oec/libbrandt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

finish prep functions for first price auctions

Browse Source
This commit is contained in:
Markus Teich 2016-08-31 15:13:50 +02:00
parent 7b84ab7fe1
commit f294cd3a85
3 changed files with 97 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
crypto.c
View File

@ -1237,21 +1237,9 @@ struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad,
} }
/** void
* fp_priv_compute_outcome computes encrypted outcome shares and packs them into fp_priv_prep_outcome (struct BRANDT_Auction *ad)
* a message buffer together with proofs of correctnes.
*
* @param[in] ad Pointer to the BRANDT_Auction struct to operate on
* @param[out] buflen Size of the returned message buffer in bytes
* @return A buffer containing the encrypted outcome vectors
* which needs to be broadcast
*/
unsigned char *
fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
gcry_mpi_point_t *tlta1; gcry_mpi_point_t *tlta1;
@ -1260,27 +1248,12 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
gcry_mpi_point_t **tltb2; gcry_mpi_point_t **tltb2;
gcry_mpi_point_t **tlta3; gcry_mpi_point_t **tlta3;
gcry_mpi_point_t **tltb3; gcry_mpi_point_t **tltb3;
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
brandt_assert (ad && buflen); ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->gamma3);
*buflen = (sizeof (*head) + /* msg header */ ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
ad->n * ad->k * /* nk * (gamma, delta, proof2) */ brandt_assert (ad->delta3);
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) ||
NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k)))
{
weprintf ("unable to alloc memory for first price outcome computation");
return NULL;
}
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
/* create temporary lookup tables with partial sums */ /* create temporary lookup tables with partial sums */
tlta1 = smc_init1 (ad->k); tlta1 = smc_init1 (ad->k);
@ -1349,10 +1322,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{ {
for (uint16_t j = 0; j < ad->k; j++) for (uint16_t j = 0; j < ad->k; j++)
{ {
gamma = (struct ec_mpi *)cur;
delta = &((struct ec_mpi *)cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
/* compute inner gamma */ /* compute inner gamma */
gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
@ -1369,6 +1338,63 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
ec_point_copy (ad->gamma3[a][i][j], tmpa); ec_point_copy (ad->gamma3[a][i][j], tmpa);
ec_point_copy (ad->delta3[a][i][j], tmpb); ec_point_copy (ad->delta3[a][i][j], tmpb);
} }
}
}
gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
}
/**
* fp_priv_compute_outcome computes encrypted outcome shares and packs them into
* a message buffer together with proofs of correctnes.
*
* @param[in] ad Pointer to the BRANDT_Auction struct to operate on
* @param[out] buflen Size of the returned message buffer in bytes
* @return A buffer containing the encrypted outcome vectors
* which needs to be broadcast
*/
unsigned char *
fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
{
unsigned char *ret;
unsigned char *cur;
struct msg_head *head;
gcry_mpi_point_t tmpa = gcry_mpi_point_new (0);
gcry_mpi_point_t tmpb = gcry_mpi_point_new (0);
struct ec_mpi *gamma;
struct ec_mpi *delta;
struct proof_2dle *proof2;
brandt_assert (ad && buflen);
*buflen = (sizeof (*head) + /* msg header */
ad->n * ad->k * /* nk * (gamma, delta, proof2) */
(sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char);
head = (struct msg_head *)ret;
head->prot_version = htonl (0);
head->msg_type = htonl (msg_outcome);
cur = ret + sizeof (*head);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
gamma = (struct ec_mpi *)cur;
delta = &((struct ec_mpi *)cur)[1];
proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
/* apply random masking for losing bidders */ /* apply random masking for losing bidders */
smc_zkp_2dle (ad->gamma3[ad->i][i][j], smc_zkp_2dle (ad->gamma3[ad->i][i][j],
@ -1387,12 +1413,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
gcry_mpi_point_release (tmpa); gcry_mpi_point_release (tmpa);
gcry_mpi_point_release (tmpb); gcry_mpi_point_release (tmpb);
smc_free1 (tlta1, ad->k);
smc_free1 (tltb1, ad->k);
smc_free2 (tlta2, ad->n, ad->k);
smc_free2 (tltb2, ad->n, ad->k);
smc_free2 (tlta3, ad->n, ad->k);
smc_free2 (tltb3, ad->n, ad->k);
return ret; return ret;
} }
@ -1448,6 +1468,32 @@ quit:
} }
void
fp_priv_prep_decryption (struct BRANDT_Auction *ad)
{
gcry_mpi_point_t tmp = gcry_mpi_point_new (0);
ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
brandt_assert (ad->phi3);
for (uint16_t i = 0; i < ad->n; i++)
{
for (uint16_t j = 0; j < ad->k; j++)
{
smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi3[a][i][j], tmp);
}
}
gcry_mpi_point_release (tmp);
}
/** /**
* fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them
* into a message buffer together with proofs of correctnes. * into a message buffer together with proofs of correctnes.
@ -1472,11 +1518,6 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
*buflen = (sizeof (*head) + *buflen = (sizeof (*head) +
ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
ret = GNUNET_new_array (*buflen, unsigned char); ret = GNUNET_new_array (*buflen, unsigned char);
if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k)))
{
weprintf ("unable to alloc memory for first price outcome decryption");
return NULL;
}
head = (struct msg_head *)ret; head = (struct msg_head *)ret;
head->prot_version = htonl (0); head->prot_version = htonl (0);
@ -1490,13 +1531,7 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
phi = (struct ec_mpi *)cur; phi = (struct ec_mpi *)cur;
proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
/* copy still encrypted outcome to all other bidder layers so they
* don't have to be recomputed to check the ZK proof_2dle's from
* other bidders when receiving their outcome decryption messages */
for (uint16_t a = 0; a < ad->n; a++)
ec_point_copy (ad->phi3[a][i][j], tmp);
/* decrypt outcome component and prove the correct key was used */ /* decrypt outcome component and prove the correct key was used */
smc_zkp_2dle (ad->phi3[ad->i][i][j], smc_zkp_2dle (ad->phi3[ad->i][i][j],

