internal void OnDeserialized(StreamingContext context) { if (_key == null) throw new UProveSerializationException("key"); this.PrivateKey = _key.ToFieldZqElement(Serializer.ip.Zq); }
/// <summary> /// Constructs a new <code>ProofGenerationRandomData</code> instance. /// </summary> /// <param name="w0">The <code>w0</code> value.</param> /// <param name="w">The <code>w</code> values.</param> /// <param name="wd">The <code>wd</code> value if the token is Device-protected; null otherwise.</param> /// <param name="tildeO">The <code>tildeO</code> values (if attribute commitments are generated).</param> /// <param name="tildeW">The <code>tildeW</code> values (if attribute commitments are generated).</param> public ProofGenerationRandomData(FieldZqElement w0, FieldZqElement[] w, FieldZqElement wd, FieldZqElement[] tildeO, FieldZqElement[] tildeW) { this.w0 = w0; this.w = w; this.wd = wd; this.tildeO = tildeO; this.tildeW = tildeW; }
/// <summary> /// Generates an array of random Zq elements. /// </summary> /// <param name="n">The number of elements to return.</param> /// <param name="nonZero">True to return non-zero elements.</param> /// <param name="maxBitLength">Maximum length of the random elements, or -1 for full size elements.</param> /// <returns>Random Zq elements.</returns> public FieldZqElement[] GetRandomElements(int n, bool nonZero, int maxBitLength = -1) { FieldZqElement[] r = new FieldZqElement[n]; for (int i = 0; i < n; i++) { r[i] = GetRandomElement(nonZero, maxBitLength); } return(r); }
/// <summary> /// Construct a FieldZqElement array with the values given. /// </summary> /// <param name="values">An array of arrays of bytes representing the values in big endian order.</param> /// <returns>A new FieldZqElement from this field with the given value.</returns> public FieldZqElement[] GetElements(byte[][] values) { FieldZqElement[] elements = new FieldZqElement[values.Length]; for (int j = 0; j < values.Length; j++) { elements[j] = GetElement(values[j]); } return elements; }
/// <summary> /// Construct a FieldZqElement array with the values given. /// </summary> /// <param name="values">An array of arrays of bytes representing the non-negative values in big endian order.</param> /// <returns>A new FieldZqElement from this field with the given value.</returns> public FieldZqElement[] GetElements(byte[][] values) { FieldZqElement[] elements = new FieldZqElement[values.Length]; for (int j = 0; j < values.Length; j++) { elements[j] = GetElement(values[j]); } return(elements); }
/// <summary> /// Represents a U-Prove token. /// </summary> /// <param name="uidp">The Issuer parameters UID.</param> /// <param name="h">The public key value h.</param> /// <param name="TI">The token information field value.</param> /// <param name="PI">The Prover information field value.</param> /// <param name="sigmaZPrime">The sigmaZPrime value.</param> /// <param name="sigmaCPrime">The sigmaCPrime value.</param> /// <param name="sigmaRPrime">The sigmaRPrime value.</param> /// <param name="isDeviceProtected">True if the token is Device-protected, false otherwise.</param> public UProveToken(byte[] uidp, GroupElement h, byte[] TI, byte[] PI, GroupElement sigmaZPrime, FieldZqElement sigmaCPrime, FieldZqElement sigmaRPrime, bool isDeviceProtected) { this.uidp = uidp; this.h = h; this.ti = TI; this.pi = PI; this.sigmaZPrime = sigmaZPrime; this.sigmaCPrime = sigmaCPrime; this.sigmaRPrime = sigmaRPrime; this.isDeviceProtected = isDeviceProtected; }
