use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.
the class McElieceFujisakiCipher method messageDecrypt.
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int c1Len = (n + 7) >> 3;
int c2Len = input.length - c1Len;
// split ciphertext (c1||c2)
byte[][] c1c2 = ByteUtils.split(input, c1Len);
byte[] c1 = c1c2[0];
byte[] c2 = c1c2[1];
// decrypt c1 ...
GF2Vector hrmVec = GF2Vector.OS2VP(n, c1);
GF2Vector[] decC1 = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, hrmVec);
byte[] rBytes = decC1[0].getEncoded();
// ... and obtain error vector z
GF2Vector z = decC1[1];
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rBytes);
// generate random sequence
byte[] mBytes = new byte[c2Len];
sr0.nextBytes(mBytes);
// XOR with c2 to obtain m
for (int i = 0; i < c2Len; i++) {
mBytes[i] ^= c2[i];
}
// compute H(r||m)
byte[] rmBytes = ByteUtils.concatenate(rBytes, mBytes);
byte[] hrm = new byte[messDigest.getDigestSize()];
messDigest.update(rmBytes, 0, rmBytes.length);
messDigest.doFinal(hrm, 0);
// compute Conv(H(r||m))
hrmVec = Conversions.encode(n, t, hrm);
// check that Conv(H(m||r)) = z
if (!hrmVec.equals(z)) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
// return plaintext m
return mBytes;
}
use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.
the class McElieceFujisakiCipher method messageEncrypt.
public byte[] messageEncrypt(byte[] input) {
if (!forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
// generate random vector r of length k bits
GF2Vector r = new GF2Vector(k, sr);
// convert r to byte array
byte[] rBytes = r.getEncoded();
// compute (r||input)
byte[] rm = ByteUtils.concatenate(rBytes, input);
// compute H(r||input)
messDigest.update(rm, 0, rm.length);
byte[] hrm = new byte[messDigest.getDigestSize()];
messDigest.doFinal(hrm, 0);
// convert H(r||input) to error vector z
GF2Vector z = Conversions.encode(n, t, hrm);
// compute c1 = E(r, z)
byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, r, z).getEncoded();
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rBytes);
// generate random c2
byte[] c2 = new byte[input.length];
sr0.nextBytes(c2);
// XOR with input
for (int i = 0; i < input.length; i++) {
c2[i] ^= input[i];
}
// return (c1||c2)
return ByteUtils.concatenate(c1, c2);
}
use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.
the class McElieceKobaraImaiCipher method messageDecrypt.
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int nDiv8 = n >> 3;
if (input.length < nDiv8) {
throw new InvalidCipherTextException("Bad Padding: Ciphertext too short.");
}
int c2Len = messDigest.getDigestSize();
int c4Len = k >> 3;
int c5Len = (IntegerFunctions.binomial(n, t).bitLength() - 1) >> 3;
int c6Len = input.length - nDiv8;
// split cipher text (c6||encC4), where c6 may be empty
byte[] c6, encC4;
if (c6Len > 0) {
byte[][] c6EncC4 = ByteUtils.split(input, c6Len);
c6 = c6EncC4[0];
encC4 = c6EncC4[1];
} else {
c6 = new byte[0];
encC4 = input;
}
// convert encC4 into vector over GF(2)
GF2Vector encC4Vec = GF2Vector.OS2VP(n, encC4);
// decrypt encC4Vec to obtain c4 and error vector z
GF2Vector[] c4z = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, encC4Vec);
byte[] c4 = c4z[0].getEncoded();
GF2Vector z = c4z[1];
// if length of c4 is greater than c4Len (because of padding) ...
if (c4.length > c4Len) {
// ... truncate the padding bytes
c4 = ByteUtils.subArray(c4, 0, c4Len);
}
// compute c5 = Conv^-1(z)
byte[] c5 = Conversions.decode(n, t, z);
// if c5 is shorter than expected, pad with leading zeroes
if (c5.length < c5Len) {
byte[] paddedC5 = new byte[c5Len];
System.arraycopy(c5, 0, paddedC5, c5Len - c5.length, c5.length);
c5 = paddedC5;
}
// compute (c6||c5||c4)
byte[] c6c5c4 = ByteUtils.concatenate(c6, c5);
c6c5c4 = ByteUtils.concatenate(c6c5c4, c4);
// split (c6||c5||c4) into (c2||c1), where c2Len = mdLen and c1Len =
// input.length-c2Len bytes.
