public void ConstructorHelper(ProverBitDecompositionParameters prover) { try { if (!prover.Verify()) { throw new ArgumentException("Could not create BitDecompositionProof because prover parameters are invalid."); } this.Group = prover.Group; this.IsGroupSerializable = true; // Generate proof that each Pedersen Commitment in prover.OpenBitDecomposition // is a valid commitment to either 0 or 1. this.bitCommitmentProof = new SetMembershipProof[prover.DecompositionLength]; FieldZqElement[] memberSet = BitDecompositionProof.SetOfZeroAndOne(prover); for (int proofIndex = 0; proofIndex < bitCommitmentProof.Length; ++proofIndex) { ProverSetMembershipParameters psmParameters = new ProverSetMembershipParameters( prover.OpenBitDecomposition(proofIndex), memberSet, prover); bitCommitmentProof[proofIndex] = new SetMembershipProof(psmParameters); bitCommitmentProof[proofIndex].IsGroupSerializable = false; } //now create proof that actualComposedBits and parameters.OpenCommitment are //commitments to the same value. PedersenCommitment actualComposedBits; if (ComposeCommitments(prover.OpenBitDecomposition(), prover.FieldZq, out actualComposedBits)) { ProverEqualityParameters peParameters = new ProverEqualityParameters( actualComposedBits, 0, prover.OpenCommitment, 0, prover); this.compositionProof = new EqualityProof(peParameters); this.compositionProof.IsGroupSerializable = false; } else { throw new Exception("Could not create BitDecompositionProof."); } } catch (Exception e) { throw e; } }
/// <summary> /// Verifies a set membership proof from U-Prove parameters. /// </summary> /// <param name="vppp">The verifier presentation protocol parameters.</param> /// <param name="pProof">A presentation proof.</param> /// <param name="smProof">A set presentation proof.</param> /// <param name="committedIndex">Index of the committed attribute used to generate the set membership proof.</param> /// <param name="setValues">Set values to verify against.</param> /// <returns>True if the proof is valid, false otherwise.</returns> public static bool Verify(VerifierPresentationProtocolParameters vppp, PresentationProof pProof, SetMembershipProof smProof, int committedIndex, byte[][] setValues) { // get the index of the commitment to use, given the underlying attribute's index int commitmentIndex = ClosedPedersenCommitment.GetCommitmentIndex(vppp.Committed, committedIndex); // verify the membership proof ClosedDLRepOfGroupElement closedCommittedClearance = new ClosedPedersenCommitment(vppp.IP, pProof, commitmentIndex); VerifierSetMembershipParameters setVerifier = new VerifierSetMembershipParameters( closedCommittedClearance.Value, VerifierSetMembershipParameters.GenerateMemberSet(vppp.IP, committedIndex, setValues), new CryptoParameters(vppp.IP)); return(smProof.Verify(setVerifier)); }
public void ConstructorHelper(ProverRangeProofParameters prover) { try { // verify prover parameters if (!prover.Verify()) { throw new ArgumentException("RangeProof: could not create RangeProof because prover parameters are invalid."); } // set group this.Group = prover.Group; this.IsGroupSerializable = true; // set up the bit decomposition proof and compute helper values DLRepOfGroupElement[] openAdivB = CreateBitDecompositionProofs(prover); if (this.ProofBitDecompositionOfA != null) { this.ProofBitDecompositionOfA.IsGroupSerializable = false; } if (this.ProofBitDecompositionOfB != null) { this.ProofBitDecompositionOfB.IsGroupSerializable = false; } DLRepOfGroupElement[] openD = ComputeOpenD(prover, openAdivB); DLRepOfGroupElement[] openX = ComputeOpenX(prover, openAdivB); DLRepOfGroupElement[] openE = ComputeOpenE(prover, openD, openX, openAdivB); // compute RangeProof DLRepOfGroupElement[] allOpenDL = CombineAllOpenDLReps(openD, openAdivB, openX, openE); EqualityMap map = ComputeEqualityMap(prover, A.Length); ProverEqualityParameters peParams = new ProverEqualityParameters( allOpenDL, map, prover); this.FullRangeProof = new EqualityProof(peParams); this.FullRangeProof.IsGroupSerializable = false; // set X and D this.SetX(openX); this.SetD(openD); // create additional proofs based on proof type PedersenCommitment LastD = (PedersenCommitment)openD[openD.Length - 1]; switch (prover.RangeProofType) { case VerifierRangeProofParameters.ProofType.GREATER_THAN: // Prove that D is a commitment to 1 case