Beispiel #1
0
// getNotaryPredicate gets the predicate for the proof of correctness of notary ciphertexts:
// R_j = r_j*g-hat AND (S_j = -r_j*g_l AND ...)
// Since we can't put the minus sign in a predicate, we actually use the following equivalent statement:
// R_j = r_j*g-hat AND (S_j = r_j*(-g_l) AND ...)
func getNotaryPredicate(amount int) proof.Predicate {
	preds := make([]proof.Predicate, amount+1)
	preds[0] = proof.Rep("R_j", "r_j", "g_hat")
	for l := 0; l < amount; l++ {
		preds[l+1] = proof.Rep("S_j,"+strconv.Itoa(l), "r_j", "-g_"+strconv.Itoa(l))
	}

	return proof.And(preds...)
}
Beispiel #2
0
// GetUserPredicate gets the predicate for the proof of correctness of user ciphertexts:
// ( R_i = r_i*g-hat AND (C_{i,l} = r_i*g_l AND ...) OR Y = y*g )
// Here R_i = \sum_{j} R_{ij}; same for r_i; C_{i,l} is the l-th ciphertext;
// g_l is the l-th base point and Y is the slot owner public key
func GetUserPredicate(amount int) proof.Predicate {
	preds := make([]proof.Predicate, amount+1)
	preds[0] = proof.Rep("R_i", "r_i", "g_hat")
	for l := 0; l < amount; l++ {
		preds[l+1] = proof.Rep("C_i,"+strconv.Itoa(l), "r_i", "g_"+strconv.Itoa(l))
	}

	return proof.Or(proof.And(preds...), proof.Rep("Y", "y", "g"))
}
Beispiel #3
0
func bifflePred() proof.Predicate {

	// Branch 0 of either/or proof (for bit=0)
	rep000 := proof.Rep("Xbar0-X0", "beta0", "G")
	rep001 := proof.Rep("Ybar0-Y0", "beta0", "H")
	rep010 := proof.Rep("Xbar1-X1", "beta1", "G")
	rep011 := proof.Rep("Ybar1-Y1", "beta1", "H")

	// Branch 1 of either/or proof (for bit=1)
	rep100 := proof.Rep("Xbar0-X1", "beta1", "G")
	rep101 := proof.Rep("Ybar0-Y1", "beta1", "H")
	rep110 := proof.Rep("Xbar1-X0", "beta0", "G")
	rep111 := proof.Rep("Ybar1-Y0", "beta0", "H")

	and0 := proof.And(rep000, rep001, rep010, rep011)
	and1 := proof.And(rep100, rep101, rep110, rep111)

	or := proof.Or(and0, and1)
	return or
}
Beispiel #4
0
// Get the proof predicate for decryption proofs:
// PK{ (x) : h = g^x  and  c2/m = c1^x }
func getProofPredicate() proof.Predicate {
	return proof.And(proof.Rep("h", "x", "g"), proof.Rep("c2/m", "x", "c1"))
}