public void CSChangeGroupTest()
{
CryptoParameters crypto1 = StaticHelperClass.ParameterArray[4];
ProverSetMembershipParameters prover1 = new ProverSetMembershipParameters(crypto1);
FieldZqElement[] memberSet1 = crypto1.FieldZq.GetRandomElements(10, true);
prover1.setProverParameters(memberSet1[0], memberSet1);
SetMembershipProof proof1 = new SetMembershipProof(prover1);
string serialized1 = CryptoSerializer.Serialize <SetMembershipProof>(proof1);
SetMembershipProof output1 = CryptoSerializer.Deserialize <SetMembershipProof>(serialized1);
Assert.IsTrue(output1.Verify(prover1), "output1");
CryptoParameters crypto2 = StaticHelperClass.ParameterArray[3];
ProverSetMembershipParameters prover2 = new ProverSetMembershipParameters(crypto2);
FieldZqElement[] memberSet2 = crypto2.FieldZq.GetRandomElements(10, true);
prover2.setProverParameters(memberSet2[0], memberSet2);
SetMembershipProof proof2 = new SetMembershipProof(prover2);
string serialized2 = CryptoSerializer.Serialize <SetMembershipProof>(proof2);
SetMembershipProof output2 = CryptoSerializer.Deserialize <SetMembershipProof>(serialized2);
Assert.IsTrue(output2.Verify(prover2), "output2");
}
public void BDBadProofTest()
{
FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(30);
PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]);
int decompositionLength = 8;
ProverBitDecompositionParameters proverParams = new ProverBitDecompositionParameters(
bigNumCommit,
decompositionLength,
_parameters[0]);
BitDecompositionProof proof = new BitDecompositionProof(proverParams);
PrivateObject proofAccessor = new PrivateObject(proof);
SetMembershipProof[] smProof = (SetMembershipProof[])proofAccessor.GetField("bitCommitmentProof");
SetMembershipProof[] badSmProof = smProof;
SetMembershipProof tmp = smProof[1];
badSmProof[1] = badSmProof[0];
proofAccessor.SetFieldOrProperty("bitCommitmentProof", badSmProof);
Assert.IsFalse(proof.Verify(proverParams), "bad set membeship proof.");
proofAccessor.SetFieldOrProperty("bitCommitmentProof", smProof);
smProof[1] = tmp;
Assert.IsTrue(proof.Verify(proverParams), "good set membership proof.");
EqualityProof eqProof = (EqualityProof)proofAccessor.GetField("compositionProof");
PrivateObject eqProofAccessor = new PrivateObject(eqProof);
GroupElement [] b = (GroupElement[])eqProofAccessor.GetField("b");
b[1] = b[0];
eqProofAccessor.SetField("b", b);
Assert.IsFalse(proof.Verify(proverParams), "bad equality proof");
}
public void SMSerializationTest()
{
for (int paramIndex = 0; paramIndex < StaticHelperClass.ParameterArray.Length; ++paramIndex)
{
// choose parameters
CryptoParameters crypto = StaticHelperClass.ParameterArray[paramIndex];
FieldZqElement[] memberSet = crypto.FieldZq.GetRandomElements(10, true);
// create a set membership proof
ProverSetMembershipParameters prover = new ProverSetMembershipParameters(crypto);
prover.setProverParameters(memberSet[3], memberSet);
SetMembershipProof originalProof = new SetMembershipProof(prover);
// serialize the proof
IssuerParameters ip = new IssuerParameters();
string serializedProof = ip.Serialize <SetMembershipProof>(originalProof);
