ALBANESE Research Lab 🔍
Software Engineering & Systems Integration Solutions
"Every man has some reminiscences which he would not tell to everyone, but only to his friends. He has others which he would not reveal even to his friends, but only to himself, and that in secret. But finally there are still others which a man is even afraid to tell himself, and every decent man has a considerable number of such things stored away. That is, one can even say that the more decent he is, the greater the number of such things in his mind." -Fyodor Dostoyevsky
Dossier
Github Profile
Main Thesis (or Hypothesis)
This is a checking algorithm that validates a user's private key without revealing it. Is Zero-Knowledge Proof (ZKP) Schnorr-like, Fiat-Shamir Heuristic-like, i.e. non-interactive (NIZK), designed to work with bilinear curves. It ensures that the user knows a valid \( sk \), and that \( sk \) is correctly linked to the \( pk \):
Key Generation
1. Private Key: \( sk \in \mathbb{Z}_n \), where \( \mathbb{Z}_n \) is the finite field used for private keys and \( n \) is the order of the elliptic curve.
2. Public Key: \( pk = sk \cdot G_2 \), where \( G_2 \) is the base point of the elliptic curve, and \( pk \) is the public key.
Zero-Knowledge Proof (ZKP) for Bilinear Elliptic Curves
1. Commitment: \(C = r \cdot G_2\), where \(r\) is a secure random number, \(G_2\) is the elliptic curve base point.
2. Challenge: \(\chi = H(C \parallel m)\), where \(H\) is a cryptographic hash function, \(m\) is the message/context.
3. Response: \(s = r + \chi \cdot sk\), where \(sk\) is the user's private key and \(\chi\) is the computed challenge.
4. Verification: Check if \(e(s \cdot G_1, G_2) \stackrel{?}{=} e(G_1, C + (\chi \cdot pk))\), where \(e\) is the bilinear pairing.
5. Validation: If the equality holds, the proof is valid.
Verification relies on the properties of bilinear pairing
1. Linearity: \(e(s \cdot G_1, G_2) = e(G_1, G_2)^{s} = e(G_1, G_2)^{r + \chi \cdot sk}\)
2. Substitution: \(e(G_1, G_2)^{r + \chi \cdot sk} = e(G_1, C + \chi \cdot pk)\)
3. Expansion: \(e(G_1, C + \chi \cdot pk) = e(G_1, r \cdot G_2 + \chi \cdot sk \cdot G_2) = e(G_1, G_2)^{r + \chi \cdot sk}\)
Go Playground
Test this algorithm here.
Identity-Based Encryption (IBE)
Identity-Based Encryption (IBE) scheme is a public key cryptosystem that allows a user's public key to be derived directly from a unique identifier, such as an email address. The system consists of a trusted authority (the Private Key Generator, or PKG) that holds a master secret key. During setup, the PKG generates a public key and master secret, and publishes system parameters. To derive a user's private key, the PKG applies a cryptographic hash function to the user's identity to map it to a point on an elliptic curve, then multiplies this point by the master secret. To encrypt a message for a given identity, the sender selects a random scalar, computes an ephemeral public value, and evaluates a bilinear pairing between the identity point and the system's public key raised to the random scalar. This result is hashed to derive a session key, which is then used to symmetrically encrypt the message. Decryption is done using the recipient's private key, which allows reconstruction of the pairing result and recovery of the session key. IBE offers the advantage of simplified key management, particularly useful in environments where a traditional public key infrastructure (PKI) is impractical.
FullIdent IND-CCA2 Boneh-Franklin IBE
Setup
1. Master Secret Key: \( s \in \mathbb{Z}_q \), chosen by the Private Key Generator (PKG).
2. Public Parameters: includes \( P \in \mathbb{G}_2 \), \( P_{\text{pub}} = s \cdot P \in \mathbb{G}_2 \), and cryptographic hash functions \( H_1, H_2 \) (e.g., HKDF-SHA256).
