11 struct dipe_master_publickey
{
17 struct dipe_master_secretkey
{
23 struct dipe_secretkey
{
37 size_t dipe_h_length(element_t elem
, size_t dimension
) {
38 return 16 /*cid*/ + dimension
* element_length_in_bytes(elem
);
41 void dipe_generate_h(char* cid
, element_t
* y
, size_t dimension
, unsigned char* result
) {
42 memcpy(result
, cid
, 16);
43 unsigned char* next_element
= result
+16;
44 for (size_t i
= 0; i
< dimension
; ++i
) {
45 element_to_bytes(next_element
, y
[i
]);
46 next_element
+= element_length_in_bytes(y
[0]);
51 void dipe_init(FILE* configfp
, dipe_param_t
* param
) {
53 (*param
) = (dipe_param_t
)malloc(sizeof(dipe_param
));
54 fread(buffer
, 1, 2<<16, configfp
);
56 pairing_init_set_buf((*param
)->pairing
, buffer
, 2<<16);
58 element_init_G1((*param
)->g1
, (*param
)->pairing
);
59 element_init_G2((*param
)->g2
, (*param
)->pairing
);
60 element_init_GT((*param
)->gt
, (*param
)->pairing
);
62 element_random((*param
)->g1
);
63 element_random((*param
)->g2
);
64 pairing_apply((*param
)->gt
, (*param
)->g1
, (*param
)->g2
, (*param
)->pairing
);
67 pairing_t
* dipe_get_pairing(dipe_param_t param
) {
68 return &(param
->pairing
);
71 void dipe_master_keygen(dipe_param_t param
, size_t dimension
, dipe_master_publickey_t
* pk
, dipe_master_secretkey_t
* sk
) {
72 *pk
= (dipe_master_publickey_t
)malloc(sizeof(dipe_master_publickey
));
73 *sk
= (dipe_master_secretkey_t
)malloc(sizeof(dipe_master_secretkey
));
75 (*sk
)->dimension
= (*pk
)->dimension
= dimension
;
77 element_init_Zr((*sk
)->a
, param
->pairing
);
78 element_init_GT((*pk
)->a
, param
->pairing
);
79 element_random((*sk
)->a
);
80 element_pow_zn((*pk
)->a
, param
->gt
, (*sk
)->a
);
82 (*sk
)->k
= (element_t
*)calloc(dimension
, sizeof(element_t
));
83 (*pk
)->k
= (element_t
*)calloc(dimension
, sizeof(element_t
));
84 for (size_t i
= 0; i
< dimension
; ++i
) {
85 element_init_Zr((*sk
)->k
[i
], param
->pairing
);
86 element_init_G1((*pk
)->k
[i
], param
->pairing
);
87 element_random((*sk
)->k
[i
]);
88 element_pow_zn((*pk
)->k
[i
], param
->g1
, (*sk
)->k
[i
]);
92 void dipe_keygen(dipe_param_t param
, dipe_master_secretkey_t msk
, char* cid
, element_t
* y
, dipe_secretkey_t
* sk
) {
93 *sk
= (dipe_secretkey_t
)malloc(sizeof(dipe_secretkey
));
94 (*sk
)->dimension
= msk
->dimension
;
95 element_init_G2((*sk
)->d
, param
->pairing
);
97 size_t hash_input_length
= dipe_h_length(y
[0], msk
->dimension
);
98 unsigned char hash_input
[hash_input_length
];
100 element_init_G2(h
, param
->pairing
);
102 dipe_generate_h(cid
, y
, msk
->dimension
, hash_input
);
103 element_from_hash(h
, hash_input
, hash_input_length
);
108 element_init_Zr(innerp
, param
->pairing
);
109 element_init_Zr(tmp
, param
->pairing
);
110 element_set0(innerp
);
112 element_from_hash(h
, hash_input
, hash_input_length
);
114 for (size_t i
= 0; i
< msk
->dimension
; ++i
) {
115 element_mul(tmp
, y
[i
], msk
->k
[i
]);
116 element_add(innerp
, innerp
, tmp
);
120 element_init_G2(a2
, param
