- fix election crypto

- multi-way elections - high-level signature containers - fix bug in mesh test case - fix bug in Strings.java - ivy repo
author: Florian Dold <florian.dold@gmail.com> 2014-03-30 21:41:58 +0000
committer: Florian Dold <florian.dold@gmail.com> 2014-03-30 21:41:58 +0000
commit: 9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5 (patch)
tree: 39d855abacebeaa45752e4abc5b4a660d2603d70 /src/main/java/org
parent: 1fbef203844b19f8141bddcba20a977de34b211e (diff)
download: gnunet-java-9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5.tar.gz
gnunet-java-9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5.zip
39 files changed, 803 insertions, 335 deletions
diff --git a/src/main/java/org/gnunet/construct/parsers/IntegerUtil.java b/src/main/java/org/gnunet/construct/parsers/IntegerUtil.java
index 83391de..d791f39 100644
--- a/src/main/java/org/gnunet/construct/parsers/IntegerUtil.java
+++ b/src/main/java/org/gnunet/construct/parsers/IntegerUtil.java
@@ -47,7 +47,7 @@ public class IntegerUtil {
        val |= s;
        if (isSigned) {
-            // explicitly OR sign bit to the right place if the source buffer is
+            // explicitly OR signRaw bit to the right place if the source buffer is
            // too large
            long sign = (srcBuf.get(first) & 0x80);
            val |= (sign << 7);
@@ -69,9 +69,9 @@ public class IntegerUtil {
        }
        if (isSigned) {
-            // a long has 8 bytes, shift by 7 bytes (non-arithmetically) to get the sign
+            // a long has 8 bytes, shift by 7 bytes (non-arithmetically) to get the signRaw
            byte sign = (byte) ((val >>> (7*8)) & 0x80);
-            // remove the sign bit from the buffer
+            // remove the signRaw bit from the buffer
            dstBuf.put(dstBuf.position() + byteSize - 1, (byte) (dstBuf.get(dstBuf.position() + byteSize - 1) & ~sign));
            // ... and put it in the right place (lowest byte)
            dstBuf.put(dstBuf.position(), (byte) (dstBuf.get(dstBuf.position()) | sign));
diff --git a/src/main/java/org/gnunet/core/Core.java b/src/main/java/org/gnunet/core/Core.java
index 307b9a2..a4adb32 100644
--- a/src/main/java/org/gnunet/core/Core.java
+++ b/src/main/java/org/gnunet/core/Core.java
@@ -267,7 +267,7 @@ public class Core {
        for (int i : interested) {
            logger.debug("we are interested in " + i);
        }
-        client.sendPrefered(initMessage);
+        client.sendPreferred(initMessage);
    }
    /**
diff --git a/src/main/java/org/gnunet/mesh/ConnectHandler.java b/src/main/java/org/gnunet/mesh/ConnectHandler.java
index 62275b0..8583df2 100644
--- a/src/main/java/org/gnunet/mesh/ConnectHandler.java
+++ b/src/main/java/org/gnunet/mesh/ConnectHandler.java
@@ -8,5 +8,5 @@ import org.gnunet.util.PeerIdentity;
 * @author Florian Dold
 */
 public interface ConnectHandler {
-    public void onConnect(Mesh.Tunnel tunnel, PeerIdentity peer);
+    public void onConnect(Mesh.Channel channel, PeerIdentity peer);
 }
diff --git a/src/main/java/org/gnunet/mesh/DisconnectHandler.java b/src/main/java/org/gnunet/mesh/DisconnectHandler.java
deleted file mode 100644
index 8fd6428..0000000
--- a/src/main/java/org/gnunet/mesh/DisconnectHandler.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.gnunet.mesh;
-import org.gnunet.util.PeerIdentity;
-/**
- * ...
- *
- * @author Florian Dold
- */
-public interface DisconnectHandler {
-    void onDisconnect(PeerIdentity peer);
-}
diff --git a/src/main/java/org/gnunet/mesh/InboundChannelHandler.java b/src/main/java/org/gnunet/mesh/InboundChannelHandler.java
new file mode 100644
index 0000000..a8cb6b7
--- /dev/null
+++ b/src/main/java/org/gnunet/mesh/InboundChannelHandler.java
@@ -0,0 +1,12 @@
+package org.gnunet.mesh;
+import org.gnunet.util.PeerIdentity;
+/**
+ * ...
+ *
+ * @author Florian Dold
+ */
+public interface InboundChannelHandler {
+    void onInboundTunnel(Mesh.Channel channel, PeerIdentity initiator);
+}
diff --git a/src/main/java/org/gnunet/mesh/InboundTunnelHandler.java b/src/main/java/org/gnunet/mesh/InboundTunnelHandler.java
deleted file mode 100644
index ebcf225..0000000
--- a/src/main/java/org/gnunet/mesh/InboundTunnelHandler.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.gnunet.mesh;
-import org.gnunet.util.PeerIdentity;
-/**
- * ...
- *
- * @author Florian Dold
- */
-public interface InboundTunnelHandler {
-    void onInboundTunnel(Mesh.Tunnel tunnel, PeerIdentity initiator);
-}
diff --git a/src/main/java/org/gnunet/mesh/Mesh.java b/src/main/java/org/gnunet/mesh/Mesh.java
index 0a7369b..aedfd6a 100644
--- a/src/main/java/org/gnunet/mesh/Mesh.java
+++ b/src/main/java/org/gnunet/mesh/Mesh.java
@@ -50,7 +50,7 @@ public class Mesh {
    private static final long TUNNEL_ID_CLI = 0x80000000L;
    /**
-     * For tunnels created by the server, the bit in this
+     * For tunnels created by the service, the bit in this
     * mask is always set.
     */
    private static final long TUNNEL_ID_SERV = 0xB0000000L;
@@ -91,12 +91,12 @@ public class Mesh {
    /**
     * Handler for inbound tunnels.
     */
-    private InboundTunnelHandler inboundTunnelHandler;
+    private InboundChannelHandler inboundChannelHandler;
    /**
     * Mapping from the tunnel's ID to the tunnel object.
     */
-    private Map<Long,Tunnel> tunnelMap = new HashMap<Long,Tunnel>();
+    private Map<Long,Channel> tunnelMap = new HashMap<Long,Channel>();
    /**
     * Counter for generating fresh tunnel ID's
@@ -108,7 +108,7 @@ public class Mesh {
     * A tunnel to a remote peer.
     * @param <T> type of context data for the tunnel
     */
-    public class Tunnel<T> extends MessageQueue {
+    public class Channel<T> extends MessageQueue {
        private T context;
        private final int opt;
        final PeerIdentity peer;
@@ -133,7 +133,7 @@ public class Mesh {
         * @param nobuffer Flag for disabling buffering on relay nodes.
         * @param reliable Flag for end-to-end reliability.
         */
-        public Tunnel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable, T context) {
+        public Channel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable, T context) {
            this(peer, 0, port, nobuffer, reliable);
            TunnelCreateMessage tcm = new TunnelCreateMessage();
            tcm.otherEnd = peer;
@@ -154,7 +154,7 @@ public class Mesh {
         * @param nobuffer
         * @param reliable
         */
-        public Tunnel(PeerIdentity peer, long tunnelId, int port, boolean nobuffer, boolean reliable) {
+        public Channel(PeerIdentity peer, long tunnelId, int port, boolean nobuffer, boolean reliable) {
            int myOpt = 0;
            if (reliable)
                myOpt |= OPTION_RELIABLE;
@@ -242,16 +242,16 @@ public class Mesh {
    private class MeshMessageReceiver extends RunaboutMessageReceiver {
        public void visit(TunnelCreateMessage m) {
-            Tunnel t = new Tunnel(m.otherEnd, m.tunnelId, m.port,
+            Channel t = new Channel(m.otherEnd, m.tunnelId, m.port,
                    (m.opt & OPTION_NOBUFFER) != 0, (m.opt & OPTION_NOBUFFER) != 0);
            logger.debug("inbound tunnel {}", m.tunnelId);
-            if (inboundTunnelHandler != null) {
+            if (inboundChannelHandler != null) {
-                inboundTunnelHandler.onInboundTunnel(t, m.otherEnd);
+                inboundChannelHandler.onInboundTunnel(t, m.otherEnd);
            }
        }
        public void visit(DataMessage m) {
-            Tunnel t = tunnelMap.get(m.tid);
+            Channel t = tunnelMap.get(m.tid);
            if (t != null)
            {
                if (t.receiveDoneExpected)
@@ -268,7 +268,7 @@ public class Mesh {
        public void visit(LocalAckMessage m) {
            logger.debug("got LocalAckMessage for {}", m.tid);
-            Tunnel t = tunnelMap.get(m.tid);
+            Channel t = tunnelMap.get(m.tid);
            if (t != null) {
                t.handleAck();
            } else {
@@ -277,38 +277,36 @@ public class Mesh {
        }
        public void visit(TunnelDestroyMessage m) {
-            Tunnel t = tunnelMap.get(m.tunnelId);
+            Channel t = tunnelMap.get(m.tunnelId);
            if (null == t) {
                logger.warn("server got confused with tunnel IDs on destroy, ignoring message");
                return;
            }
            t.destroyedByService = true;
+            logger.debug("tunnel destroyed by service");
            t.destroy();
-            if (null != tunnelEndHandler) {
+            tunnelEndHandler.onChannelEnd(t);
-                tunnelEndHandler.onTunnelEnd(t);
-            }
        }
        public void visit(RejectMessage m) {
            // FIXME: C code indicates that the nack/reject message might change ...
-            Tunnel t = tunnelMap.get(m.tunnelId);
+            Channel t = tunnelMap.get(m.tunnelId);
            if (null == t) {
                logger.warn("server got confused with tunnel IDs on destroy, ignoring message");
                return;
            }
            t.destroyedByService = true;
+            logger.debug("tunnel destroyed by service (nack/reject)");
            t.destroy();
-            if (null != tunnelEndHandler) {
+            tunnelEndHandler.onChannelEnd(t);
-                tunnelEndHandler.onTunnelEnd(t);
-            }
        }
        @Override
        public void handleError() {
            logger.warn("lost connection to mesh service, reconnecting");
            if (null != tunnelEndHandler) {
-                for (Tunnel t : tunnelMap.values()) {
+                for (Channel t : tunnelMap.values()) {
-                    tunnelEndHandler.onTunnelEnd(t);
+                    tunnelEndHandler.onChannelEnd(t);
                }
            }
            tunnelMap.clear();
@@ -322,21 +320,22 @@ public class Mesh {
    /**
     * Connect to the mesh service, listening to the given ports.
