jmg
/
shamirss
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A Pure Python implementation of Shamir's Secret Sharing
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
269 KiB
 
Tree: 7958361dfd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7958361dfd'
${ noResults }
shamirss/shamirss.py

295 lines
8.3 KiB
Raw Blame History 

  1. # Copyright 2023 John-Mark Gurney.

  2. #

  3. # Redistribution and use in source and binary forms, with or without

  4. # modification, are permitted provided that the following conditions

  5. # are met:

  6. # 1. Redistributions of source code must retain the above copyright

  7. #    notice, this list of conditions and the following disclaimer.

  8. # 2. Redistributions in binary form must reproduce the above copyright

  9. #    notice, this list of conditions and the following disclaimer in the

  10. #    documentation and/or other materials provided with the distribution.

  11. #

  12. # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

  13. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  14. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  15. # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  16. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  17. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  18. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  19. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  20. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  21. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  22. # SUCH DAMAGE.

  23. #

  24. 

  25. #

  26. # ls shamirss.py | entr sh -c ' date; python -m coverage run -m unittest shamirss && coverage report -m'

  27. #

  28. 

  29. import functools

  30. import operator

  31. import secrets

  32. import unittest.mock

  33. 

  34. random = secrets.SystemRandom()

  35. 

  36. def _makered(x, y):

  37. 	'''Make reduction table entry.

  38. 

  39. 	given x * 2^8, reduce it assuming polynomial y.

  40. 	'''

  41. 

  42. 	x = x << 8

  43. 

  44. 	for i in range(3, -1, -1):

  45. 		if x & (1 << (i + 8)):

  46. 			x ^= (0x100 + y) << i

  47. 

  48. 	assert x < 256

  49. 

  50. 	return x

  51. 

  52. def evalpoly(polynomial, powers):

  53. 	return sum(( x * y for x, y in zip(polynomial, powers)), 0)

  54. 

  55. def create_shares(data, k, nshares):

  56. 	'''Given data, create nshares, such that given any k shares,

  57. 	data can be recovered.

  58. 

  59. 	data must be bytes, or able to be converted to bytes.

  60. 

  61. 	The return value will be a list of length nshares.  Each element

  62. 	will be a tuple of (<int in range [1, nshares + 1)>, <bytes>).'''

  63. 

  64. 	data = bytes(data)

  65. 

  66. 	powers = (None, ) + tuple(GF2p8(x).powerseries(k - 1) for x in

  67. 	    range(1, nshares + 1))

  68. 

  69. 	coeffs = [ [ x ] + [ random.randint(1, 255) for y in

  70. 	    range(k - 1) ] for idx, x in enumerate(data) ]

  71. 

  72. 	return [ (x, bytes([ int(evalpoly(coeffs[idx],

  73. 	    powers[x])) for idx, val in enumerate(data) ])) for x in

  74. 	    range(1, nshares + 1) ]

  75. 

  76. def recover_data(shares, k):

  77. 	'''Recover the value given shares, where k is needed.

  78. 

  79. 	shares must be as least length of k.'''

  80. 

  81. 	if len(shares) < k:

  82. 		raise ValueError('not enough shares to recover')

  83. 

  84. 	return bytes([ int(sum([ GF2p8(y[idx]) *

  85. 	    functools.reduce(operator.mul, [ pix * ((GF2p8(pix) - x) ** -1) for

  86. 	    pix, piy in shares[:k] if pix != x ], 1) for x, y in shares[:k] ],

  87. 	    0)) for idx in range(len(shares[0][1]))])

  88. 

  89. class GF2p8:

  90. 	_invcache = (None, 1, 195, 130, 162, 126, 65, 90, 81, 54, 63, 172, 227, 104, 45, 42, 235, 155, 27, 53, 220, 30, 86, 165, 178, 116, 52, 18, 213, 100, 21, 221, 182, 75, 142, 251, 206, 233, 217, 161, 110, 219, 15, 44, 43, 14, 145, 241, 89, 215, 58, 244, 26, 19, 9, 80, 169, 99, 50, 245, 201, 204, 173, 10, 91, 6, 230, 247, 71, 191, 190, 68, 103, 123, 183, 33, 175, 83, 147, 255, 55, 8, 174, 77, 196, 209, 22, 164, 214, 48, 7, 64, 139, 157, 187, 140, 239, 129, 168, 57, 29, 212, 122, 72, 13, 226, 202, 176, 199, 222, 40, 218, 151, 210, 242, 132, 25, 179, 185, 135, 167, 228, 102, 73, 149, 153, 5, 163, 238, 97, 3, 194, 115, 243, 184, 119, 224, 248, 156, 92, 95, 186, 34, 250, 240, 46, 254, 78, 152, 124, 211, 112, 148, 125, 234, 17, 138, 93, 188, 236, 216, 39, 4, 127, 87, 23, 229, 120, 98, 56, 171, 170, 11, 62, 82, 76, 107, 203, 24, 117, 192, 253, 32, 74, 134, 118, 141, 94, 158, 237, 70, 69, 180, 252, 131, 2, 84, 208, 223, 108, 205, 60, 106, 177, 61, 200, 36, 232, 197, 85, 113, 150, 101, 28, 88, 49, 160, 38, 111, 41, 20, 31, 109, 198, 136, 249, 105, 12, 121, 166, 66, 246, 207, 37, 154, 16, 159, 189, 128, 96, 144, 47, 114, 133, 51, 59, 231, 67, 137, 225, 143, 35, 193, 181, 146, 79)

  91. 

  92. 	@staticmethod

  93. 	def _primativemul(a, b):

  94. 		masks = [ 0, 0xff ]

  95. 

  96. 		r = 0

  97. 

  98. 		for i in range(0, 8):

  99. 			mask = a & 1

  100. 			r ^= (masks[mask] & b) << i

  101. 			a = a >> 1

  102. 

  103. 		return r

  104. 

  105. 	# polynomial 0x187

  106. 	_reduce = tuple(_makered(x, 0x87) for x in range(0, 16))

  107. 

  108. 	def __init__(self, v):

  109. 		if v >= 256:

  110. 			raise ValueError('%d is not a member of GF(2^8)' % v)

  111. 

  112. 		self._v = v

  113. 

  114. 	# basic operations

  115. 	def __add__(self, o):

  116. 		if isinstance(o, int):

  117. 			return self + self.__class__(o)

  118. 

  119. 		return self.__class__(self._v ^ o._v)

  120. 

  121. 	def __radd__(self, o):

  122. 		return self.__add__(o)

  123. 

  124. 	def __sub__(self, o):

  125. 		return self.__add__(o)

  126. 

  127. 	def __rsub__(self, o):

  128. 		return self.__sub__(o)

  129. 

  130. 	def __mul__(self, o):

  131. 

  132. 		if isinstance(o, int):

  133. 			o = self.__class__(o)

  134. 

  135. 		m = o._v

  136. 

  137. 		# multiply

  138. 		r = self._primativemul(self._v, m)

  139. 

  140. 		# reduce

  141. 		r ^= self._reduce[r >> 12] << 4

  142. 		r ^= self._reduce[(r >> 8) & 0xf ]

  143. 

  144. 		r &= 0xff

  145. 

  146. 		return self.__class__(r)

  147. 

  148. 	def __rmul__(self, o):

  149. 		return self.__mul__(o)

  150. 

  151. 	def __pow__(self, x):

  152. 		if x == -1 and self._invcache:

  153. 			return GF2p8(self._invcache[self._v])

  154. 

  155. 		if x < 0:

  156. 			x += 255

  157. 

  158. 		v = self.__class__(1)

  159. 

  160. 		# TODO - make faster via caching and squaring

  161. 		for i in range(x):

  162. 			v *= self

  163. 

  164. 		return v

  165. 

  166. 	def powerseries(self, cnt):

  167. 		'''Generate [ self ** 0, self ** 1, ..., self ** cnt ].'''

  168. 

  169. 		r = [ 1 ]

  170. 

  171. 		for i in range(1, cnt):

  172. 			r.append(r[-1] * self)

  173. 

  174. 		return r

  175. 

  176. 	def __eq__(self, o):

  177. 		if isinstance(o, int):

  178. 			return self._v == o

  179. 

  180. 		return self._v == o._v

  181. 

  182. 	def __int__(self):

  183. 		return self._v

  184. 

  185. 	def __repr__(self):

  186. 		return '%s(%d)' % (self.__class__.__name__, self._v)

  187. 

  188. class TestShamirSS(unittest.TestCase):

  189. 	def test_evalpoly(self):

  190. 		a = GF2p8(random.randint(0, 255))

  191. 

  192. 		powers = a.powerseries(5)

  193. 

  194. 		vals = [ GF2p8(random.randint(0, 255)) for x in range(5) ]

  195. 