Key Extraction
1. User provides identity string: \( \mathrm{ID} \in \{0,1\}^* \).
2. Compute identity point: \( Q_{\text{ID}} = H_1(\mathrm{ID}) \in \mathbb{G}_1 \).
3. Private Key for user: \( sk_{\text{ID}} = s \cdot Q_{\text{ID}} \in \mathbb{G}_1 \).
Encryption
1. Message: \( m \in \{0,1\}^* \).
2. Nonce: choose random \( r \in \mathbb{Z}_q \).
3. Compute ephemeral key: \( U = r \cdot P \in \mathbb{G}_2 \).
4. Compute identity point: \( Q_{\text{ID}} = H_1(\mathrm{ID}) \in \mathbb{G}_1 \).
5. Compute pairing: \( g = e(Q_{\text{ID}}, P_{\text{pub}})^r \in \mathbb{G}_T \).
6. Derive keys: \( S_1 = \mathrm{HKDF}(g, \text{"encryption"}) \), \( S_2 = \mathrm{HKDF}(g, \text{"authentication"}) \).
7. Encrypt message: \( V[i] = m[i] \oplus S_1[i \bmod |S_1|] \).
8. Compute authentication tag: \( T = \mathrm{HMAC}(V \parallel U, S_2) \).
9. Ciphertext: \( (U, V, T) \), where \( U \in \mathbb{G}_2 \), \( V \) is the ciphertext, and \( T \) is the MAC tag.
Decryption
1. Input: ciphertext \( (U, V, T) \), private key \( sk_{\text{ID}} = s \cdot Q_{\text{ID}} \in \mathbb{G}_1 \).
2. Compute pairing: \( g' = e(sk_{\text{ID}}, U) = e(s \cdot Q_{\text{ID}}, r \cdot P) = e(Q_{\text{ID}}, P_{\text{pub}})^r \in \mathbb{G}_T \).
3. Derive keys: \( S_1' = \mathrm{HKDF}(g', \text{"encryption"}) \), \( S_2' = \mathrm{HKDF}(g', \text{"authentication"}) \).
4. Verify MAC: compute \( T' = \mathrm{HMAC}(V \parallel U, S_2') \); if \( T \neq T' \), reject.
5. Decrypt message: \( m'[i] = V[i] \oplus S_1'[i \bmod |S_1'|] \).
6. Verification: if MAC is valid, output \( m' \); otherwise reject.
Go Playground
Test this algorithm here.
Identity-Based Signature (IBS)
Cha-Cheon Theorem
The Cha-Cheon signature scheme is an identity-based digital signature method that eliminates the need for traditional public key certificates. It relies on a trusted authority, known as the Private Key Generator (PKG), to generate a master secret and a corresponding public key. Users receive their private keys derived from their identity strings, such as an email address, which are securely mapped to points on an elliptic curve using cryptographic hash functions. To sign a message, the user selects a random value, computes intermediate values based on their identity and the message, and produces a signature consisting of two components. Verification involves reconstructing expected values from the identity and message, and then using a bilinear pairing operation to confirm the validity of the signature. The scheme is efficient and well-suited for environments where managing public key infrastructure is impractical.
