|
@@ -395,7 +395,8 @@ void PrsonaServer::build_up_midway_pseudonyms(
|
|
|
std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
|
|
|
std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
|
|
|
std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
|
|
|
- std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
|
|
|
+ std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& partwayVoteMatrixCommits,
|
|
|
+ std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& finalVoteMatrixCommits,
|
|
|
Curvepoint& nextGenerator)
|
|
|
{
|
|
|
nextSeed.set_random();
|
|
@@ -404,25 +405,31 @@ void PrsonaServer::build_up_midway_pseudonyms(
|
|
|
std::vector<std::vector<Curvepoint>> currFreshPseudonymCommits;
|
|
|
std::vector<std::vector<Curvepoint>> currFreshPseudonymSeedCommits;
|
|
|
std::vector<std::vector<TwistBipoint>> currServerTallyCommits;
|
|
|
- std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>> currVoteMatrixCommits;
|
|
|
- std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
|
|
|
- std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>> currPartwayVoteMatrixCommits;
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>> currFinalVoteMatrixCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallyMaskCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallyMessageCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallySeedCommits;
|
|
|
pi.push_back(epoch_calculations(
|
|
|
currPermutationCommits,
|
|
|
currFreshPseudonymCommits,
|
|
|
currFreshPseudonymSeedCommits,
|
|
|
currServerTallyCommits,
|
|
|
- currVoteMatrixCommits,
|
|
|
- currUserTallyCommits,
|
|
|
- currUserTallyMaskSeedCommits,
|
|
|
+ currPartwayVoteMatrixCommits,
|
|
|
+ currFinalVoteMatrixCommits,
|
|
|
+ currUserTallyMaskCommits,
|
|
|
+ currUserTallyMessageCommits,
|
|
|
+ currUserTallySeedCommits,
|
|
|
nextSeed,
|
|
|
+ nextGenerator,
|
|
|
false));
|
|
|
|
|
|
permutationCommits.push_back(currPermutationCommits);
|
|
|
freshPseudonymCommits.push_back(currFreshPseudonymCommits);
|
|
|
freshPseudonymSeedCommits.push_back(currFreshPseudonymSeedCommits);
|
|
|
serverTallyCommits.push_back(currServerTallyCommits);
|
|
|
- voteMatrixCommits.push_back(currVoteMatrixCommits);
|
|
|
+ partwayVoteMatrixCommits.push_back(currPartwayVoteMatrixCommits);
|
|
|
+ finalVoteMatrixCommits.push_back(currFinalVoteMatrixCommits);
|
|
|
|
|
|
pi[0][0].push_back(
|
|
|
add_to_generator_proof(nextGenerator, nextSeed));
|
|
@@ -440,9 +447,11 @@ void PrsonaServer::break_down_midway_pseudonyms(
|
|
|
std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymCommits,
|
|
|
std::vector<std::vector<std::vector<Curvepoint>>>& freshPseudonymSeedCommits,
|
|
|
std::vector<std::vector<std::vector<TwistBipoint>>>& serverTallyCommits,
|
|
|
- std::vector<std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>>& voteMatrixCommits,
|
|
|
- std::vector<std::vector<std::vector<std::vector<Curvepoint>>>>& userTallyCommits,
|
|
|
- std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskSeedCommits,
|
|
|
+ std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& partwayVoteMatrixCommits,
|
|
|
+ std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& finalVoteMatrixCommits,
|
|
|
+ std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMaskCommits,
|
|
|
+ std::vector<std::vector<std::vector<Curvepoint>>>& userTallyMessageCommits,
|
|
|
+ std::vector<std::vector<std::vector<Curvepoint>>>& userTallySeedCommits,
|
|
|
const Curvepoint& nextGenerator)
|
|
|
{
|
|
|
if (!initialize_fresh_generator(generatorProof, nextGenerator))
|
|
@@ -457,27 +466,34 @@ void PrsonaServer::break_down_midway_pseudonyms(
|
|
|
std::vector<std::vector<Curvepoint>> currFreshPseudonymCommits;
|
|
|
std::vector<std::vector<Curvepoint>> currFreshPseudonymSeedCommits;
|
|
|
std::vector<std::vector<TwistBipoint>> currServerTallyCommits;
|
|
|
- std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>> currVoteMatrixCommits;
|
|
|
- std::vector<std::vector<std::vector<Curvepoint>>> currUserTallyCommits;
|
|
|
- std::vector<std::vector<Curvepoint>> currUserTallyMaskSeedCommits;
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>> currPartwayVoteMatrixCommits;
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>> currFinalVoteMatrixCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallyMaskCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallyMessageCommits;
|
|
|
+ std::vector<std::vector<Curvepoint>> currUserTallySeedCommits;
|
|
|
pi.push_back(epoch_calculations(
|
|
|
currPermutationCommits,
|
|
|
currFreshPseudonymCommits,
|
|
|
currFreshPseudonymSeedCommits,
|
|
|
currServerTallyCommits,
|
|
|
- currVoteMatrixCommits,
|
|
|
- currUserTallyCommits,
|
|
|
- currUserTallyMaskSeedCommits,
|
|
|
+ currPartwayVoteMatrixCommits,
|
|
|
+ currFinalVoteMatrixCommits,
|
|
|
+ currUserTallyMaskCommits,
|
|
|
+ currUserTallyMessageCommits,
|
|
|
+ currUserTallySeedCommits,
|
|
|
inverseSeed,
|
|
|
+ nextGenerator,
|
|
|
true));
|
|
|
|
|
|
permutationCommits.push_back(currPermutationCommits);
|
|
|
freshPseudonymCommits.push_back(currFreshPseudonymCommits);
|
|
|
freshPseudonymSeedCommits.push_back(currFreshPseudonymSeedCommits);
|
|
|
serverTallyCommits.push_back(currServerTallyCommits);
|
|
|
- voteMatrixCommits.push_back(currVoteMatrixCommits);
|
|
|
- userTallyCommits.push_back(currUserTallyCommits);
|
|
|
- userTallyMaskSeedCommits.push_back(currUserTallyMaskSeedCommits);
|
|
|
+ partwayVoteMatrixCommits.push_back(currPartwayVoteMatrixCommits);
|
|
|
+ finalVoteMatrixCommits.push_back(currFinalVoteMatrixCommits);
|
|
|
+ userTallyMaskCommits.push_back(currUserTallyMaskCommits);
|
|
|
+ userTallyMessageCommits.push_back(currUserTallyMessageCommits);
|
|
|
+ userTallySeedCommits.push_back(currUserTallySeedCommits);
|
|
|
|
|
|
currentSeed = nextSeed;
|
|
|
}
|
|
@@ -491,41 +507,28 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
|
|
|
std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
|
|
|
std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
|
|
|
std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
|
|
|
- std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
|
|
|
- std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
|
|
|
- std::vector<std::vector<Curvepoint>> & userTallyMaskSeedCommits,
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>>& partwayVoteMatrixCommits,
|
|
|
+ std::vector<std::vector<std::vector<CurveBipoint>>>& finalVoteMatrixCommits,
|
|
|
+ std::vector<std::vector<Curvepoint>>& userTallyMaskCommits,
|
|
|
