From b4e50408140f25393cce48546667a4d310960b53 Mon Sep 17 00:00:00 2001 From: "tzlil.gon" Date: Sun, 17 Apr 2016 09:08:21 +0300 Subject: [PATCH] comments --- mixer/src/main/java/main/BatchConverter.java | 91 ------ mixer/src/main/java/main/BatchHandler.java | 77 ----- mixer/src/main/java/main/MainMixing.java | 95 ------ .../java/meerkat/mixer/main/BatchHandler.java | 7 + .../java/meerkat/mixer/main/MainMixing.java | 7 + .../java/meerkat/mixer/mixing/MixNetwork.java | 7 + .../main/java/meerkat/mixer/mixing/Mixer.java | 7 + .../meerkat/mixer/mixing/MixerOutput.java | 7 + .../mixer/mixing/RandomPermutation.java | 7 + .../java/meerkat/mixer/mixing/Switch.java | 7 + .../necessary/AsyncBulletinBoardClient.java | 7 + .../mixer/necessary/BulletinBoardClient.java | 7 + .../mixer/necessary/CompleteBatch.java | 7 + .../mixer/prover/ElGamalProofOrganizer.java | 7 + .../java/meerkat/mixer/prover/Prover.java | 7 + .../java/meerkat/mixer/verifier/Verifier.java | 7 + .../meerkat/mixer/verifier/VerifyTable.java | 7 + .../verifier/ZeroKnowledgeOrProofParser.java | 7 + mixer/src/main/java/mixer/MixNetwork.java | 175 ---------- mixer/src/main/java/mixer/Mixer.java | 150 --------- mixer/src/main/java/mixer/MixerOutput.java | 106 ------ .../main/java/mixer/RandomPermutation.java | 32 -- mixer/src/main/java/mixer/Switch.java | 28 -- .../necessary/AsyncBulletinBoardClient.java | 78 ----- .../java/necessary/BulletinBoardClient.java | 63 ---- .../main/java/necessary/CompleteBatch.java | 68 ---- .../java/prover/ElGamalProofOrganizer.java | 303 ------------------ mixer/src/main/java/prover/Prover.java | 215 ------------- mixer/src/main/java/verifier/Verifier.java | 121 ------- mixer/src/main/java/verifier/VerifyTable.java | 88 ----- .../verifier/ZeroKnowledgeOrProofParser.java | 69 ---- .../{ => meerkat}/mixer/CreateTestVector.java | 5 +- .../{ => meerkat}/mixer/MixNetworkTest.java | 2 +- .../java/{ => meerkat}/mixer/MixingTest.java | 2 +- .../{ => meerkat}/mixer/RerandomizeTest.java | 2 +- .../mixer/SimpleRerandomizeTest.java | 2 +- .../test/java/{ => meerkat}/mixer/Utils.java | 2 +- .../mixer/ZeroKnowledgeProofTest.java | 2 +- 38 files changed, 115 insertions(+), 1766 deletions(-) delete mode 100644 mixer/src/main/java/main/BatchConverter.java delete mode 100644 mixer/src/main/java/main/BatchHandler.java delete mode 100644 mixer/src/main/java/main/MainMixing.java create mode 100644 mixer/src/main/java/meerkat/mixer/main/BatchHandler.java create mode 100644 mixer/src/main/java/meerkat/mixer/main/MainMixing.java create mode 100644 mixer/src/main/java/meerkat/mixer/mixing/MixNetwork.java create mode 100644 mixer/src/main/java/meerkat/mixer/mixing/Mixer.java create mode 100644 mixer/src/main/java/meerkat/mixer/mixing/MixerOutput.java create mode 100644 mixer/src/main/java/meerkat/mixer/mixing/RandomPermutation.java create mode 100644 mixer/src/main/java/meerkat/mixer/mixing/Switch.java create mode 100644 mixer/src/main/java/meerkat/mixer/necessary/AsyncBulletinBoardClient.java create mode 100644 mixer/src/main/java/meerkat/mixer/necessary/BulletinBoardClient.java create mode 100644 mixer/src/main/java/meerkat/mixer/necessary/CompleteBatch.java create mode 100644 mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java create mode 100644 mixer/src/main/java/meerkat/mixer/prover/Prover.java create mode 100644 mixer/src/main/java/meerkat/mixer/verifier/Verifier.java create mode 100644 mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java create mode 100644 mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java delete mode 100644 mixer/src/main/java/mixer/MixNetwork.java delete mode 100644 mixer/src/main/java/mixer/Mixer.java delete mode 100644 mixer/src/main/java/mixer/MixerOutput.java delete mode 100644 mixer/src/main/java/mixer/RandomPermutation.java delete mode 100644 mixer/src/main/java/mixer/Switch.java delete mode 100644 mixer/src/main/java/necessary/AsyncBulletinBoardClient.java delete mode 100644 mixer/src/main/java/necessary/BulletinBoardClient.java delete mode 100644 mixer/src/main/java/necessary/CompleteBatch.java delete mode 100644 mixer/src/main/java/prover/ElGamalProofOrganizer.java delete mode 100644 mixer/src/main/java/prover/Prover.java delete mode 100644 mixer/src/main/java/verifier/Verifier.java delete mode 100644 mixer/src/main/java/verifier/VerifyTable.java delete mode 100644 mixer/src/main/java/verifier/ZeroKnowledgeOrProofParser.java rename mixer/src/test/java/{ => meerkat}/mixer/CreateTestVector.java (97%) rename mixer/src/test/java/{ => meerkat}/mixer/MixNetworkTest.java (97%) rename mixer/src/test/java/{ => meerkat}/mixer/MixingTest.java (99%) rename mixer/src/test/java/{ => meerkat}/mixer/RerandomizeTest.java (99%) rename mixer/src/test/java/{ => meerkat}/mixer/SimpleRerandomizeTest.java (99%) rename mixer/src/test/java/{ => meerkat}/mixer/Utils.java (99%) rename mixer/src/test/java/{ => meerkat}/mixer/ZeroKnowledgeProofTest.java (99%) diff --git a/mixer/src/main/java/main/BatchConverter.java b/mixer/src/main/java/main/BatchConverter.java deleted file mode 100644 index c4e3404..0000000 --- a/mixer/src/main/java/main/BatchConverter.java +++ /dev/null @@ -1,91 +0,0 @@ -package main; - -import com.google.protobuf.ByteString; -import meerkat.crypto.mixnet.MixerOutput; -import meerkat.protobuf.BulletinBoardAPI; -import meerkat.protobuf.Crypto; -import meerkat.protobuf.Mixing; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.List; - -/** - * Created by Tzlil on 12/17/2015. - */ - -public class BatchConverter { - - private final int n,layers; - public BatchConverter(int n,int layers){ - this.n = n; - this.layers = layers; - } - - private ByteString Integer2ByteString(int a){ - return ByteString.copyFrom(BigInteger.valueOf(a).toByteArray()); - } - - private int ByteString2Integer(ByteString bs) { - return Integer.valueOf(bs.toString()); - } - - public List MixerOutput2BatchData(MixerOutput mixerOutput) { - - List result = new ArrayList(); - - result.add(BulletinBoardAPI.BatchData.newBuilder() - .setData(Integer2ByteString(n)) - .build()); - - for (Mixing.ZeroKnowledgeProof[] zkpLayer : mixerOutput.getProofs()) { - for (Mixing.ZeroKnowledgeProof zkp : zkpLayer) { - result.add(BulletinBoardAPI.BatchData.newBuilder() - .setData(zkp.toByteString()) - .build()); - } - } - for (Crypto.RerandomizableEncryptedMessage[] encryptionLayer : mixerOutput.getEncryptedMessages()) { - for (Crypto.RerandomizableEncryptedMessage encryption : encryptionLayer) { - result.add(BulletinBoardAPI.BatchData.newBuilder() - .setData(encryption.toByteString()) - .build()); - } - } - return result; - } - - public MixerOutput BatchDataList2MixerOutput - (List batchDataList) throws Exception { - - if (n != ByteString2Integer(batchDataList.remove(0).getData())){ - throw new Exception(); - } - - int nDiv2 = n >>1; - Mixing.ZeroKnowledgeProof[][] proofs = new Mixing.ZeroKnowledgeProof[layers][nDiv2]; - for (int layer = 0; layer < layers; layer++) - { - for (int proofIndex = 0 ; proofIndex < nDiv2 ; proofIndex ++) - { - proofs[layer][proofIndex] = Mixing.ZeroKnowledgeProof.parseFrom(batchDataList.remove(0).getData()); - } - } - - Crypto.RerandomizableEncryptedMessage[][] encryptions - = new Crypto.RerandomizableEncryptedMessage[layers + 1][n]; - for (int layer = 0; layer < layers + 1; layer++) - { - for (int encryptionIndex = 0 ; encryptionIndex < n ; encryptionIndex ++) - { - encryptions[layer][encryptionIndex] = Crypto.RerandomizableEncryptedMessage - .parseFrom(batchDataList.remove(0).getData()); - } - } - - return new mixer.MixerOutput(n,layers,proofs,encryptions); - - } - -} - diff --git a/mixer/src/main/java/main/BatchHandler.java b/mixer/src/main/java/main/BatchHandler.java deleted file mode 100644 index 00eb510..0000000 --- a/mixer/src/main/java/main/BatchHandler.java +++ /dev/null @@ -1,77 +0,0 @@ -package main; - -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.crypto.mixnet.MixerOutput; -import meerkat.protobuf.Crypto; -import necessary.AsyncBulletinBoardClient; -import necessary.CompleteBatch; -import verifier.VerifyTable; - -import java.util.Arrays; -import java.util.List; - -/** - * Created by Tzlil on 12/17/2015. - */ -public class BatchHandler implements AsyncBulletinBoardClient.ClientCallback { - - private MixerOutput mixerOutput; - private boolean msgReceived; - private Throwable t; - private CompleteBatch msg; - - private final int n, layers; - private final Mix2ZeroKnowledgeVerifier verifier; - - public BatchHandler(int n, int layers, Mix2ZeroKnowledgeVerifier verifier) { - this.mixerOutput = null; - this.n = n; - this.layers = layers; - this.msgReceived = false; - this.t = null; - this.verifier = verifier; - } - - @Override - public void handleCallback(CompleteBatch msg) { - this.msg = msg; - this.msgReceived = true; - } - - @Override - public void handleFailure(Throwable t) { - this.t = t; - this.msgReceived = true; - } - - - public boolean isMsgReceived() { - return msgReceived; - } - - private void convertMessage() throws Exception { - BatchConverter batchConverter = new BatchConverter(n,layers); - mixerOutput = batchConverter.BatchDataList2MixerOutput(msg.getBatchDataList()); - } - - public boolean verifyTable() throws Exception { - if (mixerOutput == null) { - convertMessage(); - } - return