📄 bundle.xml
字号:
<chapter><title>Bundled Programs</title><para>Several binaries and curve parameters are bundled with the PBC library,such as the <command>pbc</command> program<link linkend="pbcintro">discussed earlier</link>.</para><para>The <filename>param</filename>subdirectory contains pairing parameters one might use ina real cryptosystem. Many of the test programs read the parametersfrom files such as these on standard input, for example:</para><screen>benchmark/benchmark < param/c159.paramexample/bls < param/e.param</screen><section id="sect.pbc"><title>Pairing-Based Calculator</title><para>The <filename>pbc</filename> subdirectory contains a program also named<filename>pbc</filename> which allows interactive testing of the PBC library.</para><para>Its syntax is loosely based on that of <filename>bc</filename>, a well-knownarbitrary precision calculator language. I do not intend for<filename>pbc</filename> to be a fully-fledged scripting language. If thiswere the aim I would add a module to an extant popular language.Instead, pbc is meant to be a test program.(Nonetheless, it possesses enough functionality tobe used to implement cryptosystems in shell scripts.)</para><para>Four pairings named A, D, E and F are initialized during startup, andfurthermore, the variables G1, G2, GT and Zr are setup to represent groupsassociated with the A pairing. To use a different pairing, call the init_pairingfunciton.</para><para>Assignments have a C-like syntax "variable = expression", and return thevalue of the variable.Function calls and expressions also resemble C.The arithmetic operators +, -, /, *, ^ have the standard precedence.Perhaps the only significant difference is that no terminating semicolonis required.</para><para>Comments begin with "#" and end at a newline.Double quotes are used to denote strings.On error, pbc prints the error code which I have yet to translate to English.</para><para>Some of the pbc functions:</para><variablelist><varlistentry><term><command>init_pairing</command>(<parameter>pairing</parameter>)</term><listitem><para>Set the variables G1, G2, GT and Zr to the groups in<parameter>pairing</parameter>, e.g:</para><screen>init_pairing(D)</screen></listitem></varlistentry><varlistentry><term><command>rnd</command>(<parameter>G</parameter>)</term><listitem><para>Returns a random element of the group G, e.g:</para><screen>g = rnd(Zr)</screen><para>Has synonyms <command>rand</command> and <command>random</command>.</para></listitem></varlistentry><varlistentry><term><command>pairing</command>(<parameter>g</parameter>, <parameter>h</parameter>)</term><listitem><para>Returns the pairing applied to<parameter>g</parameter> and <parameter>h</parameter>.The element <parameter>g</parameter> must be an element of G1and <parameter>h</parameter> of G2, e.g:</para><screen>pairing(rnd(G1), rnd(G2))</screen></listitem></varlistentry><varlistentry><term><command>fromstr</command>(<parameter>string</parameter>, <parameter>G</parameter>)</term><listitem><para>Returns <parameter>string</parameter> converted to an element of<parameter>G</parameter>, e.g.</para><screen>x = fromstr("[123,456]", GT)</screen></listitem></varlistentry></variablelist></section><section><title>Parameter Generation</title><para>Programs that generate pairing parameters are located in the<filename>gen</filename> subdirectory. Some of the programs are alreadyfunctional enough to be used to find parameters for real applications.I need to write more documentation first; for now, readthe source!</para><variablelist><varlistentry><term>listmnt</term><listitem><para>Searches for discriminants D that lead to MNT curves with subgroupsof prime order.</para></listitem></varlistentry><varlistentry><term>genaparam</term><term>gena1param</term><term>gendparam</term><term>geneparam</term><term>genfparam</term><listitem><para>Prints parameters for a curve suitable for computing pairings of a giventype. The output can be fed to some of the other test programs.</para><para>The program <command>gendparam</command>should be given a discriminant as the first argument.</para></listitem></varlistentry><varlistentry><term>hilbertpoly</term><listitem><para>Prints the Hilbert polynomial for a given discriminant (the first argument).Computing the Hilbert polynomial is an intermediate step when generatingtype D parameters.</para></listitem></varlistentry></variablelist></section><section><title>Example Cryptosystems</title><para>In the <filename>example</filename> subdirectory there are various programsthat read curve parameters on standard input and perform computationsthat would be required in a typical implementation of a pairing-basedcryptosystem. Sample schemes include:</para><itemizedlist> <listitem> <para> Boneh-Franklin identity-based encryption </para> </listitem> <listitem> <para> Boneh-Lynn-Shacham short signatures </para> </listitem> <listitem> <para> Hess identity-based signatures </para> </listitem> <listitem> <para> Joux tripartite Diffie-Hellman </para> </listitem> <listitem> <para> Paterson identity-based signatures </para> </listitem> <listitem> <para> Yuan-Li identity-based authenticated key agreement </para> </listitem> <listitem> <para> Zhang-Kim identity-based blind/ring signatures </para> </listitem> <listitem> <para> Zhang-Safavi-Naini-Susilo signatures </para> </listitem></itemizedlist><para>Of course, more work would be required to turn these programsinto real applications. Their main purpose is to showcase the PBC libraryAPI.</para></section><section><title>Benchmarks</title><para>I use the programs in the <filename>benchmark</filename> subdirectoryto measure running times of pairings, and also RSA decryptions.</para><para>The <command>benchmark</command> program takespairing parameters on standard input and reports the average runningtime of the pairing over 10 runs, while <command>timersa</command>estimates the time required to perform one 1024-bit RSA decryption.</para></section></chapter>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -