/// <summary> /// Creates a range proof that compares a UProve attribute to a target date. /// Target attribute MUST NOT be hashed. /// Value MUST be generated via RangeProofParameterFactory.EncodeYearAndDayAsUProveAttribute. /// </summary> /// <param name="prover">Token information.</param> /// <param name="attributeIndexForProver">1-based index of target attribute.</param> /// <param name="proofType">Range proof type</param> /// <param name="targetDate">Compare token attribute to this date. (Time component is ignored).</param> /// <param name="minYear">Minimum year for attribute and target date.</param> /// <param name="maxYear">Maximum year for attribute and target date.</param> public RangeProof( ProverPresentationProtocolParameters prover1, int attributeIndexForProver1, VerifierRangeProofParameters.ProofType proofType, ProverPresentationProtocolParameters prover2, int attributeIndexForProver2, int minValue, int maxValue) { // make sure target attribute is not hashed if ((prover1.IP.E[attributeIndexForProver1 - 1] == 0x01) || ((prover2.IP.E[attributeIndexForProver2 - 1]) == 0x01)) { throw new ArgumentException("UProve attributes used in Range Proof must not be hashed."); } // generate Pedersen Commitments to token attributes ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 }; int[] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 }; PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices); // create range proof ProverRangeProofParameters rangeProver = new ProverRangeProofParameters( new CryptoParameters(prover1.IP), attributeCommitments[0], proofType, attributeCommitments[1], minValue, maxValue); ConstructorHelper(rangeProver); // Add UProve Integration proof this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments); this.UPIProof.IsGroupSerializable = false; }
/// <summary> /// Generates a list of Pedersen Commitments /// </summary> /// <param name="prover">Array of tokens</param> /// <param name="attributeIndices">target attribute for each token</param> /// <param name="commitmentsToAttribute">Pedersen commitment to target attribute in token. Generated via method /// Proof.PedersenCommmitmentsToAttributes</param> public UProveIntegrationProof(ProverPresentationProtocolParameters [] prover, int [] attributeIndices, PedersenCommitment [] commitmentsToAttribute) { if ((prover == null) || (prover.Length == 0)) { throw new ArgumentException("First argument should be an array of at least one element."); } if (!UProveIntegrationProof.AreTokensCompatible(prover)) { throw new ArgumentException("All tokens must use same group."); } if ((attributeIndices == null) || (attributeIndices.Length != prover.Length)) { throw new ArgumentNullException("Second argument must be an array of the same length as first argument."); } if ((commitmentsToAttribute == null) || (commitmentsToAttribute.Length != prover.Length)) { throw new ArgumentNullException("Third argument must be an array of the same length as first argument."); } // copy Pedersen Commitment values this.PedersenCommitmentValues = new GroupElement[prover.Length]; for (int i = 0; i < PedersenCommitmentValues.Length; ++i) { this.PedersenCommitmentValues[i] = commitmentsToAttribute[i].Value; } // Create Equality Proof between Pedersen Commitments and tokens. EqualityMap map = new EqualityMap(); IWitness [] witnesses = new IWitness[prover.Length * 2]; OpenUProveToken[] tokens = new OpenUProveToken[prover.Length]; for (int i = 0; i < tokens.Length; ++i) { // create uprove token and add target attribute to map witnesses[2 * i] = new OpenUProveToken(prover[i]); map.Add(new PrettyName("token", 2 * i), new DoubleIndex(i, attributeIndices[i])); // add pedersen commitment to witness list, and add to map witnesses[2 * i + 1] = commitmentsToAttribute[i]; map.Add(new PrettyName("token", 2 * i + 1), new DoubleIndex(i, 0)); } ProverEqualityParameters eqProver = new ProverEqualityParameters(witnesses, map, new CryptoParameters(prover[0].IP)); this.TokenCommitmentEqualityProof = new EqualityProof(eqProver); this.TokenCommitmentEqualityProof.IsGroupSerializable = false; }
/// <summary> /// Constructor. Creates a proof that a token attribute is in a given set. /// </summary> /// <param name="prover">Token description.</param> /// <param name="attributeIndexForProver">1-based attribute index in token.</param> /// <param name="setValues">Set of attributes to compare to token attribute.</param> /// <param name="smRandom">Random data for set membership proof.</param> /// <returns>Inequality proof.</returns> public SetMembershipProof(ProverPresentationProtocolParameters prover, int attributeIndexForProver, byte[][] setValues, SetMembershipProofGenerationRandomData smRandom = null) { // generate Pedersen Commitments to token attribute ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover }; int[] attributeIndices = new int[] { attributeIndexForProver }; PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices); // create set membership proof using Pedersen Commitment FieldZqElement[] memberSet = VerifierSetMembershipParameters.GenerateMemberSet(prover.IP, attributeIndexForProver, setValues); ProverSetMembershipParameters setProver = new ProverSetMembershipParameters(attributeCommitments[0], memberSet, new CryptoParameters(prover.IP)); ConstructorHelper(setProver, smRandom); // add UProve Integration proof this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments); this.UPIProof.IsGroupSerializable = false; }
