// Test for Marshalling and Unmarshalling Comit Messages
// Important: when making empty HashIds len should be set to HASH_SIZE
func TestMUCommit(t *testing.T) {
	var err error
	suite := edwards.NewAES128SHA256Ed25519(true)
	//suite := nist.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("exampfsdjkhujgkjsgfjgle"))
	rand2 := suite.Cipher([]byte("examplsfhsjedgjhsge2"))

	cm := &sign.CommitmentMessage{}
	cm.V, _ = suite.Point().Pick(nil, rand)
	cm.V_hat, _ = suite.Point().Pick(nil, rand2)

	cm.MTRoot = make([]byte, hashid.Size)
	sm := sign.SigningMessage{Type: sign.Commitment, Com: cm}
	smBytes, err := sm.MarshalBinary()
	if err != nil {
		t.Error(err)
	}

	messg := &sign.SigningMessage{}
	err = messg.UnmarshalBinary(smBytes)
	cm2 := messg.Com

	// test for equality after marshal and unmarshal
	if !cm2.V.Equal(cm.V) ||
		!cm2.V_hat.Equal(cm.V_hat) ||
		bytes.Compare(cm2.MTRoot, cm.MTRoot) != 0 {
		t.Error("commit message MU failed")
	}

}
// Test for Marshalling and Unmarshalling Challenge Messages
// Important: when making empty HashIds len should be set to HASH_SIZE
func TestMUChallenge(t *testing.T) {
	nHashIds := 3

	var err error
	suite := edwards.NewAES128SHA256Ed25519(true)
	//suite := nist.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	cm := &sign.ChallengeMessage{}
	cm.C = suite.Secret().Pick(rand)
	cm.MTRoot = make([]byte, hashid.Size)
	cm.Proof = proof.Proof(make([]hashid.HashId, nHashIds))
	for i := 0; i < nHashIds; i++ {
		cm.Proof[i] = make([]byte, hashid.Size)
	}
	sm := &sign.SigningMessage{Type: sign.Challenge, Chm: cm}
	smBytes, err := sm.MarshalBinary()
	if err != nil {
		t.Error(err)
	}

	messg := &sign.SigningMessage{}
	err = messg.UnmarshalBinary(smBytes)
	cm2 := messg.Chm

	// test for equality after marshal and unmarshal
	if !cm2.C.Equal(cm.C) ||
		bytes.Compare(cm2.MTRoot, cm.MTRoot) != 0 ||
		!byteArrayEqual(cm2.Proof, cm.Proof) {
		t.Error("challenge message MU failed")
	}
}
Exemple #3
0
func benchGenSigEd25519(nkeys int) []byte {
	suite := edwards.NewAES128SHA256Ed25519(false)
	rand := suite.Cipher([]byte("example"))
	return Sign(suite, rand, benchMessage,
		Set(benchPubEd25519[:nkeys]), nil,
		0, benchPriEd25519)
}
func TestSmallConfigHealthyNistQR512(t *testing.T) {
	//suite := nist.NewAES128SHA256QR512()
	suite := edwards.NewAES128SHA256Ed25519(true)
	RoundsPerView := 100
	if err := runTreeSmallConfig(sign.MerkleTree, RoundsPerView, suite, 0); err != nil {
		t.Fatal(err)
	}
}
Exemple #5
0
func TestNewKeyPair(t *testing.T) {
	suite := edwards.NewAES128SHA256Ed25519(false)
	keypair := config.NewKeyPair(suite)
	pub := suite.Point().Mul(nil, keypair.Secret)
	if !pub.Equal(keypair.Public) {
		t.Fatal("Public and private-key don't match")
	}
}
Exemple #6
0
// All Returns a map of all suites
func All() Suites {
	s := make(Suites)
	s.add(nist.NewAES128SHA256P256())
	s.add(nist.NewAES128SHA256QR512())
	s.add(ed25519.NewAES128SHA256Ed25519(false))
	s.add(edwards.NewAES128SHA256Ed25519(false))
	return s
}
func TestSmallConfigFaulty(t *testing.T) {
	faultyNodes := make([]int, 0)
	faultyNodes = append(faultyNodes, 2, 5)
	suite := edwards.NewAES128SHA256Ed25519(true)
	//suite := nist.NewAES128SHA256P256()
	RoundsPerView := 100
	if err := runTreeSmallConfig(sign.MerkleTree, RoundsPerView, suite, 1, faultyNodes...); err != nil {
		t.Fatal(err)
	}
}
Exemple #8
0
func TestTcpNetwork(t *testing.T) {
	clientHost := NewTcpHost("127.0.0.1")
	serverHost := NewTcpHost("127.0.0.1")
	suite := edwards.NewAES128SHA256Ed25519(false)
	Suite = suite
	clientPub := suite.Point().Base()
	serverPub := suite.Point().Add(suite.Point().Base(), suite.Point().Base())
	client := new(SimpleClient).Init(clientHost, clientPub)
	server := new(SimpleServer).Init(serverHost, serverPub, t)

