debugging (and makefile support for gdb debugging) complete

prsona/Makefile

@@ -23,13 +23,16 @@ BGN_BIN_PATH = $(BGN_PATH)/$(BIN_PATH)
 
 CPP = g++
 CPPFLAGS = -std=c++14 -Wall -I$(PRSONA_INC_PATH) -I$(BGN_INC_PATH) -I$(666_INC_PATH) -O2
+CPPTESTFLAGS = -std=c++14 -Wall -I$(PRSONA_INC_PATH) -I$(BGN_INC_PATH) -I$(666_INC_PATH) -g
 LDFLAGS = -lgmp -lgmpxx
+LDTESTFLAGS = -lgmp -lgmpxx -g
 
 CC = gcc
 CFLAGS = -std=c99 -O3 -fomit-frame-pointer -I$(666_INC_PATH)
 C_LDFLAGS = -lm
 
 all: $(PRSONA_BIN_PATH) $(PRSONA_OBJ_PATH) $(BGN_OBJ_PATH) $(666_OBJ_PATH) $(PRSONA_BIN_PATH)/main
+test: $(PRSONA_BIN_PATH) $(PRSONA_OBJ_PATH) $(BGN_OBJ_PATH) $(666_OBJ_PATH) $(PRSONA_BIN_PATH)/test
 
 $(PRSONA_BIN_PATH):
 	mkdir -p $@
@@ -46,17 +49,25 @@ $(666_OBJ_PATH):
 PRSONA_FULL_SRC = $(wildcard $(PRSONA_SRC_PATH)/*.cpp)
 PRSONA_SRC = $(filter-out $(PRSONA_SRC_PATH)/main.cpp, $(PRSONA_FULL_SRC)) 
 PRSONA_OBJ = $(patsubst $(PRSONA_SRC_PATH)/%.cpp, $(PRSONA_OBJ_PATH)/%.o, $(PRSONA_SRC))
+PRSONA_TEST_OBJ = $(patsubst $(PRSONA_SRC_PATH)/%.cpp, $(PRSONA_OBJ_PATH)/%.test.o, $(PRSONA_SRC))
 
 $(PRSONA_OBJ_PATH)/%.o: $(PRSONA_SRC_PATH)/%.cpp
 	$(CPP) $(CPPFLAGS) -DQHASM -c -o $@ $< 
 
+$(PRSONA_OBJ_PATH)/%.test.o: $(PRSONA_SRC_PATH)/%.cpp
+	$(CPP) $(CPPTESTFLAGS) -DQHASM -c -o $@ $< 
+
 BGN_FULL_SRC = $(wildcard $(BGN_SRC_PATH)/*.cpp)
 BGN_SRC = $(filter-out $(BGN_SRC_PATH)/main.cpp, $(BGN_FULL_SRC)) 
 BGN_OBJ = $(patsubst $(BGN_SRC_PATH)/%.cpp, $(BGN_OBJ_PATH)/%.o, $(BGN_SRC))
+BGN_TEST_OBJ = $(patsubst $(BGN_SRC_PATH)/%.cpp, $(BGN_OBJ_PATH)/%.test.o, $(BGN_SRC))
 
 $(BGN_OBJ_PATH)/%.o: $(BGN_SRC_PATH)/%.cpp
 	$(CPP) $(CPPFLAGS) -DQHASM -c -o $@ $< 
 
+$(BGN_OBJ_PATH)/%.test.o: $(BGN_SRC_PATH)/%.cpp
+	$(CPP) $(CPPTESTFLAGS) -DQHASM -c -o $@ $< 
+
 666_ALL_C_SRC = $(wildcard $(666_SRC_PATH)/*.c)
 666_C_SRC = $(filter-out $(666_SRC_PATH)/bilintest.c $(666_SRC_PATH)/speedtest.c $(666_SRC_PATH)/test_curvepoint_multiscalar.c $(666_SRC_PATH)/test_twistpoint_multiscalar.c $(666_SRC_PATH)/twistpoint_fp2_multiscalar.c $(666_SRC_PATH)/curvepoint_fp_multiscalar.c, $(666_ALL_C_SRC))
 666_C_OBJ = $(patsubst $(666_SRC_PATH)/%.c, $(666_OBJ_PATH)/%_c_with_as.o, $(666_C_SRC))
@@ -74,9 +85,16 @@ $(BGN_OBJ_PATH)/bgn.a: $(BGN_OBJ) $(666_AS_OBJ) $(666_C_OBJ)
 	rm -f $@
 	ar cr $@ $^
 
