在 pycrypto 中为 RSA 使用致盲因子
Using a blinding factor for RSA in pycrypto
在 python 中,我正在尝试隐藏和取消隐藏一条消息。当我取消隐藏消息时,我没有收到原始消息。有谁知道我可能做错了什么。以下是我的代码:
s = 'Hello'
loadedPublic = get_publickey()
loadedPrivate = get_privatekey()
pub = loadedPublic.blind(s,23L)
pub2 = loadedPublic.unblind(pub,23L)
return HttpResponse(pub2)
盲化是一种使用随机元素的加密。它通常用于 Blind Signatures,看起来像这样:
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from random import SystemRandom
# Signing authority (SA) key
priv = RSA.generate(3072)
pub = priv.publickey()
## Protocol: Blind signature ##
# must be guaranteed to be chosen uniformly at random
r = SystemRandom().randrange(pub.n >> 10, pub.n)
msg = "my message" * 50 # large message (larger than the modulus)
# hash message so that messages of arbitrary length can be signed
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
# user computes
msg_blinded = pub.blind(msgDigest, r)
# SA computes
msg_blinded_signature = priv.sign(msg_blinded, 0)
# user computes
msg_signature = pub.unblind(msg_blinded_signature[0], r)
# Someone verifies
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
print("Message is authentic: " + str(pub.verify(msgDigest, (msg_signature,))))
This是这样实现的,所以不能直接对消息进行解盲,因为你没有d,所以必须先对被屏蔽的元素进行签名。为了使盲签名安全,需要在签名模数范围内随机生成盲因子r。
在 python 中,我正在尝试隐藏和取消隐藏一条消息。当我取消隐藏消息时,我没有收到原始消息。有谁知道我可能做错了什么。以下是我的代码:
s = 'Hello'
loadedPublic = get_publickey()
loadedPrivate = get_privatekey()
pub = loadedPublic.blind(s,23L)
pub2 = loadedPublic.unblind(pub,23L)
return HttpResponse(pub2)
盲化是一种使用随机元素的加密。它通常用于 Blind Signatures,看起来像这样:
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from random import SystemRandom
# Signing authority (SA) key
priv = RSA.generate(3072)
pub = priv.publickey()
## Protocol: Blind signature ##
# must be guaranteed to be chosen uniformly at random
r = SystemRandom().randrange(pub.n >> 10, pub.n)
msg = "my message" * 50 # large message (larger than the modulus)
# hash message so that messages of arbitrary length can be signed
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
# user computes
msg_blinded = pub.blind(msgDigest, r)
# SA computes
msg_blinded_signature = priv.sign(msg_blinded, 0)
# user computes
msg_signature = pub.unblind(msg_blinded_signature[0], r)
# Someone verifies
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
print("Message is authentic: " + str(pub.verify(msgDigest, (msg_signature,))))
This是这样实现的,所以不能直接对消息进行解盲,因为你没有d,所以必须先对被屏蔽的元素进行签名。为了使盲签名安全,需要在签名模数范围内随机生成盲因子r。