[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r31805 - in gnunet-java: . bin doc src/main/java/org/gnunet
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r31805 - in gnunet-java: . bin doc src/main/java/org/gnunet/voting/simulation src/test/java/org/gnunet/util |
|
Date: |
Tue, 7 Jan 2014 01:16:35 +0100 |
Author: dold
Date: 2014-01-07 01:16:34 +0100 (Tue, 07 Jan 2014)
New Revision: 31805
Added:
gnunet-java/bin/gnunet-ballot-group-certify
gnunet-java/bin/gnunet-elgamal
Modified:
gnunet-java/ISSUES
gnunet-java/doc/voting.bib
gnunet-java/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
gnunet-java/src/test/java/org/gnunet/util/EcdheTest.java
gnunet-java/src/test/java/org/gnunet/util/StringsTest.java
Log:
- issues
- elgamal parameter generation
- shell wrapper for group certs
Modified: gnunet-java/ISSUES
===================================================================
--- gnunet-java/ISSUES 2014-01-07 00:14:11 UTC (rev 31804)
+++ gnunet-java/ISSUES 2014-01-07 00:16:34 UTC (rev 31805)
@@ -1,57 +1,81 @@
-crypto:
- * after werner's fix, the results from libgcrypt / ecdhe-keygen.c do check
out with ed25519.py
- * what about Montgomery Addition ... should I finish implementing it in java?
- * implementation would be based on the python code in the NaCl paper
- * private key is big endian, public key is little endian ...
- * ECDHE and EdDSA now work
- * I still have some problems with ECDSA in java, needs more debugging ...
+* even though my talk was quite horrible, I got to know
+ some TOR people, who need distributed _nonce_ generation (which requires
byz-consensus ...)
+* in the current protocol, a rushing adversary may still _influence_ (but not
determine)
+ the public key, will that be a problem?
+ * the same "attack" as on tor's nonce generation scheme
-consensus / deadlines:
- * I'm not sure anymore if the deadline should be relative or absolute time.
- What do you think?
- * absolute time makes it clear that doing consensus must be somewhat
- in sync (modulo clock skew)
- * relative time makes computation of subrounds that do consensus easier
+* secretsharing DKG and cooperative decryption implemented and working
+ * ... but not robust yet (signatures!)
+ * ... and without the ZKP that requires the gauss lattice reduction
-paillier in scalarproduct: I think it's wrong
- * can libgcrypt's random return a negative value
- * should we check for a 0-value that has p>2^{-1024}? I'd say no ...
- * scalarproduct uses "libgcrypt key container", does this make
- sense to use for the implementation in /util?
+* how is work on multicast going, and is there any chance that
+ gradecast could fit into there?
-mesh: it's not specified whether the tunnel end callback
-will be called sync or async on tunnel destroy
+* Distributed Key Generation and Its Applications, Aniket Pundlik Kate, 2010
+ * a PhD thesis that discusses the first DKG protocol useable for "the
internet",
+ but does never mention / cite Fouque and Stern
-set: destruction of operations / operations as tunnel context is really nasty
...
-but I don't really know how to improve the current implementation
+* neither the documentation nor the C tutorial mention when to use
GNUNET_PACKED,
+ and its relation to GNUNET_NETWORK_STRUCT_*
-BSc thesis:
- * in how much depth should Paillier be covered?
-secretsharing:
- * secretsharing: key generation is almost implemented
- * modulo defining constants, testing, crypto bugs, NIZKPs and stuff I forgot
+* signing: what's wrong with this:
+ d->purpose.size = htons (sizeof *d - offsetof (struct
GNUNET_SECRETSHARING_KeygenCommitData, purpose));
+ d->purpose.purpose = htons (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
+ GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, &d->purpose, &d->signature);
- * what key size do we want
- * should key size be variable in the util/ implementation?
+This crashes with
+==25405== Invalid read of size 8
+==25405== at 0x532E815: ??? (sha512-avx-amd64.S:324)
+[...]
