/// <summary>
/// Verifies that an <c>IECiphertext</c> was computed correctly.
/// This is a wrapper around <c>IEFunctions.Verify</c> for use with U-Prove.
/// </summary>
/// <param name="escrowParams">Parameters of the ID escrow scheme</param>
/// <param name="ctext">A ciphertext created with <c>param</c> and <c>pk</c>. </param>
/// <param name="proof">The associated U-Prove presentation proof.</param>
/// <param name="token">The associated U-Prove token.</param>
/// <param name="pk">The auditor's public key</param>
/// <returns> True if the ciphertext is valid, false if it is invalid.</returns>
/// <remarks>The identity <b>must be</b> the first committed attribute in the proof (as
/// in <c>UProveVerifiableEncrypt</c>).</remarks>
public static bool UProveVerify(IDEscrowParams escrowParams, IDEscrowCiphertext ctext, PresentationProof proof, UProveToken token, IDEscrowPublicKey pk)
{
if (escrowParams == null || ctext == null || proof == null || token == null || pk == null)
{
throw new ArgumentException("null input to UProveVerify");
}
if (proof.Commitments == null || proof.Commitments.Length < 1)
{
throw new InvalidUProveArtifactException("invalid inputs to UProveVerifiableEncrypt");
}
GroupElement Cx1 = proof.Commitments[0].TildeC;
byte[] tokenId = ProtocolHelper.ComputeTokenID(escrowParams.ip, token);
return(IDEscrowFunctions.Verify(escrowParams, ctext, tokenId, pk, Cx1));
}
/// <summary>
/// Create a verifiable encryption of a pseudonym based on a U-Prove presentation proof. This is a wrapper
/// of <c>VerifiableEncrypt</c>.
///
/// </summary>
/// <param name="escrowParams"> Parameters of the ID escrow scheme</param>
/// <param name="escrowPublicKey"> Public key of the Auditor (the authority who can decrypt the output ciphertex).</param>
/// <param name="token"> The U-Prove token corresponding to the <c>proof</c>. </param>
/// <param name="additionalInfo">See documentation of <c>VerifiableEncrypt</c></param>
/// <param name="proof">A U-Prove prsentation proof.</param>
/// <param name="cpv">Commitment opening information, output when generating <c>proof</c>.</param>
/// <param name="idAttributeIndex"> Index of the attribute to use for identity escrow (1-based indexing). This attribute <b>must be</b>
/// the first commited attribute (take care if using multiple extensions). </param>
/// <param name="attributes"> Attributes in <c>token</c>.</param>
/// <returns></returns>
public static IDEscrowCiphertext UProveVerifableEncrypt(IDEscrowParams escrowParams, IDEscrowPublicKey escrowPublicKey,
UProveToken token, byte[] additionalInfo, PresentationProof proof,
CommitmentPrivateValues cpv, int idAttributeIndex, byte[][] attributes)
{
if (token == null || escrowParams == null || proof == null || cpv == null)
{
throw new ArgumentNullException("null input to UProveVerifiableEncrypt");
}
if (proof.Commitments == null || proof.Commitments.Length < 1 ||
attributes.Length < idAttributeIndex || cpv.TildeO == null || cpv.TildeO.Length < 1)
{
throw new InvalidUProveArtifactException("invalid inputs to UProveVerifiableEncrypt");
}
byte[] tokenId = ProtocolHelper.ComputeTokenID(escrowParams.ip, token);
GroupElement Cx1 = proof.Commitments[0].TildeC; // x1 is the first committed attribute
FieldZqElement x1 = ProtocolHelper.ComputeXi(escrowParams.ip, idAttributeIndex - 1, attributes[idAttributeIndex - 1]); // arrays are 0-based
FieldZqElement tildeO1 = cpv.TildeO[0];
return(IDEscrowFunctions.VerifiableEncrypt(escrowParams, escrowPublicKey, tokenId, Cx1, x1, tildeO1, additionalInfo));
}
