diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 1ca625d..1e04d9c 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -#Fri Dec 11 12:12:40 IST 2015 +#Mon Dec 14 14:35:37 IST 2015 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/meerkat-common/src/main/java/meerkat/crypto/concrete/ECElGamalEncryption.java b/meerkat-common/src/main/java/meerkat/crypto/concrete/ECElGamalEncryption.java index 8718dd7..c281dd7 100644 --- a/meerkat-common/src/main/java/meerkat/crypto/concrete/ECElGamalEncryption.java +++ b/meerkat-common/src/main/java/meerkat/crypto/concrete/ECElGamalEncryption.java @@ -115,7 +115,7 @@ public class ECElGamalEncryption extends GlobalCryptoSetup implements Encryption Pair randomizer = elGamalPK.encrypt(curve.getInfinity(), rndInt); ConcreteCrypto.ElGamalCiphertext originalEncodedCipher= ConcreteCrypto.ElGamalCiphertext.parseFrom(msg.getData()); - Pair originalCipher = new Pair<>( + Pair originalCipher = new Pair( curve.decodePoint(originalEncodedCipher.getC1().toByteArray()), curve.decodePoint(originalEncodedCipher.getC2().toByteArray())); Pair newCipher = elGamalPK.add(originalCipher, randomizer); diff --git a/meerkat-common/src/main/java/meerkat/crypto/mixnet/Mixer.java b/meerkat-common/src/main/java/meerkat/crypto/mixnet/Mixer.java index bbd999e..dc2f819 100644 --- a/meerkat-common/src/main/java/meerkat/crypto/mixnet/Mixer.java +++ b/meerkat-common/src/main/java/meerkat/crypto/mixnet/Mixer.java @@ -1,16 +1,16 @@ package meerkat.crypto.mixnet; import com.google.protobuf.InvalidProtocolBufferException; -import javafx.util.Pair; +import qilin.util.Pair; import meerkat.protobuf.Crypto; import meerkat.protobuf.Mixing; import java.util.List; -import static meerkat.protobuf.Voting.*; /** * Created by talm on 25/10/15. */ public interface Mixer { - public Pair mix(List ciphertexts) throws InvalidProtocolBufferException; + public Pair + mix(List ciphertexts) throws InvalidProtocolBufferException; } diff --git a/meerkat-common/src/main/proto/meerkat/mixing.proto b/meerkat-common/src/main/proto/meerkat/mixing.proto index 882d882..763f46b 100644 --- a/meerkat-common/src/main/proto/meerkat/mixing.proto +++ b/meerkat-common/src/main/proto/meerkat/mixing.proto @@ -8,6 +8,20 @@ import 'meerkat/crypto.proto'; message ZeroKnowledgeProof { message OrProof { + message ForRandomOracle{ + bytes g1 = 1; + bytes h1 = 2; + bytes g2 = 3; + bytes h2 = 4; + bytes g1Tag = 5; + bytes h1Tag = 6; + bytes g2Tag = 7; + bytes h2Tag = 8; + bytes u = 9; + bytes v = 10; + bytes uTag = 11; + bytes vTag = 12; + } //input : g1,h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag; bytes g1 = 1; bytes h1 = 2; diff --git a/mixer/src/main/java/mixer/Mixer.java b/mixer/src/main/java/mixer/Mixer.java index 4179e6a..7e7c0b9 100644 --- a/mixer/src/main/java/mixer/Mixer.java +++ b/mixer/src/main/java/mixer/Mixer.java @@ -4,9 +4,8 @@ import java.util.ArrayList; import java.util.List; import java.util.Queue; import java.util.concurrent.ArrayBlockingQueue; -import javafx.util.Pair; +import qilin.util.Pair; import java.util.Random; -import java.util.regex.Matcher; import com.google.protobuf.InvalidProtocolBufferException; diff --git a/mixer/src/main/java/necessary/General.java b/mixer/src/main/java/necessary/General.java index b6a3707..92df602 100644 --- a/mixer/src/main/java/necessary/General.java +++ b/mixer/src/main/java/necessary/General.java @@ -4,6 +4,9 @@ import meerkat.protobuf.ConcreteCrypto; import meerkat.protobuf.Crypto; import com.google.protobuf.ByteString; +import meerkat.protobuf.Mixing; + +import java.math.BigInteger; public interface General { @@ -12,30 +15,11 @@ public interface General { */ ConcreteCrypto.ElGamalCiphertext calcRerandomizable2ElGamal(Crypto.RerandomizableEncryptedMessage enc); + ByteString getG(); + ByteString getH(); /* - modulo operation over ByteString + fiat shamir assumption */ - ByteString