代理重加密中的密文转换
我正在尝试实施 代理重新加密 以证明具有以下参数的概念。
q = 31, g = 2, sk_a = 3, sk_b = 5,
sk_a 和 q 是互质数,因此 sk_a 的逆存在于 mod q 中。
proxy_key = sk_b/sk_a
其中 proxy_key 是通过将 sk_b 与 sk_a 的模逆相乘来计算的,即 (sk_b.sk_a inverse) mod q
密文: y = (g^sk_a) mod q
要转换密文,我正在使用 (y^proxy) mod q.
按照算法密文变换应该是(g^sk_b) mod q,但确实如此不适合我。
我不确定其中有什么问题。我正在使用以下代码。
BigInteger q = new BigInteger("31");
BigInteger g = new BigInteger("2");
BigInteger sk_a = new BigInteger("3");
BigInteger sk_b = new BigInteger("5");
BigInteger proxy_key = sk_b.multiply(sk_a.modInverse(q)).mod(q);
BigInteger y = g.modPow(sk_a, q);
System.out.println("Cipher Text: " + y);
BigInteger transformation = y.modPow(proxy_key, q);
System.out.println("Cipher Text Transformation: " + transformation);
I am trying to implement proxy re encryption for the proof of concept with the following parameters.
q = 31, g = 2, sk_a = 3, sk_b = 5,
sk_a and q are co-primes thus inverse of sk_a exits in mod q.
proxy_key = sk_b/sk_a
where proxy_key is calculated by multiply sk_b with modular inverse of sk_a i.e., (sk_b.sk_a inverse) mod q
cipher text: y = (g^sk_a) mod q
To transform cipher text I am using (y^proxy) mod q.
Accoding to the algorithm cipher text transformation should turn out to be (g^sk_b) mod q, but it does not work for me.
I am not sure what's the catch in it. I am using the following code.
BigInteger q = new BigInteger("31");
BigInteger g = new BigInteger("2");
BigInteger sk_a = new BigInteger("3");
BigInteger sk_b = new BigInteger("5");
BigInteger proxy_key = sk_b.multiply(sk_a.modInverse(q)).mod(q);
BigInteger y = g.modPow(sk_a, q);
System.out.println("Cipher Text: " + y);
BigInteger transformation = y.modPow(proxy_key, q);
System.out.println("Cipher Text Transformation: " + transformation);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您有两个问题:
2 不是模 31 的原根,因此您的“g”不是乘法组的生成器。您可以使用 3 代替。
看起来有人在解释 Blaze、Bleumer & 时犯了一个错误。施特劳斯。您需要计算 b/a 模 phi(q) 而不是模 q。然后您可以使用欧拉定理来证明重新加密是有效的。当 a^-1 以 q 为模计算时,(g^a)^(a^-1)=g (mod q) 是不正确的。这也意味着 sk_a 和 sk_b 应该与 phi(q) 互质。尝试使用 7 和 11 代替。
以下内容应该按您的预期工作:
You have two problems:
2 is not a primitive root modulo 31, so your "g" is not a generator for the multiplicative group. You can use 3 instead.
It looks like somebody made a mistake when explaining Blaze, Bleumer & Strauss. You need to calculate b/a modulo phi(q) instead of modulo q. Then you can use Euler's theorem to show that the reencryption works. It is not true that (g^a)^(a^-1)=g (mod q) when a^-1 is calculated modulo q. This also means that sk_a and sk_b should be relatively prime to phi(q). Try using 7 and 11 instead.
The following should work as you expect: