private void Precompute(GroupElement gamma, ProverRandomData pregeneratedRandomData)
{
Group Gq = ip.Gq;
FieldZq Zq = ip.Zq;
if (pregeneratedRandomData == null)
{
alpha = Zq.GetRandomElements(numberOfTokens, true);
beta1 = Zq.GetRandomElements(numberOfTokens, false);
beta2 = Zq.GetRandomElements(numberOfTokens, false);
}
else
{
alpha = pregeneratedRandomData.Alpha;
beta1 = pregeneratedRandomData.Beta1;
beta2 = pregeneratedRandomData.Beta2;
}
h = new GroupElement[numberOfTokens];
t1 = new GroupElement[numberOfTokens];
t2 = new GroupElement[numberOfTokens];
ukat = new UProveKeyAndToken[numberOfTokens];
for (int i = 0; i < numberOfTokens; i++)
{
ukat[i] = new UProveKeyAndToken();
h[i] = gamma.Exponentiate(alpha[i]);
t1[i] = ip.G[0].Exponentiate(beta1[i]) * Gq.G.Exponentiate(beta2[i]);
t2[i] = h[i].Exponentiate(beta2[i]);
ukat[i].PrivateKey = alpha[i].Invert();
}
state = State.Initialized;
}
private void Precompute(GroupElement gamma, ProverRandomData pregeneratedRandomData)
{
Group Gq = ip.Gq;
FieldZq Zq = ip.Zq;
if (pregeneratedRandomData == null)
{
alpha = Zq.GetRandomElements(numberOfTokens, true);
beta1 = Zq.GetRandomElements(numberOfTokens, false);
beta2 = Zq.GetRandomElements(numberOfTokens, false);
}
else
{
alpha = pregeneratedRandomData.Alpha;
beta1 = pregeneratedRandomData.Beta1;
beta2 = pregeneratedRandomData.Beta2;
}
h = new GroupElement[numberOfTokens];
t1 = new GroupElement[numberOfTokens];
// we don't compute t2 in the precomputation since we prefer to
// compute h^beta2 as part of the sigmaBPrime multi-exponentiation
ukat = new UProveKeyAndToken[numberOfTokens];
for (int i = 0; i < numberOfTokens; i++)
{
ukat[i] = new UProveKeyAndToken();
h[i] = gamma.Exponentiate(alpha[i].Multiply(beta0Inverse)); // remove collab issuance blind, if present
t1[i] = Gq.MultiExponentiate(new GroupElement[] { ip.G[0], Gq.G }, new FieldZqElement[] { beta1[i], beta2[i] });
ukat[i].PrivateKey = alpha[i].Invert();
}
state = State.Initialized;
}
/// <summary>
/// Constructs a new <code>Prover</code> instance.
/// </summary>
/// <param name="ip">The Issuer parameters.</param>
/// <param name="numberOfTokens">Number of tokens to issue.</param>
/// <param name="gamma">The gamma value encoding the token attributes.</param>
/// <param name="TI">The token information field value.</param>
/// <param name="PI">The Prover information field value.</param>
/// <param name="preGeneratedRandomData">Optional pregenerated ProverRandomData instance.</param>
/// <param name="isDeviceProtected">True if the token is to be device-protected, false otherwise.</param>
/// <param name="batchValidationSecurityLevel">The security level of the batch token signature validation. Given a security level <code>l</code>,
/// the probability for the Prover to accept an invalid token is <code>2^-l</code>. If set to 0, than
/// regular validation is used. A value of 20 is recommended.</param>
internal Prover(IssuerParameters ip, int numberOfTokens, GroupElement gamma, byte[] TI, byte[] PI, ProverRandomData preGeneratedRandomData, bool isDeviceProtected, ushort batchValidationSecurityLevel)
{
if (ip == null)
{
throw new ArgumentNullException("ip");
}
this.ip = ip;
if (numberOfTokens <= 0)
{
throw new ArgumentException("numberOfTokens must be greater than 0");
}
this.numberOfTokens = numberOfTokens;
this.TI = TI;
this.PI = PI;
if (preGeneratedRandomData != null &&
(preGeneratedRandomData.Alpha.Length != numberOfTokens ||
preGeneratedRandomData.Beta1.Length != numberOfTokens ||
preGeneratedRandomData.Beta2.Length != numberOfTokens))
{
throw new ArgumentException("invalid preGeneratedRandomData");
}
this.isDeviceProtected = isDeviceProtected;
this.batchValidationSecurityLevel = batchValidationSecurityLevel;
this.gamma = gamma;
Precompute(gamma, preGeneratedRandomData);
}
public Prover(IssuerParameters ip, int numberOfTokens, byte[][] A, byte[] TI, byte[] PI, GroupElement hd, ProverRandomData preGeneratedRandomData)
: this(ip, numberOfTokens, ProtocolHelper.ComputeIssuanceInput(ip, A, TI, hd), TI, PI, preGeneratedRandomData, hd != null, DefaultBatchValidationSecurityLevel)
{
}
/// <summary>
/// Constructs a new <code>Prover</code> instance.