// deserialize the proof
SetMembershipProof deserializedProof = ip.Deserialize <SetMembershipProof>(serializedProof);
// make sure it verifies
Assert.IsTrue(deserializedProof.Verify(prover), "deserialized proof does not verify.");
// serialize the proof again
string serializedProof2 = ip.Serialize <SetMembershipProof>(deserializedProof);
// make sure the two serialized proofs are equal
Assert.AreEqual(serializedProof, serializedProof2, "inconsistent proof serialization.");
}
}
public void SMBadConstructorTest()
{
ProverSetMembershipParameters badProver = new ProverSetMembershipParameters(_cryptoParameters);
StaticHelperClass.AssertThrowsException(
new StaticHelperClass.TryBodyDelegate(() => { SetMembershipProof proof = new SetMembershipProof(badProver); }),
typeof(Exception),
"Constructor SetMembershipProof called with bad prover parameters.");
}
public void SMIndexOfMemberSetE2ETest()
{
ProverSetMembershipParameters prover = new ProverSetMembershipParameters(_cryptoParameters);
for (int day = 0; day < ValidDaysOfTheWeek.Length; ++day)
{
prover.setProverParameters(ValidDaysOfTheWeek[day], ValidDaysOfTheWeek);
SetMembershipProof proof = new SetMembershipProof(prover);
Assert.IsTrue(proof.Verify(prover), "proof should verify.");
}
}
public void SMUProveIntegrationTestWithSMRandom()
{
// In this example, the token hashes the attribute
// but example also works if hashAttributes=false
bool hashAttributes = true;
// Setting up attributes for token
byte[][] tokenAttributes = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// We will prove that the target token attribute is in this set
byte[][] setValues = new byte[][]
{
_encoding.GetBytes("Teaching Assistant"),
_encoding.GetBytes("Student"),
_encoding.GetBytes("Professor"), // this is the attribute we'll compare
_encoding.GetBytes("Dean")
};
// generate token
ProverPresentationProtocolParameters prover;
VerifierPresentationProtocolParameters verifier;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover, out verifier, null, tokenAttributes);
// Get random data from revocation proof
CryptoParameters crypto = new CryptoParameters(prover.IP);
SetMembershipProofGenerationRandomData randomData = SetMembershipProofGenerationRandomData.Generate(crypto.FieldZq, setValues.Length - 1);
// Create set membership proof
SetMembershipProof setProof = new SetMembershipProof(
prover, // token
3, // target attribute in token
setValues, // claim: target attribute is in this set
randomData);
// ...
// Send token and set membership proof to verifier
// ...
bool success = setProof.Verify(
verifier, // verifier token description
3, // target attribute index
setValues); // check target attribute is in this set
Assert.IsTrue(success, "Could not verify proof.");
}
public void SMBadSetMembershipProofTest()
{
ProverSetMembershipParameters prover = new ProverSetMembershipParameters(_cryptoParameters);
prover.setProverParameters(ValidDaysOfTheWeek[3], ValidDaysOfTheWeek);
SetMembershipProof proof = new SetMembershipProof(prover);
// verification fail because verifier parameters don't verify
