Home Explore Help
Sign In
iang
/
gk15
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Make all of the arrays 0-based

In the notation of the paper, some of the arrays are 0-based, and some
are 1-based.  Previously, we adhered to the notation of the paper, and
just wasted element 0 of the 1-based arrays.  Now that everything's
working, we save that wasted element by subtracting 1 from the indices
of the formerly 1-based arrays.
Ian Goldberg 4 years ago
parent
f120354379
commit
09fecd374b
1 changed files with 64 additions and 59 deletions
Split View Show Diff Stats
  1. 64 59
      gk15.go

+ 64 - 59
gk15.go
View File 

@@ -22,6 +22,16 @@ type GroupParams struct {
 
 	A, B, Y kyber.Point
 
 }
 
 
+// In the paper, some arrays are 0-based, and some are 1-based.  We
 
+// want to keep all arrays 0-based, so the following arrays (1-based in
 
+// the paper) have 1 subtracted from their indices whenever they are
 
+// used: cl, ca, cb, r, a, s, t, f, za, zb
 
+
 
+// Each array in the three structs below is of length n, where
 
+// n = ceil(log_2(N)), and N is the number of commitments.
 
+// The total proof size (PubState plus Proof) is then
 
+// 4*n points, plus (3*n+1) scalars.
 
+
 
 type PubState struct {
 
 	cl, ca, cb, cd []kyber.Point
 
 }
 
@@ -75,25 +85,19 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 
 		n += 1
 
 		two_n *= 2
 
 	}
 
-	fmt.Printf("n = %d\n", n);
 
 
-	// We will keep the notation of the paper:
 
-	// r, a, s, t, cl, ca, cb are 1-based,
 
-	// c, rho, cd are 0-based.  The 1-based ones, we
 
-	// just allocate an extra array element, and never
 
-	// use element 0.
 
 	var pub PubState
 
 	var priv PrivState
 
-	priv.r = make([]kyber.Scalar, n+1)
 
-	priv.a = make([]kyber.Scalar, n+1)
 
-	priv.s = make([]kyber.Scalar, n+1)
 
-	priv.t = make([]kyber.Scalar, n+1)
 
+	priv.r = make([]kyber.Scalar, n)
 
+	priv.a = make([]kyber.Scalar, n)
 
+	priv.s = make([]kyber.Scalar, n)
 
+	priv.t = make([]kyber.Scalar, n)
 
 	priv.rho = make([]kyber.Scalar, n)
 
 	priv.ell = ell
 
 	priv.privkey = privkey.Clone()
 
-	pub.cl = make([]kyber.Point, n+1)
 
-	pub.ca = make([]kyber.Point, n+1)
 
-	pub.cb = make([]kyber.Point, n+1)
 
+	pub.cl = make([]kyber.Point, n)
 
+	pub.ca = make([]kyber.Point, n)
 
+	pub.cb = make([]kyber.Point, n)
 
 	pub.cd = make([]kyber.Point, n)
 
 
 	var j, k, mask uint32
 
@@ -102,23 +106,23 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 
 	k = 0
 
 	mask = 1
 
 	for ; k < n ; {
 
-		priv.r[j] = group.Scalar().Pick(rand)
 
-		priv.a[j] = group.Scalar().Pick(rand)
 
-		priv.s[j] = group.Scalar().Pick(rand)
 
-		priv.t[j] = group.Scalar().Pick(rand)
 
+		priv.r[j-1] = group.Scalar().Pick(rand)
 
+		priv.a[j-1] = group.Scalar().Pick(rand)
 
+		priv.s[j-1] = group.Scalar().Pick(rand)
 
+		priv.t[j-1] = group.Scalar().Pick(rand)
 
 		priv.rho[k] = group.Scalar().Pick(rand)
 
 
-		pub.cl[j] = group.Point().Mul(priv.r[j], params.B)
 
+		pub.cl[j-1] = group.Point().Mul(priv.r[j-1], params.B)
 
 		if (ell & mask) != 0 {
 
-			pub.cl[j] = group.Point().Add(pub.cl[j], params.A)
 
+			pub.cl[j-1] = group.Point().Add(pub.cl[j-1], params.A)
 
 		}
 
-		pub.ca[j] = group.Point().Add(
 
-				group.Point().Mul(priv.a[j], params.A),
 
-				group.Point().Mul(priv.s[j], params.B))
 
-		pub.cb[j] = group.Point().Mul(priv.t[j], params.B)
 
+		pub.ca[j-1] = group.Point().Add(
 
+				group.Point().Mul(priv.a[j-1], params.A),
 
+				group.Point().Mul(priv.s[j-1], params.B))
 
+		pub.cb[j-1] = group.Point().Mul(priv.t[j-1], params.B)
 
 		if (ell & mask) != 0 {
 
-			pub.cb[j] = group.Point().Add(pub.cb[j],
 
-					group.Point().Mul(priv.a[j], params.A))
 
+			pub.cb[j-1] = group.Point().Add(pub.cb[j-1],
 
+					group.Point().Mul(priv.a[j-1], params.A))
 
 		}
 
 
 		j++
 
@@ -143,19 +147,19 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 
 		for ; j <= n ; {
 
 			if (i & jmask) != 0 {
 
 				if (ell & jmask) != 0 {
 
-					// Multiply p_i by x + a[j]
 
-					polymul_xplus(group, p_i, priv.a[j])
 
+					// Multiply p_i by x + a[j-1]
 
+					polymul_xplus(group, p_i, priv.a[j-1])
 
 				} else {
 
-					// Multiply p_i by a[j]
 
-					polymul(group, p_i, priv.a[j])
 
+					// Multiply p_i by a[j-1]
 
+					polymul(group, p_i, priv.a[j-1])
 