+ std::vector<std::vector<Curvepoint>>& userTallyMessageCommits,
|
|
|
+ std::vector<std::vector<Curvepoint>>& userTallySeedCommits,
|
|
|
const Scalar& power,
|
|
|
+ const Curvepoint& nextGenerator,
|
|
|
bool doUserTallies)
|
|
|
{
|
|
|
std::vector<std::vector<Proof>> retval;
|
|
|
|
|
|
- std::vector<Curvepoint> nextPseudonyms;
|
|
|
- for (size_t i = 0; i < currentPseudonyms.size(); i++)
|
|
|
- nextPseudonyms.push_back(currentPseudonyms[i] * power);
|
|
|
-
|
|
|
- std::vector<size_t> order = sort_data(nextPseudonyms);
|
|
|
- for (size_t i = 0; i < currentPseudonyms.size(); i++)
|
|
|
- nextPseudonyms[i] = currentPseudonyms[order[i]] * power;
|
|
|
-
|
|
|
- std::cout << "Generating permutation matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<std::vector<Scalar>> permutations =
|
|
|
generate_permutation_matrix(power);
|
|
|
|
|
|
- std::cout << "Generating permutation commitment matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<std::vector<Scalar>> permutationSeeds;
|
|
|
permutationCommits.clear();
|
|
|
permutationCommits =
|
|
|
generate_commitment_matrix(permutations, permutationSeeds);
|
|
|
|
|
|
- std::cout << "Generating permutation proof." << std::endl;
|
|
|
-
|
|
|
retval.push_back(generate_valid_permutation_proof(
|
|
|
permutations, permutationSeeds, permutationCommits));
|
|
|
|
|
|
- std::cout << "Generating pseudonym matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<std::vector<Scalar>> freshPseudonymSeeds;
|
|
|
freshPseudonymSeedCommits.clear();
|
|
|
freshPseudonymCommits.clear();
|
|
@@ -536,17 +539,6 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
|
|
|
freshPseudonymSeeds,
|
|
|
freshPseudonymSeedCommits);
|
|
|
|
|
|
- // for (size_t i = 0; i < freshPseudonymCommits.size(); i++)
|
|
|
- // {
|
|
|
- // Curvepoint sum = freshPseudonymCommits[i][0];
|
|
|
- // for (size_t j = 1; j < freshPseudonymCommits[i].size(); j++)
|
|
|
- // sum = sum + freshPseudonymCommits[i][j];
|
|
|
- // std::cout << "Fresh pseudonym commit row " << i + 1 << " of " << permutationCommits.size()
|
|
|
- // << (sum == nextPseudonyms[i] ? ": PASS" : ": FAIL") << std::endl;
|
|
|
- // }
|
|
|
-
|
|
|
- std::cout << "Generating pseudonym proof." << std::endl;
|
|
|
-
|
|
|
retval.push_back(
|
|
|
generate_proof_of_reordering_plus_power(
|
|
|
permutations,
|
|
@@ -558,8 +550,6 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
|
|
|
freshPseudonymCommits,
|
|
|
freshPseudonymSeedCommits));
|
|
|
|
|
|
- std::cout << "Generating server tally matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<std::vector<Scalar>> serverTallySeeds;
|
|
|
serverTallyCommits.clear();
|
|
|
serverTallyCommits =
|
|
@@ -567,8 +557,6 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
|
|
|
permutations,
|
|
|
serverTallySeeds);
|
|
|
|
|
|
- std::cout << "Generating server tally proof." << std::endl;
|
|
|
-
|
|
|
retval.push_back(
|
|
|
generate_proof_of_reordering<TwistBipoint>(
|
|
|
permutations,
|
|
@@ -580,109 +568,88 @@ std::vector<std::vector<Proof>> PrsonaServer::epoch_calculations(
|
|
|
bgnSystem.get_public_key().get_bipoint_twistgen(),
|
|
|
bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen()));
|
|
|
|
|
|
- std::cout << "Doing V * P." << std::endl;
|
|
|
-
|
|
|
