.github/workflows/ci-actions.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        GOVER: ['1.20', '1.19']
+        GOVER: ['1.21.1', '1.20.8']
     steps:
       - name: Setup Go-${{ matrix.GOVER }}
         uses: actions/setup-go@v3
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        CFG: [[arm64, arm64v8, '1.20']]
+        CFG: [[arm64, arm64v8, '1.21.1']]
     steps:
       - uses: actions/checkout@v3
       - name: Enabling Docker Experimental
@@ -72,7 +72,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.20'
+          go-version: '1.21.1'
       - name: Build as Static
         run: make circl_static
       - name: Build as Plugin
@@ -88,7 +88,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.20'
+          go-version: '1.21.1'
       - name: Produce Coverage
         run: go test -coverprofile=./coverage.txt ./...
       - name: Upload Codecov
@@ -108,7 +108,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.20'
+          go-version: '1.21.1'
       - name: Building
         run: go build -v ./...
       - name: Testing

README.md

@@ -74,6 +74,7 @@ go get -u github.com/cloudflare/circl
 #### XOF: eXtendable Output Functions
  - [FIPS 202](https://doi.org/10.6028/NIST.FIPS.202): SHAKE128 and SHAKE256
  - [BLAKE2X](https://www.blake2.net/blake2x.pdf): BLAKE2XB and BLAKE2XS
+ - [KangarooTwelve](https://keccak.team/kangarootwelve.html): KangarooTwelve
 
