tested version

DKG
tzlil.gon 2016-03-30 12:44:04 +03:00
parent 5f45c1f6d6
commit 5670739e49
27 changed files with 745 additions and 608 deletions

View File

@ -1,5 +1,7 @@
package Arithmetics; package Arithmetics;
import org.factcenter.qilin.primitives.concrete.Zpstar;
import java.math.BigInteger; import java.math.BigInteger;
/** /**
@ -7,9 +9,11 @@ import java.math.BigInteger;
*/ */
public class Fp implements Arithmetic<BigInteger> { public class Fp implements Arithmetic<BigInteger> {
public final BigInteger p; public final BigInteger p;
private final Zpstar zp;
public Fp(BigInteger p) { public Fp(BigInteger p) {
this.p = p; this.p = p;
this.zp = new Zpstar(p);
} }
@Override @Override
@ -24,30 +28,11 @@ public class Fp implements Arithmetic<BigInteger> {
@Override @Override
public BigInteger mul(BigInteger a,BigInteger b){ public BigInteger mul(BigInteger a,BigInteger b){
return a.multiply(b).mod(p); return zp.add(a,b);
} }
@Override @Override
public BigInteger div(BigInteger a,BigInteger b){ public BigInteger div(BigInteger a,BigInteger b){
return mul(a,inv(b)); return mul(a,zp.negate(b));
}
public BigInteger pow(BigInteger b,BigInteger e){
if (e.compareTo(BigInteger.ZERO) < 0 ) {
return pow(inv(b), e.negate());
}
BigInteger result = BigInteger.ONE;
while (e.compareTo(BigInteger.ZERO) > 0) {
if (e.testBit(0)) {
result = mul(result, b);
}
e = e.shiftRight(1);
b = mul(b, b);
}
return result;
}
public BigInteger inv(BigInteger a){
return pow(a,p.subtract(BigInteger.valueOf(2)));
} }
} }

View File

@ -9,7 +9,7 @@ public interface MessageHandler {
void handelSecretMessage(int sender, boolean isBroadcast, Message message); void handelSecretMessage(int sender, boolean isBroadcast, Message message);
void handelCommitmentMessage(int sender, boolean isBroadcast, Message message); void handelCommitmentMessage(int sender, boolean isBroadcast, Message message);
void handelComplaintMessage(int sender, boolean isBroadcast, Message message); void handelComplaintMessage(int sender, boolean isBroadcast, Message message);
void handelDoneMessage(int sender, boolean isBroadcast, Message message); //will be remove void handelDoneMessage(int sender, boolean isBroadcast, Message message);
void handelAnswerMessage(int sender, boolean isBroadcast, Message message); void handelAnswerMessage(int sender, boolean isBroadcast, Message message);
void handelAbortMessage(int sender, boolean isBroadcast, Message message); void handelAbortMessage(int sender, boolean isBroadcast, Message message);
} }

View File

@ -3,11 +3,8 @@ package FeldmanVerifiableSecretSharing;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import ShamirSecretSharing.SecretSharing; import ShamirSecretSharing.SecretSharing;
import java.util.Arrays;
import org.factcenter.qilin.primitives.Group; import org.factcenter.qilin.primitives.Group;
import org.factcenter.qilin.primitives.concrete.Zpstar; import java.util.Arrays;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Random; import java.util.Random;

View File

@ -17,7 +17,7 @@ import java.util.Set;
* Created by Tzlil on 3/14/2016. * Created by Tzlil on 3/14/2016.
*/ */
public class DistributedKeyGeneration extends VerifiableSecretSharing { public class DistributedKeyGeneration extends VerifiableSecretSharing {
public enum ComplainState{ public enum ComplaintState {
Non, Waiting,Disqualified,NonDisqualified Non, Waiting,Disqualified,NonDisqualified
} }
protected final int id; protected final int id;
@ -32,6 +32,7 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
for (int i = 1; i <= n ; i++){ for (int i = 1; i <= n ; i++){
this.parties[i - 1] = new DistributedKeyGenerationParty(i,n,t); this.parties[i - 1] = new DistributedKeyGenerationParty(i,n,t);
} }
this.parties[id - 1].share = getShare(id);
} }
protected void setParties(DistributedKeyGenerationParty[] parties){ protected void setParties(DistributedKeyGenerationParty[] parties){
@ -87,36 +88,43 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
return isValidSecret(party.share,party.commitments,id); return isValidSecret(party.share,party.commitments,id);
} }
/**
*
* @param secret
* @param commitments
* @param j
* @return verify(j,commitments,group) == g ^ secret.y mod q
*/
public boolean isValidSecret(Polynomial.Point secret, BigInteger[] commitments, int j){ public boolean isValidSecret(Polynomial.Point secret, BigInteger[] commitments, int j){
try{
BigInteger v = verify(j,commitments,group); BigInteger v = verify(j,commitments,group);
return group.multiply(g,secret.y).equals(v); return group.multiply(g,secret.y).equals(v);
} }
catch (NullPointerException e){
return false;
}
}
/** /**
* stage2 according to the protocol * stage2 according to the protocol
* Pj verifies all the shares he received (using isValidSecret) * Pj verifies all the shares he received (using isValidSecret)
* if check fails for an index i, Pj broadcasts a complaint against Pi. * if check fails for an index i, Pj broadcasts a complaint against Pi.
*/ */
public void broadcastComplains(User user){ public void broadcastComplaints(User user){
DKGMessages.IDMessage complaint;
for (int i = 1; i <= n ; i++ ){ for (int i = 1; i <= n ; i++ ){
if(i != id && !parties[i - 1].aborted) { if(i != id && !isValidSecret(i)) {
sendComplain(user,i); broadcastComplaint(user,i);
} }
} }
} }
protected void sendComplain(User user,int i){ private void broadcastComplaint(User user, int i){
DKGMessages.IDMessage complaint;
if (!isValidSecret(i)) {
//message = new Message(Type.Complaint, j) //message = new Message(Type.Complaint, j)
complaint = DKGMessages.IDMessage.newBuilder() DKGMessages.IDMessage complaint = DKGMessages.IDMessage.newBuilder()
.setId(i) .setId(i)
.build(); .build();
user.broadcast(DKGMessages.Mail.Type.COMPLAINT, complaint); user.broadcast(DKGMessages.Mail.Type.COMPLAINT, complaint);
} }
}
public void broadcastComplaintAnswer(User user, int j){ public void broadcastComplaintAnswer(User user, int j){
user.broadcast(DKGMessages.Mail.Type.ANSWER, DKGMessages.SecretMessage.newBuilder() user.broadcast(DKGMessages.Mail.Type.ANSWER, DKGMessages.SecretMessage.newBuilder()
@ -131,9 +139,9 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
* if more than t players complain against a player Pi he is disqualified. * if more than t players complain against a player Pi he is disqualified.
*/ */
public void answerAllComplainingPlayers(User user){ public void answerAllComplainingPlayers(User user){
ComplainState[] complains = parties[id - 1].complaints; ComplaintState[] complaints = parties[id - 1].complaints;
for (int i = 1; i <= n ; i++) { for (int i = 1; i <= n ; i++) {
switch (complains[i - 1]) { switch (complaints[i - 1]) {
case Waiting: case Waiting:
broadcastComplaintAnswer(user,i); broadcastComplaintAnswer(user,i);
break; break;
@ -143,20 +151,6 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
} }
} }
protected boolean isPartyCompletedStage1(int i){
if(parties[i - 1].aborted){
if(parties[i - 1].share == null){
return false;
}
for (int k = 0; k <= t ; k++){
if(parties[i - 1].commitments[k] == null){
return false;
}
}
}
return true;
}
/** /**
* stage3.2 according to the protocol * stage3.2 according to the protocol
* if any of the revealed shares fails the verification test, player Pi is disqualified. * if any of the revealed shares fails the verification test, player Pi is disqualified.
@ -167,11 +161,11 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
boolean nonDisqualified; boolean nonDisqualified;
int counter; int counter;
for (int i = 1; i <= n; i++){ for (int i = 1; i <= n; i++){
ComplainState[] complains = parties[i - 1].complaints; ComplaintState[] complaints = parties[i - 1].complaints;
nonDisqualified = true; nonDisqualified = true;
counter = 0; counter = 0;
for (int j = 1; j <= n; j++){ for (int j = 1; j <= n; j++){
switch (complains[j - 1]) { switch (complaints[j - 1]) {
case Non: case Non:
break; break;
case NonDisqualified: case NonDisqualified:
@ -182,7 +176,7 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
if(!nonDisqualified) if(!nonDisqualified)
break; break;
} }
if(nonDisqualified && counter <= t && isPartyCompletedStage1(i)){ if(nonDisqualified && counter <= t){
QUAL.add(i); QUAL.add(i);
} }
} }
@ -228,6 +222,10 @@ public class DistributedKeyGeneration extends VerifiableSecretSharing {
return new Polynomial.Point(BigInteger.valueOf(id) , xj.mod(q)); return new Polynomial.Point(BigInteger.valueOf(id) , xj.mod(q));
} }
/**
* getter
* @return id
*/
public int getId() { public int getId() {
return id; return id;
} }

View File

@ -7,21 +7,24 @@ import java.util.Arrays;
/** /**
* Created by Tzlil on 3/14/2016. * Created by Tzlil on 3/14/2016.
*
* contains all relevant information on specific party during
* the run of Joint Feldamn protocol
*/ */
public class DistributedKeyGenerationParty { public class DistributedKeyGenerationParty {
public final int id; public final int id;
public Polynomial.Point share; public Polynomial.Point share;
public BigInteger[] commitments; public BigInteger[] commitments;
public boolean doneFlag; public boolean doneFlag;
public DistributedKeyGeneration.ComplainState[] complaints; public DistributedKeyGeneration.ComplaintState[] complaints;
public boolean aborted; public boolean aborted;
public DistributedKeyGenerationParty(int id, int n, int t) { public DistributedKeyGenerationParty(int id, int n, int t) {
this.id = id; this.id = id;
this.share = null; this.share = null;
this.doneFlag = false; this.doneFlag = false;
this.complaints = new DistributedKeyGeneration.ComplainState[n]; this.complaints = new DistributedKeyGeneration.ComplaintState[n];
Arrays.fill(this.complaints, DistributedKeyGeneration.ComplainState.Non); Arrays.fill(this.complaints, DistributedKeyGeneration.ComplaintState.Non);
this.commitments = new BigInteger[t + 1]; this.commitments = new BigInteger[t + 1];
this.aborted = false; this.aborted = false;
} }

View File

@ -13,13 +13,15 @@ import org.factcenter.qilin.primitives.Group;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Arrays; import java.util.Arrays;
import java.util.Set; import java.util.Set;
import JointFeldmanProtocol.DistributedKeyGeneration.ComplainState; import JointFeldmanProtocol.DistributedKeyGeneration.ComplaintState;
/** /**
* Created by Tzlil on 3/14/2016. * Created by Tzlil on 3/14/2016.
*/ */
public class DistributedKeyGenerationUserImpl implements DistributedKeyGenerationUser { public class DistributedKeyGenerationUserImpl implements DistributedKeyGenerationUser {
protected final static int SleepTime = 300;
protected final DistributedKeyGeneration dkg; protected final DistributedKeyGeneration dkg;
protected final BigInteger g; protected final BigInteger g;
@ -52,9 +54,6 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
mailHandler.setMessageHandler(this.messageHandler); mailHandler.setMessageHandler(this.messageHandler);
this.user = network.connect(mailHandler,dkg.getId()); this.user = network.connect(mailHandler,dkg.getId());
this.parties = dkg.getParties(); this.parties = dkg.getParties();
this.parties[id - 1].share = dkg.getShare(id);
this.QUAL = null; this.QUAL = null;
this.commitments = null; this.commitments = null;
this.share = null; this.share = null;
@ -71,6 +70,31 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
dkg.sendSecrets(user); dkg.sendSecrets(user);
} }
protected void waitUntilStageOneCompleted(){
// all parties send their share or aborted
for (int i = 0 ; i < n ; i++){
while (parties[i].share == null && !parties[i].aborted){
try {
Thread.sleep(SleepTime);
} catch (InterruptedException e) {
// do nothing
}
}
}
// all parties broadcast their commitments or aborted
for (int i = 0 ; i < n ; i++){
for (int k = 0 ; k <= t ; k++) {
while (parties[i].commitments[k] == null && !parties[i].aborted) {
try {
Thread.sleep(SleepTime);
} catch (InterruptedException e) {
// do nothing
}
}
}
}
}
/** /**
* stage2 according to the protocol * stage2 according to the protocol
* Pj verifies all the shares he received * Pj verifies all the shares he received
@ -78,18 +102,26 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
* Pj broadcasts done message at the end of this stage * Pj broadcasts done message at the end of this stage
*/ */
protected void stage2(){ protected void stage2(){
Polynomial.Point[] shares = new Polynomial.Point[n]; dkg.broadcastComplaints(user);
BigInteger[][] commitmentsTable = new BigInteger[n][];
for (int i = 0 ; i < n ; i++){
shares[i] = parties[i].share;
commitmentsTable[i] = parties[i].commitments;
}
dkg.broadcastComplains(user);
//broadcast done message after all complaints //broadcast done message after all complaints
DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build(); DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build();
user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage); user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage);
} }
protected void waitUntilStageTwoCompleted(){
// all parties done or aborted
for (int i = 0 ; i < n ; i++){
while (!parties[i].doneFlag && !parties[i].aborted){
try {
Thread.sleep(SleepTime);
} catch (InterruptedException e) {
// do nothing
}
}
}
}
/** /**
* stage3 according to the protocol * stage3 according to the protocol
* 1. if more than t players complain against a player Pi he is disqualified. * 1. if more than t players complain against a player Pi he is disqualified.
@ -99,13 +131,12 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
*/ */
protected void stage3(){ protected void stage3(){
dkg.answerAllComplainingPlayers(user); dkg.answerAllComplainingPlayers(user);
// wait until there is no complaint waiting for answer // wait until there is no complaint waiting for answer
for (int i = 0; i < n; i++){ for (int i = 0; i < n; i++){
for (int j = 0; j < n; j++){ for (int j = 0; j < n; j++){
while (parties[i].complaints[j].equals(ComplainState.Waiting) && !parties[i].aborted){ while (parties[i].complaints[j].equals(ComplaintState.Waiting) && !parties[i].aborted){
try { try {
Thread.sleep(300); Thread.sleep(SleepTime);
} catch (InterruptedException e) { } catch (InterruptedException e) {
// do nothing // do nothing
} }
@ -127,49 +158,23 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
this.share = dkg.calcShare(QUAL); this.share = dkg.calcShare(QUAL);
} }
protected void endOfStage1(){ protected void startReceiver(){
for (int i = 0 ; i < n ; i++){ user.getReceiverThread().start();
while (parties[i].share == null && !parties[i].aborted){
try {
Thread.sleep(300);
} catch (InterruptedException e) {
// do nothing
}
}
}
for (int i = 0 ; i < n ; i++){
for (int k = 0 ; k <= t ; k++) {
while (parties[i].commitments[k] == null && !parties[i].aborted) {
try {
Thread.sleep(300);
} catch (InterruptedException e) {
// do nothing
}
}
}
} }
protected void stopReceiver(){
user.getReceiverThread().interrupt();
} }
@Override @Override
public void run() { public void run() {
user.getReceiverThread().start(); startReceiver();
stage1(); stage1();
endOfStage1(); waitUntilStageOneCompleted();
stage2(); stage2();
for (int i = 0 ; i < n ; i++){ waitUntilStageTwoCompleted();
while (!parties[i].doneFlag && !parties[i].aborted){
try {
Thread.sleep(300);
} catch (InterruptedException e) {
// do nothing
}
}
}
stage3(); stage3();
stage4(); stage4();
user.getReceiverThread().interrupt(); stopReceiver();
} }
@Override @Override
@ -217,40 +222,23 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
return QUAL; return QUAL;
} }
protected class MessageHandler implements Communication.MessageHandler{ protected class MessageHandler implements Communication.MessageHandler{
protected boolean isValidComplaintMessage(int sender, boolean isBroadcast, DKGMessages.IDMessage complaintMessage){
int i = sender;
int j = complaintMessage.getId();
return isBroadcast && parties[i - 1].complaints[j - 1].equals( ComplainState.Non);
}
@Override
public void handelComplaintMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.IDMessage complaintMessage = (DKGMessages.IDMessage)message;
if(isValidComplaintMessage(sender,isBroadcast,complaintMessage)){
int i = sender;
int j = complaintMessage.getId();
parties[j - 1].complaints[i - 1] = ComplainState.Waiting;
}
}
protected boolean isValidDoneMessage(int sender, boolean isBroadcast){
return isBroadcast && !parties[sender - 1].doneFlag;
}
@Override
public void handelDoneMessage(int sender, boolean isBroadcast,Message message) {
if(isValidDoneMessage(sender,isBroadcast)) {
parties[sender - 1].doneFlag = true;
}
}
/**
* commitment message is valid if:
* 1. it was received in broadcast chanel
* 2. the sender didn't sent this commitment before
*/
protected boolean isValidCommitmentMessage(int sender, boolean isBroadcast, DKGMessages.CommitmentMessage commitmentMessage){ protected boolean isValidCommitmentMessage(int sender, boolean isBroadcast, DKGMessages.CommitmentMessage commitmentMessage){
int i = sender - 1; int i = sender - 1;
int k = commitmentMessage.getK(); int k = commitmentMessage.getK();
return isBroadcast && parties[i].commitments[k] == null; return isBroadcast && parties[i].commitments[k] == null;
} }
/**
* saves the commitment
*/
@Override @Override
public void handelCommitmentMessage(int sender, boolean isBroadcast, Message message) { public void handelCommitmentMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.CommitmentMessage commitmentMessage = (DKGMessages.CommitmentMessage) message; DKGMessages.CommitmentMessage commitmentMessage = (DKGMessages.CommitmentMessage) message;
@ -261,6 +249,13 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
} }
} }
/**
* secret message is valid if:
* 1. it was received in private chanel
* 2. the sender didn't sent secret message before
* 3. secret.i == i
* 4. secret.j == id
*/
protected boolean isValidSecretMessage(int sender, boolean isBroadcast, DKGMessages.SecretMessage secretMessage){ protected boolean isValidSecretMessage(int sender, boolean isBroadcast, DKGMessages.SecretMessage secretMessage){
int i = secretMessage.getI(); int i = secretMessage.getI();
int j = secretMessage.getJ(); int j = secretMessage.getJ();
@ -271,6 +266,9 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
} }
/**
* saves the secret
*/
@Override @Override
public void handelSecretMessage(int sender, boolean isBroadcast, Message message) { public void handelSecretMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.SecretMessage secretMessage = (DKGMessages.SecretMessage) message; DKGMessages.SecretMessage secretMessage = (DKGMessages.SecretMessage) message;
@ -281,15 +279,70 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
} }
} }
/**
* done message is valid if:
* 1. it was received in broadcast chanel
* 2. the sender didn't sent done message before
*/
protected boolean isValidDoneMessage(int sender, boolean isBroadcast){
return isBroadcast && !parties[sender - 1].doneFlag;
}
/**
* marks that the sender was finished sending all his complaints
*/
@Override
public void handelDoneMessage(int sender, boolean isBroadcast,Message message) {
if(isValidDoneMessage(sender,isBroadcast)) {
parties[sender - 1].doneFlag = true;
}
}
/**
* complaint message is valid if:
* 1. it was received in broadcast chanel
* 2. the sender didn't complained against id before
*/
protected boolean isValidComplaintMessage(int sender, boolean isBroadcast, DKGMessages.IDMessage complaintMessage){
int i = sender;
int j = complaintMessage.getId();
return isBroadcast && parties[i - 1].complaints[j - 1].equals( ComplaintState.Non);
}
/**
* marks that the sender was complained against id
*/
@Override
public void handelComplaintMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.IDMessage complaintMessage = (DKGMessages.IDMessage)message;
if(isValidComplaintMessage(sender,isBroadcast,complaintMessage)){
int i = sender;
int j = complaintMessage.getId();
parties[j - 1].complaints[i - 1] = ComplaintState.Waiting;
}
}
/**
* answer message is valid if:
* 1. it was received in broadcast chanel
* 2. secret.i == i
* 3. 1 <= secret.j <= n
* 4. it is marked that j complained against i and i didn't received
*/
protected boolean isValidAnswerMessage(int sender, boolean isBroadcast, DKGMessages.SecretMessage secretMessage){ protected boolean isValidAnswerMessage(int sender, boolean isBroadcast, DKGMessages.SecretMessage secretMessage){
int i = secretMessage.getI(); int i = secretMessage.getI();
int j = secretMessage.getJ(); int j = secretMessage.getJ();
if(sender != i || !isBroadcast) if(sender != i || !isBroadcast)
return false; return false;
else else
return j >= 1 && j <= n && parties[i - 1].complaints[j - 1].equals(ComplainState.Waiting); return j >= 1 && j <= n && parties[i - 1].complaints[j - 1].equals(ComplaintState.Waiting);
} }
/**
* if the secret is valid, marks the complaint as NonDisqualified
* else marks it as Disqualified
* in case that the complainer is id ( j == id ), saves the secret
*/
@Override @Override
public void handelAnswerMessage(int sender, boolean isBroadcast, Message message) { public void handelAnswerMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.SecretMessage secretMessage = (DKGMessages.SecretMessage) message; DKGMessages.SecretMessage secretMessage = (DKGMessages.SecretMessage) message;
@ -297,13 +350,20 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
int i = secretMessage.getI(); int i = secretMessage.getI();
int j = secretMessage.getJ(); int j = secretMessage.getJ();
Polynomial.Point secret = extractSecret(j,secretMessage.getSecret()); Polynomial.Point secret = extractSecret(j,secretMessage.getSecret());
if (dkg.isValidSecret(secret, parties[i - 1].commitments, j)) if (dkg.isValidSecret(secret, parties[i - 1].commitments, j)) {
parties[i - 1].complaints[j - 1] = ComplainState.NonDisqualified; parties[i - 1].complaints[j - 1] = ComplaintState.NonDisqualified;
else } else {
parties[i - 1].complaints[j - 1] = ComplainState.Disqualified; parties[i - 1].complaints[j - 1] = ComplaintState.Disqualified;
}
if(j == id){
parties[i - 1].share = secret;
}
} }
} }
/**
* marks that the sender was aborted
*/
@Override @Override
public void handelAbortMessage(int sender, boolean isBroadcast, Message message) { public void handelAbortMessage(int sender, boolean isBroadcast, Message message) {
parties[sender - 1].aborted = true; parties[sender - 1].aborted = true;
@ -314,6 +374,7 @@ public class DistributedKeyGenerationUserImpl implements DistributedKeyGeneratio
BigInteger y = new BigInteger(secret.toByteArray()); BigInteger y = new BigInteger(secret.toByteArray());
return new Polynomial.Point(x,y); return new Polynomial.Point(x,y);
} }
public BigInteger extractCommitment(DKGMessages.CommitmentMessage commitmentMessage){ public BigInteger extractCommitment(DKGMessages.CommitmentMessage commitmentMessage){
return new BigInteger(commitmentMessage.getCommitment().toByteArray()); return new BigInteger(commitmentMessage.getCommitment().toByteArray());
} }

