aboutsummaryrefslogtreecommitdiff
path: root/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto.c')
-rw-r--r--crypto.c190
1 files changed, 136 insertions, 54 deletions
diff --git a/crypto.c b/crypto.c
index f892e7d..d3da75d 100644
--- a/crypto.c
+++ b/crypto.c
@@ -30,6 +30,32 @@
#define CURVE "Ed25519"
+struct zkp_challenge_dl {
+ struct ec_mpi g;
+ struct ec_mpi v;
+ struct ec_mpi a;
+};
+
+struct zkp_challenge_2dle {
+ struct ec_mpi g1;
+ struct ec_mpi g2;
+ struct ec_mpi v;
+ struct ec_mpi w;
+ struct ec_mpi a;
+ struct ec_mpi b;
+};
+
+struct zkp_challenge_0og {
+ struct ec_mpi g;
+ struct ec_mpi alpha;
+ struct ec_mpi beta;
+ struct ec_mpi a1;
+ struct ec_mpi a2;
+ struct ec_mpi b1;
+ struct ec_mpi b2;
+};
+
+
static gcry_ctx_t ec_ctx;
static gcry_mpi_point_t ec_gen;
static gcry_mpi_point_t ec_zero;
@@ -534,7 +560,6 @@ smc_gen_keyshare (struct AuctionData *ad)
* @param a2 TODO
* @param b1 TODO
* @param b2 TODO
- * @param c TODO
* @param d1 TODO
* @param d2 TODO
* @param r1 TODO
@@ -547,14 +572,13 @@ smc_encrypt_bid (struct AuctionData *ad,
gcry_mpi_point_t a2,
gcry_mpi_point_t b1,
gcry_mpi_point_t b2,
- gcry_mpi_t c,
gcry_mpi_t d1,
gcry_mpi_t d2,
gcry_mpi_t r1,
gcry_mpi_t r2)
{
smc_zkp_0og (ad->alpha[ad->i][j], (j == ad->b ? ec_gen : ec_zero), ad->Y,
- ad->beta[ad->i][j], a1, a2, b1, b2, c, d1, d2, r1, r2);
+ ad->beta[ad->i][j], a1, a2, b1, b2, d1, d2, r1, r2);
}
@@ -586,7 +610,6 @@ smc_compute_outcome (struct AuctionData *ad)
* @param g \todo
* @param x \todo
* @param a \todo
- * @param c \todo
* @param r \todo
*/
void
@@ -594,22 +617,27 @@ smc_zkp_dl (const gcry_mpi_point_t v,
const gcry_mpi_point_t g,
const gcry_mpi_t x,
const gcry_mpi_point_t a,
- gcry_mpi_t c,
gcry_mpi_t r)
{
- gcry_mpi_t z = gcry_mpi_new (0);
+ struct zkp_challenge_dl challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_t z = gcry_mpi_new (0);
ec_keypair_create_base (a, z, g);
- /* compute challange c */
- /**\todo: generate c from HASH(g,v,a) and don't output it */
-// brandt_hash (const void *block, size_t size, struct brandt_hash_code *ret)
- ec_skey_create (c);
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g, ec_gen);
+ ec_point_serialize (&challenge.v, v);
+ ec_point_serialize (&challenge.a, a);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
gcry_mpi_mod (c, c, ec_n);
gcry_mpi_mulm (r, c, x, ec_n);
gcry_mpi_addm (r, r, z, ec_n);
+ gcry_mpi_release (c);
gcry_mpi_release (z);
}
@@ -620,7 +648,6 @@ smc_zkp_dl (const gcry_mpi_point_t v,
* @param v \todo
* @param g \todo
* @param a \todo
- * @param c \todo
* @param r \todo
* @return 0 if the proof is correct, something else otherwise
*/
@@ -628,18 +655,29 @@ int
smc_zkp_dl_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t g,
const gcry_mpi_point_t a,
- const gcry_mpi_t c,
const gcry_mpi_t r)
{
- int ret;
- gcry_mpi_point_t left = gcry_mpi_point_new (0);
- gcry_mpi_point_t right = gcry_mpi_point_new (0);
+ int ret;
+ struct zkp_challenge_dl challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_point_t left = gcry_mpi_point_new (0);
+ gcry_mpi_point_t right = gcry_mpi_point_new (0);
+
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g, ec_gen);
+ ec_point_serialize (&challenge.v, v);
+ ec_point_serialize (&challenge.a, a);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
+ gcry_mpi_mod (c, c, ec_n);
gcry_mpi_ec_mul (left, r, g, ec_ctx);
