1 /*
2 Paterson ID-based signature.
3 Based on papers "K. G. Paterson. ID-Based Signatures from Pairings on Elliptic Curvers. Electron. Lett., Vol. 38". Available at http://eprint.iacr.org/2002/004."
4 Contributed by Dmitry Kosolapov.
5 */
6
7 #include <pbc.h>
8 #include <pbc_test.h>
9
main(int argc,char ** argv)10 int main(int argc, char **argv) {
11 pairing_t pairing;
12 double time1, time2;
13 element_t Ppub, s, P, R, k, S, Did, Qid, t1, t2, t4, t5, t6, t7, t8,
14 t9, t10, t11;
15 mpz_t t3;
16 mpz_init(t3);
17 pbc_demo_pairing_init(pairing, argc, argv);
18 if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
19
20 element_init_G1(P, pairing);
21 element_init_G1(Ppub, pairing);
22 element_init_G1(Qid, pairing);
23 element_init_G1(Did, pairing);
24 element_init_G1(R, pairing);
25 element_init_G1(S, pairing);
26 element_init_G1(t2, pairing);
27 element_init_G1(t4, pairing);
28 element_init_G1(t5, pairing);
29 element_init_G1(t7, pairing);
30
31 element_init_Zr(s, pairing);
32 element_init_Zr(k, pairing);
33 element_init_Zr(t1, pairing);
34
35 element_init_GT(t6, pairing);
36 element_init_GT(t8, pairing);
37 element_init_GT(t9, pairing);
38 element_init_GT(t10, pairing);
39 element_init_GT(t11, pairing);
40
41 time1 = pbc_get_time();
42 printf("Paterson ID-based signature.\n");
43 printf("KEYGEN\n");
44 element_random(P);
45 element_random(s);
46 element_mul_zn(Ppub, P, s);
47 element_printf("P = %B\n", P);
48 element_printf("Ppub = %B\n", Ppub);
49 element_from_hash(Qid, "ID", 2);
50 element_printf("Qid = %B\n", Qid);
51 element_mul_zn(Did, Qid, s);
52
53 printf("SIGN\n");
54 element_random(k);
55 element_mul_zn(R, P, k);
56 element_from_hash(t1, "Message", 7);
57 element_mul_zn(t2, P, t1);
58 //H3(R)=mpz(R);
59 // int n = element_length_in_bytes(R);
60 // unsigned char *data=malloc(n);
61 // element_to_bytes(data, R);
62 // printf("data = %s\n", data);
63 element_to_mpz(t3, R);
64 element_mul_mpz(t4, Did, t3);
65 element_add(t5, t4, t2);
66 element_invert(k, k);
67 element_mul_zn(S, t5, k);
68 printf("Signature of message \"Message\" is:\n");
69 element_printf("R = %B\n", R);
70 element_printf("S = %B\n", S);
71
72 printf("VERIFY\n");
73 element_from_hash(t1, "Message", 7);
74 element_mul_zn(t7, P, t1);
75 element_pairing(t6, P, t7);
76 element_pairing(t8, Ppub, Qid);
77 element_to_mpz(t3, R);
78 element_pow_mpz(t9, t8, t3);
79 element_printf("t8 = %B\n", t8);
80 element_printf("t9 = %B\n", t9);
81 element_mul(t10, t6, t9);
82 element_printf("t10 = %B\n", t10);
83 element_pairing(t11, R, S);
84 element_printf("[e(P, P)^H2(M)][e(Ppub, Qid)^H3(R)] = %B\n", t10);
85 element_printf("e(R, S) = %B\n", t11);
86 if (!element_cmp(t10, t11)) {
87 printf("Signature is valid!\n");
88 } else {
89 printf("Signature is invalid!\n");
90 }
91 time2 = pbc_get_time();
92 printf("All time = %fs\n", time2 - time1);
93
94 element_clear(P);
95 element_clear(Ppub);
96 element_clear(Qid);
97 element_clear(Did);
98 element_clear(R);
99 element_clear(t2);
100 element_clear(t4);
101 element_clear(t5);
102 element_clear(s);
103 element_clear(k);
104 element_clear(t1);
105 element_clear(t6);
106 element_clear(t7);
107 element_clear(t8);
108 element_clear(t9);
109 element_clear(t10);
110 element_clear(t11);
111 pairing_clear(pairing);
112
113 return 0;
114 }
115