VerifierRangeProofParameters.ProofType.LESS_THAN: // Prove that D is a commitment to -1 DLRepOfGroupElement equation = new DLRepOfGroupElement( new GroupElement[1] { prover.H }, new FieldZqElement[1] { LastD.ExponentAtIndex(1) }, prover.Group); ProverEqualityParameters strictProver = new ProverEqualityParameters( equation, prover); this.StrictlyThanProof = new EqualityProof(strictProver); this.StrictlyThanProof.IsGroupSerializable = false; break; case VerifierRangeProofParameters.ProofType.GREATER_THAN_OR_EQUAL_TO: // Prove that D is a commitment to either 0 or 1 ProverSetMembershipParameters greaterEqualProver = new ProverSetMembershipParameters( LastD, new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One }, prover); this.OrEqualToProof = new SetMembershipProof(greaterEqualProver); this.OrEqualToProof.IsGroupSerializable = false; break; case VerifierRangeProofParameters.ProofType.LESS_THAN_OR_EQUAL_TO: // Prove that D is a commitment to either 0 or -1 ProverSetMembershipParameters lessEqualProver = new ProverSetMembershipParameters( LastD, new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One.Negate() }, prover); this.OrEqualToProof = new SetMembershipProof(lessEqualProver); this.OrEqualToProof.IsGroupSerializable = false; break; } } catch (Exception e) { throw new Exception("RangeProof: Could not create range proof.", e); } }
/// <summary> /// Init must be called first /// Checks if the given setmembership proofs were correct - to the token and proof (given in the init method) /// </summary> /// <param name="setMembershipProofJsons">List of setmemberships proofs to check</param> /// <param name="verifierMembers">List of members, in which the setmembership proof has to be (given by the verifier) /// e.g setMembershipProofJsons[x] must include members from verifierMembers[x] /// </param> /// <returns>true --> all membership proof were successfull; exception -> something went wrong</returns> public bool VerifySetMembershipProofs(List <string> setMembershipProofJsons, List <VerifierMembers> verifierMembers) { try { LogService.Log(LogService.LogType.Info, "IssuingVerifier - VerifySetMembershipProofs called"); if (!isInitialized || !proofAccepted || !tokenAccepted) { throw new Exception("SetMembershipProof could not be proved; isInitialized:" + isInitialized + ", Proof verifierd:" + proofAccepted + ", Token verified:" + tokenAccepted); } Proof proof = parser.ParseJsonToObject <Proof>(proofJson); uprove_json.Proofs.SetMembershipProof smp; VerifierMembers vm; int commitmentIndex; foreach (string oneSetMembershipProof in setMembershipProofJsons) { LogService.Log(LogService.LogType.Info, "IssuingVerifier - SetMembershipProof given: " + oneSetMembershipProof); smp = parser.ParseJsonToObject <uprove_json.Proofs.SetMembershipProof>(oneSetMembershipProof); vm = verifierMembers.Where(x => x.verifiersSetMembershipProofId == smp.verifiersSetMembershipProofId).FirstOrDefault <VerifierMembers>(); // check if there was a verifier ranges object found if (vm == null) { throw new Exception("No such proof given"); } commitmentIndex = Array.FindIndex <int>(proofRequirements.committedAttributes, x => x == smp.commitmentIndex); // attribute == commitment attribute if (parser.ParseJsonToObject <BasicClaim>(encoding.GetString(Convert.FromBase64String(proof.D[commitmentIndex]))).name != vm.MemberAttribute) { throw new Exception("Attribute commitment is not matching attribute from verifiers setmembership proof properties"); } // check proof itself UProveCrypto.PolyProof.SetMembershipProof setProof = IP.Deserialize <UProveCrypto.PolyProof.SetMembershipProof>(oneSetMembershipProof); if (!UProveCrypto.PolyProof.SetMembershipProof.Verify(vppp, pProof, setProof, smp.commitmentIndex, smp.setValues)) { throw new Exception("SetMembership Proof failed."); } else { // check if it is a member of the allowed universities CheckIfMemberOfAllowedMembers(vm.Members, smp.setValues); } LogService.Log(LogService.LogType.Info, "IssuingVerifier - SetMembershipProof passed tests"); } LogService.Log(LogService.LogType.Info, "IssuingVerifier - All setMembershipProofs passed tests"); return(true); } catch (Exception e) { LogService.Log(LogService.LogType.FatalError, "IssuingVerifier - VerifySetMembershipProof failed.", e); throw new CommunicationException("IssuingVerifier - VerifySetMembershipProof failed.", e); } }