org.cryptimeleon.craco.sig.sps.akot15.pos

Class SPSPOSSignatureScheme

java.lang.Object

org.cryptimeleon.craco.sig.sps.akot15.pos.SPSPOSSignatureScheme

All Implemented Interfaces:

MultiMessageSignatureScheme, MultiMessageStructurePreservingSignatureScheme, SignatureScheme, SPSMessageSpaceVerifier, StandardMultiMessageSignatureScheme, StandardSignatureScheme, org.cryptimeleon.math.serialization.annotations.RepresentationRestorer, org.cryptimeleon.math.serialization.Representable, org.cryptimeleon.math.serialization.StandaloneRepresentable

public class SPSPOSSignatureScheme
extends java.lang.Object
implements MultiMessageStructurePreservingSignatureScheme, SPSMessageSpaceVerifier

An implementation of the partially one-time SPS scheme presented in [1] While the scheme is intended to be a building block of the larger SPS scheme SPSFSP2SignatureScheme, the implementation can be used on its own, where it is one-time CMA secure under the Double Pairing assumption as defined in [1]. Note: The calculation of the commitments differs slightly when the scheme is used in the context of SPSFSP2SignatureScheme: As the scheme combines TCAKOT15CommitmentScheme -- which is based on this scheme -- with SPSXSIGSignatureScheme, the scheme must calculate 2 additional elements for its commitments (with are then signed by XSIG). [1] Abe et al.: Fully Structure-Preserving Signatures and Shrinking Commitments. https://eprint.iacr.org/2015/076.pdf

Constructor Summary

Constructors

Constructor and Description
SPSPOSSignatureScheme(AKOT15SharedPublicParameters pp)
SPSPOSSignatureScheme(org.cryptimeleon.math.serialization.Representation repr)

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object o)
SignatureKeyPair<SPSPOSVerificationKey,SPSPOSSigningKey>	generateKeyPair(int numberOfMessages) Generates a key pair for signing a block of numberOfMessages messages with each signature.
int	getMaxNumberOfBytesForMapToPlaintext() Returns the maximal number of bytes that can be mapped injectively to a PlainText by SignatureScheme.mapToPlaintext(byte[], SigningKey) and SignatureScheme.mapToPlaintext(byte[], VerificationKey).
org.cryptimeleon.math.serialization.Representation	getRepresentation()
int	hashCode()
PlainText	mapToPlaintext(byte[] bytes, SigningKey sk) Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).
PlainText	mapToPlaintext(byte[] bytes, VerificationKey pk) Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).
PlainText	restorePlainText(org.cryptimeleon.math.serialization.Representation repr)
Signature	restoreSignature(org.cryptimeleon.math.serialization.Representation repr)
SigningKey	restoreSigningKey(org.cryptimeleon.math.serialization.Representation repr)
VerificationKey	restoreVerificationKey(org.cryptimeleon.math.serialization.Representation repr)
SPSPOSSignature	sign(PlainText plainText, SigningKey secretKey) Signs the giving plaintext using the given signing key.
SPSPOSSignature	sign(PlainText plainText, SigningKey secretKey, org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement oneTimeKey) While a one-time key is stored in the secretKey, the scheme allows for a separate one-time key to be passed to the scheme.
void	updateOneTimeKey(SignatureKeyPair<SPSPOSVerificationKey,SPSPOSSigningKey> keyPair) Updates the given keyPair with a new set of one-time keys.
java.lang.Boolean	verify(PlainText plainText, Signature signature, VerificationKey publicKey) Verifies the given signature for the given plaintext using the given verification key.
java.lang.Boolean	verify(PlainText plainText, Signature signature, VerificationKey publicKey, org.cryptimeleon.math.structures.groups.GroupElement oneTimeVerificationKey) While a one-time key is stored in the publicKey, the scheme allows for a separate one-time key to be passed to the scheme.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.craco.sig.MultiMessageStructurePreservingSignatureScheme

sign, sign, verify, verify

Methods inherited from interface org.cryptimeleon.craco.sig.StandardMultiMessageSignatureScheme

generateKeyPair

Methods inherited from interface org.cryptimeleon.craco.sig.MultiMessageSignatureScheme

sign, sign, verify, verify

Methods inherited from interface org.cryptimeleon.craco.sig.SignatureScheme

restoreFromRepresentation, sign, verify

Methods inherited from interface org.cryptimeleon.craco.sig.sps.SPSMessageSpaceVerifier

doMessageChecks

Constructor Detail

SPSPOSSignatureScheme

public SPSPOSSignatureScheme(AKOT15SharedPublicParameters pp)

SPSPOSSignatureScheme

public SPSPOSSignatureScheme(org.cryptimeleon.math.serialization.Representation repr)

Method Detail

generateKeyPair

public SignatureKeyPair<SPSPOSVerificationKey,SPSPOSSigningKey> generateKeyPair(int numberOfMessages)

Description copied from interface: StandardMultiMessageSignatureScheme

Generates a key pair for signing a block of numberOfMessages messages with each signature.

