fixed bugs identified in previous meeting (it turned out to just be indexing problems, as I had suspected)

prsona/inc/base.hpp

@@ -188,8 +188,7 @@ class PrsonaBase {
             const std::vector<std::vector<Curvepoint>>& permutationCommits,
             const std::vector<std::vector<T>>& productCommits,
             const T& otherG,
-            const T& otherH,
-            bool inverted
+            const T& otherH
         ) const;
 
         template <typename T>
@@ -199,8 +198,7 @@ class PrsonaBase {
             const std::vector<std::vector<Curvepoint>>& permutationCommits,
             const std::vector<std::vector<T>>& productCommits,
             const T& otherG,
-            const T& otherH,
-            bool inverted
+            const T& otherH
         ) const;
 
         // SERVER AGREEMENT PROOFS

prsona/inc/server.hpp

@@ -225,7 +225,6 @@ class PrsonaServer : public PrsonaBase {
             const std::vector<T>& oldValues,
             std::vector<std::vector<Scalar>>& seeds,
             const T& h,
-            bool inverted,
             bool cancelOut
         ) const;
 

prsona/src/base.cpp

@@ -948,8 +948,6 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
         for (size_t j = 0; j < seedCommits[i].size(); j++)
             oracleInput << seedCommits[i][j];
 
-    std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
-
     Scalar b1;
     b1.set_random();
     std::vector<std::vector<Scalar>> b2;
@@ -976,27 +974,15 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
             currt1.set_random();
             currt2.set_random();
 
-            // Permutations go in weird order because of
-            // matrix multiplication stuff
             U1 = g * currb2 + h * currt1;
-            U2 = oldValues[i] *
+            U2 = oldValues[j] *
                 (b1 * permutations[j][i] + currb2 * power);
-            U3 = oldValues[i] * b1 * currb2 + h * currt2;
+            U3 = oldValues[j] * b1 * currb2 + h * currt2;
             U4 = g * currt2;
 
             currProof.curvepointUniversals.push_back(U2);
 
             oracleInput << U1 << U2 << U3 << U4;
-            std::cout << i * permutationCommits.size() + j + 1 << ": " << oracle(oracleInput.str()) << std::endl;
-            std::stringstream out1, out2, out3, out4;
-            out1 << U1;
-            out2 << U2;
-            out3 << U3;
-            out4 << U4;
-            std::cout << "U1: " << oracle(out1.str()) << std::endl;
-            std::cout << "U2: " << oracle(out2.str()) << std::endl;
-            std::cout << "U3: " << oracle(out3.str()) << std::endl;
-            std::cout << "U4: " << oracle(out4.str()) << std::endl;
 
             currb2Row.push_back(currb2);
             currt1Row.push_back(currt1);
@@ -1022,8 +1008,6 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering_plus_power(
         {
             size_t piIndex = i * permutationCommits.size() + j + 1;
 
-            // Permutations go in weird order because of
-            // matrix multiplication stuff
             Scalar f2 = permutations[j][i] * x + b2[i][j];
             Scalar z1 = permutationSeeds[j][i] * x + t1[i][j];
             Scalar z2 = productSeeds[i][j] * x * x + t2[i][j];
@@ -1068,8 +1052,6 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
         for (size_t j = 0; j < seedCommits[i].size(); j++)
             oracleInput << seedCommits[i][j];
 
-    std::cout << "Pre: " << oracle(oracleInput.str()) << std::endl;
-
     Scalar x = pi[0].challengeParts[0];
     Scalar f1 = pi[0].responseParts[0];
 
@@ -1086,11 +1068,9 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
             Scalar z1 = pi[piIndex].responseParts[1];
             Scalar z2 = pi[piIndex].responseParts[2];
 
-            // Permutations go in weird order because of
-            // matrix multiplication stuff
             U1 = g * f2 + h * z1 - permutationCommits[j][i] * x;
             
