/// <summary> /// Verifies that a UProve token attribute is not equal to the given attribute value. /// </summary> /// <param name="verifier">Verifier info about token.</param> /// <param name="attributeIndexForVerifier">Target attribute, 1-based index.</param> /// <param name="attributeValue">Bad value for attribute.</param> /// <returns></returns> public bool Verify( VerifierPresentationProtocolParameters verifier, int attributeIndexForVerifier, byte [] attributeValue) { // Verify UProve Integration Proof if (this.UPIProof == null) { return(false); } VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[1] { verifier }; int[] attributeIndices = new int[1] { attributeIndexForVerifier }; if (!this.UPIProof.Verify(verifiers, attributeIndices)) { return(false); } // Verify Inequality Proof FieldZqElement committedAttribute = ProtocolHelper.ComputeXi(verifier.IP, attributeIndexForVerifier - 1, attributeValue); VerifierInequalityProofParameters ieqVerifier = new VerifierInequalityProofParameters(this.UPIProof.PedersenCommitmentValues[0], committedAttribute, new CryptoParameters(verifier.IP)); return(this.Verify(ieqVerifier)); }
/// <summary> /// Verifies an inequality proof that two tokens have unequal attributes. /// </summary> /// <param name="verifier1">Verifier information about first token.</param> /// <param name="attributeIndexForVerifier1">Target attribute in first token, 1-based index.</param> /// <param name="verifier2">Verifier information about second token.</param> /// <param name="attributeIndexForVerifier2">Target attribute in second token, 1-based index.</param> /// <returns></returns> public bool Verify( VerifierPresentationProtocolParameters verifier1, int attributeIndexForVerifier1, VerifierPresentationProtocolParameters verifier2, int attributeIndexForVerifier2) { // Verify UProve Integration Proof if (this.UPIProof == null) { return(false); } VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[2] { verifier1, verifier2 }; int[] attributeIndices = new int[2] { attributeIndexForVerifier1, attributeIndexForVerifier2 }; if (!this.UPIProof.Verify(verifiers, attributeIndices)) { return(false); } // Verify Inequality Proof VerifierInequalityProofParameters ieqVerifier = new VerifierInequalityProofParameters(this.UPIProof.PedersenCommitmentValues[0], this.UPIProof.PedersenCommitmentValues[1], new CryptoParameters(verifier1.IP)); return(this.Verify(ieqVerifier)); }
/// <summary> /// Verifies this proof for when verifier.CompareToKnownValue=true. /// </summary> /// <param name="verifier">Verifier parameters</param> /// <returns></returns> private bool VerifyProofForKnownValue(VerifierInequalityProofParameters verifier) { // B must not be 1. if (this.B == verifier.Group.Identity) { return(false); } // Reconstruct DL equations from proof and verifier parameters ClosedPedersenCommitment closedX = new ClosedPedersenCommitment( new GroupElement[2] { verifier.G, verifier.H }, verifier.ClosedCommitmentX, verifier.Group); ClosedPedersenCommitment closedA = new ClosedPedersenCommitment( new GroupElement[2] { verifier.G, verifier.H }, this.A, verifier.Group); ClosedDLRepOfGroupElement closedB = new ClosedDLRepOfGroupElement( new GroupElement[1] { verifier.G }, this.B, verifier.Group); ClosedPedersenCommitment closedC = new ClosedPedersenCommitment( new GroupElement[2] { closedX.Value *verifier.G.Exponentiate(verifier.Value.Negate()), verifier.H }, this.B, verifier.Group); ClosedDLRepOfGroupElement[] equations = new ClosedDLRepOfGroupElement[] { closedX, closedA, closedB, closedC }; // verify the proof EqualityMap map = this.GetEqualityMap(); VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters(equations, map, verifier); if (!this.Proof.Verify(eqVerifier)) { return(false); } return(true); }
/// <summary> /// If verifier.CompareToKnownValue=false, computes X/Y and checks that this /// is a valid proof that the committed value in X/Y is not equal to 0. /// </summary> /// <param name="verifier"></param> /// <returns></returns> private bool VerifyProofForUnknownValue(VerifierInequalityProofParameters verifier) { // Compute X/Y GroupElement newClosedX = verifier.ClosedCommitmentX * verifier.ClosedCommitmentY.Exponentiate(verifier.FieldZq.NegativeOne); // new verifier parameters VerifierInequalityProofParameters newVerifier = new VerifierInequalityProofParameters(newClosedX, verifier.FieldZq.Zero, verifier); // Verify proof that the committed value in X/Y is not equal to 0. return(this.Verify(newVerifier)); }
/// <summary> /// Verifies a proof that two tokens share an attribute value, without revealing it. /// </summary> /// <param name="verifier1">Equality proof parameters for the first token.</param> /// <param name="verifier2">Equality proof parameters for the second token.</param> /// <param name="eQProof">The equality proof to verify.</param> /// <exception cref="InvalidUProveArtifactException">Thrown if the proof is invalid.</exception> public static void VerifyUProveEqualityProof(EQProofUProveVerifierData verifier1, EQProofUProveVerifierData verifier2, InequalityProof iNeqProof) { int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.VPPP.Committed, verifier1.index); int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.VPPP.Committed, verifier2.index); ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.VPPP.IP, verifier1.PP, commitmentIndex1); ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.VPPP.IP, verifier2.PP, commitmentIndex2); CryptoParameters crypto = new CryptoParameters(verifier1.VPPP.IP); // Can use prover2.IP VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed1.Value, closedPed2.Value, crypto); if (!iNeqProof.Verify(inequalityVerifier)) { throw new InvalidUProveArtifactException("invalid equality proof"); } }
/// <summary> /// Returns true if this is a valid proof given the verifier parameters. /// </summary> /// <param name="verifier"></param> /// <returns></returns> public bool Verify(VerifierInequalityProofParameters verifier) { // Check verifier parameters. if (!verifier.Verify()) { return(false); } // Check proof. if (verifier.CompareToKnownValue) { return(this.VerifyProofForKnownValue(verifier)); } else { return(this.VerifyProofForUnknownValue(verifier)); } }