Specified by:

generateKeyPair in interface StandardMultiMessageSignatureScheme

Parameters:

numberOfMessages - the number of messages as input to sign supported by this key pair

updateOneTimeKey

public void updateOneTimeKey(SignatureKeyPair<SPSPOSVerificationKey,SPSPOSSigningKey> keyPair)

Updates the given keyPair with a new set of one-time keys.

sign

public SPSPOSSignature sign(PlainText plainText,
                            SigningKey secretKey)

Description copied from interface: SignatureScheme

Signs the giving plaintext using the given signing key. The signing key should contain all information necessary to sign, therefore public key is not needed.

Specified by:

sign in interface SignatureScheme

Parameters:

plainText - the message to sign

secretKey - the secret signing key

Returns:

signature on plainText computed using secretKey

sign

public SPSPOSSignature sign(PlainText plainText,
                            SigningKey secretKey,
                            org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement oneTimeKey)

While a one-time key is stored in the secretKey, the scheme allows for a separate one-time key to be passed to the scheme. This makes it easier to use this scheme as a building block. Note: Implementations using this scheme are responsible for ensuring that the one-time keys are not reused.

verify

public java.lang.Boolean verify(PlainText plainText,
                                Signature signature,
                                VerificationKey publicKey)

Description copied from interface: SignatureScheme

Verifies the given signature for the given plaintext using the given verification key.

Specified by:

verify in interface SignatureScheme

Parameters:

plainText - the plaintext the signature should validate against

signature - the signature to verify

publicKey - the verification key to verify with

Returns:

true if verification succeeds, false else

verify

public java.lang.Boolean verify(PlainText plainText,
                                Signature signature,
                                VerificationKey publicKey,
                                org.cryptimeleon.math.structures.groups.GroupElement oneTimeVerificationKey)

While a one-time key is stored in the publicKey, the scheme allows for a separate one-time key to be passed to the scheme. This makes it easier to use this scheme as a building block. Note: Implementations using this scheme are responsible for ensuring that the one-time keys are not reused.

restorePlainText

public PlainText restorePlainText(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restorePlainText in interface SignatureScheme

restoreSignature

public Signature restoreSignature(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreSignature in interface SignatureScheme

restoreSigningKey

public SigningKey restoreSigningKey(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreSigningKey in interface SignatureScheme

restoreVerificationKey

public VerificationKey restoreVerificationKey(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreVerificationKey in interface SignatureScheme

mapToPlaintext

public PlainText mapToPlaintext(byte[] bytes,
                                VerificationKey pk)

Description copied from interface: SignatureScheme

Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).

It only guarantees injectivity for arrays of the same length. Applications that would like to use mapToPlaintext with multiple different array lengths may want to devise a padding method and then only call mapToPlaintext with byte arrays of the same (padded) length.

The contract is that VerificationKey pk and SigningKey sk are compatible (in the sense that verify(m,sign(m, sk),pk) == true), then mapToPlaintext(bytes, pk)) equals mapToPlaintext(bytes, sk) for all bytes.

Specified by:

mapToPlaintext in interface SignatureScheme

Parameters:

bytes - bytes to be mapped to a PlainText

pk - the verification key for which the resulting PlainText should be valid (note that the plaintext space may differ for different verification keys).

Returns:

the corresponding plaintext

mapToPlaintext

public PlainText mapToPlaintext(byte[] bytes,
                                SigningKey sk)

Description copied from interface: SignatureScheme

Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).

It only guarantees injectivity for arrays of the same length. Applications that would like to use mapToPlaintext with multiple different array lengths may want to devise a padding method and then only call mapToPlaintext with byte arrays of the same (padded) length.

The contract is that VerificationKey pk and SigningKey sk are compatible (in the sense that verify(m,sign(m, sk),pk) == true), then mapToPlaintext(bytes, pk)) equals mapToPlaintext(bytes, sk) for all bytes.

Specified by:

mapToPlaintext in interface SignatureScheme

Parameters:

bytes - bytes to be mapped to a PlainText

sk - the signing key for which the resulting PlainText should be valid (note that the plaintext space may differ for different signing keys).

Returns:

the corresponding plaintext

getMaxNumberOfBytesForMapToPlaintext

public int getMaxNumberOfBytesForMapToPlaintext()

Description copied from interface: SignatureScheme

Returns the maximal number of bytes that can be mapped injectively to a PlainText by SignatureScheme.mapToPlaintext(byte[], SigningKey) and SignatureScheme.mapToPlaintext(byte[], VerificationKey).

As described in SignatureScheme.mapToPlaintext(byte[], org.cryptimeleon.craco.sig.VerificationKey) there might be no injective PlainText for some byte arrays, e.g. if the byte array is too long. Therefore, this method provides the maximal number of bytes that can be mapped injectively to a PlainText.

Specified by:

getMaxNumberOfBytesForMapToPlaintext in interface SignatureScheme

Returns:

maximal number of bytes that can be given to SignatureScheme.mapToPlaintext(byte[], org.cryptimeleon.craco.sig.VerificationKey).

getRepresentation

public org.cryptimeleon.math.serialization.Representation getRepresentation()

Specified by:

getRepresentation in interface org.cryptimeleon.math.serialization.Representable

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object