-            U3 = oldValues[i] * f1 * f2 +
+            U3 = oldValues[j] * f1 * f2 +
                 h * z2 -
                 productCommits[i][j] * x * x -
                 U2 * x;
@@ -1098,23 +1078,12 @@ bool PrsonaBase::verify_proof_of_reordering_plus_power(
             U4 = g * z2 - seedCommits[i][j] * x * x;
 
             oracleInput << U1 << U2 << U3 << U4;
-
-            std::cout << i * permutationCommits.size() + j + 1 << ": " << oracle(oracleInput.str()) << std::endl;
-            std::stringstream out1, out2, out3, out4;
-            out1 << U1;
-            out2 << U2;
-            out3 << U3;
-            out4 << U4;
-            std::cout << "U1: " << oracle(out1.str()) << std::endl;
-            std::cout << "U2: " << oracle(out2.str()) << std::endl;
-            std::cout << "U3: " << oracle(out3.str()) << std::endl;
-            std::cout << "U4: " << oracle(out4.str()) << std::endl;
         }
     }
 
     if (x != oracle(oracleInput.str()))
     {
-        std::cerr << "Fresh pseudonyms not generated by permutation matrix." << std::endl;
+        std::cerr << "Reordered + power things not generated by permutation matrix." << std::endl;
         return false;
     }
 
@@ -1144,8 +1113,7 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering(
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<T>>& productCommits,
     const T& otherG,
-    const T& otherH,
-    bool inverted) const
+    const T& otherH) const
 {
     std::vector<Proof> retval;
 
@@ -1198,7 +1166,7 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering(
             currt2.set_random();
 
             U1 = g * curra + h * currt1;
-            U2 = oldValues[i] * curra + otherH * currt2;
+            U2 = oldValues[j] * curra + otherH * currt2;
 
             oracleInput << U1 << U2;
 
@@ -1222,23 +1190,9 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering(
         for (size_t j = 0; j < permutationCommits[i].size(); j++)
         {
             size_t piIndex = i * permutationCommits.size() + j + 1;
-            size_t permI, permJ;
-
-            // Permutations normally go in weird order because of
-            // matrix multiplication stuff
-            if (inverted)
-            {
-                permI = i;
-                permJ = j;
-            }
-            else
-            {
-                permI = j;
-                permJ = i;
-            }
 
-            Scalar f = permutations[permI][permJ] * x + a[i][j];
-            Scalar z1 = permutationSeeds[permI][permJ] * x + t1[i][j];
+            Scalar f = permutations[j][i] * x + a[i][j];
+            Scalar z1 = permutationSeeds[j][i] * x + t1[i][j];
             Scalar z2 = productSeeds[i][j] * x + t2[i][j];
 
             retval[piIndex].responseParts.push_back(f);
@@ -1257,8 +1211,7 @@ bool PrsonaBase::verify_proof_of_reordering(
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<T>>& productCommits,
     const T& otherG,
-    const T& otherH,
-    bool inverted) const
+    const T& otherH) const
 {
     if (pi.empty())
         return false;
@@ -1295,25 +1248,10 @@ bool PrsonaBase::verify_proof_of_reordering(
             Scalar z1 = pi[piIndex].responseParts[1];
             Scalar z2 = pi[piIndex].responseParts[2];
 
-            size_t permI, permJ;
-
-            // Permutations normally go in weird order because of
-            // matrix multiplication stuff
-            if (inverted)
-            {
-                permI = i;
-                permJ = j;
-            }
-            else
-            {
-                permI = j;
-                permJ = i;
-            }
-
             U1 = g * f + h * z1 -
-                permutationCommits[permI][permJ] * x;
+                permutationCommits[j][i] * x;
             
-            U2 = oldValues[i] * f + otherH * z2 -
+            U2 = oldValues[j] * f + otherH * z2 -
                 productCommits[i][j] * x;
 
             oracleInput << U1 << U2;
@@ -1322,7 +1260,7 @@ bool PrsonaBase::verify_proof_of_reordering(
 
     if (x != oracle(oracleInput.str()))
     {
-        std::cerr << "Fresh pseudonyms not generated by permutation matrix." << std::endl;
+        std::cerr << "Reordered things not generated by permutation matrix." << std::endl;
         return false;
     }
 
@@ -1594,8 +1532,7 @@ template std::vector<Proof> PrsonaBase::generate_proof_of_reordering<Curvepoint>
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<Curvepoint>>& productCommits,
     const Curvepoint& otherG,
-    const Curvepoint& otherH,
-    bool inverted) const;
+    const Curvepoint& otherH) const;
 
 template std::vector<Proof> PrsonaBase::generate_proof_of_reordering<CurveBipoint>(
     const std::vector<std::vector<Scalar>>& permutations,
@@ -1605,8 +1542,7 @@ template std::vector<Proof> PrsonaBase::generate_proof_of_reordering<CurveBipoin
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<CurveBipoint>>& productCommits,
     const CurveBipoint& otherG,
-    const CurveBipoint& otherH,
-    bool inverted) const;
+    const CurveBipoint& otherH) const;
 
 template std::vector<Proof> PrsonaBase::generate_proof_of_reordering<TwistBipoint>(
     const std::vector<std::vector<Scalar>>& permutations,
@@ -1616,8 +1552,7 @@ template std::vector<Proof> PrsonaBase::generate_proof_of_reordering<TwistBipoin
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<TwistBipoint>>& productCommits,
     const TwistBipoint& otherG,
-    const TwistBipoint& otherH,
-    bool inverted) const;
+    const TwistBipoint& otherH) const;
 
 template bool PrsonaBase::verify_proof_of_reordering<Curvepoint>(
     const std::vector<Proof>& pi,
@@ -1625,8 +1560,7 @@ template bool PrsonaBase::verify_proof_of_reordering<Curvepoint>(
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<Curvepoint>>& productCommits,
     const Curvepoint& otherG,
-    const Curvepoint& otherH,
-    bool inverted) const;
+    const Curvepoint& otherH) const;
 
 template bool PrsonaBase::verify_proof_of_reordering<CurveBipoint>(
     const std::vector<Proof>& pi,
@@ -1634,8 +1568,7 @@ template bool PrsonaBase::verify_proof_of_reordering<CurveBipoint>(
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<CurveBipoint>>& productCommits,
     const CurveBipoint& otherG,
-    const CurveBipoint& otherH,
-    bool inverted) const;
+    const CurveBipoint& otherH) const;
 
 template bool PrsonaBase::verify_proof_of_reordering<TwistBipoint>(
     const std::vector<Proof>& pi,
@@ -1643,5 +1576,4 @@ template bool PrsonaBase::verify_proof_of_reordering<TwistBipoint>(
     const std::vector<std::vector<Curvepoint>>& permutationCommits,
     const std::vector<std::vector<TwistBipoint>>& productCommits,
     const TwistBipoint& otherG,
-    const TwistBipoint& otherH,
-    bool inverted) const;
+    const TwistBipoint& otherH) const;

prsona/src/server.cpp

@@ -507,24 +507,24 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
     for (size_t i = 0; i < currentPseudonyms.size(); i++)
         nextPseudonyms[i] = currentPseudonyms[order[i]] * power;
 
-    // std::cout << "Generating permutation matrix." << std::endl;
+    std::cout << "Generating permutation matrix." << std::endl;
 
     std::vector<std::vector<Scalar>> permutations =
         generate_permutation_matrix(power);
 
-    // std::cout << "Generating permutation commitment matrix." << std::endl;
+    std::cout << "Generating permutation commitment matrix." << std::endl;
 
     std::vector<std::vector<Scalar>> permutationSeeds;
     permutationCommits.clear();
     permutationCommits = 
         generate_commitment_matrix(permutations, permutationSeeds);
 
-    // std::cout << "Generating permutation proof." << std::endl;
+    std::cout << "Generating permutation proof." << std::endl;
 
     retval.push_back(generate_valid_permutation_proof(
         permutations, permutationSeeds, permutationCommits));
 
-    // std::cout << "Generating pseudonym matrix." << std::endl;
+    std::cout << "Generating pseudonym matrix." << std::endl;
 
     std::vector<std::vector<Scalar>> freshPseudonymSeeds;
     freshPseudonymSeedCommits.clear();
@@ -545,9 +545,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
     //         << (sum == nextPseudonyms[i] ? ": PASS" : ": FAIL") << std::endl;
     // }
 
-    // std::cout << (pseudonyms_sorted(nextPseudonyms) ? "PASS" : "FAIL") << std::endl;
-
-    // std::cout << "Generating pseudonym proof." << std::endl;
+    std::cout << "Generating pseudonym proof." << std::endl;
 
     retval.push_back(
         generate_proof_of_reordering_plus_power(
@@ -560,7 +558,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             freshPseudonymCommits,
             freshPseudonymSeedCommits));
 
-    // std::cout << "Generating server tally matrix." << std::endl;
+    std::cout << "Generating server tally matrix." << std::endl;
 
     std::vector<std::vector<Scalar>> serverTallySeeds;
     serverTallyCommits.clear();
@@ -569,7 +567,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             permutations,
             serverTallySeeds);
 