/// <summary> /// Constructs an IssuerKeyAndParameters instance. /// </summary> /// <param name="privateKey">The private key.</param> /// <param name="issuerParameters">The Issuer parameters.</param> public IssuerKeyAndParameters(FieldZqElement privateKey, IssuerParameters issuerParameters) { if (privateKey == null) { throw new ArgumentNullException("privateKey"); } if (issuerParameters == null) { throw new ArgumentNullException("issuerParameters"); } this.privateKey = privateKey; this.issuerParameters = issuerParameters; }
/// <summary> /// Compute a product of powers. /// Return the product of the <code>bases[i].Exponentiate(exponents[i])</code> for <c>i</c> from <c>0</c> to <c>bases.Length -1</c>. /// The inputs <c>bases</c> and <c>exponents</c> must have the same length /// </summary> /// <param name="bases">Group elements array.</param> /// <param name="exponents">Field elements array.</param> /// <returns>Multi-exponentiation of the group elements to the field elements.</returns> public abstract GroupElement MultiExponentiate(GroupElement[] bases, FieldZqElement[] exponents);
/// <summary> /// Returns <code>this^exponent</code>. /// </summary> /// <param name="exponent">The exponent.</param> /// <returns>A group element.</returns> public abstract GroupElement Exponentiate(FieldZqElement exponent);
public static PresentationProof Generate(IssuerParameters ip, int[] disclosed, int[] committed, int pseudonymAttribIndex, byte[] pseudonymScope, byte[] message, byte[] messageD, IDevicePresentationContext deviceContext, UProveKeyAndToken upkt, byte[][] attributes, out FieldZqElement[] tildeO) { return Generate(ip, disclosed, committed, pseudonymAttribIndex, pseudonymScope, message, messageD, deviceContext, upkt, attributes, null, out tildeO); }
public void Verify(IssuerParameters ip, int[] disclosed, int[] committed, int pseudonymAttribIndex, GroupElement gs, byte[] message, byte[] messageD, UProveToken upt) { try { // make sure disclosed list is sorted if (disclosed == null) { // can't be null later, so make it an empty array disclosed = new int[] { }; } Array.Sort(disclosed); Group Gq = ip.Gq; int n = ip.E.Length; bool presentPseudonym = false; if (gs != null && pseudonymAttribIndex != 0) { if (pseudonymAttribIndex < 1 || (pseudonymAttribIndex > n && pseudonymAttribIndex != DeviceAttributeIndex)) { throw new ArgumentException("pseudonymAttribIndex must be between 1 and " + n + " (inclusive)"); } if (disclosed.Contains(pseudonymAttribIndex)) { throw new ArgumentException("pseudonymAttribIndex cannot be in the disclosed attribute array"); } presentPseudonym = true; } else // no nym { pseudonymAttribIndex = 0; } bool verifyCommitments = (committed != null && committed.Length > 0); if (verifyCommitments) { Array.Sort(committed); } ProtocolHelper.VerifyTokenSignature(ip, upt); FieldZqElement[] disclosedX = new FieldZqElement[disclosedAttributes.Length]; GroupElement dAccumulator = ip.G[0] * ip.G[n + 1].Exponentiate(ProtocolHelper.ComputeXt(ip, upt.TI, upt.IsDeviceProtected)); // g0 * gt^xt GroupElement uAccumulator = upt.H.Exponentiate(this.r[0]); int dIndex = 0; int uIndex = 1; int cIndex = 0; int pseudonymResponseIndex = 0; int[] commitmentResponseIndices = verifyCommitments ? new int[committed.Length] : null; for (int i = 1; i <= n; i++) { if (disclosed.Contains(i)) { disclosedX[dIndex] = ProtocolHelper.ComputeXi(ip, i - 1, disclosedAttributes[dIndex]); dAccumulator = dAccumulator * ip.G[i].Exponentiate(disclosedX[dIndex]); dIndex++; } else { uAccumulator = uAccumulator * ip.G[i].Exponentiate(this.r[uIndex]); if (presentPseudonym) { if (pseudonymAttribIndex == i) { pseudonymResponseIndex = uIndex; } } if (verifyCommitments) { if (committed.Contains(i)) { // remember which response correspond to which commitment commitmentResponseIndices[cIndex] = uIndex; cIndex++; } } uIndex++; } } if (pseudonymAttribIndex == DeviceAttributeIndex) { pseudonymResponseIndex = this.r.Length - 1; // r_d is the last response in the array } byte[] unused; // verifier doesn't use the returned message for device FieldZqElement c = ProtocolHelper.GenerateChallenge(ip, upt, this.a, pseudonymAttribIndex, this.ap, this.ps, message, messageD, disclosed, disclosedX, committed, this.Commitments, out unused); HashFunction hash = ip.HashFunction; hash.Hash((dAccumulator.Exponentiate(c.Negate()) * uAccumulator * (upt.IsDeviceProtected ? ip.Gd.Exponentiate(this.r[this.r.Length -1]) : Gq.Identity))); if (!this.a.SequenceEqual(hash.Digest)) { throw new InvalidUProveArtifactException("Invalid presentation proof"); } if (presentPseudonym) { hash.Hash(this.ps.Exponentiate(c).Multiply(gs.Exponentiate(this.r[pseudonymResponseIndex]))); if (!this.ap.SequenceEqual(hash.Digest)) { throw new InvalidUProveArtifactException("Invalid pseudonym"); } } if (verifyCommitments) { for (int i = 0; i < commitmentResponseIndices.Length; i++) { CommitmentValues commitment = this.Commitments[i]; hash.Hash(commitment.TildeC.Exponentiate(c).Multiply(ip.Gq.G.Exponentiate(this.r[commitmentResponseIndices[i]])).Multiply(ip.G[1].Exponentiate(commitment.TildeR))); if (!commitment.TildeA.SequenceEqual(hash.Digest)) { throw new InvalidUProveArtifactException("Invalid commitment " + committed[i]); } } } } catch (ArgumentException) { throw new InvalidUProveArtifactException("Invalid presentation proof"); } catch (IndexOutOfRangeException) { throw new InvalidUProveArtifactException("Invalid presentation proof"); } }
/// <summary> /// Generates a presentation proof including optionally presenting a pseudonym, creating attribute commitments, and passing pre-generated random values. /// </summary> /// <param name="ip">The issuer parameters corresponding to <code>upkt</code>.</param> /// <param name="disclosed">An ordered array of disclosed attribute indices.</param> /// <param name="committed">An ordered array of committed attribute indices.</param> /// <param name="pseudonymAttribIndex">Index of the attribute used to create a scope-exclusive pseudonym, or 0 if no pseudonym is to be presented. The index must not be part of the disclosed attributes.</param> /// <param name="gs">The pseudonym scope element, or null if no pseudonym is to be presented.</param> /// <param name="message">The presentation message.</param> /// <param name="messageD">The message for the Device, or null.</param> /// <param name="deviceContext">The active device context, if token is device-protected, or null.</param> /// <param name="upkt">The U-Proke key and token.</param> /// <param name="attributes">The token attributes.</param> /// <param name="preGenW">Optional pregenerated random data for the proof generation.</param> /// <param name="cpv">Returned commitment private values if commitments are computed.</param> /// <returns>A presentation proof.</returns> internal static PresentationProof Generate(IssuerParameters ip, int[] disclosed, int[] committed, int pseudonymAttribIndex, GroupElement gs, byte[] message, byte[] messageD, IDevicePresentationContext deviceContext, UProveKeyAndToken upkt, byte[][] attributes, ProofGenerationRandomData preGenW, out CommitmentPrivateValues cpv) { if (upkt.Token.IsDeviceProtected && deviceContext == null) { throw new ArgumentNullException("Device context is not initialized"); } bool generateCommitments = (committed != null && committed.Length > 0); FieldZqElement[] tildeO = null; // make sure disclosed and committed lists are sorted if (disclosed == null) { // can't be null later, so make it an empty array disclosed = new int[] { }; } Array.Sort(disclosed); if (generateCommitments) { Array.Sort(committed); } int n = 0; if (ip.E != null) n = ip.E.Length; bool presentPseudonym = false; if (gs != null) { if (pseudonymAttribIndex < 1 || (pseudonymAttribIndex > n && pseudonymAttribIndex != DeviceAttributeIndex)) { throw new ArgumentException("pseudonymAttribIndex must be between 1 and " + n + " (inclusive)"); } if (disclosed.Contains(pseudonymAttribIndex)) { throw new ArgumentException("pseudonymAttribIndex cannot be in the disclosed attribute array"); } presentPseudonym = true; } else if (pseudonymAttribIndex > 0) { throw new ArgumentNullException("gs is null"); } else { pseudonymAttribIndex = 0; } Group Gq = ip.Gq; FieldZq Zq = ip.Zq; FieldZqElement xt = ProtocolHelper.ComputeXt(ip, upkt.Token.TI, upkt.Token.IsDeviceProtected); ProofGenerationRandomData random; if (preGenW == null) { random = ProofGenerationRandomData.Generate(n - disclosed.Length, generateCommitments ? committed.Length : 0, Zq, upkt.Token.IsDeviceProtected); } else { random = preGenW; } FieldZqElement[] x = new FieldZqElement[n]; GroupElement temp = upkt.Token.H.Exponentiate(random.W0); int uIndex = 0; int dIndex = 0; int cIndex = 0; PresentationProof proof = new PresentationProof(); proof.DisclosedAttributes = new byte[disclosed.Length][]; int pseudonymRandomizerIndex = 0; if (generateCommitments) { proof.Commitments = new CommitmentValues[committed.Length]; tildeO = new FieldZqElement[committed.Length]; } HashFunction hash = ip.HashFunction; for (int i = 0; i < n; i++) { x[i] = ProtocolHelper.ComputeXi(ip, i, attributes[i]); if (!disclosed.Contains(i + 1)) { temp = temp * ip.G[i + 1].Exponentiate(random.W[uIndex]); if (presentPseudonym) { if (pseudonymAttribIndex == (i + 1)) { pseudonymRandomizerIndex = uIndex; } } if (generateCommitments && committed.Contains(i + 1)) { GroupElement tildeC = ip.Gq.G.Exponentiate(x[i]) * ip.G[1].Exponentiate(random.TildeO[cIndex]); tildeO[cIndex] = random.TildeO[cIndex]; GroupElement temp2 = ip.Gq.G.Exponentiate(random.W[uIndex]) * ip.G[1].Exponentiate(random.TildeW[cIndex]); hash.Hash(temp2); byte[] tildeA = hash.Digest; proof.Commitments[cIndex] = new CommitmentValues(tildeC, tildeA, null); cIndex++; } uIndex++; } else if (generateCommitments && committed.Contains(i + 1)) { throw new ArgumentException("attribute " + (i + 1) + " cannot be both disclosed and committed"); } else { proof.DisclosedAttributes[dIndex] = attributes[i]; dIndex++; } } if (upkt.Token.IsDeviceProtected) { GroupElement ad; // pseudonym computed by device if (presentPseudonym && pseudonymAttribIndex == DeviceAttributeIndex) { GroupElement apPrime; GroupElement Ps; ad = deviceContext.GetInitialWitnessesAndPseudonym(gs, out apPrime, out Ps); hash.Hash(apPrime * gs.Exponentiate(random.Wd)); proof.Ap = hash.Digest; proof.Ps = Ps; } else { ad = deviceContext.GetInitialWitness(); } temp = temp * ip.Gd.Exponentiate(random.Wd) * ad; } hash.Hash(temp); proof.a = hash.Digest; // pseudonym derived from one token attribute if (presentPseudonym && pseudonymAttribIndex != DeviceAttributeIndex) { hash.Hash(gs.Exponentiate(random.W[pseudonymRandomizerIndex])); proof.Ap = hash.Digest; proof.Ps = gs.Exponentiate(x[pseudonymAttribIndex - 1]); } byte[] mdPrime; FieldZqElement c = ProtocolHelper.GenerateChallenge(ip, upkt.Token, proof.a, pseudonymAttribIndex, proof.ap, proof.Ps, message, messageD, disclosed, GetDisclosedX(disclosed, x), committed, proof.Commitments, out mdPrime); proof.r = new FieldZqElement[1 + n - disclosed.Length + (upkt.Token.IsDeviceProtected ? 1 : 0)]; // r_0, {r_i} for undisclosed i, r_d proof.r[0] = c * upkt.PrivateKey + random.W0; uIndex = 1; for (int i = 1; i <= n; i++) { if (!disclosed.Contains(i)) { proof.r[uIndex] = c.Negate() * x[i - 1] + random.W[uIndex - 1]; uIndex++; } } if (upkt.Token.IsDeviceProtected) { proof.r[proof.r.Length - 1] = deviceContext.GetDeviceResponse(messageD, mdPrime, ip.HashFunctionOID) + random.Wd; } if (generateCommitments) { for (int i = 0; i < committed.Length; i++) { proof.Commitments[i].TildeR = c.Negate() * random.TildeO[i] + random.TildeW[i]; } } random.Clear(); cpv = new CommitmentPrivateValues(tildeO); return proof; }
