public void InequalityProofSerializationTest() { for (int i = 0; i < StaticHelperClass.ParameterArray.Length; ++i) { CryptoParameters crypto = StaticHelperClass.ParameterArray[i]; FieldZqElement x = crypto.FieldZq.GetElement(1000); FieldZqElement y = crypto.FieldZq.GetElement(2000); PedersenCommitment X = new PedersenCommitment(x, crypto); PedersenCommitment Y = new PedersenCommitment(y, crypto); ProverInequalityProofParameters prover = new ProverInequalityProofParameters(X, Y, crypto); InequalityProof proof = new InequalityProof(prover); string json = CryptoSerializer.Serialize <InequalityProof>(proof); InequalityProof deserialized = CryptoSerializer.Deserialize <InequalityProof>(json); Assert.IsTrue(proof.Verify(prover), "Verify proof"); Assert.AreEqual(proof.A, deserialized.A, "A"); Assert.AreEqual(proof.B, deserialized.B, "B"); prover = new ProverInequalityProofParameters(X, y, crypto); proof = new InequalityProof(prover); json = CryptoSerializer.Serialize <InequalityProof>(proof); deserialized = CryptoSerializer.Deserialize <InequalityProof>(json); Assert.IsTrue(proof.Verify(prover), "Verify proof"); Assert.AreEqual(proof.A, deserialized.A, "A"); Assert.AreEqual(proof.B, deserialized.B, "B"); } }
public void InequalityParamUnknownValueTest() { CryptoParameters crypto = StaticHelperClass.ParameterArray[1]; FieldZqElement x = crypto.FieldZq.GetRandomElement(false); FieldZqElement y = x + crypto.FieldZq.One; // inequality does not hold PedersenCommitment X = new PedersenCommitment(x, crypto); PedersenCommitment Y = new PedersenCommitment(y, crypto); PedersenCommitment badY = new PedersenCommitment(x, crypto); ProverInequalityProofParameters badProver = new ProverInequalityProofParameters(X, badY, crypto); Assert.IsFalse(badProver.Verify(), "x=y"); // X uses wrong bases PedersenCommitment badX = new PedersenCommitment(crypto.H, crypto.G, x, x, crypto.Group); badProver = new ProverInequalityProofParameters(badX, Y, crypto); Assert.IsFalse(badProver.Verify(), "bad bases in X"); // Y uses wrong bases badProver = new ProverInequalityProofParameters(Y, badX, crypto); Assert.IsFalse(badProver.Verify(), "bad bases in Y"); //good parameters ok ProverInequalityProofParameters prover = new ProverInequalityProofParameters(X, Y, crypto); Assert.IsTrue(prover.Verify(), "prover verify"); VerifierInequalityProofParameters verifier = new VerifierInequalityProofParameters(X.Value, Y.Value, crypto); Assert.IsTrue(verifier.Verify(), "verifier ok."); }
public void CSDLRepArrayTestWithGroup() { DLRepOfGroupElement[] input = StaticHelperClass.GenerateRandomDLRepOfGroupElementArray(10, 7, this.paramIndex); FieldZqElement[][] inputExponents = new FieldZqElement[10][]; for (int dlIndex = 0; dlIndex < 10; ++dlIndex) { inputExponents[dlIndex] = new FieldZqElement[7]; for (int exponentIndex = 0; exponentIndex < 7; ++exponentIndex) { inputExponents[dlIndex][exponentIndex] = input[dlIndex].ExponentAtIndex(exponentIndex); } } string[] serializedTT = CryptoSerializer.Serialize(input, true, true); DLRepOfGroupElement[] outputTT = CryptoSerializer.Deserialize <DLRepOfGroupElement>(serializedTT, null, null); StaticHelperClass.AssertArraysAreEqual(input, outputTT, "outputTT"); string[] serializedNT = CryptoSerializer.Serialize(input, true, false); GroupElement[] newBases = StaticHelperClass.GenerateRandomBases(input[0].RepresentationLength, this.paramIndex); DLRepOfGroupElement[] outputNT = CryptoSerializer.Deserialize <DLRepOfGroupElement>(serializedNT, null, newBases); Assert.AreEqual(input.Length, outputNT.Length, "outputNT.Length"); for (int i = 0; i < outputNT.Length; ++i) { DLRepOfGroupElement expected = new DLRepOfGroupElement(newBases, inputExponents[i], this.crypto.Group); expected.Value = input[i].Value; Assert.AreEqual(expected, outputNT[i], "outputNT " + i); } FieldZqElement[] commitments = StaticHelperClass.GenerateRandomExponents(10, this.paramIndex); FieldZqElement[] openings = StaticHelperClass.GenerateRandomExponents(10, this.paramIndex); input = PedersenCommitment.GetCommitments(this.crypto, commitments, openings); }
