/// <summary>
/// Compute this.b array for the proof.
/// </summary>
/// <param name="prover">Prover parameters</param>
/// <param name="equalW">w values for when exponents are equal</param>
/// <param name="unequalW">w values for when exponents are unequal</param>
private void ComputeB(ProverEqualityParameters prover, FieldZqElement[] equalW, FieldZqElement[] unequalW)
{
int unequalWIndex = 0;
this.b = new GroupElement[prover.Witnesses.Length];
for (int witnessIndex = 0; witnessIndex < this.b.Length; ++witnessIndex)
{
FieldZqElement[] randomData = new FieldZqElement[prover.Witnesses[witnessIndex].RepresentationLength];
for (int exponentIndex = 0; exponentIndex < randomData.Length; ++exponentIndex)
{
DoubleIndex di = new DoubleIndex(witnessIndex, exponentIndex);
int equalWIndex;
if (prover.Map.TryRetrieveIntIndex(di, out equalWIndex))
{
randomData[exponentIndex] = equalW[equalWIndex];
}
else
{
randomData[exponentIndex] = unequalW[unequalWIndex];
++unequalWIndex;
}
}
this.b[witnessIndex] = prover.Witnesses[witnessIndex].ComputeCommitment(randomData);
}
}
int IComparable.CompareTo(object obj)
{
if (obj.GetType() != typeof(DoubleIndex))
{
return(1);
}
DoubleIndex thing = (DoubleIndex)obj;
if (this.EquationIndex < thing.EquationIndex)
{
return(-1);
}
else if (this.EquationIndex > thing.EquationIndex)
{
return(1);
}
else
{
if (this.ExponentIndex > thing.EquationIndex)
{
return(1);
}
if (this.ExponentIndex < thing.ExponentIndex)
{
return(-1);
}
}
return(0);
}
/// <summary>
/// Computes the resonses to the challenge.
/// </summary>
/// <param name="prover">Prover parameters.</param>
/// <param name="equalW">random data for exponents in equality map.</param>
/// <param name="unequalW">random data for exponents not in equality map.</param>
private void ComputeResponses(ProverEqualityParameters prover, FieldZqElement[] equalW, FieldZqElement[] unequalW)
{
FieldZqElement challenge = ComputeChallenge(prover);
this.responseEqual = new FieldZqElement[equalW.Length];
this.responseUnequal = new FieldZqElement[unequalW.Length];
int unequalWIndex = 0;
for (int witnessIndex = 0; witnessIndex < prover.Witnesses.Length; ++witnessIndex)
{
for (int exponentIndex = 0; exponentIndex < prover.Witnesses[witnessIndex].RepresentationLength; ++exponentIndex)
{
FieldZqElement exponent = prover.Witnesses[witnessIndex].ExponentAtIndex(exponentIndex);
DoubleIndex di = new DoubleIndex(witnessIndex, exponentIndex);
int equalWIndex;
if (prover.Map.TryRetrieveIntIndex(di, out equalWIndex))
{
FieldZqElement wValue = equalW[equalWIndex];
this.responseEqual[equalWIndex] = prover.Witnesses[witnessIndex].ComputeResponse(challenge, wValue, exponentIndex);
}
else
{
FieldZqElement wValue = unequalW[unequalWIndex];
this.responseUnequal[unequalWIndex] = prover.Witnesses[witnessIndex].ComputeResponse(challenge, wValue, exponentIndex);
++unequalWIndex;
}
}
}
}
/// <summary>
/// Creates an equality map object for two simple discrete log equations:
/// A = g[0]^x[0] * .... * g[n-1]^x[n-1]
/// B = h[0]^y[0] * .... * h[m-1]^y[m-1]
/// Proof will show that x[exponentIndexForEquation0] = y[exponentIndexForEquation1]
/// </summary>
/// <param name="exponentIndexForEquation0">Index for exponent in equation 0</param>
/// <param name="exponentIndexForEquation1">Index for exponent in equation 1</param>
public EqualityMap(int exponentIndexForEquation0, int exponentIndexForEquation1)
{
// create equality map
PrettyNameToDoubleIndexList = new SortedDictionary <PrettyName, List <DoubleIndex> >();
DoubleIndextToPrettyName = new Dictionary <DoubleIndex, PrettyName>();
//PrettyNameToIntMap = new Dictionary<PrettyName, int>();
// add indices
PrettyName alpha = new PrettyName("alpha", 0);
DoubleIndex di0 = new DoubleIndex(0, exponentIndexForEquation0);
DoubleIndex di1 = new DoubleIndex(1, exponentIndexForEquation1);
this.Add(alpha, di0);
this.Add(alpha, di1);
}
public override bool Equals(object obj)
{
if (obj.GetType() != this.GetType())
{
return(false);
}
DoubleIndex di = (DoubleIndex)obj;
if ((this.EquationIndex != di.EquationIndex) ||
(this.ExponentIndex != di.ExponentIndex))
{
return(false);
}
return(true);
}
/// <summary>
/// Verifies this equality proof given the verifier parameters.