-    // std::cout << "Generating server tally proof." << std::endl;
+    std::cout << "Generating server tally proof." << std::endl;
 
     retval.push_back(
         generate_proof_of_reordering<TwistBipoint>(
@@ -580,10 +578,9 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             permutationCommits,
             serverTallyCommits,
             bgnSystem.get_public_key().get_bipoint_twistgen(),
-            bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen(),
-            false));
+            bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen()));
 
-    // std::cout << "Doing V * P^T." << std::endl;
+    std::cout << "Doing V * P." << std::endl;
 
     std::vector<std::vector<std::vector<Scalar>>> firstVoteMatrixSeeds;
     std::vector<std::vector<std::vector<Scalar>>> secondVoteMatrixSeeds;
@@ -594,12 +591,12 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             firstVoteMatrixSeeds,
             false));
 
-    // std::cout << "Finishing V * P^T calculation." << std::endl;
+    std::cout << "Finishing V * P calculation." << std::endl;
 
     std::vector<std::vector<CurveBipoint>> partialVoteMatrix = 
         calculate_next_vote_matrix(voteMatrixCommits[0]);
 
-    // std::cout << "Doing P * (V * P^T)." << std::endl;
+    std::cout << "Doing P^T * (V * P)." << std::endl;
 
     voteMatrixCommits.push_back(
         generate_vote_tensor(
@@ -608,7 +605,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
             secondVoteMatrixSeeds,
             true));
 
-    // std::cout << "Proving V * P^T." << std::endl;
+    std::cout << "Proving V * P." << std::endl;
 
     generate_vote_tensor_proofs(
         retval,
@@ -620,7 +617,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
         voteMatrixCommits[0],
         false);
 
-    // std::cout << "Proving P * (V * P^T)." << std::endl;
+    std::cout << "Proving P^T * (V * P)." << std::endl;
 
     generate_vote_tensor_proofs(
         retval,
@@ -634,7 +631,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
 
     if (doUserTallies)
     {
-        // std::cout << "Generating user tally matrix." << std::endl;
+        std::cout << "Generating user tally matrix." << std::endl;
 
         std::vector<Curvepoint> userTallyMasks;
         std::vector<std::vector<Scalar>> userTallyMaskSeeds;
@@ -651,7 +648,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 userTallyMaskSeedCommits,
                 userTallyMessageSeeds);
 
-        // std::cout << "Proving user tally mask matrix." << std::endl;
+        std::cout << "Proving user tally mask matrix." << std::endl;
 
         retval.push_back(
             generate_proof_of_reordering_plus_power(
@@ -664,7 +661,7 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 userTallyCommits[0],
                 userTallyMaskSeedCommits));
 
-        // std::cout << "Proving user tally message matrix." << std::endl;
+        std::cout << "Proving user tally message matrix." << std::endl;
 
         retval.push_back(
             generate_proof_of_reordering<Curvepoint>(
@@ -675,11 +672,10 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
                 permutationCommits,
                 userTallyCommits[1],
                 EL_GAMAL_GENERATOR,
-                elGamalBlindGenerator,
-                false));
+                elGamalBlindGenerator));
     }
 
-    // std::cout << "Giving self updates." << std::endl;
+    std::cout << "Giving self updates." << std::endl;
 
     // Replace internal values
     update_data(
@@ -713,6 +709,8 @@ bool PrsonaServer::accept_epoch_updates(
     if (pi.empty())
         return false;
 
+    std::cout << "Verifying valid permutation matrix." << std::endl;
+
     verification =
         verify_valid_permutation_proof(pi[0], permutationCommits);
     if (!verification)
@@ -721,6 +719,8 @@ bool PrsonaServer::accept_epoch_updates(
         return false;
     }
 
+    std::cout << "Verifying valid pseudonym vector." << std::endl;
+
     verification = 
         verify_proof_of_reordering_plus_power(
             pi[1],
@@ -734,6 +734,8 @@ bool PrsonaServer::accept_epoch_updates(
         return false;
     }
 
+    std::cout << "Verifying valid server tally vector." << std::endl;
+
     verification = 
         verify_proof_of_reordering<TwistBipoint>(
             pi[2],
@@ -741,14 +743,15 @@ bool PrsonaServer::accept_epoch_updates(
             permutationCommits,
             serverTallyCommits,
             bgnSystem.get_public_key().get_bipoint_twistgen(),
-            bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen(),
-            false);
+            bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen());
     if (!verification)
     {
         std::cerr << "Could not verify valid server tally vector." << std::endl;
         return false;
     }
 
