proofofcorrectdecryption.cpp
Go to the documentation of this file.
1 
12 #include "../elgamal/elgamal.hpp"
13 
14 #include "proofofcorrectdecryption.hpp"
15 #include "verification.hpp"
16 
17 
18 using namespace proofs;
19 
20 
21 ProofOfCorrectDecryption::ProofOfCorrectDecryption(
22  bool &readingWasOK,
23  XmlConfig * config,
24  std::vector<uint8_t> prefix,
25  unsigned int N,
26  arithm::Elmt partialJointKey,
27  elGamal::CipherGroup cipherTextsGrp,
28  arithm::Group * plainTextGrp,
29  elGamal::ArrayOfCiphers inputCiphers,
30  arithm::ArrayOfElmts decryptionFactors,
31  verifierUtils::ByteTree * commitmentFSproof,
32  verifierUtils::ByteTree * replyFSproof)
33  :
34  Verification(config,prefix,N),
35  y(partialJointKey),
36  C(cipherTextsGrp),
37  M(plainTextGrp),
38  w(inputCiphers),
39  f(decryptionFactors)
40 {
41  readingWasOK = true;
42 
43  // checking arrays' sizes
44  if (w.size() != n0)
45  {
46  std::cout<<"ERROR: in ProofOfCorrectDecryption:"
47  <<"number of input ciphers does not match N:"
48  <<"\nN="<<n0
49  <<"\nw->getSize()="<<w.size()<<std::endl;
50  readingWasOK = false;
51  }
52  if (f.size() != n0)
53  {
54  std::cout<<"ERROR: in ProofOfCorrectDecryption:"
55  <<"number of decryption factors does not match N:"
56  <<"\nN="<<n0
57  <<"\nf->getSize()="<<f.size()<<std::endl;
58  readingWasOK = false;
59  }
60 
61  // Assigning bytetrees
62  tau = commitmentFSproof;
63  if ((tau->size()<2) || (!tau->isNode())
64  || (!tau->getChild(0)->isLeaf())
65  || (!tau->getChild(1)->isNode())
66  || (!tau->getChild(1)->getChild(0)->isLeaf())
67  )
68  {
69  std::cout<<"ERROR: in ProofOfCorrectDecryption:"
70  <<"tau is not valid.\ntau="
71  <<tau->toString()<<std::endl;
72  readingWasOK = false;
73  }
74  sigma = replyFSproof;
75  if (!sigma->isLeaf())
76  {
77  std::cout<<"ERROR: in ProofOfCorrectDecryption:"
78  <<"sigma is not valid.\nsigma="
79  <<sigma->toString()<<std::endl;
80  readingWasOK = false;
81  }
82 }
83 
84 
85 bool ProofOfCorrectDecryption::isEverythingOK()
86 {
87  // 1-a Parsing tau
88  arithm::Elmt
89  yPrime = gq->getElmt(tau->getChild(0)),
90  BPrime = M->getArray(tau->getChild(1)).getElmt(0);
91 
92  // 1-b Parsing sigma
93  arithm::Elmt kx = zq->getElmt(sigma);
94 
95 
96  // 2- compute the bytetree part of s
97  std::vector<uint8_t> s;
98  verifierUtils::ByteTree
99  * bts = new verifierUtils::Node(),
100  * sub1 = new verifierUtils::Node(),
101  * sub2 = new verifierUtils::Node();
102  sub1->addChild(gq->getGenerator().toByteTree());
103  sub1->addChild(w.toByteTree());
104  bts->addChild(sub1);
105  sub2->addChild(y.toByteTree());
106  sub2->addChild(f.toByteTree());
107  bts->addChild(sub2);
108 
109 
110  // 3- compute A
111  arithm::ArrayOfElmts e = randomExponents(bts,s);
112  elGamal::CipherText A = C.expProduct(w,e);
113  arithm::Elmt B = gq->expProduct(f,e);
114 
115 
116  // 4- compute a challenge v
117  arithm::Elmt v = getChallenge(s);
118 
119 
120  // First verification
121  arithm::Elmt
122  lhs = gq->multiplication(
123  gq->exponentiation(y,v),
124  yPrime
125  ),
126  rhs = gq->exponentiation(
127  gq->getGenerator(),
128  kx
129  );
130  if ( !gq->compare(lhs,rhs) )
131  {
132  std::cout<<"In ProofOfCorrectDecryption, $y^v y'$ does "
133  <<"not equal $g^{k_x}$"<<std::endl;
134  return false;
135  }
136 
137  // Second verification
138  lhs = M->multiplication(
139  M->exponentiation(B,v),
140  BPrime
141  );
142  rhs = C.pdec(kx,A);
143  if ( !gq->compare(lhs,rhs) )
144  {
145  std::cout<<"In ProofOfCorrectDecryption, $B^v B'$ does "
146  <<"not equal $PDec_{k_x}(A)$"<<std::endl;
147  return false;
148  }
149 
150 
151 
152  // If we reached this point, everything went perfectly!
153  return true;
154 }
Generated on Sun Sep 30 2012 15:28:21 for VerificatumVerifier by doxygen 1.8.1.2