- std::vector<std::vector<std::vector<Scalar>>> firstVoteMatrixSeeds;
|
|
|
- std::vector<std::vector<std::vector<Scalar>>> secondVoteMatrixSeeds;
|
|
|
- voteMatrixCommits.push_back(
|
|
|
- generate_vote_tensor(
|
|
|
- permutations,
|
|
|
- voteMatrix,
|
|
|
- firstVoteMatrixSeeds,
|
|
|
- false));
|
|
|
-
|
|
|
- std::cout << "Finishing V * P calculation." << std::endl;
|
|
|
+ std::vector<std::vector<std::vector<Scalar>>> partwayVoteMatrixSeeds;
|
|
|
+ std::vector<std::vector<std::vector<Scalar>>> finalVoteMatrixSeeds;
|
|
|
+ partwayVoteMatrixCommits.clear();
|
|
|
+ partwayVoteMatrixCommits = generate_vote_tensor(
|
|
|
+ permutations,
|
|
|
+ voteMatrix,
|
|
|
+ partwayVoteMatrixSeeds,
|
|
|
+ false);
|
|
|
|
|
|
std::vector<std::vector<CurveBipoint>> partialVoteMatrix =
|
|
|
- calculate_next_vote_matrix(voteMatrixCommits[0]);
|
|
|
+ calculate_next_vote_matrix(partwayVoteMatrixCommits);
|
|
|
|
|
|
- std::cout << "Doing P^T * (V * P)." << std::endl;
|
|
|
-
|
|
|
- voteMatrixCommits.push_back(
|
|
|
- generate_vote_tensor(
|
|
|
- permutations,
|
|
|
- partialVoteMatrix,
|
|
|
- secondVoteMatrixSeeds,
|
|
|
- true));
|
|
|
-
|
|
|
- std::cout << "Proving V * P." << std::endl;
|
|
|
+ finalVoteMatrixCommits.clear();
|
|
|
+ finalVoteMatrixCommits = generate_vote_tensor(
|
|
|
+ permutations,
|
|
|
+ partialVoteMatrix,
|
|
|
+ finalVoteMatrixSeeds,
|
|
|
+ true);
|
|
|
|
|
|
generate_vote_tensor_proofs(
|
|
|
retval,
|
|
|
permutations,
|
|
|
permutationSeeds,
|
|
|
- firstVoteMatrixSeeds,
|
|
|
+ partwayVoteMatrixSeeds,
|
|
|
voteMatrix,
|
|
|
permutationCommits,
|
|
|
- voteMatrixCommits[0],
|
|
|
+ partwayVoteMatrixCommits,
|
|
|
false);
|
|
|
|
|
|
- std::cout << "Proving P^T * (V * P)." << std::endl;
|
|
|
-
|
|
|
generate_vote_tensor_proofs(
|
|
|
retval,
|
|
|
permutations,
|
|
|
permutationSeeds,
|
|
|
- secondVoteMatrixSeeds,
|
|
|
+ finalVoteMatrixSeeds,
|
|
|
partialVoteMatrix,
|
|
|
permutationCommits,
|
|
|
- voteMatrixCommits[1],
|
|
|
+ finalVoteMatrixCommits,
|
|
|
true);
|
|
|
|
|
|
if (doUserTallies)
|
|
|
{
|
|
|
- std::cout << "Generating user tally matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<Curvepoint> userTallyMasks;
|
|
|
- std::vector<std::vector<Scalar>> userTallyMaskSeeds;
|
|
|
- userTallyMaskSeedCommits.clear();
|
|
|
std::vector<Curvepoint> userTallyMessages;
|
|
|
- std::vector<std::vector<Scalar>> userTallyMessageSeeds;
|
|
|
- userTallyCommits =
|
|
|
- generate_user_tally_matrix(
|
|
|
- permutations,
|
|
|
- power,
|
|
|
- userTallyMasks,
|
|
|
- userTallyMessages,
|
|
|
- userTallyMaskSeeds,
|
|
|
- userTallyMaskSeedCommits,
|
|
|
- userTallyMessageSeeds);
|
|
|
-
|
|
|
- std::cout << "Proving user tally mask matrix." << std::endl;
|
|
|
+ std::vector<std::vector<Scalar>> userTallySeeds;
|
|
|
+ userTallyMaskCommits.clear();
|
|
|
+ userTallyMessageCommits.clear();
|
|
|
+ userTallySeedCommits.clear();
|
|
|
+ generate_user_tally_matrix(
|
|
|
+ permutations,
|
|
|
+ power,
|
|
|
+ nextGenerator,
|
|
|
+ currentPseudonyms,
|
|
|
+ userTallyMasks,
|
|
|
+ userTallyMaskCommits,
|
|
|
+ userTallyMessages,
|
|
|
+ userTallyMessageCommits,
|
|
|
+ userTallySeeds,
|
|
|
+ userTallySeedCommits);
|
|
|
|
|
|
retval.push_back(
|
|
|
- generate_proof_of_reordering_plus_power(
|
|
|
+ generate_user_tally_proofs(
|
|
|
permutations,
|
|
|
power,
|
|
|
+ nextGenerator,
|
|
|
permutationSeeds,
|
|
|
- userTallyMaskSeeds,
|
|
|
+ userTallySeeds,
|
|
|
+ currentPseudonyms,
|
|
|
userTallyMasks,
|
|
|
- permutationCommits,
|
|
|
- userTallyCommits[0],
|
|
|
- userTallyMaskSeedCommits));
|
|
|
-
|
|
|
- std::cout << "Proving user tally message matrix." << std::endl;
|
|
|
-
|
|
|
- retval.push_back(
|
|
|
- generate_proof_of_reordering<Curvepoint>(
|
|
|
- permutations,
|
|
|
- permutationSeeds,
|
|
|
- userTallyMessageSeeds,
|
|
|
userTallyMessages,
|
|
|
permutationCommits,
|
|
|
- userTallyCommits[1],
|
|
|
- EL_GAMAL_GENERATOR,
|
|
|
- elGamalBlindGenerator));
|
|
|
+ userTallyMaskCommits,
|
|
|
+ userTallyMessageCommits,
|
|
|
+ userTallySeedCommits));
|
|
|
}
|
|
|
|
|
|
- std::cout << "Giving self updates." << std::endl;
|
|
|
-
|
|
|
// Replace internal values
|
|
|
update_data(
|
|
|
freshPseudonymCommits,
|
|
|
serverTallyCommits,
|
|
|
- voteMatrixCommits[1],
|
|
|
- userTallyCommits);
|
|
|
+ finalVoteMatrixCommits,
|
|
|
+ userTallyMaskCommits,
|
|
|
+ userTallyMessageCommits);
|
|
|
|
|
|
return retval;
|
|
|
}
|
|
@@ -693,14 +660,17 @@ bool PrsonaServer::accept_epoch_updates(
|
|
|
const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
|
|
|
const std::vector<std::vector<Curvepoint>>& freshPseudonymSeedCommits,
|
|
|
const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
|
|
|
- const std::vector<std::vector<std::vector<std::vector<CurveBipoint>>>>& voteMatrixCommits,
|
|
|
- const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits,
|
|
|
- const std::vector<std::vector<Curvepoint>>& userTallyMaskSeedCommits,
|
|
|
+ const std::vector<std::vector<std::vector<CurveBipoint>>>& partwayVoteMatrixCommits,
|
|
|
+ const std::vector<std::vector<std::vector<CurveBipoint>>>& finalVoteMatrixCommits,
|
|
|
+ const std::vector<std::vector<Curvepoint>>& userTallyMaskCommits,
|
|
|
+ const std::vector<std::vector<Curvepoint>>& userTallyMessageCommits,
|
|
|
+ const std::vector<std::vector<Curvepoint>>& userTallySeedCommits,
|
|
|
+ const Curvepoint& nextGenerator,
|
|
|
bool doUserTallies)
|
|
|
{
|
|
|
bool verification;
|
|
|
|
|
|
- if ((userTallyCommits.empty() && doUserTallies) || (!userTallyCommits.empty() && !doUserTallies))
|
|
|
+ if ((userTallyMaskCommits.empty() && doUserTallies) || (!userTallyMaskCommits.empty() && !doUserTallies))
|
|
|
{
|
|
|
std::cerr << "user tallies are not in expected state." << std::endl;
|
|
|
return false;
|
|
@@ -709,83 +679,76 @@ bool PrsonaServer::accept_epoch_updates(
|
|
|
if (pi.empty())
|
|
|
return false;
|
|
|
|
|
|
- std::cout << "Verifying valid permutation matrix." << std::endl;
|
|
|
+ size_t currOffset = 0;
|
|
|
|
|
|
verification =
|
|
|
- verify_valid_permutation_proof(pi[0], permutationCommits);
|
|
|
+ verify_valid_permutation_proof(pi[currOffset], permutationCommits);
|
|
|
+ currOffset++;
|
|
|
if (!verification)
|
|
|
{
|
|
|
std::cerr << "Could not verify valid permutation matrix." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying valid pseudonym vector." << std::endl;
|
|
|
-
|
|
|
verification =
|
|
|
verify_proof_of_reordering_plus_power(
|
|
|
- pi[1],
|
|
|
+ pi[currOffset],
|
|
|
currentPseudonyms,
|
|
|
permutationCommits,
