/// <summary>
/// Constructor.
/// </summary>
public EQProofUProveProverData(ProverPresentationProtocolParameters pppp, CommitmentPrivateValues cpv, PresentationProof pp, int index)
{
this.PPPP = pppp;
this.CPV = cpv;
this.PP = pp;
this.index = index;
}
/// <summary>
/// Create a verifiable encryption of a pseudonym based on a U-Prove presentation proof. This is a wrapper
/// of <c>VerifiableEncrypt</c>.
///
/// </summary>
/// <param name="escrowParams"> Parameters of the ID escrow scheme</param>
/// <param name="escrowPublicKey"> Public key of the Auditor (the authority who can decrypt the output ciphertex).</param>
/// <param name="token"> The U-Prove token corresponding to the <c>proof</c>. </param>
/// <param name="additionalInfo">See documentation of <c>VerifiableEncrypt</c></param>
/// <param name="proof">A U-Prove prsentation proof.</param>
/// <param name="cpv">Commitment opening information, output when generating <c>proof</c>.</param>
/// <param name="idAttributeIndex"> Index of the attribute to use for identity escrow (1-based indexing). This attribute <b>must be</b>
/// the first commited attribute (take care if using multiple extensions). </param>
/// <param name="attributes"> Attributes in <c>token</c>.</param>
/// <returns></returns>
public static IDEscrowCiphertext UProveVerifableEncrypt(IDEscrowParams escrowParams, IDEscrowPublicKey escrowPublicKey,
UProveToken token, byte[] additionalInfo, PresentationProof proof,
CommitmentPrivateValues cpv, int idAttributeIndex, byte[][] attributes)
{
if (token == null || escrowParams == null || proof == null || cpv == null)
{
throw new ArgumentNullException("null input to UProveVerifiableEncrypt");
}
if (proof.Commitments == null || proof.Commitments.Length < 1 ||
attributes.Length < idAttributeIndex || cpv.TildeO == null || cpv.TildeO.Length < 1)
{
throw new InvalidUProveArtifactException("invalid inputs to UProveVerifiableEncrypt");
}
byte[] tokenId = ProtocolHelper.ComputeTokenID(escrowParams.ip, token);
GroupElement Cx1 = proof.Commitments[0].TildeC; // x1 is the first committed attribute
FieldZqElement x1 = ProtocolHelper.ComputeXi(escrowParams.ip, idAttributeIndex - 1, attributes[idAttributeIndex - 1]); // arrays are 0-based
FieldZqElement tildeO1 = cpv.TildeO[0];
return(IDEscrowFunctions.VerifiableEncrypt(escrowParams, escrowPublicKey, tokenId, Cx1, x1, tildeO1, additionalInfo));
}
/// <summary>
/// Computes the non-revocation proof.
/// </summary>
/// <param name="ip">The Issuer parameters associated with the presented U-Prove token.</param>
/// <param name="rap">The Revocation Authority parameters.</param>
/// <param name="witness">The user non-revocation witness.</param>
/// <param name="commitmentIndex">The 0-based index of the revocation commitment in the attribute commitments.</param>
/// <param name="presentationProof">The presentation proof generated with the U-Prove token.</param>
/// <param name="cpv">The commitment private values generated when presenting the U-Prove token.</param>
/// <param name="revocationIndex">The 1-based index of the revocation attribute in the U-Prove token.</param>
/// <param name="attributes">The token attributes.</param>
/// <returns>A non-revocation proof.</returns>
public static NonRevocationProof GenerateNonRevocationProof(IssuerParameters ip, RAParameters rap, RevocationWitness witness, int commitmentIndex, PresentationProof presentationProof, CommitmentPrivateValues cpv, int revocationIndex, byte[][] attributes)
{
if (revocationIndex <= 0)
{
throw new ArgumentException("revocationIndex must be positive: " + revocationIndex);
}
GroupElement tildeCid = presentationProof.Commitments[commitmentIndex].TildeC;
FieldZqElement xid = ProtocolHelper.ComputeXi(ip, revocationIndex - 1, attributes[revocationIndex - 1]);
FieldZqElement tildeOid = cpv.TildeO[commitmentIndex];
return(GenerateNonRevocationProof(rap, witness, tildeCid, xid, tildeOid));
}
/// <summary>
/// Generates a set membership proof from U-Prove parameters.
