/// <summary>
/// Creates a range proof that compares a UProve attribute to a target date.
/// Target attribute MUST NOT be hashed.
/// Value MUST be generated via RangeProofParameterFactory.EncodeYearAndDayAsUProveAttribute.
/// </summary>
/// <param name="prover">Token information.</param>
/// <param name="attributeIndexForProver">1-based index of target attribute.</param>
/// <param name="proofType">Range proof type</param>
/// <param name="targetDate">Compare token attribute to this date. (Time component is ignored).</param>
/// <param name="minYear">Minimum year for attribute and target date.</param>
/// <param name="maxYear">Maximum year for attribute and target date.</param>
public RangeProof(
ProverPresentationProtocolParameters prover1,
int attributeIndexForProver1,
VerifierRangeProofParameters.ProofType proofType,
ProverPresentationProtocolParameters prover2,
int attributeIndexForProver2,
int minValue,
int maxValue)
{
// make sure target attribute is not hashed
if ((prover1.IP.E[attributeIndexForProver1 - 1] == 0x01) || ((prover2.IP.E[attributeIndexForProver2 - 1]) == 0x01))
{
throw new ArgumentException("UProve attributes used in Range Proof must not be hashed.");
}
// generate Pedersen Commitments to token attributes
ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 };
int[] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 };
PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices);
// create range proof
ProverRangeProofParameters rangeProver = new ProverRangeProofParameters(
new CryptoParameters(prover1.IP),
attributeCommitments[0],
proofType,
attributeCommitments[1],
minValue,
maxValue);
ConstructorHelper(rangeProver);
// Add UProve Integration proof
this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments);
this.UPIProof.IsGroupSerializable = false;
}
/// <summary>
/// Generates a list of Pedersen Commitments
/// </summary>
/// <param name="prover">Array of tokens</param>
/// <param name="attributeIndices">target attribute for each token</param>
/// <param name="commitmentsToAttribute">Pedersen commitment to target attribute in token. Generated via method
/// Proof.PedersenCommmitmentsToAttributes</param>
public UProveIntegrationProof(ProverPresentationProtocolParameters [] prover, int [] attributeIndices, PedersenCommitment [] commitmentsToAttribute)
{
if ((prover == null) || (prover.Length == 0))
{
throw new ArgumentException("First argument should be an array of at least one element.");
}
if (!UProveIntegrationProof.AreTokensCompatible(prover))
{
throw new ArgumentException("All tokens must use same group.");
}
if ((attributeIndices == null) || (attributeIndices.Length != prover.Length))
{
throw new ArgumentNullException("Second argument must be an array of the same length as first argument.");
}
if ((commitmentsToAttribute == null) || (commitmentsToAttribute.Length != prover.Length))
{
throw new ArgumentNullException("Third argument must be an array of the same length as first argument.");
}
// copy Pedersen Commitment values
this.PedersenCommitmentValues = new GroupElement[prover.Length];
for (int i = 0; i < PedersenCommitmentValues.Length; ++i)
{
this.PedersenCommitmentValues[i] = commitmentsToAttribute[i].Value;
}
// Create Equality Proof between Pedersen Commitments and tokens.
EqualityMap map = new EqualityMap();
IWitness [] witnesses = new IWitness[prover.Length * 2];
OpenUProveToken[] tokens = new OpenUProveToken[prover.Length];
for (int i = 0; i < tokens.Length; ++i)
{
// create uprove token and add target attribute to map
witnesses[2 * i] = new OpenUProveToken(prover[i]);
map.Add(new PrettyName("token", 2 * i), new DoubleIndex(i, attributeIndices[i]));
// add pedersen commitment to witness list, and add to map
witnesses[2 * i + 1] = commitmentsToAttribute[i];
map.Add(new PrettyName("token", 2 * i + 1), new DoubleIndex(i, 0));
}
ProverEqualityParameters eqProver = new ProverEqualityParameters(witnesses, map, new CryptoParameters(prover[0].IP));
this.TokenCommitmentEqualityProof = new EqualityProof(eqProver);
this.TokenCommitmentEqualityProof.IsGroupSerializable = false;
}
/// <summary>
/// Constructor. Creates a proof that a token attribute is in a given set.
/// </summary>
/// <param name="prover">Token description.</param>
/// <param name="attributeIndexForProver">1-based attribute index in token.</param>
/// <param name="setValues">Set of attributes to compare to token attribute.</param>
/// <param name="smRandom">Random data for set membership proof.</param>
/// <returns>Inequality proof.</returns>
public SetMembershipProof(ProverPresentationProtocolParameters prover, int attributeIndexForProver, byte[][] setValues, SetMembershipProofGenerationRandomData smRandom = null)
{
// generate Pedersen Commitments to token attribute
ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover };
int[] attributeIndices = new int[] { attributeIndexForProver };
PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices);
// create set membership proof using Pedersen Commitment
FieldZqElement[] memberSet = VerifierSetMembershipParameters.GenerateMemberSet(prover.IP, attributeIndexForProver, setValues);
ProverSetMembershipParameters setProver = new ProverSetMembershipParameters(attributeCommitments[0], memberSet, new CryptoParameters(prover.IP));
ConstructorHelper(setProver, smRandom);
// add UProve Integration proof
this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments);
this.UPIProof.IsGroupSerializable = false;
}
/// <summary>
/// Constructor. Creates an inequality proof that a token attribute is not equal to some value.
