Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleanup some parts. #11

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Cleanup some parts. #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b43e590
Remove unnecessary hashing of sg, sh, g_n, g_h and add "const" where …
jhasse Jul 29, 2013
2a61bc9
Clean up some parts.
jhasse Sep 30, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 39 additions & 43 deletions AccumulatorProofOfKnowledge.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,18 @@ AccumulatorProofOfKnowledge::AccumulatorProofOfKnowledge(const AccumulatorAndPro
const Commitment& commitmentToCoin, const AccumulatorWitness& witness,
Accumulator& a): params(p) {

Bignum sg = params->accumulatorPoKCommitmentGroup.g;
Bignum sh = params->accumulatorPoKCommitmentGroup.h;
const Bignum sg = params->accumulatorPoKCommitmentGroup.g;
const Bignum sh = params->accumulatorPoKCommitmentGroup.h;

Bignum g_n = params->accumulatorQRNCommitmentGroup.g;
Bignum h_n = params->accumulatorQRNCommitmentGroup.h;
const Bignum g_n = params->accumulatorQRNCommitmentGroup.g;
const Bignum h_n = params->accumulatorQRNCommitmentGroup.h;

Bignum e = commitmentToCoin.getContents();
Bignum r = commitmentToCoin.getRandomness();
const Bignum e = commitmentToCoin.getContents();
const Bignum r = commitmentToCoin.getRandomness();

Bignum r_1 = Bignum::randBignum(params->accumulatorModulus/4);
Bignum r_2 = Bignum::randBignum(params->accumulatorModulus/4);
Bignum r_3 = Bignum::randBignum(params->accumulatorModulus/4);
const Bignum r_1 = Bignum::randBignum(params->accumulatorModulus/4);
const Bignum r_2 = Bignum::randBignum(params->accumulatorModulus/4);
const Bignum r_3 = Bignum::randBignum(params->accumulatorModulus/4);

this->C_e = g_n.pow_mod(e, params->accumulatorModulus) * h_n.pow_mod(r_1, params->accumulatorModulus);
this->C_u = witness.getValue() * h_n.pow_mod(r_2, params->accumulatorModulus);
Expand All @@ -42,11 +42,11 @@ AccumulatorProofOfKnowledge::AccumulatorProofOfKnowledge(const AccumulatorAndPro
r_alpha = 0-r_alpha;
}

Bignum r_gamma = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
Bignum r_phi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
Bignum r_psi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
Bignum r_sigma = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
Bignum r_xi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
const Bignum r_gamma = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
const Bignum r_phi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
const Bignum r_psi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
const Bignum r_sigma = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);
const Bignum r_xi = Bignum::randBignum(params->accumulatorPoKCommitmentGroup.modulus);

Bignum r_epsilon = Bignum::randBignum((params->accumulatorModulus/4) * Bignum(2).pow(params->k_prime + params->k_dprime));
if(!(Bignum::randBignum(Bignum(3)) % 2)) {
Expand Down Expand Up @@ -80,10 +80,10 @@ AccumulatorProofOfKnowledge::AccumulatorProofOfKnowledge(const AccumulatorAndPro
this->t_4 = (C_r.pow_mod(r_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(r_delta, params->accumulatorModulus)) * ((g_n.inverse(params->accumulatorModulus)).pow_mod(r_beta, params->accumulatorModulus))) % params->accumulatorModulus;

CHashWriter hasher(0,0);
hasher << *params << sg << sh << g_n << h_n << commitmentToCoin.getCommitmentValue() << C_e << C_u << C_r << st_1 << st_2 << st_3 << t_1 << t_2 << t_3 << t_4;
hasher << *params << commitmentToCoin.getCommitmentValue() << C_e << C_u << C_r << st_1 << st_2 << st_3 << t_1 << t_2 << t_3 << t_4;

//According to the proof, this hash should be of length k_prime bits. It is currently greater than that, which should not be a problem, but we should check this.
Bignum c = Bignum(hasher.GetHash());
const Bignum c = Bignum(hasher.GetHash());

this->s_alpha = r_alpha - c*e;
this->s_beta = r_beta - c*r_2*e;
Expand All @@ -100,44 +100,40 @@ AccumulatorProofOfKnowledge::AccumulatorProofOfKnowledge(const AccumulatorAndPro