public void EQEndToEndTest2() { int length = 20; FieldZqElement[] committedValues = _crypto.FieldZq.GetRandomElements(length, true); FieldZqElement[] openings = _crypto.FieldZq.GetRandomElements(length, true); PedersenCommitment[] ped = PedersenCommitment.GetCommitments(_crypto, committedValues, openings); EqualityMap map = new EqualityMap(); for (int i = 0; i < length; ++i) { map.Add( new PrettyName("chi", i), new DoubleIndex(i, 0) ); } ProverEqualityParameters prover = new ProverEqualityParameters(ped, map, _crypto); Assert.IsTrue(prover.Verify()); EqualityProof proof = new EqualityProof(prover); Assert.IsTrue(proof.Verify(prover)); }
public void BDSerializationTest() { FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(2056); PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]); int decompositionLength = 15; ProverBitDecompositionParameters prover = new ProverBitDecompositionParameters( bigNumCommit, decompositionLength, _parameters[0]); BitDecompositionProof proof = new BitDecompositionProof(prover); Assert.IsTrue(proof.Verify(prover), "original proof verification."); string jsonProof = CryptoSerializer.Serialize <BitDecompositionProof>(proof); // TODO: switch to using ip-based de-serialization; need to harmonize with U-Prove SDK code IssuerParameters ip = new IssuerParameters(); ip.Gq = prover.Group; BitDecompositionProof deserializedProof = ip.Deserialize <BitDecompositionProof>(jsonProof);// CryptoSerializer.Deserialize<BitDecompositionProof>(jsonProof); Assert.IsTrue(deserializedProof.Verify(prover), "deserialized proof verfication"); string jsonProver = CryptoSerializer.Serialize <ProverBitDecompositionParameters>(prover); ProverBitDecompositionParameters deserializedProver = CryptoSerializer.Deserialize <ProverBitDecompositionParameters>(jsonProver); Assert.IsTrue(deserializedProof.Verify(deserializedProver), "deserialized proof with deserialized prover."); BitDecompositionProof proof2 = new BitDecompositionProof(deserializedProver); Assert.IsTrue(proof2.Verify(deserializedProver), "proof2.verify(deserializedProver)"); Assert.IsTrue(proof2.Verify(prover), "Proof2.verify(prover)"); }
public void SMProverParametersConstructorTest() { // Test1: compute commitment automatically ProverSetMembershipParameters prover = new ProverSetMembershipParameters(_cryptoParameters); prover.setProverParameters(ValidDaysOfTheWeek[1], ValidDaysOfTheWeek); AssertCorrectProverParameters(prover, _cryptoParameters, prover.OpenCommitment, // computed open commitment automatically, so check committed value later ValidDaysOfTheWeek); Assert.AreEqual(ValidDaysOfTheWeek[1], prover.OpenCommitment.CommittedValue, "wrong committed value."); // Test 2: use explicit commitment prover = new ProverSetMembershipParameters(_cryptoParameters); PedersenCommitment ped = new PedersenCommitment(ValidDaysOfTheWeek[4], _cryptoParameters); prover.setProverParameters(ped, ValidDaysOfTheWeek); AssertCorrectProverParameters( prover, _cryptoParameters, ped, ValidDaysOfTheWeek); // Test 3: use constructor to set explicit commitment prover = new ProverSetMembershipParameters(ped, ValidDaysOfTheWeek, _cryptoParameters); prover.setProverParameters(ped, ValidDaysOfTheWeek); AssertCorrectProverParameters( prover, _cryptoParameters, ped, ValidDaysOfTheWeek); }
public void SimpleConstructorTest() { for (int i = 0; i < _parameters.Length; ++i) { FieldZqElement committedValue = _parameters[i].FieldZq.GetRandomElement(true); GroupElement g = _parameters[i].G; GroupElement h = _parameters[i].H; PedersenCommitment pedCom1 = new PedersenCommitment(committedValue, _parameters[i]); FieldZqElement opening = pedCom1.ExponentAtIndex(1); Assert.AreEqual(g, pedCom1.BaseAtIndex(0), "pedcom1 has wrong base_0"); Assert.AreEqual(h, pedCom1.BaseAtIndex(1), "pedcom1 has wrong base_1"); Assert.AreEqual(committedValue, pedCom1.CommittedValue, "pedcom1 used wrong committed value"); GroupElement expectedCommitmentValue = g.Exponentiate(committedValue) * h.Exponentiate(opening); Assert.AreEqual(expectedCommitmentValue, pedCom1.Value, "pedcom1 computed wrong value"); PedersenCommitment pedCom2 = new PedersenCommitment(g, h, committedValue, opening, _parameters[i].Group); Assert.AreEqual(pedCom1, pedCom2, "pedcom1 and pedcom2 different"); FieldZqElement[] exponents = new FieldZqElement[2] { committedValue, opening }; GroupElement[] bases = new GroupElement[2] { g, h }; PedersenCommitment pedCom3 = new PedersenCommitment(bases, exponents, _parameters[i].Group); Assert.AreEqual(pedCom1, pedCom3, "pedcom1 and pedcom3 different"); Assert.AreEqual(pedCom2, pedCom3, "pedcom2 and pedcom3 different"); } }
