/// <summary>
/// Creates a range proof that compares a UProve attribute to a target date.
/// Target attribute MUST NOT be hashed.
/// Value MUST be generated via RangeProofParameterFactory.EncodeYearAndDayAsUProveAttribute.
/// </summary>
/// <param name="prover">Token information.</param>
/// <param name="attributeIndexForProver">1-based index of target attribute.</param>
/// <param name="proofType">Range proof type</param>
/// <param name="targetDate">Compare token attribute to this date. (Time component is ignored).</param>
/// <param name="minYear">Minimum year for attribute and target date.</param>
/// <param name="maxYear">Maximum year for attribute and target date.</param>
public RangeProof(
ProverPresentationProtocolParameters prover1,
int attributeIndexForProver1,
VerifierRangeProofParameters.ProofType proofType,
ProverPresentationProtocolParameters prover2,
int attributeIndexForProver2,
int minValue,
int maxValue)
{
// make sure target attribute is not hashed
if ((prover1.IP.E[attributeIndexForProver1 - 1] == 0x01) || ((prover2.IP.E[attributeIndexForProver2 - 1]) == 0x01))
{
throw new ArgumentException("UProve attributes used in Range Proof must not be hashed.");
}
// generate Pedersen Commitments to token attributes
ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 };
int[] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 };
PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices);
// create range proof
ProverRangeProofParameters rangeProver = new ProverRangeProofParameters(
new CryptoParameters(prover1.IP),
attributeCommitments[0],
proofType,
attributeCommitments[1],
minValue,
maxValue);
ConstructorHelper(rangeProver);
// Add UProve Integration proof
this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments);
this.UPIProof.IsGroupSerializable = false;
}
public bool Verify(
VerifierPresentationProtocolParameters verifier1,
int attributeIndexForVerifier1,
VerifierRangeProofParameters.ProofType proofType,
VerifierPresentationProtocolParameters verifier2,
int attributeIndexForVerifier2,
int minYear,
int maxYear)
{
// Verify target attribute is not hashed
if ((verifier1.IP.E[attributeIndexForVerifier1 - 1] == 0x01) || (verifier2.IP.E[attributeIndexForVerifier1 - 1] == 0x01))
{
return(false);
}
// Verify UProve Integration Proof
if (this.UPIProof == null)
{
return(false);
}
VerifierPresentationProtocolParameters[] verifiers = new VerifierPresentationProtocolParameters[2] {
verifier1, verifier2
};
int[] attributeIndices = new int[2] {
attributeIndexForVerifier1, attributeIndexForVerifier2
};
if (!this.UPIProof.Verify(verifiers, attributeIndices))
{
return(false);
}
// Verify Range Proof
VerifierRangeProofParameters rangeVerifier = new VerifierRangeProofParameters(
new CryptoParameters(verifier1.IP),
this.UPIProof.PedersenCommitmentValues[0],
proofType,
this.UPIProof.PedersenCommitmentValues[1],
minYear,
maxYear);
return(this.Verify(rangeVerifier));
}
/// <summary>
/// Converts a range proof type to a string value
/// </summary>
/// <param name="proofType">range proof type to convert to string</param>
/// <returns>converted range proof type as string or null if not exists</returns>
public static RangeProofType GetType(VerifierRangeProofParameters.ProofType proofType)
{
if (proofType == LESS_THAN.ProofType)
{
return(LESS_THAN);
}
else if (proofType == GREATER_THAN.ProofType)
{
return(GREATER_THAN);
}
else if (proofType == LESS_THAN_OR_EQUAL_TO.ProofType)
{
return(LESS_THAN_OR_EQUAL_TO);
}
else if (proofType == GREATER_THAN_OR_EQUAL_TO.ProofType)
{
return(GREATER_THAN_OR_EQUAL_TO);
}
return(null);
}
private RangeProofType(string value, VerifierRangeProofParameters.ProofType proofType)
{
Value = value;
ProofType = proofType;
}
/// <summary>
/// Create verifier parameter for comparing committed date to verifier target date.
