From 2744005263f18fa834c972a7710515fce3dc3939 Mon Sep 17 00:00:00 2001 From: Tal Moran Date: Sat, 21 Jan 2017 23:07:20 +0200 Subject: [PATCH] Replaced generic RandomOracle with explicit SHA-256 to make description of random oracle simpler for external verifiers --- .../src/main/java/meerkat/mixer/main/Mix.java | 11 +++----- .../mixer/proofs/concrete/Mix2nizk.java | 6 ++--- .../mixer/proofs/generic/SigmaFiatShamir.java | 27 +++++++++++++------ .../java/meerkat/mixer/ECParamTestBase.java | 1 - .../test/java/meerkat/mixer/MixingTest.java | 2 +- .../mixer/proofs/SigmaProtocolTest.java | 8 ++---- .../mixer/proofs/concrete/Mix2ProofTest.java | 2 +- .../java/profiling/ZeroKnowledgeProof.java | 5 ++-- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/mixer/src/main/java/meerkat/mixer/main/Mix.java b/mixer/src/main/java/meerkat/mixer/main/Mix.java index 03cc467..dc67dbd 100644 --- a/mixer/src/main/java/meerkat/mixer/main/Mix.java +++ b/mixer/src/main/java/meerkat/mixer/main/Mix.java @@ -13,8 +13,6 @@ import meerkat.mixer.MixerOutput; import meerkat.mixer.proofs.concrete.Mix2nizk; import meerkat.protobuf.ConcreteCrypto; import meerkat.protobuf.Crypto; -import org.factcenter.qilin.primitives.RandomOracle; -import org.factcenter.qilin.primitives.concrete.DigestOracle; import org.factcenter.qilin.primitives.concrete.ECElGamal; import org.factcenter.qilin.primitives.concrete.ECGroup; import org.slf4j.Logger; @@ -30,17 +28,17 @@ import java.util.List; import java.util.Random; import static java.lang.System.exit; -import static java.lang.System.in; /** * Command-line mixProverVerifier and verifier. */ public class Mix { + final static String DEFAULT_ECGROUP = "secp256k1"; final static Logger logger = LoggerFactory.getLogger(Mix.class); + public Random rand; public ECGroup group; public ECElGamalEncryption enc; - public RandomOracle randomOracle; public ConcreteCrypto.ElGamalPublicKey serializedPk; public ECElGamal.SK secretKey; public Mix2nizk mixProverVerifier; @@ -49,7 +47,6 @@ public class Mix { public Mix() { rand = new SecureRandom(); - randomOracle = new DigestOracle(); enc = new ECElGamalEncryption(); serializedPk = null; secretKey = null; @@ -108,7 +105,7 @@ public class Mix { exit(-2); } - mixProverVerifier = new Mix2nizk(rand, enc, randomOracle); + mixProverVerifier = new Mix2nizk(rand, enc); } /** @@ -117,7 +114,7 @@ public class Mix { * @param outFile */ public void createKeypair(File outFile) throws IOException { - group = new ECGroup("secp256k1"); + group = new ECGroup(DEFAULT_ECGROUP); BigInteger sk = ECElGamal.generateSecretKey(group, rand); secretKey = new ECElGamal.SK(group, sk); diff --git a/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java b/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java index 5e43851..93b8d24 100644 --- a/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java @@ -7,7 +7,6 @@ import meerkat.mixer.proofs.Mix2nizk.Verifier; import meerkat.mixer.proofs.generic.SigmaFiatShamir; import meerkat.protobuf.Crypto; import meerkat.protobuf.Mixing; -import org.factcenter.qilin.primitives.RandomOracle; import org.factcenter.qilin.primitives.concrete.ECGroup; import java.util.Random; @@ -28,15 +27,14 @@ public class Mix2nizk implements Prover, Verifier { /** * @param rand * @param encryptor - * @param randomOracle - use for Fiat–Shamir heuristic */ - public Mix2nizk(Random rand, ECElGamalEncryption encryptor, RandomOracle randomOracle) { + public Mix2nizk(Random rand, ECElGamalEncryption encryptor) { this.rand = rand; this.encryptor = encryptor; this.group = this.encryptor.getGroup(); this.mixParams = new Statements(encryptor); - this.mix2NIZK = new SigmaFiatShamir(ProtobufConcatenators.concatNIZK, randomOracle); + this.mix2NIZK = new SigmaFiatShamir(ProtobufConcatenators.concatNIZK); } /** diff --git a/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java b/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java index 80085c0..9275fd0 100644 --- a/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java @@ -3,20 +3,28 @@ package meerkat.mixer.proofs.generic; import com.google.protobuf.Message; import meerkat.mixer.proofs.Concatenator; import meerkat.mixer.proofs.SigmaProtocol; -import org.factcenter.qilin.primitives.RandomOracle; import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; /** * Transform a Sigma protocol into a NIZK using Fiat-Shamir + * We use SHA-256 explicitly to make it easier to verify in other codebases */ public class SigmaFiatShamir { - final RandomOracle randomOracle; + final static String DIGEST_ALG = "SHA-256"; + final MessageDigest md; final Concatenator.Pair concat; - public SigmaFiatShamir(Concatenator.Pair concat, RandomOracle randomOracle) { + public SigmaFiatShamir(Concatenator.Pair concat) { this.concat = concat; - this.randomOracle = randomOracle; + try { + md = MessageDigest.getInstance(DIGEST_ALG); + } catch (NoSuchAlgorithmException e) { + // Should never happen + throw new RuntimeException("Error in instantiating " + DIGEST_ALG + " digest", e); + } } /** @@ -24,21 +32,24 @@ public class SigmaFiatShamir prover) { FirstMsgType firstMessage = prover.getFirstMessage(); - BigInteger challenge = hash(firstMessage, randomOracle); + BigInteger challenge = hash(firstMessage); FinalMessageType finalMessage = prover.getFinalMessage(challenge); return concat.concatenate(firstMessage, finalMessage); } public boolean verifyNizk(NIZKMsgType NIZK, SigmaProtocol.Verifier verifier) { FirstMsgType firstMessage = concat.getMsg1(NIZK); - BigInteger challenge = hash(firstMessage, randomOracle); + BigInteger challenge = hash(firstMessage); return verifier.verify(firstMessage, challenge, concat.getMsg2(NIZK)); } } diff --git a/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java b/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java index 0c187cf..23b9c62 100644 --- a/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java +++ b/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java @@ -21,7 +21,6 @@ public class ECParamTestBase { public ECElGamal.SK key; public ECGroup group; public ECElGamalEncryption enc; - public RandomOracle randomOracle = new DigestOracle(); public ConcreteCrypto.ElGamalPublicKey serializedPk; public ECParamTestBase() { diff --git a/mixer/src/test/java/meerkat/mixer/MixingTest.java b/mixer/src/test/java/meerkat/mixer/MixingTest.java index 344e42f..d424a0b 100644 --- a/mixer/src/test/java/meerkat/mixer/MixingTest.java +++ b/mixer/src/test/java/meerkat/mixer/MixingTest.java @@ -29,7 +29,7 @@ public class MixingTest extends ECParamTestBase { random = new Random(1); randomMixer = new Random(2); randomProver = new Random(3); - mix2nizk = new Mix2nizk(randomProver, enc,randomOracle); + mix2nizk = new Mix2nizk(randomProver, enc); mixer = new MixGenerator(mix2nizk, enc); // generate n diff --git a/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java b/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java index 01b18d8..2bcddf2 100644 --- a/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java +++ b/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java @@ -2,8 +2,6 @@ package meerkat.mixer.proofs; import com.google.protobuf.Message; import meerkat.mixer.proofs.generic.SigmaFiatShamir; -import org.factcenter.qilin.primitives.RandomOracle; -import org.factcenter.qilin.primitives.concrete.DigestOracle; import org.factcenter.qilin.util.Pair; import org.junit.Before; import org.junit.Test; @@ -11,7 +9,7 @@ import org.junit.Test; import java.math.BigInteger; import java.util.Random; -import static org.junit.Assert.*; +import static org.junit.Assert.assertTrue; /** * Generic test for Sigma Protocol @@ -19,8 +17,6 @@ import static org.junit.Assert.*; abstract public class SigmaProtocolTest { public final int NUM_REPEAT = 10; - final protected RandomOracle randomOracle = new DigestOracle(); - abstract protected void generateRandomTrueStatement(); abstract protected void generateRandomFalseStatement(); @@ -97,7 +93,7 @@ abstract public class SigmaProtocolTest { for (int i = 0; i < NUM_REPEAT; ++i) { generateRandomTrueStatement(); - SigmaFiatShamir, M1, M2> fiatShamir = new SigmaFiatShamir, M1, M2>(nizkConcat, randomOracle); + SigmaFiatShamir, M1, M2> fiatShamir = new SigmaFiatShamir, M1, M2>(nizkConcat); prover = getNewProver(); Pair nizk = fiatShamir.generateNizk(prover); diff --git a/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java b/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java index d4c4b77..ff3cac9 100644 --- a/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java +++ b/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java @@ -26,7 +26,7 @@ public class Mix2ProofTest extends ECParamTestBase { @Before public void setup() throws Exception { - nizk = new Mix2nizk(rand, enc, randomOracle); + nizk = new Mix2nizk(rand, enc); verifier = nizk; prover = nizk; } diff --git a/mixer/src/test/java/profiling/ZeroKnowledgeProof.java b/mixer/src/test/java/profiling/ZeroKnowledgeProof.java index acd89c0..b477a9f 100644 --- a/mixer/src/test/java/profiling/ZeroKnowledgeProof.java +++ b/mixer/src/test/java/profiling/ZeroKnowledgeProof.java @@ -35,15 +35,14 @@ public class ZeroKnowledgeProof { Crypto.RerandomizableEncryptedMessage[] reencryptedMessage; public void setup() throws Exception { - rand = new Random(); + rand = new Random(1); group = new ECGroup("secp256k1"); BigInteger sk = ECElGamal.generateSecretKey(group, rand); key = new ECElGamal.SK(group, sk); serializedPk = Util.encodePK(group, key); enc = new ECElGamalEncryption(); enc.init(serializedPk); - RandomOracle randomOracle = new DigestOracle(); - prover = new Mix2nizk(new Random(),enc,randomOracle); + prover = new Mix2nizk(rand,enc); int LogVotes = 12; int layers = 2*LogVotes - 1; n = layers * (1<