From 1baa567d8e79f9a289ff23953518e9450616d90d Mon Sep 17 00:00:00 2001 From: Tal Moran Date: Tue, 1 Nov 2016 18:03:53 +0200 Subject: [PATCH] Starting to review and refactor mixer --- .../java/meerkat/mixer/main/BatchHandler.java | 2 +- .../ECElGamalMixProof.java} | 176 +++++++++--------- .../mixer/{prover => proofs}/Prover.java | 78 ++++---- .../mixer/{verifier => proofs}/Verifier.java | 42 ++--- .../{verifier => proofs}/VerifyTable.java | 2 +- .../ZeroKnowledgeOrProofParser.java | 2 +- .../java/meerkat/mixer/CreateTestVector.java | 6 +- .../test/java/meerkat/mixer/MixingTest.java | 6 +- .../meerkat/mixer/ZeroKnowledgeProofTest.java | 4 +- .../java/profiling/ZeroKnowledgeProof.java | 2 +- 10 files changed, 158 insertions(+), 162 deletions(-) rename mixer/src/main/java/meerkat/mixer/{prover/ElGamalProofOrganizer.java => proofs/ECElGamalMixProof.java} (60%) rename mixer/src/main/java/meerkat/mixer/{prover => proofs}/Prover.java (79%) rename mixer/src/main/java/meerkat/mixer/{verifier => proofs}/Verifier.java (67%) rename mixer/src/main/java/meerkat/mixer/{verifier => proofs}/VerifyTable.java (99%) rename mixer/src/main/java/meerkat/mixer/{verifier => proofs}/ZeroKnowledgeOrProofParser.java (99%) diff --git a/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java b/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java index 8356475..28892fa 100644 --- a/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java +++ b/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java @@ -5,7 +5,7 @@ import meerkat.crypto.mixnet.MixerOutput; import meerkat.protobuf.Crypto; import meerkat.mixer.necessary.AsyncBulletinBoardClient; import meerkat.mixer.necessary.CompleteBatch; -import meerkat.mixer.verifier.VerifyTable; +import meerkat.mixer.proofs.VerifyTable; import java.util.Arrays; import java.util.List; diff --git a/mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java b/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProof.java similarity index 60% rename from mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java rename to mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProof.java index 153dc12..bb41856 100644 --- a/mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProof.java @@ -1,4 +1,4 @@ -package meerkat.mixer.prover; +package meerkat.mixer.proofs; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; @@ -11,9 +11,9 @@ import org.factcenter.qilin.primitives.concrete.ECGroup; /** * use for organize the input for each ZKP * - * both meerkat.mixer.prover and meerkat.mixer.verifier implantation are using it + * both meerkat.mixer.proofs and meerkat.mixer.verifier implementation use it */ -public class ElGamalProofOrganizer { +public class ECElGamalMixProof { private final ECGroup group; private final ECPoint g; @@ -26,7 +26,7 @@ public class ElGamalProofOrganizer { * @param g - generator of group * @param h - h = g ^ SecretKey */ - public ElGamalProofOrganizer(ECGroup group, ECPoint g, ECPoint h){ + public ECElGamalMixProof(ECGroup group, ECPoint g, ECPoint h){ this.group = group; this.g = g; this.h = h; @@ -34,20 +34,16 @@ public class ElGamalProofOrganizer { this.hEncoded = group.encode(h); } - public enum OrProofOrder { - first, second, third, fourth - } - public enum TrueCouple { left, right, unknown } /** - * can be used by meerkat.mixer.prover only + * can be used by meerkat.mixer.proofs only * * call to the meerkat.mixer.main overload with flag = true */ - protected ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 + protected Statement createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2 , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched) throws InvalidProtocolBufferException { @@ -60,7 +56,7 @@ public class ElGamalProofOrganizer { * * call to the meerkat.mixer.main overload with flag = false */ - public ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 + public Statement createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2) throws InvalidProtocolBufferException { // flag = false; @@ -71,14 +67,14 @@ public class ElGamalProofOrganizer { * inner method * convert each encrypted message to ElGamalCiphertext * - * @param flag - true if called by meerkat.mixer.prover ( r1,r2,switched are known) + * @param flag - true if called by meerkat.mixer.proofs ( r1,r2,switched are known) * @return ElGamalProofInput * @throws InvalidProtocolBufferException - in case that at least one of the encrypted messages isn't * ElGamalCiphertext */ - private ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 + private Statement createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2 - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched,boolean flag) + , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched, boolean flag) throws InvalidProtocolBufferException { //convert RerandomizableEncryptedMessage to ElGamalCiphertext @@ -88,47 +84,70 @@ public class ElGamalProofOrganizer { ConcreteCrypto.ElGamalCiphertext out2ElGamal = ECElGamalEncryption.RerandomizableEncryptedMessage2ElGamalCiphertext(out2); if(flag) { - return new ElGamalProofInput(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal, r1, r2, switched); + return new Statement(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal, r1, r2, switched); }else { - return new ElGamalProofInput(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal); + return new Statement(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal); } } /** - * can be construct by instance of organizer only by calling createProofInput method (all constructors are private) + * Statement to be proved. The statement consists of the four substatements that are ORs of the DLOG equality. * - * in construction it use for preparing the input for prove, while avoiding double converting or calculations + * This can be constructed only by calling createProofInput method on an instance of ECElGamalMixProof (all constructors are private) + * + * in construction it is used for preparing the input for proving, while avoiding double converting or calculations * * use as a container for 4 OrProofInput. */ - public class ElGamalProofInput { + public class Statement { + private final OrStatement first; + private final OrStatement second; + private final OrStatement third; + private final OrStatement fourth; - private final OrProofInput first; - private final OrProofInput second; - private final OrProofInput third; - private final OrProofInput fourth; - private ECPoint convert2ECPoint(ByteString bs){ + public OrStatement getFirst() { + return first; + } + + public OrStatement getSecond() { + return second; + } + + public OrStatement getThird() { + return third; + } + + public OrStatement getFourth() { + return fourth; + } + + /** + * Decode from the serialized representation to an {@link ECPoint} object. + * @param bs + * @return + */ + private ECPoint decodeECPoint(ByteString bs){ return group.decode(bs.toByteArray()); } /** - * @param flag - true if called by meerkat.mixer.prover ( r1,r2,switched are known) + * @param proving - true if called by meerkat.mixer.proofs ( r1,r2,switched are known) */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 + private Statement(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched,boolean flag){ + , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched, boolean proving){ - ECPoint e1c1 = convert2ECPoint(e1.getC1()); - ECPoint e1c2 = convert2ECPoint(e1.getC2()); - ECPoint e2c1 = convert2ECPoint(e2.getC1()); - ECPoint e2c2 = convert2ECPoint(e2.getC2()); - ECPoint e1Nc1 = convert2ECPoint(e1New.getC1()); - ECPoint e1Nc2 = convert2ECPoint(e1New.getC2()); - ECPoint e2Nc1 = convert2ECPoint(e2New.getC1()); - ECPoint e2Nc2 = convert2ECPoint(e2New.getC2()); + ECPoint e1c1 = decodeECPoint(e1.getC1()); + ECPoint e1c2 = decodeECPoint(e1.getC2()); + ECPoint e2c1 = decodeECPoint(e2.getC1()); + ECPoint e2c2 = decodeECPoint(e2.getC2()); + ECPoint e1Nc1 = decodeECPoint(e1New.getC1()); + ECPoint e1Nc2 = decodeECPoint(e1New.getC2()); + ECPoint e2Nc1 = decodeECPoint(e2New.getC1()); + ECPoint e2Nc2 = decodeECPoint(e2New.getC2()); ECPoint c1_e1NDive1 = group.add(e1Nc1, group.negate(e1c1)); ECPoint c1_e2NDive1 = group.add(e2Nc1, group.negate(e1c1)); @@ -141,14 +160,12 @@ public class ElGamalProofOrganizer { ECPoint c2_e2NDive2 = group.add(e2Nc2, group.negate(e2c2)); - if(!flag){ - - this.first = new OrProofInput(c1_e1NDive1,c2_e1NDive1,c1_e1NDive2,c2_e1NDive2); - this.second = new OrProofInput(c1_e1NDive1,c2_e1NDive1,c1_e2NDive1,c2_e2NDive1); - this.third = new OrProofInput(c1_e1NDive2,c2_e1NDive2,c1_e2NDive2,c2_e2NDive2); - this.fourth = new OrProofInput(c1_e2NDive1,c2_e2NDive1,c1_e2NDive2,c2_e2NDive2); - - }else { + if(!proving) { + this.first = new OrStatement(c1_e1NDive1,c2_e1NDive1,c1_e1NDive2,c2_e1NDive2); + this.second = new OrStatement(c1_e1NDive1,c2_e1NDive1,c1_e2NDive1,c2_e2NDive1); + this.third = new OrStatement(c1_e1NDive2,c2_e1NDive2,c1_e2NDive2,c2_e2NDive2); + this.fourth = new OrStatement(c1_e2NDive1,c2_e2NDive1,c1_e2NDive2,c2_e2NDive2); + } else { byte[] c1_e1NDive1Encoded = group.encode(c1_e1NDive1); byte[] c1_e2NDive1Encoded = group.encode(c1_e2NDive1); @@ -161,29 +178,29 @@ public class ElGamalProofOrganizer { if (!switched) { - this.first = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 + this.first = new OrStatement(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e1NDive2Encoded, c2_e1NDive2Encoded , r1, TrueCouple.left); - this.second = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 + this.second = new OrStatement(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e2NDive1Encoded, c2_e2NDive1Encoded , r1, TrueCouple.left); - this.third = new OrProofInput(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 + this.third = new OrStatement(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 , c1_e1NDive2Encoded, c2_e1NDive2Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded , r2, TrueCouple.right); - this.fourth = new OrProofInput(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 + this.fourth = new OrStatement(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 , c1_e2NDive1Encoded, c2_e2NDive1Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded , r2, TrueCouple.right); } else { - this.first = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 + this.first = new OrStatement(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e1NDive2Encoded, c2_e1NDive2Encoded , r2, TrueCouple.right); - this.second = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 + this.second = new OrStatement(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e2NDive1Encoded, c2_e2NDive1Encoded , r1, TrueCouple.right); - this.third = new OrProofInput(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 + this.third = new OrStatement(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 , c1_e1NDive2Encoded, c2_e1NDive2Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded , r2, TrueCouple.left); - this.fourth = new OrProofInput(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 + this.fourth = new OrStatement(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 , c1_e2NDive1Encoded, c2_e2NDive1Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded , r1, TrueCouple.left); } @@ -192,57 +209,38 @@ public class ElGamalProofOrganizer { /** - * used by the meerkat.mixer.prover - * call to the meerkat.mixer.main constructor with flag = true + * used by the meerkat.mixer.proofs + * call to the meerkat.mixer.main