|
@@ -221,11 +221,11 @@ pub mod issue_nonblind_5 {
|
|
|
X3: &self.pubkey.X[3],
|
|
|
X4: &self.pubkey.X[4],
|
|
|
X5: &self.pubkey.X[5],
|
|
|
- P1: &(&req.m1 * &P),
|
|
|
- P2: &(&req.m2 * &P),
|
|
|
- P3: &(&req.m3 * &P),
|
|
|
- P4: &(&req.m4 * &P),
|
|
|
- P5: &(&req.m5 * &P),
|
|
|
+ P1: &(req.m1 * P),
|
|
|
+ P2: &(req.m2 * P),
|
|
|
+ P3: &(req.m3 * P),
|
|
|
+ P4: &(req.m4 * P),
|
|
|
+ P5: &(req.m5 * P),
|
|
|
x0: &self.privkey.x[0],
|
|
|
x1: &self.privkey.x[1],
|
|
|
x2: &self.privkey.x[2],
|
|
@@ -263,11 +263,11 @@ pub mod issue_nonblind_5 {
|
|
|
X3: &pubkey.X[3].compress(),
|
|
|
X4: &pubkey.X[4].compress(),
|
|
|
X5: &pubkey.X[5].compress(),
|
|
|
- P1: &(&state.m1 * &resp.P).compress(),
|
|
|
- P2: &(&state.m2 * &resp.P).compress(),
|
|
|
- P3: &(&state.m3 * &resp.P).compress(),
|
|
|
- P4: &(&state.m4 * &resp.P).compress(),
|
|
|
- P5: &(&state.m5 * &resp.P).compress(),
|
|
|
+ P1: &(state.m1 * resp.P).compress(),
|
|
|
+ P2: &(state.m2 * resp.P).compress(),
|
|
|
+ P3: &(state.m3 * resp.P).compress(),
|
|
|
+ P4: &(state.m4 * resp.P).compress(),
|
|
|
+ P5: &(state.m5 * resp.P).compress(),
|
|
|
}
|
|
|
)?;
|
|
|
Ok(Credential {
|
|
@@ -399,9 +399,9 @@ pub mod issue_blind124_5 {
|
|
|
let e1: Scalar = Scalar::random(&mut rng);
|
|
|
let e2: Scalar = Scalar::random(&mut rng);
|
|
|
let e4: Scalar = Scalar::random(&mut rng);
|
|
|
- let Encm1B = (&e1 * Btable, m1 * Btable + &e1 * D);
|
|
|
- let Encm2B = (&e2 * Btable, m2 * Btable + &e2 * D);
|
|
|
- let Encm4B = (&e4 * Btable, m4 * Btable + &e4 * D);
|
|
|
+ let Encm1B = (&e1 * Btable, m1 * Btable + e1 * D);
|
|
|
+ let Encm2B = (&e2 * Btable, m2 * Btable + e2 * D);
|
|
|
+ let Encm4B = (&e4 * Btable, m4 * Btable + e4 * D);
|
|
|
|
|
|
let mut transcript = Transcript::new(b"Blind124 5 userblind proof");
|
|
|
let piUserBlinding: CompactProof = userblinding::prove_compact(
|
|
@@ -425,8 +425,7 @@ pub mod issue_blind124_5 {
|
|
|
}).0;
|
|
|
(
|
|
|
CredentialRequest {
|
|
|
- D: D,
|
|
|
- Encm1B, Encm2B, Encm4B, piUserBlinding,
|
|
|
+ D, Encm1B, Encm2B, Encm4B, piUserBlinding,
|
|
|
m3: *m3,
|
|
|
m5: *m5,
|
|
|
},
|
|
@@ -510,8 +509,8 @@ pub mod issue_blind124_5 {
|
|
|
X3: &self.pubkey.X[3],
|
|
|
X4: &self.pubkey.X[4],
|
|
|
X5: &self.pubkey.X[5],
|
|
|
- P3: &(&req.m3 * &P),
|
|
|
- P5: &(&req.m5 * &P),
|
|
|
+ P3: &(req.m3 * P),
|
|
|
+ P5: &(req.m5 * P),
|
|
|
T1: &T1,
|
|
|
T2: &T2,
|
|
|
T4: &T4,
|
|
@@ -568,8 +567,8 @@ pub mod issue_blind124_5 {
|
|
|
X3: &pubkey.X[3].compress(),
|
|
|
X4: &pubkey.X[4].compress(),
|
|
|
X5: &pubkey.X[5].compress(),
|
|
|
- P3: &(&state.m3 * &resp.P).compress(),
|
|
|
- P5: &(&state.m5 * &resp.P).compress(),
|
|
|
+ P3: &(state.m3 * resp.P).compress(),
|
|
|