VerifyTable.verifyTable(verifier, n, mixerOutput); - } - - public List getInputForMixer() throws Throwable { - if (t != null) { - throw t; - } - if (mixerOutput == null) { - convertMessage(); - if (!VerifyTable.verifyTable(verifier, n, mixerOutput)) { - throw new Exception("in valid table"); - } - } - return Arrays.asList(mixerOutput.getEncryptedMessages()[layers]);//there are layers + 1 - } -} - diff --git a/mixer/src/main/java/main/MainMixing.java b/mixer/src/main/java/main/MainMixing.java deleted file mode 100644 index 2b6c09a..0000000 --- a/mixer/src/main/java/main/MainMixing.java +++ /dev/null @@ -1,95 +0,0 @@ -package main; - -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.crypto.mixnet.Mixer; -import meerkat.crypto.mixnet.MixerOutput; -import meerkat.protobuf.BulletinBoardAPI; -import meerkat.protobuf.Crypto; -import necessary.AsyncBulletinBoardClient; - - -import java.util.ArrayList; -import java.util.List; - - -/** - * Created by Tzlil on 12/17/2015. - */ -public class MainMixing { - - private final Mixer mixer; - private final Mix2ZeroKnowledgeVerifier verifier; - private final int n, layers; - private final AsyncBulletinBoardClient asyncBulletinBoardClient; - private final byte[] id; - private final int mixerOrder; - - - public MainMixing(Mixer mixer, int mixerOrder, Mix2ZeroKnowledgeVerifier verifier, int n - , AsyncBulletinBoardClient asyncBulletinBoardClient, byte[] id) { - this.mixer = mixer; - this.mixerOrder = mixerOrder; - this.verifier = verifier; - this.n = n; - this.layers = (int) (2 * Math.log(n) / Math.log(2)) - 1; // layers = 2logn -1 - this.asyncBulletinBoardClient = asyncBulletinBoardClient; - this.id = id; - } - - public void main(List prevBatchIds, int batchId, AsyncBulletinBoardClient.ClientCallback callback) throws Throwable { - - List mixerInput; - - List batchHandlers = new ArrayList(prevBatchIds.size()); - BatchHandler currentBatchHandler; - for (Integer prevBatchId : prevBatchIds) { - currentBatchHandler = new BatchHandler(n, layers,verifier); - asyncBulletinBoardClient.readBatch(id, prevBatchId,currentBatchHandler); - batchHandlers.add(currentBatchHandler); - } - - // ToDo : assert table continues - // ToDo : assert signature validity - - boolean allDone = false; - while (!allDone) { - try { - Thread.sleep(30); - } catch (InterruptedException e) { - // do nothing - } - // check all handlers messages were received - allDone = true; - for (BatchHandler batchHandler : batchHandlers) { - allDone &= batchHandler.isMsgReceived(); - } - } - - // assert all handlers succeeded - for (BatchHandler batchHandler : batchHandlers) { - if(!batchHandler.verifyTable()){ - throw new Exception("invalid input"); - } - } - - BatchHandler lastBatchHandler = batchHandlers.get(batchHandlers.size() - 1); - mixerInput = lastBatchHandler.getInputForMixer(); - - MixerOutput mixerOutput = mixer.mix(mixerInput); - updateBB(mixerOutput, batchId, callback); - - } - - - private void updateBB(MixerOutput mixerOutput - , int batchId, AsyncBulletinBoardClient.ClientCallback callback) { - - BatchConverter batchConverter = new BatchConverter(n,layers); - List batchDataList = batchConverter.MixerOutput2BatchData(mixerOutput); - asyncBulletinBoardClient.postBatch(id, batchId, batchDataList, callback); - } - - - - -} diff --git a/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java b/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java new file mode 100644 index 0000000..dee9129 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/main/BatchHandler.java @@ -0,0 +1,7 @@ +package meerkat.mixer.main; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class BatchHandler { +} diff --git a/mixer/src/main/java/meerkat/mixer/main/MainMixing.java b/mixer/src/main/java/meerkat/mixer/main/MainMixing.java new file mode 100644 index 0000000..27b6fca --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/main/MainMixing.java @@ -0,0 +1,7 @@ +package meerkat.mixer.main; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class MainMixing { +} diff --git a/mixer/src/main/java/meerkat/mixer/mixing/MixNetwork.java b/mixer/src/main/java/meerkat/mixer/mixing/MixNetwork.java new file mode 100644 index 0000000..71770ce --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/mixing/MixNetwork.java @@ -0,0 +1,7 @@ +package meerkat.mixer.mixing; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class MixNetwork { +} diff --git a/mixer/src/main/java/meerkat/mixer/mixing/Mixer.java b/mixer/src/main/java/meerkat/mixer/mixing/Mixer.java new file mode 100644 index 0000000..c405784 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/mixing/Mixer.java @@ -0,0 +1,7 @@ +package meerkat.mixer.mixing; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class Mixer { +} diff --git a/mixer/src/main/java/meerkat/mixer/mixing/MixerOutput.java b/mixer/src/main/java/meerkat/mixer/mixing/MixerOutput.java new file mode 100644 index 0000000..dbeac75 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/mixing/MixerOutput.java @@ -0,0 +1,7 @@ +package meerkat.mixer.mixing; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class MixerOutput { +} diff --git a/mixer/src/main/java/meerkat/mixer/mixing/RandomPermutation.java b/mixer/src/main/java/meerkat/mixer/mixing/RandomPermutation.java new file mode 100644 index 0000000..9202403 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/mixing/RandomPermutation.java @@ -0,0 +1,7 @@ +package meerkat.mixer.mixing; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class RandomPermutation { +} diff --git a/mixer/src/main/java/meerkat/mixer/mixing/Switch.java b/mixer/src/main/java/meerkat/mixer/mixing/Switch.java new file mode 100644 index 0000000..0d9c17e --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/mixing/Switch.java @@ -0,0 +1,7 @@ +package meerkat.mixer.mixing; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class Switch { +} diff --git a/mixer/src/main/java/meerkat/mixer/necessary/AsyncBulletinBoardClient.java b/mixer/src/main/java/meerkat/mixer/necessary/AsyncBulletinBoardClient.java new file mode 100644 index 0000000..410bf54 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/necessary/AsyncBulletinBoardClient.java @@ -0,0 +1,7 @@ +package meerkat.mixer.necessary; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class AsyncBulletinBoardClient { +} diff --git a/mixer/src/main/java/meerkat/mixer/necessary/BulletinBoardClient.java b/mixer/src/main/java/meerkat/mixer/necessary/BulletinBoardClient.java new file mode 100644 index 0000000..a4e0a0a --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/necessary/BulletinBoardClient.java @@ -0,0 +1,7 @@ +package meerkat.mixer.necessary; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class BulletinBoardClient { +} diff --git a/mixer/src/main/java/meerkat/mixer/necessary/CompleteBatch.java b/mixer/src/main/java/meerkat/mixer/necessary/CompleteBatch.java new file mode 100644 index 0000000..b8067e5 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/necessary/CompleteBatch.java @@ -0,0 +1,7 @@ +package meerkat.mixer.necessary; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class CompleteBatch { +} diff --git a/mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java b/mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java new file mode 100644 index 0000000..1d2272b --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/prover/ElGamalProofOrganizer.java @@ -0,0 +1,7 @@ +package meerkat.mixer.prover; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class ElGamalProofOrganizer { +} diff --git a/mixer/src/main/java/meerkat/mixer/prover/Prover.java b/mixer/src/main/java/meerkat/mixer/prover/Prover.java new file mode 100644 index 0000000..9bda892 --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/prover/Prover.java @@ -0,0 +1,7 @@ +package meerkat.mixer.prover; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class Prover { +} diff --git a/mixer/src/main/java/meerkat/mixer/verifier/Verifier.java b/mixer/src/main/java/meerkat/mixer/verifier/Verifier.java new file mode 100644 index 0000000..0b19faa --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/verifier/Verifier.java @@ -0,0 +1,7 @@ +package meerkat.mixer.verifier; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class Verifier { +} diff --git a/mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java b/mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java new file mode 100644 index 0000000..1158e2e --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/verifier/VerifyTable.java @@ -0,0 +1,7 @@ +package meerkat.mixer.verifier; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class VerifyTable { +} diff --git a/mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java b/mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java new file mode 100644 index 0000000..44fe45d --- /dev/null +++ b/mixer/src/main/java/meerkat/mixer/verifier/ZeroKnowledgeOrProofParser.java @@ -0,0 +1,7 @@ +package meerkat.mixer.verifier; + +/** + * Created by Tzlil on 4/16/2016. + */ +public class ZeroKnowledgeOrProofParser { +} diff --git a/mixer/src/main/java/mixer/MixNetwork.java b/mixer/src/main/java/mixer/MixNetwork.java deleted file mode 100644 index 833ef73..0000000 --- a/mixer/src/main/java/mixer/MixNetwork.java +++ /dev/null @@ -1,175 +0,0 @@ -package mixer; - -import