public void BDBadProofTest() { FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(30); PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]); int decompositionLength = 8; ProverBitDecompositionParameters proverParams = new ProverBitDecompositionParameters( bigNumCommit, decompositionLength, _parameters[0]); BitDecompositionProof proof = new BitDecompositionProof(proverParams); PrivateObject proofAccessor = new PrivateObject(proof); SetMembershipProof[] smProof = (SetMembershipProof[])proofAccessor.GetField("bitCommitmentProof"); SetMembershipProof[] badSmProof = smProof; SetMembershipProof tmp = smProof[1]; badSmProof[1] = badSmProof[0]; proofAccessor.SetFieldOrProperty("bitCommitmentProof", badSmProof); Assert.IsFalse(proof.Verify(proverParams), "bad set membeship proof."); proofAccessor.SetFieldOrProperty("bitCommitmentProof", smProof); smProof[1] = tmp; Assert.IsTrue(proof.Verify(proverParams), "good set membership proof."); EqualityProof eqProof = (EqualityProof)proofAccessor.GetField("compositionProof"); PrivateObject eqProofAccessor = new PrivateObject(eqProof); GroupElement [] b = (GroupElement[])eqProofAccessor.GetField("b"); b[1] = b[0]; eqProofAccessor.SetField("b", b); Assert.IsFalse(proof.Verify(proverParams), "bad equality proof"); }
public void InequalityParamsSerializationTest() { for (int i = 0; i < StaticHelperClass.ParameterArray.Length; ++i) { CryptoParameters crypto = StaticHelperClass.ParameterArray[i]; FieldZqElement x = crypto.FieldZq.GetElement(1000); FieldZqElement y = crypto.FieldZq.GetElement(2000); PedersenCommitment X = new PedersenCommitment(x, crypto); PedersenCommitment Y = new PedersenCommitment(y, crypto); VerifierInequalityProofParameters verifier = new VerifierInequalityProofParameters(X.Value, Y.Value, crypto); string json = CryptoSerializer.Serialize <VerifierInequalityProofParameters>(verifier); VerifierInequalityProofParameters deserialized = CryptoSerializer.Deserialize <VerifierInequalityProofParameters>(json); StaticHelperClass.AssertProofParametersAreEqual(verifier, deserialized, "Verifier X Y"); verifier = new VerifierInequalityProofParameters(X.Value, y, crypto); json = CryptoSerializer.Serialize <VerifierInequalityProofParameters>(verifier); deserialized = CryptoSerializer.Deserialize <VerifierInequalityProofParameters>(json); StaticHelperClass.AssertProofParametersAreEqual(verifier, deserialized, "Verifier X value"); ProverInequalityProofParameters prover = new ProverInequalityProofParameters(X, Y, crypto); json = CryptoSerializer.Serialize <ProverInequalityProofParameters>(prover); ProverInequalityProofParameters dProver = CryptoSerializer.Deserialize <ProverInequalityProofParameters>(json); StaticHelperClass.AssertProofParametersAreEqual(dProver, prover, "Prover X Y"); prover = new ProverInequalityProofParameters(X, y, crypto); json = CryptoSerializer.Serialize <ProverInequalityProofParameters>(prover); dProver = CryptoSerializer.Deserialize <ProverInequalityProofParameters>(json); StaticHelperClass.AssertProofParametersAreEqual(dProver, prover, "Prover X value"); } }