+    std::cout << "Verifying valid first half vote matrix." << std::endl;
+
     size_t currOffset = 3;
     verification = verify_vote_tensor_proofs(
         pi,
@@ -763,6 +766,8 @@ bool PrsonaServer::accept_epoch_updates(
         return false;
     }
 
+    std::cout << "Verifying valid second half vote matrix." << std::endl;
+
     std::vector<std::vector<CurveBipoint>> partialVoteMatrix =
         calculate_next_vote_matrix(voteMatrixCommits[0]);
     currOffset += voteMatrix.size();
@@ -791,6 +796,8 @@ bool PrsonaServer::accept_epoch_updates(
             userTallyMessages.push_back(currentUserEncryptedTallies[i].encryptedMessage);
         }
 
+        std::cout << "Verifying valid user tally masks." << std::endl;
+
         verification = verify_proof_of_reordering_plus_power(
             pi[currOffset],
             userTallyMasks,
@@ -805,14 +812,15 @@ bool PrsonaServer::accept_epoch_updates(
 
         currOffset++;
 
+        std::cout << "Verifying valid user tally messages." << std::endl;
+
         verification = verify_proof_of_reordering<Curvepoint>(
             pi[currOffset],
             userTallyMessages,
             permutationCommits,
             userTallyCommits[1],
             EL_GAMAL_GENERATOR,
-            elGamalBlindGenerator,
-            false);
+            elGamalBlindGenerator);
         if (!verification)
         {
             std::cerr << "Could not verify user tally messages." << std::endl;
@@ -820,6 +828,8 @@ bool PrsonaServer::accept_epoch_updates(
         }
     }
 
+    std::cout << "Verifying pseudonyms are all different." << std::endl;
+
     verification = update_data(
         freshPseudonymCommits,
         serverTallyCommits,
@@ -899,7 +909,7 @@ std::vector<std::vector<Curvepoint>> PrsonaServer::generate_commitment_matrix(
                 seeds[i][last] = seeds[i][last] - seeds[i][j];
             }
 
-            element = encrypt<Curvepoint>(g, h, permutations[i][j], seeds[i][j]);
+            element = g * permutations[i][j] + h * seeds[i][j];
 
             currRow.push_back(element);
         }
@@ -933,7 +943,6 @@ std::vector<std::vector<TwistBipoint>> PrsonaServer::generate_server_tally_matri
         previousVoteTallies,
         seeds,
         bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen(),
-        false,
         false);
 }
 
@@ -965,7 +974,6 @@ std::vector<std::vector<std::vector<CurveBipoint>>> PrsonaServer::generate_vote_
             inputRow,
             currSeeds,
             bgnSystem.get_public_key().get_bipoint_curve_subgroup_gen(),
-            true,
             false));
 
         seeds.push_back(currSeeds);
@@ -1028,8 +1036,7 @@ void PrsonaServer::generate_vote_tensor_proofs(
             permutationCommits,
             matrixCommits[i],
             bgnSystem.get_public_key().get_bipoint_curvegen(),
-            bgnSystem.get_public_key().get_bipoint_curve_subgroup_gen(),
-            true));
+            bgnSystem.get_public_key().get_bipoint_curve_subgroup_gen()));
     }
 }
 
@@ -1063,8 +1070,7 @@ bool PrsonaServer::verify_vote_tensor_proofs(
             permutationCommits,
             matrixCommits[i],
             bgnSystem.get_public_key().get_bipoint_curvegen(),
-            bgnSystem.get_public_key().get_bipoint_curve_subgroup_gen(),
-            true);
+            bgnSystem.get_public_key().get_bipoint_curve_subgroup_gen());
     }
 
     return retval;
@@ -1104,7 +1110,6 @@ std::vector<std::vector<std::vector<Curvepoint>>> PrsonaServer::generate_user_ta
             messages,
             messageSeeds,
             elGamalBlindGenerator,
-            false,
             false));
 
     return retval;
@@ -1141,7 +1146,6 @@ std::vector<std::vector<T>> PrsonaServer::generate_reordered_plus_power_matrix(
             oldValues,
             seeds,
             h,
-            false,
             true);
 
