Provides an interface every verification we want to perform must implement. More...

#include <verification.hpp>

Inheritance diagram for proofs::Verification:

Collaboration diagram for proofs::Verification:

Public Member Functions
	Verification (XmlConfig *config, std::vector< uint8_t > prefix, unsigned int nZero)
	Creates an instance of a Verification class by setting its two attributes.
arithm::ArrayOfElmts	randomExponents (verifierUtils::ByteTree *bts, std::vector< uint8_t > &s)
	Used to compute a random exponents vector according to the specification.
arithm::Elmt	getChallenge (std::vector< uint8_t > s)
	Returns a challenge computed from the original seed s and a bytetree.
arithm::ArrayOfElmts	getGenerators ()
	Returns the h attribute.
virtual bool	isEverythingOK ()
	Checks that everything is OK. This is a virtual method.

Protected Attributes
XmlConfig *	protocolFile
	A class containing the information in the protocol info file.
cryptoTools::SHAx *	H
	The hashfunction to be used by the random oracles.
cryptoTools::RO *	ROs
	The random oracle to use to seed the PRG.
cryptoTools::RO *	ROv
	The random oracle to use to generate challenges.
std::vector< uint8_t >	rho
	$\rho$ , a prefix for the random oracle.
unsigned int	n0
	(or ), the size of the arrays.
unsigned int	ne
	, number of bits in each component of random vectors used for batching.
unsigned int	nr
	, acceptable "statistical error" when deriving independent generators.
unsigned int	nv
	, number of bits in challenges.
cryptoTools::PRG *	prg
	Pseudo-random generator used to derive random vectors for batching.
arithm::Group *	gq
	a group of prime order with characteristic .
arithm::Field *	zq
	The field in which the exponent live, .
arithm::ArrayOfElmts	h
	An array of independant generators $h = (h_0,...h_{N_0-1})$ .
verifierUtils::ByteTree *	tau
	The commitment of the Fiat-Shamir proof, $\tau$ .
verifierUtils::ByteTree *	sigma
	The reply of the Fiat-Shamir proof, $\sigma$ .

Detailed Description

Provides an interface every verification we want to perform must implement.

The idea is to make it easier to add new proofs should the necessity arise. It is a virtual class.

Definition at line 38 of file verification.hpp.

Constructor & Destructor Documentation

Verification::Verification	(	XmlConfig *	config,
		std::vector< uint8_t >	prefix,
		unsigned int	nZero
	)

Creates an instance of a Verification class by setting its two attributes.

Parameters

config	The protocol info file to use.
prefix	The value to give to the rho attribute.
nZero	The value to give to the n0 attribute.

Definition at line 17 of file verification.cpp.

{
        protocolFile = config;
        
        // initializing constants
        n0 = nZero;
        ne = protocolFile->getVbitlenro();
        nr = protocolFile->getStatdist();
        nv = protocolFile->getCbitlenro();
        H = protocolFile->getRohash();
        prg = new cryptoTools::PRG(protocolFile->getPrghash());
        gq = protocolFile->getPgroup();
        zq = new arithm::ModField(gq->getMultOrder());
        rho = prefix;
        // initializing the random oracles
        ROs = new cryptoTools::RO(H,protocolFile->getPrghash()->getHashLength());
        ROv = new cryptoTools::RO(H,protocolFile->getCbitlenro());
        // initialising the independant random generators
        verifierUtils::ByteTree * bt =
                verifierUtils::ByteTree::string2ByteTree("generators");
        std::vector<uint8_t> seed = rho, s, btVector(bt->toVector());
        seed.insert(seed.end(),btVector.begin(),btVector.end());
        s = ROs->query(seed);
        prg->initialize(s);
        h = gq->getRandArray(prg,nr,n0);
}

Member Function Documentation

arithm::Elmt Verification::getChallenge ( std::vector< uint8_t > s )

Returns a challenge computed from the original seed s and a bytetree.

First, concatenates the hexadecimal representation of the node containing a leaf containing s and tau with rho. Then, uses it as query for ROv. At last, turns its output into an integer in $[0,2^{n_v}]$ .

Parameters

s	The former seed, used by ROs to compute exponents.

Returns: A challenge for the different proofs.

Definition at line 76 of file verification.cpp.

{
        verifierUtils::ByteTree * btv = new verifierUtils::Node();
        btv->addChild(new verifierUtils::Leaf(s));
        btv->addChild(tau);
        std::vector<uint8_t> vBytes, queryROv = rho, btvVector(btv->toVector());
        queryROv.insert(queryROv.end(), btvVector.begin(), btvVector.end());
        vBytes = ROv->query(queryROv);
        mpz_class v = 1, modulo = 2;
        for (unsigned int i=0; i<nv/8; i++)
                v = v*0x100 + vBytes[i];
        mpz_pow_ui(
                modulo.get_mpz_t(),
                modulo.get_mpz_t(),
                nv);
        return arithm::Elmt(v % modulo,NULL);
}

arithm::ArrayOfElmts Verification::getGenerators ( )

Returns the h attribute.