     *
-     * @param cfg                  configuration to use
+     * @param cfg configuration to use
-     * @param inboundTunnelHandler function called when an *inbound* tunnel is created
+     * @param inboundChannelHandler called when an inbound channel is established
-     * @param tunnelEndHandler     function called when an *inbound* tunnel is destroyed by the
+     * @param tunnelEndHandler called when a tunnel is destroyed (either by the client calling Tunnel.destroy(),
-     *                             remote peer, it is *not* called if Tunnel.destroy
+     *                         or by the service)
-     *                             is called on the tunnel
     * @param messageReceiver runabout for messages we are interested in
     * @param ports ports to listen on
     */
-    public Mesh(Configuration cfg, InboundTunnelHandler inboundTunnelHandler,
+    public Mesh(Configuration cfg, InboundChannelHandler inboundChannelHandler,
                TunnelEndHandler tunnelEndHandler, MeshRunabout messageReceiver, int... ports) {
+        if (null == tunnelEndHandler) {
+            throw new AssertionError("tunnel end handler may not be null");
+        }
        this.tunnelEndHandler = tunnelEndHandler;
        this.messageReceiver = messageReceiver;
        this.ports = ports;
-        this.inboundTunnelHandler = inboundTunnelHandler;
+        this.inboundChannelHandler = inboundChannelHandler;
        client = new Client("mesh", cfg);
        client.installReceiver(new MeshMessageReceiver());
        ClientConnectMessage ccm = new ClientConnectMessage();
@@ -351,24 +350,35 @@ public class Mesh {
    }
    /**
-     * Connect to the mesh service.
+     * Connect to the mesh service. Use this constructor if you are not interested in inbound tunnels.
     *
-     * @param cfg                  configuration to use
+     * @param cfg configuration to use
-     * @param tunnelEndHandler     function called when an *inbound* tunnel is destroyed by the
+     * @param tunnelEndHandler called when a tunnel is destroyed (either by the client calling Tunnel.destroy(),
-     *                             remote peer, it is *not* called if Tunnel.destroy
+     *                         or by the service)
-     *                             is called on the tunnel
     */
    public Mesh(Configuration cfg, TunnelEndHandler tunnelEndHandler, MeshRunabout messageReceiver) {
        this(cfg, null, tunnelEndHandler, messageReceiver);
    }
-    public <T> Tunnel<T> createTunnel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable, T initialContext) {
+    /**
-        return new Tunnel<T>(peer, port, nobuffer, reliable, initialContext);
+     * Connect to the mesh service. Use this constructor if you are not interested in inbound tunnels
+     * and don't want to receive messages.
+     *
+     * @param cfg configuration to use
+     * @param tunnelEndHandler called when a tunnel is destroyed (either by the client calling Tunnel.destroy(),
+     *                         or by the service)
+     */
+    public Mesh(Configuration cfg, TunnelEndHandler tunnelEndHandler) {
+        this(cfg, null, tunnelEndHandler, null);
+    }
+    public <T> Channel<T> createTunnel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable, T initialContext) {
+        return new Channel<T>(peer, port, nobuffer, reliable, initialContext);
    }
-    public <T> Tunnel<T> createTunnel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable) {
+    public <T> Channel<T> createTunnel(PeerIdentity peer, int port, boolean nobuffer, boolean reliable) {
        logger.debug("creating tunnel to peer {} over port {}", peer.toString(), port);
-        return new Tunnel<T>(peer, port, nobuffer, reliable, null);
+        return new Channel<T>(peer, port, nobuffer, reliable, null);
    }
    /**
diff --git a/src/main/java/org/gnunet/mesh/MeshRunabout.java b/src/main/java/org/gnunet/mesh/MeshRunabout.java
index 50dbe09..577a6cd 100644
--- a/src/main/java/org/gnunet/mesh/MeshRunabout.java
+++ b/src/main/java/org/gnunet/mesh/MeshRunabout.java
@@ -8,11 +8,11 @@ import org.grothoff.Runabout;
 * @author Florian Dold
 */
 public class MeshRunabout extends Runabout {
-    private Mesh.Tunnel sender;
+    private Mesh.Channel sender;
-    /* package private */ void setSender(Mesh.Tunnel sender) {
+    /* package private */ void setSender(Mesh.Channel sender) {
        this.sender = sender;
    }
-    public Mesh.Tunnel getSender() {
+    public Mesh.Channel getSender() {
        return sender;
    }
 }
diff --git a/src/main/java/org/gnunet/mesh/TunnelEndHandler.java b/src/main/java/org/gnunet/mesh/TunnelEndHandler.java
index 2a492ce..5b89a2f 100644
--- a/src/main/java/org/gnunet/mesh/TunnelEndHandler.java
+++ b/src/main/java/org/gnunet/mesh/TunnelEndHandler.java
@@ -7,11 +7,11 @@ package org.gnunet.mesh;
 */
 public interface TunnelEndHandler {
    /**
-     * Called once a tunnel has been destroyed.
+     * Called once a channel has been destroyed.
-     * The given tunnel can not be used anymore, and is only provided
+     * The given channel can not be used anymore, and is only provided
-     * to identify the tunnel that has been destroyed.
+     * to identify the channel that has been destroyed.
     *
-     * @param tunnel tunnel that has been destroyed
+     * @param channel channel that has been destroyed
     */
-    void onTunnelEnd(Mesh.Tunnel tunnel);
+    void onChannelEnd(Mesh.Channel channel);
 }
diff --git a/src/main/java/org/gnunet/mesh/TunnelNotificationMessage.java b/src/main/java/org/gnunet/mesh/TunnelNotificationMessage.java
deleted file mode 100644
index e6fb724..0000000
--- a/src/main/java/org/gnunet/mesh/TunnelNotificationMessage.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.gnunet.mesh;
-import org.gnunet.construct.NestedMessage;
-import org.gnunet.construct.UInt32;
-import org.gnunet.util.GnunetMessage;
-import org.gnunet.util.PeerIdentity;
-/**
- * ...
- *
- * @author Florian Dold
- */
-public class TunnelNotificationMessage implements GnunetMessage.Body {
-    @UInt32
-    public int tunnelId;
-    /**
-     * Peer at the other end, if any
-     * TODO: ask bart what 'if any' means here
-     */
-    @NestedMessage
-    public PeerIdentity peer;
-}
diff --git a/src/main/java/org/gnunet/mesh/package-info.java b/src/main/java/org/gnunet/mesh/package-info.java
index fb5a8a4..2a60cc0 100644
--- a/src/main/java/org/gnunet/mesh/package-info.java
+++ b/src/main/java/org/gnunet/mesh/package-info.java
@@ -20,6 +20,6 @@
 /**
- * Create tunnels for packet-based communication to distant peers.
+ * Create channels for packet-based communication to distant peers.
 */
 package org.gnunet.mesh;
diff --git a/src/main/java/org/gnunet/mq/MessageQueue.java b/src/main/java/org/gnunet/mq/MessageQueue.java
index d7ecce7..8306c4c 100644
--- a/src/main/java/org/gnunet/mq/MessageQueue.java
+++ b/src/main/java/org/gnunet/mq/MessageQueue.java
@@ -2,6 +2,8 @@ package org.gnunet.mq;
 import org.gnunet.util.GnunetMessage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import java.util.LinkedList;
@@ -9,9 +11,31 @@ import java.util.LinkedList;
 * General-purpose message queue
 */
 public abstract class MessageQueue {
+    /**
+     * Class logger.
+     */
+    private static final Logger logger = LoggerFactory
+            .getLogger(MessageQueue.class);
+    /**
+     * Envelopes queued for sending.
+     */
    private LinkedList<Envelope> queuedEnvelopes = new LinkedList<Envelope>();
-    private LinkedList<Envelope> preferedQueuedEnvelopes = new LinkedList<Envelope>();
+    /**
+     * Envelopes queued for sending.  The preferred envelopes will always be sent before
+     * the envelopes in 'queuedEnvelopes'.
+     */
+    private LinkedList<Envelope> preferredQueuedEnvelopes = new LinkedList<Envelope>();
+    /**
+     * Envelope we are currently in the process of submitting.
+     * While the 'currentEnvelope' is not null, no other envelope
+     * can be transmitted.
+     */
    protected Envelope currentEnvelope;
+    /**
+     * Are we ready to submit messages, or should we wait and queue further submit
+     * requests?
+     */
    private boolean readyForSubmit;
    /**
@@ -30,23 +54,25 @@ public abstract class MessageQueue {
        send(new Envelope(body));
    }
-    public void sendPrefered(GnunetMessage.Body body) {
+    public void sendPreferred(GnunetMessage.Body body) {
-        sendPrefered(new Envelope(body));
+        sendPreferred(new Envelope(body));
    }
    public void send(Envelope ev) {
+        logger.debug("message queue {}: queueing message", this.getClass().getName());
        queuedEnvelopes.addLast(ev);
        trySubmitNext();
    }
-    public void sendPrefered(Envelope ev) {
+    public void sendPreferred(Envelope ev) {
-        preferedQueuedEnvelopes.addLast(ev);
+        logger.debug("message queue {}: queueing preferred message", this.getClass().getName());
+        preferredQueuedEnvelopes.addLast(ev);
        trySubmitNext();
    }
    private Envelope pollNextEnvelope() {
-        if (!preferedQueuedEnvelopes.isEmpty())
+        if (!preferredQueuedEnvelopes.isEmpty())
-            return preferedQueuedEnvelopes.removeFirst();
+            return preferredQueuedEnvelopes.removeFirst();
        if (!queuedEnvelopes.isEmpty())
            return queuedEnvelopes.removeFirst();
        return null;
@@ -54,10 +80,12 @@ public abstract class MessageQueue {
    protected void trySubmitNext() {
        if (currentEnvelope != null || !readyForSubmit) {
+            logger.debug("message queue {}: not submitting (not ready)", this.getClass().getName());
            return;
        }
        Envelope ev = pollNextEnvelope();
        if (ev == null) {
+            logger.debug("message queue {}: not submitting (nothing to send)", this.getClass().getName());
            return;
        }
        currentEnvelope = ev;
@@ -69,6 +97,7 @@ public abstract class MessageQueue {
        if (readyForSubmit) {
            throw new AssertionError("message queue reported 'ready for submit' twice");
        }
+        logger.debug("message queue {} ready for submit", this.getClass().getName());
        readyForSubmit = true;
        trySubmitNext();
    }
@@ -90,15 +119,13 @@ public abstract class MessageQueue {
     *
     * @param ev the envelope to onCancel
     */
-    /* pkg-private */ void cancelEnvelope(Envelope ev) {
+    void cancelEnvelope(Envelope ev) {
-        if (null == currentEnvelope)
-            throw new AssertionError();
        if (ev == currentEnvelope) {
            retract();
            trySubmitNext();
        } else {
            queuedEnvelopes.remove(ev);
-            preferedQueuedEnvelopes.remove(ev);
+            preferredQueuedEnvelopes.remove(ev);
        }
    }
 }
diff --git a/src/main/java/org/gnunet/secretsharing/Ciphertext.java b/src/main/java/org/gnunet/secretsharing/Ciphertext.java
index d60e8ce..10b056e 100644
--- a/src/main/java/org/gnunet/secretsharing/Ciphertext.java
+++ b/src/main/java/org/gnunet/secretsharing/Ciphertext.java
@@ -26,6 +26,7 @@ import org.gnunet.util.BigIntegers;
 import org.gnunet.util.Strings;
 import java.math.BigInteger;
+import java.util.Arrays;
 /**
 * ElGamal ciphertext.