VerifierSetMembershipParameters verifier = new VerifierSetMembershipParameters(_cryptoParameters);
Assert.IsFalse(proof.Verify(verifier), "proof should fail since verifier parameters fail.");
// verification fail because verifier uses wrong length memberset
FieldZqElement[] badMemberSet = new FieldZqElement[ValidDaysOfTheWeek.Length + 1];
for (int i = 0; i < ValidDaysOfTheWeek.Length; ++i)
{
badMemberSet[i] = ValidDaysOfTheWeek[i];
}
badMemberSet[badMemberSet.Length - 1] = _cryptoParameters.FieldZq.One;
verifier.setVerifierParameters(prover.ClosedCommitment, badMemberSet);
Assert.IsFalse(proof.Verify(verifier), "should fail because memberset too long.");
// verification should fail because memberset too short
badMemberSet = new FieldZqElement[ValidDaysOfTheWeek.Length - 1];
for (int i = 0; i < badMemberSet.Length; ++i)
{
badMemberSet[i] = ValidDaysOfTheWeek[i];
}
verifier.setVerifierParameters(prover.ClosedCommitment, badMemberSet);
Assert.IsFalse(proof.Verify(verifier), "should fail because memberset too long.");
// verification should fail because closed commitment is wrong
verifier.setVerifierParameters(prover.G, prover.MemberSet);
Assert.IsFalse(proof.Verify(verifier), "should fail because closed commitment is wrong.");
// verification fail because generators are wrong
GroupElement [] badGenerators = new GroupElement[2] {
_cryptoParameters.H, _cryptoParameters.G
};
CryptoParameters badcrypto = new CryptoParameters(_cryptoParameters.Group, badGenerators, _cryptoParameters.HashFunctionName);
verifier = new VerifierSetMembershipParameters(badcrypto);
verifier.setVerifierParameters(prover.ClosedCommitment, prover.MemberSet);
Assert.IsFalse(proof.Verify(verifier), "should fail because crypto parameters use wrong generators.");
// verification fail because hash function is wrong
badcrypto = new CryptoParameters(_cryptoParameters.Group, _cryptoParameters.Generators, "SHA-512");
verifier = new VerifierSetMembershipParameters(badcrypto);
verifier.setVerifierParameters(prover.ClosedCommitment, prover.MemberSet);
Assert.IsFalse(proof.Verify(verifier), "should fail because hash function is wrong.");
}
public void SMEndToEndTest()
{
// generate prover and verifier parameters
ProverSetMembershipParameters proverParams = GeneratePSMParameters(0, 10);
Assert.IsTrue(proverParams.Verify());
VerifierSetMembershipParameters verifierParams = new VerifierSetMembershipParameters(proverParams.ClosedCommitment, proverParams.MemberSet, proverParams);
Assert.IsTrue(verifierParams.Verify());
// create the proof and verify it.
SetMembershipProof proof = new SetMembershipProof(proverParams);
Assert.IsTrue(proof.Verify(verifierParams));
Assert.IsTrue(proof.Verify(proverParams));
}
public void SetMembershipProofJsonToObject()
{
SetMembershipProof expected = GetSetMembershipProofObject();
SetMembershipProof result = parser.ParseJsonToObject <SetMembershipProof>(GetSetMembershipProofJson());
helper.CompareList <string>(expected.a, result.a);
helper.CompareList <string>(expected.c, result.c);
helper.CompareList <string>(expected.r, result.r);
Assert.AreEqual(expected.commitmentIndex, result.commitmentIndex);
