Public Member Functions | Private Attributes | List of all members
proofs::ProofOfShuffleOfCiphers Class Reference

Performs a proof of shuffle of ciphers. It is an implementation of the Verfication class. More...

#include <proofofshuffleofciphers.hpp>

+ Inheritance diagram for proofs::ProofOfShuffleOfCiphers:
+ Collaboration diagram for proofs::ProofOfShuffleOfCiphers:

Public Member Functions

 ProofOfShuffleOfCiphers (bool &readingWasOK, XmlConfig *config, std::vector< uint8_t > prefix, arithm::ArrayOfElmts pedersen, unsigned int N, arithm::Field *randomizerGrp, elGamal::CipherGroup cipherTextsGrp, arithm::Elmt elGamalPkey, elGamal::ArrayOfCiphers inputCiphers, elGamal::ArrayOfCiphers outputCiphers, verifierUtils::ByteTree *commitmentFSproof, verifierUtils::ByteTree *replyFSproof)
 Creates an instance of a ProofOfShuffleOfCiphers class by setting all of its attributes.
bool isEverythingOK ()
 Checks that the mix-servers re-encrypted and permuted the ciphered votes as they were commited to.
- Public Member Functions inherited from proofs::Verification
 Verification (XmlConfig *config, std::vector< uint8_t > prefix, unsigned int nZero)
 Creates an instance of a Verification class by setting its two attributes.
arithm::ArrayOfElmts randomExponents (verifierUtils::ByteTree *bts, std::vector< uint8_t > &s)
 Used to compute a random exponents vector according to the specification.
arithm::Elmt getChallenge (std::vector< uint8_t > s)
 Returns a challenge computed from the original seed s and a bytetree.
arithm::ArrayOfElmts getGenerators ()
 Returns the h attribute.

Private Attributes

arithm::ArrayOfElmts u
 $u = (u_0,...,u_{N_0-1})$, an array of Pedersen commitments in $G_q$.
arithm::FieldR
 The randomizer field $\mathcal{R}$.
elGamal::CipherGroup C
 The cipher group $\mathcal{C}$.
arithm::Elmt pk
 The El-Gamal public key.
elGamal::ArrayOfCiphers w
 The array containing the input cipher texts.
elGamal::ArrayOfCiphers wPrime
 The array containing the output cipher texts.

Additional Inherited Members

- Protected Attributes inherited from proofs::Verification
XmlConfigprotocolFile
 A class containing the information in the protocol info file.
cryptoTools::SHAxH
 The hashfunction to be used by the random oracles.
cryptoTools::ROROs
 The random oracle to use to seed the PRG.
cryptoTools::ROROv
 The random oracle to use to generate challenges.
std::vector< uint8_t > rho
 $\rho$, a prefix for the random oracle.
unsigned int n0
 $N_0$ (or $N$), the size of the arrays.
unsigned int ne
 $n_e$, number of bits in each component of random vectors used for batching.
unsigned int nr
 $n_r$, acceptable "statistical error" when deriving independent generators.
unsigned int nv
 $n_v$, number of bits in challenges.
cryptoTools::PRGprg
 Pseudo-random generator $PRG$ used to derive random vectors for batching.
arithm::Groupgq
 $G_q$ a group of prime order with characteristic $q$.
arithm::Fieldzq
 The field in which the exponent live, $Z_q$.
arithm::ArrayOfElmts h
 An array of independant generators $h = (h_0,...h_{N_0-1})$.
verifierUtils::ByteTreetau
 The commitment of the Fiat-Shamir proof, $\tau$.
verifierUtils::ByteTreesigma
 The reply of the Fiat-Shamir proof, $\sigma$.

Detailed Description

Performs a proof of shuffle of ciphers. It is an implementation of the Verfication class.

The operation performed in this class are just implementation of the verificatum verifier specification, namely page 16.

Definition at line 30 of file proofofshuffleofciphers.hpp.