@@ -37,6 +38,26 @@ public class Ciphertext implements Message {
    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
    public byte[] c_2;
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Ciphertext that = (Ciphertext) o;
+        if (!Arrays.equals(c_1, that.c_1)) return false;
+        if (!Arrays.equals(c_2, that.c_2)) return false;
+        return true;
+    }
+    @Override
+    public int hashCode() {
+        int result = c_1 != null ? Arrays.hashCode(c_1) : 0;
+        result = 31 * result + (c_2 != null ? Arrays.hashCode(c_2) : 0);
+        return result;
+    }
    /**
     * Allocate the ciphertext with zeros.
     */
diff --git a/src/main/java/org/gnunet/secretsharing/Parameters.java b/src/main/java/org/gnunet/secretsharing/Parameters.java
index cd0e5de..f5a9750 100644
--- a/src/main/java/org/gnunet/secretsharing/Parameters.java
+++ b/src/main/java/org/gnunet/secretsharing/Parameters.java
@@ -20,12 +20,15 @@
 package org.gnunet.secretsharing;
+import org.gnunet.voting.simulation.VotingParameters;
 import java.math.BigInteger;
+import java.security.SecureRandom;
 /**
 * Constants used by the crypto of the secretsharing API.
 */
-public interface Parameters {
+public abstract class Parameters {
    /**
     * Size of the key.
     */
@@ -66,4 +69,26 @@ public interface Parameters {
            "9cfd9f953674fab5d511e1c078fc72d72b34086f" +
            "c82b4b951989eb85325cb203ff98df76bc366bba" +
            "1d7024c3650f60d0da", 16);
+    public static BigInteger randomQ() {
+        SecureRandom r = new SecureRandom();
+        BigInteger y;
+        do {
+            y = new BigInteger(Parameters.elgamalBits - 1, r);
+        } while (y.compareTo(BigInteger.ONE) == 0 || y.compareTo(Parameters.elgamalQ) >= 0);
+        return y;
+    }
+    public static BigInteger modPowG(BigInteger exp) {
+        return elgamalG.modPow(exp, elgamalP);
+    }
+    public static BigInteger[] generateGenerators(int i) {
+        BigInteger[] generators = new BigInteger[i];
+        for (int j = 0; j < i; j++) {
+            // FIXME: this violates proper layering of the modules
+            generators[j] = VotingParameters.selectSubgroupGenerator(elgamalP, elgamalQ);
+        }
+        return generators;
+    }
 }
diff --git a/src/main/java/org/gnunet/secretsharing/Plaintext.java b/src/main/java/org/gnunet/secretsharing/Plaintext.java
index fc4ac14..a3d87c8 100644
--- a/src/main/java/org/gnunet/secretsharing/Plaintext.java
+++ b/src/main/java/org/gnunet/secretsharing/Plaintext.java
@@ -26,6 +26,7 @@ import org.gnunet.util.BigIntegers;
 import java.math.BigInteger;
 import java.security.SecureRandom;
+import java.util.Arrays;
 public class Plaintext implements Message {
    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
@@ -39,17 +40,55 @@ public class Plaintext implements Message {
        return plaintext;
    }
-    public long bruteForceDiscreteLog(final long l) {
+    /**
+     * Try all products of length l of the given generators.
+     *
+     * @param l number of factors
+     * @param generators different factors to chose from
+     * @return null if no solution was found, or an array of coefficients
+     */
+    public long[] bruteForceDiscreteLog(final long l, BigInteger[] generators) {
        BigInteger needle = new BigInteger(1, bits);
-        for (long i = -l; i <= l; i++) {
+        if (l == 0) {
-            BigInteger val;
+            if (needle.equals(BigInteger.ONE))
-            val = Parameters.elgamalG.modPow(BigInteger.valueOf(l), Parameters.elgamalP);
+                return new long[0];
-            if (val.equals(needle))
+            return null;
-                return i;
        }
-        throw new ArithmeticException(String.format("discrete log has no solution in range [%s, %s]", -l, l));
+        long[] combo = new long[generators.length];
+        boolean success = bruteForceDiscreteLog(l, combo, needle, BigInteger.ONE, generators, 0);
+        if (success) {
+            return combo;
+        }
+        return null;
+    }
+    private static boolean bruteForceDiscreteLog(final long l, long[] combo,
+                                                final BigInteger needle, final BigInteger haystack,
+                                                BigInteger[] generators, final int genIdx) {
+        if (l == 0) {
+            combo[genIdx] = 0;
+            return haystack.equals(needle);
+        }
+        if (genIdx == generators.length - 1) {
+            combo[genIdx] = l;
+            BigInteger myHay = haystack.multiply(generators[genIdx].modPow(BigInteger.valueOf(l), Parameters.elgamalP)).mod(Parameters.elgamalP);
+            return myHay.equals(needle);
+        } else {
+            BigInteger myHay = haystack;
+            for (int i = 0; i <= l; i++) {
+                combo[genIdx] = i;
+                boolean success = bruteForceDiscreteLog(l - i, combo, needle, myHay, generators, genIdx + 1);
+                if (success) {
+                    return true;
+                }
+                myHay = myHay.multiply(generators[genIdx]).mod(Parameters.elgamalP);
+            }
+        }
+        return false;
    }
    public Ciphertext encrypt(ThresholdPublicKey publicKey) {
        SecureRandom secureRandom = new SecureRandom();
        BigInteger c_1;
@@ -74,4 +113,11 @@ public class Plaintext implements Message {
        return ciphertext;
    }
+    @Override
+    public String toString() {
+        return "Plaintext{" +
+                "bits=" + Arrays.toString(bits) +
+                '}';
+    }
 }
diff --git a/src/main/java/org/gnunet/statistics/SetRequest.java b/src/main/java/org/gnunet/statistics/SetRequest.java
deleted file mode 100644
index c5fff66..0000000
--- a/src/main/java/org/gnunet/statistics/SetRequest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.gnunet.statistics;
-import org.gnunet.mq.Envelope;
-import org.gnunet.mq.MessageQueue;
-import org.gnunet.requests.Request;
-import org.gnunet.requests.RequestContainer;
-import org.gnunet.statistics.messages.SetMessage;
-import org.gnunet.util.RelativeTime;
-public class SetRequest extends Request {
-    /**
-     * Time after we give up on setting values in statistics
-     */
-    private static final RelativeTime SET_TIMEOUT = RelativeTime.SECOND.multiply(10);
-    private final static int SETFLAG_RELATIVE = 1;
-    private final static int SETFLAG_PERSIST = 2;
-    private final String subsystem;
-    private final String name;
-    private final boolean persist;
-    private final long value;
-    private final boolean relative;
-    public SetRequest(String subsystem, String name, long value, boolean relative, boolean persist) {
-        this.subsystem = subsystem;
-        this.name = name;
-        this.persist = persist;
-        this.value = value;
-        this.relative = relative;
-    }
-    @Override
-    public Envelope assembleRequest() {
-        SetMessage m = new SetMessage();
-        m.statisticName = name;
-        m.subsystemName = subsystem;
-        m.value = value;
-        if (relative)
-            m.flags |= SETFLAG_RELATIVE;
-        if (persist)
-            m.flags |= SETFLAG_PERSIST;
-        return new Envelope(m);
-    }
-    public void cancel() {
-        //To change body of implemented methods use File | Settings | File Templates.
-    }
-}
diff --git a/src/main/java/org/gnunet/util/BigIntegers.java b/src/main/java/org/gnunet/util/BigIntegers.java
index 473534f..f3f9fa7 100644
--- a/src/main/java/org/gnunet/util/BigIntegers.java
+++ b/src/main/java/org/gnunet/util/BigIntegers.java
@@ -31,18 +31,18 @@ public class BigIntegers {
    /**
     * Serialize a BigInteger, but do not add an extra bit for a
-     * sign.
+     * signRaw.
     *
     * @param bigInteger big integer to serialize
     * @param bits how many bits should the binary representation have?
     *             rounded up to the next multiple of 8.