View File

@ -10,6 +10,7 @@ import org.factcenter.qilin.primitives.Group;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Random; import java.util.Random;
import java.util.Set;
/** /**
* Created by Tzlil on 3/16/2016. * Created by Tzlil on 3/16/2016.
@ -30,28 +31,21 @@ public class SecureDistributedKeyGeneration extends DistributedKeyGeneration {
for (int i = 1; i <= n ; i++){ for (int i = 1; i <= n ; i++){
this.parties[i - 1] = new SecureDistributedKeyGenerationParty(i,n,t); this.parties[i - 1] = new SecureDistributedKeyGenerationParty(i,n,t);
} }
setParties(parties); this.parties[id - 1].share = getShare(id);
this.parties[id - 1].shareT = verifiableSecretSharing.getShare(id);
super.setParties(parties);
} }
protected SecureDistributedKeyGenerationParty[] getParties(){ protected SecureDistributedKeyGenerationParty[] getParties(){
return parties; return parties;
} }
@Override protected void setParties(SecureDistributedKeyGenerationParty[] parties) {
protected boolean isPartyCompletedStage1(int i){ super.setParties(parties);
if(parties[i - 1].aborted){ this.parties = parties;
if(parties[i - 1].share == null){
return false;
}
for (int k = 0; k <= t ; k++){
if(parties[i - 1].verifiableValues[k] == null){
return false;
}
}
}
return true;
} }
@Override @Override
public void sendSecret(User user, int j) { public void sendSecret(User user, int j) {
Polynomial.Point secret = getShare(j); Polynomial.Point secret = getShare(j);
@ -60,48 +54,51 @@ public class SecureDistributedKeyGeneration extends DistributedKeyGeneration {
user.send(j, DKGMessages.Mail.Type.SECRET, doubleSecretMessage); user.send(j, DKGMessages.Mail.Type.SECRET, doubleSecretMessage);
} }
@Override @Override
public boolean isValidSecret(int i){ public boolean isValidSecret(int i){
SecureDistributedKeyGenerationParty party = parties[i - 1]; SecureDistributedKeyGenerationParty party = parties[i - 1];
return isValidSecret(party.share, party.shareT, party.verifiableValues, id); return isValidSecret(party.share, party.shareT, party.verifiableValues, id);
} }
/**
* @param secret
* @param secretT
* @param verificationValues
* @param j
* @return verify(j,verificationValues,group) == (g ^ secret.y) * (h ^ secretT.y) mod q
*/
public boolean isValidSecret(Polynomial.Point secret,Polynomial.Point secretT, BigInteger[] verificationValues, int j){ public boolean isValidSecret(Polynomial.Point secret,Polynomial.Point secretT, BigInteger[] verificationValues, int j){
try {
BigInteger v = verify(j, verificationValues, group); BigInteger v = verify(j, verificationValues, group);
BigInteger exp = group.add(group.multiply(g, secret.y), group.multiply(h, secretT.y)); BigInteger exp = group.add(group.multiply(g, secret.y), group.multiply(h, secretT.y));
return exp.equals(v); return exp.equals(v);
} }
catch (NullPointerException e){
public void broadcastComplaint(User user,Polynomial.Point secret,Polynomial.Point secretT,int i){ return false;
DKGMessages.DoubleSecretMessage complaint = doubleSecretMessage(i,id,secret,secretT); }
user.broadcast(DKGMessages.Mail.Type.COMPLAINT,complaint);
} }
public void broadcastAnswer(User user,Polynomial.Point secret,Polynomial.Point secretT,int i){ private void broadcastComplaint(User user,Polynomial.Point secret,Polynomial.Point secretT,int i){
DKGMessages.DoubleSecretMessage complaint = doubleSecretMessage(i,id,secret,secretT); DKGMessages.DoubleSecretMessage complaint = doubleSecretMessage(i,id,secret,secretT);
user.broadcast(DKGMessages.Mail.Type.ANSWER,complaint); user.broadcast(DKGMessages.Mail.Type.COMPLAINT,complaint);
} }
/** /**
* stage4.3 according to the protocol * stage4.3 according to the protocol
* if check fails for index i, Pj * if check fails for index i, Pj
*/ */
public void broadcastComplaints(User user, boolean stage4){ public void broadcastComplaints(User user, Set<Integer> QUAL){
if(!stage4){
super.broadcastComplains(user);
}else{
SecureDistributedKeyGenerationParty party; SecureDistributedKeyGenerationParty party;
for (int i = 1; i <= n ; i++ ){ for (int i : QUAL) {
party = parties[i - 1]; party = parties[i - 1];
if(i != id && !party.aborted) { if (i != id) {
if (!super.isValidSecret(party.share, party.commitments, id)) { if (!super.isValidSecret(party.share, party.commitments, id)) {
broadcastComplaint(user, party.share, party.shareT, i); broadcastComplaint(user, party.share, party.shareT, i);
} }
} }
} }
} }
}
public void broadcastVerificationValues(User user){ public void broadcastVerificationValues(User user){
BigInteger[] verificationValues = new BigInteger[t + 1]; BigInteger[] verificationValues = new BigInteger[t + 1];
@ -128,4 +125,13 @@ public class SecureDistributedKeyGeneration extends DistributedKeyGeneration {
,verifiableSecretSharing.getShare(j)); ,verifiableSecretSharing.getShare(j));
user.broadcast(DKGMessages.Mail.Type.ANSWER,answer); user.broadcast(DKGMessages.Mail.Type.ANSWER,answer);
} }
public void broadcastAnswer(User user,Polynomial.Point secret,Polynomial.Point secretT,int i){
DKGMessages.DoubleSecretMessage complaint = doubleSecretMessage(i,id,secret,secretT);
user.broadcast(DKGMessages.Mail.Type.ANSWER,complaint);
}
public BigInteger getH() {
return h;
}
} }

View File

@ -30,7 +30,7 @@ public class SecureDistributedKeyGenerationMailHandler extends MailHandler {
message = DKGMessages.CommitmentMessage.parseFrom(mail.getMessage()); message = DKGMessages.CommitmentMessage.parseFrom(mail.getMessage());
break; break;
case COMPLAINT: case COMPLAINT:
if(isStage4) if(!isStage4)
message = DKGMessages.IDMessage.parseFrom(mail.getMessage()); message = DKGMessages.IDMessage.parseFrom(mail.getMessage());
else else
message = DKGMessages.DoubleSecretMessage.parseFrom(mail.getMessage()); message = DKGMessages.DoubleSecretMessage.parseFrom(mail.getMessage());

View File

@ -9,16 +9,20 @@ import java.util.Set;
/** /**
* Created by Tzlil on 3/16/2016. * Created by Tzlil on 3/16/2016.
*
* an extension of DistributedKeyGenerationParty
* contains all relevant information on specific party during
* the run of the safe protocol
*/ */
public class SecureDistributedKeyGenerationParty extends DistributedKeyGenerationParty { public class SecureDistributedKeyGenerationParty extends DistributedKeyGenerationParty {
public Polynomial.Point shareT; public Polynomial.Point shareT;
public boolean ysDoneFlag;
public BigInteger[] verifiableValues; public BigInteger[] verifiableValues;
public Set<Polynomial.Point> restoreSharesSet; public Set<Polynomial.Point> restoreSharesSet;
public SecureDistributedKeyGenerationParty(int id, int n, int t) { public SecureDistributedKeyGenerationParty(int id, int n, int t) {
super(id, n, t); super(id, n, t);
this.shareT = null; this.shareT = null;
this.ysDoneFlag = false;
this.verifiableValues = new BigInteger[t + 1]; this.verifiableValues = new BigInteger[t + 1];
this.restoreSharesSet = new HashSet<Polynomial.Point>(); this.restoreSharesSet = new HashSet<Polynomial.Point>();
} }

