When Bob Met Alice Who Met Carol
When Bob Met Alice Who Met Carol
Using Cryto Pairing and Key Sharing With MIRACL Golang
I love receiving a new crypto library, and diving in to discover its hidden secrets. The latest one is MIRACL [here], and where we are collaborating with Professor Michael Scott, and who is one of the founding fathers of crypto pairs. As we share a passion for crypto pairing too, it is an easy collaboration for us. So let’s look at implementing a scheme where Bob, Alice and Carol can share a secret key, and to showcase the wonderful features of crypto pairing.
Tripartite Diffie-Hellman algorithm
Elliptic curves are used fairly extensively in public key encryption (such as in Bitcoin and Tor). A BN-curve (Barreto-Naehrig curve) [paper] defines an elliptic curve which can be used for pairings that allow for a high security and efficiency level.
So how do we generate a shared key between three parties? This page implements the tripartite Diffie-Hellman algorithm [Paper] and what Bob (B), Alice (A) and Carol (C ) share their key pairings and then can calculate a shared secret key. In this case a, b and c are the private keys generated by Alice, Bob and Carol, respectively. Bob, Alice and Carol then generate key public keys from curves G1 and G2. In this case we show the keys for Alice, which are pa (pa=a×G1), and qa (qa=a×G2). Alice then calculate the shared key by taking the public values passed from Bob and Alice, and then multiplying it by her secret key (a):
For an Elliptic Curve we generate a 256-bit random number for the private key (\(p\)), and then take a point (\(G\))…asecuritysite.com
Note: It is amazingly fast, as Prof Scott has optimized the code.
Theory
For an Elliptic Curve we generate a 256-bit random number for the private key (p), and then take a point (G) [x,y] on the Elliptic Curve and then multiply it by the private key to get another point (p×x,p×y). In this way we get P=p×G, and where G is a known point on the Elliptic Curve, P is our public key and p is our private key.
With pairings we can derive more complex relationships between the points, such as if P=G×p, Q=G×q and R=G×r, we can check to see if r=p×q, but where we only know P, Q and R (the public values). At the current time we cannot compute p from P=p×G, even if we know P and G. The exposure of the values is limited as we can calculate R=G×p×q, and where it is not possible to determine p or q.
Checking linear constraints
So let’s say I want to prove to you that I know the proof for:
2p+3q=5r
I can then give you p×G+q×G and r×G.
These values will be P, Q and R. I can then give you 2P+3Q and 5R.
If it is correct, I have proven that I know p, q and r.
The values we have used are defined for the pairing are defined as a bilinear map, and following this:
e(P,Q+R)=e(P,Q)×e(P,R)
e(P+S,Q)=e(P,Q)×e(S,Q)
Our focus for this is to be able to add, subtract, multiply and divide encrypted values.
With elliptic curve pairing we map G2×G1 to Gt using:
- G1 and which is an elliptic curve for the equation y²=x³+b and includes the modulus of a prime number (N)
- G2 and which is an elliptic curve which have the same points as G1 and which fit values of w — a “magic number” — for w¹²−18w⁶+82=0. I will describe this in another article.
- Gt and which is the resulting object.
Three-way handshake with BN pairings
The following code integrates with BN-256 code for the generation of a shared key between three parties (Bob, Alice and Carol). The pairings use two elliptic curves: G1 and G2. Each person will generate their public key from each of these curves. First Bob (B), Alice (A) and Carol (C ) generate their private keys (a, b and c) and which are random numbers. Next they create their pairings (qa, pa), (qb, pb) and (qc, pc). These will be:
pa=a×G1
qa=a×G2
pb=b×G1
qb=b×G2
pc=c×G1
qc=c×G2
If we take the example of Bob, then he will receive qa from Alice and pc from Carol, and then create a pairing and multiple by his private key (b). The result is the shared key:
Sample run
In the following we show a sample run, where we have a, b and c, and then pa and qa shows the public key pairs generate from G1 and G2:
a: 360993
b: 170511
c: 19911
Key: [[[24c8f84468ecab47a877c158c14d015b8edab51c2652008478d679ab733d8b75,24f2b2660c9604690b9ec7ded0d94c7c34de93a84a9b75ee6649fe9a75f684a5],[201d4e8012ebad5820844be68d112816a8ecd21275efae0109ec3f6f770d4c48,0c554bf451576d2586214d1244f2f71deec310b98dd26acbe1653cf3479c4482]],[[1e116176191c0f5ebc2a4290c8a6fcf9310f025c2df17a39dadda63e77f3591f,064d633477e6eb42ddb0666c3fa2f71c9f7ca0e97943e2b700cb8235c7173aff],[1781e1a5065540d7a8fc4963e54277ed2391280e078c501dedc04085c6abd854,22edea9b9693ee7199c1bff7e131e6c97cf2987e7323c53c0f1c0e51f90b17fe]],[[07caea88e63117f674aa651c136035627b1e7a189eb07ed600053db57f9ca6c6,1b3fb6664913671f8813ce033f2a258562356c2f65a68a4fea22be718bfe6e6d],[23c400e2fbaaef97a08bcdf441d66676bbf429ca43ea876f92546f66e8b5bf70,06dce8ee281c37f6fedd34e092252e4902b680c6118b8b34ef39e1dedb71c2a2]]]
K1 is equal to K2
K2 is equal to K3
K1 is equal to K3
Coding
The code uses the BN-256 code [here]:
package main
import (
"fmt"
"math/rand"
"time"
"github.com/miracl/core/go/core/BN254"
)
func main() {rand.Seed(time.Now().UnixNano())
a1:= rand.Intn(4294967296)
b1:= rand.Intn(4294967296)
c1:= rand.Intn(4294967296)
a := BN254.NewBIGint(a1)
b := BN254.NewBIGint(b1)
c := BN254.NewBIGint(c1)
P := BN254.ECP_generator()
P2 := BN254.ECP2_generator()
pa:=BN254.G1mul(P,a)
qa:=BN254.G2mul(P2,a)
pb:=BN254.G1mul(P,b)
qb:=BN254.G2mul(P2,b)
pc:=BN254.G1mul(P,c)
qc:=BN254.G2mul(P2,c)
k1 := BN254.Ate(qb,pc)
k1 = BN254.Fexp(k1)
k1 = BN254.GTpow(k1, a)
k2 := BN254.Ate(qc,pa)
k2 = BN254.Fexp(k2)
k2 = BN254.GTpow(k2, b)
k3 := BN254.Ate(qa,pb)
k3 = BN254.Fexp(k3)
k3 = BN254.GTpow(k3, c)
fmt.Printf("a: %d\n",a1)
fmt.Printf("b: %d\n",b1)
fmt.Printf("c: %d\n",c1)fmt.Printf("Key: %s\n",k1.ToString())if k1.Equals(k2) { fmt.Printf("\nK1 is equal to K2")}
if k2.Equals(k3) { fmt.Printf("\nK2 is equal to K3")}
if k1.Equals(k3) { fmt.Printf("\nK1 is equal to K3")}
}Conclusions
Crypto pairings are just pure magic! In fact, nearly a MIRACL(e).