reconfiguring proof for fresh pseudonym reordering as recommended by Ian

prsona/inc/base.hpp

@@ -168,6 +168,7 @@ class PrsonaBase {
             const std::vector<Curvepoint>& oldValues,
             const std::vector<std::vector<Curvepoint>>& permutationCommits,
             const std::vector<std::vector<Curvepoint>>& productCommits,
+            const std::vector<std::vector<Curvepoint>>& powerProductCommits,
             const std::vector<std::vector<Curvepoint>>& seedCommits
         ) const;
 
@@ -176,6 +177,7 @@ class PrsonaBase {
             const std::vector<Curvepoint>& oldValues,
             const std::vector<std::vector<Curvepoint>>& permutationCommits,
             const std::vector<std::vector<Curvepoint>>& productCommits,
+            const std::vector<std::vector<Curvepoint>>& powerProductCommits,
             const std::vector<std::vector<Curvepoint>>& seedCommits
         ) const;
 

prsona/inc/server.hpp

@@ -110,6 +110,7 @@ class PrsonaServer : public PrsonaBase {
             std::vector<std::vector<std::vector<Proof>>>& pi,
             std::vector<std::vector<std::vector<Curvepoint>>>& permutationCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
+            std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymPowerCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
             std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
             std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
@@ -119,10 +120,12 @@ class PrsonaServer : public PrsonaBase {
             std::vector<std::vector<std::vector<Proof>>>& pi,
             std::vector<std::vector<std::vector<Curvepoint>>>& permutationCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
+            std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymPowerCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
             std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
             std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
             std::vector<std::vector<std::vector<std::vector<Curvepoint>>>>& userTallyCommits,
+            std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskPowerCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskSeedCommits,
             const Curvepoint& nextGenerator);
 
@@ -130,10 +133,12 @@ class PrsonaServer : public PrsonaBase {
         std::vector<std::vector<Proof>> epoch_calculations(
             std::vector<std::vector<Curvepoint>>& permutationCommits,
             std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
+            std::vector<std::vector<Curvepoint>>& freshPseudonymPowerCommits,
             std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
             std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
             std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
             std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
+            std::vector<std::vector<Curvepoint>> & userTallyMaskPowerCommits,
             std::vector<std::vector<Curvepoint>> & userTallyMaskSeedCommits,
             const Scalar& power,
             bool doUserTallies);
@@ -142,10 +147,12 @@ class PrsonaServer : public PrsonaBase {
             const std::vector<std::vector<Proof>>& pi,
             const std::vector<std::vector<Curvepoint>>& permutationCommits,
             const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
+            const std::vector<std::vector<Curvepoint>>& freshPseudonymPowerCommits,
             const std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
             const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
             const std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
             const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
+            const std::vector<std::vector<Curvepoint>>& userTallyMaskPowerCommits,
             const std::vector<std::vector<Curvepoint>>& userTallyMaskSeedCommits,
             bool doUserTallies);
 
@@ -161,6 +168,7 @@ class PrsonaServer : public PrsonaBase {
             const std::vector<std::vector<Scalar>>& permutations,
             const Scalar& power,
             std::vector<std::vector<Scalar>>& seeds,
+            std::vector<std::vector<Curvepoint>>& powerCommits,
             std::vector<std::vector<Curvepoint>>& seedCommits
         ) const;
 
@@ -205,6 +213,7 @@ class PrsonaServer : public PrsonaBase {
             std::vector<Curvepoint>& masks,
             std::vector<Curvepoint>& messages,
             std::vector<std::vector<Scalar>>& maskSeeds,
+            std::vector<std::vector<Curvepoint>>& maskPowerCommits,
             std::vector<std::vector<Curvepoint>>& maskSeedCommits,
             std::vector<std::vector<Scalar>>& messageSeeds
         ) const;
@@ -215,6 +224,7 @@ class PrsonaServer : public PrsonaBase {
             const Scalar& power,
             const std::vector<T>& oldValues,
             std::vector<std::vector<Scalar>>& seeds,
+            std::vector<std::vector<T>>& powerCommits,
             std::vector<std::vector<Curvepoint>>& seedCommits,
             const T& h
         ) const;
@@ -259,7 +269,8 @@ class PrsonaServer : public PrsonaBase {
             const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
             const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
             const std::vector<std::vector<std::vector<CurveBipoint>>>& voteMatrixCommits,
-            const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits);
+            const std::vector<std::vector<Curvepoint>>& userTallyMaskCommits,
+            const std::vector<std::vector<Curvepoint>>& userTallyMessageCommits);
 