     for (size_t i = 0; i < permutations.size(); i++)
@@ -1157,7 +1161,6 @@ std::vector<std::vector<T>> PrsonaServer::generate_reordered_matrix(
     const std::vector<T>& oldValues,
     std::vector<std::vector<Scalar>>& seeds,
     const T& h,
-    bool inverted,
     bool cancelOut) const
 {
     std::vector<std::vector<T>> retval;
@@ -1166,75 +1169,33 @@ std::vector<std::vector<T>> PrsonaServer::generate_reordered_matrix(
     for (size_t i = 0; i < permutations.size(); i++)
     {
         std::vector<Scalar> currSeeds;
-        for (size_t j = 0; j < permutations[i].size(); j++)
+        std::vector<T> currRow;
+        for (size_t j = 0; j < permutations[i].size(); j++)\
+        {
             currSeeds.push_back(Scalar(0));
+            currRow.push_back(T());
+        }
         seeds.push_back(currSeeds);
+        retval.push_back(currRow);
     }
 
     for (size_t i = 0; i < permutations.size(); i++)
     {
-        std::vector<T> currRow;
-
-        T g = oldValues[i];
-
-        size_t last =
-            (inverted ?
-                permutations[i].size() - 1 :
-                permutations.size() - 1);
+        size_t last = permutations[i].size() - 1;
         for (size_t j = 0; j < permutations[i].size(); j++)
         {
-            T element;
-
             if (!cancelOut)
             {
                 seeds[i][j].set_random();
             }
-            else if (inverted && j != last)
+            else if (j != last)
             {
                 seeds[i][j].set_random();
                 seeds[i][last] = seeds[i][last] - seeds[i][j];
             }
-            else if (!inverted && i != last)
-            {
-                seeds[i][j].set_random();
-                seeds[last][j] = seeds[last][j] - seeds[i][j];
-            }
 
-            element = encrypt<T>(g, h, permutations[i][j], seeds[i][j]);
-
-            currRow.push_back(element);
+            retval[i][j] = oldValues[j] * permutations[j][i] + h * seeds[i][j];
         }
-
-        retval.push_back(currRow);
-    }
-
-    /* We have to transpose here, because the way we calculate things
-     * is transposed of the actual result we want
-     * (where you can fold a row into the correct value,
-     * instead of folding a column).
-     * "inverted" is true when we need this transposed version
-     * (right multiplication by P^T, or left multiplication by P) */
-    if (!inverted)
-    {
-        retval = transpose_matrix<T>(retval);
-        seeds = transpose_matrix<Scalar>(seeds);
-    }
-
-    return retval;
-}
-
-template <typename T>
-std::vector<std::vector<T>> PrsonaServer::transpose_matrix(
-    const std::vector<std::vector<T>>& input) const
-{
-    std::vector<std::vector<T>> retval;
-
-    for (size_t i = 0; i < input.size(); i++)
-    {
-        std::vector<T> currRow;
-        for (size_t j = 0; j < input[i].size(); j++)
-            currRow.push_back(input[j][i]);
-        retval.push_back(currRow);
     }
 
     return retval;
@@ -1263,13 +1224,6 @@ std::vector<size_t> PrsonaServer::sort_data(const std::vector<Curvepoint>& input
     return retval;
 }
 
-template <typename T>
-T PrsonaServer::encrypt(
-    const T& g, const T& h, const Scalar& plaintext, const Scalar& lambda) const
-{
-    return g * plaintext + h * lambda;
-}
-
 bool PrsonaServer::update_data(
     const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
     const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,

prsona/src/serverEntity.cpp

@@ -459,10 +459,7 @@ void PrsonaServerEntity::epoch(size_t which)
 
     // go from A_0 to A_0.5
     for (size_t i = 0; i < servers[which].get_num_servers(); i++)
-    {
-        if (i > 0)
-            continue;
-        
+    {   
         size_t realI = (which + i) % servers[which].get_num_servers();
 
         std::cout << "Building up on server " << realI << "." << std::endl;
@@ -481,7 +478,7 @@ void PrsonaServerEntity::epoch(size_t which)
             std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
             std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
 
-            size_t realJ = (which + j) % servers[which].get_num_servers();
+            size_t realJ = (realI + j) % servers[which].get_num_servers();
 
             std::cout << "Giving to server " << realJ << "." << std::endl;
 
@@ -498,61 +495,61 @@ void PrsonaServerEntity::epoch(size_t which)
         }
     }
 