java.util.ArrayList; -import java.util.List; -import java.util.Queue; -import java.util.concurrent.ArrayBlockingQueue; -import java.util.Random; - -/** - * Created by Tzlil on 12/15/2015. - */ -public class MixNetwork { - - private final Switch[][] switches; - - public MixNetwork(RandomPermutation randomPermutation) - { - int[] permutation = randomPermutation.permutation; - int n = permutation.length; - assert ((n & n-1) == 0); //n == 2^k - int layers = (int)(2*Math.log(n)/Math.log(2)) - 1; - - int[] pi, piL, piR; - Queue permutationsQueue = new ArrayBlockingQueue(n); - Graph graph; - int iDiv2; - int nDiv2 = n >> 1; - switches = new Switch[layers][nDiv2]; - int index1,index2; - - permutationsQueue.add(permutation); - for (int i = n, layer = 0; i > 1; i >>= 1, layer++) // i == permutation size - { - iDiv2 = i >> 1; - for (int j = 0; j < nDiv2; j += iDiv2) // j == permutation start index - { - pi = permutationsQueue.remove(); - graph = new Graph(pi); - piL = new int[iDiv2]; - piR = new int[iDiv2]; - for (int k = 0; k < iDiv2; k++) // k == switch index in permutation j - { - index1 = k + (j << 1); - index2 = index1 + iDiv2; - switches[layers - layer - 1][k + j] = new Switch(index1,index2,layers - layer - 1,graph.getSwitchValue(k, true)); - switches[layer][k + j] = new Switch(index1,index2,layer,graph.getSwitchValue(k, false)); - - if (!switches[layers - layer - 1][k + j].value) { - piL[k] = pi[k] % iDiv2; - piR[k] = pi[k + iDiv2] % iDiv2; - } else { - piL[k] = pi[k + iDiv2] % iDiv2; - piR[k] = pi[k] % iDiv2; - } - } - permutationsQueue.add(piL); - permutationsQueue.add(piR); - } - } - } - - public Switch[] getSwitchesByLayer(int layer) - { - return switches[layer]; - } - - private class Graph { - private int n; - private int nDiv2; - private Node[][] nodes; - protected Graph(int[] permutation){ - n = permutation.length; // n = 2^k - nDiv2 = n >> 1; - createNodes(); - createEdges(permutation); - setSwitches(); - } - - // provide an access to algorithm result - // index must be less then n/2 - protected boolean getSwitchValue(int index,boolean up) - { - return up ? nodes[0][index].value : nodes[1][index].value; - } - - // create two lines of nodes size n/2 each - // the value of the i th node is (i,i+n/2) if i < n /2 (first line) - // otherwise its value is (i - n/2 , i) (second line) - private void createNodes() - { - nodes = new Node[2][nDiv2]; - for (int i = 0; i < nDiv2; i++) - { - nodes[0][i] = new Node(); - nodes[1][i] = new Node(); - } - } - - // create an edge between each pair of nodes i,j from different lines (i index of the first line) - // if exists k in i th node's value and t in j th node's value - // s.t permutation[k] == t - // the edge is broken if (k < n/2 and t >= n/2) or (k >= n/2 and t < n/2) - // Note: in purpose to avoid edge cases, each node has exactly two edges - private void createEdges(int[] permutation) - { - int j; - for (int i = 0; i < nDiv2; i++) - { - j = permutation[i] % nDiv2; - nodes[0][i].edges.add(new Edge(nodes[1][j], (permutation[i] >= nDiv2))); - nodes[1][j].edges.add(new Edge(nodes[0][i], (permutation[i] >= nDiv2))); - - j = permutation[i + nDiv2] % nDiv2; - nodes[0][i].edges.add(new Edge(nodes[1][j], (permutation[i + nDiv2] < nDiv2))); - nodes[1][j].edges.add(new Edge(nodes[0][i], (permutation[i + nDiv2] < nDiv2))); - } - } - - // set switch's value (on/off) for each switch (node) - // s.t if nodes i,j connected by edge e, i th switch's value - // must be equal to j's if e is broken or not equal if e is not broken - private void setSwitches() - { - Node node; - boolean v; - Edge e0,e1; - // iterate over first line of nodes - for (int i = 0; i < nDiv2; i++) - { - node = nodes[0][i]; - if (node.set) - continue; - //select default value for first node in connected component - v = false; - // set value to all reachable nodes from node - while (true) - { - node.set = true; - node.value = v; - e0 = node.edges.get(0); e1 = node.edges.get(1); - if (e0.neighbor.set && e1.neighbor.set) - break; - v ^= (!e0.neighbor.set) ? e0.broken : e1.broken; - node = (!e0.neighbor.set) ? e0.neighbor : e1.neighbor; - } - } - } - - //inner classes - private class Node - { - public List edges; - private boolean value; - private boolean set; - public Node() - { - edges = new ArrayList(2); - set = false; - } - } - - private class Edge - { - public Node neighbor; - public boolean broken; - public Edge(Node neighbor, boolean broken) - { - this.neighbor = neighbor; - this.broken = broken; - } - } - } - - -} diff --git a/mixer/src/main/java/mixer/Mixer.java b/mixer/src/main/java/mixer/Mixer.java deleted file mode 100644 index ddee9f9..0000000 --- a/mixer/src/main/java/mixer/Mixer.java +++ /dev/null @@ -1,150 +0,0 @@ -package mixer; - -import com.google.protobuf.InvalidProtocolBufferException; -import meerkat.crypto.Encryption; -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.crypto.mixnet.MixerOutput; -import meerkat.protobuf.Crypto.EncryptionRandomness; -import meerkat.protobuf.Crypto.RerandomizableEncryptedMessage; -import meerkat.protobuf.Mixing.ZeroKnowledgeProof; - -import java.math.BigInteger; -import java.util.List; -import java.util.Random; - -public class Mixer implements meerkat.crypto.mixnet.Mixer { - - protected final Random random; - protected final Mix2ZeroKnowledgeProver prover; - protected final Encryption encryptor; - protected final Mix2ZeroKnowledgeVerifier verifier; - - public Mixer(Random rand, Mix2ZeroKnowledgeProver prov, Encryption enc) { - this.random = rand; - this.prover = prov; - this.encryptor = enc; - this.verifier = null; - } - - public Mixer(Random rand, Mix2ZeroKnowledgeProver prov, Encryption enc,Mix2ZeroKnowledgeVerifier verifier) { - this.random = rand; - this.prover = prov; - this.encryptor = enc; - this.verifier = verifier; - } - - // assert n = 2^k and n > 1 - protected boolean inputBasicCheckSum(int n){ - return n > 1 && ((n & (n - 1)) == 0); - } - protected RerandomizableEncryptedMessage[][] initializeEncryptionTable(int n,int layers,List ciphertexts){ - // set first level of encryption - RerandomizableEncryptedMessage[][] encryptionTable = new RerandomizableEncryptedMessage[layers + 1][n]; - for (int j = 0; j < n; j++) { - encryptionTable[0][j] = ciphertexts.get(j); - } - return encryptionTable; - } - - protected EncryptionRandomness[][] generateRandomnessesForRerandomize(int n,int layers){ - EncryptionRandomness[][] randomnesses = new EncryptionRandomness[layers][n]; - for (int layer = 0; layer < layers; layer++) - { - for (int i = 0; i < n; i++) { - randomnesses[layer][i] = encryptor.generateRandomness(random);; - } - } - return randomnesses; - } - - protected MixNetwork createMixNetwork(int n){ - return new MixNetwork(new RandomPermutation(n,random)); - } - - protected void rerandomize(int layers,MixNetwork mixNetwork, RerandomizableEncryptedMessage[][] encryptionTable - ,EncryptionRandomness[][] randomnesses) throws InvalidProtocolBufferException { - Switch[] switchesLayer; - int index1,index2; - RerandomizableEncryptedMessage e1,e2; - EncryptionRandomness r1,r2; - for (int layer = 0; layer < layers; layer++) - { - switchesLayer = mixNetwork.getSwitchesByLayer(layer); - for (Switch sw : switchesLayer) { - index1 = sw.i; - index2 = sw.j; - e1 = encryptionTable[layer][index1]; - e2 = encryptionTable[layer][index2]; - - r1 = randomnesses[layer][index1]; - r2 = randomnesses[layer][index2]; - if (!sw.value) { - encryptionTable[layer + 1][index1] = encryptor.rerandomize(e1, r1); - encryptionTable[layer + 1][index2] = encryptor.rerandomize(e2, r2); - - } else { - encryptionTable[layer + 1][index1] = encryptor.rerandomize(e2, r2); - encryptionTable[layer + 1][index2] = encryptor.rerandomize(e1, r1); - } - } - } - } - - protected ZeroKnowledgeProof[][] createZKPTable(int n,int layers,MixNetwork mixNetwork, RerandomizableEncryptedMessage[][] encryptionTable - ,EncryptionRandomness[][] randomnesses) throws InvalidProtocolBufferException { - Switch[] switchesLayer; - int index1,index2; - int switchIndex = 0; - int nDiv2 = n >> 1; - ZeroKnowledgeProof[][] proofsTable = new ZeroKnowledgeProof[layers][nDiv2]; - - - RerandomizableEncryptedMessage e1,e2; - EncryptionRandomness r1,r2; - for (int layer = 0; layer < layers; layer++) - { - switchesLayer = mixNetwork.getSwitchesByLayer(layer); - for (Switch sw : switchesLayer) { - index1 = sw.i; - index2 = sw.j; - e1 = encryptionTable[layer][index1]; - e2 = encryptionTable[layer][index2]; - r1 = randomnesses[layer][index1]; - r2 = randomnesses[layer][index2]; - - proofsTable[layer][switchIndex] = - prover.prove(e1, e2, encryptionTable[layer + 1][index1], - encryptionTable[layer + 1][index2], - sw.value, sw.i, sw.j, sw.layer, r1, r2); - - switchIndex = (switchIndex + 1) % nDiv2; - } - } - return proofsTable; - } - - public MixerOutput mix(List ciphertexts) throws InvalidProtocolBufferException { - - int n = ciphertexts.size(); - - if (!inputBasicCheckSum(n)) - return null; - - int layers = (int) (2 * Math.log(n) / Math.log(2)) - 1; // layers = 2logn -1 - RerandomizableEncryptedMessage[][] encryptionTable = initializeEncryptionTable(n,layers,ciphertexts); - EncryptionRandomness[][] randomnesses = generateRandomnessesForRerandomize(n,layers); - MixNetwork mixNetwork = createMixNetwork(n); - - BigInteger time = BigInteger.valueOf(System.currentTimeMillis()); - rerandomize(layers,mixNetwork,encryptionTable,randomnesses); - System.out.println("re enc time : " + BigInteger.valueOf(System.currentTimeMillis()).subtract(time)); - - time = BigInteger.valueOf(System.currentTimeMillis()); - ZeroKnowledgeProof[][] proofsTable = createZKPTable(n,layers,mixNetwork,encryptionTable,randomnesses); - System.out.println("zkp time : " + BigInteger.valueOf(System.currentTimeMillis()).subtract(time)); - - return new mixer.MixerOutput(n,layers,proofsTable, encryptionTable); - } - -} \ No newline at end of file diff --git a/mixer/src/main/java/mixer/MixerOutput.java b/mixer/src/main/java/mixer/MixerOutput.java deleted file mode 100644 index c8efda6..0000000 --- a/mixer/src/main/java/mixer/MixerOutput.java +++ /dev/null @@ -1,106 +0,0 @@ -package mixer; - -import meerkat.protobuf.Crypto; -import meerkat.protobuf.Mixing; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; - - -/** - * Created by Tzlil on 1/18/2016. - */ -public class MixerOutput implements meerkat.crypto.mixnet.MixerOutput{ - private final Mixing.ZeroKnowledgeProof[][] proofs; - private final Crypto.RerandomizableEncryptedMessage[][] encryptedMessages; - private final int n; - private final int layers; - - public MixerOutput(int n,int layers,Mixing.ZeroKnowledgeProof[][] proofs, Crypto.RerandomizableEncryptedMessage[][] encryptedMessages) { - this.proofs = proofs; - this.encryptedMessages = encryptedMessages; - this.n = n; - this.layers = layers; - } - - public MixerOutput(meerkat.crypto.mixnet.MixerOutput mixerOutput) { - this.proofs = mixerOutput.getProofs(); - this.encryptedMessages = mixerOutput.getEncryptedMessages(); - this.n = mixerOutput.getN(); - this.layers = (int) (2 * Math.log(n) / Math.log(2)) - 1; // layers = 2logn -1; - } - - - @Override - public Mixing.ZeroKnowledgeProof[][] getProofs() { - return proofs; - } - - @Override - public Crypto.RerandomizableEncryptedMessage[][] getEncryptedMessages() { - return encryptedMessages; - } - - @Override - public int getN() { - return n; - } - - public void outToFile(String dir) throws IOException { - - (new File(dir)).mkdirs(); - //create files - String proofsDir = dir + "/Proofs"; - String encDir = dir + "/EncryptedMessages"; - (new File(proofsDir)).mkdir(); - (new File(encDir)).mkdir(); - for (int layer = 0; layer < layers; layer++){ - (new File(proofsDir +"/layer" + layer )).mkdir(); - (new File(encDir +"/layer" + layer )).mkdir(); - } - (new File(encDir +"/input")).mkdir(); - - - for (int layer = 0; layer < layers; layer++){ - for(int i = 0; i < proofs[layer].length; i ++){ - writeProofToFile(proofsDir,proofs[layer][i]); - } - } - - for (int layer = 0; layer <= layers; layer++){ - for(int i = 0; i < encryptedMessages[layer].length; i ++){ - writeEncToFile(encDir,layer - 1, i,encryptedMessages[layer][i]); - } - } - } - - private void writeProofToFile(String proofsDir, Mixing.ZeroKnowledgeProof proof) throws IOException { - Mixing.ZeroKnowledgeProof.Location location = proof.getLocation(); - int layer = location.getLayer(); - int i = location.getI(); - int j = location.getJ(); - String fileName = proofsDir+"/layer" + layer +"/" + i +"_" + j; - - File file = new File(fileName); - file.createNewFile(); - FileOutputStream fos = new FileOutputStream(file); - fos.write(proof.toByteArray()); - fos.close(); - } - - private void writeEncToFile(String encDir,int layer,int i, Crypto.RerandomizableEncryptedMessage enc) throws IOException { - - String fileName; - if(layer >= 0) - fileName = encDir+"/layer" + layer +"/" + i; - else - fileName = encDir+"/input/" + i; - - File file = new File(fileName); - file.createNewFile(); - FileOutputStream fos = new FileOutputStream(file); - fos.write(enc.toByteArray()); - fos.close(); - } -} diff --git a/mixer/src/main/java/mixer/RandomPermutation.java b/mixer/src/main/java/mixer/RandomPermutation.java deleted file mode 100644 index 900761b..0000000 --- a/mixer/src/main/java/mixer/RandomPermutation.java +++ /dev/null @@ -1,32 +0,0 @@ -package mixer; - -import java.util.ArrayList; -import java.util.List; -import java.util.Random; - -/** - * Created by Tzlil on 12/17/2015. - */ -class RandomPermutation { - - protected final int[] permutation; - - protected RandomPermutation(int n,Random random) - { - List numbers= new ArrayList(n); - for (int i = 0; i < n; i++) - { - numbers.add(i); - } - - int[] result = new int[n]; - int index; - for (int i = 0; i < n; i++) - { - index = random.nextInt(n - i); - result[i] = numbers.get(index); - numbers.remove(index); - } - permutation = result; - } -} diff --git a/mixer/src/main/java/mixer/Switch.java b/mixer/src/main/java/mixer/Switch.java deleted file mode 100644 index a7401ff..0000000 --- a/mixer/src/main/java/mixer/Switch.java +++ /dev/null @@ -1,28 +0,0 @@ -package mixer; - -/** - * Created by Tzlil on 12/15/2015. - */ -public class Switch{ - - public final int i, j, layer; - public final boolean value; - - public Switch(int i, int j, int layer, boolean value) { - this.i = i; - this.j = j; - this.layer = layer; - this.value = value; - } - - - @Override - public String toString() { - return "Switch{" + - "i=" + i + - ", j=" + j + - ", layer=" + layer + - ", value=" + value + - '}'; - } -} diff --git a/mixer/src/main/java/necessary/AsyncBulletinBoardClient.java b/mixer/src/main/java/necessary/AsyncBulletinBoardClient.java deleted file mode 100644 index 6dcc1f1..0000000 --- a/mixer/src/main/java/necessary/AsyncBulletinBoardClient.java +++ /dev/null @@ -1,78 +0,0 @@ -package necessary; - -import meerkat.protobuf.BulletinBoardAPI.*; - -import java.util.List; - -/** - * Created by Arbel Deutsch Peled on 14-Dec-15. - */ -public interface AsyncBulletinBoardClient extends BulletinBoardClient { - - public interface ClientCallback { - void handleCallback(T msg); - void handleFailure(Throwable t); - } - - public interface MessageHandler { - void handleNewMessages(List messageList); - } - - /** - * Post a message to the bulletin board in an asynchronous manner - * @param msg is the message to be posted - * @param callback is a class containing methods to handle the result of the operation - * @return a unique message ID for the message, that can be later used to retrieve the batch - */ - public MessageID postMessage(BulletinBoardMessage msg, ClientCallback callback); - - /** - * This method allows for sending large messages as a batch to the bulletin board - * @param signerId is the canonical form for the ID of the sender of this batch - * @param batchId is a unique (per signer) ID for this batch - * @param batchDataList is the (canonically ordered) list of data comprising the batch message - * @param startPosition is the location (in the batch) of the first entry in batchDataList (optionally used to continue interrupted post operations) - * @param callback is a callback function class for handling results of the operation - * @return a unique message ID for the entire message, that can be later used to retrieve the batch - */ - public MessageID postBatch(byte[] signerId, int batchId, List batchDataList, int startPosition, ClientCallback callback); - - /** - * Overloading of the postBatch method in which startPosition is set to the default value 0 - */ - public MessageID postBatch(byte[] signerId, int batchId, List batchDataList, ClientCallback callback); - - /** - * Check how "safe" a given message is in an asynchronous manner - * The result of the computation is a rank between 0.0 and 1.0 indicating the fraction of servers containing the message - * @param id is the unique message identifier for retrieval - * @param callback is a callback function class for handling results of the operation - */ - public void getRedundancy(MessageID id, ClientCallback callback); - - /** - * Read all messages posted matching the given filter in an asynchronous manner - * Note that if messages haven't been "fully posted", this might return a different - * set of messages in different calls. However, messages that are fully posted - * are guaranteed to be included. - * @param filterList return only messages that match the filters (null means no filtering). - * @param callback is a callback function class for handling results of the operation - */ - public void readMessages(MessageFilterList filterList, ClientCallback> callback); - - /** - * Read a given batch message from the bulletin board - * @param signerId is the ID of the signer (sender) of the batch message - * @param batchId is the unique (per signer) ID of the batch - * @param callback is a callback class for handling the result of the operation - */ - public void readBatch(byte[] signerId, int batchId, ClientCallback callback); - - /** - * Subscribes to a notifier that will return any new messages on the server that match the given filters - * @param filterList defines the set of filters for message retrieval - * @param messageHandler defines the handler for new messages received - */ - public void subscribe(MessageFilterList filterList, MessageHandler messageHandler); - -} diff --git a/mixer/src/main/java/necessary/BulletinBoardClient.java b/mixer/src/main/java/necessary/BulletinBoardClient.java deleted file mode 100644 index d8f9f28..0000000 --- a/mixer/src/main/java/necessary/BulletinBoardClient.java +++ /dev/null @@ -1,63 +0,0 @@ -package necessary; - -/** - * Created by Tzlil on 12/27/2015. - */ - - import meerkat.comm.CommunicationException; - import meerkat.protobuf.Voting.