Add interface SecretSharing

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/split/Polynomial.java

@@ -1,6 +1,9 @@
 package org.bouncycastle.crypto.split;
 
+import java.security.SecureRandom;
+
 public abstract class Polynomial
+    implements SecretSharing
 {
     public static final byte AES = 0;
     public static final byte RSA = 1;
@@ -27,7 +30,18 @@ public abstract class Polynomial
 
     protected Polynomial(int l, int m, int n)
     {
-        //TODO: check m <= n <= 255
+        if (l < 0 || l > 65534)
+        {
+            throw new IllegalArgumentException("Invalid input: l ranges from 0 to 65534 (2^16-2) bytes.");
+        }
+        if (m < 1 || m > 255)
+        {
+            throw new IllegalArgumentException("Invalid input: m must be less than 256 and positive.");
+        }
+        if (n < m || n > 255)
+        {
+            throw new IllegalArgumentException("Invalid input: n must be less than 256 and greater than or equal to n.");
+        }
         this.l = l;
         this.m = m;
         this.n = n;
@@ -45,17 +59,23 @@ protected void init()
         }
     }
 
-    public byte[][] createShares(byte[][] sr)
+    public byte[][] createShares(SecureRandom random)
     {
-        byte[][] result = new byte[p.length][sr[0].length];
-        for (int i = 0; i < p.length; i++)
+        byte[][] sr = new byte[m][l];
+        byte[][] result = new byte[p.length][l];
+        int i;
+        for (i = 0; i < m; ++i)
+        {
+            random.nextBytes(sr[i]);
+        }
+        for (i = 0; i < p.length; i++)
         {
             result[i] = gfVecMul(p[i], sr);
         }
         return result;
     }
 
-    public byte[] recombine(byte[] rr, byte[][] splits)
+    public byte[] recombineShares(int[] rr, byte[]... splits)
     {
         int n = rr.length;
         byte[] r = new byte[n];
@@ -68,7 +88,7 @@ public byte[] recombine(byte[] rr, byte[][] splits)
             {
                 if (j != i)
                 {
-                    products[tmp++] = gfDiv(rr[j] & 0xff, (rr[i] ^ rr[j]) & 0xff);
+                    products[tmp++] = gfDiv(rr[j], rr[i] ^ rr[j]);
                 }
             }
 
@@ -94,11 +114,11 @@ protected byte gfPow(int n, byte k)
         {
             if ((k & (1 << i)) != 0)
             {
-                result = (byte) gfMul(result & 0xff, n & 0xff);
+                result = (byte)gfMul(result & 0xff, n & 0xff);
             }
             n = gfMul(n & 0xff, n & 0xff);
         }
-        return (byte) result;
+        return (byte)result;
     }
 
     private byte[] gfVecMul(byte[] xs, byte[][] yss)
@@ -112,7 +132,7 @@ private byte[] gfVecMul(byte[] xs, byte[][] yss)
             {
                 sum ^= gfMul(xs[k] & 0xff, yss[k][j] & 0xff);
             }
-            result[j] = (byte) sum;
+            result[j] = (byte)sum;
         }
         return result;
     }

core/src/main/java/org/bouncycastle/crypto/split/SecretSharing.java

@@ -0,0 +1,28 @@
+package org.bouncycastle.crypto.split;
+
+import java.security.SecureRandom;
+
+/**
+ * Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group.
+ * In this process, no individual holds any intelligible information about the secret.
+ * However, when a sufficient number of individuals combine their 'shares', the secret can be reconstructed.
+ */
+public interface SecretSharing
+{
+    /**
+     * Creates secret shares from a given secret. The secret will be divided into shares, where the secret has a length of L bytes.
+     *
+     * @param random the source of secure random
+     * @return An array of {@code byte[][]} representing the generated secret shares for m users with l bytes each.
+     */
+    byte[][] createShares(SecureRandom random);
+
+    /**
+     * Recombines secret shares to reconstruct the original secret.
+     *
+     * @param rr The threshold number of shares required for recombination.
+     * @param splits A vector of byte arrays representing the shares, where each share is l bytes long.
+     * @return A byte array containing the reconstructed secret.
+     */
+    byte[] recombineShares(int[] rr, byte[]... splits);
+}

core/src/test/java/org/bouncycastle/crypto/split/test/PolynomialTest.java

@@ -1,12 +1,14 @@
 package org.bouncycastle.crypto.split.test;
 
