refactor smc and ec crypto functions and ad 0og zkp

author: Markus Teich <markus.teich@stusta.mhn.de> 2016-06-16 00:09:29 +0200
committer: Markus Teich <markus.teich@stusta.mhn.de> 2016-06-17 10:29:49 +0200
commit: 761dd37e1f905719df2cd8f4420e4b46da80bffb (patch)
tree: b93ec567a19e2407274fc3350ea51186aac8f091 /smc.c
parent: 6f3fb463176c04c9a258fce820ec66724a4d13f4 (diff)
1 files changed, 209 insertions, 20 deletions
diff --git a/smc.c b/smc.c
index c58b1c2..9e4fd40 100644
--- a/smc.c
+++ b/smc.c
@@ -25,7 +25,10 @@
 #include "smc.h"
 #include "util.h"
 
-extern gcry_ctx_t ec_ctx;
+extern gcry_ctx_t       ec_ctx;
+extern gcry_mpi_point_t ec_gen;
+extern gcry_mpi_point_t ec_zero;
+extern gcry_mpi_t       ec_n;
 
 /**
  * smc_zkp_dl
@@ -38,21 +41,24 @@ extern gcry_ctx_t ec_ctx;
  * @param r TODO
  */
 void
-smc_zkp_dl (gcry_mpi_point_t v, gcry_mpi_point_t g, gcry_mpi_t x,
-            gcry_mpi_point_t *a, gcry_mpi_t *c,
-            gcry_mpi_t *r)
+smc_zkp_dl (const gcry_mpi_point_t v,
+            const gcry_mpi_point_t g,
+            const gcry_mpi_t       x,
+            const gcry_mpi_point_t a,
+            gcry_mpi_t             c,
+            gcry_mpi_t             r)
 {
 	gcry_mpi_t z = gcry_mpi_new (0);
 
-	brandt_ec_keypair_create_base (a, &z, g);
+	brandt_ec_keypair_create_base (a, z, g);
 
 	/* compute challange c */
 	/**TODO: generate c from HASH(g,v,a) and don't output it */
 	brandt_ec_skey_create (c);
+	gcry_mpi_mod (c, c, ec_n);
 
-	*r = gcry_mpi_new (0);
-	gcry_mpi_mul (*r, *c, x);
-	gcry_mpi_add (*r, *r, z);
+	gcry_mpi_mulm (r, c, x, ec_n);
+	gcry_mpi_addm (r, r, z, ec_n);
 
 	gcry_mpi_release (z);
 }
@@ -69,9 +75,11 @@ smc_zkp_dl (gcry_mpi_point_t v, gcry_mpi_point_t g, gcry_mpi_t x,
  * @return 0 if the proof is correct, something else otherwise
  */
 int
-smc_zkp_dl_check (gcry_mpi_point_t v, gcry_mpi_point_t g, gcry_mpi_point_t a,
-                  gcry_mpi_t c,
-                  gcry_mpi_t r)
+smc_zkp_dl_check (const gcry_mpi_point_t v,
+                  const gcry_mpi_point_t g,
+                  const gcry_mpi_point_t a,
+                  const gcry_mpi_t       c,
+                  const gcry_mpi_t       r)
 {
 	int              ret;
 	gcry_mpi_point_t left = gcry_mpi_point_new (0);
@@ -90,28 +98,42 @@ smc_zkp_dl_check (gcry_mpi_point_t v, gcry_mpi_point_t g, gcry_mpi_point_t a,
 
 
 void
-smc_zkp_2dle (gcry_mpi_point_t v, gcry_mpi_point_t w, gcry_mpi_point_t g1, gcry_mpi_point_t g2, gcry_mpi_t x, gcry_mpi_point_t *a, gcry_mpi_point_t *b, gcry_mpi_t *c, gcry_mpi_t *r)
+smc_zkp_2dle (const gcry_mpi_point_t v,
+              const gcry_mpi_point_t w,
+              const gcry_mpi_point_t g1,
+              const gcry_mpi_point_t g2,
+              const gcry_mpi_t       x,
+              gcry_mpi_point_t       a,
+              gcry_mpi_point_t       b,
+              gcry_mpi_t             c,
+              gcry_mpi_t             r)
 {
 	gcry_mpi_t z = gcry_mpi_new (0);
 
-	brandt_ec_keypair_create_base (a, &z, g1);
-	*b = gcry_mpi_point_new(0);
-	gcry_mpi_ec_mul(*b, z, g2, ec_ctx);
+	brandt_ec_keypair_create_base (a, z, g1);
+	gcry_mpi_ec_mul (b, z, g2, ec_ctx);
 
 	/* compute challange c */
 	/**TODO: generate c from HASH(g1,g2,v,w,a,b) and don't output it */
 	brandt_ec_skey_create (c);
+	gcry_mpi_mod (c, c, ec_n);
 