gcry_mpi_ec_mul (right, c, v, ec_ctx);
gcry_mpi_ec_add (right, a, right, ec_ctx);
ret = ec_point_cmp (left, right);
+ gcry_mpi_release (c);
gcry_mpi_point_release (left);
gcry_mpi_point_release (right);
@@ -657,7 +695,6 @@ smc_zkp_dl_check (const gcry_mpi_point_t v,
* @param x TODO
* @param a TODO
* @param b TODO
- * @param c TODO
* @param r TODO
*/
void
@@ -668,22 +705,31 @@ smc_zkp_2dle (const gcry_mpi_point_t v,
const gcry_mpi_t x,
gcry_mpi_point_t a,
gcry_mpi_point_t b,
- gcry_mpi_t c,
gcry_mpi_t r)
{
- gcry_mpi_t z = gcry_mpi_new (0);
+ struct zkp_challenge_2dle challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_t z = gcry_mpi_new (0);
ec_keypair_create_base (a, z, g1);
gcry_mpi_ec_mul (b, z, g2, ec_ctx);
- /* compute challange c */
- /* \todo: generate c from HASH(g1,g2,v,w,a,b) and don't output it */
- ec_skey_create (c);
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g1, g1);
+ ec_point_serialize (&challenge.g2, g2);
+ ec_point_serialize (&challenge.v, v);
+ ec_point_serialize (&challenge.w, w);
+ ec_point_serialize (&challenge.a, a);
+ ec_point_serialize (&challenge.b, b);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
gcry_mpi_mod (c, c, ec_n);
gcry_mpi_mulm (r, c, x, ec_n);
gcry_mpi_addm (r, r, z, ec_n);
+ gcry_mpi_release (c);
gcry_mpi_release (z);
}
@@ -697,7 +743,6 @@ smc_zkp_2dle (const gcry_mpi_point_t v,
* @param g2 TODO
* @param a TODO
* @param b TODO
- * @param c TODO
* @param r TODO
* @return TODO
*/
@@ -708,12 +753,25 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v,
const gcry_mpi_point_t g2,
const gcry_mpi_point_t a,
const gcry_mpi_point_t b,
- const gcry_mpi_t c,
const gcry_mpi_t r)
{
- int ret;
- gcry_mpi_point_t left = gcry_mpi_point_new (0);
- gcry_mpi_point_t right = gcry_mpi_point_new (0);
+ int ret;
+ struct zkp_challenge_2dle challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_point_t left = gcry_mpi_point_new (0);
+ gcry_mpi_point_t right = gcry_mpi_point_new (0);
+
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g1, g1);
+ ec_point_serialize (&challenge.g2, g2);
+ ec_point_serialize (&challenge.v, v);
+ ec_point_serialize (&challenge.w, w);
+ ec_point_serialize (&challenge.a, a);
+ ec_point_serialize (&challenge.b, b);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
+ gcry_mpi_mod (c, c, ec_n);
gcry_mpi_ec_mul (left, r, g1, ec_ctx);
gcry_mpi_ec_mul (right, c, v, ec_ctx);
@@ -725,6 +783,7 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v,
gcry_mpi_ec_add (right, b, right, ec_ctx);
ret |= ec_point_cmp (left, right);
+ gcry_mpi_release (c);
gcry_mpi_point_release (left);
gcry_mpi_point_release (right);
@@ -743,7 +802,6 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v,
* @param a2 TODO
* @param b1 TODO
* @param b2 TODO
- * @param c TODO
* @param d1 TODO
* @param d2 TODO
* @param r1 TODO
@@ -758,16 +816,18 @@ smc_zkp_0og (gcry_mpi_point_t alpha,
gcry_mpi_point_t a2,
gcry_mpi_point_t b1,
gcry_mpi_point_t b2,
- gcry_mpi_t c,
gcry_mpi_t d1,
gcry_mpi_t d2,
gcry_mpi_t r1,
gcry_mpi_t r2)
{
- gcry_mpi_t r = gcry_mpi_new (0);
- gcry_mpi_t w = gcry_mpi_new (0);
- int eq0 = !ec_point_cmp (m, ec_zero);
- int eqg = !ec_point_cmp (m, ec_gen);
+ struct zkp_challenge_0og challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_t r = gcry_mpi_new (0);
+ gcry_mpi_t w = gcry_mpi_new (0);
+ int eq0 = !ec_point_cmp (m, ec_zero);