View File

@ -17,9 +17,10 @@ import java.math.BigInteger;
*/ */
public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenerationUserImpl { public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenerationUserImpl {
private final SecureDistributedKeyGeneration sdkg; protected SecureDistributedKeyGenerationParty[] parties;
private SecureDistributedKeyGenerationParty[] parties; protected final SecureDistributedKeyGeneration sdkg;
private Arithmetic<BigInteger> arithmetic; private Arithmetic<BigInteger> arithmetic;
private boolean isStage4;
public SecureDistributedKeyGenerationUserImpl(SecureDistributedKeyGeneration sdkg, Network network) { public SecureDistributedKeyGenerationUserImpl(SecureDistributedKeyGeneration sdkg, Network network) {
super(sdkg, network,new SecureDistributedKeyGenerationMailHandler(null)); super(sdkg, network,new SecureDistributedKeyGenerationMailHandler(null));
@ -28,6 +29,7 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
this.user.setMessageHandler(this.messageHandler); this.user.setMessageHandler(this.messageHandler);
this.parties = sdkg.getParties(); this.parties = sdkg.getParties();
this.arithmetic = new Fp(sdkg.getQ()); this.arithmetic = new Fp(sdkg.getQ());
this.isStage4 = false;
} }
/** /**
@ -42,8 +44,9 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
} }
@Override @Override
protected void endOfStage1(){ protected void waitUntilStageOneCompleted(){
super.endOfStage1(); super.waitUntilStageOneCompleted();
// save the received commitments as verification values
BigInteger[] temp; BigInteger[] temp;
for (int i = 0 ; i < n; i++){ for (int i = 0 ; i < n; i++){
temp = parties[i].verifiableValues; temp = parties[i].verifiableValues;
@ -60,54 +63,54 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
*/ */
@Override @Override
protected void stage2(){ protected void stage2(){
sdkg.broadcastComplains(user); sdkg.broadcastComplaints(user);
//broadcast done message after all complaints //broadcast done message after all complaints
DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build(); DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build();
isVerificationValue = false;
user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage); user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage);
} }
private void ys(){ private void ys(){
sdkg.broadcastCommitments(user); sdkg.broadcastCommitments(user);
//wait for receive all commitments from all i in QUAL // wait until all parties in QUAL broadcast their commitments or aborted
for (int i:QUAL) { for (int i:QUAL) {
for(int k = 0; k <= t; k++) { for(int k = 0; k <= t; k++) {
while (parties[i - 1].commitments[k] == null && !parties[i - 1].aborted) { while (parties[i - 1].commitments[k] == null && !parties[i - 1].aborted) {
try { try {
Thread.sleep(300); Thread.sleep(SleepTime);
} catch (InterruptedException e) { } catch (InterruptedException e) {
// do nothing // do nothing
} }
} }
} }
} }
sdkg.broadcastComplaints(user,true); sdkg.broadcastComplaints(user,QUAL);
//broadcast done message after all complaints //broadcast done message after all complaints
DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build(); DKGMessages.EmptyMessage doneMessage = DKGMessages.EmptyMessage.newBuilder().build();
user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage); user.broadcast(DKGMessages.Mail.Type.DONE,doneMessage);
// wait until all parties in QUAL done or aborted
for (int i:QUAL) { for (int i:QUAL) {
while (parties[i - 1].doneFlag && !parties[i - 1].aborted) { while (!parties[i - 1].ysDoneFlag && !parties[i - 1].aborted) {
try { try {
Thread.sleep(300); Thread.sleep(SleepTime);
} catch (InterruptedException e) { } catch (InterruptedException e) {
// do nothing // do nothing
} }
} }
} }
int counter = 0; // broadcast i private secret foreach i in QUAL that aborted
for (int i:QUAL) { for (int i:QUAL) {
if(parties[i - 1].aborted){ if(parties[i - 1].aborted){
counter++;
sdkg.broadcastAnswer(user, parties[i - 1].share, parties[i - 1].shareT, i); sdkg.broadcastAnswer(user, parties[i - 1].share, parties[i - 1].shareT, i);
} }
} }
// wait until at least t + 1 secrets will received foreach i in QUAL that aborted
for (int i:QUAL) { for (int i:QUAL) {
if(parties[i - 1].aborted){ if(parties[i - 1].aborted){
while (parties[i - 1].restoreSharesSet.size() < n - counter) { while (parties[i - 1].restoreSharesSet.size() <= t) {
try { try {
Thread.sleep(300); Thread.sleep(SleepTime);
} catch (InterruptedException e) { } catch (InterruptedException e) {
// do nothing // do nothing
} }
@ -115,37 +118,50 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
} }
} }
// restore necessary information
for (int i = 0; i < n ; i++) { for (int i = 0; i < n ; i++) {
if(parties[i].restoreSharesSet.isEmpty()){ if(parties[i].restoreSharesSet.isEmpty()){
continue; continue;
} }
try { Polynomial.Point[] shares = new Polynomial.Point[t + 1];
Polynomial.Point[] shares = new Polynomial.Point[parties[i].restoreSharesSet.size()]; int j = 0;
parties[i].restoreSharesSet.toArray(shares); for (Polynomial.Point share: parties[i].restoreSharesSet){
shares[j++] = share;
if (j >= shares.length){
break;
}
}
Polynomial polynomial = SecretSharing.restorePolynomial(shares,arithmetic); Polynomial polynomial = SecretSharing.restorePolynomial(shares,arithmetic);
BigInteger[] coefficients = polynomial.getCoefficients(); BigInteger[] coefficients = polynomial.getCoefficients();
for (int k = 0 ; k <= t; k++){ for (int k = 0 ; k <= t; k++){
parties[i].commitments[k] = group.multiply(g,coefficients[k]); parties[i].commitments[k] = group.multiply(g,coefficients[k]);
} }
parties[i].share = new Polynomial.Point(BigInteger.valueOf(id),polynomial); parties[i].share = new Polynomial.Point(BigInteger.valueOf(id),polynomial);
}
}
} catch (Exception e) { /**
// * notifies mail handler that stage 4 was started
} */
} protected void setStage4(){
this.isStage4 = true;
SecureDistributedKeyGenerationMailHandler handler =
(SecureDistributedKeyGenerationMailHandler)user.getMailHandler();
handler.setStage4(true);
} }
@Override @Override
protected void stage4() { protected void stage4() {
isStage4 = true; setStage4();
((SecureDistributedKeyGenerationMailHandler)user.getMailHandler()).setStage4(true);
ys(); ys();
super.stage4(); super.stage4();
} }
boolean isStage4 = false;
boolean isVerificationValue = true;
private class MessageHandler extends DistributedKeyGenerationUserImpl.MessageHandler{ private class MessageHandler extends DistributedKeyGenerationUserImpl.MessageHandler{
/**
* as in super, with extension to double secret message
*/
protected boolean isValidSecretMessage(int sender, boolean isBroadcast, DKGMessages.DoubleSecretMessage doubleSecretMessage) { protected boolean isValidSecretMessage(int sender, boolean isBroadcast, DKGMessages.DoubleSecretMessage doubleSecretMessage) {
DKGMessages.SecretMessage secretMessage = DKGMessages.SecretMessage.newBuilder() DKGMessages.SecretMessage secretMessage = DKGMessages.SecretMessage.newBuilder()
.setI(doubleSecretMessage.getI()) .setI(doubleSecretMessage.getI())
@ -155,16 +171,26 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
return super.isValidSecretMessage(sender,isBroadcast,secretMessage); return super.isValidSecretMessage(sender,isBroadcast,secretMessage);
} }
/**
* as in super, with extension to double secret message
*/
@Override @Override
public void handelSecretMessage(int sender, boolean isBroadcast, Message message) { public void handelSecretMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.DoubleSecretMessage doubleSecretMessage = (DKGMessages.DoubleSecretMessage)message; DKGMessages.DoubleSecretMessage doubleSecretMessage = (DKGMessages.DoubleSecretMessage)message;
if (isValidSecretMessage(sender,isBroadcast,doubleSecretMessage)) { if (isValidSecretMessage(sender,isBroadcast,doubleSecretMessage)) {
int i = doubleSecretMessage.getI(); int i = doubleSecretMessage.getI();
parties[i - 1].share = extractSecret(id, doubleSecretMessage.getSecret()); parties[i - 1].share = extractSecret(id, doubleSecretMessage.getSecret());
parties[i - 1].shareT = extractSecret(id, doubleSecretMessage.getSecretT()); parties[i - 1].shareT = extractSecret(id, doubleSecretMessage.getSecretT());
} }
} }
/**
* if !isStage4 as super, with extension to double secret message
* else answer message is valid if:
* 1. it was received in broadcast chanel
* 2. secret.j == sender
* 3. QUAL contains i and j
*/
protected boolean isValidAnswerMessage(int sender, boolean isBroadcast, DKGMessages.DoubleSecretMessage doubleSecretMessage) { protected boolean isValidAnswerMessage(int sender, boolean isBroadcast, DKGMessages.DoubleSecretMessage doubleSecretMessage) {
if(!isStage4) { if(!isStage4) {
DKGMessages.SecretMessage secretMessage = DKGMessages.SecretMessage.newBuilder() DKGMessages.SecretMessage secretMessage = DKGMessages.SecretMessage.newBuilder()
@ -176,10 +202,15 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
}else{ }else{
int i = doubleSecretMessage.getI(); int i = doubleSecretMessage.getI();
int j = doubleSecretMessage.getJ(); int j = doubleSecretMessage.getJ();
return isBroadcast && j == sender && QUAL.contains(i) && QUAL.contains(j); return isBroadcast && j == sender && parties[i -1].aborted && !parties[j - 1].aborted
&& QUAL.contains(i) && QUAL.contains(j);
} }
} }
/**
* if !isStage4 as super, with extension to double secret message
* else saves secret
*/
@Override @Override
public void handelAnswerMessage(int sender, boolean isBroadcast, Message message) { public void handelAnswerMessage(int sender, boolean isBroadcast, Message message) {
DKGMessages.DoubleSecretMessage doubleSecretMessage = (DKGMessages.DoubleSecretMessage)message; DKGMessages.DoubleSecretMessage doubleSecretMessage = (DKGMessages.DoubleSecretMessage)message;
@ -190,9 +221,14 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
Polynomial.Point secretT = extractSecret(j, doubleSecretMessage.getSecretT()); Polynomial.Point secretT = extractSecret(j, doubleSecretMessage.getSecretT());
if (!isStage4) { if (!isStage4) {
if (sdkg.isValidSecret(secret, secretT, parties[j - 1].verifiableValues, i)) { if (sdkg.isValidSecret(secret, secretT, parties[j - 1].verifiableValues, i)) {
parties[i - 1].complaints[j - 1] = DistributedKeyGeneration.ComplainState.NonDisqualified; parties[i - 1].complaints[j - 1] = DistributedKeyGeneration.ComplaintState.NonDisqualified;
} else { } else {
parties[i - 1].complaints[j - 1] = DistributedKeyGeneration.ComplainState.Disqualified; parties[i - 1].complaints[j - 1] = DistributedKeyGeneration.ComplaintState.Disqualified;
}
if(j == id){
parties[i - 1].share = secret;
parties[i - 1].shareT = secretT;
} }
} else { } else {
parties[i - 1].restoreSharesSet.add(secret); parties[i - 1].restoreSharesSet.add(secret);
@ -200,35 +236,52 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
} }
} }
/**
* as in super with respect to protocol stage
*/
@Override @Override
protected boolean isValidDoneMessage(int sender, boolean isBroadcast) { protected boolean isValidDoneMessage(int sender, boolean isBroadcast) {
if(!isStage4) { if(!isStage4) {
return super.isValidDoneMessage(sender, isBroadcast); return super.isValidDoneMessage(sender, isBroadcast);
}else{ }else{
return isBroadcast && parties[sender - 1].doneFlag; return isBroadcast && !parties[sender - 1].ysDoneFlag;
} }
} }
/**
* as in super with respect to protocol state
*/
@Override @Override
public void handelDoneMessage(int sender, boolean isBroadcast, Message message) { public void handelDoneMessage(int sender, boolean isBroadcast, Message message) {
if(!isStage4) if(!isStage4)
super.handelDoneMessage(sender, isBroadcast, message); super.handelDoneMessage(sender, isBroadcast, message);
else{ else{
if(isValidDoneMessage(sender,isBroadcast)) { if(isValidDoneMessage(sender,isBroadcast)) {
parties[sender - 1].doneFlag = false; parties[sender - 1].ysDoneFlag = true;
} }
} }
} }
/**
* use only in stage4
* complaint message is valid if:
* 1. it was received in broadcast chanel
* 2. secret.j == sender
* 3. QUAL contains i and j
*/
protected boolean isValidComplaintMessage(int sender, boolean isBroadcast, protected boolean isValidComplaintMessage(int sender, boolean isBroadcast,
DKGMessages.DoubleSecretMessage ysComplaintMessage){ DKGMessages.DoubleSecretMessage complaintMessage){
int i = ysComplaintMessage.getI(); int i = complaintMessage.getI();
int j = ysComplaintMessage.getJ(); int j = complaintMessage.getJ();
return isBroadcast && j == sender && QUAL.contains(i) && QUAL.contains(j); return isBroadcast && j == sender && QUAL.contains(i) && QUAL.contains(j);
} }
/**
* if !isStage4 as in super
* else if secret,secretT are valid with respect to verifiableValues but
* secret is not valid with respect to commitments then
* marks i as aborted
*/
@Override @Override
public void handelComplaintMessage(int sender, boolean isBroadcast, Message message) { public void handelComplaintMessage(int sender, boolean isBroadcast, Message message) {
if(!isStage4) { if(!isStage4) {
@ -240,10 +293,9 @@ public class SecureDistributedKeyGenerationUserImpl extends DistributedKeyGenera
int j = ysComplaintMessage.getJ(); int j = ysComplaintMessage.getJ();
Polynomial.Point secret = extractSecret(i,ysComplaintMessage.getSecret()); Polynomial.Point secret = extractSecret(i,ysComplaintMessage.getSecret());
Polynomial.Point secretT = extractSecret(i,ysComplaintMessage.getSecretT()); Polynomial.Point secretT = extractSecret(i,ysComplaintMessage.getSecretT());
if (sdkg.isValidSecret(secret, secretT, parties[i - 1].commitments, j) if (sdkg.isValidSecret(secret, secretT, parties[i - 1].verifiableValues, j)
&& !sdkg.isValidSecret(secret,parties[i - 1].commitments, j)) { && !dkg.isValidSecret(secret,parties[i - 1].commitments, j)) {
parties[i - 1].restoreSharesSet.add(secret); parties[i - 1].aborted = true;
sdkg.broadcastAnswer(user, secret, secretT, i);
} }
} }
} }

