serverEntity.cpp 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519
  1. #include <iostream>
  2. #include "serverEntity.hpp"
  3. /********************
  4. * PUBLIC FUNCTIONS *
  5. ********************/
  6. /*
  7. * CONSTRUCTORS
  8. */
  9. PrsonaServerEntity::PrsonaServerEntity(size_t numServers)
  10. {
  11. if (numServers < 1)
  12. {
  13. std::cerr << "You have to have at least 1 server. "
  14. << "I'm making it anyways." << std::endl;
  15. }
  16. // Make the first server, which makes the BGN parameters
  17. PrsonaServer firstServer(numServers);
  18. servers.push_back(firstServer);
  19. // Make the rest of the servers, which take the BGN parameters
  20. const BGN& sharedBGN = firstServer.get_bgn_details();
  21. for (size_t i = 1; i < numServers; i++)
  22. servers.push_back(PrsonaServer(numServers, sharedBGN));
  23. // After all servers have made their seeds,
  24. // make sure they have the initial fresh generator
  25. std::vector<Proof> pi;
  26. Curvepoint firstGenerator = get_fresh_generator(pi);
  27. for (size_t i = 0; i < numServers; i++)
  28. servers[i].initialize_fresh_generator(pi, firstGenerator);
  29. pi.clear();
  30. // It's important that no server knows the DLOG between g and h for ElGamal,
  31. // so have each server collaborate to make h.
  32. Curvepoint blindGenerator = PrsonaServer::EL_GAMAL_GENERATOR;
  33. for (size_t i = 0; i < numServers; i++)
  34. {
  35. blindGenerator =
  36. servers[i].add_rand_seed_to_generator(pi, blindGenerator);
  37. }
  38. for (size_t i = 0; i < numServers; i++)
  39. servers[i].set_EG_blind_generator(pi, blindGenerator);
  40. }
  41. /*
  42. * BASIC PUBLIC SYSTEM INFO GETTERS
  43. */
  44. BGNPublicKey PrsonaServerEntity::get_bgn_public_key() const
  45. {
  46. return get_bgn_public_key(0);
  47. }
  48. BGNPublicKey PrsonaServerEntity::get_bgn_public_key(size_t which) const
  49. {
  50. return servers[which].get_bgn_public_key();
  51. }
  52. Curvepoint PrsonaServerEntity::get_blinding_generator() const
  53. {
  54. return get_blinding_generator(0);
  55. }
  56. Curvepoint PrsonaServerEntity::get_blinding_generator(size_t which) const
  57. {
  58. std::vector<Proof> pi;
  59. Curvepoint retval = get_blinding_generator(pi, which);
  60. if (!servers[which].verify_generator_proof(
  61. pi, retval, servers[which].get_num_servers()))
  62. {
  63. std::cerr << "Error making the generator, aborting." << std::endl;
  64. return Curvepoint();
  65. }
  66. return retval;
  67. }
  68. Curvepoint PrsonaServerEntity::get_blinding_generator(
  69. std::vector<Proof>& pi) const
  70. {
  71. return get_blinding_generator(pi, 0);
  72. }
  73. Curvepoint PrsonaServerEntity::get_blinding_generator(
  74. std::vector<Proof>& pi, size_t which) const
  75. {
  76. return servers[which].get_blinding_generator(pi);
  77. }
  78. Curvepoint PrsonaServerEntity::get_fresh_generator() const
  79. {
  80. return get_fresh_generator(0);
  81. }
  82. Curvepoint PrsonaServerEntity::get_fresh_generator(size_t which) const
  83. {
  84. std::vector<Proof> pi;
  85. Curvepoint retval = get_fresh_generator(pi, which);
  86. if (!servers[which].verify_generator_proof(
  87. pi, retval, servers[which].get_num_servers()))
  88. {
  89. std::cerr << "Error making the generator, aborting." << std::endl;
  90. return Curvepoint();
  91. }
  92. return retval;
  93. }
  94. Curvepoint PrsonaServerEntity::get_fresh_generator(
  95. std::vector<Proof>& pi) const
  96. {
  97. return get_fresh_generator(pi, 0);
  98. }
  99. Curvepoint PrsonaServerEntity::get_fresh_generator(
  100. std::vector<Proof>& pi, size_t which) const
  101. {
  102. Curvepoint retval = PrsonaServer::EL_GAMAL_GENERATOR;
  103. pi.clear();
  104. for (size_t j = 0; j < servers[which].get_num_servers(); j++)
  105. {
  106. size_t index = (which + j) % servers[which].get_num_servers();
  107. retval = servers[index].add_curr_seed_to_generator(pi, retval);
  108. }
  109. return retval;
  110. }
  111. size_t PrsonaServerEntity::get_num_clients() const
  112. {
  113. return get_num_clients(0);
  114. }
  115. size_t PrsonaServerEntity::get_num_clients(size_t which) const
  116. {
  117. return servers[which].get_num_clients();
  118. }
  119. size_t PrsonaServerEntity::get_num_servers() const
  120. {
  121. return get_num_servers(0);
  122. }
  123. size_t PrsonaServerEntity::get_num_servers(size_t which) const
  124. {
  125. return servers[which].get_num_servers();
  126. }
  127. /*
  128. * ENCRYPTED DATA GETTERS
  129. */
  130. std::vector<CurveBipoint> PrsonaServerEntity::get_current_votes_by(
  131. Proof& pi, const Curvepoint& shortTermPublicKey) const
  132. {
  133. return get_current_votes_by(pi, shortTermPublicKey, 0);
  134. }
  135. /* Call this in order to get the current encrypted votes cast by a given user
  136. * (who is identified by their short term public key).
  137. * In practice, this is intended for clients,
  138. * who need to know their current votes in order to rerandomize them. */
  139. std::vector<CurveBipoint> PrsonaServerEntity::get_current_votes_by(
  140. Proof& pi, const Curvepoint& shortTermPublicKey, size_t which) const
  141. {
  142. return servers[which].get_current_votes_by(pi, shortTermPublicKey);
  143. }
  144. std::vector<std::vector<CurveBipoint>> PrsonaServerEntity::get_all_current_votes(
  145. Proof& pi) const
  146. {
  147. return get_all_current_votes(pi, 0);
  148. }
  149. std::vector<std::vector<CurveBipoint>> PrsonaServerEntity::get_all_current_votes(
  150. Proof& pi, size_t which) const
  151. {
  152. return servers[which].get_all_current_votes(pi);
  153. }
  154. EGCiphertext PrsonaServerEntity::get_current_user_encrypted_tally(
  155. Proof& pi, const Curvepoint& shortTermPublicKey) const
  156. {
  157. return get_current_user_encrypted_tally(pi, shortTermPublicKey, 0);
  158. }
  159. EGCiphertext PrsonaServerEntity::get_current_user_encrypted_tally(
  160. Proof& pi, const Curvepoint& shortTermPublicKey, size_t which) const
  161. {
  162. return servers[which].get_current_user_encrypted_tally(
  163. pi, shortTermPublicKey);
  164. }
  165. TwistBipoint PrsonaServerEntity::get_current_server_encrypted_tally(
  166. Proof& pi, const Curvepoint& shortTermPublicKey) const
  167. {
  168. return get_current_server_encrypted_tally(pi, shortTermPublicKey, 0);
  169. }
  170. TwistBipoint PrsonaServerEntity::get_current_server_encrypted_tally(
  171. Proof& pi, const Curvepoint& shortTermPublicKey, size_t which) const
  172. {
  173. return servers[which].get_current_server_encrypted_tally(
  174. pi, shortTermPublicKey);
  175. }
  176. std::vector<Curvepoint> PrsonaServerEntity::get_current_pseudonyms(
  177. Proof& pi) const
  178. {
  179. return get_current_pseudonyms(pi, 0);
  180. }
  181. std::vector<Curvepoint> PrsonaServerEntity::get_current_pseudonyms(
  182. Proof& pi, size_t which) const
  183. {
  184. return servers[which].get_current_pseudonyms(pi);
  185. }
  186. /*
  187. * CLIENT INTERACTIONS
  188. */
  189. void PrsonaServerEntity::add_new_client(PrsonaClient& newUser)
  190. {
  191. add_new_client(newUser, 0);
  192. }
  193. /* Add a new client (who is identified only by their short term public key)
  194. * One server does the main work, then other servers import their (proven)
  195. * exported data. */
  196. void PrsonaServerEntity::add_new_client(PrsonaClient& newUser, size_t which)
  197. {
  198. Proof proofOfValidSTPK, proofOfValidVotes;
  199. std::vector<Proof> proofOfValidGenerator, proofOfCorrectAddition;
  200. Curvepoint freshGenerator =
  201. get_fresh_generator(proofOfValidGenerator, which);
  202. // Users can't actually announce a short term public key
  203. // if they don't know the fresh generator.
  204. newUser.receive_fresh_generator(proofOfValidGenerator, freshGenerator);
  205. Curvepoint shortTermPublicKey = newUser.get_short_term_public_key(
  206. proofOfValidSTPK);
  207. // Do the actual work of adding the client to the first server
  208. servers[which].add_new_client(
  209. proofOfCorrectAddition, proofOfValidSTPK, shortTermPublicKey);
  210. // Then, export the data to the rest of the servers
  211. std::vector<TwistBipoint> previousVoteTally;
  212. std::vector<Curvepoint> currentPseudonyms;
  213. std::vector<EGCiphertext> currentUserEncryptedTallies;
  214. std::vector<std::vector<CurveBipoint>> voteMatrix;
  215. servers[which].export_updates(
  216. previousVoteTally,
  217. currentPseudonyms,
  218. currentUserEncryptedTallies,
  219. voteMatrix);
  220. // FIX ME!!!!!!!
  221. Proof unused("PROOF");
  222. for (size_t j = 1; j < servers[which].get_num_servers(); j++)
  223. {
  224. size_t index = (which + j) % servers[which].get_num_servers();
  225. servers[index].import_updates(
  226. unused,
  227. previousVoteTally,
  228. currentPseudonyms,
  229. currentUserEncryptedTallies,
  230. voteMatrix);
  231. }
  232. // Finally, give the user the information it needs
  233. // about its current tally and votes
  234. transmit_new_user_data(proofOfCorrectAddition, newUser);
  235. }
  236. // Receive a new vote row from a user (identified by short term public key).
  237. bool PrsonaServerEntity::receive_vote(
  238. const std::vector<Proof>& pi,
  239. const std::vector<CurveBipoint>& newVotes,
  240. const Curvepoint& shortTermPublicKey)
  241. {
  242. return receive_vote(pi, newVotes, shortTermPublicKey, 0);
  243. }
  244. bool PrsonaServerEntity::receive_vote(
  245. const std::vector<Proof>& pi,
  246. const std::vector<CurveBipoint>& newVotes,
  247. const Curvepoint& shortTermPublicKey,
  248. size_t which)
  249. {
  250. bool retval = true;
  251. for (size_t i = 0; i < servers[which].get_num_servers(); i++)
  252. {
  253. size_t index = (i + which) % servers[which].get_num_servers();
  254. retval = retval &&
  255. servers[index].receive_vote(pi, newVotes, shortTermPublicKey);
  256. }
  257. return retval;
  258. }
  259. void PrsonaServerEntity::transmit_new_user_data(
  260. const std::vector<Proof>& pi, PrsonaClient& newUser) const
  261. {
  262. newUser.receive_new_user_data(pi);
  263. }
  264. void PrsonaServerEntity::transmit_updates(PrsonaClient& currUser) const
  265. {
  266. transmit_updates(currUser, 0);
  267. }
  268. // After tallying scores and new vote matrix,
  269. // give those to a user for the new epoch
  270. void PrsonaServerEntity::transmit_updates(
  271. PrsonaClient& currUser, size_t which) const
  272. {
  273. Proof proofOfValidSTPK, proofOfScore, proofOfCorrectVotes;
  274. std::vector<Proof> proofOfValidGenerator;
  275. Curvepoint freshGenerator =
  276. get_fresh_generator(proofOfValidGenerator, which);
  277. // Get users the next fresh generator so they can correctly
  278. // ask for their new scores and vote row
  279. currUser.receive_fresh_generator(proofOfValidGenerator, freshGenerator);
  280. currUser.receive_vote_tally();
  281. }
  282. /*
  283. * EPOCH
  284. */
  285. void PrsonaServerEntity::epoch(Proof& pi)
  286. {
  287. epoch(pi, 0);
  288. }
  289. // Do the epoch process
  290. void PrsonaServerEntity::epoch(Proof& pi, size_t which)
  291. {
  292. Curvepoint nextGenerator = PrsonaServer::EL_GAMAL_GENERATOR;
  293. std::vector<TwistBipoint> previousVoteTally;
  294. std::vector<Curvepoint> currentPseudonyms;
  295. std::vector<EGCiphertext> currentUserEncryptedTallies;
  296. std::vector<Proof> currentTallyProofs;
  297. std::vector<std::vector<CurveBipoint>> voteMatrix;
  298. // go from A_0 to A_0.5
  299. for (size_t i = 0; i < servers[which].get_num_servers(); i++)
  300. {
  301. size_t index = (which + i) % servers[which].get_num_servers();
  302. size_t nextIndex = (which + i + 1) % servers[which].get_num_servers();
  303. servers[index].build_up_midway_pseudonyms(pi, nextGenerator);
  304. servers[index].export_updates(
  305. previousVoteTally,
  306. currentPseudonyms,
  307. currentUserEncryptedTallies,
  308. voteMatrix);
  309. servers[nextIndex].import_updates(
  310. pi,
  311. previousVoteTally,
  312. currentPseudonyms,
  313. currentUserEncryptedTallies,
  314. voteMatrix);
  315. }
  316. /* Imagine that server 0 is encrypting these, then would do a ZKP that it
  317. * knows a secret mask and encrypted the correct value everyone else already
  318. * knows. Everyone else then adds a mask and proves they added a secret mask
  319. * to the committed values. */
  320. currentUserEncryptedTallies =
  321. tally_scores(nextGenerator, which);
  322. // go from A_0.5 to A_1
  323. for (size_t i = 0; i < servers[which].get_num_servers(); i++)
  324. {
