changed syntax to be more legible

prsona/src/base.cpp

@@ -149,16 +149,16 @@ Proof PrsonaBase::schnorr_generation(
 
     std::stringstream oracleInput;
     
-    Scalar r;
-    r.set_random();
+    Scalar u;
+    u.set_random();
     
-    Curvepoint U = generator * r;
+    Curvepoint U = generator * u;
     oracleInput << generator << commitment << U;
 
-    Scalar c = oracle(oracleInput.str());
-    Scalar z = r.curveAdd(c.curveMult(log));
+    Scalar x = oracle(oracleInput.str());
+    Scalar z = log * x + u;
 
-    retval.challengeParts.push_back(c);
+    retval.challengeParts.push_back(x);
     retval.responseParts.push_back(z);
 
     return retval;
@@ -167,15 +167,15 @@ Proof PrsonaBase::schnorr_generation(
 bool PrsonaBase::schnorr_verification(
     const Curvepoint& generator,
     const Curvepoint& commitment,
-    const Scalar& c,
+    const Scalar& x,
     const Scalar& z) const
 {
-    Curvepoint U = generator * z - commitment * c;
+    Curvepoint U = generator * z - commitment * x;
 
     std::stringstream oracleInput;
     oracleInput << generator << commitment << U;
     
-    return c == oracle(oracleInput.str());
+    return x == oracle(oracleInput.str());
 }
 
 /*
@@ -306,7 +306,7 @@ std::vector<Proof> PrsonaBase::generate_reputation_proof(
     retval.push_back(ownershipProof);
 
     // The value we're actually using in our proof
-    mpz_class proofVal = currentScore.curveSub(threshold).toInt();
+    mpz_class proofVal = (currentScore - threshold).toInt();
     // Top of the range in our proof determined by what scores are even possible
     mpz_class proofBits =
         log2(numClients * MAX_ALLOWED_VOTE - threshold.toInt());
@@ -325,7 +325,7 @@ std::vector<Proof> PrsonaBase::generate_reputation_proof(
 
         masksPerBit.push_back(currMask);
         masksPerBit[0] =
-            masksPerBit[0].curveSub(currMask.curveMult(Scalar(1 << i)));
+            masksPerBit[0] - (currMask * Scalar(1 << i));
     }
 
     // Taken from Fig. 1 in https://eprint.iacr.org/2014/764.pdf
@@ -348,9 +348,7 @@ std::vector<Proof> PrsonaBase::generate_reputation_proof(
         currProof.curvepointUniversals.push_back(c);
 
         c_a = g * s + h * a;
-
-        Scalar am = a.curveMult(m);
-        c_b = g * t + h * am;
+        c_b = g * t + h * a * m;
 
         std::stringstream oracleInput;
         oracleInput << g << h << c << c_a << c_b;
@@ -359,15 +357,9 @@ std::vector<Proof> PrsonaBase::generate_reputation_proof(
         currProof.challengeParts.push_back(x);
 
         Scalar f, z_a, z_b;
-        Scalar mx = m.curveMult(x);
-        f = mx.curveAdd(a);
-
-        Scalar rx = r.curveMult(x);
-        z_a = rx.curveAdd(s);
-
-        Scalar x_f = x.curveSub(f);
-        Scalar r_x_f = r.curveMult(x_f);
-        z_b = r_x_f.curveAdd(t);
+        f = m * x + a;
+        z_a = r * x + s;
+        z_b = r * (x - f) + t;
 
         currProof.responseParts.push_back(f);
         currProof.responseParts.push_back(z_a);
@@ -421,12 +413,12 @@ bool PrsonaBase::verify_reputation_proof(
     Curvepoint X;
     for (size_t i = 1; i < pi.size(); i++)
     {
-        Curvepoint c, g, h;
-        c = pi[i].curvepointUniversals[0];
+        Curvepoint C, g, h;
+        C = pi[i].curvepointUniversals[0];
         g = commitment.mask;
         h = elGamalBlindGenerator;
 
-        X = X + c * Scalar(1 << (i - 1));
+        X = X + C * Scalar(1 << (i - 1));
 
         Scalar x, f, z_a, z_b;
         x = pi[i].challengeParts[0];
@@ -435,27 +427,23 @@ bool PrsonaBase::verify_reputation_proof(
         z_b = pi[i].responseParts[2];
 
         // Taken from Fig. 1 in https://eprint.iacr.org/2014/764.pdf
-        Curvepoint c_a, c_b;
-        c_a = g * z_a + h * f - c * x;
-        Scalar x_f = x.curveSub(f);
-        c_b = g * z_b - c * x_f;
+        Curvepoint C_a, C_b;
+        C_a = g * z_a + h * f - C * x;
+        C_b = g * z_b - C * (x - f);
 
         std::stringstream oracleInput;
-        oracleInput << g << h << c << c_a << c_b;
+        oracleInput << g << h << C << C_a << C_b;
 
