public void GroupDivideTest() { Group group = ECParameterSets.ParamSet_EC_P384_V1.Group; for (int i = 0; i < 10; ++i) { GroupElement a = group.GetRandomElement(false); GroupElement b = group.GetRandomElement(true); GroupElement c = group.Divide(a, b); Assert.AreEqual <GroupElement>(a * group.Invert(b), c, "a.divide(b)."); } for (int i = 0; i < 20; ++i) { FieldZqElement a = group.FieldZq.GetRandomElement(true); FieldZqElement b = group.FieldZq.GetRandomElement(true); Assert.AreEqual(group.G.Exponentiate(a - b), group.Divide(group.G.Exponentiate(a), group.G.Exponentiate(b))); } FieldZqElement one = _smallGroup.FieldZq.One; FieldZqElement two = _smallGroup.FieldZq.GetElement(2); FieldZqElement three = _smallGroup.FieldZq.GetElement(3); FieldZqElement four = _smallGroup.FieldZq.GetElement(4); GroupElement G = _smallGroup.G; Assert.AreEqual <GroupElement>(_smallGroup.Invert(G), _smallGroup.Divide(G.Exponentiate(two), G.Exponentiate(three)), "G^2/G^3"); Assert.AreEqual <GroupElement>(G.Exponentiate(two), _smallGroup.Divide(G.Exponentiate(one), G.Exponentiate(four)), "G^1/G^4"); Assert.AreEqual <GroupElement>(G.Exponentiate(three), _smallGroup.Divide(G.Exponentiate(one), G.Exponentiate(three)), "G^1/G^3"); }
public void SimpleConstructorTest() { for (int i = 0; i < _parameters.Length; ++i) { FieldZqElement committedValue = _parameters[i].FieldZq.GetRandomElement(true); GroupElement g = _parameters[i].G; GroupElement h = _parameters[i].H; PedersenCommitment pedCom1 = new PedersenCommitment(committedValue, _parameters[i]); FieldZqElement opening = pedCom1.ExponentAtIndex(1); Assert.AreEqual(g, pedCom1.BaseAtIndex(0), "pedcom1 has wrong base_0"); Assert.AreEqual(h, pedCom1.BaseAtIndex(1), "pedcom1 has wrong base_1"); Assert.AreEqual(committedValue, pedCom1.CommittedValue, "pedcom1 used wrong committed value"); GroupElement expectedCommitmentValue = g.Exponentiate(committedValue) * h.Exponentiate(opening); Assert.AreEqual(expectedCommitmentValue, pedCom1.Value, "pedcom1 computed wrong value"); PedersenCommitment pedCom2 = new PedersenCommitment(g, h, committedValue, opening, _parameters[i].Group); Assert.AreEqual(pedCom1, pedCom2, "pedcom1 and pedcom2 different"); FieldZqElement[] exponents = new FieldZqElement[2] { committedValue, opening }; GroupElement[] bases = new GroupElement[2] { g, h }; PedersenCommitment pedCom3 = new PedersenCommitment(bases, exponents, _parameters[i].Group); Assert.AreEqual(pedCom1, pedCom3, "pedcom1 and pedcom3 different"); Assert.AreEqual(pedCom2, pedCom3, "pedcom2 and pedcom3 different"); } }
public bool verifyPseudonym(string messageParam, string verifierScopeParam, PseudonymComposite pseudonym, string sessionID) { // we validate the pseudonym here because the U-Prove SDK only supports this while // validating a presentation proof cOut.write("verfiyPseudonym()"); VerifySessionId(sessionID); try { DeviceManager dManager = sessionDB[sessionID].deviceManager; dManager.EnsureDeviceInit(); Pseudonym p = ConvertUtils.convertPseudonymComposite(pseudonym, dManager); bool scopeExclusive = (verifierScopeParam != null && verifierScopeParam != "null" && verifierScopeParam.Length > 0); GroupElement baseElement = null; if (scopeExclusive) { baseElement = ProtocolHelper.GenerateScopeElement(dManager.Gq, encoding.GetBytes(verifierScopeParam)); } else { baseElement = dManager.Gd; } BigInteger c = dManager.ComputeDeviceChallenge(encoding.GetBytes(messageParam)); // A =?= g^R P^c return(p.A.Equals(baseElement.Exponentiate(p.R).Multiply(p.P.Exponentiate(c)))); } catch (Exception e) { cOut.write("Exception caught: " + e.Message); DebugUtils.DebugPrint(e.StackTrace.ToString()); return(false); } }
