public void BDBadProofTest()
{
FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(30);
PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]);
int decompositionLength = 8;
ProverBitDecompositionParameters proverParams = new ProverBitDecompositionParameters(
bigNumCommit,
decompositionLength,
_parameters[0]);
BitDecompositionProof proof = new BitDecompositionProof(proverParams);
PrivateObject proofAccessor = new PrivateObject(proof);
SetMembershipProof[] smProof = (SetMembershipProof[])proofAccessor.GetField("bitCommitmentProof");
SetMembershipProof[] badSmProof = smProof;
SetMembershipProof tmp = smProof[1];
badSmProof[1] = badSmProof[0];
proofAccessor.SetFieldOrProperty("bitCommitmentProof", badSmProof);
Assert.IsFalse(proof.Verify(proverParams), "bad set membeship proof.");
proofAccessor.SetFieldOrProperty("bitCommitmentProof", smProof);
smProof[1] = tmp;
Assert.IsTrue(proof.Verify(proverParams), "good set membership proof.");
EqualityProof eqProof = (EqualityProof)proofAccessor.GetField("compositionProof");
PrivateObject eqProofAccessor = new PrivateObject(eqProof);
GroupElement [] b = (GroupElement[])eqProofAccessor.GetField("b");
b[1] = b[0];
eqProofAccessor.SetField("b", b);
Assert.IsFalse(proof.Verify(proverParams), "bad equality proof");
}
public void EQEndToEndTest2()
{
int length = 20;
FieldZqElement[] committedValues = _crypto.FieldZq.GetRandomElements(length, true);
FieldZqElement[] openings = _crypto.FieldZq.GetRandomElements(length, true);
PedersenCommitment[] ped = PedersenCommitment.GetCommitments(_crypto, committedValues, openings);
EqualityMap map = new EqualityMap();
for (int i = 0; i < length; ++i)
{
map.Add(
new PrettyName("chi", i),
new DoubleIndex(i, 0)
);
}
ProverEqualityParameters prover = new ProverEqualityParameters(ped, map, _crypto);
Assert.IsTrue(prover.Verify());
EqualityProof proof = new EqualityProof(prover);
Assert.IsTrue(proof.Verify(prover));
}
public void EQEndToEndTest1()
{
// create two pedersen commitments to 1
DLRepOfGroupElement[] dlarray = new DLRepOfGroupElement[2]
{
new PedersenCommitment(_parameters.FieldZq.One, _parameters),
new PedersenCommitment(_parameters.FieldZq.One, _parameters)
};
PrettyName alpha = new PrettyName("alpha", 0);
DoubleIndex d1 = new DoubleIndex(0, 0); // dlarray[0].BaseAtIndex(0)
DoubleIndex d2 = new DoubleIndex(1, 0); // dlarray[1].BaseAtIndex(0)
EqualityMap map = new EqualityMap();
map.Add(alpha, d1);
map.Add(alpha, d2);
int index;
Assert.IsTrue(map.TryRetrieveIntIndex(d1, out index));
Assert.AreEqual(0, index);
Assert.IsTrue(map.TryRetrieveIntIndex(d2, out index));
Assert.AreEqual(0, index);
ProverEqualityParameters peParameters = new ProverEqualityParameters(
dlarray,
map,
_parameters);
EqualityProof proof = new EqualityProof(peParameters);
Assert.IsTrue(proof.Verify(peParameters));
}
public void EQTwoTokenEqualityTest()
{
// Both tokens will not hash attributes
// but example also works if hashAttributes=true
bool hashAttributes = true;
// Setting up IssuerParameters for token1
byte[] uidP1 = new byte[] { 1, 1, 2, 3, 5, 7 };
byte[] tokenInformation1 = new byte[] { 1, 2, 3, 4, 5, 6, 7 };
byte[][] attributes1 = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Target Attribute"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// Setting up IssuerParameters for token2
byte[] tokenInformation2 = new byte[] { 12, 13, 14, 15, 0, 10 };
byte[] uidP2 = new byte[] { 3, 1, 4, 1, 5 };
byte[][] attributes2 = new byte[][]
{
_encoding.GetBytes("Target Attribute"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 6"),
_encoding.GetBytes("Attribute 7"),
_encoding.GetBytes("Attribute 8")
};
// generate tokens
ProverPresentationProtocolParameters prover1, prover2;
VerifierPresentationProtocolParameters verifier1, verifier2;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover1, out verifier1, tokenInformation1, attributes1, null, uidP1);
StaticHelperClass.GetUProveParameters(hashAttributes, out prover2, out verifier2, tokenInformation2, attributes2, null, uidP2);
// Create equality proof
EqualityProof eqProof = new EqualityProof(
prover1, // token1
3, // target attribute in token1
prover2, // token2
1); // target attribute in token2
// ....
// Send data to verifier, including eqProof
// ....
// Verify tokens
// ...
// Verify equality proof
bool success = eqProof.Verify(
verifier1,
3,
verifier2,
1);
Assert.IsTrue(success, "Could not verify proof.");
}
public void EQTokenAndDLTest()
{
// In this example, the token hashes the attribute
// but example also works if hashAttributes=false
bool hashAttributes = true;
// Setting up attributes for token
byte[][] attributes = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// generate token
ProverPresentationProtocolParameters prover;
VerifierPresentationProtocolParameters verifier;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover, out verifier, null, attributes);
OpenUProveToken token = new OpenUProveToken(prover);
Assert.IsTrue(token.Validate(null), "validate token.");
// generate pedersen commitment to Teaching Assistant
PedersenCommitment ped = new PedersenCommitment(prover.IP, 3, _encoding.GetBytes("Teaching Assistant"));
// Verify they are equal
Assert.AreEqual(token.AttributeXI(3), ped.CommittedValue, "Token and PedersenCommitment different.");
// Create a proof that the 3rd attribute in token is equal to the committed value in ped.
ProverEqualityParameters eqProver = new ProverEqualityParameters(
token, // token
3, // 3rd attribute is the 3rd exponent
ped, // pedersen commitment
0, // committed value is the 0th exponent
new CryptoParameters(prover.IP));
EqualityProof proof = new EqualityProof(eqProver);
// Verify proof
ClosedUProveToken closedToken = new ClosedUProveToken(verifier);
Assert.IsTrue(closedToken.AreBasesEqual(token), "token bases.");
IStatement closedPed = ped.GetStatement();
Assert.IsTrue(closedPed.AreBasesEqual(ped), "token bases.");
VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters(
closedToken, // verifier token information
3, // 3rd attribute is the 3nd exponent
closedPed, // verifier information about ped
0, // committed value is the 0th exponent
new CryptoParameters(prover.IP));
Assert.IsTrue(proof.Verify(eqVerifier));
}
public void EQEndToEndTest3()
{
int length = 20;
FieldZqElement[] committedValues = _crypto.FieldZq.GetRandomElements(length, true);
FieldZqElement[] openings1 = _crypto.FieldZq.GetRandomElements(length, true);
FieldZqElement[] openings2 = _crypto.FieldZq.GetRandomElements(length, true);
PedersenCommitment[] ped1 = PedersenCommitment.GetCommitments(_crypto, committedValues, openings1);
PedersenCommitment[] ped2 = PedersenCommitment.GetCommitments(_crypto, committedValues, openings2);
// combine all commitments into allPed
PedersenCommitment[] allPed = new PedersenCommitment[2 * length];
for (int i = 0; i < length; ++i)
{
allPed[i] = ped1[i];
allPed[i + length] = ped2[i];
}
// create equality map
EqualityMap map = new EqualityMap();
for (int i = 0; i < length; ++i)
{
map.Add(
new PrettyName("chi", i),
new DoubleIndex(i, 0)
);
map.Add(
new PrettyName("chi", i),
new DoubleIndex(length + i, 0)
);
}
ProverEqualityParameters prover = new ProverEqualityParameters(allPed, map, _crypto);
Assert.IsTrue(prover.Verify());
EqualityProof proof = new EqualityProof(prover);
Assert.IsTrue(proof.Verify(prover));
}
public void EQSerializationTest()
{
int length = 20;
int fullLength = length * 2;
DLRepOfGroupElement [] openEquations = StaticHelperClass.GenerateRandomDLRepOfGroupElementArray(length, 5, _paramIndex);
DLRepOfGroupElement [] allOpenEquations = new DLRepOfGroupElement[fullLength];
for (int i = 0; i < openEquations.Length; ++i)
{
allOpenEquations[i] = openEquations[i];
allOpenEquations[i + length] = openEquations[i];
}
// create equality map
EqualityMap map = new EqualityMap();
for (int i = 0; i < length; ++i)
{
map.Add(
new PrettyName("chi", i),
new DoubleIndex(i, 0)
);
map.Add(
new PrettyName("chi", i),
new DoubleIndex(length + i, 0)
);
map.Add(
new PrettyName("delta", i),
new DoubleIndex(i, 4)
);
map.Add(
new PrettyName("delta", i),
new DoubleIndex(length + i, 4)
);
map.Add(
new PrettyName("beta", i),
new DoubleIndex(i, 2)
);
map.Add(
new PrettyName("beta", i),
new DoubleIndex(length + i, 2)
);
}
// create proverParameters
ProverEqualityParameters prover = new ProverEqualityParameters(allOpenEquations, map, _crypto);
string jsonProver = CryptoSerializer.Serialize <ProverEqualityParameters>(prover);
ProverEqualityParameters deserializedProver = CryptoSerializer.Deserialize <ProverEqualityParameters>(jsonProver);
StaticHelperClass.AssertArraysAreEqual(prover.Statements, deserializedProver.Statements, "Prover closedDLEquations");
StaticHelperClass.AssertArraysAreEqual(prover.Witnesses, deserializedProver.Witnesses, "Prover Witnesses");
StaticHelperClass.AssertArraysAreEqual(prover.HashDigest, deserializedProver.HashDigest, "equality map hash.");
StaticHelperClass.AssertArraysAreEqual(prover.Generators, deserializedProver.Generators, "prover Generators");
for (int i = 0; i < prover.Statements.Length; ++i)
{
Assert.IsTrue(prover.Statements[i].AreBasesEqual(deserializedProver.Statements[i]), "unequal bases for equation " + i);