Setup
1. Master Secret Key: \( s \in \mathbb{Z}_q \), randomly chosen by the Private Key Generator (PKG).
2. Master Public Key: \( mpk = s \cdot P_2 \), where \( P_2 \) is the generator of group \(\mathbb{G}_2\).
Key Extraction
1. The user provides an identity string: \( \text{ID} \in \{0,1\}^* \).
2. The identity is hashed to a point: \( Q_{\text{ID}} = H_2(\text{ID}) \in \mathbb{G}_1 \).
3. The user's private key is computed: \( d_{\text{ID}} = s \cdot Q_{\text{ID}} \in \mathbb{G}_1 \).
Sign
1. Choose a random nonce: \( r \in \mathbb{Z}_q \).
2. Compute: \( U = r \cdot Q_{\text{ID}} \in \mathbb{G}_1 \).
3. Compute the hash of the message \( m \) and \( U \): \( h = H_1(m \parallel U) \in \mathbb{Z}_q \).
4. Compute: \( V = (r + h) \cdot d_{\text{ID}} \in \mathbb{G}_1 \).
5. The signature is: \( \sigma = (U, V) \).
Verify
1. Recompute: \( Q_{\text{ID}} = H_2(\text{ID}) \in \mathbb{G}_1 \).
2. Recompute the hash: \( h = H_1(m \parallel U) \in \mathbb{Z}_q \).
3. Compute: \( R = U + h \cdot Q_{\text{ID}} \in \mathbb{G}_1 \).
4. Verify if: \( e(V, P_2) = e(R, mpk) \in \mathbb{G}_T \).
5. If the equation holds, the signature is valid.
ShangMi Theorem
This algorithm implements an identity-based signature scheme using the BLS12-381 elliptic curve. It begins with a setup phase where a master secret key is randomly generated along with a corresponding master public key. A user's private key is derived from their identity by hashing the identity string and combining it with the master secret key through an inversion operation on the scalar field. To sign a message, a random nonce is chosen, and a pairing-based computation produces an ephemeral value that is hashed together with the message to generate a challenge scalar. The signature consists of a group element computed from the nonce, challenge, and the user's private key. Verification involves reconstructing the challenge by pairing the signature with a combination of the master public key and the hashed identity, then checking that this matches the original challenge hash, ensuring the signature's validity without requiring explicit public keys.
Setup
1. Master Secret Key: \( s \in \mathbb{Z}_q \), randomly chosen by the Private Key Generator (PKG).
2. Master Public Key: \( mpk = s \cdot P_2 \), where \( P_2 \) is the generator of group \(\mathbb{G}_2\).
Key Extraction
1. User provides an identity string: \( \text{ID} \in \{0,1\}^* \).
2. Hash the identity to a scalar: \( h = H_1(\text{ID}) \in \mathbb{Z}_q \).
3. Compute inverse scalar: \( inv = \frac{1}{s + h} \in \mathbb{Z}_q \).
4. Generate user private key: \( sk_{\text{ID}} = inv \cdot P_1 \in \mathbb{G}_1 \), where \( P_1 \) is the generator of group \(\mathbb{G}_1\).
Sign
1. Choose a random nonce: \( r \in \mathbb{Z}_q \).
2. Compute base pairing: \( g = e(P_1, P_2) \in \mathbb{G}_T \).
3. Compute \( w = g^r \in \mathbb{G}_T \).
4. Hash the message \( m \) concatenated with \( w \): \( h = H_2(m \parallel w) \in \mathbb{Z}_q \).
5. Compute signature: \( S = (r - h) \cdot sk_{\text{ID}} \in \mathbb{G}_1 \).
Verify
1. Hash the identity: \( h_{id} = H_1(\text{ID}) \in \mathbb{Z}_q \).
2. Compute \( Q = mpk + h_{id} \cdot P_2 \in \mathbb{G}_2 \).
3. Compute \( left = e(S, Q) \in \mathbb{G}_T \).
4. Compute \( right = g^h \in \mathbb{G}_T \), where \( g = e(P_1, P_2) \).
5. Compute \( w' = left \cdot right \in \mathbb{G}_T \).
6. Hash the message concatenated with \( w' \): \( h' = H_2(m \parallel w') \in \mathbb{Z}_q \).
7. Verify if \( h = h' \).
8. If equality holds, the signature is valid.
Go Playground
Test ShangMi approach here, and the Cha-Cheon (PKC 2003) approach here.
Achievement Badges
Achievement Badges on SourceForge are badges that are awarded to projects hosted on the platform in recognition of specific achievements. These achievements may vary based on criteria set by the SourceForge team and can include significant milestones such as the number of downloads, community activity, special recognitions, or participation in specific programs. Below, some badges of my ports:
|
  |
|
  |
|
  |
|
  |
|
  |
|
  |
Main Prototypes:
GOST Toolkit v1.2.7
GOST Security Suite written in Go
Multi-purpose cross-platform cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC), digital signature, shared key agreement (VKO), password-based key derivation function (PBKDF2) and TLS 1.2 for small or embedded systems.GOST is GOvernment STandard of Russian Federation:
GOST refers to a set of technical standards maintained by the Euro-Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of Independent States (CIS).