+==25405== Address 0x68bf9f8 is 0 bytes after a block of size 696 alloc'd
+==25405== at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+==25405== by 0x4E4916D: GNUNET_xmalloc_unchecked_ (common_allocation.c:144)
+==25405== by 0x4E491A8: GNUNET_xmalloc_ (common_allocation.c:71)
+==25405== by 0x4041E3: handle_client_keygen
(gnunet-service-secretsharing.c:1018)
+==25405== by 0x4E76F3F: GNUNET_SERVER_inject (server.c:985)
+==25405== by 0x4E78A48: client_message_tokenizer_callback (server.c:1205)
+==25405== by 0x4E798C2: GNUNET_SERVER_mst_receive (server_mst.c:262)
+==25405== by 0x4E791C3: process_incoming (server.c:1136)
+==25405== by 0x4E502BF: receive_ready (connection.c:1062)
+==25405== by 0x4E75661: GNUNET_SCHEDULER_run (scheduler.c:595)
+==25405== by 0x4E7F0E9: GNUNET_SERVICE_run (service.c:1490)
+==25405== by 0x401668: main (gnunet-service-secretsharing.c:1400)
- * libgcrypt does not have polynomial evaluation?
- * what's the best way to define bignum constants? hex notation #define? bytes
- in static const array?
+* yay, lagrange interpolation in C with libgcrypt:
+ * uses negative numbers, there may be some problems with that ...
----
+* dependencies: secretsharing_common.c / is it ok to
+ include gnunet_secretsharing_service.h in the service itself?
+ * well according to other services it is ...
- * DKG now two simple consensus rounds
- * pre-secret commitment and ephemeral key exchange
- * constant-size element
- * encrypted pre-secret publishing
- * variable-size element, may be a problem with large groups
- * cooperative decryption is one consensus round
- * Paillier and ElGamal interaction: Paillier key size must be large enough so
that
- shares can be encrypted
- * decryption: consensus timeout vs client timeout:
- * not all clients might have the same timeout
- * but consensus timeout should match
+* there now is GNUNET_new_array
+* crashing services after tests are not reported
+
+* consensus now properly requires an absolute time deadline
+
+* gnunet-java has gnunet-elgamal, which I used to generate keys
+
address@hidden:~/repos/gnunet-java$ ./bin/gnunet-elgamal -C 32 -b 1024
+Generating parameters with bitlength 1024 and certainty 32
+p:
0x08a347d3d69e8b2dd7d1b12a08dfbccbebf4ca6f4269a0814e158a34312964d946b3ef228823172bcf30fc08f772774cb404f9bc002a6f66b09a79d810d67c4f8cb3bedc6060e3c8ef874b1b64df716c7d2b002da880e269438d5a776e6b5f253c8df56a16b1c7ce58def07c03db48238aadfc52a354a27ed285b0c1675cad3f3
+q:
0x0451a3e9eb4f4596ebe8d895046fde65f5fa6537a134d040a70ac51a1894b26ca359f79144118b95e7987e047bb93ba65a027cde001537b3584d3cec086b3e27c659df6e303071e477c3a58db26fb8b63e958016d4407134a1c6ad3bb735af929e46fab50b58e3e72c6f783e01eda411c556fe2951aa513f6942d860b3ae569f9
+g:
0x05c00c36d2e822950087ef09d8252994adc4e48fe3ec70269f035b46063aff0c99b633fd64df4302442e1914c829a41505a275438871f365e91c123d5303ef9e90f4b8cb89bf86cc9b513e74a726349cfd9f953674fab5d511e1c078fc72d72b34086fc82b4b951989eb85325cb203ff98df76bc366bba1d7024c3650f60d0da
+
+q, p=2q+1 are primes with failure prob. < 2^{-32}, g is just a generator
+
+* where's the best place to store the constants when both the service api and
+ service implementation need to access it?
+
+
+
+On the topic of randomness, aren't e.g. identities generated "in process",
i.e. with quick random
+enabled?