-     * @return big endian representation of the given BigInteger, without a sign bit
+     * @return big endian representation of the given BigInteger, without a signRaw bit
     */
    public static byte[] serializeUnsigned(BigInteger bigInteger, int bits) {
        byte[] bytes = bigInteger.toByteArray();
        int start;
        Preconditions.checkArgument(bigInteger.bitCount() <= bits);
-        // skip byte that was only added to fit the sign
+        // skip byte that was only added to fit the signRaw
        if (bytes[0] == 0) {
            start = 1;
        } else {
diff --git a/src/main/java/org/gnunet/util/Connection.java b/src/main/java/org/gnunet/util/Connection.java
index cce32a4..d735b27 100644
--- a/src/main/java/org/gnunet/util/Connection.java
+++ b/src/main/java/org/gnunet/util/Connection.java
@@ -200,6 +200,7 @@ public class Connection {
                        return;
                    }
                } catch (IOException e) {
+                    logger.debug("got IOException ({}, {})", e.getClass().getName(), e.getMessage());
                    error();
                    return;
                }
diff --git a/src/main/java/org/gnunet/util/Strings.java b/src/main/java/org/gnunet/util/Strings.java
index c1c84f5..8de30ab 100644
--- a/src/main/java/org/gnunet/util/Strings.java
+++ b/src/main/java/org/gnunet/util/Strings.java
@@ -48,7 +48,7 @@ public class Strings {
        while ((rpos < size) || (vbit > 0)) {
            if ((rpos < size) && (vbit < 5)) {
                byte b = data[(int) rpos++];
-                // convert (possibly negative) byte to int without sign extension
+                // convert (possibly negative) byte to int without signRaw extension
                int s = b >= 0 ? b : (256 + b);
                // eat 8 more bits
                bits = (bits << 8) | s;
@@ -62,6 +62,8 @@ public class Strings {
            sb.append(encTable.charAt((int) (bits >>> (vbit - 5)) & 31));
            vbit -= 5;
        }
+        if (sb.length() != getEncodedStringLength(data.length))
+            throw new AssertionError();
        return sb.toString();
    }
@@ -74,34 +76,44 @@ public class Strings {
     * @return was the encoding successful?
     */
    public static boolean stringToData(String string, byte[] outData) {
-        long rpos;
+        long rpos; // read position
-        long wpos;
+        long wpos; // write position
-        long bits;
+        long bits; // bits to write next
        long vbit;
        long ret;
        long shift;
        int enclen = string.length();
        int encodedLen = outData.length * 8;
+        if (0 == enclen) {
+            if (0 == outData.length)
+                return true;
+            return false;
+        }
+        wpos = outData.length;
+        rpos = enclen;
        if (encodedLen % 5 > 0) {
            // padding!
            vbit = encodedLen % 5;
            shift = 5 - vbit;
+            bits = (ret = getValue(string.charAt((int) (--rpos)))) >>> (5 - (encodedLen % 5));
        } else {
-            vbit = 0;
+            vbit = 5;
            shift = 0;
+            bits = (ret = getValue(string.charAt((int) (--rpos))));
        }
        if ((encodedLen + shift) / 5 != enclen) {
            return false;
        }
-        wpos = outData.length;
-        rpos = enclen;
-        bits = (ret = getValue(string.charAt((int) (--rpos)))) >> (5 - encodedLen % 5);
        if (-1 == ret) {
            return false;
        }
        while (wpos > 0) {
-            assert rpos > 0;
+            if (0 == rpos) {
+                throw new AssertionError("rpos=0, but wpos " + wpos);
+            }
            bits = ((ret = getValue(string.charAt((int) (--rpos)))) << vbit) | bits;
            if (-1 == ret) {
                return false;
@@ -109,12 +121,13 @@ public class Strings {
            vbit += 5;
            if (vbit >= 8) {
                outData[(int)--wpos] = (byte)((char) bits);
-                bits >>= 8;
+                bits >>>= 8;
                vbit -= 8;
            }
        }
-        assert(rpos == 0);
+        if (rpos != 0 || vbit != 0) {
-        assert(vbit == 0);
+            return false;
+        }
        return true;
    }
@@ -165,4 +178,8 @@ public class Strings {
        }
        return -1;
    }
+    public static byte[] stringToData(String s) {
+        return stringToData(s, getDecodedDataLength(s.length()));
+    }
 }
diff --git a/src/main/java/org/gnunet/util/crypto/ContentWithPurposeMessage.java b/src/main/java/org/gnunet/util/crypto/ContentWithPurposeMessage.java
new file mode 100644
index 0000000..9aa09ef
--- /dev/null
+++ b/src/main/java/org/gnunet/util/crypto/ContentWithPurposeMessage.java
@@ -0,0 +1,17 @@
+package org.gnunet.util.crypto;
+import org.gnunet.construct.Message;
+import org.gnunet.construct.UInt32;
+import org.gnunet.construct.Union;
+/**
+ * Purpose header fields, together with content union.
+ */
+public class ContentWithPurposeMessage<M extends SignedContentMessage> implements Message {
+    @UInt32
+    public int size;
+    @UInt32
+    public int purpose;
+    @Union(tag = "purpose")
+    public M m;
+}
diff --git a/src/main/java/org/gnunet/util/crypto/EcdsaPrivateKey.java b/src/main/java/org/gnunet/util/crypto/EcdsaPrivateKey.java
index ce68525..46476d4 100644
--- a/src/main/java/org/gnunet/util/crypto/EcdsaPrivateKey.java
+++ b/src/main/java/org/gnunet/util/crypto/EcdsaPrivateKey.java
@@ -24,6 +24,10 @@ import org.gnunet.construct.FixedSizeIntegerArray;
 import org.gnunet.construct.Message;
 import org.gnunet.util.HashCode;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOError;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.security.SecureRandom;
@@ -56,29 +60,42 @@ public class EcdsaPrivateKey implements Message {
        return privateKey;
    }
+    public EcdsaSignature sign(byte[] data, int purpose) {
+        return sign(data, purpose, getPublicKey());
+    }
+    public EcdsaSignature sign(byte[] data, int purpose, EcdsaPublicKey publicKey) {
+        ByteArrayOutputStream os = new ByteArrayOutputStream(data.length + 8);
+        DataOutputStream dos = new DataOutputStream(os);
+        try {
+            dos.writeInt(data.length);
+            dos.writeInt(purpose);
+            dos.write(data);
+        } catch (IOException e) {
+            throw new IOError(e);
+        }
+        return signRaw(publicKey, os.toByteArray());
+    }
    /**
-     * Sign the given data with this private key.  Must include a purpose to mitigate
+     * Sign the given data with this private key.
-     * replay / copy and paste attacks.
     *
-     * @param purpose purpose for the signature
+     * @param data data to signRaw
-     * @param data data to sign
     * @return the signature over both the data and the purpose
     */
-    public EcdsaSignature sign(int purpose, byte[] data) {
+    public EcdsaSignature signRaw(byte[] data) {
-        return sign(getPublicKey(), purpose, data);
+        return signRaw(getPublicKey(), data);
    }
    /**
-     * Sign the given data with this private key.  Must include a purpose to mitigate
+     * Sign the given data with this private key.
-     * replay / copy and paste attacks.
     *
     * @param publicKey public key corresponding to this private key, supplying this parameter
     *                  leads to better performance as the public key does not have to be derived
-     * @param purpose purpose for the signature
+     * @param data data to signRaw
-     * @param data data to sign
     * @return the signature over both the data and the purpose
     */
-    public EcdsaSignature sign(EcdsaPublicKey publicKey, int purpose, byte[] data) {
+    public EcdsaSignature signRaw(EcdsaPublicKey publicKey, byte[] data) {
        EcdsaSignature signature = new EcdsaSignature();
        DsaPrng prng = new DsaPrng(d, data);
        HashCode h = HashCode.hash(data);
diff --git a/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java b/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
index e02191d..9e01a6f 100644
--- a/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
+++ b/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
@@ -26,6 +26,10 @@ import org.gnunet.construct.Message;
 import org.gnunet.util.HashCode;
 import org.gnunet.util.Strings;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOError;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.security.SecureRandom;
@@ -57,11 +61,10 @@ public class EcdsaSignature implements Message {
     * given data and purpose.
     *
     * @param m message that was signed
-     * @param purpose purpose of the signature
     * @param publicKey public key to check for
     * @return whether the signature is valid
     */
-    public boolean verify(byte[] m, int purpose, EcdsaPublicKey publicKey) {
+    public boolean verifyRaw(byte[] m, EcdsaPublicKey publicKey) {
        if (publicKey.asPoint().isIdentity()) {
            throw new AssertionError();
        }
@@ -75,16 +78,6 @@ public class EcdsaSignature implements Message {
        }
        HashCode h = HashCode.hash(m);
-        /*
-        byte[] zPart = new byte[32];
-        System.arraycopy(h.data, 0, zPart, 0, 32);
-        for (int i = 0; i < 16; i++) {
-            byte tmp = zPart[i];
-            zPart[i] = zPart[31-i];
-            zPart[31 - i] = tmp;
-        }
-        BigInteger z = new BigInteger(1, zPart);
-        */
        BigInteger z = new BigInteger(1, h.data);
        BigInteger sCoeff = Ed25519.decodeScalar(s);
        BigInteger rCoeff = Ed25519.decodeScalar(r);
@@ -98,6 +91,19 @@ public class EcdsaSignature implements Message {
        return P.P0.mod(Ed25519.l).equals(rCoeff);
    }
+    public boolean verify(byte[] data, int purpose, EcdsaPublicKey publicKey) {
+        ByteArrayOutputStream os = new ByteArrayOutputStream(data.length + 8);
+        DataOutputStream dos = new DataOutputStream(os);
+        try {
+            dos.writeInt(data.length);
+            dos.writeInt(purpose);
+            dos.write(data);
+        } catch (IOException e) {
+            throw new IOError(e);
+        }
+        return verifyRaw(os.toByteArray(), publicKey);
+    }
    /**
     * Load a signature from a string.
     *
diff --git a/src/main/java/org/gnunet/util/crypto/EcdsaSignedMessage.java b/src/main/java/org/gnunet/util/crypto/EcdsaSignedMessage.java
index bfc3fe4..0d9e218 100644
--- a/src/main/java/org/gnunet/util/crypto/EcdsaSignedMessage.java
+++ b/src/main/java/org/gnunet/util/crypto/EcdsaSignedMessage.java
@@ -20,41 +20,48 @@
 package org.gnunet.util.crypto;
-import org.gnunet.construct.Construct;
+import org.gnunet.construct.*;
-import org.gnunet.construct.Message;
-import org.gnunet.construct.NestedMessage;
-import org.gnunet.construct.UInt32;
 /**
 * A message together with a signature on the message and its purpose.
