diff --git a/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProtocols.java b/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProtocols.java index bfebbc8..f14ae3d 100644 --- a/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProtocols.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/ECElGamalMixProtocols.java @@ -3,6 +3,7 @@ package meerkat.mixer.proofs; import meerkat.crypto.concrete.ECElGamalEncryption; import meerkat.crypto.concrete.Util; import meerkat.protobuf.ConcreteCrypto.GroupElement; +import meerkat.protobuf.Mixing; import meerkat.protobuf.Mixing.Mix2Proof.AndProof; import meerkat.protobuf.Mixing.Mix2Proof.DlogProof; import org.bouncycastle.math.ec.ECPoint; @@ -165,7 +166,7 @@ public class ECElGamalMixProtocols { } } - public class Mix2Prover extends SigmaProtocolOr2.Prover { + public class Mix2Prover extends SigmaProtocolOr2.Prover { public Mix2Prover(ECElGamalMixParams.Mix2Statement statement, ECElGamalMixParams.Mix2StatementWitness witness) { super(ProtobufConcatenators.concatMix1, ProtobufConcatenators.concatMix2, ECElGamalMixProtocols.this.challengeGenerator, new AndStatementProver(statement.clauses[witness.trueClauseIndex], witness.witness), @@ -174,7 +175,7 @@ public class ECElGamalMixProtocols { } } - public class Mix2Verifier extends SigmaProtocolOr2.Verifier { + public class Mix2Verifier extends SigmaProtocolOr2.Verifier { public Mix2Verifier(ECElGamalMixParams.Mix2Statement statement) { super(ProtobufConcatenators.concatMix1, ProtobufConcatenators.concatMix2, ECElGamalMixProtocols.this.challengeGenerator, new AndStatementVerifier(statement.clauses[0]), new AndStatementVerifier(statement.clauses[1])); diff --git a/mixer/src/main/java/meerkat/mixer/proofs/Prover.java b/mixer/src/main/java/meerkat/mixer/proofs/Prover.java index 9a8a2f3..9fd2662 100644 --- a/mixer/src/main/java/meerkat/mixer/proofs/Prover.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/Prover.java @@ -77,7 +77,11 @@ public class Prover implements Mix2ZeroKnowledgeProver { ECElGamalMixProtocols.Mix2Prover prover = mixProtocols.new Mix2Prover(statement, witness); - return mix2NIZK.generateNizk(prover); + Mixing.Mix2Proof.Location location = Mixing.Mix2Proof.Location.newBuilder() + .setI(i) + .setJ(j) + .setLayer(layer).build(); + return mix2NIZK.generateNizk(prover).toBuilder().setLocation(location).build(); // Mixing.Mix2Proof first,second,third,fourth; // diff --git a/mixer/src/main/java/meerkat/mixer/proofs/SigmaProtocolOr2.java b/mixer/src/main/java/meerkat/mixer/proofs/SigmaProtocolOr2.java index cf2c4ff..178c89e 100644 --- a/mixer/src/main/java/meerkat/mixer/proofs/SigmaProtocolOr2.java +++ b/mixer/src/main/java/meerkat/mixer/proofs/SigmaProtocolOr2.java @@ -106,4 +106,45 @@ public class SigmaProtocolOr2 { } } + static public class Simulator + implements SigmaProtocol.Simulator { + final Concatenator.Pair firstMessageConcatenator; + final Concatenator.Triplet finalMessageConcatenator; + + final ChallengeGenerator challengeGenerator; + + final SigmaProtocol.Simulator[] simulators; + + + BigInteger simChallenge0; + + + public Simulator(Concatenator.Pair firstMessageConcatenator, + Concatenator.Triplet finalMessageConcatenator, + ChallengeGenerator challengeGenerator, SigmaProtocol.Simulator... simulators) { + this.firstMessageConcatenator = firstMessageConcatenator; + this.finalMessageConcatenator = finalMessageConcatenator; + this.challengeGenerator = challengeGenerator; + this.simulators = simulators; + } + + + @Override + public FirstMessageOut getFirstMessage(BigInteger challenge) { + + simChallenge0 = challengeGenerator.generateChallenge(); + BigInteger simChallenge1 = challengeGenerator.subtractChallenge(challenge, simChallenge0); + + return firstMessageConcatenator.concatenate(simulators[0].getFirstMessage(simChallenge0), simulators[1].getFirstMessage(simChallenge1)); + } + + @Override + public FinalMessageOut getFinalMessage() { + return