+$(BGN_OBJ_PATH)/bgn.test.a: $(BGN_TEST_OBJ) $(666_AS_OBJ) $(666_C_OBJ)
+	rm -f $@
+	ar cr $@ $^
+
 $(PRSONA_BIN_PATH)/main: $(PRSONA_OBJ_PATH)/main.o $(PRSONA_OBJ) $(BGN_OBJ_PATH)/bgn.a
 	$(CPP) $(CPPFLAGS) -no-pie -o $@ $^ $(LDFLAGS)
 
+$(PRSONA_BIN_PATH)/test: $(PRSONA_OBJ_PATH)/main.test.o $(PRSONA_TEST_OBJ) $(BGN_OBJ_PATH)/bgn.test.a
+	$(CPP) $(CPPTESTFLAGS) -no-pie -o $@ $^ $(LDTESTFLAGS)
+
 .PHONY: clean
 
 clean: prsona_clean bgn_clean 666_clean 

prsona/inc/client.hpp

@@ -29,7 +29,7 @@ class PrsonaClient {
         bool verify_reputation_proof(const Proof& pi, const Curvepoint& shortTermPublicKey) const;
 
     private:
-        static const Curvepoint elGamalGenerator;
+        static Curvepoint elGamalGenerator;
         static bool malicious_server;
         static bool malicious_client;
         const BGNPublicKey serverPublicKey;
@@ -39,6 +39,7 @@ class PrsonaClient {
         EGCiphertext currentEncryptedScore;
 
         Scalar longTermPrivateKey;
+        Scalar inversePrivateKey;
         Scalar currentScore;
 
         std::vector<CurveBipoint> currEncryptedVotes;

prsona/inc/server.hpp

@@ -27,10 +27,10 @@ class PrsonaServer {
         void receive_vote(const Proof& pi, const std::vector<CurveBipoint>& votes, const Curvepoint& shortTermPublicKey);
 
     private:
-        static const Curvepoint elGamalGenerator;
-        static const Scalar scalarN;
-        static const Scalar defaultTally;
-        static const Scalar defaultVote;
+        static Curvepoint elGamalGenerator;
+        static Scalar scalarN;
+        static Scalar defaultTally;
+        static Scalar defaultVote;
         static bool malicious_server;
         static bool malicious_client;
         BGN bgn_system;

prsona/inc/serverEntity.hpp

@@ -14,6 +14,9 @@ class PrsonaServerEntity {
         BGNPublicKey get_bgn_public_key() const;
         Curvepoint get_blinding_generator() const;
         Curvepoint get_fresh_generator(Proof& pi) const;
+        Scalar decrypt(const CurveBipoint& input);
+
+        std::vector<CurveBipoint> get_current_votes_by(Proof& pi, const Curvepoint& shortTermPublicKey) const;
 
         void add_new_client(PrsonaClient& newUser);
         void receive_vote(const Proof& pi, const std::vector<CurveBipoint>& votes, const Curvepoint& shortTermPublicKey);

prsona/src/client.cpp

@@ -3,14 +3,20 @@
 #include "client.hpp"
 
 extern const curvepoint_fp_t bn_curvegen;
-const Curvepoint PrsonaClient::elGamalGenerator(bn_curvegen);
+
+Curvepoint PrsonaClient::elGamalGenerator = Curvepoint();
+
 bool PrsonaClient::malicious_server = false;
 bool PrsonaClient::malicious_client = false;
 
 PrsonaClient::PrsonaClient(const BGNPublicKey& serverPublicKey, const Curvepoint& elGamalBlindGenerator)
 : serverPublicKey(serverPublicKey), elGamalBlindGenerator(elGamalBlindGenerator), max_checked(0)
 {
+    elGamalGenerator = Curvepoint(bn_curvegen);
+
     longTermPrivateKey.set_random();
+    inversePrivateKey = longTermPrivateKey.curveInverse();
+
     decryption_memoizer[elGamalBlindGenerator * max_checked] = max_checked;
 }
 