 */
-public class EcdsaSignedMessage<M extends Message> implements Message {
+public class EcdsaSignedMessage<M extends SignedContentMessage> implements Message {
    @NestedMessage
    public EcdsaSignature signature;
-    @UInt32
-    public int purpose;
+    @NestedMessage(newFrame = true)
-    @NestedMessage
+    public ContentWithPurposeMessage<M> cpm;
-    public M innerMessage;
    public EcdsaSignedMessage() {
        // empty constructor required by org.gnunet.construct
    }
-    public boolean verify(EcdsaPublicKey signerPublicKey) {
+    public boolean verify(EcdsaPublicKey signerPublicKey, Class<? extends SignedContentMessage> expectedClass) {
-        return signature.verify(Construct.toBinary(innerMessage), purpose, signerPublicKey);
+        if (!expectedClass.isInstance(cpm.m)) {
+            return false;
+        }
+        System.out.println("right class");
+        byte[] data = Construct.toBinary(cpm);
+        return signature.verifyRaw(data, signerPublicKey);
    }
-    public static <T extends Message> EcdsaSignedMessage<T> signMessage(T innerMessage, int purpose,
+    public EcdsaSignedMessage(M message, EcdsaPrivateKey privateKey,
-                                             EcdsaPrivateKey privateKey, EcdsaPublicKey publicKey) {
+                              EcdsaPublicKey publicKey) {
-        EcdsaSignedMessage<T> esm = new EcdsaSignedMessage<T>();
+        cpm = new ContentWithPurposeMessage();
-        esm.purpose = purpose;
+        cpm.m = message;
-        esm.innerMessage = innerMessage;
+        Construct.patch(cpm);
-        esm.signature = privateKey.sign(purpose, Construct.toBinary(innerMessage));
+        byte[] data = Construct.toBinary(cpm);
-        return esm;
+        signature = privateKey.signRaw(publicKey, data);
    }
-    public static <T extends Message> EcdsaSignedMessage<T> signMessage(T innerMessage, int purpose,
+    public EcdsaSignedMessage(M message, EcdsaPrivateKey privateKey) {
-                                             EcdsaPrivateKey privateKey) {
+        this(message, privateKey, privateKey.getPublicKey());
-        return signMessage(innerMessage, purpose, privateKey, privateKey.getPublicKey());
    }
+    public M get() {
+        return cpm.m;
+    }
 }
diff --git a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
index 8424dc6..921d625 100644
--- a/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
+++ b/src/main/java/org/gnunet/util/crypto/EddsaPrivateKey.java
@@ -22,6 +22,10 @@ package org.gnunet.util.crypto;
 import org.gnunet.construct.FixedSizeIntegerArray;
 import org.gnunet.construct.Message;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOError;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.ByteBuffer;
 import java.security.MessageDigest;
@@ -32,8 +36,8 @@ public class EddsaPrivateKey implements Message {
    @FixedSizeIntegerArray(bitSize = 8, signed = false, length = 32)
    public byte[] d;
-    public EddsaSignature sign(int purpose, byte[] m) {
+    public EddsaSignature signRaw(byte[] m) {
-        return sign(getPublicKey(), purpose, m);
+        return signRaw(getPublicKey(), m);
    }
    /**
@@ -42,11 +46,10 @@ public class EddsaPrivateKey implements Message {
     *
     * @param publicKey public key corresponding to this private key, supplying this parameter
     *                  leads to better performance as the public key does not have to be derived
-     * @param purpose purpose for the signature
+     * @param m data to signRaw
-     * @param m data to sign
     * @return the signature over both the data and the purpose
     */
-    public EddsaSignature sign(EddsaPublicKey publicKey, int purpose, byte[] m) {
+    public EddsaSignature signRaw(EddsaPublicKey publicKey, byte[] m) {
        if (!publicKey.asPoint().isOnCurve()) {
            throw new AssertionError();
        }
@@ -115,6 +118,24 @@ public class EddsaPrivateKey implements Message {
        return a;
    }
+    public EddsaSignature sign(byte[] data, int purpose) {
+        return sign(data, purpose, getPublicKey());
+    }
+    public EddsaSignature sign(byte[] data, int purpose, EddsaPublicKey publicKey) {
+        ByteArrayOutputStream os = new ByteArrayOutputStream(data.length + 8);
+        DataOutputStream dos = new DataOutputStream(os);
+        try {
+            dos.writeInt(data.length);
+            dos.writeInt(purpose);
+            dos.write(data);
+        } catch (IOException e) {
+            throw new IOError(e);
+        }
+        return signRaw(publicKey, os.toByteArray());
+    }
    /**
     * Get the public key for this private key.
     *
diff --git a/src/main/java/org/gnunet/util/crypto/EddsaPublicKey.java b/src/main/java/org/gnunet/util/crypto/EddsaPublicKey.java
index aa43a0b..be5a0f8 100644
--- a/src/main/java/org/gnunet/util/crypto/EddsaPublicKey.java
+++ b/src/main/java/org/gnunet/util/crypto/EddsaPublicKey.java
@@ -24,6 +24,10 @@ import org.gnunet.construct.FixedSizeIntegerArray;
 import org.gnunet.construct.Message;
 import org.gnunet.util.Strings;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOError;
+import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.Arrays;
diff --git a/src/main/java/org/gnunet/util/crypto/EddsaSignature.java b/src/main/java/org/gnunet/util/crypto/EddsaSignature.java
index 56b5995..ff78908 100644
--- a/src/main/java/org/gnunet/util/crypto/EddsaSignature.java
+++ b/src/main/java/org/gnunet/util/crypto/EddsaSignature.java
@@ -25,6 +25,10 @@ import org.gnunet.construct.FixedSizeIntegerArray;
 import org.gnunet.construct.Message;
 import org.gnunet.util.Strings;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOError;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.ByteBuffer;
 import java.security.SecureRandom;
@@ -58,11 +62,10 @@ public class EddsaSignature implements Message {
     * Verify the signature on a message with given purpose.
     *
     * @param m
-     * @param purpose
     * @param publicKey
     * @return
     */
-    public boolean verify(byte[] m, int purpose, EddsaPublicKey publicKey) {
+    public boolean verifyRaw(byte[] m, EddsaPublicKey publicKey) {
        Ed25519 R = Ed25519.decode(r);
        if (!R.isOnCurve())
            return false;
@@ -99,6 +102,20 @@ public class EddsaSignature implements Message {
        return sig;
    }
+    public boolean verify(byte[] data, int purpose, EddsaPublicKey publicKey) {
+        ByteArrayOutputStream os = new ByteArrayOutputStream(data.length + 8);
+        DataOutputStream dos = new DataOutputStream(os);
+        try {
+            dos.writeInt(data.length);
+            dos.writeInt(purpose);
+            dos.write(data);
+        } catch (IOException e) {
+            throw new IOError(e);
+        }
+        return verifyRaw(os.toByteArray(), publicKey);
+    }
    /**
     * Return a signature that is invalid with very, very high probability.
     *
diff --git a/src/main/java/org/gnunet/util/crypto/EddsaSignedMessage.java b/src/main/java/org/gnunet/util/crypto/EddsaSignedMessage.java
new file mode 100644
index 0000000..04a2965
--- /dev/null
+++ b/src/main/java/org/gnunet/util/crypto/EddsaSignedMessage.java
@@ -0,0 +1,63 @@
+/*
+ This file is part of GNUnet.
+  (C) 2012, 2013 Christian Grothoff (and other contributing authors)
+  GNUnet is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published
+  by the Free Software Foundation; either version 3, or (at your
+  option) any later version.
+  GNUnet is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+  You should have received a copy of the GNU General Public License
+  along with GNUnet; see the file COPYING.  If not, write to the
+  Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+  Boston, MA 02111-1307, USA.
+ */
+package org.gnunet.util.crypto;
+import org.gnunet.construct.Construct;
+import org.gnunet.construct.Message;
+import org.gnunet.construct.NestedMessage;
+/**
+ * A message together with a signature on the message and its purpose.
+ */
+public class EddsaSignedMessage implements Message {
+    @NestedMessage
+    public EddsaSignature signature;
+    @NestedMessage(newFrame = true)
+    public ContentWithPurposeMessage cpm;
+    public EddsaSignedMessage() {
+        // empty constructor required by org.gnunet.construct
+    }
+    public boolean verify(EddsaPublicKey signerPublicKey, Class<? extends SignedContentMessage> expectedClass) {
+        if (!expectedClass.isInstance(cpm.m)) {
+            return false;
+        }
+        byte[] data = Construct.toBinary(cpm);
+        return signature.verifyRaw(data, signerPublicKey);
+    }
+    public EddsaSignedMessage(SignedContentMessage message, EddsaPrivateKey privateKey,
+                              EddsaPublicKey publicKey) {
+        cpm = new ContentWithPurposeMessage();
+        cpm.m = message;
+        Construct.patch(cpm);
+        byte[] data = Construct.toBinary(cpm);
+        signature = privateKey.signRaw(publicKey, data);
+    }
+    public EddsaSignedMessage(SignedContentMessage message, EddsaPrivateKey privateKey) {
+        this(message, privateKey, privateKey.getPublicKey());
+    }
+}
diff --git a/src/main/java/org/gnunet/util/crypto/SignedContentMessage.java b/src/main/java/org/gnunet/util/crypto/SignedContentMessage.java
new file mode 100644
index 0000000..77dd300
--- /dev/null
+++ b/src/main/java/org/gnunet/util/crypto/SignedContentMessage.java
@@ -0,0 +1,8 @@
+package org.gnunet.util.crypto;
+import org.gnunet.construct.MessageUnion;
+public interface SignedContentMessage extends MessageUnion {
+    // empty, this is a tag interface
+}
diff --git a/src/main/java/org/gnunet/voting/Ballot.java b/src/main/java/org/gnunet/voting/Ballot.java
index 92ec7da..a470ac0 100644
--- a/src/main/java/org/gnunet/voting/Ballot.java
+++ b/src/main/java/org/gnunet/voting/Ballot.java
@@ -27,6 +27,7 @@ import com.google.common.collect.BiMap;
 import com.google.common.collect.HashBiMap;
 import com.google.common.collect.Maps;
 import com.google.common.primitives.Longs;
+import org.gnunet.secretsharing.Parameters;
 import org.gnunet.secretsharing.ThresholdPublicKey;
 import org.gnunet.util.AbsoluteTime;
 import org.gnunet.util.Configuration;
@@ -37,7 +38,10 @@ import org.gnunet.util.crypto.EcdsaPublicKey;
 import org.gnunet.util.crypto.EcdsaSignature;
 import org.gnunet.util.crypto.EddsaSignature;
 import org.gnunet.voting.messages.KeyQueryResponseMessage;
+import org.gnunet.voting.simulation.VotingParameters;
+import org.omg.CORBA.DynAnyPackage.Invalid;
+import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.*;
@@ -129,6 +133,11 @@ public class Ballot {
    SortedMap<String,KeyQueryResponseMessage> thresholdPublicKeys;
    /**
+     * Generators, one for each choice.
