HIBKEM

README

Implementation of Hierarchical Identity-Based Key-Encapsulation Mechanism

It implements an Hierarchical Identity-Based Key-Encapsulation Mechanism. The implementation is derived from https://github.com/samkumar/hibe.

It employs the IBE scheme from [BBG05]. In addition, it is shipped with the PunctureTree algorithm from [GHJL17].

Reference

[GHJL17] Felix Günther, Britta Hale, Tibor Jager, and Sebastian Lauer. 0-RTT Key Exchange with Full Forward Secrecy. Cryptology ePrint Archive, Report 2017/223, 2017. https://ia.cr/2017/223.

[BBG05] Dan Boneh, Xavier Boyen, and Eu-Jin Goh. Hierarchical identity based encryption with constant size ciphertext. Cryptology ePrint Archive, Report 2005/015, 2005. http://ia.cr/2005/015.

Documentation

Index

• Constants
• func Encapsulate(r io.Reader, params *Params, id string) (*SessionKey, *Ciphertext, error)
• func HashToZp(bytestring []byte) *big.Int
• func HashToZpStar(bytestring []byte) *big.Int
• func IsAncestor(testing, n string) bool
• func IsDescendant(testing, n string) bool
• func PunctureTree(params *Params, nodeset []*PrivateKey, n string) ([]*PrivateKey, []*PrivateKey)
• func Setup(r io.Reader, l int) (*Params, *PrivateKey, error)
• type Ciphertext
  • func (ct *Ciphertext) Marshal() []byte
  • func (ct *Ciphertext) Unmarshal(ret []byte) (*Ciphertext, error)
• type Params
  • func (params *Params) PreComputeGT()
• type PrivateKey
  • func KeyGen(r io.Reader, params *Params, ancestor *PrivateKey, id string) (*PrivateKey, error)
• type SessionKey
  • func Decapsulate(key *PrivateKey, ciphertext *Ciphertext) *SessionKey

Constants

const (
	G1Count = 1 << 1      //g1： *2
	G2Count = 1 << 2      //g2:  *4
	GTCount = 1<<2 + 1<<3 //gt:  *12
)

Functions

func Encapsulate

func Encapsulate(r io.Reader, params *Params, id string) (*SessionKey, *Ciphertext, error)

Encapsulate generates a symmetric key under the provided ID

func HashToZp

func HashToZp(bytestring []byte) *big.Int

func HashToZpStar

func HashToZpStar(bytestring []byte) *big.Int

HashToZp hashes a byte slice to an integer in Zp*.

func IsAncestor

func IsAncestor(testing, n string) bool

//////////////////////////////

func IsDescendant

func IsDescendant(testing, n string) bool

check if testing is a descendant of n

func PunctureTree

func PunctureTree(params *Params, nodeset []*PrivateKey, n string) ([]*PrivateKey, []*PrivateKey)

puncture tree

func Setup

func Setup(r io.Reader, l int) (*Params, *PrivateKey, error)

Setup generates the system parameters and the master secret key. Parameter "l" is the system-supported maximum depth.

Types

type Ciphertext

type Ciphertext struct {
	B *bn256.G2
	C *bn256.G1
}

Ciphertext

func (*Ciphertext) Marshal

func (ct *Ciphertext) Marshal() []byte

Marshal encodes the ct as a byte slice.

func (*Ciphertext) Unmarshal

func (ct *Ciphertext) Unmarshal(ret []byte) (*Ciphertext, error)

Unmarshal recovers the ct from an encoded byte slice.

type Params

type Params struct {
	G  *bn256.G2
	G1 *bn256.G2
	G2 *bn256.G1
	G3 *bn256.G1
	H  []*bn256.G1

	//in this implementation, it will be set to an empty string
	// todo: using bigint
	RootID string

	// pre-computed generator, e(g_1, g_2)
	Pairing *bn256.GT
}

Public parameters

func (*Params) PreComputeGT

func (params *Params) PreComputeGT()

pre-compute the generator of G_T

type PrivateKey

type PrivateKey struct {
	A0 *bn256.G1
	A1 *bn256.G2
	B  []*bn256.G1

	//the coresponding ID
	ID string
}

Private key for an ID in a hierarchy If this is the master key, then A1 = nil, B is empty

func KeyGen

func KeyGen(r io.Reader, params *Params, ancestor *PrivateKey, id string) (*PrivateKey, error)

KeyGen generates a scecret key for an ID using its ancestor's private key including the matster secret key. WARNING: Using a ill-structed ancestor will result in UNDIFINED behavior.

type SessionKey

type SessionKey = bn256.GT

symmetric key

func Decapsulate

func Decapsulate(key *PrivateKey, ciphertext *Ciphertext) *SessionKey

Decapsulate recovers the sysmetric key from the provided ciphertext