public static byte[] decrypt(BFCText c, BFUserPrivateKey sk) { BFMasterPublicKey msk = sk.Param; Pairing e = msk.Pairing; //e(sQ,U), sQ is the user private key FieldElement temp = e.Compute(sk.Key, c.U); //sigma = V xor hash(temp) byte[] hash = BFUtil.HashToLength(temp.ToUByteArray(), c.V.Length); //This could fail byte[] sigma = BFUtil.XorTwoByteArrays(c.V, hash); hash = BFUtil.HashToLength(sigma, c.W.Length); byte[] m = BFUtil.XorTwoByteArrays(hash, c.W); //sigma||m byte[] toHash = new byte[sigma.Length + m.Length]; Array.Copy(sigma, 0, toHash, 0, sigma.Length); Array.Copy(m, 0, toHash, sigma.Length, m.Length); //hash(sigma||m) to biginteger r; Field field = e.Curve2.Field; BigInt r = BFUtil.HashToField(toHash, field); if (c.U.Equals(e.Curve2.Multiply(msk.P, r))) { return(m); } else { return(null); } }
public static BFCText encrypt(BFUserPublicKey pk, byte[] m, Random rnd) { Pairing e = pk.Param.Pairing; byte[] sigma = new byte[BFCipher.sigmaBitLength / 8]; rnd.NextBytes(sigma); //sigma||m byte[] toHash = new byte[sigma.Length + m.Length]; Array.Copy(sigma, 0, toHash, 0, sigma.Length); Array.Copy(m, 0, toHash, sigma.Length, m.Length); //hash(sigma||m) to biginteger r; Field field = e.Curve2.Field; BigInt r = BFUtil.HashToField(toHash, field); //hash(ID) to point byte[] bid = null; String ID = pk.Key; bid = Encoding.UTF8.GetBytes(ID); Point Q = BFUtil.HashToPoint(bid, e.Curve, e.Cofactor); //gID = e(Q, sP), sP is Ppub FieldElement gID = e.Compute(Q, pk.Param.Ppub); //U=rP Point U = e.Curve2.Multiply(pk.Param.P, r); //gID^r FieldElement gIDr = e.Gt.Pow(gID, r); //V=sigma xor hash(gID^r) byte[] hash = BFUtil.HashToLength(gIDr.ToUByteArray(), sigma.Length); //This could fail byte[] V = BFUtil.XorTwoByteArrays(sigma, hash); //W =m xor hash(sigma) hash = BFUtil.HashToLength(sigma, m.Length); byte[] W = BFUtil.XorTwoByteArrays(m, hash); return(new BFCText(U, V, W)); }