first protocol part in math scratchpad
This commit is contained in:
Markus Teich
parent
4421637ad3
commit
6f3fb46317
@ -15,7 +15,7 @@ Alice and Bob know $v$ and $g$ with $|g| = n$, but only Alice knows $x$, so that
|
||||
\item Bob checks that $rg = a + cv$.
|
||||
\end{enumerate}
|
||||
|
||||
\subsection{Proof of equality of two EC DL}
|
||||
\subsubsection{Proof of equality of two EC DL}
|
||||
|
||||
Alice and Bob know $v$, $w$, $g_1$ and $g_2$, but only Alice knows $x$, so that
|
||||
$v = xg_1$ and $w = xg_2$.
|
||||
@ -27,7 +27,7 @@ $v = xg_1$ and $w = xg_2$.
|
||||
\item Bob checks that $rg_1 = a + cv$ and $rg_2 = b + cw$.
|
||||
\end{enumerate}
|
||||
|
||||
\subsection{Proof that an encrypted value is one out of two values}
|
||||
\subsubsection{Proof that an encrypted value is one out of two values}
|
||||
|
||||
Alice proves that an El Gamal encrypted value $(\alpha, \beta) = (m + ry, rg)$
|
||||
either decrypts to $0$ or to the fixed value $g$ without revealing which is the
|
||||
@ -55,6 +55,64 @@ Then regardless of the value of $m$:
|
||||
\item Alice sends $(\alpha, \beta), a_1, b_1, a_2, b_2, c, d_1, d_2, r_1, r_2$ to Bob.
|
||||
\item Bob checks that $c=d_1+d_2$ mod n, $a_1=r_1g+d_1\beta$, $b_1=r_1y+d_1(\alpha-g)$, $a_2=r_2g+d_2\beta$ and $b_2=r_2y+d_2\alpha$.
|
||||
\end{enumerate}
|
||||
|
||||
\subsection{Protocol}
|
||||
|
||||
\subsubsection{Generate public key}
|
||||
|
||||
\begin{enumerate}
|
||||
\item Choose $x_a$ and $m_{ij}, r_{aj}$ for each $i$ and $j$ at random.
|
||||
\item Publish $y_a=g^{x_a}$ along with a zero-knowledge proof of knowledge of $y_a$'s EC DL.
|
||||
\item Compute $y=\sum_{i=1}^ny_i$.
|
||||
\end{enumerate}
|
||||
|
||||
\subsubsection{Round 1: Encrypt bid}
|
||||
|
||||
\begin{enumerate}
|
||||
\item Set $b_{aj}=\begin{cases}g & \mathrm{if}\quad j=b_a\\0 & \mathrm{else}\end{cases}$ and publish $\alpha_{aj}=b_{aj}+r_{aj}y$ and $\beta_{aj}=r_{aj}g$ for each j.
|
||||
\end{enumerate}
|
||||
|
||||
\subsubsection{Round 2: Compute outcome}
|
||||
|
||||
\begin{enumerate}
|
||||
\item
|
||||
\end{enumerate}
|
||||
|
||||
\subsubsection{Round 3: Decrypt outcome}
|
||||
|
||||
\begin{enumerate}
|
||||
\item
|
||||
\end{enumerate}
|
||||
|
||||
\subsubsection{Epilogue: Outcome determination}
|
||||
|
||||
\begin{enumerate}
|
||||
\item
|
||||
\end{enumerate}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
\section{first price auction with tie breaking and private outcome}
|
||||
\begin{align}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user