public static bool Verify(ECPoint C, RangeSigatureType rangeSig)
{
Initialize();
List <ECPoint> CiH = new List <ECPoint>();
ECPoint Ctmp = rangeSig.Ci[0];
bool reb = false;
bool rab = false;
Console.WriteLine(rangeSig.Ci.Count);
Console.WriteLine(H2.Count);
for (int i = 0; i < ASNLRingSignature.AMOUNT_SIZE; i++)
{
CiH.Add(rangeSig.Ci[i] - H2[i]);
if (i > 0)
{
Ctmp = Ctmp + rangeSig.Ci[i];
}
}
reb = C.ToString() == Ctmp.ToString();
rab = ASNLRingSignature.Verify(rangeSig.Ci, CiH, rangeSig.AsnlSig);
return(reb && rab);
}
/// <summary>
/// Generate gives C, and mask such that \sumCi = C
/// c.f. http://eprint.iacr.org/2015/1098 section 5.1
/// and Ci is a commitment to either 0 or 2^i, i=0,...,63
/// thus this proves that "amount" is in [0, 2^64]
/// mask is a such that C = aG + bH, and b = amount
/// </summary>
/// <returns></returns>
public static RangeProveType Generate(Fixed8 amount)
{
Initialize();
byte[] mask = new byte[32];
ECPoint C = new ECPoint();
List <int> binaryAmount = amount.ToBinaryFormat();
List <byte[]> ai = new List <byte[]>();
List <ECPoint> CiH = new List <ECPoint>();
RangeProveType rangeProver = new RangeProveType();
for (int i = 0; i < ASNLRingSignature.AMOUNT_SIZE; i++)
{
byte[] ai_i = new byte[32];
ai.Add(ai_i);
if (binaryAmount[i] == 0)
{
rangeProver.rangeSig.Ci.Add(ECCurve.Secp256r1.G * ai_i);
}
else if (binaryAmount[i] == 1)
{
rangeProver.rangeSig.Ci.Add(ECCurve.Secp256r1.G * ai_i + H2[i]);
}
else
{
throw new Exception("Range Prove => Binary Format Error!");
}
CiH.Add(rangeProver.rangeSig.Ci[i] - H2[i]);
mask = ScalarFunctions.Add(mask, ai[i]);
if (i == 0)
{
C = rangeProver.rangeSig.Ci[i];
}
else
{
C = C + rangeProver.rangeSig.Ci[i];
}
}
rangeProver.C = C;
rangeProver.mask = mask;
rangeProver.rangeSig.AsnlSig = ASNLRingSignature.Generate(ai, rangeProver.rangeSig.Ci, CiH, binaryAmount);
if (!ASNLRingSignature.Verify(rangeProver.rangeSig.Ci, CiH, rangeProver.rangeSig.AsnlSig))
{
throw new Exception("Range prove error => ASNL verify error!");
}
return(rangeProver.Export());
}