/** * Given a candidate key OTP decrypts a cipher text using either the key directly or a key pseudo * randomly derived from the candidate, in order to match the length of the cipher text. * * <p> * The key candidate is assumed to be uniformly random. Thus, if its size longer or equal to the * cipher text, the candidate key will be used directly as a OTP key. Otherwise, the key will be * deterministically <i>stretched</i> to match the length of the cipher text in some secure way * (e.g., using a hash function). * </p> * * @param cipherText the cipher text to be decrypted * @param keyCandidate the candidate key for OTP decryption * @return the resulting message */ public static byte[] decrypt(byte[] cipherText, byte[] keyCandidate) { return decrypt(cipherText, keyCandidate, cipherText.length); }
/** * Receive one-time padded OT messages and remove the pad of the one of the messages chosen in the * OT. * * @param encryptedZeroMessage The one-time padded zero-message * @param encryptedOneMessage the one-time padded one-message * @param seed The seed used for padding of one of the messages * @param choiceBit A bit indicating which message the seed matches. False implies message zero * and true message one. * @return The unpadded message as a StrictBitVector */ private StrictBitVector recoverTrueMessage(byte[] encryptedZeroMessage, byte[] encryptedOneMessage, byte[] seed, boolean choiceBit) { if (encryptedZeroMessage.length != encryptedOneMessage.length) { throw new MaliciousException("The length of the two choice messages is not equal"); } byte[] unpaddedMessage; if (choiceBit == false) { unpaddedMessage = PseudoOtp.decrypt(encryptedZeroMessage, seed); } else { unpaddedMessage = PseudoOtp.decrypt(encryptedOneMessage, seed); } return new StrictBitVector(unpaddedMessage); }
/** * Adjust the random, preprocessed message, to fit the specific message sent * by the sender. * * @param zeroAdjustment * The adjustment value for the zero message * @param oneAdjustment * The adjustment value for the one message * @return The actual message */ private byte[] doActualReceive(byte[] zeroAdjustment, byte[] oneAdjustment) { if (zeroAdjustment.length != oneAdjustment.length) { throw new MaliciousException( "Sender gave adjustment messages of different length."); } byte[] adjustment; if (choices.getBit(offset, false) == false) { adjustment = zeroAdjustment; } else { adjustment = oneAdjustment; } return PseudoOtp.decrypt(adjustment, randomMessages.get(offset).toByteArray()); }