finalMessageConcatenator.concatenate(simChallenge0, simulators[0].getFinalMessage(), simulators[1].getFinalMessage()); + } + + @Override + public void reset() { simulators[0].reset(); simulators[1].reset(); } + } + } diff --git a/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java b/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java index 23eaea4..0245726 100644 --- a/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java +++ b/mixer/src/test/java/meerkat/mixer/MixNetworkTest.java @@ -16,7 +16,7 @@ public class MixNetworkTest { @Test public void testMixNetwork() throws Exception{ - Random random = new Random(); + Random random = new Random(1); int logn = 10; int n = 1 << logn; int layers = 2*logn - 1; diff --git a/mixer/src/test/java/meerkat/mixer/proofs/AndStatementSigmaTest.java b/mixer/src/test/java/meerkat/mixer/proofs/AndStatementSigmaTest.java deleted file mode 100644 index bcc5100..0000000 --- a/mixer/src/test/java/meerkat/mixer/proofs/AndStatementSigmaTest.java +++ /dev/null @@ -1,52 +0,0 @@ -package meerkat.mixer.proofs; - -import meerkat.protobuf.Mixing; -import org.factcenter.qilin.primitives.RandomOracle; - -import java.math.BigInteger; -import java.util.Random; - -/** - * Created by talm on 12/01/17. - */ -public class AndStatementSigmaTest extends SigmaProtocolTest { - @Override - void generateRandomTrueStatement() { - - } - - @Override - void generateRandomFalseStatement() { - - } - - @Override - protected SigmaProtocol.Prover getNewProver() { - return null; - } - - @Override - protected SigmaProtocol.Verifier getNewVerifier() { - return null; - } - - @Override - protected SigmaProtocol.Simulator getNewSimulator() { - return null; - } - - @Override - protected RandomOracle getRandomOracle() { - return null; - } - - @Override - protected Random getRandom() { - return null; - } - - @Override - protected BigInteger getChallengeModulus() { - return null; - } -} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/DlogAndStatementSigmaTest.java b/mixer/src/test/java/meerkat/mixer/proofs/DlogAndStatementSigmaTest.java new file mode 100644 index 0000000..50c232a --- /dev/null +++ b/mixer/src/test/java/meerkat/mixer/proofs/DlogAndStatementSigmaTest.java @@ -0,0 +1,58 @@ +package meerkat.mixer.proofs; + +import meerkat.protobuf.Mixing; +import org.factcenter.qilin.util.Pair; + +import java.math.BigInteger; + +/** + * Created by talm on 12/01/17. + */ +public class DlogAndStatementSigmaTest extends SigmaProtocolTest { + final DlogStatementSchnorrSigmaTest dlogtest; + + ECElGamalMixParams.DlogStatement s1, s2; + ECElGamalMixParams.DlogStatementWitness w1, w2; + + public DlogAndStatementSigmaTest() { + this.dlogtest = new DlogStatementSchnorrSigmaTest(); + } + + @Override + void generateRandomTrueStatement() { + Pair s1w1 = dlogtest.returnRandomTrueStatement(); + s1 = s1w1.a; w1 = s1w1.b; + + Pair s2w2 = dlogtest.returnRandomTrueStatement(); + s2 = s2w2.a; w2 = s2w2.b; + } + + @Override + void generateRandomFalseStatement() { + s1 = dlogtest.returnRandomFalseStatement(); + s2 = dlogtest.returnRandomFalseStatement(); + } + + @Override + protected SigmaProtocol.Prover getNewProver() { + return new SigmaProtocolAnd2.Prover<>(ProtobufConcatenators.concatAnd1, ProtobufConcatenators.concatAnd2, + dlogtest.prots.new DlogStatementSchnorrProver(s1, w1), dlogtest.prots.new DlogStatementSchnorrProver(s2, w2)); + } + + @Override + protected SigmaProtocol.Verifier getNewVerifier() { + return new SigmaProtocolAnd2.Verifier<>(ProtobufConcatenators.concatAnd1, ProtobufConcatenators.concatAnd2, + dlogtest.prots.new DlogStatementSchnorrVerifier(s1), dlogtest.prots.new DlogStatementSchnorrVerifier(s2)); + } + + @Override + protected SigmaProtocol.Simulator getNewSimulator() { + return new SigmaProtocolAnd2.Simulator<>(ProtobufConcatenators.concatAnd1, ProtobufConcatenators.concatAnd2, + dlogtest.prots.new DlogStatementSchnorrSimulator(s1), dlogtest.prots.new DlogStatementSchnorrSimulator(s2)); + } + + @Override + protected BigInteger