	go server.Listen("127.0.0.1:5000", server.ExchangeWithClient)
	time.Sleep(1 * time.Second)
	client.ExchangeWithServer("127.0.0.1:5000", t)
}
Exemple #9
0
func TestNego(t *testing.T) {

	realSuites := []abstract.Suite{
		edwards.NewAES128SHA256Ed25519(true),
	}

	fakery := 10
	nentries := 10
	datalen := 16

	suites := make([]abstract.Suite, 0)
	for i := range realSuites {
		real := realSuites[i]
		for j := 0; j < fakery; j++ {
			suites = append(suites, &fakeSuite{real, j})
		}
	}

	nlevels := 5
	suiteLevel := make(map[abstract.Suite]int)
	entries := make([]Entry, 0)
	for i := range suites {
		suiteLevel[suites[i]] = nlevels
		nlevels++ // vary it a bit for testing

		// Create some entrypoints with this suite
		s := suites[i]
		for j := 0; j < nentries; j++ {
			pri := s.Scalar().Pick(random.Stream)
			pub := s.Point().Mul(nil, pri)
			data := make([]byte, datalen)
			entries = append(entries, Entry{s, pub, data})
		}
	}

	w := Writer{}
	_, err := w.Layout(suiteLevel, entries, nil)
	if err != nil {
		t.Log(err)
		t.FailNow()
	}
}
Exemple #10
0
func TestProofCollective(t *testing.T) {

	suite := edwards.NewAES128SHA256Ed25519(false)

	// 1st set of base points
	g1, _ := suite.Point().Pick([]byte("G1"), random.Stream)
	h1, _ := suite.Point().Pick([]byte("H1"), random.Stream)

	// 1st secret value
	x := suite.Scalar().Pick(random.Stream)

	// 2nd set of base points
	g2, _ := suite.Point().Pick([]byte("G2"), random.Stream)
	h2, _ := suite.Point().Pick([]byte("H2"), random.Stream)

	// 2nd secret value
	y := suite.Scalar().Pick(random.Stream)

	// Create proof
	g := []abstract.Point{g1, g2}
	h := []abstract.Point{h1, h2}
	p, err := randhound.NewProof(suite, g, h, nil)
	log.ErrFatal(err)

	xG, xH, err := p.SetupCollective(x, y)
	log.ErrFatal(err)

	// Verify proof
	q, err := randhound.NewProof(suite, g, h, p.Core)
	log.ErrFatal(err)

	_, bad, err := q.Verify(xG, xH)
	log.ErrFatal(err)

	if len(bad) != 0 {
		log.Fatalf("Some proofs failed: %v", bad)
	}

}
Exemple #11
0
func NewServer(port1 int, id int, servers []string, FSMode bool) *Server {
	suite := edwards.NewAES128SHA256Ed25519(false)
	rand := suite.Cipher(abstract.RandomKey)
	sk := suite.Scalar().Pick(rand)
	pk := suite.Point().Mul(nil, sk)
	pkBin := MarshalPoint(pk)
	ephSecret := suite.Scalar().Pick(rand)