-        if (oracle(oracleInput.str()) != pi[i].challengeParts[0])
+        if (oracle(oracleInput.str()) != x)
         {
             std::cerr << "0 or 1 proof failed at index " << i << " of " << pi.size() - 1 << ", aborting." << std::endl;
             return false;
         }
     }
 
-    Scalar negThreshold;
-    negThreshold = Scalar(0).curveSub(threshold);
-
     Curvepoint scoreCommitment =
         commitment.encryptedMessage +
-        elGamalBlindGenerator * negThreshold;
+        elGamalBlindGenerator * -threshold;
     
     return X == scoreCommitment;
 }
@@ -492,6 +480,9 @@ std::vector<Proof> PrsonaBase::generate_vote_proof(
     {
         std::stringstream oracleInput;
         oracleInput << g << h << oldEncryptedVotes[i] << newEncryptedVotes[i];
+
+        Scalar m = votes[i];
+        Scalar r = seeds[i];
         
         /* This proof structure is documented in my notes.
          * It's inspired by the proof in Fig. 1 at
@@ -504,8 +495,8 @@ std::vector<Proof> PrsonaBase::generate_vote_proof(
         {
             Proof currProof;
 
-            Scalar c_r, z_r, a, s, t_1, t_2;
-            c_r.set_random();
+            Scalar x_r, z_r, a, s, t_1, t_2;
+            x_r.set_random();
             z_r.set_random();
             a.set_random();
             s.set_random();
@@ -513,36 +504,29 @@ std::vector<Proof> PrsonaBase::generate_vote_proof(
             t_2.set_random();
 
             CurveBipoint U = h * z_r +
-                                oldEncryptedVotes[i] * c_r -
-                                newEncryptedVotes[i] * c_r;
+                                oldEncryptedVotes[i] * x_r -
+                                newEncryptedVotes[i] * x_r;
 
             CurveBipoint C_a = g * a + h * s;
 
-            Scalar power = (a.curveAdd(a)).curveMult(votes[i].curveMult(votes[i]));
-            power =
-                power.curveSub((a.curveAdd(a).curveAdd(a)).curveMult(votes[i]));
+            Scalar power = ((a + a) * m * m - (a + a + a) * m);
             CurveBipoint C_b = g * power + h * t_1;
             currProof.curveBipointUniversals.push_back(C_b);
 
-            CurveBipoint C_c = g * a.curveMult(a.curveMult(votes[i])) +
+            CurveBipoint C_c = g * (a * a * m) +
                                 h * t_2;
 
             oracleInput << U << C_a << C_b << C_c;
 
-            Scalar c = oracle(oracleInput.str());
-            Scalar c_n = c.curveSub(c_r);
-            currProof.challengeParts.push_back(c_r);
-            currProof.challengeParts.push_back(c_n);
-
-            Scalar f = (votes[i].curveMult(c_n)).curveAdd(a);
-            Scalar z_na = (seeds[i].curveMult(c_n)).curveAdd(s);
+            Scalar x = oracle(oracleInput.str());
+            Scalar x_n = x - x_r;
+            currProof.challengeParts.push_back(x_r);
+            currProof.challengeParts.push_back(x_n);
 
-            Scalar t_1_c_n_t_2 = (t_1.curveMult(c_n)).curveAdd(t_2);
-            Scalar f_c_n = f.curveSub(c_n);
-            Scalar c_n2_f = c_n.curveAdd(c_n).curveSub(f);
+            Scalar f = m * x_n + a;
+            Scalar z_na = r * x_n + s;
             Scalar z_nb = 
-                (seeds[i].curveMult(f_c_n).curveMult(c_n2_f)).curveAdd(
-                    t_1_c_n_t_2);
+                r * (f - x_n) * (x_n + x_n - f) + t_1 * x_n + t_2;
 
             currProof.responseParts.push_back(z_r);
             currProof.responseParts.push_back(f);
@@ -556,11 +540,11 @@ std::vector<Proof> PrsonaBase::generate_vote_proof(
             Proof currProof;
 
             Scalar u, commitmentLambda_1, commitmentLambda_2,
-                c_n, z_na, z_nb, f;
+                x_n, z_na, z_nb, f;
             u.set_random();
             commitmentLambda_1.set_random();
             commitmentLambda_2.set_random();
-            c_n.set_random();
+            x_n.set_random();
             z_na.set_random();
             z_nb.set_random();
             f.set_random();
@@ -569,26 +553,24 @@ std::vector<Proof> PrsonaBase::generate_vote_proof(
 
             CurveBipoint C_a = g * f +
                 h * z_na -
-                newEncryptedVotes[i] * c_n;
+                newEncryptedVotes[i] * x_n;
 
             CurveBipoint C_b = g * commitmentLambda_1 + h * commitmentLambda_2;
             currProof.curveBipointUniversals.push_back(C_b);
 
-            Scalar f_c_n = f.curveSub(c_n);
-            Scalar c_n2_f = c_n.curveAdd(c_n).curveSub(f);
             CurveBipoint C_c =
                 h * z_nb -
-                newEncryptedVotes[i] * f_c_n.curveMult(c_n2_f) -
-                C_b * c_n;
+                newEncryptedVotes[i] * ((f - x_n) * (x_n + x_n - f)) -
+                C_b * x_n;
 
             oracleInput << U << C_a << C_b << C_c;
 