getChallengeModulus() { + return dlogtest.getChallengeModulus(); + } +} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/DlogOrStatementSigmaTest.java b/mixer/src/test/java/meerkat/mixer/proofs/DlogOrStatementSigmaTest.java new file mode 100644 index 0000000..a352d42 --- /dev/null +++ b/mixer/src/test/java/meerkat/mixer/proofs/DlogOrStatementSigmaTest.java @@ -0,0 +1,79 @@ +package meerkat.mixer.proofs; + +import meerkat.protobuf.Mixing; +import org.factcenter.qilin.util.Pair; + +import java.math.BigInteger; + +/** + * Created by talm on 14/01/17. + */ +public class DlogOrStatementSigmaTest extends SigmaProtocolTest { + final DlogStatementSchnorrSigmaTest dlogtest; + + final ECElGamalMixParams.AndStatement[] statements = new ECElGamalMixParams.AndStatement[2]; + ECElGamalMixParams.AndStatementWitness w; + int trueStatementIndex; + + + public DlogOrStatementSigmaTest() { + this.dlogtest = new DlogStatementSchnorrSigmaTest(); + } + + @Override + void generateRandomTrueStatement() { + trueStatementIndex = rand.nextInt(2); + Pair s1w1 = dlogtest.returnRandomTrueStatement(); + Pair s2w2 = dlogtest.returnRandomTrueStatement(); + ECElGamalMixParams.AndStatement trueStatement = dlogtest.params.new AndStatement(s1w1.a, s2w2.a); + w = dlogtest.params.new AndStatementWitness(s1w1.b, s2w2.b); + statements[trueStatementIndex] = trueStatement; + + ECElGamalMixParams.DlogStatement f1 = dlogtest.returnRandomFalseStatement(); + ECElGamalMixParams.DlogStatement f2 = dlogtest.returnRandomFalseStatement(); + + ECElGamalMixParams.AndStatement falseStatement = dlogtest.params.new AndStatement(f1, f2); + + statements[1 - trueStatementIndex] = falseStatement; + } + + @Override + void generateRandomFalseStatement() { + ECElGamalMixParams.DlogStatement f1 = dlogtest.returnRandomFalseStatement(); + ECElGamalMixParams.DlogStatement f2 = dlogtest.returnRandomFalseStatement(); + + statements[0] = dlogtest.params.new AndStatement(f1, f2); + + f1 = dlogtest.returnRandomFalseStatement(); + f2 = dlogtest.returnRandomFalseStatement(); + statements[1] = dlogtest.params.new AndStatement(f1, f2); + } + + @Override + protected SigmaProtocol.Prover getNewProver() { + SigmaProtocol.Prover andProver = dlogtest.prots.new AndStatementProver(statements[trueStatementIndex], w); + SigmaProtocol.Simulator andSimulator = dlogtest.prots.new AndStatementSimulator(statements[1 - trueStatementIndex]); + + return new SigmaProtocolOr2.Prover<>(ProtobufConcatenators.concatMix1, ProtobufConcatenators.concatMix2, + dlogtest.prots.challengeGenerator, andProver, andSimulator, trueStatementIndex); + } + + @Override + protected SigmaProtocol.Verifier getNewVerifier() { + return new SigmaProtocolOr2.Verifier(ProtobufConcatenators.concatMix1, ProtobufConcatenators.concatMix2, + dlogtest.prots.challengeGenerator, dlogtest.prots.new AndStatementVerifier(statements[0]), dlogtest.prots.new AndStatementVerifier(statements[1])); + } + + @Override + protected SigmaProtocol.Simulator getNewSimulator() { + return new SigmaProtocolOr2.Simulator<>(ProtobufConcatenators.concatMix1, ProtobufConcatenators.concatMix2, + dlogtest.prots.challengeGenerator, dlogtest.prots.new AndStatementSimulator(statements[0]), + dlogtest.prots.new AndStatementSimulator(statements[1])); + } + + @Override + protected BigInteger getChallengeModulus() { + return dlogtest.getChallengeModulus(); + } +} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/DlogStatementSchnorrSigmaTest.java b/mixer/src/test/java/meerkat/mixer/proofs/DlogStatementSchnorrSigmaTest.java index bec9c23..868bce0 100644 --- a/mixer/src/test/java/meerkat/mixer/proofs/DlogStatementSchnorrSigmaTest.java +++ b/mixer/src/test/java/meerkat/mixer/proofs/DlogStatementSchnorrSigmaTest.java @@ -3,14 +3,9 @@ package meerkat.mixer.proofs; import meerkat.mixer.ECParamTestBase; import meerkat.protobuf.Mixing; import org.bouncycastle.math.ec.ECPoint; -import org.factcenter.qilin.primitives.RandomOracle; import org.factcenter.qilin.util.Pair; -import org.junit.Before; import java.math.BigInteger; -import java.util.Random; - -import static org.junit.Assert.