	rounds := make([]*Round, MaxRounds)

	for i := range rounds {
		r := Round{
			allBlocks: nil,

			reqChan2:     nil,
			requestsChan: nil,
			reqHashes:    nil,
			reqHashesRdy: nil,

			ublockChan2: nil,
			shuffleChan: make(chan []Block), //collect all uploads together
			upHashesRdy: nil,

			upHashes:    nil,
			dblocksChan: make(chan []Block),
			blocksRdy:   nil,
			xorsChan:    make([]map[int](chan Block), len(servers)),
		}
		rounds[i] = &r
	}

	s := Server{
		port1:      port1,
		id:         id,
		servers:    servers,
		regLock:    []*sync.Mutex{new(sync.Mutex), new(sync.Mutex)},
		regChan:    make(chan bool, TotalClients),
		regDone:    make(chan bool),
		running:    make(chan bool),
		secretLock: new(sync.Mutex),

		suite:      suite,
		g:          suite,
		sk:         sk,
		pk:         pk,
		pkBin:      pkBin,
		pks:        make([]abstract.Point, len(servers)),
		nextPks:    make([]abstract.Point, len(servers)),
		nextPksBin: make([][]byte, len(servers)),
		ephSecret:  ephSecret,

		pi:             nil,
		keys:           nil,
		keysRdy:        nil,
		auxProofChan:   make([]chan AuxKeyProof, len(servers)),
		keyUploadChan:  nil,
		keyShuffleChan: make(chan InternalKey),

		clientMap:    make(map[int]int),
		numClients:   0,
		totalClients: 0,
		maskss:       nil,
		secretss:     nil,

		rounds: rounds,

		FSMode: FSMode,

		memProf: nil,
	}

	for i := range s.auxProofChan {
		s.auxProofChan[i] = make(chan AuxKeyProof, len(servers))
	}

	return &s
}
Exemple #12
0
func NewClient(servers []string, myServer string, FSMode bool) *Client {
	suite := edwards.NewAES128SHA256Ed25519(false)

	myServerIdx := -1
	rpcServers := make([]*rpc.Client, len(servers))
	for i := range rpcServers {
		if servers[i] == myServer {
			myServerIdx = i
		}
		rpcServer, err := rpc.Dial("tcp", servers[i])
		if err != nil {
			log.Fatal("Cannot establish connection:", err)
		}
		rpcServers[i] = rpcServer
	}

	pks := make([]abstract.Point, len(servers))
	var wg sync.WaitGroup
	for i, rpcServer := range rpcServers {
		wg.Add(1)
		go func(i int, rpcServer *rpc.Client) {
			defer wg.Done()
			pk := make([]byte, SecretSize)
			err := rpcServer.Call("Server.GetPK", 0, &pk)
			if err != nil {
				log.Fatal("Couldn't get server's pk:", err)
			}
			pks[i] = UnmarshalPoint(suite, pk)
		}(i, rpcServer)
	}
	wg.Wait()

	rounds := make([]*Round, MaxRounds)

	for i := range rounds {
		r := Round{
			reqLock:  new(sync.Mutex),
			upLock:   new(sync.Mutex),
			downLock: new(sync.Mutex),

			reqHashesChan: make(chan [][]byte),
			dhashChan:     make(chan []byte),
			upHashesChan:  make(chan [][]byte),
		}
		rounds[i] = &r
	}

	//id comes from servers
	c := Client{
		id:           -1,
		servers:      servers,
		rpcServers:   rpcServers,
		myServer:     myServerIdx,
		totalClients: -1,

		FSMode: FSMode,

		files:   make(map[string]*File),
		osFiles: make(map[string]*os.File),

		testPieces: make(map[string][]byte),

		suite: suite,
		g:     suite,
		pks:   pks,

		keys:    make([][]byte, len(servers)),
		ephKeys: make([]abstract.Point, len(servers)),

		dhashes:  make(chan []byte, MaxRounds),
		maskss:   nil,
		secretss: nil,

		rounds: rounds,
	}

	return &c
}
Exemple #13
0
	"time"

