Browse Source

Messages 2 and 3

Ian Goldberg 3 years ago
parent
commit
1b40aa7a02
1 changed files with 54 additions and 2 deletions
  1. 54 2
      gk15.go

+ 54 - 2
gk15.go

@@ -28,9 +28,13 @@ type PubState struct {
 
 type PrivState struct {
 	r, a, s, t, rho []kyber.Scalar
+	ell uint32
+	privkey kyber.Scalar
 }
 
 type Proof struct {
+	f, za, zb []kyber.Scalar
+	zd kyber.Scalar
 }
 
 // Multiply a polynomial expressed as a slice of coefficients by the
@@ -85,6 +89,8 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 	priv.s = make([]kyber.Scalar, n+1)
 	priv.t = make([]kyber.Scalar, n+1)
 	priv.rho = make([]kyber.Scalar, n)
+	priv.ell = ell
+	priv.privkey = privkey.Clone()
 	pub.cl = make([]kyber.Point, n+1)
 	pub.ca = make([]kyber.Point, n+1)
 	pub.cb = make([]kyber.Point, n+1)
@@ -182,11 +188,57 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 }
 
 func GenChallenge(params GroupParams, pub PubState) kyber.Scalar {
-	return params.group.Scalar()
+	// In the interactive version, just pick a random challenge.
+	// In the noninteractive version, this would be a hash of pub
+	// and a message.
+	rand := random.New()
+	return params.group.Scalar().Pick(rand)
 }
 
 func ProofStep2(params GroupParams, priv PrivState, x kyber.Scalar) Proof {
-	return Proof{}
+	var proof Proof
+	n := uint32(len(priv.rho))
+	group := params.group
+	proof.f = make([]kyber.Scalar, n+1)
+	proof.za = make([]kyber.Scalar, n+1)
+	proof.zb = make([]kyber.Scalar, n+1)
+
+	var j, mask uint32
+	// mask = 2^(j-1)
+	j = 1
+	mask = 1
+	for  ; j <= n ; {
+		if (priv.ell & mask) != 0 {
+			proof.f[j] = group.Scalar().Add(x, priv.a[j])
+		} else {
+			proof.f[j] = priv.a[j].Clone()
+		}
+		proof.za[j] = group.Scalar().Add(
+			group.Scalar().Mul(x, priv.r[j]), priv.s[j])
+		proof.zb[j] = group.Scalar().Add(
+			group.Scalar().Mul(
+				group.Scalar().Sub(x, proof.f[j]),
+				priv.r[j]),
+			priv.t[j])
+
+		j++
+		mask *= 2
+	}
+
+	proof.zd = group.Scalar().Zero()
+	k := uint32(0)
+	xk := group.Scalar().One() // x^k
+	for ; k < n ; {
+		proof.zd = group.Scalar().Sub(proof.zd,
+			group.Scalar().Mul(priv.rho[k], xk))
+		k++
+		xk = group.Scalar().Mul(xk, x)
+	}
+	// At this point, xk = x^n
+	proof.zd = group.Scalar().Add(proof.zd,
+		group.Scalar().Mul(priv.privkey, xk))
+
+	return proof
 }
 
 func Verify(params GroupParams, pub PubState, x kyber.Scalar, proof Proof) bool {