*; - - import static meerkat.protobuf.BulletinBoardAPI.*; - - import java.util.List; - -/** - * Created by talm on 24/10/15. - */ -public interface BulletinBoardClient { - - interface ClientCallback { - void handleCallback(T msg); - void handleFailure(Throwable t); - } - - /** - * Initialize the client to use some specified servers - * @param clientParams contains the parameters required for the client setup - */ - void init(BulletinBoardClientParams clientParams); - - /** - * Post a message to the bulletin board in a synchronous manner - * @param msg is the message to be posted - * @return a unique message ID for the message, that can be later used to retrieve the batch - * @throws CommunicationException - */ - MessageID postMessage(BulletinBoardMessage msg) throws CommunicationException; - - - - /** - * Check how "safe" a given message is in a synchronous manner - * @param id is the unique message identifier for retrieval - * @return a normalized "redundancy score" from 0 (local only) to 1 (fully published) - */ - float getRedundancy(MessageID id); - - /** - * Read all messages posted matching the given filter in a synchronous manner - * Note that if messages haven't been "fully posted", this might return a different - * set of messages in different calls. However, messages that are fully posted - * are guaranteed to be included. - * @param filterList return only messages that match the filters (null means no filtering). - * @return the list of messages - */ - List readMessages(MessageFilterList filterList); - - /** - * Closes all connections, if any. - * This is msgRecived in a synchronous (blocking) way. - */ - void close(); - -} diff --git a/mixer/src/main/java/necessary/CompleteBatch.java b/mixer/src/main/java/necessary/CompleteBatch.java deleted file mode 100644 index d108a7d..0000000 --- a/mixer/src/main/java/necessary/CompleteBatch.java +++ /dev/null @@ -1,68 +0,0 @@ -package necessary; - - - import meerkat.protobuf.BulletinBoardAPI.*; - import meerkat.protobuf.Crypto.*; - - import java.util.LinkedList; - import java.util.List; - -/** - * Created by Arbel Deutsch Peled on 14-Dec-15. - * - * A data structure for holding a complete batch message along with its signature - */ -public class CompleteBatch { - - private BeginBatchMessage beginBatchMessage; - private List batchDataList; - private Signature signature; - - public CompleteBatch() { - batchDataList = new LinkedList(); - } - - public CompleteBatch(BeginBatchMessage newBeginBatchMessage) { - this(); - beginBatchMessage = newBeginBatchMessage; - } - - public CompleteBatch(BeginBatchMessage newBeginBatchMessage, List newDataList) { - this(newBeginBatchMessage); - appendBatchData(newDataList); - } - - public CompleteBatch(BeginBatchMessage newBeginBatchMessage, List newDataList, Signature newSignature) { - this(newBeginBatchMessage, newDataList); - signature = newSignature; - } - - public BeginBatchMessage getBeginBatchMessage() { - return beginBatchMessage; - } - - public List getBatchDataList() { - return batchDataList; - } - - public Signature getSignature() { - return signature; - } - - public void setBeginBatchMessage(BeginBatchMessage beginBatchMessage) { - this.beginBatchMessage = beginBatchMessage; - } - - public void appendBatchData(BatchData newBatchData) { - batchDataList.add(newBatchData); - } - - public void appendBatchData(List newBatchDataList) { - batchDataList.addAll(newBatchDataList); - } - - public void setSignature(Signature newSignature) { - signature = newSignature; - } - -} diff --git a/mixer/src/main/java/prover/ElGamalProofOrganizer.java b/mixer/src/main/java/prover/ElGamalProofOrganizer.java deleted file mode 100644 index d37713b..0000000 --- a/mixer/src/main/java/prover/ElGamalProofOrganizer.java +++ /dev/null @@ -1,303 +0,0 @@ -package prover; - -import com.google.protobuf.ByteString; -import com.google.protobuf.InvalidProtocolBufferException; -import meerkat.crypto.concrete.ECElGamalEncryption; -import meerkat.protobuf.ConcreteCrypto; -import meerkat.protobuf.Crypto; -import org.bouncycastle.math.ec.ECPoint; -import org.factcenter.qilin.primitives.concrete.ECGroup; - -/** - * use for organize the input for each ZKP - * - * both prover and verifier implantation are using it - */ -public class ElGamalProofOrganizer { - - private final ECGroup group; - private final ECPoint g; - private final ECPoint h; - private final byte[] gEncoded; - private final byte[] hEncoded; - - /** - * @param group - * @param g - generator of group - * @param h - h = g ^ SecretKey - */ - public ElGamalProofOrganizer(ECGroup group, ECPoint g, ECPoint h){ - this.group = group; - this.g = g; - this.h = h; - this.gEncoded = group.encode(g); - this.hEncoded = group.encode(h); - } - - public enum OrProofOrder { - first, second, third, fourth - } - - public enum TrueCouple { - left, right, unknown - } - - /** - * can be used by prover only - * - * call to the main overload with flag = true - */ - protected ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 - , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2 - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched) throws InvalidProtocolBufferException { - - //boolean flag = true; - return createProofInput(in1,in2,out1,out2,r1,r2,switched,true); - } - - /** - * can be used by anyone, e.g verifier - * - * call to the main overload with flag = false - */ - public ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 - , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2) throws InvalidProtocolBufferException { - - // flag = false; - return createProofInput(in1,in2,out1,out2,null,null,false,false); - } - - /** - * inner method - * convert each encrypted message to ElGamalCiphertext - * - * @param flag - true if called by prover ( r1,r2,switched are known) - * @return ElGamalProofInput - * @throws InvalidProtocolBufferException - in case that at least one of the encrypted messages isn't - * ElGamalCiphertext - */ - private ElGamalProofInput createProofInput(Crypto.RerandomizableEncryptedMessage in1, Crypto.RerandomizableEncryptedMessage in2 - , Crypto.RerandomizableEncryptedMessage out1, Crypto.RerandomizableEncryptedMessage out2 - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched,boolean flag) - throws InvalidProtocolBufferException { - - //convert RerandomizableEncryptedMessage to ElGamalCiphertext - ConcreteCrypto.ElGamalCiphertext in1ElGamal = ECElGamalEncryption.RerandomizableEncryptedMessage2ElGamalCiphertext(in1); - ConcreteCrypto.ElGamalCiphertext in2ElGamal = ECElGamalEncryption.RerandomizableEncryptedMessage2ElGamalCiphertext(in2); - ConcreteCrypto.ElGamalCiphertext out1ElGamal = ECElGamalEncryption.RerandomizableEncryptedMessage2ElGamalCiphertext(out1); - ConcreteCrypto.ElGamalCiphertext out2ElGamal = ECElGamalEncryption.RerandomizableEncryptedMessage2ElGamalCiphertext(out2); - - if(flag) { - return new ElGamalProofInput(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal, r1, r2, switched); - }else { - return new ElGamalProofInput(in1ElGamal, in2ElGamal, out1ElGamal, out2ElGamal); - } - } - - - /** - * can be construct by instance of organizer only by calling createProofInput method (all constructors are private) - * - * in construction it use for preparing the input for prove, while avoiding double converting or calculations - * - * use as a container for 4 OrProofInput. - */ - public class ElGamalProofInput { - - private final OrProofInput first; - private final OrProofInput second; - private final OrProofInput third; - private final OrProofInput fourth; - - private ECPoint convert2ECPoint(ByteString bs){ - return group.decode(bs.toByteArray()); - } - - - /** - * @param flag - true if called by prover ( r1,r2,switched are known) - */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 - , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched,boolean flag){ - - ECPoint e1c1 = convert2ECPoint(e1.getC1()); - ECPoint e1c2 = convert2ECPoint(e1.getC2()); - ECPoint e2c1 = convert2ECPoint(e2.getC1()); - ECPoint e2c2 = convert2ECPoint(e2.getC2()); - ECPoint e1Nc1 = convert2ECPoint(e1New.getC1()); - ECPoint e1Nc2 = convert2ECPoint(e1New.getC2()); - ECPoint e2Nc1 = convert2ECPoint(e2New.getC1()); - ECPoint e2Nc2 = convert2ECPoint(e2New.getC2()); - - ECPoint c1_e1NDive1 = group.add(e1Nc1, group.negate(e1c1)); - ECPoint c1_e2NDive1 = group.add(e2Nc1, group.negate(e1c1)); - ECPoint c1_e1NDive2 = group.add(e1Nc1, group.negate(e2c1)); - ECPoint c1_e2NDive2 = group.add(e2Nc1, group.negate(e2c1)); - - ECPoint c2_e1NDive1 = group.add(e1Nc2, group.negate(e1c2)); - ECPoint c2_e2NDive1 = group.add(e2Nc2, group.negate(e1c2)); - ECPoint c2_e1NDive2 = group.add(e1Nc2, group.negate(e2c2)); - ECPoint c2_e2NDive2 = group.add(e2Nc2, group.negate(e2c2)); - - - if(!flag){ - - this.first = new OrProofInput(c1_e1NDive1,c2_e1NDive1,c1_e1NDive2,c2_e1NDive2); - this.second = new OrProofInput(c1_e1NDive1,c2_e1NDive1,c1_e2NDive1,c2_e2NDive1); - this.third = new OrProofInput(c1_e1NDive2,c2_e1NDive2,c1_e2NDive2,c2_e2NDive2); - this.fourth = new OrProofInput(c1_e2NDive1,c2_e2NDive1,c1_e2NDive2,c2_e2NDive2); - - }else { - - byte[] c1_e1NDive1Encoded = group.encode(c1_e1NDive1); - byte[] c1_e2NDive1Encoded = group.encode(c1_e2NDive1); - byte[] c1_e1NDive2Encoded = group.encode(c1_e1NDive2); - byte[] c1_e2NDive2Encoded = group.encode(c1_e2NDive2); - byte[] c2_e1NDive1Encoded = group.encode(c2_e1NDive1); - byte[] c2_e2NDive1Encoded = group.encode(c2_e2NDive1); - byte[] c2_e1NDive2Encoded = group.encode(c2_e1NDive2); - byte[] c2_e2NDive2Encoded = group.encode(c2_e2NDive2); - - - if (!switched) { - this.first = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 - , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e1NDive2Encoded, c2_e1NDive2Encoded - , r1, TrueCouple.left); - this.second = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 - , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e2NDive1Encoded, c2_e2NDive1Encoded - , r1, TrueCouple.left); - this.third = new OrProofInput(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 - , c1_e1NDive2Encoded, c2_e1NDive2Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded - , r2, TrueCouple.right); - this.fourth = new OrProofInput(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 - , c1_e2NDive1Encoded, c2_e2NDive1Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded - , r2, TrueCouple.right); - } else { - this.first = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e1NDive2, c2_e1NDive2 - , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e1NDive2Encoded, c2_e1NDive2Encoded - , r2, TrueCouple.right); - this.second = new OrProofInput(c1_e1NDive1, c2_e1NDive1, c1_e2NDive1, c2_e2NDive1 - , c1_e1NDive1Encoded, c2_e1NDive1Encoded, c1_e2NDive1Encoded, c2_e2NDive1Encoded - , r1, TrueCouple.right); - this.third = new OrProofInput(c1_e1NDive2, c2_e1NDive2, c1_e2NDive2, c2_e2NDive2 - , c1_e1NDive2Encoded, c2_e1NDive2Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded - , r2, TrueCouple.left); - this.fourth = new OrProofInput(c1_e2NDive1, c2_e2NDive1, c1_e2NDive2, c2_e2NDive2 - , c1_e2NDive1Encoded, c2_e2NDive1Encoded, c1_e2NDive2Encoded, c2_e2NDive2Encoded - , r1, TrueCouple.left); - } - } - } - - - /** - * used by the prover - * call to the main constructor with flag = true - */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 - , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New - , Crypto.EncryptionRandomness r1, Crypto.EncryptionRandomness r2, boolean switched){ - //flag = true; - this(e1,e2,e1New,e2New,r1,r2,switched,true); - } - - /** - * used by prover - * call to the main constructor with flag = true - */ - private ElGamalProofInput(ConcreteCrypto.ElGamalCiphertext e1, ConcreteCrypto.ElGamalCiphertext e2 - , ConcreteCrypto.ElGamalCiphertext e1New, ConcreteCrypto.ElGamalCiphertext e2New){ - //flag = false; - this(e1,e2,e1New,e2New,null,null,false,false); - } - - /** - * getter for all 4 OrProofInputs - * - * @param orProofOrder - * @return the required OrProof - */ - public OrProofInput getOrProofInput(OrProofOrder orProofOrder) { - switch (orProofOrder) { - - case first: - return this.first; - case second: - return this.second; - case third: - return this.third; - case fourth: - return this.fourth; - } - return null; - } - } - - - /** - * can't be constructed (all constructors are private) - * - * 4 instances will be constructed for each new ElGamalProofInput - * - * container for all necessary inputs for single OrProof - */ - public class OrProofInput{ - public final ECPoint g1; - public final ECPoint h1; - public final ECPoint g2; - public final ECPoint h2; - public final ECPoint g1Tag; - public final ECPoint h1Tag; - public final ECPoint g2Tag; - public final ECPoint h2Tag; - - // can be access by prover only - protected final byte[] g1Encoded; - protected final byte[] h1Encoded; - protected final byte[] g2Encoded; - protected final byte[] h2Encoded; - protected final byte[] g1TagEncoded; - protected final byte[] h1TagEncoded; - protected final byte[] g2TagEncoded; - protected final byte[] h2TagEncoded; - protected final Crypto.EncryptionRandomness x; - protected final TrueCouple flag; - - /** - * used by prover only - */ - private OrProofInput(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag - ,byte[] h1Encoded, byte[] h2Encoded, byte[] h1TagEncoded, byte[] h2TagEncoded - , Crypto.EncryptionRandomness x, TrueCouple flag) { - this.g1 = g; - this.h1 = h1; - this.g2 = h; - this.h2 = h2; - this.g1Tag = g; - this.h1Tag = h1Tag; - this.g2Tag = h; - this.h2Tag = h2Tag; - - this.g1Encoded = gEncoded; - this.h1Encoded = h1Encoded; - this.g2Encoded = hEncoded; - this.h2Encoded = h2Encoded; - this.g1TagEncoded = gEncoded; - this.h1TagEncoded = h1TagEncoded; - this.g2TagEncoded = hEncoded; - this.h2TagEncoded = h2TagEncoded; - - this.x = x; - this.flag = flag; - - } - - /** - * use by verifier - */ - private OrProofInput(ECPoint h1, ECPoint h2, ECPoint h1Tag, ECPoint h2Tag) { - this(h1,h2,h1Tag,h2Tag,null,null,null,null,null,TrueCouple.unknown); - } - } -} diff --git a/mixer/src/main/java/prover/Prover.java b/mixer/src/main/java/prover/Prover.java deleted file mode 100644 index 90fdb75..0000000 --- a/mixer/src/main/java/prover/Prover.java +++ /dev/null @@ -1,215 +0,0 @@ -package prover; - -import com.google.protobuf.ByteString; -import com.google.protobuf.InvalidProtocolBufferException; -import meerkat.crypto.concrete.ECElGamalEncryption; -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; -import meerkat.protobuf.Crypto; -import meerkat.protobuf.Mixing; -import org.bouncycastle.math.ec.ECPoint; -import org.factcenter.qilin.primitives.RandomOracle; -import org.factcenter.qilin.primitives.concrete.ECGroup; - -import java.math.BigInteger; -import java.util.Random; - - -/** - * implements of Mix2ZeroKnowledgeProver interface - * this implantation assumes that each RerandomizableEncryptedMessage is ElGamalCiphertext - */ -public class Prover implements Mix2ZeroKnowledgeProver { - - private final ECGroup group; - private final RandomOracle randomOracle; - private final Random rand; - private final ECElGamalEncryption encryptor; - private final ECPoint g,h; - private final BigInteger groupOrderUpperBound; - private final ElGamalProofOrganizer organizer; - - /** - * @param rand - * @param encryptor - * @param randomOracle - use for Fiat–Shamir heuristic - */ - public Prover(Random rand,ECElGamalEncryption encryptor,RandomOracle randomOracle) { - - this.rand = rand; - this.encryptor = encryptor; - this.randomOracle = randomOracle; - this.group = this.encryptor.getGroup(); - this.g = group.getGenerator(); - this.h = this.encryptor.getElGamalPK().getPK(); - this.organizer = new ElGamalProofOrganizer(group,g,h); - this.groupOrderUpperBound = group.orderUpperBound(); - } - - /** - * @param in1 - * @param in2 - * @param out1 - if sw then out1 = rerandomize(in2,r2) else out1 = rerandomize(in1,r1) - * @param out2 - if sw then out2 = rerandomize(in1,r1) else out1 = rerandomize(in2,r2) - * @param sw - flag - * @param i - column of in1 and out1 in encryption table - * @param j - column of in2 and out2 in encryption table - * @param layer - row of in1,in2 in encryption table - * @param r1 - * @param r2 - * @return - a valid ZKP that indeed out1,out2 calculated as required - * @throws InvalidProtocolBufferException - */ - public Mixing.ZeroKnowledgeProof prove(Crypto.RerandomizableEncryptedMessage in1, - Crypto.RerandomizableEncryptedMessage in2, - Crypto.RerandomizableEncryptedMessage out1, - Crypto.RerandomizableEncryptedMessage out2, - boolean sw,int i,int j, int layer, - Crypto.EncryptionRandomness r1, - Crypto.EncryptionRandomness r2) throws InvalidProtocolBufferException { - Mixing.ZeroKnowledgeProof.OrProof first,second,third,fourth; - - ElGamalProofOrganizer.ElGamalProofInput input = organizer.createProofInput(in1,in2,out1,out2,r1,r2,sw); - - first = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.first)); - second = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.second)); - third = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.third)); - fourth = createOrProofElGamal(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.fourth)); - - Mixing.ZeroKnowledgeProof.Location location = Mixing.ZeroKnowledgeProof.Location.newBuilder() - .setI(i) - .setJ(j) - .setLayer(layer) - .build(); - - Mixing.ZeroKnowledgeProof result = Mixing.ZeroKnowledgeProof.newBuilder() - .setFirst(first) - .setSecond(second) - .setThird(third) - .setFourth(fourth) - .setLocation(location) - .build(); - return result; - } - - - /** - * Fiat–Shamir heuristic - * @param input - protobuf contains all parameters from the first step of the current prove - * @return randomOracle.hash(input) - */ - private BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input) { - byte[] arr = input.toByteArray(); - return new BigInteger(1,this.randomOracle.hash(arr,arr.length)); - } - - - /** - * @param orProofInput - * @return ZKP OrProof: there exists x s.t (g1 ^ x == h1 and g2 ^ x == h2) or (g1' ^ x == h1 and g2' ^ x == h2) - * assuming DLog is hard in this.group then that proves x is known for the prover - */ - private Mixing.ZeroKnowledgeProof.OrProof createOrProofElGamal(ElGamalProofOrganizer.OrProofInput orProofInput) { - - ECPoint g1 = orProofInput.g1; - ECPoint h1 = orProofInput.h1; - ECPoint g2 = orProofInput.g2; - ECPoint h2 = orProofInput.h2; - - ECPoint g1Tag = orProofInput.g1Tag; - ECPoint