+ int eqg = !ec_point_cmp (m, ec_gen);
if (!(eq0 ^ eqg))
eprintf ("zero knowledge proof: m is neither 0 nor g");
@@ -802,18 +862,6 @@ smc_zkp_0og (gcry_mpi_point_t alpha,
/* b2 = w * y */
gcry_mpi_ec_mul (b2, w, y, ec_ctx);
-
- /* compute challange c */
- /* \todo: generate c from HASH(alpha,beta,a1,b1,a2,b2) and don't output it */
- ec_skey_create (c);
- gcry_mpi_mod (c, c, ec_n);
-
- /* d2 = c - d1 */
- gcry_mpi_subm (d2, c, d1, ec_n);
-
- /* r2 = w - r*d2 */
- gcry_mpi_mulm (r2, r, d2, ec_n);
- gcry_mpi_subm (r2, w, r2, ec_n);
}
else
{ /* m == g */
@@ -838,12 +886,31 @@ smc_zkp_0og (gcry_mpi_point_t alpha,
/* b1 = w * y */
gcry_mpi_ec_mul (b1, w, y, ec_ctx);
+ }
- /* compute challange c */
- /* \todo: generate c from HASH(alpha,beta,a1,b1,a2,b2) and don't output it */
- ec_skey_create (c);
- gcry_mpi_mod (c, c, ec_n);
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g, ec_gen);
+ ec_point_serialize (&challenge.alpha, alpha);
+ ec_point_serialize (&challenge.beta, beta);
+ ec_point_serialize (&challenge.a1, a1);
+ ec_point_serialize (&challenge.a2, a2);
+ ec_point_serialize (&challenge.b1, b1);
+ ec_point_serialize (&challenge.b2, b2);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
+ gcry_mpi_mod (c, c, ec_n);
+ if (eq0)
+ { /* m == 0 */
+ /* d2 = c - d1 */
+ gcry_mpi_subm (d2, c, d1, ec_n);
+
+ /* r2 = w - r*d2 */
+ gcry_mpi_mulm (r2, r, d2, ec_n);
+ gcry_mpi_subm (r2, w, r2, ec_n);
+ }
+ else
+ { /* m == g */
/* d1 = c - d2 */
gcry_mpi_subm (d1, c, d2, ec_n);
@@ -852,6 +919,7 @@ smc_zkp_0og (gcry_mpi_point_t alpha,
gcry_mpi_subm (r1, w, r1, ec_n);
}
+ gcry_mpi_release (c);
gcry_mpi_release (r);
gcry_mpi_release (w);
}
@@ -867,7 +935,6 @@ smc_zkp_0og (gcry_mpi_point_t alpha,
* @param a2 TODO
* @param b1 TODO
* @param b2 TODO
- * @param c TODO
* @param d1 TODO
* @param d2 TODO
* @param r1 TODO
@@ -882,16 +949,30 @@ smc_zkp_0og_check (const gcry_mpi_point_t alpha,
const gcry_mpi_point_t a2,
const gcry_mpi_point_t b1,
const gcry_mpi_point_t b2,
- const gcry_mpi_t c,
const gcry_mpi_t d1,
const gcry_mpi_t d2,
const gcry_mpi_t r1,
const gcry_mpi_t r2)
{
- int ret;
- gcry_mpi_t sum = gcry_mpi_new (0);
- gcry_mpi_point_t right = gcry_mpi_point_new (0);
- gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
+ int ret;
+ struct zkp_challenge_0og challenge;
+ struct brandt_hash_code challhash;
+ gcry_mpi_t c = gcry_mpi_new (0);
+ gcry_mpi_t sum = gcry_mpi_new (0);
+ gcry_mpi_point_t right = gcry_mpi_point_new (0);
+ gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
+
+ /* compute challenge c */
+ ec_point_serialize (&challenge.g, ec_gen);
+ ec_point_serialize (&challenge.alpha, alpha);
+ ec_point_serialize (&challenge.beta, beta);
+ ec_point_serialize (&challenge.a1, a1);
+ ec_point_serialize (&challenge.a2, a2);
+ ec_point_serialize (&challenge.b1, b1);
+ ec_point_serialize (&challenge.b2, b2);
+ brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
+ mpi_parse (c, (struct ec_mpi *)&challhash);
+ gcry_mpi_mod (c, c, ec_n);
/* c == d1 + d2 */
gcry_mpi_addm (sum, d1, d2, ec_n);
@@ -922,6 +1003,7 @@ smc_zkp_0og_check (const gcry_mpi_point_t alpha,
gcry_mpi_ec_add (right, right, tmp, ec_ctx);
ret |= ec_point_cmp (b2, right) << 4;
+ gcry_mpi_release (c);
gcry_mpi_release (sum);
gcry_mpi_point_release (right);
gcry_mpi_point_release (tmp);
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-11 14:00:54 +0000