/// <summary>
/// Verifying Algorithm specified in page 8 (2.8.2) of the setup
/// </summary>
/// <param name="pubKey">Public Key used to verify the proof</param>
/// <param name="proof">Proof</param>
/// <param name="setup">Setup parameters</param>
/// <returns> true if the signatures verify, false otherwise</returns>
public static bool VerifyPermutationTest(this RsaKeyParameters pubKey, PermutationTestProof proof, PermutationTestSetup setup)
{
if (setup == null)
{
throw new ArgumentNullException(nameof(setup));
}
if (proof == null)
{
throw new ArgumentNullException(nameof(proof));
}
byte[][] sigs = proof.Signatures;
int alpha = setup.Alpha;
int keyLength = setup.KeySize;
byte[] psBytes = setup.PublicString;
int k = setup.SecurityParameter;
BigInteger Two = BigInteger.Two;
var Modulus = pubKey.Modulus;
var Exponent = pubKey.Exponent;
BigInteger lowerLimit = Two.Pow(keyLength - 1);
BigInteger upperLimit = Two.Pow(keyLength);
// if N < 2^{KeySize-1}
if (Modulus.CompareTo(lowerLimit) < 0)
{
return(false);
}
// if N >= 2^{KeySize}
if (Modulus.CompareTo(upperLimit) >= 0)
{
return(false);
}
// Generate m1 and m2
Get_m1_m2((decimal)alpha, Exponent.IntValue, k, out int m1, out int m2);
// Verifying m2
if (!m2.Equals(sigs.Length))
{
return(false);
}
// Verify alpha and N
if (!CheckAlphaN(alpha, Modulus))
{
return(false);
}
// Generate a "weird" public key
var eN = Modulus.Multiply(Exponent);
var pubKeyPrime = new RsaKeyParameters(false, Modulus, eN);
// Generate list of rho values
GetRhos(m2, psBytes, pubKey, keyLength, out byte[][] rhoValues);
// Verifying the signatures
for (int i = 0; i < m2; i++)
{
if (i <= m1)
{
var dec_sig = pubKeyPrime.Encrypt(sigs[i]);
if (!dec_sig.SequenceEqual(rhoValues[i]))
{
return(false);
}
}
else
{
var dec_sig = pubKey.Encrypt(sigs[i]);
if (!dec_sig.SequenceEqual(rhoValues[i]))
{
return(false);
}
}
}
return(true);
}
/// <summary>
/// Verifying algorithm as specified in section 2.6.3 of the setup
/// </summary>
/// <param name="pubKey">Public Key used to verify the proof</param>
/// <param name="proof">Proof</param>
/// <param name="setup">Setup parameters</param>
/// <returns> true if the signatures verify, false otherwise</returns>
public static bool VerifyPermutationTest(this RsaKeyParameters pubKey, PermutationTestProof proof, PermutationTestSetup setup)
{
if (setup == null)
{
throw new ArgumentNullException(nameof(setup));
}
if (proof == null)
{
throw new ArgumentNullException(nameof(proof));
}
byte[][] sigs = proof.Signatures;
int alpha = setup.Alpha;
int keyLength = setup.KeySize;
byte[] psBytes = setup.PublicString;
int k = setup.SecurityParameter;
BigInteger Modulus = pubKey.Modulus;
BigInteger Exponent = pubKey.Exponent;
// Check if exponent e is prime
if (!Array.Exists(PermutationTestSetup.SPECIAL_E_VALUES, element => Exponent.IntValue == element))
{
if (!Exponent.IsProbablePrime(k))
{
return(false);
}
}
// if N < 2^{KeySize-1} or N >= 2^{KeySize}
if (Modulus.BitLength != keyLength)
{
return(false);
}
// Generate m1 and m2
Get_m1_m2((decimal)alpha, Exponent.IntValue, k, out int m1, out int m2);
// Verifying m2
if (!m2.Equals(sigs.Length))
{
return(false);
}
// Verify alpha and N
if (!CheckAlphaN(alpha, Modulus))
{
return(false);
}
// Generate a "weird" public key
var eN = Modulus.Multiply(Exponent);
var pubKeyPrime = new RsaKeyParameters(false, Modulus, eN);
// Generate list of rho values
GetRhos(m2, psBytes, pubKey, keyLength, out byte[][] rhoValues);
// Verifying the signatures
for (int i = 0; i < m2; i++)
{
if (i < m1)
{
var dec_sig = pubKeyPrime.Encrypt(sigs[i]);
if (!dec_sig.SequenceEqual(rhoValues[i]))
{
return(false);
}
}
else
{
var dec_sig = pubKey.Encrypt(sigs[i]);
if (!dec_sig.SequenceEqual(rhoValues[i]))
{
return(false);
}
}
}
return(true);
}
