Add Capsule (to be squashed)

nucypher · Mar 17, 2021 · ebd824d · ebd824d
1 parent 8b5bb57
commit ebd824d
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 0 deletions.
diff --git a/umbral/capsule.py b/umbral/capsule.py
@@ -0,0 +1,73 @@
+from typing import Tuple
+
+from .curve_point import CurvePoint
+from .curve_scalar import CurveScalar
+from .dem import kdf
+from .hashing import hash_capsule_points
+from .keys import PublicKey, SecretKey
+from .params import PARAMETERS
+from .serializable import Serializable
+
+
+class Capsule(Serializable):
+
+    def __init__(self, point_e: CurvePoint, point_v: CurvePoint, signature: CurveScalar):
+        self.point_e = point_e
+        self.point_v = point_v
+        self.signature = signature
+
+        if not self._verify():
+            raise self.NotValid("Capsule verification failed.")
+
+    class NotValid(ValueError):
+        """
+        raised if the capsule does not pass verification.
+        """
+
+    @classmethod
+    def from_pubkey(cls, pk: PublicKey) -> Tuple['Capsule', CurvePoint]:
+        g = CurvePoint.generator()
+
+        priv_r = CurveScalar.random_nonzero(secure=True)
+        pub_r = g * priv_r
+
+        priv_u = CurveScalar.random_nonzero(secure=True)
+        pub_u = g * priv_u
+
+        h = hash_capsule_points(pub_r, pub_u)
+        s = priv_u + (priv_r * h)
+
+        shared_key = pk._point_key * (priv_r + priv_u)
+
+        return cls(point_e=pub_r, point_v=pub_u, signature=s), shared_key
+
+    def open_original(self, sk: SecretKey) -> CurvePoint:
+        return (self.point_e + self.point_v) * sk.secret_scalar()
+
+    @classmethod
+    def __take__(cls, data: bytes) -> Tuple['Capsule', bytes]:
+        (e, v, sig), remainder = cls.__take_types__(data, CurvePoint, CurvePoint, CurveScalar)
+        return cls(e, v, sig), remainder
+
+    def __bytes__(self) -> bytes:
+        return bytes(self.point_e) + bytes(self.point_v) + bytes(self.signature)
+
+    def _components(self):
+        return (self.point_e, self.point_v, self.signature)
+
+    def _verify(self) -> bool:
+        g = CurvePoint.generator()
+        e, v, s = self._components()
+        h = hash_capsule_points(e, v)
+        return g * s == v + (e * h)
+
+    def __eq__(self, other):
+        return self._components() == other._components()
+
+    def __hash__(self):
+        # In case this isn't obvious, don't use this as a secure hash.
+        component_bytes = tuple(bytes(component) for component in self._components())
+        return hash(component_bytes)
+
+    def __repr__(self):
+        return f"{self.__class__.__name__}:{hex(int(self.signature))[2:17]}"
diff --git a/umbral/pre.py b/umbral/pre.py
@@ -0,0 +1,29 @@
+from typing import Tuple
+
+from .capsule import Capsule
+from .dem import DEM
+from .keys import PublicKey, SecretKey
+
+
+def encrypt(pk: PublicKey, plaintext: bytes) -> Tuple[Capsule, bytes]:
+    """
+    Performs an encryption using the UmbralDEM object and encapsulates a key
+    for the sender using the public key provided.
+
+    Returns the KEM Capsule and the ciphertext.
+    """
+    capsule, key_seed = Capsule.from_pubkey(pk)
+    dem = DEM(bytes(key_seed))
+    ciphertext = dem.encrypt(plaintext, authenticated_data=bytes(capsule))
+    return capsule, ciphertext
+
+
+def decrypt_original(sk: SecretKey, capsule: Capsule, ciphertext: bytes) -> bytes:
+    """
+    Opens the capsule using the original (Alice's) key used for encryption and gets what's inside.
+    We hope that's a symmetric key, which we use to decrypt the ciphertext
+    and return the resulting cleartext.
+    """
+    key_seed = capsule.open_original(sk)
+    dem = DEM(bytes(key_seed))
+    return dem.decrypt(ciphertext, authenticated_data=bytes(capsule))