public static void AssertCorrectVerifierParameters(
VerifierSetMembershipParameters verifier,
CryptoParameters expectedCryptoParameters,
GroupElement expectedClosedCommitment,
FieldZqElement[] expectedMemberSet)
{
StaticHelperClass.AssertCorrectCryptoParameters(expectedCryptoParameters, verifier);
Assert.AreEqual(expectedClosedCommitment, verifier.ClosedCommitment, "wrong closed commitment");
if (expectedMemberSet == null)
{
Assert.IsNull(verifier.MemberSet, "Memberset should be null.");
}
else
{
Assert.AreEqual(expectedMemberSet.Length, verifier.MemberSet.Length, "wrong memberset length.");
for (int i = 0; i < expectedMemberSet.Length; ++i)
{
Assert.AreEqual(expectedMemberSet[i], verifier.MemberSet[i], "wrong element in memberset.");
}
}
}
static void EncodeRecord_internal (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output,
int fragmentSize = MAX_FRAGMENT_SIZE)
{
var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0;
var offset = buffer.Offset;
var remaining = buffer.Size;
#if !INSTRUMENTATION
fragmentSize = MAX_FRAGMENT_SIZE;
#endif
do {
BufferOffsetSize fragment;
var encryptedSize = crypto != null ? crypto.GetEncryptedSize (remaining) : remaining;
if (encryptedSize <= fragmentSize)
fragment = new BufferOffsetSize (buffer.Buffer, offset, remaining);
else {
fragment = new BufferOffsetSize (buffer.Buffer, offset, fragmentSize - maxExtraBytes);
encryptedSize = crypto != null ? crypto.GetEncryptedSize (fragment.Size) : fragment.Size;
}
// Write tls message
output.Write ((byte)contentType);
output.Write ((short)protocol);
output.Write ((short)encryptedSize);
if (crypto != null) {
output.MakeRoom (encryptedSize);
var ret = crypto.Encrypt (contentType, fragment, output.GetRemaining ());
output.Position += ret;
} else {
output.Write (fragment.Buffer, fragment.Offset, fragment.Size);
}
offset += fragment.Size;
remaining -= fragment.Size;
} while (remaining > 0);
}
public static void EncodeRecord (TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
EncodeRecord_internal (protocol, contentType, crypto, buffer, output);
}
static internal void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
var maxExtraBytes = crypto != null ? crypto.MaxExtraEncryptedBytes : 0;
var offset = buffer.Offset;
var remaining = buffer.Size;
do
{
BufferOffsetSize fragment;
var encryptedSize = crypto != null?crypto.GetEncryptedSize(remaining) : remaining;
if (encryptedSize <= MAX_FRAGMENT_SIZE)
{
fragment = new BufferOffsetSize(buffer.Buffer, offset, remaining);
}
else
{
fragment = new BufferOffsetSize(buffer.Buffer, offset, MAX_FRAGMENT_SIZE - maxExtraBytes);
encryptedSize = crypto != null?crypto.GetEncryptedSize(fragment.Size) : fragment.Size;
}
// Write tls message
output.Write((byte)contentType);
output.Write((short)protocol);
output.Write((short)encryptedSize);
if (crypto != null)
{
output.MakeRoom(encryptedSize);
var ret = crypto.Encrypt(contentType, fragment, output.GetRemaining());
output.Position += ret;
}
else
{
output.Write(fragment.Buffer, fragment.Offset, fragment.Size);
}
offset += fragment.Size;
remaining -= fragment.Size;
} while (remaining > 0);
}
public static void EncodeRecord(TlsProtocolCode protocol, ContentType contentType, CryptoParameters crypto, IBufferOffsetSize buffer, TlsStream output)
{
EncodeRecord_internal(protocol, contentType, crypto, buffer, output);
}
public void InequalityTokenIntegration2Test()
{
// In this example, the token hashes the attribute
// but example also works if hashAttributes=false
bool hashAttributes = true;
// Setting up attributes for token
byte[][] attributes = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// generate token
ProverPresentationProtocolParameters prover;
VerifierPresentationProtocolParameters verifier;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover, out verifier, null, attributes);
CommitmentPrivateValues cpv;
PresentationProof proof = PresentationProof.Generate(prover, out cpv);
// computing target constant - "Student"
byte[] targetAttribute = _encoding.GetBytes("Student");
int targetAttributeIndex = 3 - 1; // We will compare "Student" to the third token attribute.
FieldZqElement targetValue = ProtocolHelper.ComputeXi(prover.IP, targetAttributeIndex, targetAttribute); // this is what "Student" would be encoded as if it was the third token attribute
// Create PedersenCommitments
// The prover and verifier have a map Committed that contains the relationship between
// token attributes and CommitmentPrivateValues.
int commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(prover.Committed, 3); // attribute 3 from prover1
PedersenCommitment ped = new PedersenCommitment(prover, proof, cpv, commitmentIndex);
Assert.AreNotEqual(targetValue, ped.CommittedValue, "Committed value is not Student.");
// Check that "Teaching Assistant" is the commited value of the pedesen commitment.
FieldZqElement expectedCommittedValue = ProtocolHelper.ComputeXi(prover.IP, targetAttributeIndex, _encoding.GetBytes("Teaching Assistant"));
Assert.AreEqual(expectedCommittedValue, ped.CommittedValue, "Committed value is Teaching Assistant.");
// Create InequalityProof
CryptoParameters crypto = new CryptoParameters(prover.IP); // Can use prover2.IP
ProverInequalityProofParameters inequalityProver = new ProverInequalityProofParameters(ped, targetValue, crypto); // compares committed values in ped1 and ped2
InequalityProof ineQproof = new InequalityProof(inequalityProver);
// Verify InequalityProof
commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(verifier.Committed, 3); // attribute 3 from prover
ClosedPedersenCommitment closedPed = new ClosedPedersenCommitment(verifier.IP, proof, commitmentIndex);
VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed.Value, targetValue, crypto);
Assert.IsTrue(ineQproof.Verify(inequalityVerifier));
// test U-Prove wrapper
InequalityProof ineQProof2 = InequalityProof.GenerateUProveInequalityProof(
new EQProofUProveProverData(prover, cpv, proof, 3), targetAttribute);
InequalityProof.VerifyUProveEqualityProof(
new EQProofUProveVerifierData(verifier, proof, 3), targetAttribute, ineQProof2);
}
public void InequalityTokenIntegrationTest()
{
// Both tokens will hash attributes
// but example also works if hashAttributes=false
bool hashAttributes = true;
// Setting up IssuerParameters for token1
byte[] uidP1 = new byte[] { 1, 1, 2, 3, 5, 8 };
byte[] tokenInformation1 = new byte[] { 1, 2, 3, 4, 5, 6, 7 };
byte[][] attributes1 = new byte[][]
{
_encoding.GetBytes("Attribute 1"),
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 4")
};
// Setting up IssuerParameters for token2
byte[] tokenInformation2 = new byte[] { 12, 13, 14, 15, 0, 10 };
byte[] uidP2 = new byte[] { 3, 1, 4, 1, 5 };
byte[][] attributes2 = new byte[][]
{
_encoding.GetBytes("Student"), // this is the attribute we'll compare
_encoding.GetBytes("Attribute 2"),
_encoding.GetBytes("Attribute 3"),
_encoding.GetBytes("Attribute 4")
};
// generate tokens
ProverPresentationProtocolParameters prover1, prover2;
VerifierPresentationProtocolParameters verifier1, verifier2;
StaticHelperClass.GetUProveParameters(hashAttributes, out prover1, out verifier1, tokenInformation1, attributes1, null, uidP1);
StaticHelperClass.GetUProveParameters(hashAttributes, out prover2, out verifier2, tokenInformation2, attributes2, null, uidP2);
CommitmentPrivateValues cpv1, cpv2;
PresentationProof proof1 = PresentationProof.Generate(prover1, out cpv1);
PresentationProof proof2 = PresentationProof.Generate(prover2, out cpv2);
// Create PedersenCommitments
// The prover and verifier have a map Committed that contains the relationship between
// token attributes and CommitmentPrivateValues.
int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(prover1.Committed, 3); // attribute 3 from prover1
PedersenCommitment ped1 = new PedersenCommitment(prover1, proof1, cpv1, commitmentIndex1);
int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(prover2.Committed, 1); // attribute 1 from prover2
PedersenCommitment ped2 = new PedersenCommitment(prover2, proof2, cpv2, commitmentIndex2);
// Create InequalityProof
CryptoParameters crypto = new CryptoParameters(prover1.IP); // Can use prover2.IP
ProverInequalityProofParameters inequalityProver = new ProverInequalityProofParameters(ped1, ped2, crypto); // compares committed values in ped1 and ped2
InequalityProof ineQProof = new InequalityProof(inequalityProver);
// Verify InequalityProof
commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.Committed, 3); // attribute 3 from prover1
commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.Committed, 1); // attribute 1 from prover2
ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.IP, proof1, commitmentIndex1);
ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.IP, proof2, commitmentIndex2);
VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed1.Value, closedPed2.Value, crypto);
Assert.IsTrue(ineQProof.Verify(inequalityVerifier));
// test U-Prove wrapper
InequalityProof ineQProof2 = InequalityProof.GenerateUProveInequalityProof(
new EQProofUProveProverData(prover1, cpv1, proof1, 3),
new EQProofUProveProverData(prover2, cpv2, proof2, 1));
InequalityProof.VerifyUProveEqualityProof(
new EQProofUProveVerifierData(verifier1, proof1, 3),
new EQProofUProveVerifierData(verifier2, proof2, 1),
ineQProof2);
}