*; /** * Created by talm on 12/01/17. @@ -31,24 +26,36 @@ public class DlogStatementSchnorrSigmaTest extends public DlogStatementSchnorrSigmaTest() { this.params = new ECElGamalMixParams(ecParams.enc); - this.prots = new ECElGamalMixProtocols(params, ecParams.rand); // We don't need randomness for the verifier -// this.mix2NIZK = new SigmaFiatShamir(ProtobufConcatenators.concatNIZK, randomOracle); + this.prots = new ECElGamalMixProtocols(params, rand); // We don't need randomness for the verifier } - void generateRandomTrueStatement() { + Pair returnRandomTrueStatement() { BigInteger x = prots.encryptor.generateRandomExponent(rand); ECPoint a = prots.group.multiply(prots.g, x); ECPoint b = prots.group.multiply(prots.h, x); - statement = params.new DlogStatement(a, b); - witness = params.new DlogStatementWitness(x); + ECElGamalMixParams.DlogStatement statement = params.new DlogStatement(a, b); + ECElGamalMixParams.DlogStatementWitness witness = params.new DlogStatementWitness(x); + + return new Pair<>(statement, witness); + } + + ECElGamalMixParams.DlogStatement returnRandomFalseStatement() { + ECPoint a = prots.group.sample(rand); + ECPoint b = prots.group.sample(rand); + + return params.new DlogStatement(a, b); + } + + void generateRandomTrueStatement() { + Pair sw = returnRandomTrueStatement(); + this.statement = sw.a; + this.witness = sw.b; } void generateRandomFalseStatement() { - ECPoint a = prots.group.sample(rand); - ECPoint b = prots.group.sample(rand); witness = null; - statement = params.new DlogStatement(a, b); + statement = returnRandomFalseStatement(); } @Override @@ -69,16 +76,6 @@ public class DlogStatementSchnorrSigmaTest extends return simulator; } - @Override - protected RandomOracle getRandomOracle() { - return ecParams.randomOracle; - } - - @Override - protected Random getRandom() { - return ecParams.rand; - } - @Override protected BigInteger getChallengeModulus() { return prots.group.orderUpperBound(); diff --git a/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaProof.java b/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaProof.java new file mode 100644 index 0000000..07c6c80 --- /dev/null +++ b/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaProof.java @@ -0,0 +1,91 @@ +package meerkat.mixer.proofs; + +import meerkat.crypto.concrete.Util; +import meerkat.protobuf.Crypto; + +import java.math.BigInteger; + +/** + * A dummy proof that can be used for testing + */ +public class DummySigmaProof { + public static class Prover implements SigmaProtocol.Prover { + + /** + * The "statement" to be proved: x + y = z + */ + + final BigInteger x,y,z; + final BigInteger r; + + public Prover(BigInteger x, BigInteger y, BigInteger z, BigInteger r) { + this.x = x; + this.y = y; + this.z = z; + this.r = r; + } + + @Override + public Crypto.BigInteger getFirstMessage() { + return Util.encodeBigInteger(r); + } + + @Override + public BigInteger getFinalMessage(BigInteger challenge) { + return challenge.add(r.multiply(x.add(y))); + } + + @Override + public void reset() { + + } + } + public static class Verifier implements SigmaProtocol.Verifier { + + final BigInteger x,y,z; + + public Verifier(BigInteger x, BigInteger y, BigInteger z) { + this.x = x; + this.y = y; + this.z = z; + } + + @Override + public boolean verify(Crypto.BigInteger firstMessage, BigInteger challenge, BigInteger finalMessage) { + BigInteger r = Util.decodeBigInteger(firstMessage); + return finalMessage.equals(challenge.add(r.multiply(z))); + } + } + + public static class Simulator implements SigmaProtocol.Simulator { + + final BigInteger x,y,z; + + BigInteger resp; + + public Simulator(BigInteger x, BigInteger y, BigInteger z) { + this.x = x; + this.y = y; + this.z = z; + } + + + @Override + public Crypto.BigInteger getFirstMessage(BigInteger challenge) { + BigInteger r = BigInteger.ONE; + resp = challenge.add(z); + return Util.encodeBigInteger(r); + } + + @Override + public BigInteger getFinalMessage() { + return resp; + } + + @Override + public void reset() { + + } + } + +} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaTest.java b/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaTest.java new file mode 100644 index 0000000..3c62570 --- /dev/null +++ b/mixer/src/test/java/meerkat/mixer/proofs/DummySigmaTest.java @@ -0,0 +1,48 @@ +package meerkat.mixer.proofs; + +import meerkat.protobuf.Crypto; +import org.factcenter.qilin.primitives.RandomOracle; +import org.factcenter.qilin.primitives.concrete.DigestOracle; + +import java.math.BigInteger; +import java.util.Random; + +/** + * Created by talm on 14/01/17. + */ +public class DummySigmaTest extends SigmaProtocolTest { + BigInteger seed; + BigInteger x,y,z; + + @Override + void generateRandomTrueStatement() { + x = new BigInteger(100, rand); y = new BigInteger(100, rand); z = x.add(y); + } + + @Override + void generateRandomFalseStatement() { + x = new BigInteger(100, rand); + y = new BigInteger(100, rand); + z = new BigInteger(100, rand); + } + + @Override + protected SigmaProtocol.Prover getNewProver() { + return new DummySigmaProof.Prover(x, y, z, new BigInteger(100, rand)); + } + + @Override + protected SigmaProtocol.Verifier getNewVerifier() { + return new DummySigmaProof.Verifier(x, y, z); + } + + @Override + protected SigmaProtocol.Simulator getNewSimulator() { + return new DummySigmaProof.Simulator(x, y, z); + } + + @Override + protected BigInteger getChallengeModulus() { + return new BigInteger(100, rand); + } +} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/NIZKContainers.java b/mixer/src/test/java/meerkat/mixer/proofs/NIZKContainers.java deleted file mode 100644 index dbbea17..0000000 --- a/mixer/src/test/java/meerkat/mixer/proofs/NIZKContainers.java +++ /dev/null @@ -1,13 +0,0 @@ -package meerkat.mixer.proofs; - -import meerkat.protobuf.Mixing; - -/** - * Created by talm on 12/01/17. - */ -public class NIZKContainers { - public static class DlogNIZK { - public Mixing.Mix2Proof.DlogProof.FirstMessage m1; - - } -} diff --git a/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java b/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java index 3b826b5..4ad3437 100644 --- a/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java +++ b/mixer/src/test/java/meerkat/mixer/proofs/SigmaProtocolTest.java @@ -2,6 +2,7 @@ package meerkat.mixer.proofs; import com.google.protobuf.Message; import org.factcenter.qilin.primitives.RandomOracle; +import org.factcenter.qilin.primitives.concrete.DigestOracle; import org.factcenter.qilin.util.Pair; import org.junit.Before; import org.junit.Test; @@ -17,6 +18,7 @@ import static org.junit.Assert.*; abstract public class SigmaProtocolTest { public final int NUM_REPEAT = 10; + final RandomOracle randomOracle = new DigestOracle(); abstract void generateRandomTrueStatement(); @@ -39,10 +41,6 @@ abstract public class SigmaProtocolTest { final NIZKConcat nizkConcat = new NIZKConcat(); - abstract protected RandomOracle getRandomOracle(); - - - abstract protected Random getRandom(); abstract protected BigInteger getChallengeModulus(); SigmaProtocol.Prover prover; @@ -51,12 +49,10 @@ abstract public class SigmaProtocolTest { BigInteger challengeModulus; int challengeBits; - Random rand; + Random rand = new Random(1);; @Before public void setup() { - simulator = getNewSimulator(); - rand = getRandom(); challengeModulus = getChallengeModulus(); challengeBits = challengeModulus.bitLength() + 1; } @@ -100,7 +96,7 @@ abstract public class SigmaProtocolTest { for (int i = 0; i < NUM_REPEAT; ++i) { generateRandomTrueStatement(); - SigmaFiatShamir, M1, M2> fiatShamir = new SigmaFiatShamir, M1, M2>(nizkConcat, getRandomOracle()); + SigmaFiatShamir, M1, M2> fiatShamir = new SigmaFiatShamir, M1, M2>(nizkConcat, randomOracle); prover = getNewProver(); Pair nizk = fiatShamir.generateNizk(prover);