int c1Len = c6c5c4.length - c2Len;
byte[][] c2c1 = ByteUtils.split(c6c5c4, c2Len);
byte[] c2 = c2c1[0];
byte[] c1 = c2c1[1];
// compute H(c1) ...
byte[] rPrime = new byte[messDigest.getDigestSize()];
messDigest.update(c1, 0, c1.length);
messDigest.doFinal(rPrime, 0);
// ... and XOR with c2 to obtain r'
for (int i = c2Len - 1; i >= 0; i--) {
rPrime[i] ^= c2[i];
}
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rPrime);
// generate random sequence R(r') ...
byte[] mConstPrime = new byte[c1Len];
sr0.nextBytes(mConstPrime);
// ... and XOR with c1 to obtain (m||const')
for (int i = c1Len - 1; i >= 0; i--) {
mConstPrime[i] ^= c1[i];
}
if (mConstPrime.length < c1Len) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
byte[][] temp = ByteUtils.split(mConstPrime, c1Len - PUBLIC_CONSTANT.length);
byte[] mr = temp[0];
byte[] constPrime = temp[1];
if (!ByteUtils.equals(constPrime, PUBLIC_CONSTANT)) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
return mr;
}
use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.
the class McEliecePointchevalCipher method messageEncrypt.
public byte[] messageEncrypt(byte[] input) {
if (!forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int kDiv8 = k >> 3;
// generate random r of length k div 8 bytes
byte[] r = new byte[kDiv8];
sr.nextBytes(r);
// generate random vector r' of length k bits
GF2Vector rPrime = new GF2Vector(k, sr);
// convert r' to byte array
byte[] rPrimeBytes = rPrime.getEncoded();
// compute (input||r)
byte[] mr = ByteUtils.concatenate(input, r);
// compute H(input||r)
messDigest.update(mr, 0, mr.length);
byte[] hmr = new byte[messDigest.getDigestSize()];
messDigest.doFinal(hmr, 0);
// convert H(input||r) to error vector z
GF2Vector z = Conversions.encode(n, t, hmr);
// compute c1 = E(rPrime, z)
byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, rPrime, z).getEncoded();
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rPrimeBytes);
// generate random c2
byte[] c2 = new byte[input.length + kDiv8];
sr0.nextBytes(c2);
// XOR with input
for (int i = 0; i < input.length; i++) {
c2[i] ^= input[i];
}
// XOR with r
for (int i = 0; i < kDiv8; i++) {
c2[input.length + i] ^= r[i];
}
// return (c1||c2)
return ByteUtils.concatenate(c1, c2);
}
use of com.github.zhenwei.core.crypto.prng.DigestRandomGenerator in project LinLong-Java by zhenwei1108.
the class McEliecePointchevalCipher method messageDecrypt.
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int c1Len = (n + 7) >> 3;
int c2Len = input.length - c1Len;
// split cipher text (c1||c2)
byte[][] c1c2 = ByteUtils.split(input, c1Len);
byte[] c1 = c1c2[0];
byte[] c2 = c1c2[1];
// decrypt c1 ...
GF2Vector c1Vec = GF2Vector.OS2VP(n, c1);
GF2Vector[] c1Dec = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, c1Vec);
byte[] rPrimeBytes = c1Dec[0].getEncoded();
// ... and obtain error vector z
GF2Vector z = c1Dec[1];
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rPrimeBytes);
// generate random sequence
byte[] mrBytes = new byte[c2Len];
sr0.nextBytes(mrBytes);
// XOR with c2 to obtain (m||r)
for (int i = 0; i < c2Len; i++) {
mrBytes[i] ^= c2[i];
}
// compute H(m||r)
messDigest.update(mrBytes, 0, mrBytes.length);
byte[] hmr = new byte[messDigest.getDigestSize()];
messDigest.doFinal(hmr, 0);
// compute Conv(H(m||r))
c1Vec = Conversions.encode(n, t, hmr);
// check that Conv(H(m||r)) = z
if (!c1Vec.equals(z)) {
throw new InvalidCipherTextException("Bad Padding: Invalid ciphertext.");
}
// split (m||r) to obtain m
int kDiv8 = k >> 3;
byte[][] mr = ByteUtils.split(mrBytes, c2Len - kDiv8);
// return plain text m
return mr[0];
}
Aggregations