Assert.AreEqual(expected.verifiersSetMembershipProofId, result.verifiersSetMembershipProofId);
Assert.AreEqual(expected.setValues.Length, result.setValues.Length);
for (int i = 0; i < expected.setValues.Length; i++)
{
for (int j = 0; j < expected.setValues[i].Length; j++)
{
Assert.AreEqual(expected.setValues[i][j], result.setValues[i][j]);
}
}
}
public void CSGenericBadSerializationTest()
{
StaticHelperClass.AssertThrowsException(
() => { CryptoSerializer.Deserialize <SetMembershipProof>("bad jsonString"); },
typeof(SerializationException),
"deserialization");
ProverSetMembershipParameters prover = new ProverSetMembershipParameters(crypto);
FieldZqElement [] memberSet = crypto.FieldZq.GetRandomElements(10, true);
prover.setProverParameters(memberSet[0], memberSet);
SetMembershipProof proof = new SetMembershipProof(prover);
PrivateObject proofAccessor = new PrivateObject(proof);
proofAccessor.SetProperty("c", null);
StaticHelperClass.AssertThrowsException(
() => { CryptoSerializer.Serialize <SetMembershipProof>(proof); },
typeof(SerializationException),
"serialization");
}
public void ProtocolTest()
{
Stopwatch sw = new Stopwatch();
sw.Start();
bool[] bools = new bool[] { true, false };
foreach (bool isSubgroupConstruction in bools)
{
foreach (bool supportDevice in bools)
{
foreach (int DSize in new int[] { 0, 2, 5 })
{
foreach (bool isLite in bools)
{
string filename = "TestVectorData\\testvectors_";
if (isSubgroupConstruction)
{
filename += "SG";
}
else
{
filename += "EC";
}
if (supportDevice)
{
filename += "_Device";
}
filename += ("_D" + DSize);
if (isLite)
{
filename += "_lite";
}
filename += "_doc.txt";
var vectors = GetTestVectors(filename);
IssuerKeyAndParameters ikap = LoadIssuerKeyAndParameters(isSubgroupConstruction, vectors["GroupName"], supportDevice, vectors);
FieldZq Zq = ikap.IssuerParameters.Zq;
// replace random y0/g0 with test vector values
ikap.PrivateKey = Zq.GetElement(HexToBytes(vectors["y0"]));
ikap.IssuerParameters.G[0] = CreateGroupElement(ikap.IssuerParameters.Gq, vectors["g0"]);
Assert.AreEqual(ikap.IssuerParameters.G[0], ikap.IssuerParameters.Gq.G.Exponentiate(ikap.PrivateKey), "g0 computation");
IssuerParameters ip = ikap.IssuerParameters;
ip.Verify();
/*
* issuance
*/
byte[][] A = new byte[][] {
HexToBytes(vectors["A1"]),
HexToBytes(vectors["A2"]),
HexToBytes(vectors["A3"]),
HexToBytes(vectors["A4"]),
HexToBytes(vectors["A5"])
};
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["x1"])), ProtocolHelper.ComputeXi(ip, 0, A[0]), "x1");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["x2"])), ProtocolHelper.ComputeXi(ip, 1, A[1]), "x2");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["x3"])), ProtocolHelper.ComputeXi(ip, 2, A[2]), "x3");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["x4"])), ProtocolHelper.ComputeXi(ip, 3, A[3]), "x4");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["x5"])), ProtocolHelper.ComputeXi(ip, 4, A[4]), "x5");
byte[] TI = HexToBytes(vectors["TI"]);
