/// <summary>
/// Verifies that a UProve token attribute is not equal to the given attribute value.
/// </summary>
/// <param name="verifier">Verifier info about token.</param>
/// <param name="attributeIndexForVerifier">Target attribute, 1-based index.</param>
/// <param name="attributeValue">Bad value for attribute.</param>
/// <returns></returns>
public bool Verify(
VerifierPresentationProtocolParameters verifier,
int attributeIndexForVerifier,
byte [] attributeValue)
{
// Verify UProve Integration Proof
if (this.UPIProof == null)
{
return(false);
}
VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[1] {
verifier
};
int[] attributeIndices = new int[1] {
attributeIndexForVerifier
};
if (!this.UPIProof.Verify(verifiers, attributeIndices))
{
return(false);
}
// Verify Inequality Proof
FieldZqElement committedAttribute = ProtocolHelper.ComputeXi(verifier.IP, attributeIndexForVerifier - 1, attributeValue);
VerifierInequalityProofParameters ieqVerifier = new VerifierInequalityProofParameters(this.UPIProof.PedersenCommitmentValues[0], committedAttribute, new CryptoParameters(verifier.IP));
return(this.Verify(ieqVerifier));
}
/// <summary>
/// Verifies an inequality proof that two tokens have unequal attributes.
/// </summary>
/// <param name="verifier1">Verifier information about first token.</param>
/// <param name="attributeIndexForVerifier1">Target attribute in first token, 1-based index.</param>
/// <param name="verifier2">Verifier information about second token.</param>
/// <param name="attributeIndexForVerifier2">Target attribute in second token, 1-based index.</param>
/// <returns></returns>
public bool Verify(
VerifierPresentationProtocolParameters verifier1,
int attributeIndexForVerifier1,
VerifierPresentationProtocolParameters verifier2,
int attributeIndexForVerifier2)
{
// Verify UProve Integration Proof
if (this.UPIProof == null)
{
return(false);
}
VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[2] {
verifier1, verifier2
};
int[] attributeIndices = new int[2] {
attributeIndexForVerifier1, attributeIndexForVerifier2
};
if (!this.UPIProof.Verify(verifiers, attributeIndices))
{
return(false);
}
// Verify Inequality Proof
VerifierInequalityProofParameters ieqVerifier = new VerifierInequalityProofParameters(this.UPIProof.PedersenCommitmentValues[0], this.UPIProof.PedersenCommitmentValues[1], new CryptoParameters(verifier1.IP));
return(this.Verify(ieqVerifier));
}
/// <summary>
/// Verifies this proof for when verifier.CompareToKnownValue=true.
/// </summary>
/// <param name="verifier">Verifier parameters</param>
/// <returns></returns>
private bool VerifyProofForKnownValue(VerifierInequalityProofParameters verifier)
{
// B must not be 1.
if (this.B == verifier.Group.Identity)
{
return(false);
}
// Reconstruct DL equations from proof and verifier parameters
ClosedPedersenCommitment closedX = new ClosedPedersenCommitment(
new GroupElement[2] {
verifier.G, verifier.H
},
verifier.ClosedCommitmentX,
verifier.Group);
ClosedPedersenCommitment closedA = new ClosedPedersenCommitment(
new GroupElement[2] {
verifier.G, verifier.H
},
this.A,
verifier.Group);
ClosedDLRepOfGroupElement closedB = new ClosedDLRepOfGroupElement(
new GroupElement[1] {
verifier.G
},
this.B,
verifier.Group);
ClosedPedersenCommitment closedC = new ClosedPedersenCommitment(
new GroupElement[2] {
closedX.Value *verifier.G.Exponentiate(verifier.Value.Negate()), verifier.H
},
this.B,
verifier.Group);
ClosedDLRepOfGroupElement[] equations = new ClosedDLRepOfGroupElement[]
{
closedX,
closedA,
closedB,
closedC
};
// verify the proof
EqualityMap map = this.GetEqualityMap();
VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters(equations, map, verifier);
if (!this.Proof.Verify(eqVerifier))
{
return(false);
}
return(true);
}
/// <summary>
/// If verifier.CompareToKnownValue=false, computes X/Y and checks that this
/// is a valid proof that the committed value in X/Y is not equal to 0.
/// </summary>
/// <param name="verifier"></param>
/// <returns></returns>
private bool VerifyProofForUnknownValue(VerifierInequalityProofParameters verifier)
{
// Compute X/Y
GroupElement newClosedX = verifier.ClosedCommitmentX * verifier.ClosedCommitmentY.Exponentiate(verifier.FieldZq.NegativeOne);
// new verifier parameters
VerifierInequalityProofParameters newVerifier = new VerifierInequalityProofParameters(newClosedX, verifier.FieldZq.Zero, verifier);
// Verify proof that the committed value in X/Y is not equal to 0.
return(this.Verify(newVerifier));
}
/// <summary>
/// Verifies a proof that two tokens share an attribute value, without revealing it.
/// </summary>
/// <param name="verifier1">Equality proof parameters for the first token.</param>
/// <param name="verifier2">Equality proof parameters for the second token.</param>
/// <param name="eQProof">The equality proof to verify.</param>
/// <exception cref="InvalidUProveArtifactException">Thrown if the proof is invalid.</exception>
public static void VerifyUProveEqualityProof(EQProofUProveVerifierData verifier1, EQProofUProveVerifierData verifier2, InequalityProof iNeqProof)
{
int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.VPPP.Committed, verifier1.index);
int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.VPPP.Committed, verifier2.index);
ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.VPPP.IP, verifier1.PP, commitmentIndex1);
ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.VPPP.IP, verifier2.PP, commitmentIndex2);
CryptoParameters crypto = new CryptoParameters(verifier1.VPPP.IP); // Can use prover2.IP
VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed1.Value, closedPed2.Value, crypto);
if (!iNeqProof.Verify(inequalityVerifier))
{
throw new InvalidUProveArtifactException("invalid equality proof");
}
}
/// <summary>
/// Returns true if this is a valid proof given the verifier parameters.
/// </summary>
/// <param name="verifier"></param>
/// <returns></returns>
public bool Verify(VerifierInequalityProofParameters verifier)
{
// Check verifier parameters.
if (!verifier.Verify())
{
return(false);
}
// Check proof.
if (verifier.CompareToKnownValue)
{
return(this.VerifyProofForKnownValue(verifier));
}
else
{
return(this.VerifyProofForUnknownValue(verifier));
}
}