Roll of Algorithms:
☠GOST 28147-89 64-bit block cipher (RFC 5830)
☠GOST R 34.11-94 hash function (RFC 5831)
☠GOST R 50739-95 data sanitization method (non-cryptographic)
☠GOST R 34.10-2001 public key signature function (RFC 5832)
☠GOST R 34.10-2001 VKO (выработка ключа общего) key agreement function (RFC 4357)
☠GOST R 34.10-2012 public key signature function (RFC 7091)
☠GOST R 34.10-2012 VKO (выработка ключа общего) key agreement function (RFC 7836)
☠GOST R 34.11-2012 Стрибог (Streebog) hash function (RFC 6986)
☠GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
☠GOST R 34.12-2015 64-bit block cipher Магма (Magma) (RFC 8891)
☠MGM AEAD mode for 64 and 128 bit ciphers (RFC 9058)
Source code: https://github.com/pedroalbanese/gosttk
Download: Win32 | Win64 | Linux x86 | Linux amd64 | Linux armel
Read more here.
GMSM Toolkit v1.2.3
GMSM Security Suite written in Go
Multi-purpose cross-platform cryptography tool for asymmetric/symmetric encryption, digital signature, shared key agreement, cipher-based message authentication code (CMAC), hash digest, hash-based message authentication code (HMAC), password-based key derivation function (PBKDF2) and TLS 1.2 protocol.
GMSM is Government Standard of People's Republic of China:
National secret SM2/SM3/SM4 algorithms based on Go language. SM2 is a public key cryptographic algorithm based on elliptic curves, used for e.g. generation and verification of digital signatures; SM3, a hashing algorithm comparable to SHA-256; and SM4, a block cipher algorithm for symmetric cryptography comparable to AES-128. These standards are becoming widely used in Chinese commercial applications such as banking and telecommunications and are sometimes made mandatory for products procured by Chinese government agencies. SM4 is part of the ARMv8.4-A expansion to the ARM architecture.
Chinese National Standard Algorithms:
☠GM/T 0003-2012 - SM2 Public key algorithm 256-bit.
☠GM/T 0004-2012 - SM3 Message digest algorithm 256-bit hash value.
☠GM/T 0002-2012 - SM4 Block cipher with 128-bit key.
☠GM/T 0001-2012 - ZUC Zu Chongzhi stream cipher 128/256-bit key.
Source code: https://github.com/pedroalbanese/gmsmtk
Download: Win32 | Linux x86 | Linux amd64 | Linux armel
KISA Toolkit v1.0.0
KISA Security Suite written in Go
Multi-purpose cross-platform cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC) and PBKDF2 function.
KISA is Korea Internet & Security Agency:
Golang implementation of cryptographic algorithms designed by Republic of Korea. ARIA is a block cipher that uses a substitution-permutation network structure based on AES, designed in 2003 by a large group of South Korean researchers. In 2004, the Korean Agency for Technology and Standards selected it as a standard cryptographic technique. SEED is a 128-bit block cipher and HIGHT is a 64-bit block cipher both developed by the Korea Internet & Security Agency (KISA).
Korean National Standard Algorithms:
• KS X 1213-1 ARIA 128-bit block cipher with 128/192/256-bit keys.
• TTAK.KO-12.0276 LSH Message digest algorithm 256/512-bit hash value.
• TTAK.KO-12.0223 LEA 128-bit block cipher with 128/192/256-bit keys.
• ISO/IEC 18033-3 SEED 128-bit block cipher with 128/256-bit keys.
• ISO/IEC 18033-3 HIGHT 64-bit block cipher with 128bit key.
Source code: https://github.com/pedroalbanese/kisatk (Come soon)
Download: Win32 | Linux x86 | Linux amd64 | Linux armel
LICENSE
Copyright (c) 2021 Pedro F. Albanese <pedroalbanese@hotmail.com>
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
