Add SecretSplitter.splitAround

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/threshold/SecretShare.java

@@ -1,5 +1,8 @@
 package org.bouncycastle.crypto.threshold;
 
+import org.bouncycastle.util.Encodable;
+
 public interface SecretShare
+    extends Encodable
 {
 }

core/src/main/java/org/bouncycastle/crypto/threshold/SecretSplitter.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.threshold;
 
+import java.io.IOException;
+
 /**
  * Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group.
  * In this process, no individual holds any intelligible information about the secret.
@@ -13,4 +15,7 @@ public interface SecretSplitter
      * @return An array of {@code byte[][]} representing the generated secret shares for m users with l bytes each.
      */
     SplitSecret split();
+
+    SplitSecret splitAround(SecretShare s)
+        throws IOException;
 }

core/src/main/java/org/bouncycastle/crypto/threshold/ShamirSecretSplitter.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.crypto.threshold;
 
+import java.io.IOException;
 import java.security.SecureRandom;
 
 public class ShamirSecretSplitter
@@ -68,7 +69,7 @@ public ShamirSplitSecret split()
         byte[][] sr = new byte[m][l];
         ShamirSplitSecretShare[] secretShares = new ShamirSplitSecretShare[l];
         int i;
-        for (i = 0; i < m; ++i)
+        for (i = 0; i < m; i++)
         {
             random.nextBytes(sr[i]);
         }
@@ -78,4 +79,35 @@ public ShamirSplitSecret split()
         }
         return new ShamirSplitSecret(poly, secretShares);
     }
+
+    @Override
+    public ShamirSplitSecret splitAround(SecretShare s)
+        throws IOException
+    {
+        byte[][] sr = new byte[m][l];
+        ShamirSplitSecretShare[] secretShares = new ShamirSplitSecretShare[l];
+        byte[] ss0 = s.getEncoded();
+        secretShares[0] = new ShamirSplitSecretShare(ss0, 1);
+        int i, j;
+        byte tmp;
+        for (i = 0; i < m; i++)
+        {
+            random.nextBytes(sr[i]);
+        }
+        for (i = 0; i < l; i++)
+        {
+            tmp = sr[1][i];
+            for (j = 2; j < m; j++)
+            {
+                tmp ^= sr[j][i];
+            }
+            sr[0][i] = (byte)(tmp ^ ss0[i]);
+        }
+        for (i = 1; i < p.length; i++)
+        {
+            secretShares[i] = new ShamirSplitSecretShare(poly.gfVecMul(p[i], sr), i + 1);
+        }
+
+        return new ShamirSplitSecret(poly, secretShares);
+    }
 }

core/src/main/java/org/bouncycastle/crypto/threshold/ShamirSplitSecret.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.threshold;
 
+import java.io.IOException;
+
 public class ShamirSplitSecret
     implements SplitSecret
 {
@@ -18,22 +20,25 @@ public ShamirSplitSecret(ShamirSecretSplitter.Algorithm algorithm, ShamirSecretS
         this.poly = poly;
     }
 
-    public ShamirSplitSecretShare[] getSecretShare()
+    public ShamirSplitSecretShare[] getSecretShares()
     {
         return secretShares;
     }
 
+    //internal TODO: multiple/divide
+
     @Override
     public byte[] recombine()
+        throws IOException
     {
         int n = secretShares.length;
         byte[] r = new byte[n];
         byte tmp;
         byte[] products = new byte[n - 1];
-        byte[][] splits = new byte[n][secretShares[0].getSecretShare().length];
+        byte[][] splits = new byte[n][secretShares[0].getEncoded().length];
         for (int i = 0; i < n; i++)
         {
-            splits[i] = secretShares[i].getSecretShare();
+            splits[i] = secretShares[i].getEncoded();
             tmp = 0;
             for (int j = 0; j < n; j++)
             {

core/src/main/java/org/bouncycastle/crypto/threshold/ShamirSplitSecretShare.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.threshold;
 
+import java.io.IOException;
+
 import org.bouncycastle.util.Arrays;
 
 public class ShamirSplitSecretShare
@@ -14,8 +16,16 @@ public ShamirSplitSecretShare(byte[] secretShare, int r)
         this.r = r;
     }
 
-    public byte[] getSecretShare()
+    public ShamirSplitSecretShare(byte[] secretShare)
+    {
+        this.secretShare = Arrays.clone(secretShare);
+        this.r = 1;
+    }
+
+    @Override
+    public byte[] getEncoded()
+        throws IOException
     {
-        return secretShare;
+        return Arrays.clone(secretShare);
     }
 }

core/src/main/java/org/bouncycastle/crypto/threshold/SplitSecret.java

@@ -1,13 +1,16 @@
 package org.bouncycastle.crypto.threshold;
 
+import java.io.IOException;
+
 public interface SplitSecret
 {
-    SecretShare[] getSecretShare();
+    SecretShare[] getSecretShares();
 
     /**
      * Recombines secret shares to reconstruct the original secret.
      *
      * @return A byte array containing the reconstructed secret.
      */
-    byte[] recombine();
+    byte[] recombine()
+        throws IOException;
 }

core/src/test/java/org/bouncycastle/crypto/threshold/test/ShamirSecretSplitterTest.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.crypto.threshold.test;
 
