news

斯坦福大学密码学家Boneh的基于身份的公钥密码系统

Wed Jul 10 13:57:14 PDT 2002
    Yesterday I fixed a bug in request.c (wasn't calling SSL_library_init()).
    The bug was first reported by
    Eun-Young Christina Park <ecpark@comm.utoronto.ca>

    Today I received a duplicate bug report from
    Andrew Park <apark@cdf.toronto.edu> so I guess I had better
    release the next version!

    [ibe-0.7.2.tgz]


Tue Jul  2 11:31:31 PDT 2002
    Changed strncmp to memcmp in byte_string.c
    Added crypto_test() to torture. Doesn't fit in that well since it's a pure
    crypto test and doesn't involve IBE at all.
    Fields in format.c are called U, V, W again.

    [ibe-0.7.1.tgz]


Tue Jul  2 01:00:50 PDT 2002
    Now automatically generate/prepend IV for any encryption. Makes the code
    a bit more complex, and will probably crash if init and final are called
    but update isn't.

    Annoying bug: was failing torture tests occasionally because I was using
    strncpy instead of memcpy.

    ...

    Also does MAC automatically now. Got rid of crypto_convenient_*() because
    regular encrypt and decrypt are the same now. crypto_encrypt*() and
    crypto_decrypt*() can now be used as blackbox IND-CCA ciphers.
    (OpenSSL should provide functions like these in the first place!)


Mon Jul  1 19:53:21 PDT 2002
    Changed all occurrences of md5 to sha1 in crypto.c
    Better cipherkey + hashkey derivation from the secret in crypto.c
    Got rid of EVP_MD_MAX_SIZE, and instead replaced with exact size,
    obviating the need for several byte_string_reinits().

Sun Jun 30 18:07:48 PDT 2002
    Fixed corner cases in general_point_mul, added assert()s here and there.
    Renamed check_point to point_valid_p.

Sat Jun 29 18:36:37 PDT 2002
    Started adding return codes to various functions.
    Looks like OpenSSL API will change very soon, started preparing for it.
    Had to change API slightly, now crypto_ctx's must be explicitly initalized
    and cleared.

    At the moment, behaviour is as follows

    foo(byte_string_t bs) {
	byte_string_init(bs, something);

	if (unsuccessful) {
	    byte_string_clear(bs);
	    return 0;
	}

	return 1;
    }

    i.e. if it's not successful, then byte_string_t's remain unallocated.

    Updated README.

    Still more error checking to do, especially with bad serializations.
    However, a release is overdue.

    [ibe-0.7.0.tgz]


Sat Jun 29 15:38:29 PDT 2002
    Added BLS and IBE sigs to torture program.
    Made torture more flexible and easy to use.
    The library is passing all the tests, and seems to have no memory leaks.


Fri Jun 28 17:16:01 PDT 2002
    Some tidying up: mm.*.c holds counters that keep track of memory usage.

    Added threaded torture test. Sometimes it fails.
    Changed md_ctx from global to local in crypto.c, torture program seems
    to never crash now.

    Fixed uninitialized point bug in IBE_sign(). Wrote sig_test.c which
    tests identity-based signatures.

    Removed int t argument from IBE_construct_master().

    Added master key splitting to torture program. Added params_robust_clear()
    for testing purposes.  (I can split the key repeatedly, to see if there are
    memory leaks.) Tortured combine, it seems to hold up well.


Fri Jun 28 15:08:32 PDT 2002
    Added curve_t type. Removed globals from curve.c.

    Removed globals from fp2.c. API is a bit fatter now, but can have
    several different systems running at once now.


Fri Jun 28 11:37:11 PDT 2002
    Better release it before the next major changes. (I'm going to
    add more error handling, and make some API changes.)

    [ibe-0.6.0.tgz]

    Added "pain levels" to torture program.

    Added params_t type. ibe_lib.c has no globals now. Causes API changes:
    have to pass params around all the time.

    Removed global_zeta from curve.c


Thu Jun 27 23:09:05 PDT 2002
    Finished off IBE_clear(), i.e. free everything allocated by
    IBE_setup() (or IBE_deserialize_params).