/// </summary>
/// <param name="crypto">Cryptographic parameters.</param>
/// <param name="commitmentToYearAndDay">Prover supplied committed value.</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetDate">Verifier target date. Must be in [minYear, maxYear+1).</param>
/// <param name="minYear">Used to specify range, must be same as in prover parameters.</param>
/// <param name="maxYear">Used to specify range, must be same as in prover parameters.</param>
/// <returns></returns>
public static VerifierRangeProofParameters GetDateTimeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToYearAndDay, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear)
{
int maxValue = (maxYear - minYear) * 366 + 365;
int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear);
return(new VerifierRangeProofParameters(
crypto,
commitmentToYearAndDay,
rangeProofType,
verifierYearAndDay,
0,
maxValue));
}
/// <summary>
/// Create prover parameters for comparing committed day and hour to verifier target day and hour.
/// </summary>
/// <param name="crypto">Cryptographic parameters.</param>
/// <param name="commitmentToDayAndHour">Prover supplied commitment.</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetDayHour">Verifier target day of year and hour. Year is ignored.</param>
/// <param name="minDayOfYear">Establishes range. Must be same as used by prover.</param>
/// <param name="maxDayOfYear">Establishes range. Must be same as used by prover.</param>
/// <returns></returns>
public static VerifierRangeProofParameters GetDayAndHourVerifierParameters(CryptoParameters crypto, GroupElement commitmentToDayAndHour, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDayHour, int minDayOfYear, int maxDayOfYear)
{
if (minDayOfYear > maxDayOfYear)
{
throw new ArgumentException("Argument minDayOfYear must be less than or equal to maxDayOfYear.");
}
if ((minDayOfYear < 0) || (maxDayOfYear > 366))
{
throw new ArgumentOutOfRangeException("Arguments minDayOfYear and maxDayOfYear must be in [0,365]");
}
return(new VerifierRangeProofParameters(
crypto,
commitmentToDayAndHour,
rangeProofType,
EncodeDayAndHour(verifierTargetDayHour, minDayOfYear),
minDayOfYear * 24,
maxDayOfYear * 24 + 23));
}
/// <summary>
/// Returns verifier parameters corresponding to prover parameters generated by
/// GetDateTimeProverParameters.
/// </summary>
/// <param name="crypto">Cryptographic parameters.</param>
/// <param name="commitmentToDayOfYear">Prover supplied commitment to day of year in [0,365].</param>
/// <param name="commitmentToYear">Prover supplied commitment to year in [minYear, maxYear].</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetDate">verifier target date in [minYear, maxYear+1).</param>
/// <param name="minYear">Used to determine range. Must be same as used by prover.</param>
/// <param name="maxYear">Used to determine range. Must be same as used by prover.</param>
/// <returns></returns>
public static VerifierRangeProofParameters GetDateTimeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToYear, GroupElement commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear)
{
// Compute (commitmentToYear / G^minYear)^366 * commitmentToDayOfYear
GroupElement[] bases = new GroupElement[]
{
commitmentToYear,
crypto.G
};
FieldZqElement[] exponents = new FieldZqElement[]
{
crypto.FieldZq.GetElement(366),
crypto.FieldZq.GetElement((uint)(minYear * 366)).Negate()
};
GroupElement commitmentToYearAndDay = crypto.Group.MultiExponentiate(bases, exponents) * commitmentToDayOfYear;
int maxValue = (maxYear - minYear) * 366 + 365;
int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear);
return(new VerifierRangeProofParameters(
crypto,
commitmentToYearAndDay,
rangeProofType,
verifierYearAndDay,
0,
maxValue));
}
/// <summary>
/// Returns ProverRangeProofParameters that the committed date to the
/// the verifier target date. Range proof will require bit decomposition of approximately 9 + log_2 (maxYear - minYear) bits.