-            Scalar c = oracle(oracleInput.str());
-            Scalar c_r = c.curveSub(c_n);
-            currProof.challengeParts.push_back(c_r);
-            currProof.challengeParts.push_back(c_n);
+            Scalar x = oracle(oracleInput.str());
+            Scalar x_r = x - x_n;
+            currProof.challengeParts.push_back(x_r);
+            currProof.challengeParts.push_back(x_n);
 
-            Scalar z_r = u.curveAdd(c_r.curveMult(seeds[i]));
+            Scalar z_r = r * x_r + u;
             currProof.responseParts.push_back(z_r);
             currProof.responseParts.push_back(f);
             currProof.responseParts.push_back(z_na);
@@ -641,9 +623,9 @@ bool PrsonaBase::verify_vote_proof(
         CurveBipoint C_b;
         C_b = pi[i].curveBipointUniversals[0];
 
-        Scalar c_r, c_n, z_r, f, z_na, z_nb;
-        c_r = pi[i].challengeParts[0];
-        c_n = pi[i].challengeParts[1];
+        Scalar x_r, x_n, z_r, f, z_na, z_nb;
+        x_r = pi[i].challengeParts[0];
+        x_n = pi[i].challengeParts[1];
 
         z_r  = pi[i].responseParts[0];
         f  = pi[i].responseParts[1];
@@ -652,22 +634,20 @@ bool PrsonaBase::verify_vote_proof(
 
         CurveBipoint U, C_a, C_c;
         U = h * z_r +
-            oldEncryptedVotes[voteIndex] * c_r -
-            newEncryptedVotes[voteIndex] * c_r;
-        C_a = g * f + h * z_na - newEncryptedVotes[voteIndex] * c_n;
+            oldEncryptedVotes[voteIndex] * x_r -
+            newEncryptedVotes[voteIndex] * x_r;
+        C_a = g * f + h * z_na - newEncryptedVotes[voteIndex] * x_n;
 
-        Scalar f_c_n = f.curveSub(c_n);
-        Scalar c_n2_f = c_n.curveAdd(c_n).curveSub(f);
         C_c = h * z_nb -
-            newEncryptedVotes[voteIndex] * f_c_n.curveMult(c_n2_f) -
-            C_b * c_n;
+            newEncryptedVotes[voteIndex] * ((f - x_n) * (x_n + x_n - f)) -
+            C_b * x_n;
 
         std::stringstream oracleInput;
         oracleInput << g << h
             << oldEncryptedVotes[voteIndex] << newEncryptedVotes[voteIndex]
             << U << C_a << C_b << C_c;
 
-        if (oracle(oracleInput.str()) != c_r.curveAdd(c_n))
+        if (oracle(oracleInput.str()) != x_r + x_n)
             return false;
     }
 

prsona/src/client.cpp

@@ -24,7 +24,7 @@ PrsonaClient::PrsonaClient(
         generatorProof, elGamalBlindGenerator, servers->get_num_servers());
 
     longTermPrivateKey.set_random();
-    inversePrivateKey = longTermPrivateKey.curveInverse();
+    inversePrivateKey = longTermPrivateKey.curveMultInverse();
 
     decryption_memoizer[elGamalBlindGenerator * max_checked] = max_checked;
 }

prsona/src/server.cpp

@@ -212,7 +212,7 @@ void PrsonaServer::add_new_client(
         Scalar addedSeed;
 
         encryptedDefaultVote = bgnSystem.get_public_key().rerandomize(addedSeed, encryptedDefaultVote);
-        currDefaultSeed = currDefaultSeed.curveAdd(addedSeed);
+        currDefaultSeed = currDefaultSeed + addedSeed;
 
         otherVoteSeeds.push_back(Scalar());
         otherVoteSeeds[i] = currDefaultSeed;
@@ -220,7 +220,7 @@ void PrsonaServer::add_new_client(
         voteMatrix[i].push_back(encryptedDefaultVote);
 
         encryptedDefaultVote = bgnSystem.get_public_key().rerandomize(addedSeed, encryptedDefaultVote);
-        currDefaultSeed = currDefaultSeed.curveAdd(addedSeed);
+        currDefaultSeed = currDefaultSeed + addedSeed;
 
         userVoteSeeds.push_back(Scalar());
         userVoteSeeds[i] = currDefaultSeed;
@@ -413,7 +413,7 @@ void PrsonaServer::build_up_midway_pseudonyms(
 void PrsonaServer::break_down_midway_pseudonyms(
     Proof& pi, const Curvepoint& nextGenerator)
 {
-    Scalar inverseSeed = currentSeed.curveInverse();
+    Scalar inverseSeed = currentSeed.curveMultInverse();
 
     for (size_t i = 0; i < currentPseudonyms.size(); i++)
     {