|
|
|
freshPseudonymCommits,
|
|
|
freshPseudonymSeedCommits);
|
|
|
+ currOffset++;
|
|
|
if (!verification)
|
|
|
{
|
|
|
std::cerr << "Could not verify valid pseudonym vector." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying valid server tally vector." << std::endl;
|
|
|
-
|
|
|
verification =
|
|
|
verify_proof_of_reordering<TwistBipoint>(
|
|
|
- pi[2],
|
|
|
+ pi[currOffset],
|
|
|
previousVoteTallies,
|
|
|
permutationCommits,
|
|
|
serverTallyCommits,
|
|
|
bgnSystem.get_public_key().get_bipoint_twistgen(),
|
|
|
bgnSystem.get_public_key().get_bipoint_twist_subgroup_gen());
|
|
|
+ currOffset++;
|
|
|
if (!verification)
|
|
|
{
|
|
|
std::cerr << "Could not verify valid server tally vector." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying valid first half vote matrix." << std::endl;
|
|
|
-
|
|
|
- size_t currOffset = 3;
|
|
|
verification = verify_vote_tensor_proofs(
|
|
|
pi,
|
|
|
currOffset,
|
|
|
voteMatrix,
|
|
|
permutationCommits,
|
|
|
- voteMatrixCommits[0],
|
|
|
+ partwayVoteMatrixCommits,
|
|
|
false);
|
|
|
+ currOffset += voteMatrix.size();
|
|
|
if (!verification)
|
|
|
{
|
|
|
std::cerr << "Could not verify first half vote matrix." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying valid second half vote matrix." << std::endl;
|
|
|
-
|
|
|
std::vector<std::vector<CurveBipoint>> partialVoteMatrix =
|
|
|
- calculate_next_vote_matrix(voteMatrixCommits[0]);
|
|
|
- currOffset += voteMatrix.size();
|
|
|
+ calculate_next_vote_matrix(partwayVoteMatrixCommits);
|
|
|
verification = verify_vote_tensor_proofs(
|
|
|
pi,
|
|
|
currOffset,
|
|
|
partialVoteMatrix,
|
|
|
permutationCommits,
|
|
|
- voteMatrixCommits[1],
|
|
|
+ finalVoteMatrixCommits,
|
|
|
true);
|
|
|
+ currOffset += voteMatrix.size();
|
|
|
if (!verification)
|
|
|
{
|
|
|
std::cerr << "Could not verify second half vote matrix." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- currOffset += voteMatrix.size();
|
|
|
-
|
|
|
if (doUserTallies)
|
|
|
{
|
|
|
std::vector<Curvepoint> userTallyMasks;
|
|
@@ -796,45 +759,30 @@ bool PrsonaServer::accept_epoch_updates(
|
|
|
userTallyMessages.push_back(currentUserEncryptedTallies[i].encryptedMessage);
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying valid user tally masks." << std::endl;
|
|
|
-
|
|
|
- verification = verify_proof_of_reordering_plus_power(
|
|
|
+ verification = verify_user_tally_proofs(
|
|
|
pi[currOffset],
|
|
|
+ nextGenerator,
|
|
|
+ currentPseudonyms,
|
|
|
userTallyMasks,
|
|
|
- permutationCommits,
|
|
|
- userTallyCommits[0],
|
|
|
- userTallyMaskSeedCommits);
|
|
|
- if (!verification)
|
|
|
- {
|
|
|
- std::cerr << "Could not verify user tally masks." << std::endl;
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- currOffset++;
|
|
|
-
|
|
|
- std::cout << "Verifying valid user tally messages." << std::endl;
|
|
|
-
|
|
|
- verification = verify_proof_of_reordering<Curvepoint>(
|
|
|
- pi[currOffset],
|
|
|
userTallyMessages,
|
|
|
permutationCommits,
|
|
|
- userTallyCommits[1],
|
|
|
- EL_GAMAL_GENERATOR,
|
|
|
- elGamalBlindGenerator);
|
|
|
+ userTallyMaskCommits,
|
|
|
+ userTallyMessageCommits,
|
|
|
+ userTallySeedCommits);
|
|
|
+ currOffset++;
|
|
|
if (!verification)
|
|
|
{
|
|
|