}
Assert.IsTrue(deserializedProver.Verify(), "deserializedProver.Verify()");
// create proof
EqualityProof proof = new EqualityProof(prover);
Assert.IsTrue(proof.Verify(prover), "Proof.Verify(prover)");
Assert.IsTrue(proof.Verify(deserializedProver), "proof.Verify(deserializedProver)");
string jsonProof = CryptoSerializer.Serialize <EqualityProof>(proof);
// TODO: switch to using ip-based de-serialization; need to harmonize with U-Prove SDK code
IssuerParameters ip = new IssuerParameters();
ip.Gq = prover.Group;
EqualityProof deserializedProof = ip.Deserialize <EqualityProof>(jsonProof); // CryptoSerializer.Deserialize<EqualityProof>(jsonProof);
Assert.IsTrue(deserializedProof.Verify(prover), "deserializedProof.Verify(prover)");
Assert.IsTrue(deserializedProof.Verify(deserializedProver), "deserializedProof.Verify(deserializedProver)");
// create verifier
IStatement[] closedEquations = new ClosedDLRepOfGroupElement[allOpenEquations.Length];
for (int i = 0; i < allOpenEquations.Length; ++i)
{
closedEquations[i] = allOpenEquations[i].GetStatement();
}
VerifierEqualityParameters verifier = new VerifierEqualityParameters(closedEquations, map, _crypto);
Assert.IsTrue(proof.Verify(verifier), "Proof.Verify(verifier)");
Assert.IsTrue(deserializedProof.Verify(verifier), "proof.Verify(verifier)");
string jsonVerifier = CryptoSerializer.Serialize <VerifierEqualityParameters>(verifier);
VerifierEqualityParameters deserializedVerifier = CryptoSerializer.Deserialize <VerifierEqualityParameters>(jsonVerifier);
Assert.IsTrue(deserializedVerifier.Verify(), "deserializedVerifier.Verify()");
Assert.IsTrue(deserializedProof.Verify(deserializedVerifier), "deserializedProof.Verify(deserializedVerifier)");
// create proof from deserialized prover
EqualityProof newProof = new EqualityProof(deserializedProver);
Assert.IsTrue(newProof.Verify(deserializedProver), "newProof.verify(deserializedProver)");
Assert.IsTrue(newProof.Verify(verifier), "newProof.Verify(verifier)");
}
public void EQTokenIntegrationTest()
{
// Both tokens will hash attributes
// but example also works if hashAttributes=false
bool hashAttributes = true;
// Setting up IssuerParameters for token1
byte[] uidP1 = new byte[] { 1, 1, 2, 3, 5, 7 };
byte[] tokenInformation1 = new byte[] { 1, 2, 3, 4, 5, 6, 7 };
byte[][] attributes1 = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Target Attribute"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// Setting up IssuerParameters for token2
byte[] tokenInformation2 = new byte[] { 12, 13, 14, 15, 0, 10 };
byte[] uidP2 = new byte[] { 3, 1, 4, 1, 5 };
byte[][] attributes2 = new byte[][]
{
_encoding.GetBytes("Target Attribute"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 6"),
_encoding.GetBytes("Attribute 7"),
_encoding.GetBytes("Attribute 8")
};
// generate tokens
ProverPresentationProtocolParameters prover1, prover2;
VerifierPresentationProtocolParameters verifier1, verifier2;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover1, out verifier1, tokenInformation1, attributes1, null, uidP1);
StaticHelperClass.GetUProveParameters(hashAttributes, out prover2, out verifier2, tokenInformation2, attributes2, null, uidP2);
CommitmentPrivateValues cpv1, cpv2;
PresentationProof token1 = PresentationProof.Generate(prover1, out cpv1);
PresentationProof token2 = PresentationProof.Generate(prover2, out cpv2);
// Create PedersenCommitments
// The prover and verifier have a map Committed that contains the relationship between
// token attributes and CommitmentPrivateValues.
int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(prover1.Committed, 3); // attribute 3 from prover1
PedersenCommitment ped1 = new PedersenCommitment(prover1, token1, cpv1, commitmentIndex1);
int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(prover2.Committed, 1); // attribute 1 from prover2
PedersenCommitment ped2 = new PedersenCommitment(prover2, token2, cpv2, commitmentIndex2);
// Create EqualityProof
CryptoParameters crypto = new CryptoParameters(prover1.IP); // Can use prover2.IP
ProverEqualityParameters equalityProver = new ProverEqualityParameters(ped1, 0, ped2, 0, crypto); // compares committed values in ped1 and ped2
EqualityProof proof = new EqualityProof(equalityProver);
// Verify EqualityProof
commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.Committed, 3); // attribute 3 from prover1
commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.Committed, 1); // attribute 1 from prover2
ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.IP, token1, commitmentIndex1);
ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.IP, token2, commitmentIndex2);
VerifierEqualityParameters equalityVerifier = new VerifierEqualityParameters(closedPed1, 0, closedPed2, 0, crypto);
Assert.IsTrue(proof.Verify(equalityVerifier));
}
