Add SecretSplitter.resplit

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/threshold/Polynomial.java

@@ -14,7 +14,7 @@ public static Polynomial newInstance(ShamirSecretSplitter.Algorithm algorithm, S
         }
     }
 
-    protected abstract int gfMul(int x, int y);
+    protected abstract byte gfMul(int x, int y);
 
     protected abstract byte gfDiv(int x, int y);
 
@@ -25,7 +25,7 @@ protected byte gfPow(int n, byte k)
         {
             if ((k & (1 << i)) != 0)
             {
-                result = (byte)gfMul(result & 0xff, n & 0xff);
+                result = gfMul(result & 0xff, n & 0xff);
             }
             n = gfMul(n & 0xff, n & 0xff);
         }
@@ -212,13 +212,13 @@ public PolynomialTable(ShamirSecretSplitter.Algorithm algorithm)
         }
     }
 
-    protected int gfMul(int x, int y)
+    protected byte gfMul(int x, int y)
     {
         if (x == 0 || y == 0)
         {
             return 0;
         }
-        return EXP[((LOG[x] & 0xff) + (LOG[y] & 0xff)) % 255] & 0xff;
+        return (byte)(EXP[((LOG[x] & 0xff) + (LOG[y] & 0xff)) % 255] & 0xff);
     }
 
     protected byte gfDiv(int x, int y)
@@ -251,7 +251,7 @@ public PolynomialNative(ShamirSecretSplitter.Algorithm algorithm)
         }
     }
 
-    protected int gfMul(int x, int y)
+    protected byte gfMul(int x, int y)
     {
         //pmult
         int result = 0;
@@ -277,11 +277,11 @@ protected int gfMul(int x, int y)
             }
             result <<= 1;
         }
-        return result & 0xFF;
+        return (byte) (result & 0xFF);
     }
 
     protected byte gfDiv(int x, int y)
     {
-        return (byte)gfMul(x, gfPow((byte)y, (byte)254) & 0xff);
+        return gfMul(x, gfPow((byte)y, (byte)254) & 0xff);
     }
 }

core/src/main/java/org/bouncycastle/crypto/threshold/SecretSplitter.java

@@ -18,4 +18,6 @@ public interface SecretSplitter
 
     SplitSecret splitAround(SecretShare s)
         throws IOException;
+
+    SplitSecret resplit(byte[] secret);
 }

core/src/main/java/org/bouncycastle/crypto/threshold/ShamirSecretSplitter.java

@@ -3,6 +3,8 @@
 import java.io.IOException;
 import java.security.SecureRandom;
 
+import org.bouncycastle.util.Arrays;
+
 public class ShamirSecretSplitter
     implements SecretSplitter
 {
@@ -110,4 +112,24 @@ public ShamirSplitSecret splitAround(SecretShare s)
 
         return new ShamirSplitSecret(poly, secretShares);
     }
+
+    @Override
+    public ShamirSplitSecret resplit(byte[] secret)
+    {
+        byte[][] sr = new byte[m][l];
+        ShamirSplitSecretShare[] secretShares = new ShamirSplitSecretShare[l];
+        sr[0] = secret;
+        int i;
+        for (i = 1; i < m; i++)
+        {
+            random.nextBytes(sr[i]);
+        }
+        for (i = 0; i < p.length; i++)
+        {
+            secretShares[i] = new ShamirSplitSecretShare(poly.gfVecMul(p[i], sr), i + 1);
+        }
+        return new ShamirSplitSecret(poly, secretShares);
+    }
+
+
 }

core/src/main/java/org/bouncycastle/crypto/threshold/ShamirSplitSecret.java

@@ -25,10 +25,40 @@ public ShamirSplitSecretShare[] getSecretShares()
         return secretShares;
     }
 
-    //internal TODO: multiple/divide
+    public ShamirSplitSecret multiple(int mul)
+        throws IOException
+    {
+        byte[] ss;
+        for (int i = 0; i < secretShares.length; ++i)
+        {
+            ss = secretShares[i].getEncoded();
+            for (int j = 0; j < ss.length; ++j)
+            {
+                ss[j] = poly.gfMul(ss[j] & 0xFF, mul);
+            }
+            secretShares[i] = new ShamirSplitSecretShare(ss, i + 1);
+        }
+        return this;
+    }
+
+    public ShamirSplitSecret divide(int div)
+        throws IOException
+    {
+        byte[] ss;
+        for (int i = 0; i < secretShares.length; ++i)
+        {
+            ss = secretShares[i].getEncoded();
+            for (int j = 0; j < ss.length; ++j)
+            {
+                ss[j] = poly.gfDiv(ss[j] & 0xFF, div);
+            }
+            secretShares[i] = new ShamirSplitSecretShare(ss, i + 1);
+        }
+        return this;
+    }
 
