meerkat
/
meerkat-java
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

work with qilin

mixer
tzlil.gon 2015-12-14 17:54:44 +02:00
parent 23573666ec
commit c37d30baf6
11 changed files with 199 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gradle/wrapper/gradle-wrapper.properties vendored
View File

@ -1,4 +1,4 @@
#Fri Dec 11 12:12:40 IST 2015 #Mon Dec 14 14:35:37 IST 2015
distributionBase=GRADLE_USER_HOME distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME zipStoreBase=GRADLE_USER_HOME

2
meerkat-common/src/main/java/meerkat/crypto/concrete/ECElGamalEncryption.java
View File

@ -115,7 +115,7 @@ public class ECElGamalEncryption extends GlobalCryptoSetup implements Encryption
Pair<ECPoint,ECPoint> randomizer = elGamalPK.encrypt(curve.getInfinity(), rndInt); Pair<ECPoint,ECPoint> randomizer = elGamalPK.encrypt(curve.getInfinity(), rndInt);
ConcreteCrypto.ElGamalCiphertext originalEncodedCipher= ConcreteCrypto.ElGamalCiphertext.parseFrom(msg.getData()); ConcreteCrypto.ElGamalCiphertext originalEncodedCipher= ConcreteCrypto.ElGamalCiphertext.parseFrom(msg.getData());
Pair<ECPoint,ECPoint> originalCipher = new Pair<>( Pair<ECPoint,ECPoint> originalCipher = new Pair<ECPoint,ECPoint>(
curve.decodePoint(originalEncodedCipher.getC1().toByteArray()), curve.decodePoint(originalEncodedCipher.getC1().toByteArray()),
curve.decodePoint(originalEncodedCipher.getC2().toByteArray())); curve.decodePoint(originalEncodedCipher.getC2().toByteArray()));
Pair<ECPoint,ECPoint> newCipher = elGamalPK.add(originalCipher, randomizer); Pair<ECPoint,ECPoint> newCipher = elGamalPK.add(originalCipher, randomizer);

6
meerkat-common/src/main/java/meerkat/crypto/mixnet/Mixer.java
View File

@ -1,16 +1,16 @@
package meerkat.crypto.mixnet; package meerkat.crypto.mixnet;
import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.InvalidProtocolBufferException;
import javafx.util.Pair; import qilin.util.Pair;
import meerkat.protobuf.Crypto; import meerkat.protobuf.Crypto;
import meerkat.protobuf.Mixing; import meerkat.protobuf.Mixing;
import java.util.List; import java.util.List;
import static meerkat.protobuf.Voting.*;
/** /**
* Created by talm on 25/10/15. * Created by talm on 25/10/15.
*/ */
public interface Mixer { public interface Mixer {
public Pair<Mixing.ZeroKnowledgeProof[][],Crypto.RerandomizableEncryptedMessage[][]> mix(List<Crypto.RerandomizableEncryptedMessage> ciphertexts) throws InvalidProtocolBufferException; public Pair<Mixing.ZeroKnowledgeProof[][],Crypto.RerandomizableEncryptedMessage[][]>
mix(List<Crypto.RerandomizableEncryptedMessage> ciphertexts) throws InvalidProtocolBufferException;
} }

14
meerkat-common/src/main/proto/meerkat/mixing.proto
View File

@ -8,6 +8,20 @@ import 'meerkat/crypto.proto';
message ZeroKnowledgeProof { message ZeroKnowledgeProof {
message OrProof { message OrProof {
message ForRandomOracle{
bytes g1 = 1;
bytes h1 = 2;
bytes g2 = 3;
bytes h2 = 4;
bytes g1Tag = 5;
bytes h1Tag = 6;
bytes g2Tag = 7;
bytes h2Tag = 8;
bytes u = 9;
bytes v = 10;
bytes uTag = 11;
bytes vTag = 12;
}
//input : g1,h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag; //input : g1,h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag;
bytes g1 = 1; bytes g1 = 1;
bytes h1 = 2; bytes h1 = 2;