+     */
+    BigInteger generators[];
+    /**
     * Threshold for the election.
     */
    public int threshold;
@@ -310,6 +319,19 @@ public class Ballot {
            m.signedGuidKey.publicKey = ThresholdPublicKey.fromString(e.getValue());
            thresholdPublicKeys.put(alias, m);
        }
+        // If there's one generator, the others have to be there, too.
+        if (cfg.haveValue("generators", "g0")) {
+            generators = new BigInteger[choices.size()];
+            for (int i = 0; i < choices.size(); i++) {
+                Optional<String> optG = cfg.getValueString("generators", "g"+i);
+                if (!optG.isPresent()) {
+                    throw new InvalidBallotException(
+                            String.format("Generator %s is missing.  Please issue the ballot correctlly", i));
+                }
+                generators[i] = new BigInteger(optG.get(), 16);
+            }
+        }
    }
    /**
@@ -387,6 +409,9 @@ public class Ballot {
     */
    public void encodeChoice(String choice, ThresholdPublicKey thresholdPublicKey,
                             EcdsaPrivateKey voterPrivateKey) {
+        if (null == generators || generators.length != choices.size()) {
+            throw new InvalidBallotException("Can't encrypt vote without valid generators.");
+        }
        int choiceId = -1;
        int i = 0;
        for (String possibleChoice : choices) {
@@ -396,7 +421,8 @@ public class Ballot {
            i++;
        }
        voterPub = voterPrivateKey.getPublicKey();
-        encryptedVote = EncryptedVote.fromChoice(choiceId, thresholdPublicKey, voterPrivateKey, voterPub);
+        encryptedVote = EncryptedVote.fromChoice(choiceId, thresholdPublicKey, voterPrivateKey, voterPub,
+                generators);
        System.out.println("voter encrypted vote, ciphertext: " + encryptedVote.v.toString());
        System.out.println("threshold key (of voter): " + thresholdPublicKey.toString());
    }
@@ -452,6 +478,11 @@ public class Ballot {
            cfg.setValueString("threshold-pubkey-sigs", e.getKey(),
                    e.getValue().signature.toString());
        }
+        if (generators != null) {
+            for (int i = 0; i < generators.length; i++) {
+                cfg.setValueString("generators", "g"+i, generators[i].toString(16));
+            }
+        }
        return cfg;
    }
@@ -606,13 +637,18 @@ public class Ballot {
    /**
     * Add the issuer to the ballot, and sign the election information in the ballot.
+     * Also selects the generators for every choice.
     *
     * @param privateKey private key of the issuer
     */
    public void issue(EcdsaPrivateKey privateKey) {
+        generators = new BigInteger[choices.size()];
+        for (int i = 0; i < choices.size(); i++) {
+            generators[i] = VotingParameters.selectSubgroupGenerator(Parameters.elgamalP, Parameters.elgamalQ);
+        }
        issuerPub = privateKey.getPublicKey();
        // FIXME: purpose
-        issuerSig = privateKey.sign(0, getBallotGuid().data);
+        issuerSig = privateKey.sign(getBallotGuid().data, 0);
    }
    /**
diff --git a/src/main/java/org/gnunet/voting/BallotTool.java b/src/main/java/org/gnunet/voting/BallotTool.java
index d03e0ea..c65c361 100644
--- a/src/main/java/org/gnunet/voting/BallotTool.java
+++ b/src/main/java/org/gnunet/voting/BallotTool.java
@@ -146,9 +146,9 @@ public class BallotTool extends Program {
    private Mesh mesh;
    /**
-     * A tunnel to 'currentAuthority' or null.
+     * A channel to 'currentAuthority' or null.
     */
-    private Mesh.Tunnel tunnel;
+    private Mesh.Channel channel;
    /**
     * The authority we are currently communicating with.
@@ -156,7 +156,7 @@ public class BallotTool extends Program {
    private PeerIdentity currentAuthority;
    /**
-     * Are we finished with communicating over the mesh tunnel and don't need to worry about
+     * Are we finished with communicating over the mesh channel and don't need to worry about
     * disconnection?
     */
    private boolean tunnelCommunicationFinished;
@@ -165,11 +165,11 @@ public class BallotTool extends Program {
    public class BallotTunnelEndHandler implements TunnelEndHandler {
        @Override
-        public void onTunnelEnd(final Mesh.Tunnel tunnel) {
+        public void onChannelEnd(final Mesh.Channel channel) {
            // FIXME: just re-running 'doCommands' is a bit of a hack
-            BallotTool.this.tunnel = null;
+            BallotTool.this.channel = null;
            if (!tunnelCommunicationFinished) {
-                logger.warn("mesh tunnel disconnected, but operation not finished");
+                logger.warn("mesh channel disconnected, but operation not finished");
                Scheduler.addDelayed(tunnelReconnectBackoff, new Scheduler.Task() {
                    @Override
                    public void run(Scheduler.RunContext ctx) {
@@ -182,14 +182,14 @@ public class BallotTool extends Program {
    }
    /**
-     * Destroy the tunnel to the authority as well
+     * Destroy the channel to the authority as well
     * as the mesh handle.
     */
    private void endMesh() {
        tunnelCommunicationFinished = true;
-        if (null != tunnel) {
+        if (null != channel) {
-            tunnel.destroy();
+            channel.destroy();
-            tunnel = null;
+            channel = null;
        }
        if (null != mesh) {
            mesh.destroy();
@@ -260,7 +260,7 @@ public class BallotTool extends Program {
        public void visit(SubmitFailureMessage m) {
            System.out.println("vote not submitted: " + m.reason);
            if (m.signedAuthorityTime != null) {
-                // FIXME: verify
+                // FIXME: verifyRaw
                System.out.println("authority time: " +
                        AbsoluteTime.fromNetwork(m.signedAuthorityTime.time).toFancyString());
            }
@@ -323,11 +323,11 @@ public class BallotTool extends Program {
            currentAuthority = remainingAuthorities.get(r.nextInt(remainingAuthorities.size()));
            System.out.println("registering ballot with authority " + currentAuthority.toString());
            mesh = new Mesh(getConfiguration(), new BallotTunnelEndHandler(), new BallotRegisterReceiver());
-            tunnel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true);
+            channel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true);
            BallotRegisterRequestMessage m = new BallotRegisterRequestMessage();
            CompressedConfig ccfg = new CompressedConfig(ballot.toConfiguration());
            m.compressedBallotConfig = ccfg.compressedData;
-            tunnel.send(m);
+            channel.send(m);
            return;
        }
        if (issue) {
@@ -368,7 +368,7 @@ public class BallotTool extends Program {
            System.out.println("submitting to authority " + authority.toString());
            currentAuthority = authority;
            mesh = new Mesh(cfg, new BallotTunnelEndHandler(), new SubmitReceiver());
-            tunnel = mesh.createTunnel(authority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
+            channel = mesh.createTunnel(authority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
            SubmitMessage m = new SubmitMessage();
            if (ballot.voterPub == null) {
                throw new InvalidBallotException("no voter in ballot");
@@ -384,7 +384,7 @@ public class BallotTool extends Program {
                throw new InvalidBallotException("no encrypted vote in ballot");
            }
            m.encryptedVote = ballot.encryptedVote;
-            tunnel.send(m);
+            channel.send(m);
            return;
        }
        if (verify) {
@@ -402,10 +402,10 @@ public class BallotTool extends Program {
            currentAuthority = remainingAuthorities.get(r.nextInt(remainingAuthorities.size()));
            System.out.println("querying authority " + currentAuthority.toString());
            mesh = new Mesh(cfg, new BallotTunnelEndHandler(), new QueryReceiver());
-            tunnel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
+            channel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
            ResultQueryMessage m = new ResultQueryMessage();
            m.ballotGuid = ballot.getBallotGuid();
-            tunnel.send(m);
+            channel.send(m);
            return;
        }
        if (requestKey) {
@@ -418,10 +418,10 @@ public class BallotTool extends Program {
            currentAuthority = remainingAuthorities.get(r.nextInt(remainingAuthorities.size()));
            System.out.println("asking authority for key " + currentAuthority.toString());
            mesh = new Mesh(cfg, new BallotTunnelEndHandler(), new PublicKeyReceiver());
-            tunnel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
+            channel = mesh.createTunnel(currentAuthority, TallyAuthorityDaemon.MESH_PORT, true, true, null);
            KeyQueryMessage m = new KeyQueryMessage();
            m.ballotGuid = ballot.getBallotGuid();
-            tunnel.send(m);
+            channel.send(m);
            return;
        }
        setReturnValue(1);
diff --git a/src/main/java/org/gnunet/voting/ChaumPedersenZkp.java b/src/main/java/org/gnunet/voting/ChaumPedersenZkp.java
new file mode 100644
index 0000000..dcfb60a
--- /dev/null
+++ b/src/main/java/org/gnunet/voting/ChaumPedersenZkp.java
@@ -0,0 +1,75 @@
+/*
+ This file is part of GNUnet.
+ (C) 2014 Christian Grothoff (and other contributing authors)
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING.  If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+package org.gnunet.voting;
+import org.gnunet.construct.FixedSizeIntegerArray;
+import org.gnunet.construct.Message;
+import org.gnunet.secretsharing.Parameters;
+import java.math.BigInteger;
+/**
+ * Proof in zero knowledge of dlog equality.
+ * Proves log_g(x) = log_h(y) = alpha
+ * FIXME: get the details right, the Cramers voting paper uses a proof that is a
+ * FIXME: bit different from the plain chaum pedersen proof
+ */
+public class ChaumPedersenZkp implements Message {
+    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
+    public byte[] commit_a;
+    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
+    public byte[] commit_b;
+    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
+    public byte[] challenge_d;
+    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
+    public byte[] response_r;
+    /**
+     * Verify the simulated proof.  That is, don't check
+     * if the challenge was actually computed correctly from the commits.
