server.hpp 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601
  1. #ifndef __PRSONA_SERVER_HPP
  2. #define __PRSONA_SERVER_HPP
  3. #include <vector>
  4. #include <mutex>
  5. #include "BGN.hpp"
  6. #include "Curvepoint.hpp"
  7. #include "Bipoint.hpp"
  8. #include "base.hpp"
  9. #include "EGCiphertext.hpp"
  10. #include "proof.hpp"
  11. class PrsonaServer : public PrsonaBase {
  12. public:
  13. // CONSTRUCTORS
  14. PrsonaServer(
  15. size_t numServers);
  16. PrsonaServer(
  17. size_t numServers,
  18. const BGN& other_bgn);
  19. PrsonaServer(
  20. const PrsonaServer& other);
  21. PrsonaServer(
  22. PrsonaServer&& other);
  23. PrsonaServer &operator=(
  24. const PrsonaServer& other);
  25. PrsonaServer &operator=(
  26. PrsonaServer&& other);
  27. ~PrsonaServer();
  28. // BASIC PUBLIC SYSTEM INFO GETTERS
  29. BGNPublicKey get_bgn_public_key() const;
  30. size_t get_num_clients() const;
  31. size_t get_num_servers() const;
  32. Twistpoint get_fresh_generator(
  33. std::vector<Proof>& pi
  34. ) const;
  35. // FRESH GENERATOR CALCULATION
  36. Twistpoint add_curr_seed_to_generator(
  37. std::vector<Proof>& pi,
  38. const Twistpoint& currGenerator
  39. ) const;
  40. Twistpoint add_next_seed_to_generator(
  41. std::vector<Proof>& pi,
  42. const Twistpoint& currGenerator
  43. ) const;
  44. Twistpoint add_rand_seed_to_generator(
  45. std::vector<Proof>& pi,
  46. const Twistpoint& currGenerator
  47. ) const;
  48. // ENCRYPTED DATA GETTERS
  49. std::vector<TwistBipoint> get_current_votes_by(
  50. Proof& pi,
  51. const Twistpoint& shortTermPublicKey
  52. ) const;
  53. std::vector<std::vector<TwistBipoint>> get_all_current_votes(
  54. Proof& pi
  55. ) const;
  56. EGCiphertext get_current_user_encrypted_tally(
  57. Proof& pi,
  58. const Twistpoint& shortTermPublicKey
  59. ) const;
  60. CurveBipoint get_current_server_encrypted_tally(
  61. Proof& pi,
  62. const Twistpoint& shortTermPublicKey
  63. ) const;
  64. std::vector<Twistpoint> get_current_pseudonyms(
  65. Proof& pi
  66. ) const;
  67. std::vector<Twistpoint> get_current_pseudonyms() const;
  68. // PROOF COMMITMENT GETTERS
  69. Proof get_vote_row_commitment(
  70. const Twistpoint& request
  71. ) const;
  72. Proof get_vote_matrix_commitment() const;
  73. Proof get_user_tally_commitment(
  74. const Twistpoint& request
  75. ) const;
  76. Proof get_server_tally_commitment(
  77. const Twistpoint& request
  78. ) const;
  79. Proof get_pseudonyms_commitment() const;
  80. void print_current_commitments() const;
  81. // CLIENT INTERACTIONS
  82. void add_new_client(
  83. std::vector<Proof>& proofOfValidAddition,
  84. const Proof& proofOfValidKey,
  85. const Twistpoint& shortTermPublicKey);
  86. bool receive_vote(
  87. const std::vector<Proof>& pi,
  88. const std::vector<TwistBipoint>& newVotes,
  89. const Twistpoint& shortTermPublicKey);
  90. void print_scores(
  91. const std::vector<CurveBipoint>& scores);
  92. // CONSTRUCTOR HELPERS
  93. const BGN& get_bgn_details() const;
  94. bool initialize_fresh_generator(
  95. const std::vector<Proof>& pi,
  96. const Twistpoint& firstGenerator);
  97. bool set_EG_blind_generator(
  98. const std::vector<Proof>& pi,
  99. const Twistpoint& currGenerator);
  100. // EPOCH ROUNDS
  101. void build_up_midway_pseudonyms(
  102. std::vector<std::vector<std::vector<Proof>>>& pi,
  103. std::vector<std::vector<std::vector<Twistpoint>>>& permutationCommits,
  104. std::vector<std::vector<std::vector<Twistpoint>>>& freshPseudonymCommits,
  105. std::vector<std::vector<std::vector<Twistpoint>>>& freshPseudonymSeedCommits,
  106. std::vector<std::vector<std::vector<CurveBipoint>>>& serverTallyCommits,
  107. std::vector<std::vector<std::vector<std::vector<TwistBipoint>>>>& partwayVoteMatrixCommits,
  108. std::vector<std::vector<std::vector<std::vector<TwistBipoint>>>>& finalVoteMatrixCommits,
  109. Twistpoint& nextGenerator);
  110. void hbc_build_up_midway_pseudonyms(
  111. std::vector<Proof>& generatorProof,
  112. std::vector<Twistpoint>& newFreshPseudonyms,
  113. std::vector<CurveBipoint>& newServerTallies,
  114. std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  115. Twistpoint& nextGenerator);
  116. void break_down_midway_pseudonyms(
  117. const std::vector<Proof>& generatorProof,
  118. std::vector<std::vector<std::vector<Proof>>>& pi,
  119. std::vector<std::vector<std::vector<Twistpoint>>>& permutationCommits,
  120. std::vector<std::vector<std::vector<Twistpoint>>>& freshPseudonymCommits,
  121. std::vector<std::vector<std::vector<Twistpoint>>>& freshPseudonymSeedCommits,
  122. std::vector<std::vector<std::vector<CurveBipoint>>>& serverTallyCommits,
  123. std::vector<std::vector<std::vector<std::vector<TwistBipoint>>>>& partwayVoteMatrixCommits,
  124. std::vector<std::vector<std::vector<std::vector<TwistBipoint>>>>& finalVoteMatrixCommits,
  125. std::vector<std::vector<std::vector<Twistpoint>>>& userTallyMaskCommits,
  126. std::vector<std::vector<std::vector<Twistpoint>>>& userTallyMessageCommits,
  127. std::vector<std::vector<std::vector<Twistpoint>>>& userTallySeedCommits,
  128. const Twistpoint& nextGenerator);
  129. void hbc_break_down_midway_pseudonyms(
  130. const std::vector<Proof>& generatorProof,
  131. std::vector<Twistpoint>& newFreshPseudonyms,
  132. std::vector<CurveBipoint>& newServerTallies,
  133. std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  134. std::vector<EGCiphertext>& newUserTallies,
  135. const Twistpoint& nextGenerator);
  136. bool accept_epoch_updates(
  137. const std::vector<std::vector<Proof>>& pi,
  138. const std::vector<std::vector<Twistpoint>>& permutationCommits,
  139. const std::vector<std::vector<Twistpoint>>& freshPseudonymCommits,
  140. const std::vector<std::vector<Twistpoint>>& freshPseudonymSeedCommits,
  141. const std::vector<std::vector<CurveBipoint>>& serverTallyCommits,
  142. const std::vector<std::vector<std::vector<TwistBipoint>>>& partwayVoteMatrixCommits,
  143. const std::vector<std::vector<std::vector<TwistBipoint>>>& finalVoteMatrixCommits,
  144. const std::vector<std::vector<Twistpoint>>& userTallyMaskCommits,
  145. const std::vector<std::vector<Twistpoint>>& userTallyMessageCommits,
  146. const std::vector<std::vector<Twistpoint>>& userTallySeedCommits,
  147. const Twistpoint& nextGenerator,
  148. bool doUserTallies);
  149. bool hbc_accept_epoch_updates(
  150. const std::vector<Twistpoint>& newFreshPseudonyms,
  151. const std::vector<CurveBipoint>& newServerTallies,
  152. const std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  153. const std::vector<EGCiphertext>& newUserTallies,
  154. bool doUserTallies);
  155. // DATA MAINTENANCE
  156. void export_new_user_update(
  157. std::vector<CurveBipoint>& otherPreviousVoteTallies,
  158. std::vector<Twistpoint>& otherCurrentPseudonyms,
  159. std::vector<EGCiphertext>& otherCurrentUserEncryptedTallies,
  160. std::vector<std::vector<TwistBipoint>>& otherVoteMatrix
  161. ) const;
  162. bool import_new_user_update(
  163. const std::vector<Proof>& pi,
  164. const std::vector<CurveBipoint>& otherPreviousVoteTallies,
  165. const std::vector<Twistpoint>& otherCurrentPseudonyms,
  166. const std::vector<EGCiphertext>& otherCurrentUserEncryptedTallies,
  167. const std::vector<std::vector<TwistBipoint>>& otherVoteMatrix);
  168. // SCORE TALLYING
  169. std::vector<Scalar> tally_scores();
  170. Scalar get_max_possible_score();
  171. void receive_tallied_scores(
  172. const std::vector<EGCiphertext>& userTallyScores,
  173. const std::vector<CurveBipoint>& serverTallyScores);
  174. void encrypt(
  175. CurveBipoint& element,
  176. const Scalar& value);
  177. // MULTI-THREADING
  178. friend void generate_permutation_commitment_r(
  179. const void *a,
  180. void *b,
  181. const void *c,
  182. void *d);
  183. friend void generate_pseudonym_commitment_r(
  184. const void *a,
  185. void *b,
  186. const void *c,
  187. const void *d,
  188. void *e,
  189. void *f);
  190. friend void generate_server_tally_commitment_r(
  191. const void *a,
  192. void *b,
  193. const void *c,
  194. void *d);
  195. friend void generate_matrix_commitment_r(
  196. const void *a,
  197. void *b,
  198. void *c,
  199. void *d,
  200. const void *e,
  201. const void *f,
  202. void *g,
  203. void *h);
  204. friend void generate_user_tally_commitment_r(
  205. const void *a,
  206. const void *b,
  207. const void *c,
  208. const void *d,
  209. const void *e,
  210. void *f,
  211. void *g,
  212. void *h,
  213. void *i,
  214. void *j,
  215. void *k);
  216. friend void generate_permutation_proof_r(
  217. const void *a,
  218. void *b,
  219. const void *c,
  220. const void *d,
  221. const void *e);
  222. friend void generate_pseudonym_proof_r(
  223. const void *a,
  224. void *b,
  225. const void *c,
  226. const void *d,
  227. const void *e,
  228. const void *f,
  229. const void *g,
  230. const void *h,
  231. const void *i,
  232. const void *j);
  233. friend void generate_server_tally_proof_r(
  234. const void *a,
  235. void *b,
  236. const void *c,
  237. const void *d,
  238. const void *e,
  239. const void *f,
  240. const void *g,
  241. const void *h,
  242. const void *i,
  243. const void *j);
  244. friend void generate_first_half_matrix_proof_r(
  245. const void *a,
  246. void *b,
  247. const void *c,
  248. const void *d,
  249. const void *e,
  250. const void *f,
  251. const void *g,
  252. const void *h);
  253. friend void generate_second_half_matrix_proof_r(
  254. const void *a,
  255. void *b,
  256. const void *c,
  257. const void *d,
  258. const void *e,
  259. const void *f,
  260. const void *g,
  261. const void *h);
  262. friend void generate_user_tally_proof_r(
  263. const void *a,
  264. void *b,
  265. const void *c,
  266. const void *d,
  267. const void *e,
  268. const void *f,
  269. const void *g,
  270. const void *h,
  271. const void *i,
  272. const void *j,
  273. const void *k,
  274. const void *l,
  275. const void *m,
  276. const void *n);
  277. friend void generate_tensor_r(
  278. const void *a,
  279. void *b,
  280. const void *c,
  281. const void *d,
  282. const void *e,
  283. const void *f,
  284. const void *g,
  285. const void *h,
  286. const void *i,
  287. const void *j);
  288. friend void verify_permutation_r(
  289. const void *a,
  290. void *b,
  291. const void *c,
  292. const void *d);
  293. friend void verify_pseudonym_r(
  294. const void *a,
  295. void *b,
  296. const void *c,
  297. const void *d,
  298. const void *e,
  299. const void *f,
  300. const void *g);
  301. friend void verify_server_tally_r(
  302. const void *a,
  303. void *b,
  304. const void *c,
  305. const void *d,
  306. const void *e,
  307. const void *f,
  308. const void *g,
  309. const void *h);
  310. friend void verify_first_half_matrix_r(
  311. const void *a,
  312. void *b,
  313. const void *c,
  314. const void *d,
  315. const void *e,
  316. const void *f,
  317. const void *g);
  318. friend void verify_second_half_matrix_r(
  319. const void *a,
  320. void *b,
  321. const void *c,
  322. const void *d,
  323. const void *e,
  324. const void *f,
  325. const void *g);
  326. friend void verify_user_tally_r(
  327. const void *a,
  328. void *b,
  329. const void *c,
  330. const void *d,
  331. const void *e,
  332. const void *f,
  333. const void *g,
  334. const void *h,
  335. const void *i,
  336. const void *j);
  337. friend void verify_tensor_r(
  338. const void *a,
  339. void *b,
  340. const void *c,
  341. const void *d,
  342. const void *e,
  343. const void *f,
  344. const void *g,
  345. const void *h);
  346. private:
  347. // constants for servers
  348. size_t numServers;
  349. // Identical between all servers (but collaboratively constructed)
  350. std::mutex *decryptMtx;
  351. BGN bgnSystem;
  352. // Private; different for each server
  353. Scalar currentSeed;
  354. Scalar nextSeed;
  355. // The actual data, which is collaboratively updated by all servers
  356. std::vector<Proof> currentGeneratorProof;
  357. Twistpoint currentFreshGenerator;
  358. std::vector<CurveBipoint> previousVoteTallies;
  359. std::vector<Twistpoint> currentPseudonyms;
  360. std::vector<EGCiphertext> currentUserEncryptedTallies;
  361. std::vector<std::vector<TwistBipoint>> voteMatrix;
  362. void remove();
  363. void copy(const PrsonaServer& other);
  364. /**
  365. * NOTE: voteMatrix structure:
  366. * Each element represents a vote by <rowID> applied to <colID>.
  367. * The outer vector is a vector of rows and the inner vector is
  368. * a vector of encrypted votes.
  369. */
  370. // An imaginary class; it's just used right now to coordinate servers
  371. // in memory instead of via network action.
  372. friend class PrsonaServerEntity;
  373. // EPOCH HELPERS
  374. std::vector<std::vector<Proof>> epoch_calculations(
  375. std::vector<std::vector<Twistpoint>>& permutationCommits,
  376. std::vector<std::vector<Twistpoint>>& freshPseudonymCommits,
  377. std::vector<std::vector<Twistpoint>>& freshPseudonymSeedCommits,
  378. std::vector<std::vector<CurveBipoint>>& serverTallyCommits,
  379. std::vector<std::vector<std::vector<TwistBipoint>>>& partwayVoteMatrixCommits,
  380. std::vector<std::vector<std::vector<TwistBipoint>>>& finalVoteMatrixCommits,
  381. std::vector<std::vector<Twistpoint>>& userTallyMaskCommits,
  382. std::vector<std::vector<Twistpoint>>& userTallyMessageCommits,
  383. std::vector<std::vector<Twistpoint>>& userTallySeedCommits,
  384. const Scalar& power,
  385. const Twistpoint& nextGenerator,
  386. bool doUserTallies);
  387. void hbc_epoch_calculations(
  388. std::vector<Twistpoint>& newFreshPseudonyms,
  389. std::vector<CurveBipoint>& newServerTallies,
  390. std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  391. std::vector<EGCiphertext>& newUserTallies,
  392. const Scalar& power,
  393. const Twistpoint& nextGenerator,
  394. bool doUserTallies);
  395. void hbc_shuffle_vote_matrix(
  396. std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  397. const std::vector<std::vector<TwistBipoint>>& oldVoteMatrix,
  398. const std::vector<size_t> shuffleOrder
  399. ) const;
  400. std::vector<std::vector<Scalar>> generate_permutation_matrix(
  401. const Scalar& reorderSeed
  402. ) const;
  403. std::vector<size_t> generate_hbc_shuffle(
  404. const Scalar& reorderSeed
  405. ) const;
  406. std::vector<std::vector<Twistpoint>> generate_commitment_matrix(
  407. const std::vector<std::vector<Scalar>>& permutations,
  408. std::vector<std::vector<Scalar>>& seeds
  409. ) const;
  410. std::vector<std::vector<Twistpoint>> generate_pseudonym_matrix(
  411. const std::vector<std::vector<Scalar>>& permutations,
  412. const Scalar& power,
  413. std::vector<std::vector<Scalar>>& seeds,
  414. std::vector<std::vector<Twistpoint>>& seedCommits
  415. ) const;
  416. std::vector<std::vector<CurveBipoint>> generate_server_tally_matrix(
  417. const std::vector<std::vector<Scalar>>& permutations,
  418. std::vector<std::vector<Scalar>>& seeds
  419. ) const;
  420. std::vector<std::vector<std::vector<TwistBipoint>>> generate_vote_tensor(
  421. const std::vector<std::vector<Scalar>>& permutations,
  422. const std::vector<std::vector<TwistBipoint>>& currVoteMatrix,
  423. std::vector<std::vector<std::vector<Scalar>>>& seeds,
  424. bool inverted
  425. ) const;
  426. std::vector<std::vector<TwistBipoint>> calculate_next_vote_matrix(
  427. const std::vector<std::vector<std::vector<TwistBipoint>>>& voteTensor
  428. ) const;
  429. void generate_vote_tensor_proofs(
  430. std::vector<std::vector<Proof>>& pi,
  431. const std::vector<std::vector<Scalar>>& permutations,
  432. const std::vector<std::vector<Scalar>>& permutationSeeds,
  433. const std::vector<std::vector<std::vector<Scalar>>>& matrixSeeds,
  434. const std::vector<std::vector<TwistBipoint>>& currMatrix,
  435. const std::vector<std::vector<Twistpoint>>& permutationCommits,
  436. const std::vector<std::vector<std::vector<TwistBipoint>>>& matrixCommits,
