/// <summary>
/// Verifies a proof that two tokens share an attribute value, without revealing it.
/// </summary>
/// <param name="verifier1">Equality proof parameters for the first token.</param>
/// <param name="verifier2">Equality proof parameters for the second token.</param>
/// <param name="eQProof">The equality proof to verify.</param>
/// <exception cref="InvalidUProveArtifactException">Thrown if the proof is invalid.</exception>
public static void VerifyUProveEqualityProof(EQProofUProveVerifierData verifier1, EQProofUProveVerifierData verifier2, EqualityProof eQProof)
{
int commitmentIndex1 = ClosedPedersenCommitment.GetCommitmentIndex(verifier1.VPPP.Committed, verifier1.index);
int commitmentIndex2 = ClosedPedersenCommitment.GetCommitmentIndex(verifier2.VPPP.Committed, verifier2.index);
ClosedPedersenCommitment closedPed1 = new ClosedPedersenCommitment(verifier1.VPPP.IP, verifier1.PP, commitmentIndex1);
ClosedPedersenCommitment closedPed2 = new ClosedPedersenCommitment(verifier2.VPPP.IP, verifier2.PP, commitmentIndex2);
CryptoParameters crypto = new CryptoParameters(verifier1.VPPP.IP); // Can use prover2.IP
VerifierEqualityParameters equalityVerifier = new VerifierEqualityParameters(closedPed1, 0, closedPed2, 0, crypto);
if (!eQProof.Verify(equalityVerifier))
{
throw new InvalidUProveArtifactException("invalid equality proof");
}
}
/// <summary>
/// Verifies the RangeProof. Returns true if it is valid, false otherwise.
/// </summary>
/// <param name="verifier">Verifier parameters.</param>
/// <returns></returns>
public bool Verify(VerifierRangeProofParameters verifier)
{
try
{
// Verify parameters
if (!verifier.Verify())
{
return(false);
}
// verify bit decomposition proofs
if (!VerifyBitDecompositionProofs(verifier, this.A, this.B, ProofBitDecompositionOfA, ProofBitDecompositionOfB))
{
return(false);
}
// verify FullRangeProof
GroupElement[] closedAdivB = ComputeClosedAdivB(verifier, this.A, this.B);
this.D[0] = closedAdivB[0];
ClosedDLRepOfGroupElement[] closedX = ComputeClosedX(verifier, this.X, closedAdivB);
ClosedDLRepOfGroupElement[] closedE = ComputeClosedE(verifier, this.X, this.D, closedAdivB);
ClosedDLRepOfGroupElement[] allClosedDL = CombineAllClosedDLReps(this.D, closedAdivB, closedX, closedE, verifier);
EqualityMap map = ComputeEqualityMap(verifier, A.Length);
VerifierEqualityParameters veParameters = new VerifierEqualityParameters(
allClosedDL,
map,
verifier);
bool success = this.FullRangeProof.Verify(veParameters);
if (!success)
{
return(false);
}
// verify additional proof based on proof type
GroupElement LastD = this.D[this.D.Length - 1];
switch (verifier.RangeProofType)
{
case VerifierRangeProofParameters.ProofType.GREATER_THAN:
ClosedDLRepOfGroupElement gtEquation = new ClosedDLRepOfGroupElement(
new GroupElement[1] {
verifier.H
},
LastD * verifier.G.Exponentiate(verifier.FieldZq.One.Negate()),
verifier.Group);
VerifierEqualityParameters greaterThanVerifier = new VerifierEqualityParameters(
gtEquation,
verifier);
return(StrictlyThanProof.Verify(greaterThanVerifier));
case VerifierRangeProofParameters.ProofType.LESS_THAN:
ClosedDLRepOfGroupElement ltEquation = new ClosedDLRepOfGroupElement(
new GroupElement[1] {
verifier.H
},
LastD * verifier.G,
verifier.Group);
VerifierEqualityParameters lessThanVerifier = new VerifierEqualityParameters(
ltEquation,
verifier);
return(StrictlyThanProof.Verify(lessThanVerifier));
case VerifierRangeProofParameters.ProofType.GREATER_THAN_OR_EQUAL_TO:
VerifierSetMembershipParameters greaterEqualVerifier = new VerifierSetMembershipParameters(
LastD,
new FieldZqElement[] { verifier.FieldZq.Zero, verifier.FieldZq.One },
verifier);
return(this.OrEqualToProof.Verify(greaterEqualVerifier));
case VerifierRangeProofParameters.ProofType.LESS_THAN_OR_EQUAL_TO:
VerifierSetMembershipParameters lessEqualProver = new VerifierSetMembershipParameters(
LastD,
new FieldZqElement[] { verifier.FieldZq.Zero, verifier.FieldZq.One.Negate() },
verifier);
return(this.OrEqualToProof.Verify(lessEqualProver));
}
}
catch (Exception)
{
}
return(false);
}