         bool pseudonyms_sorted(
             const std::vector<Curvepoint> newPseudonyms

prsona/src/base.cpp

@@ -917,6 +917,7 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
     const std::vector<Curvepoint>& oldValues,
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<Curvepoint>>& productCommits,
+    const std::vector<std::vector<Curvepoint>>& powerProductCommits,
     const std::vector<std::vector<Curvepoint>>& seedCommits) const
 {
     std::vector<Proof> retval;
@@ -944,70 +945,77 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
         for (size_t j = 0; j < productCommits[i].size(); j++)
             oracleInput << productCommits[i][j];
 
+    for (size_t i = 0; i < powerProductCommits.size(); i++)
+        for (size_t j = 0; j < powerProductCommits[i].size(); j++)
+            oracleInput << powerProductCommits[i][j];
+
     for (size_t i = 0; i < seedCommits.size(); i++)
         for (size_t j = 0; j < seedCommits[i].size(); j++)
             oracleInput << seedCommits[i][j];
 
-    std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
+    // std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
 
     Scalar b1;
     b1.set_random();
     std::vector<std::vector<Scalar>> b2;
     std::vector<std::vector<Scalar>> t1;
     std::vector<std::vector<Scalar>> t2;
+    std::vector<std::vector<Scalar>> t3;
 
     for (size_t i = 0; i < permutationCommits.size(); i++)
     {
-        std::vector<Scalar> currb2Row;
-        std::vector<Scalar> currt1Row;
-        std::vector<Scalar> currt2Row;
+        std::vector<Scalar> currB2Row;
+        std::vector<Scalar> currT1Row;
+        std::vector<Scalar> currT2Row;
+        std::vector<Scalar> currT3Row;
 
         for (size_t j = 0; j < permutationCommits[i].size(); j++)
         {
             Proof currProof;
 
-            Scalar currb2;
-            Scalar currt1;
-            Scalar currt2;
-
-            Curvepoint U1, U2, U3, U4;
+            Scalar currB2, currT1, currT2, currT3;
+            Curvepoint U1, U2, U3, U4, U5;
 
-            currb2.set_random();
-            currt1.set_random();
-            currt2.set_random();
+            currB2.set_random();
+            currT1.set_random();
+            currT2.set_random();
+            currT3.set_random();
 
             // Permutations go in weird order because of
             // matrix multiplication stuff
-            U1 = g * currb2 + h * currt1;
-            U2 = oldValues[i] *
-                (b1 * permutations[j][i] + currb2 * power);
-            U3 = oldValues[i] * b1 * currb2 + h * currt2;
-            U4 = g * currt2;
-
-            currProof.curvepointUniversals.push_back(U2);
-
-            oracleInput << U1 << U2 << U3 << U4;
+            U1 = g * currB2 + h * currT1;
+            U2 = oldValues[i] * currB2 + h * currT2;
+            U3 = productCommits[i][j] * b1;
+            U4 = oldValues[i] * permutations[j][i] * power + 
+                h * (-currT3);
+            U5 = g * currT3;
+
+            oracleInput << U1 << U2 << U3 << U4 << U5;
             std::cout << i * permutationCommits.size() + j + 1 << ": " << oracle(oracleInput.str()) << std::endl;
-            std::stringstream out1, out2, out3, out4;
+            std::stringstream out1, out2, out3, out4, out5;
             out1 << U1;
             out2 << U2;
             out3 << U3;
             out4 << U4;
+            out5 << U5;
             std::cout << "U1: " << oracle(out1.str()) << std::endl;
             std::cout << "U2: " << oracle(out2.str()) << std::endl;
             std::cout << "U3: " << oracle(out3.str()) << std::endl;
             std::cout << "U4: " << oracle(out4.str()) << std::endl;
+            std::cout << "U5: " << oracle(out5.str()) << std::endl;
 
-            currb2Row.push_back(currb2);
-            currt1Row.push_back(currt1);
-            currt2Row.push_back(currt2);
+            currB2Row.push_back(currB2);
+            currT1Row.push_back(currT1);
+            currT2Row.push_back(currT2);
+            currT3Row.push_back(currT3);
 
             retval.push_back(currProof);
         }
 
-        b2.push_back(currb2Row);
-        t1.push_back(currt1Row);
-        t2.push_back(currt2Row);
+        b2.push_back(currB2Row);
+        t1.push_back(currT1Row);
+        t2.push_back(currT2Row);
+        t3.push_back(currT3Row);
     }
 
