public static ASNLSignatureType Generate(List <byte[]> x, List <Cryptography.ECC.ECPoint> P1, List <Cryptography.ECC.ECPoint> P2, List <int> indices)
{
List <byte[]> s1 = new List <byte[]>();
ASNLSignatureType asnlSig = new ASNLSignatureType();
asnlSig.InitSField();
for (int i = 0; i < AMOUNT_SIZE; i++)
{
SchnorrSignatureType schnorrSig = SchnorrNonLinkable.Generate(x[i], P1[i], P2[i], indices[i]);
if (!SchnorrNonLinkable.Verify(P1[i], P2[i], schnorrSig))
{
throw new Exception("Schnorr Sign Error!");
}
asnlSig.L1.Add(schnorrSig.L1);
s1.Add(schnorrSig.s1);
asnlSig.s2.Add(schnorrSig.s2);
asnlSig.s = ScalarFunctions.Add(asnlSig.s, s1[i]);
}
return(asnlSig.Exports());
}
public static bool Verify(List <ECPoint> P1, List <ECPoint> P2, ASNLSignatureType sig)
{
ECPoint LHS = sig.L1[0];
ECPoint RHS = ECCurve.Secp256r1.G * sig.s;
for (int i = 0; i < AMOUNT_SIZE; i++)
{
byte[] c2 = Crypto.Default.Hash256(sig.L1[i].EncodePoint(true));
ECPoint L2 = ECCurve.Secp256r1.G * sig.s2[i] + P2[i] * c2;
byte[] c1 = Crypto.Default.Hash256(L2.EncodePoint(true));
if (i > 0)
{
LHS = LHS + sig.L1[i];
}
RHS = RHS + P1[i] * c1;
}
return(LHS.ToString() == RHS.ToString());
}
public void ASNL_Allow_Test()
{
List <byte[]> x = new List <byte[]>();
List <ECPoint> P1 = new List <ECPoint>();
List <ECPoint> P2 = new List <ECPoint>();
List <int> indices = new List <int>();
for (int i = 0; i < ASNLRingSignature.AMOUNT_SIZE; i++)
{
//byte[] x1 = SchnorrNonLinkable.GenerateRandomScalar();
byte[] x1 = new byte[32];
byte[] x2 = SchnorrNonLinkable.GenerateRandomScalar();
ECPoint p1 = ECCurve.Secp256r1.G * x1;
ECPoint p2 = ECCurve.Secp256r1.G * x2;
P1.Add(p1);
P2.Add(p2);
Random rnd = new Random(i);
int iRand = rnd.Next(2);
if (iRand == 0)
{
x.Add(x1);
indices.Add(0);
}
else
{
x.Add(x2);
indices.Add(1);
}
}
ASNLSignatureType sig = ASNLRingSignature.Generate(x, P1, P2, indices);
ASNLRingSignature.Verify(P1, P2, sig).Should().Be(true);
}