	"testing"

	"afs/client"
	"afs/lib"
	"afs/server"

	"github.com/dedis/crypto/edwards"
)

var servers []*server.Server = nil
var clients []*client.Client = nil

var ServerAddrs []string = []string{"127.0.0.1:8000", "127.0.0.1:8001"}
var Suite = edwards.NewAES128SHA256Ed25519(false)

const NumClients = 3
const NumServers = 2

func TestSetup(t *testing.T) {
	//nothing goes on here
}

func TestFileShare(t *testing.T) {
	for s := range servers {
		servers[s].FSMode = true
	}
	for c := range clients {
		clients[c].FSMode = true
	}
Exemple #14
0
// Set up some global variables such as the different messages used during
// this protocol and the general suite to be used
func init() {
	suite = edwards.NewAES128SHA256Ed25519(false)
	net.Suite = suite
}
Exemple #15
0
func BenchmarkSign100Ed25519(b *testing.B) {
	benchSign(edwards.NewAES128SHA256Ed25519(false),
		benchPubEd25519[:100], benchPriEd25519, b.N)
}
Exemple #16
0
func RunServer(conf *app.ConfigShamir) {
	flags := app.RunFlags
	s := edwards.NewAES128SHA256Ed25519(false)
	n := len(conf.Hosts)

	info := poly.Threshold{
		N: n,
		R: n,
		T: n,
	}
	indexPeer := -1
	for i, h := range conf.Hosts {
		if h == flags.Hostname {
			indexPeer = i
			break
		}
	}
	if indexPeer == -1 {
		log.Fatal("Peer", flags.Hostname, "(", flags.PhysAddr, ") did not find any match for its name.Abort")
	}

	dbg.Lvl3("Creating new peer", flags.Hostname, "(", flags.PhysAddr, ") ...")
	// indexPeer == 0 <==> peer is root
	p := NewPeer(indexPeer, flags.Hostname, s, info, indexPeer == 0)

	// make it listen
	setup := monitor.NewMeasure("setup")
	dbg.Lvl3("Peer", flags.Hostname, "is now listening for incoming connections")
	go p.Listen()

	// then connect it to its successor in the list
	for _, h := range conf.Hosts[indexPeer+1:] {
		dbg.Lvl3("Peer", flags.Hostname, "will connect to", h)
		// will connect and SYN with the remote peer
		p.ConnectTo(h)
	}
	// Wait until this peer is connected / SYN'd with each other peer
	p.WaitSYNs()

	// Setup the schnorr system amongst peers
	p.SetupDistributedSchnorr()
	p.SendACKs()
	p.WaitACKs()
	dbg.Lvl3(p.String(), "completed Schnorr setup")

	// send setup time if we're root
	if p.IsRoot() {
		setup.Measure()
	}

	roundm := monitor.NewMeasure("round")
	for round := 1; round <= conf.Rounds; round++ {
		calc := monitor.NewMeasure("calc")
		// Then issue a signature !
		//sys, usr := app.GetRTime()
		msg := "hello world"

		// Only root calculates if it's OK and sends a log-message
		if p.IsRoot() {
			dbg.Lvl1("Starting round", round)
			sig := p.SchnorrSigRoot([]byte(msg))
			calc.Measure()
			verify := monitor.NewMeasure("verify")
			err := p.VerifySchnorrSig(sig, []byte(msg))
			if err != nil {
				dbg.Fatal(p.String(), "could not verify schnorr signature:/", err)
			}
			verify.Measure()
			roundm.Measure()
			dbg.Lvl3(p.String(), "verified the schnorr sig !")
		} else {
			// Compute the partial sig and send it to the root
			p.SchnorrSigPeer([]byte(msg))
		}
	}

	p.WaitFins()
	dbg.Lvl3(p.String(), "is leaving ...")

