public static BorromeanSignatureType Generate(List <byte[]> x, List <Cryptography.ECC.ECPoint> P1, List <Cryptography.ECC.ECPoint> P2, List <int> indices)
{
List <byte[]> s1 = new List <byte[]>();
List <byte[]> alpha = new List <byte[]>();
List <ECPoint>[] L = new List <ECPoint> [2];
L[0] = new List <ECPoint>();
L[1] = new List <ECPoint>();
BorromeanSignatureType boroSig = new BorromeanSignatureType();
boroSig.InitSField();
for (int i = 0; i < AMOUNT_SIZE; i++)
{
int naught = indices[i];
int prime = (naught + 1) % 2;
byte[] a = SchnorrNonLinkable.GenerateRandomScalar();
ECPoint L1 = Cryptography.ECC.ECCurve.Secp256r1.G * a;
L[naught].Add(L1);
alpha.Add(a);
if (naught == 0)
{
byte[] s2 = SchnorrNonLinkable.GenerateRandomScalar();
byte[] c2 = Crypto.Default.Hash256(L1.EncodePoint(true));
ECPoint L2 = Cryptography.ECC.ECCurve.Secp256r1.G * s2 + P2[i] * c2;
L[prime].Add(L2);
boroSig.s1.Add(s2);
}
else
{
boroSig.s1.Add(new byte[32]);
}
boroSig.ee = ScalarFunctions.Add(boroSig.ee, Crypto.Default.Hash256(L[1][i].EncodePoint(true))); //Check This Part
}
for (int i = 0; i < AMOUNT_SIZE; i++)
{
if (indices[i] == 0)
{
boroSig.s0.Add(ScalarFunctions.MulSub(boroSig.ee, x[i], alpha[i]));
}
else
{
byte[] s2 = SchnorrNonLinkable.GenerateRandomScalar();
ECPoint LL = Cryptography.ECC.ECCurve.Secp256r1.G * s2 + P1[i] * boroSig.ee;
byte[] cc = Crypto.Default.Hash256(LL.EncodePoint(true));
boroSig.s1[i] = ScalarFunctions.MulSub(cc, x[i], alpha[i]);
boroSig.s0.Add(s2);
}
}
return(boroSig.Exports());
}
public static bool Verify(List <ECPoint> P1, List <ECPoint> P2, BorromeanSignatureType sig)
{
byte[] ee = new byte [32];
ECPoint LHS;
ECPoint RHS = ECCurve.Secp256r1.G * sig.ee;
for (int i = 0; i < AMOUNT_SIZE; i++)
{
ECPoint L2 = ECCurve.Secp256r1.G * sig.s0[i] + P1[i] * sig.ee;
byte[] c1 = Crypto.Default.Hash256(L2.EncodePoint(true));
ECPoint L1 = ECCurve.Secp256r1.G * sig.s1[i] + P2[i] * c1;
ee = ScalarFunctions.Add(ee, Crypto.Default.Hash256(L1.EncodePoint(true)));
}
return(sig.ee.ToHexString().Equals(ee.ToHexString()));
}