public void EQTokenAndDLTest() { // In this example, the token hashes the attribute // but example also works if hashAttributes=false bool hashAttributes = true; // Setting up attributes for token byte[][] attributes = new byte[][] { _encoding.GetBytes("Attribute 1"), _encoding.GetBytes("Attribute 2"), _encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare _encoding.GetBytes("Attribute 4") }; // generate token ProverPresentationProtocolParameters prover; VerifierPresentationProtocolParameters verifier; StaticHelperClass.GetUProveParameters(hashAttributes, out prover, out verifier, null, attributes); OpenUProveToken token = new OpenUProveToken(prover); Assert.IsTrue(token.Validate(null), "validate token."); // generate pedersen commitment to Teaching Assistant PedersenCommitment ped = new PedersenCommitment(prover.IP, 3, _encoding.GetBytes("Teaching Assistant")); // Verify they are equal Assert.AreEqual(token.AttributeXI(3), ped.CommittedValue, "Token and PedersenCommitment different."); // Create a proof that the 3rd attribute in token is equal to the committed value in ped. ProverEqualityParameters eqProver = new ProverEqualityParameters( token, // token 3, // 3rd attribute is the 3rd exponent ped, // pedersen commitment 0, // committed value is the 0th exponent new CryptoParameters(prover.IP)); EqualityProof proof = new EqualityProof(eqProver); // Verify proof ClosedUProveToken closedToken = new ClosedUProveToken(verifier); Assert.IsTrue(closedToken.AreBasesEqual(token), "token bases."); IStatement closedPed = ped.GetStatement(); Assert.IsTrue(closedPed.AreBasesEqual(ped), "token bases."); VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters( closedToken, // verifier token information 3, // 3rd attribute is the 3nd exponent closedPed, // verifier information about ped 0, // committed value is the 0th exponent new CryptoParameters(prover.IP)); Assert.IsTrue(proof.Verify(eqVerifier)); }
public void PedCommitmentBadConstructorTest() { int paramIndex = 6; GroupElement[] bases = null; FieldZqElement[] exponents = null; Group group = _parameters[paramIndex].Group; PedersenCommitment ped; // null input bool threwException = false; try { ped = new PedersenCommitment(bases, exponents, group); } catch (Exception) { threwException = true; } Assert.IsTrue(threwException, "should throw exception on null input."); // wrong length bases & exponent arrays threwException = false; bases = StaticHelperClass.GenerateRandomBases(1, paramIndex); exponents = StaticHelperClass.GenerateRandomExponents(1, paramIndex); try { ped = new PedersenCommitment(bases, exponents, group); } catch (Exception) { threwException = true; } Assert.IsTrue(threwException, "should throw exception when bases and exponents are arrays of length 1."); // wrong length bases & exponent arrays threwException = false; bases = StaticHelperClass.GenerateRandomBases(3, paramIndex); exponents = StaticHelperClass.GenerateRandomExponents(3, paramIndex); try { ped = new PedersenCommitment(bases, exponents, group); } catch (Exception) { threwException = true; } Assert.IsTrue(threwException, "should throw exception when bases and exponents are arrays of length 3."); }
public void UnknownDLRepConstructorTest() { for (int i = 0; i < _parameters.Length; ++i) { FieldZqElement committedValue = _parameters[i].FieldZq.GetRandomElement(true); GroupElement g = _parameters[i].G; GroupElement h = _parameters[i].H; PedersenCommitment pedCom = new PedersenCommitment(committedValue, _parameters[i]); IStatement udl = pedCom.GetStatement(); Assert.IsFalse(pedCom.Equals(udl), "pedCom does not equal udl due to class hierarchy"); Assert.IsTrue(PedersenCommitment.IsValidOpenClosedPair(pedCom, udl), "should be valid open closed pair."); } }
public ProverSetMembershipParameters GeneratePSMParameters(int indexOfCommittedValue, int memberSetLength) { if (indexOfCommittedValue >= memberSetLength) { throw new ArgumentException("indexOfCommittedValue should be less than memberSetLength"); } FieldZq fieldZq = FieldZq.CreateFieldZq(_cryptoParameters.Group.Q); FieldZqElement committedValue = fieldZq.GetRandomElement(true); PedersenCommitment ped = new PedersenCommitment(committedValue, _cryptoParameters); FieldZqElement[] memberSet = fieldZq.GetRandomElements(memberSetLength, true); memberSet[indexOfCommittedValue] = committedValue; return(new ProverSetMembershipParameters(ped, memberSet, _cryptoParameters)); }
