Search in sources :

Example 1 with DigestRandomGenerator

use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.

the class McElieceFujisakiCipher method messageDecrypt.

public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int c1Len = (n + 7) >> 3;
    int c2Len = input.length - c1Len;
    // split ciphertext (c1||c2)
    byte[][] c1c2 = ByteUtils.split(input, c1Len);
    byte[] c1 = c1c2[0];
    byte[] c2 = c1c2[1];
    // decrypt c1 ...
    GF2Vector hrmVec = GF2Vector.OS2VP(n, c1);
    GF2Vector[] decC1 = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, hrmVec);
    byte[] rBytes = decC1[0].getEncoded();
    // ... and obtain error vector z
    GF2Vector z = decC1[1];
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rBytes);
    // generate random sequence
    byte[] mBytes = new byte[c2Len];
    sr0.nextBytes(mBytes);
    // XOR with c2 to obtain m
    for (int i = 0; i < c2Len; i++) {
        mBytes[i] ^= c2[i];
    }
    // compute H(r||m)
    byte[] rmBytes = ByteUtils.concatenate(rBytes, mBytes);
    byte[] hrm = new byte[messDigest.getDigestSize()];
    messDigest.update(rmBytes, 0, rmBytes.length);
    messDigest.doFinal(hrm, 0);
    // compute Conv(H(r||m))
    hrmVec = Conversions.encode(n, t, hrm);
    // check that Conv(H(m||r)) = z
    if (!hrmVec.equals(z)) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    // return plaintext m
    return mBytes;
}
Also used : InvalidCipherTextException(com.github.zhenwei.core.crypto.InvalidCipherTextException) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 2 with DigestRandomGenerator

use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.

the class McElieceFujisakiCipher method messageEncrypt.

public byte[] messageEncrypt(byte[] input) {
    if (!forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    // generate random vector r of length k bits
    GF2Vector r = new GF2Vector(k, sr);
    // convert r to byte array
    byte[] rBytes = r.getEncoded();
    // compute (r||input)
    byte[] rm = ByteUtils.concatenate(rBytes, input);
    // compute H(r||input)
    messDigest.update(rm, 0, rm.length);
    byte[] hrm = new byte[messDigest.getDigestSize()];
    messDigest.doFinal(hrm, 0);
    // convert H(r||input) to error vector z
    GF2Vector z = Conversions.encode(n, t, hrm);
    // compute c1 = E(r, z)
    byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, r, z).getEncoded();
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rBytes);
    // generate random c2
    byte[] c2 = new byte[input.length];
    sr0.nextBytes(c2);
    // XOR with input
    for (int i = 0; i < input.length; i++) {
        c2[i] ^= input[i];
    }
    // return (c1||c2)
    return ByteUtils.concatenate(c1, c2);
}
Also used : GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 3 with DigestRandomGenerator

use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.

the class McElieceKobaraImaiCipher method messageDecrypt.

public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int nDiv8 = n >> 3;
    if (input.length < nDiv8) {
        throw new InvalidCipherTextException("Bad Padding: Ciphertext too short.");
    }
    int c2Len = messDigest.getDigestSize();
    int c4Len = k >> 3;
    int c5Len = (IntegerFunctions.binomial(n, t).bitLength() - 1) >> 3;
    int c6Len = input.length - nDiv8;
    // split cipher text (c6||encC4), where c6 may be empty
    byte[] c6, encC4;
    if (c6Len > 0) {
        byte[][] c6EncC4 = ByteUtils.split(input, c6Len);
        c6 = c6EncC4[0];
        encC4 = c6EncC4[1];
    } else {
        c6 = new byte[0];
        encC4 = input;
    }
    // convert encC4 into vector over GF(2)
    GF2Vector encC4Vec = GF2Vector.OS2VP(n, encC4);
    // decrypt encC4Vec to obtain c4 and error vector z
    GF2Vector[] c4z = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, encC4Vec);
    byte[] c4 = c4z[0].getEncoded();
    GF2Vector z = c4z[1];
    // if length of c4 is greater than c4Len (because of padding) ...
    if (c4.length > c4Len) {
        // ... truncate the padding bytes
        c4 = ByteUtils.subArray(c4, 0, c4Len);
    }
    // compute c5 = Conv^-1(z)
    byte[] c5 = Conversions.decode(n, t, z);
    // if c5 is shorter than expected, pad with leading zeroes
    if (c5.length < c5Len) {
        byte[] paddedC5 = new byte[c5Len];
        System.arraycopy(c5, 0, paddedC5, c5Len - c5.length, c5.length);
        c5 = paddedC5;
    }
    // compute (c6||c5||c4)
    byte[] c6c5c4 = ByteUtils.concatenate(c6, c5);
    c6c5c4 = ByteUtils.concatenate(c6c5c4, c4);
    // split (c6||c5||c4) into (c2||c1), where c2Len = mdLen and c1Len =
    // input.length-c2Len bytes.
    int c1Len = c6c5c4.length - c2Len;
    byte[][] c2c1 = ByteUtils.split(c6c5c4, c2Len);
    byte[] c2 = c2c1[0];
    byte[] c1 = c2c1[1];
    // compute H(c1) ...
    byte[] rPrime = new byte[messDigest.getDigestSize()];
    messDigest.update(c1, 0, c1.length);
    messDigest.doFinal(rPrime, 0);
    // ... and XOR with c2 to obtain r'
    for (int i = c2Len - 1; i >= 0; i--) {
        rPrime[i] ^= c2[i];
    }
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rPrime);
    // generate random sequence R(r') ...
    byte[] mConstPrime = new byte[c1Len];
    sr0.nextBytes(mConstPrime);
    // ... and XOR with c1 to obtain (m||const')
    for (int i = c1Len - 1; i >= 0; i--) {
        mConstPrime[i] ^= c1[i];
    }
    if (mConstPrime.length < c1Len) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    byte[][] temp = ByteUtils.split(mConstPrime, c1Len - PUBLIC_CONSTANT.length);
    byte[] mr = temp[0];
    byte[] constPrime = temp[1];
    if (!ByteUtils.equals(constPrime, PUBLIC_CONSTANT)) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    return mr;
}
Also used : InvalidCipherTextException(com.github.zhenwei.core.crypto.InvalidCipherTextException) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 4 with DigestRandomGenerator

