public static GroupElement[] GetCommitmentValues(CryptoParameters crypto, FieldZqElement[] committedValues, FieldZqElement[] openings)
        {
            if ((crypto == null) || (committedValues == null) || (openings == null) ||
                (committedValues.Length != openings.Length))
            {
                throw new ArgumentException("GetCommitmentValues expects non-null input, with arrays committedValues and openings of the same length.");
            }

            GroupElement[] values = new GroupElement[committedValues.Length];
            for (int i = 0; i < committedValues.Length; ++i)
            {
                PedersenCommitment ped = new PedersenCommitment(
                    crypto.G,
                    crypto.H,
                    committedValues[i],
                    openings[i],
                    crypto.Group);
                values[i] = ped.Value;
            }
            return(values);
        }
예제 #2
0
        /// <summary>
        /// Returns ProverRangeProofParameters that the committed date to the
        /// the verifier target date.  Range proof will require bit decomposition of  approximately  9 + log_2 (maxYear - minYear) bits.
        /// </summary>
        /// <param name="crypto">Crypto parameters</param>
        /// <param name="commitmentToDayOfYear">Commitment value in [0,365]</param>
        /// <param name="commitmentToYear">Commitment to a year in [minYear, maxYear].</param>
        /// <param name="rangeProofType">Range proof type.</param>
        /// <param name="verifierTargetDate">Commitment to a date in [minYear, maxYear +1).</param>
        /// <param name="minYear">Limits range of proof. </param>
        /// <param name="maxYear">Limits range of proof.</param>
        /// <returns></returns>
        public static ProverRangeProofParameters GetDateTimeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToYear, PedersenCommitment commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear)
        {
            //Check crypto parameters and pedersen commitment generators G and H
            if (!commitmentToYear.AreBasesEqual(commitmentToDayOfYear))
            {
                throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear have different bases.");
            }
            if ((crypto.G != commitmentToYear.BaseAtIndex(0)) ||
                (crypto.H != commitmentToYear.BaseAtIndex(1)))
            {
                throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear should use bases crypto.G and crypto.H.");
            }

            FieldZqElement minYearElement = crypto.FieldZq.GetElement((uint)minYear);
            FieldZqElement daysInOneYear  = crypto.FieldZq.GetElement(366);
            FieldZqElement committedYear  = commitmentToYear.ExponentAtIndex(0);
            FieldZqElement committedDay   = commitmentToDayOfYear.ExponentAtIndex(0);
            FieldZqElement openingYear    = commitmentToYear.ExponentAtIndex(1);
            FieldZqElement openingDay     = commitmentToDayOfYear.ExponentAtIndex(1);

            PedersenCommitment commitmentToYearAndDay = new PedersenCommitment(
                crypto.G,
                crypto.H,
                (committedYear + minYearElement.Negate()) * daysInOneYear + committedDay,
                openingYear * daysInOneYear + openingDay,
                crypto.Group);



            int maxValue           = (maxYear - minYear) * 366 + 365;
            int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear);

            return(new ProverRangeProofParameters(
                       crypto,
                       commitmentToYearAndDay,
                       rangeProofType,
                       verifierYearAndDay,
                       0,
                       maxValue));
        }
예제 #3
0
        /// <summary>
        /// Constructs a bit decomposition of openCommitment.CommittedValue and
        /// generates the appropriate ProverBitDecompositionParameters.
        /// If decompositionLength is too short, automatically chooses
        /// minimum required length.
        /// </summary>
        /// <param name="openCommitment">Pedersen Commitment to some value</param>
        /// <param name="decompositionLength">Number of bits in bit-decomposition.</param>
        /// <param name="parameterSet">Parameter set</param>
        /// <returns></returns>
        public ProverBitDecompositionParameters(
            PedersenCommitment openCommitment,
            int decompositionLength,
            CryptoParameters crypto)
            : base(crypto)
        {
            BitArray bits = VerifierBitDecompositionParameters.GetBitDecomposition(openCommitment.CommittedValue, decompositionLength, this.FieldZq);