Assert.IsTrue(HexToBytes(vectors["P"]).SequenceEqual(ip.Digest(supportDevice)), "P");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["xt"])), ProtocolHelper.ComputeXt(ip, TI, supportDevice), "xt");
IDevice device = null;
GroupElement hd = null;
if (supportDevice)
{
device = new VirtualDevice(ip, Zq.GetElement(HexToBytes(vectors["xd"])), Zq.GetElement(HexToBytes(vectors["wdPrime"])));
IDevicePresentationContext context = device.GetPresentationContext();
// Test device responses
Assert.AreEqual(CreateGroupElement(ip.Gq, vectors["hd"]), device.GetDevicePublicKey(), "hd");
Assert.AreEqual(CreateGroupElement(ip.Gq, vectors["ad"]), context.GetInitialWitness(), "ad");
Assert.AreEqual(Zq.GetElement(HexToBytes(vectors["rdPrime"])), context.GetDeviceResponse(HexToBytes(vectors["md"]), HexToBytes(vectors["cp"]), ip.HashFunctionOID), "rdPrime");
hd = CreateGroupElement(ip.Gq, vectors["hd"]);
}
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = A;
ipp.NumberOfTokens = 1;
ipp.TokenInformation = TI;
ipp.DevicePublicKey = hd;
ipp.PreGeneratedW = new FieldZqElement[] { Zq.GetElement(HexToBytes(vectors["w"])) };
Issuer issuer = ipp.CreateIssuer();
byte[] PI = HexToBytes(vectors["PI"]);
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = A;
ppp.NumberOfTokens = 1;
ppp.TokenInformation = TI;
ppp.ProverInformation = PI;
ppp.DevicePublicKey = hd;
ppp.ProverRandomData = new ProverRandomData(
new FieldZqElement[] { Zq.GetElement(HexToBytes(vectors["alpha"])) },
new FieldZqElement[] { Zq.GetElement(HexToBytes(vectors["beta1"])) },
new FieldZqElement[] { Zq.GetElement(HexToBytes(vectors["beta2"])) });
Prover prover = ppp.CreateProver();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
Assert.AreEqual(msg1.sigmaZ, CreateGroupElement(ip.Gq, vectors["sigmaZ"]), "sigmaZ");
Assert.AreEqual(msg1.sigmaA[0], CreateGroupElement(ip.Gq, vectors["sigmaA"]), "sigmaA");
Assert.AreEqual(msg1.sigmaB[0], CreateGroupElement(ip.Gq, vectors["sigmaB"]), "sigmaB");
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
Assert.AreEqual(msg2.sigmaC[0], Zq.GetElement(HexToBytes(vectors["sigmaC"])), "sigmaC");
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
Assert.AreEqual(msg3.sigmaR[0], Zq.GetElement(HexToBytes(vectors["sigmaR"])), "sigmaR");
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
Assert.AreEqual(upkt[0].PrivateKey, Zq.GetElement(HexToBytes(vectors["alphaInverse"])), "alphaInverse");
UProveToken token = upkt[0].Token;
Assert.AreEqual(token.H, CreateGroupElement(ip.Gq, vectors["h"]), "h");
Assert.AreEqual(token.SigmaZPrime, CreateGroupElement(ip.Gq, vectors["sigmaZPrime"]), "sigmaZPrime");
Assert.AreEqual(token.SigmaCPrime, Zq.GetElement(HexToBytes(vectors["sigmaCPrime"])), "sigmaCPrime");
Assert.AreEqual(token.SigmaRPrime, Zq.GetElement(HexToBytes(vectors["sigmaRPrime"])), "sigmaRPrime");
Assert.IsTrue(HexToBytes(vectors["UIDt"]).SequenceEqual(ProtocolHelper.ComputeTokenID(ip, token)), "UIDt");
Assert.IsTrue(supportDevice == token.IsDeviceProtected);
/*
* presentation
*/
int[] disclosed = new int[] { };
if (vectors.ContainsKey("D") && vectors["D"].Length > 0)
{
disclosed = Array.ConvertAll <string, int>(vectors["D"].Split(','), new Converter <string, int>(stringToInt));
