Digitally Signing For Something, And Checking Without Revealing The Message … Meet AAI Encryption
Digitally Signing For Something, And Checking Without Revealing The Message … Meet AAI Encryption
Normally when we digitally sign something, we have to create a hash of the data, and then use the public key of the recipient to encrypt it. With signcryption we sign something at the same time as encrypting it. Ahmad-Afzal-Iqbal (AAI) [1] encryption implements signcryption using elliptic curves and is designed for Alice to send a signature to a firewall in order for it to check the signature. If valid, the firewall validates the signencryption cipher to Bob. Overall the firewall never has to see the ciphertext (C) and only works on the signature element (R,S). The paper can be viewed here.
Within a signature, such as with ECDSA and EdDSA, we take a hash of the message (m), and generate to part of a signature: R and S. These values can then be checked against the message (m). With the AAI method, a firewall can check the validity of the signature using the R and S values, but not requiring the ciphertext to check against the message. Within this, we just need some form of identity for Bob and Alice. Initially, Bob and Alice have something the defines their identity (ID_B and ID_A), and then generate their own privates keys (v_B and v_A). They then create public keys from these (P_B and P_B). The method then continues with:
And is more formally defined with:
The code is [here]:
package main
import (
"encoding/base64"
"fmt"
"io"
"math/rand"
"os"
"github.com/DavidHuie/signcryption"
"github.com/DavidHuie/signcryption/aai"
)
func toBase64(in []byte) string {
return base64.StdEncoding.EncodeToString(in)
}func genCert(rand io.Reader) *signcryption.Certificate {
cert, _ := signcryption.GenerateCertificate(rand)cert.ID = make([]byte, 16)
_, _ = io.ReadFull(rand, cert.ID)
return cert
}
func main() {
msg := "This is a test"
ad := "And some additional data."
argCount := len(os.Args[1:])
if argCount > 0 {
msg = os.Args[1]
}
if argCount > 1 {
ad = os.Args[2]
}
rand := rand.New(rand.NewSource(0))
sc := aai.NewP256()
source, dest := genCert(rand), genCert(rand)
output, _ := sc.Signcrypt(source, dest, []byte(msg), []byte(ad))
fmt.Printf("Message: %s\n", msg)
fmt.Printf("Additional data: %s\n", ad)
fmt.Printf("\nCipher text: %x\n", output.Ciphertext)
fmt.Printf(" Cipher text: %s\n", toBase64(output.Ciphertext))
fmt.Printf("R: %x\n", output.R)
fmt.Printf(" R: %s\n", toBase64(output.R))
fmt.Printf("R: %x\n", output.Signature)
fmt.Printf(" R: %s\n", toBase64(output.Signature))valid, _ := sc.Verify(source, dest, []byte(ad), output)
if valid {
fmt.Printf("Signature is valid\n")
}plaintextCandidate, valid, _ := sc.Unsigncrypt(source, dest, []byte(ad), output)
if valid {
fmt.Printf("Plaintext: %s", plaintextCandidate)
}
}A sample run is [here]:
Message: Hello. How are you?
Additional data: Additional data
Cipher text: 62147d46e8e502494b46069fbd4a453a9efeb45a0acb8035bea48d43f66a030466c724
Cipher text: YhR9RujlAklLRgafvUpFOp7+tFoKy4A1vqSNQ/ZqAwRmxyQ=
R: 0440cfb005f85a91fb98d3acad7a9c75e53fd2f3b2cd615f230a9104314e34ab18a52572071d69d82471502bc2e88e8de4fe25d7c63574fb9014566e785a6cac65
R: BEDPsAX4WpH7mNOsrXqcdeU/0vOyzWFfIwqRBDFONKsYpSVyBx1p2CRxUCvC6I6N5P4l18Y1dPuQFFZueFpsrGU=
R: 49cec0a44cf73b575cfc1a33746791e4d20f71ac726affd7382fbe45dd6ad7f2
R: Sc7ApEz3O1dc/BozdGeR5NIPcaxyav/XOC++Rd1q1/I=
Signature is valid
Plaintext: Hello. How are you?
Conclusions
And there you go, a way we can check the signature, without revealing the ciphertext. If you are interested in learning more about signcryption, you can see a Rust implementation here:
https://asecuritysite.com/rust/rust_miracl06
If you are interested in learning more about cryptography and Golang, try here:
https://asecuritysite.com/golang
Reference
[1] Iqbal, W., Afzal, M., & Ahmad, F. (2013, December). An efficient elliptic curve based signcryption scheme for firewalls. In 2013 2nd National Conference on Information Assurance (NCIA) (pp. 67–72). IEEE [here].