/** Verifies that a commitment c is accumulated in accumulator a
*/
bool AccumulatorProofOfKnowledge:: Verify(const Accumulator& a, const Bignum& valueOfCommitmentToCoin) const {
Bignum sg = params->accumulatorPoKCommitmentGroup.g;
Bignum sh = params->accumulatorPoKCommitmentGroup.h;
bool AccumulatorProofOfKnowledge::Verify(const Accumulator& a, const Bignum& valueOfCommitmentToCoin) const {
const Bignum sg = params->accumulatorPoKCommitmentGroup.g;
const Bignum sh = params->accumulatorPoKCommitmentGroup.h;

Bignum g_n = params->accumulatorQRNCommitmentGroup.g;
Bignum h_n = params->accumulatorQRNCommitmentGroup.h;
const Bignum g_n = params->accumulatorQRNCommitmentGroup.g;
const Bignum h_n = params->accumulatorQRNCommitmentGroup.h;

//According to the proof, this hash should be of length k_prime bits. It is currently greater than that, which should not be a problem, but we should check this.
CHashWriter hasher(0,0);
hasher << *params << sg << sh << g_n << h_n << valueOfCommitmentToCoin << C_e << C_u << C_r << st_1 << st_2 << st_3 << t_1 << t_2 << t_3 << t_4;
hasher << *params << valueOfCommitmentToCoin << C_e << C_u << C_r << st_1 << st_2 << st_3 << t_1 << t_2 << t_3 << t_4;

Bignum c = Bignum(hasher.GetHash()); //this hash should be of length k_prime bits
const Bignum c = Bignum(hasher.GetHash()); //this hash should be of length k_prime bits

Bignum st_1_prime = (valueOfCommitmentToCoin.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * sg.pow_mod(s_alpha, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_phi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
Bignum st_2_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * ((valueOfCommitmentToCoin * sg.inverse(params->accumulatorPoKCommitmentGroup.modulus)).pow_mod(s_gamma, params->accumulatorPoKCommitmentGroup.modulus)) * sh.pow_mod(s_psi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
Bignum st_3_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * (sg * valueOfCommitmentToCoin).pow_mod(s_sigma, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_xi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
const Bignum st_1_prime = (valueOfCommitmentToCoin.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * sg.pow_mod(s_alpha, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_phi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
const Bignum st_2_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * ((valueOfCommitmentToCoin * sg.inverse(params->accumulatorPoKCommitmentGroup.modulus)).pow_mod(s_gamma, params->accumulatorPoKCommitmentGroup.modulus)) * sh.pow_mod(s_psi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
const Bignum st_3_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * (sg * valueOfCommitmentToCoin).pow_mod(s_sigma, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_xi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;

Bignum t_1_prime = (C_r.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_zeta, params->accumulatorModulus) * g_n.pow_mod(s_epsilon, params->accumulatorModulus)) % params->accumulatorModulus;
Bignum t_2_prime = (C_e.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_eta, params->accumulatorModulus) * g_n.pow_mod(s_alpha, params->accumulatorModulus)) % params->accumulatorModulus;
Bignum t_3_prime = ((a.getValue()).pow_mod(c, params->accumulatorModulus) * C_u.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;
Bignum t_4_prime = (C_r.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_delta, params->accumulatorModulus)) * ((g_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;
const Bignum t_1_prime = (C_r.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_zeta, params->accumulatorModulus) * g_n.pow_mod(s_epsilon, params->accumulatorModulus)) % params->accumulatorModulus;
const Bignum t_2_prime = (C_e.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_eta, params->accumulatorModulus) * g_n.pow_mod(s_alpha, params->accumulatorModulus)) % params->accumulatorModulus;
const Bignum t_3_prime = ((a.getValue()).pow_mod(c, params->accumulatorModulus) * C_u.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;
const Bignum t_4_prime = (C_r.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_delta, params->accumulatorModulus)) * ((g_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;

bool result = false;
const bool result_st1 = (st_1 == st_1_prime);
const bool result_st2 = (st_2 == st_2_prime);
const bool result_st3 = (st_3 == st_3_prime);

