So, how do Bob, Alice and Carol agree on a shared key, and with only pass. In this example, we will prove these mappings for a pairing. Alice will generate \(a\) and will pass \(g^a\) to Bob and Carol, Bob will generate \(b\) and will pass \(g^b\) to Alice and Carol, and Carol will generate \(c\) and pass \(g^c\) to Bob and Alice. Though pairing they will end up with the same key:
Tripartite Diffie Hellman |
Background
With key pairing we have two cyclic groups (\(G_1\) and \(G_2\)), and which are of an order of a prime number (\(n\)). A pairing on \((G_1,G_2,G_T)\) defines the function \(e:G_1 \times G_2 \rightarrow G_T\), and where \(g_1\) is the generator for \(G_1\) and \(g_2\) is the generator for \(G_2\). If we have the points of \(U_1\) and \(U_2\) on \(G_1\) and \(V_1\) and \(V_2\) on \(G_2\), we get the bilinear mapping of:
\(e(U_1+U_2,V_1) =e(U_1,V_1) \times e(U_2,V_1)\)
\(e(U_1,V_1+V_2) =e(U_1,V_1) \times e(U_1,V_2)\)
If \(U\) is a point on \(G_1\), and \(V\) is a point on \(G_2\), we get:
\(e(aU,bV) =e(U,V)^{ab}\)
If \(G_1\) and \(G_2\) are the same group, we get a symmetric grouping (\(G_1 = G_2 = G\)), and the following commutative property will apply:
\(e(U^a,V^b) = e(U^b,V^a) = e(U,V)^{ab} = = e(V,U)^{ab}\)
The computation of \(e\) should be efficient in computation time.
In this example, we will prove these mappings for a pairing. Alice will generate \(a\) and will pass \(g^a\) to Bob and Carol, Bob will generate \(b\) and will pass \(g^b\) to Alice and Carol, and Carol will generate \(c\) and pass \(g^c\) to Bob and Alice. Though pairing they will end up with the same key.
This is because:
Bob generates a key of \(e((g^a)^b,g^c)\) and which will equal \((g,g)^{abc}\)
Alice generates a key of \(e((g^b)^a,g^c)\) and which will equal \((g,g)^{abc}\)
Carol generates a key of \(e((g^a)^c,g^b)\) and which will equal \((g,g)^{abc}\)
And they will thus generate the same key.
Coding
The outline coding using the library from [here] is
package edu.jhu.isi.CLSign.helloworld3; import java.util.stream.Collectors; import edu.jhu.isi.CLSign.keygen.PublicKey; import edu.jhu.isi.CLSign.keygen.SecretKey; import it.unisa.dia.gas.jpbc.Element; import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement; import it.unisa.dia.gas.jpbc.Pairing; import it.unisa.dia.gas.jpbc.PairingParameters; import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory; import it.unisa.dia.gas.plaf.jpbc.pairing.a.TypeACurveGenerator; import java.math.BigInteger; import java.util.List; public class helloworld3 { public static void main(String[] args){ int a=5; int b=10; int c=3; if (args.length==3) { a= Integer.parseInt(args[0]); System.out.println("a:"+a); b= Integer.parseInt(args[1]); System.out.println("b:"+b); c= Integer.parseInt(args[2]); System.out.println("c:"+c); } int rBits = 160; int qBits = 512; final TypeACurveGenerator pairingGenerator = new TypeACurveGenerator(rBits, qBits); final PairingParameters params = pairingGenerator.generate(); Pairing pairing=PairingFactory.getPairing(params); final Element generator = pairing.getG1().newRandomElement().getImmutable(); Element A = generator.pow(BigInteger.valueOf(a)); Element B = generator.pow(BigInteger.valueOf(b)); Element C = generator.pow(BigInteger.valueOf(c)); System.out.println("Generator:"+generator); Element shared1 = pairing.pairing(A.pow(BigInteger.valueOf(c)), B); Element shared2 = pairing.pairing(C.pow(BigInteger.valueOf(b)), A); Element shared3 = pairing.pairing(B.pow(BigInteger.valueOf(a)), C); System.out.println("\nShare1 (Carol):"+shared1.toString()); System.out.println("Share2 (Bob):"+shared2.toString()); System.out.println("Share3 (Alice):"+shared3.toString()); if (pairing.pairing(A.pow(BigInteger.valueOf(c)), B).isEqual(pairing.pairing(B.pow(BigInteger.valueOf(c)), A))) { System.out.println("\nSuccessful Pairing"); } else { System.out.println("Failed!!!"); } } }