/// </summary>
/// <param name="pppp">The prover presentation protocol parameters.</param>
/// <param name="pp">The presentation proof.</param>
/// <param name="cpv">The commitment private values returned when generating the presentation proof.</param>
/// <param name="committedIndex">Index of the committed attribute used to generate the set membership proof.</param>
/// <param name="setValues">Set values to prove against.</param>
/// <param name="smRandom">Optional pregenerated random values, or <c>null</c>.</param>
/// <returns>A set membership proof.</returns>
public static SetMembershipProof Generate(ProverPresentationProtocolParameters pppp, PresentationProof pp, CommitmentPrivateValues cpv, int committedIndex, byte[][] setValues, SetMembershipProofGenerationRandomData smRandom = null)
{
// get the index of the commitment to use, given the underlying attribute's index
int commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(pppp.Committed, committedIndex);
// generate the membership proof
ProverSetMembershipParameters setProver =
new ProverSetMembershipParameters(
new PedersenCommitment(pppp, pp, cpv, commitmentIndex),
VerifierSetMembershipParameters.GenerateMemberSet(pppp.IP, committedIndex, setValues),
new CryptoParameters(pppp.IP));
return(new SetMembershipProof(setProver, smRandom));
}
/// <summary>
/// Creates an array of Pedersen Commitments from the ProverPresentationProtocolParameters
/// and the CommitmentPrivateValues. This is a convenience method for generating the
/// Pedersen commitments output by the PresentationProof.Generate() method.
/// </summary>
/// <param name="pppp">The Prover parameters.</param>
/// <param name="pp">The presentation proof.</param>
/// <param name="cpv">The commitment private values.</param>
/// <returns></returns>
public static PedersenCommitment [] ArrayOfPedersenCommitments(ProverPresentationProtocolParameters pppp, PresentationProof pp, CommitmentPrivateValues cpv)
{
PedersenCommitment[] pedersenCommitments = new PedersenCommitment[cpv.TildeO.Length];
for (int index = 0; index < pedersenCommitments.Length; ++index)
{
pedersenCommitments[index] = new PedersenCommitment(pppp, pp, cpv, index);
}
return(pedersenCommitments);
}
/// <summary>
/// Creates a Pedersen Commitment for one of the attributes using the commitment
/// from the PresentationProof.
/// </summary>
/// <param name="pppp">Parameters used by Prover</param>
/// <param name="pp">The presentation proof generated by the Prover</param>
/// <param name="cpv">Output of PresentationProof.Generate()</param>
/// <param name="commitmentIndex">Which commitment to use: index into cpv.TildeO array.
/// DO NOT use the attribute index, the Constructor will compute it from
/// the commitmentIndex.</param>
public PedersenCommitment(ProverPresentationProtocolParameters pppp, PresentationProof pp, CommitmentPrivateValues cpv, int commitmentIndex)
{
int attributeIndex = pppp.Committed[commitmentIndex] - 1;
FieldZqElement committedValue = ProtocolHelper.ComputeXi(pppp.IP, attributeIndex, pppp.Attributes[attributeIndex]);
FieldZqElement opening = cpv.TildeO[commitmentIndex];
CryptoParameters crypto = new CryptoParameters(pppp.IP);
this.Group = crypto.Group;
this.Bases = new GroupElement[2] {
crypto.Generators[0], crypto.Generators[1]
};
this.Exponents = new FieldZqElement[2] {
committedValue, opening
};
this.Value = pp.Commitments[commitmentIndex].TildeC;
}
