//@Override public override bool Equals(object obj) { if (this == obj) { return(true); } if (obj == null) { return(false); } //if (getClass() != obj.getClass()) // return false; SignaturePublicKey other = (SignaturePublicKey)obj; if (h == null) { if (other.h != null) { return(false); } } else if (!h.Equals(other.h)) { return(false); } if (q != other.q) { return(false); } return(true); }
private bool verifyHash(byte[] msgHash, byte[] sig, SignaturePublicKey pub) { MemoryStream sbuf = new MemoryStream(sig); BinaryReader brr = new BinaryReader(sbuf); byte[] rawSig = new byte[sig.Length - 4]; rawSig = brr.ReadBytes(rawSig.Length); IntegerPolynomial s = IntegerPolynomial.FromBinary(rawSig, param.N, param.q); int r = brr.ReadInt32(); return(verify(createMsgRep(msgHash, r), s, pub.h)); }
/** * Verifies a signature.<br/> * This is a "one stop" method and does not require <code>initVerify</code> to be called. Only the message supplied via * the parameter <code>m</code> is signed, regardless of prior calls to {@link #update(byte[])}. * @param m the message to sign * @param sig the signature * @param pub a public key * @return whether the signature is valid * @throws NtruException if the JRE doesn't implement the specified hash algorithm */ public bool verify(byte[] m, byte[] sig, SignaturePublicKey pub) { try { byte[] msgHash = hashAlg.ComputeHash(m); return(verifyHash(msgHash, sig, pub)); } catch (Exception e) { throw new NtruException(e.Message); } }
/** * Resets the engine for verifying a signature. * @param pub the public key to use in the {@link #verify(byte[])} step * @throws NtruException if the JRE doesn't implement the specified hash algorithm */ public void initVerify(SignaturePublicKey pub) { verificationKey = pub; try { hashAlg = new SHA256(); } catch (Exception e) { throw new NtruException(e.Message); } hashAlg.Reset(); }
/** * Generates a new signature key pair. Uses up to <code>B+1</code> threads * if multiple processors are available. * @return a key pair */ public SignatureKeyPair generateKeyPair() { int processors = Environment.ProcessorCount; SignaturePrivateKey priv = new SignaturePrivateKey(param); int B = param.B; //if (processors == 1) // generate all B+1 bases in the current thread for (int k = B; k >= 0; k--) { priv.add(generateBoundedBasis()); } /*else { * List<Future<Basis>> bases = new ArrayList<Future<Basis>>(); * * // start up to processors-1 new threads and generate B bases * int numThreads = Math.min(B, processors-1); * if (numThreads > 0) { * ExecutorService executor = Executors.newFixedThreadPool(numThreads); * for (int k=B-1; k>=0; k--) * bases.add(executor.submit(new BasisGenerationTask())); * executor.shutdown(); * } * * // generate the remaining basis in the current thread * Basis basis0 = generateBoundedBasis(); * * // build the private key * for (Future<Basis> basis: bases) * try { * priv.add(basis.get()); * } catch (Exception e) { * throw new NtruException(e); * } * priv.add(basis0); * }*/ int q = param.q; SignaturePublicKey pub = new SignaturePublicKey(priv.getBasis(0).h, q); priv.getBasis(0).h = null; // remove the public polynomial h from the private key SignatureKeyPair kp = new SignatureKeyPair(priv, pub); return(kp); }
/** * Generates a new signature key pair. Runs in a single thread. * @return a key pair */ public SignatureKeyPair generateKeyPairSingleThread() { SignaturePrivateKey priv = new SignaturePrivateKey(param); SignaturePublicKey pub = null; Basis pubBasis = generateBoundedBasis(); pub = new SignaturePublicKey(pubBasis.h, param.q); pubBasis.h = null; // remove the public polynomial h from the private key priv.add(pubBasis); for (int k = param.B; k > 0; k--) { Basis basis = generateBoundedBasis(); priv.add(basis); } SignatureKeyPair kp = new SignatureKeyPair(priv, pub); return(kp); }
private void SignVerify(SignatureParameters param) { NtruSign ntru = new NtruSign(param); SignatureKeyPair kp = ntru.generateKeyPair(); Assert.Equals(param.B + 1, kp.priv.getNumBases()); Random rng = new Random(); byte[] msg = new byte[10 + rng.Next(1000)]; rng.NextBytes(msg); // sign and verify byte[] s = ntru.sign(msg, kp); bool valid = ntru.verify(msg, s, kp.pub); Assert.True(valid); // altering the signature should make it invalid s[rng.Next(param.N)] += 1; valid = ntru.verify(msg, s, kp.pub); Assert.False(valid); // test that a random signature fails rng.NextBytes(s); valid = ntru.verify(msg, s, kp.pub); Assert.False(valid); // encode, decode keypair, test SignaturePrivateKey priv = new SignaturePrivateKey(kp.priv.getEncoded()); SignaturePublicKey pub = new SignaturePublicKey(kp.pub.getEncoded()); kp = new SignatureKeyPair(priv, pub); s = ntru.sign(msg, kp); valid = ntru.verify(msg, s, kp.pub); Assert.True(valid); // altering the signature should make it invalid s[rng.Next(s.Length)] += 1; valid = ntru.verify(msg, s, kp.pub); Assert.False(valid); // sparse/dense param.sparse = !param.sparse; s = ntru.sign(msg, kp); valid = ntru.verify(msg, s, kp.pub); Assert.True(valid); s[rng.Next(s.Length)] += 1; valid = ntru.verify(msg, s, kp.pub); Assert.False(valid); param.sparse = !param.sparse; // decrease NormBound to force multiple signing attempts SignatureParameters params2 = param.Clone(); params2.normBoundSq *= (float)4.0 / 9; // works for APR2011_439_PROD but may need to be increased for different params params2.signFailTolerance = 10000; ntru = new NtruSign(params2); s = ntru.sign(msg, kp); valid = ntru.verify(msg, s, kp.pub); Assert.True(valid); // test KeyGenAlg.FLOAT (default=RESULTANT) params2 = param.Clone(); param.keyGenAlg = KeyGenAlg.FLOAT; ntru = new NtruSign(param); kp = ntru.generateKeyPair(); s = ntru.sign(msg, kp); valid = ntru.verify(msg, s, kp.pub); Assert.True(valid); s[rng.Next(s.Length)] += 1; valid = ntru.verify(msg, s, kp.pub); Assert.False(valid); }
/** * Generates a new signature key pair. Runs in a single thread. * @return a key pair */ public SignatureKeyPair generateKeyPairSingleThread() { SignaturePrivateKey priv = new SignaturePrivateKey(param); SignaturePublicKey pub = null; Basis pubBasis = generateBoundedBasis(); pub = new SignaturePublicKey(pubBasis.h, param.q); pubBasis.h = null; // remove the public polynomial h from the private key priv.add(pubBasis); for (int k = param.B; k > 0; k--) { Basis basis = generateBoundedBasis(); priv.add(basis); } SignatureKeyPair kp = new SignatureKeyPair(priv, pub); return kp; }
/** * Generates a new signature key pair. Uses up to <code>B+1</code> threads * if multiple processors are available. * @return a key pair */ public SignatureKeyPair generateKeyPair() { int processors = Environment.ProcessorCount; SignaturePrivateKey priv = new SignaturePrivateKey(param); int B = param.B; //if (processors == 1) // generate all B+1 bases in the current thread for (int k = B; k >= 0; k--) priv.add(generateBoundedBasis()); /*else { List<Future<Basis>> bases = new ArrayList<Future<Basis>>(); // start up to processors-1 new threads and generate B bases int numThreads = Math.min(B, processors-1); if (numThreads > 0) { ExecutorService executor = Executors.newFixedThreadPool(numThreads); for (int k=B-1; k>=0; k--) bases.add(executor.submit(new BasisGenerationTask())); executor.shutdown(); } // generate the remaining basis in the current thread Basis basis0 = generateBoundedBasis(); // build the private key for (Future<Basis> basis: bases) try { priv.add(basis.get()); } catch (Exception e) { throw new NtruException(e); } priv.add(basis0); }*/ int q = param.q; SignaturePublicKey pub = new SignaturePublicKey(priv.getBasis(0).h, q); priv.getBasis(0).h = null; // remove the public polynomial h from the private key SignatureKeyPair kp = new SignatureKeyPair(priv, pub); return kp; }
private bool verifyHash(byte[] msgHash, byte[] sig, SignaturePublicKey pub) { MemoryStream sbuf = new MemoryStream(sig); BinaryReader brr = new BinaryReader(sbuf); byte[] rawSig = new byte[sig.Length - 4]; rawSig = brr.ReadBytes(rawSig.Length); IntegerPolynomial s = IntegerPolynomial.FromBinary(rawSig, param.N, param.q); int r = brr.ReadInt32(); return verify(createMsgRep(msgHash, r), s, pub.h); }
/** * Verifies a signature.<br/> * This is a "one stop" method and does not require <code>initVerify</code> to be called. Only the message supplied via * the parameter <code>m</code> is signed, regardless of prior calls to {@link #update(byte[])}. * @param m the message to sign * @param sig the signature * @param pub a public key * @return whether the signature is valid * @throws NtruException if the JRE doesn't implement the specified hash algorithm */ public bool verify(byte[] m, byte[] sig, SignaturePublicKey pub) { try { byte[] msgHash = hashAlg.ComputeHash(m); return verifyHash(msgHash, sig, pub); } catch (Exception e) { throw new NtruException(e.Message); } }
/** * Constructs a new key pair from an input stream * @param is an input stream * @throws NtruException if an {@link IOException} occurs */ public SignatureKeyPair(MemoryStream ins) { pub = new SignaturePublicKey(ins); priv = new SignaturePrivateKey(ins); }
/** * Constructs a new key pair. * @param priv a private key * @param pub a public key */ public SignatureKeyPair(SignaturePrivateKey priv, SignaturePublicKey pub) { this.priv = priv; this.pub = pub; }