Exemple #1
// verifyHost will anaylze the systempacket information and verify the signature
// It will return a ACK properly initialized with the right codes in it.
func verifyHost(pubKeyFile string) (net.Conn, Ack) {
	//  get the right public key
	pub, host, err := cliutils.ReadPubKey(suite, pubKeyFile)
	if err != nil {
		dbg.Fatal("Could not read the public key from the file:", err)
	dbg.Lvl1("Public key file read")

	// Then get a connection
	conn, err := net.Dial("tcp", host)
	if err != nil {
		dbg.Fatal("Error when getting the connection to the host:", err)

	dbg.Lvl1("Verifier connected to the host. Validation in progress...")
	// Get the system packet message
	var sys SystemPacket
	if err = suite.Read(conn, &sys); err != nil {
		dbg.Fatal("Error when reading the system packet message from host:", err)
	// Get the signature length first
	var length int
	if err := suite.Read(conn, &length); err != nil {
		dbg.Fatal("Could not read length of the signature ...")
	// Get the signature
	sig := make([]byte, length)
	if err := suite.Read(conn, &sig); err != nil {
		dbg.Fatal("Error reading the signature:", err)

	// First, encode the sys packet
	var b bytes.Buffer
	if err := suite.Write(&b, sys); err != nil {
		dbg.Fatal("Error when encoding the syspacket to be verified:", err)
	X := make([]abstract.Point, 1)
	X[0] = pub

	// Verify signature
	var ack Ack
	ack.Type = TYPE_SYS
	ack.Code = SYS_EXIT
	if _, err := anon.Verify(suite, b.Bytes(), anon.Set(X), nil, sig); err != nil {
		// Wrong signature
		ack.Code = SYS_WRONG_SIG
		dbg.Lvl1("WARNING: signature provided is wrong.")
	} else {
		// verfiy SystemPacket itself
		ack.Code = SYS_OK
		dbg.Lvl1("Host's signature verified and system seems healty. OK")

	return conn, ack
Exemple #2
// signSystemPacket will sign the packet using the crypto library with  package
// anon. No anonymity set here. Must pass the private / public keys to sign.
func signSystemPacket(sys SystemPacket, kp config.KeyPair) []byte {
	var buf bytes.Buffer
	if err := suite.Write(&buf, sys); err != nil {
		dbg.Fatal("Could not sign the system packet:", err)
	// setup
	X := make([]abstract.Point, 1)
	mine := 0
	X[mine] = kp.Public
	// The actual signing
	sig := anon.Sign(suite, random.Stream, buf.Bytes(), anon.Set(X), nil, mine, kp.Secret)
	return sig
func handleRoundEnd(params map[string]interface{}) {
	keyList := util.ProtobufDecodePointList(params["keys"].([]byte))
	size := len(keyList)
	byteValList := make([][]byte, size)
	if _, ok := params["is_start"]; ok {
		intValList := params["vals"].([]int)
		// The request is sent by coordinator, deserialize the data part
		for i := 0; i < len(intValList); i++ {
			byteValList[i] = util.IntToByte(intValList[i])
	} else {
		// verify neff shuffle if needed
		// deserialize data part
		byteArr := params["vals"].([]util.ByteArray)
		for i := 0; i < len(byteArr); i++ {
			byteValList[i] = byteArr[i].Arr

	rand1 := anonServer.Suite.Cipher([]byte("example"))
	// Create a public/private keypair (X[mine],x)
	X := make([]abstract.Point, 1)
	X[0] = anonServer.PublicKey

	newKeys := make([]abstract.Point, size)
	newVals := make([][]byte, size)
	for i := 0; i < size; i++ {
		// decrypt the public key
		newKeys[i] = anonServer.KeyMap[keyList[i].String()]
		// encrypt the reputation using ElGamal algorithm
		C := anon.Encrypt(anonServer.Suite, rand1, byteValList[i], anon.Set(X), false)
		newVals[i] = C
	byteNewKeys := util.ProtobufEncodePointList(newKeys)

	// type is []ByteArr
	byteNewVals := util.SerializeTwoDimensionArray(newVals)

	if size <= 1 {
		// no need to shuffle, just send the package to next server
		pm := map[string]interface{}{
			"keys": byteNewKeys,
			"vals": byteNewVals,
		event := &proto.Event{proto.ROUND_END, pm}
		util.Send(anonServer.Socket, anonServer.PreviousHop, util.Encode(event))
		// reset RoundKey and key map
		anonServer.Roundkey = anonServer.Suite.Secret().Pick(random.Stream)
		anonServer.KeyMap = make(map[string]abstract.Point)

	Xori := make([]abstract.Point, len(newVals))
	for i := 0; i < size; i++ {
		Xori[i] = anonServer.Suite.Point().Mul(nil, anonServer.PrivateKey)
	byteOri := util.ProtobufEncodePointList(Xori)

	rand := anonServer.Suite.Cipher(abstract.RandomKey)
	// *** perform neff shuffle here ***
	Xbar, Ybar, _, Ytmp, prover := neffShuffle(Xori, newKeys, rand)
	prf, err := proof.HashProve(anonServer.Suite, "PairShuffle", rand, prover)