+
+/* we only generate ephemeral keys in-process; for those,
+ we are fine with "just" using GCRY_STRONG_RANDOM */
+if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
+
Added: gnunet-java/bin/gnunet-ballot-group-certify
===================================================================
--- gnunet-java/bin/gnunet-ballot-group-certify (rev 0)
+++ gnunet-java/bin/gnunet-ballot-group-certify 2014-01-07 00:16:34 UTC (rev
31805)
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ "%GNJ_INSTALLED" = "true" ];
+then
+ export CLASSPATH="%INSTALL_PATH/share/java/*"
+else
+ DIR=`dirname $0`
+ # if we are in the development environment use class files directly
instead of jar
+ export
CLASSPATH="$DIR/../build-gradle/classes/main/:$DIR/../build-gradle/resources/main/:$DIR/../lib/*"
+fi
+
+java -ea org.gnunet.voting.CertifyGroupTool "$@"
Property changes on: gnunet-java/bin/gnunet-ballot-group-certify
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: gnunet-java/bin/gnunet-elgamal
===================================================================
--- gnunet-java/bin/gnunet-elgamal (rev 0)
+++ gnunet-java/bin/gnunet-elgamal 2014-01-07 00:16:34 UTC (rev 31805)
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ "%GNJ_INSTALLED" = "true" ];
+then
+ export CLASSPATH="%INSTALL_PATH/share/java/*"
+else
+ DIR=`dirname $0`
+ # if we are in the development environment use class files directly
instead of jar
+ export
CLASSPATH="$DIR/../build-gradle/classes/main/:$DIR/../build-gradle/resources/main/:$DIR/../lib/*"
+fi
+
+java -ea org.gnunet.voting.simulation.VotingParameters "$@"
Property changes on: gnunet-java/bin/gnunet-elgamal
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Modified: gnunet-java/doc/voting.bib
===================================================================
--- gnunet-java/doc/voting.bib 2014-01-07 00:14:11 UTC (rev 31804)
+++ gnunet-java/doc/voting.bib 2014-01-07 00:16:34 UTC (rev 31805)
@@ -46,7 +46,18 @@
address = {London, UK, UK},
}
address@hidden,
+ title={How to share a secret},
+ author={Shamir, Adi},
+ journal={Communications of the ACM},
+ volume={22},
+ number={11},
+ pages={612--613},
+ year={1979},
+ publisher={ACM}
+}
+
@incollection {ddh,
author = {Boneh, Dan},
affiliation = {Stanford University Computer Science Department 94305-9045
Stanford CA 94305-9045 Stanford CA},
Modified:
gnunet-java/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
===================================================================
---
gnunet-java/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
2014-01-07 00:14:11 UTC (rev 31804)
+++
gnunet-java/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
2014-01-07 00:16:34 UTC (rev 31805)
@@ -1,5 +1,9 @@
package org.gnunet.voting.simulation;
+import org.gnunet.util.Program;
+import org.gnunet.util.getopt.Argument;
+import org.gnunet.util.getopt.ArgumentAction;
+
import java.math.BigInteger;
import java.security.SecureRandom;
@@ -34,9 +38,12 @@
* returning the ElGamalScheme object.
* <p/>
* Note: can take a while...
+ *
+ * @param p_bitlen bit length of p, the modulus of our group
+ * @param certainty
*/
- public static VotingParameters generateRandomParameters(int size, int
certainty, int authorityCount, int authorityThreshold) {
- BigInteger[] safePrimes = generateSafePrimes(size, certainty);
+ public static VotingParameters generateRandomParameters(int p_bitlen, int
certainty, int authorityCount, int authorityThreshold) {
+ BigInteger[] safePrimes = generateSafePrimes(p_bitlen, certainty);
BigInteger p = safePrimes[0];
BigInteger q = safePrimes[1];
BigInteger alpha = selectGenerator(p, q);
@@ -51,28 +58,27 @@
}
/**
- * Finds a pair of prime BigInteger's {p, q: p = 2q + 1}, called safe
primes.
+ * Finds a pair of prime BigIntegers {p, q : p = 2q + 1}, where p is
+ * called a safe prime and q a sophie germain prime.
* <p/>
* (see: Handbook of Applied Cryptography 4.86)
*
- * @return A 2-element array {p,q} of safe primes.
+ * @param pBitlength bitlength of the safe prime
+ * @param certainty certainty that we will really generate a pair of
primes,
+ * the probability that we fail is smaller than
2^(-certainty)
+ * @return a 2-element array {p,q} of primes, where p is a safe prime
*/
- private static BigInteger[] generateSafePrimes(int size, int certainty) {
+ private static BigInteger[] generateSafePrimes(int pBitlength, int
certainty) {
BigInteger p, q;
- int qLength = size - 1;
+ int qBitlength = pBitlength - 1;
- while (true) {
- q = new BigInteger(qLength, 2, CryptoUtil.random);
-
+ do {
+ // generate a probably prime BigInteger
+ q = new BigInteger(qBitlength, certainty, CryptoUtil.random);
// p <- 2q + 1
p = q.shiftLeft(1).add(BigInteger.ONE);
+ } while (!p.isProbablePrime(certainty));
- // XXX(dold): why do we test q for primality again?