}
int[] undisclosed = new int[5 - disclosed.Length];
int dIndex = 0, uIndex = 0;
for (int i = 1; i <= 5; i++)
{
if (disclosed.Length > 0 && disclosed[dIndex] == i)
{
dIndex++;
}
else
{
undisclosed[uIndex++] = i;
}
}
int[] committed = new int[] { };
if (vectors.ContainsKey("C") && vectors["C"].Length > 0)
{
committed = Array.ConvertAll <string, int>(vectors["C"].Split(','), new Converter <string, int>(stringToInt));
}
byte[] m = HexToBytes(vectors["m"]);
byte[] md = HexToBytes(vectors["md"]);
IDevicePresentationContext deviceContext = null;
if (supportDevice)
{
deviceContext = device.GetPresentationContext();
}
int p = 0;
if (vectors.ContainsKey("p") && !int.TryParse(vectors["p"], out p))
{
p = PresentationProof.DeviceAttributeIndex;
}
byte[] s = vectors.ContainsKey("s") ? HexToBytes(vectors["s"]) : null;
int commitmentIndex = committed.Length > 0 ? committed[0] : 0;
ProverPresentationProtocolParameters pppp = new ProverPresentationProtocolParameters(ip, disclosed, m, upkt[0], A);
pppp.Committed = committed;
pppp.PseudonymAttributeIndex = p;
pppp.PseudonymScope = s;
pppp.DeviceMessage = md;
pppp.DeviceContext = deviceContext;
FieldZqElement[] w = new FieldZqElement[undisclosed.Length];
for (int i = 0; i < undisclosed.Length; i++)
{
w[i] = Zq.GetElement(HexToBytes(vectors["w" + undisclosed[i]]));
}
FieldZqElement[] tildeO = new FieldZqElement[committed.Length];
FieldZqElement[] tildeW = new FieldZqElement[committed.Length];
for (int i = 0; i < committed.Length; i++)
{
tildeO[i] = Zq.GetElement(HexToBytes(vectors["tildeO" + committed[i]]));
tildeW[i] = Zq.GetElement(HexToBytes(vectors["tildeW" + committed[i]]));
}
pppp.RandomData = new ProofGenerationRandomData(
Zq.GetElement(HexToBytes(vectors["w0"])),
w,
supportDevice ? Zq.GetElement(HexToBytes(vectors["wd"])) : null,
tildeO,
tildeW);
CommitmentPrivateValues cpv;
PresentationProof proof = PresentationProof.Generate(pppp, out cpv);
Assert.IsTrue(HexToBytes(vectors["a"]).SequenceEqual(proof.A), "a");
if (vectors.ContainsKey("gs"))
{
Assert.AreEqual(ProtocolHelper.GenerateScopeElement(ip.Gq, s), CreateGroupElement(ip.Gq, vectors["gs"]));
Assert.IsTrue(HexToBytes(vectors["ap"]).SequenceEqual(proof.Ap), "ap");
Assert.AreEqual(proof.Ps, CreateGroupElement(ip.Gq, vectors["Ps"]), "Ps");
}
for (int i = 0; i < disclosed.Length; i++)
{
Assert.IsTrue(HexToBytes(vectors["A" + disclosed[i]]).SequenceEqual(proof.DisclosedAttributes[i]), "A" + disclosed[i]);
}
Assert.AreEqual(proof.R[0], Zq.GetElement(HexToBytes(vectors["r0"])), "r0");
for (int i = 0; i < undisclosed.Length; i++)
{
Assert.AreEqual(proof.R[i + 1], Zq.GetElement(HexToBytes(vectors["r" + undisclosed[i]])), "r" + undisclosed[i]);
}
if (supportDevice)
{
Assert.AreEqual(proof.R[proof.R.Length - 1], Zq.GetElement(HexToBytes(vectors["rd"])), "rd");
}
for (int i = 0; i < committed.Length; i++)
{
Assert.AreEqual(proof.Commitments[i].TildeR, Zq.GetElement(HexToBytes(vectors["tildeR" + committed[i]])), "tildeR" + committed[i]);
Assert.IsTrue(cpv.TildeO.Length == committed.Length);