 				}
 
 			} else {
 
-				negaj := group.Scalar().Neg(priv.a[j])
 
+				negaj := group.Scalar().Neg(priv.a[j-1])
 
 				if (ell & jmask) != 0 {
 
-					// Multiply p_i by -a[j]
 
+					// Multiply p_i by -a[j-1]
 
 					polymul(group, p_i, negaj)
 
 				} else {
 
-					// Multiply p_i by x - a[j]
 
+					// Multiply p_i by x - a[j-1]
 
 					polymul_xplus(group, p_i, negaj)
 
 				}
 
 			}
 
@@ -196,9 +200,9 @@ func ProofStep2(params GroupParams, priv PrivState, x kyber.Scalar) Proof {
 
 	var proof Proof
 
 	n := uint32(len(priv.rho))
 
 	group := params.group
 
-	proof.f = make([]kyber.Scalar, n+1)
 
-	proof.za = make([]kyber.Scalar, n+1)
 
-	proof.zb = make([]kyber.Scalar, n+1)
 
+	proof.f = make([]kyber.Scalar, n)
 
+	proof.za = make([]kyber.Scalar, n)
 
+	proof.zb = make([]kyber.Scalar, n)
 
 
 	var j, mask uint32
 
 	// mask = 2^(j-1)
 
@@ -206,17 +210,17 @@ func ProofStep2(params GroupParams, priv PrivState, x kyber.Scalar) Proof {
 
 	mask = 1
 
 	for ; j <= n ; {
 
 		if (priv.ell & mask) != 0 {
 
-			proof.f[j] = group.Scalar().Add(x, priv.a[j])
 
+			proof.f[j-1] = group.Scalar().Add(x, priv.a[j-1])
 
 		} else {
 
-			proof.f[j] = priv.a[j].Clone()
 
+			proof.f[j-1] = priv.a[j-1].Clone()
 
 		}
 
-		proof.za[j] = group.Scalar().Add(
 
-			group.Scalar().Mul(x, priv.r[j]), priv.s[j])
 
-		proof.zb[j] = group.Scalar().Add(
 
+		proof.za[j-1] = group.Scalar().Add(
 
+			group.Scalar().Mul(x, priv.r[j-1]), priv.s[j-1])
 
+		proof.zb[j-1] = group.Scalar().Add(
 
 			group.Scalar().Mul(
 
-				group.Scalar().Sub(x, proof.f[j]),
 
-				priv.r[j]),
 
-			priv.t[j])
 
+				group.Scalar().Sub(x, proof.f[j-1]),
 
+				priv.r[j-1]),
 
+			priv.t[j-1])
 
 
 		j++
 
 		mask *= 2
 
@@ -256,32 +260,33 @@ func Verify(params GroupParams, c []kyber.Point, pub PubState, x kyber.Scalar, p
 
 	}
 
 
 	// Check that the lengths of the arrays are correct
 
-	if len(pub.cl) != int(n+1) || len(pub.ca) != int(n+1) ||
 
-			len(pub.cb) != int(n+1) ||
 
-			len(pub.cd) != int(n) ||
 
-			len(proof.f) != int(n+1) ||
 
-			len(proof.za) != int(n+1) ||
 
-			len(proof.zb) != int(n+1) {
 
+	intn := int(n)
 
+	if len(pub.cl) != intn || len(pub.ca) != intn ||
 
+			len(pub.cb) != intn ||
 
+			len(pub.cd) != intn ||
 
+			len(proof.f) != intn ||
 
+			len(proof.za) != intn ||
 
+			len(proof.zb) != intn {
 
 		fmt.Printf("Inputs not of the correct length\n")
 
 		return false
 
 	}
 
 
 	for j := uint32(1) ; j <= n ; j++ {
 
-		lhs1 := group.Point().Add(group.Point().Mul(x, pub.cl[j]),
 
-			pub.ca[j])
 
+		lhs1 := group.Point().Add(group.Point().Mul(x, pub.cl[j-1]),
 
+			pub.ca[j-1])
 
 		rhs1 := group.Point().Add(
 
-			group.Point().Mul(proof.f[j], params.A),
 
-			group.Point().Mul(proof.za[j], params.B))
 
+			group.Point().Mul(proof.f[j-1], params.A),
 
+			group.Point().Mul(proof.za[j-1], params.B))
 
 		if !lhs1.Equal(rhs1) {
 
 			fmt.Printf("Failed equality check 1\n")
 
 			return false
 
 		}
 
 		lhs2 := group.Point().Add(
 
 			group.Point().Mul(
 
-				group.Scalar().Sub(x, proof.f[j]),
 
-				pub.cl[j]),
 
-			pub.cb[j])
 
-		rhs2 := group.Point().Mul(proof.zb[j], params.B)
 
+				group.Scalar().Sub(x, proof.f[j-1]),
 
+				pub.cl[j-1]),
 
+			pub.cb[j-1])
 
+		rhs2 := group.Point().Mul(proof.zb[j-1], params.B)
 
 		if !lhs2.Equal(rhs2) {
 
 			fmt.Printf("Failed equality check 2\n")
 
 			return false
 
@@ -297,11 +302,11 @@ func Verify(params GroupParams, c []kyber.Point, pub PubState, x kyber.Scalar, p
 
 		for ; j <= n ; {
 
 			if (i & mask) != 0 {
 
 				fprod = group.Scalar().Mul(fprod,
 
-					proof.f[j])
 
+					proof.f[j-1])
 
 			} else {
 
 				fprod = group.Scalar().Mul(fprod,
 
 					group.Scalar().Sub(x,
 
-						proof.f[j]))
 
+						proof.f[j-1]))
 
 			}
 
 			j++
 
 			mask *= 2