    Fixed fp2 leak in map_byte_string_to_point().

    Fixed uninited PhiPpub. I'm surprised the program never crashed
    because of this before.

    Fixed uncleared Ppub in IBE_setup(). Now all the counts are at 0 at
    the end of the program.

    Wrote a light torture test program (torture.c).
    Discovered that the library is still leaking like a sieve (by
    running top).

    Removed n from parameters. Removed some debug printf's.

    Cleaned up version and id string a little.

    Fixed mpz leaks in curve.c(!): pts_preprocess_line() and
    tate_preprocess(), point_mul_preprocess() (the last one I had
    init's instead of clear's). Torture program no longer leaks
    but it only tests the KEM functions.
    
    Changed torture program so that it calls higher level functions
    IBE_hide_secret and IBE_reveal_secret. Leaks again.

    Fixed leak in crypto_convenient_decrypt: wasn't freeing the array
    of byte_strings. Torture program no longer leaks again. Something ought
    to done to make it easier to avoid this bug but I don't know what.


Thu Jun 27 17:43:30 PDT 2002
    Removed malignant free()'s in format.c that were left over from when I
    switched from malloc's to alloca.
    Thanks to Yongdae Kim <kyongdae@ics.uci.edu> for tracking this down.

    Removed exits, added a special case handler. Should only matter on very
    small curves.

    Wrote some code to keep track of byte_strings.

    Fixed a memory leak in hash_G(). Moved hash_?1() to old_code.c (only
    needed for Fujisaki-Okamoto scheme).

    Changed crypto_hash(): it now does the allocation for you.

    Cleaned up ibe program: now frees byte_strings before exiting.

    Now also keep track of fp2's.


Thu Jun 27 15:23:36 PDT 2002
    Renamed KEM functions so that they have "KEM" in their names.
    Added IBE_hide_key and IBE_reveal_key so it's more usable.
    Added "convenient" versions of encrypt/decrypt.

    New test script, encrypts random data. ("testscript2")


Sun Jun 16 22:28:28 PDT 2002
    Some minor fixes due to kromJx <kromJx@myrealbox.com>.

    [ibe-0.5.2.tgz]


Thu Jun 13 14:51:41 PDT 2002
    I had forgotten to MAC the IV.

    Added encrypt/decrypt for messages that fit in memory.
    (We use the secret from the KEM to encrypt a key, which is then used
    to encrypt the actual message.)

    Cleaned up crypt_save/load. Added MAC to it, changed format.

    save/load_byte_string not in PEM format any more.

    Slight API change: FMT_decrypt_stream also requires ID now.

    Added support for multiple recipients. Currently shows who else is
    getting the message. May add a blind version, but then you have to
    brute force it out. Maybe I should at least hash the ID's? Will ask.

    [ibe-0.5.1.tgz]


Tue Jun 11 12:09:42 PDT 2002
    Minor API change: hide_secret_array takes a char * array and a count, rather
    than a NULL-terminated array.


Sun Jun  9 12:24:38 PDT 2002
    Added crypto_va_hash. Is there a weakness here?
    (Can get collisions since H("abc"||"def") = H("ab"||"cdef").)

    Renamed construct_key to combine (it combines certificates too).

    Added IBE signatures that use BLS (certificates with aggregation trick).
    Untested.

    Changed ibe_test.c so that it works.

    Changed byte_string array serialization again. Now easier to validate.
    (Invalid byte_string array serializations now map to empty arrays.)

    Renamed HISTORY (this file) to NEWS, and reversed the order of
    entries, as suggested by kromJx <kromJx@myrealbox.com>.

    [ibe-0.5.0.tgz]


Sat Jun  8 20:50:10 PDT 2002
    Wrote BLS test program, fixed problems with BLS signature routines.
    Now appears to work, so the headers are now uncommented.

    Using the BF system as a KEM is now the default for the "ibe" utility.
    Also added support functions in crypto to make it easier to use, e.g.
    automatically does Encrypt-then-MAC.

    Finally corrected format.c hard limits. Can now encrypt/decrypt streams.

    Now ibe_test.c doesn't work because I took out the old code.


Fri Jun  7 16:13:25 PDT 2002
    Fixed one bug reported by kromJx <kromJx@myrealbox.com>
    Other one will take longer.


Thu Jun  6 17:06:12 PDT 2002
    Fixed hash function H (now uses both coords(!)).

    Changed serialization scheme. Should be easier to debug and change now.

    [ibe-0.4.0.tgz]


Sun Jun  2 22:18:03 PDT 2002
    `master' no longer a global.

    Added BLS stuff; still need to handle serialization errors everywhere.
    Completely untested.

    Added map_byte_string_to_point.

    Master shares are no longer loaded into globals. Each key gen is slightly
    slower, but not by much. (Converts byte_string to mpz every time now,
    could add a context struct to avoid this if this turns out to be a
    problem.)

    Moved IBE_make_id() to format.c

    Moved MM stuff into mm.[ch], some byte_string stuff to byte_string.[ch]

    Removed some miller_cache globals. Added preprocessed_key_t stuff.

    No longer call OpenSSL_add_all_algorithms() which breaks pkghtml. Will
    fix later.

    Limitations caused by globals:
	- fp2.c has a fixed modulus
	- curve.c has a fixed curve
	- ibe_lib.c has a fixed system
    Can't fix latter ones without fixing former ones. And seems tricky
    to fix fp2.c and keep it very efficient/easy to use.

    Removed *_mod() from fp2.c, can't remember why they're there.

    Added KEM functions, no longer need to use Fujisaki-Okamoto construction.
    (They're called IBE_hide_secret(), IBE_reveal_secret().)


Sun Jun  2 01:59:08 PDT 2002
    More significant cleanup: added byte_string.[ch] and crypto.[ch].
    crypto.c contains wrappers to OpenSSL, and can be changed to support
    different crypto libraries.

    Will have to bump up major version number.

    Also found minor bug: hashing F_p^2 was done badly: x-coord accidently
    repeated instead of y-coord. Doesn't matter much for our case because
    y-coord almost uniquely determined by x anyway.

    Now core IBE library does not depend on OpenSSL. Will move more stuff out,
    e.g. IBE_get_year() and IBE_make_id().


Sat Jun  1 17:14:39 PDT 2002
    Applied Donal Hunt's patch: case-insensitive comparison for
    "Content-Length" so Netscape works with pkghtml. (Actually, did this
    a few days earlier but didn't record this).


Wed May 15 16:19:02 PDT 2002
    request.c bugfix (was sending incorrect Content-Length) (bug reported
    by Donal Hunt)

    [ibe-0.3.2.tgz]


Wed May  8 17:45:33 PDT 2002
    Started looking into cleanup routines. Some minor renaming, e.g.
    fp2_init_modulus -> fp2_context_init.


Thu Apr  4 15:13:03 PST 2002

    More cleaning up: got rid of #ifdefs (except header file ones).

    [ibe-0.3.1.tgz]


Thu Apr  4 03:10:48 PST 2002

    Cleaned up Makefile slightly, can use it to cross compile for Windows.
    Some overdue documentation fixes.


Tue Mar 19 18:47:43 PST 2002

    Added fp2_set_str().

    Changed version numbering system to <major version>.<minor version>

    [ibe-0.3.0.tgz]


Thu Mar  7 15:48:14 PST 2002

    Bugfix: changed stdin's to infp in format.c. Thanks to
    James Mickens <jmickens@eecs.umich.edu>.


Mon Feb 11 12:27:38 PST 2002

    Fixed bug in curve.c: general_point_mul() (found by Donal Hunt)

    Removed solinas_miller(), made general_miller public.

    [ibe-0.21.tgz]


Thu Feb  7 13:33:58 PST 2002

    Looks like there are off-by-one "errors": during prepro. I calculate too
    many things. Will fix later.

    Replaced some special case checks with asserts.


Wed Feb  6 17:34:35 PST 2002

    More cleaning up, added wrapper functions to prepro. in ibe_lib.c.
    Can officially measure it. (dec time = no prepro because haven't got
    decrypt_preprocess or decrypt_postprocess.)

    benchmarks: