在pycrypto中使用RSA的致盲因子

Question

在python中，我试图盲目地解开消息。当我解开消息时，我不会收到原始消息。有谁知道我可能做错了什么。以下是我的代码：

s = 'Hello'
loadedPublic = get_publickey()
loadedPrivate = get_privatekey()

pub = loadedPublic.blind(s,23L)
pub2 = loadedPublic.unblind(pub,23L)
return HttpResponse(pub2)

Answer 1

Blinding是一种带有随机元素的加密。它通常用于Blind Signatures，如下所示：

from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from random import SystemRandom

# Signing authority (SA) key
priv = RSA.generate(3072)
pub = priv.publickey()

## Protocol: Blind signature ##

# must be guaranteed to be chosen uniformly at random
r = SystemRandom().randrange(pub.n >> 10, pub.n)
msg = "my message" * 50 # large message (larger than the modulus)

# hash message so that messages of arbitrary length can be signed
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()

# user computes
msg_blinded = pub.blind(msgDigest, r)

# SA computes
msg_blinded_signature = priv.sign(msg_blinded, 0)

# user computes
msg_signature = pub.unblind(msg_blinded_signature[0], r)

# Someone verifies
hash = SHA256.new()
hash.update(msg)
msgDigest = hash.digest()
print("Message is authentic: " + str(pub.verify(msgDigest, (msg_signature,))))

This是如何实现的，因此您无法直接取消隐藏消息，因为您没有d，因此必须首先签署盲目元素。为了使盲签名安全，您需要在签名模数范围内随机生成致盲因子r。