|
@@ -1,4 +1,5 @@
|
|
#include <iostream>
|
|
#include <iostream>
|
|
|
|
+#include <fstream>
|
|
|
|
|
|
#include "base.hpp"
|
|
#include "base.hpp"
|
|
|
|
|
|
@@ -799,44 +800,78 @@ std::vector<Proof> PrsonaBase::generate_valid_permutation_proof(
|
|
return retval;
|
|
return retval;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+ Curvepoint g, h;
|
|
|
|
+ g = EL_GAMAL_GENERATOR;
|
|
|
|
+ h = elGamalBlindGenerator;
|
|
|
|
+
|
|
|
|
+ std::stringstream oracleInput;
|
|
|
|
+ oracleInput << g << h;
|
|
|
|
+
|
|
|
|
+ retval.push_back(Proof());
|
|
|
|
+ std::vector<std::vector<Scalar>> a, s, t;
|
|
|
|
+
|
|
|
|
+ for (size_t i = 0; i < commits.size(); i++)
|
|
|
|
+ {
|
|
|
|
+ std::vector<Scalar> currA, currS, currT;
|
|
|
|
+ for (size_t j = 0; j < commits[i].size(); j++)
|
|
|
|
+ {
|
|
|
|
+ oracleInput << commits[i][j];
|
|
|
|
+
|
|
|
|
+ currA.push_back(Scalar());
|
|
|
|
+ currS.push_back(Scalar());
|
|
|
|
+ currT.push_back(Scalar());
|
|
|
|
+
|
|
|
|
+ retval.push_back(Proof());
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ a.push_back(currA);
|
|
|
|
+ s.push_back(currS);
|
|
|
|
+ t.push_back(currT);
|
|
|
|
+ }
|
|
|
|
+
|
|
// Taken from Fig. 1 in https://eprint.iacr.org/2014/764.pdf
|
|
// Taken from Fig. 1 in https://eprint.iacr.org/2014/764.pdf
|
|
for (size_t i = 0; i < permutations.size(); i++)
|
|
for (size_t i = 0; i < permutations.size(); i++)
|
|
{
|
|
{
|
|
for (size_t j = 0; j < permutations[i].size(); j++)
|
|
for (size_t j = 0; j < permutations[i].size(); j++)
|
|
{
|
|
{
|
|
- Proof currProof;
|
|
|
|
- Curvepoint g, h, C, C_a, C_b;
|
|
|
|
- g = EL_GAMAL_GENERATOR;
|
|
|
|
- h = elGamalBlindGenerator;
|
|
|
|
|
|
+ Curvepoint C, C_a, C_b;
|
|
|
|
|
|
- Scalar a, s, t, p, r;
|
|
|
|
- a.set_random();
|
|
|
|
- s.set_random();
|
|
|
|
- t.set_random();
|
|
|
|
|
|
+ Scalar p, r;
|
|
|
|
+ a[i][j].set_random();
|
|
|
|
+ s[i][j].set_random();
|
|
|
|
+ t[i][j].set_random();
|
|
p = permutations[i][j];
|
|
p = permutations[i][j];
|
|
r = seeds[i][j];
|
|
r = seeds[i][j];
|
|
|
|
|
|
C = commits[i][j];
|
|
C = commits[i][j];
|
|
|
|
|
|
- C_a = g * a + h * s;
|
|
|
|
- C_b = g * a * p + h * t;
|
|
|
|
|
|
+ C_a = g * a[i][j] + h * s[i][j];
|
|
|
|
+ C_b = g * a[i][j] * p + h * t[i][j];
|
|
|
|
|
|
- std::stringstream oracleInput;
|
|
|
|
- oracleInput << g << h << C << C_a << C_b;
|
|
|
|
|
|
+ oracleInput << C << C_a << C_b;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
|
|
- Scalar x = oracle(oracleInput.str());
|
|
|
|
- currProof.challengeParts.push_back(x);
|
|
|
|
|
|
+ Scalar x = oracle(oracleInput.str());
|
|
|
|
+ retval[0].challengeParts.push_back(x);
|
|
|
|
|
|
- Scalar f, z_a, z_b;
|
|
|
|
- f = p * x + a;
|
|
|
|
- z_a = r * x + s;
|
|
|
|
- z_b = r * (x - f) + t;
|
|
|
|
|
|
+ for (size_t i = 0; i < permutations.size(); i++)
|
|
|
|
+ {
|
|
|
|
+ for (size_t j = 0; j < permutations[i].size(); j++)
|
|
|
|
+ {
|
|
|
|
+ size_t piIndex = i * permutations.size() + j + 1;
|
|
|
|
|
|
- currProof.responseParts.push_back(f);
|
|
|
|
- currProof.responseParts.push_back(z_a);
|
|
|
|
- currProof.responseParts.push_back(z_b);
|
|
|
|
|
|
+ Scalar f, z_a, z_b, p, r;
|
|
|
|
+ p = permutations[i][j];
|
|
|
|
+ r = seeds[i][j];
|
|
|
|
|
|
- retval.push_back(currProof);
|
|
|
|
|
|
+ f = p * x + a[i][j];
|
|
|
|
+ z_a = r * x + s[i][j];
