PoS_EVM
/
mcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor old zkp for ElGamal

Browse Source
pull/2/head
MITSUNARI Shigeo 6 years ago
parent 26260f5985
commit c371ee97fa
2 changed files with 47 additions and 67 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 106
      include/mcl/elgamal.hpp
  2. 4
      test/elgamal_test.cpp

106
include/mcl/elgamal.hpp
Unescape View File

@ -124,26 +124,26 @@ struct ElgamalT {
http://dx.doi.org/10.1587/transfun.E96.A.1156 http://dx.doi.org/10.1587/transfun.E96.A.1156
*/ */
struct Zkp { struct Zkp {
Zn c0, c1, s0, s1; Zn c[2], s[2];
template<class InputStream> template<class InputStream>
void load(InputStream& is, int ioMode = IoSerialize) void load(InputStream& is, int ioMode = IoSerialize)
{ {
c0.load(is, ioMode); c[0].load(is, ioMode);
c1.load(is, ioMode); c[1].load(is, ioMode);
s0.load(is, ioMode); s[0].load(is, ioMode);
s1.load(is, ioMode); s[1].load(is, ioMode);
} }
template<class OutputStream> template<class OutputStream>
void save(OutputStream& os, int ioMode = IoSerialize) const void save(OutputStream& os, int ioMode = IoSerialize) const
{ {
const char sep = *fp::getIoSeparator(ioMode); const char sep = *fp::getIoSeparator(ioMode);
c0.save(os, ioMode); c[0].save(os, ioMode);
if (sep) cybozu::writeChar(os, sep); if (sep) cybozu::writeChar(os, sep);
c1.save(os, ioMode); c[1].save(os, ioMode);
if (sep) cybozu::writeChar(os, sep); if (sep) cybozu::writeChar(os, sep);
s0.save(os, ioMode); s[0].save(os, ioMode);
if (sep) cybozu::writeChar(os, sep); if (sep) cybozu::writeChar(os, sep);
s1.save(os, ioMode); s[1].save(os, ioMode);
} }
void getStr(std::string& str, int ioMode = 0) const void getStr(std::string& str, int ioMode = 0) const
{ {
@ -182,7 +182,6 @@ struct ElgamalT {
Ec g; Ec g;
Ec h; Ec h;
bool enableWindowMethod_; bool enableWindowMethod_;
fp::WindowMethod<Ec> wm_f;
fp::WindowMethod<Ec> wm_g; fp::WindowMethod<Ec> wm_g;
fp::WindowMethod<Ec> wm_h; fp::WindowMethod<Ec> wm_h;
template<class N> template<class N>
@ -248,77 +247,58 @@ struct ElgamalT {
u.setRand(rg); u.setRand(rg);
mulG(c.c1, u); mulG(c.c1, u);
mulH(c.c2, u); mulH(c.c2, u);
Ec t1, t2;
Ec R1[2], R2[2];
zkp.c[1-m].setRand(rg);
zkp.s[1-m].setRand(rg);
mulG(t1, zkp.s[1-m]);
Ec::mul(t2, c.c1, zkp.c[1-m]);
Ec::sub(R1[1-m], t1, t2);
mulH(t1, zkp.s[1-m]);
if (m) { if (m) {
Ec::add(c.c2, c.c2, g); Ec::add(c.c2, c.c2, g);
Zn r1; Ec::mul(t2, c.c2, zkp.c[0]);
r1.setRand(rg);
zkp.c0.setRand(rg);
zkp.s0.setRand(rg);
Ec R01, R02, R11, R12;
Ec t1, t2;
mulG(t1, zkp.s0);
Ec::mul(t2, c.c1, zkp.c0);
Ec::sub(R01, t1, t2);
mulH(t1, zkp.s0);
Ec::mul(t2, c.c2, zkp.c0);
Ec::sub(R02, t1, t2);
mulG(R11, r1);
mulH(R12, r1);
std::ostringstream os;
os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << g << h;
Zn cc;
cc.setHashOf(os.str());
zkp.c1 = cc - zkp.c0;
zkp.s1 = r1 + zkp.c1 * u;
} else { } else {
Zn r0;
r0.setRand(rg);
zkp.c1.setRand(rg);
zkp.s1.setRand(rg);
Ec R01, R02, R11, R12;
mulG(R01, r0);
mulH(R02, r0);
Ec t1, t2;
mulG(t1, zkp.s1);
Ec::mul(t2, c.c1, zkp.c1);
Ec::sub(R11, t1, t2);
mulH(t1, zkp.s1);
Ec::sub(t2, c.c2, g); Ec::sub(t2, c.c2, g);
Ec::mul(t2, t2, zkp.c1); Ec::mul(t2, t2, zkp.c[1]);
Ec::sub(R12, t1, t2); }
Ec::sub(R2[1-m], t1, t2);
Zn r;
r.setRand(rg);
mulG(R1[m], r);
mulH(R2[m], r);
std::ostringstream os; std::ostringstream os;
os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << g << h; os << R1[0] << R2[0] << R1[1] << R2[1] << c.c1 << c.c2 << g << h;
Zn cc; Zn cc;
cc.setHashOf(os.str()); cc.setHashOf(os.str());
zkp.c0 = cc - zkp.c1; zkp.c[m] = cc - zkp.c[1-m];
zkp.s0 = r0 + zkp.c0 * u; zkp.s[m] = r + zkp.c[m] * u;
}
} }
/* /*
verify cipher text with ZKP verify cipher text with ZKP
*/ */
bool verify(const CipherText& c, const Zkp& zkp) const bool verify(const CipherText& c, const Zkp& zkp) const
{ {
Ec R01, R02, R11, R12; Ec R1[2], R2[2];
Ec t1, t2; Ec t1, t2;
mulG(t1, zkp.s0); mulG(t1, zkp.s[0]);
Ec::mul(t2, c.c1, zkp.c0); Ec::mul(t2, c.c1, zkp.c[0]);
Ec::sub(R01, t1, t2); Ec::sub(R1[0], t1, t2);
mulH(t1, zkp.s0); mulH(t1, zkp.s[0]);
Ec::mul(t2, c.c2, zkp.c0); Ec::mul(t2, c.c2, zkp.c[0]);
Ec::sub(R02, t1, t2); Ec::sub(R2[0], t1, t2);
mulG(t1, zkp.s1); mulG(t1, zkp.s[1]);
Ec::mul(t2, c.c1, zkp.c1); Ec::mul(t2, c.c1, zkp.c[1]);
Ec::sub(R11, t1, t2); Ec::sub(R1[1], t1, t2);
mulH(t1, zkp.s1); mulH(t1, zkp.s[1]);
Ec::sub(t2, c.c2, g); Ec::sub(t2, c.c2, g);
Ec::mul(t2, t2, zkp.c1); Ec::mul(t2, t2, zkp.c[1]);
Ec::sub(R12, t1, t2); Ec::sub(R2[1], t1, t2);
std::ostringstream os; std::ostringstream os;
os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << g << h; os << R1[0] << R2[0] << R1[1] << R2[1] << c.c1 << c.c2 << g << h;
Zn cc; Zn cc;
cc.setHashOf(os.str()); cc.setHashOf(os.str());
return cc == zkp.c0 + zkp.c1; return cc == zkp.c[0] + zkp.c[1];
} }
/* /*
rerandomize encoded message rerandomize encoded message