@@ -80,7 +86,6 @@ void PrsonaClient::receive_vote_tally(const Proof& pi, const EGCiphertext& score
     }
 
     currentEncryptedScore = score;
-
     decrypt_score(score);
 }
 
@@ -124,11 +129,9 @@ bool PrsonaClient::verify_reputation_proof(const Proof& pi, const Curvepoint& sh
 
 void PrsonaClient::decrypt_score(const EGCiphertext& score)
 {
-    //TOFIX
     Curvepoint s, hashedDecrypted;
-    Scalar decryptionKey = longTermPrivateKey;
-    s = score.mask * decryptionKey;
-    hashedDecrypted = score.encryptedMessage + s;
+    s = score.mask * inversePrivateKey;
+    hashedDecrypted = score.encryptedMessage - s;
     
     auto lookup = decryption_memoizer.find(hashedDecrypted);
     if (lookup != decryption_memoizer.end())

prsona/src/main.cpp

@@ -98,7 +98,7 @@ using namespace std;
 //     return 0;
 // }
 
-void epoch(default_random_engine& generator, PrsonaServerEntity& servers, vector<PrsonaClient>& users, size_t numVotes)
+double epoch(default_random_engine& generator, PrsonaServerEntity& servers, vector<PrsonaClient>& users, size_t numVotes)
 {
     Proof unused;
     uniform_int_distribution<int> voteDistribution(0, 3);
@@ -118,34 +118,53 @@ void epoch(default_random_engine& generator, PrsonaServerEntity& servers, vector
 
         vector<CurveBipoint> encryptedVotes;
         Proof pi;
+        Curvepoint shortTermPublicKey = users[i].get_short_term_public_key(pi);
+        encryptedVotes = servers.get_current_votes_by(pi, shortTermPublicKey);
+        users[i].receive_encrypted_votes(pi, encryptedVotes, false);
         users[i].make_votes(pi, encryptedVotes, votes, replace);
 
         servers.receive_vote(pi, encryptedVotes, users[i].get_short_term_public_key(unused));
     }
 
+    chrono::high_resolution_clock::time_point t0 = chrono::high_resolution_clock::now();
     servers.epoch();
-
+    chrono::high_resolution_clock::time_point t1 = chrono::high_resolution_clock::now();
+    
     for (size_t i = 0; i < numUsers; i++)
         servers.transmit_score(users[i]);
+
+    chrono::duration<double> time_span = chrono::duration_cast<chrono::duration<double>>(t1 - t0);
+
+    return time_span.count();
 }
 
 int main(int argc, char *argv[])
 {
-    size_t numServers, numUsers, numRounds, numVotesPerRound;
-    bool maliciousServers, maliciousUsers;
-    string seedStr;
-
-    // err - 1 because the help text returns 1 (and shouldn't flag as an error occurring)
-    // int err;
-    // if ((err = argparse(argc, argv, numServers, numUsers, numRounds, numVotesPerRound, maliciousServers, maliciousUsers, seedStr)))
-    //     return (err - 1);
-
-    numServers = 2;
-    numUsers = 5;
-    numRounds = 3;
-    numVotesPerRound = 3;
-    maliciousServers = false;
-    maliciousUsers = false;
+    Scalar::init();
+
+    size_t numServers = 2;
+    size_t numUsers = 5;
+    size_t numRounds = 3;
+    size_t numVotesPerRound = 3;
+    bool maliciousServers = false;
+    bool maliciousUsers = false;
+    
+    string seedStr = "seed";
+
+    if (argc > 1)
+        numServers = atoi(argv[1]);
+    if (argc > 2)
+        numUsers = atoi(argv[2]);
+    if (argc > 3)
+        numRounds = atoi(argv[3]);
+    if (argc > 4)
+        numVotesPerRound = atoi(argv[4]);
+
+    cout << "Running the protocol with the following parameters: " << endl;
+    cout << numServers << " PRSONA servers" << endl;
+    cout << numUsers << " participants (voters/votees)" << endl;
+    cout << numRounds << " epochs" << endl;
+    cout << numVotesPerRound << " new (random) votes by each user in each epoch" << endl;
 
     if (maliciousServers)
     {
@@ -160,15 +179,17 @@ int main(int argc, char *argv[])
     }
 
     PrsonaServerEntity servers(numServers);
+
     BGNPublicKey bgnPublicKey = servers.get_bgn_public_key();
+
     Curvepoint EGBlindGenerator = servers.get_blinding_generator();
 
+    cout << "Initialization: adding users to system" << endl;
     vector<PrsonaClient> users;
     for (size_t i = 0; i < numUsers; i++)
     {
         PrsonaClient currUser(bgnPublicKey, EGBlindGenerator);
         servers.add_new_client(currUser);
-
         users.push_back(currUser);
     }
 