h1Tag = orProofInput.h1Tag; - ECPoint g2Tag = orProofInput.g2Tag; - ECPoint h2Tag = orProofInput.h2Tag; - - BigInteger r = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); - BigInteger c1,c2,z,zTag; - ECPoint u,v,uTag,vTag; - Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle; - - - switch (orProofInput.flag) { - case left: - c2 = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); - zTag = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); - //step 1 - u = group.multiply(g1, r); - v = group.multiply(g2, r); - uTag = group.add(group.multiply(g1Tag, zTag), group.negate(group.multiply(h1Tag, c2))); - vTag = group.add(group.multiply(g2Tag, zTag), group.negate(group.multiply(h2Tag, c2))); - //step 2 - // c1 = (hash(input + step1) + group size - c2)% group size - forRandomOracle = - Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() - .setG1(ByteString.copyFrom(orProofInput.g1Encoded)) - .setH1(ByteString.copyFrom(orProofInput.h1Encoded)) - .setG2(ByteString.copyFrom(orProofInput.g2Encoded)) - .setH2(ByteString.copyFrom(orProofInput.h2Encoded)) - .setG1Tag(ByteString.copyFrom(orProofInput.g1TagEncoded)) - .setH1Tag(ByteString.copyFrom(orProofInput.h1TagEncoded)) - .setG2Tag(ByteString.copyFrom(orProofInput.g2TagEncoded)) - .setH2Tag(ByteString.copyFrom(orProofInput.h2TagEncoded)) - .setU(ByteString.copyFrom(group.encode(u))) - .setV(ByteString.copyFrom(group.encode(v))) - .setUTag(ByteString.copyFrom(group.encode(uTag))) - .setVTag(ByteString.copyFrom(group.encode(vTag))) - .build(); - c1 = hash(forRandomOracle).add(group.orderUpperBound().subtract(c2)).mod(groupOrderUpperBound); - //step 3 - //z = (r + c1 * x) % group size; - z = r.add(c1.multiply(encryptor.extractRandomness(orProofInput.x))).mod(groupOrderUpperBound); - break; - case right: - c1 = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); - z = encryptor.extractRandomness(encryptor.generateRandomness(rand)).mod(groupOrderUpperBound); - //step 1 - uTag = group.multiply(g1Tag, r); - vTag = group.multiply(g2Tag, r); - u = group.add(group.multiply(g1, z), group.negate(group.multiply(h1, c1))); - v = group.add(group.multiply(g2, z), group.negate(group.multiply(h2, c1))); - //step 2 - // c1 = (hash(input + step1) + group size - c1)% group size - forRandomOracle = - Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() - .setG1(ByteString.copyFrom(orProofInput.g1Encoded)) - .setH1(ByteString.copyFrom(orProofInput.h1Encoded)) - .setG2(ByteString.copyFrom(orProofInput.g2Encoded)) - .setH2(ByteString.copyFrom(orProofInput.h2Encoded)) - .setG1Tag(ByteString.copyFrom(orProofInput.g1TagEncoded)) - .setH1Tag(ByteString.copyFrom(orProofInput.h1TagEncoded)) - .setG2Tag(ByteString.copyFrom(orProofInput.g2TagEncoded)) - .setH2Tag(ByteString.copyFrom(orProofInput.h2TagEncoded)) - .setU(ByteString.copyFrom(group.encode(u))) - .setV(ByteString.copyFrom(group.encode(v))) - .setUTag(ByteString.copyFrom(group.encode(uTag))) - .setVTag(ByteString.copyFrom(group.encode(vTag))) - .build(); - c2 = hash(forRandomOracle).add(group.orderUpperBound().subtract(c1)).mod(groupOrderUpperBound); - //step 3 - //zTag = (r + c2 * x) % group size; - zTag = r.add(c2.multiply(encryptor.extractRandomness(orProofInput.x))).mod(groupOrderUpperBound); - break; - default: - return null; - } - - - return Mixing.ZeroKnowledgeProof.OrProof.newBuilder() - .setG1(forRandomOracle.getG1()) - .setH1(forRandomOracle.getH1()) - .setG2(forRandomOracle.getG2()) - .setH2(forRandomOracle.getH2()) - .setG1Tag(forRandomOracle.getG1()) - .setH1Tag(forRandomOracle.getH1Tag()) - .setG2Tag(forRandomOracle.getG2Tag()) - .setH2Tag(forRandomOracle.getH2Tag()) - .setU(forRandomOracle.getU()) - .setV(forRandomOracle.getV()) - .setUTag(forRandomOracle.getUTag()) - .setVTag(forRandomOracle.getVTag()) - .setC1(ByteString.copyFrom(c1.toByteArray())) - .setC2(ByteString.copyFrom(c2.toByteArray())) - .setZ(ByteString.copyFrom(z.toByteArray())) - .setZTag(ByteString.copyFrom(zTag.toByteArray())) - .build(); - } -} - diff --git a/mixer/src/main/java/verifier/Verifier.java b/mixer/src/main/java/verifier/Verifier.java deleted file mode 100644 index 21c9520..0000000 --- a/mixer/src/main/java/verifier/Verifier.java +++ /dev/null @@ -1,121 +0,0 @@ -package verifier; - -import com.google.protobuf.InvalidProtocolBufferException; -import meerkat.crypto.concrete.ECElGamalEncryption; -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.protobuf.Crypto; -import meerkat.protobuf.Mixing; -import org.bouncycastle.math.ec.ECPoint; -import prover.ElGamalProofOrganizer; -import org.factcenter.qilin.primitives.RandomOracle; -import org.factcenter.qilin.primitives.concrete.ECGroup; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.List; - - -public class Verifier implements Mix2ZeroKnowledgeVerifier { - - - private final ECGroup group; - private final RandomOracle randomOracle; - private final ECElGamalEncryption encryptor; - private final ECPoint g,h; - private final ElGamalProofOrganizer organizer; - private final ZeroKnowledgeOrProofParser parser; - - public Verifier(ECElGamalEncryption encryptor, RandomOracle randomOracle) { - this.encryptor = encryptor; - this.group = encryptor.getGroup(); - this.g = group.getGenerator(); - this.h = encryptor.getElGamalPK().getPK(); - this.randomOracle = randomOracle; - this.organizer = new ElGamalProofOrganizer(group,g,h); - this.parser = new ZeroKnowledgeOrProofParser(group); - } - - public BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input) { - byte[] arr = input.toByteArray(); - return new BigInteger(1,this.randomOracle.hash(arr,arr.length)); - } - /** - * @return true iff the proof is valid - */ - public boolean verify(Crypto.RerandomizableEncryptedMessage in1, - Crypto.RerandomizableEncryptedMessage in2, - Crypto.RerandomizableEncryptedMessage out1, - Crypto.RerandomizableEncryptedMessage out2, - Mixing.ZeroKnowledgeProof proof) throws InvalidProtocolBufferException { - ElGamalProofOrganizer.ElGamalProofInput input = organizer.createProofInput(in1,in2,out1,out2); - return verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.first), proof.getFirst())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.second), proof.getSecond())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.third), proof.getThird())&& - verifyElGamaOrProof(input.getOrProofInput(ElGamalProofOrganizer.OrProofOrder.fourth), proof.getFourth()); - - } - - - - public boolean verifyElGamaOrProof(ElGamalProofOrganizer.OrProofInput orProofInput, - Mixing.ZeroKnowledgeProof.OrProof orProof) { - - ZeroKnowledgeOrProofParser.ZeroKnowledgeOrProofContainer container = parser.parseOrProof(orProof); - List conditions = createConditionsList(orProofInput,container); - boolean result = true; - for (Condition condition: conditions) { //temporary - if(!condition.test()){ - if (result){ - result = false; - System.out.print("\n\n\n"); - } - System.out.println(condition.errorDescription); - } - } - return result; - } - - - private List createConditionsList(ElGamalProofOrganizer.OrProofInput orProofInput - ,ZeroKnowledgeOrProofParser.ZeroKnowledgeOrProofContainer container){ - List conditions = new ArrayList(); - conditions.add(new Condition( container.g1,orProofInput.g1,"g1 != g")); - conditions.add(new Condition( container.h1,orProofInput.h1,"h1 != e1New.c1/e1.c1")); - conditions.add(new Condition( container.g2,orProofInput.g2,"g2 != h")); - conditions.add(new Condition( container.h2,orProofInput.h2,"h2 != e1New.c2/e1.c2")); - conditions.add(new Condition( container.g1Tag,orProofInput.g1Tag,"g1Tag != g")); - conditions.add(new Condition( container.h1Tag,orProofInput.h1Tag,"h1Tag != e2New.c1/e2.c1")); - conditions.add(new Condition( container.g2Tag,orProofInput.g2Tag,"g2Tag != h")); - conditions.add(new Condition( container.h2Tag,orProofInput.h2Tag,"h2Tag != e2New.c2/e2.c2")); - conditions.add(new Condition(container.c1.add(container.c2).mod(group.orderUpperBound()), - hash(container.forRandomOracle).mod(group.orderUpperBound()).mod(group.orderUpperBound()), - "(c1 + c2 ) % group size == hash (imput + step1) % group size")); - conditions.add(new Condition( group.multiply(container.g1, container.z), - group.add(container.u, group.multiply(container.h1,container.c1)),"g1 ^ z != u * ( h1 ^ c1 )")); - conditions.add(new Condition( group.multiply(container.g2, container.z), - group.add(container.v, group.multiply(container.h2,container.c1)),"g2 ^ z != v * ( h2 ^ c1 )")); - conditions.add(new Condition( group.multiply(container.g1Tag, container.zTag), - group.add(container.uTag, group.multiply(container.h1Tag,container.c2)) - ,"g1Tag ^ zTag != uTag * ( h1Tag ^ c2 )")); - conditions.add(new Condition( group.multiply(container.g2Tag, container.zTag), - group.add(container.vTag, group.multiply(container.h2Tag,container.c2)) - ,"g2Tag ^ zTag != vTag * ( h2Tag ^ c2 )")); - return conditions; - } - - private class Condition{ - - T given, expected; - String errorDescription; - - Condition(T given,T expected,String description){ - this.given = given; - this.errorDescription = description; - this.expected = expected; - } - - boolean test(){ - return given.equals(expected); - } - } -} diff --git a/mixer/src/main/java/verifier/VerifyTable.java b/mixer/src/main/java/verifier/VerifyTable.java deleted file mode 100644 index