/// </summary>
/// <param name="prover">Token description.</param>
/// <param name="attributeIndexForProver">1-based attribute index in token.</param>
/// <param name="attributeValue">Attribute value to compare actual token attribute.</param>
/// <returns>Inequality proof.</returns>
public InequalityProof(ProverPresentationProtocolParameters prover, int attributeIndexForProver, byte[] attributeValue)
{
// generate Pedersen Commitments to attributes
ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover };
int[] attributeIndices = new int[] { attributeIndexForProver };
PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices);
// create inequality proof using Pedersen Commitmetns
FieldZqElement committedAttribute = ProtocolHelper.ComputeXi(prover.IP, attributeIndexForProver - 1, attributeValue);
ProverInequalityProofParameters ieqProver = new ProverInequalityProofParameters(attributeCommitments[0], committedAttribute, new CryptoParameters(prover.IP));
ConstructorHelper(ieqProver);
// add UProve Integration proof
this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments);
this.UPIProof.IsGroupSerializable = false;
}
/// <summary>
/// Constructor. Creates an inequality proof that an attribute in one token is not equal to an attribute in another token.
/// </summary>
/// <param name="prover1">Token.</param>
/// <param name="attributeIndexForProver1">Target attribute in first token, uses 1-based index.</param>
/// <param name="prover2">Token</param>
/// <param name="attributeIndexForProver2">Target attribute in second token, uses 1-based index</param>
/// <returns>Proof of inequality.</returns>
public InequalityProof(
ProverPresentationProtocolParameters prover1,
int attributeIndexForProver1,
ProverPresentationProtocolParameters prover2,
int attributeIndexForProver2)
{
// generate Pedersen Commitments to attributes
ProverPresentationProtocolParameters[] provers = new ProverPresentationProtocolParameters[] { prover1, prover2 };
int [] attributeIndices = new int[] { attributeIndexForProver1, attributeIndexForProver2 };
PedersenCommitment[] attributeCommitments = PedersenCommitment.PedersenCommmitmentsToAttributes(provers, attributeIndices);
// create inequality proof using Pedersen Commitmetns
ProverInequalityProofParameters ieqProver = new ProverInequalityProofParameters(attributeCommitments[0], attributeCommitments[1], new CryptoParameters(prover1.IP));
ConstructorHelper(ieqProver);
// add UProve Integration proof
this.UPIProof = new UProveIntegrationProof(provers, attributeIndices, attributeCommitments);
this.UPIProof.IsGroupSerializable = false;
}
/// <summary>
/// Verifies this proof that the committed values are valid Pedersen Commitments to token attributes.
/// </summary>
/// <param name="verifier">Array of verifier token parameters.</param>
/// <param name="attributeIndices">Target attribute in each token.</param>
/// <param name="committedValues">Array of Pedersen Commitment values.</param>
/// <returns></returns>
public bool Verify(VerifierPresentationProtocolParameters [] verifier, int [] attributeIndices)
{
if ((verifier == null) || (verifier.Length == 0))
{
throw new ArgumentException("First argument should be an array of at least one element.");
}
if (!UProveIntegrationProof.AreTokensCompatible(verifier))
{
throw new ArgumentException("All tokens must use same group.");
}
if ((attributeIndices == null) || (attributeIndices.Length != verifier.Length))
{
throw new ArgumentNullException("Second argument must be an array of the same length as first argument.");
}
if ((this.PedersenCommitmentValues == null) || (this.PedersenCommitmentValues.Length != verifier.Length))
{
throw new ArgumentNullException("Third argument must be an array of the same length as first argument.");
}
EqualityMap map = new EqualityMap();
IStatement[] statements = new IStatement[verifier.Length * 2];
ClosedUProveToken[] tokens = new ClosedUProveToken[verifier.Length];
for (int i = 0; i < tokens.Length; ++i)
{
// create uprove token and add target attribute to map
statements[2 * i] = new ClosedUProveToken(verifier[i]);
map.Add(new PrettyName("token", 2 * i), new DoubleIndex(i, attributeIndices[i]));
// add pedersen commitment to witness list, and add to map
statements[2 * i + 1] = new ClosedPedersenCommitment(verifier[i].IP, this.PedersenCommitmentValues[i]);
map.Add(new PrettyName("token", 2 * i + 1), new DoubleIndex(i, 0));
}
VerifierEqualityParameters eqVerifier = new VerifierEqualityParameters(statements, map, new CryptoParameters(verifier[0].IP));
return(this.TokenCommitmentEqualityProof.Verify(eqVerifier));
}
