Replaced generic RandomOracle with explicit SHA-256 to make description of random oracle simpler for external verifiers

2017-01-21 23:07:20 +02:00 · 2017-01-21 23:07:20 +02:00 · 2744005263
parent 43d4fb75b2
commit 2744005263
8 changed files with 31 additions and 31 deletions
--- a/mixer/src/main/java/meerkat/mixer/main/Mix.java
+++ b/mixer/src/main/java/meerkat/mixer/main/Mix.java
@ -13,8 +13,6 @@ import meerkat.mixer.MixerOutput;
 import meerkat.mixer.proofs.concrete.Mix2nizk;
 import meerkat.protobuf.ConcreteCrypto;
 import meerkat.protobuf.Crypto;
 import org.factcenter.qilin.primitives.RandomOracle;
 import org.factcenter.qilin.primitives.concrete.DigestOracle;
 import org.factcenter.qilin.primitives.concrete.ECElGamal;
 import org.factcenter.qilin.primitives.concrete.ECGroup;
 import org.slf4j.Logger;
@ -30,17 +28,17 @@ import java.util.List;
 import java.util.Random;
 import static java.lang.System.exit;
 import static java.lang.System.in;
 /**
 * Command-line mixProverVerifier and verifier.
 */
 public class Mix {
    final static String DEFAULT_ECGROUP = "secp256k1";
    final static Logger logger = LoggerFactory.getLogger(Mix.class);
    public Random rand;
    public ECGroup group;
    public ECElGamalEncryption enc;
    public RandomOracle randomOracle;
    public ConcreteCrypto.ElGamalPublicKey serializedPk;
    public ECElGamal.SK secretKey;
    public Mix2nizk mixProverVerifier;
@ -49,7 +47,6 @@ public class Mix {
    public Mix() {
        rand = new SecureRandom();
        randomOracle = new DigestOracle();
        enc = new ECElGamalEncryption();
        serializedPk = null;
        secretKey = null;
@ -108,7 +105,7 @@ public class Mix {
            exit(-2);
        }
-        mixProverVerifier = new Mix2nizk(rand, enc, randomOracle);
+        mixProverVerifier = new Mix2nizk(rand, enc);
    }
    /**
@ -117,7 +114,7 @@ public class Mix {
     * @param outFile
     */
    public void createKeypair(File outFile) throws IOException {
-        group = new ECGroup("secp256k1");
+        group = new ECGroup(DEFAULT_ECGROUP);
        BigInteger sk = ECElGamal.generateSecretKey(group, rand);
        secretKey = new ECElGamal.SK(group, sk);
--- a/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java
+++ b/mixer/src/main/java/meerkat/mixer/proofs/concrete/Mix2nizk.java
@ -7,7 +7,6 @@ import meerkat.mixer.proofs.Mix2nizk.Verifier;
 import meerkat.mixer.proofs.generic.SigmaFiatShamir;
 import meerkat.protobuf.Crypto;
 import meerkat.protobuf.Mixing;
 import org.factcenter.qilin.primitives.RandomOracle;
 import org.factcenter.qilin.primitives.concrete.ECGroup;
 import java.util.Random;
@ -28,15 +27,14 @@ public class Mix2nizk implements Prover, Verifier {
    /**
     * @param rand
     * @param encryptor
     * @param randomOracle  - use for Fiat–Shamir heuristic
     */
-    public Mix2nizk(Random rand, ECElGamalEncryption encryptor, RandomOracle randomOracle) {
+    public Mix2nizk(Random rand, ECElGamalEncryption encryptor) {
        this.rand = rand;
        this.encryptor = encryptor;
        this.group = this.encryptor.getGroup();
        this.mixParams = new Statements(encryptor);
-        this.mix2NIZK =  new SigmaFiatShamir(ProtobufConcatenators.concatNIZK, randomOracle);
+        this.mix2NIZK =  new SigmaFiatShamir(ProtobufConcatenators.concatNIZK);
    }
    /**
--- a/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java
+++ b/mixer/src/main/java/meerkat/mixer/proofs/generic/SigmaFiatShamir.java
@ -3,20 +3,28 @@ package meerkat.mixer.proofs.generic;
 import com.google.protobuf.Message;
 import meerkat.mixer.proofs.Concatenator;
 import meerkat.mixer.proofs.SigmaProtocol;
 import org.factcenter.qilin.primitives.RandomOracle;
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 /**
 * Transform a Sigma protocol into a NIZK using Fiat-Shamir
 * We use SHA-256 explicitly to make it easier to verify in other codebases
 */
 public class SigmaFiatShamir<NIZKMsgType, FirstMsgType extends Message, FinalMessageType> {
-    final RandomOracle randomOracle;
+    final static String DIGEST_ALG = "SHA-256";
    final MessageDigest md;
    final Concatenator.Pair<NIZKMsgType, FirstMsgType, FinalMessageType> concat;
-    public SigmaFiatShamir(Concatenator.Pair<NIZKMsgType, FirstMsgType, FinalMessageType> concat, RandomOracle randomOracle) {
+    public SigmaFiatShamir(Concatenator.Pair<NIZKMsgType, FirstMsgType, FinalMessageType> concat) {
        this.concat = concat;
-        this.randomOracle = randomOracle;
+        try {
            md = MessageDigest.getInstance(DIGEST_ALG);
        } catch (NoSuchAlgorithmException e) {
            // Should never happen
            throw new RuntimeException("Error in instantiating " + DIGEST_ALG + " digest", e);
        }
    }
    /**
@ -24,21 +32,24 @@ public class SigmaFiatShamir<NIZKMsgType, FirstMsgType extends Message, FinalMes
     * @param input - protobuf contains all parameters from the first step of the current proof
