org.cryptimeleon.craco.sig.sps.eq

Class SPSEQSignatureScheme

java.lang.Object

org.cryptimeleon.craco.sig.sps.eq.SPSEQSignatureScheme

All Implemented Interfaces:

MultiMessageSignatureScheme, MultiMessageStructurePreservingSignatureScheme, SignatureScheme, StandardMultiMessageSignatureScheme, StandardSignatureScheme, StructurePreservingSignatureEQScheme, org.cryptimeleon.math.serialization.annotations.RepresentationRestorer, org.cryptimeleon.math.serialization.Representable, org.cryptimeleon.math.serialization.StandaloneRepresentable

public class SPSEQSignatureScheme
extends java.lang.Object
implements StructurePreservingSignatureEQScheme

Signature scheme that was originally presented in [1] by Fuchsbauer, Hanser, and Slamanig. The result is structure-preserving signatures on equivalence classes. This is the version for messages from G_1. A version for messages in G_2 can be obtained by swapping membership of all elements.

Bilinear map type: 3

[1] Georg Fuchsbauer and Christian Hanser and Daniel Slamanig, "Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials", in Cryptology ePrint Archive, Report 2014/944, 2014.

Field Summary

Fields

Modifier and Type	Field and Description
protected SPSEQPublicParameters	pp Public parameters of the signature scheme.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SPSEQSignatureScheme()
	SPSEQSignatureScheme(org.cryptimeleon.math.serialization.Representation repr)
	SPSEQSignatureScheme(SPSEQPublicParameters pp)

Method Summary

Modifier and Type	Method and Description
Signature	chgRep(Signature signature, org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu, VerificationKey publicKey) Returns a signature for the new representative computed based on the previous representative and the given scalar mu.
PlainText	chgRepMessage(PlainText plainText, org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu) Computes and returns the new representative computed based on the previous representative plainText and the given scalar mu.
Signature	chgRepWithVerify(PlainText plainText, Signature signature, org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu, VerificationKey publicKey) Same as StructurePreservingSignatureEQScheme.chgRep(Signature, Zn.ZnElement, VerificationKey) but verifies the signature before changing representative.
boolean	equals(java.lang.Object other)
SignatureKeyPair<SPSEQVerificationKey,SPSEQSigningKey>	generateKeyPair(int numberOfMessages) Generates a key pair for signing a block of numberOfMessages messages with each signature.
int	getMaxNumberOfBytesForMapToPlaintext() Returns the maximal number of bytes that can be mapped injectively to a PlainText by SignatureScheme.mapToPlaintext(byte[], SigningKey) and SignatureScheme.mapToPlaintext(byte[], VerificationKey).
SPSEQPublicParameters	getPp()
org.cryptimeleon.math.serialization.Representation	getRepresentation()
int	hashCode()
MessageBlock	mapToPlaintext(byte[] bytes, SigningKey sk) Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).
MessageBlock	mapToPlaintext(byte[] bytes, VerificationKey pk) Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).
MessageBlock	restorePlainText(org.cryptimeleon.math.serialization.Representation repr)
SPSEQSignature	restoreSignature(org.cryptimeleon.math.serialization.Representation repr)
SPSEQSigningKey	restoreSigningKey(org.cryptimeleon.math.serialization.Representation repr)
SPSEQVerificationKey	restoreVerificationKey(org.cryptimeleon.math.serialization.Representation repr)
Signature	sign(PlainText plainText, SigningKey secretKey) Signs the giving plaintext using the given signing key.
java.lang.Boolean	verify(PlainText plainText, Signature signature, VerificationKey publicKey) Verifies the given signature for the given plaintext using the given verification key.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.craco.sig.MultiMessageStructurePreservingSignatureScheme

sign, sign, verify, verify

Methods inherited from interface org.cryptimeleon.craco.sig.StandardMultiMessageSignatureScheme

generateKeyPair

Methods inherited from interface org.cryptimeleon.craco.sig.MultiMessageSignatureScheme

sign, sign, verify, verify

Methods inherited from interface org.cryptimeleon.craco.sig.SignatureScheme

restoreFromRepresentation, sign, verify

Field Detail

pp

protected SPSEQPublicParameters pp

Public parameters of the signature scheme.

Constructor Detail

SPSEQSignatureScheme

protected SPSEQSignatureScheme()

SPSEQSignatureScheme

public SPSEQSignatureScheme(SPSEQPublicParameters pp)

SPSEQSignatureScheme

public SPSEQSignatureScheme(org.cryptimeleon.math.serialization.Representation repr)

Method Detail

generateKeyPair

public SignatureKeyPair<SPSEQVerificationKey,SPSEQSigningKey> generateKeyPair(int numberOfMessages)

Description copied from interface: StandardMultiMessageSignatureScheme

Generates a key pair for signing a block of numberOfMessages messages with each signature.

Specified by:

generateKeyPair in interface StandardMultiMessageSignatureScheme

Parameters:

numberOfMessages - the number of messages as input to sign supported by this key pair

sign

public Signature sign(PlainText plainText,
                      SigningKey secretKey)

Description copied from interface: SignatureScheme

Signs the giving plaintext using the given signing key. The signing key should contain all information necessary to sign, therefore public key is not needed.

Specified by:

sign in interface SignatureScheme

Parameters:

plainText - the message to sign

secretKey - the secret signing key

Returns:

signature on plainText computed using secretKey

verify

public java.lang.Boolean verify(PlainText plainText,
                                Signature signature,
                                VerificationKey publicKey)

Description copied from interface: SignatureScheme

Verifies the given signature for the given plaintext using the given verification key.