constructor with proving = true */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 + private Statement(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched){ - //flag = true; + //proving = true; this(e1,e2,e1New,e2New,r1,r2,switched,true); } /** - * used by meerkat.mixer.prover - * call to the meerkat.mixer.main constructor with flag = true + * used by meerkat.mixer.proofs + * call to the meerkat.mixer.main constructor with proving = false */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 + private Statement(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New){ - //flag = false; + //proving = false; this(e1,e2,e1New,e2New,null,null,false,false); } - - /** - * getter for all 4 OrProofInputs - * - * @param orProofOrder - * @return the required OrProof - */ - public OrProofInput getOrProofInput(OrProofOrder orProofOrder) { - switch (orProofOrder) { - - case first: - return this.first; - case second: - return this.second; - case third: - return this.third; - case fourth: - return this.fourth; - } - return null; - } } /** - * can't be constructed (all constructors are private) + * The statement of a single disjunction to be proved: + * Either there exists x s.t (g1 ^ x == h1 and g2 ^ x == h2) or there exists x s.t. (g1' ^ x == h1 and g2' ^ x == h2) * - * 4 instances will be constructed for each new ElGamalProofInput + * The statement can't be constructed externally (all constructors are private) + * + * 4 instances will be constructed for each new {@link ECElGamalMixProof.Statement} * - * container for all meerkat.mixer.necessary inputs for single OrProof */ - public class OrProofInput{ + public class OrStatement { public final ECPoint g1; public final ECPoint h1; public final ECPoint g2; @@ -252,7 +250,7 @@ public class ElGamalProofOrganizer { public final ECPoint g2Tag; public final ECPoint h2Tag; - // can be access by meerkat.mixer.prover only + // can be access by meerkat.mixer.proofs only protected final byte[] g1Encoded; protected final byte[] h1Encoded; protected final byte[] g2Encoded; @@ -265,10 +263,10 @@ public class ElGamalProofOrganizer { protected final TrueCouple flag; /** - * used by meerkat.mixer.prover only + * used by meerkat.mixer.proofs only */ - private OrProofInput(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag - ,byte[] h1Encoded, byte[] h2Encoded, byte[] h1TagEncoded, byte[] h2TagEncoded + private OrStatement(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag + , byte[] h1Encoded, byte[] h2Encoded, byte[] h1TagEncoded, byte[] h2TagEncoded , Crypto.EncryptionRandomness x, TrueCouple flag) { this.g1 = g; this.h1 = h1; @@ -296,7 +294,7 @@ public class ElGamalProofOrganizer { /** * used by meerkat.mixer.verifier */ - private OrProofInput(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag) { + private OrStatement(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag) { this(h1,h2,h1Tag,h2Tag,null,null,null,null,null,TrueCouple.unknown); } } diff --git a/mixer/src/main/java/meerkat/mixer/prover/Prover.java b/mixer/src/main/java/meerkat/mixer/proofs/Prover.java similarity index 79% rename from mixer/src/main/java/meerkat/mixer/prover/Prover.java rename to mixer/src/main/java/meerkat/mixer/proofs/Prover.java index d540974..5465c9c 100644 --- a/mixer/src/main/java/meerkat/mixer/prover/Prover.