3
mixer/src/main/java/mixer/Mixer.java
View File

@ -4,9 +4,8 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Queue; import java.util.Queue;
import java.util.concurrent.ArrayBlockingQueue; import java.util.concurrent.ArrayBlockingQueue;
import javafx.util.Pair; import qilin.util.Pair;
import java.util.Random; import java.util.Random;
import java.util.regex.Matcher;
import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.InvalidProtocolBufferException;

30
mixer/src/main/java/necessary/General.java
View File

@ -4,6 +4,9 @@ import meerkat.protobuf.ConcreteCrypto;
import meerkat.protobuf.Crypto; import meerkat.protobuf.Crypto;
import com.google.protobuf.ByteString; import com.google.protobuf.ByteString;
import meerkat.protobuf.Mixing;
import java.math.BigInteger;
public interface General { public interface General {
@ -12,30 +15,11 @@ public interface General {
*/ */
ConcreteCrypto.ElGamalCiphertext calcRerandomizable2ElGamal(Crypto.RerandomizableEncryptedMessage enc); ConcreteCrypto.ElGamalCiphertext calcRerandomizable2ElGamal(Crypto.RerandomizableEncryptedMessage enc);
ByteString getG();
ByteString getH();
/* /*
modulo operation over ByteString fiat shamir assumption
*/ */
ByteString mod(ByteString dividend, ByteString divisor); BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input);
/*
addition operation over ByteString
*/
ByteString add(ByteString a, ByteString b);
/*
subtraction operation over ByteString
*/
ByteString sub(ByteString Subtraction, ByteString subtrahend);
/*
multiplication operation over ByteString
*/
ByteString mul(ByteString a, ByteString b);
/*
hash operation over ByteString
*/
ByteString hash(ByteString... arr);
} }

46
mixer/src/main/java/necessary/GeneralImpl.java Normal file
View File

@ -0,0 +1,46 @@
package necessary;
import com.google.protobuf.ByteString;
import meerkat.protobuf.ConcreteCrypto;
import meerkat.protobuf.Crypto;
import meerkat.protobuf.Mixing;
import qilin.primitives.RandomOracle;
import java.math.BigInteger;
/**
* Created by Tzlil on 12/14/2015.
*/
public class GeneralImpl implements General {
private final RandomOracle rndomOracle;
private final ByteString h;
private final ByteString g;
public GeneralImpl(RandomOracle randomOracle,ByteString g,ByteString h) {
this.rndomOracle = randomOracle;
this.h = h;
this.g = g;
}
@Override
public ConcreteCrypto.ElGamalCiphertext calcRerandomizable2ElGamal(Crypto.RerandomizableEncryptedMessage enc) {
return null;
}
@Override
public ByteString getG() {
return g;
}
@Override
public ByteString getH() {
return h;
}
@Override
public BigInteger hash(Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle input) {
byte[] arr = input.toByteArray();
return new BigInteger(this.rndomOracle.hash(arr,arr.length));
}
}

8
mixer/src/main/java/necessary/Group.java
View File

@ -3,12 +3,12 @@ package necessary;
import com.google.protobuf.ByteString; import com.google.protobuf.ByteString;
import java.math.BigInteger;
public interface Group { public interface Group {
ByteString getG();
ByteString getH();
ByteString div(ByteString dividend, ByteString divisor); ByteString div(ByteString dividend, ByteString divisor);
ByteString mul(ByteString a, ByteString b); ByteString mul(ByteString a, ByteString b);
ByteString pow(ByteString bas, ByteString exp); ByteString pow(ByteString bas, BigInteger exp);
ByteString groupSize(); BigInteger groupSize();
} }

39
mixer/src/main/java/necessary/GroupImpl.java Normal file
View File

@ -0,0 +1,39 @@
package necessary;
import com.google.protobuf.ByteString;
import meerkat.protobuf.Crypto;
import java.math.BigInteger;
/**
* Created by Tzlil on 12/14/2015.
*/
public class GroupImpl implements Group {
qilin.primitives.Group<ByteString> qilinInstance;
public GroupImpl(qilin.primitives.Group qilinInstance) {
this.qilinInstance = qilinInstance;
}
@Override
public ByteString div(ByteString dividend, ByteString divisor) {
return mul(dividend,qilinInstance.negate(divisor));
}
@Override
public ByteString mul(ByteString a, ByteString b) {
return qilinInstance.add(a,b);
}
@Override
public ByteString pow(ByteString bas, BigInteger exp) {
return qilinInstance.multiply(bas,exp);
}
@Override
public BigInteger groupSize() {
return qilinInstance.orderUpperBound();
}
}

69
mixer/src/main/java/prover/Prover.java
View File

@ -9,6 +9,8 @@ import meerkat.protobuf.Mixing;
import necessary.General; import necessary.General;
import necessary.Group; import necessary.Group;
import java.math.BigInteger;
import java.util.Random; import java.util.Random;
public class Prover implements Mix2ZeroKnowledgeProver { public class Prover implements Mix2ZeroKnowledgeProver {
@ -78,22 +80,23 @@ public class Prover implements Mix2ZeroKnowledgeProver {
ElGamalCiphertext e2New, ElGamalCiphertext e2New,
Crypto.EncryptionRandomness x, Crypto.EncryptionRandomness x,
boolean flag) { boolean flag) {
ByteString g1 = group.getG(); ByteString g1 = general.getG();
ByteString h1 = group.div(e1New.getC1(),e1.getC1()); ByteString h1 = group.div(e1New.getC1(),e1.getC1());
ByteString g2 = group.getH(); ByteString g2 = general.getH();
ByteString h2 = group.div(e1New.getC2(),e1.getC2()); ByteString h2 = group.div(e1New.getC2(),e1.getC2());
ByteString g1Tag = group.getG(); ByteString g1Tag = general.getG();
ByteString h1Tag = group.div(e2New.getC1(),e2.getC1()); ByteString h1Tag = group.div(e2New.getC1(),e2.getC1());
ByteString g2Tag = group.getH(); ByteString g2Tag = general.getH();
ByteString h2Tag = group.div(e2New.getC2(),e2.getC2()); ByteString h2Tag = group.div(e2New.getC2(),e2.getC2());
ByteString r = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); BigInteger r = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize());
ByteString u,v,uTag,vTag,c1,c2,z,zTag; BigInteger c1,c2,z,zTag;
ByteString u,v,uTag,vTag;
if (flag) if (flag)
{ {
c2 = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); c2 = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize());
zTag = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); zTag = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize());
//step 1 //step 1
u = group.pow(g1, r); u = group.pow(g1, r);
v = group.pow(g2, r); v = group.pow(g2, r);
@ -101,15 +104,30 @@ public class Prover implements Mix2ZeroKnowledgeProver {
vTag = group.div(group.pow(g2Tag, zTag), group.pow(h2Tag, c2)); vTag = group.div(group.pow(g2Tag, zTag), group.pow(h2Tag, c2));
//step 2 //step 2