- std::cerr << "Could not verify user tally messages." << std::endl;
|
|
|
+ std::cerr << "Could not verify user tallies." << std::endl;
|
|
|
return false;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- std::cout << "Verifying pseudonyms are all different." << std::endl;
|
|
|
-
|
|
|
verification = update_data(
|
|
|
freshPseudonymCommits,
|
|
|
serverTallyCommits,
|
|
|
- voteMatrixCommits[1],
|
|
|
- userTallyCommits);
|
|
|
+ finalVoteMatrixCommits,
|
|
|
+ userTallyMaskCommits,
|
|
|
+ userTallyMessageCommits);
|
|
|
|
|
|
return verification;
|
|
|
}
|
|
@@ -861,17 +809,6 @@ std::vector<std::vector<Scalar>> PrsonaServer::generate_permutation_matrix(
|
|
|
for (size_t i = 0; i < order.size(); i++)
|
|
|
retval[order[i]][i] = Scalar(1);
|
|
|
|
|
|
- std::cout << "[";
|
|
|
- for (size_t i = 0; i < order.size(); i++)
|
|
|
- {
|
|
|
- std::cout << "[";
|
|
|
- for (size_t j = 0; j < order.size(); j++)
|
|
|
- {
|
|
|
- std::cout << retval[i][j] << (j == order.size() - 1 ? "]" : " ");
|
|
|
- }
|
|
|
- std::cout << (i == order.size() - 1 ? "]" : " ") << std::endl << (i == order.size() - 1 ? "" : " ");
|
|
|
- }
|
|
|
-
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
@@ -1076,17 +1013,18 @@ bool PrsonaServer::verify_vote_tensor_proofs(
|
|
|
return retval;
|
|
|
}
|
|
|
|
|
|
-std::vector<std::vector<std::vector<Curvepoint>>> PrsonaServer::generate_user_tally_matrix(
|
|
|
+void PrsonaServer::generate_user_tally_matrix(
|
|
|
const std::vector<std::vector<Scalar>>& permutations,
|
|
|
const Scalar& power,
|
|
|
+ const Curvepoint& nextGenerator,
|
|
|
+ const std::vector<Curvepoint>& currPseudonyms,
|
|
|
std::vector<Curvepoint>& masks,
|
|
|
+ std::vector<std::vector<Curvepoint>>& maskCommits,
|
|
|
std::vector<Curvepoint>& messages,
|
|
|
- std::vector<std::vector<Scalar>>& maskSeeds,
|
|
|
- std::vector<std::vector<Curvepoint>>& maskSeedCommits,
|
|
|
- std::vector<std::vector<Scalar>>& messageSeeds) const
|
|
|
+ std::vector<std::vector<Curvepoint>>& messageCommits,
|
|
|
+ std::vector<std::vector<Scalar>>& userTallySeeds,
|
|
|
+ std::vector<std::vector<Curvepoint>>& userTallySeedCommits) const
|
|
|
{
|
|
|
- std::vector<std::vector<std::vector<Curvepoint>>> retval;
|
|
|
-
|
|
|
masks.clear();
|
|
|
messages.clear();
|
|
|
for (size_t i = 0; i < currentUserEncryptedTallies.size(); i++)
|
|
@@ -1095,24 +1033,53 @@ std::vector<std::vector<std::vector<Curvepoint>>> PrsonaServer::generate_user_ta
|
|
|
messages.push_back(currentUserEncryptedTallies[i].encryptedMessage);
|
|
|
}
|
|
|
|
|
|
- retval.push_back(
|
|
|
- generate_reordered_plus_power_matrix<Curvepoint>(
|
|
|
- permutations,
|
|
|
- power,
|
|
|
- masks,
|
|
|
- maskSeeds,
|
|
|
- maskSeedCommits,
|
|
|
- elGamalBlindGenerator));
|
|
|
+ maskCommits.clear();
|
|
|
+ messageCommits.clear();
|
|
|
+ userTallySeeds.clear();
|
|
|
+ userTallySeedCommits.clear();
|
|
|
|
|
|
- retval.push_back(
|
|
|
- generate_reordered_matrix<Curvepoint>(
|
|
|
- permutations,
|
|
|
- messages,
|
|
|
- messageSeeds,
|
|
|
- elGamalBlindGenerator,
|
|
|
- false));
|
|
|
+ for (size_t i = 0; i < permutations.size(); i++)
|
|
|
+ {
|
|
|
+ std::vector<Scalar> currSeeds;
|
|
|
+ std::vector<Curvepoint> currRow;
|
|
|
+ for (size_t j = 0; j < permutations[i].size(); j++)
