/////////////////////////////////
//Misc
////////////////////////////////
func (s *Server) verifyShuffle(ik InternalKey, aux AuxKeyProof) bool {
Xss := aux.OrigXss
Yss := aux.OrigYss
Xbarss := ik.Xss
Ybarss := ik.Ybarss
prfss := ik.Proofs
for i := range Xss {
pk := UnmarshalPoint(s.suite, ik.Keys[i])
Xs := make([]abstract.Point, len(Xss[i]))
Ys := make([]abstract.Point, len(Yss[i]))
Xbars := make([]abstract.Point, len(Xbarss[i]))
Ybars := make([]abstract.Point, len(Ybarss[i]))
for j := range Xss[i] {
Xs[j] = UnmarshalPoint(s.suite, Xss[i][j])
Ys[j] = UnmarshalPoint(s.suite, Yss[i][j])
Xbars[j] = UnmarshalPoint(s.suite, Xbarss[i][j])
Ybars[j] = UnmarshalPoint(s.suite, Ybarss[i][j])
}
v := shuffle.Verifier(s.suite, nil, pk, Xs, Ys, Xbars, Ybars)
err := proof.HashVerify(s.suite, "PairShuffle", v, prfss[i])
if err != nil {
log.Println("Shuffle verify failed: ", err)
return false
}
}
return true
}
func (s *shuffler) signStateVector(state *stateVector) ([]byte, error) {
rand := s.suite.Cipher(abstract.RandomKey)
st := state.States
for i := 1; i < len(st); i++ {
S, Sbar := st[i-1], st[i]
X, Y := S.X, S.Dec
Xbar, Ybar := Sbar.X, Sbar.Y
H, prf := Sbar.G, Sbar.Prf
// Verify the shuffle.
verifier := shuffle.Verifier(s.suite, nil, H, X, Y, Xbar, Ybar)
err := proof.HashVerify(s.suite, "PairShuffle", verifier, prf)
if err != nil {
panic("verify failed")
return nil, err
}
// Verify the decryption.
seed := abstract.Sum(s.suite, prf)
verRand := s.suite.Cipher(seed)
dec, decPrf := Sbar.Dec, Sbar.DecPrf
// Scratch space for calculations.
pair, c := s.suite.Point(), s.suite.Secret()
zp := s.suite.Point()
for j := range dec {
pair.Sub(Ybar[j], dec[j])
c.Pick(verRand)
T := decPrf[j].T
ss := decPrf[j].S
if !zp.Mul(Xbar[j], ss).Equal(T.Add(T, pair.Mul(pair, c))) {
return nil, errors.New("invalid decryption proof")
}
}
}
bytes, _ := protobuf.Encode(state)
return anon.Sign(s.suite, rand, bytes, anon.Set{s.H}, nil, 0, s.h), nil
}
// Verify that this shuffle is a valid shuffle of the specified ciphertexts,
// with respect to the given public keys
func (s *VerifiableShuffle) Verify(ciphers []*elgamal.CipherText, pks []*elgamal.PubKey, nonce string, position int) error {
c1, c2 := elgamal.Unpack(ciphers)
shufC1, shufC2 := elgamal.Unpack(s.Shuffled)
sumpk := elgamal.SumKeys(pks[position:])
// Check the shuffle proof
verifier := shuffle.Verifier(pks[0].Suite, pks[0].Base, sumpk.Key, c1, c2, shufC1, shufC2)
err := proof.HashVerify(pks[0].Suite, "ElGamalShuffle"+nonce, verifier, s.ShuffleProof)
if err != nil {
return err
}
// Check the decryption proofs
for i := range ciphers {
err = pks[position].VerifyProof(s.Shuffled[i], s.Decrypted[i].C2, s.DecryptionProofs[i], nonce)
if err != nil {
return err
}
}
return nil
}