bool result_st1 = (st_1 == st_1_prime);
bool result_st2 = (st_2 == st_2_prime);
bool result_st3 = (st_3 == st_3_prime);
const bool result_t1 = (t_1 == t_1_prime);
const bool result_t2 = (t_2 == t_2_prime);
const bool result_t3 = (t_3 == t_3_prime);
const bool result_t4 = (t_4 == t_4_prime);

bool result_t1 = (t_1 == t_1_prime);
bool result_t2 = (t_2 == t_2_prime);
bool result_t3 = (t_3 == t_3_prime);
bool result_t4 = (t_4 == t_4_prime);
const bool result_range = ((s_alpha >= -(params->maxCoinValue * Bignum(2).pow(params->k_prime + params->k_dprime + 1))) && (s_alpha <= (params->maxCoinValue * Bignum(2).pow(params->k_prime + params->k_dprime + 1))));

bool result_range = ((s_alpha >= -(params->maxCoinValue * Bignum(2).pow(params->k_prime + params->k_dprime + 1))) && (s_alpha <= (params->maxCoinValue * Bignum(2).pow(params->k_prime + params->k_dprime + 1))));

result = result_st1 && result_st2 && result_st3 && result_t1 && result_t2 && result_t3 && result_t4 && result_range;

return result;
return result_st1 && result_st2 && result_st3 && result_t1 && result_t2 && result_t3 && result_t4 && result_range;
}

} /* namespace libzerocoin */
2 changes: 1 addition & 1 deletion AccumulatorProofOfKnowledge.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class AccumulatorProofOfKnowledge {
READWRITE(s_psi);
)
private:
const AccumulatorAndProofParams* params;
const AccumulatorAndProofParams* const params;

/* Return values for proof */
Bignum C_e;
Expand Down
5 changes: 4 additions & 1 deletion CoinSpend.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,10 @@ CoinSpend::CoinSpend(const Params* p, const PrivateCoin& coin,
this->accCommitmentToCoinValue = fullCommitmentToCoinUnderAccParams.getCommitmentValue();

// 2. Generate a ZK proof that the two commitments contain the same public coin.
this->commitmentPoK = CommitmentProofOfKnowledge(&p->serialNumberSoKCommitmentGroup, &p->accumulatorParams.accumulatorPoKCommitmentGroup, fullCommitmentToCoinUnderSerialParams, fullCommitmentToCoinUnderAccParams);
this->commitmentPoK = CommitmentProofOfKnowledge(&p->serialNumberSoKCommitmentGroup,
&p->accumulatorParams.accumulatorPoKCommitmentGroup,
fullCommitmentToCoinUnderSerialParams,
fullCommitmentToCoinUnderAccParams);

// Now generate the two core ZK proofs:
// 3. Proves that the committed public coin is in the Accumulator (PoK of "witness")
Expand Down
7 changes: 1 addition & 6 deletions Commitment.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,12 +130,7 @@ bool CommitmentProofOfKnowledge::Verify(const Bignum& A, const Bignum& B) const
Bignum computedChallenge = calculateChallenge(A, B, T1, T2);

// Return success if the computed challenge matches the incoming challenge
if(computedChallenge == this->challenge) {
return true;
}

// Otherwise return failure
return false;
return computedChallenge == this->challenge;
}

const Bignum CommitmentProofOfKnowledge::calculateChallenge(const Bignum& a, const Bignum& b, const Bignum &commitOne, const Bignum &commitTwo) const {
Expand Down
2 changes: 1 addition & 1 deletion SerialNumberSignatureOfKnowledge.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ bool SerialNumberSignatureOfKnowledge::Verify(const Bignum& coinSerialNumber, co
Bignum g = params->serialNumberSoKCommitmentGroup.g;
Bignum h = params->serialNumberSoKCommitmentGroup.h;
CHashWriter hasher(0,0);
hasher << *params << valueOfCommitmentToCoin <<coinSerialNumber;
hasher << *params << valueOfCommitmentToCoin << coinSerialNumber;

vector<CBigNum> tprime(params->zkp_iterations);
unsigned char *hashbytes = (unsigned char*) &this->hash;
Expand Down