/// <summary> /// Constructor. Creates an inequality proof that a token attribute is not equal to some value. /// </summary> /// <param name="prover">Token description.</param> /// <param name="attributeIndexForProver">1-based attribute index in token.</param> /// <param name="attributeValue">Attribute value to compare actual token attribute.</param> /// <returns>Inequality proof.</returns> public InequalityProof(ProverPresentationProtocolParameters prover, int attributeIndexForProver, byte[] attributeValue) { // generate Pedersen Commitments to attributes ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover }; int[] attributeIndices = new int[] { attributeIndexForProver }; PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices); // create inequality proof using Pedersen Commitmetns FieldZqElement committedAttribute = ProtocolHelper.ComputeXi(prover.IP, attributeIndexForProver - 1, attributeValue); ProverInequalityProofParameters ieqProver = new ProverInequalityProofParameters(attributeCommitments[0], committedAttribute, new CryptoParameters(prover.IP)); ConstructorHelper(ieqProver); // add UProve Integration proof this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments); this.UPIProof.IsGroupSerializable = false; }
/// <summary> /// Constructor. Creates an inequality proof that an attribute in one token is not equal to an attribute in another token. /// </summary> /// <param name="prover1">Token.</param> /// <param name="attributeIndexForProver1">Target attribute in first token, uses 1-based index.</param> /// <param name="prover2">Token</param> /// <param name="attributeIndexForProver2">Target attribute in second token, uses 1-based index</param> /// <returns>Proof of inequality.</returns> public InequalityProof( ProverPresentationProtocolParameters prover1, int attributeIndexForProver1, ProverPresentationProtocolParameters prover2, int attributeIndexForProver2) { // generate Pedersen Commitments to attributes ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 }; int [] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 }; PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices); // create inequality proof using Pedersen Commitmetns ProverInequalityProofParameters ieqProver = new ProverInequalityProofParameters(attributeCommitments[0], attributeCommitments[1], new CryptoParameters(prover1.IP)); ConstructorHelper(ieqProver); // add UProve Integration proof this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments); this.UPIProof.IsGroupSerializable = false; }
/// <summary> /// Verifies this proof that the committed values are valid Pedersen Commitments to token attributes. /// </summary> /// <param name="verifier">Array of verifier token parameters.</param> /// <param name="attributeIndices">Target attribute in each token.</param> /// <param name="committedValues">Array of Pedersen Commitment values.</param> /// <returns></returns> public bool Verify(VerifierPresentationProtocolParameters [] verifier, int [] attributeIndices) { if ((verifier == null) || (verifier.Length == 0)) { throw new ArgumentException("First argument should be an array of at least one element."); } if (!UProveIntegrationProof.AreTokensCompatible(verifier)) { throw new ArgumentException("All tokens must use same group."); } if ((attributeIndices == null) || (attributeIndices.Length != verifier.Length)) { throw new ArgumentNullException("Second argument must be an array of the same length as first argument."); } if ((this.PedersenCommitmentValues == null) || (this.PedersenCommitmentValues.Length != verifier.Length)) { throw new ArgumentNullException("Third argument must be an array of the same length as first argument."); } EqualityMap map = new EqualityMap(); IStatement[] statements = new IStatement[verifier.Length * 2]; ClosedUProveToken[] tokens = new ClosedUProveToken[verifier.Length]; for (int i = 0; i < tokens.Length; ++i) { // create uprove token and add target attribute to map statements[2 * i] = new ClosedUProveToken(verifier[i]); map.Add(new PrettyName("token", 2 * i), new DoubleIndex(i, attributeIndices[i])); // add pedersen commitment to witness list, and add to map statements[2 * i + 1] = new ClosedPedersenCommitment(verifier[i].IP, this.PedersenCommitmentValues[i]); map.Add(new PrettyName("token", 2 * i + 1), new DoubleIndex(i, 0)); } VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters(statements, map, new CryptoParameters(verifier[0].IP)); return(this.TokenCommitmentEqualityProof.Verify(eqVerifier)); }