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/Prover.java @@ -1,4 +1,4 @@ -package meerkat.mixer.prover; +package meerkat.mixer.proofs; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; @@ -26,7 +26,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { private final ECElGamalEncryption encryptor; private final ECPoint g,h; private final BigInteger groupOrderUpperBound; - private final ElGamalProofOrganizer organizer; + private final ECElGamalMixProof organizer; /** * @param rand @@ -41,7 +41,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { this.group = this.encryptor.getGroup(); this.g = group.getGenerator(); this.h = this.encryptor.getElGamalPK().getPK(); - this.organizer = new ElGamalProofOrganizer(group,g,h); + this.organizer = new ECElGamalMixProof(group,g,h); this.groupOrderUpperBound = group.orderUpperBound(); } @@ -68,12 +68,12 @@ public class Prover implements Mix2ZeroKnowledgeProver { Crypto.EncryptionRandomness r2) throws InvalidProtocolBufferException { Mixing.ZeroKnowledgeProof.OrProof first,second,third,fourth; - ElGamalProofOrganizer.ElGamalProofInput input = organizer.createProofInput(in1,in2,out1,out2,r1,r2,sw); + ECElGamalMixProof.Statement statement = organizer.createProofInput(in1,in2,out1,out2,r1,r2,sw); - first = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.first)); - second = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.second)); - third = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.third)); - fourth = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.fourth)); + first = createOrProofElGamal(statement.getFirst()); + second = createOrProofElGamal(statement.getSecond()); + third = createOrProofElGamal(statement.getThird()); + fourth = createOrProofElGamal(statement.getFourth()); Mixing.ZeroKnowledgeProof.Location location = Mixing.ZeroKnowledgeProof.Location.newBuilder() .setI(i) @@ -94,7 +94,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { /** * Fiat–Shamir heuristic - * @param input - protobuf contains all parameters from the first step of the current prove + * @param input - protobuf contains all parameters from the first step of the current proof * @param randomOracle * @return randomOracle.hash(input) */ @@ -105,21 +105,21 @@ public class Prover implements Mix2ZeroKnowledgeProver { /** - * @param orProofInput + * @param orStatement * @return ZKP OrProof: there exists x s.t (g1 ^ x == h1 and g2 ^ x == h2) or (g1' ^ x == h1 and g2' ^ x == h2) - * assuming DLog is hard in this.group then that proves x is known for the meerkat.mixer.prover + * assuming DLog is hard in this.group then that proves x is known for the meerkat.mixer.proofs */ - private Mixing.ZeroKnowledgeProof.OrProof createOrProofElGamal(ElGamalProofOrganizer.OrProofInput orProofInput) { + private Mixing.ZeroKnowledgeProof.OrProof createOrProofElGamal(ECElGamalMixProof.OrStatement orStatement) { - ECPoint g1 = orProofInput.g1; - ECPoint h1 = orProofInput.h1; - ECPoint g2 = orProofInput.g2; - ECPoint h2 = orProofInput.h2; + ECPoint g1 = orStatement.g1; + ECPoint h1 = orStatement.h1; + ECPoint g2 = orStatement.g2; + ECPoint h2 = orStatement.h2; - ECPoint g1Tag = orProofInput.g1Tag; - ECPoint h1Tag = orProofInput.h1Tag; - ECPoint g2Tag = orProofInput.g2Tag; - ECPoint h2Tag = orProofInput.h2Tag; + ECPoint g1Tag = orStatement.g1Tag; + ECPoint h1Tag = orStatement.h1Tag; + ECPoint g2Tag = orStatement.g2Tag; + ECPoint h2Tag = orStatement.h2Tag; BigInteger r = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); BigInteger c1,c2,z,zTag; @@ -127,7 +127,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle; - switch (orProofInput.flag) { + switch (orStatement.flag) { case left: c2 = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); zTag = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); @@ -140,14 +140,14 @@ public class Prover implements Mix2ZeroKnowledgeProver { // c1 = (hash(input + step1) + group size - c2)% group size forRandomOracle = Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() - .setG1(ByteString.copyFrom(orProofInput.g1Encoded)) - .setH1(ByteString.copyFrom(orProofInput.h1Encoded)) - .setG2(ByteString.copyFrom(orProofInput.g2Encoded)) - .setH2(ByteString.copyFrom(orProofInput.h2Encoded)) - .setG1Tag(ByteString.copyFrom(orProofInput.g1TagEncoded)) - .setH1Tag(ByteString.copyFrom(orProofInput.h1TagEncoded)) - .setG2Tag(ByteString.copyFrom(orProofInput.g2TagEncoded)) - .setH2Tag(ByteString.copyFrom(orProofInput.h2TagEncoded)) + .setG1(ByteString.copyFrom(orStatement.g1Encoded)) + .setH1(ByteString.copyFrom(orStatement.h1Encoded)) + .setG2(ByteString.copyFrom(orStatement.g2Encoded)) + .setH2(ByteString.copyFrom(orStatement.h2Encoded)) + .setG1Tag(ByteString.copyFrom(orStatement.g1TagEncoded)) + .setH1Tag(ByteString.copyFrom(orStatement.h1TagEncoded)) + .setG2Tag(ByteString.copyFrom(orStatement.g2TagEncoded)) + .setH2Tag(ByteString.copyFrom(orStatement.h2TagEncoded)) .setU(ByteString.copyFrom(group.encode(u))) .setV(ByteString.copyFrom(group.encode(v))) .setUTag(ByteString.copyFrom(group.encode(uTag))) @@ -156,7 +156,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { c1 = hash(forRandomOracle,randomOracle).add(group.orderUpperBound().subtract(c2)).mod(groupOrderUpperBound); //step 3 //z = (r + c1 * x) % group size; - z = r.add(c1.multiply(encryptor.extractRandomness(orProofInput.x))).mod(groupOrderUpperBound); + z = r.add(c1.multiply(encryptor.extractRandomness(orStatement.x))).mod(groupOrderUpperBound); break; case right: c1 = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); @@ -170,14 +170,14 @@ public class Prover implements Mix2ZeroKnowledgeProver { // c1 = (hash(input + step1) + group size - c1)% group size forRandomOracle = Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() - .setG1(ByteString.copyFrom(orProofInput.g1Encoded)) - .setH1(ByteString.copyFrom(orProofInput.h1Encoded)) - .setG2(ByteString.copyFrom(orProofInput.g2Encoded)) - .setH2(ByteString.copyFrom(orProofInput.h2Encoded)) - .setG1Tag(ByteString.copyFrom(orProofInput.g1TagEncoded)) - .setH1Tag(ByteString.copyFrom(orProofInput.h1TagEncoded)) - .setG2Tag(ByteString.copyFrom(orProofInput.g2TagEncoded)) - .setH2Tag(ByteString.copyFrom(orProofInput.h2TagEncoded)) + .setG1(ByteString.copyFrom(orStatement.g1Encoded)) + .setH1(ByteString.copyFrom(orStatement.h1Encoded)) + .setG2(ByteString.copyFrom(orStatement.g2Encoded)) + .setH2(ByteString.copyFrom(orStatement.h2Encoded)) + .setG1Tag(ByteString.copyFrom(orStatement.g1TagEncoded)) + .setH1Tag(ByteString.copyFrom(orStatement.h1TagEncoded)) + .setG2Tag(ByteString.copyFrom(orStatement.g2TagEncoded)) + .setH2Tag(ByteString.copyFrom(orStatement.h2TagEncoded)) .setU(ByteString.copyFrom(group.encode(u))) .setV(ByteString.copyFrom(group.encode(v))) .setUTag(ByteString.copyFrom(group.encode(uTag))) @@ -186,7 +186,7 @@ public class Prover implements Mix2ZeroKnowledgeProver { c2 = hash(forRandomOracle,randomOracle).add(group.orderUpperBound().subtract(c1)).mod(groupOrderUpperBound); //step 3 //zTag = (r + c2 * x) % group size; - zTag = r.add(c2.multiply(encryptor.extractRandomness(orProofInput.x))).mod(groupOrderUpperBound); + zTag = r.add(c2.multiply(encryptor.extractRandomness(orStatement.x))).mod(groupOrderUpperBound); break; default: return null; diff --git a/mixer/src/main/java/meerkat/mixer/verifier/Verifier.java b/mixer/src/main/java/meerkat/mixer/proofs/Verifier.java similarity index 67% rename from mixer/src/main/java/meerkat/mixer/verifier/Verifier.java rename to mixer/src/main/java/meerkat/mixer/proofs/Verifier.java index ed08512..d1bd4e3 100644 --- a/mixer/src/main/java/meerkat/mixer/verifier/Verifier.