public static PresentationProof Generate(IssuerParameters ip, int[] disclosed, int[] committed, int pseudonymAttribIndex, GroupElement gs, byte[] message, byte[] messageD, IDevicePresentationContext deviceContext, UProveKeyAndToken upkt, byte[][] attributes, ProofGenerationRandomData preGenW, out FieldZqElement[] tildeO) { CommitmentPrivateValues cpv; PresentationProof proof = Generate(ip, disclosed, committed, pseudonymAttribIndex, gs, message, messageD, deviceContext, upkt, attributes, preGenW, out cpv); tildeO = cpv.TildeO; return proof; }
/// <summary> /// Multiply this element by the element e. /// </summary> /// <param name="e">The value to multiply this value by.</param> /// <returns>The value of this * e.</returns> public abstract FieldZqElement Multiply(FieldZqElement e);
/// <summary> /// Constructs a new instance. /// </summary> /// <param name="tildeO">The <code>tildeO</code> value of the commitments.</param> public CommitmentPrivateValues(FieldZqElement[] tildeO) { TildeO = tildeO; }
/// <summary> /// Convert a base64 string to a FieldElement[] using a specific FieldZq object. /// </summary> /// <param name="encodedElements">The encoded string to convert.</param> /// <param name="Zq">The fieldZq object to use.</param> /// <returns>The converted object.</returns> public static FieldZqElement[] ToFieldElementArray(this String[] encodedElements, FieldZq Zq) { if (encodedElements == null) return null; FieldZqElement[] fieldElements = new FieldZqElement[encodedElements.Length]; for (int i = 0; i < encodedElements.Length; i++) { fieldElements[i] = encodedElements[i].ToFieldZqElement(Zq); } return fieldElements; }
/// <summary> /// Exponentiate this value to the exponent power. /// </summary> /// <param name="exponent">The exponent to raise this value to.</param> /// <returns>This value to the exponent power.</returns> public abstract FieldZqElement ModPow(FieldZqElement exponent);
/// <summary> /// Hash a FieldZqElement array. /// </summary> /// <param name="values">An array of FieldZqElements to be hashed.</param> public void Hash(FieldZqElement[] values) { if (values == null) { HashNull(); } else { Hash(values.Length); foreach (FieldZqElement i in values) { Hash(i); } } }
/// <summary> /// Divide this element by the element e. Does not check for division /// by 0 errors. /// </summary> /// <param name="e">The value to divide this value by.</param> /// <returns>The value of this / e</returns> public FieldZqElement Divide(FieldZqElement e) { return(this * e.Invert()); }
internal void OnDeserialized(StreamingContext context) { if (_uidp == null) throw new UProveSerializationException("uidp"); if (_h == null) throw new UProveSerializationException("h"); if (_sigmaZPrime == null) throw new UProveSerializationException("szp"); if (_sigmaCPrime == null) throw new UProveSerializationException("scp"); if (_sigmaRPrime == null) throw new UProveSerializationException("srp"); // default to false if not provided if (_isDeviceProtected == null) _isDeviceProtected = false; this.uidp = _uidp.ToByteArray(); this.h = _h.ToGroupElement(Serializer.ip); this.ti = _ti.ToByteArray(); this.pi = _pi.ToByteArray(); this.sigmaZPrime = _sigmaZPrime.ToGroupElement(Serializer.ip); this.sigmaCPrime = _sigmaCPrime.ToFieldZqElement(Serializer.ip.Zq); this.sigmaRPrime = _sigmaRPrime.ToFieldZqElement(Serializer.ip.Zq); this.isDeviceProtected = _isDeviceProtected.Value; }