@@ -177,8 +198,8 @@ int main(int argc, char *argv[])
 
     for (size_t i = 0; i < numRounds; i++)
     {
-        cout << "Round " << i << " commencing." << endl;
-        epoch(generator, servers, users, numVotesPerRound);
+        cout << "Round " << i+1 << " of " << numRounds << ": ";
+        cout << epoch(generator, servers, users, numVotesPerRound) << " seconds" << endl;
     }
 
     return 0;

prsona/src/server.cpp

@@ -3,17 +3,23 @@
 #include "server.hpp"
 
 extern const curvepoint_fp_t bn_curvegen;
-const Curvepoint PrsonaServer::elGamalGenerator(bn_curvegen);
 extern const scalar_t bn_n;
-const Scalar PrsonaServer::scalarN(bn_n);
-const Scalar PrsonaServer::defaultTally(0);
-const Scalar PrsonaServer::defaultVote(0);
 
+// This needs to be here so it's "defined", but it doesn't always seem to actually, uh, execute, so you do it over in the constructor
+Curvepoint PrsonaServer::elGamalGenerator = Curvepoint();
+Scalar PrsonaServer::scalarN = Scalar();
+Scalar PrsonaServer::defaultTally = Scalar();
+Scalar PrsonaServer::defaultVote = Scalar();
 bool PrsonaServer::malicious_server = false;
 bool PrsonaServer::malicious_client = false;
 
 PrsonaServer::PrsonaServer()
 {
+    elGamalGenerator = Curvepoint(bn_curvegen);
+    scalarN = Scalar(bn_n);
+    defaultTally = Scalar(0);
+    defaultVote = Scalar(0);
+
     Scalar lambda;
     lambda.set_random();
 
@@ -55,6 +61,13 @@ Curvepoint PrsonaServer::add_seed_to_generator(Proof& pi, const Curvepoint& curr
     return currGenerator * currentSeed;
 }
 
+Curvepoint PrsonaServer::add_next_seed_to_generator(Proof& pi, const Curvepoint& currGenerator) const
+{
+    pi = generate_valid_fresh_generator_proof(pi);
+
+    return currGenerator * nextSeed;
+}
+
 std::vector<CurveBipoint> PrsonaServer::get_current_votes_by(Proof& pi, const Curvepoint& shortTermPublicKey) const
 {
     std::vector<CurveBipoint> retval;
@@ -77,11 +90,11 @@ void PrsonaServer::add_new_client(const Proof& proofOfValidKey, Proof& proofOfVa
     currentPseudonyms.push_back(shortTermPublicKey);
 
     TwistBipoint newTalliedVote;
-    bgn_system.encrypt(newTalliedVote, Scalar(defaultTally));
+    bgn_system.encrypt(newTalliedVote, defaultTally);
     previousVoteTally.push_back(newTalliedVote);
 
     CurveBipoint encryptedDefaultVote;
-    bgn_system.encrypt(encryptedDefaultVote, Scalar(defaultVote));
+    bgn_system.encrypt(encryptedDefaultVote, defaultVote);
     std::vector<CurveBipoint> newRow;
     for (size_t i = 0; i < voteMatrix.size(); i++)
     {
@@ -128,15 +141,14 @@ std::vector<Scalar> PrsonaServer::tally_scores(Proof& pi)
 
         for (size_t j = 0; j < previousVoteTally.size(); j++)
         {
-            Quadripoint curr = bgn_system.homomorphic_multiplication(voteMatrix[j][i], previousVoteTally[j]);
+            Quadripoint curr = bgn_system.homomorphic_multiplication_no_rerandomize(voteMatrix[j][i], previousVoteTally[j]);
             weightedVotes.push_back(curr);
         }
 
         Quadripoint currEncryptedTally = weightedVotes[0];
         for (size_t j = 1; j < weightedVotes.size(); j++)
-            currEncryptedTally = bgn_system.homomorphic_addition(currEncryptedTally, weightedVotes[j]);
+            currEncryptedTally = bgn_system.homomorphic_addition_no_rerandomize(currEncryptedTally, weightedVotes[j]);
 
-        currEncryptedTally = bgn_system.rerandomize(currEncryptedTally);
         decryptedTallies.push_back(bgn_system.decrypt(currEncryptedTally));
     }
 