     Scalar x = oracle(oracleInput.str());
@@ -1026,11 +1034,13 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
             // matrix multiplication stuff
             Scalar f2 = permutations[j][i] * x + b2[i][j];
             Scalar z1 = permutationSeeds[j][i] * x + t1[i][j];
-            Scalar z2 = productSeeds[i][j] * x * x + t2[i][j];
+            Scalar z2 = productSeeds[i][j] * x + t2[i][j];
+            Scalar z3 = productSeeds[i][j] * power * x + t3[i][j];
 
             retval[piIndex].responseParts.push_back(f2);
             retval[piIndex].responseParts.push_back(z1);
             retval[piIndex].responseParts.push_back(z2);
+            retval[piIndex].responseParts.push_back(z3);
         }
     }
 
@@ -1042,6 +1052,7 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
     const std::vector<Curvepoint>& oldValues,
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<Curvepoint>>& productCommits,
+    const std::vector<std::vector<Curvepoint>>& powerProductCommits,
     const std::vector<std::vector<Curvepoint>>& seedCommits) const
 {
     if (pi.empty())
@@ -1064,11 +1075,15 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
         for (size_t j = 0; j < productCommits[i].size(); j++)
             oracleInput << productCommits[i][j];
 
+    for (size_t i = 0; i < powerProductCommits.size(); i++)
+        for (size_t j = 0; j < powerProductCommits[i].size(); j++)
+            oracleInput << powerProductCommits[i][j];
+
     for (size_t i = 0; i < seedCommits.size(); i++)
         for (size_t j = 0; j < seedCommits[i].size(); j++)
             oracleInput << seedCommits[i][j];
 
-    std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
+    // std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
 
     Scalar x = pi[0].challengeParts[0];
     Scalar f1 = pi[0].responseParts[0];
@@ -1079,36 +1094,37 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
         {
             size_t piIndex = i * permutationCommits.size() + j + 1;
 
-            Curvepoint U1, U2, U3, U4;
-            U2 = pi[piIndex].curvepointUniversals[0];
+            Curvepoint U1, U2, U3, U4, U5;
 
             Scalar f2 = pi[piIndex].responseParts[0];
             Scalar z1 = pi[piIndex].responseParts[1];
             Scalar z2 = pi[piIndex].responseParts[2];
+            Scalar z3 = pi[piIndex].responseParts[3];
 
             // Permutations go in weird order because of
             // matrix multiplication stuff
             U1 = g * f2 + h * z1 - permutationCommits[j][i] * x;
-            
-            U3 = oldValues[i] * f1 * f2 +
-                h * z2 -
-                productCommits[i][j] * x * x -
-                U2 * x;
-
-            U4 = g * z2 - seedCommits[i][j] * x * x;
+            U2 = oldValues[i] * f2 + h * z2 -
+                productCommits[i][j] * x;
+            U3 = productCommits[i][j] * f1 -
+                powerProductCommits[i][j] * x;
+            U4 = powerProductCommits[i][j] * x - h * z3;
+            U5 = g * z3 - seedCommits[i][j] * x;
 
-            oracleInput << U1 << U2 << U3 << U4;
+            oracleInput << U1 << U2 << U3 << U4 << U5;
 
             std::cout << i * permutationCommits.size() + j + 1 << ": " << oracle(oracleInput.str()) << std::endl;
-            std::stringstream out1, out2, out3, out4;
+            std::stringstream out1, out2, out3, out4, out5;
             out1 << U1;
             out2 << U2;
             out3 << U3;
             out4 << U4;
+            out5 << U5;
             std::cout << "U1: " << oracle(out1.str()) << std::endl;
             std::cout << "U2: " << oracle(out2.str()) << std::endl;
             std::cout << "U3: " << oracle(out3.str()) << std::endl;
             std::cout << "U4: " << oracle(out4.str()) << std::endl;
+            std::cout << "U5: " << oracle(out5.str()) << std::endl;
         }
     }
 

prsona/src/server.cpp

@@ -393,6 +393,7 @@ void PrsonaServer::build_up_midway_pseudonyms(
     std::vector<std::vector<std::vector<Proof>>>& pi,
     std::vector<std::vector<std::vector<Curvepoint>>>& permutationCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
+    std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymPowerCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
     std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
     std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
@@ -402,24 +403,29 @@ void PrsonaServer::build_up_midway_pseudonyms(
 
