\(\hat{e}(aU,V) = \hat{e}(U,aV) = \hat{e}(U,V)^a\)
In this case, Bob will send Alice a signencryption message using her identity, and she will be able to decrypt it.
Signcryption with MIRACL using Rust
[MIRACL Home][Home]
With pairing-based cryptography we have two cyclic groups (\(\mathbb{G_1}\) and \(\mathbb{G_2}\)), and which are of an order of a prime number (\(n\)). A pairing on \((\mathbb{G_1},\mathbb{G_2},\mathbb{G_T})\) defines the function \(e:\mathbb{G_1} \times \mathbb{G_2} \rightarrow \mathbb{G_T}\). If \(U\) is a point on \(\mathbb{G_1}\), and \(V\) is a point on \(\mathbb{G_2}\), we get [article]:
\(\hat{e}(aU,V) = \hat{e}(U,aV) = \hat{e}(U,V)^a\) In this case, Bob will send Alice a signencryption message using her identity, and she will be able to decrypt it. |
With Signcryption, we can use the Malone-Lee signcryption method [here]. In this case we have PKG (Private Key Generators), and which generate the private key for Bob and Alice. Bob will have an ID of \(ID_b\) and Alice will have an ID of \(ID_a\).
Keygen: The PKG computes the private key of \(d_{ID}\) and is able to send this to Bob and Alice.
Now Alice wants to send a message (\(M\)) to Bob, and she computes:
\(\sigma = Signcrypt(M,d_{ID_a},ID_b\))
Now Bob decrypts with:
\(Unsigncrypt(\sigma,d_{ID_b},ID_a\))
If the Bob's stored secret is \(s\), his public key is:
\(P_{pub} = sP \)
Alice gets Bob's ID (\(ID_b\)) and then maps onto \(\mathbb{G_1}\):
\(Q_{ID_b} = H_1(ID_b) \in \mathbb{G_1}\)
Alice initially creates a random number (\(x\)) and takes a base point on \(\mathbb{G_1}\) to compute:
\(U = xP \)
\(r = H_2(U || M) \)
\(Q_{ID_b}=H_1(ID_b) \in \mathbb{G_1}\)
We now generate a random number, and within the field of \(q\):
\(x =rand(q)\)
We now calculate:
\(U=xP \)
\(V = x P_{Pub} + r d{ID_A}\)
\(K_1=H_3( {\hat{e}(P_{pub},Q_{ID_b})}^x )\)
\(c = M \oplus K_1\)
The ciphertext is then:
\(C = (U,V,c)\)
When Bob receives this, he takes Alice's ID and maps her ID onto \(\mathbb{G_1}\):
\(Q_{ID_a}=H_1(ID_a) \in \mathbb{G_1}\)
Next he calculates the same value as Alice:
\(K_2=H_3(\hat{e}(U,d_{ID_b}))\)
Bob should have the same value of \(K_2\) as \(K_1\). The message is recovered from:
\(M=K_2 \oplus c \)
The outline coding using the library from the MIRACL library [here] is
extern crate rand_core; use mcore::bn254::big; use mcore::bn254::ecp; use mcore::bn254::ecp2; use mcore::bn254::fp2; use mcore::bn254::pair; use mcore::bn254::rom; use mcore::rand::{RAND,RAND_impl}; use rand::Rng; use sha2::{Sha256,Digest}; use std::env; fn get_random() ->RAND_impl{ let random_bytes = rand::thread_rng().gen::<[u8; 32]>(); let mut rng = RAND_impl::new(); rng.seed(32, &random_bytes); rng } fn main() { let mut rng = get_random(); let mut AliceID="Alice"; let q = big::BIG::new_ints(&rom::CURVE_ORDER); let x = big::BIG::randomnum(&q, &mut rng); let s = big::BIG::randomnum(&q, &mut rng); let mut hasher = Sha256::new(); hasher.update(AliceID.as_bytes()); let QIDb = hasher.finalize(); let P = ecp2::ECP2::generator(); let mut Ppub = pair::g2mul( &P, &s); let mut qIDb=ecp::ECP::mapit(QIDb.as_slice()); let mut dIDb = pair::g1mul( &qIDb, &s); println!