// Open reveals which member private key made the given signature. The return
// value will match the result of calling Tag on the member private key in
// question.
func (priv *PrivateKey) Open(sig []byte) ([]byte, bool) {
if len(sig) != 12*32 {
return nil, false
}
t1, ok := new(bn256.G1).Unmarshal(sig[:2*32])
if !ok {
return nil, false
}
t2, ok := new(bn256.G1).Unmarshal(sig[2*32 : 4*32])
if !ok {
return nil, false
}
t3, ok := new(bn256.G1).Unmarshal(sig[4*32 : 6*32])
if !ok {
return nil, false
}
a := new(bn256.G1).ScalarMult(t1, priv.xi1)
b := new(bn256.G1).ScalarMult(t2, priv.xi2)
a.Add(a, b)
a.Neg(a)
a.Add(t3, a)
return a.Marshal(), true
}
// Update alters mem to create a member private key for an updated Group. (Note
// that the Group of mem must also be updated.) This functions returns false if
// mem is the member private key that has been revoked.
func (mem *MemberKey) Update(r *Revocation) bool {
if mem.x.Cmp(r.x) == 0 {
return false
}
d := new(big.Int).Sub(mem.x, r.x)
d.Mod(d, bn256.Order)
d.ModInverse(d, bn256.Order)
newA := new(bn256.G1).ScalarMult(r.a, d)
t := new(bn256.G1).ScalarMult(mem.a, d)
t.Neg(t)
newA.Add(newA, t)
mem.a = newA
return true
}