Assert.AreEqual(cpv.TildeO[i], Zq.GetElement(HexToBytes(vectors["tildeO" + committed[i]])), "tildeO" + committed[i]);
}
VerifierPresentationProtocolParameters vppp = new VerifierPresentationProtocolParameters(ip, disclosed, m, upkt[0].Token);
vppp.Committed = committed;
vppp.PseudonymAttributeIndex = p;
vppp.PseudonymScope = s;
vppp.DeviceMessage = md;
proof.Verify(vppp);
#if TEST_ID_ESCROW
if (committed.Length > 0)
{
IDEscrowParams escrowParams = new IDEscrowParams(ip);
IDEscrowPrivateKey escrowPrivateKey = new IDEscrowPrivateKey(Zq.GetElement(HexToBytes(vectors["ie_x"])));
IDEscrowPublicKey escrowPublicKey = new IDEscrowPublicKey(escrowParams, escrowPrivateKey);
Assert.AreEqual(escrowPublicKey.H, CreateGroupElement(ip.Gq, vectors["ie_H"]), "ie_H");
byte[] additionalInfo = HexToBytes(vectors["ie_additionalInfo"]);
int ie_bIndex = int.Parse(vectors["ie_b"]);
IDEscrowCiphertext ctext = IDEscrowFunctions.VerifiableEncrypt(
escrowParams,
escrowPublicKey,
HexToBytes(vectors["UIDt"]),
proof.Commitments[0].TildeC,
ProtocolHelper.ComputeXi(ip, ie_bIndex - 1, A[ie_bIndex - 1]),
cpv.TildeO[0],
additionalInfo,
new IDEscrowFunctions.IDEscrowProofGenerationRandomData(
Zq.GetElement(HexToBytes(vectors["ie_r"])),
Zq.GetElement(HexToBytes(vectors["ie_xbPrime"])),
Zq.GetElement(HexToBytes(vectors["ie_rPrime"])),
Zq.GetElement(HexToBytes(vectors["ie_obPrime"]))));
Assert.IsTrue(IDEscrowFunctions.UProveVerify(escrowParams, ctext, proof, upkt[0].Token, escrowPublicKey));
Assert.AreEqual(ctext.E1, CreateGroupElement(ip.Gq, vectors["ie_E1"]), "ie_E1");
Assert.AreEqual(ctext.E2, CreateGroupElement(ip.Gq, vectors["ie_E2"]), "ie_E2");
Assert.AreEqual(ctext.proof.c, Zq.GetElement(HexToBytes(vectors["ie_c"])), "ie_c");
Assert.AreEqual(ctext.proof.rR, Zq.GetElement(HexToBytes(vectors["ie_rr"])), "ie_rr");
Assert.AreEqual(ctext.proof.rXb, Zq.GetElement(HexToBytes(vectors["ie_rxb"])), "ie_rxb");
Assert.AreEqual(ctext.proof.rOb, Zq.GetElement(HexToBytes(vectors["ie_rob"])), "ie_rob");
GroupElement PE = IDEscrowFunctions.Decrypt(escrowParams, ctext, escrowPrivateKey);
}
#endif
#if TEST_DVA_REVOCATION
if (committed.Length > 0)
{
RAParameters raParams = new RAParameters(ip.Gq.GroupName, CreateGroupElement(ip.Gq, vectors["r_K"]), ip.UidH);
FieldZqElement delta = Zq.GetElement(HexToBytes(vectors["r_delta"]));
RevocationAuthority RA = new RevocationAuthority(raParams, delta);
HashSet <FieldZqElement> revoked = new HashSet <FieldZqElement>();
for (int i = 1; i <= 4; i++)
{
revoked.Add(Zq.GetElement(HexToBytes(vectors["r_R" + i])));
}
RA.UpdateAccumulator(revoked, null);
Assert.AreEqual(RA.Accumulator, CreateGroupElement(ip.Gq, vectors["r_V"]), "r_V");
int r_id = 0;
int.TryParse(vectors["r_id"], out r_id);
RevocationWitness witness = RA.ComputeRevocationWitness(revoked, Zq.GetElement(HexToBytes(vectors["x" + r_id])));
Assert.AreEqual(witness.d, Zq.GetElement(HexToBytes(vectors["r_d"])), "r_d");
Assert.AreEqual(witness.W, CreateGroupElement(ip.Gq, vectors["r_W"]), "r_W");
Assert.AreEqual(witness.Q, CreateGroupElement(ip.Gq, vectors["r_Q"]), "r_Q");
NonRevocationProof nrProof = RevocationUser.GenerateNonRevocationProof(
raParams,
witness,
