|
@@ -125,51 +125,52 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
|
|
|
k++
|
|
|
mask *= 2
|
|
|
}
|
|
|
-
|
|
|
- k = 0
|
|
|
- for ; k < n ; {
|
|
|
+ for k = 0 ; k < n ; k++ {
|
|
|
pub.cd[k] = group.Point().Mul(priv.rho[k], params.B)
|
|
|
- for i := uint32(0); i < two_n; i++ {
|
|
|
- // Compute the coefficients of p_i
|
|
|
- p_i := make([]kyber.Scalar, n+1)
|
|
|
- p_i[0] = group.Scalar().One()
|
|
|
- for t := uint32(1); t <= n; t++ {
|
|
|
- p_i[t] = group.Scalar().Zero()
|
|
|
- }
|
|
|
+ }
|
|
|
|
|
|
- j = 1
|
|
|
- // jmask = 2^(j-1)
|
|
|
- jmask := uint32(1)
|
|
|
- for ; j <= n ; {
|
|
|
- if (i & jmask) != 0 {
|
|
|
- if (ell & jmask) != 0 {
|
|
|
- // Multiply p_i by x + a[j]
|
|
|
- polymul_xplus(group, p_i, priv.a[j])
|
|
|
- } else {
|
|
|
- // Multiply p_i by a[j]
|
|
|
- polymul(group, p_i, priv.a[j])
|
|
|
- }
|
|
|
+ for i := uint32(0); i < two_n; i++ {
|
|
|
+ // Compute the coefficients of p_i
|
|
|
+ p_i := make([]kyber.Scalar, n+1)
|
|
|
+ p_i[0] = group.Scalar().One()
|
|
|
+ for t := uint32(1); t <= n; t++ {
|
|
|
+ p_i[t] = group.Scalar().Zero()
|
|
|
+ }
|
|
|
+
|
|
|
+ j = 1
|
|
|
+ // jmask = 2^(j-1)
|
|
|
+ jmask := uint32(1)
|
|
|
+ for ; j <= n ; {
|
|
|
+ if (i & jmask) != 0 {
|
|
|
+ if (ell & jmask) != 0 {
|
|
|
+ // Multiply p_i by x + a[j]
|
|
|
+ polymul_xplus(group, p_i, priv.a[j])
|
|
|
} else {
|
|
|
- negaj := group.Scalar().Neg(priv.a[j])
|
|
|
- if (ell & jmask) != 0 {
|
|
|
- // Multiply p_i by -a[j]
|
|
|
- polymul(group, p_i, negaj)
|
|
|
- } else {
|
|
|
- // Multiply p_i by x - a[j]
|
|
|
- polymul_xplus(group, p_i, negaj)
|
|
|
- }
|
|
|
+ // Multiply p_i by a[j]
|
|
|
+ polymul(group, p_i, priv.a[j])
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ negaj := group.Scalar().Neg(priv.a[j])
|
|
|
+ if (ell & jmask) != 0 {
|
|
|
+ // Multiply p_i by -a[j]
|
|
|
+ polymul(group, p_i, negaj)
|
|
|
+ } else {
|
|
|
+ // Multiply p_i by x - a[j]
|
|
|
+ polymul_xplus(group, p_i, negaj)
|
|
|
}
|
|
|
-
|
|
|
- j++
|
|
|
- jmask *= 2
|
|
|
}
|
|
|
|
|
|
- if i == ell && !p_i[n].Equal(group.Scalar().One()) {
|
|
|
- panic("Leading coeff should be 1 but was not")
|
|
|
- }
|
|
|
- if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {
|
|
|
- panic("Leading coeff should be 0 but was not")
|
|
|
- }
|
|
|
+ j++
|
|
|
+ jmask *= 2
|
|
|
+ }
|
|
|
+
|
|
|
+ if i == ell && !p_i[n].Equal(group.Scalar().One()) {
|
|
|
+ panic("Leading coeff should be 1 but was not")
|
|
|
+ }
|
|
|
+ if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {
|
|
|
+ panic("Leading coeff should be 0 but was not")
|
|
|
+ }
|
|
|
+ for k = 0 ; k < n ; k++ {
|
|
|
if i < N {
|
|
|
pub.cd[k] = group.Point().Add(pub.cd[k],
|
|
|
group.Point().Mul(p_i[k], c[i]))
|
|
@@ -178,9 +179,6 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
|
|
|
group.Point().Mul(p_i[k], params.Y))
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
- k++
|
|
|
- mask *= 2
|
|
|
}
|
|
|
|
|
|
return pub, priv
|