     std::vector<std::vector<Curvepoint>> currPermutationCommits;
     std::vector<std::vector<Curvepoint>> currFreshPseudonymCommits;
+    std::vector<std::vector<Curvepoint>> currFreshPseudonymPowerCommits;
     std::vector<std::vector<Curvepoint>> currFreshPseudonymSeedCommits;
     std::vector<std::vector<TwistBipoint>> currServerTallyCommits;
     std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>> currVoteMatrixCommits;
     std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
+    std::vector<std::vector<Curvepoint>> currUserTallyMaskPowerCommits;
     std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
     pi.push_back(epoch_calculations(
         currPermutationCommits,
         currFreshPseudonymCommits,
+        currFreshPseudonymPowerCommits,
         currFreshPseudonymSeedCommits,
         currServerTallyCommits,
         currVoteMatrixCommits,
         currUserTallyCommits,
+        currUserTallyMaskPowerCommits,
         currUserTallyMaskSeedCommits,
         nextSeed,
         false));
 
     permutationCommits.push_back(currPermutationCommits);
     freshPseudonymCommits.push_back(currFreshPseudonymCommits);
+    freshPseudonymPowerCommits.push_back(currFreshPseudonymPowerCommits);
     freshPseudonymSeedCommits.push_back(currFreshPseudonymSeedCommits);
     serverTallyCommits.push_back(currServerTallyCommits);
     voteMatrixCommits.push_back(currVoteMatrixCommits);
@@ -438,10 +444,12 @@ void PrsonaServer::break_down_midway_pseudonyms(
     std::vector<std::vector<std::vector<Proof>>>& pi,
     std::vector<std::vector<std::vector<Curvepoint>>>& permutationCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
+    std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymPowerCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
     std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
     std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
     std::vector<std::vector<std::vector<std::vector<Curvepoint>>>>& userTallyCommits,
+    std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskPowerCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskSeedCommits,
     const Curvepoint& nextGenerator)
 {
@@ -455,28 +463,34 @@ void PrsonaServer::break_down_midway_pseudonyms(
 
     std::vector<std::vector<Curvepoint>> currPermutationCommits;
     std::vector<std::vector<Curvepoint>> currFreshPseudonymCommits;
+    std::vector<std::vector<Curvepoint>> currFreshPseudonymPowerCommits;
     std::vector<std::vector<Curvepoint>> currFreshPseudonymSeedCommits;
     std::vector<std::vector<TwistBipoint>> currServerTallyCommits;
     std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>> currVoteMatrixCommits;
     std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
+    std::vector<std::vector<Curvepoint>> currUserTallyMaskPowerCommits;
     std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
     pi.push_back(epoch_calculations(
         currPermutationCommits,
         currFreshPseudonymCommits,
+        currFreshPseudonymPowerCommits,
         currFreshPseudonymSeedCommits,
         currServerTallyCommits,
         currVoteMatrixCommits,
         currUserTallyCommits,
+        currUserTallyMaskPowerCommits,
         currUserTallyMaskSeedCommits,
         inverseSeed,
         true));
 
     permutationCommits.push_back(currPermutationCommits);
     freshPseudonymCommits.push_back(currFreshPseudonymCommits);
+    freshPseudonymPowerCommits.push_back(currFreshPseudonymPowerCommits);
     freshPseudonymSeedCommits.push_back(currFreshPseudonymSeedCommits);
     serverTallyCommits.push_back(currServerTallyCommits);
     voteMatrixCommits.push_back(currVoteMatrixCommits);
     userTallyCommits.push_back(currUserTallyCommits);
+    userTallyMaskPowerCommits.push_back(currUserTallyMaskPowerCommits);
     userTallyMaskSeedCommits.push_back(currUserTallyMaskSeedCommits);
 
     currentSeed = nextSeed;
@@ -489,10 +503,12 @@ void PrsonaServer::break_down_midway_pseudonyms(
 std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
     std::vector<std::vector<Curvepoint>>& permutationCommits,
     std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
+    std::vector<std::vector<Curvepoint>>& freshPseudonymPowerCommits,
     std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
     std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
     std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
     std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
+    std::vector<std::vector<Curvepoint>> & userTallyMaskPowerCommits,
     std::vector<std::vector<Curvepoint>> & userTallyMaskSeedCommits,
     const Scalar& power,
     bool doUserTallies)
@@ -528,12 +544,13 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
 
     std::vector<std::vector<Scalar>> freshPseudonymSeeds;
     freshPseudonymSeedCommits.clear();
-    freshPseudonymCommits.clear();
+    freshPseudonymPowerCommits.clear();
     freshPseudonymCommits = 
         generate_pseudonym_matrix(
             permutations,
             power,
             freshPseudonymSeeds,
+            freshPseudonymPowerCommits,
             freshPseudonymSeedCommits);
 