  196. 		r = evalpoly(vals, powers)

  197. 		self.assertEqual(r, vals[0] + vals[1] * powers[1] + vals[2] *

  198. 		    powers[2] + vals[3] * powers[3] + vals[4] * powers[4])

  199. 

  200. 		r = evalpoly(vals[:3], powers)

  201. 		self.assertEqual(r, vals[0] + vals[1] * powers[1] + vals[2] *

  202. 		    powers[2])

  203. 

  204. 	def test_create_shares(self):

  205. 		self.assertRaises(TypeError, create_shares, '', 1, 1)

  206. 

  207. 		val = bytes([ random.randint(0, 255) for x in range(100) ])

  208. 

  209. 		a = create_shares(val, 2, 3)

  210. 

  211. 		# that it has the number of shares

  212. 		self.assertEqual(len(a), 3)

  213. 

  214. 		# that the length of the share data matches passed in data

  215. 		self.assertEqual(len(a[0][1]), len(val))

  216. 

  217. 		# that one share isn't enough

  218. 		self.assertRaises(ValueError, recover_data, [ a[0] ], 2)

  219. 

  220. 		self.assertEqual(val, recover_data(a[:2], 2))

  221. 

  222. 	def test_gf2p8_inv(self):

  223. 

  224. 		a = GF2p8(random.randint(0, 255))

  225. 

  226. 		with unittest.mock.patch.object(GF2p8, '_invcache', []) as pinvc:

  227. 			ainv = a ** -1

  228. 

  229. 			self.assertEqual(a * ainv, 1)

  230. 

  231. 			invcache = (None, ) + \

  232. 			    tuple(int(GF2p8(x) ** -1) for x in range(1, 256))

  233. 

  234. 		if GF2p8._invcache != invcache: # pragma: no cover

  235. 			print('inv cache:', repr(invcache))

  236. 			self.assertEqual(GF2p8._invcache, invcache)

  237. 

  238. 	def test_gf2p8_power(self):

  239. 		a = GF2p8(random.randint(0, 255))

  240. 

  241. 		v = GF2p8(1)

  242. 		for i in range(10):

  243. 			self.assertEqual(a ** i, v)

  244. 

  245. 			v = v * a

  246. 

  247. 		for i in range(10):

  248. 			a = GF2p8(random.randint(0, 255))

  249. 

  250. 			powers = a.powerseries(10)

  251. 			for j in range(10):

  252. 				self.assertEqual(powers[j], a ** j)

  253. 

  254. 	def test_gf2p8_errors(self):

  255. 		self.assertRaises(ValueError, GF2p8, 1000)

  256. 

  257. 	def test_gf2p8(self):

  258. 		self.assertEqual(int(GF2p8(5)), 5)

  259. 		self.assertEqual(repr(GF2p8(5)), 'GF2p8(5)')

  260. 

  261. 		for i in range(10):

  262. 			a = GF2p8(random.randint(0, 255))

  263. 			b = GF2p8(random.randint(0, 255))

  264. 			c = GF2p8(random.randint(0, 255))

  265. 

  266. 			self.assertEqual(a * 0, 0)

  267. 

  268. 			# Identity

  269. 			self.assertEqual(a + 0, a)

  270. 			self.assertEqual(a * 1, a)

  271. 			self.assertEqual(0 + a, a)

  272. 			self.assertEqual(1 * a, a)

  273. 			self.assertEqual(0 - a, a)

  274. 

  275. 			# Associativity

  276. 			self.assertEqual((a + b) + c, a + (b + c))

  277. 			self.assertEqual((a * b) * c, a * (b * c))

  278. 

  279. 			# Communitative

  280. 			self.assertEqual(a + b, b + a)

  281. 			self.assertEqual(a * b, b * a)

  282. 

  283. 			# Distributive

  284. 			self.assertEqual(a * (b + c), a * b + a * c)

  285. 			self.assertEqual((b + c) * a, b * a + c * a)

  286. 

  287. 			# Basic mul

  288. 			self.assertEqual(GF2p8(0x80) * 2, 0x87)

  289. 			self.assertEqual(GF2p8(0x80) * 6,

  290. 			    (0x80 * 6) ^ (0x187 << 1))

  291. 			self.assertEqual(GF2p8(0x80) * 8,

  292. 			    (0x80 * 8) ^ (0x187 << 2) ^ (0x187 << 1) ^ 0x187)

  293. 

  294. 			self.assertEqual(a + b - b, a)