View File

@ -1,5 +1,7 @@
package ShamirSecretSharing; package ShamirSecretSharing;
import Arithmetics.Arithmetic;
import java.math.BigInteger; import java.math.BigInteger;
/** /**
@ -34,29 +36,29 @@ class LagrangePolynomial{
* static method * static method
* @param points array points s.t there are no couple of points that shares the same x value * @param points array points s.t there are no couple of points that shares the same x value
* *
* @return the lagrange polynomials that mach to given points * @return the lagrange polynomials that mach to given points.
* * in case there exists i != j s.t points[i].x == points[j].x returns null.
* @throws Exception there exists i != j s.t points[i].x == points[j].x
*/ */
public static LagrangePolynomial[] lagrangePolynomials(Polynomial.Point[] points) throws Exception { public static LagrangePolynomial[] lagrangePolynomials(Polynomial.Point[] points,Arithmetic<BigInteger> arithmetic) {
Polynomial one = new Polynomial(new BigInteger[]{BigInteger.ONE},arithmetic);
LagrangePolynomial[] lagrangePolynomials = new LagrangePolynomial[points.length]; LagrangePolynomial[] lagrangePolynomials = new LagrangePolynomial[points.length];
Polynomial[] factors = new Polynomial[points.length]; Polynomial[] factors = new Polynomial[points.length];
for (int i = 0 ; i < factors.length ; i++){ for (int i = 0 ; i < factors.length ; i++){
factors[i] = new Polynomial(new BigInteger[]{BigInteger.ZERO.subtract(points[i].x),BigInteger.ONE}); // X - Xi factors[i] = new Polynomial(new BigInteger[]{points[i].x.negate(),BigInteger.ONE},arithmetic); // X - Xi
} }
Polynomial product; Polynomial product;
BigInteger divisor; BigInteger divisor;
for(int i = 0; i < points.length; i ++) { for(int i = 0; i < points.length; i ++) {
product = Polynomial.ONE; product = one;
divisor = BigInteger.ONE; divisor = BigInteger.ONE;
for (int j = 0; j < points.length; j++) { for (int j = 0; j < points.length; j++) {
if (i != j) { if (i != j) {
divisor = divisor.multiply(points[i].x.subtract(points[j].x)); divisor = arithmetic.mul(divisor,arithmetic.sub(points[i].x,points[j].x));
product = product.mul(factors[j]); product = product.mul(factors[j]);
} }
} }
if(divisor.equals(BigInteger.ZERO)) if(divisor.equals(BigInteger.ZERO))
throw new Exception(); return null;
lagrangePolynomials[i] = new LagrangePolynomial(product,points[i].y,divisor); lagrangePolynomials[i] = new LagrangePolynomial(product,points[i].y,divisor);
} }
return lagrangePolynomials; return lagrangePolynomials;

View File

@ -1,7 +1,6 @@
package ShamirSecretSharing; package ShamirSecretSharing;
import Arithmetics.Arithmetic; import Arithmetics.Arithmetic;
import Arithmetics.Z;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Arrays; import java.util.Arrays;
@ -10,7 +9,6 @@ import java.util.Arrays;
* Created by Tzlil on 1/27/2016. * Created by Tzlil on 1/27/2016.
*/ */
public class Polynomial implements Comparable<Polynomial> { public class Polynomial implements Comparable<Polynomial> {
public static final Polynomial ONE = new Polynomial(new BigInteger[]{BigInteger.ONE});
private final int degree; private final int degree;
private final BigInteger[] coefficients; private final BigInteger[] coefficients;
private final Arithmetic<BigInteger> arithmetic; private final Arithmetic<BigInteger> arithmetic;
@ -18,12 +16,9 @@ public class Polynomial implements Comparable<Polynomial> {
/** /**
* constructor * constructor
* @param coefficients * @param coefficients
* @param arithmetic
* degree set as max index such that coefficients[degree] not equals zero * degree set as max index such that coefficients[degree] not equals zero
*/ */
public Polynomial(BigInteger[] coefficients) {
this(coefficients,new Z());
}
public Polynomial(BigInteger[] coefficients,Arithmetic<BigInteger> arithmetic) { public Polynomial(BigInteger[] coefficients,Arithmetic<BigInteger> arithmetic) {
int d = coefficients.length - 1; int d = coefficients.length - 1;
while (d > 0 && coefficients[d].equals(BigInteger.ZERO)){ while (d > 0 && coefficients[d].equals(BigInteger.ZERO)){
@ -34,7 +29,9 @@ public class Polynomial implements Comparable<Polynomial> {
this.arithmetic = arithmetic; this.arithmetic = arithmetic;
} }
/*
* use for tests
*/
@Override @Override
public int compareTo(Polynomial other) { public int compareTo(Polynomial other) {
if (this.degree != other.degree) if (this.degree != other.degree)
@ -49,15 +46,6 @@ public class Polynomial implements Comparable<Polynomial> {
return 0; return 0;
} }
@Override
public String toString() {
return "ShamirSecretSharing.PolynomialTests{" +
"degree=" + degree +
", coefficients=" + java.util.Arrays.toString(coefficients) +
'}';
}
/** /**
* @param x * @param x
* @return sum of coefficients[i] * (x ^ i) * @return sum of coefficients[i] * (x ^ i)
@ -76,8 +64,11 @@ public class Polynomial implements Comparable<Polynomial> {
* @param points * @param points
* @return polynomial of minimal degree which goes through all points * @return polynomial of minimal degree which goes through all points
*/ */
public static Polynomial interpolation(Point[] points, Arithmetic<BigInteger> arithmetic) throws Exception { public static Polynomial interpolation(Point[] points, Arithmetic<BigInteger> arithmetic) {
LagrangePolynomial[] l = LagrangePolynomial.lagrangePolynomials(points); LagrangePolynomial[] l = LagrangePolynomial.lagrangePolynomials(points,arithmetic);
if (l == null){
return null;
}
// product = product of l[i].divisor // product = product of l[i].divisor
BigInteger product = BigInteger.ONE; BigInteger product = BigInteger.ONE;
for (int i = 0; i < l.length;i++){ for (int i = 0; i < l.length;i++){

View File

@ -4,6 +4,7 @@ import Arithmetics.Arithmetic;
import Arithmetics.Fp; import Arithmetics.Fp;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Collection;
import java.util.Random; import java.util.Random;
/** /**
@ -67,13 +68,12 @@ public class SecretSharing{
public static BigInteger restoreSecret(Polynomial.Point[] shares,Arithmetic<BigInteger> arithmetic) throws Exception { public static BigInteger restoreSecret(Polynomial.Point[] shares,Arithmetic<BigInteger> arithmetic) throws Exception {
return restorePolynomial(shares,arithmetic).image(BigInteger.ZERO); return restorePolynomial(shares,arithmetic).image(BigInteger.ZERO);
} }
/** /**
* @param shares - subset of the original shares * @param shares - subset of the original shares
* *
* @return interpolation(shares) * @return interpolation(shares)
*/ */
public static Polynomial restorePolynomial(Polynomial.Point[] shares,Arithmetic<BigInteger> arithmetic) throws Exception { public static Polynomial restorePolynomial(Polynomial.Point[] shares,Arithmetic<BigInteger> arithmetic) {
return Polynomial.interpolation(shares,arithmetic); return Polynomial.interpolation(shares,arithmetic);
} }

View File

@ -1,174 +0,0 @@
package JointFeldmanProtocol;
import Arithmetics.Arithmetic;
import Arithmetics.Fp;
import Communication.Network;
import FeldmanVerifiableSecretSharing.VerifiableSecretSharing;
import ShamirSecretSharing.Polynomial;
import ShamirSecretSharing.SecretSharing;
import UserInterface.DistributedKeyGenerationUser;
import org.factcenter.qilin.primitives.Group;
import org.factcenter.qilin.primitives.concrete.Zpstar;
import org.junit.Before;
import org.junit.Test;
import java.lang.reflect.Array;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Random;
import java.util.Set;
/**
* Created by Tzlil on 3/21/2016.
*/
public class DKGDeepTest {
int tests = 10;
BigInteger p = BigInteger.valueOf(2903);
BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
Group<BigInteger> group = new Zpstar(p);
Arithmetic<BigInteger> arithmetic = new Fp(q);
int t = 9;
int n = 20;
Testable[] testables;
@Before
public void settings(){
testables = new Testable[n];
for (int i = 0; i < tests; i++){
testables[i] = new Testable(new Random());
}
}
public void oneTest(int test) throws Exception {
Testable testable = testables[test];
for (int i = 0; i < testable.threads.length ; i++){
testable.threads[i].start();
}
for (int i = 0; i < testable.threads.length ; i++){
testable.threads[i].join();
}
// got the right public value
BigInteger publicValue = group.multiply(testable.g,testable.secret);
for (int i: testable.QUAL){
if(!testable.aborted.contains(i))
assert (testable.dkgs[i - 1].getPublicValue().equals(publicValue));
}
// assert valid verification values
BigInteger expected,verification;
for (int i: testable.QUAL){
if(!testable.aborted.contains(i)) {
expected = group.multiply(testable.g, testable.dkgs[i - 1].getShare().y);
verification = VerifiableSecretSharing.verify(i, testable.dkgs[i - 1].getCommitments(), group);
assert (expected.equals(verification));
}
}
// restore the secret from shares
ArrayList<Polynomial.Point> sharesList = new ArrayList<Polynomial.Point>();
for(int i : testable.QUAL){
if(!testable.aborted.contains(i))
sharesList.add(testable.dkgs[i - 1].getShare());
}
Polynomial.Point[] shares = new Polynomial.Point[sharesList.size()];
for (int i = 0; i < shares.length; i ++){
shares[i] = sharesList.get(i);
}
BigInteger calculatedSecret = SecretSharing.restoreSecret(shares,arithmetic);
assert (calculatedSecret.equals(testable.secret));
}
@Test
public void test() throws Exception {
for (int i = 0; i < tests; i++){
oneTest(i);
}
}
class Testable{
Set<Integer> QUAL;
Set<Integer> aborted;
Set<Integer> malicious;
DistributedKeyGenerationUser[] dkgs;
Thread[] threads;
BigInteger g;
BigInteger secret;
public Testable(Random random) {
this.dkgs = new DistributedKeyGenerationUserImpl[n];
this.QUAL = new HashSet<Integer>();
this.aborted = new HashSet<Integer>();
this.malicious = new HashSet<Integer>();
this.threads = new Thread[n];
this.g = sampleGenerator(random);
ArrayList<Integer> ids = new ArrayList<Integer>();
for (int id = 1; id<= n ; id++){
ids.add(id);
}
Network network = new Network(n);
int id;
BigInteger s;
DistributedKeyGeneration dkg;
this.secret = BigInteger.ZERO;
while (!ids.isEmpty()) {
id = ids.remove(random.nextInt(ids.size()));
s = randomIntModQ(random);
dkg = new DistributedKeyGeneration(t, n, s, random, q, g, group, id);
dkgs[id - 1] = randomDKGUser(id,network,dkg,random);
threads[id - 1] = new Thread(dkgs[id - 1]);
if(QUAL.contains(id)){
this.secret = this.secret.add(s).mod(q);
}
}
}
public DistributedKeyGenerationUser randomDKGUser(int id,Network network, DistributedKeyGeneration dkg,Random random){
if (QUAL.size() <= t) {
QUAL.add(id);
return new DistributedKeyGenerationUserImpl(dkg,network);
}else{
int type = random.nextInt(3);
switch (type){
case 0:// regular
QUAL.add(id);
return new DistributedKeyGenerationUserImpl(dkg,network);
case 1:// abort
int abortStage = random.nextInt(2) + 1; // 1 or 2
aborted.add(id);
if (abortStage == 2){
QUAL.add(id);
}
return new DKGUserImplAbort(dkg,network,abortStage);
case 2:// malicious
malicious.add(id);
return new DKGMaliciousUserImpl(dkg,network,random);
default:
return null;
}
}
}
public BigInteger sampleGenerator(Random random){
BigInteger ZERO = group.zero();
BigInteger g;
do {
g = group.sample(random);
} while (!g.equals(ZERO) && !group.multiply(g, q).equals(ZERO));
return g;
}
public BigInteger randomIntModQ(Random random){
return new BigInteger(q.bitLength(), random).mod(q);
}
}
}