	if p.IsRoot() {
		monitor.End()
	}
}
Exemple #17
0
	Type         MessageType
	Am           *AnnouncementMessage
	Com          *CommitmentMessage
	Chm          *ChallengeMessage
	Rm           *ResponseMessage
	Cureq        *CatchUpRequest
	Curesp       *CatchUpResponse
	Vrm          *VoteRequestMessage
	Gcm          *GroupChangedMessage
	Err          *ErrorMessage
	From         string
	View         int
	LastSeenVote int // highest vote ever seen and commited in log, used for catch-up
}

var msgSuite abstract.Suite = edwards.NewAES128SHA256Ed25519(true)

//var msgSuite abstract.Suite = nist.NewAES128SHA256P256()

func NewSigningMessage() interface{} {
	return &SigningMessage{}
}

func (sm *SigningMessage) MarshalBinary() ([]byte, error) {
	return protobuf.Encode(sm)
}

func (sm *SigningMessage) UnmarshalBinary(data []byte) error {
	var cons = make(protobuf.Constructors)
	var point abstract.Point
	var secret abstract.Secret
Exemple #18
0
func benchGenKeysEd25519(nkeys int) ([]abstract.Point, abstract.Secret) {
	return benchGenKeys(edwards.NewAES128SHA256Ed25519(false), nkeys)
}
Exemple #19
0
func TestBiffle(t *testing.T) {
	BiffleTest(edwards.NewAES128SHA256Ed25519(false), 1)
}
Exemple #20
0
func Benchmark100PairShuffleEd25519(b *testing.B) {
	TestShuffle(edwards.NewAES128SHA256Ed25519(false), 100, b.N)
}
Exemple #21
0
func BenchmarkBiffleEd25519(b *testing.B) {
	BiffleTest(edwards.NewAES128SHA256Ed25519(false), b.N)
}
Exemple #22
0
func TestPairShuffle(t *testing.T) {
	TestShuffle(edwards.NewAES128SHA256Ed25519(false), 10, 1)
}
Exemple #23
0
func LoadJSON(file []byte, optsSlice ...ConfigOptions) (*HostConfig, error) {
	opts := ConfigOptions{}
	if len(optsSlice) > 0 {
		opts = optsSlice[0]
	}

	hc := NewHostConfig()
	var cf ConfigFileOld
	err := json.Unmarshal(file, &cf)
	if err != nil {
		return hc, err
	}

	// TODO remove this duplicate check of tcp conn
	connT := GoC
	if cf.Conn == "tcp" {
		connT = TcpC
	}

	// options override file
	if opts.ConnType == "tcp" {
		connT = TcpC
	}

	dir := hc.Dir
	hosts := make(map[string]coconet.Host)
	nameToAddr := make(map[string]string)

	if connT == GoC {
		for _, h := range cf.Hosts {
			if _, ok := hc.Hosts[h]; !ok {
				nameToAddr[h] = h
				// it doesn't make sense to only make 1 go host
				if opts.Faulty == true {
					gohost := coconet.NewGoHost(h, dir)
					hosts[h] = coconet.NewFaultyHost(gohost)
				} else {
					hosts[h] = coconet.NewGoHost(h, dir)
				}
			}
		}

	} else if connT == TcpC {
		localAddr := ""

		if opts.GenHosts {
			localAddr, err = GetAddress()
			if err != nil {
				return nil, err
			}
		}

		for i, h := range cf.Hosts {

			addr := h
			if opts.GenHosts {
				p := strconv.Itoa(StartConfigPort)
				addr = localAddr + ":" + p
				//dbg.Lvl4("created new host address: ", addr)
				StartConfigPort += 10
			} else if opts.Port != "" {
				dbg.Lvl4("attempting to rewrite port: ", opts.Port)
				// if the port has been specified change the port
				hostport := strings.Split(addr, ":")
				dbg.Lvl4(hostport)
				if len(hostport) == 2 {
					addr = hostport[0] + ":" + opts.Port
				}
				dbg.Lvl4(addr)
			} else if len(opts.Hostnames) != 0 {
				addr = opts.Hostnames[i]
			}