/// <summary> /// Updates the revocation witness for a user, either adding or removing a revoked value. /// </summary> /// <param name="rap">The Revocation Authority parameters.</param> /// <param name="xid">The revocation attribute value <c>xid</c>.</param> /// <param name="revoked">The attribute value to added to the accumulator, or <c>null</c>.</param> /// <param name="unrevoked">The attribute value to deleted to the accumulator, or <c>null</c>.</param> /// <param name="oldAccumulator">The old accumulator value <c>V</c>. If <c>null</c>, then the accumulator is freshly calculated.</param> /// <param name="updatedAccumulator">The old accumulator value <c>V'</c>.</param> /// <param name="oldWitness">The old witness values. If <c>null</c>, then the witness is freshly calculated.</param> /// <returns></returns> public static RevocationWitness UpdateWitness(RAParameters rap, FieldZqElement xid, FieldZqElement revoked, FieldZqElement unrevoked, GroupElement oldAccumulator, GroupElement updatedAccumulator, RevocationWitness oldWitness) { // TODO: implement batch updates if (revoked != null && unrevoked != null) { throw new ArgumentException("only one of revoked and unrevoked can be non-null"); } FieldZqElement one = rap.group.FieldZq.One; if (oldAccumulator == null) { // set the accumulator value for an empty revocation set oldAccumulator = rap.gt; } if (oldWitness == null) { oldWitness = new RevocationWitness(rap.group.FieldZq.One, rap.group.Identity, rap.group.Identity); } if (revoked == null && unrevoked == null) { // nothing to do return(oldWitness); } FieldZqElement dPrime = null; GroupElement WPrime = null; GroupElement QPrime = null; FieldZqElement xDiff = one; // add values to witness if (revoked != null) { xDiff = (revoked - xid); dPrime = oldWitness.d * xDiff; WPrime = oldAccumulator * oldWitness.W.Exponentiate(xDiff); } xDiff = one; // remove values from witness if (unrevoked != null) { xDiff = (unrevoked - xid).Invert(); dPrime = oldWitness.d * xDiff; WPrime = updatedAccumulator.Exponentiate(one.Negate()) * oldWitness.W.Exponentiate(xDiff); } // update QPrime value QPrime = updatedAccumulator * WPrime.Exponentiate(xid.Negate()) * rap.gt.Exponentiate(dPrime.Negate()); return(new RevocationWitness(dPrime, WPrime, QPrime)); }
public static GroupElement[] GenerateRandomBases(int outputLength, int paramIndex) { FieldZqElement[] exponents = _parameters[paramIndex].FieldZq.GetRandomElements(outputLength, true); GroupElement g = _parameters[paramIndex].Generators[0]; GroupElement[] bases = new GroupElement[outputLength]; for (int i = 0; i < bases.Length; ++i) { bases[i] = g.Exponentiate(exponents[i]); } return(bases); }
public void ParameterSetConstructorTest() { int replength = 6; for (int paramIndex = 0; paramIndex < _parameters.Length; ++paramIndex) { FieldZqElement[] exponents = StaticHelperClass.GenerateRandomExponents(replength, paramIndex); GroupElement[] expectedBases = GetGenerators(_parameters[paramIndex], replength); DLRepOfGroupElement dl = new DLRepOfGroupElement(exponents, _parameters[paramIndex]); // check bases and exponents got copied correctly, and value was computed correctly GroupElement expectedValue = _parameters[paramIndex].Group.Identity; for (int baseIndex = 0; baseIndex < replength; ++baseIndex) { GroupElement expectedBase = expectedBases[baseIndex]; Assert.AreEqual(expectedBase, dl.BaseAtIndex(baseIndex), "Wrong base"); Assert.AreEqual(exponents[baseIndex], dl.ExponentAtIndex(baseIndex), "wrong exponent"); expectedValue = expectedValue * expectedBase.Exponentiate(exponents[baseIndex]); } Assert.AreEqual(expectedValue, dl.Value, "Incorrect Value"); } }