public static bool Verify(List <List <ECPoint> > PK, MLSAGSignatureType sig) { int rows = PK[0].Count; int cols = PK.Count; if (cols < 2) { throw new Exception("Error! What is c if cols = 1!"); } int i = 0; byte[] c_old = new byte[32]; Buffer.BlockCopy(sig.cc, 0, c_old, 0, sig.cc.Length); List <ECPoint> Li = new List <ECPoint>(); List <byte[]> Ri = new List <byte[]>(); while (i < cols) { Li.Clear(); Ri.Clear(); for (int j = 0; j < rows; j++) { ECPoint L = ECCurve.Secp256r1.G * sig.ss[i][j] + PK[i][j] * c_old; byte[] Hi = Crypto.Default.Hash256(PK[i][j].ToString().HexToBytes()); byte[] R = ScalarFunctions.Add(ScalarFunctions.Mul(sig.ss[i][j], Hi), ScalarFunctions.Mul(c_old, sig.II[j])); Li.Add(L); Ri.Add(R); } c_old = MakeHash(PK[i], Li, Ri); i = i + 1; } return(sig.cc.ToHexString() == c_old.ToHexString()); }
public static MLSAGSignatureType Generate(List <List <ECPoint> > PK, List <byte[]> X, int index) { MLSAGSignatureType sig = new MLSAGSignatureType(); int rows = PK[0].Count; int cols = PK.Count; #region Initialize for (int j = 0; j < cols; j++) { sig.ss.Add(new List <byte[]>()); } #endregion if (cols < 2) { throw new Exception("Error! What is c if cols = 1!"); } List <byte[]> alpha = new List <byte[]>(); List <ECPoint> aG = new List <ECPoint>(); List <byte[]> aHP = new List <byte[]>(); List <ECPoint> Li = new List <ECPoint>(); List <byte[]> Ri = new List <byte[]>(); for (int j = 0; j < rows; j++) { byte[] a = SchnorrNonLinkable.GenerateRandomScalar(); alpha.Add(a); aG.Add(ECCurve.Secp256r1.G * a); byte[] Hi = Crypto.Default.Hash256(PK[index][j].ToString().HexToBytes()); aHP.Add(ScalarFunctions.Mul(a, Hi)); sig.II.Add(ScalarFunctions.Mul(X[j], Hi)); } byte[] c_old = MakeHash(PK[index], aG, aHP); int i = (index + 1) % cols; if (i == 0) { Buffer.BlockCopy(c_old, 0, sig.cc, 0, c_old.Length); } while (i != index) { for (int j = 0; j < rows; j++) { sig.ss[i].Add(SchnorrNonLinkable.GenerateRandomScalar()); } byte[] c = new byte[32]; Li.Clear(); Ri.Clear(); for (int j = 0; j < rows; j++) { ECPoint L = ECCurve.Secp256r1.G * sig.ss[i][j] + PK[i][j] * c_old; byte[] Hi = Crypto.Default.Hash256(PK[i][j].ToString().HexToBytes()); byte[] R = ScalarFunctions.Add(ScalarFunctions.Mul(sig.ss[i][j], Hi), ScalarFunctions.Mul(c_old, sig.II[j])); Li.Add(L); Ri.Add(R); } c_old = MakeHash(PK[i], Li, Ri); i = (i + 1) % cols; if (i == 0) { Buffer.BlockCopy(c_old, 0, sig.cc, 0, c_old.Length); } } for (int j = 0; j < rows; j++) { sig.ss[index].Add(ScalarFunctions.MulSub(c_old, X[j], alpha[j])); } return(sig); }