/// <summary>
/// Returns ProverRangeProofParameters that the committed date to the
/// the verifier target date. Range proof will require bit decomposition of approximately 9 + log_2 (maxYear - minYear) bits.
/// </summary>
/// <param name="crypto">Crypto parameters</param>
/// <param name="commitmentToDayOfYear">Commitment value in [0,365]</param>
/// <param name="commitmentToYear">Commitment to a year in [minYear, maxYear].</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetDate">Commitment to a date in [minYear, maxYear +1).</param>
/// <param name="minYear">Limits range of proof. </param>
/// <param name="maxYear">Limits range of proof.</param>
/// <returns></returns>
public static ProverRangeProofParameters GetDateTimeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToYear, PedersenCommitment commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear)
{
//Check crypto parameters and pedersen commitment generators G and H
if (!commitmentToYear.AreBasesEqual(commitmentToDayOfYear))
{
throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear have different bases.");
}
if ((crypto.G != commitmentToYear.BaseAtIndex(0)) ||
(crypto.H != commitmentToYear.BaseAtIndex(1)))
{
throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear should use bases crypto.G and crypto.H.");
}
FieldZqElement minYearElement = crypto.FieldZq.GetElement((uint)minYear);
FieldZqElement daysInOneYear = crypto.FieldZq.GetElement(366);
FieldZqElement committedYear = commitmentToYear.ExponentAtIndex(0);
FieldZqElement committedDay = commitmentToDayOfYear.ExponentAtIndex(0);
FieldZqElement openingYear = commitmentToYear.ExponentAtIndex(1);
FieldZqElement openingDay = commitmentToDayOfYear.ExponentAtIndex(1);
PedersenCommitment commitmentToYearAndDay = new PedersenCommitment(
crypto.G,
crypto.H,
(committedYear + minYearElement.Negate()) * daysInOneYear + committedDay,
openingYear * daysInOneYear + openingDay,
crypto.Group);
int maxValue = (maxYear - minYear) * 366 + 365;
int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear);
return(new ProverRangeProofParameters(
crypto,
commitmentToYearAndDay,
rangeProofType,
verifierYearAndDay,
0,
maxValue));
}
public void ConstructorHelper(ProverRangeProofParameters prover)
{
try
{
// verify prover parameters
if (!prover.Verify())
{
throw new ArgumentException("RangeProof: could not create RangeProof because prover parameters are invalid.");
}
// set group
this.Group = prover.Group;
this.IsGroupSerializable = true;
// set up the bit decomposition proof and compute helper values
DLRepOfGroupElement[] openAdivB = CreateBitDecompositionProofs(prover);
if (this.ProofBitDecompositionOfA != null)
{
this.ProofBitDecompositionOfA.IsGroupSerializable = false;
}
if (this.ProofBitDecompositionOfB != null)
{
this.ProofBitDecompositionOfB.IsGroupSerializable = false;
}
DLRepOfGroupElement[] openD = ComputeOpenD(prover, openAdivB);
DLRepOfGroupElement[] openX = ComputeOpenX(prover, openAdivB);
DLRepOfGroupElement[] openE = ComputeOpenE(prover, openD, openX, openAdivB);
// compute RangeProof
DLRepOfGroupElement[] allOpenDL = CombineAllOpenDLReps(openD, openAdivB, openX, openE);
EqualityMap map = ComputeEqualityMap(prover, A.Length);
ProverEqualityParameters peParams = new ProverEqualityParameters(
allOpenDL,
map,
prover);
this.FullRangeProof = new EqualityProof(peParams);
this.FullRangeProof.IsGroupSerializable = false;
// set X and D
this.SetX(openX);
this.SetD(openD);
// create additional proofs based on proof type
PedersenCommitment LastD = (PedersenCommitment)openD[openD.Length - 1];
switch (prover.RangeProofType)
{
case VerifierRangeProofParameters.ProofType.GREATER_THAN:
// Prove that D is a commitment to 1
case VerifierRangeProofParameters.ProofType.LESS_THAN:
// Prove that D is a commitment to -1
DLRepOfGroupElement equation = new DLRepOfGroupElement(
new GroupElement[1] {
prover.H
},
new FieldZqElement[1] {
LastD.ExponentAtIndex(1)
},
prover.Group);
ProverEqualityParameters strictProver = new ProverEqualityParameters(
equation,
prover);
this.StrictlyThanProof = new EqualityProof(strictProver);
this.StrictlyThanProof.IsGroupSerializable = false;
break;
case VerifierRangeProofParameters.ProofType.GREATER_THAN_OR_EQUAL_TO:
// Prove that D is a commitment to either 0 or 1
ProverSetMembershipParameters greaterEqualProver = new ProverSetMembershipParameters(
LastD,
new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One },
prover);
this.OrEqualToProof = new SetMembershipProof(greaterEqualProver);
this.OrEqualToProof.IsGroupSerializable = false;
break;
case VerifierRangeProofParameters.ProofType.LESS_THAN_OR_EQUAL_TO:
// Prove that D is a commitment to either 0 or -1
ProverSetMembershipParameters lessEqualProver = new ProverSetMembershipParameters(
LastD,
new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One.Negate() },
prover);
this.OrEqualToProof = new SetMembershipProof(lessEqualProver);
this.OrEqualToProof.IsGroupSerializable = false;
break;
}
}
catch (Exception e)
{
throw new Exception("RangeProof: Could not create range proof.", e);
}
}