use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.

the class McEliecePointchevalCipher method messageEncrypt.

public byte[] messageEncrypt(byte[] input) {
    if (!forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int kDiv8 = k >> 3;
    // generate random r of length k div 8 bytes
    byte[] r = new byte[kDiv8];
    sr.nextBytes(r);
    // generate random vector r' of length k bits
    GF2Vector rPrime = new GF2Vector(k, sr);
    // convert r' to byte array
    byte[] rPrimeBytes = rPrime.getEncoded();
    // compute (input||r)
    byte[] mr = ByteUtils.concatenate(input, r);
    // compute H(input||r)
    messDigest.update(mr, 0, mr.length);
    byte[] hmr = new byte[messDigest.getDigestSize()];
    messDigest.doFinal(hmr, 0);
    // convert H(input||r) to error vector z
    GF2Vector z = Conversions.encode(n, t, hmr);
    // compute c1 = E(rPrime, z)
    byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, rPrime, z).getEncoded();
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rPrimeBytes);
    // generate random c2
    byte[] c2 = new byte[input.length + kDiv8];
    sr0.nextBytes(c2);
    // XOR with input
    for (int i = 0; i < input.length; i++) {
        c2[i] ^= input[i];
    }
    // XOR with r
    for (int i = 0; i < kDiv8; i++) {
        c2[input.length + i] ^= r[i];
    }
    // return (c1||c2)
    return ByteUtils.concatenate(c1, c2);
}
Also used : GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 5 with DigestRandomGenerator

use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.

the class McEliecePointchevalCipher method messageDecrypt.

public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int c1Len = (n + 7) >> 3;
    int c2Len = input.length - c1Len;
    // split cipher text (c1||c2)
    byte[][] c1c2 = ByteUtils.split(input, c1Len);
    byte[] c1 = c1c2[0];
    byte[] c2 = c1c2[1];
    // decrypt c1 ...
    GF2Vector c1Vec = GF2Vector.OS2VP(n, c1);
    GF2Vector[] c1Dec = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, c1Vec);
    byte[] rPrimeBytes = c1Dec[0].getEncoded();
    // ... and obtain error vector z
    GF2Vector z = c1Dec[1];
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rPrimeBytes);
    // generate random sequence
    byte[] mrBytes = new byte[c2Len];
    sr0.nextBytes(mrBytes);
    // XOR with c2 to obtain (m||r)
    for (int i = 0; i < c2Len; i++) {
        mrBytes[i] ^= c2[i];
    }
    // compute H(m||r)
    messDigest.update(mrBytes, 0, mrBytes.length);
    byte[] hmr = new byte[messDigest.getDigestSize()];
    messDigest.doFinal(hmr, 0);
    // compute Conv(H(m||r))
    c1Vec = Conversions.encode(n, t, hmr);
    // check that Conv(H(m||r)) = z
    if (!c1Vec.equals(z)) {
        throw new InvalidCipherTextException("Bad Padding: Invalid ciphertext.");
    }
    // split (m||r) to obtain m
    int kDiv8 = k >> 3;
    byte[][] mr = ByteUtils.split(mrBytes, c2Len - kDiv8);
    // return plain text m
    return mr[0];
}
Also used : InvalidCipherTextException(com.github.zhenwei.core.crypto.InvalidCipherTextException) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Aggregations

SHA1Digest (com.github.zhenwei.core.crypto.digests.SHA1Digest)6 DigestRandomGenerator (com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)6 GF2Vector (com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector)6 InvalidCipherTextException (com.github.zhenwei.core.crypto.InvalidCipherTextException)3