ebf203c..0000000 --- a/mixer/src/main/java/verifier/VerifyTable.java +++ /dev/null @@ -1,88 +0,0 @@ -package verifier; - -import com.google.protobuf.InvalidProtocolBufferException; -import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; -import meerkat.crypto.mixnet.MixerOutput; -import meerkat.protobuf.Crypto; -import meerkat.protobuf.Mixing; - -import java.util.Arrays; - -/** - * Created by Tzlil on 12/30/2015. - */ -public final class VerifyTable { - - public static boolean verifyTable(Mix2ZeroKnowledgeVerifier verifier,int n,MixerOutput mixerOutput) - throws InvalidProtocolBufferException { - int index1,index2,layer; - - //assert n = 2^k - if ( (n &(n-1)) != 0) - throw new IllegalArgumentException("n"); - - int layers = 2*(int)(Math.log(n) / Math.log(2)) - 1; - //initialize locationChecksum table - // use for check BeneshNet validity - boolean[][] locationChecksum = new boolean[layers][n]; - for (boolean[] locationChecksumLayer: locationChecksum) { - Arrays.fill(locationChecksumLayer,false); - } - - Mixing.ZeroKnowledgeProof[][] zeroKnowledgeProofs = mixerOutput.getProofs(); - Crypto.RerandomizableEncryptedMessage[][] rerandomizableEncryptedMessages = mixerOutput.getEncryptedMessages(); - - for (int i = 0; i < zeroKnowledgeProofs.length ; i++){ - for (int j = 0; j < zeroKnowledgeProofs[i].length ; j ++){ - Mixing.ZeroKnowledgeProof zkp = zeroKnowledgeProofs[i][j]; - if(zkp == null){ - int ttt = 1; - ttt++; - } - Mixing.ZeroKnowledgeProof.Location location = zkp.getLocation(); - index1 = location.getI(); - index2 = location.getJ(); - layer = location.getLayer(); - - // check location validity - if (layer > layers >> 1) { - if (index2 - index1 != n >> (layers - layer)) - return false; - } - else{ - if (index2 - index1 != n >> (layer + 1)) - return false; - } - - // mark location in table - locationChecksum[layer][index1] = true; - locationChecksum[layer][index2] = true; - - // verify proof - if(!verifier.verify(rerandomizableEncryptedMessages[layer][index1], - rerandomizableEncryptedMessages[layer][index2], - rerandomizableEncryptedMessages[layer + 1][index1], - rerandomizableEncryptedMessages[layer + 1][index2], - zkp)) { - - verifier.verify(rerandomizableEncryptedMessages[layer][index1], - rerandomizableEncryptedMessages[layer][index2], - rerandomizableEncryptedMessages[layer + 1][index1], - rerandomizableEncryptedMessages[layer + 1][index2], - zkp); - System.out.print("\n\n\nlayer " + layer + " i , j " + index1 + " , " + index2 + "\n\n\n"); - return false; - } - } - } - - // verify all necessary locations for BeneshNet were proved - for (boolean[] checksumLayer: locationChecksum) { - for (boolean locationBoolean: checksumLayer) { - if (!locationBoolean) - return false; - } - } - return true; - } -} diff --git a/mixer/src/main/java/verifier/ZeroKnowledgeOrProofParser.java b/mixer/src/main/java/verifier/ZeroKnowledgeOrProofParser.java deleted file mode 100644 index e0695bc..0000000 --- a/mixer/src/main/java/verifier/ZeroKnowledgeOrProofParser.java +++ /dev/null @@ -1,69 +0,0 @@ -package verifier; - -import com.google.protobuf.ByteString; -import meerkat.protobuf.Mixing; -import org.bouncycastle.math.ec.ECPoint; -import org.factcenter.qilin.primitives.concrete.ECGroup; - -import java.math.BigInteger; - -/** - * Created by Tzlil on 1/25/2016. - */ -public class ZeroKnowledgeOrProofParser { - - private final ECGroup group; - public ZeroKnowledgeOrProofParser(ECGroup group) { - this.group = group; - } - - public ECPoint convert2ECPoint(ByteString bs){ - return group.decode(bs.toByteArray()); - } - - public ZeroKnowledgeOrProofContainer parseOrProof(Mixing.ZeroKnowledgeProof.OrProof orProof){ - return new ZeroKnowledgeOrProofContainer(orProof); - } - - public class ZeroKnowledgeOrProofContainer{ - public final ECPoint g1,g2,h1,h2; - public final ECPoint g1Tag,g2Tag,h1Tag,h2Tag; - public final ECPoint u,v,uTag,vTag; - public final BigInteger c1,c2,z,zTag; - public final Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle; - - private ZeroKnowledgeOrProofContainer(Mixing.ZeroKnowledgeProof.OrProof orProof){ - this.forRandomOracle = - Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() - .setG1(orProof.getG1()) - .setH1(orProof.getH1()) - .setG2(orProof.getG2()) - .setH2(orProof.getH2()) - .setG1Tag(orProof.getG1Tag()) - .setH1Tag(orProof.getH1Tag()) - .setG2Tag(orProof.getG2Tag()) - .setH2Tag(orProof.getH2Tag()) - .setU(orProof.getU()) - .setV(orProof.getV()) - .setUTag(orProof.getUTag()) - .setVTag(orProof.getVTag()) - .build(); - this.g1 = convert2ECPoint(orProof.getG1()); - this.g2 = convert2ECPoint(orProof.getG2()); - this.h1 = convert2ECPoint(orProof.getH1()); - this.h2 = convert2ECPoint(orProof.getH2()); - this.g1Tag = convert2ECPoint(orProof.getG1Tag()); - this.g2Tag = convert2ECPoint(orProof.getG2Tag()); - this.h1Tag = convert2ECPoint(orProof.getH1Tag()); - this.h2Tag = convert2ECPoint(orProof.getH2Tag()); - this.u = convert2ECPoint(orProof.getU()); - this.v = convert2ECPoint(orProof.getV()); - this.uTag = convert2ECPoint(orProof.getUTag()); - this.vTag = convert2ECPoint(orProof.getVTag()); - this.c1 = new BigInteger(orProof.getC1().toByteArray()); - this.c2 = new BigInteger(orProof.getC2().toByteArray()); - this.z = new BigInteger(orProof.getZ().toByteArray()); - this.zTag = new BigInteger(orProof.getZTag().toByteArray()); - } - } -} diff --git a/mixer/src/test/java/mixer/CreateTestVector.java b/mixer/src/test/java/meerkat/mixer/CreateTestVector.java similarity index 97% rename from mixer/src/test/java/mixer/CreateTestVector.java rename to mixer/src/test/java/meerkat/mixer/CreateTestVector.java index ed43995..69a1637 100644 --- a/mixer/src/test/java/mixer/CreateTestVector.java +++ b/mixer/src/test/java/meerkat/mixer/CreateTestVector.java @@ -1,10 +1,13 @@ -package mixer; +package meerkat.mixer; import meerkat.crypto.concrete.ECElGamalEncryption; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeProver; import meerkat.crypto.mixnet.Mix2ZeroKnowledgeVerifier; import meerkat.protobuf.Crypto; import meerkat.protobuf.Voting; +import mixer.Mixer; +import mixer.MixerOutput; +import mixer.Utils; import org.factcenter.qilin.primitives.RandomOracle; import org.factcenter.qilin.primitives.concrete.DigestOracle; import org.factcenter.qilin.primitives.concrete.ECElGamal; diff --git a/mixer/src/test/java/mixer/MixNetworkTest.java b/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java similarity index 97% rename from mixer/src/test/java/mixer/MixNetworkTest.java rename to mixer/src/test/java/meerkat/mixer/MixNetworkTest.java index d5faed5..7755fd4 100644 --- a/mixer/src/test/java/mixer/MixNetworkTest.java +++ b/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; /** * Created by Tzlil on 12/17/2015. diff --git a/mixer/src/test/java/mixer/MixingTest.java b/mixer/src/test/java/meerkat/mixer/MixingTest.java similarity index 99% rename from mixer/src/test/java/mixer/MixingTest.java rename to mixer/src/test/java/meerkat/mixer/MixingTest.java index 63f6426..626060f 100644 --- a/mixer/src/test/java/mixer/MixingTest.java +++ b/mixer/src/test/java/meerkat/mixer/MixingTest.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; /** * Created by Tzlil on 12/30/2015. diff --git a/mixer/src/test/java/mixer/RerandomizeTest.java b/mixer/src/test/java/meerkat/mixer/RerandomizeTest.java similarity index 99% rename from mixer/src/test/java/mixer/RerandomizeTest.java rename to mixer/src/test/java/meerkat/mixer/RerandomizeTest.java index 034e311..7f1175c 100644 --- a/mixer/src/test/java/mixer/RerandomizeTest.java +++ b/mixer/src/test/java/meerkat/mixer/RerandomizeTest.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; diff --git a/mixer/src/test/java/mixer/SimpleRerandomizeTest.java b/mixer/src/test/java/meerkat/mixer/SimpleRerandomizeTest.java similarity index 99% rename from mixer/src/test/java/mixer/SimpleRerandomizeTest.java rename to mixer/src/test/java/meerkat/mixer/SimpleRerandomizeTest.java index 34df02b..27e4d2d 100644 --- a/mixer/src/test/java/mixer/SimpleRerandomizeTest.java +++ b/mixer/src/test/java/meerkat/mixer/SimpleRerandomizeTest.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; import org.bouncycastle.math.ec.ECPoint; import org.factcenter.qilin.primitives.concrete.ECGroup; diff --git a/mixer/src/test/java/mixer/Utils.java b/mixer/src/test/java/meerkat/mixer/Utils.java similarity index 99% rename from mixer/src/test/java/mixer/Utils.java rename to mixer/src/test/java/meerkat/mixer/Utils.java index 78e789e..38ed3cc 100644 --- a/mixer/src/test/java/mixer/Utils.java +++ b/mixer/src/test/java/meerkat/mixer/Utils.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; import com.google.protobuf.ByteString; import com.google.protobuf.GeneratedMessage; diff --git a/mixer/src/test/java/mixer/ZeroKnowledgeProofTest.java b/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java similarity index 99% rename from mixer/src/test/java/mixer/ZeroKnowledgeProofTest.java rename to mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java index 413fbc8..a87d043 100644 --- a/mixer/src/test/java/mixer/ZeroKnowledgeProofTest.java +++ b/mixer/src/test/java/meerkat/mixer/ZeroKnowledgeProofTest.java @@ -1,4 +1,4 @@ -package mixer; +package meerkat.mixer; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException;