Nucypher
/
pyUmbral
mirror of https://github.com/nucypher/pyUmbral.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use signer instead of signer_sk in generate_kfrags() and rename signing_pk to verifying_pk

pull/267/head
Bogdan Opanchuk 2021-04-18 22:29:17 -07:00
parent a2d4bfd363
commit 81868848c9
16 changed files with 107 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.rst
View File

@ -62,13 +62,14 @@ Additionally, users that delegate access to their data (like Alice, in this exam
.. code-block:: python
from umbral import SecretKey, PublicKey
from umbral import SecretKey, PublicKey, Signer
# Generate Umbral keys for Alice.
alices_secret_key = SecretKey.random()
alices_public_key = PublicKey.from_secret_key(alices_secret_key)
alices_signing_key = SecretKey.random()
alices_signer = Signer(alices_signing_key)
alices_verifying_key = PublicKey.from_secret_key(alices_signing_key)
# Generate Umbral keys for Bob.
@ -112,7 +113,7 @@ which are next sent to N proxies or *Ursulas*.
# In this example, 10 out of 20.
kfrags = generate_kfrags(delegating_sk=alices_secret_key,
receiving_pk=bobs_public_key,
signing_sk=alices_signing_key,
signer=alices_signer,
threshold=10,
num_kfrags=20)

7
docs/examples/umbral_simple_api.py
View File

@ -1,6 +1,6 @@
import random
from umbral import (
SecretKey, PublicKey, GenericError,
SecretKey, PublicKey, Signer, GenericError,
encrypt, generate_kfrags, reencrypt, decrypt_original, decrypt_reencrypted)
# Generate an Umbral key pair
@ -13,6 +13,7 @@ alices_public_key = PublicKey.from_secret_key(alices_secret_key)
alices_signing_key = SecretKey.random()
alices_verifying_key = PublicKey.from_secret_key(alices_signing_key)
alices_signer = Signer(alices_signing_key)
# Encrypt some data for Alice
# ---------------------------
@ -58,7 +59,7 @@ except GenericError:
kfrags = generate_kfrags(delegating_sk=alices_secret_key,
receiving_pk=bobs_public_key,
signing_sk=alices_signing_key,
signer=alices_signer,
threshold=10,
num_kfrags=20)
@ -91,7 +92,7 @@ assert len(cfrags) == 10
assert all(cfrag.verify(capsule,
delegating_pk=alices_public_key,
receiving_pk=bobs_public_key,
signing_pk=alices_verifying_key)
verifying_pk=alices_verifying_key)
for cfrag in cfrags)
# Bob opens the capsule

9
docs/notebooks/pyUmbral Simple API.ipynb
View File

@ -22,7 +22,7 @@
"metadata": {},
"outputs": [],
"source": [
"from umbral import SecretKey, PublicKey\n",
"from umbral import SecretKey, PublicKey, Signer\n",
"\n",
"\n",
"# Alice's Keys\n",
@ -30,7 +30,8 @@
"alices_public_key = PublicKey.from_secret_key(alices_private_key)\n",
"\n",
"alices_signing_key = SecretKey.random()\n",
"alices_verifying_key = PublicKey.from_secret_key(alices_signing_key)"
"alices_verifying_key = PublicKey.from_secret_key(alices_signing_key)\n",
"alices_signer = Signer(alices_signing_key)"
]
},
{
@ -179,7 +180,7 @@
"M, N = 10, 20 # the threshold and the total number of fragments\n",
"kfrags = generate_kfrags(delegating_sk=alices_private_key,\n",
" receiving_pk=bobs_public_key,\n",
" signing_sk=alices_signing_key,\n",
" signer=alices_signer,\n",
" threshold=M,\n",
" num_kfrags=N)"
]
@ -232,7 +233,7 @@
"assert all(cfrag.verify(capsule,\n",
" delegating_pk=alices_public_key,\n",
" receiving_pk=bobs_public_key,\n",
" signing_pk=alices_verifying_key)\n",
" verifying_pk=alices_verifying_key)\n",
" for cfrag in cfrags)"
]
},

