Blind signature support in pyelliptic #1509
Conversation
PeterSurda
added
enhancement
|
I'll fix the pylint complaints. |
PeterSurda
force-pushed
the
blindsig1
branch
2 times, most recently
from
14e56bf to
1c50db5
Compare
g1itch
left a comment
g1itch
left a comment
There was a problem hiding this comment.
Honestly, I don't understand what exactly is going on here, but your test case may be better.
src/tests/test_blindsig.py
Outdated
| @@ -0,0 +1,27 @@ | |||
| #!/usr/bin/env python | |||
There was a problem hiding this comment.
Shebang is not needed here.
src/tests/test_blindsig.py
Outdated
| import os | ||
| import unittest | ||
|
|
||
| from src.pyelliptic.eccblind import ECCBlind |
There was a problem hiding this comment.
from pybitmessage.pyelliptic.eccblind import ECCBlind
There was a problem hiding this comment.
This breaks the test.
There was a problem hiding this comment.
It depends on how you run it.
There was a problem hiding this comment.
Travis CI should be OK, because I used such imports before: https://github.com/Bitmessage/PyBitmessage/blob/v0.6/src/tests/test_config.py#L8
src/tests/test_blindsig.py
Outdated
| blind_sig.create_signing_request(msg) | ||
| blind_sig.blind_sign() | ||
| blind_sig.unblind() | ||
| assert blind_sig.verify() |
There was a problem hiding this comment.
self.assertTrue(blind_sig.verify())
src/tests/test_blindsig.py
Outdated
| @staticmethod | ||
| def test_blind_sig(): | ||
| """ | ||
| Perform a test of full sequence using a random certifier's key and a |
There was a problem hiding this comment.
If you write docstring in one line it will be shown in the test results. e.g.
def test_blind_sig(self):
"""Test full sequence using a random certifier key and a random msg"""
|
@g1itch I'll make the changes you requested. The low level math I also don't understand, but it looks like it does what the paper says. On a high level, the paper mentions 5 steps (in Section 4), these are roughly mapped to 6 high level methods in the |
|
I also expected to find the blinded message and its signature and check the signature's validity. |
|
@g1itch The message is only blinded internally and such blinded message is only available to the requester, it's not made public. Similarly with the blinded signature, that's calculated by the signer and then transmitted to the requester and unblinded by him. What you see publicly is the message (in the case of PyBitmessage's wire protocol, this will be the object data), the signature (which has two components, Then during the verification, you take the signature, the signer's pubkey and the message, and if verification succeeds, it means the singer signed the message, just like with traditional PKI, except here the signer doesn't know which of the requests he signed correspond to which message.. |
| """ | ||
| Generate an ECC keypair | ||
| """ | ||
| d = ECCBlind.ec_get_random(group, ctx) |
There was a problem hiding this comment.
d = self.ec_get_random(group, ctx) ?
There was a problem hiding this comment.
pylint/flake8 complained.
There was a problem hiding this comment.
because of @staticmethod. well, maybe this really should be a static method
|
I am trying to split signer and requester with no luck ): def test_blind_sig(self):
"""Test full sequence using a random certifier key and a random msg"""
signer_obj = ECCBlind()
signer_obj.signer_init()
signer_obj.create_signing_request('dummy')
requester_obj = ECCBlind()
requester_obj.R = signer_obj.R
requester_obj.keypair = (0, signer_obj.keypair[1])
msg = os.urandom(64)
requester_obj.create_signing_request(msg)
signer_obj.m_ = requester_obj.m_
signer_obj.blind_sign()
requester_obj.s_ = signer_obj.s_
requester_obj.unblind()
signer_obj.m = requester_obj.m
signer_obj.signature = requester_obj.signature
signer_obj.F = signer_obj.signature[1]
self.assertTrue(signer_obj.verify()) |
|
let me try... |
- add blind signature functionality to pyelliptic as described in Bitmessage#1409 - add tests for blind signatures - PEP8 fixes for pyelliptic - some minor refactoring is necessary for further integration, this is just a minimal implementation to pass a test
|
@g1itch here you go. |
| requester_obj = ECCBlind(pubkey=signer_obj.pubkey) | ||
| # only 64 byte messages are planned to be used in Bitmessage | ||
| msg = os.urandom(64) | ||
| msg_blinded = requester_obj.create_signing_request(point_r, msg) |
There was a problem hiding this comment.
Maybe self.assertNotEqual(msg, msg_blinded)?
There was a problem hiding this comment.
Well that will always succeed as msg is a string and msg_blinded is an openssl bignum, but I can convert it before comparison, and I can also compare blinded an unblinded signature (those should both be bignums already).
As I said before, there is still no serialisation for the wire protocol, as that has to be designed first, then there will be minor refactoring here.
There was a problem hiding this comment.
They will obviously differ. That's just a tests logic (as I understand it) to compare just in case and document it. Maybe that's unnecessary.
Serialization will be probably done in the network package, so it's not related to the blind signature implementation itself. The signatures seems to work well. So are you going to merge this now?
There was a problem hiding this comment.
I'll add the tests and then merge.
- primitive serialisation (BN_bn2bin and ctypes) used in intermediary tests
|
@g1itch I added tests to compare signature with blinded signature, and message with blinded message, all in form which serialises data to bytes with OpenSSL.BN_bn2bin and ctypes.cast. I think this format is usable on wire but more tests are needed. |
2 participants
minimal implementation to pass a test