-	*r = gcry_mpi_new (0);
-	gcry_mpi_mul (*r, *c, x);
-	gcry_mpi_add (*r, *r, z);
+	gcry_mpi_mulm (r, c, x, ec_n);
+	gcry_mpi_addm (r, r, z, ec_n);
 
 	gcry_mpi_release (z);
 }
 
 
 int
-smc_zkp_2dle_check (gcry_mpi_point_t v, gcry_mpi_point_t w, gcry_mpi_point_t g1, gcry_mpi_point_t g2, gcry_mpi_point_t a, gcry_mpi_point_t b, gcry_mpi_t c, gcry_mpi_t r)
+smc_zkp_2dle_check (const gcry_mpi_point_t v,
+                    const gcry_mpi_point_t w,
+                    const gcry_mpi_point_t g1,
+                    const gcry_mpi_point_t g2,
+                    const gcry_mpi_point_t a,
+                    const gcry_mpi_point_t b,
+                    const gcry_mpi_t       c,
+                    const gcry_mpi_t       r)
 {
 	int              ret;
 	gcry_mpi_point_t left = gcry_mpi_point_new (0);
@@ -125,7 +147,7 @@ smc_zkp_2dle_check (gcry_mpi_point_t v, gcry_mpi_point_t w, gcry_mpi_point_t g1,
 	gcry_mpi_ec_mul (left, r, g2, ec_ctx);
 	gcry_mpi_ec_mul (right, c, w, ec_ctx);
 	gcry_mpi_ec_add (right, b, right, ec_ctx);
-	ret &= brandt_ec_point_cmp (left, right);
+	ret |= brandt_ec_point_cmp (left, right);
 
 	gcry_mpi_point_release (left);
 	gcry_mpi_point_release (right);
@@ -133,6 +155,173 @@ smc_zkp_2dle_check (gcry_mpi_point_t v, gcry_mpi_point_t w, gcry_mpi_point_t g1,
 	return ret;
 }
 
+
+void
+smc_zkp_0og (gcry_mpi_point_t       alpha,
+             const gcry_mpi_point_t m,
+             const gcry_mpi_point_t y,
+             gcry_mpi_point_t       beta,
+             gcry_mpi_point_t       a1,
+             gcry_mpi_point_t       a2,
+             gcry_mpi_point_t       b1,
+             gcry_mpi_point_t       b2,
+             gcry_mpi_t             c,
+             gcry_mpi_t             d1,
+             gcry_mpi_t             d2,
+             gcry_mpi_t             r1,
+             gcry_mpi_t             r2)
+{
+	gcry_mpi_t r = gcry_mpi_new (0);
+	gcry_mpi_t w = gcry_mpi_new (0);
+	int        eq0 = !brandt_ec_point_cmp (m, ec_zero);
+	int        eqg = !brandt_ec_point_cmp (m, ec_gen);
+
+	if (!(eq0 ^ eqg))
+		eprintf ("zero knowledge proof: m is neither 0 nor g");
+
+	/* beta = r*g */
+	brandt_ec_keypair_create (beta, r);
+	gcry_mpi_mod (r, r, ec_n);
+
+	/* alpha = m + r*y */
+	gcry_mpi_ec_mul (alpha, r, y, ec_ctx);
+	gcry_mpi_ec_add (alpha, m, alpha, ec_ctx);
+
+	if (eq0)
+	{   /* m == 0 */
+		brandt_ec_keypair_create_base (a1, d1, beta);
+		gcry_mpi_mod (d1, d1, ec_n);
+		brandt_ec_keypair_create_base (b1, r1, y);
+		gcry_mpi_mod (r1, r1, ec_n);
+
+		/* a1 = r1*g + d1*beta */
+		gcry_mpi_ec_mul (a2, r1, ec_gen, ec_ctx);
+		gcry_mpi_ec_add (a1, a2, a1, ec_ctx);
+
+		/* b1 = r1*y + d1*(alpha-g) */
+		gcry_mpi_ec_sub (b2, alpha, ec_gen, ec_ctx);
+		gcry_mpi_ec_mul (a2, d1, b2, ec_ctx);
+		gcry_mpi_ec_add (b1, b1, a2, ec_ctx);
+
+		/* a2 = w * g */
+		brandt_ec_keypair_create_base (a2, w, ec_gen);
+		gcry_mpi_mod (w, w, ec_n);
+
+		/* b2 = w * y */
+		gcry_mpi_ec_mul (b2, w, y, ec_ctx);
+
+		/* compute challange c */
+		/**TODO: generate c from HASH(alpha,beta,a1,b1,a2,b2) and don't output it */
+		brandt_ec_skey_create (c);
+		gcry_mpi_mod (c, c, ec_n);
+
+		/* d2 = c - d1 */
+		gcry_mpi_subm (d2, c, d1, ec_n);
+
+		/* r2 = w - r*d2 */
+		gcry_mpi_mulm (r2, r, d2, ec_n);
+		gcry_mpi_subm (r2, w, r2, ec_n);
+	}
+	else
+	{   /* m == g */
+		brandt_ec_keypair_create_base (a2, d2, beta);
+		gcry_mpi_mod (d2, d2, ec_n);
+		brandt_ec_keypair_create_base (b2, r2, y);
+		gcry_mpi_mod (r2, r2, ec_n);
+
+		/* a2 = r2*g + d2*beta */
+		gcry_mpi_ec_mul (a1, r2, ec_gen, ec_ctx);
+		gcry_mpi_ec_add (a2, a1, a2, ec_ctx);
+
+		/* b2 = r2*y + d2*(alpha-0) */
+		/* useless subtraction to have same amount of operations as in m == 0 */
+		gcry_mpi_ec_sub (b1, alpha, ec_zero, ec_ctx);
+		gcry_mpi_ec_mul (a1, d2, b1, ec_ctx);
+		gcry_mpi_ec_add (b2, b2, a1, ec_ctx);
+
+		/* a1 = w * g */
+		brandt_ec_keypair_create_base (a1, w, ec_gen);
+		gcry_mpi_mod (w, w, ec_n);
+
+		/* b1 = w * y */
+		gcry_mpi_ec_mul (b1, w, y, ec_ctx);
+
+		/* compute challange c */
+		/**TODO: generate c from HASH(alpha,beta,a1,b1,a2,b2) and don't output it */
+		brandt_ec_skey_create (c);
+		gcry_mpi_mod (c, c, ec_n);
+
+		/* d1 = c - d2 */
+		gcry_mpi_subm (d1, c, d2, ec_n);
+
+		/* r1 = w - r*d1 */
+		gcry_mpi_mulm (r1, r, d1, ec_n);
+		gcry_mpi_subm (r1, w, r1, ec_n);
+	}
+
+	gcry_mpi_release (r);
+	gcry_mpi_release (w);
+}
+
+
+int
+smc_zkp_0og_check (const gcry_mpi_point_t alpha,
+                   const gcry_mpi_point_t y,
+                   const gcry_mpi_point_t beta,
+                   const gcry_mpi_point_t a1,
+                   const gcry_mpi_point_t a2,
+                   const gcry_mpi_point_t b1,
+                   const gcry_mpi_point_t b2,
+                   const gcry_mpi_t       c,
+                   const gcry_mpi_t       d1,
+                   const gcry_mpi_t       d2,
+                   const gcry_mpi_t       r1,
+                   const gcry_mpi_t       r2)
+{
+	int              ret;
+	gcry_mpi_t       sum = gcry_mpi_new (0);
+	gcry_mpi_point_t right = gcry_mpi_point_new (0);
+	gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
+
+	/* c == d1 + d2 */
+	gcry_mpi_addm (sum, d1, d2, ec_n);
+	ret = gcry_mpi_cmp (c, sum);
+
+	/* a1 == r1*g + d1*beta */
+	gcry_mpi_ec_mul (tmp, r1, ec_gen, ec_ctx);
+	gcry_mpi_ec_mul (right, d1, beta, ec_ctx);
+	gcry_mpi_ec_add (right, tmp, right, ec_ctx);
+	ret |= brandt_ec_point_cmp (a1, right) << 1;
+
+	/* b1 == r1*y + d1*(alpha-g) */
+	gcry_mpi_ec_sub (right, alpha, ec_gen, ec_ctx);
+	gcry_mpi_ec_mul (tmp, d1, right, ec_ctx);
+	gcry_mpi_ec_mul (right, r1, y, ec_ctx);
+	gcry_mpi_ec_add (right, right, tmp, ec_ctx);
+	ret |= brandt_ec_point_cmp (b1, right) << 2;
+
+	/* a2 == r2*g + d2*beta */
+	gcry_mpi_ec_mul (tmp, d2, beta, ec_ctx);
+	gcry_mpi_ec_mul (right, r2, ec_gen, ec_ctx);
+	gcry_mpi_ec_add (right, right, tmp, ec_ctx);
+	ret |= brandt_ec_point_cmp (a2, right) << 3;
+
+	/* b2 == r2*y + d2*alpha */
+	gcry_mpi_ec_mul (tmp, d2, alpha, ec_ctx);
+	gcry_mpi_ec_mul (right, r2, y, ec_ctx);
+	gcry_mpi_ec_add (right, right, tmp, ec_ctx);
+	ret |= brandt_ec_point_cmp (b2, right) << 4;
+
+	gcry_mpi_release (sum);
+	gcry_mpi_point_release (right);
+	gcry_mpi_point_release (tmp);
+
+	if (ret)
+		weprintf ("ret: 0x%x", ret);
+	return ret;
+}
+
+
 //GEN
 //smc_hextodec (const char *s)
 //{
author	Markus Teich <markus.teich@stusta.mhn.de>	2016-06-16 00:09:29 +0200
committer	Markus Teich <markus.teich@stusta.mhn.de>	2016-06-17 10:29:49 +0200
commit	761dd37e1f905719df2cd8f4420e4b46da80bffb (patch)
tree	b93ec567a19e2407274fc3350ea51186aac8f091 /smc.c
parent	6f3fb463176c04c9a258fce820ec66724a4d13f4 (diff)