/// <summary> /// Creates a range proof that compares a UProve attribute to a target date. /// Target attribute MUST NOT be hashed. /// Value MUST be generated via RangeProofParameterFactory.EncodeYearAndDayAsUProveAttribute. /// </summary> /// <param name="prover">Token information.</param> /// <param name="attributeIndexForProver">1-based index of target attribute.</param> /// <param name="proofType">Range proof type</param> /// <param name="targetDate">Compare token attribute to this date. (Time component is ignored).</param> /// <param name="minYear">Minimum year for attribute and target date.</param> /// <param name="maxYear">Maximum year for attribute and target date.</param> public RangeProof( ProverPresentationProtocolParameters prover1, int attributeIndexForProver1, VerifierRangeProofParameters.ProofType proofType, ProverPresentationProtocolParameters prover2, int attributeIndexForProver2, int minValue, int maxValue) { // make sure target attribute is not hashed if ((prover1.IP.E[attributeIndexForProver1 - 1] == 0x01) || ((prover2.IP.E[attributeIndexForProver2 - 1]) == 0x01)) { throw new ArgumentException("UProve attributes used in Range Proof must not be hashed."); } // generate Pedersen Commitments to token attributes ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 }; int[] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 }; PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices); // create range proof ProverRangeProofParameters rangeProver = new ProverRangeProofParameters( new CryptoParameters(prover1.IP), attributeCommitments[0], proofType, attributeCommitments[1], minValue, maxValue); ConstructorHelper(rangeProver); // Add UProve Integration proof this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments); this.UPIProof.IsGroupSerializable = false; }
public bool Verify( VerifierPresentationProtocolParameters verifier1, int attributeIndexForVerifier1, VerifierRangeProofParameters.ProofType proofType, VerifierPresentationProtocolParameters verifier2, int attributeIndexForVerifier2, int minYear, int maxYear) { // Verify target attribute is not hashed if ((verifier1.IP.E[attributeIndexForVerifier1 - 1] == 0x01) || (verifier2.IP.E[attributeIndexForVerifier1 - 1] == 0x01)) { return(false); } // Verify UProve Integration Proof if (this.UPIProof == null) { return(false); } VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[2] { verifier1, verifier2 }; int[] attributeIndices = new int[2] { attributeIndexForVerifier1, attributeIndexForVerifier2 }; if (!this.UPIProof.Verify(verifiers, attributeIndices)) { return(false); } // Verify Range Proof VerifierRangeProofParameters rangeVerifier = new VerifierRangeProofParameters( new CryptoParameters(verifier1.IP), this.UPIProof.PedersenCommitmentValues[0], proofType, this.UPIProof.PedersenCommitmentValues[1], minYear, maxYear); return(this.Verify(rangeVerifier)); }
/// <summary> /// Converts a range proof type to a string value /// </summary> /// <param name="proofType">range proof type to convert to string</param> /// <returns>converted range proof type as string or null if not exists</returns> public static RangeProofType GetType(VerifierRangeProofParameters.ProofType proofType) { if (proofType == LESS_THAN.ProofType) { return(LESS_THAN); } else if (proofType == GREATER_THAN.ProofType) { return(GREATER_THAN); } else if (proofType == LESS_THAN_OR_EQUAL_TO.ProofType) { return(LESS_THAN_OR_EQUAL_TO); } else if (proofType == GREATER_THAN_OR_EQUAL_TO.ProofType) { return(GREATER_THAN_OR_EQUAL_TO); } return(null); }
private RangeProofType(string value, VerifierRangeProofParameters.ProofType proofType) { Value = value; ProofType = proofType; }
/// <summary> /// Create verifier parameter for comparing committed date to verifier target date. /// </summary> /// <param name="crypto">Cryptographic parameters.</param> /// <param name="commitmentToYearAndDay">Prover supplied committed value.</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetDate">Verifier target date. Must be in [minYear, maxYear+1).</param> /// <param name="minYear">Used to specify range, must be same as in prover parameters.</param> /// <param name="maxYear">Used to specify range, must be same as in prover parameters.</param> /// <returns></returns> public static VerifierRangeProofParameters GetDateTimeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToYearAndDay, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear) { int maxValue = (maxYear - minYear) * 366 + 365; int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear); return(new VerifierRangeProofParameters( crypto, commitmentToYearAndDay, rangeProofType, verifierYearAndDay, 0, maxValue)); }
/// <summary> /// Create prover parameters for comparing committed day and hour to verifier target day and hour. /// </summary> /// <param name="crypto">Cryptographic parameters.</param> /// <param name="commitmentToDayAndHour">Prover supplied commitment.</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetDayHour">Verifier target day of year and hour. Year is ignored.</param> /// <param name="minDayOfYear">Establishes range. Must be same as used by prover.</param> /// <param name="maxDayOfYear">Establishes range. Must be same as used by prover.</param> /// <returns></returns> public static VerifierRangeProofParameters GetDayAndHourVerifierParameters(CryptoParameters crypto, GroupElement commitmentToDayAndHour, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDayHour, int minDayOfYear, int maxDayOfYear) { if (minDayOfYear > maxDayOfYear) { throw new ArgumentException("Argument minDayOfYear must be less than or equal to maxDayOfYear."); } if ((minDayOfYear < 0) || (maxDayOfYear > 366)) { throw new ArgumentOutOfRangeException("Arguments minDayOfYear and maxDayOfYear must be in [0,365]"); } return(new VerifierRangeProofParameters( crypto, commitmentToDayAndHour, rangeProofType, EncodeDayAndHour(verifierTargetDayHour, minDayOfYear), minDayOfYear * 24, maxDayOfYear * 24 + 23)); }
