Closed udhos closed 3 years ago
Hello, sorry for the delay on picking this up. I am working on it now.
The first thing I notice is that the Embed and Data methods are very unlikely to be what you are looking for. They are for embedding and recovering plaintext data into a point, before using that point in more complex crypto protocols (i.e. in evoting, encode votes into a point, then shuffle and reencrypt them later to preserve voter privacy).
In go.dedis.ch/kyber/v3/encrypt/ecies/ecies_test.go line 14, we pick a new private key. In line 15, we calculate the matching public key. In line 16, we do an ECIES encryption of message to the public key. Your encryptKyber
must more closely follow that example, or it won't work.
Hi, thanks for the comments!
I did check ecies_test.go and noticed it creates its own key pair. I could not figure out how to inject existing keys into kyber.
Am I understading it correctly that currently kyber can only work with its own generated keys, but not to load existing keys?
Can kyber export its generated keys in a format that I could import from other ECIES implementations?
Thanks a lot, Everton
The MarshalBinary
and UnmarshalBinary
should follow the encoding of https://tools.ietf.org/html/rfc8032 - so depending on what you have on your side, you can directly use that.
Here is a diff to main_test.go showing how to use UnmarshalBinary.
diff --git a/main_test.go b/main_test.go
index 21218db..93b143e 100644
--- a/main_test.go
+++ b/main_test.go
@@ -20,9 +20,6 @@ import (
"github.com/udhos/ecies-go-test/secp256k1"
- "go.dedis.ch/kyber/v3/group/nist"
- "go.dedis.ch/kyber/v3/util/random"
-
btcec "github.com/btcsuite/btcd/btcec"
ecies_go "github.com/ecies/go"
ethereum "github.com/ethereum/go-ethereum/crypto/ecies"
@@ -31,6 +28,7 @@ import (
obscuren "github.com/obscuren/ecies"
havir "github.com/udhos/go-ecies/ecies" // "github.com/danielhavir/go-ecies" with modules support
kyber "go.dedis.ch/kyber/v3/encrypt/ecies"
+ "go.dedis.ch/kyber/v3/group/nist"
)
type testKey struct {
@@ -148,7 +146,7 @@ var testTableCode = []testCode{
{"sghcrypto", map[string]struct{}{"secp256k1": struct{}{}}, encryptSghcrypto, decryptSghcrypto},
{"ecies_go", map[string]struct{}{"secp256k1": struct{}{}}, encryptEciesgo, decryptEciesgo},
{"btcec", map[string]struct{}{"secp256k1": struct{}{}}, encryptBtcec, decryptBtcec},
- {"kyber", map[string]struct{}{"secp256k1": struct{}{}, "secp256r1": struct{}{}}, encryptKyber, decryptKyber},
+ {"kyber", map[string]struct{}{"secp256r1": struct{}{}}, encryptKyber, decryptKyber},
{"eciespy", map[string]struct{}{"secp256k1": struct{}{}}, encryptEciespy, decryptEciespy},
{"eciespy_api", map[string]struct{}{"secp256k1": struct{}{}}, encryptEciespyApi, decryptEciespyApi},
}
@@ -356,7 +354,11 @@ func decryptBtcec(privKey *ecdsa.PrivateKey, data []byte) ([]byte, error) {
func encryptKyber(pubKey *ecdsa.PublicKey, data []byte) ([]byte, error) {
suite := nist.NewBlakeSHA256P256()
- public := suite.Point().Embed(pubKeyBytes(pubKey), random.New())
+ public := suite.Point()
+ err := public.UnmarshalBinary(pubKeyBytes(pubKey))
+ if err != nil {
+ return nil, err
+ }
return kyber.Encrypt(suite, public, data, suite.Hash)
}
With that change, kyber is able to operate with itself, but not with other implementations. And key3 in particular gives a problem, because kyber cannot even unmarshal it because Go's elliptic.Unmarshal function returns nil, nil
, as a result of suite.IsOnCurve(x,y) failing.
So... more work to do to understand this. Where did that key3 in your test come from, is it supposed to be a valid key, or not?
@ineiti RFC8032 is about ed25519 and friends, so is unrelated to this issue, which is about secp256k1 and secp256r1. But yes, the UnmarshalBinary for Kyber NIST groups is supposed to be compatible with the format that @udhos 's pubKeyBytes() is providing (0x04 followed by X and Y).
OK, the problem with key3 is that it is for secp256k1, and Kyber does not support Koblitz, only random curves. So with the appropriate change in testTableCode
(see diff above) kyber is able to enc/dec to itself for all test cases.
I'm not sure why it cannot interoperate with other implementations, we are open to further bug reports based on your investigations.
For the moment, I'm going to close this issue because it is possible to use Kyber with your test harness now.
One more thing I might not have made clear: The work you are doing to compare the secp256r1 implementations is excellent and valuable, and we encourage you to keep in touch. I only closed this issue because the immediate issue stopping you from comparing Kyber to other implementations was resolved.
Hi,
I am doing simplistic testing among some ECIES implementations in Go.
Full test code here: https://github.com/udhos/ecies-go-test/blob/master/main_test.go
Keys are loaded as Go's ECDSA keys. So far I tried the broken code below to interoperate with kyber ECIES.
However as one would expect it didn't work:
Anyone, please shed some light on how to use kyber ECIES with existing keys (for curves secp256r1,secp256k1).
Thanks, Everton