public void BDBadCompositionTest() { PedersenCommitment[] ped = new PedersenCommitment[2]; ped[0] = new PedersenCommitment(_parameters[0].G, _parameters[0].H, _parameters[0].FieldZq.One, _parameters[0].FieldZq.One, _parameters[0].Group); ped[1] = new PedersenCommitment(_parameters[1].G, _parameters[1].H, _parameters[1].FieldZq.One, _parameters[1].FieldZq.One, _parameters[1].Group); PedersenCommitment composition = ped[0]; FieldZq field = _parameters[0].FieldZq; PrivateType bdproof = new PrivateType(typeof(BitDecompositionProof)); object [] inputParameters = new object[3] { ped, _parameters[0].FieldZq, composition }; bool success = (bool)bdproof.InvokeStatic("ComposeCommitments", inputParameters); Assert.IsFalse(success, "success"); }
public void BDProverSerializationTest() { FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(2056); PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]); int decompositionLength = 15; ProverBitDecompositionParameters prover = new ProverBitDecompositionParameters( bigNumCommit, decompositionLength, _parameters[0]); string jsonString = CryptoSerializer.Serialize <ProverBitDecompositionParameters>(prover); ProverBitDecompositionParameters deserializedProver = CryptoSerializer.Deserialize <ProverBitDecompositionParameters>(jsonString); Assert.AreEqual(prover.Group.GroupName, deserializedProver.Group.GroupName); StaticHelperClass.AssertArraysAreEqual(prover.PublicValues, deserializedProver.PublicValues, "PublicValues"); StaticHelperClass.AssertArraysAreEqual <DLRepOfGroupElement>(prover.Witnesses, deserializedProver.Witnesses, "Witnesses"); }
public static void AssertCorrectProverParameters( ProverSetMembershipParameters prover, CryptoParameters expectedCryptoParameters, PedersenCommitment expectedOpenCommitment, FieldZqElement [] expectedMemberSet ) { // check crypto parameters and everything associated with verifer AssertCorrectVerifierParameters(prover, expectedCryptoParameters, expectedOpenCommitment.Value, expectedMemberSet); // now check witness Assert.AreEqual(expectedOpenCommitment, prover.OpenCommitment, "wrong open commitment."); Assert.AreEqual(expectedCryptoParameters.G, prover.OpenCommitment.G, "G value does not match expected crypto parameters."); Assert.AreEqual(expectedOpenCommitment.G, prover.OpenCommitment.G, "G value does not match expected Open commitment."); Assert.AreEqual(expectedCryptoParameters.H, prover.OpenCommitment.H, "H value does not match expected crypto parameters."); Assert.AreEqual(expectedOpenCommitment.H, prover.OpenCommitment.H, "H value does not match expected Open commitment."); }
public void SMBadParametersTest() { // committed value not in memberset ProverSetMembershipParameters prover = new ProverSetMembershipParameters(_cryptoParameters); prover.setProverParameters(_cryptoParameters.FieldZq.One, ValidDaysOfTheWeek); Assert.IsFalse(prover.Verify(), "Verify should fail since committed value not in memberset."); // open commitment uses wrong base PedersenCommitment ped = new PedersenCommitment(_cryptoParameters.H, _cryptoParameters.G, ValidDaysOfTheWeek[0], ValidDaysOfTheWeek[2], _cryptoParameters.Group); prover.setProverParameters(ped, ValidDaysOfTheWeek); Assert.IsFalse(prover.Verify(), "Verify should fail since commitment uses wrong bases."); // null memberset prover.setProverParameters(ValidDaysOfTheWeek[0], null); Assert.IsFalse(prover.Verify(), "Verify should fail since memberset is null."); }
public void InequalityE2ETest1() { CryptoParameters crypto = StaticHelperClass.ParameterArray[0]; PedersenCommitment X = new PedersenCommitment(crypto.FieldZq.GetElement(20), crypto); ProverInequalityProofParameters prover = new ProverInequalityProofParameters(X, crypto.FieldZq.GetElement(45), crypto); Assert.IsTrue(prover.Verify(), "prover verify"); InequalityProof proof = new InequalityProof(prover); Assert.IsTrue(proof.Verify(prover), "proof verify(prover)"); VerifierInequalityProofParameters verifier = new VerifierInequalityProofParameters(X.Value, crypto.FieldZq.GetElement(45), crypto); Assert.IsTrue(verifier.Verify(), "verifyer.verify()"); Assert.IsTrue(proof.Verify(verifier), "proof.verify(verifier)"); }