View File

@ -13,28 +13,33 @@ public class DKGMaliciousUserImpl extends DistributedKeyGenerationUserImpl {
private final DistributedKeyGeneration maliciousDkg; private final DistributedKeyGeneration maliciousDkg;
private final Set<Integer> falls; private final Set<Integer> falls;
public DKGMaliciousUserImpl(DistributedKeyGeneration dkg, Network network, Random random) { public DKGMaliciousUserImpl(DistributedKeyGeneration dkg,DistributedKeyGeneration maliciousDKG, Network network,Set<Integer> falls) {
super(dkg, network); super(dkg, network);
this.falls = selectFalls(random); this.falls = falls;
this.maliciousDkg = new DistributedKeyGeneration(t,n,randomInt(random),random,dkg.getQ(),g,group,id); this.maliciousDkg = maliciousDKG;
maliciousDkg.setParties(parties); maliciousDKG.setParties(parties);
} }
public Set<Integer> selectFalls(Random random){ public static Set<Integer> selectFallsRandomly(Set<Integer> ids, Random random){
ArrayList<Integer> ids = new ArrayList<Integer>();
for (int i = 1; i<= n ; i++){
if(i!=id) {
ids.add(i);
}
}
Set<Integer> falls = new HashSet<Integer>(); Set<Integer> falls = new HashSet<Integer>();
int fallsSize = random.nextInt(ids.size()) + 1;// 1 - (n-1) ArrayList<Integer> idsList = new ArrayList<Integer>();
for (int id : ids){
idsList.add(id);
}
int fallsSize = random.nextInt(idsList.size()) + 1;// 1 - (n-1)
while (falls.size() < fallsSize){ while (falls.size() < fallsSize){
falls.add(ids.remove(random.nextInt(ids.size()))); falls.add(idsList.remove(random.nextInt(idsList.size())));
} }
return falls; return falls;
} }
public static DistributedKeyGeneration generateMaliciousDKG(DistributedKeyGeneration dkg,Random random){
BigInteger q = dkg.getQ();
BigInteger zi = new BigInteger(q.bitLength(), random).mod(q);
return new DistributedKeyGeneration(dkg.getT(),dkg.getN(),zi,random,dkg.getQ()
,dkg.getGenerator(),dkg.getGroup(),dkg.getId());
}
@Override @Override
public void stage1() { public void stage1() {
dkg.broadcastCommitments(user); dkg.broadcastCommitments(user);
@ -51,11 +56,6 @@ public class DKGMaliciousUserImpl extends DistributedKeyGenerationUserImpl {
// do nothing // do nothing
} }
private BigInteger randomInt(Random random){
BigInteger q = dkg.getQ();
return new BigInteger(q.bitLength(), random).mod(q);
}
private void sendSecrets(){ private void sendSecrets(){
for (int j = 1; j <= n ; j++){ for (int j = 1; j <= n ; j++){
if(j != id){ if(j != id){

View File

@ -2,121 +2,174 @@ package JointFeldmanProtocol;
import Arithmetics.Arithmetic; import Arithmetics.Arithmetic;
import Arithmetics.Fp; import Arithmetics.Fp;
import Arithmetics.Z;
import Communication.Network; import Communication.Network;
import FeldmanVerifiableSecretSharing.VerifiableSecretSharing;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import ShamirSecretSharing.SecretSharing; import ShamirSecretSharing.SecretSharing;
import FeldmanVerifiableSecretSharing.VerifiableSecretSharing;
import UserInterface.DistributedKeyGenerationUser; import UserInterface.DistributedKeyGenerationUser;
import Utils.GenerateRandomPrime;
import org.factcenter.qilin.primitives.Group; import org.factcenter.qilin.primitives.Group;
import org.factcenter.qilin.primitives.concrete.Zpstar; import org.factcenter.qilin.primitives.concrete.Zpstar;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.*; import java.util.ArrayList;
import java.util.HashSet;
import java.util.Random;
import java.util.Set;
/** /**
* Created by Tzlil on 2/9/2016. * Created by Tzlil on 3/21/2016.
*/ */
public class DKGTest { public class DKGTest {
DistributedKeyGenerationUser[][] dkgsArrays;
Thread[][] threadsArrays;
int tests = 10; int tests = 10;
BigInteger p = BigInteger.valueOf(2903); BigInteger p = GenerateRandomPrime.SafePrime100Bits;
BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
BigInteger[] secrets; Group<BigInteger> group = new Zpstar(p);
Set<Integer> QUAL = new HashSet<Integer>(); Arithmetic<BigInteger> arithmetic = new Fp(q);
Arithmetic<BigInteger> arithmetic;
@Before
public void settings(){
Zpstar zpstar = new Zpstar(p);
Random random = new Random();
arithmetic = new Fp(q);
BigInteger g;
int t = 9; int t = 9;
int n = 20; int n = 20;
BigInteger ZERO = zpstar.zero();
dkgsArrays = new DistributedKeyGenerationUserImpl[tests][n];
threadsArrays = new Thread[tests][n];
secrets = new BigInteger[tests];
DistributedKeyGeneration dkg;
int abortedStage = 1;
for (int test = 0; test < tests; test++) {
do {
g = zpstar.sample(random);
} while (!g.equals(ZERO) && !zpstar.multiply(g, q).equals(ZERO));// sample from QRZp*
secrets[test] = BigInteger.ZERO;
Network network = new Network(n);
for (int i = 1; i <= n; i++) {
BigInteger secret = new BigInteger(q.bitLength(), random).mod(q);
dkg = new DistributedKeyGeneration(t,n,secret,random,q,g,zpstar,i);
if(i == n) { Testable[] testables;
dkgsArrays[test][i - 1] = new DKGMaliciousUserImpl(dkg,network,random);//new DKGUserImplAbort(dkg, network, abortedStage);
} @Before
else { public void settings(){
dkgsArrays[test][i - 1] = new DistributedKeyGenerationUserImpl(dkg, network); testables = new Testable[tests];
QUAL.add(i); for (int i = 0; i < tests; i++){
} testables[i] = new Testable(new Random());
if (abortedStage > 1 || (abortedStage == 1 && i != n)){
secrets[test] = secrets[test].add(secret).mod(q);
}
threadsArrays[test][i - 1] = new Thread(dkgsArrays[test][i - 1]);
}
} }
} }
public void oneTest(Thread[] threads, DistributedKeyGenerationUser[] dkgs,BigInteger secret) throws Exception { public void oneTest(int test) throws Exception {
for (int i = 0; i < threads.length ; i++){ Testable testable = testables[test];
threads[i].start(); for (int i = 0; i < testable.threads.length ; i++){
testable.threads[i].start();
} }
for (int i = 0; i < threads.length ; i++){ for (int i = 0; i < testable.threads.length ; i++){
threads[i].join(); testable.threads[i].join();
} }
int t = dkgs[0].getT();
int n = dkgs[0].getN();
Group<BigInteger> zpstar = dkgs[0].getGroup();
BigInteger g = dkgs[0].getGenerator();
// got the right public value // got the right public value
BigInteger publicValue = zpstar.multiply(g,secret); BigInteger publicValue = group.multiply(testable.g,testable.secret);
for (int i: QUAL){ for (int i: testable.valids){
if(i != n) assert (testable.dkgs[i - 1].getPublicValue().equals(publicValue));
assert (dkgs[i - 1].getPublicValue().equals(publicValue));
} }
// assert valid verification values // assert valid verification values
BigInteger expected,verification; BigInteger expected,verification;
for (int i: QUAL){ for (int i: testable.valids){
expected = zpstar.multiply(g, dkgs[i - 1].getShare().y); expected = group.multiply(testable.g, testable.dkgs[i - 1].getShare().y);
verification = VerifiableSecretSharing.verify(i, dkgs[i - 1].getCommitments(),zpstar); verification = VerifiableSecretSharing.verify(i, testable.dkgs[i - 1].getCommitments(), group);
assert (expected.equals(verification)); assert (expected.equals(verification));
} }
// restore the secret from shares // restore the secret from shares
ArrayList<Polynomial.Point> sharesList = new ArrayList<Polynomial.Point>(); ArrayList<Polynomial.Point> sharesList = new ArrayList<Polynomial.Point>();
Polynomial.Point[] shares = new Polynomial.Point[QUAL.size()];
for(int i : QUAL){ for (int i: testable.valids){
sharesList.add(dkgs[i - 1].getShare()); sharesList.add(testable.dkgs[i - 1].getShare());
} }
Polynomial.Point[] shares = new Polynomial.Point[sharesList.size()];
for (int i = 0; i < shares.length; i ++){ for (int i = 0; i < shares.length; i ++){
shares[i] = sharesList.get(i); shares[i] = sharesList.get(i);
} }
BigInteger calculatedSecret = SecretSharing.restoreSecret(shares,arithmetic); BigInteger calculatedSecret = SecretSharing.restoreSecret(shares,arithmetic);
assert (calculatedSecret.equals(secret)); assert (calculatedSecret.equals(testable.secret));
} }
@Test @Test
public void DKGTest() throws Exception { public void test() throws Exception {
for (int i = 0 ; i < dkgsArrays.length; i ++){ for (int i = 0; i < tests; i++){
oneTest(threadsArrays[i],dkgsArrays[i],secrets[i]); oneTest(i);
}
}
class Testable{
Set<Integer> valids;
Set<Integer> QUAL;
Set<Integer> aborted;
Set<Integer> malicious;
DistributedKeyGenerationUser[] dkgs;
Thread[] threads;
BigInteger g;
BigInteger secret;
public Testable(Random random) {
this.dkgs = new DistributedKeyGenerationUserImpl[n];
this.valids = new HashSet<Integer>();
this.QUAL = new HashSet<Integer>();
this.aborted = new HashSet<Integer>();
this.malicious = new HashSet<Integer>();
this.threads = new Thread[n];
this.g = sampleGenerator(random);
ArrayList<Integer> ids = new ArrayList<Integer>();
for (int id = 1; id<= n ; id++){
ids.add(id);
}
Network network = new Network(n);
int id;
BigInteger s;
DistributedKeyGeneration dkg;
this.secret = BigInteger.ZERO;
while (!ids.isEmpty()) {
id = ids.remove(random.nextInt(ids.size()));
s = randomIntModQ(random);
dkg = new DistributedKeyGeneration(t, n, s, random, q, g, group, id);
dkgs[id - 1] = randomDKGUser(id,network,dkg,random);
threads[id - 1] = new Thread(dkgs[id - 1]);
if(QUAL.contains(id)){
this.secret = this.secret.add(s).mod(q);
}
}
}
public DistributedKeyGenerationUser randomDKGUser(int id,Network network, DistributedKeyGeneration dkg,Random random){
if (QUAL.size() <= t) {
valids.add(id);
QUAL.add(id);
return new DistributedKeyGenerationUserImpl(dkg,network);
}else{
int type = random.nextInt(3);
switch (type){
case 0:// regular
valids.add(id);
QUAL.add(id);
return new DistributedKeyGenerationUserImpl(dkg,network);
case 1:// abort
int abortStage = random.nextInt(2) + 1; // 1 or 2
aborted.add(id);
if (abortStage == 2){
QUAL.add(id);
}
return new DKGUserImplAbort(dkg,network,abortStage);
case 2:// malicious
malicious.add(id);
Set<Integer> falls = DKGMaliciousUserImpl.selectFallsRandomly(valids,random);
DistributedKeyGeneration maliciousDKG = DKGMaliciousUserImpl.generateMaliciousDKG(dkg,random);
return new DKGMaliciousUserImpl(dkg,maliciousDKG,network,falls);
default:
return null;
} }
} }
} }
public BigInteger sampleGenerator(Random random){
BigInteger ZERO = group.zero();
BigInteger g;
do {
g = group.sample(random);
} while (!g.equals(ZERO) && !group.multiply(g, q).equals(ZERO));
return g;
}
public BigInteger randomIntModQ(Random random){
return new BigInteger(q.bitLength(), random).mod(q);
}
}
}

