public static void ReadWriteC(this BitcoinStream bs, ref PermutationTestProof proof) { if (bs.Serializing) { if (proof == null) { uint o = 0; bs.ReadWriteAsVarInt(ref o); return; } var len = (uint)proof.Signatures.Length; bs.ReadWriteAsVarInt(ref len); for (int i = 0; i < len; i++) { var sig = proof.Signatures[i]; bs.ReadWriteAsVarString(ref sig); } } else { uint len = 0; bs.ReadWriteAsVarInt(ref len); if (len == 0) { proof = null; return; } if (len > bs.MaxArraySize) { throw new ArgumentOutOfRangeException("Array is too big"); } var signatures = new byte[len][]; for (int i = 0; i < len; i++) { byte[] sig = null; bs.ReadWriteAsVarString(ref sig); signatures[i] = sig; } proof = new PermutationTestProof(signatures); } }
private static Tuple <RsaKey, RSAKeyData> LoadRSAKeyData(string dataDir, string keyName, bool noRSAProof) { RSAKeyData data = new RSAKeyData(); RsaKey key = null; { var rsaFile = Path.Combine(dataDir, keyName); if (!File.Exists(rsaFile)) { Logs.Configuration.LogWarning("RSA private key not found, please backup it. Creating..."); key = new RsaKey(); File.WriteAllBytes(rsaFile, key.ToBytes()); Logs.Configuration.LogInformation("RSA key saved (" + rsaFile + ")"); } else { Logs.Configuration.LogInformation("RSA private key found (" + rsaFile + ")"); key = new RsaKey(File.ReadAllBytes(rsaFile)); } } data.PublicKey = key.PubKey; if (!noRSAProof) { { var poupard = Path.Combine(dataDir, "ProofPoupard-" + keyName); PoupardSternProof poupardProof = null; if (!File.Exists(poupard)) { Logs.Configuration.LogInformation("Creating Poupard Stern proof..."); poupardProof = PoupardStern.ProvePoupardStern(key._Key, RSAKeyData.PoupardSetup); MemoryStream ms = new MemoryStream(); BitcoinStream bs = new BitcoinStream(ms, true); bs.ReadWriteC(ref poupardProof); File.WriteAllBytes(poupard, ms.ToArray()); Logs.Configuration.LogInformation("Poupard Stern proof created (" + poupard + ")"); } else { Logs.Configuration.LogInformation("Poupard Stern Proof found (" + poupard + ")"); var bytes = File.ReadAllBytes(poupard); MemoryStream ms = new MemoryStream(bytes); BitcoinStream bs = new BitcoinStream(ms, false); bs.ReadWriteC(ref poupardProof); } data.PoupardSternProof = poupardProof; } { var permutation = Path.Combine(dataDir, "ProofPermutation-" + keyName); PermutationTestProof permutationProof = null; if (!File.Exists(permutation)) { Logs.Configuration.LogInformation("Creating Permutation Test proof..."); permutationProof = PermutationTest.ProvePermutationTest(key._Key, RSAKeyData.PermutationSetup); MemoryStream ms = new MemoryStream(); BitcoinStream bs = new BitcoinStream(ms, true); bs.ReadWriteC(ref permutationProof); File.WriteAllBytes(permutation, ms.ToArray()); Logs.Configuration.LogInformation("Permutation Test proof created (" + permutation + ")"); } else { Logs.Configuration.LogInformation("Permutation Test Proof found (" + permutation + ")"); var bytes = File.ReadAllBytes(permutation); MemoryStream ms = new MemoryStream(bytes); BitcoinStream bs = new BitcoinStream(ms, false); bs.ReadWriteC(ref permutationProof); } data.PermutationTestProof = permutationProof; } } return(Tuple.Create(key, data)); }
/// <summary> /// Verifying algorithm as specified in section 2.6.3 of the setup /// </summary> /// <param name="pubKey">Public Key used to verify the proof</param> /// <param name="proof">Proof</param> /// <param name="setup">Setup parameters</param> /// <returns> true if the signatures verify, false otherwise</returns> public static bool VerifyPermutationTest(this RsaKeyParameters pubKey, PermutationTestProof proof, PermutationTestSetup setup) { if (setup == null) { throw new ArgumentNullException(nameof(setup)); } if (proof == null) { throw new ArgumentNullException(nameof(proof)); } byte[][] sigs = proof.Signatures; int alpha = setup.Alpha; int keyLength = setup.KeySize; byte[] psBytes = setup.PublicString; int k = setup.SecurityParameter; BigInteger Modulus = pubKey.Modulus; BigInteger Exponent = pubKey.Exponent; BigInteger Two = BigInteger.Two; // 2^{|N| - 1} BigInteger lowerLimit = Two.Pow(keyLength - 1); // 2^{|N|} BigInteger upperLimit = Two.Pow(keyLength); // if N < 2^{KeySize-1} if (Modulus.CompareTo(lowerLimit) < 0) { return(false); } // if N >= 2^{KeySize} if (Modulus.CompareTo(upperLimit) >= 0) { return(false); } // Generate m1 and m2 Get_m1_m2((decimal)alpha, Exponent.IntValue, k, out int m1, out int m2); // Verifying m2 if (!m2.Equals(sigs.Length)) { return(false); } // Verify alpha and N if (!CheckAlphaN(alpha, Modulus)) { return(false); } // Generate a "weird" public key var eN = Modulus.Multiply(Exponent); var pubKeyPrime = new RsaKeyParameters(false, Modulus, eN); // Generate list of rho values GetRhos(m2, psBytes, pubKey, keyLength, out byte[][] rhoValues); // Verifying the signatures for (int i = 0; i < m2; i++) { if (i <= m1) { var dec_sig = pubKeyPrime.Encrypt(sigs[i]); if (!dec_sig.SequenceEqual(rhoValues[i])) { return(false); } } else { var dec_sig = pubKey.Encrypt(sigs[i]); if (!dec_sig.SequenceEqual(rhoValues[i])) { return(false); } } } return(true); }