	// this is the shuffled key
	finalKeys := convertToOrigin(Ybar, Ytmp)
	finalVals := rebindReputation(newKeys, newVals, finalKeys)

	// send data to the next server
	byteXbar := util.ProtobufEncodePointList(Xbar)
	byteYbar := util.ProtobufEncodePointList(Ybar)
	byteFinalKeys := util.ProtobufEncodePointList(finalKeys)
	byteFinalVals := util.SerializeTwoDimensionArray(finalVals)
	bytePublicKey, _ := anonServer.PublicKey.MarshalBinary()
	// prev keys means the key before shuffle
	pm := map[string]interface{}{
		"xbar":       byteXbar,
		"ybar":       byteYbar,
		"keys":       byteFinalKeys,
		"vals":       byteFinalVals,
		"proof":      prf,
		"prev_keys":  byteOri,
		"prev_vals":  byteNewKeys,
		"shuffled":   true,
		"public_key": bytePublicKey,
	event := &proto.Event{proto.ROUND_END, pm}
	util.Send(anonServer.Socket, anonServer.PreviousHop, util.Encode(event))

	// reset RoundKey and key map
	anonServer.Roundkey = anonServer.Suite.Secret().Pick(random.Stream)
	anonServer.KeyMap = make(map[string]abstract.Point)
func handleAnnouncement(params map[string]interface{}) {
	var g abstract.Point = nil
	keyList := util.ProtobufDecodePointList(params["keys"].([]byte))
	valList := params["vals"].([]util.ByteArray)
	size := len(keyList)

	if val, ok := params["g"]; ok {
		// contains g
		byteG := val.([]byte)
		g = anonServer.Suite.Point()
		g = anonServer.Suite.Point().Mul(g, anonServer.Roundkey)
		// verify the previous shuffle
	} else {
		g = anonServer.Suite.Point().Mul(nil, anonServer.Roundkey)

	X1 := make([]abstract.Point, 1)
	X1[0] = anonServer.PublicKey

	newKeys := make([]abstract.Point, size)
	newVals := make([][]byte, size)
	for i := 0; i < len(keyList); i++ {
		// encrypt the public key using modPow
		newKeys[i] = anonServer.Suite.Point().Mul(keyList[i], anonServer.Roundkey)
		// decrypt the reputation using ElGamal algorithm
		MM, err := anon.Decrypt(anonServer.Suite, valList[i].Arr, anon.Set(X1), 0, anonServer.PrivateKey, false)
		newVals[i] = MM
		// update key map
		anonServer.KeyMap[newKeys[i].String()] = keyList[i]
	byteNewKeys := util.ProtobufEncodePointList(newKeys)
	byteNewVals := util.SerializeTwoDimensionArray(newVals)
	byteG, err := g.MarshalBinary()

	if size <= 1 {
		// no need to shuffle, just send the package to next server
		pm := map[string]interface{}{
			"keys": byteNewKeys,
			"vals": byteNewVals,
			"g":    byteG,
		event := &proto.Event{proto.ANNOUNCEMENT, pm}
		util.Send(anonServer.Socket, anonServer.NextHop, util.Encode(event))

	Xori := make([]abstract.Point, len(newVals))
	for i := 0; i < size; i++ {
		Xori[i] = anonServer.Suite.Point().Mul(nil, anonServer.PrivateKey)
	byteOri := util.ProtobufEncodePointList(Xori)

	rand := anonServer.Suite.Cipher(abstract.RandomKey)
	// *** perform neff shuffle here ***
	Xbar, Ybar, _, Ytmp, prover := neffShuffle(Xori, newKeys, rand)
	prf, err := proof.HashProve(anonServer.Suite, "PairShuffle", rand, prover)

	// this is the shuffled key
	finalKeys := convertToOrigin(Ybar, Ytmp)
	finalVals := rebindReputation(newKeys, newVals, finalKeys)

	// send data to the next server
	byteXbar := util.ProtobufEncodePointList(Xbar)
	byteYbar := util.ProtobufEncodePointList(Ybar)
	byteFinalKeys := util.ProtobufEncodePointList(finalKeys)
	byteFinalVals := util.SerializeTwoDimensionArray(finalVals)
	bytePublicKey, _ := anonServer.PublicKey.MarshalBinary()
	// prev keys means the key before shuffle
	pm := map[string]interface{}{
		"xbar":       byteXbar,
		"ybar":       byteYbar,
		"keys":       byteFinalKeys,
		"vals":       byteFinalVals,
		"proof":      prf,
		"prev_keys":  byteOri,
		"prev_vals":  byteNewKeys,
		"shuffled":   true,
		"public_key": bytePublicKey,
		"g":          byteG,
	event := &proto.Event{proto.ANNOUNCEMENT, pm}
	util.Send(anonServer.Socket, anonServer.NextHop, util.Encode(event))