From 6f3fb463176c04c9a258fce820ec66724a4d13f4 Mon Sep 17 00:00:00 2001 From: Markus Teich Date: Thu, 16 Jun 2016 00:08:49 +0200 Subject: [PATCH] first protocol part in math scratchpad --- tex-stuff/math.tex | 62 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/tex-stuff/math.tex b/tex-stuff/math.tex index 1035abb..7585cdc 100644 --- a/tex-stuff/math.tex +++ b/tex-stuff/math.tex @@ -15,7 +15,7 @@ Alice and Bob know $v$ and $g$ with $|g| = n$, but only Alice knows $x$, so that \item Bob checks that $rg = a + cv$. \end{enumerate} -\subsection{Proof of equality of two EC DL} +\subsubsection{Proof of equality of two EC DL} Alice and Bob know $v$, $w$, $g_1$ and $g_2$, but only Alice knows $x$, so that $v = xg_1$ and $w = xg_2$. @@ -27,7 +27,7 @@ $v = xg_1$ and $w = xg_2$. \item Bob checks that $rg_1 = a + cv$ and $rg_2 = b + cw$. \end{enumerate} -\subsection{Proof that an encrypted value is one out of two values} +\subsubsection{Proof that an encrypted value is one out of two values} Alice proves that an El Gamal encrypted value $(\alpha, \beta) = (m + ry, rg)$ either decrypts to $0$ or to the fixed value $g$ without revealing which is the @@ -55,6 +55,64 @@ Then regardless of the value of $m$: \item Alice sends $(\alpha, \beta), a_1, b_1, a_2, b_2, c, d_1, d_2, r_1, r_2$ to Bob. \item Bob checks that $c=d_1+d_2$ mod n, $a_1=r_1g+d_1\beta$, $b_1=r_1y+d_1(\alpha-g)$, $a_2=r_2g+d_2\beta$ and $b_2=r_2y+d_2\alpha$. \end{enumerate} + +\subsection{Protocol} + +\subsubsection{Generate public key} + +\begin{enumerate} + \item Choose $x_a$ and $m_{ij}, r_{aj}$ for each $i$ and $j$ at random. + \item Publish $y_a=g^{x_a}$ along with a zero-knowledge proof of knowledge of $y_a$'s EC DL. + \item Compute $y=\sum_{i=1}^ny_i$. +\end{enumerate} + +\subsubsection{Round 1: Encrypt bid} + +\begin{enumerate} + \item Set $b_{aj}=\begin{cases}g & \mathrm{if}\quad j=b_a\\0 & \mathrm{else}\end{cases}$ and publish $\alpha_{aj}=b_{aj}+r_{aj}y$ and $\beta_{aj}=r_{aj}g$ for each j. +\end{enumerate} + +\subsubsection{Round 2: Compute outcome} + +\begin{enumerate} + \item +\end{enumerate} + +\subsubsection{Round 3: Decrypt outcome} + +\begin{enumerate} + \item +\end{enumerate} + +\subsubsection{Epilogue: Outcome determination} + +\begin{enumerate} + \item +\end{enumerate} + + + + + + + + + + + + + + + + + + + + + + + + \section{first price auction with tie breaking and private outcome} \begin{align}