7, pairing);
+ element_init_G1(t8, pairing);
+ element_init_G1(t9, pairing);
+
+ element_init_Zr(r, pairing);
+ element_init_Zr(s, pairing);
+ element_init_Zr(c, pairing);
+ element_init_Zr(a, pairing);
+ element_init_Zr(b, pairing);
+ element_init_Zr(negc, pairing);
+ element_init_Zr(t5, pairing);
+ element_init_Zr(t6, pairing);
+ element_init_Zr(t14, pairing);
+
+ element_init_GT(t3, pairing);
+ element_init_GT(t10, pairing);
+ element_init_GT(t11, pairing);
+ element_init_GT(t12, pairing);
+
+ time1 = pbc_get_time();
+ printf("Zhang and Kim ID-based Blind Signature scheme\n");
+ printf("SETUP\n");
+ element_random(P);
+ element_random(s);
+ element_mul_zn(Ppub, P, s);
+ element_printf("P = %B\n", P);
+ element_printf("Ppub = %B\n", Ppub);
+
+ printf("EXTRACT\n");
+ element_from_hash(Qid, "ID", 2);
+ element_mul_zn(Sid, Qid, s);
+ element_printf("Public key Qid = %B\n", Qid);
+ element_printf("Private key Sid = %B\n", Sid);
+
+ printf("BLIND SIGNATURE ISSUING PROTOCOL\n");
+ element_random(r);
+ element_mul_zn(R, P, r);
+ printf("Signer sends R = rP to user\n");
+ element_printf("R = %B\n", R);
+ printf("Blinding\n");
+ element_random(a);
+ element_random(b);
+ element_mul_zn(t1, P, a);
+ element_add(t1, R, t1);
+ element_mul_zn(t2, Qid, b);
+ element_add(t2, t2, t1);
+ element_pairing(t3, t2, Ppub);
+ element_to_mpz(t4, t3);
+ element_from_hash(t5, "Message", 7);
+ element_mul_mpz(t6, t5, t4);
+ element_add(c, t6, b);
+ printf("User sends c to signer\n");
+ element_printf("c = %B\n", c);
+ printf("Signing\n");
+ element_mul_zn(t7, Ppub, r);
+ element_mul_zn(t8, Sid, c);
+ element_add(S, t8, t7);
+ printf("Signer sends S\n");
+ element_printf("S = %B\n", S);
+ printf("Unblinding\n");
+ element_mul_zn(t9, Ppub, a);
+ element_add(S, S, t9);
+ element_sub(c, c, b);
+ printf("Blind Signature of message \"Message\" is:\n");
+ element_printf("S1 = %B\n", S);
+ element_printf("c1 = %B\n", c);
+
+ printf("VERIFICATION\n");
+ element_pairing(t10, Qid, Ppub);
+ element_neg(negc, c);
+ element_pow_zn(t10, t10, negc);
+ element_pairing(t11, S, P);
+ element_mul(t12, t11, t10);
+ element_to_mpz(t13, t12);
+ element_from_hash(t5, "Message", 7);
+ element_mul_mpz(t14, t5, t13);
+ element_printf("c1 = %B\n", c);
+ element_printf("H(m, [e(S1, P)][e(Qid, Ppub)^(-c1)]) = %B\n", t14);
+
+ if (!element_cmp(t14, c)) printf("Signature is valid\n");
+ else printf("Signature is invalid\n");
+ time2 = pbc_get_time();
+ printf("All time = %fs\n", time2 - time1);
+
+ element_clear(P);
+ element_clear(Ppub);
+ element_clear(Qid);
+ element_clear(Sid);
+ element_clear(R);
+ element_clear(S);
+ element_clear(r);
+ element_clear(s);
+ element_clear(c);
+ element_clear(a);
+ element_clear(b);
+ element_clear(negc);
+ element_clear(t1);
+ element_clear(t2);
+ element_clear(t3);
+ element_clear(t5);
+ element_clear(t6);
+ element_clear(t14);
+ element_clear(t7);
+ element_clear(t8);
+ element_clear(t9);
+ element_clear(t10);
+ element_clear(t11);
+ element_clear(t12);
+ pairing_clear(pairing);
+
+ return 0;
+}
diff --git a/moon-abe/pbc-0.5.14/example/zss.c b/moon-abe/pbc-0.5.14/example/zss.c
new file mode 100644
index 00000000..5020a3a6
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/example/zss.c
@@ -0,0 +1,70 @@
+/*
+ ZSS Short Signature Scheme from Bilinear Pairing.
+ Based on papers "F. Zhang, R. Safavi-Naini and W. Susilo. An Efficient Signature Scheme from Bilinear Pairings and it's Applications. PKC 2004".
+ Contributed by Dmitry Kosolapov.
+*/
+
+#include <pbc.h>
+#include <pbc_test.h>
+
+int main(int argc, char **argv) {
+ pairing_t pairing;
+ pbc_demo_pairing_init(pairing, argc, argv);
+ if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
+ double time1, time2;
+ element_t P, Ppub, x, S, H, t1, t2, t3, t4;
+ element_init_Zr(x, pairing);
+ element_init_Zr(H, pairing);
+ element_init_Zr(t1, pairing);
+
+ element_init_G1(S, pairing);
+ element_init_G1(P, pairing);
+ element_init_G1(Ppub, pairing);
+ element_init_G1(t2, pairing);
+
+ element_init_GT(t3, pairing);
+ element_init_GT(t4, pairing);
+
+ printf("ZSS short signature schema\n");
+ printf("KEYGEN\n");
+ time1 = pbc_get_time();
+ element_random(x);
+ element_random(P);
+ element_mul_zn(Ppub, P, x);
+ element_printf("P = %B\n", P);
+ element_printf("x = %B\n", x);
+ element_printf("Ppub = %B\n", Ppub);
+
+ printf("SIGN\n");
+ element_from_hash(H, "Message", 7);
+ element_add(t1, H, x);
+ element_invert(t1, t1);
+ element_mul_zn(S, P, t1);
+ printf("Signature of message \"Message\" is:\n");
+ element_printf("S = %B\n", S);
+
+ printf("VERIFY\n");
+ element_from_hash(H, "Message", 7);
+ element_mul_zn(t2, P, H);
+ element_add(t2, t2, Ppub);
+ element_pairing(t3, t2, S);
+ element_pairing(t4, P, P);
+ element_printf("e(H(m)P + Ppub, S) = %B\n", t3);
+ element_printf("e(P, P) = %B\n", t4);
+ if (!element_cmp(t3, t4)) printf("Signature is valid\n");
+ else printf("Signature is invalid\n");
+ time2 = pbc_get_time();
+ printf("All time = %fs\n", time2 - time1);
+ element_clear(P);
+ element_clear(Ppub);
+ element_clear(x);
+ element_clear(S);
+ element_clear(H);
+ element_clear(t1);
+ element_clear(t2);
+ element_clear(t3);
+ element_clear(t4);
+ pairing_clear(pairing);
+
+ return 0;
+}