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/Verifier.java @@ -1,4 +1,4 @@ -package meerkat.mixer.verifier; +package meerkat.mixer.proofs; import com.google.protobuf.InvalidProtocolBufferException; import meerkat.crypto.concrete.ECElGamalEncryption; @@ -6,8 +6,6 @@ import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; import meerkat.protobuf.Crypto; import meerkat.protobuf.Mixing; import org.bouncycastle.math.ec.ECPoint; -import meerkat.mixer.prover.ElGamalProofOrganizer; -import meerkat.mixer.prover.Prover; import org.factcenter.qilin.primitives.RandomOracle; import org.factcenter.qilin.primitives.concrete.ECGroup; @@ -20,20 +18,20 @@ public class Verifier implements Mix2ZeroKnowledgeVerifier { private final ECGroup group; private final RandomOracle randomOracle; private final ECPoint g,h; - private final ElGamalProofOrganizer organizer; + private final ECElGamalMixProof organizer; private final ZeroKnowledgeOrProofParser parser; /** * constructor - * @param encryptor should be as the encryptor used by meerkat.mixer.prover - * @param randomOracle should be as the random oracle used by meerkat.mixer.prover + * @param encryptor should be as the encryptor used by meerkat.mixer.proofs + * @param randomOracle should be as the random oracle used by meerkat.mixer.proofs */ public Verifier(ECElGamalEncryption encryptor, RandomOracle randomOracle) { this.group = encryptor.getGroup(); this.g = group.getGenerator(); this.h = encryptor.getElGamalPK().getPK(); this.randomOracle = randomOracle; - this.organizer = new ElGamalProofOrganizer(group,g,h); + this.organizer = new ECElGamalMixProof(group,g,h); this.parser = new ZeroKnowledgeOrProofParser(group); } @@ -54,32 +52,32 @@ public class Verifier implements Mix2ZeroKnowledgeVerifier { Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2, Mixing.ZeroKnowledgeProof proof) throws InvalidProtocolBufferException { - ElGamalProofOrganizer.ElGamalProofInput input = organizer.createProofInput(in1,in2,out1,out2); - return verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.first), proof.getFirst())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.second), proof.getSecond())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.third), proof.getThird())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.fourth), proof.getFourth()); + ECElGamalMixProof.Statement statement = organizer.createProofInput(in1,in2,out1,out2); + return verifyElGamaOrProof(statement.getFirst(), proof.getFirst())&& + verifyElGamaOrProof(statement.getSecond(), proof.getSecond())&& + verifyElGamaOrProof(statement.getThird(), proof.getThird())&& + verifyElGamaOrProof(statement.getFourth(), proof.getFourth()); } /** * - * @param orProofInput + * @param orStatement * @param orProof * @return verify single or proof */ - private boolean verifyElGamaOrProof(ElGamalProofOrganizer.OrProofInput orProofInput, + private boolean verifyElGamaOrProof(ECElGamalMixProof.OrStatement orStatement, Mixing.ZeroKnowledgeProof.OrProof orProof) { ZeroKnowledgeOrProofParser.ZeroKnowledgeOrProofContainer container = parser.parseOrProof(orProof); - return container.g1.equals(orProofInput.g1) && - container.h1.equals(orProofInput.h1) && - container.g2.equals(orProofInput.g2) && - container.h2.equals(orProofInput.h2) && - container.g1Tag.equals(orProofInput.g1Tag) && - container.h1Tag.equals(orProofInput.h1Tag) && - container.g2Tag.equals(orProofInput.g2Tag) && - container.h2Tag.equals(orProofInput.h2Tag) && + return container.g1.equals(orStatement.g1) && + container.h1.equals(orStatement.h1) && + container.g2.equals(orStatement.g2) && + container.h2.equals(orStatement.h2) && + container.g1Tag.equals(orStatement.g1Tag) && + container.h1Tag.equals(orStatement.h1Tag) && + container.g2Tag.equals(orStatement.g2Tag) && + container.h2Tag.equals(orStatement.h2Tag) && container.c1.add(container.c2).mod(group.orderUpperBound()) .equals(Prover.hash(container.forRandomOracle,randomOracle).mod(group.orderUpperBound())) && group.multiply(container.g1, container.z) diff --git a/mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java b/mixer/src/main/java/meerkat/mixer/proofs/VerifyTable.java similarity index 99% rename from mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java rename to mixer/src/main/java/meerkat/mixer/proofs/VerifyTable.java index 2bb3781..ac3f6a5 100644 --- a/mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/VerifyTable.java @@ -1,4 +1,4 @@ -package meerkat.mixer.verifier; +package meerkat.mixer.proofs; import com.google.protobuf.InvalidProtocolBufferException; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; diff --git a/mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java b/mixer/src/main/java/meerkat/mixer/proofs/ZeroKnowledgeOrProofParser.java similarity index 99% rename from mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java rename to mixer/src/main/java/meerkat/mixer/proofs/ZeroKnowledgeOrProofParser.java index 01ff344..bdd2b4c 100644 --- a/mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/ZeroKnowledgeOrProofParser.java @@ -1,4 +1,4 @@ -package meerkat.mixer.verifier; +package meerkat.mixer.proofs; import com.google.protobuf.ByteString; import meerkat.protobuf.Mixing; diff --git a/mixer/src/test/java/meerkat/mixer/CreateTestVector.java b/mixer/src/test/java/meerkat/mixer/CreateTestVector.java index fe45e1b..af6a865 100644 --- a/mixer/src/test/java/meerkat/mixer/CreateTestVector.java +++ b/mixer/src/test/java/meerkat/mixer/CreateTestVector.java @@ -5,9 +5,9 @@ import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; import meerkat.mixer.mixing.Mixer; import meerkat.mixer.mixing.MixerOutput; -import meerkat.mixer.prover.Prover; -import meerkat.mixer.verifier.Verifier; -import meerkat.mixer.verifier.VerifyTable; +import meerkat.mixer.proofs.Prover; +import meerkat.mixer.proofs.Verifier; +import meerkat.mixer.proofs.VerifyTable; import meerkat.protobuf.Crypto; import meerkat.protobuf.Voting; import org.factcenter.qilin.primitives.RandomOracle; diff --git a/mixer/src/test/java/meerkat/mixer/MixingTest.java b/mixer/src/test/java/meerkat/mixer/MixingTest.java index f9ec6f8..229196c 100644 --- a/mixer/src/test/java/meerkat/mixer/MixingTest.java +++ b/mixer/src/test/java/meerkat/mixer/MixingTest.java @@ -8,9 +8,9 @@ import com.google.protobuf.InvalidProtocolBufferException; import meerkat.crypto.concrete.ECElGamalEncryption; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; import meerkat.mixer.mixing.Mixer; -import meerkat.mixer.prover.Prover; -import meerkat.mixer.verifier.Verifier; -import meerkat.mixer.verifier.VerifyTable; +import meerkat.mixer.proofs.Prover; +import meerkat.mixer.proofs.Verifier; +import meerkat.mixer.proofs.VerifyTable; import meerkat.protobuf.Crypto; import meerkat.protobuf.Voting; import org.factcenter.qilin.primitives.RandomOracle; diff --git a/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java b/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java index 4f2daca..cb4d86b 100644 --- a/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java +++ b/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java @@ -5,8 +5,8 @@ import com.google.protobuf.InvalidProtocolBufferException; import meerkat.crypto.concrete.ECElGamalEncryption; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.mixer.prover.Prover; -import meerkat.mixer.verifier.Verifier; +import meerkat.mixer.proofs.Prover; +import meerkat.mixer.proofs.Verifier; import meerkat.protobuf.ConcreteCrypto; import meerkat.protobuf.Crypto; import meerkat.protobuf.Voting; diff --git a/mixer/src/test/java/profiling/ZeroKnowledgeProof.java b/mixer/src/test/java/profiling/ZeroKnowledgeProof.java index 7d38bf1..d676a34 100644 --- a/mixer/src/test/java/profiling/ZeroKnowledgeProof.java +++ b/mixer/src/test/java/profiling/ZeroKnowledgeProof.java @@ -4,7 +4,7 @@ import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; import meerkat.crypto.concrete.ECElGamalEncryption; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; -import meerkat.mixer.prover.Prover; +import meerkat.mixer.proofs.Prover; import meerkat.protobuf.ConcreteCrypto; import meerkat.protobuf.Crypto; import meerkat.protobuf.Voting;