example/paterson.c

   1 /*
   2   Paterson ID-based signature.
   3   Based on papers "K. G. Paterson. ID-Based Signatures from Pairings on Elliptic Curvers. Electron. Lett., Vol. 38". Available at http://eprint.iacr.org/2002/004."
   4   Contributed by Dmitry Kosolapov.
   5 */
   6
   7 #include <pbc.h>
   8 #include <pbc_test.h>
   9
  10 int main(int argc, char **argv) {
  11   pairing_t pairing;
  12   double time1, time2;
  13   element_t Ppub, s, P, R, k, S, Did, Qid, t1, t2, t4, t5, t6, t7, t8,
  14     t9, t10, t11;
  15   mpz_t t3;
  16   mpz_init(t3);
  17   pbc_demo_pairing_init(pairing, argc, argv);
  18   if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
  19
  20   element_init_G1(P, pairing);
  21   element_init_G1(Ppub, pairing);
  22   element_init_G1(Qid, pairing);
  23   element_init_G1(Did, pairing);
  24   element_init_G1(R, pairing);
  25   element_init_G1(S, pairing);
  26   element_init_G1(t2, pairing);
  27   element_init_G1(t4, pairing);
  28   element_init_G1(t5, pairing);
  29   element_init_G1(t7, pairing);
  30
  31   element_init_Zr(s, pairing);
  32   element_init_Zr(k, pairing);
  33   element_init_Zr(t1, pairing);
  34
  35   element_init_GT(t6, pairing);
  36   element_init_GT(t8, pairing);
  37   element_init_GT(t9, pairing);
  38   element_init_GT(t10, pairing);
  39   element_init_GT(t11, pairing);
  40
  41   time1 = pbc_get_time();
  42   printf("Paterson ID-based signature.\n");
  43   printf("KEYGEN\n");
  44   element_random(P);
  45   element_random(s);
  46   element_mul_zn(Ppub, P, s);
  47   element_printf("P = %B\n", P);
  48   element_printf("Ppub = %B\n", Ppub);
  49   element_from_hash(Qid, "ID", 2);
  50   element_printf("Qid = %B\n", Qid);
  51   element_mul_zn(Did, Qid, s);
  52
  53   printf("SIGN\n");
  54   element_random(k);
  55   element_mul_zn(R, P, k);
  56   element_from_hash(t1, "Message", 7);
  57   element_mul_zn(t2, P, t1);
  58   //H3(R)=mpz(R);
  59 //  int n = element_length_in_bytes(R);
  60 //  unsigned char *data=malloc(n);
  61 //  element_to_bytes(data, R);
  62 //  printf("data = %s\n", data);
  63   element_to_mpz(t3, R);
  64   element_mul_mpz(t4, Did, t3);
  65   element_add(t5, t4, t2);
  66   element_invert(k, k);
  67   element_mul_zn(S, t5, k);
  68   printf("Signature of message \"Message\" is:\n");
  69   element_printf("R = %B\n", R);
  70   element_printf("S = %B\n", S);
  71
  72   printf("VERIFY\n");
  73   element_from_hash(t1, "Message", 7);
  74   element_mul_zn(t7, P, t1);
  75   element_pairing(t6, P, t7);
  76   element_pairing(t8, Ppub, Qid);
  77   element_to_mpz(t3, R);
  78   element_pow_mpz(t9, t8, t3);
  79   element_printf("t8 = %B\n", t8);
  80   element_printf("t9 = %B\n", t9);
  81   element_mul(t10, t6, t9);
  82   element_printf("t10 = %B\n", t10);
  83   element_pairing(t11, R, S);
  84   element_printf("[e(P, P)^H2(M)][e(Ppub, Qid)^H3(R)] = %B\n", t10);
  85   element_printf("e(R, S) = %B\n", t11);
  86   if (!element_cmp(t10, t11)) {
  87     printf("Signature is valid!\n");
  88   } else {
  89     printf("Signature is invalid!\n");
  90   }
  91   time2 = pbc_get_time();
  92   printf("All time = %fs\n", time2 - time1);
  93
  94   element_clear(P);
  95   element_clear(Ppub);
  96   element_clear(Qid);
  97   element_clear(Did);
  98   element_clear(R);
  99   element_clear(t2);
 100   element_clear(t4);
 101   element_clear(t5);
 102   element_clear(s);
 103   element_clear(k);
 104   element_clear(t1);
 105   element_clear(t6);
 106   element_clear(t7);
 107   element_clear(t8);
 108   element_clear(t9);
 109   element_clear(t10);
 110   element_clear(t11);
 111   pairing_clear(pairing);
 112
 113   return 0;
 114 }