7
docs/source/using_pyumbral.rst
View File

@ -43,13 +43,14 @@ A delegating key pair and a signing key pair.
.. doctest:: capsule_story
>>> from umbral import SecretKey, PublicKey
>>> from umbral import SecretKey, PublicKey, Signer
>>> alices_secret_key = SecretKey.random()
>>> alices_public_key = PublicKey.from_secret_key(alices_secret_key)
>>> alices_signing_key = SecretKey.random()
>>> alices_verifying_key = PublicKey.from_secret_key(alices_signing_key)
>>> alices_signer = Signer(alices_signing_key)
Encrypt with a public key
@ -105,7 +106,7 @@ but Bob needs to get only 10 re-encryptions to activate the capsule.
>>> from umbral import generate_kfrags
>>> kfrags = generate_kfrags(delegating_sk=alices_secret_key,
... receiving_pk=bobs_public_key,
... signing_sk=alices_signing_key,
... signer=alices_signer,
... threshold=10,
... num_kfrags=20)
@ -180,7 +181,7 @@ using Alice's public keys.
>>> all(cfrag.verify(capsule,
... delegating_pk=alices_public_key,
... receiving_pk=bobs_public_key,
... signing_pk=alices_verifying_key)
... verifying_pk=alices_verifying_key)
... for cfrag in cfrags)
True

4
tests/conftest.py
View File

@ -1,6 +1,6 @@
import pytest
from umbral import SecretKey, PublicKey, generate_kfrags, encrypt
from umbral import SecretKey, PublicKey, Signer, generate_kfrags, encrypt
@pytest.fixture
@ -22,7 +22,7 @@ def kfrags(alices_keys, bobs_keys):
delegating_sk, signing_sk = alices_keys
receiving_sk, receiving_pk = bobs_keys
yield generate_kfrags(delegating_sk=delegating_sk,
signing_sk=signing_sk,
signer=Signer(signing_sk),
receiving_pk=receiving_pk,
threshold=6, num_kfrags=10)

15
tests/metrics/reencryption_benchmark.py
View File

@ -41,6 +41,7 @@ def __standard_encryption_api(umbral) -> tuple:
delegating_pk = umbral.PublicKey.from_secret_key(delegating_sk)
signing_sk = umbral.SecretKey.random()
signer = umbral.Signer(signing_sk)
receiving_sk = umbral.SecretKey.random()
receiving_pk = umbral.PublicKey.from_secret_key(receiving_sk)
@ -48,7 +49,7 @@ def __standard_encryption_api(umbral) -> tuple:
plain_data = os.urandom(32)
capsule, ciphertext = umbral.encrypt(delegating_pk, plain_data)
return delegating_sk, receiving_pk, signing_sk, ciphertext, capsule
return delegating_sk, receiving_pk, signer, ciphertext, capsule
#
@ -64,8 +65,8 @@ def __standard_encryption_api(umbral) -> tuple:
def test_generate_kfrags_performance(benchmark, m: int, n: int, umbral) -> None:
def __setup():
delegating_sk, receiving_pk, signing_sk, ciphertext, capsule = __standard_encryption_api(umbral)
return (delegating_sk, receiving_pk, signing_sk, m, n, True, True), {}
delegating_sk, receiving_pk, signer, ciphertext, capsule = __standard_encryption_api(umbral)
return (delegating_sk, receiving_pk, signer, m, n, True, True), {}
benchmark.pedantic(umbral.generate_kfrags, setup=__setup, rounds=1000)
assert True # ensure function finishes and succeeds.
@ -84,8 +85,8 @@ def test_generate_kfrags_performance(benchmark, m: int, n: int, umbral) -> None:
def test_random_frag_reencryption_performance(benchmark, m: int, n: int, umbral) -> None:
def __setup():
delegating_sk, receiving_pk, signing_sk, ciphertext, capsule = __standard_encryption_api(umbral)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signing_sk, m, n, True, True)
delegating_sk, receiving_pk, signer, ciphertext, capsule = __standard_encryption_api(umbral)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signer, m, n, True, True)
one_kfrag, *remaining_kfrags = kfrags
return (capsule, one_kfrag), {}
@ -104,8 +105,8 @@ def test_random_frag_reencryption_performance(benchmark, m: int, n: int, umbral)
@pytest.mark.parametrize("m, n", ((6, 10), ))
def test_single_frag_reencryption_performance(benchmark, m: int, n: int, umbral) -> None:
delegating_sk, receiving_pk, signing_sk, ciphertext, capsule = __standard_encryption_api(umbral)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signing_sk, m, n, True, True)
delegating_sk, receiving_pk, signer, ciphertext, capsule = __standard_encryption_api(umbral)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signer, m, n, True, True)
one_kfrag, *remaining_kfrags = kfrags
args, kwargs = (capsule, one_kfrag), {}