/// </summary>
/// <param name="ip">The Issuer parameters.</param>
/// <param name="numberOfTokens">Number of tokens to issue.</param>
/// <param name="gamma">The gamma value encoding the token attributes. If <c>beta0</c> is non-null, then this value is blinded with <c>beta0</c>.</param>
/// <param name="TI">The token information field value.</param>
/// <param name="PI">The Prover information field value.</param>
/// <param name="preGeneratedRandomData">Optional pregenerated ProverRandomData instance.</param>
/// <param name="isDeviceProtected">True if the token is to be device-protected, false otherwise.</param>
/// <param name="batchValidationSecurityLevel">The security level of the batch token signature validation. Given a security level <code>l</code>,
/// the probability for the Prover to accept an invalid token is <code>2^-l</code>. If set to 0, than
/// regular validation is used. A value of 20 is recommended.</param>
/// <param name="beta0">Non-null if the input <c>gamma</c> value is blinded (collaborative issuance, i.e., the input <c>gamma</c> is blinded with beta0).
/// This parameter defaults to null if ommitted. </param>
internal Prover(IssuerParameters ip, int numberOfTokens, GroupElement gamma, byte[] TI, byte[] PI, ProverRandomData preGeneratedRandomData,
bool isDeviceProtected, ushort batchValidationSecurityLevel, FieldZqElement beta0 = null)
{
if (ip == null)
{
throw new ArgumentNullException("ip");
}
this.ip = ip;
if (numberOfTokens <= 0)
{
throw new ArgumentException("numberOfTokens must be greater than 0");
}
this.numberOfTokens = numberOfTokens;
this.TI = TI;
this.PI = PI;
if (preGeneratedRandomData != null &&
(preGeneratedRandomData.Alpha.Length != numberOfTokens ||
preGeneratedRandomData.Beta1.Length != numberOfTokens ||
preGeneratedRandomData.Beta2.Length != numberOfTokens))
{
throw new ArgumentException("invalid preGeneratedRandomData");
}
this.isDeviceProtected = isDeviceProtected;
this.batchValidationSecurityLevel = batchValidationSecurityLevel;
this.gamma = gamma;
if (beta0 != null) // inputs are blinded; collab issuance
{
this.beta0Inverse = beta0.Invert();
}
else // no collab issuance
{
this.beta0Inverse = ip.Zq.One;
}
Precompute(gamma, preGeneratedRandomData);
}
private void Precompute(GroupElement gamma, ProverRandomData pregeneratedRandomData)
{
Group Gq = ip.Gq;
FieldZq Zq = ip.Zq;
if (pregeneratedRandomData == null)
{
alpha = Zq.GetRandomElements(numberOfTokens, true);
beta1 = Zq.GetRandomElements(numberOfTokens, false);
beta2 = Zq.GetRandomElements(numberOfTokens, false);
}
else
{
alpha = pregeneratedRandomData.Alpha;
beta1 = pregeneratedRandomData.Beta1;
beta2 = pregeneratedRandomData.Beta2;
}
h = new GroupElement[numberOfTokens];
t1 = new GroupElement[numberOfTokens];
t2 = new GroupElement[numberOfTokens];
ukat = new UProveKeyAndToken[numberOfTokens];
for (int i = 0; i < numberOfTokens; i++)
{
ukat[i] = new UProveKeyAndToken();
h[i] = gamma.Exponentiate(alpha[i]);
t1[i] = ip.G[0].Exponentiate(beta1[i]) * Gq.G.Exponentiate(beta2[i]);
t2[i] = h[i].Exponentiate(beta2[i]);
ukat[i].PrivateKey = alpha[i].Invert();
}
state = State.Initialized;
}
/// <summary>
/// Constructs a new <code>Prover</code> instance.
/// </summary>
/// <param name="ip">The Issuer parameters.</param>
/// <param name="numberOfTokens">Number of tokens to issue.</param>
/// <param name="gamma">The gamma value encoding the token attributes.</param>
/// <param name="TI">The token information field value.</param>
/// <param name="PI">The Prover information field value.</param>
/// <param name="preGeneratedRandomData">Optional pregenerated ProverRandomData instance.</param>
/// <param name="isDeviceProtected">True if the token is to be device-protected, false otherwise.</param>
/// <param name="batchValidationSecurityLevel">The security level of the batch token signature validation. Given a security level <code>l</code>,
/// the probability for the Prover to accept an invalid token is <code>2^-l</code>. If set to 0, than
/// regular validation is used. A value of 20 is recommended.</param>
internal Prover(IssuerParameters ip, int numberOfTokens, GroupElement gamma, byte[] TI, byte[] PI, ProverRandomData preGeneratedRandomData, bool isDeviceProtected, ushort batchValidationSecurityLevel)
{
if (ip == null)
{
throw new ArgumentNullException("ip");
}
this.ip = ip;
if (numberOfTokens <= 0)
{
throw new ArgumentException("numberOfTokens must be greater than 0");
}
this.numberOfTokens = numberOfTokens;
this.TI = TI;
this.PI = PI;
if (preGeneratedRandomData != null &&
(preGeneratedRandomData.Alpha.Length != numberOfTokens ||
preGeneratedRandomData.Beta1.Length != numberOfTokens ||
preGeneratedRandomData.Beta2.Length != numberOfTokens))
{
throw new ArgumentException("invalid preGeneratedRandomData");
}
this.isDeviceProtected = isDeviceProtected;
this.batchValidationSecurityLevel = batchValidationSecurityLevel;
this.gamma = gamma;
Precompute(gamma, preGeneratedRandomData);
}
public Prover(IssuerParameters ip, int numberOfTokens, byte[][] A, byte[] TI, byte[] PI, GroupElement hd, ProverRandomData preGeneratedRandomData)
: this(ip, numberOfTokens, ProtocolHelper.ComputeIssuanceInput(ip, A, TI, hd), TI, PI, preGeneratedRandomData, hd != null, DefaultBatchValidationSecurityLevel)
{ }