-    // std::vector<Proof> generator_proof = pi[0][0];
-    // pi.clear();
-    // permutationCommits.clear();
-    // freshPseudonymCommits.clear();
-    // freshPseudonymSeedCommits.clear();
-    // serverTallyCommits.clear();
-    // voteMatrixCommits.clear();
-
-    // std::cout << "Tallying scores." << std::endl;
-
-    // /* Imagine that server 0 is encrypting these, then would do a ZKP that it
-    //  * knows a secret mask and encrypted the correct value everyone else already
-    //  * knows. Everyone else then adds a mask and proves they added a secret mask
-    //  * to the committed values. */
-    // std::vector<EGCiphertext> currentUserEncryptedTallies =
-    //     tally_scores(nextGenerator, which);
-    // distribute_tallied_scores(currentUserEncryptedTallies);
+    std::vector<Proof> generator_proof = pi[0][0];
+    pi.clear();
+    permutationCommits.clear();
+    freshPseudonymCommits.clear();
+    freshPseudonymSeedCommits.clear();
+    serverTallyCommits.clear();
+    voteMatrixCommits.clear();
+
+    std::cout << "Tallying scores." << std::endl;
+
+    /* Imagine that server 0 is encrypting these, then would do a ZKP that it
+     * knows a secret mask and encrypted the correct value everyone else already
+     * knows. Everyone else then adds a mask and proves they added a secret mask
+     * to the committed values. */
+    std::vector<EGCiphertext> currentUserEncryptedTallies =
+        tally_scores(nextGenerator, which);
+    distribute_tallied_scores(currentUserEncryptedTallies);
     
-    // // go from A_0.5 to A_1
-    // for (size_t i = 0; i < servers[which].get_num_servers(); i++)
-    // {
-    //     size_t realI = (which + i) % servers[which].get_num_servers();
+    // go from A_0.5 to A_1
+    for (size_t i = 0; i < servers[which].get_num_servers(); i++)
+    {
+        size_t realI = (which + i) % servers[which].get_num_servers();
 
-    //     std::cout << "Breaking down on server " << realI << "." << std::endl;
+        std::cout << "Breaking down on server " << realI << "." << std::endl;
         
-    //     servers[realI].break_down_midway_pseudonyms(
-    //         generator_proof,
-    //         pi,
-    //         permutationCommits,
-    //         freshPseudonymCommits,
-    //         freshPseudonymSeedCommits,
-    //         serverTallyCommits,
-    //         voteMatrixCommits,
-    //         userTallyCommits,
-    //         userTallyMaskSeedCommits,
-    //         nextGenerator);
+        servers[realI].break_down_midway_pseudonyms(
+            generator_proof,
+            pi,
+            permutationCommits,
+            freshPseudonymCommits,
+            freshPseudonymSeedCommits,
+            serverTallyCommits,
+            voteMatrixCommits,
+            userTallyCommits,
+            userTallyMaskSeedCommits,
+            nextGenerator);
         
-    //     for (size_t j = 1; j < servers[which].get_num_servers(); j++)
-    //     {
-    //         size_t realJ = (which + j) % servers[which].get_num_servers();
-
-    //         std::cout << "Giving to server " << realJ << "." << std::endl;
-
-    //         servers[realJ].accept_epoch_updates(
-    //             pi[i],
-    //             permutationCommits[i],
-    //             freshPseudonymCommits[i],
-    //             freshPseudonymSeedCommits[i],
-    //             serverTallyCommits[i],
-    //             voteMatrixCommits[i],
-    //             userTallyCommits[i],
-    //             userTallyMaskSeedCommits[i],
-    //             true);
-    //     }
-    // }
+        for (size_t j = 1; j < servers[which].get_num_servers(); j++)
+        {
+            size_t realJ = (which + j) % servers[which].get_num_servers();
+
+            std::cout << "Giving to server " << realJ << "." << std::endl;
+
+            servers[realJ].accept_epoch_updates(
+                pi[i],
+                permutationCommits[i],
+                freshPseudonymCommits[i],
+                freshPseudonymSeedCommits[i],
+                serverTallyCommits[i],
+                voteMatrixCommits[i],
+                userTallyCommits[i],
+                userTallyMaskSeedCommits[i],
+                true);
+        }
+    }
 }
 
 void PrsonaServerEntity::print_scores() const