Skip to content

Commit

Permalink
tkn20: change seed size for MAC key from 128->576 bits in accordance …
Browse files Browse the repository at this point in the history
…with BK paper
  • Loading branch information
tanyav2 committed Jan 25, 2023
1 parent 7cdab52 commit 94ab4db
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions abe/cpabe/tkn20/internal/tkn/bk.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ import (
// https://www.iacr.org/archive/pkc2011/65710074/65710074.pdf that
// apply the Boneh-Katz transform to Attribute based encryption.

// Seed size is chosen based on the proof for BK transform
// (https://eprint.iacr.org/2004/261.pdf - page 12, theorem 2) to maintain the
// statistical hiding property. Their input is 448 bits -> 128 bits,
// whereas we require a seed size of 576 bits to ensure a 2^(-65) statistical difference
// for our output size of 256 bits.
const macKeySeedSize = 72

func blakeEncrypt(key []byte, msg []byte) ([]byte, error) {
xof, err := blake2b.NewXOF(blake2b.OutputLengthUnknown, key)
if err != nil {
Expand Down Expand Up @@ -70,7 +77,7 @@ func DeriveAttributeKeysCCA(rand io.Reader, sp *SecretParams, attrs *Attributes)
}

func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte) ([]byte, error) {
seed := make([]byte, 16)
seed := make([]byte, macKeySeedSize)
_, err := rand.Read(seed)
if err != nil {
return nil, err
Expand Down Expand Up @@ -173,12 +180,12 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
if err != nil {
return nil, err
}
if len(decEnv) < 16 {
if len(decEnv) < macKeySeedSize {
return nil, fmt.Errorf("envelope too short")
}

seed := decEnv[0:16]
ptx := make([]byte, len(decEnv)-16)
seed := decEnv[0:macKeySeedSize]
ptx := make([]byte, len(decEnv)-macKeySeedSize)
compID, macKey, err := expandSeed(seed)
if err != nil {
return nil, err
Expand All @@ -194,7 +201,7 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
idMatch := subtle.ConstantTimeCompare(compID, id)
check := tagMatch & idMatch
if check == 1 {
copy(ptx, decEnv[16:])
copy(ptx, decEnv[macKeySeedSize:])
return ptx, nil
}
return nil, fmt.Errorf("failure of decryption")
Expand Down
Binary file modified abe/cpabe/tkn20/testdata/attributeKey
Binary file not shown.
Binary file modified abe/cpabe/tkn20/testdata/ciphertext
Binary file not shown.

0 comments on commit 94ab4db

Please sign in to comment.