/// <summary> /// Returns verifier parameters corresponding to prover parameters generated by /// GetDateTimeProverParameters. /// </summary> /// <param name="crypto">Cryptographic parameters.</param> /// <param name="commitmentToDayOfYear">Prover supplied commitment to day of year in [0,365].</param> /// <param name="commitmentToYear">Prover supplied commitment to year in [minYear, maxYear].</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetDate">verifier target date in [minYear, maxYear+1).</param> /// <param name="minYear">Used to determine range. Must be same as used by prover.</param> /// <param name="maxYear">Used to determine range. Must be same as used by prover.</param> /// <returns></returns> public static VerifierRangeProofParameters GetDateTimeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToYear, GroupElement commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear) { // Compute (commitmentToYear / G^minYear)^366 * commitmentToDayOfYear GroupElement[] bases = new GroupElement[] { commitmentToYear, crypto.G }; FieldZqElement[] exponents = new FieldZqElement[] { crypto.FieldZq.GetElement(366), crypto.FieldZq.GetElement((uint)(minYear * 366)).Negate() }; GroupElement commitmentToYearAndDay = crypto.Group.MultiExponentiate(bases, exponents) * commitmentToDayOfYear; int maxValue = (maxYear - minYear) * 366 + 365; int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear); return(new VerifierRangeProofParameters( crypto, commitmentToYearAndDay, rangeProofType, verifierYearAndDay, 0, maxValue)); }
/// <summary> /// Returns ProverRangeProofParameters that the committed date to the /// the verifier target date. Range proof will require bit decomposition of approximately 9 + log_2 (maxYear - minYear) bits. /// </summary> /// <param name="crypto">Crypto parameters</param> /// <param name="commitmentToDayOfYear">Commitment value in [0,365]</param> /// <param name="commitmentToYear">Commitment to a year in [minYear, maxYear].</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetDate">Commitment to a date in [minYear, maxYear +1).</param> /// <param name="minYear">Limits range of proof. </param> /// <param name="maxYear">Limits range of proof.</param> /// <returns></returns> public static ProverRangeProofParameters GetDateTimeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToYear, PedersenCommitment commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear) { //Check crypto parameters and pedersen commitment generators G and H if (!commitmentToYear.AreBasesEqual(commitmentToDayOfYear)) { throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear have different bases."); } if ((crypto.G != commitmentToYear.BaseAtIndex(0)) || (crypto.H != commitmentToYear.BaseAtIndex(1))) { throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear should use bases crypto.G and crypto.H."); } FieldZqElement minYearElement = crypto.FieldZq.GetElement((uint)minYear); FieldZqElement daysInOneYear = crypto.FieldZq.GetElement(366); FieldZqElement committedYear = commitmentToYear.ExponentAtIndex(0); FieldZqElement committedDay = commitmentToDayOfYear.ExponentAtIndex(0); FieldZqElement openingYear = commitmentToYear.ExponentAtIndex(1); FieldZqElement openingDay = commitmentToDayOfYear.ExponentAtIndex(1); PedersenCommitment commitmentToYearAndDay = new PedersenCommitment( crypto.G, crypto.H, (committedYear + minYearElement.Negate()) * daysInOneYear + committedDay, openingYear * daysInOneYear + openingDay, crypto.Group); int maxValue = (maxYear - minYear) * 366 + 365; int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear); return(new ProverRangeProofParameters( crypto, commitmentToYearAndDay, rangeProofType, verifierYearAndDay, 0, maxValue)); }
/// <summary> /// Returns verifier parameters for an age range proof. /// </summary> /// <param name="crypto">Cryptographic parameters.</param> /// <param name="commitmentToActualAge">Commitment to age in years provided by prover.</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetAge">Verifier target age in years [0,127].</param> /// <returns></returns> public static VerifierRangeProofParameters GetAgeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToActualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge) { if ((verifierTargetAge < 0) || (verifierTargetAge > 127)) { throw new ArgumentOutOfRangeException("VerifierTargetAge should be an integer in [0,127]"); } return(new VerifierRangeProofParameters( crypto, commitmentToActualAge, rangeProofType, verifierTargetAge, 0, 127)); }
/// <summary> /// Returns prover parameters for comparing prover age to verifier target age. /// </summary> /// <param name="crypto">Cryptographic parameters</param> /// <param name="commitmentToActualAge">Commitment to age in years [0,127].</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetAge">Verifier target age in years [0,127].</param> /// <returns></returns> public static ProverRangeProofParameters GetAgeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToActualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge) { return(new ProverRangeProofParameters( crypto, commitmentToActualAge, rangeProofType, verifierTargetAge, 0, 127)); }
/// <summary> /// Returns prover parameters for comparing actual age to verfierTargetAge. /// </summary> /// <param name="crypto">Crypto parameters</param> /// <param name="actualAge">Actual age of prover in years [0,127].</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetAge">Verifier target age in years [0,127].</param> /// <returns></returns> public static ProverRangeProofParameters GetAgeProverParameters(CryptoParameters crypto, int actualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge) { return(new ProverRangeProofParameters( crypto, new PedersenCommitment(crypto.FieldZq.GetElement(actualAge), crypto), rangeProofType, verifierTargetAge, 0, 127)); }