+     */
+    public boolean verifySim(BigInteger x, BigInteger y, BigInteger coeffG, BigInteger h) {
+        BigInteger a = new BigInteger(1, commit_a);
+        BigInteger b = new BigInteger(1, commit_b);
+        BigInteger d = new BigInteger(1, challenge_d);
+        BigInteger r = new BigInteger(1, response_r);
+        BigInteger g = Parameters.elgamalG;
+        BigInteger p = Parameters.elgamalP;
+        if (!b.equals(h.modPow(r, p).multiply(y.multiply(coeffG.modInverse(p)).modPow(d, p)).mod(p))) {
+            System.out.println("b not equal");
+            return false;
+        }
+        if (!a.equals(g.modPow(r, p).multiply(x.modPow(d, p)).mod(p))) {
+            System.out.println("a not equal");
+            return false;
+        }
+        return true;
+    }
+}
diff --git a/src/main/java/org/gnunet/voting/DisjunctionZkp.java b/src/main/java/org/gnunet/voting/DisjunctionZkp.java
new file mode 100644
index 0000000..cfa823c
--- /dev/null
+++ b/src/main/java/org/gnunet/voting/DisjunctionZkp.java
@@ -0,0 +1,64 @@
+/*
+ This file is part of GNUnet.
+ (C) 2014 Christian Grothoff (and other contributing authors)
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING.  If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+package org.gnunet.voting;
+import org.gnunet.construct.*;
+import org.gnunet.secretsharing.Parameters;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+/**
+ * Disjunction of Chaum Pedersen ZKPs.
+ */
+public class DisjunctionZkp implements Message {
+    @UInt64
+    public int numProofs;
+    @FixedSizeIntegerArray(signed = true, bitSize = 8, length = Parameters.elgamalBits / 8)
+    public byte[] challenge_c;
+    @VariableSizeArray(lengthField = "numProofs")
+    public ChaumPedersenZkp[] chaumPedersenZkps;
+    public boolean verifyChallenge() {
+        BigInteger c_actual = new BigInteger(1, challenge_c);
+        BigInteger c_expected = BigInteger.ZERO;
+        for (ChaumPedersenZkp chaumPedersenZkp : chaumPedersenZkps) {
+            BigInteger d = new BigInteger(1, chaumPedersenZkp.challenge_d);
+            c_expected = c_expected.add(d).mod(Parameters.elgamalQ);
+        }
+        return c_actual.equals(c_expected) && computeChallengeFromCommits().equals(c_actual);
+    }
+    public BigInteger computeChallengeFromCommits() {
+        MessageDigest digest;
+        try {
+            digest = MessageDigest.getInstance("SHA-512");
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("crypto algorithm 'SHA-512' required but not provided");
+        }
+        for (ChaumPedersenZkp chaumPedersenZkp : chaumPedersenZkps) {
+            digest.update(chaumPedersenZkp.commit_a);
+            digest.update(chaumPedersenZkp.commit_b);
+        }
+        return (new BigInteger(digest.digest())).mod(Parameters.elgamalQ);
+    }
+}
diff --git a/src/main/java/org/gnunet/voting/EncryptedVote.java b/src/main/java/org/gnunet/voting/EncryptedVote.java
index 6fa0d1f..aab4e2b 100644
--- a/src/main/java/org/gnunet/voting/EncryptedVote.java
+++ b/src/main/java/org/gnunet/voting/EncryptedVote.java
@@ -22,49 +22,33 @@ package org.gnunet.voting;
 import com.google.common.base.Optional;
+import org.gnunet.construct.Construct;
 import org.gnunet.construct.Message;
 import org.gnunet.construct.NestedMessage;
 import org.gnunet.secretsharing.Ciphertext;
-import org.gnunet.secretsharing.Plaintext;
+import org.gnunet.secretsharing.Parameters;
 import org.gnunet.secretsharing.ThresholdPublicKey;
+import org.gnunet.util.BigIntegers;
 import org.gnunet.util.Configuration;
+import org.gnunet.util.Strings;
 import org.gnunet.util.crypto.EcdsaPrivateKey;
 import org.gnunet.util.crypto.EcdsaPublicKey;
-import org.gnunet.voting.simulation.Voter;
+import org.gnunet.util.crypto.SignedContentMessage;
-import org.omg.CORBA.DynAnyPackage.Invalid;
+import org.gnunet.voting.simulation.CryptoUtil;
 import java.math.BigInteger;
+import java.util.Arrays;
-public class EncryptedVote implements Message {
+public class EncryptedVote implements Message, SignedContentMessage {
    @NestedMessage
    public Ciphertext v;
+    @NestedMessage
+    public DisjunctionZkp disjunctionZkp;
    @NestedMessage
    public EcdsaPublicKey voterPublicKey;
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        EncryptedVote that = (EncryptedVote) o;
-        if (v != null ? !v.equals(that.v) : that.v != null) return false;
-        if (voterPublicKey != null ? !voterPublicKey.equals(that.voterPublicKey) : that.voterPublicKey != null)
-            return false;
-        return true;
-    }
-    @Override
-    public int hashCode() {
-        int result = v != null ? v.hashCode() : 0;
-        result = 31 * result + (voterPublicKey != null ? voterPublicKey.hashCode() : 0);
-        return result;
-    }
    /**
     * Construct an EncryptedVote by parsing it from the configuration.
     * The voter public key must be passed separately.
@@ -78,30 +62,127 @@ public class EncryptedVote implements Message {
        if (!optVal.isPresent()) {
            return null;
        }
+        Optional<String> optZkp = cfg.getValueString("vote", "ZKP");
+        if (!optZkp.isPresent()) {
+            return null;
+        }
        EncryptedVote encryptedVote = new EncryptedVote();
        encryptedVote.voterPublicKey = voterPublicKey;
        encryptedVote.v = Ciphertext.fromString(optVal.get());
+        System.out.println("reading, string size " + optZkp.get().length());
+        byte[] zkpData = Strings.stringToData(optZkp.get());
+        if (null == zkpData) {
+            throw new InvalidBallotException("could not read ZKP from ballot");
+        }
+        encryptedVote.disjunctionZkp = Construct.parseAs(zkpData, DisjunctionZkp.class);
        return encryptedVote;
    }
-    // TODO: zero knowledge proof
-    // TODO: signature
+    public static EncryptedVote fromChoice(int choiceId, ThresholdPublicKey thresholdPublicKey, EcdsaPublicKey voterPublicKey,
+                                           BigInteger[] generators) {
-    public static EncryptedVote fromChoice(int choiceId, ThresholdPublicKey thresholdPublicKey,
-                                           EcdsaPrivateKey voterPrivateKey, EcdsaPublicKey voterPublicKey) {
-        // for now, we only support one choice!
-        if (choiceId < 0 || choiceId > 1) {
-            throw new InvalidBallotException(String.format("choice '%s' not valid", choiceId));
-        }
-        int choiceExp = (choiceId == 1) ? 1 : -1;
-        // FIXME: can we use 'g', or should we use another generator?
-        Plaintext p = Plaintext.generate(BigInteger.valueOf(choiceExp));
        EncryptedVote encryptedVote = new EncryptedVote();
-        encryptedVote.v = p.encrypt(thresholdPublicKey);
+        encryptedVote.v = new Ciphertext();
        encryptedVote.voterPublicKey = voterPublicKey;
+        encryptedVote.disjunctionZkp = new DisjunctionZkp();
+        encryptedVote.disjunctionZkp.chaumPedersenZkps = new ChaumPedersenZkp[generators.length];
+        encryptedVote.disjunctionZkp.numProofs = generators.length;
+        // the discrete logarithm
+        BigInteger alpha = Parameters.randomQ();
+        // the secret for the ZKP
+        BigInteger w = Parameters.randomQ();
+        BigInteger h = new BigInteger(1, thresholdPublicKey.bits);
+        BigInteger g = Parameters.elgamalG;
+        BigInteger p = Parameters.elgamalP;
+        BigInteger q = Parameters.elgamalQ;
+        BigInteger x = Parameters.modPowG(alpha);
+        BigInteger y = h.modPow(alpha, p).multiply(generators[choiceId]).mod(p);
+        encryptedVote.v.c_1 = BigIntegers.serializeUnsigned(x, Parameters.elgamalBits);
+        encryptedVote.v.c_2 = BigIntegers.serializeUnsigned(y, Parameters.elgamalBits);
+        // sum of all the simulation challenges
+        BigInteger d_sim_sum = BigInteger.ZERO;
+        // generate simulated proofs
+        for (int i = 0; i < generators.length; i++) {
+            if (i == choiceId) {
+                continue;
+            }
+            BigInteger r = Parameters.randomQ();
+            BigInteger d = Parameters.randomQ();
+            BigInteger a = g.modPow(r, p).multiply(x.modPow(d, p)).mod(p);
+            BigInteger b = h.modPow(r, p).multiply(y.multiply(generators[i].modInverse(p)).modPow(d, p)).mod(p);
+            d_sim_sum = d_sim_sum.add(d);
+            ChaumPedersenZkp zkp = new ChaumPedersenZkp();
+            zkp.challenge_d = BigIntegers.serializeUnsigned(d, Parameters.elgamalBits);
+            zkp.response_r = BigIntegers.serializeUnsigned(r, Parameters.elgamalBits);
+            zkp.commit_a = BigIntegers.serializeUnsigned(a, Parameters.elgamalBits);
+            zkp.commit_b = BigIntegers.serializeUnsigned(b, Parameters.elgamalBits);
+            if (!zkp.verifySim(x, y, generators[i], h)) {
+                throw new AssertionError("crypto not working");
+            }
+            encryptedVote.disjunctionZkp.chaumPedersenZkps[i] = zkp;
+        }
+        ChaumPedersenZkp zkp = new ChaumPedersenZkp();
+        encryptedVote.disjunctionZkp.chaumPedersenZkps[choiceId] = zkp;
+        BigInteger a = g.modPow(w, p);
+        BigInteger b = h.modPow(w, p);
+        zkp.commit_a = BigIntegers.serializeUnsigned(a, Parameters.elgamalBits);
+        zkp.commit_b = BigIntegers.serializeUnsigned(b, Parameters.elgamalBits);
+        BigInteger c = encryptedVote.disjunctionZkp.computeChallengeFromCommits();
+        BigInteger d = c.subtract(d_sim_sum).mod(q);
+        BigInteger r = w.subtract(alpha.multiply(d)).mod(q);
+        zkp.challenge_d = BigIntegers.serializeUnsigned(d, Parameters.elgamalBits);
+        zkp.response_r = BigIntegers.serializeUnsigned(r, Parameters.elgamalBits);
+        if (!zkp.verifySim(x,y,generators[choiceId], h)) {
