|
@@ -862,7 +862,8 @@ bool PrsonaBase::verify_update_proof(
|
|
|
* SERVER AGREEMENT PROOFS
|
|
|
*/
|
|
|
|
|
|
-Proof PrsonaBase::generate_valid_user_tally_proof() const
|
|
|
+Proof PrsonaBase::generate_valid_vote_row_proof(
|
|
|
+ const std::vector<CurveBipoint>& commitment) const
|
|
|
{
|
|
|
Proof retval;
|
|
|
|
|
@@ -872,11 +873,18 @@ Proof PrsonaBase::generate_valid_user_tally_proof() const
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
- retval.hbc = "PROOF";
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ oracleInput << commitment[i];
|
|
|
+
|
|
|
+ Scalar val = oracle(oracleInput.str());
|
|
|
+
|
|
|
+ retval.responseParts.push_back(val);
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-Proof PrsonaBase::generate_valid_server_tally_proof() const
|
|
|
+Proof PrsonaBase::generate_valid_vote_matrix_proof(
|
|
|
+ const std::vector<std::vector<CurveBipoint>>& commitment) const
|
|
|
{
|
|
|
Proof retval;
|
|
|
|
|
@@ -886,11 +894,19 @@ Proof PrsonaBase::generate_valid_server_tally_proof() const
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
- retval.hbc = "PROOF";
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ for (size_t j = 0; j < commitment[i].size(); j++)
|
|
|
+ oracleInput << commitment[i][j];
|
|
|
+
|
|
|
+ Scalar val = oracle(oracleInput.str());
|
|
|
+
|
|
|
+ retval.responseParts.push_back(val);
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-Proof PrsonaBase::generate_valid_vote_row_proof() const
|
|
|
+Proof PrsonaBase::generate_valid_user_tally_proof(
|
|
|
+ const EGCiphertext& commitment) const
|
|
|
{
|
|
|
Proof retval;
|
|
|
|
|
@@ -900,11 +916,17 @@ Proof PrsonaBase::generate_valid_vote_row_proof() const
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
- retval.hbc = "PROOF";
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ oracleInput << commitment;
|
|
|
+
|
|
|
+ Scalar val = oracle(oracleInput.str());
|
|
|
+
|
|
|
+ retval.responseParts.push_back(val);
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-Proof PrsonaBase::generate_valid_vote_matrix_proof() const
|
|
|
+Proof PrsonaBase::generate_valid_server_tally_proof(
|
|
|
+ const TwistBipoint& commitment) const
|
|
|
{
|
|
|
Proof retval;
|
|
|
|
|
@@ -914,11 +936,17 @@ Proof PrsonaBase::generate_valid_vote_matrix_proof() const
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
- retval.hbc = "PROOF";
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ oracleInput << commitment;
|
|
|
+
|
|
|
+ Scalar val = oracle(oracleInput.str());
|
|
|
+
|
|
|
+ retval.responseParts.push_back(val);
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-Proof PrsonaBase::generate_valid_pseudonyms_proof() const
|
|
|
+Proof PrsonaBase::generate_valid_pseudonyms_proof(
|
|
|
+ const std::vector<Curvepoint>& commitment) const
|
|
|
{
|
|
|
Proof retval;
|
|
|
|
|
@@ -928,46 +956,161 @@ Proof PrsonaBase::generate_valid_pseudonyms_proof() const
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
- retval.hbc = "PROOF";
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ oracleInput << commitment[i];
|
|
|
+
|
|
|
+ Scalar val = oracle(oracleInput.str());
|
|
|
+
|
|
|
+ retval.responseParts.push_back(val);
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-bool PrsonaBase::verify_valid_user_tally_proof(const Proof& pi) const
|
|
|
+bool PrsonaBase::verify_valid_vote_row_proof(
|
|
|
+ const std::vector<Proof>& pi,
|
|
|
+ const std::vector<CurveBipoint>& commitment) const
|
|
|
{
|
|
|
+ if (pi.empty())
|
|
|
+ return false;
|
|
|
+
|
|
|
if (!SERVER_IS_MALICIOUS)
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ return pi[0].hbc == "PROOF";
|
|
|
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ Scalar comparison = pi[0].responseParts[0];
|
|
|
+
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ oracleInput << commitment[i];
|
|
|
+
|
|
|
+ if (oracle(oracleInput.str()) != comparison)
|
|
|
+ {
|
|
|
+ std::cerr << "Server's claimed value doesn't match their own commitment." << std::endl;
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ size_t agreement = 1;
|
|
|
+ for (size_t i = 1; i < pi.size(); i++)
|
|
|
+ if (comparison == pi[i].responseParts[0])
|
|
|
+ agreement++;
|
|
|
+
|
|
|