     // for (size_t i = 0; i < freshPseudonymCommits.size(); i++)
@@ -558,6 +575,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             currentPseudonyms,
             permutationCommits,
             freshPseudonymCommits,
+            freshPseudonymPowerCommits,
             freshPseudonymSeedCommits));
 
     // std::cout << "Generating server tally matrix." << std::endl;
@@ -638,6 +656,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
 
         std::vector<Curvepoint> userTallyMasks;
         std::vector<std::vector<Scalar>> userTallyMaskSeeds;
+        userTallyMaskPowerCommits.clear();
         userTallyMaskSeedCommits.clear();
         std::vector<Curvepoint> userTallyMessages;
         std::vector<std::vector<Scalar>> userTallyMessageSeeds;
@@ -648,6 +667,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 userTallyMasks,
                 userTallyMessages,
                 userTallyMaskSeeds,
+                userTallyMaskPowerCommits,
                 userTallyMaskSeedCommits,
                 userTallyMessageSeeds);
 
@@ -662,6 +682,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 userTallyMasks,
                 permutationCommits,
                 userTallyCommits[0],
+                userTallyMaskPowerCommits,
                 userTallyMaskSeedCommits));
 
         // std::cout << "Proving user tally message matrix." << std::endl;
@@ -678,15 +699,26 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 elGamalBlindGenerator,
                 false));
     }
+    else
+    {
+        userTallyMaskPowerCommits.clear();
+        userTallyMaskSeedCommits.clear();
+        userTallyCommits.push_back(std::vector<std::vector<Curvepoint>>());
+        userTallyCommits.push_back(std::vector<std::vector<Curvepoint>>());
+    }
 
     // std::cout << "Giving self updates." << std::endl;
 
     // Replace internal values
     update_data(
-        freshPseudonymCommits,
+        freshPseudonymPowerCommits,
         serverTallyCommits,
         voteMatrixCommits[1],
-        userTallyCommits);
+        userTallyMaskPowerCommits,
+        userTallyCommits[1]);
+
+    if (!doUserTallies)
+        userTallyCommits.clear();
 
     return retval;
 }
@@ -695,10 +727,12 @@ bool PrsonaServer::accept_epoch_updates(
     const std::vector<std::vector<Proof>>& pi,
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
+    const std::vector<std::vector<Curvepoint>>& freshPseudonymPowerCommits,
     const std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
     const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
     const std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
     const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
+    const std::vector<std::vector<Curvepoint>>& userTallyMaskPowerCommits,
     const std::vector<std::vector<Curvepoint>>& userTallyMaskSeedCommits,
     bool doUserTallies)
 {
@@ -727,6 +761,7 @@ bool PrsonaServer::accept_epoch_updates(
             currentPseudonyms,
             permutationCommits,
             freshPseudonymCommits,
+            freshPseudonymPowerCommits,
             freshPseudonymSeedCommits);
     if (!verification)
     {
@@ -781,6 +816,9 @@ bool PrsonaServer::accept_epoch_updates(
 
     currOffset += voteMatrix.size();
 
+    std::vector<std::vector<Curvepoint>> inputMasks;
+    std::vector<std::vector<Curvepoint>> inputMessages;
+
     if (doUserTallies)
     {
         std::vector<Curvepoint> userTallyMasks;
@@ -796,6 +834,7 @@ bool PrsonaServer::accept_epoch_updates(
             userTallyMasks,
             permutationCommits,
             userTallyCommits[0],
+            userTallyMaskPowerCommits,
             userTallyMaskSeedCommits);
         if (!verification)
         {
@@ -818,13 +857,17 @@ bool PrsonaServer::accept_epoch_updates(
             std::cerr << "Could not verify user tally messages." << std::endl;
             return false;
         }
+
+        inputMasks = userTallyMaskPowerCommits;
+        inputMessages = userTallyCommits[1];
     }
 