3
tests/metrics/reencryption_firehose.py
View File

@ -17,6 +17,7 @@ def __produce_kfrags_and_capsule(m: int, n: int) -> Tuple[List[umbral.KeyFrag],
delegating_pk = umbral.PublicKey.from_secret_key(delegating_sk)
signing_sk = umbral.SecretKey.random()
signer = umbral.Signer(signing_sk)
receiving_sk = umbral.SecretKey.random()
receiving_pk = umbral.PublicKey.from_secret_key(receiving_sk)
@ -24,7 +25,7 @@ def __produce_kfrags_and_capsule(m: int, n: int) -> Tuple[List[umbral.KeyFrag],
plain_data = os.urandom(32)
capsule, ciphertext = umbral.encrypt(delegating_pk, plain_data)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signing_sk, m, n)
kfrags = umbral.generate_kfrags(delegating_sk, receiving_pk, signer, m, n)
return kfrags, capsule

7
tests/test_capsule.py
View File

@ -4,6 +4,7 @@ from umbral import (
Capsule,
SecretKey,
PublicKey,
Signer,
GenericError,
encrypt,
decrypt_original,
@ -66,12 +67,12 @@ def test_open_reencrypted(alices_keys, bobs_keys):
delegating_sk, signing_sk = alices_keys
receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
signer = Signer(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
capsule, key = Capsule.from_public_key(delegating_pk)
kfrags = generate_kfrags(delegating_sk=delegating_sk,
signing_sk=signing_sk,
signer=signer,
receiving_pk=receiving_pk,
threshold=threshold,
num_kfrags=num_kfrags)
@ -94,7 +95,7 @@ def test_open_reencrypted(alices_keys, bobs_keys):
# Mismatched cfrags
kfrags2 = generate_kfrags(delegating_sk=delegating_sk,
signing_sk=signing_sk,
signer=signer,
receiving_pk=receiving_pk,
threshold=threshold,
num_kfrags=num_kfrags)

24
tests/test_capsule_frag.py
View File

@ -7,7 +7,7 @@ def test_cfrag_serialization(alices_keys, bobs_keys, capsule, kfrags):
delegating_sk, signing_sk = alices_keys
_receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
metadata = b'This is an example of metadata for re-encryption request'
@ -21,41 +21,41 @@ def test_cfrag_serialization(alices_keys, bobs_keys, capsule, kfrags):
assert new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk,
verifying_pk=verifying_pk,
metadata=metadata)
# No metadata
assert not new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk)
verifying_pk=verifying_pk)
# Wrong metadata
assert not new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk,
verifying_pk=verifying_pk,
metadata=b'Not the same metadata')
# Wrong delegating key
assert not new_cfrag.verify(capsule,
delegating_pk=receiving_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk,
verifying_pk=verifying_pk,
metadata=metadata)
# Wrong receiving key
assert not new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=delegating_pk,
signing_pk=signing_pk,
verifying_pk=verifying_pk,
metadata=metadata)
# Wrong signing key
assert not new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=receiving_pk,
verifying_pk=receiving_pk,
metadata=metadata)
@ -64,7 +64,7 @@ def test_cfrag_serialization_no_metadata(alices_keys, bobs_keys, capsule, kfrags
delegating_sk, signing_sk = alices_keys
_receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
for kfrag in kfrags:
@ -77,12 +77,12 @@ def test_cfrag_serialization_no_metadata(alices_keys, bobs_keys, capsule, kfrags
assert new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk)
verifying_pk=verifying_pk)
assert not new_cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=signing_pk,
verifying_pk=verifying_pk,
metadata=b'some metadata')
@ -105,7 +105,7 @@ def test_cfrag_with_wrong_capsule(alices_keys, bobs_keys,
assert not cfrag.verify(capsule_alice1,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=PublicKey.from_secret_key(signing_sk),
verifying_pk=PublicKey.from_secret_key(signing_sk),
metadata=metadata)
@ -128,7 +128,7 @@ def test_cfrag_with_wrong_data(kfrags, alices_keys, bobs_keys, capsule_and_ciphe
assert not cfrag.verify(capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
signing_pk=PublicKey.from_secret_key(signing_sk),
verifying_pk=PublicKey.from_secret_key(signing_sk),
metadata=metadata)