/// </summary>
/// <param name="verifier"></param>
/// <returns></returns>
public bool Verify(VerifierEqualityParameters verifier)
{
try
{
if (!verifier.Verify())
{
return(false);
}
FieldZqElement challenge = ComputeChallenge(verifier);
int unequalWIndex = 0;
for (int statementIndex = 0; statementIndex < verifier.Statements.Length; ++statementIndex)
{
IStatement statement = verifier.Statements[statementIndex];
FieldZqElement[] responses = new FieldZqElement[statement.RepresentationLength];
for (int baseIndex = 0; baseIndex < statement.RepresentationLength; ++baseIndex)
{
DoubleIndex di = new DoubleIndex(statementIndex, baseIndex);
int equalWIndex;
if (verifier.Map.TryRetrieveIntIndex(di, out equalWIndex))
{
responses[baseIndex] = responseEqual[equalWIndex];
}
else
{
responses[baseIndex] = responseUnequal[unequalWIndex];
++unequalWIndex;
}
}
if (!statement.Verify(b[statementIndex], challenge, responses))
{
return(false);
}
}
}
catch (Exception)
{
return(false);
}
return(true);
}
/// <summary>
/// Retrieves the pretty name associated with the equationAndExponentIndex,
/// and returns the index of the pretty name. (Pretty names are numbered
/// consecutively, from 0; this numbering is unique to each EqualityMap object,
/// based on the order in which the pretty names were added).
/// </summary>
/// <param name="equationAndExponentIndex"></param>
/// <param name="index"></param>
/// <returns></returns>
public bool TryRetrieveIntIndex(DoubleIndex equationAndExponentIndex, out int index)
{
PrettyName pretty;
bool success = DoubleIndextToPrettyName.TryGetValue(equationAndExponentIndex, out pretty);
if (success)
{
index = 0;
foreach (PrettyName key in PrettyNameToDoubleIndexList.Keys)
{
if (pretty.Equals(key))
{
return(true);
}
++index;
}
}
index = 0;
return(false);
}
/// <summary>
/// Adds an entry into the equality map object. Let
/// A[i] = product(g[j] ^ x[j])
/// be the list of of DL equations.
/// Associates the indicated exponent x[j] from equation i with
/// prettyName. EqualityProof will show that all exponents
/// with the same prettyName are equal.
/// </summary>
/// <param name="prettyName">Pretty name.</param>
/// <param name="equationAndExponentIndex">Indicates equation i, exponent j.</param>
public void Add(PrettyName prettyName, DoubleIndex equationAndExponentIndex)
{
List <DoubleIndex> diList;
if (PrettyNameToDoubleIndexList.TryGetValue(prettyName, out diList))
{
if (!diList.Contains(equationAndExponentIndex))
{
diList.Add(equationAndExponentIndex);
}
}
else
{
diList = new List <DoubleIndex>();
diList.Add(equationAndExponentIndex);
PrettyNameToDoubleIndexList.Add(prettyName, diList);
}
if (!DoubleIndextToPrettyName.ContainsKey(equationAndExponentIndex))
{
DoubleIndextToPrettyName.Add(equationAndExponentIndex, prettyName);
}
}
/// <summary>
/// Tries to retrieve the pretty name associated with equationAndExponentIndex
/// </summary>
/// <param name="equationAndExponentIndex"></param>
/// <param name="name">Output parameter.</param>
/// <returns>True on success, false if equationAndExponentIndex has no associated pretty name.</returns>
public bool TryGetPrettyName(DoubleIndex equationAndExponentIndex, out PrettyName name)
{
bool success = DoubleIndextToPrettyName.TryGetValue(equationAndExponentIndex, out name);
return(success);
}