public void GroupDivideTest()
{
Group group = ECParameterSets.ParamSet_EC_P384_V1.Group;
for (int i = 0; i < 10; ++i)
{
GroupElement a = group.GetRandomElement(false);
GroupElement b = group.GetRandomElement(true);
GroupElement c = group.Divide(a, b);
Assert.AreEqual <GroupElement>(a * group.Invert(b), c, "a.divide(b).");
}
for (int i = 0; i < 20; ++i)
{
FieldZqElement a = group.FieldZq.GetRandomElement(true);
FieldZqElement b = group.FieldZq.GetRandomElement(true);
Assert.AreEqual(group.G.Exponentiate(a - b), group.Divide(group.G.Exponentiate(a), group.G.Exponentiate(b)));
}
FieldZqElement one = _smallGroup.FieldZq.One;
FieldZqElement two = _smallGroup.FieldZq.GetElement(2);
FieldZqElement three = _smallGroup.FieldZq.GetElement(3);
FieldZqElement four = _smallGroup.FieldZq.GetElement(4);
GroupElement G = _smallGroup.G;
Assert.AreEqual <GroupElement>(_smallGroup.Invert(G), _smallGroup.Divide(G.Exponentiate(two), G.Exponentiate(three)), "G^2/G^3");
Assert.AreEqual <GroupElement>(G.Exponentiate(two), _smallGroup.Divide(G.Exponentiate(one), G.Exponentiate(four)), "G^1/G^4");
Assert.AreEqual <GroupElement>(G.Exponentiate(three), _smallGroup.Divide(G.Exponentiate(one), G.Exponentiate(three)), "G^1/G^3");
}
public void SimpleConstructorTest()
{
for (int i = 0; i < _parameters.Length; ++i)
{
FieldZqElement committedValue = _parameters[i].FieldZq.GetRandomElement(true);
GroupElement g = _parameters[i].G;
GroupElement h = _parameters[i].H;
PedersenCommitment pedCom1 = new PedersenCommitment(committedValue, _parameters[i]);
FieldZqElement opening = pedCom1.ExponentAtIndex(1);
Assert.AreEqual(g, pedCom1.BaseAtIndex(0), "pedcom1 has wrong base_0");
Assert.AreEqual(h, pedCom1.BaseAtIndex(1), "pedcom1 has wrong base_1");
Assert.AreEqual(committedValue, pedCom1.CommittedValue, "pedcom1 used wrong committed value");
GroupElement expectedCommitmentValue = g.Exponentiate(committedValue) * h.Exponentiate(opening);
Assert.AreEqual(expectedCommitmentValue, pedCom1.Value, "pedcom1 computed wrong value");
PedersenCommitment pedCom2 = new PedersenCommitment(g, h, committedValue, opening, _parameters[i].Group);
Assert.AreEqual(pedCom1, pedCom2, "pedcom1 and pedcom2 different");
FieldZqElement[] exponents = new FieldZqElement[2] {
committedValue, opening
};
GroupElement[] bases = new GroupElement[2] {
g, h
};
PedersenCommitment pedCom3 = new PedersenCommitment(bases, exponents, _parameters[i].Group);
Assert.AreEqual(pedCom1, pedCom3, "pedcom1 and pedcom3 different");
Assert.AreEqual(pedCom2, pedCom3, "pedcom2 and pedcom3 different");
}
}
public bool verifyPseudonym(string messageParam, string verifierScopeParam, PseudonymComposite pseudonym, string sessionID)
{
// we validate the pseudonym here because the U-Prove SDK only supports this while
// validating a presentation proof
cOut.write("verfiyPseudonym()");
VerifySessionId(sessionID);
try
{
DeviceManager dManager = sessionDB[sessionID].deviceManager;
dManager.EnsureDeviceInit();
Pseudonym p = ConvertUtils.convertPseudonymComposite(pseudonym, dManager);
bool scopeExclusive = (verifierScopeParam != null && verifierScopeParam != "null" && verifierScopeParam.Length > 0);
GroupElement baseElement = null;
if (scopeExclusive)
{
baseElement = ProtocolHelper.GenerateScopeElement(dManager.Gq, encoding.GetBytes(verifierScopeParam));
}
else
{
baseElement = dManager.Gd;
}
BigInteger c = dManager.ComputeDeviceChallenge(encoding.GetBytes(messageParam));
// A =?= g^R P^c
return(p.A.Equals(baseElement.Exponentiate(p.R).Multiply(p.P.Exponentiate(c))));
}
catch (Exception e)
{
cOut.write("Exception caught: " + e.Message);
DebugUtils.DebugPrint(e.StackTrace.ToString());
return(false);
}
}
/// <summary>
/// Updates the revocation witness for a user, either adding or removing a revoked value.