 #### Zero-knowledge Proofs
  - [Schnorr](./zk/dl): Prove knowledge of the Discrete Logarithm.

abe/cpabe/tkn20/bench_test.go

@@ -0,0 +1,265 @@
+package tkn20
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"fmt"
+	"strconv"
+	"strings"
+	"testing"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+type abeTestCase struct {
+	desc   string
+	attrs  Attributes
+	policy Policy
+	msk    SystemSecretKey
+	pk     PublicKey
+}
+
+var testCases []abeTestCase
+
+var (
+	msg     = []byte("drink your ovaltine now")
+	longMsg = []byte(strings.Repeat("a", 10000))
+)
+
+func generateAttrs() Attributes {
+	benchableAttrs := make(map[string]string, 50)
+	for i := 0; i < 50; i++ {
+		benchableAttrs["k"+strconv.Itoa(i)] = "v" + strconv.Itoa(i)
+	}
+	attrs := Attributes{}
+	attrs.FromMap(benchableAttrs)
+	return attrs
+}
+
+func generatePolicy() string {
+	var policyBuilder strings.Builder
+	for i := 0; i < 50; i++ {
+		policyBuilder.WriteString("k")
+		policyBuilder.WriteString(strconv.Itoa(i))
+		policyBuilder.WriteString(":v")
+		policyBuilder.WriteString(strconv.Itoa(i))
+		if i != 49 {
+			if i%2 == 0 {
+				policyBuilder.WriteString(" and ")
+			} else {
+				policyBuilder.WriteString(" or ")
+			}
+		}
+	}
+	return policyBuilder.String()
+}
+
+func init() {
+	smallPolicy := Policy{}
+	_ = smallPolicy.FromString("(k1:v1 or k1:v2) and not k2:v3")
+	smallAttrs := Attributes{}
+	smallAttrs.FromMap(map[string]string{"k1": "v2", "k2": "v4"})
+	longPolicy := Policy{}
+	_ = longPolicy.FromString(generatePolicy())
+	testCases = []abeTestCase{
+		{
+			desc:   "smallPolicy/Attrs",
+			attrs:  smallAttrs,
+			policy: smallPolicy,
+		},
+		{
+			desc:   "longPolicy/Attrs",
+			attrs:  generateAttrs(),
+			policy: longPolicy,
+		},
+	}
+	var err error
+	for i := range testCases {
+		testCases[i].pk, testCases[i].msk, err = Setup(rand.Reader)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
+
+func BenchmarkTKN20KeyGen(b *testing.B) {
+	for _, tc := range testCases {
+		b.Run(fmt.Sprintf("keygen:%s", tc.desc), func(b *testing.B) {
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				_, err := tc.msk.KeyGen(rand.Reader, tc.attrs)
+				if err != nil {
+					b.Fatal(err)
+				}
+			}
+		})
+	}
+}
+
+func BenchmarkRSAKeyGen(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := rsa.GenerateKey(rand.Reader, 2048)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkX25519KeyGen(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, _, err := box.GenerateKey(rand.Reader)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkTKN20Encrypt(b *testing.B) {
+	for _, tc := range testCases {
+		b.Run(fmt.Sprintf("encrypt:%s", tc.desc), func(b *testing.B) {
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				_, err := tc.pk.Encrypt(rand.Reader, tc.policy, msg)
+				if err != nil {
+					b.Fatal(err)
+				}
+			}
+		})
+	}
+}
+
+func BenchmarkRSAEncrypt(b *testing.B) {
+	privKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		b.Fatal(err)
+	}
+	pubKey := privKey.PublicKey
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_, err := rsa.EncryptPKCS1v15(rand.Reader, &pubKey, msg)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkX25519Encrypt(b *testing.B) {
+	pubKey, _, err := box.GenerateKey(rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_, err := box.SealAnonymous(nil, msg, pubKey, rand.Reader)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkTKN20Decrypt(b *testing.B) {
+	for _, tc := range testCases {
+		b.Run(fmt.Sprintf("decrypt:%s", tc.desc), func(b *testing.B) {
+			userKey, err := tc.msk.KeyGen(rand.Reader, tc.attrs)
+			if err != nil {
+				b.Fatal(err)
+			}
+			ciphertext, err := tc.pk.Encrypt(rand.Reader, tc.policy, msg)
+			if err != nil {
+				b.Fatal(err)
+			}
+			keyBytes, _ := userKey.MarshalBinary()
+			pubKeyBytes, _ := tc.pk.MarshalBinary()
+			// longCt is only benchmarked to measure size overhead
+			longCt, err := tc.pk.Encrypt(rand.Reader, tc.policy, longMsg)
+			if err != nil {
+				b.Fatal(err)
+			}
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				_, err = userKey.Decrypt(ciphertext)
+				if err != nil {
+					b.Fatal(err)
+				}
+			}
+			b.ReportMetric(float64(len(pubKeyBytes)), "public_key_size")
+			b.ReportMetric(float64(len(keyBytes)), "attribute_secret_key_size")
+			b.ReportMetric(float64(len(ciphertext)-len(msg)), "ciphertext_bytes_overhead_32b_msg")
+			b.ReportMetric(float64(len(longCt)-len(longMsg)), "ciphertext_bytes_overhead_10kb_msg")
+		})
+	}
+}
+
+func BenchmarkRSADecrypt(b *testing.B) {
+	privKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		b.Fatal(err)
+	}
+	pubKey := privKey.PublicKey
+	ct, err := rsa.EncryptPKCS1v15(rand.Reader, &pubKey, msg)
+	if err != nil {
+		b.Fatal(err)
+	}
+	// longCt is only benchmarked to measure size overhead
+	longCt, err := rsaEncrypt(longMsg, &privKey.PublicKey)
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_, err := rsa.DecryptPKCS1v15(rand.Reader, privKey, ct)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+	b.ReportMetric(float64(privKey.PublicKey.Size()), "public_key_size")
+	b.ReportMetric(float64(len(x509.MarshalPKCS1PrivateKey(privKey))), "secret_key_size")
+	b.ReportMetric(float64(len(ct)-len(msg)), "ciphertext_bytes_overhead")
+	b.ReportMetric(float64(len(longCt)-len(longMsg)), "ciphertext_bytes_overhead_10kb_msg")
+}
+
+func BenchmarkX25519Decrypt(b *testing.B) {
+	pubKey, privKey, err := box.GenerateKey(rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
+	ct, err := box.SealAnonymous(nil, msg, pubKey, rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
+	// longCt is only benchmarked to measure size overhead
+	longCt, err := box.SealAnonymous(nil, longMsg, pubKey, rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_, ok := box.OpenAnonymous(nil, ct, pubKey, privKey)
+		if !ok {
+			b.Fatal(err)
+		}
+	}
+	b.ReportMetric(float64(len(pubKey)), "public_key_size")
+	b.ReportMetric(float64(len(privKey)), "secret_key_size")
+	b.ReportMetric(float64(len(ct)-len(msg)), "ciphertext_bytes_overhead_32b_msg")
+	b.ReportMetric(float64(len(longCt)-len(longMsg)), "ciphertext_bytes_overhead_10kb_msg")
+}
+
+func rsaEncrypt(data []byte, pubKey *rsa.PublicKey) ([]byte, error) {
+	chunkSize := 245 // Max chunk size for 2048 bit key with PKCS1v15 padding
+	var ct []byte
+	for len(data) > 0 {
+		if len(data) < chunkSize {
+			chunkSize = len(data)
+		}
+		chunk := data[:chunkSize]
+		data = data[chunkSize:]
+		encryptedChunk, err := rsa.EncryptPKCS1v15(rand.Reader, pubKey, chunk)
+		if err != nil {
+			return nil, err
+		}
+		ct = append(ct, encryptedChunk...)
+	}
+	return ct, nil
+}