/// <summary> /// Constructs a new VirtualDevice instance. /// </summary> /// <param name="parameterSet">The parameter set.</param> /// <param name="xd">The device private key.</param> /// <param name="preGenWdPrime">The pregenerated w_d prime value (for one presentation)</param> public VirtualDevice(ParameterSet parameterSet, FieldZqElement xd, FieldZqElement preGenWdPrime) : this(parameterSet.Group, parameterSet.Gd, FieldZq.CreateFieldZq(parameterSet.Group.Q), xd, preGenWdPrime) { }
/// <summary> /// Add the value to this value and return the result. /// </summary> /// <param name="e">The value to add to this value.</param> /// <returns>This value plus e.</returns> public abstract FieldZqElement Add(FieldZqElement e);
/// <summary> /// Constructs a new instance. /// </summary> /// <param name="tildeC">The <code>tildeC</code> value.</param> /// <param name="tildeA">The <code>tildeA</code> value.</param> /// <param name="tildeR">The <code>tildeR</code> value.</param> public CommitmentValues(GroupElement tildeC, byte[] tildeA, FieldZqElement tildeR) { TildeC = tildeC; TildeA = tildeA; TildeR = tildeR; }
/// <summary> /// Private constructor - takes and sets all fields. /// </summary> /// <param name="Gq">The group</param> /// <param name="gd">The device generator</param> /// <param name="Zq">The Field associated to the group <c>Gq</c></param> /// <param name="xd">The xd.</param> /// <param name="preGenWdPrime">The pre gen wd prime.</param> VirtualDevice(Group Gq, GroupElement gd, FieldZq Zq, FieldZqElement xd, FieldZqElement preGenWdPrime) { if (xd != null && !Zq.IsElement(xd)) { throw new ArgumentException("xd is not a valid Zq element"); } this.Gd = gd; this.Gq = Gq; this.Zq = Zq; this.xd = xd ?? this.Zq.GetRandomElement(true); // assign xd a random value if null this.wdPrime = preGenWdPrime; this.hd = this.Gd.Exponentiate(this.xd); }
/// <summary> /// Constructs a new <code>PresentationProof</code> instance. /// </summary> /// <param name="disclosedAttributes">The disclosed attributes.</param> /// <param name="a">The <code>a</code> value.</param> /// <param name="ap">The <code>ap</code> value.</param> /// <param name="ps">The <code>Ps</code> value.</param> /// <param name="r">The <code>r</code> values.</param> /// <param name="commitments">The commitments values.</param> public PresentationProof(byte[][] disclosedAttributes, byte[] a, byte[] ap, GroupElement ps, FieldZqElement[] r, CommitmentValues[] commitments) { this.disclosedAttributes = disclosedAttributes; this.a = a; this.ap = ap; this.ps = ps; this.r = r; this.commitments = commitments; }
GroupElement IDevicePresentationContext.GetInitialWitness() { if (this.device == null) { throw new DeviceException("Invalid context."); } if (this.wdPrime != null) { throw new DeviceException("Initial witness already calculated."); } this.wdPrime = this.device.wdPrime ?? this.device.Zq.GetRandomElement(false); return this.device.Gd.Exponentiate(this.wdPrime); }
/// <summary> /// Generates an array of random Zq elements. /// </summary> /// <param name="n">The number of elements to return.</param> /// <param name="nonZero">True to return non-zero elements.</param> /// <param name="maxBitLength">Maximum length of the random elements, or -1 for full size elements.</param> /// <returns>Random Zq elements.</returns> public FieldZqElement[] GetRandomElements(int n, bool nonZero, int maxBitLength = -1) { FieldZqElement[] r = new FieldZqElement[n]; for (int i = 0; i < n; i++) { r[i] = GetRandomElement(nonZero, maxBitLength); } return r; }
