\(\hat{e}(aU,V) = \hat{e}(U,aV) = \hat{e}(U,V)^a\)
In this case, Bob will send Alice a signencryption message using her identity, and she will be able to decrypt it.
Signcryption with MIRACL
[MIRACL Home][Home]
With pairing-based cryptography we have two cyclic groups (\(\mathbb{G_1}\) and \(\mathbb{G_2}\)), and which are of an order of a prime number (\(n\)). A pairing on \((\mathbb{G_1},\mathbb{G_2},\mathbb{G_T})\) defines the function \(e:\mathbb{G_1} \times \mathbb{G_2} \rightarrow \mathbb{G_T}\). If \(U\) is a point on \(\mathbb{G_1}\), and \(V\) is a point on \(\mathbb{G_2}\), we get [article]:
\(\hat{e}(aU,V) = \hat{e}(U,aV) = \hat{e}(U,V)^a\) In this case, Bob will send Alice a signencryption message using her identity, and she will be able to decrypt it. |
With Signcryption, we can use the Malone-Lee signcryption method [here]. In this case we have PKG (Private Key Generators), and which generate the private key for Bob and Alice. Bob will have an ID of \(ID_b\) and Alice will have an ID of \(ID_a\).
Keygen: The PKG computes the private key of \(d_{ID}\) and is able to send this to Bob and Alice.
Now Alice wants to send a message (\(M\)) to Bob, and she computes:
\(\sigma = Signcrypt(M,d_{ID_a},ID_b\))
Now Bob decrypts with:
\(Unsigncrypt(\sigma,d_{ID_b},ID_a\))
If the Bob's stored secret is \(s\), his public key is:
\(P_{pub} = sP \)
Alice gets Bob's ID (\(ID_b\)) and then maps onto \(\mathbb{G_1}\):
\(Q_{ID_b} = H_1(ID_b) \in \mathbb{G_1}\)
Alice initially creates a random number (\(x\)) and takes a base point on \(\mathbb{G_1}\) to compute:
\(U = xP \)
\(r = H_2(U || M) \)
\(Q_{ID_b}=H_1(ID_b) \in \mathbb{G_1}\)
We now generate a random number, and within the field of \(q\):
\(x =rand(q)\)
We now calculate:
\(U=xP \)
\(V = x P_{Pub} + r d{ID_A}\)
\(K_1=H_3( {\hat{e}(P_{pub},Q_{ID_b})}^x )\)
\(c = M \oplus K_1\)
The ciphertext is then:
\(C = (U,V,c)\)
When Bob receives this, he takes Alice's ID and maps her ID onto \(\mathbb{G_1}\):
\(Q_{ID_a}=H_1(ID_a) \in \mathbb{G_1}\)
Next he calculates the same value as Alice:
\(K_2=H_3(\hat{e}(U,d_{ID_b}))\)
Bob should have the same value of \(K_2\) as \(K_1\). The message is recovered from:
\(M=K_2 \oplus c \)
The outline coding using the library from the MIRACL library [here] is
package main import ( "fmt" "os" "github.com/miracl/core/go/core" "github.com/miracl/core/go/core/BN254" ) func FP12toByte(F *BN254.FP12) []byte { const MFS int = int(BN254.MODBYTES) var t [12 * MFS]byte F.ToBytes(t[:]) return (t[:]) } func main() { rng := core.NewRAND() var raw [100]byte for i := 0; i < 100; i++ { raw[i] = byte(i + 1) } rng.Seed(100, raw[:]) AliceID := "Alice" argCount := len(os.Args[1:]) if argCount > 1 { AliceID = os.Args[1] } q := BN254.NewBIGints(BN254.CURVE_Order) x := BN254.Randomnum(q, rng) s := BN254.Randomnum(q, rng) sh := core.NewHASH256() for i := 0; i < len(AliceID); i++ { sh.Process(AliceID[i]) } QIDb := sh.Hash() P := BN254.ECP2_generator() Ppub := BN254.G2mul(P, s) qIDb := BN254.ECP_mapit(QIDb) dIDb := BN254.G1mul(qIDb, s) fmt.Printf("\n==== Trust server:\n") fmt.Printf("\nSecret: %s\n", s.ToString()) fmt.Printf("\nAlice ID: %s\n", AliceID) fmt.Printf("Alice Pub (Ppub)= sP:\t%s\n", (Ppub.ToString())) fmt.Printf("\n=== Bob computes:\n") U := BN254.G2mul(P, x) k1 := BN254.Ate(Ppub, qIDb) k1 = BN254.Fexp(k1) k1 = BN254.GTpow(k1, x) fmt.Printf("x: %s\n", x.ToString()) fmt.Printf("U = xP:\t\t%s\n", (U.ToString())) fmt.Printf("\n\nBob Key (first 20 bytes):\t0x%x\n", FP12toByte(k1)[:20]) fmt.Printf("\n==== Alice computes:\n\n") k2 := BN254.Ate(U, dIDb) k2 = BN254.Fexp(k2) fmt.Printf("Alice Key (first 20 bytes):\t0x%x\n", FP12toByte(k2)[:20]) }
A sample run:
==== Trust server: Secret: 12789545bf0471f7ba7ac861c7d8faa7b602d14c7fb14090536c712be303603c Alice ID: Alice Alice Pub (Ppub)= sP: ([1c1c97cdf2dc0b6e4c055b352582accb105363d3d4913940fbe2663ffdf848f3,0b4d0aa6afcdab183feea20baf783b1eded566b1e3bc1c53e639d5064aca99c6],[1924f2a4966837b91c94dd420b475b29469b01bd675881e3e3373d8fda081f64,13beb94a2b49386c64188c782ea76b4b593ab1f0e4ad496ae65a4f888d5ae817]) === Bob computes: x: 04581ca925de0ac1755a9ecbbd2e3458e679f76e4fc95909dc64b49374a7e838 U = xP: ([142b192976ac68eef8f44ed4548359d742e628edad26dee4fa4ae747c24408e3,118796d2d3b0aab3eb3a4d9a821144d606b0861831b393181e05f81bc1550056],[0974d62cf8646c09e15675a4575656783390f2202c71a2e00f22225d2b338dc5,217b26ddfc5d6965e2495babb5a96b92b58eb587783afcbf57c90f3fd977ec92]) Bob Key (first 20 bytes): 0x10724fece94733988c851f2f2f10a3fc6ec2e142 ==== Alice computes: Alice Key (first 20 bytes): 0x10724fece94733988c851f2f2f10a3fc6ec2e142