+import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 
@@ -9,31 +10,72 @@
 import org.bouncycastle.crypto.threshold.ShamirSplitSecret;
 import org.bouncycastle.crypto.threshold.ShamirSplitSecretShare;
 import org.bouncycastle.util.test.FixedSecureRandom;
+
 import org.junit.Assert;
 
 public class ShamirSecretSplitterTest
     extends TestCase
 {
     public static void main(String[] args)
+        throws IOException
     {
         ShamirSecretSplitterTest test = new ShamirSecretSplitterTest();
         test.performTest();
     }
 
     public void performTest()
+        throws IOException
     {
+        testShamirSecretSplitterSplitAround();
         testPolynomial();
         testShamirSecretSplitter();
     }
 
+    public void testShamirSecretSplitterSplitAround()
+        throws IOException
+    {
+        int l = 9, m = 3, n = 9;
+        ShamirSecretSplitter.Algorithm algorithm = ShamirSecretSplitter.Algorithm.AES;
+        ShamirSecretSplitter.Mode mode = ShamirSecretSplitter.Mode.Table;
+        ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, new SecureRandom());//, secretshare);
+        byte[] seed = new byte[l];
+        SecureRandom random = new SecureRandom();
+        random.nextBytes(seed);
+        ShamirSplitSecretShare ss = new ShamirSplitSecretShare(seed);
+        ShamirSplitSecret splitSecret = splitter.splitAround(ss);
+        ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShares();
+        Assert.assertTrue(Arrays.equals(secretShares[0].getEncoded(), seed));
+
+        ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
+        ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
+        byte[] secret1 = splitSecret1.recombine();
+
+        ShamirSplitSecretShare[] secretShares4 = new ShamirSplitSecretShare[]{secretShares[1], secretShares[2], secretShares[5]};
+        ShamirSplitSecret splitSecret4 = new ShamirSplitSecret(algorithm, mode, secretShares4);
+        byte[] secret4 = splitSecret4.recombine();
+
+        ShamirSplitSecretShare[] secretShares2 = new ShamirSplitSecretShare[]{secretShares[4], secretShares[7], secretShares[8]};
+        ShamirSplitSecret splitSecret2 = new ShamirSplitSecret(algorithm, mode, secretShares2);
+        byte[] secret2 = splitSecret2.recombine();
+
+        Assert.assertTrue(Arrays.equals(secret1, secret2));
+
+        // not enough secret shares cannot correctly recover the secret
+        ShamirSplitSecretShare[] secretShares3 = new ShamirSplitSecretShare[]{secretShares[3], secretShares[6]};
+        ShamirSplitSecret splitSecret3 = new ShamirSplitSecret(algorithm, mode, secretShares3);
+        byte[] secret3 = splitSecret3.recombine();
+        Assert.assertFalse(Arrays.equals(secret1, secret3));
+    }
+
     public void testShamirSecretSplitter()
+        throws IOException
     {
         int l = 9, m = 3, n = 9;
         ShamirSecretSplitter.Algorithm algorithm = ShamirSecretSplitter.Algorithm.AES;
         ShamirSecretSplitter.Mode mode = ShamirSecretSplitter.Mode.Table;
-        ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, new SecureRandom());
-        ShamirSplitSecret splitSecret = splitter.split();
-        ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShare();
+        ShamirSecretSplitter splitter = new ShamirSecretSplitter(algorithm, mode, l, m, n, new SecureRandom());//, secretshare);
+        ShamirSplitSecret splitSecret = splitter.split(); //integers  multiply/ divide
+        ShamirSplitSecretShare[] secretShares = splitSecret.getSecretShares();
 
         ShamirSplitSecretShare[] secretShares1 = new ShamirSplitSecretShare[]{secretShares[0], secretShares[1], secretShares[2]};
         ShamirSplitSecret splitSecret1 = new ShamirSplitSecret(algorithm, mode, secretShares1);
@@ -825,6 +867,7 @@ public String getName()
     }
 
     public void testPolynomial()
+        throws IOException
     {
         testPolynoimial1(new PolynomialFactory()
         {
@@ -888,6 +931,7 @@ public ShamirSplitSecret newInstance(ShamirSplitSecretShare[] secretShares)
     }
 
     private void testPolynoimial1(PolynomialFactory polynomialFactory)
+        throws IOException
     {
         ShamirSecretSplitter splitter = polynomialFactory.newInstance(5, 2, 2, getSecureRandom(TV011B_TV1_SR));
         testMatrixMultiplication(splitter, TV011B_TV1_SPLITS);
@@ -916,6 +960,7 @@ private void testPolynoimial1(PolynomialFactory polynomialFactory)
     }
 
     private void testPolynoimial2(PolynomialFactory polynomialFactory)
+        throws IOException
     {
         ShamirSecretSplitter poly = polynomialFactory.newInstance(5, 2, 2, getSecureRandom(TV011D_TV1_SR));
         testMatrixMultiplication(poly, TV011D_TV1_SPLITS);
@@ -967,17 +1012,19 @@ static ShamirSplitSecretShare[] getShamirSplitSecretShareArray(int[] rr, byte[][
     }
 
     static void testMatrixMultiplication(ShamirSecretSplitter poly, byte[][] splits)
+        throws IOException
     {
-        ShamirSplitSecretShare[] secretShares = poly.split().getSecretShare();
+        ShamirSplitSecretShare[] secretShares = poly.split().getSecretShares();
         byte[][] result = new byte[splits.length][splits[0].length];
         for (int i = 0; i < result.length; ++i)
         {
-            result[i] = secretShares[i].getSecretShare();
+            result[i] = secretShares[i].getEncoded();
         }
         assertEquals(Arrays.deepToString(splits), Arrays.deepToString(result));
     }
 
     public void testRecombine(ShamirSplitSecret splitSecret, byte[] secret)
+        throws IOException
     {
         byte[] result = splitSecret.recombine();
         assertTrue(Arrays.equals(secret, result));