viff

changeset 1571:cb800e02f5bd

BeDOZa: Do intermediate modular reductions in zero-knowledge protocol.
author Thomas P Jakobsen <tpj@cs.au.dk>
date Mon, 04 Oct 2010 10:27:01 +0200
parents 6a727af6cb6c
children 54f02cd75714
files viff/bedoza/zero_knowledge.py
diffstat 1 files changed, 9 insertions(+), 37 deletions(-) [+]
line diff
     1.1 --- a/viff/bedoza/zero_knowledge.py	Mon Oct 04 10:27:01 2010 +0200
     1.2 +++ b/viff/bedoza/zero_knowledge.py	Mon Oct 04 10:27:01 2010 +0200
     1.3 @@ -85,25 +85,14 @@
     1.4      def _verify_proof(self, serialized_proof):
     1.5          # The prover don't need to prove to himself.
     1.6          if self.runtime.id == self.prover_id:
     1.7 -            #print 'x', len(self.x)
     1.8 -            #print 'e', len(self.e)
     1.9 -            #print 'u', len(self.u)
    1.10 -            return True # TODO
    1.11 -        #n = self.runtime.players[self.prover_id].pubkey['n']
    1.12 -        #print "N_1:", n
    1.13 +            return True
    1.14          self._deserialize_proof(serialized_proof)
    1.15          self._generate_e()
    1.16 -        S = self._vec_mul(self.d, self._vec_pow_E(self.c, self.prover_n2))
    1.17 +        temp = self._vec_pow_E(self.c, self.prover_n2)
    1.18 +        S = self._vec_mul(self.d, temp, self.prover_n2)
    1.19          T = [mpz(self.paillier.encrypt(int(self.Z[j]), player_id=self.prover_id, random_elm=int(self.W[j])))
    1.20               for j in range(self.m)]
    1.21 -        #print 'Z', len(self.Z)
    1.22 -        #print 'W', len(self.W)
    1.23 -        
    1.24          for j in xrange(self.m):
    1.25 -            #print
    1.26 -            #print '---'
    1.27 -            #print self.runtime.id, j, S[j] % self.prover_n2
    1.28 -            #print self.runtime.id, j, T[j]
    1.29              # TODO: Return false if S[j] != T[j].
    1.30              if S[j] != T[j]:
    1.31                  # TODO: Proof failed, return false!
    1.32 @@ -112,6 +101,7 @@
    1.33                  # TODO: Proof failed, return false!
    1.34                  pass
    1.35  
    1.36 +        # TODO: Fix zero-knowledge proof!!!
    1.37          return True
    1.38          
    1.39  
    1.40 @@ -124,29 +114,16 @@
    1.41              self.u.append(mpz(ui))
    1.42              self.v.append(mpz(vi))
    1.43              self.d.append(mpz(di))
    1.44 -        #print "Player", self.runtime.id, " d =", self.d
    1.45 -
    1.46  
    1.47      def _generate_Z_and_W(self):
    1.48          self.Z = self._vec_add(self.u, self._vec_mul_E(self.x))
    1.49 -        self.W = self._vec_mul(self.v, self._vec_pow_E(self.r, self.prover_n))
    1.50 +        self.W = self._vec_mul(self.v, self._vec_pow_E(self.r, self.prover_n2), self.prover_n2)
    1.51  
    1.52 -        #print self.runtime.id
    1.53 -        #print self.prover_id
    1.54 -        #n = self.runtime.players[self.prover_id].pubkey['n']
    1.55 -        #print "N_1:", n
    1.56 -        self.W = [w % self.prover_n2 for w in self.W]
    1.57 -
    1.58 -        #print "Player", self.runtime.id, " Z =", self.Z
    1.59 -        #print "Player", self.runtime.id, " W =", self.W
    1.60 -
    1.61 -        #n = self.runtime.players[self.runtime.id].pubkey['n']
    1.62 -        #self.Z = [z % n for z in self.Z]
    1.63 -        
    1.64      def _get_proof_broadcasted_by_prover(self):
    1.65          serialized_proof = None
    1.66          if self.runtime.id == self.prover_id:
    1.67 -            # TODO: Should we somehow compress message for improved performance?
    1.68 +            # TODO: Should we somehow compress message for improved
    1.69 +            # performance?
    1.70              serialized_proof = self._serialize_proof()
    1.71          deferred_proof = self._broadcast(serialized_proof)
    1.72          return deferred_proof
    1.73 @@ -160,10 +137,6 @@
    1.74          self.d = proof[0]
    1.75          self.Z = proof[1]
    1.76          self.W = proof[2]
    1.77 -        #print "Player", self.runtime.id, " Z =", self.Z
    1.78 -        #print "Player", self.runtime.id, " W =", self.W
    1.79 -        #print "Player", self.runtime.id, " d =", self.d
    1.80 -
    1.81  
    1.82      def _extract_bits(self, string, no_of_bits):
    1.83          """Returns list of first no_of_bits from the given string."""
    1.84 @@ -200,7 +173,6 @@
    1.85              h.update(repr(d))
    1.86          hash = h.digest()
    1.87          self.e = self._extract_bits(hash, self.s)
    1.88 -        #print "Player", self.runtime.id, " e =", self.e
    1.89  
    1.90      def _broadcast(self, values):
    1.91          msg = repr(values) if self.prover_id == self.runtime.id else None
    1.92 @@ -239,8 +211,8 @@
    1.93              res.append(t)
    1.94          return res
    1.95      
    1.96 -    def _vec_mul(self, x, y):
    1.97 -        return [x * y for x, y in zip(x,y)]
    1.98 +    def _vec_mul(self, x, y, n):
    1.99 +        return [(x * y) % n for x, y in zip(x,y)]
   1.100  
   1.101      def _vec_pow_E(self, y, n):
   1.102          """Computes and returns the m := 2s-1 length vector y**E."""