Esempio n. 1
0
// GetUserPredicate gets the predicate for the proof of correctness of user ciphertexts:
// ( R_i = r_i*g-hat AND (C_{i,l} = r_i*g_l AND ...) OR Y = y*g )
// Here R_i = \sum_{j} R_{ij}; same for r_i; C_{i,l} is the l-th ciphertext;
// g_l is the l-th base point and Y is the slot owner public key
func GetUserPredicate(amount int) proof.Predicate {
	preds := make([]proof.Predicate, amount+1)
	preds[0] = proof.Rep("R_i", "r_i", "g_hat")
	for l := 0; l < amount; l++ {
		preds[l+1] = proof.Rep("C_i,"+strconv.Itoa(l), "r_i", "g_"+strconv.Itoa(l))
	}

	return proof.Or(proof.And(preds...), proof.Rep("Y", "y", "g"))
}
Esempio n. 2
0
func bifflePred() proof.Predicate {

	// Branch 0 of either/or proof (for bit=0)
	rep000 := proof.Rep("Xbar0-X0", "beta0", "G")
	rep001 := proof.Rep("Ybar0-Y0", "beta0", "H")
	rep010 := proof.Rep("Xbar1-X1", "beta1", "G")
	rep011 := proof.Rep("Ybar1-Y1", "beta1", "H")

	// Branch 1 of either/or proof (for bit=1)
	rep100 := proof.Rep("Xbar0-X1", "beta1", "G")
	rep101 := proof.Rep("Ybar0-Y1", "beta1", "H")
	rep110 := proof.Rep("Xbar1-X0", "beta0", "G")
	rep111 := proof.Rep("Ybar1-Y0", "beta0", "H")

	and0 := proof.And(rep000, rep001, rep010, rep011)
	and1 := proof.And(rep100, rep101, rep110, rep111)

	or := proof.Or(and0, and1)
	return or
}