Łukasz Krzywiecki

Department of Fundamentals of Computer Science, Wrocław University of Science and Technology

Mod-Okamoto Demo Implementation

Browser
The proof of concept implementation of Okamoto-like Identification Scheme Resistant to Malicious Subliminal Setting of Ephemeral Secret, as of (doi:10.1145/3055259.3055267). The implementation uses WASM builds of the excellent MCL (https://github.com/herumi/mcl) pairing library.

Protocol Steps

	
Pairing parameter: 

Lib init...
 Generator P of G1 

			   Generator Q1 of G2 

			   Generator Q2 of G2 

			   P:  
 
			   Q1:  

			   Q2:  

	 Prover keys

			   sk1 = a1, 

			   sk2 = a2, 

			   pk = a1Q1 + a2Q2

			   sk1 :  

			   sk2 :  

			   pk :  

	 Ephemerals 

				secret: x1, 

				secret: x1, 

				public: X = x1Q1 + x2Q2

				x1 :  

				x2 :  

				X :  

	 Challenge 

				c

				c :  

     Response 

			   U = H(X,c) 

			   s1 = x1 + a1c 

			   s2 = x2 + a2c 

			   S1 = s1U 

			   S2 = s2U

			   U :  

			   s1 :  

			   S1 :  

			   s2 :  

			   S2 :  

     Pairings: 

			   e1 = e(S1, Q1)

			   e2 = e(S2, Q2)

			   e3 = e1 * e2 

			   e4 = e(U, X + cA) 

			   e3 :  

			   e4 :  

			   Result:

Benchmark

op	msec
Fr::setByCSPRNG	0
pairing	0
millerLoop	0
finalExp	0
precomputedMillerLoop	0
G1::add	0
G1::dbl	0
G1::mul	0
G2::add	0
G2::dbl	0
G2::mul	0
hashAndMapToG1	0
hashAndMapToG2	0
Fr::add	0
Fr::mul	0
Fr::sqr	0
Fr::inv	0
GT::add	0
GT::mul	0
GT::sqr	0
GT::inv	0