     verification = update_data(
-        freshPseudonymCommits,
+        freshPseudonymPowerCommits,
         serverTallyCommits,
         voteMatrixCommits[1],
-        userTallyCommits);
+        inputMasks,
+        inputMessages);
 
     return verification;
 }
@@ -913,6 +956,7 @@ std::vector<std::vector<Curvepoint>> PrsonaServer::generate_pseudonym_matrix(
     const std::vector<std::vector<Scalar>>& permutations,
     const Scalar& power,
     std::vector<std::vector<Scalar>>& seeds,
+    std::vector<std::vector<Curvepoint>>& powerCommits,
     std::vector<std::vector<Curvepoint>>& seedCommits) const
 {
     return generate_reordered_plus_power_matrix<Curvepoint>(
@@ -920,6 +964,7 @@ std::vector<std::vector<Curvepoint>> PrsonaServer::generate_pseudonym_matrix(
         power,
         currentPseudonyms,
         seeds,
+        powerCommits,
         seedCommits,
         elGamalBlindGenerator);
 }
@@ -1076,6 +1121,7 @@ std::vector<std::vector<std::vector<Curvepoint>>> PrsonaServer::generate_user_ta
     std::vector<Curvepoint>& masks,
     std::vector<Curvepoint>& messages,
     std::vector<std::vector<Scalar>>& maskSeeds,
+    std::vector<std::vector<Curvepoint>>& maskPowerCommits,
     std::vector<std::vector<Curvepoint>>& maskSeedCommits,
     std::vector<std::vector<Scalar>>& messageSeeds) const
 {
@@ -1095,6 +1141,7 @@ std::vector<std::vector<std::vector<Curvepoint>>> PrsonaServer::generate_user_ta
             power,
             masks,
             maskSeeds,
+            maskPowerCommits,
             maskSeedCommits,
             elGamalBlindGenerator));
 
@@ -1116,26 +1163,32 @@ std::vector<std::vector<T>> PrsonaServer::generate_reordered_plus_power_matrix(
     const Scalar& power,
     const std::vector<T>& oldValues,
     std::vector<std::vector<Scalar>>& seeds,
+    std::vector<std::vector<T>>& powerCommits,
     std::vector<std::vector<Curvepoint>>& seedCommits,
     const T& h) const
 {
     std::vector<std::vector<Scalar>> permutation_plus_power;
+    std::vector<std::vector<T>> retval;
     seedCommits.clear();
+    powerCommits.clear();
 
     for (size_t i = 0; i < permutations.size(); i++)
     {
         std::vector<Scalar> currPermutations;
         std::vector<Curvepoint> currSeedCommits;
+        std::vector<T> currRetvalRow;
         for (size_t j = 0; j < permutations[i].size(); j++)
         {
             currPermutations.push_back(permutations[i][j] * power);
             currSeedCommits.push_back(Curvepoint());
+            currRetvalRow.push_back(T());
         }
         permutation_plus_power.push_back(currPermutations);
         seedCommits.push_back(currSeedCommits);
+        retval.push_back(currRetvalRow);
     }
 
-    std::vector<std::vector<T>> retval = 
+    powerCommits = 
         generate_reordered_matrix<T>(
             permutation_plus_power,
             oldValues,
@@ -1144,9 +1197,16 @@ std::vector<std::vector<T>> PrsonaServer::generate_reordered_plus_power_matrix(
             false,
             true);
 
+    Scalar inversePower = power.curveMultInverse();
     for (size_t i = 0; i < permutations.size(); i++)
+    {
         for (size_t j = 0; j < permutations[i].size(); j++)
+        {
             seedCommits[i][j] = EL_GAMAL_GENERATOR * seeds[i][j];
+            seeds[i][j] = seeds[i][j] * inversePower;
+            retval[i][j] = powerCommits[i][j] * inversePower;
+        }
+    }
     
     return retval;
 }
@@ -1274,7 +1334,8 @@ bool PrsonaServer::update_data(
     const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
     const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
     const std::vector<std::vector<std::vector<CurveBipoint>>>& voteMatrixCommits,
-    const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits)
+    const std::vector<std::vector<Curvepoint>>& userTallyMaskCommits,
+    const std::vector<std::vector<Curvepoint>>& userTallyMessageCommits)
 {
     std::vector<Curvepoint> newPseudonyms;
     std::vector<TwistBipoint> newVoteTallies;
@@ -1286,10 +1347,10 @@ bool PrsonaServer::update_data(
         TwistBipoint voteTallySum = serverTallyCommits[i][0];
 
