diff options
| -rw-r--r-- | crypto.c | 27 |
1 files changed, 20 insertions, 7 deletions
@@ -407,7 +407,9 @@ smc_free1 (gcry_mpi_point_t *dst, uint16_t size1) /** - * smc_init1 creates a 1 dimensional array of curve points + * smc_init1 creates a 1 dimensional array of curve points. Make sure to + * initialize the values before using them, they are not automatically set to + * the zero point! * * @param[in] size1 size of the first dimension * @return a pointer to the array or NULL on error. @@ -460,7 +462,9 @@ smc_free2 (gcry_mpi_point_t **dst, uint16_t size1, uint16_t size2) /** - * smc_init2 creates a 2 dimensional array of curve points + * smc_init2 creates a 2 dimensional array of curve points. Make sure to + * initialize the values before using them, they are not automatically set to + * the zero point! * * @param[in] size1 size of the first dimension * @param[in] size2 size of the second dimension @@ -525,7 +529,9 @@ smc_free3 (gcry_mpi_point_t ***dst, /** - * smc_init3 creates a 3 dimensional array of curve points + * smc_init3 creates a 3 dimensional array of curve points. Make sure to + * initialize the values before using them, they are not automatically set to + * the zero point! * * @param[in] size1 size of the first dimension * @param[in] size2 size of the second dimension @@ -884,8 +890,15 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); - /* temporarily store the \sum_{i=1}^n2^{i-1}b_i in tmp1, since it is needed - * each time a gamma,delta pair is received from another bidder */ + /* initialize tmp array with zeroes, since we are calculating a sum */ + for (uint16_t j = 0; j < ad->k; j++) + { + ec_point_copy (ad->tmpa1[j], ec_zero); + ec_point_copy (ad->tmpb1[j], ec_zero); + } + /* store the \sum_{i=1}^n2^{i-1}b_i in tmp1 until outcome determination, + * since it is needed each time a gamma,delta pair is received from another + * bidder */ for (uint16_t i = 0; i < ad->n; i++) { for (uint16_t j = 0; j < ad->k; j++) @@ -895,7 +908,7 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); } - gcry_mpi_mul_ui (coeff, coeff, 2); + gcry_mpi_lshift (coeff, coeff, 1); } for (uint16_t j = 0; j < ad->k; j++) @@ -1033,7 +1046,7 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) phi = (struct ec_mpi *)cur; proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); - smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->n * ad->k); + smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); /* copy still encrypted outcome to all other bidder layers so they * don't have to be recomputed to check the ZK proof_2dle's from |