View File

@ -0,0 +1,64 @@
package SecureDistributedKeyGenerationForDiscreteLogBasedCryptosystem;
import Communication.Network;
import JointFeldmanProtocol.DistributedKeyGeneration;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Random;
import java.util.Set;
/**
* Created by Tzlil on 3/29/2016.
*/
public class SDKGMaliciousUserImpl extends SecureDistributedKeyGenerationUserImpl {
private final DistributedKeyGeneration maliciousSDKG;
private final Set<Integer> falls;
public SDKGMaliciousUserImpl(SecureDistributedKeyGeneration sdkg,SecureDistributedKeyGeneration maliciousSDKG
, Network network,Set<Integer> falls) {
super(sdkg, network);
this.falls = falls;
this.maliciousSDKG = maliciousSDKG;
maliciousSDKG.setParties(parties);
}
public static SecureDistributedKeyGeneration generateMaliciousSDKG(SecureDistributedKeyGeneration sdkg,Random random){
BigInteger q = sdkg.getQ();
BigInteger zi = new BigInteger(q.bitLength(), random).mod(q);
return new SecureDistributedKeyGeneration(sdkg.getT(),sdkg.getN(),zi,random,sdkg.getQ()
,sdkg.getGenerator(),sdkg.getH(),sdkg.getGroup(),sdkg.getId());
}
@Override
public void stage1() {
sdkg.broadcastVerificationValues(user);
//sdkg.sendSecrets(user);
sendSecrets(); //insteadof dkg.sendSecrets(user);
}
@Override
public void stage3() {
stopReceiver();
maliciousSDKG.answerAllComplainingPlayers(user);
}
@Override
public void stage4(){
//do nothing
}
private void sendSecrets(){
for (int j = 1; j <= n ; j++){
if(j != id){
if(falls.contains(j)){
maliciousSDKG.sendSecret(user,j);
}else {
sdkg.sendSecret(user, j);
}
}
}
}
}

View File

@ -2,12 +2,16 @@ package SecureDistributedKeyGenerationForDiscreteLogBasedCryptosystem;
import Arithmetics.Arithmetic; import Arithmetics.Arithmetic;
import Arithmetics.Fp; import Arithmetics.Fp;
import Arithmetics.Z;
import Communication.Network; import Communication.Network;
import FeldmanVerifiableSecretSharing.VerifiableSecretSharing; import FeldmanVerifiableSecretSharing.VerifiableSecretSharing;
import JointFeldmanProtocol.DKGMaliciousUserImpl;
import JointFeldmanProtocol.DKGUserImplAbort;
import JointFeldmanProtocol.DistributedKeyGeneration;
import JointFeldmanProtocol.DistributedKeyGenerationUserImpl;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import ShamirSecretSharing.SecretSharing; import ShamirSecretSharing.SecretSharing;
import UserInterface.DistributedKeyGenerationUser; import UserInterface.DistributedKeyGenerationUser;
import Utils.GenerateRandomPrime;
import org.factcenter.qilin.primitives.Group; import org.factcenter.qilin.primitives.Group;
import org.factcenter.qilin.primitives.concrete.Zpstar; import org.factcenter.qilin.primitives.concrete.Zpstar;
import org.junit.Before; import org.junit.Before;
@ -20,108 +24,157 @@ import java.util.Random;
import java.util.Set; import java.util.Set;
/** /**
* Created by Tzlil on 2/23/2016. * Created by Tzlil on 3/29/2016.
*/ */
public class SDKGTest { public class SDKGTest {
DistributedKeyGenerationUser[][] sdkgsArrays;
Thread[][] threadsArrays;
int tests = 10; int tests = 10;
BigInteger p = BigInteger.valueOf(2903); BigInteger p = GenerateRandomPrime.SafePrime100Bits;
BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
BigInteger[] secrets; Group<BigInteger> group = new Zpstar(p);
Arithmetic<BigInteger> arithmetic = new Fp(q);
Set<Integer> QUAL = new HashSet<Integer>(); int t = 9;
int n = 20;
Arithmetic<BigInteger> arithmetic; Testable[] testables;
@Before @Before
public void settings(){ public void settings(){
Zpstar zpstar = new Zpstar(p); testables = new Testable[tests];
Random random = new Random(); for (int i = 0; i < tests; i++){
arithmetic = new Fp(q); testables[i] = new Testable(new Random());
BigInteger g,h;
int t = 9;
int n = 20;
BigInteger ZERO = zpstar.zero();
sdkgsArrays = new SecureDistributedKeyGenerationUserImpl[tests][n];
threadsArrays = new Thread[tests][n];
secrets = new BigInteger[tests];
SecureDistributedKeyGeneration sdkg;
for (int test = 0; test < tests; test++) {
do {
g = zpstar.sample(random);
} while (!g.equals(ZERO) && !zpstar.multiply(g, q).equals(ZERO));// sample from QRZp*
h = zpstar.multiply(g,BigInteger.valueOf(2));
secrets[test] = BigInteger.ZERO;
Network network = new Network(n);
int abortedStage = 2;
for (int i = 1; i <= n; i++) {
BigInteger secret = new BigInteger(q.bitLength(), random).mod(q);
sdkg = new SecureDistributedKeyGeneration(t,n,secret,random,q,g,h,zpstar,i);
if(i == n) {
sdkgsArrays[test][i - 1] = new SDKGUserImplAbort(sdkg, network, abortedStage);
}
else {
sdkgsArrays[test][i - 1] = new SecureDistributedKeyGenerationUserImpl(sdkg, network);
QUAL.add(i);
}
if (abortedStage > 1 || (abortedStage == 1 && i != n)){
secrets[test] = secrets[test].add(secret).mod(q);
}
threadsArrays[test][i - 1] = new Thread(sdkgsArrays[test][i - 1]);
}
} }
} }
public void oneTest(int test) throws Exception {
public void oneTest(Thread[] threads, DistributedKeyGenerationUser[] dkgs,BigInteger secret) throws Exception { Testable testable = testables[test];
for (int i = 0; i < threads.length ; i++){ for (int i = 0; i < testable.threads.length ; i++){
threads[i].start(); testable.threads[i].start();
} }
for (int i = 0; i < threads.length ; i++){ for (int i = 0; i < testable.threads.length ; i++){
threads[i].join(); testable.threads[i].join();
} }
int t = dkgs[0].getT();
int n = dkgs[0].getN();
Group<BigInteger> zpstar = dkgs[0].getGroup();
BigInteger g = dkgs[0].getGenerator();
// got the right public value // got the right public value
BigInteger publicValue = zpstar.multiply(g,secret); BigInteger publicValue = group.multiply(testable.g,testable.secret);
for (int i: QUAL){ for (int i: testable.valids){
assert (dkgs[i - 1].getPublicValue().equals(publicValue)); assert (testable.sdkgs[i - 1].getPublicValue().equals(publicValue));
} }
// assert valid verification values // assert valid verification values
BigInteger expected,verification; BigInteger expected,verification;
for (int i: QUAL){ for (int i: testable.valids){
expected = zpstar.multiply(g, dkgs[i - 1].getShare().y); expected = group.multiply(testable.g, testable.sdkgs[i - 1].getShare().y);
verification = VerifiableSecretSharing.verify(i, dkgs[i - 1].getCommitments(),zpstar); verification = VerifiableSecretSharing.verify(i, testable.sdkgs[i - 1].getCommitments(), group);
assert (expected.equals(verification)); assert (expected.equals(verification));
} }
// restore the secret from shares // restore the secret from shares
ArrayList<Polynomial.Point> sharesList = new ArrayList<Polynomial.Point>(); ArrayList<Polynomial.Point> sharesList = new ArrayList<Polynomial.Point>();
Polynomial.Point[] shares = new Polynomial.Point[QUAL.size()];
for(int i : QUAL){ for (int i: testable.valids){
sharesList.add(dkgs[i - 1].getShare()); sharesList.add(testable.sdkgs[i - 1].getShare());
} }
Polynomial.Point[] shares = new Polynomial.Point[sharesList.size()];
for (int i = 0; i < shares.length; i ++){ for (int i = 0; i < shares.length; i ++){
shares[i] = sharesList.get(i); shares[i] = sharesList.get(i);
} }
BigInteger calculatedSecret = SecretSharing.restoreSecret(shares,arithmetic); BigInteger calculatedSecret = SecretSharing.restoreSecret(shares,arithmetic);
assert (calculatedSecret.equals(secret)); assert (calculatedSecret.equals(testable.secret));
} }
@Test @Test
public void SDKGTest() throws Exception { public void test() throws Exception {
for (int i = 0 ; i < sdkgsArrays.length; i ++){ for (int i = 0; i < tests; i++){
oneTest(threadsArrays[i],sdkgsArrays[i],secrets[i]); oneTest(i);
}
}
class Testable{
Set<Integer> valids;
Set<Integer> QUAL;
Set<Integer> aborted;
Set<Integer> malicious;
DistributedKeyGenerationUser[] sdkgs;
Thread[] threads;
BigInteger g;
BigInteger h;
BigInteger secret;
public Testable(Random random) {
this.sdkgs = new SecureDistributedKeyGenerationUserImpl[n];
this.valids = new HashSet<Integer>();
this.QUAL = new HashSet<Integer>();
this.aborted = new HashSet<Integer>();
this.malicious = new HashSet<Integer>();
this.threads = new Thread[n];
this.g = sampleGenerator(random);
this.h = group.multiply(g,randomIntModQ(random));
ArrayList<Integer> ids = new ArrayList<Integer>();
for (int id = 1; id<= n ; id++){
ids.add(id);
}
Network network = new Network(n);
int id;
BigInteger s;
SecureDistributedKeyGeneration sdkg;
this.secret = BigInteger.ZERO;
while (!ids.isEmpty()) {
id = ids.remove(random.nextInt(ids.size()));
s = randomIntModQ(random);
sdkg = new SecureDistributedKeyGeneration(t, n, s, random, q, g , h, group, id);
sdkgs[id - 1] = randomSDKGUser(id,network,sdkg,random);
threads[id - 1] = new Thread(sdkgs[id - 1]);
if(QUAL.contains(id)){
this.secret = this.secret.add(s).mod(q);
}
}
}
public SecureDistributedKeyGenerationUserImpl randomSDKGUser(int id,Network network, SecureDistributedKeyGeneration sdkg,Random random){
if (QUAL.size() <= t) {
valids.add(id);
QUAL.add(id);
return new SecureDistributedKeyGenerationUserImpl(sdkg,network);
}else{
int type = random.nextInt(3);
switch (type){
case 0:// regular
valids.add(id);
QUAL.add(id);
return new SecureDistributedKeyGenerationUserImpl(sdkg,network);
case 1:// abort
int abortStage = random.nextInt(3) + 1; // 1 or 2 or 3
aborted.add(id);
if (abortStage > 1){
QUAL.add(id);
}
return new SDKGUserImplAbort(sdkg,network,abortStage);
case 2:// malicious
malicious.add(id);
Set<Integer> falls = DKGMaliciousUserImpl.selectFallsRandomly(valids,random);
SecureDistributedKeyGeneration maliciousSDKG = SDKGMaliciousUserImpl.generateMaliciousSDKG(sdkg,random);
return new SDKGMaliciousUserImpl(sdkg,maliciousSDKG,network,falls);
default:
return null;
} }
} }
} }
public BigInteger sampleGenerator(Random random){
BigInteger ZERO = group.zero();
BigInteger g;
do {
g = group.sample(random);
} while (!g.equals(ZERO) && !group.multiply(g, q).equals(ZERO));
return g;
}
public BigInteger randomIntModQ(Random random){
return new BigInteger(q.bitLength(), random).mod(q);
}
}
}

