diff --git a/crypto.c b/crypto.c index d7d2e0f..3619f3c 100644 --- a/crypto.c +++ b/crypto.c @@ -616,15 +616,15 @@ smc_compute_outcome (struct AuctionData *ad) * smc_zkp_dl creates a proof of knowledge of @a x with \f$v = xg\f$ where * \f$g\f$ is the base point on Ed25519. * - * @param[in] v input point. Must be known to the verifier. + * @param[out] v output point. Must be known to the verifier. * @param[in] x private key. Knowledge of this number is certified in the proof * @param[out] proof pointer where to save the output proof structure. Must be * shared with the verifier. */ void -smc_zkp_dl (const gcry_mpi_point_t v, - const gcry_mpi_t x, - struct proof_dl *proof) +smc_zkp_dl (gcry_mpi_point_t v, + const gcry_mpi_t x, + struct proof_dl *proof) { struct zkp_challenge_dl challenge; struct brandt_hash_code challhash; @@ -633,6 +633,9 @@ smc_zkp_dl (const gcry_mpi_point_t v, gcry_mpi_t c = gcry_mpi_new (0); gcry_mpi_t z = gcry_mpi_new (0); + /* v = xg */ + gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); + /* a = zg */ ec_keypair_create (a, z); diff --git a/crypto.h b/crypto.h index a7b06d8..c6ddb36 100644 --- a/crypto.h +++ b/crypto.h @@ -84,9 +84,9 @@ struct proof_0og { struct ec_mpi r2; }; -void smc_zkp_dl (const gcry_mpi_point_t v, - const gcry_mpi_t x, - struct proof_dl *proof); +void smc_zkp_dl (gcry_mpi_point_t v, + const gcry_mpi_t x, + struct proof_dl *proof); int smc_zkp_dl_check (const gcry_mpi_point_t v, const struct proof_dl *proof); diff --git a/test_crypto.c b/test_crypto.c index f8abe68..7e8fe2b 100644 --- a/test_crypto.c +++ b/test_crypto.c @@ -106,8 +106,7 @@ test_smc_zkp_dl () gcry_mpi_t x = gcry_mpi_new (0); gcry_mpi_point_t v = gcry_mpi_point_new (0); - /* v = xg */ - ec_keypair_create (v, x); + ec_skey_create (x); smc_zkp_dl (v, x, &proof); check (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");