Ejemplo n.º 1
0
/////////////////////////////////
//Misc
////////////////////////////////
func (s *Server) verifyShuffle(ik InternalKey, aux AuxKeyProof) bool {
	Xss := aux.OrigXss
	Yss := aux.OrigYss
	Xbarss := ik.Xss
	Ybarss := ik.Ybarss
	prfss := ik.Proofs

	for i := range Xss {
		pk := UnmarshalPoint(s.suite, ik.Keys[i])
		Xs := make([]abstract.Point, len(Xss[i]))
		Ys := make([]abstract.Point, len(Yss[i]))
		Xbars := make([]abstract.Point, len(Xbarss[i]))
		Ybars := make([]abstract.Point, len(Ybarss[i]))
		for j := range Xss[i] {
			Xs[j] = UnmarshalPoint(s.suite, Xss[i][j])
			Ys[j] = UnmarshalPoint(s.suite, Yss[i][j])
			Xbars[j] = UnmarshalPoint(s.suite, Xbarss[i][j])
			Ybars[j] = UnmarshalPoint(s.suite, Ybarss[i][j])
		}
		v := shuffle.Verifier(s.suite, nil, pk, Xs, Ys, Xbars, Ybars)
		err := proof.HashVerify(s.suite, "PairShuffle", v, prfss[i])
		if err != nil {
			log.Println("Shuffle verify failed: ", err)
			return false
		}
	}
	return true
}
Ejemplo n.º 2
0
func (s *shuffler) signStateVector(state *stateVector) ([]byte, error) {
	rand := s.suite.Cipher(abstract.RandomKey)

	st := state.States
	for i := 1; i < len(st); i++ {
		S, Sbar := st[i-1], st[i]

		X, Y := S.X, S.Dec
		Xbar, Ybar := Sbar.X, Sbar.Y
		H, prf := Sbar.G, Sbar.Prf

		// Verify the shuffle.
		verifier := shuffle.Verifier(s.suite, nil, H, X, Y, Xbar, Ybar)
		err := proof.HashVerify(s.suite, "PairShuffle", verifier, prf)
		if err != nil {
			panic("verify failed")
			return nil, err
		}

		// Verify the decryption.
		seed := abstract.Sum(s.suite, prf)
		verRand := s.suite.Cipher(seed)

		dec, decPrf := Sbar.Dec, Sbar.DecPrf

		// Scratch space for calculations.
		pair, c := s.suite.Point(), s.suite.Secret()
		zp := s.suite.Point()

		for j := range dec {
			pair.Sub(Ybar[j], dec[j])
			c.Pick(verRand)

			T := decPrf[j].T
			ss := decPrf[j].S
			if !zp.Mul(Xbar[j], ss).Equal(T.Add(T, pair.Mul(pair, c))) {
				return nil, errors.New("invalid decryption proof")
			}
		}
	}

	bytes, _ := protobuf.Encode(state)
	return anon.Sign(s.suite, rand, bytes, anon.Set{s.H}, nil, 0, s.h), nil
}
Ejemplo n.º 3
0
// Verify that this shuffle is a valid shuffle of the specified ciphertexts,
// with respect to the given public keys
func (s *VerifiableShuffle) Verify(ciphers []*elgamal.CipherText, pks []*elgamal.PubKey, nonce string, position int) error {
	c1, c2 := elgamal.Unpack(ciphers)
	shufC1, shufC2 := elgamal.Unpack(s.Shuffled)
	sumpk := elgamal.SumKeys(pks[position:])

	// Check the shuffle proof
	verifier := shuffle.Verifier(pks[0].Suite, pks[0].Base, sumpk.Key, c1, c2, shufC1, shufC2)
	err := proof.HashVerify(pks[0].Suite, "ElGamalShuffle"+nonce, verifier, s.ShuffleProof)
	if err != nil {
		return err
	}

	// Check the decryption proofs
	for i := range ciphers {
		err = pks[position].VerifyProof(s.Shuffled[i], s.Decrypted[i].C2, s.DecryptionProofs[i], nonce)
		if err != nil {
			return err
		}
	}

	return nil
}