tmgurtler
/
PRSONA


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
							#include <iostream>

#include "client.hpp"

extern const curvepoint_fp_t bn_curvegen;

Curvepoint PrsonaClient::elGamalGenerator = Curvepoint();

bool PrsonaClient::malicious_server = false;
bool PrsonaClient::malicious_client = false;

PrsonaClient::PrsonaClient(const BGNPublicKey& serverPublicKey, const Curvepoint& elGamalBlindGenerator)
: serverPublicKey(serverPublicKey), elGamalBlindGenerator(elGamalBlindGenerator), max_checked(0)
{
    elGamalGenerator = Curvepoint(bn_curvegen);

    longTermPrivateKey.set_random();
    inversePrivateKey = longTermPrivateKey.curveInverse();

    decryption_memoizer[elGamalBlindGenerator * max_checked] = max_checked;
}

void PrsonaClient::set_malicious_server()
{
    malicious_server = true;
}

void PrsonaClient::set_malicious_client()
{
    malicious_client = true;
}

Curvepoint PrsonaClient::get_short_term_public_key(Proof &pi) const
{
    pi = generate_stpk_proof();

    return currentFreshGenerator * longTermPrivateKey;
}

void PrsonaClient::make_votes(Proof& pi, std::vector<CurveBipoint>& encryptedVotes, const std::vector<Scalar>& vote, const std::vector<bool>& replace) const
{
    encryptedVotes.clear();

    for (size_t i = 0; i < vote.size(); i++)
    {
        CurveBipoint currScore;
        if (replace[i])
            serverPublicKey.encrypt(currScore, vote[i]);
        else
            currScore = serverPublicKey.rerandomize(currEncryptedVotes[i]);

        encryptedVotes.push_back(currScore);
    }

    pi = generate_vote_proof(encryptedVotes, vote);
}

void PrsonaClient::receive_fresh_generator(const Proof& pi, const Curvepoint& freshGenerator)
{
    if (!verify_generator_proof(pi, freshGenerator))
    {
        std::cerr << "Could not verify proof of valid fresh generator." << std::endl;
        return;
    }

    currentFreshGenerator = freshGenerator;
}

void PrsonaClient::receive_vote_tally(const Proof& pi, const EGCiphertext& score, bool isDefault)
{
    if (isDefault)
    {
        if (!verify_default_tally_proof(pi, score))
        {
            std::cerr << "Could not verify proof of valid default tally." << std::endl;
            return;
        }
    }
    else
    {
        if (!verify_valid_tally_proof(pi, score))
        {
            std::cerr << "Could not verify proof of valid tally." << std::endl;
            return;
        }
    }

    currentEncryptedScore = score;
    decrypt_score(score);
}

void PrsonaClient::receive_encrypted_votes(const Proof& pi, const std::vector<CurveBipoint>& votes, bool isDefault)
{
    if (isDefault)
    {
        if (!verify_default_votes_proof(pi, votes))
        {
            std::cerr << "Could not verify proof of valid default votes." << std::endl;
            return;
        }
    }
    else
    {
        if (!verify_valid_votes_proof(pi, votes))
        {
            std::cerr << "Could not verify proof of valid votes." << std::endl;
            return;
        }
    }

    currEncryptedVotes = votes;
}

Proof PrsonaClient::generate_reputation_proof() const
{
    if (!malicious_client)
        return "PROOF";

    return "PROOF";
}

bool PrsonaClient::verify_reputation_proof(const Proof& pi, const Curvepoint& shortTermPublicKey) const
{
    if (!malicious_client)
        return pi == "PROOF";

    return pi == "PROOF";
}

void PrsonaClient::decrypt_score(const EGCiphertext& score)
{
    Curvepoint s, hashedDecrypted;
    s = score.mask * inversePrivateKey;
    hashedDecrypted = score.encryptedMessage - s;
    
    auto lookup = decryption_memoizer.find(hashedDecrypted);
    if (lookup != decryption_memoizer.end())
    {
        currentScore = lookup->second;
        return;
    }

    max_checked++;
    Curvepoint decryptionCandidate = elGamalBlindGenerator * max_checked;

    while (decryptionCandidate != hashedDecrypted)
    {
        decryption_memoizer[decryptionCandidate] = max_checked;

        decryptionCandidate = decryptionCandidate + elGamalBlindGenerator;
        max_checked++;
    }

    decryption_memoizer[decryptionCandidate] = max_checked;
    currentScore = max_checked;
}

Proof PrsonaClient::generate_stpk_proof() const
{
    if (!malicious_client)
        return "PROOF";

    return "PROOF";
}

bool PrsonaClient::verify_generator_proof(const Proof& pi, const Curvepoint& generator) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}

bool PrsonaClient::verify_default_tally_proof(const Proof& pi, const EGCiphertext& score) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}

bool PrsonaClient::verify_valid_tally_proof(const Proof& pi, const EGCiphertext& score) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}

bool PrsonaClient::verify_default_votes_proof(const Proof& pi, const std::vector<CurveBipoint>& votes) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}

bool PrsonaClient::verify_valid_votes_proof(const Proof& pi, const std::vector<CurveBipoint>& votes) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}

Proof PrsonaClient::generate_vote_proof(const std::vector<CurveBipoint>& encryptedVotes, const std::vector<Scalar>& vote) const
{
    if (!malicious_client)
        return "PROOF";

    return "PROOF";
}

bool PrsonaClient::verify_score_proof(const Proof& pi) const
{
    if (!malicious_server)
        return pi == "PROOF";

    return pi == "PROOF";
}