public void MultiExponentiateTest()
{
// make sure test works with both subgroup and ECC
string[] groupOIDs = { SubgroupParameterSets.ParamSet_SG_2048256_V1Name, ECParameterSets.ParamSet_EC_P256_V1Name };
foreach (string groupOID in groupOIDs)
{
ParameterSet set;
ParameterSet.TryGetNamedParameterSet(groupOID, out set);
Group Gq = set.Group;
FieldZq Zq = FieldZq.CreateFieldZq(Gq.Q);
int length = 10;
GroupElement[] bases = new GroupElement[length];
System.Array.Copy(set.G, bases, length);
FieldZqElement[] exponents = Zq.GetRandomElements(length, false);
GroupElement value = Gq.Identity;
for (int i = 0; i < length; i++)
{
value = value * bases[i].Exponentiate(exponents[i]);
}
Assert.AreEqual(value, Gq.MultiExponentiate(bases, exponents));
}
}
public void NegateTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
Assert.AreEqual <FieldZqElement>(Zq.Zero.Negate(), Zq.Zero);
Assert.AreEqual <FieldZqElement>(Zq.GetElement(1).Negate(), Zq.GetElement(4));
Assert.AreEqual <FieldZqElement>(Zq.GetElement(2).Negate(), Zq.GetElement(3));
Assert.AreEqual <FieldZqElement>(Zq.GetElement(3).Negate(), Zq.GetElement(2));
Assert.AreEqual <FieldZqElement>(Zq.GetElement(4).Negate(), Zq.GetElement(1));
}
public void NegativeOneTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
FieldZqElement negone = Zq.NegativeOne;
Assert.AreEqual <FieldZqElement>(Zq.One.Negate(), negone, "test first time.");
FieldZqElement negoneAgain = Zq.NegativeOne;
Assert.ReferenceEquals(negone, negoneAgain);
Assert.AreEqual(Zq.One.Negate(), negoneAgain, "negone again");
}
public ProverSetMembershipParameters GeneratePSMParameters(int indexOfCommittedValue, int memberSetLength)
{
if (indexOfCommittedValue >= memberSetLength)
{
throw new ArgumentException("indexOfCommittedValue should be less than memberSetLength");
}
FieldZq fieldZq = FieldZq.CreateFieldZq(_cryptoParameters.Group.Q);
FieldZqElement committedValue = fieldZq.GetRandomElement(true);
PedersenCommitment ped = new PedersenCommitment(committedValue, _cryptoParameters);
FieldZqElement[] memberSet = fieldZq.GetRandomElements(memberSetLength, true);
memberSet[indexOfCommittedValue] = committedValue;
return(new ProverSetMembershipParameters(ped, memberSet, _cryptoParameters));
}
public void GetElementIntTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
Assert.AreEqual <FieldZqElement>(Zq.GetElement(0), Zq.GetElement(-0), "-0");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(1).Negate(), Zq.GetElement(-1), "-1");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(2).Negate(), Zq.GetElement(-2), "-2");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(3).Negate(), Zq.GetElement(-3), "-3");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(4).Negate(), Zq.GetElement(-4), "-4");
ParameterSet parameters = ECParameterSets.ParamSet_EC_P256_V1;
Assert.AreEqual <FieldZqElement>(parameters.Group.FieldZq.GetElement(456).Negate(), parameters.Group.FieldZq.GetElement(-456), "-456");
Assert.AreEqual <FieldZqElement>(parameters.Group.FieldZq.GetElement(1).Negate(), parameters.Group.FieldZq.GetElement(-1), "-1");