4
test/elgamal_test.cpp
Unescape View File

@ -144,11 +144,11 @@ CYBOZU_TEST_AUTO(testEc)
ElgamalEc::CipherText c; ElgamalEc::CipherText c;
pub.encWithZkp(c, zkp, 0, g_rg); pub.encWithZkp(c, zkp, 0, g_rg);
CYBOZU_TEST_ASSERT(pub.verify(c, zkp)); CYBOZU_TEST_ASSERT(pub.verify(c, zkp));
zkp.s0 += 1; zkp.s[0] += 1;
CYBOZU_TEST_ASSERT(!pub.verify(c, zkp)); CYBOZU_TEST_ASSERT(!pub.verify(c, zkp));
pub.encWithZkp(c, zkp, 1, g_rg); pub.encWithZkp(c, zkp, 1, g_rg);
CYBOZU_TEST_ASSERT(pub.verify(c, zkp)); CYBOZU_TEST_ASSERT(pub.verify(c, zkp));
zkp.s0 += 1; zkp.s[0] += 1;
CYBOZU_TEST_ASSERT(!pub.verify(c, zkp)); CYBOZU_TEST_ASSERT(!pub.verify(c, zkp));
CYBOZU_TEST_EXCEPTION_MESSAGE(pub.encWithZkp(c, zkp, 2, g_rg), cybozu::Exception, "encWithZkp"); CYBOZU_TEST_EXCEPTION_MESSAGE(pub.encWithZkp(c, zkp, 2, g_rg), cybozu::Exception, "encWithZkp");
} }

Write Preview
Loading…
Cancel
Save