[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 02/04: elligator: kem encaps and decaps
From: |
gnunet |
Subject: |
[gnunet] 02/04: elligator: kem encaps and decaps |
Date: |
Wed, 06 Mar 2024 11:32:53 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit fbdeca81292cd3a00af9a336fd52079e41fe8879
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
AuthorDate: Mon Mar 4 01:26:31 2024 +0100
elligator: kem encaps and decaps
---
src/include/gnunet_crypto_lib.h | 36 ++++++++++++++++++++++++++++++++++++
src/lib/util/crypto_elligator.c | 33 +++++++++++++++++++++++++++++++++
src/lib/util/test_crypto_elligator.c | 34 ++++++++++++++++++++++++++++++++++
3 files changed, 103 insertions(+)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 7b7d559cc..4af95af0f 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2747,6 +2747,42 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
+/**
+ * @ingroup crypto
+ * Carries out ecdh encapsulation with given public key and a freshly created
ephemeral key pair. Ephemeral public key is given as a representative.
+ *
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf
+ * @param pub receivers edwards curve public key (X)
+ * @param r representative of ephemeral public key A to use for the ECDH
(direct_map(r)=A=aG)
+ * @param key_material where to write the key material H(aX)=H(x(aG))
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
+ GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode
*key_material);
+
+/**
+ * @ingroup crypto
+ * Carries out ecdh decapsulation with given private key and the
representative of received public key.
+ *
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf
+ * @param priv own private key (x)
+ * @param r received representative (direct_map(r)=A=aG)
+ * @param key_material where to write the key material H(xA)=H(a(xG))
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode
*key_material);
+
/**
* Output the given MPI value to the given buffer in network
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c
index 7ff37be46..d7f4bb1dd 100644
--- a/src/lib/util/crypto_elligator.c
+++ b/src/lib/util/crypto_elligator.c
@@ -620,3 +620,36 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
repr->r[31] |= 64;
}
}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
+ GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode *key_material)
+{
+ struct GNUNET_CRYPTO_EcdhePrivateKey sk_eph;
+ struct GNUNET_CRYPTO_EcdhePublicKey pub_eph;
+
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk_eph);
+ // TODO: probably makes more sense if key_create outputs ecdhe pub instead
of repr because ecdhe pub is needed for ecdh on senders side.
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_eph, NULL, r);
+
+ return GNUNET_CRYPTO_ecdh_eddsa (&sk_eph, pub, key_material);
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode *key_material)
+{
+ struct GNUNET_CRYPTO_EcdhePublicKey pub;
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub, NULL, r);
+ return GNUNET_CRYPTO_eddsa_ecdh (priv, &pub, key_material);
+}
\ No newline at end of file
diff --git a/src/lib/util/test_crypto_elligator.c
b/src/lib/util/test_crypto_elligator.c
index 463cb0a0c..c42e1de3a 100644
--- a/src/lib/util/test_crypto_elligator.c
+++ b/src/lib/util/test_crypto_elligator.c
@@ -223,6 +223,34 @@ testTimeDecoding (void)
}
+static int
+elligatorKEM ()
+{
+ struct GNUNET_CRYPTO_EddsaPrivateKey pk;
+ struct GNUNET_CRYPTO_EddsaPublicKey pub;
+ GNUNET_CRYPTO_eddsa_key_create (&pk);
+ GNUNET_CRYPTO_eddsa_key_get_public (&pk,&pub);
+
+ struct GNUNET_CRYPTO_ElligatorRepresentative r;
+
+ // Sender side
+ struct GNUNET_HashCode key_material_encaps;
+ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub, &r, &key_material_encaps);
+
+ // Receiving side
+ struct GNUNET_HashCode key_material_decaps;
+ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk,&r,&key_material_decaps);
+
+ if (memcmp (&(key_material_encaps.bits),&(key_material_decaps.bits),
+ sizeof(key_material_encaps.bits)) != 0)
+ {
+ return GNUNET_SYSERR;
+ }
+
+ return GNUNET_OK;
+}
+
+
/*
*More tests to implement:
* Adding more test vectors from different sources for inverse and direct map
@@ -268,6 +296,12 @@ main (int argc, char *argv[])
failure_count++;
}
+ if (GNUNET_OK != elligatorKEM ())
+ {
+ printf ("Elligator KEM failed!");
+ failure_count++;
+ }
+
if (0 != failure_count)
{
fprintf (stderr,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.