+import java.security.SecureRandom;
 import java.util.Arrays;
 
 import junit.framework.TestCase;
 
 import org.bouncycastle.crypto.split.Polynomial;
 import org.bouncycastle.crypto.split.PolynomialNative;
 import org.bouncycastle.crypto.split.PolynomialTable;
+import org.bouncycastle.util.test.FixedSecureRandom;
 
 public class PolynomialTest
     extends TestCase
@@ -825,67 +827,76 @@ private void testPolynoimial1(PolynomialFactory polynomialFactory)
     {
         Polynomial poly = polynomialFactory.newInstance(5, 2, 2);
         testMatrixMultiplication(poly, TV011B_TV1_SR, TV011B_TV1_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011B_TV1_1_2_SPLITS, TV011B_TV1_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011B_TV1_1_2_SPLITS, TV011B_TV1_SECRET);
         poly = polynomialFactory.newInstance(5, 2, 4);
         testMatrixMultiplication(poly, TV011B_TV2_SR, TV011B_TV2_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011B_TV2_1_2_SPLITS, TV011B_TV2_SECRET);
-        testRecombine(poly, new byte[]{1, 4}, TV011B_TV2_1_4_SPLITS, TV011B_TV2_SECRET);
-        testRecombine(poly, new byte[]{3, 4}, TV011B_TV2_3_4_SPLITS, TV011B_TV2_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011B_TV2_1_2_SPLITS, TV011B_TV2_SECRET);
+        testRecombine(poly, new int[]{1, 4}, TV011B_TV2_1_4_SPLITS, TV011B_TV2_SECRET);
+        testRecombine(poly, new int[]{3, 4}, TV011B_TV2_3_4_SPLITS, TV011B_TV2_SECRET);
         poly = polynomialFactory.newInstance(5, 3, 4);
         testMatrixMultiplication(poly, TV011B_TV3_SR, TV011B_TV3_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3}, TV011B_TV3_1_2_3_SPLITS, TV011B_TV3_SECRET);
-        testRecombine(poly, new byte[]{1, 2, 4}, TV011B_TV3_1_2_4_SPLITS, TV011B_TV3_SECRET);
-        testRecombine(poly, new byte[]{1, 3, 4}, TV011B_TV3_1_3_4_SPLITS, TV011B_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3}, TV011B_TV3_1_2_3_SPLITS, TV011B_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 2, 4}, TV011B_TV3_1_2_4_SPLITS, TV011B_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 3, 4}, TV011B_TV3_1_3_4_SPLITS, TV011B_TV3_SECRET);
         poly = polynomialFactory.newInstance(5, 4, 4);
         testMatrixMultiplication(poly, TV011B_TV4_SR, TV011B_TV4_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3, 4}, TV011B_TV4_1_2_3_4_SPLITS, TV011B_TV4_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3, 4}, TV011B_TV4_1_2_3_4_SPLITS, TV011B_TV4_SECRET);
         poly = polynomialFactory.newInstance(9, 2, 9);
         testMatrixMultiplication(poly, TV011B_TV5_SR, TV011B_TV5_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011B_TV5_1_2_SPLITS, TV011B_TV5_SECRET);
-        testRecombine(poly, new byte[]{8, 9}, TV011B_TV5_8_9_SPLITS, TV011B_TV5_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011B_TV5_1_2_SPLITS, TV011B_TV5_SECRET);
+        testRecombine(poly, new int[]{8, 9}, TV011B_TV5_8_9_SPLITS, TV011B_TV5_SECRET);
         poly = polynomialFactory.newInstance(15, 3, 5);
         testMatrixMultiplication(poly, TV011B_TV6_SR, TV011B_TV6_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3}, TV011B_TV6_1_2_3_SPLITS, TV011B_TV6_SECRET);
-        testRecombine(poly, new byte[]{2, 3, 4}, TV011B_TV6_2_3_4_SPLITS, TV011B_TV6_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3}, TV011B_TV6_1_2_3_SPLITS, TV011B_TV6_SECRET);
+        testRecombine(poly, new int[]{2, 3, 4}, TV011B_TV6_2_3_4_SPLITS, TV011B_TV6_SECRET);
     }
 