abe/cpabe/tkn20/example_test.go

@@ -50,7 +50,7 @@ func checkPolicy(in map[string][]string) bool {
 
 func Example() {
 	policyStr := `(occupation: doctor) and (country: US)`
-	invalidPolicyStr := `(ocupation: doctor) and (country: pacific)`
+	invalidPolicyStr := `(title: doctor) and (country: pacific)`
 	msgStr := `must have the precious 🎃`
 	wrongAttrsMap := map[string]string{"occupation": "doctor", "country": "croatia"}
 	rightAttrsMap := map[string]string{"occupation": "doctor", "country": "US", "age": "16"}
@@ -124,7 +124,7 @@ func Example() {
 		log.Fatalf("decryption using right attrs should have succeeded, plaintext: %s", pt)
 	}
 	if !bytes.Equal(pt, []byte(msgStr)) {
-		log.Fatalf("recoverd plaintext: %s is not equal to original msg: %s", pt, msgStr)
+		log.Fatalf("recovered plaintext: %s is not equal to original msg: %s", pt, msgStr)
 	}
 	fmt.Println("Successfully recovered plaintext")
 	// Output: (occupation:doctor and country:US)

abe/cpabe/tkn20/internal/tkn/bk.go

@@ -243,7 +243,7 @@ func (p *Policy) ExtractFromCiphertext(ct []byte) error {
 	}
 	macData, _, err := removeLenPrefixed(rest)
 	if err != nil {
-		return fmt.Errorf("invalid ciphetext")
+		return fmt.Errorf("invalid ciphertext")
 	}
 	C1, _, err := removeLenPrefixed(macData)
 	if err != nil {

abe/cpabe/tkn20/internal/tkn/matrixGT_test.go

@@ -157,7 +157,7 @@ func TestExpGTLinearity(t *testing.T) {
 	absum.add(aexp, bexp)
 	abexp.exp(ab)
 	if !abexp.Equal(absum) {
-		t.Fatal("linearity of exponentation broken")
+		t.Fatal("linearity of exponentiation broken")
 	}
 }
 

abe/cpabe/tkn20/internal/tkn/tk.go

@@ -352,7 +352,7 @@ func (hdr *ciphertextHeader) marshalBinary() ([]byte, error) {
 	ret = appendLenPrefixed(ret, c1Bytes)
 
 	// Now we need to indicate how long c2, c3, c3neg are.
-	// Each array will be the same size (or nil), so with more work we can specalize
+	// Each array will be the same size (or nil), so with more work we can specialize
 	// but for now we will ignore that.
 
 	c2Len := len(hdr.c2)

abe/cpabe/tkn20/tkn20_test.go

@@ -108,7 +108,7 @@ func TestEndToEndEncryption(t *testing.T) {
 				t.Fatalf("extracted policy doesn't match original")
 			}
 			if sat != npol2.Satisfaction(attrs) {
-				t.Fatalf("round triped policy doesn't match original")
+				t.Fatalf("round tripped policy doesn't match original")
 			}
 			ctSat := attrs.CouldDecrypt(ct)
 			pt, err := sk.Decrypt(ct)