Assert.AreEqual <FieldZqElement>(parameters.Group.FieldZq.GetElement(10000034).Negate(), parameters.Group.FieldZq.GetElement(-10000034), "-10000034");
}
public void EncodingTest()
{
// a large value
byte[] modulus = new byte[] {
0xef, 0x09, 0x90, 0x06, 0x1d, 0xb6, 0x7a, 0x9e,
0xae, 0xba, 0x26, 0x5f, 0x1b, 0x8f, 0xa1, 0x2b,
0x55, 0x33, 0x90, 0xa8, 0x17, 0x5b, 0xcb, 0x3d,
0x0c, 0x2e, 0x5e, 0xe5, 0xdf, 0xb8, 0x26, 0xe2,
0x29, 0xad, 0x37, 0x43, 0x11, 0x48, 0xce, 0x31,
0xf8, 0xb0, 0xe5, 0x31, 0x77, 0x7f, 0x19, 0xc1,
0xe3, 0x81, 0xc6, 0x23, 0xe6, 0x00, 0xbf, 0xf7,
0xc5, 0x5a, 0x23, 0xa8, 0xe6, 0x49, 0xcc, 0xbc,
0xf8, 0x33, 0xf2, 0xdb, 0xa9, 0x9e, 0x6a, 0xd6,
0x6e, 0x52, 0x37, 0x8e, 0x92, 0xf7, 0x49, 0x2b,
0x24, 0xff, 0x8c, 0x1e, 0x6f, 0xb1, 0x89, 0xfa,
0x84, 0x34, 0xf5, 0x40, 0x2f, 0xe4, 0x15, 0x24,
0x9a, 0xe0, 0x2b, 0xf9, 0x2b, 0x3e, 0xd8, 0xea,
0xaa, 0xa2, 0x20, 0x2e, 0xc3, 0x41, 0x7b, 0x20,
0x79, 0xda, 0x4f, 0x35, 0xe9, 0x85, 0xbb, 0x42,
0xa4, 0x21, 0xcf, 0xab, 0xa8, 0x16, 0x0b, 0x66,
0x94, 0x99, 0x83, 0x38, 0x4e, 0x56, 0x36, 0x5a,
0x44, 0x86, 0xc0, 0x46, 0x22, 0x9f, 0xc8, 0xc8,
0x18, 0xf9, 0x30, 0xb8, 0x0a, 0x60, 0xd6, 0xc2,
0xc2, 0xe2, 0x0c, 0x5d, 0xf8, 0x80, 0x53, 0x4d,
0x42, 0x40, 0xd0, 0xd8, 0x1e, 0x9a, 0x37, 0x0e,
0xef, 0x67, 0x6a, 0x1c, 0x3b, 0x0e, 0xd1, 0xd8,
0xff, 0x30, 0x34, 0x0a, 0x96, 0xb2, 0x1b, 0x89,
0xf6, 0x9c, 0x54, 0xce, 0xb8, 0xf3, 0xdf, 0x17,
0xe3, 0x1b, 0xc2, 0x0c, 0x5b, 0x60, 0x1e, 0x99,
0x44, 0x45, 0xa1, 0xd3, 0x47, 0xa4, 0x5d, 0x95,
0xf4, 0x1a, 0xe0, 0x71, 0x76, 0xc7, 0x38, 0x0c,
0x60, 0xdb, 0x2a, 0xce, 0xdd, 0xee, 0xda, 0x5c,
0x59, 0x80, 0x96, 0x43, 0x62, 0xe3, 0xa8, 0xdd,
0x3f, 0x97, 0x3d, 0x6d, 0x4b, 0x24, 0x1b, 0xcf,
0x91, 0x0c, 0x7f, 0x7a, 0x02, 0xed, 0x3b, 0x60,
0x38, 0x3a, 0x01, 0x02, 0xd8, 0x06, 0x0c, 0x27
};
FieldZq field = FieldZq.CreateFieldZq(modulus);
for (int i = 0; i < 20; i++)
{
FieldZqElement r = field.GetRandomElement(false);
FieldZqElement r2 = field.GetElement(r.ToByteArray());
Assert.AreEqual <FieldZqElement>(r, r2);
}
}
private void RandomElementTest(int fieldSize, bool nonZero, bool checkDistribution)
{
byte[] modulusBytes = BitConverter.GetBytes(fieldSize);
Array.Reverse(modulusBytes); // need big endian
FieldZq field = FieldZq.CreateFieldZq(modulusBytes);
Dictionary <FieldZqElement, int> counts = new Dictionary <FieldZqElement, int>();
int rangeSize = (nonZero) ? fieldSize - 1 : fieldSize;
int iters = (checkDistribution) ? 1000 * rangeSize : 5 * rangeSize;
for (int i = 0; i < iters; i++)
{
FieldZqElement el = field.GetRandomElement(nonZero);
if (counts.ContainsKey(el))
{
int val = counts[el];
val++;
counts.Remove(el);
counts.Add(el, val);
}
else
{
counts.Add(el, 1);
}
if (nonZero)
{
Assert.AreNotEqual(el, field.Zero);
}
}
double expectedHitRate = 1.0f / (double)rangeSize;
double errorMargin = .3 * expectedHitRate;
foreach (KeyValuePair <FieldZqElement, int> kvp in counts)
{
double hitRate = (double)kvp.Value / (double)iters;
if (Math.Abs(hitRate - expectedHitRate) > errorMargin)
{
Assert.Fail("Random number generator did not produce a good distribution");
}
}
}
public void GetRandomElementsTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
// make sure that setting nonZero=true results in no no zero elements.