View File

@ -18,7 +18,8 @@ public class SDKGUserImplAbort extends SecureDistributedKeyGenerationUserImpl {
this.stage = 1; this.stage = 1;
} }
private void sendAbort(){ private void abort(){
stopReceiver();
user.broadcast(DKGMessages.Mail.Type.ABORT,DKGMessages.EmptyMessage.getDefaultInstance()); user.broadcast(DKGMessages.Mail.Type.ABORT,DKGMessages.EmptyMessage.getDefaultInstance());
} }
@ -27,7 +28,7 @@ public class SDKGUserImplAbort extends SecureDistributedKeyGenerationUserImpl {
if(stage < abortStage) if(stage < abortStage)
super.stage1(); super.stage1();
else if(stage == abortStage){ else if(stage == abortStage){
sendAbort(); abort();
} }
stage++; stage++;
} }
@ -37,7 +38,7 @@ public class SDKGUserImplAbort extends SecureDistributedKeyGenerationUserImpl {
if(stage < abortStage) if(stage < abortStage)
super.stage2(); super.stage2();
else if(stage == abortStage){ else if(stage == abortStage){
sendAbort(); abort();
} }
stage++; stage++;
} }
@ -47,7 +48,7 @@ public class SDKGUserImplAbort extends SecureDistributedKeyGenerationUserImpl {
if(stage < abortStage) if(stage < abortStage)
super.stage3(); super.stage3();
else if(stage == abortStage){ else if(stage == abortStage){
sendAbort(); abort();
} }
stage++; stage++;
} }
@ -57,7 +58,7 @@ public class SDKGUserImplAbort extends SecureDistributedKeyGenerationUserImpl {
if(stage < abortStage) if(stage < abortStage)
super.stage4(); super.stage4();
else if(stage == abortStage){ else if(stage == abortStage){
sendAbort(); abort();
} }
stage++; stage++;
} }

View File

@ -1,4 +1,6 @@
package ShamirSecretSharing.PolynomialTests; package ShamirSecretSharing.PolynomialTests;
import Arithmetics.Z;
import Utils.GenerateRandomPolynomial;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -24,8 +26,8 @@ public class AddTest {
arr1 = new Polynomial[tests]; arr1 = new Polynomial[tests];
arr2 = new Polynomial[tests]; arr2 = new Polynomial[tests];
for (int i = 0; i < arr1.length; i++){ for (int i = 0; i < arr1.length; i++){
arr1[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random); arr1[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,new Z());
arr2[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random); arr2[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,new Z());
} }
} }

View File

@ -2,8 +2,9 @@ package ShamirSecretSharing.PolynomialTests;
import Arithmetics.Arithmetic; import Arithmetics.Arithmetic;
import Arithmetics.Fp; import Arithmetics.Fp;
import Arithmetics.Z; import Utils.GenerateRandomPolynomial;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import Utils.GenerateRandomPrime;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -23,7 +24,7 @@ public class InterpolationTest {
Random random; Random random;
Polynomial.Point[][] pointsArrays; Polynomial.Point[][] pointsArrays;
Arithmetic<BigInteger> arithmetic; Arithmetic<BigInteger> arithmetic;
BigInteger p = BigInteger.valueOf(2903); BigInteger p = GenerateRandomPrime.SafePrime100Bits;
@Before @Before
public void settings(){ public void settings(){
@ -31,7 +32,7 @@ public class InterpolationTest {
polynomials = new Polynomial[tests]; polynomials = new Polynomial[tests];
pointsArrays = new Polynomial.Point[tests][]; pointsArrays = new Polynomial.Point[tests][];
for (int i = 0; i < polynomials.length; i++){ for (int i = 0; i < polynomials.length; i++){
polynomials[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,p); polynomials[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,p);
pointsArrays[i] = randomPoints(polynomials[i]); pointsArrays[i] = randomPoints(polynomials[i]);
} }
arithmetic = new Fp(p); arithmetic = new Fp(p);

View File

@ -1,5 +1,7 @@
package ShamirSecretSharing.PolynomialTests; package ShamirSecretSharing.PolynomialTests;
import Arithmetics.Z;
import Utils.GenerateRandomPolynomial;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -26,7 +28,7 @@ public class MulByConstTest {
arr1 = new Polynomial[tests]; arr1 = new Polynomial[tests];
arr2 = new BigInteger[tests]; arr2 = new BigInteger[tests];
for (int i = 0; i < arr1.length; i++){ for (int i = 0; i < arr1.length; i++){
arr1[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random); arr1[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,new Z());
arr2[i] = new BigInteger(bits,random); arr2[i] = new BigInteger(bits,random);
} }
} }

View File

@ -1,5 +1,7 @@
package ShamirSecretSharing.PolynomialTests; package ShamirSecretSharing.PolynomialTests;
import Arithmetics.Z;
import Utils.GenerateRandomPolynomial;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -26,8 +28,8 @@ public class MulTest {
arr1 = new Polynomial[tests]; arr1 = new Polynomial[tests];
arr2 = new Polynomial[tests]; arr2 = new Polynomial[tests];
for (int i = 0; i < arr1.length; i++){ for (int i = 0; i < arr1.length; i++){
arr1[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random); arr1[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,new Z());
arr2[i] = Utils.generateRandomPolynomial(random.nextInt(maxDegree),bits,random); arr2[i] = GenerateRandomPolynomial.generateRandomPolynomial(random.nextInt(maxDegree),bits,random,new Z());
} }
} }

View File

@ -1,6 +1,7 @@
package ShamirSecretSharing; package ShamirSecretSharing;
import Arithmetics.Z; import Arithmetics.Z;
import Utils.GenerateRandomPrime;
import org.factcenter.qilin.primitives.CyclicGroup; import org.factcenter.qilin.primitives.CyclicGroup;
import org.factcenter.qilin.primitives.concrete.Zn; import org.factcenter.qilin.primitives.concrete.Zn;
import org.junit.Before; import org.junit.Before;
@ -24,7 +25,7 @@ public class SecretSharingTest {
@Before @Before
public void settings(){ public void settings(){
BigInteger p = BigInteger.valueOf(2903); BigInteger p = GenerateRandomPrime.SafePrime100Bits;
BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
group = new Zn(p); group = new Zn(p);
int t = 9; int t = 9;

View File

@ -1,5 +1,6 @@
package ShamirSecretSharing.PolynomialTests; package Utils;
import Arithmetics.Arithmetic;
import Arithmetics.Fp; import Arithmetics.Fp;
import ShamirSecretSharing.Polynomial; import ShamirSecretSharing.Polynomial;
@ -9,19 +10,19 @@ import java.util.Random;
/** /**
* Created by Tzlil on 1/27/2016. * Created by Tzlil on 1/27/2016.
*/ */
public class Utils { public class GenerateRandomPolynomial {
public static Polynomial generateRandomPolynomial(int degree,int bits,Random random) { public static Polynomial generateRandomPolynomial(int degree, int bits, Random random,Arithmetic<BigInteger> arithmetic) {
BigInteger[] coefficients = new BigInteger[degree + 1]; BigInteger[] coefficients = new BigInteger[degree + 1];
for (int i = 0 ; i <= degree; i++ ){ for (int i = 0 ; i <= degree; i++ ){
coefficients[i] = new BigInteger(bits,random); // sample from Zp [0,... q-1] coefficients[i] = new BigInteger(bits,random); // sample from Zp [0,... q-1]
} }
return new Polynomial(coefficients); return new Polynomial(coefficients,arithmetic);
} }
public static Polynomial generateRandomPolynomial(int degree,int bits,Random random,BigInteger p) { public static Polynomial generateRandomPolynomial(int degree,int bits,Random random,BigInteger p) {
BigInteger[] coefficients = generateRandomPolynomial(degree,bits,random).getCoefficients(); BigInteger[] coefficients = generateRandomPolynomial(degree,bits,random,new Fp(p)).getCoefficients();
for (int i = 0; i<coefficients.length;i++){ for (int i = 0; i<coefficients.length;i++){
coefficients[i] = coefficients[i].mod(p); coefficients[i] = coefficients[i].mod(p);
} }

View File

@ -0,0 +1,32 @@
package Utils;
import org.junit.Test;
import java.math.BigInteger;
import java.util.Random;
/**
* Created by Tzlil on 3/28/2016.
*/
public class GenerateRandomPrime {
private final static int Certainty = 10000;
public final static BigInteger SafePrime100Bits = new BigInteger("146407324427772525685319783363");
public static BigInteger generateRandomPrime(int bits, Random random) {
BigInteger p;
do {
p = new BigInteger(bits, random);
} while (!p.isProbablePrime(Certainty));
return p;
}
public static BigInteger generateRandomSafePrime(int bits, Random random) {
BigInteger p;
BigInteger q;
do {
p = generateRandomPrime(bits, random);
q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2));
} while (!q.isProbablePrime(Certainty));
return q;
}
}