6
crypto.h
View File

@ -130,6 +130,7 @@ int smc_recv_encrypted_bid (struct BRANDT_Auction *ad,
size_t buflen, size_t buflen,
uint16_t sender_index); uint16_t sender_index);
void fp_priv_prep_outcome (struct BRANDT_Auction *ad);
unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_priv_recv_outcome (struct BRANDT_Auction *ad, int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
@ -137,6 +138,7 @@ int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
size_t buflen, size_t buflen,
uint16_t sender); uint16_t sender);
void fp_priv_prep_decryption (struct BRANDT_Auction *ad);
unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad,
size_t *buflen); size_t *buflen);
int fp_priv_recv_decryption (struct BRANDT_Auction *ad, int fp_priv_recv_decryption (struct BRANDT_Auction *ad,
@ -204,8 +206,8 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
[outcome_private] = { [outcome_private] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,
[msg_bid] = &smc_prep_bid, [msg_bid] = &smc_prep_bid,
// [msg_outcome] = &fp_priv_prep_outcome, [msg_outcome] = &fp_priv_prep_outcome,
// [msg_decrypt] = &fp_priv_prep_decryption, [msg_decrypt] = &fp_priv_prep_decryption,
}, },
[outcome_public] = { [outcome_public] = {
[msg_init] = &smc_prep_keyshare, [msg_init] = &smc_prep_keyshare,

7
test_crypto.c
View File

@ -302,16 +302,15 @@ test_all_auctions ()
if (auction_firstPrice != atype) /* others not yet implemented */ if (auction_firstPrice != atype) /* others not yet implemented */
continue; continue;
// for (size_t oc = 0; oc < outcome_last; oc++) for (size_t oc = 0; oc < outcome_last; oc++)
// { {
size_t oc = outcome_public;
if (!test_setup_auction_data() || !test_auction (atype, oc)) if (!test_setup_auction_data() || !test_auction (atype, oc))
{ {
cleanup_auction_data (); cleanup_auction_data ();
return 0; return 0;
} }
cleanup_auction_data (); cleanup_auction_data ();
// } }
} }
return 1; return 1;