diff options
| author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-12 15:35:05 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-12 15:35:05 +0200 |
| commit | 5957a777076d014b17aada25afe0991397edbacc (patch) | |
| tree | 2de131486f5f2d6a22d173f0ca1d7e8b0e5f8102 /tex-stuff | |
| parent | 381d21c602b70afb8a3f8b07d7872b26fc4e2d7d (diff) | |
add third ZKP formula to math.tex
Diffstat (limited to 'tex-stuff')
| -rw-r--r-- | tex-stuff/math.tex | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/tex-stuff/math.tex b/tex-stuff/math.tex index 09046d2..b4ad0e9 100644 --- a/tex-stuff/math.tex +++ b/tex-stuff/math.tex @@ -15,14 +15,14 @@ Alice and Bob know $v$ and $g$ with $|g| = n$, but only Alice knows $x$, so that \item Bob checks that $rg = a + cv$. \end{enumerate} -\subsection{Proof of equality of tow EC DL} +\subsection{Proof of equality of two EC DL} Alice and Bob know $v$, $w$, $g_1$ and $g_2$, but only Alice knows $x$, so that $v = xg_1$ and $w = xg_2$. \begin{enumerate} \item Alice chooses $z$ at random and calculates $a = zg_1$ and $b = zg_2$. - \item Alice computes $c = HASH(g,v,w,a,b)$ mod n. + \item Alice computes $c = HASH(g_1,g_2,v,w,a,b)$ mod n. \item Alice sends $r = (z + cx)$ mod n, $a$ and $b$ to Bob. \item Bob checks that $rg_1 = a + cv$ and $rg_2 = b + cw$. \end{enumerate} @@ -30,8 +30,31 @@ $v = xg_1$ and $w = xg_2$. \subsection{Proof that an encrypted value is one out of two values} Alice proves that an El Gamal encrypted value $(\alpha, \beta) = (m + ry, rg)$ -either decrypts to $0$ or to a fixed value $z$ without revealing which is the -case, in other words, it is shown that $m \epsilon \{0, z\}$. +either decrypts to $0$ or to the fixed value $g$ without revealing which is the +case, in other words, it is shown that $m \epsilon \{0, g\}$. + +If $m = 0$: + +\begin{enumerate} + \item Alice chooses $r_1$, $d_1$, $w$ at random and calculates $a_1 = r_1g + d_1\beta$, $b_1 = r_1y + d_1(\alpha - g)$, $a_2=wg$ and $b_2=wy$. + \item Alice computes $c = HASH(g,\alpha,\beta,a_1,b_1,a_2,b_2)$ mod n. + \item Alice chooses $d_2=c-d_1$ mod n and $r_2=w-rd_2$ mod n. +\end{enumerate} + +If $m = g$: + +\begin{enumerate} + \item Alice chooses $r_2$, $d_2$, $w$ at random and calculates $a_1=wg$, $b_1=wy$, $a_2=r_2g + d_2\beta$ and $b_2=r_2y + d_2\alpha$. + \item Alice computes $c = HASH(g,\alpha,\beta,a_1,b_1,a_2,b_2)$ mod n. + \item Alice chooses $d_1=c-d_2$ mod n and $r_1=w-rd_1$ mod n. +\end{enumerate} + +Then regardless of the value of $m$: + +\begin{enumerate} + \item Alice sends $(\alpha, \beta), a_1, b_1, a_2, b_2, c, d_1, d_2, r_1, r_2$ to Bob. + \item Bob checks that $c=d_1+d_2$ mod n, $a_1=r_1g+d_1\beta$, $b_1=r_1y+d_1(\alpha-g)$, $a_2=r_2g+d_2\beta$ and $b_2=r_2y+d_2\alpha$. +\end{enumerate} \section{first price auction with tie breaking and private outcome} \begin{align} |