     @Override
-    public byte[] recombine()
+    public byte[] getSecret()
         throws IOException
     {
         int n = secretShares.length;
@@ -46,13 +76,12 @@ public byte[] recombine()
                 {
                     products[tmp++] = poly.gfDiv(secretShares[j].r, secretShares[i].r ^ secretShares[j].r);
                 }
-
             }
 
             tmp = 1;
             for (byte p : products)
             {
-                tmp = (byte)poly.gfMul(tmp & 0xff, p & 0xff);
+                tmp = poly.gfMul(tmp & 0xff, p & 0xff);
             }
             r[i] = tmp;
         }

core/src/main/java/org/bouncycastle/crypto/threshold/SplitSecret.java

@@ -11,6 +11,6 @@ public interface SplitSecret
      *
      * @return A byte array containing the reconstructed secret.
      */
-    byte[] recombine()
+    byte[] getSecret()
         throws IOException;
 }

core/src/test/java/org/bouncycastle/crypto/threshold/test/ShamirSecretSplitterTest.java

@@ -2,14 +2,16 @@
 
 import java.io.IOException;
 import java.security.SecureRandom;
-import java.util.Arrays;
+
 
 import junit.framework.TestCase;
 
 import org.bouncycastle.crypto.threshold.ShamirSecretSplitter;
 import org.bouncycastle.crypto.threshold.ShamirSplitSecret;
 import org.bouncycastle.crypto.threshold.ShamirSplitSecretShare;
+import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.Arrays;
 
 import org.junit.Assert;
 
@@ -26,45 +28,124 @@ public static void main(String[] args)
     public void performTest()
         throws IOException
     {
+        testShamirSecretResplit();
+        testShamirSecretMultipleDivide();
         testShamirSecretSplitterSplitAround();
         testPolynomial();
         testShamirSecretSplitter();
     }
 
+    public void testShamirSecretResplit()
+        throws IOException
+    {
+        int l = 9, m = 3, n = 9;
+        SecureRandom random = new SecureRandom();
+        ShamirSecretSplitter.Algorithm algorithm = ShamirSecretSplitter.Algorithm.AES;
+        ShamirSecretSplitter.Mode mode = ShamirSecretSplitter.Mode.Table;
+        ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, random);//, secretshare);
+
+        ShamirSplitSecret splitSecret = splitter.split();
+        ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShares();
+
+        ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
+        ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
+        byte[] secret1 = splitSecret1.getSecret();
+
+
+        ShamirSplitSecret splitSecret2 = splitter.resplit(secret1);
+        ShamirSplitSecretShare[] secretShares2 = splitSecret2.getSecretShares();
+        ShamirSplitSecretShare[] secretShares3 = new ShamirSplitSecretShare[]{secretShares2[0], secretShares2[1], secretShares2[2]};
+        ShamirSplitSecret splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
+        byte[] secret3 = splitSecret3.getSecret();
+
+
+        Assert.assertArrayEquals(secret1, secret3);
+        Assert.assertFalse(Arrays.areEqual(Arrays.concatenate(secretShares[0].getEncoded(), secretShares[1].getEncoded(), secretShares[2].getEncoded()),
+            Arrays.concatenate(secretShares2[0].getEncoded(), secretShares2[1].getEncoded(), secretShares2[2].getEncoded())));
+
+    }
+
+    public void testShamirSecretMultipleDivide()
+        throws IOException
+    {
+        int l = 9, m = 3, n = 9;
+        SecureRandom random = new SecureRandom();
+        ShamirSecretSplitter.Algorithm algorithm = ShamirSecretSplitter.Algorithm.AES;
+        ShamirSecretSplitter.Mode mode = ShamirSecretSplitter.Mode.Table;
+        ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, random);//, secretshare);
+
+        ShamirSplitSecret splitSecret = splitter.split();
+        ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShares();
+
+        ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
+        ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
+        byte[] secret1 = splitSecret1.getSecret();
+
+        int mul = random.nextInt(255);
+        splitSecret.multiple(mul);
+        secretShares = splitSecret.getSecretShares();
+        ShamirSplitSecretShare[] secretShares4 = new ShamirSplitSecretShare[]{secretShares[1], secretShares[2], secretShares[5]};
+        ShamirSplitSecret splitSecret4 = new ShamirSplitSecret(algorithm, mode, secretShares4);
+        byte[] secret4 = splitSecret4.getSecret();
+
+        splitSecret.divide(mul);
+        secretShares = splitSecret.getSecretShares();
+        ShamirSplitSecretShare[] secretShares2 = new ShamirSplitSecretShare[]{secretShares[4], secretShares[7], secretShares[8]};
+        ShamirSplitSecret splitSecret2 = new ShamirSplitSecret(algorithm, mode, secretShares2);
+        byte[] secret2 = splitSecret2.getSecret();
+
+        Assert.assertArrayEquals(secret1, secret2);
+
+
+        // not enough secret shares cannot correctly recover the secret
+        ShamirSplitSecretShare[] secretShares3 = new ShamirSplitSecretShare[]{secretShares[3], secretShares[6]};
+        ShamirSplitSecret splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
+        byte[] secret3 = splitSecret3.getSecret();
+        Assert.assertFalse(Arrays.areEqual(secret1, secret3));
+    }
+
     public void testShamirSecretSplitterSplitAround()
         throws IOException
     {
         int l = 9, m = 3, n = 9;
         ShamirSecretSplitter.Algorithm algorithm = ShamirSecretSplitter.Algorithm.AES;
         ShamirSecretSplitter.Mode mode = ShamirSecretSplitter.Mode.Table;
         ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, new SecureRandom());//, secretshare);
-        byte[] seed = new byte[l];
-        SecureRandom random = new SecureRandom();
-        random.nextBytes(seed);
+        byte[] seed = Hex.decode("010203040506070809");
+        //SecureRandom random = new SecureRandom();
+
+        //random.nextBytes(seed);
+        //System.out.println(Hex.decode(seed));
         ShamirSplitSecretShare ss = new ShamirSplitSecretShare(seed);
         ShamirSplitSecret splitSecret = splitter.splitAround(ss);
         ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShares();
-        Assert.assertTrue(Arrays.equals(secretShares[0].getEncoded(), seed));
+        Assert.assertArrayEquals(secretShares[0].getEncoded(), seed);
 
         ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
         ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
-        byte[] secret1 = splitSecret1.recombine();
+        byte[] secret1 = splitSecret1.getSecret();
 
         ShamirSplitSecretShare[] secretShares4 = new ShamirSplitSecretShare[]{secretShares[1], secretShares[2], secretShares[5]};
         ShamirSplitSecret splitSecret4 = new ShamirSplitSecret(algorithm, mode, secretShares4);
-        byte[] secret4 = splitSecret4.recombine();
+        byte[] secret4 = splitSecret4.getSecret();
 
         ShamirSplitSecretShare[] secretShares2 = new ShamirSplitSecretShare[]{secretShares[4], secretShares[7], secretShares[8]};
         ShamirSplitSecret splitSecret2 = new ShamirSplitSecret(algorithm, mode, secretShares2);
-        byte[] secret2 = splitSecret2.recombine();
+        byte[] secret2 = splitSecret2.getSecret();
 
-        Assert.assertTrue(Arrays.equals(secret1, secret2));
+        Assert.assertArrayEquals(secret1, secret2);
+        Assert.assertArrayEquals(secret1, secret4);
 
         // not enough secret shares cannot correctly recover the secret
         ShamirSplitSecretShare[] secretShares3 = new ShamirSplitSecretShare[]{secretShares[3], secretShares[6]};
         ShamirSplitSecret splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
-        byte[] secret3 = splitSecret3.recombine();
-        Assert.assertFalse(Arrays.equals(secret1, secret3));
+        byte[] secret3 = splitSecret3.getSecret();
+        Assert.assertFalse(Arrays.areEqual(secret1, secret3));
+
+        secretShares3 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1]};
+        splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
+        secret3 = splitSecret3.getSecret();
+        Assert.assertFalse(Arrays.areEqual(secret1, secret3));
     }
 
     public void testShamirSecretSplitter()
@@ -79,19 +160,19 @@ public void testShamirSecretSplitter()
 
         ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
         ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
-        byte[] secret1 = splitSecret1.recombine();
+        byte[] secret1 = splitSecret1.getSecret();
 
         ShamirSplitSecretShare[] secretShares2 = new ShamirSplitSecretShare[]{secretShares[4], secretShares[7], secretShares[8]};
         ShamirSplitSecret splitSecret2 = new ShamirSplitSecret(algorithm, mode, secretShares2);
-        byte[] secret2 = splitSecret2.recombine();
+        byte[] secret2 = splitSecret2.getSecret();
 
-        Assert.assertTrue(Arrays.equals(secret1, secret2));
+        Assert.assertArrayEquals(secret1, secret2);
 
         // not enough secret shares cannot correctly recover the secret
         ShamirSplitSecretShare[] secretShares3 = new ShamirSplitSecretShare[]{secretShares[3], secretShares[6]};
         ShamirSplitSecret splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
-        byte[] secret3 = splitSecret3.recombine();
-        Assert.assertFalse(Arrays.equals(secret1, secret3));
+        byte[] secret3 = splitSecret3.getSecret();
+        Assert.assertFalse(Arrays.areEqual(secret1, secret3));
     }
 //    private static Polynomial polynomial1 = new PolynomialTable(Polynomial.AES);
 //    private static Polynomial polynomial2 = new PolynomialTable(Polynomial.RSA);
@@ -1020,13 +1101,13 @@ static void testMatrixMultiplication(ShamirSecretSplitter poly, byte[][] splits)
         {
             result[i] = secretShares[i].getEncoded();
         }
-        assertEquals(Arrays.deepToString(splits), Arrays.deepToString(result));
+        assertEquals(java.util.Arrays.deepToString(splits), java.util.Arrays.deepToString(result));
     }
 
     public void testRecombine(ShamirSplitSecret splitSecret, byte[] secret)
         throws IOException
     {
-        byte[] result = splitSecret.recombine();
-        assertTrue(Arrays.equals(secret, result));
+        byte[] result = splitSecret.getSecret();
+        assertTrue(Arrays.areEqual(secret, result));
     }
 }