Example #1
0
        /// <summary>
        /// Verifying Algorithm specified in page 8 (2.8.2) of the setup
        /// </summary>
        /// <param name="pubKey">Public Key used to verify the proof</param>
        /// <param name="proof">Proof</param>
        /// <param name="setup">Setup parameters</param>
        /// <returns> true if the signatures verify, false otherwise</returns>
        public static bool VerifyPermutationTest(this RsaKeyParameters pubKey, PermutationTestProof proof, PermutationTestSetup setup)
        {
            if (setup == null)
            {
                throw new ArgumentNullException(nameof(setup));
            }
            if (proof == null)
            {
                throw new ArgumentNullException(nameof(proof));
            }

            byte[][] sigs      = proof.Signatures;
            int      alpha     = setup.Alpha;
            int      keyLength = setup.KeySize;

            byte[] psBytes = setup.PublicString;
            int    k       = setup.SecurityParameter;

            BigInteger Two        = BigInteger.Two;
            var        Modulus    = pubKey.Modulus;
            var        Exponent   = pubKey.Exponent;
            BigInteger lowerLimit = Two.Pow(keyLength - 1);
            BigInteger upperLimit = Two.Pow(keyLength);

            // if N < 2^{KeySize-1}
            if (Modulus.CompareTo(lowerLimit) < 0)
            {
                return(false);
            }

            // if N >= 2^{KeySize}
            if (Modulus.CompareTo(upperLimit) >= 0)
            {
                return(false);
            }

            // Generate m1 and m2
            Get_m1_m2((decimal)alpha, Exponent.IntValue, k, out int m1, out int m2);

            // Verifying m2
            if (!m2.Equals(sigs.Length))
            {
                return(false);
            }

            // Verify alpha and N
            if (!CheckAlphaN(alpha, Modulus))
            {
                return(false);
            }

            // Generate a "weird" public key
            var eN          = Modulus.Multiply(Exponent);
            var pubKeyPrime = new RsaKeyParameters(false, Modulus, eN);

            // Generate list of rho values
            GetRhos(m2, psBytes, pubKey, keyLength, out byte[][] rhoValues);

            // Verifying the signatures
            for (int i = 0; i < m2; i++)
            {
                if (i <= m1)
                {
                    var dec_sig = pubKeyPrime.Encrypt(sigs[i]);
                    if (!dec_sig.SequenceEqual(rhoValues[i]))
                    {
                        return(false);
                    }
                }
                else
                {
                    var dec_sig = pubKey.Encrypt(sigs[i]);
                    if (!dec_sig.SequenceEqual(rhoValues[i]))
                    {
                        return(false);
                    }
                }
            }
            return(true);
        }
Example #2
0
        /// <summary>
        /// Verifying algorithm as specified in section 2.6.3 of the setup
        /// </summary>
        /// <param name="pubKey">Public Key used to verify the proof</param>
        /// <param name="proof">Proof</param>
        /// <param name="setup">Setup parameters</param>
        /// <returns> true if the signatures verify, false otherwise</returns>
        public static bool VerifyPermutationTest(this RsaKeyParameters pubKey, PermutationTestProof proof, PermutationTestSetup setup)
        {
            if (setup == null)
            {
                throw new ArgumentNullException(nameof(setup));
            }
            if (proof == null)
            {
                throw new ArgumentNullException(nameof(proof));
            }

            byte[][] sigs      = proof.Signatures;
            int      alpha     = setup.Alpha;
            int      keyLength = setup.KeySize;

            byte[] psBytes = setup.PublicString;
            int    k       = setup.SecurityParameter;

            BigInteger Modulus  = pubKey.Modulus;
            BigInteger Exponent = pubKey.Exponent;

            // Check if exponent e is prime
            if (!Array.Exists(PermutationTestSetup.SPECIAL_E_VALUES, element => Exponent.IntValue == element))
            {
                if (!Exponent.IsProbablePrime(k))
                {
                    return(false);
                }
            }

            // if N < 2^{KeySize-1} or N >= 2^{KeySize}
            if (Modulus.BitLength != keyLength)
            {
                return(false);
            }

            // Generate m1 and m2
            Get_m1_m2((decimal)alpha, Exponent.IntValue, k, out int m1, out int m2);

            // Verifying m2
            if (!m2.Equals(sigs.Length))
            {
                return(false);
            }

            // Verify alpha and N
            if (!CheckAlphaN(alpha, Modulus))
            {
                return(false);
            }

            // Generate a "weird" public key
            var eN          = Modulus.Multiply(Exponent);
            var pubKeyPrime = new RsaKeyParameters(false, Modulus, eN);

            // Generate list of rho values
            GetRhos(m2, psBytes, pubKey, keyLength, out byte[][] rhoValues);

            // Verifying the signatures
            for (int i = 0; i < m2; i++)
            {
                if (i < m1)
                {
                    var dec_sig = pubKeyPrime.Encrypt(sigs[i]);
                    if (!dec_sig.SequenceEqual(rhoValues[i]))
                    {
                        return(false);
                    }
                }
                else
                {
                    var dec_sig = pubKey.Encrypt(sigs[i]);
                    if (!dec_sig.SequenceEqual(rhoValues[i]))
                    {
                        return(false);
                    }
                }
            }
            return(true);
        }