Public Member Functions | Private Attributes | List of all members
proofs::ProofOfCorrectDecryption Class Reference

Performs a proof of shuffle of commitments. It is an implementation of the Verfication class. More...

#include <proofofcorrectdecryption.hpp>

+ Inheritance diagram for proofs::ProofOfCorrectDecryption:
+ Collaboration diagram for proofs::ProofOfCorrectDecryption:

Public Member Functions

 ProofOfCorrectDecryption (bool &readingWasOK, XmlConfig *config, std::vector< uint8_t > prefix, unsigned int N, arithm::Elmt partialJointKey, elGamal::CipherGroup cipherTextsGrp, arithm::Group *plainTextGrp, elGamal::ArrayOfCiphers inputCiphers, arithm::ArrayOfElmts decryptionFactors, verifierUtils::ByteTree *commitmentFSproof, verifierUtils::ByteTree *replyFSproof)
 Creates an instance of the ProofOfCorrectDecryption class by setting its attributes.
bool isEverythingOK ()
 Checks that the joint decryption of the re-encrypted and permuted vote went as expected.
- Public Member Functions inherited from proofs::Verification
 Verification (XmlConfig *config, std::vector< uint8_t > prefix, unsigned int nZero)
 Creates an instance of a Verification class by setting its two attributes.
arithm::ArrayOfElmts randomExponents (verifierUtils::ByteTree *bts, std::vector< uint8_t > &s)
 Used to compute a random exponents vector according to the specification.
arithm::Elmt getChallenge (std::vector< uint8_t > s)
 Returns a challenge computed from the original seed s and a bytetree.
arithm::ArrayOfElmts getGenerators ()
 Returns the h attribute.

Private Attributes

arithm::Elmt y
 The partial public key $y$.
elGamal::CipherGroup C
 The ciphertexts group $C$.
arithm::GroupM
 The plaintexts group $M$.
elGamal::ArrayOfCiphers w
 The array $w = (w_0,...,w_{N-1})$ of input ciphertexts in $C$.
arithm::ArrayOfElmts f
 Array $f = (f_0,...,f_{N-1})$ of decryption factors in $G_q$.

Additional Inherited Members

- Protected Attributes inherited from proofs::Verification
XmlConfigprotocolFile
 A class containing the information in the protocol info file.
cryptoTools::SHAxH
 The hashfunction to be used by the random oracles.
cryptoTools::ROROs
 The random oracle to use to seed the PRG.
cryptoTools::ROROv
 The random oracle to use to generate challenges.
std::vector< uint8_t > rho
 $\rho$, a prefix for the random oracle.
unsigned int n0
 $N_0$ (or $N$), the size of the arrays.
unsigned int ne
 $n_e$, number of bits in each component of random vectors used for batching.
unsigned int nr
 $n_r$, acceptable "statistical error" when deriving independent generators.
unsigned int nv
 $n_v$, number of bits in challenges.
cryptoTools::PRGprg
 Pseudo-random generator $PRG$ used to derive random vectors for batching.
arithm::Groupgq
 $G_q$ a group of prime order with characteristic $q$.
arithm::Fieldzq
 The field in which the exponent live, $Z_q$.
arithm::ArrayOfElmts h
 An array of independant generators $h = (h_0,...h_{N_0-1})$.
verifierUtils::ByteTreetau
 The commitment of the Fiat-Shamir proof, $\tau$.
verifierUtils::ByteTreesigma
 The reply of the Fiat-Shamir proof, $\sigma$.

Detailed Description

Performs a proof of shuffle of commitments. It is an implementation of the Verfication class.

The operation performed in this class are just implementation of the verificatum verifier specification, namely page 17.

Definition at line 30 of file proofofcorrectdecryption.hpp.

Constructor & Destructor Documentation

ProofOfCorrectDecryption::ProofOfCorrectDecryption ( bool &  readingWasOK,
XmlConfig config,
std::vector< uint8_t >  prefix,
unsigned int  N,
arithm::Elmt  partialJointKey,
elGamal::CipherGroup  cipherTextsGrp,
arithm::Group plainTextGrp,
elGamal::ArrayOfCiphers  inputCiphers,
arithm::ArrayOfElmts  decryptionFactors,
verifierUtils::ByteTree commitmentFSproof,
verifierUtils::ByteTree replyFSproof 
)

Creates an instance of the ProofOfCorrectDecryption class by setting its attributes.

If any variable is wrong, readingWasOK takes the value false. Otherwise, this variable is equal to true at the end of the construction.

Parameters
[out]readingWasOKIs false at the end of the construction if there was a problem.
configThe protocol info file to use.
prefixThe value to give to the rho attribute.
NThe actual number of ciphers.
partialJointKeyThe partial joint El Gamal public key.
cipherTextsGrpThe field in which live ciphertexts.
plainTextGrpThe field in which live plaintexts.
inputCiphersThe ciphers to check.
decryptionFactorsThe decryption factors.
commitmentFSproofCommitments of the Fiat-Shamir proof.
replyFSproofReply of the Fiat-Shamir proof.
Returns

Definition at line 21 of file proofofcorrectdecryption.cpp.

:
Verification(config,prefix,N),
y(partialJointKey),
C(cipherTextsGrp),
M(plainTextGrp),
w(inputCiphers),
f(decryptionFactors)
{
readingWasOK = true;
// checking arrays' sizes
if (w.size() != n0)
{
std::cout<<"ERROR: in ProofOfCorrectDecryption:"
<<"number of input ciphers does not match N:"
<<"\nN="<<n0
<<"\nw->getSize()="<<w.size()<<std::endl;
readingWasOK = false;
}
if (f.size() != n0)
{
std::cout<<"ERROR: in ProofOfCorrectDecryption:"
<<"number of decryption factors does not match N:"
<<"\nN="<<n0
<<"\nf->getSize()="<<f.size()<<std::endl;
readingWasOK = false;
}
// Assigning bytetrees
tau = commitmentFSproof;
if ((tau->size()<2) || (!tau->isNode())
|| (!tau->getChild(0)->isLeaf())
|| (!tau->getChild(1)->isNode())
|| (!tau->getChild(1)->getChild(0)->isLeaf())
)
{
std::cout<<"ERROR: in ProofOfCorrectDecryption:"
<<"tau is not valid.\ntau="
<<tau->toString()<<std::endl;
readingWasOK = false;
}
sigma = replyFSproof;
if (!sigma->isLeaf())
{
std::cout<<"ERROR: in ProofOfCorrectDecryption:"
<<"sigma is not valid.\nsigma="
<<sigma->toString()<<std::endl;
readingWasOK = false;
}
}

Member Function Documentation

bool ProofOfCorrectDecryption::isEverythingOK ( )
virtual

Checks that the joint decryption of the re-encrypted and permuted vote went as expected.

The detail of this algorithm is given page 17 of the verificatum verifier specification.

Returns
true if the mix-servers jointly decrypted the permuted and re-encrypted list of ciphertexts, false if the slightest thing went wrong.

Reimplemented from proofs::Verification.

Definition at line 85 of file proofofcorrectdecryption.cpp.

{
// 1-a Parsing tau
arithm::Elmt
yPrime = gq->getElmt(tau->getChild(0)),
BPrime = M->getArray(tau->getChild(1)).getElmt(0);
// 1-b Parsing sigma
arithm::Elmt kx = zq->getElmt(sigma);
// 2- compute the bytetree part of s
std::vector<uint8_t> s;
verifierUtils::ByteTree
* bts = new verifierUtils::Node(),
* sub1 = new verifierUtils::Node(),
* sub2 = new verifierUtils::Node();
sub1->addChild(gq->getGenerator().toByteTree());
sub1->addChild(w.toByteTree());
bts->addChild(sub1);
sub2->addChild(y.toByteTree());
sub2->addChild(f.toByteTree());
bts->addChild(sub2);
// 3- compute A
arithm::ArrayOfElmts e = randomExponents(bts,s);
elGamal::CipherText A = C.expProduct(w,e);
arithm::Elmt B = gq->expProduct(f,e);
// 4- compute a challenge v
arithm::Elmt v = getChallenge(s);
// First verification
arithm::Elmt
lhs = gq->multiplication(
gq->exponentiation(y,v),
yPrime
),
rhs = gq->exponentiation(
gq->getGenerator(),
kx
);
if ( !gq->compare(lhs,rhs) )
{
std::cout<<"In ProofOfCorrectDecryption, $y^v y'$ does "
<<"not equal $g^{k_x}$"<<std::endl;
return false;
}
// Second verification
lhs = M->multiplication(
M->exponentiation(B,v),
BPrime
);
rhs = C.pdec(kx,A);
if ( !gq->compare(lhs,rhs) )
{
std::cout<<"In ProofOfCorrectDecryption, $B^v B'$ does "
<<"not equal $PDec_{k_x}(A)$"<<std::endl;
return false;
}
// If we reached this point, everything went perfectly!
return true;
}

Member Data Documentation

elGamal::CipherGroup proofs::ProofOfCorrectDecryption::C
private

The ciphertexts group $C$.

Definition at line 41 of file proofofcorrectdecryption.hpp.

arithm::ArrayOfElmts proofs::ProofOfCorrectDecryption::f
private

Array $f = (f_0,...,f_{N-1})$ of decryption factors in $G_q$.

Definition at line 58 of file proofofcorrectdecryption.hpp.

arithm::Group* proofs::ProofOfCorrectDecryption::M
private

The plaintexts group $M$.

Definition at line 46 of file proofofcorrectdecryption.hpp.

elGamal::ArrayOfCiphers proofs::ProofOfCorrectDecryption::w
private

The array $w = (w_0,...,w_{N-1})$ of input ciphertexts in $C$.

Definition at line 52 of file proofofcorrectdecryption.hpp.

arithm::Elmt proofs::ProofOfCorrectDecryption::y
private

The partial public key $y$.

Definition at line 36 of file proofofcorrectdecryption.hpp.

The documentation for this class was generated from the following files:
Generated on Sun Sep 30 2012 15:28:22 for VerificatumVerifier by doxygen 1.8.1.2