yaole
114 lines
2.6 KiB
Go
114 lines
2.6 KiB
Go
package dkgc
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"io"
|
|
"math/big"
|
|
|
|
"xdx.jelly/xgcl/sm/sm9"
|
|
)
|
|
|
|
type DoubleKGC struct {
|
|
ks sm9.MastSignPrivateKey
|
|
commonPubs sm9.MastSignPublicKey
|
|
}
|
|
|
|
func (dk *DoubleKGC) GenerateMastKey() {
|
|
|
|
}
|
|
|
|
var alpha = big.NewInt(2)
|
|
var alphaInv = new(big.Int).ModInverse(alpha, sm9.Order())
|
|
|
|
func ComputeHHat(id []byte) (*big.Int, *big.Int, bool) {
|
|
h1 := sm9.H1(id, []byte{0x01})
|
|
hh := new(big.Int).ModSqrt(h1, sm9.Order())
|
|
if hh == nil {
|
|
hh = new(big.Int).Lsh(h1, 1)
|
|
hh.ModSqrt(hh, sm9.Order())
|
|
return h1, hh, false
|
|
}
|
|
return h1, hh, true
|
|
}
|
|
|
|
func UserRandom0(reader io.Reader, basePoint *sm9.G1) (*big.Int, *sm9.G1, error) {
|
|
r, err := rand.Int(reader, sm9.Order())
|
|
if err != nil || r.Sign() == 0 {
|
|
return nil, nil, err
|
|
}
|
|
R := &sm9.G1{}
|
|
R.ScalarMult(basePoint, r)
|
|
return r, R, nil
|
|
}
|
|
|
|
func KGC1ComputeData(reader io.Reader, R *sm9.G1, ks *sm9.MastSignPrivateKey, hh *big.Int) (*big.Int, *sm9.G1, error) {
|
|
r, err := rand.Int(reader, sm9.Order())
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
t1 := new(big.Int).Add(hh, &ks.Int)
|
|
t1.Mod(t1, sm9.Order())
|
|
if t1.Sign() == 0 {
|
|
panic("Got zero of t1")
|
|
}
|
|
t1.ModInverse(t1, sm9.Order())
|
|
t1.Mul(t1, r)
|
|
t1.Mod(t1, sm9.Order())
|
|
|
|
r.ModInverse(r, sm9.Order())
|
|
T1 := new(sm9.G1).ScalarMult(R, r)
|
|
return t1, T1, nil
|
|
}
|
|
|
|
func KGC2ComputeData(T1 *sm9.G1, ks *sm9.MastSignPrivateKey, hh *big.Int) (*sm9.G1, error) {
|
|
t2 := new(big.Int).Add(hh, &ks.Int)
|
|
t2.ModInverse(t2, sm9.Order())
|
|
T2 := new(sm9.G1).ScalarMult(T1, t2)
|
|
return T2, nil
|
|
}
|
|
|
|
func UserComputeSignKey(id []byte, t1 *big.Int, T2 *sm9.G1, r *big.Int, pubs1, pubs2, pubs *sm9.MastSignPublicKey, basePoint *sm9.G1) (*sm9.UserSignKey, *sm9.MastSignPublicKey, error) {
|
|
h1, hh, isSquare := ComputeHHat(id)
|
|
rInv := new(big.Int).ModInverse(r, sm9.Order())
|
|
if isSquare {
|
|
// h1 is square
|
|
d := new(big.Int).Mul(h1, t1)
|
|
d.Mul(d, rInv)
|
|
d.Mod(d, sm9.Order())
|
|
ds := new(sm9.G1).ScalarMult(T2, d)
|
|
ds.Neg(ds)
|
|
// ds.Add(ds, sm9.G1Generator())
|
|
ds.Add(ds, basePoint)
|
|
|
|
g := new(sm9.G2).Add(&pubs1.G2, &pubs2.G2)
|
|
g.ScalarMult(g, hh)
|
|
g.Add(g, &pubs.G2)
|
|
return &sm9.UserSignKey{
|
|
G1: *ds,
|
|
}, &sm9.MastSignPublicKey{
|
|
G2: *g,
|
|
}, nil
|
|
} else {
|
|
d := new(big.Int).Mul(h1, t1)
|
|
d.Mul(d, rInv)
|
|
d.Mul(d, alpha)
|
|
d.Mod(d, sm9.Order())
|
|
|
|
ds := new(sm9.G1).ScalarMult(T2, d)
|
|
ds.Neg(ds)
|
|
// ds.Add(ds, sm9.G1Generator())
|
|
ds.Add(ds, basePoint)
|
|
|
|
g := new(sm9.G2).Add(&pubs1.G2, &pubs2.G2)
|
|
g.ScalarMult(g, hh)
|
|
g.ScalarMult(g, alphaInv)
|
|
g.Add(g, new(sm9.G2).ScalarMult(&pubs.G2, alphaInv))
|
|
return &sm9.UserSignKey{
|
|
G1: *ds,
|
|
}, &sm9.MastSignPublicKey{
|
|
G2: *g,
|
|
}, nil
|
|
}
|
|
}
|