46
tests/test_compatibility.py
View File

@ -93,30 +93,32 @@ def test_encrypt_decrypt(implementations):
def _generate_kfrags(umbral, delegating_sk_bytes, receiving_pk_bytes,
signing_sk_bytes, threshold, num_frags):
signing_sk_bytes, threshold, num_kfrags):
delegating_sk = umbral.SecretKey.from_bytes(delegating_sk_bytes)
receiving_pk = umbral.PublicKey.from_bytes(receiving_pk_bytes)
signing_sk = umbral.SecretKey.from_bytes(signing_sk_bytes)
kfrags = umbral.generate_kfrags(delegating_sk,
receiving_pk,
signing_sk,
threshold,
num_frags,
True,
True,
kfrags = umbral.generate_kfrags(delegating_sk=delegating_sk,
receiving_pk=receiving_pk,
signer=umbral.Signer(signing_sk),
threshold=threshold,
num_kfrags=num_kfrags,
sign_delegating_key=True,
sign_receiving_key=True,
)
return [bytes(kfrag) for kfrag in kfrags]
def _verify_kfrags(umbral, kfrags_bytes, signing_pk_bytes, delegating_pk_bytes, receiving_pk_bytes):
def _verify_kfrags(umbral, kfrags_bytes, verifying_pk_bytes, delegating_pk_bytes, receiving_pk_bytes):
kfrags = [umbral.KeyFrag.from_bytes(kfrag_bytes) for kfrag_bytes in kfrags_bytes]
signing_pk = umbral.PublicKey.from_bytes(signing_pk_bytes)
verifying_pk = umbral.PublicKey.from_bytes(verifying_pk_bytes)
delegating_pk = umbral.PublicKey.from_bytes(delegating_pk_bytes)
receiving_pk = umbral.PublicKey.from_bytes(receiving_pk_bytes)
assert all(kfrag.verify(signing_pk, delegating_pk, receiving_pk) for kfrag in kfrags)
assert all(kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk) for kfrag in kfrags)
def test_kfrags(implementations):
@ -124,20 +126,20 @@ def test_kfrags(implementations):
umbral1, umbral2 = implementations
threshold = 2
num_frags = 3
num_kfrags = 3
plaintext = b'peace at dawn'
# On client 1
receiving_sk_bytes, receiving_pk_bytes = _create_keypair(umbral1)
delegating_sk_bytes, delegating_pk_bytes = _create_keypair(umbral1)
signing_sk_bytes, signing_pk_bytes = _create_keypair(umbral1)
signing_sk_bytes, verifying_pk_bytes = _create_keypair(umbral1)
kfrags_bytes = _generate_kfrags(umbral1, delegating_sk_bytes, receiving_pk_bytes,
signing_sk_bytes, threshold, num_frags)
signing_sk_bytes, threshold, num_kfrags)
# On client 2
_verify_kfrags(umbral2, kfrags_bytes, signing_pk_bytes, delegating_pk_bytes, receiving_pk_bytes)
_verify_kfrags(umbral2, kfrags_bytes, verifying_pk_bytes, delegating_pk_bytes, receiving_pk_bytes)
def _reencrypt(umbral, capsule_bytes, kfrags_bytes, threshold, metadata):
@ -147,18 +149,18 @@ def _reencrypt(umbral, capsule_bytes, kfrags_bytes, threshold, metadata):
return [bytes(cfrag) for cfrag in cfrags]
def _decrypt_reencrypted(umbral, receiving_sk_bytes, delegating_pk_bytes, signing_pk_bytes,
def _decrypt_reencrypted(umbral, receiving_sk_bytes, delegating_pk_bytes, verifying_pk_bytes,
capsule_bytes, cfrags_bytes, ciphertext, metadata):
receiving_sk = umbral.SecretKey.from_bytes(receiving_sk_bytes)
receiving_pk = umbral.PublicKey.from_secret_key(receiving_sk)
delegating_pk = umbral.PublicKey.from_bytes(delegating_pk_bytes)
signing_pk = umbral.PublicKey.from_bytes(signing_pk_bytes)
verifying_pk = umbral.PublicKey.from_bytes(verifying_pk_bytes)
capsule = umbral.Capsule.from_bytes(bytes(capsule_bytes))
cfrags = [umbral.CapsuleFrag.from_bytes(cfrag_bytes) for cfrag_bytes in cfrags_bytes]
assert all(cfrag.verify(capsule, delegating_pk, receiving_pk, signing_pk, metadata=metadata)
assert all(cfrag.verify(capsule, delegating_pk, receiving_pk, verifying_pk, metadata=metadata)
for cfrag in cfrags)
# Decryption by Bob
@ -178,19 +180,19 @@ def test_reencrypt(implementations):
metadata = b'metadata'
threshold = 2
num_frags = 3
num_kfrags = 3
plaintext = b'peace at dawn'
# On client 1
receiving_sk_bytes, receiving_pk_bytes = _create_keypair(umbral1)
delegating_sk_bytes, delegating_pk_bytes = _create_keypair(umbral1)
signing_sk_bytes, signing_pk_bytes = _create_keypair(umbral1)
signing_sk_bytes, verifying_pk_bytes = _create_keypair(umbral1)
capsule_bytes, ciphertext = _encrypt(umbral1, plaintext, delegating_pk_bytes)
kfrags_bytes = _generate_kfrags(umbral1, delegating_sk_bytes, receiving_pk_bytes,
signing_sk_bytes, threshold, num_frags)
signing_sk_bytes, threshold, num_kfrags)
# On client 2
@ -199,7 +201,7 @@ def test_reencrypt(implementations):
# On client 1
plaintext_reencrypted = _decrypt_reencrypted(umbral1,
receiving_sk_bytes, delegating_pk_bytes, signing_pk_bytes,
receiving_sk_bytes, delegating_pk_bytes, verifying_pk_bytes,
capsule_bytes, cfrags_bytes, ciphertext, metadata)
assert plaintext_reencrypted == plaintext