     private void testPolynoimial2(PolynomialFactory polynomialFactory)
     {
         Polynomial poly = polynomialFactory.newInstance(5, 2, 2);
         testMatrixMultiplication(poly, TV011D_TV1_SR, TV011D_TV1_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011D_TV1_1_2_SPLITS, TV011D_TV1_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011D_TV1_1_2_SPLITS, TV011D_TV1_SECRET);
         poly = polynomialFactory.newInstance(5, 2, 4);
         testMatrixMultiplication(poly, TV011D_TV2_SR, TV011D_TV2_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011D_TV2_1_2_SPLITS, TV011D_TV2_SECRET);
-        testRecombine(poly, new byte[]{1, 4}, TV011D_TV2_1_4_SPLITS, TV011D_TV2_SECRET);
-        testRecombine(poly, new byte[]{3, 4}, TV011D_TV2_3_4_SPLITS, TV011D_TV2_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011D_TV2_1_2_SPLITS, TV011D_TV2_SECRET);
+        testRecombine(poly, new int[]{1, 4}, TV011D_TV2_1_4_SPLITS, TV011D_TV2_SECRET);
+        testRecombine(poly, new int[]{3, 4}, TV011D_TV2_3_4_SPLITS, TV011D_TV2_SECRET);
         poly = polynomialFactory.newInstance(5, 3, 4);
         testMatrixMultiplication(poly, TV011D_TV3_SR, TV011D_TV3_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3}, TV011D_TV3_1_2_3_SPLITS, TV011D_TV3_SECRET);
-        testRecombine(poly, new byte[]{1, 2, 4}, TV011D_TV3_1_2_4_SPLITS, TV011D_TV3_SECRET);
-        testRecombine(poly, new byte[]{1, 3, 4}, TV011D_TV3_1_3_4_SPLITS, TV011D_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3}, TV011D_TV3_1_2_3_SPLITS, TV011D_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 2, 4}, TV011D_TV3_1_2_4_SPLITS, TV011D_TV3_SECRET);
+        testRecombine(poly, new int[]{1, 3, 4}, TV011D_TV3_1_3_4_SPLITS, TV011D_TV3_SECRET);
         poly = polynomialFactory.newInstance(5, 4, 4);
         testMatrixMultiplication(poly, TV011D_TV4_SR, TV011D_TV4_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3, 4}, TV011D_TV4_1_2_3_4_SPLITS, TV011D_TV4_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3, 4}, TV011D_TV4_1_2_3_4_SPLITS, TV011D_TV4_SECRET);
         poly = polynomialFactory.newInstance(9, 2, 9);
         testMatrixMultiplication(poly, TV011D_TV5_SR, TV011D_TV5_SPLITS);
-        testRecombine(poly, new byte[]{1, 2}, TV011D_TV5_1_2_SPLITS, TV011D_TV5_SECRET);
-        testRecombine(poly, new byte[]{8, 9}, TV011D_TV5_8_9_SPLITS, TV011D_TV5_SECRET);
+        testRecombine(poly, new int[]{1, 2}, TV011D_TV5_1_2_SPLITS, TV011D_TV5_SECRET);
+        testRecombine(poly, new int[]{8, 9}, TV011D_TV5_8_9_SPLITS, TV011D_TV5_SECRET);
         poly = polynomialFactory.newInstance(15, 3, 5);
         testMatrixMultiplication(poly, TV011D_TV6_SR, TV011D_TV6_SPLITS);
-        testRecombine(poly, new byte[]{1, 2, 3}, TV011D_TV6_1_2_3_SPLITS, TV011D_TV6_SECRET);
-        testRecombine(poly, new byte[]{2, 3, 4}, TV011D_TV6_2_3_4_SPLITS, TV011D_TV6_SECRET);
+        testRecombine(poly, new int[]{1, 2, 3}, TV011D_TV6_1_2_3_SPLITS, TV011D_TV6_SECRET);
+        testRecombine(poly, new int[]{2, 3, 4}, TV011D_TV6_2_3_4_SPLITS, TV011D_TV6_SECRET);
     }
 
     static void testMatrixMultiplication(Polynomial poly, byte[][] sr, byte[][] splits)
     {
-        byte[][] result = poly.createShares(sr);
+        byte[] source = new byte[sr.length * sr[0].length];
+        int currentIndex = 0;
+
+        for (byte[] subArray : sr)
+        {
+            System.arraycopy(subArray, 0, source, currentIndex, subArray.length);
+            currentIndex += subArray.length;
+        }
+        SecureRandom random = new FixedSecureRandom(new FixedSecureRandom.Source[]{new FixedSecureRandom.Data(source)});
+        byte[][] result = poly.createShares(random);
         assertEquals(Arrays.deepToString(splits), Arrays.deepToString(result));
     }
 
-    public void testRecombine(Polynomial poly, byte[] rr, byte[][] splits, byte[] secret)
+    public void testRecombine(Polynomial poly, int[] rr, byte[][] splits, byte[] secret)
     {
-        byte[] result = poly.recombine(rr, splits);
+        byte[] result = poly.recombineShares(rr, splits);
         assertTrue(Arrays.equals(secret, result));
     }
 }