Beispiel #1
0
        public void ConstructorHelper(ProverBitDecompositionParameters prover)
        {
            try
            {
                if (!prover.Verify())
                {
                    throw new ArgumentException("Could not create BitDecompositionProof because prover parameters are invalid.");
                }

                this.Group = prover.Group;
                this.IsGroupSerializable = true;

                // Generate proof that each Pedersen Commitment in prover.OpenBitDecomposition
                // is a valid commitment to either 0 or 1.
                this.bitCommitmentProof = new SetMembershipProof[prover.DecompositionLength];
                FieldZqElement[] memberSet = BitDecompositionProof.SetOfZeroAndOne(prover);
                for (int proofIndex = 0; proofIndex < bitCommitmentProof.Length; ++proofIndex)
                {
                    ProverSetMembershipParameters psmParameters = new ProverSetMembershipParameters(
                        prover.OpenBitDecomposition(proofIndex),
                        memberSet,
                        prover);
                    bitCommitmentProof[proofIndex] = new SetMembershipProof(psmParameters);
                    bitCommitmentProof[proofIndex].IsGroupSerializable = false;
                }

                //now create proof that actualComposedBits and parameters.OpenCommitment are
                //commitments to the same value.
                PedersenCommitment actualComposedBits;
                if (ComposeCommitments(prover.OpenBitDecomposition(), prover.FieldZq, out actualComposedBits))
                {
                    ProverEqualityParameters peParameters =
                        new ProverEqualityParameters(
                            actualComposedBits,
                            0,
                            prover.OpenCommitment,
                            0,
                            prover);
                    this.compositionProof = new EqualityProof(peParameters);
                    this.compositionProof.IsGroupSerializable = false;
                }
                else
                {
                    throw new Exception("Could not create BitDecompositionProof.");
                }
            }
            catch (Exception e)
            {
                throw e;
            }
        }
Beispiel #2
0
        /// <summary>
        /// Creates a bit decomposition of prover.OpenIntegerA and prover.OpenIntegerB,
        /// and proofs that they are valid.  Sets member fields
        /// A, B, ProofBitDecompositionOfA and ProofBitDecompositionOfB.
        /// </summary>
        /// <param name="prover">Prover range proof parameters</param>
        /// <param name="bitProverA">outputs parameters for bit decomposition proof for A</param>
        /// <param name="bitProverB">outputs parameters for bit decomposition proof for B</param>
        /// <returns>Array AdivB with the bit decomposition of A divided by the bit decomposition of B.</returns>
        private DLRepOfGroupElement [] CreateBitDecompositionProofs(ProverRangeProofParameters prover)
        {
            int decompositionLength = RangeProof.ComputeDecompositionLength(prover);

            // create proof for A
            ProverBitDecompositionParameters bitProverA = new ProverBitDecompositionParameters(prover.RangeNormalizedOpenIntegerA, decompositionLength, prover);

            this.ProofBitDecompositionOfA = new BitDecompositionProof(bitProverA);
            this.A = bitProverA.ClosedBitDecomposition();

            // create proof for B if it is unknown.
            ProverBitDecompositionParameters bitProverB = new ProverBitDecompositionParameters(prover.RangeNormalizedOpenIntegerB, decompositionLength, prover);

            if (prover.IntegerBIsKnown)
            {
                this.ProofBitDecompositionOfB = null;
                this.B = null;
                DLRepOfGroupElement[] defaultB = DefaultOpenDecompositionOfIntegerB(prover);
                return(ComputeOpenAdivB(prover, bitProverA.OpenBitDecomposition(), defaultB));
            }
            this.ProofBitDecompositionOfB = new BitDecompositionProof(bitProverB);
            this.B = bitProverB.ClosedBitDecomposition();
            return(ComputeOpenAdivB(prover, bitProverA.OpenBitDecomposition(), bitProverB.OpenBitDecomposition()));
        }
Beispiel #3
0
        /// <summary>
        /// Verifies that A is a valid bit decomposition of verifier.ClosedIntegerA and
        /// B is a valid bit decomposition of verifier.ClosedIntegerB.
        /// </summary>
        /// <param name="verifier"></param>
        /// <param name="A">Bit decomposition of A.</param>
        /// <param name="B">Bit decomposition of B.</param>
        /// <param name="proofA">Proof that A is a valid bit decomposition of verifier.ClosedIntegerA.</param>
        /// <param name="proofB">Proof that B is a valid bit decomposition of verifier.ClosedIntegerB.</param>
        /// <returns></returns>
        private static bool VerifyBitDecompositionProofs(VerifierRangeProofParameters verifier, GroupElement [] A, GroupElement [] B, BitDecompositionProof proofA, BitDecompositionProof proofB)
        {
            // verify A

            VerifierBitDecompositionParameters bitVerifierA = new VerifierBitDecompositionParameters(verifier.RangeNormalizedClosedIntegerA, A, verifier);

            if (!proofA.Verify(bitVerifierA))
            {
                return(false);
            }

            // verify B
            if ((verifier.IntegerBIsKnown) && (B == null) && (proofB == null))
            {
                return(true);
            }
            VerifierBitDecompositionParameters bitVerifierB = new VerifierBitDecompositionParameters(verifier.RangeNormalizedClosedIntegerB, B, verifier);

            if (!proofB.Verify(bitVerifierB))
            {
                return(false);
            }
            return(true);
        }