/// </summary>
/// <param name="rap">The Revocation Authority parameters.</param>
/// <param name="xid">The revocation attribute value <c>xid</c>.</param>
/// <param name="revoked">The attribute value to added to the accumulator, or <c>null</c>.</param>
/// <param name="unrevoked">The attribute value to deleted to the accumulator, or <c>null</c>.</param>
/// <param name="oldAccumulator">The old accumulator value <c>V</c>. If <c>null</c>, then the accumulator is freshly calculated.</param>
/// <param name="updatedAccumulator">The old accumulator value <c>V'</c>.</param>
/// <param name="oldWitness">The old witness values. If <c>null</c>, then the witness is freshly calculated.</param>
/// <returns></returns>
public static RevocationWitness UpdateWitness(RAParameters rap, FieldZqElement xid, FieldZqElement revoked, FieldZqElement unrevoked, GroupElement oldAccumulator, GroupElement updatedAccumulator, RevocationWitness oldWitness)
{
// TODO: implement batch updates
if (revoked != null && unrevoked != null)
{
throw new ArgumentException("only one of revoked and unrevoked can be non-null");
}
FieldZqElement one = rap.group.FieldZq.One;
if (oldAccumulator == null)
{
// set the accumulator value for an empty revocation set
oldAccumulator = rap.gt;
}
if (oldWitness == null)
{
oldWitness = new RevocationWitness(rap.group.FieldZq.One, rap.group.Identity, rap.group.Identity);
}
if (revoked == null && unrevoked == null)
{
// nothing to do
return(oldWitness);
}
FieldZqElement dPrime = null;
GroupElement WPrime = null;
GroupElement QPrime = null;
FieldZqElement xDiff = one;
// add values to witness
if (revoked != null)
{
xDiff = (revoked - xid);
dPrime = oldWitness.d * xDiff;
WPrime = oldAccumulator * oldWitness.W.Exponentiate(xDiff);
}
xDiff = one;
// remove values from witness
if (unrevoked != null)
{
xDiff = (unrevoked - xid).Invert();
dPrime = oldWitness.d * xDiff;
WPrime = updatedAccumulator.Exponentiate(one.Negate()) * oldWitness.W.Exponentiate(xDiff);
}
// update QPrime value
QPrime = updatedAccumulator * WPrime.Exponentiate(xid.Negate()) * rap.gt.Exponentiate(dPrime.Negate());
return(new RevocationWitness(dPrime, WPrime, QPrime));
}
public static GroupElement[] GenerateRandomBases(int outputLength, int paramIndex)
{
FieldZqElement[] exponents = _parameters[paramIndex].FieldZq.GetRandomElements(outputLength, true);
GroupElement g = _parameters[paramIndex].Generators[0];
GroupElement[] bases = new GroupElement[outputLength];
for (int i = 0; i < bases.Length; ++i)
{
bases[i] = g.Exponentiate(exponents[i]);
}
return(bases);
}
public void ParameterSetConstructorTest()
{
int replength = 6;
for (int paramIndex = 0; paramIndex < _parameters.Length; ++paramIndex)
{
FieldZqElement[] exponents = StaticHelperClass.GenerateRandomExponents(replength, paramIndex);
GroupElement[] expectedBases = GetGenerators(_parameters[paramIndex], replength);
DLRepOfGroupElement dl = new DLRepOfGroupElement(exponents, _parameters[paramIndex]);
// check bases and exponents got copied correctly, and value was computed correctly
GroupElement expectedValue = _parameters[paramIndex].Group.Identity;
for (int baseIndex = 0; baseIndex < replength; ++baseIndex)
{
GroupElement expectedBase = expectedBases[baseIndex];
Assert.AreEqual(expectedBase, dl.BaseAtIndex(baseIndex), "Wrong base");
Assert.AreEqual(exponents[baseIndex], dl.ExponentAtIndex(baseIndex), "wrong exponent");
expectedValue = expectedValue * expectedBase.Exponentiate(exponents[baseIndex]);
}
Assert.AreEqual(expectedValue, dl.Value, "Incorrect Value");
}
}
