from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from random import SystemRandom
# Signing authority (SA) key
priv = RSA.generate(3072)
pub = priv.publickey()
## Protocol: Blind signature ##
# must be guaranteed to be chosen uniformly at random
r = SystemRandom().randrange(pub.n >> 10, pub.n)
msg = "my message" * 50 # large message (larger than the modulus)
# hash message so that messages of arbitrary length can be signed
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
# user computes
msg_blinded = pub.blind(msgDigest, r)
# SA computes
msg_blinded_signature = priv.sign(msg_blinded, 0)
# user computes
msg_signature = pub.unblind(msg_blinded_signature[0], r)
# Someone verifies
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
print("Message is authentic: " + str(pub.verify(msgDigest, (msg_signature,))))
盲加密是一种使用随机元素的加密。它通常用于Blind Signatures,如下所示:
This是它的实现方式,因此您不能直接解开消息的隐藏,因为您没有
d
,因此必须首先对盲元素进行签名。为了使盲签名安全,您需要在签名模的范围内随机生成盲因子r
。在相关问题 更多 >
编程相关推荐