  437. bool inverted
  438. ) const;
  439. bool verify_vote_tensor_proofs(
  440. const std::vector<std::vector<Proof>>& pi,
  441. size_t start_offset,
  442. const std::vector<std::vector<TwistBipoint>>& currMatrix,
  443. const std::vector<std::vector<Twistpoint>>& permutationCommits,
  444. const std::vector<std::vector<std::vector<TwistBipoint>>>& matrixCommits,
  445. bool inverted
  446. ) const;
  447. void generate_user_tally_matrix(
  448. const std::vector<std::vector<Scalar>>& permutations,
  449. const Scalar& power,
  450. const Twistpoint& nextGenerator,
  451. const std::vector<Twistpoint>& currPseudonyms,
  452. std::vector<Twistpoint>& masks,
  453. std::vector<std::vector<Twistpoint>>& maskCommits,
  454. std::vector<Twistpoint>& messages,
  455. std::vector<std::vector<Twistpoint>>& messageCommits,
  456. std::vector<std::vector<Scalar>>& userTallySeeds,
  457. std::vector<std::vector<Twistpoint>>& userTallySeedCommits
  458. ) const;
  459. template <typename T>
  460. std::vector<std::vector<T>> generate_reordered_plus_power_matrix(
  461. const std::vector<std::vector<Scalar>>& permutations,
  462. const Scalar& power,
  463. const std::vector<T>& oldValues,
  464. std::vector<std::vector<Scalar>>& seeds,
  465. std::vector<std::vector<Twistpoint>>& seedCommits,
  466. const T& h
  467. ) const;
  468. template <typename T>
  469. std::vector<std::vector<T>> generate_reordered_matrix(
  470. const std::vector<std::vector<Scalar>>& permutations,
  471. const std::vector<T>& oldValues,
  472. std::vector<std::vector<Scalar>>& seeds,
  473. const T& h,
  474. bool cancelOut
  475. ) const;
  476. template <typename T>
  477. std::vector<std::vector<T>> transpose_matrix(
  478. const std::vector<std::vector<T>>& input
  479. ) const;
  480. std::vector<size_t> sort_data(
  481. const std::vector<Twistpoint>& inputs
  482. ) const;
  483. // A helper class for "ordering" data and for binary search
  484. struct SortingType {
  485. Twistpoint pseudonym;
  486. size_t index;
  487. bool operator<( const SortingType& rhs ) const
  488. { return pseudonym < rhs.pseudonym; }
  489. };
  490. template <typename T>
  491. T encrypt(
  492. const T& g,
  493. const T& h,
  494. const Scalar& plaintext,
  495. const Scalar& lambda
  496. ) const;
  497. bool update_data(
  498. const std::vector<std::vector<Twistpoint>>& freshPseudonymCommits,
  499. const std::vector<std::vector<CurveBipoint>>& serverTallyCommits,
  500. const std::vector<std::vector<std::vector<TwistBipoint>>>& voteMatrixCommits,
  501. const std::vector<std::vector<Twistpoint>>& userTallyMaskCommits,
  502. const std::vector<std::vector<Twistpoint>>& userTallyMessageCommits);
  503. bool hbc_update_data(
  504. const std::vector<Twistpoint>& newFreshPseudonyms,
  505. const std::vector<CurveBipoint>& newServerTallies,
  506. const std::vector<std::vector<TwistBipoint>>& newVoteMatrix,
  507. const std::vector<EGCiphertext>& newUserTallies);
  508. bool pseudonyms_sorted(
  509. const std::vector<Twistpoint> newPseudonyms
  510. ) const;
  511. // DATA SAFEKEEPING
  512. std::vector<size_t> order_data();
  513. // BINARY SEARCH
  514. size_t binary_search(
  515. const Twistpoint& index
  516. ) const;
  517. // VALID VOTE PROOFS
  518. bool verify_vote_proof(
  519. const std::vector<Proof>& pi,
  520. const std::vector<TwistBipoint>& oldVotes,
  521. const std::vector<TwistBipoint>& newVotes,
  522. const Twistpoint& shortTermPublicKey
  523. ) const;
  524. };
  525. #endif