public void DLtoPedConstructorTest() { for (int paramIndex = 0; paramIndex < _parameters.Length; ++paramIndex) { GroupElement[] bases = StaticHelperClass.GenerateRandomBases(2, paramIndex); FieldZqElement[] exponents = StaticHelperClass.GenerateRandomExponents(2, paramIndex); DLRepOfGroupElement dl = new DLRepOfGroupElement(bases, exponents, _parameters[paramIndex].Group); PedersenCommitment ped = new PedersenCommitment(dl); Assert.IsTrue(ped.Validate(), "ped should be a valid pedersen commitment."); Assert.AreEqual(bases[0], ped.G, "Wrong G value."); Assert.AreEqual(bases[1], ped.H, "Wrong H value."); Assert.AreEqual(exponents[0], ped.CommittedValue, "wrong committed value."); Assert.AreEqual(exponents[1], ped.Opening, "wrong opening."); GroupElement expectedValue = _parameters[paramIndex].Group.MultiExponentiate(bases, exponents); Assert.AreEqual(expectedValue, ped.Value, "wrong value."); } }
public void PresentationProofConstructorTest() { // generate array of commitments using PresentationProof CommitmentPrivateValues cpv; Assert.IsNotNull(_proverParams, "prover params null"); PresentationProof proof = PresentationProof.Generate(_proverParams, out cpv); Assert.IsNotNull(proof.Commitments, "proof failed to generate commitments"); Assert.IsNotNull(cpv, "failed to output cpv"); Assert.IsNotNull(cpv.TildeO, "cpv.TildeO is null"); CommitmentValues [] expectedCommitmentValues = proof.Commitments; // generate array of commitments using Pedersen Commitment constructor PedersenCommitment [] proverCommitments = PedersenCommitment.ArrayOfPedersenCommitments(_proverParams, proof, cpv); // compare values GroupElement expectedG = _proverParams.IP.Gq.G; GroupElement expectedH = _proverParams.IP.G[1]; for (int commitIndex = 0; commitIndex < expectedCommitmentValues.Length; ++commitIndex) { int attributeIndex = _proverParams.Committed[commitIndex] - 1; FieldZqElement expectedCommittedValue = ProtocolHelper.ComputeXi(_proverParams.IP, attributeIndex, _proverParams.Attributes[attributeIndex]); Assert.AreEqual(expectedCommittedValue, proverCommitments[commitIndex].CommittedValue, "wrong committed value"); Assert.AreEqual(cpv.TildeO[commitIndex], proverCommitments[commitIndex].Opening, "opening does not match tildeO"); Assert.AreEqual(expectedG, proverCommitments[commitIndex].G, "base g wrong"); Assert.AreEqual(expectedH, proverCommitments[commitIndex].H, "base h wrong"); Assert.AreEqual(expectedCommitmentValues[commitIndex].TildeC, proverCommitments[commitIndex].Value, "wrong value"); } // generate array of closed pedersen commitments ClosedPedersenCommitment[] verifierCommitments = ClosedPedersenCommitment.ArrayOfClosedPedersenCommitments(_verifierParams.IP, proof); // compare bases and values to actualCommitments Assert.IsTrue(ClosedPedersenCommitment.AreBasesEqual(verifierCommitments), "all closed commitments should have same bases."); Assert.IsTrue(verifierCommitments[0].AreBasesEqual(proverCommitments[0]), "all closed commitments should have same bases as open commitments"); Assert.AreEqual(proverCommitments.Length, verifierCommitments.Length, "should be as many open and closed commitments"); for (int i = 0; i < verifierCommitments.Length; ++i) { Assert.AreEqual(verifierCommitments[i].Value, proverCommitments[i].Value, "open and closed commitments should be equal."); } }
public void EQEndToEndTest3() { int length = 20; FieldZqElement[] committedValues = _crypto.FieldZq.GetRandomElements(length, true); FieldZqElement[] openings1 = _crypto.FieldZq.GetRandomElements(length, true); FieldZqElement[] openings2 = _crypto.FieldZq.GetRandomElements(length, true); PedersenCommitment[] ped1 = PedersenCommitment.GetCommitments(_crypto, committedValues, openings1); PedersenCommitment[] ped2 = PedersenCommitment.GetCommitments(_crypto, committedValues, openings2); // combine all commitments into allPed PedersenCommitment[] allPed = new PedersenCommitment[2 * length]; for (int i = 0; i < length; ++i) { allPed[i] = ped1[i]; allPed[i + length] = ped2[i]; } // create equality map EqualityMap map = new EqualityMap(); for (int i = 0; i < length; ++i) { map.Add( new PrettyName("chi", i), new DoubleIndex(i, 0) ); map.Add( new PrettyName("chi", i), new DoubleIndex(length + i, 0) ); } ProverEqualityParameters prover = new ProverEqualityParameters(allPed, map, _crypto); Assert.IsTrue(prover.Verify()); EqualityProof proof = new EqualityProof(prover); Assert.IsTrue(proof.Verify(prover)); }