  325. size_t index = (which + i) % servers[which].get_num_servers();
  326. size_t nextIndex = (which + i + 1) % servers[which].get_num_servers();
  327. servers[index].break_down_midway_pseudonyms(pi, nextGenerator);
  328. servers[index].export_updates(
  329. previousVoteTally,
  330. currentPseudonyms,
  331. currentUserEncryptedTallies,
  332. voteMatrix);
  333. servers[nextIndex].import_updates(
  334. pi,
  335. previousVoteTally,
  336. currentPseudonyms,
  337. currentUserEncryptedTallies,
  338. voteMatrix);
  339. }
  340. // At the end, make sure all servers have same information
  341. for (size_t i = 1; i < servers[which].get_num_servers() - 1; i++)
  342. {
  343. size_t index = (which + i) % servers[which].get_num_servers();
  344. servers[index].import_updates(
  345. pi,
  346. previousVoteTally,
  347. currentPseudonyms,
  348. currentUserEncryptedTallies,
  349. voteMatrix);
  350. }
  351. }
  352. void PrsonaServerEntity::print_scores() const
  353. {
  354. BGN bgnSystem = servers[0].bgnSystem;
  355. std::vector<TwistBipoint> scores = servers[0].previousVoteTallies;
  356. std::cout << "[";
  357. for (size_t i = 0; i < scores.size(); i++)
  358. {
  359. std::cout << bgnSystem.decrypt(scores[i])
  360. << (i == scores.size() - 1 ? "]" : " ");
  361. }
  362. std::cout << std::endl;
  363. }
  364. void PrsonaServerEntity::print_votes() const
  365. {
  366. BGN bgnSystem = servers[0].bgnSystem;
  367. std::vector<std::vector<CurveBipoint>> voteMatrix = servers[0].voteMatrix;
  368. for (size_t i = 0; i < voteMatrix.size(); i++)
  369. {
  370. std::cout << (i == 0 ? "[[" : " [");
  371. for (size_t j = 0; j < voteMatrix[i].size(); j++)
  372. {
  373. std::cout << bgnSystem.decrypt(voteMatrix[i][j])
  374. << (j == voteMatrix[i].size() - 1 ? "]" : " ");
  375. }
  376. std::cout << (i == voteMatrix.size() - 1 ? "]" : " ") << std::endl;
  377. }
  378. }
  379. /*********************
  380. * PRIVATE FUNCTIONS *
  381. *********************/
  382. /*
  383. * SCORE TALLYING
  384. */
  385. /* Calculate scores, then scale the values appropriately,
  386. * so they are in the correct range to be used as vote weights.
  387. *
  388. * We're treating it as if we are one server, so that server gets the updated
  389. * weights to be sent to all other servers for the next epoch. */
  390. std::vector<EGCiphertext> PrsonaServerEntity::tally_scores(
  391. const Curvepoint& nextGenerator,
  392. size_t which)
  393. {
  394. std::vector<EGCiphertext> retval;
  395. Proof maxScoreProof;
  396. std::vector<Scalar> decryptedTalliedScores = servers[which].tally_scores();
  397. mpz_class maxScorePossibleThisRound =
  398. servers[which].get_max_possible_score(maxScoreProof).toInt() *
  399. PrsonaBase::get_max_allowed_vote();
  400. mpz_class topOfScoreRange =
  401. decryptedTalliedScores.size() * PrsonaBase::get_max_allowed_vote();
  402. for (size_t i = 0; i < decryptedTalliedScores.size(); i++)
  403. {
  404. decryptedTalliedScores[i] =
  405. Scalar(
  406. (decryptedTalliedScores[i].toInt() * topOfScoreRange) /
  407. maxScorePossibleThisRound
  408. );
  409. EGCiphertext currCiphertext;
  410. retval.push_back(currCiphertext);
  411. Scalar currMask;
  412. currMask.set_random();
  413. // Give the server the new weights,
  414. // to get passed around to the other servers
  415. servers[which].bgnSystem.encrypt(
  416. servers[which].previousVoteTallies[i], decryptedTalliedScores[i]);
  417. retval[i].mask = servers[which].currentPseudonyms[i] * currMask;
  418. retval[i].encryptedMessage =
  419. (nextGenerator * currMask) +
  420. (servers[which].get_blinding_generator() * decryptedTalliedScores[i]);
  421. }
  422. servers[which].currentUserEncryptedTallies = retval;
  423. return retval;
  424. }
  425. /*
  426. * BINARY SEARCH
  427. */
  428. // Completely normal binary search
  429. size_t PrsonaServerEntity::binary_search(
  430. const Curvepoint& shortTermPublicKey, size_t which) const
  431. {
  432. return servers[which].binary_search(shortTermPublicKey);
  433. }