+ P5: &(state.m5 * resp.P).compress(),
|
|
|
T1: &resp.T1.compress(),
|
|
|
T2: &resp.T2.compress(),
|
|
|
T4: &resp.T4.compress(),
|
|
@@ -584,11 +583,11 @@ pub mod issue_blind124_5 {
|
|
|
)?;
|
|
|
|
|
|
// Decrypt EncQ
|
|
|
- let Q = &resp.EncQ.1 - (state.d * &resp.EncQ.0);
|
|
|
+ let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
|
|
|
|
|
|
Ok(Credential {
|
|
|
P: resp.P,
|
|
|
- Q: Q,
|
|
|
+ Q,
|
|
|
m: vec![Scalar::zero(), state.m1, state.m2,
|
|
|
state.m3, state.m4, state.m5],
|
|
|
})
|
|
@@ -656,27 +655,27 @@ pub mod show_blind345_5 {
|
|
|
// Reblind P and Q
|
|
|
let mut rng: rand::rngs::ThreadRng = rand::thread_rng();
|
|
|
let t: Scalar = Scalar::random(&mut rng);
|
|
|
- let P: RistrettoPoint = &t * &cred.P;
|
|
|
- let Q: RistrettoPoint = &t * &cred.Q;
|
|
|
+ let P: RistrettoPoint = t * cred.P;
|
|
|
+ let Q: RistrettoPoint = t * cred.Q;
|
|
|
|
|
|
// Form Pedersen commitments to the blinded attributes
|
|
|
let z3: Scalar = Scalar::random(&mut rng);
|
|
|
let z4: Scalar = Scalar::random(&mut rng);
|
|
|
let z5: Scalar = Scalar::random(&mut rng);
|
|
|
- let Cm3: RistrettoPoint = &cred.m[3] * &P + &z3 * Atable;
|
|
|
- let Cm4: RistrettoPoint = &cred.m[4] * &P + &z4 * Atable;
|
|
|
- let Cm5: RistrettoPoint = &cred.m[5] * &P + &z5 * Atable;
|
|
|
+ let Cm3: RistrettoPoint = cred.m[3] * P + &z3 * Atable;
|
|
|
+ let Cm4: RistrettoPoint = cred.m[4] * P + &z4 * Atable;
|
|
|
+ let Cm5: RistrettoPoint = cred.m[5] * P + &z5 * Atable;
|
|
|
|
|
|
// Form a Pedersen commitment to the MAC Q
|
|
|
// We flip the sign of zQ from that of the Hyphae paper so that
|
|
|
// the ZKP has a "+" instead of a "-", as that's what the zkp
|
|
|
// macro supports.
|
|
|
let negzQ: Scalar = Scalar::random(&mut rng);
|
|
|
- let CQ: RistrettoPoint = &Q - &negzQ * Atable;
|
|
|
+ let CQ: RistrettoPoint = Q - &negzQ * Atable;
|
|
|
|
|
|
// Compute the "error factor"
|
|
|
- let V: RistrettoPoint = &z3 * &pubkey.X[3]
|
|
|
- + &z4 * &pubkey.X[4] + &z5 * &pubkey.X[5]
|
|
|
+ let V: RistrettoPoint = z3 * pubkey.X[3]
|
|
|
+ + z4 * pubkey.X[4] + z5 * pubkey.X[5]
|
|
|
+ &negzQ * Atable;
|
|
|
|
|
|
// Create the ZKP
|
|
@@ -732,10 +731,10 @@ pub mod show_blind345_5 {
|
|
|
(self.privkey.x[0]
|
|
|
+ (self.privkey.x[1] * showmsg.m1
|
|
|
+ self.privkey.x[2] * showmsg.m2)) * showmsg.P
|
|
|
- + self.privkey.x[3] * &showmsg.Cm3
|
|
|
- + self.privkey.x[4] * &showmsg.Cm4
|
|
|
- + self.privkey.x[5] * &showmsg.Cm5
|
|
|
- - &showmsg.CQ;
|
|
|
+ + self.privkey.x[3] * showmsg.Cm3
|
|
|
+ + self.privkey.x[4] * showmsg.Cm4
|
|
|
+ + self.privkey.x[5] * showmsg.Cm5
|
|
|
+ - showmsg.CQ;
|
|
|
|
|
|
// Verify the ZKP using Vprime
|
|
|
let mut transcript = Transcript::new(b"Blind345 5 showing proof");
|