DO NOT FORK THE REPOSITORY, AS IT WILL MAKE YOUR SOLUTION PUBLIC. INSTEAD, CLONE IT AND ADD A NEW REMOTE TO A PRIVATE REPOSITORY, OR SUBMIT A GIST
Use cargo run --release
to see it in action
|___ /| | / / | | | | | |
/ / | |/ / | |_| | __ _ ___| | __
/ / | \ | _ |/ _` |/ __| |/ /
./ /___| |\ \ | | | | (_| | (__| <
\_____/\_| \_/ \_| |_/\__,_|\___|_|\_\
Bob designed a new one time scheme, that's based on the tried and true method of encrypt + sign. He combined ElGamal encryption with BLS signatures in a clever way, such that you use pairings to verify the encrypted message was not tampered with. Alice, then, figured out a way to reveal the plaintexts...
https://hackmd.io/@liquan/H1srq-D5T
Alice:
- secret key:
$x$ - public key:
$H = x\cdot G$
Bob:
-
$M = F(m)$ , the$m$ is the message, and the$M$ is the element in$G$ ,$F$ is an invertible function - ephemeral key:
$y$ - shared secret:
$S = H \cdot y = x \cdot y \cdot G$ $C_1 = y \cdot G$ $C_2 =S + M$ - public
$C_1, C_2$
Alice:
$S = C_1 \cdot x = x \cdot y \cdot G$ $M = C_2 - S$ $m = F^{-1}(M)$
The Struct and method:
- Sender(Bob):
$y$ and$C_1 = y \cdot G_1$ - Receiver(Alice):
$H$ - Message:
$M$ - ElGamal:
$(C_1, C_2)$ in$G_1$ ,$Hash((C_1, C_2))$ in$G_2$ group - Sender's
send()
: new$C_1$ ,$C_2 = H \cdot y + M = S + M$ - Sender's
authenticate()
:$y \cdot H((C_1, C_2))$ - Auditor's
check_auth()
:$e(G_1, y\cdot Hash((C_1, C_2))) = e(C_1, Hash((C_1, C_2)))$
Now, we have blob, which is