public void ConstructorHelper(ProverBitDecompositionParameters prover)
{
try
{
if (!prover.Verify())
{
throw new ArgumentException("Could not create BitDecompositionProof because prover parameters are invalid.");
}
this.Group = prover.Group;
this.IsGroupSerializable = true;
// Generate proof that each Pedersen Commitment in prover.OpenBitDecomposition
// is a valid commitment to either 0 or 1.
this.bitCommitmentProof = new SetMembershipProof[prover.DecompositionLength];
FieldZqElement[] memberSet = BitDecompositionProof.SetOfZeroAndOne(prover);
for (int proofIndex = 0; proofIndex < bitCommitmentProof.Length; ++proofIndex)
{
ProverSetMembershipParameters psmParameters = new ProverSetMembershipParameters(
prover.OpenBitDecomposition(proofIndex),
memberSet,
prover);
bitCommitmentProof[proofIndex] = new SetMembershipProof(psmParameters);
bitCommitmentProof[proofIndex].IsGroupSerializable = false;
}
//now create proof that actualComposedBits and parameters.OpenCommitment are
//commitments to the same value.
PedersenCommitment actualComposedBits;
if (ComposeCommitments(prover.OpenBitDecomposition(), prover.FieldZq, out actualComposedBits))
{
ProverEqualityParameters peParameters =
new ProverEqualityParameters(
actualComposedBits,
0,
prover.OpenCommitment,
0,
prover);
this.compositionProof = new EqualityProof(peParameters);
this.compositionProof.IsGroupSerializable = false;
}
else
{
throw new Exception("Could not create BitDecompositionProof.");
}
}
catch (Exception e)
{
throw e;
}
}
/// <summary>
/// Creates a bit decomposition of prover.OpenIntegerA and prover.OpenIntegerB,
/// and proofs that they are valid. Sets member fields
/// A, B, ProofBitDecompositionOfA and ProofBitDecompositionOfB.
/// </summary>
/// <param name="prover">Prover range proof parameters</param>
/// <param name="bitProverA">outputs parameters for bit decomposition proof for A</param>
/// <param name="bitProverB">outputs parameters for bit decomposition proof for B</param>
/// <returns>Array AdivB with the bit decomposition of A divided by the bit decomposition of B.</returns>
private DLRepOfGroupElement [] CreateBitDecompositionProofs(ProverRangeProofParameters prover)
{
int decompositionLength = RangeProof.ComputeDecompositionLength(prover);
// create proof for A
ProverBitDecompositionParameters bitProverA = new ProverBitDecompositionParameters(prover.RangeNormalizedOpenIntegerA, decompositionLength, prover);
this.ProofBitDecompositionOfA = new BitDecompositionProof(bitProverA);
this.A = bitProverA.ClosedBitDecomposition();
// create proof for B if it is unknown.
ProverBitDecompositionParameters bitProverB = new ProverBitDecompositionParameters(prover.RangeNormalizedOpenIntegerB, decompositionLength, prover);
if (prover.IntegerBIsKnown)
{
this.ProofBitDecompositionOfB = null;
this.B = null;
DLRepOfGroupElement[] defaultB = DefaultOpenDecompositionOfIntegerB(prover);
return(ComputeOpenAdivB(prover, bitProverA.OpenBitDecomposition(), defaultB));
}
this.ProofBitDecompositionOfB = new BitDecompositionProof(bitProverB);
this.B = bitProverB.ClosedBitDecomposition();
return(ComputeOpenAdivB(prover, bitProverA.OpenBitDecomposition(), bitProverB.OpenBitDecomposition()));
}