			nameToAddr[h] = addr
			// add to the hosts list if we havent added it before
			if _, ok := hc.Hosts[addr]; !ok {
				// only create the tcp hosts requested
				if opts.Host == "" || opts.Host == addr {
					if opts.Faulty == true {
						tcpHost := coconet.NewTCPHost(addr)
						hosts[addr] = coconet.NewFaultyHost(tcpHost)
					} else {
						hosts[addr] = coconet.NewTCPHost(addr)
					}
				} else {
					hosts[addr] = nil // it is there but not backed
				}
			}
		}
	}

	suite := edwards.NewAES128SHA256Ed25519(true)
	//suite := nist.NewAES128SHA256P256()
	if opts.Suite != nil {
		suite = opts.Suite
	}
	rand := suite.Cipher([]byte("example"))
	//fmt.Println("hosts", hosts)
	// default value = false
	if err != nil {
		log.Fatal(err)
	}
	start := time.Now()
	if opts.NoTree == false {
		_, err = ConstructTree(cf.Tree, hc, "", suite, rand, hosts, nameToAddr, opts)
	}
	dbg.Lvl3("Timing for ConstructTree", time.Since(start))
	if connT != GoC {
		hc.Dir = nil
	}

	// add a hostlist to each of the signing nodes
	var hostList []string
	for h := range hosts {
		hostList = append(hostList, h)
	}

	for _, sn := range hc.SNodes {
		sn.HostList = make([]string, len(hostList))
		sortable := sort.StringSlice(hostList)
		sortable.Sort()
		copy(sn.HostList, sortable)
		// set host list on view 0
		//dbg.Lvl4("in config hostlist", sn.HostList)
		sn.SetHostList(0, sn.HostList)
	}

	return hc, err
}
func runStaticTest(signType sign.Type, RoundsPerView int, faultyNodes ...int) error {
	// Crypto setup
	suite := edwards.NewAES128SHA256Ed25519(true)
	//suite := nist.NewAES128SHA256P256()
	rand := suite.Cipher([]byte("example"))

	// number of nodes for the test
	nNodes := 4
	// create new directory for communication between peers
	dir := coconet.NewGoDirectory()
	// Create Hosts and Peers
	h := make([]coconet.Host, nNodes)

	for i := 0; i < nNodes; i++ {
		hostName := "host" + strconv.Itoa(i)

		if len(faultyNodes) > 0 {
			h[i] = &coconet.FaultyHost{}
			gohost := coconet.NewGoHost(hostName, dir)
			h[i] = coconet.NewFaultyHost(gohost)
		} else {
			h[i] = coconet.NewGoHost(hostName, dir)
		}

	}

	for _, fh := range faultyNodes {
		h[fh].(*coconet.FaultyHost).SetDeadFor("response", true)
	}

	// Create Signing Nodes out of the hosts
	nodes := make([]*sign.Node, nNodes)
	for i := 0; i < nNodes; i++ {
		nodes[i] = sign.NewNode(h[i], suite, rand)
		nodes[i].Type = signType
		nodes[i].GenSetPool()
		nodes[i].RoundsPerView = RoundsPerView
		defer nodes[i].Close()

		h[i].SetPubKey(nodes[i].PubKey)
		// To test the already keyed signing node, uncomment
		// PrivKey := suite.Secret().Pick(rand)
		// nodes[i] = NewKeyedNode(h[i], suite, PrivKey)
	}
	nodes[0].Height = 2
	nodes[1].Height = 1
	nodes[2].Height = 0
	nodes[3].Height = 0
	// Add edges to parents
	h[1].AddParent(DefaultView, h[0].Name())
	h[2].AddParent(DefaultView, h[1].Name())
	h[3].AddParent(DefaultView, h[1].Name())
	// Add edges to children, listen to children
	h[0].AddChildren(DefaultView, h[1].Name())
	h[1].AddChildren(DefaultView, h[2].Name(), h[3].Name())

	for _, host := range h {
		host.Listen()
		host.Connect(0)
	}

	for i := 0; i < nNodes; i++ {
		if len(faultyNodes) > 0 {
			nodes[i].FailureRate = 1
		}

		go func(i int) {
			// start listening for messages from within the tree
			nodes[i].Listen()
		}(i)
	}

