/// <summary> /// Returns ProverRangeProofParameters that the committed date to the /// the verifier target date. Range proof will require bit decomposition of approximately 9 + log_2 (maxYear - minYear) bits. /// </summary> /// <param name="crypto">Crypto parameters</param> /// <param name="commitmentToDayOfYear">Commitment value in [0,365]</param> /// <param name="commitmentToYear">Commitment to a year in [minYear, maxYear].</param> /// <param name="rangeProofType">Range proof type.</param> /// <param name="verifierTargetDate">Commitment to a date in [minYear, maxYear +1).</param> /// <param name="minYear">Limits range of proof. </param> /// <param name="maxYear">Limits range of proof.</param> /// <returns></returns> public static ProverRangeProofParameters GetDateTimeProverParameters(CryptoParameters crypto, PedersenCommitment commitmentToYear, PedersenCommitment commitmentToDayOfYear, VerifierRangeProofParameters.ProofType rangeProofType, DateTime verifierTargetDate, int minYear, int maxYear) { //Check crypto parameters and pedersen commitment generators G and H if (!commitmentToYear.AreBasesEqual(commitmentToDayOfYear)) { throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear have different bases."); } if ((crypto.G != commitmentToYear.BaseAtIndex(0)) || (crypto.H != commitmentToYear.BaseAtIndex(1))) { throw new ArgumentException("PedersenCommitments commitmentToYear and commitmentToDayOfYear should use bases crypto.G and crypto.H."); } FieldZqElement minYearElement = crypto.FieldZq.GetElement((uint)minYear); FieldZqElement daysInOneYear = crypto.FieldZq.GetElement(366); FieldZqElement committedYear = commitmentToYear.ExponentAtIndex(0); FieldZqElement committedDay = commitmentToDayOfYear.ExponentAtIndex(0); FieldZqElement openingYear = commitmentToYear.ExponentAtIndex(1); FieldZqElement openingDay = commitmentToDayOfYear.ExponentAtIndex(1); PedersenCommitment commitmentToYearAndDay = new PedersenCommitment( crypto.G, crypto.H, (committedYear + minYearElement.Negate()) * daysInOneYear + committedDay, openingYear * daysInOneYear + openingDay, crypto.Group); int maxValue = (maxYear - minYear) * 366 + 365; int verifierYearAndDay = EncodeYearAndDay(verifierTargetDate, minYear); return(new ProverRangeProofParameters( crypto, commitmentToYearAndDay, rangeProofType, verifierYearAndDay, 0, maxValue)); }
public void ConstructorHelper(ProverRangeProofParameters prover) { try { // verify prover parameters if (!prover.Verify()) { throw new ArgumentException("RangeProof: could not create RangeProof because prover parameters are invalid."); } // set group this.Group = prover.Group; this.IsGroupSerializable = true; // set up the bit decomposition proof and compute helper values DLRepOfGroupElement[] openAdivB = CreateBitDecompositionProofs(prover); if (this.ProofBitDecompositionOfA != null) { this.ProofBitDecompositionOfA.IsGroupSerializable = false; } if (this.ProofBitDecompositionOfB != null) { this.ProofBitDecompositionOfB.IsGroupSerializable = false; } DLRepOfGroupElement[] openD = ComputeOpenD(prover, openAdivB); DLRepOfGroupElement[] openX = ComputeOpenX(prover, openAdivB); DLRepOfGroupElement[] openE = ComputeOpenE(prover, openD, openX, openAdivB); // compute RangeProof DLRepOfGroupElement[] allOpenDL = CombineAllOpenDLReps(openD, openAdivB, openX, openE); EqualityMap map = ComputeEqualityMap(prover, A.Length); ProverEqualityParameters peParams = new ProverEqualityParameters( allOpenDL, map, prover); this.FullRangeProof = new EqualityProof(peParams); this.FullRangeProof.IsGroupSerializable = false; // set X and D this.SetX(openX); this.SetD(openD); // create additional proofs based on proof type PedersenCommitment LastD = (PedersenCommitment)openD[openD.Length - 1]; switch (prover.RangeProofType) { case VerifierRangeProofParameters.ProofType.GREATER_THAN: // Prove that D is a commitment to 1 case VerifierRangeProofParameters.ProofType.LESS_THAN: // Prove that D is a commitment to -1 DLRepOfGroupElement equation = new DLRepOfGroupElement( new GroupElement[1] { prover.H }, new FieldZqElement[1] { LastD.ExponentAtIndex(1) }, prover.Group); ProverEqualityParameters strictProver = new ProverEqualityParameters( equation, prover); this.StrictlyThanProof = new EqualityProof(strictProver); this.StrictlyThanProof.IsGroupSerializable = false; break; case VerifierRangeProofParameters.ProofType.GREATER_THAN_OR_EQUAL_TO: // Prove that D is a commitment to either 0 or 1 ProverSetMembershipParameters greaterEqualProver = new ProverSetMembershipParameters( LastD, new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One }, prover); this.OrEqualToProof = new SetMembershipProof(greaterEqualProver); this.OrEqualToProof.IsGroupSerializable = false; break; case VerifierRangeProofParameters.ProofType.LESS_THAN_OR_EQUAL_TO: // Prove that D is a commitment to either 0 or -1 ProverSetMembershipParameters lessEqualProver = new ProverSetMembershipParameters( LastD, new FieldZqElement[] { prover.FieldZq.Zero, prover.FieldZq.One.Negate() }, prover); this.OrEqualToProof = new SetMembershipProof(lessEqualProver); this.OrEqualToProof.IsGroupSerializable = false; break; } } catch (Exception e) { throw new Exception("RangeProof: Could not create range proof.", e); } }