// c1 = (hash(input + step1) + group size - c2)% group size // c1 = (hash(input + step1) + group size - c2)% group size
c1 = general.mod(general.add(general.hash(g1, h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag, u, v, uTag, vTag), general.sub(group.groupSize(), c2)),group.groupSize()); Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle =
Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder()
.setG1(g1)
.setH1(h1)
.setG2(g2)
.setH2(h2)
.setG1Tag(g1Tag)
.setH1Tag(h1Tag)
.setG2Tag(g2Tag)
.setH2Tag(h2Tag)
.setU(u)
.setV(v)
.setUTag(uTag)
.setVTag(vTag)
.build();
c1 = general.hash(forRandomOracle).add(group.groupSize().subtract(c2)).mod(group.groupSize());
//step 3 //step 3
//z = (r + c1 * x) % group size; //z = (r + c1 * x) % group size;
z = general.mod(general.add(r,general.mul(c1,x.getData())),group.groupSize()); z = r.add(c1.multiply(new BigInteger(x.getData().toByteArray()))).mod(group.groupSize());
} }
else else
{ {
c1 = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); c1 = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize());
z = general.mod(encryptor.generateRandomness(rand).getData(),group.groupSize()); z = new BigInteger(encryptor.generateRandomness(rand).getData().toByteArray()).mod(group.groupSize());
//step 1 //step 1
uTag = group.pow(g1Tag, r); uTag = group.pow(g1Tag, r);
vTag = group.pow(g2Tag, r); vTag = group.pow(g2Tag, r);
@ -117,10 +135,25 @@ public class Prover implements Mix2ZeroKnowledgeProver {
v = group.div(group.pow(g2, z), group.pow(h2, c1)); v = group.div(group.pow(g2, z), group.pow(h2, c1));
//step 2 //step 2
// c1 = (hash(input + step1) + group size - c1)% group size // c1 = (hash(input + step1) + group size - c1)% group size
c2 = general.mod(general.add(general.hash(g1, h1, g2, h2, g1Tag, h1Tag, g2Tag, h2Tag, u, v, uTag, vTag), general.sub(group.groupSize(), c1)),group.groupSize()); Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle =
Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder()
.setG1(g1)
.setH1(h1)
.setG2(g2)
.setH2(h2)
.setG1Tag(g1Tag)
.setH1Tag(h1Tag)
.setG2Tag(g2Tag)
.setH2Tag(h2Tag)
.setU(u)
.setV(v)
.setUTag(uTag)
.setVTag(vTag)
.build();
c2 = general.hash(forRandomOracle).add(group.groupSize().subtract(c1)).mod(group.groupSize());
//step 3 //step 3
//zTag = (r + c2 * x) % group size; //zTag = (r + c2 * x) % group size;
zTag = general.mod(general.add(r,general.mul(c2,x.getData())),group.groupSize()); zTag = r.add(c2.multiply(new BigInteger(x.getData().toByteArray()))).mod(group.groupSize());
} }
return Mixing.ZeroKnowledgeProof.OrProof.newBuilder() return Mixing.ZeroKnowledgeProof.OrProof.newBuilder()
.setG1(g1) .setG1(g1)
@ -135,10 +168,10 @@ public class Prover implements Mix2ZeroKnowledgeProver {
.setV(v) .setV(v)
.setUTag(uTag) .setUTag(uTag)
.setVTag(vTag) .setVTag(vTag)
.setC1(c1) .setC1(ByteString.copyFrom(c1.toByteArray()))
.setC2(c2) .setC2(ByteString.copyFrom(c2.toByteArray()))
.setZ(z) .setZ(ByteString.copyFrom(z.toByteArray()))
.setZTag(zTag) .setZTag(ByteString.copyFrom(zTag.toByteArray()))
.build(); .build();
} }