/// <summary> /// Hash a FieldZqElement. /// </summary> /// <param name="value">A field Zq element to be hashed.</param> public void Hash(FieldZqElement value) { if (value == null) { HashNull(); return; } Hash(value.ToByteArray()); }
public static PresentationProof Generate(IssuerParameters ip, int[] disclosed, int[] committed, int pseudonymAttribIndex, byte[] pseudonymScope, byte[] message, byte[] messageD, IDevicePresentationContext deviceContext, UProveKeyAndToken upkt, byte[][] attributes, ProofGenerationRandomData preGenW, out FieldZqElement[] tildeO) { GroupElement gs = ProtocolHelper.GenerateScopeElement(ip.Gq, pseudonymScope); return Generate(ip, disclosed, committed, pseudonymAttribIndex, gs, message, messageD, deviceContext, upkt, attributes, preGenW, out tildeO); }
/// <summary> /// Returns true if the given element is an element from this field. /// </summary> /// <param name="element">The element to check.</param> /// <returns>True if the given element is an element from this field.</returns> public abstract bool IsElement(FieldZqElement element);
// Helper method for Generate(...) private static FieldZqElement[] GetDisclosedX(int[] disclosed, FieldZqElement[] x) { FieldZqElement[] disclosedX = new FieldZqElement[disclosed.Length]; int index = 0; foreach (int i in disclosed) { disclosedX[index++] = x[i - 1]; } return disclosedX; }
/// <summary> /// Constructs a new VirtualDevice instance. /// </summary> /// <param name="ip">The Issuer parameters.</param> /// <param name="xd">The device private key.</param> /// <param name="preGenWdPrime">The pregenerated w_d prime value (for one presentation)</param> public VirtualDevice(IssuerParameters ip, FieldZqElement xd, FieldZqElement preGenWdPrime) : this(ip.Gq, ip.Gd, ip.Zq, xd, preGenWdPrime) { }
/// <summary> /// Clears the object. /// Note that this method does not guarantee the memory will be securely zeroized. /// </summary> public void Clear() { w0 = null; if (w != null) { Array.Clear(w, 0, w.Length); w = null; } wd = null; if (tildeO != null) { Array.Clear(tildeO, 0, tildeO.Length); tildeO = null; } if (tildeW != null) { Array.Clear(tildeW, 0, tildeW.Length); tildeW = null; } }
/// <summary> /// Constructs a new VirtualDevice instance. /// </summary> /// <param name="parameterSet">The parameter set.</param> /// <param name="xd">The device private key.</param> public VirtualDevice(ParameterSet parameterSet, FieldZqElement xd) : this(parameterSet, xd, null) { }
GroupElement IDevicePresentationContext.GetInitialWitnessesAndPseudonym(GroupElement gs, out GroupElement apPrime, out GroupElement Ps) { if (this.device == null) { throw new DeviceException("Invalid context."); } if (this.wdPrime != null) { throw new DeviceException("Initial witness already calculated."); } this.wdPrime = this.device.wdPrime ?? this.device.Zq.GetRandomElement(false); // compute pseudonym apPrime = gs.Exponentiate(this.wdPrime); Ps = gs.Exponentiate(this.device.xd); // compute initial witness return this.device.Gd.Exponentiate(this.wdPrime); }
/// <summary> /// Subtracts e from this value and returns the result. /// </summary> /// <param name="e">The value to subtract from this value.</param> /// <returns>This value minus e.</returns> public FieldZqElement Subtract(FieldZqElement e) { return(this + e.Negate()); }
/// <summary> /// Constructs a new VirtualDevice instance. /// </summary> /// <param name="ip">The Issuer parameters.</param> /// <param name="xd">The device private key.</param> public VirtualDevice(IssuerParameters ip, FieldZqElement xd) : this(ip, xd, null) {}