         Curvepoint userTallyMask, userTallyMessage;
-        if (!userTallyCommits.empty())
+        if (!userTallyMaskCommits.empty())
         {
-            userTallyMask = userTallyCommits[i][0][0];
-            userTallyMessage = userTallyCommits[i][0][1];
+            userTallyMask = userTallyMaskCommits[i][0];
+            userTallyMessage = userTallyMessageCommits[i][0];
         }
 
         for (size_t j = 1; j < freshPseudonymCommits[i].size(); j++)
@@ -1297,19 +1358,19 @@ bool PrsonaServer::update_data(
             pseudonymSum = pseudonymSum + freshPseudonymCommits[i][j];
             voteTallySum = voteTallySum + serverTallyCommits[i][j];
 
-            if (!userTallyCommits.empty())
+            if (!userTallyMaskCommits.empty())
             {
                 userTallyMask = userTallyMask +
-                    userTallyCommits[i][j][0];
+                    userTallyMaskCommits[i][j];
                 userTallyMessage = userTallyMessage +
-                    userTallyCommits[i][j][1];
+                    userTallyMessageCommits[i][j];
             }
         }
 
         newPseudonyms.push_back(pseudonymSum);
         newVoteTallies.push_back(voteTallySum);
 
-        if (!userTallyCommits.empty())
+        if (!userTallyMaskCommits.empty())
         {
             newUserTallies.push_back(
                 EGCiphertext(userTallyMask, userTallyMessage));

prsona/src/serverEntity.cpp

@@ -448,10 +448,12 @@ void PrsonaServerEntity::epoch(size_t which)
     std::vector<std::vector<std::vector<Proof>>> pi;
     std::vector<std::vector<std::vector<Curvepoint>>> permutationCommits;
     std::vector<std::vector<std::vector<Curvepoint>>> freshPseudonymCommits;
+    std::vector<std::vector<std::vector<Curvepoint>>> freshPseudonymPowerCommits;
     std::vector<std::vector<std::vector<Curvepoint>>> freshPseudonymSeedCommits;
     std::vector<std::vector<std::vector<TwistBipoint>>> serverTallyCommits;
     std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>> voteMatrixCommits;
     std::vector<std::vector<std::vector<std::vector<Curvepoint>>>> userTallyCommits;
+    std::vector<std::vector<std::vector<Curvepoint>>> userTallyMaskPowerCommits;
     std::vector<std::vector<std::vector<Curvepoint>>> userTallyMaskSeedCommits;
 
     std::vector<std::vector<Proof>> generator_proof_holder(1);
@@ -462,7 +464,7 @@ void PrsonaServerEntity::epoch(size_t which)
     {
         if (i > 0)
             continue;
-        
+
         size_t realI = (which + i) % servers[which].get_num_servers();
 
         std::cout << "Building up on server " << realI << "." << std::endl;
@@ -471,6 +473,7 @@ void PrsonaServerEntity::epoch(size_t which)
             pi,
             permutationCommits,
             freshPseudonymCommits,
+            freshPseudonymPowerCommits,
             freshPseudonymSeedCommits,
             serverTallyCommits,
             voteMatrixCommits,
@@ -479,6 +482,7 @@ void PrsonaServerEntity::epoch(size_t which)
         for (size_t j = 1; j < servers[which].get_num_servers(); j++)
         {
             std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
+            std::vector<std::vector<Curvepoint>> currUserTallyMaskPowerCommits;
             std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
 
             size_t realJ = (which + j) % servers[which].get_num_servers();
@@ -489,70 +493,77 @@ void PrsonaServerEntity::epoch(size_t which)
                 pi[i + 1],
                 permutationCommits[i],
                 freshPseudonymCommits[i],
+                freshPseudonymPowerCommits[i],
                 freshPseudonymSeedCommits[i],
                 serverTallyCommits[i],
                 voteMatrixCommits[i],
                 currUserTallyCommits,
+                currUserTallyMaskPowerCommits,
                 currUserTallyMaskSeedCommits,
                 false);
         }
     }
 