            PedersenCommitment [] openBitDecomposition = new PedersenCommitment[bits.Length];
            for (int bitIndex = 0; bitIndex < bits.Length; ++bitIndex)
            {
                if (bits.Get(bitIndex))
                {
                    openBitDecomposition[bitIndex] = new PedersenCommitment(crypto.FieldZq.One, crypto);
                }
                else
                {
                    openBitDecomposition[bitIndex] = new PedersenCommitment(crypto.FieldZq.Zero, crypto);
                }
            }
            this.setProverParameters(openBitDecomposition, openCommitment);
        }
 /// <summary>
 /// Sets up the CryptoParameters. Need to call setVerifierParameters before
 /// these parameters are ready to use in a proof.
 /// </summary>
 /// <param name="parameters">Sets up the group, field, generators G and H, and hash function.
 ///     If null, will use default values.</param>
 public VerifierSetMembershipParameters(CryptoParameters parameters)
     : base(parameters)
 {
     this.setVerifierParameters(null);
 }
 /// <summary>
 /// Constructor. Sets the crypto parameters. Must call setProverParameters
 /// in order for this class to be ready to use.
 /// </summary>
 /// <param name="parameters">Sets crypto parameters: Group, FieldZq, G, H, HashFunction.
 /// If null, uses default parameters.</param>
 public ProverSetMembershipParameters(CryptoParameters parameters)
     : base(parameters)
 {
     this.setProverParameters(null);
 }
 public CryptoParameters(CryptoParameters crypto)
 {
     this.Group            = crypto.Group;
     this.Generators       = crypto.Generators;
     this.HashFunctionName = crypto.HashFunctionName;
 }
 /// <summary>
 /// Constructor.  Sets PublicValues and Witnesses to null, ProverParameters=false;
 /// </summary>
 /// <param name="parameters"></param>
 public ProofParameters(CryptoParameters parameters) : base(parameters.Group, parameters.Generators, parameters.HashFunctionName)
 {
     this.ProverParameters            = false;
     this.ArePublicValuesSerializable = true;
     this.AreWitnessesSerializable    = false;
 }
예제 #8
0
        /// <summary>
        /// Combines all input arrays into an array of Closed DL representation equations
        /// to be used to verify FullRangeProof.  Sets bases for closedD and AdivB as
        /// new GroupElement[2]{crypto.G, crypto.H}.
        /// </summary>
        /// <param name="closedD">closedD[length-1] excluded.</param>
        /// <param name="AdivB">AdivB[0] excluded.</param>
        /// <param name="closedX">closedX[0] excluded.</param>
        /// <param name="closedE">closedE[0] excluded.</param>
        /// <param name="crypto">Contains parameters G and H</param>
        /// <returns></returns>
        public static ClosedDLRepOfGroupElement[] CombineAllClosedDLReps(GroupElement[] closedD, GroupElement[] AdivB, ClosedDLRepOfGroupElement[] closedX, ClosedDLRepOfGroupElement[] closedE, CryptoParameters crypto)
        {
            ClosedDLRepOfGroupElement[] closedDL = new ClosedDLRepOfGroupElement[closedD.Length - 1 + AdivB.Length - 1 + closedX.Length - 1 + closedE.Length - 1];
            int closedDLIndex = 0;

            GroupElement[] bases = new GroupElement[2] {
                crypto.G, crypto.H
            };
            Group group = crypto.Group;

            for (int i = 0; i < closedD.Length - 1; ++i)
            {
                closedDL[closedDLIndex] = new ClosedDLRepOfGroupElement(bases, closedD[i], group);
                ++closedDLIndex;
            }

            for (int i = 1; i < AdivB.Length; ++i)
            {
                closedDL[closedDLIndex] = new ClosedDLRepOfGroupElement(bases, AdivB[i], group);
                ++closedDLIndex;
            }

            for (int i = 1; i < closedX.Length; ++i)
            {
                closedDL[closedDLIndex] = closedX[i];
                ++closedDLIndex;
            }

            for (int i = 1; i < closedE.Length; ++i)
            {
                closedDL[closedDLIndex] = closedE[i];
                ++closedDLIndex;
            }

            return(closedDL);
        }
예제 #9
0
        /// <summary>
        /// Computes: output = product closedBitDecomposition[i] ^ (2^i)
        /// </summary>
        /// <param name="closedBitDecomposition">Array of group elements, none of which may be null.</param>
        /// <param name="parameters">Crypto parameters.</param>
        /// <returns></returns>
        private static GroupElement ComposeClosedCommittedBits(GroupElement[] closedBitDecomposition, CryptoParameters parameters)
        {
            FieldZqElement two = parameters.FieldZq.GetElement(2);

