I fixed this so this is Joye and Salehi is truly timing attack proof

adwise-fiu · Jan 7, 2024 · 2f0da20 · 2f0da20
1 parent 71b1f69
commit 2f0da20
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 12 deletions.
diff --git a/src/main/java/security/socialistmillionaire/alice_joye.java b/src/main/java/security/socialistmillionaire/alice_joye.java
@@ -137,6 +137,7 @@ else if(x.bitLength() > Encrypted_Y.length) {
             //System.out.println("Shouldn't be here: x > y bits");
             return false;
         }
+        int floor_t_div_two = (int) Math.floor((float) Encrypted_Y.length/2);
 
         // Step 3: Form Set L
         for (int i = 0; i < Encrypted_Y.length; i++) {
@@ -145,6 +146,20 @@ else if(x.bitLength() > Encrypted_Y.length) {
                 set_l.add(i);
             }
         }
+
+        // I need to confirm that #L = floor(t/2) always
+        // This is how I protect against timing attacks.
+        for (int i = 0; i < Encrypted_Y.length; i++) {
+            if (set_l.size() == floor_t_div_two) {
+                break;
+            }
+            if (!set_l.contains(i)) {
+                set_l.add(i);
+            }
+        }
+        // Confirm the value #L = floor(t/2), no more, no less.
+        assert floor_t_div_two == set_l.size();
+
         C = new BigInteger[set_l.size() + 1];
 
         // if equal bits, proceed!
@@ -174,7 +189,7 @@ else if(x.bitLength() > Encrypted_Y.length) {
                 first_term = 1 + ((1 - 2 * delta_a) * NTL.bit(x, i));
                 // (2 * delta_a - 1) * y_i
                 second_term = DGKOperations.multiply(Encrypted_Y[i], (2L * delta_a) - 1 , dgk_public);
-                // Combine terms..
+                // Combine terms.
                 temp = DGKOperations.add_plaintext(second_term, first_term, dgk_public);
 
                 // Now add with C_i

diff --git a/src/main/java/security/socialistmillionaire/bob_joye.java b/src/main/java/security/socialistmillionaire/bob_joye.java
@@ -138,6 +138,10 @@ else if (temp.equals(BigInteger.ZERO)) {
         }
 
         for (BigInteger C_i: C) {
+            // I need to find out why Alice_joye is sending nulls...
+            if (C_i == null) {
+                continue;
+            }
             if (DGKOperations.decrypt(C_i, dgk_private) == 0) {
                 delta_b = 1;
                 break;

diff --git a/src/main/java/security/socialistmillionaire/socialist_millionaires.java b/src/main/java/security/socialistmillionaire/socialist_millionaires.java
@@ -16,7 +16,6 @@
 
 public abstract class socialist_millionaires implements CipherConstants
 {
-	protected boolean uses_tls_socket = false;
 	protected static final SecureRandom rnd = new SecureRandom();
 	protected final static int SIGMA = 80;
 
@@ -97,7 +96,7 @@ protected void writeBoolean(boolean value) throws IOException {
 		}
 	}
 
-	protected Object readObject() throws IOException, ClassNotFoundException {
+	public Object readObject() throws IOException, ClassNotFoundException {
 		if(fromBob != null) {
 			return fromBob.readObject();
 		}
@@ -106,7 +105,7 @@ protected Object readObject() throws IOException, ClassNotFoundException {
 		}
 	}
 
-	protected void writeObject(Object o) throws IOException {
+	public void writeObject(Object o) throws IOException {
 		if(toBob != null) {
 			toBob.writeObject(o);
 			toBob.flush();
@@ -116,14 +115,7 @@ protected void writeObject(Object o) throws IOException {
 			toAlice.flush();	
 		}
 	}
-
-	public void set_el_gamal_additive(boolean additive){
-		this.el_gamal_public.set_additive(additive);
-		if (this.el_gamal_private != null) {
-			this.el_gamal_private.set_additive(additive);
-		}
-	}
-
+
 	/**
 	 * Create deep copy of BigInteger array
 	 */