public void BDEndToEnd() { FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(2056); PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]); int decompositionLength = 15; ProverBitDecompositionParameters proverParams = new ProverBitDecompositionParameters( bigNumCommit, decompositionLength, _parameters[0]); BitDecompositionProof proof = new BitDecompositionProof(proverParams); Assert.IsTrue(proof.Verify(proverParams), "could not verify proof with prover params"); VerifierBitDecompositionParameters verifierParams = new VerifierBitDecompositionParameters( proverParams.ClosedCommitment, proverParams.ClosedBitDecomposition(), proverParams); Assert.IsTrue(proof.Verify(verifierParams), "could not verify proof with verifier parameters"); }
public void BDConstructorCastTest() { FieldZqElement bigNum = _parameters[0].FieldZq.GetElement(129); PedersenCommitment bigNumCommit = new PedersenCommitment(bigNum, _parameters[0]); int decompositionLength = 15; ProverBitDecompositionParameters proverParams = new ProverBitDecompositionParameters( bigNumCommit, decompositionLength, _parameters[0]); Assert.IsInstanceOfType(proverParams.OpenCommitment, typeof(PedersenCommitment), "OpenCommitment wrong type"); Assert.IsInstanceOfType(proverParams.ClosedCommitment, typeof(GroupElement), "ClosedCommitment wrong type"); Assert.IsInstanceOfType(proverParams.OpenCommitment, typeof(PedersenCommitment), "OpenCommitment wrong type"); Assert.IsInstanceOfType(proverParams.ClosedCommitment, typeof(GroupElement), "ClosedCommitment wrong type"); for (int i = 0; i < proverParams.DecompositionLength; ++i) { Assert.IsInstanceOfType(proverParams.OpenBitDecomposition(i), typeof(PedersenCommitment), "OpenBitDecomposition(i) returned wrong type"); Assert.IsInstanceOfType(proverParams.ClosedBitDecomposition(i), typeof(GroupElement), "ClosedBitDecomposition returned wrong type"); } }
public void InequalityTokenIntegration2Test() { // In this example, the token hashes the attribute // but example also works if hashAttributes=false bool hashAttributes = true; // Setting up attributes for token byte[][] attributes = new byte[][] { _encoding.GetBytes("Attribute 1"), _encoding.GetBytes("Attribute 2"), _encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare _encoding.GetBytes("Attribute 4") }; // generate token ProverPresentationProtocolParameters prover; VerifierPresentationProtocolParameters verifier; StaticHelperClass.GetUProveParameters(hashAttributes, out prover, out verifier, null, attributes); CommitmentPrivateValues cpv; PresentationProof proof = PresentationProof.Generate(prover, out cpv); // computing target constant - "Student" byte[] targetAttribute = _encoding.GetBytes("Student"); int targetAttributeIndex = 3 - 1; // We will compare "Student" to the third token attribute. FieldZqElement targetValue = ProtocolHelper.ComputeXi(prover.IP, targetAttributeIndex, targetAttribute); // this is what "Student" would be encoded as if it was the third token attribute // Create PedersenCommitments // The prover and verifier have a map Committed that contains the relationship between // token attributes and CommitmentPrivateValues. int commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(prover.Committed, 3); // attribute 3 from prover1 PedersenCommitment ped = new PedersenCommitment(prover, proof, cpv, commitmentIndex); Assert.AreNotEqual(targetValue, ped.CommittedValue, "Committed value is not Student."); // Check that "Teaching Assistant" is the commited value of the pedesen commitment. FieldZqElement expectedCommittedValue = ProtocolHelper.ComputeXi(prover.IP, targetAttributeIndex, _encoding.GetBytes("Teaching Assistant")); Assert.AreEqual(expectedCommittedValue, ped.CommittedValue, "Committed value is Teaching Assistant."); // Create InequalityProof CryptoParameters crypto = new CryptoParameters(prover.IP); // Can use prover2.IP ProverInequalityProofParameters inequalityProver = new ProverInequalityProofParameters(ped, targetValue, crypto); // compares