            FieldZqElement[] exponents = new FieldZqElement[closedBitDecomposition.Length];
            exponents[0] = parameters.FieldZq.One;
            for (int i = 1; i < exponents.Length; ++i)
            {
                exponents[i] = exponents[i - 1] * two;
            }
            return(parameters.Group.MultiExponentiate(closedBitDecomposition, exponents));
        }
 /// <summary>
 /// Constructor. Must call SetVerifierParameters() after using
 /// this constructor.
 /// </summary>
 /// <param name="parameters"></param>
 public VerifierInequalityProofParameters(CryptoParameters parameters)
     : base(parameters)
 {
     this.setVerifierParameters(null);
 }
예제 #11
0
 /// <summary>
 /// Empty constructor.  Must call SetVerifierParameters to complete.
 /// </summary>
 /// <param name="crypto"></param>
 public VerifierEqualityParameters(CryptoParameters crypto)
     : base(crypto)
 {
 }
예제 #12
0
 /// <summary>
 /// Do not use this constructor for VerifyRangeProofParameters.
 /// </summary>
 /// <param name="crypto"></param>
 internal VerifierRangeProofParameters(CryptoParameters crypto) : base(crypto)
 {
     this.setVerifierParameters(null);
 }
예제 #13
0
 /// <summary>
 /// Constructor. Sets cryptographic parameters only.
 /// </summary>
 /// <param name="parameters">Cryptographic parameters.</param>
 public VerifierBitDecompositionParameters(CryptoParameters parameters)
     : base(parameters)
 {
     this.setVerifierParameters(null, null);
 }
예제 #14
0
        /// <summary>
        /// Constructor.  Takes as input an integer, creates a Pedersen Commitment to it, and generates
        /// a sequence of Pedersen Commitments to its bit decomposition.
        /// </summary>
        /// <param name="integer">Creates a Pedersen Commitment to this value.</param>
        /// <param name="decompositionLength">Minimum number of integers in the decomposition.</param>
        /// <param name="crypto">Cryptographic parameters.</param>
        /// <param name="hideCommittedValue">Decomposed integer is secret.</param>
        public ProverBitDecompositionParameters(FieldZqElement integer, int decompositionLength, CryptoParameters crypto, bool hideCommittedValue = true)
            : base(crypto)
        {
            BitArray bits = VerifierBitDecompositionParameters.GetBitDecomposition(integer, decompositionLength, this.FieldZq);

            PedersenCommitment[] openCommittedBits = new PedersenCommitment[bits.Length];
            PedersenCommitment   openCommitment;

            if (hideCommittedValue)
            {
                for (int i = 0; i < bits.Length; ++i)
                {
                    FieldZqElement curBit = this.FieldZq.Zero;
                    if (bits.Get(i))
                    {
                        curBit = this.FieldZq.One;
                    }
                    openCommittedBits[i] = new PedersenCommitment(curBit, this);
                }
                openCommitment = new PedersenCommitment(integer, this);
            }
            else
            {
                for (int i = 0; i < bits.Length; ++i)
                {
                    FieldZqElement curBit = this.FieldZq.Zero;
                    if (bits.Get(i))
                    {
                        curBit = this.FieldZq.One;
                    }
                    openCommittedBits[i] = new PedersenCommitment(this.G, this.H, curBit, this.FieldZq.Zero, this.Group);
                }
                openCommitment = new PedersenCommitment(this.G, this.H, integer, this.FieldZq.Zero, this.Group);
            }
            this.setProverParameters(openCommittedBits, openCommitment);
        }