+            throw new AssertionError("crypto (2) not working");
+        }
+        encryptedVote.disjunctionZkp.challenge_c = BigIntegers.serializeUnsigned(c, Parameters.elgamalBits);
+        if (!encryptedVote.disjunctionZkp.verifyChallenge()) {
+            throw new AssertionError("crypto not working (3)");
+        }
        return encryptedVote;
    }
    public void writeToConfiguration(Configuration cfg) {
        cfg.setValueString("vote", "ENCRYPTED_VOTE_VAL", v.toString());
+        byte[] zkpData = Construct.toBinary(disjunctionZkp);
+        String zkpString = Strings.dataToString(zkpData);
+        if (zkpString.length() != Strings.getEncodedStringLength(zkpData.length))
+            throw new AssertionError("fail");
+        if (zkpData.length != Strings.getDecodedDataLength(zkpString.length()))
+            throw new AssertionError("fail, got " + zkpData.length + " expected " +
+                    Strings.getDecodedDataLength(zkpString.length()) + "for string length" + zkpString.length());
+        System.out.println("everyting ok, size binary size" + zkpData.length +" str size " + zkpString.length());
+        byte[] zkpData2 = Strings.stringToData(zkpString);
+        if (!Arrays.equals(zkpData, zkpData2)) {
+            throw new AssertionError("something wrong");
+        }
+        System.out.println("everyting ok, size binary size" + zkpData.length +" str size " + zkpString.length());
+        cfg.setValueString("vote", "ZKP", zkpString);
+    }
+    public boolean verify() {
+        return false;
    }
 }
diff --git a/src/main/java/org/gnunet/voting/GroupCert.java b/src/main/java/org/gnunet/voting/GroupCert.java
index 6899faa..c363674 100644
--- a/src/main/java/org/gnunet/voting/GroupCert.java
+++ b/src/main/java/org/gnunet/voting/GroupCert.java
@@ -60,7 +60,7 @@ public class GroupCert {
        signData += expiration.getSeconds();
        signData += group;
        signData += signerPublicKey;
-        groupCert.signature = signerPrivateKey.sign(0 /*FIXME*/, signData.getBytes());
+        groupCert.signature = signerPrivateKey.sign(signData.getBytes(), 0);
        return groupCert;
    }
diff --git a/src/main/java/org/gnunet/voting/SignedEncryptedVote.java b/src/main/java/org/gnunet/voting/SignedEncryptedVote.java
new file mode 100644
index 0000000..196476c
--- /dev/null
+++ b/src/main/java/org/gnunet/voting/SignedEncryptedVote.java
@@ -0,0 +1,8 @@
+package org.gnunet.voting;
+import org.gnunet.construct.Message;
+import org.gnunet.util.crypto.EcdsaSignedMessage;
+public class SignedEncryptedVote implements Message {
+    EcdsaSignedMessage<EncryptedVote> signedMessage;
+}
diff --git a/src/main/java/org/gnunet/voting/TallyAuthorityDaemon.java b/src/main/java/org/gnunet/voting/TallyAuthorityDaemon.java
index e3a1d8e..f1f8bc7 100644
--- a/src/main/java/org/gnunet/voting/TallyAuthorityDaemon.java
+++ b/src/main/java/org/gnunet/voting/TallyAuthorityDaemon.java
@@ -27,6 +27,7 @@ import org.gnunet.consensus.ConsensusElement;
 import org.gnunet.construct.Construct;
 import org.gnunet.mesh.Mesh;
 import org.gnunet.mesh.MeshRunabout;
+import org.gnunet.mesh.TunnelEndHandler;
 import org.gnunet.secretsharing.*;
 import org.gnunet.secretsharing.callbacks.DecryptCallback;
 import org.gnunet.secretsharing.callbacks.SecretReadyCallback;
@@ -173,11 +174,13 @@ public class TallyAuthorityDaemon extends Program {
                        public void onResult(Plaintext plaintext) {
                            logger.info("got decypt result");
                            long l = electionState.countedVoters.size();
-                            long t = plaintext.bruteForceDiscreteLog(l);
+                            long t[] = plaintext.bruteForceDiscreteLog(l, electionState.ballot.generators);
-                            logger.info("brute-forced result");
+                            if (null == t) {
-                            electionState.tally = new long[2];
+                                logger.warn("could not brute-force result");
-                            electionState.tally[0] = (l - t) / 2;
+                            } else {
-                            electionState.tally[1] = l - electionState.tally[0];
+                                logger.info("brute-forced result");
+                                electionState.tally = t;
+                            }
                        }
                    });
        }
@@ -217,8 +220,7 @@ public class TallyAuthorityDaemon extends Program {
        // FIXME!
        tm.purpose = 0;
        tm.time = AbsoluteTime.now().asMessage();
-        tm.signature = authorityPrivateKey.sign(authorityPublicKey, tm.purpose,
+        tm.signature = authorityPrivateKey.sign(Construct.toBinary(tm.time), tm.purpose,authorityPublicKey);
-                Construct.toBinary(tm.time));
        return tm;
    }
@@ -371,8 +373,8 @@ public class TallyAuthorityDaemon extends Program {
            rm.signedGuidKey = ballotPublicKey;
            // FIXME!
            rm.purpose = 0;
-            rm.signature = authorityPrivateKey.sign(authorityPublicKey, rm.purpose,
+            rm.signature = authorityPrivateKey.sign(Construct.toBinary(rm.signedGuidKey),
-                    Construct.toBinary(rm.signedGuidKey));
+                    rm.purpose, authorityPublicKey);
            getSender().send(rm);
        }
    }
@@ -391,7 +393,12 @@ public class TallyAuthorityDaemon extends Program {
    @Override
    public void run() {
        logger.info("running tally daemon");
-        mesh = new Mesh(getConfiguration(), null, null, new TallyMeshReceiver(), MESH_PORT);
+        mesh = new Mesh(getConfiguration(), null, new TunnelEndHandler() {
+            @Override
+            public void onChannelEnd(Mesh.Channel channel) {
+                logger.warn("on channel end");
+            }
+        }, new TallyMeshReceiver(), MESH_PORT);
        Scheduler.addDelayed(RelativeTime.FOREVER, new Scheduler.Task() {
            @Override
diff --git a/src/main/java/org/gnunet/voting/messages/SubmitMessage.java b/src/main/java/org/gnunet/voting/messages/SubmitMessage.java
index 4f131e3..1fdeb0c 100644
--- a/src/main/java/org/gnunet/voting/messages/SubmitMessage.java
+++ b/src/main/java/org/gnunet/voting/messages/SubmitMessage.java
@@ -38,7 +38,6 @@ public class SubmitMessage implements GnunetMessage.Body {
    /**
     * The encrypted vote, including zero knowledge proofs
     * for correctness.
-     * FIXME: wrap in a signature container
     */
    @NestedMessage
    public EncryptedVote encryptedVote;
diff --git a/src/main/java/org/gnunet/voting/simulation/Ballot.java b/src/main/java/org/gnunet/voting/simulation/Ballot.java
index 1c2bfbe..ed8f39f 100644
--- a/src/main/java/org/gnunet/voting/simulation/Ballot.java
+++ b/src/main/java/org/gnunet/voting/simulation/Ballot.java
@@ -76,7 +76,6 @@ public class Ballot {
        BigInteger h = groupPublicKey.getKey();
        // verifier
        if (!c.equals(CryptoUtil.hash(voterId, x, y, a_1, b_1, a_2, b_2).mod(parameters.q))) {
            throw new AssertionError();
        }
@@ -99,7 +98,5 @@ public class Ballot {
        if (!b_1.equals(h.modPow(r_1, p).multiply(y.multiply(g).modPow(d_1, p)).mod(p))) {
            throw new AssertionError();
        }
    }
 }
diff --git a/src/main/java/org/gnunet/voting/simulation/VotingParameters.java b/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
index 0086578..27b0015 100644
--- a/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
+++ b/src/main/java/org/gnunet/voting/simulation/VotingParameters.java
@@ -46,8 +46,7 @@ public class VotingParameters {
        BigInteger[] safePrimes = generateSafePrimes(p_bitlen, certainty);
        BigInteger p = safePrimes[0];
        BigInteger q = safePrimes[1];
-        BigInteger alpha = selectGenerator(p, q);
+        BigInteger g = selectSubgroupGenerator(p, q);
-        BigInteger g = selectSubgroupHigherOrderElement(alpha, p, q);
        if (!g.modPow(q, p).equals(BigInteger.ONE)) {
            throw new AssertionError();
        }
@@ -82,21 +81,6 @@ public class VotingParameters {
        return new BigInteger[]{p, q};
    }
-    /*
-    * Select a high order element of the multiplicative group Zn*
-    */
-    private static BigInteger selectHighOrderElement(BigInteger n, SecureRandom random) {
-        BigInteger g;
-        final BigInteger nMinusTwo = n.subtract(BigInteger.valueOf(2));
-        do {
-            BigInteger h = CryptoUtil.createRandomInRange(BigInteger.valueOf(2), nMinusTwo);
-            g = h.modPow(BigInteger.valueOf(2), n);
-        }
-        while (g.equals(BigInteger.valueOf(1)));
-        return g;
-    }
    /**
     * Returns a higher-order-element of Gq, the subgroup of Zp*,
@@ -135,15 +119,9 @@ public class VotingParameters {
        return q;
    }
-    public BigInteger generateGq() {
+    public static BigInteger selectSubgroupGenerator(BigInteger p, BigInteger q) {
-        BigInteger r;
+        BigInteger alpha = selectGenerator(p, q);
-        while (true) {
+        return selectSubgroupHigherOrderElement(alpha, p, q);
-            r = CryptoUtil.createRandomInRange(BigInteger.ZERO, this.p);
-            if (r.modPow(q, p).equals(BigInteger.ONE)) {
-                break;
-            }
-        }
-        return r;
    }
    /**
author	Florian Dold <florian.dold@gmail.com>	2014-03-30 21:41:58 +0000
committer	Florian Dold <florian.dold@gmail.com>	2014-03-30 21:41:58 +0000
commit	9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5 (patch)
tree	39d855abacebeaa45752e4abc5b4a660d2603d70 /src/main/java/org
parent	1fbef203844b19f8141bddcba20a977de34b211e (diff)
download	gnunet-java-9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5.tar.gz gnunet-java-9f10abfdc35d8f189a8e0a77a389799ca6b7f9e5.zip