FieldZqElement[] nonZeroElements = Zq.GetRandomElements(30, true);
for (int i = 0; i < nonZeroElements.Length; ++i)
{
Assert.AreNotEqual(Zq.Zero, nonZeroElements[i], "element " + i + " is 0.");
}
// check that setting nonZero=false results in at least one zero element
bool foundNonZero = false;
FieldZqElement[] zeroElements = Zq.GetRandomElements(100, false);
for (int i = 0; i < zeroElements.Length; ++i)
{
if (zeroElements[i] == Zq.Zero)
{
foundNonZero = true;
break;
}
}
if (!foundNonZero)
{
Assert.Inconclusive("GetRandomElements did not create a single zero value. Try running this test again. Chances of failure on correct behavior is 0.0000000002.");
}
// check that setting maxBitLength=-1 results in at least one element 2, 3, or 4
bool foundLargeElement = false;
FieldZqElement[] fullScopeElements = Zq.GetRandomElements(100, false, -1);
for (int i = 0; i < fullScopeElements.Length; ++i)
{
if ((fullScopeElements[i] != Zq.Zero) && fullScopeElements[i] != Zq.One)
{
foundLargeElement = true;
break;
}
}
if (!foundLargeElement)
{
Assert.Inconclusive("GetRandomElements did not create a single value in the set {2,3,4}. Try running this test again. Chances of failure on correct behavior is 2.6 x 10^-40.");
}
}
public void InverseTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
try
{
FieldZqElement inverse = Zq.Zero.Invert();
Assert.Fail();
}
catch (ArgumentOutOfRangeException)
{
};
Assert.AreEqual <FieldZqElement>(Zq.One.Invert(), Zq.One);
Assert.AreEqual <FieldZqElement>(Zq.GetElement(2).Invert(), Zq.GetElement(3));
Assert.AreEqual <FieldZqElement>(Zq.GetElement(3).Invert(), Zq.GetElement(2));
Assert.AreEqual <FieldZqElement>(Zq.GetElement(4).Invert(), Zq.GetElement(4));
}
public void DivideTest()
{
ParameterSet parameters = ECParameterSets.ParamSet_EC_P256_V1;
for (int i = 0; i < 10; ++i)
{
FieldZqElement a = parameters.Group.FieldZq.GetRandomElement(false);
FieldZqElement b = parameters.Group.FieldZq.GetRandomElement(true);
FieldZqElement c = a.Divide(b);
Assert.AreEqual <FieldZqElement>(a * b.Invert(), c, "a.divide(b).");
FieldZqElement d = a / b;
Assert.AreEqual <FieldZqElement>(c, d, "a / b");
}
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
Assert.AreEqual <FieldZqElement>(Zq.GetElement(4), Zq.GetElement(2) / Zq.GetElement(3), "2/3 = 4");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(4), Zq.GetElement(1) / Zq.GetElement(4), "1/4 = 4");
Assert.AreEqual <FieldZqElement>(Zq.GetElement(1), Zq.GetElement(2) / Zq.GetElement(2), "2/3 = 1");
}
public void SubtractTest()
{
FieldZq Zq = FieldZq.CreateFieldZq(new byte[] { 0x05 });
FieldZqElement two = Zq.GetElement(2);
FieldZqElement three = Zq.GetElement(3);
FieldZqElement four = Zq.GetElement(4);
Assert.AreEqual <FieldZqElement>(four, four - Zq.Zero, "4-0=4");
Assert.AreEqual <FieldZqElement>(three, four - Zq.One, "4-1=3");
Assert.AreEqual <FieldZqElement>(two, four - two, "4-2=2");
Assert.AreEqual <FieldZqElement>(Zq.One, four - three, "4-3=1");
Assert.AreEqual <FieldZqElement>(Zq.Zero, four - four, "4-4=0");
Assert.AreEqual <FieldZqElement>(three, two - four, "2-4=3");
Assert.AreEqual <FieldZqElement>(four, two - three, "2-3=4");
Assert.AreEqual <FieldZqElement>(two, two.Subtract(Zq.Zero), "2-0=2");
Assert.AreEqual <FieldZqElement>(Zq.One, two.Subtract(Zq.One), "2-1=1");
Assert.AreEqual <FieldZqElement>(Zq.Zero, two.Subtract(two), "2-2=0");
Assert.AreEqual <FieldZqElement>(four, two.Subtract(three), "2-3=4");
Assert.AreEqual <FieldZqElement>(three, two.Subtract(four), "2-4=3");
}
/// <summary>
/// Constructs a new VirtualDevice instance.
/// </summary>
/// <param name="parameterSet">The parameter set.</param>
/// <param name="xd">The device private key.</param>
/// <param name="preGenWdPrime">The pregenerated w_d prime value (for one presentation)</param>
public VirtualDevice(ParameterSet parameterSet, FieldZqElement xd, FieldZqElement preGenWdPrime)
: this(parameterSet.Group, parameterSet.Gd, FieldZq.CreateFieldZq(parameterSet.Group.Q), xd, preGenWdPrime)
{
}