/// </summary>
/// <param name="crypto">Crypto parameters</param>
/// <param name="commitmentToDayOfYear">Commitment value in [0,365]</param>
/// <param name="commitmentToYear">Commitment to a year in [minYear, maxYear].</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetDate">Commitment to a date in [minYear, maxYear +1).</param>
/// <param name="minYear">Limits range of proof. </param>
/// <param name="maxYear">Limits range of proof.</param>
/// <returns></returns>
public static ProverRangeProofParameters GetDateTimeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToYear, PedersenCommitment commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear)
{
//Check crypto parameters and pedersen commitment generators G and H
if (!commitmentToYear.AreBasesEqual(commitmentToDayOfYear))
{
throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear have different bases.");
}
if ((crypto.G != commitmentToYear.BaseAtIndex(0)) ||
(crypto.H != commitmentToYear.BaseAtIndex(1)))
{
throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear should use bases crypto.G and crypto.H.");
}
FieldZqElement minYearElement = crypto.FieldZq.GetElement((uint)minYear);
FieldZqElement daysInOneYear = crypto.FieldZq.GetElement(366);
FieldZqElement committedYear = commitmentToYear.ExponentAtIndex(0);
FieldZqElement committedDay = commitmentToDayOfYear.ExponentAtIndex(0);
FieldZqElement openingYear = commitmentToYear.ExponentAtIndex(1);
FieldZqElement openingDay = commitmentToDayOfYear.ExponentAtIndex(1);
PedersenCommitment commitmentToYearAndDay = new PedersenCommitment(
crypto.G,
crypto.H,
(committedYear + minYearElement.Negate()) * daysInOneYear + committedDay,
openingYear * daysInOneYear + openingDay,
crypto.Group);
int maxValue = (maxYear - minYear) * 366 + 365;
int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear);
return(new ProverRangeProofParameters(
crypto,
commitmentToYearAndDay,
rangeProofType,
verifierYearAndDay,
0,
maxValue));
}
/// <summary>
/// Returns verifier parameters for an age range proof.
/// </summary>
/// <param name="crypto">Cryptographic parameters.</param>
/// <param name="commitmentToActualAge">Commitment to age in years provided by prover.</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetAge">Verifier target age in years [0,127].</param>
/// <returns></returns>
public static VerifierRangeProofParameters GetAgeVerifierParameters(CryptoParameters crypto, GroupElement commitmentToActualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge)
{
if ((verifierTargetAge < 0) || (verifierTargetAge > 127))
{
throw new ArgumentOutOfRangeException("VerifierTargetAge should be an integer in [0,127]");
}
return(new VerifierRangeProofParameters(
crypto,
commitmentToActualAge,
rangeProofType,
verifierTargetAge,
0,
127));
}
/// <summary>
/// Returns prover parameters for comparing prover age to verifier target age.
/// </summary>
/// <param name="crypto">Cryptographic parameters</param>
/// <param name="commitmentToActualAge">Commitment to age in years [0,127].</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetAge">Verifier target age in years [0,127].</param>
/// <returns></returns>
public static ProverRangeProofParameters GetAgeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToActualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge)
{
return(new ProverRangeProofParameters(
crypto,
commitmentToActualAge,
rangeProofType,
verifierTargetAge,
0,
127));
}
/// <summary>
/// Returns prover parameters for comparing actual age to verfierTargetAge.
/// </summary>
/// <param name="crypto">Crypto parameters</param>
/// <param name="actualAge">Actual age of prover in years [0,127].</param>
/// <param name="rangeProofType">Range proof type.</param>
/// <param name="verifierTargetAge">Verifier target age in years [0,127].</param>
/// <returns></returns>
public static ProverRangeProofParameters GetAgeProverParameters(CryptoParameters crypto, int actualAge, VerifierRangeProofParameters.ProofType rangeProofType, int verifierTargetAge)
{
return(new ProverRangeProofParameters(
crypto,
new PedersenCommitment(crypto.FieldZq.GetElement(actualAge), crypto),
rangeProofType,
verifierTargetAge,
0,
127));
}