-    // std::vector<Proof> generator_proof = pi[0][0];
-    // pi.clear();
-    // permutationCommits.clear();
-    // freshPseudonymCommits.clear();
-    // freshPseudonymSeedCommits.clear();
-    // serverTallyCommits.clear();
-    // voteMatrixCommits.clear();
-
-    // std::cout << "Tallying scores." << std::endl;
-
-    // /* Imagine that server 0 is encrypting these, then would do a ZKP that it
-    //  * knows a secret mask and encrypted the correct value everyone else already
-    //  * knows. Everyone else then adds a mask and proves they added a secret mask
-    //  * to the committed values. */
-    // std::vector<EGCiphertext> currentUserEncryptedTallies =
-    //     tally_scores(nextGenerator, which);
-    // distribute_tallied_scores(currentUserEncryptedTallies);
+    std::vector<Proof> generator_proof = pi[0][0];
+    pi.clear();
+    permutationCommits.clear();
+    freshPseudonymCommits.clear();
+    freshPseudonymPowerCommits.clear();
+    freshPseudonymSeedCommits.clear();
+    serverTallyCommits.clear();
+    voteMatrixCommits.clear();
+
+    std::cout << "Tallying scores." << std::endl;
+
+    /* Imagine that server 0 is encrypting these, then would do a ZKP that it
+     * knows a secret mask and encrypted the correct value everyone else already
+     * knows. Everyone else then adds a mask and proves they added a secret mask
+     * to the committed values. */
+    std::vector<EGCiphertext> currentUserEncryptedTallies =
+        tally_scores(nextGenerator, which);
+    distribute_tallied_scores(currentUserEncryptedTallies);
     
-    // // go from A_0.5 to A_1
-    // for (size_t i = 0; i < servers[which].get_num_servers(); i++)
-    // {
-    //     size_t realI = (which + i) % servers[which].get_num_servers();
+    // go from A_0.5 to A_1
+    for (size_t i = 0; i < servers[which].get_num_servers(); i++)
+    {
+        size_t realI = (which + i) % servers[which].get_num_servers();
 
-    //     std::cout << "Breaking down on server " << realI << "." << std::endl;
+        std::cout << "Breaking down on server " << realI << "." << std::endl;
         
-    //     servers[realI].break_down_midway_pseudonyms(
-    //         generator_proof,
-    //         pi,
-    //         permutationCommits,
-    //         freshPseudonymCommits,
-    //         freshPseudonymSeedCommits,
-    //         serverTallyCommits,
-    //         voteMatrixCommits,
-    //         userTallyCommits,
-    //         userTallyMaskSeedCommits,
-    //         nextGenerator);
+        servers[realI].break_down_midway_pseudonyms(
+            generator_proof,
+            pi,
+            permutationCommits,
+            freshPseudonymCommits,
+            freshPseudonymPowerCommits,
+            freshPseudonymSeedCommits,
+            serverTallyCommits,
+            voteMatrixCommits,
+            userTallyCommits,
+            userTallyMaskPowerCommits,
+            userTallyMaskSeedCommits,
+            nextGenerator);
         
-    //     for (size_t j = 1; j < servers[which].get_num_servers(); j++)
-    //     {
-    //         size_t realJ = (which + j) % servers[which].get_num_servers();
-
-    //         std::cout << "Giving to server " << realJ << "." << std::endl;
-
-    //         servers[realJ].accept_epoch_updates(
-    //             pi[i],
-    //             permutationCommits[i],
-    //             freshPseudonymCommits[i],
-    //             freshPseudonymSeedCommits[i],
-    //             serverTallyCommits[i],
-    //             voteMatrixCommits[i],
-    //             userTallyCommits[i],
-    //             userTallyMaskSeedCommits[i],
-    //             true);
-    //     }
-    // }
+        for (size_t j = 1; j < servers[which].get_num_servers(); j++)
+        {
+            size_t realJ = (which + j) % servers[which].get_num_servers();
+
+            std::cout << "Giving to server " << realJ << "." << std::endl;
+
+            servers[realJ].accept_epoch_updates(
+                pi[i],
+                permutationCommits[i],
+                freshPseudonymCommits[i],
+                freshPseudonymPowerCommits[i],
+                freshPseudonymSeedCommits[i],
+                serverTallyCommits[i],
+                voteMatrixCommits[i],
+                userTallyCommits[i],
+                userTallyMaskPowerCommits[i],
+                userTallyMaskSeedCommits[i],
+                true);
+        }
+    }
 }
 
 void PrsonaServerEntity::print_scores() const