	// Have root node initiate the signing protocol
	// via a simple annoucement
	nodes[0].LogTest = []byte("Hello World")
	// return nodes[0].Announce(DefaultView, &coll_sign.AnnouncementMessage{LogTest: nodes[0].LogTest, Round: 1})
	return nodes[0].StartAnnouncement(&sign.AnnouncementMessage{LogTest: nodes[0].LogTest, Round: 1})
}
Exemple #25
0
package network

import (
	"bytes"
	"github.com/dedis/cothority/lib/cliutils"
	"github.com/dedis/crypto/abstract"
	"github.com/dedis/crypto/config"
	"github.com/dedis/crypto/edwards"
	"reflect"
	"testing"
)

var s abstract.Suite = edwards.NewAES128SHA256Ed25519(false)
var key1 config.KeyPair = cliutils.KeyPair(s)
var key2 config.KeyPair = cliutils.KeyPair(s)

func TestListBasicSignatureMarshaling(t *testing.T) {
	Suite = s
	bs := BasicSignature{
		Pub:   key1.Public,
		Chall: key1.Secret,
		Resp:  key1.Secret,
	}
	var length int = 10
	sigs := make([]BasicSignature, length)
	for i := 0; i < length; i++ {
		sigs[i] = bs
	}
	lbs := ListBasicSignature{
		Length: length,
		Sigs:   sigs,
Exemple #26
0
func BenchmarkVerify100Ed25519(b *testing.B) {
	benchVerify(edwards.NewAES128SHA256Ed25519(false),
		benchPubEd25519[:100], benchSig100Ed25519, b.N)
}
Exemple #27
0
func TestPVSS(t *testing.T) {

	suite := edwards.NewAES128SHA256Ed25519(false)

	G := suite.Point().Base()
	H, _ := suite.Point().Pick(nil, suite.Cipher([]byte("H")))

	n := 10
	threshold := 2*n/3 + 1
	x := make([]abstract.Scalar, n) // trustee private keys
	X := make([]abstract.Point, n)  // trustee public keys
	index := make([]int, n)
	for i := 0; i < n; i++ {
		x[i] = suite.Scalar().Pick(random.Stream)
		X[i] = suite.Point().Mul(nil, x[i])
		index[i] = i
	}

	// Scalar of shared secret
	secret := suite.Scalar().Pick(random.Stream)

	// (1) Share-Distribution (Dealer)
	pvss := randhound.NewPVSS(suite, H, threshold)
	idx, sX, encProof, pb, err := pvss.Split(X, secret)
	log.ErrFatal(err)

	// (2) Share-Decryption (Trustee)
	pbx := make([][]byte, n)
	for i := 0; i < n; i++ {
		pbx[i] = pb // NOTE: polynomials can be different
	}
	sH, err := pvss.Commits(pbx, index)
	log.ErrFatal(err)

	// Check that log_H(sH) == log_X(sX) using encProof
	_, bad, err := pvss.Verify(H, X, sH, sX, encProof)
	log.ErrFatal(err)

	if len(bad) != 0 {
		log.Fatalf("Some proofs failed: %v", bad)
	}

	// Decrypt shares
	S := make([]abstract.Point, n)
	decProof := make([]randhound.ProofCore, n)
	for i := 0; i < n; i++ {
		s, d, err := pvss.Reveal(x[i], sX[i:i+1])
		log.ErrFatal(err)
		S[i] = s[0]
		decProof[i] = d[0]
	}

	// Check that log_G(S) == log_X(sX) using decProof
	_, bad, err = pvss.Verify(G, S, X, sX, decProof)
	log.ErrFatal(err)

	if len(bad) != 0 {
		log.Fatalf("Some proofs failed: %v", bad)
	}

	// (3) Secret-Recovery (Dealer)
	recovered, err := pvss.Recover(idx, S, len(S))
	log.ErrFatal(err)

	// Verify recovered secret
	if !(suite.Point().Mul(nil, secret).Equal(recovered)) {
		log.Fatalf("Recovered incorrect shared secret")
	}
}