("\n==== Trust server:\n"); println!("\nSecret: {}\n", s.to_string()); println!("\nAlice ID: {}\n", AliceID); println!("Alice Pub (Ppub)= sP:\t{}\n", (Ppub.to_string())); println!("\n=== Bob computes:\n"); let mut U = pair::g2mul( &P, &x); let mut k1 = pair::ate(&Ppub, &qIDb); k1 = pair::fexp(&k1).pow(&x); println!("x: {}\n", x.to_string()); println!("U = xP:\t\t{}\n", (U.to_string())); println!("\n\nBob Key:\t{}\n", k1); println!("\n==== Alice computes:\n\n"); let mut k2 = pair::ate(&U, &dIDb); k2 = pair::fexp(&k2); println!("Alice Key:\t{}\n", (k2)); }
A sample run:
==== Trust server: Secret: 031A56C5077C8E6184B51E3F96B2E487A5EA02D22E0BA86E9E9212994FB4B205 Alice ID: Alice Alice Pub (Ppub)= sP: ([082FA071728C9815B7323091275F3A03689890579A473D2027C7D6902F59B9E8,2378C347878228F3430C69A46D2C5B999F65A8E2306892DC2E194DEFE0258F75],[1EE37F8F9D18D248925B18C0B1B6E171CF46FF87AAC94B1FFE158765F3C89372,21582043238D5BE8103813721914E05D463B5E5E865A1C47DC81D7A8D75D1FF4]) === Bob computes: x: 1B2EA352ECDA36382D17BF7100092F22E13BEACAFB4A383AFFEAA02739641BA4 U = xP: ([08BD9D18D1DC3FB5EBA80B36B5556780380C39C5CC3F9E3AA5B643A4836384C9,1FEDB3CECBD9DEBFA59611A08E21ECB16BF9205C147E1186942BAF91F725E1BF],[12977B7412CA4DE2D9BB20D82D6656B0EE0B3F973ADC92C18B2B25034DC3E4AD,1AD29D575484C6C5D3E8130A7FD83AE7D5FF4E7082B4F9113F44678BC70A9DED]) Bob Key: [[[159F0062CAB4AAB90D80E887194779B8C941449311CE89515DC936FFDAAA1275,13ACCF9B10A02C867B36D25ED661059C4FBFA65A6058F5F8CDAE0C96356EFE49],[039B9BA2D859A10ED6EB128BF4F217046CD0FBD9C44388A309852F7A13B08A73,048B89C508FB4AF3C8C28110B261BD98B621F45F00D07653ADD4C59B264CA34D]],[[174273EF76A2752431A0EAFBB8697B8897491A61CEE7C02A7EB0A25E5690FA17,06368D43F37B0D3E13EF34244E9750581D903331A5E01D3F5026A33743832BB5],[1CE04A70D9F35459A2EB999F35DFD5045D002D0BF975C23C3471FF76EB79B356,1DCFF5CA8CC81AEA0E465123225ED50507C136AF86B4595BEE5A03F5E4FF30E4]],[[2064316199EE815BE8786BEA988998A6FF6728C2AA18277837EAC65B0ADD5E5A,06F313A140F8594FA7BCF32DEAA7DF497DEF51D5E5A7D24A1E883DA411680CB1],[182DF3453BF0E4DF8248C34478683D9DFD01E6583E76CDB9C130FCDA0BBB6506,217D78D8069A4BB357FF607495EA0D640C2D1B5FCFCA7C4D4567C8AFBABA337A]]] ==== Alice computes: Alice Key: [[[159F0062CAB4AAB90D80E887194779B8C941449311CE89515DC936FFDAAA1275,13ACCF9B10A02C867B36D25ED661059C4FBFA65A6058F5F8CDAE0C96356EFE49],[039B9BA2D859A10ED6EB128BF4F217046CD0FBD9C44388A309852F7A13B08A73,048B89C508FB4AF3C8C28110B261BD98B621F45F00D07653ADD4C59B264CA34D]],[[174273EF76A2752431A0EAFBB8697B8897491A61CEE7C02A7EB0A25E5690FA17,06368D43F37B0D3E13EF34244E9750581D903331A5E01D3F5026A33743832BB5],[1CE04A70D9F35459A2EB999F35DFD5045D002D0BF975C23C3471FF76EB79B356,1DCFF5CA8CC81AEA0E465123225ED50507C136AF86B4595BEE5A03F5E4FF30E4]],[[2064316199EE815BE8786BEA988998A6FF6728C2AA18277837EAC65B0ADD5E5A,06F313A140F8594FA7BCF32DEAA7DF497DEF51D5E5A7D24A1E883DA411680CB1],[182DF3453BF0E4DF8248C34478683D9DFD01E6583E76CDB9C130FCDA0BBB6506,217D78D8069A4BB357FF607495EA0D640C2D1B5FCFCA7C4D4567C8AFBABA337A]]]