/// <summary> /// Compare two IDEscrowPrivateKey objects. /// </summary> /// <param name="sk2">The object to compare against.</param> /// <returns>True if equal, false otherwise.</returns> public bool Equals(IDEscrowPrivateKey sk2) { if (sk2 == null) { return(false); } if (!sk2.X.Equals(this.x)) { return(false); } return(true); }
/// <summary> /// Checks that <c>sk</c> is consistent with this public key and <c>param</c>. /// </summary> /// <returns><c>true</c> if valid, <c>false</c> otherwise.</returns> public bool Verify(IDEscrowParams param, IDEscrowPrivateKey sk) { if (!param.ip.Zq.IsElement(sk.X)) // is x in the right field? { return(false); } GroupElement hPrime = param.Ge.Exponentiate(sk.X); if (!hPrime.Equals(h)) // is h = ge^x ? { return(false); } return(true); }
/// <summary> /// Decrypts an ID escrow ciphertext without verifying the proof. /// The proof must be verified by <c>IEFunctions.Verify</c> before decryption. /// The IEVerifier verification step also checks the validity of /// the ciphertext. /// </summary> /// <param name="ctext">Ciphertext to be decrypted</param> /// <param name="sk"> Decryption key.</param> /// <param name="ip"> Issuer paramters associated with the ID escrow scheme.</param> /// <returns></returns> /// <remarks> /// Semantic verification of the label (the <c>additionalInfo</c> field of <c>ctext</c>), /// i.e., whether it makes sense for the application is assumed to be done out-of-band. /// For example, the application may check that the label includes a timestamp, and that /// this timestamp falls within a given interval. /// /// The IssuerParameters for decryption should match the issuer paramters used to create /// the IEParam object used for decryption (i.e., IEParam.ip). /// </remarks> public static GroupElement Decrypt(IDEscrowParams param, IDEscrowCiphertext ctext, IDEscrowPrivateKey sk) { if (ctext == null || sk == null || param == null) { throw new ArgumentNullException("null input to Decrypt"); } Group G = param.ip.Gq; if (!IsGroupElement(G, ctext.E1) || !IsGroupElement(G, ctext.E2)) // this should never fail if Verify is called first, but we check again anyway. { throw new ArgumentException("E1 or E2 is not a valid group element in Decrypt"); } GroupElement PE = ctext.E1.Exponentiate(sk.X.Negate()); // PE = E1^(-x) = H^(-r) PE = PE.Multiply(ctext.E2); // PE = E2/E1^(x) return(PE); }
/// <summary> /// Constructs a public key from the private key. /// </summary> public IDEscrowPublicKey(IDEscrowParams param, IDEscrowPrivateKey priv) { h = param.Ge.Exponentiate(priv.X); // H = (g_e)^x }