Initial working implementation without improvements

Author: cburkert

.gitignore

@@ -0,0 +1,104 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/

.travis.yml

@@ -0,0 +1,9 @@
+language: python
+python:
+  - "3.6"
+
+install:
+  - pip install -r requirements.txt
+  - pip install pytest
+script:
+  - py.test

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Christian Burkert
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.rst

@@ -0,0 +1,11 @@
+FCS: Fuzzy Commitment Scheme
+============================
+
+.. image:: https://travis-ci.org/cburkert/fuzzy-commitment.svg?branch=master
+    :target: https://travis-ci.org/cburkert/fuzzy-commitment
+
+This implementation follows the scheme presented by `Juels and Wattenberg in 1999 <http://doi.acm.org/10.1145/319709.319714>`
+and includes the improvements of `Kelkboom et al. in 2011 <https://ieeexplore.ieee.org/abstract/document/5634099/>`.
+
+**Warning**: This has not been independently audited and should **not**
+be used for productive or even critical applications.

fcs/fcs.py

@@ -0,0 +1,88 @@
+import hashlib
+import secrets
+from typing import Any, Callable, Generic, Optional, Tuple, TypeVar
+
+from BitVector import BitVector
+import bchlib
+
+
+BCH_POLYNOMIAL = 8219
+
+K = TypeVar('K')
+
+
+class FCS(Generic[K]):
+    """Fuzzy commitment scheme"""
+
+    def __init__(self, n: int, k: int, t: int,
+                 extractor: Optional[Callable[[K], BitVector]] = None) -> None:
+        self.n = n
+        self.k = k
+        self.t = t
+        if extractor is None:
+            extractor = self.byte_extractor
+        self.extractor = extractor
+        self.bch = bchlib.BCH(BCH_POLYNOMIAL, self.t)
+
+    @classmethod
+    def byte_extractor(cls, value: Any) -> BitVector:
+        value_bytes = b""
+        try:
+            value_bytes = bytes(value)
+        except TypeError as e:
+            raise TypeError("Type %s is not directly convertible to bytes. "
+                            "You need to specifiy a custom extractor."
+                            % type(value), e)
+        return BitVector(hexstring=value_bytes.hex())
+
+    def commit_raw(self, message: bytes,
+                   witness: BitVector) -> 'Commitment':
+        ecc = self.bch.encode(message)
+        codeword = message + ecc
+        codeword_bv = BitVector(hexstring=codeword.hex())
+        # TODO check if those bit string should not be rather
+        # of the same length to protect the witness
+        #assert len(codeword_bv) == len(witness) == self.n
+        commitment = Commitment(
+            hashlib.sha256(message).digest(),
+            codeword_bv ^ witness,
+        )
+        return commitment
+
+    def commit_random_codeword_raw(self, witness: BitVector) -> 'Commitment':
+        assert self.k % 8 == 0
+        key = secrets.token_bytes((self.k + 7) // 8)
+        return self.commit_raw(key, witness)
+
+    def commit(self, witness: K,
+               codeword: Optional[BitVector] = None) -> 'Commitment':
+        if codeword:
+            return self.commit_raw(codeword, self.extractor(witness))
+        else:
+            return self.commit_random_codeword_raw(self.extractor(witness))
+
+    def verify_raw(self, commitment: 'Commitment',
+                   candidate: BitVector) -> Tuple[bool, bytes]:
+        codeword_cand = candidate ^ commitment.auxiliar
+        codeword_cand_bytes = bytes.fromhex(
+            codeword_cand.get_bitvector_in_hex())
+        bitflips, msg_cand, _ = self.bch.decode(
+            codeword_cand_bytes[:-self.bch.ecc_bytes],
+            codeword_cand_bytes[-self.bch.ecc_bytes:]
+        )
+        msg_cand = bytes(msg_cand)[-((self.k + 7) // 8):]
+        msg_match = secrets.compare_digest(
+            commitment.pseudonym,
+            hashlib.sha256(msg_cand).digest()
+        )
+        return (msg_match, msg_cand)
+
+    def verify(self, commitment: 'Commitment',
+               candidate: K) -> Tuple[bool, bytes]:
+        return self.verify_raw(commitment, self.extractor(candidate))
+
+
+class Commitment(object):
+    def __init__(self, pseudonym: bytes, auxiliar: BitVector) -> None:
+        self.pseudonym = pseudonym
+        self.auxiliar = auxiliar

fcs/test_fcs.py

@@ -0,0 +1,38 @@
+import unittest
+import secrets
+
+import fcs
+
+
+class TestFCS(unittest.TestCase):
+    def setUp(self):
+        self.threshold = 2
+        self.cs = fcs.FCS(256, 128, self.threshold)
+        self.witness = secrets.token_bytes(32)
+        self.commitment = self.cs.commit(self.witness)
+
+    def random_flip_witness(self, numbits: int) -> bytes:
+        witness_mod = bytearray(self.witness)
+        for i in range(numbits):
+            byte_num = secrets.randbelow(len(self.witness))
+            bit_num = secrets.randbelow(8)
+            witness_mod[byte_num] ^= (1 << bit_num)
+        return bytes(witness_mod)
+
+    def test_unaltered_witness(self):
+        valid, key = self.cs.verify(self.commitment, self.witness)
+        self.assertTrue(valid)
+
+    def test_altered_tolerable(self):
+        witness_mod = self.random_flip_witness(self.threshold)
+        valid, key = self.cs.verify(self.commitment, witness_mod)
+        self.assertTrue(valid)
+
+    def test_altered_intolerable(self):
+        witness_mod = self.random_flip_witness(self.threshold + 1)
+        valid, key = self.cs.verify(self.commitment, witness_mod)
+        self.assertFalse(valid)
+
+
+if __name__ == '__main__':
+    unittest.main()

requirements.txt

@@ -0,0 +1,2 @@
+bchlib >= 0.7
+BitVector >= 3.4