|
|
|
|
+ z_b = r * (x - f) + t[i][j];
|
|
|
|
+
|
|
|
|
+ retval[piIndex].responseParts.push_back(f);
|
|
|
|
+ retval[piIndex].responseParts.push_back(z_a);
|
|
|
|
+ retval[piIndex].responseParts.push_back(z_b);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
@@ -861,18 +896,26 @@ bool PrsonaBase::verify_valid_permutation_proof(
|
|
g = EL_GAMAL_GENERATOR;
|
|
g = EL_GAMAL_GENERATOR;
|
|
h = elGamalBlindGenerator;
|
|
h = elGamalBlindGenerator;
|
|
|
|
|
|
|
|
+ std::stringstream oracleInput;
|
|
|
|
+ oracleInput << g << h;
|
|
|
|
+
|
|
|
|
+ for (size_t i = 0; i < commits.size(); i++)
|
|
|
|
+ for (size_t j = 0; j < commits[i].size(); j++)
|
|
|
|
+ oracleInput << commits[i][j];
|
|
|
|
+
|
|
|
|
+ Scalar x = pi[0].challengeParts[0];
|
|
|
|
+
|
|
for (size_t i = 0; i < commits.size(); i++)
|
|
for (size_t i = 0; i < commits.size(); i++)
|
|
{
|
|
{
|
|
for (size_t j = 0; j < commits[i].size(); j++)
|
|
for (size_t j = 0; j < commits[i].size(); j++)
|
|
{
|
|
{
|
|
- size_t piIndex = i * commits.size() + j;
|
|
|
|
|
|
+ size_t piIndex = i * commits.size() + j + 1;
|
|
|
|
|
|
Curvepoint C, C_a, C_b;
|
|
Curvepoint C, C_a, C_b;
|
|
|
|
|
|
C = commits[i][j];
|
|
C = commits[i][j];
|
|
|
|
|
|
- Scalar x, f, z_a, z_b;
|
|
|
|
- x = pi[piIndex].challengeParts[0];
|
|
|
|
|
|
+ Scalar f, z_a, z_b;
|
|
f = pi[piIndex].responseParts[0];
|
|
f = pi[piIndex].responseParts[0];
|
|
z_a = pi[piIndex].responseParts[1];
|
|
z_a = pi[piIndex].responseParts[1];
|
|
z_b = pi[piIndex].responseParts[2];
|
|
z_b = pi[piIndex].responseParts[2];
|
|
@@ -881,17 +924,16 @@ bool PrsonaBase::verify_valid_permutation_proof(
|
|
C_a = g * f + h * z_a - C * x;
|
|
C_a = g * f + h * z_a - C * x;
|
|
C_b = h * z_b - C * (x - f);
|
|
C_b = h * z_b - C * (x - f);
|
|
|
|
|
|
- std::stringstream oracleInput;
|
|
|
|
- oracleInput << g << h << C << C_a << C_b;
|
|
|
|
-
|
|
|
|
- if (oracle(oracleInput.str()) != x)
|
|
|
|
- {
|
|
|
|
- std::cerr << "0 or 1 proof failed at index " << i << " of " << pi.size() - 1 << ", aborting." << std::endl;
|
|
|
|
- return false;
|
|
|
|
- }
|
|
|
|
|
|
+ oracleInput << C << C_a << C_b;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+ if (oracle(oracleInput.str()) != x)
|
|
|
|
+ {
|
|
|
|
+ std::cerr << "0 or 1 proof failed, aborting." << std::endl;
|
|
|
|
+ return false;
|
|
|
|
+ }
|
|
|
|
+
|
|
for (size_t i = 0; i < commits.size(); i++)
|
|
for (size_t i = 0; i < commits.size(); i++)
|
|
{
|
|
{
|
|
Curvepoint sum = commits[i][0];
|
|
Curvepoint sum = commits[i][0];
|
|
@@ -1435,6 +1477,10 @@ std::vector<Proof> PrsonaBase::generate_proof_of_reordering(
|
|
|
|
|
|
oracleInput << U1 << U2;
|
|
oracleInput << U1 << U2;
|
|
|
|
|
|
|
|
+ std::stringstream out1, out2;
|
|
|
|
+ out1 << U1;
|
|
|
|
+ out2 << U2;
|
|
|
|
+
|
|
curraRow.push_back(curra);
|
|
curraRow.push_back(curra);
|
|
currt1Row.push_back(currt1);
|
|
currt1Row.push_back(currt1);
|
|
currt2Row.push_back(currt2);
|
|
currt2Row.push_back(currt2);
|
|
@@ -1523,6 +1569,10 @@ bool PrsonaBase::verify_proof_of_reordering(
|
|
productCommits[i][j] * x;
|
|
productCommits[i][j] * x;
|
|
|
|
|
|
oracleInput << U1 << U2;
|
|
oracleInput << U1 << U2;
|
|
|
|
+
|
|
|
|
+ std::stringstream out1, out2;
|
|
|
|
+ out1 << U1;
|
|
|
|
+ out2 << U2;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|