- if (p.isProbablePrime(certainty) && (certainty <= 2 ||
q.isProbablePrime(certainty))) {
- break;
- }
- }
-
return new BigInteger[]{p, q};
}
@@ -93,7 +99,8 @@
}
/**
- * Returns a higher-order-element of Gq, the subgroup of Zp*, with order q
where alpha is a generator of Zp*
+ * Returns a higher-order-element of Gq, the subgroup of Zp*,
+ * with order q where alpha is a generator of Zp*
*
* (see Handbook of Applied Cryptography 4.81)
*/
@@ -139,6 +146,13 @@
return r;
}
+ /**
+ * Find a generator of Z_p^*, where ord(Z_p^*) = 2q.
+ *
+ * @param p modulus of our group
+ * @param q prime factor of the order of the group Z_p^*, the other factor
being 2.
+ * @return generator of Z_q^*
+ */
public static BigInteger selectGenerator(BigInteger p, BigInteger q) {
BigInteger pMinusTwo = p.subtract(BigInteger.valueOf(2));
BigInteger g;
@@ -161,5 +175,31 @@
return new Cyphertext(g.modPow(secret, p),
message.multiply(publicKey.modPow(secret, p).mod(p)));
}
+ public static void main(String... args) {
+ new Program(args) {
+ @Argument(
+ shortname = "b",
+ longname = "bits",
+ action = ArgumentAction.STORE_NUMBER,
+ description = "bit length of q")
+ int bitlength = 512;
+ @Argument(
+ shortname = "C",
+ longname = "certainty",
+ action = ArgumentAction.STORE_NUMBER,
+ description = "certainty")
+ int certainty = 2;
+ @Override
+ protected void run() {
+ System.out.println(String.format("Generating parameters with
bitlength %s and certainty %s",
+ bitlength, certainty));
+ // authority count / threshold don't matter here, just fill in
a valid value ...
+ VotingParameters vp =
VotingParameters.generateRandomParameters(bitlength, certainty, 3, 2);
+ System.out.println("p: 0x0" + vp.getP().toString(16));
+ System.out.println("q: 0x0" + vp.getQ().toString(16));
+ System.out.println("g: 0x0" + vp.getG().toString(16));
+ }
+ }.startWithoutScheduler();
+ }
}
Modified: gnunet-java/src/test/java/org/gnunet/util/EcdheTest.java
===================================================================
--- gnunet-java/src/test/java/org/gnunet/util/EcdheTest.java 2014-01-07
00:14:11 UTC (rev 31804)
+++ gnunet-java/src/test/java/org/gnunet/util/EcdheTest.java 2014-01-07
00:16:34 UTC (rev 31805)
@@ -22,6 +22,7 @@
import org.gnunet.util.crypto.EcdhePrivateKey;
import org.gnunet.util.crypto.EcdhePublicKey;
+import org.gnunet.util.crypto.Ed25519;
import org.junit.Assert;
import org.junit.Test;
@@ -51,6 +52,12 @@
EcdhePublicKey pubKey1 = privKey1.getPublicKey();
EcdhePublicKey pubKey2 = privKey2.getPublicKey();
+ System.out.println("private key: " + Strings.dataToString(privKey1.d));
+ System.out.println("private key coeff:" +
Ed25519.decodeScalar(privKey1.d));
+ System.out.println("public key: " + pubKey1);
+ System.out.println("pubk as point: " + Ed25519.decode(pubKey1.y));
+
+
HashCode h1 = privKey1.ecdh(pubKey2);
HashCode h2 = privKey2.ecdh(pubKey1);
Modified: gnunet-java/src/test/java/org/gnunet/util/StringsTest.java
===================================================================
--- gnunet-java/src/test/java/org/gnunet/util/StringsTest.java 2014-01-07
00:14:11 UTC (rev 31804)
+++ gnunet-java/src/test/java/org/gnunet/util/StringsTest.java 2014-01-07
00:16:34 UTC (rev 31805)
@@ -11,7 +11,7 @@
public class StringsTest {
@Test
public void test_inverse() {
- byte[] data = "asdfgASDD$!123".getBytes();
+ byte[] data = "GNUnet".getBytes();
String str = Strings.dataToString(data);
byte[] data2 = Strings.stringToData(str, data.length);
Assert.assertArrayEquals(data, data2);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r31805 - in gnunet-java: . bin doc src/main/java/org/gnunet/voting/simulation src/test/java/org/gnunet/util,
gnunet <=