20
tests/test_key_frag.py
View File

@ -1,6 +1,6 @@
import pytest
from umbral import KeyFrag, PublicKey, generate_kfrags
from umbral import KeyFrag, PublicKey, Signer, generate_kfrags
from umbral.key_frag import KeyFragID
from umbral.curve_scalar import CurveScalar
@ -10,14 +10,14 @@ def test_kfrag_serialization(alices_keys, bobs_keys, kfrags):
delegating_sk, signing_sk = alices_keys
_receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
for kfrag in kfrags:
kfrag_bytes = bytes(kfrag)
new_kfrag = KeyFrag.from_bytes(kfrag_bytes)
assert new_kfrag.verify(signing_pk=signing_pk,
assert new_kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk)
@ -29,7 +29,7 @@ def test_kfrag_verification(alices_keys, bobs_keys, kfrags):
delegating_sk, signing_sk = alices_keys
_receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
# Wrong signature
@ -37,7 +37,7 @@ def test_kfrag_verification(alices_keys, bobs_keys, kfrags):
kfrag.id = KeyFragID.random()
kfrag_bytes = bytes(kfrag)
new_kfrag = KeyFrag.from_bytes(kfrag_bytes)
assert not new_kfrag.verify(signing_pk=signing_pk,
assert not new_kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk)
@ -46,7 +46,7 @@ def test_kfrag_verification(alices_keys, bobs_keys, kfrags):
kfrag.key = CurveScalar.random_nonzero()
kfrag_bytes = bytes(kfrag)
new_kfrag = KeyFrag.from_bytes(kfrag_bytes)
assert not new_kfrag.verify(signing_pk=signing_pk,
assert not new_kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk)
@ -62,11 +62,11 @@ def test_kfrag_signing(alices_keys, bobs_keys, sign_delegating_key, sign_receivi
delegating_sk, signing_sk = alices_keys
_receiving_sk, receiving_pk = bobs_keys
signing_pk = PublicKey.from_secret_key(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
delegating_pk = PublicKey.from_secret_key(delegating_sk)
kfrags = generate_kfrags(delegating_sk=delegating_sk,
signing_sk=signing_sk,
signer=Signer(signing_sk),
receiving_pk=receiving_pk,
threshold=6,
num_kfrags=10,
@ -84,7 +84,7 @@ def test_kfrag_signing(alices_keys, bobs_keys, sign_delegating_key, sign_receivi
receiving_key_ok = (not sign_receiving_key) or pass_receiving_key
should_verify = delegating_key_ok and receiving_key_ok
result = kfrag.verify(signing_pk=signing_pk,
result = kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk if pass_delegating_key else None,
receiving_pk=receiving_pk if pass_receiving_key else None)
@ -120,7 +120,7 @@ def test_wrong_threshold_and_num_kfrags(num_kfrags, threshold, alices_keys, bobs
with pytest.raises(ValueError):
generate_kfrags(delegating_sk=delegating_sk,
signing_sk=signing_sk,
signer=Signer(signing_sk),
receiving_pk=receiving_pk,
threshold=threshold,
num_kfrags=num_kfrags)

