First version of consistency check for kFrags

OK, except that it fails when threshold=1. I should also check what to use as generator.
nucypher · Oct 6, 2017 · 9d59aac · 9d59aac
1 parent 1863fd8
commit 9d59aac
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 5 deletions.
diff --git a/npre/umbral.py b/npre/umbral.py
@@ -1,5 +1,5 @@
 '''
-Umbral: split-key proxy re-encryption for ECIES
+Umbral -- A Threshold Proxy Re-Encryption based on ECIES-KEM and BBS98
 '''
 
 import npre.elliptic_curve as ec
@@ -99,12 +99,31 @@ def split_rekey(self, priv_a, priv_b, threshold, N):
         coeffs = [priv_a * (~priv_b)]  # Standard rekey
         coeffs += [ec.random(self.ecgroup, ec.ZR) for _ in range(threshold - 1)]
 
+        # TODO: change this!
+        h = self.g
+        vKeys = [ h ** coeff for coeff in coeffs]
+
         ids = [ec.random(self.ecgroup, ec.ZR) for _ in range(N)]
         rk_shares = [
                 RekeyFrag(id, key=poly_eval(coeffs, id))
                 for id in ids]
 
-        return rk_shares
+        return rk_shares, vKeys
+
+    def check_kFrag_consistency(self, kFrag, vKeys):
+        i = kFrag.id
+        # TODO: change this!
+        h = self.g
+
+        i_j = [i]
+        for _ in range(len(vKeys)-2):
+            i_j.append(i_j[-1] * i)
+
+        rh_exp = reduce(mul, [x ** y for (x,y) in zip(vKeys[1:], i_j)])
+        rh_exp = vKeys[0] * rh_exp
+        lh_exp = h ** kFrag.key
+
+        return lh_exp == rh_exp
 
     def combine(self, encrypted_keys):
         if len(encrypted_keys) > 1:

diff --git a/tests/test_umbral.py b/tests/test_umbral.py
@@ -1,5 +1,7 @@
 import pytest
+import random
 from npre import umbral
+import npre.elliptic_curve as ec
 
 
 def test_encrypt_decrypt():
@@ -41,8 +43,9 @@ def test_reencrypt():
     (5, 4),
     (100, 85),
     (100, 99),
-    (1, 1),
-    (3, 1)])
+    #(1, 1),
+    #(3, 1)
+    ])
 def test_m_of_n(N, threshold):
     pre = umbral.PRE()
     priv_alice = pre.gen_priv()
@@ -52,11 +55,42 @@ def test_m_of_n(N, threshold):
 
     sym_key, ekey_alice = pre.encapsulate(pub_alice)
 
-    kfrags = pre.split_rekey(priv_alice, priv_bob, threshold, N)
+    kfrags, vkeys = pre.split_rekey(priv_alice, priv_bob, threshold, N)
+
+    for kfrag in kfrags:
+        assert pre.check_kFrag_consistency(kfrag, vkeys)
+
     ekeys = [pre.reencrypt(rk, ekey_alice) for rk in kfrags[:threshold]]
     ekey_bob = pre.combine(ekeys)
 
     assert ekey_bob.ekey == ekey_alice.ekey ** rk_ab.key
 
     sym_key_2 = pre.decapsulate(priv_bob, ekey_bob)
     assert sym_key_2 == sym_key
+
+@pytest.mark.parametrize("N,threshold", [
+    (10, 8),
+    (3, 2),
+    (5, 4),
+    (100, 85),
+    (100, 99),
+    #(1, 1),
+    #(3, 1)
+    ])
+def test_alice_send__some_Ursula(N, threshold):
+    pre = umbral.PRE()
+    priv_alice = pre.gen_priv()
+    pub_alice = pre.priv2pub(priv_alice)
+    priv_bob = pre.gen_priv()
+    rk_ab = pre.rekey(priv_alice, priv_bob)
+
+    sym_key, ekey_alice = pre.encapsulate(pub_alice)
+
+    kfrags, vkeys = pre.split_rekey(priv_alice, priv_bob, threshold, N)
+
+    for kfrag in kfrags:
+        assert pre.check_kFrag_consistency(kfrag, vkeys)
+
+    # Alice tries to frame the first Ursula by sending her a random kFrag
+    fake_kfrag = kfrags[0]._replace(key=ec.random(pre.ecgroup, ec.ZR))
+    assert not pre.check_kFrag_consistency(fake_kfrag, vkeys)