|
|
|
+ {
|
|
|
+ currSeeds.push_back(Scalar(0));
|
|
|
+ currRow.push_back(Curvepoint());
|
|
|
+ }
|
|
|
+ userTallySeeds.push_back(currSeeds);
|
|
|
+ maskCommits.push_back(currRow);
|
|
|
+ messageCommits.push_back(currRow);
|
|
|
+ userTallySeedCommits.push_back(currRow);
|
|
|
+ }
|
|
|
|
|
|
- return retval;
|
|
|
+ for (size_t i = 0; i < permutations.size(); i++)
|
|
|
+ {
|
|
|
+ size_t last = permutations[i].size() - 1;
|
|
|
+ for (size_t j = 0; j < permutations[i].size(); j++)
|
|
|
+ {
|
|
|
+ if (j != last)
|
|
|
+ {
|
|
|
+ userTallySeeds[i][j].set_random();
|
|
|
+ userTallySeeds[i][last] =
|
|
|
+ userTallySeeds[i][last] -
|
|
|
+ userTallySeeds[i][j];
|
|
|
+ }
|
|
|
+
|
|
|
+ maskCommits[i][j] =
|
|
|
+ masks[j] * permutations[j][i] * power +
|
|
|
+ currPseudonyms[j] * power * permutations[j][i] * userTallySeeds[i][j] +
|
|
|
+ elGamalBlindGenerator * userTallySeeds[i][j];
|
|
|
+
|
|
|
+ messageCommits[i][j] =
|
|
|
+ messages[j] * permutations[j][i] +
|
|
|
+ nextGenerator * permutations[j][i] * userTallySeeds[i][j] +
|
|
|
+ elGamalBlindGenerator * userTallySeeds[i][j];
|
|
|
+
|
|
|
+ userTallySeedCommits[i][j] =
|
|
|
+ EL_GAMAL_GENERATOR * userTallySeeds[i][j];
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
template <typename T>
|
|
@@ -1228,7 +1195,8 @@ bool PrsonaServer::update_data(
|
|
|
const std::vector<std::vector<Curvepoint>>& freshPseudonymCommits,
|
|
|
const std::vector<std::vector<TwistBipoint>>& serverTallyCommits,
|
|
|
const std::vector<std::vector<std::vector<CurveBipoint>>>& voteMatrixCommits,
|
|
|
- const std::vector<std::vector<std::vector<Curvepoint>>>& userTallyCommits)
|
|
|
+ const std::vector<std::vector<Curvepoint>>& userTallyMaskCommits,
|
|
|
+ const std::vector<std::vector<Curvepoint>>& userTallyMessageCommits)
|
|
|
{
|
|
|
std::vector<Curvepoint> newPseudonyms;
|
|
|
std::vector<TwistBipoint> newVoteTallies;
|
|
@@ -1240,10 +1208,10 @@ bool PrsonaServer::update_data(
|
|
|
TwistBipoint voteTallySum = serverTallyCommits[i][0];
|
|
|
|
|
|
Curvepoint userTallyMask, userTallyMessage;
|
|
|
- if (!userTallyCommits.empty())
|
|
|
+ if (!userTallyMaskCommits.empty())
|
|
|
{
|
|
|
- userTallyMask = userTallyCommits[i][0][0];
|
|
|
- userTallyMessage = userTallyCommits[i][0][1];
|
|
|
+ userTallyMask = userTallyMaskCommits[i][0];
|
|
|
+ userTallyMessage = userTallyMessageCommits[i][0];
|
|
|
}
|
|
|
|
|
|
for (size_t j = 1; j < freshPseudonymCommits[i].size(); j++)
|
|
@@ -1251,19 +1219,19 @@ bool PrsonaServer::update_data(
|
|
|
pseudonymSum = pseudonymSum + freshPseudonymCommits[i][j];
|
|
|
voteTallySum = voteTallySum + serverTallyCommits[i][j];
|
|
|
|
|
|
- if (!userTallyCommits.empty())
|
|
|
+ if (!userTallyMaskCommits.empty())
|
|
|
{
|
|
|
userTallyMask = userTallyMask +
|
|
|
- userTallyCommits[i][j][0];
|
|
|
+ userTallyMaskCommits[i][j];
|
|
|
userTallyMessage = userTallyMessage +
|
|
|
- userTallyCommits[i][j][1];
|
|
|
+ userTallyMessageCommits[i][j];
|
|
|
}
|
|
|
}
|
|
|
|
|
|
newPseudonyms.push_back(pseudonymSum);
|
|
|
newVoteTallies.push_back(voteTallySum);
|
|
|
|
|
|
- if (!userTallyCommits.empty())
|
|
|
+ if (!userTallyMaskCommits.empty())
|
|
|
{
|
|
|
newUserTallies.push_back(
|
|
|
EGCiphertext(userTallyMask, userTallyMessage));
|