mod(ByteString dividend, ByteString divisor); - - /* - addition operation over ByteString - */ - ByteString add(ByteString a, ByteString b); - - /* - subtraction operation over ByteString - */ - ByteString sub(ByteString Subtraction, ByteString subtrahend); - - - /* - multiplication operation over ByteString - */ - ByteString mul(ByteString a, ByteString b); - - /* - hash operation over ByteString - */ - ByteString hash(ByteString... arr); + BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input); } diff --git a/mixer/src/main/java/necessary/GeneralImpl.java b/mixer/src/main/java/necessary/GeneralImpl.java new file mode 100644 index 0000000..9a4fda6 --- /dev/null +++ b/mixer/src/main/java/necessary/GeneralImpl.java @@ -0,0 +1,46 @@ +package necessary; + +import com.google.protobuf.ByteString; +import meerkat.protobuf.ConcreteCrypto; +import meerkat.protobuf.Crypto; +import meerkat.protobuf.Mixing; +import qilin.primitives.RandomOracle; +import java.math.BigInteger; + +/** + * Created by Tzlil on 12/14/2015. + */ +public class GeneralImpl implements General { + + + private final RandomOracle rndomOracle; + private final ByteString h; + private final ByteString g; + + public GeneralImpl(RandomOracle randomOracle,ByteString g,ByteString h) { + this.rndomOracle = randomOracle; + this.h = h; + this.g = g; + } + + @Override + public ConcreteCrypto.ElGamalCiphertext calcRerandomizable2ElGamal(Crypto.RerandomizableEncryptedMessage enc) { + return null; + } + + @Override + public ByteString getG() { + return g; + } + + @Override + public ByteString getH() { + return h; + } + + @Override + public BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input) { + byte[] arr = input.toByteArray(); + return new BigInteger(this.rndomOracle.hash(arr,arr.length)); + } +} diff --git a/mixer/src/main/java/necessary/Group.java b/mixer/src/main/java/necessary/Group.java index 544b1d7..27c57d8 100644 --- a/mixer/src/main/java/necessary/Group.java +++ b/mixer/src/main/java/necessary/Group.java @@ -3,12 +3,12 @@ package necessary; import com.google.protobuf.ByteString; +import java.math.BigInteger; + public interface Group { - ByteString getG(); - ByteString getH(); ByteString div(ByteString dividend, ByteString divisor); ByteString mul(ByteString a, ByteString b); - ByteString pow(ByteString bas, ByteString exp); - ByteString groupSize(); + ByteString pow(ByteString bas, BigInteger exp); + BigInteger groupSize(); } diff --git a/mixer/src/main/java/necessary/GroupImpl.java b/mixer/src/main/java/necessary/GroupImpl.java new file mode 100644 index 0000000..5e98248 --- /dev/null +++ b/mixer/src/main/java/necessary/GroupImpl.java @@ -0,0 +1,39 @@ +package necessary; + +import com.google.protobuf.ByteString; +import meerkat.protobuf.Crypto; + +import java.math.BigInteger; + +/** + * Created by Tzlil on 12/14/2015. + */ +public class GroupImpl implements Group { + + qilin.primitives.Group qilinInstance; + public GroupImpl(qilin.primitives.Group qilinInstance) { + this.qilinInstance = qilinInstance; + } + + + @Override + public ByteString div(ByteString dividend, ByteString divisor) { + return mul(dividend,qilinInstance.negate(divisor)); + } + + @Override + public ByteString mul(ByteString a, ByteString b) { + return qilinInstance.add(a,b); + } + + @Override + public ByteString pow(ByteString bas, BigInteger exp) { + return qilinInstance.multiply(bas,exp); + } + + @Override + public BigInteger groupSize() { + return qilinInstance.orderUpperBound(); + } +} + diff --git a/mixer/src/main/java/prover/Prover.java b/mixer/src/main/java/prover/Prover.java index 8d0f3c6..789f323 100644 --- a/mixer/src/main/java/prover/Prover.java +++ b/mixer/src/main/java/prover/Prover.java @@ -9,6 +9,8 @@ import meerkat.protobuf.Mixing; import necessary.General; import necessary.Group; + +import java.math.BigInteger; import java.util.Random; public class Prover implements Mix2ZeroKnowledgeProver { @@ -78,22 +80,23 @@ public class Prover implements Mix2ZeroKnowledgeProver { ElGamalCiphertext e2New, Crypto.EncryptionRandomness x, boolean flag) { - ByteString g1 = group.getG(); + ByteString g1 = general.getG(); ByteString h1 = group.div(e1New.getC1(),e1.getC1()); - ByteString g2 = group.getH(); + ByteString g2 = general.getH(); ByteString h2 = group.div(e1New.getC2(),e1.getC2()); - ByteString g1Tag = group.getG(); + ByteString g1Tag = general.getG(); ByteString h1Tag = group.div(e2New.getC1(),e2.getC1()); - ByteString g2Tag = group.getH(); + ByteString g2Tag = general.getH(); ByteString h2Tag = group.div(e2New.getC2(),e2.getC2()); - ByteString r = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); - ByteString u,v,uTag,vTag,c1,c2,z,zTag; + BigInteger r = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize()); + BigInteger c1,c2,z,zTag; + ByteString u,v,uTag,vTag; if (flag) { - c2 = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); - zTag = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); + c2 = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize()); + zTag = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize()); //step 1 u = group.pow(g1, r); v = group.pow(g2, r); @@ -101,15 +104,30 @@ public class Prover implements Mix2ZeroKnowledgeProver { vTag = group.div(group.pow(g2Tag, zTag), group.pow(h2Tag, c2)); //step 2 // c1 = (hash(input + step1) + group size - c2)% group size - c1 = general.mod(general.add(general.hash(g1, h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag, u, v, uTag, vTag), general.sub(group.groupSize(), c2)),group.groupSize()); + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle = + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() + .setG1(g1) + .setH1(h1) + .setG2(g2) + .setH2(h2) + .setG1Tag(g1Tag) + .setH1Tag(h1Tag) + .setG2Tag(g2Tag) + .setH2Tag(h2Tag) + .setU(u) + .setV(v) + .setUTag(uTag) + .setVTag(vTag) + .build(); + c1 = general.hash(forRandomOracle).add(group.groupSize().subtract(c2)).mod(group.groupSize()); //step 3 //z = (r + c1 * x) % group size; - z = general.mod(general.add(r,general.mul(c1,x.getData())),group.groupSize()); + z = r.add(c1.multiply(new BigInteger(x.getData().toByteArray()))).mod(group.groupSize()); } else { - c1 = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); - z = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); + c1 = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize()); + z = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize()); //step 1 uTag = group.pow(g1Tag, r); vTag = group.pow(g2Tag, r); @@ -117,10 +135,25 @@ public class Prover implements Mix2ZeroKnowledgeProver { v = group.div(group.pow(g2, z), group.pow(h2, c1)); //step 2 // c1 = (hash(input + step1) + group size - c1)% group size - c2 = general.mod(general.add(general.hash(g1, h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag, u, v, uTag, vTag), general.sub(group.groupSize(), c1)),group.groupSize()); + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle = + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() + .setG1(g1) + .setH1(h1) + .setG2(g2) + .setH2(h2) + .setG1Tag(g1Tag) + .setH1Tag(h1Tag) + .setG2Tag(g2Tag) + .setH2Tag(h2Tag) + .setU(u) + .setV(v) + .setUTag(uTag) + .setVTag(vTag) + .build(); + c2 = general.hash(forRandomOracle).add(group.groupSize().subtract(c1)).mod(group.groupSize()); //step 3 //zTag = (r + c2 * x) % group size; - zTag = general.mod(general.add(r,general.mul(c2,x.getData())),group.groupSize()); + zTag = r.add(c2.multiply(new BigInteger(x.getData().toByteArray()))).mod(group.groupSize()); } return Mixing.ZeroKnowledgeProof.OrProof.newBuilder() .setG1(g1) @@ -135,10 +168,10 @@ public class Prover implements Mix2ZeroKnowledgeProver { .setV(v) .setUTag(uTag) .setVTag(vTag) - .setC1(c1) - .setC2(c2) - .setZ(z) - .setZTag(zTag) + .setC1(ByteString.copyFrom(c1.toByteArray())) + .setC2(ByteString.copyFrom(c2.toByteArray())) + .setZ(ByteString.copyFrom(z.toByteArray())) + .setZTag(ByteString.copyFrom(zTag.toByteArray())) .build(); } diff --git a/mixer/src/main/java/verifier/Verifier.java b/mixer/src/main/java/verifier/Verifier.java index b7894df..197e012 100644 --- a/mixer/src/main/java/verifier/Verifier.java +++ b/mixer/src/main/java/verifier/Verifier.java @@ -8,6 +8,8 @@ import meerkat.protobuf.Mixing; import necessary.General; import necessary.Group; +import java.math.BigInteger; + public class Verifier implements Mix2ZeroKnowledgeVerifier { @@ -53,28 +55,46 @@ public class Verifier implements Mix2ZeroKnowledgeVerifier { Mixing.ZeroKnowledgeProof.OrProof orProof) { + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle = + Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder() + .setG1(orProof.getG1()) + .setH1(orProof.getH1()) + .setG2(orProof.getG2()) + .setH2(orProof.getH2()) + .setG1Tag(orProof.getG1Tag()) + .setH1Tag(orProof.getH1Tag()) + .setG2Tag(orProof.getG2Tag()) + .setH2Tag(orProof.getH2Tag()) + .setU(orProof.getU()) + .setV(orProof.getV()) + .setUTag(orProof.getUTag()) + .setVTag(orProof.getVTag()) + .build(); + return //input - orProof.getG1().equals(group.getG())&& + orProof.getG1().equals(general.getG())&& orProof.getH1().equals(group.div(e1New.getC1(), e1.getC1()))&& - orProof.getG2().equals(group.getH())&& + orProof.getG2().equals(general.getH())&& orProof.getH2().equals(group.div(e1New.getC2(), e1.getC2()))&& // input' - orProof.getG1Tag().equals(group.getG())&& + orProof.getG1Tag().equals(general.getG())&& orProof.getH1Tag().equals(group.div(e2New.getC1(), e2.getC1()))&& - orProof.getG2Tag().equals(group.getH())&& + orProof.getG2Tag().equals(general.getH())&& orProof.getH2Tag().equals(group.div(e2New.getC2(), e2.getC2())) && // hash // assert (c1 + c2 ) % group size == hash (imput + step1) % group size - general.mod((general.add(orProof.getC1(),orProof.getC2())),group.groupSize()) - .equals(general.mod(general.hash(orProof.getG1(), orProof.getH1(), orProof.getG2(), orProof.getH2(), - orProof.getG1Tag(), orProof.getH1Tag(), orProof.getG2Tag(), orProof.getH2Tag(), - orProof.getV(),orProof.getU(),orProof.getVTag(),orProof.getUTag()) , group.groupSize()))&& + new BigInteger(orProof.getC1().toByteArray()).add(new BigInteger(orProof.getC2().toByteArray())).mod(group.groupSize()) + .equals(general.hash(forRandomOracle).mod(group.groupSize()).mod(group.groupSize()))&& // proof // g1 ^ z == u * ( h1 ^ c1 ) && g2 ^ z == v * ( h2 ^ c1 ) && the same for tag case - group.pow(orProof.getG1(), orProof.getZ()).equals(group.mul(orProof.getU(), group.pow(orProof.getH1(),orProof.getC1()))) && - group.pow(orProof.getG2(), orProof.getZ()).equals(group.mul(orProof.getV(), group.pow(orProof.getH2(),orProof.getC1()))) && - group.pow(orProof.getG1Tag(), orProof.getZTag()).equals(group.mul(orProof.getUTag(), group.pow(orProof.getH1Tag(),orProof.getC2()))) && - group.pow(orProof.getG2Tag(), orProof.getZTag()).equals(group.mul(orProof.getVTag(), group.pow(orProof.getH2Tag(),orProof.getC2()))); + group.pow(orProof.getG1(), new BigInteger(orProof.getZ().toByteArray())) + .equals(group.mul(orProof.getU(), group.pow(orProof.getH1(),new BigInteger(orProof.getC1().toByteArray())))) && + group.pow(orProof.getG2(), new BigInteger(orProof.getZ().toByteArray())) + .equals(group.mul(orProof.getV(), group.pow(orProof.getH2(),new BigInteger(orProof.getC1().toByteArray())))) && + group.pow(orProof.getG1Tag(), new BigInteger(orProof.getZTag().toByteArray())) + .equals(group.mul(orProof.getUTag(), group.pow(orProof.getH1Tag(),new BigInteger(orProof.getC2().toByteArray())))) && + group.pow(orProof.getG2Tag(), new BigInteger(orProof.getZTag().toByteArray())) + .equals(group.mul(orProof.getVTag(), group.pow(orProof.getH2Tag(),new BigInteger(orProof.getC2().toByteArray())))); } }