     * @return randomOracle.hash(input)
     */
-    public static BigInteger hash(Message input, RandomOracle randomOracle) {
+    public BigInteger hash(Message input) {
        md.reset();
        byte[] arr = input.toByteArray();
-        return new BigInteger(1,randomOracle.hash(arr,arr.length));
+        byte[] digest = md.digest(arr);
        return new BigInteger(1,digest);
    }
    public NIZKMsgType generateNizk(SigmaProtocol.Prover<FirstMsgType, FinalMessageType> prover) {
        FirstMsgType firstMessage = prover.getFirstMessage();
-        BigInteger challenge = hash(firstMessage, randomOracle);
+        BigInteger challenge = hash(firstMessage);
        FinalMessageType finalMessage = prover.getFinalMessage(challenge);
        return concat.concatenate(firstMessage, finalMessage);
    }
    public boolean verifyNizk(NIZKMsgType NIZK, SigmaProtocol.Verifier<FirstMsgType, FinalMessageType> verifier) {
        FirstMsgType firstMessage = concat.getMsg1(NIZK);
-        BigInteger challenge = hash(firstMessage, randomOracle);
+        BigInteger challenge = hash(firstMessage);
        return verifier.verify(firstMessage, challenge, concat.getMsg2(NIZK));
    }
 }
--- a/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java
+++ b/mixer/src/test/java/meerkat/mixer/ECParamTestBase.java
@ -21,7 +21,6 @@ public class ECParamTestBase {
    public ECElGamal.SK key;
    public ECGroup group;
    public ECElGamalEncryption enc;
    public RandomOracle randomOracle = new DigestOracle();
    public ConcreteCrypto.ElGamalPublicKey serializedPk;
    public ECParamTestBase()  {
--- a/mixer/src/test/java/meerkat/mixer/MixingTest.java
+++ b/mixer/src/test/java/meerkat/mixer/MixingTest.java
@ -29,7 +29,7 @@ public class MixingTest extends ECParamTestBase {
        random = new Random(1);
        randomMixer = new Random(2);
        randomProver = new Random(3);
-        mix2nizk = new Mix2nizk(randomProver, enc,randomOracle);
+        mix2nizk = new Mix2nizk(randomProver, enc);
        mixer = new MixGenerator(mix2nizk, enc);
        // generate n
--- a/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java
+++ b/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java
@ -2,8 +2,6 @@ package meerkat.mixer.proofs;
 import com.google.protobuf.Message;
 import meerkat.mixer.proofs.generic.SigmaFiatShamir;
 import org.factcenter.qilin.primitives.RandomOracle;
 import org.factcenter.qilin.primitives.concrete.DigestOracle;
 import org.factcenter.qilin.util.Pair;
 import org.junit.Before;
 import org.junit.Test;
@ -11,7 +9,7 @@ import org.junit.Test;
 import java.math.BigInteger;
 import java.util.Random;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;
 /**
 * Generic test for Sigma Protocol
@ -19,8 +17,6 @@ import static org.junit.Assert.*;
 abstract public class SigmaProtocolTest<M1 extends Message, M2> {
    public final int NUM_REPEAT = 10;
    final protected RandomOracle randomOracle = new DigestOracle();
    abstract protected void generateRandomTrueStatement();
    abstract protected void generateRandomFalseStatement();
@ -97,7 +93,7 @@ abstract public class SigmaProtocolTest<M1 extends Message, M2> {
        for (int i = 0; i < NUM_REPEAT; ++i) {
            generateRandomTrueStatement();
-            SigmaFiatShamir<Pair<M1,M2>, M1, M2> fiatShamir = new SigmaFiatShamir<Pair<M1,M2>, M1, M2>(nizkConcat, randomOracle);
+            SigmaFiatShamir<Pair<M1,M2>, M1, M2> fiatShamir = new SigmaFiatShamir<Pair<M1,M2>, M1, M2>(nizkConcat);
            prover = getNewProver();
            Pair<M1,M2> nizk = fiatShamir.generateNizk(prover);
--- a/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java
+++ b/mixer/src/test/java/meerkat/mixer/proofs/concrete/Mix2ProofTest.java
@ -26,7 +26,7 @@ public class Mix2ProofTest extends ECParamTestBase {
    @Before
    public void setup() throws Exception {
-        nizk = new Mix2nizk(rand, enc, randomOracle);
+        nizk = new Mix2nizk(rand, enc);
        verifier = nizk;
        prover = nizk;
    }
--- a/mixer/src/test/java/profiling/ZeroKnowledgeProof.java
+++ b/mixer/src/test/java/profiling/ZeroKnowledgeProof.java
@ -35,15 +35,14 @@ public class ZeroKnowledgeProof {
    Crypto.RerandomizableEncryptedMessage[] reencryptedMessage;
    public void setup() throws Exception {
-        rand = new Random();
+        rand = new Random(1);
        group = new ECGroup("secp256k1");
        BigInteger sk = ECElGamal.generateSecretKey(group, rand);
        key = new ECElGamal.SK(group, sk);
        serializedPk = Util.encodePK(group, key);
        enc = new ECElGamalEncryption();
        enc.init(serializedPk);
-        RandomOracle randomOracle = new DigestOracle();
+        prover = new Mix2nizk(rand,enc);
        prover = new Mix2nizk(new Random(),enc,randomOracle);
        int LogVotes = 12;
        int layers = 2*LogVotes - 1;
        n = layers * (1<<LogVotes) / 2;