@@ -188,8 +200,7 @@ void PrsonaServer::epoch_part_one(Proof& pi, Curvepoint& nextGenerator, std::vec
 
 void PrsonaServer::epoch_part_two(Proof& pi, std::vector<EGCiphertext>& encryptedTallies)
 {
-    // TOFIX
-    Scalar inverseSeed = scalarN - currentSeed;
+    Scalar inverseSeed = currentSeed.curveInverse();
 
     for (size_t i = 0; i < currentPseudonyms.size(); i++)
     {

prsona/src/serverEntity.cpp

@@ -34,11 +34,21 @@ Curvepoint PrsonaServerEntity::get_fresh_generator(Proof& pi) const
 {
     Curvepoint retval = PrsonaServer::elGamalGenerator;
     for (size_t j = 0; j < servers.size(); j++)
-        servers[j].add_seed_to_generator(pi, retval);
+        retval = servers[j].add_seed_to_generator(pi, retval);
 
     return retval;
 }
 
+Scalar PrsonaServerEntity::decrypt(const CurveBipoint& input)
+{
+    return servers[0].bgn_system.decrypt(input);
+}
+
+std::vector<CurveBipoint> PrsonaServerEntity::get_current_votes_by(Proof& pi, const Curvepoint& shortTermPublicKey) const
+{
+    return servers[0].get_current_votes_by(pi, shortTermPublicKey);
+}
+
 void PrsonaServerEntity::add_new_client(PrsonaClient& newUser)
 {
     Proof proofOfValidGenerator, proofOfValidSTPK, proofOfCorrectAddition, proofOfDefaultTally, proofOfValidVotes;
@@ -59,7 +69,6 @@ void PrsonaServerEntity::add_new_client(PrsonaClient& newUser)
 
     EGCiphertext defaultTally = get_default_tally(proofOfDefaultTally, shortTermPublicKey);
     newUser.receive_vote_tally(proofOfDefaultTally, defaultTally, true);
-
     std::vector<CurveBipoint> encryptedDefaults = servers[0].get_current_votes_by(proofOfValidVotes, shortTermPublicKey);
     newUser.receive_encrypted_votes(proofOfValidVotes, encryptedDefaults, true);
 }
@@ -72,25 +81,21 @@ void PrsonaServerEntity::receive_vote(const Proof& pi, const std::vector<CurveBi
 
 void PrsonaServerEntity::epoch()
 {
-    Proof pi, proofOfCorrectTally;
+    Proof pi, proofOfCorrectTally, testUserPi;
     Curvepoint nextGenerator = PrsonaServer::elGamalGenerator;
     std::vector<Scalar> decryptedTalliedScores = tally_scores(proofOfCorrectTally);
     std::vector<TwistBipoint> previousVoteTally;
     std::vector<Curvepoint> currentPseudonyms;
     std::vector<std::vector<CurveBipoint>> voteMatrix;
 
-    for (size_t i = 0; i < servers.size() - 1; i++)
+    for (size_t i = 0; i < servers.size(); i++)
     {
         servers[i].epoch_part_one(pi, nextGenerator, decryptedTalliedScores);
-
         servers[i].export_updates(previousVoteTally, currentPseudonyms, voteMatrix);
-        servers[i + 1].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
+        if (i < servers.size() - 1)
+            servers[i + 1].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
     }
 
-    servers[servers.size() - 1].epoch_part_one(pi, nextGenerator, decryptedTalliedScores);
-
-    servers[servers.size() - 1].export_updates(previousVoteTally, currentPseudonyms, voteMatrix);
-
     encryptedTallies.clear();
     for (size_t i = 0; i < decryptedTalliedScores.size(); i++)
     {
@@ -109,22 +114,20 @@ void PrsonaServerEntity::epoch()
     pi = generate_epoch_round_one_proof(pi, proofOfCorrectTally);
     servers[0].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
     
-    for (size_t i = 0; i < servers.size() - 1; i++)
+    for (size_t i = 0; i < servers.size(); i++)
     {
         servers[i].epoch_part_two(pi, encryptedTallies);
-
         servers[i].export_updates(previousVoteTally, currentPseudonyms, voteMatrix);
-        servers[i + 1].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
+        if (i < servers.size() - 1)
+            servers[i + 1].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
     }
 
-    servers[servers.size() - 1].epoch_part_two(pi, encryptedTallies);
-
-    servers[servers.size() - 1].export_updates(previousVoteTally, currentPseudonyms, voteMatrix);
     for (size_t i = 0; i < servers.size() - 1; i++)
         servers[i].import_updates(pi, previousVoteTally, currentPseudonyms, voteMatrix);
 
+    tallyProofs.clear();
     for (size_t i = 0; i < encryptedTallies.size(); i++)
-        tallyProofs[i] = generate_epoch_proof(pi, encryptedTallies[i]);
+        tallyProofs.push_back(generate_epoch_proof(pi, encryptedTallies[i]));
 }
 
 void PrsonaServerEntity::transmit_score(PrsonaClient& newUser) const