proof.Commitments[0].TildeC, ProtocolHelper.ComputeXi(ip, r_id - 1, A[r_id - 1]),
cpv.TildeO[0],
new NonRevocationProofGenerationRandomData(new FieldZqElement[] {
Zq.GetElement(HexToBytes(vectors["r_t1"])),
Zq.GetElement(HexToBytes(vectors["r_t2"])),
Zq.GetElement(HexToBytes(vectors["r_k1"])),
Zq.GetElement(HexToBytes(vectors["r_k2"])),
Zq.GetElement(HexToBytes(vectors["r_k3"])),
Zq.GetElement(HexToBytes(vectors["r_k4"])),
Zq.GetElement(HexToBytes(vectors["r_k5"])),
Zq.GetElement(HexToBytes(vectors["r_k6"]))
}));
Assert.AreEqual(nrProof.X, CreateGroupElement(ip.Gq, vectors["r_X"]), "r_X");
Assert.AreEqual(nrProof.Y, CreateGroupElement(ip.Gq, vectors["r_Y"]), "r_Y");
Assert.AreEqual(nrProof.Cd, CreateGroupElement(ip.Gq, vectors["r_Cd"]), "r_Cd");
Assert.AreEqual(nrProof.cPrime, Zq.GetElement(HexToBytes(vectors["r_cPrime"])), "r_cPrime");
Assert.AreEqual(nrProof.s[0], Zq.GetElement(HexToBytes(vectors["r_s1"])), "r_s1");
Assert.AreEqual(nrProof.s[1], Zq.GetElement(HexToBytes(vectors["r_s2"])), "r_s2");
Assert.AreEqual(nrProof.s[2], Zq.GetElement(HexToBytes(vectors["r_s3"])), "r_s3");
Assert.AreEqual(nrProof.s[3], Zq.GetElement(HexToBytes(vectors["r_s4"])), "r_s4");
Assert.AreEqual(nrProof.s[4], Zq.GetElement(HexToBytes(vectors["r_s5"])), "r_s5");
Assert.AreEqual(nrProof.s[5], Zq.GetElement(HexToBytes(vectors["r_s6"])), "r_s6");
// validate proof
RA.VerifyNonRevocationProof(ip, 0, proof, nrProof);
}
#endif
#if TEST_SET_MEMBERSHIP
if (committed.Length > 0)
{
int sm_x_index = 0;
int.TryParse(vectors["sm_x_index"], out sm_x_index);
int sm_n = 0;
int.TryParse(vectors["sm_n"], out sm_n);
int sm_i = 0;
int.TryParse(vectors["sm_i"], out sm_i);
byte[][] setValues = new byte[sm_n][];
FieldZqElement[] sm_c = new FieldZqElement[sm_n - 1];
FieldZqElement[] sm_r = new FieldZqElement[sm_n - 1];
int randomIndex = 0;
for (int i = 1; i <= sm_n; i++)
{
if (i == sm_i)
{
setValues[i - 1] = HexToBytes(vectors["A" + sm_x_index]);
}
else
{
setValues[i - 1] = HexToBytes(vectors["sm_s" + i]);
sm_c[randomIndex] = Zq.GetElement(HexToBytes(vectors["sm_c" + i]));
sm_r[randomIndex] = Zq.GetElement(HexToBytes(vectors["sm_r" + i]));
randomIndex++;
}
}
SetMembershipProofGenerationRandomData smRandom = new SetMembershipProofGenerationRandomData(sm_c, sm_r, Zq.GetElement(HexToBytes(vectors["sm_w"])));
SetMembershipProof setMembershipProof = SetMembershipProof.Generate(pppp, proof, cpv, sm_x_index, setValues, smRandom);
for (int i = 1; i <= sm_n; i++)
{
Assert.AreEqual(setMembershipProof.a[i - 1], CreateGroupElement(ip.Gq, vectors["sm_a" + i]), "sm_a" + i);
if (i < sm_n) // no c_n in the proof
{
Assert.AreEqual(setMembershipProof.c[i - 1], Zq.GetElement(HexToBytes(vectors["sm_c" + i])), "sm_c" + i);
}
Assert.AreEqual(setMembershipProof.r[i - 1], Zq.GetElement(HexToBytes(vectors["sm_r" + i])), "sm_r" + i);
}
if (!SetMembershipProof.Verify(vppp, proof, setMembershipProof, sm_x_index, setValues))
{
throw new InvalidUProveArtifactException("Invalid set membership proof");
}
}
#endif
}
}
}
}
sw.Stop();
Debug.WriteLine("Protocol Test Elapsed Time: " + sw.ElapsedMilliseconds + "ms");
}