19
tests/test_pre.py
View File

@ -3,6 +3,7 @@ import pytest
from umbral import (
SecretKey,
PublicKey,
Signer,
GenericError,
encrypt,
generate_kfrags,
@ -52,7 +53,8 @@ def test_simple_api(num_kfrags, threshold):
delegating_pk = PublicKey.from_secret_key(delegating_sk)
signing_sk = SecretKey.random()
signing_pk = PublicKey.from_secret_key(signing_sk)
signer = Signer(signing_sk)
verifying_pk = PublicKey.from_secret_key(signing_sk)
# Key Generation (Bob)
receiving_sk = SecretKey.random()
@ -67,13 +69,19 @@ def test_simple_api(num_kfrags, threshold):
assert plaintext_decrypted == plaintext
# Split Re-Encryption Key Generation (aka Delegation)
kfrags = generate_kfrags(delegating_sk, receiving_pk, signing_sk, threshold, num_kfrags)
kfrags = generate_kfrags(delegating_sk=delegating_sk,
receiving_pk=receiving_pk,
signer=signer,
threshold=threshold,
num_kfrags=num_kfrags)
# Bob requests re-encryption to some set of M ursulas
cfrags = list()
for kfrag in kfrags[:threshold]:
# Ursula checks that the received kfrag is valid
assert kfrag.verify(signing_pk, delegating_pk, receiving_pk)
assert kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk)
# Re-encryption by an Ursula
cfrag = reencrypt(capsule, kfrag)
@ -82,7 +90,10 @@ def test_simple_api(num_kfrags, threshold):
cfrags.append(cfrag)
# Bob checks that the received cfrags are valid
assert all(cfrag.verify(capsule, delegating_pk, receiving_pk, signing_pk) for cfrag in cfrags)
assert all(cfrag.verify(capsule=capsule,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
verifying_pk=verifying_pk) for cfrag in cfrags)
# Decryption by Bob
plaintext_reenc = decrypt_reencrypted(receiving_sk,

6
tests/test_vectors.py
View File

@ -122,7 +122,7 @@ def test_kfrags():
for json_kfrag in vector_suite['vectors']:
kfrag = KeyFrag.from_bytes(bytes.fromhex(json_kfrag['kfrag']))
assert kfrag.verify(signing_pk=verifying_pk,
assert kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk), \
'Invalid KeyFrag {}'.format(bytes(kfrag).hex())
@ -150,7 +150,7 @@ def test_cfrags():
metadata = bytes.fromhex(vector_suite['metadata'])
for kfrag, cfrag in kfrags_n_cfrags:
assert kfrag.verify(signing_pk=verifying_pk,
assert kfrag.verify(verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk), \
'Invalid KeyFrag {}'.format(bytes(kfrag.to_bytes).hex())
@ -161,7 +161,7 @@ def test_cfrags():
assert new_cfrag.kfrag_id == cfrag.kfrag_id
assert new_cfrag.precursor == cfrag.precursor
assert new_cfrag.verify(capsule,
signing_pk=verifying_pk,
verifying_pk=verifying_pk,
delegating_pk=delegating_pk,
receiving_pk=receiving_pk,
metadata=metadata)

4
umbral/capsule_frag.py
View File

@ -161,7 +161,7 @@ class CapsuleFrag(Serializable):
capsule: Capsule,
delegating_pk: PublicKey,
receiving_pk: PublicKey,
signing_pk: PublicKey,
verifying_pk: PublicKey,
metadata: Optional[bytes] = None,
) -> bool:
"""
@ -201,7 +201,7 @@ class CapsuleFrag(Serializable):
maybe_delegating_pk=delegating_pk,
maybe_receiving_pk=receiving_pk)
valid_kfrag_signature = self.proof.kfrag_signature.verify(signing_pk, kfrag_message)
valid_kfrag_signature = self.proof.kfrag_signature.verify(verifying_pk, kfrag_message)
z3 = self.proof.signature
correct_reencryption_of_e = e * z3 == e2 + e1 * h

16
umbral/key_frag.py
View File

@ -47,14 +47,12 @@ class KeyFragProof(Serializable):
params = PARAMETERS
kfrag_precursor = base.precursor
signing_sk = base.signing_sk
signer = base.signer
delegating_pk = base.delegating_pk
receiving_pk = base.receiving_pk
commitment = params.u * kfrag_key
signer = Signer(signing_sk)
message_for_receiver = kfrag_signature_message(kfrag_id=kfrag_id,
commitment=commitment,
precursor=kfrag_precursor,
@ -199,7 +197,7 @@ class KeyFrag(Serializable):
return cls(kfrag_id, rk, base.precursor, proof)
def verify(self,
signing_pk: PublicKey,
verifying_pk: PublicKey,
delegating_pk: Optional[PublicKey] = None,
receiving_pk: Optional[PublicKey] = None,
) -> bool:
@ -235,7 +233,7 @@ class KeyFrag(Serializable):
precursor=precursor,
maybe_delegating_pk=delegating_pk,
maybe_receiving_pk=receiving_pk)
return self.proof.signature_for_proxy.verify(signing_pk, kfrag_message)
return self.proof.signature_for_proxy.verify(verifying_pk, kfrag_message)
class KeyFragBase:
@ -243,7 +241,7 @@ class KeyFragBase:
def __init__(self,
delegating_sk: SecretKey,
receiving_pk: PublicKey,
signing_sk: SecretKey,
signer: Signer,
threshold: int,
):
@ -278,7 +276,7 @@ class KeyFragBase:
delegating_sk.secret_scalar() * d.invert(),
*[CurveScalar.random_nonzero() for _ in range(threshold-1)]]
self.signing_sk = signing_sk
self.signer = signer
self.precursor = precursor
self.dh_point = dh_point
self.delegating_pk = delegating_pk
@ -288,7 +286,7 @@ class KeyFragBase:
def generate_kfrags(delegating_sk: SecretKey,
receiving_pk: PublicKey,
signing_sk: SecretKey,
signer: Signer,
threshold: int,
num_kfrags: int,
sign_delegating_key: bool = True,
@ -301,7 +299,7 @@ def generate_kfrags(delegating_sk: SecretKey,
the corresponding keys will have to be provided to :py:meth:`KeyFrag.verify`.
"""
base = KeyFragBase(delegating_sk, receiving_pk, signing_sk, threshold)
base = KeyFragBase(delegating_sk, receiving_pk, signer, threshold)
# Technically we could allow it, but what would be the use of these kfrags?
if num_kfrags < threshold:

4
vectors/generate_test_vectors.py
View File

@ -1,7 +1,7 @@
import json
import os
from umbral import SecretKey, PublicKey, encrypt, generate_kfrags, reencrypt
from umbral import SecretKey, PublicKey, Signer, encrypt, generate_kfrags, reencrypt
from umbral.curve_scalar import CurveScalar
from umbral.curve_point import CurvePoint
from umbral.hashing import Hash, unsafe_hash_to_point
@ -50,7 +50,7 @@ receiving_pk = PublicKey.from_secret_key(receiving_sk)
kfrags = generate_kfrags(delegating_sk=delegating_sk,
receiving_pk=receiving_pk,
signing_sk=signing_sk,
signer=Signer(signing_sk),
threshold=6,
num_kfrags=10,
)