+ return agreement * 2 > pi.size();
|
|
|
}
|
|
|
|
|
|
-bool PrsonaBase::verify_valid_server_tally_proof(const Proof& pi) const
|
|
|
+bool PrsonaBase::verify_valid_vote_matrix_proof(
|
|
|
+ const std::vector<Proof>& pi,
|
|
|
+ const std::vector<std::vector<CurveBipoint>>& commitment) const
|
|
|
{
|
|
|
+ if (pi.empty())
|
|
|
+ return false;
|
|
|
+
|
|
|
if (!SERVER_IS_MALICIOUS)
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ return pi[0].hbc == "PROOF";
|
|
|
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ Scalar comparison = pi[0].responseParts[0];
|
|
|
+
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ for (size_t j = 0; j < commitment[i].size(); j++)
|
|
|
+ oracleInput << commitment[i][j];
|
|
|
+
|
|
|
+ if (oracle(oracleInput.str()) != comparison)
|
|
|
+ {
|
|
|
+ std::cerr << "Server's claimed value doesn't match their own commitment." << std::endl;
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ size_t agreement = 1;
|
|
|
+ for (size_t i = 1; i < pi.size(); i++)
|
|
|
+ if (comparison == pi[i].responseParts[0])
|
|
|
+ agreement++;
|
|
|
+
|
|
|
+ return agreement * 2 > pi.size();
|
|
|
}
|
|
|
|
|
|
-bool PrsonaBase::verify_valid_vote_row_proof(const Proof& pi) const
|
|
|
+bool PrsonaBase::verify_valid_user_tally_proof(
|
|
|
+ const std::vector<Proof>& pi,
|
|
|
+ const EGCiphertext& commitment) const
|
|
|
{
|
|
|
+ if (pi.empty())
|
|
|
+ return false;
|
|
|
+
|
|
|
if (!SERVER_IS_MALICIOUS)
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ return pi[0].hbc == "PROOF";
|
|
|
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ Scalar comparison = pi[0].responseParts[0];
|
|
|
+
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ oracleInput << commitment;
|
|
|
+
|
|
|
+ if (oracle(oracleInput.str()) != comparison)
|
|
|
+ {
|
|
|
+ std::cerr << "Server's claimed value doesn't match their own commitment." << std::endl;
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ size_t agreement = 1;
|
|
|
+ for (size_t i = 1; i < pi.size(); i++)
|
|
|
+ if (comparison == pi[i].responseParts[0])
|
|
|
+ agreement++;
|
|
|
+
|
|
|
+ return agreement * 2 > pi.size();
|
|
|
}
|
|
|
|
|
|
-bool PrsonaBase::verify_valid_vote_matrix_proof(const Proof& pi) const
|
|
|
+bool PrsonaBase::verify_valid_server_tally_proof(
|
|
|
+ const std::vector<Proof>& pi,
|
|
|
+ const TwistBipoint& commitment) const
|
|
|
{
|
|
|
+ if (pi.empty())
|
|
|
+ return false;
|
|
|
+
|
|
|
if (!SERVER_IS_MALICIOUS)
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ return pi[0].hbc == "PROOF";
|
|
|
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ Scalar comparison = pi[0].responseParts[0];
|
|
|
+
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ oracleInput << commitment;
|
|
|
+
|
|
|
+ if (oracle(oracleInput.str()) != comparison)
|
|
|
+ {
|
|
|
+ std::cerr << "Server's claimed value doesn't match their own commitment." << std::endl;
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ size_t agreement = 1;
|
|
|
+ for (size_t i = 1; i < pi.size(); i++)
|
|
|
+ if (comparison == pi[i].responseParts[0])
|
|
|
+ agreement++;
|
|
|
+
|
|
|
+ return agreement * 2 > pi.size();
|
|
|
}
|
|
|
|
|
|
-bool PrsonaBase::verify_valid_pseudonyms_proof(const Proof& pi) const
|
|
|
+bool PrsonaBase::verify_valid_pseudonyms_proof(
|
|
|
+ const std::vector<Proof>& pi,
|
|
|
+ const std::vector<Curvepoint>& commitment) const
|
|
|
{
|
|
|
+ if (pi.empty())
|
|
|
+ return false;
|
|
|
+
|
|
|
if (!SERVER_IS_MALICIOUS)
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ return pi[0].hbc == "PROOF";
|
|
|
|
|
|
- return pi.hbc == "PROOF";
|
|
|
+ Scalar comparison = pi[0].responseParts[0];
|
|
|
+
|
|
|
+ std::stringstream oracleInput;
|
|
|
+ for (size_t i = 0; i < commitment.size(); i++)
|
|
|
+ oracleInput << commitment[i];
|
|
|
+
|
|
|
+ if (oracle(oracleInput.str()) != comparison)
|
|
|
+ {
|
|
|
+ std::cerr << "Server's claimed value doesn't match their own commitment." << std::endl;
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ size_t agreement = 1;
|
|
|
+ for (size_t i = 1; i < pi.size(); i++)
|
|
|
+ if (comparison == pi[i].responseParts[0])
|
|
|
+ agreement++;
|
|
|
+
|
|
|
+ return agreement * 2 > pi.size();
|
|
|
}
|