->pairing
);
121 element_pow_zn(h
, h
, innerp
);
122 element_pow_zn(a2
, param
->g2
, msk
->a
);
123 element_mul((*sk
)->d
, a2
, h
);
126 element_clear(innerp
);
131 void dipe_encap(dipe_param_t param
, dipe_master_publickey_t mpk
, element_t
* x
, element_t ptxt
, dipe_ctxt_t
* ctxt
) {
132 *ctxt
= (dipe_ctxt_t
)malloc(sizeof(dipe_ctxt
));
133 (*ctxt
)->dimension
= mpk
->dimension
;
137 element_init_Zr(r
, param
->pairing
);
138 element_init_Zr(s
, param
->pairing
);
143 element_init_G1((*ctxt
)->s
, param
->pairing
);
144 element_pow_zn((*ctxt
)->s
, param
->g1
, s
);
148 element_init_G1(k1
, param
->pairing
);
149 element_init_G1(x1
, param
->pairing
);
151 (*ctxt
)->cx
= (element_t
*)calloc(mpk
->dimension
, sizeof(element_t
));
152 for (size_t i
= 0; i
< mpk
->dimension
; ++i
){
153 element_pow_zn(x1
, param
->g1
, x
[i
]);
154 element_pow_zn(x1
, x1
, r
);
156 element_pow_zn(k1
, mpk
->k
[i
], s
);
158 element_init_G1((*ctxt
)->cx
[i
], param
->pairing
);
159 element_mul((*ctxt
)->cx
[i
], k1
, x1
);
163 element_init_GT(at
, param
->pairing
);
164 element_pow_zn(at
, mpk
->a
, s
);
165 element_init_GT((*ctxt
)->c
, param
->pairing
);
166 element_mul((*ctxt
)->c
, at
, ptxt
);
176 void dipe_decap(dipe_param_t param
, dipe_secretkey_t sk
, char* cid
, element_t
* y
, dipe_ctxt_t ctxt
, element_t ptxt
) {
177 size_t hash_input_length
= dipe_h_length(y
[0], sk
->dimension
);
178 unsigned char hash_input
[hash_input_length
];
180 element_init_G2(h
, param
->pairing
);
182 dipe_generate_h(cid
, y
, sk
->dimension
, hash_input
);
183 element_from_hash(h
, hash_input
, hash_input_length
);
188 element_init_GT(tmp
, param
->pairing
);
189 element_init_GT(innerp
, param
->pairing
);
190 element_init_G2(hy
, param
->pairing
);
192 element_set1(innerp
);
193 for (size_t i
= 0; i
< sk
->dimension
; ++i
) {
194 element_pow_zn(hy
, h
, y
[i
]);
195 pairing_apply(tmp
, ctxt
->cx
[i
], hy
, param
->pairing
);
196 element_mul(innerp
, innerp
, tmp
);
199 pairing_apply(ptxt
, ctxt
->s
, sk
->d
, param
->pairing
);
200 element_invert(ptxt
, ptxt
);
201 element_mul(ptxt
, ptxt
, ctxt
->c
);
202 element_mul(ptxt
, ptxt
, innerp
);
206 element_clear(innerp
);
211 void dipe_free_param(dipe_param_t param
) {
212 element_clear(param
->g1
);
213 element_clear(param
->g2
);
214 element_clear(param
->gt
);
215 pairing_clear(param
->pairing
);
219 void dipe_free_master_secretkey(dipe_master_secretkey_t sk
) {
220 for (size_t i
= 0; i
< sk
->dimension
; ++i
) {
221 element_clear(sk
->k
[i
]);
223 element_clear(sk
->a
);
228 void dipe_free_master_publickey(dipe_master_publickey_t pk
) {
229 for (size_t i
= 0; i
< pk
->dimension
; ++i
) {
230 element_clear(pk
->k
[i
]);
232 element_clear(pk
->a
);
237 void dipe_free_secretkey(dipe_secretkey_t sk
) {
238 element_clear(sk
->d
);
242 void dipe_free_ctxt(dipe_ctxt_t ctxt
) {
243 for (size_t i
= 0; i
< ctxt
->dimension
; ++i
) {
244 element_clear(ctxt
->cx
[i
]);
246 element_clear(ctxt
->c
);
247 element_clear(ctxt
->s
);