## RSA-FDH-VRF

VRF使用RSA签名，在输入alpha上计算证明P。RSA签名验证用于验证证明的正确性。VRF哈希输出R，只需使用所选哈希算法对证明P进行散列即可得到。

### 符号约定

(n, e) - RSA 公钥 K - RSA 私钥 k - RSA 模 n字节长度 (k < 2^32) I2OSP - 非负整数转成字符串 OS2IP - 字符串转化为非负整数 RSASP1 - RSA 签名算法 RSAVP1 - RSA 验证签名算法 MGF1 - 掩码生成函数

``````def mgf1(mgf_seed, mask_len, hash_type="SHA256"):
'''
Mask Generation Function based on a hash function as defined in Section B.2.1 of [RFC8017]
@Input:
mgs_seed - seed from which mask is generated, an octet string
mask_len - intended length in octets of the mask, at most 2^32 hLen
hash_type - the digest hash function to use, default is SHA1
Outout:
'''
hash_class = hashlib.new(hash_type)
# get hash length given hash function
h_len = hash_class.digest_size

# If maskLen > 2^32 hLen, output "mask too long" and stop.

# Let T be the empty octet string.
T = b''
hash_class.update(mgf_seed.encode(encoding='UTF-8'))

# For counter i from 0 to \ceil (mask_len / h_len) - 1
for i in range(0, integer_ceil(mask_len, h_len)):
# Convert counter to an octet string C of length 4 octets
C = RSA_FDH_VRF.i2osp(i, 4)

# Concatenate the hash of the seed mgfSeed and C to the octet string T
# T = T || Hash(mgfSeed || C)
# temp = (mgf_seed + C.decode(encoding='UTF-8')).encode(encoding='UTF-8')
# temp = b"".join([mgf_seed.encode(encoding='UTF-8'), C])
hash_class.update(C)
# T = T + hash_class.digest()
T = b"".join([T, hash_class.digest()])

## 证明生成过程

1. one_string = 0x01 = I2OSP(1, 1)

2. EM = MGF1(one_string || I2OSP(k, 4) || I2OSP(n, k) || alpha_string, k - 1)

3. m = OS2IP(EM)

4. s = RSASP1(K, m)

5. pi_string = I2OSP(s, k)

6. 返回 pi_string

### 证明验证过程

1. s = OS2IP(pi_string)

2. m = RSAVP1((n, e), s)

3. EM = I2OSP(m, k - 1)

4. one_string = 0x01 = I2OSP(1, 1)

5. EM' = MGF1(one_string || I2OSP(k, 4) || I2OSP(n, k) || alpha_string, k - 1)

6. 如果EM == EM' 则是合法证明，否则返回非法。

## 小结

### 相关阅读：

• 发表于 2020-10-05 21:50
• 阅读 ( 818 )
• 学分 ( 25 )
• 分类：入门/理论

blocksight

76 篇文章, 2186 学分