Constructor & Destructor Documentation

ProofOfShuffleOfCiphers::ProofOfShuffleOfCiphers ( bool &  readingWasOK,
XmlConfig config,
std::vector< uint8_t >  prefix,
arithm::ArrayOfElmts  pedersen,
unsigned int  N,
arithm::Field randomizerGrp,
elGamal::CipherGroup  cipherTextsGrp,
arithm::Elmt  elGamalPkey,
elGamal::ArrayOfCiphers  inputCiphers,
elGamal::ArrayOfCiphers  outputCiphers,
verifierUtils::ByteTree commitmentFSproof,
verifierUtils::ByteTree replyFSproof 
)

Creates an instance of a ProofOfShuffleOfCiphers class by setting all of its attributes.

Checks also whether or not tau and sigma will contain the data needed for the rest of the computations to run smoothly. Verifies that the size of the arrays is equal to N.

If any variable is wrong, readingWasOK takes the value false. Otherwise, this variable is equal to true at the end of the construction.

Parameters
[out]readingWasOKIs false at the end of the construction if there was a problem.
configThe protocol info file to use.
prefixThe value to give to the rho attribute.
pedersenArrays of Pedersen commitments.
NThe actual number ciphers
randomizerGrpThe randomizer group.
cipherTextsGrpThe ciphertext group.
elGamalPkeyThe El-Gamal public key.
inputCiphersThe ciphers to check.
outputCiphersThe shuffled ciphers — or are they?
commitmentFSproofCommitments of the Fiat-Shamir proof.
replyFSproofReply of the Fiat-Shamir proof.

Definition at line 18 of file proofofshuffleofciphers.cpp.

:
Verification(config,prefix,N),
u(pedersen),
R(randomizerGrp),
C(cipherTextsGrp),
pk(elGamalPkey),
w(inputCiphers),
wPrime(outputCiphers)
{
readingWasOK = true;
// checking the arrays' sizes
if (u.size() != n0)
{
std::cout<<"ERROR: in ProofOfShuffleOfCommitments:"
<<"u is not of the correct size."
<<"u->getSize()="<<u.size()
<<"n0="<<n0<<std::endl;
readingWasOK = false;
}
if (w.size() != n0)
{
std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
<<"number of input ciphers does not match N:"
<<"\nN="<<n0
<<"\nw->getSize()="<<w.size()<<std::endl;
readingWasOK = false;
}
if (wPrime.size() != n0)
{
std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
<<"number of output ciphers does not match N:"
<<"\nN="<<n0
<<"\nwPrime->getSize()="<<wPrime.size()<<std::endl;
readingWasOK = false;
}
// initializing the bytetrees
tau = commitmentFSproof;
if ((tau->size()<2) || (!tau->isNode()))
{
std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
<<"tau is not valid.\ntau="<<std::endl;
tau->prettyPrint("");
std::cout<<std::endl;
readingWasOK = false;
}
sigma = replyFSproof;
if ((sigma->size()<3) || (!sigma->isNode())
|| (!sigma->getChild(0)->isLeaf())
|| (!sigma->getChild(1)->isLeaf())
|| (!sigma->getChild(2)->isNode()) || (sigma->getChild(2)->size() != n0)
)
{
std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
<<"sigma is not valid.\nsigma="<<std::endl;
sigma->prettyPrint("");
std::cout<<std::endl;
readingWasOK = false;
}
}

Member Function Documentation

bool ProofOfShuffleOfCiphers::isEverythingOK ( )
virtual

Checks that the mix-servers re-encrypted and permuted the ciphered votes as they were commited to.

The detail of this algorithm is given page 16 of the verificatum verifier specification.

Returns
true if the mix-servers behaved correctly with regards to the permutation and re-encryption of ciphered votes, false if the slightest thing went wrong.

Reimplemented from proofs::Verification.

Definition at line 95 of file proofofshuffleofciphers.cpp.

{
// 1-a Parsing tau
arithm::Elmt Aprime = gq->getElmt(tau->getChild(0));
elGamal::CipherText Bprime = C.getCipherText(tau->getChild(1));
// 1-b Parsing sigma
arithm::Elmt
kA = zq->getElmt(sigma->getChild(0)),
kB = R->getElmt(sigma->getChild(1));
arithm::ArrayOfElmts kE = zq->getArray(sigma->getChild(2));
// 2- compute the bytetree part of s
std::vector<uint8_t> s;
verifierUtils::ByteTree * bts = new verifierUtils::Node();
bts->addChild(gq->getGenerator().toByteTree());
bts->addChild( h.toByteTree());
bts->addChild( u.toByteTree());
bts->addChild(elGamal::CipherText(gq->getGenerator(),pk).toByteTree());
bts->addChild( w.toByteTree());
bts->addChild(wPrime.toByteTree());
// 3- compute A
arithm::ArrayOfElmts e = randomExponents(bts,s);
arithm::Elmt A = gq->expProduct(u,e);
// 4- compute a challenge v
arithm::Elmt v = getChallenge(s);
// 5- compute B
elGamal::CipherText B = C.expProduct(w,e);
// First verification
arithm::Elmt
lhs = gq->multiplication(
gq->exponentiation(A,v),
Aprime
),
rhs = gq->multiplication(
gq->exponentiation(gq->getGenerator(),kA),
gq->expProduct(h,kE)
);
if ( !gq->compare(lhs,rhs) )
{
std::cout<<"In ProofOfShuffleOfCiphers, $A^vA'$ does not"
<<" equal $g^{k_A}\\prod_{i=0}^{N_0-1}"
<<"h_i^{k_{E,i}}$"<<std::endl;
return false;
}
// Second verification
elGamal::CipherText
lhsBis = C.multiplication(
C.exponentiation(B,v),
Bprime
),
rhsBis = C.multiplication(
C.enc(pk,zq->getOne(),R->addInverse(kB)),
C.expProduct(wPrime,kE)
);
if (! C.compare(lhsBis,rhsBis) )
{
std::cout<<"In ProofOfShuffleOfCiphers, $B^vB'$ does "
<<"not equal $Enc_{pk}(1,-k_B)\\prod_{i=0}^"
<<"{N_0-1}w'_i^{k_{E,i}}$"<<std::endl;
return false;
}
// if this point is reached, then the proof is valid
return true;
}

Member Data Documentation

elGamal::CipherGroup proofs::ProofOfShuffleOfCiphers::C
private

The cipher group $\mathcal{C}$.

Definition at line 47 of file proofofshuffleofciphers.hpp.

arithm::Elmt proofs::ProofOfShuffleOfCiphers::pk
private

The El-Gamal public key.

Definition at line 52 of file proofofshuffleofciphers.hpp.

arithm::Field* proofs::ProofOfShuffleOfCiphers::R
private

The randomizer field $\mathcal{R}$.

Definition at line 42 of file proofofshuffleofciphers.hpp.

arithm::ArrayOfElmts proofs::ProofOfShuffleOfCiphers::u
private

$u = (u_0,...,u_{N_0-1})$, an array of Pedersen commitments in $G_q$.

Definition at line 37 of file proofofshuffleofciphers.hpp.

elGamal::ArrayOfCiphers proofs::ProofOfShuffleOfCiphers::w
private

The array containing the input cipher texts.

Definition at line 57 of file proofofshuffleofciphers.hpp.

elGamal::ArrayOfCiphers proofs::ProofOfShuffleOfCiphers::wPrime
private

The array containing the output cipher texts.

Definition at line 62 of file proofofshuffleofciphers.hpp.

The documentation for this class was generated from the following files:
Generated on Sun Sep 30 2012 15:28:22 for VerificatumVerifier by doxygen 1.8.1.2