private static G1 AssemblePublicKey(IEnumerable <G1> shares, int n) { var xs = Enumerable.Range(1, n).Select(Fr.FromInt).ToArray(); var ys = shares.ToArray(); return(MclBls12381.LagrangeInterpolate(xs, ys)); }
public ValueMessage HandleCommit(int sender, CommitMessage message) { if (message.EncryptedRows.Length != Players) { throw new ArgumentException(); } if (_keyGenStates[sender].Commitment != null) { throw new ArgumentException($"Double commit from sender {sender}"); } _keyGenStates[sender].Commitment = message.Commitment; var myRowCommitted = message.Commitment.Evaluate(_myIdx + 1); var myRow = DecryptRow(message.EncryptedRows[_myIdx], _keyPair.PrivateKey).ToArray(); if (!myRow.Select(x => G1.Generator * x).SequenceEqual(myRowCommitted)) { throw new ArgumentException("Commitment does not match"); } return(new ValueMessage { Proposer = sender, EncryptedValues = Enumerable.Range(0, Players).Select(i => Crypto.Secp256K1Encrypt( _publicKeys[i].EncodeCompressed(), MclBls12381.EvaluatePolynomial(myRow, Fr.FromInt(i + 1)).ToBytes() )).ToArray() }); }
public void TestPowersCalculation() { var powers = Enumerable.Range(0, 30) .Select(i => Fr.FromInt(1 << i)) .ToArray(); CollectionAssert.AreEqual(powers, MclBls12381.Powers(Fr.FromInt(2), 30)); }
public IEnumerable <PrivateKeyShare> GetPrivateShares() { var shares = new Fr[_parties]; for (var i = 0; i < _parties; ++i) { shares[i] = MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1)); } return(shares.Select(share => new PrivateKeyShare(share))); }
public void EvalFrPolyConstantTest() { var poly = new Fr[] { Fr.GetRandom() }; var v0 = MclBls12381.EvaluatePolynomial(poly, Fr.Zero); var v1 = MclBls12381.EvaluatePolynomial(poly, Fr.One); var v2 = MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(319948)); Assert.AreEqual(poly[0], v0); Assert.AreEqual(poly[0], v1); Assert.AreEqual(poly[0], v2); }
public Signature AssembleSignature(IEnumerable <KeyValuePair <int, Signature> > shares) { var keyValuePairs = shares as KeyValuePair <int, Signature>[] ?? shares.ToArray(); var xs = keyValuePairs.Take(Threshold + 1).Select(pair => Fr.FromInt(pair.Key + 1)).ToArray(); var ys = keyValuePairs.Take(Threshold + 1).Select(pair => pair.Value.RawSignature).ToArray(); if (xs.Length <= Threshold || ys.Length <= Threshold) { throw new ArgumentException("not enough shares for signature"); } return(new Signature(MclBls12381.LagrangeInterpolate(xs, ys))); }
public void TestPolyEvaluationFr() { const int degree = 100; var coeffs = Enumerable.Range(0, degree) .Select(i => Fr.GetRandom()) .ToArray(); var pt = Fr.GetRandom(); var res = Fr.Zero; for (var i = degree - 1; i >= 0; --i) { res = res * pt + coeffs[i]; } Assert.AreEqual(res, MclBls12381.EvaluatePolynomial(coeffs, pt)); }
public G1 Evaluate(int x, int y) { var result = G1.Zero; var powX = MclBls12381.Powers(Fr.FromInt(x), Degree + 1); var powY = MclBls12381.Powers(Fr.FromInt(y), Degree + 1); for (var i = 0; i <= Degree; ++i) { for (var j = 0; j <= Degree; ++j) { result += _coefficients[Index(i, j)] * powX[i] * powY[j]; } } return(result); }
public void TestPolyInterpolationG2() { const int degree = 100; var coeffs = Enumerable.Range(0, degree) .Select(i => G2.Generator * Fr.GetRandom()) .ToArray(); var xs = Enumerable.Range(1, degree) .Select(i => Fr.GetRandom()) .ToArray(); var ys = xs .Select(x => MclBls12381.EvaluatePolynomial(coeffs, x)) .ToArray(); var intercept = MclBls12381.EvaluatePolynomial(coeffs, Fr.FromInt(0)); Assert.AreEqual(intercept, MclBls12381.LagrangeInterpolate(xs, ys)); Assert.Throws <ArgumentException>(() => MclBls12381.LagrangeInterpolate(xs, ys.Take(degree - 1).ToArray())); }
public void EvalInterpolateTestFr() { const int n = 10; var poly = Enumerable.Range(0, n).Select(_ => Fr.GetRandom()).ToArray(); var values = Enumerable.Range(100, n + 1) .Select(i => MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(i))) .ToArray(); for (var i = 0; i < n + 1; ++i) { Assert.AreEqual(DummyEval(poly, Fr.FromInt(100 + i)), values[i]); } var intercept = MclBls12381.LagrangeInterpolate( Enumerable.Range(100, n + 1).Select(Fr.FromInt).ToArray(), values ); Assert.AreEqual(poly[0], intercept); }
public ThresholdKeyring?TryGetKeys() { if (!Finished()) { return(null); } var pubKeyPoly = Enumerable.Range(0, Faulty + 1) .Select(_ => G1.Zero) .ToArray(); var secretKey = Fr.Zero; foreach (var dealer in _finished.Take(Faulty + 1)) { var s = _keyGenStates[dealer]; if (s.ValueCount() <= 2 * Faulty) { throw new Exception("Impossible"); // just in case } var rowZero = s.Commitment !.Evaluate(0).ToArray(); foreach (var(x, i) in rowZero.WithIndex()) { pubKeyPoly[i] += x; } secretKey += s.InterpolateValues(); } var pubKeys = Enumerable.Range(0, Players + 1) .Select(i => MclBls12381.EvaluatePolynomial(pubKeyPoly, Fr.FromInt(i))) .ToArray(); return(new ThresholdKeyring { TpkePrivateKey = new PrivateKey(secretKey, _myIdx), TpkePublicKey = new PublicKey(pubKeys[0], Faulty), ThresholdSignaturePrivateKey = new PrivateKeyShare(secretKey), ThresholdSignaturePublicKeySet = new PublicKeySet(pubKeys.Skip(1).Select(x => new Crypto.ThresholdSignature.PublicKey(x)), Faulty) }); }
public Fr InterpolateValues() { if (Commitment is null) { throw new ArgumentException("Cannot interpolate without commitment"); } var xs = Acks.WithIndex() .Where(x => x.item) .Select(x => x.index + 1) .Select(Fr.FromInt) .Take(Commitment.Degree + 1) .ToArray(); var ys = Acks.WithIndex() .Where(x => x.item) .Select(x => Values[x.index]) .Take(Commitment.Degree + 1) .ToArray(); if (xs.Length != Commitment.Degree + 1 || ys.Length != Commitment.Degree + 1) { throw new Exception("Cannot interpolate values"); } return(MclBls12381.LagrangeInterpolate(xs, ys)); }
public RawShare FullDecrypt(EncryptedShare share, List <PartiallyDecryptedShare> us) { return(FullDecryptBenchmark.Benchmark(() => { if (us.Count < _t) { throw new Exception("Insufficient number of shares!"); } var ids = new HashSet <int>(); foreach (var part in us) { if (ids.Contains(part.DecryptorId)) { throw new Exception($"Id {part.DecryptorId} was provided more than once!"); } if (part.ShareId != share.Id) { throw new Exception($"Share id mismatch for decryptor {part.DecryptorId}"); } ids.Add(part.DecryptorId); } var ys = new List <G1>(); var xs = new List <Fr>(); foreach (var part in us) { xs.Add(Fr.FromInt(part.DecryptorId + 1)); ys.Add(part.Ui); } var u = MclBls12381.LagrangeInterpolate(xs.ToArray(), ys.ToArray()); return new RawShare(Utils.XorWithHash(u, share.V), share.Id); })); }
public PrivateKey GetPrivKey(int i) { return(new PrivateKey(MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1)), i)); }
public PublicKey GetPubKey() { return(new PublicKey(G1.Generator * MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(0)), _degree)); }
private static Fr Eval(BiVarSymmetricPolynomial p, int x, int y) { var t = p.Evaluate(x).ToArray(); return(MclBls12381.EvaluatePolynomial(t, Fr.FromInt(y))); }