Specified by:

verify in interface SignatureScheme

Parameters:

plainText - the plaintext the signature should validate against

signature - the signature to verify

publicKey - the verification key to verify with

Returns:

true if verification succeeds, false else

chgRep

public Signature chgRep(Signature signature,
                        org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu,
                        VerificationKey publicKey)

Description copied from interface: StructurePreservingSignatureEQScheme

Returns a signature for the new representative computed based on the previous representative and the given scalar mu.

If you have not yet verified the signature on the plaintext under the given verification key, use StructurePreservingSignatureEQScheme.chgRepWithVerify(PlainText, Signature, Zn.ZnElement, VerificationKey) instead.

This method returns a signature matching the new representative of \([M]_R\), where \(M\) is the orignal plaintext. The new representative of \([M]_R\) is supposed to be generated externally by using \(M\) and element \(\mu\). The matching signature \(\sigma'\) for the new representative \(\mu \cdot M\) of \([M]_R\) is computed such that verify(M.pow(), sigma') == true.

See paper [1] for details.

Specified by:

chgRep in interface StructurePreservingSignatureEQScheme

Returns:

a new valid signature on the new representative

chgRepWithVerify

public Signature chgRepWithVerify(PlainText plainText,
                                  Signature signature,
                                  org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu,
                                  VerificationKey publicKey)

Description copied from interface: StructurePreservingSignatureEQScheme

Same as StructurePreservingSignatureEQScheme.chgRep(Signature, Zn.ZnElement, VerificationKey) but verifies the signature before changing representative.

Specified by:

chgRepWithVerify in interface StructurePreservingSignatureEQScheme

Returns:

null if the given signature is not valid for plainText under publicKey, else a valid signature on the new representative

See Also:

StructurePreservingSignatureEQScheme.chgRep(Signature, Zn.ZnElement, VerificationKey)

chgRepMessage

public PlainText chgRepMessage(PlainText plainText,
                               org.cryptimeleon.math.structures.rings.zn.Zn.ZnElement mu)

Description copied from interface: StructurePreservingSignatureEQScheme

Computes and returns the new representative computed based on the previous representative plainText and the given scalar mu.

Specified by:

chgRepMessage in interface StructurePreservingSignatureEQScheme

getRepresentation

public org.cryptimeleon.math.serialization.Representation getRepresentation()

Specified by:

getRepresentation in interface org.cryptimeleon.math.serialization.Representable

restorePlainText

public MessageBlock restorePlainText(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restorePlainText in interface SignatureScheme

restoreSignature

public SPSEQSignature restoreSignature(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreSignature in interface SignatureScheme

restoreSigningKey

public SPSEQSigningKey restoreSigningKey(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreSigningKey in interface SignatureScheme

restoreVerificationKey

public SPSEQVerificationKey restoreVerificationKey(org.cryptimeleon.math.serialization.Representation repr)

Specified by:

restoreVerificationKey in interface SignatureScheme

getPp

public SPSEQPublicParameters getPp()

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object other)

Overrides:

equals in class java.lang.Object

mapToPlaintext

public MessageBlock mapToPlaintext(byte[] bytes,
                                   VerificationKey pk)

Description copied from interface: SignatureScheme

Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).

It only guarantees injectivity for arrays of the same length. Applications that would like to use mapToPlaintext with multiple different array lengths may want to devise a padding method and then only call mapToPlaintext with byte arrays of the same (padded) length.

The contract is that VerificationKey pk and SigningKey sk are compatible (in the sense that verify(m,sign(m, sk),pk) == true), then mapToPlaintext(bytes, pk)) equals mapToPlaintext(bytes, sk) for all bytes.

Specified by:

mapToPlaintext in interface SignatureScheme

Parameters:

bytes - bytes to be mapped to a PlainText

pk - the verification key for which the resulting PlainText should be valid (note that the plaintext space may differ for different verification keys).

Returns:

the corresponding plaintext

mapToPlaintext

public MessageBlock mapToPlaintext(byte[] bytes,
                                   SigningKey sk)

Description copied from interface: SignatureScheme

Provides an injective mapping of the given bytes to a PlainText usable with this scheme (which may be a MessageBlock).

It only guarantees injectivity for arrays of the same length. Applications that would like to use mapToPlaintext with multiple different array lengths may want to devise a padding method and then only call mapToPlaintext with byte arrays of the same (padded) length.

The contract is that VerificationKey pk and SigningKey sk are compatible (in the sense that verify(m,sign(m, sk),pk) == true), then mapToPlaintext(bytes, pk)) equals mapToPlaintext(bytes, sk) for all bytes.

Specified by:

mapToPlaintext in interface SignatureScheme

Parameters:

bytes - bytes to be mapped to a PlainText

sk - the signing key for which the resulting PlainText should be valid (note that the plaintext space may differ for different signing keys).

Returns:

the corresponding plaintext

getMaxNumberOfBytesForMapToPlaintext

public int getMaxNumberOfBytesForMapToPlaintext()

Description copied from interface: SignatureScheme

Returns the maximal number of bytes that can be mapped injectively to a PlainText by SignatureScheme.mapToPlaintext(byte[], SigningKey) and SignatureScheme.mapToPlaintext(byte[], VerificationKey).

As described in SignatureScheme.mapToPlaintext(byte[], org.cryptimeleon.craco.sig.VerificationKey) there might be no injective PlainText for some byte arrays, e.g. if the byte array is too long. Therefore, this method provides the maximal number of bytes that can be mapped injectively to a PlainText.

Specified by:

getMaxNumberOfBytesForMapToPlaintext in interface SignatureScheme

Returns:

maximal number of bytes that can be given to SignatureScheme.mapToPlaintext(byte[], org.cryptimeleon.craco.sig.VerificationKey).