44
mixer/src/main/java/verifier/Verifier.java
View File

@ -8,6 +8,8 @@ import meerkat.protobuf.Mixing;
import necessary.General; import necessary.General;
import necessary.Group; import necessary.Group;
import java.math.BigInteger;
public class Verifier implements Mix2ZeroKnowledgeVerifier { public class Verifier implements Mix2ZeroKnowledgeVerifier {
@ -53,28 +55,46 @@ public class Verifier implements Mix2ZeroKnowledgeVerifier {
Mixing.ZeroKnowledgeProof.OrProof orProof) Mixing.ZeroKnowledgeProof.OrProof orProof)
{ {
Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle forRandomOracle =
Mixing.ZeroKnowledgeProof.OrProof.ForRandomOracle.newBuilder()
.setG1(orProof.getG1())
.setH1(orProof.getH1())
.setG2(orProof.getG2())
.setH2(orProof.getH2())
.setG1Tag(orProof.getG1Tag())
.setH1Tag(orProof.getH1Tag())
.setG2Tag(orProof.getG2Tag())
.setH2Tag(orProof.getH2Tag())
.setU(orProof.getU())
.setV(orProof.getV())
.setUTag(orProof.getUTag())
.setVTag(orProof.getVTag())
.build();
return //input return //input
orProof.getG1().equals(group.getG())&& orProof.getG1().equals(general.getG())&&
orProof.getH1().equals(group.div(e1New.getC1(), e1.getC1()))&& orProof.getH1().equals(group.div(e1New.getC1(), e1.getC1()))&&
orProof.getG2().equals(group.getH())&& orProof.getG2().equals(general.getH())&&
orProof.getH2().equals(group.div(e1New.getC2(), e1.getC2()))&& orProof.getH2().equals(group.div(e1New.getC2(), e1.getC2()))&&
// input' // input'
orProof.getG1Tag().equals(group.getG())&& orProof.getG1Tag().equals(general.getG())&&
orProof.getH1Tag().equals(group.div(e2New.getC1(), e2.getC1()))&& orProof.getH1Tag().equals(group.div(e2New.getC1(), e2.getC1()))&&
orProof.getG2Tag().equals(group.getH())&& orProof.getG2Tag().equals(general.getH())&&
orProof.getH2Tag().equals(group.div(e2New.getC2(), e2.getC2())) && orProof.getH2Tag().equals(group.div(e2New.getC2(), e2.getC2())) &&
// hash // hash
// assert (c1 + c2 ) % group size == hash (imput + step1) % group size // assert (c1 + c2 ) % group size == hash (imput + step1) % group size
general.mod((general.add(orProof.getC1(),orProof.getC2())),group.groupSize()) new BigInteger(orProof.getC1().toByteArray()).add(new BigInteger(orProof.getC2().toByteArray())).mod(group.groupSize())
.equals(general.mod(general.hash(orProof.getG1(), orProof.getH1(), orProof.getG2(), orProof.getH2(), .equals(general.hash(forRandomOracle).mod(group.groupSize()).mod(group.groupSize()))&&
orProof.getG1Tag(), orProof.getH1Tag(), orProof.getG2Tag(), orProof.getH2Tag(),
orProof.getV(),orProof.getU(),orProof.getVTag(),orProof.getUTag()) , group.groupSize()))&&
// proof // proof
// g1 ^ z == u * ( h1 ^ c1 ) && g2 ^ z == v * ( h2 ^ c1 ) && the same for tag case // g1 ^ z == u * ( h1 ^ c1 ) && g2 ^ z == v * ( h2 ^ c1 ) && the same for tag case
group.pow(orProof.getG1(), orProof.getZ()).equals(group.mul(orProof.getU(), group.pow(orProof.getH1(),orProof.getC1()))) && group.pow(orProof.getG1(), new BigInteger(orProof.getZ().toByteArray()))
group.pow(orProof.getG2(), orProof.getZ()).equals(group.mul(orProof.getV(), group.pow(orProof.getH2(),orProof.getC1()))) && .equals(group.mul(orProof.getU(), group.pow(orProof.getH1(),new BigInteger(orProof.getC1().toByteArray())))) &&
group.pow(orProof.getG1Tag(), orProof.getZTag()).equals(group.mul(orProof.getUTag(), group.pow(orProof.getH1Tag(),orProof.getC2()))) && group.pow(orProof.getG2(), new BigInteger(orProof.getZ().toByteArray()))
group.pow(orProof.getG2Tag(), orProof.getZTag()).equals(group.mul(orProof.getVTag(), group.pow(orProof.getH2Tag(),orProof.getC2()))); .equals(group.mul(orProof.getV(), group.pow(orProof.getH2(),new BigInteger(orProof.getC1().toByteArray())))) &&
group.pow(orProof.getG1Tag(), new BigInteger(orProof.getZTag().toByteArray()))
.equals(group.mul(orProof.getUTag(), group.pow(orProof.getH1Tag(),new BigInteger(orProof.getC2().toByteArray())))) &&
group.pow(orProof.getG2Tag(), new BigInteger(orProof.getZTag().toByteArray()))
.equals(group.mul(orProof.getVTag(), group.pow(orProof.getH2Tag(),new BigInteger(orProof.getC2().toByteArray()))));
} }
} }