committed values in ped1 and ped2 InequalityProof ineQproof = new InequalityProof(inequalityProver); // Verify InequalityProof commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(verifier.Committed, 3); // attribute 3 from prover ClosedPedersenCommitment closedPed = new ClosedPedersenCommitment(verifier.IP, proof, commitmentIndex); VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed.Value, targetValue, crypto); Assert.IsTrue(ineQproof.Verify(inequalityVerifier)); // test U-Prove wrapper InequalityProof ineQProof2 = InequalityProof.GenerateUProveInequalityProof( new EQProofUProveProverData(prover, cpv, proof, 3), targetAttribute); InequalityProof.VerifyUProveEqualityProof( new EQProofUProveVerifierData(verifier, proof, 3), targetAttribute, ineQProof2); }
public void InequalityTokenIntegrationTest() { // Both tokens will hash attributes // but example also works if hashAttributes=false bool hashAttributes = true; // Setting up IssuerParameters for token1 byte[] uidP1 = new byte[] { 1, 1, 2, 3, 5, 8 }; byte[] tokenInformation1 = new byte[] { 1, 2, 3, 4, 5, 6, 7 }; byte[][] attributes1 = new byte[][] { _encoding.GetBytes("Attribute 1"), _encoding.GetBytes("Attribute 2"), _encoding.GetBytes("Teaching Assistant"), // this is the attribute we'll compare _encoding.GetBytes("Attribute 4") }; // Setting up IssuerParameters for token2 byte[] tokenInformation2 = new byte[] { 12, 13, 14, 15, 0, 10 }; byte[] uidP2 = new byte[] { 3, 1, 4, 1, 5 }; byte[][] attributes2 = new byte[][] { _encoding.GetBytes("Student"), // this is the attribute we'll compare _encoding.GetBytes("Attribute 2"), _encoding.GetBytes("Attribute 3"), _encoding.GetBytes("Attribute 4") }; // generate tokens ProverPresentationProtocolParameters prover1, prover2; VerifierPresentationProtocolParameters verifier1, verifier2; StaticHelperClass.GetUProveParameters(hashAttributes, out prover1, out verifier1, tokenInformation1, attributes1, null, uidP1); StaticHelperClass.GetUProveParameters(hashAttributes, out prover2, out verifier2, tokenInformation2, attributes2, null, uidP2); CommitmentPrivateValues cpv1, cpv2; PresentationProof proof1 = PresentationProof.Generate(prover1, out cpv1); PresentationProof proof2 = PresentationProof.Generate(prover2, out cpv2); // Create PedersenCommitments // The prover and verifier have a map Committed that contains the relationship between // token attributes and CommitmentPrivateValues. int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(prover1.Committed, 3); // attribute 3 from prover1 PedersenCommitment ped1 = new PedersenCommitment(prover1, proof1, cpv1, commitmentIndex1); int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(prover2.Committed, 1); // attribute 1 from prover2 PedersenCommitment ped2 = new PedersenCommitment(prover2, proof2, cpv2, commitmentIndex2); // Create InequalityProof CryptoParameters crypto = new CryptoParameters(prover1.IP); // Can use prover2.IP ProverInequalityProofParameters inequalityProver = new ProverInequalityProofParameters(ped1, ped2, crypto); // compares committed values in ped1 and ped2 InequalityProof ineQProof = new InequalityProof(inequalityProver); // Verify InequalityProof commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.Committed, 3); // attribute 3 from prover1 commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.Committed, 1); // attribute 1 from prover2 ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.IP, proof1, commitmentIndex1); ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.IP, proof2, commitmentIndex2); VerifierInequalityProofParameters inequalityVerifier = new VerifierInequalityProofParameters(closedPed1.Value, closedPed2.Value, crypto); Assert.IsTrue(ineQProof.Verify(inequalityVerifier)); // test U-Prove wrapper InequalityProof ineQProof2 = InequalityProof.GenerateUProveInequalityProof( new EQProofUProveProverData(prover1, cpv1, proof1, 3), new EQProofUProveProverData(prover2, cpv2, proof2, 1)); InequalityProof.VerifyUProveEqualityProof( new EQProofUProveVerifierData(verifier1, proof1, 3), new EQProofUProveVerifierData(verifier2, proof2, 1), ineQProof2); }