proofs/proofofshuffleofciphers.cpp Source File

 
 #include "proofofshuffleofciphers.hpp"
 
 
 using namespace proofs;
 
 
 ProofOfShuffleOfCiphers::ProofOfShuffleOfCiphers(
         bool &readingWasOK,
         XmlConfig * config,
         std::vector<uint8_t> prefix,
         arithm::ArrayOfElmts pedersen,
         unsigned int N,
         arithm::Field * randomizerGrp,
         elGamal::CipherGroup cipherTextsGrp,
         arithm::Elmt elGamalPkey,
         elGamal::ArrayOfCiphers inputCiphers,
         elGamal::ArrayOfCiphers outputCiphers,
         verifierUtils::ByteTree * commitmentFSproof,
         verifierUtils::ByteTree * replyFSproof)
         :
         Verification(config,prefix,N),
         u(pedersen),
         R(randomizerGrp),
         C(cipherTextsGrp),
         pk(elGamalPkey),
         w(inputCiphers),
         wPrime(outputCiphers)
 {
         readingWasOK = true;
         
         // checking the arrays' sizes
         if (u.size() != n0)
         {
                 std::cout<<"ERROR: in ProofOfShuffleOfCommitments:"
                          <<"u is not of the correct size."
                          <<"u->getSize()="<<u.size()
                          <<"n0="<<n0<<std::endl;
                 readingWasOK = false;
         }
         if (w.size() != n0)
         {
                 std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
                          <<"number of input ciphers does not match N:"
                          <<"\nN="<<n0
                          <<"\nw->getSize()="<<w.size()<<std::endl;
                 readingWasOK = false;
         }
         if (wPrime.size() != n0)
         {
                 std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
                          <<"number of output ciphers does not match N:"
                          <<"\nN="<<n0
                          <<"\nwPrime->getSize()="<<wPrime.size()<<std::endl;
                 readingWasOK = false;
         }
 
         // initializing the bytetrees
         tau = commitmentFSproof;
         if ((tau->size()<2) || (!tau->isNode()))
         {
                 std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
                          <<"tau is not valid.\ntau="<<std::endl;
                 tau->prettyPrint("");
                 std::cout<<std::endl;
                 readingWasOK = false;
         }
         sigma = replyFSproof;
         if ((sigma->size()<3) || (!sigma->isNode())
             || (!sigma->getChild(0)->isLeaf())
             || (!sigma->getChild(1)->isLeaf())
             || (!sigma->getChild(2)->isNode()) || (sigma->getChild(2)->size() != n0)
                 )
         {
                 std::cout<<"ERROR: in ProofOfShuffleOfCiphers:"
                          <<"sigma is not valid.\nsigma="<<std::endl;
                 sigma->prettyPrint("");
                 std::cout<<std::endl;
                 readingWasOK = false;
         }
 }
 
 
 
 bool ProofOfShuffleOfCiphers::isEverythingOK()
 {
         // 1-a Parsing tau
         arithm::Elmt  Aprime = gq->getElmt(tau->getChild(0));
         elGamal::CipherText Bprime = C.getCipherText(tau->getChild(1));
         
         // 1-b Parsing sigma
         arithm::Elmt
                 kA = zq->getElmt(sigma->getChild(0)),
                 kB =  R->getElmt(sigma->getChild(1));
         arithm::ArrayOfElmts kE = zq->getArray(sigma->getChild(2));
         
         // 2- compute the bytetree part of s
         std::vector<uint8_t> s;
         verifierUtils::ByteTree * bts = new verifierUtils::Node();
         bts->addChild(gq->getGenerator().toByteTree());
         bts->addChild( h.toByteTree());
         bts->addChild( u.toByteTree());
         bts->addChild(elGamal::CipherText(gq->getGenerator(),pk).toByteTree());
         bts->addChild( w.toByteTree());
         bts->addChild(wPrime.toByteTree());
         
         // 3- compute A
         arithm::ArrayOfElmts e = randomExponents(bts,s);
         arithm::Elmt A = gq->expProduct(u,e);
         
         // 4- compute a challenge v
         arithm::Elmt v = getChallenge(s);
                     
         // 5- compute B
         elGamal::CipherText B = C.expProduct(w,e);
         
         // First verification
         arithm::Elmt
                 lhs =  gq->multiplication(
                         gq->exponentiation(A,v),
                         Aprime
                         ),
                 rhs = gq->multiplication(
                         gq->exponentiation(gq->getGenerator(),kA),
                         gq->expProduct(h,kE)
                         );
         if ( !gq->compare(lhs,rhs) )
         {
                 std::cout<<"In ProofOfShuffleOfCiphers, $A^vA'$ does not"
                          <<" equal $g^{k_A}\\prod_{i=0}^{N_0-1}"
                          <<"h_i^{k_{E,i}}$"<<std::endl;
                 return false;
         }
         
         // Second verification
         elGamal::CipherText
                 lhsBis  = C.multiplication(
                         C.exponentiation(B,v),
                         Bprime
                         ),
                 rhsBis = C.multiplication(
                         C.enc(pk,zq->getOne(),R->addInverse(kB)),
                         C.expProduct(wPrime,kE)
                         );        
         if (! C.compare(lhsBis,rhsBis) )
         {
                 std::cout<<"In ProofOfShuffleOfCiphers, $B^vB'$ does "
                          <<"not equal $Enc_{pk}(1,-k_B)\\prod_{i=0}^"
                          <<"{N_0-1}w'_i^{k_{E,i}}$"<<std::endl;
                 return false;
         }
         
         // if this point is reached, then the proof is valid
         return true;
 }