Definition at line 95 of file verification.cpp.

{
        return h;
}

bool Verification::isEverythingOK ( )

virtual

Checks that everything is OK. This is a virtual method.

Returns: true if the content of the protocol info file and proof directory are coherent, false otherwise.

Reimplemented in proofs::ProofOfShuffleOfCiphers, proofs::ProofOfCorrectDecryption, and proofs::ProofOfShuffleOfCommitments.

Definition at line 101 of file verification.cpp.

{
        return false;
}

arithm::ArrayOfElmts Verification::randomExponents	(	verifierUtils::ByteTree *	bts,
		std::vector< uint8_t > &	s
	)

Used to compute a random exponents vector according to the specification.

The exponents are derived using a PRG whose output is turned into integers of bytelength $n_e/8$. The moduli of the exponents thus created are returned (division modulo $2^{8(n_e/8)}$ ).

Parameters

	bts	The bytetree whose hexadecimal representation must be appended to rho.
[in,out]	s	The seed for the prg is initialized in this function but can be used after.

Returns: The exponents for $i \in [0,N_0-1]$ .

Definition at line 49 of file verification.cpp.

{
        // first, we compute the seed s
        std::vector<uint8_t>  queryROs = rho, btsVector(bts->toVector());
        queryROs.insert(queryROs.end(),
                        btsVector.begin(),btsVector.end());
        s = ROs->query(queryROs);
        
        // then, we use the prg's output to compute the exponents
        prg->initialize(s);
        arithm::ArrayOfElmts e;
        unsigned int eiByteLength = ne/8;
        mpz_class twoToTheNe = 2;
        mpz_pow_ui(twoToTheNe.get_mpz_t(),twoToTheNe.get_mpz_t(),ne);
        for (unsigned int i=0; i<n0; i++)
        {
                mpz_class ei = 0;
                for (unsigned int j=0; j<eiByteLength; j++)
                        ei = ei*0x100 + prg->getNextRandByte();
                ei = ei % twoToTheNe;
                e.addElmt(arithm::Elmt(ei,NULL));
        }
        return e;
}

Member Data Documentation

arithm::Group* proofs::Verification::gq

protected

$G_q$ a group of prime order with characteristic $q$ .

Definition at line 99 of file verification.hpp.

cryptoTools::SHAx* proofs::Verification::H

protected

The hashfunction to be used by the random oracles.

Definition at line 50 of file verification.hpp.

arithm::ArrayOfElmts proofs::Verification::h

protected

An array of independant generators $h = (h_0,...h_{N_0-1})$ .

Definition at line 110 of file verification.hpp.

unsigned int proofs::Verification::n0

protected

$N_0$ (or $N$ ), the size of the arrays.

Definition at line 71 of file verification.hpp.

unsigned int proofs::Verification::ne

protected

$n_e$ , number of bits in each component of random vectors used for batching.

Definition at line 77 of file verification.hpp.

unsigned int proofs::Verification::nr

protected

$n_r$ , acceptable "statistical error" when deriving independent generators.

Definition at line 83 of file verification.hpp.

unsigned int proofs::Verification::nv

protected

$n_v$ , number of bits in challenges.

Definition at line 88 of file verification.hpp.

cryptoTools::PRG* proofs::Verification::prg

protected

Pseudo-random generator $PRG$ used to derive random vectors for batching.

Definition at line 94 of file verification.hpp.

XmlConfig* proofs::Verification::protocolFile

protected

A class containing the information in the protocol info file.

Definition at line 45 of file verification.hpp.

std::vector<uint8_t> proofs::Verification::rho

protected

$\rho$ , a prefix for the random oracle.

See Also: RO

Definition at line 66 of file verification.hpp.

cryptoTools::RO* proofs::Verification::ROs

protected

The random oracle to use to seed the PRG.

Definition at line 55 of file verification.hpp.

cryptoTools::RO* proofs::Verification::ROv

protected

The random oracle to use to generate challenges.

Definition at line 60 of file verification.hpp.

verifierUtils::ByteTree* proofs::Verification::sigma

protected

The reply of the Fiat-Shamir proof, $\sigma$ .

Definition at line 120 of file verification.hpp.

verifierUtils::ByteTree* proofs::Verification::tau

protected

The commitment of the Fiat-Shamir proof, $\tau$ .

Definition at line 115 of file verification.hpp.

arithm::Field* proofs::Verification::zq

protected

The field in which the exponent live, $Z_q$ .

Definition at line 104 of file verification.hpp.

The documentation for this class was generated from the following files:

proofs/verification.hpp
proofs/verification.cpp

Public Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation