diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-07-13 14:01:24 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-07-13 14:01:24 +0200 |
commit | 99e5a11de13a3283c07f353471e08df241511d19 (patch) | |
tree | a92cce7ff2f96bbd0e096f6a3a267dacaa362a3d | |
parent | 8c7bd0fda283f8c529e5a582182b08150d875736 (diff) | |
download | libbrandt-99e5a11de13a3283c07f353471e08df241511d19.tar.gz libbrandt-99e5a11de13a3283c07f353471e08df241511d19.zip |
major random stuff
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | brandt.c | 83 | ||||
-rw-r--r-- | brandt.h | 4 | ||||
-rw-r--r-- | crypto.c | 577 | ||||
-rw-r--r-- | crypto.h | 55 | ||||
-rw-r--r-- | internals.h | 10 | ||||
-rw-r--r-- | test_crypto.c | 40 | ||||
-rw-r--r-- | tex-stuff/math.tex | 4 | ||||
-rw-r--r-- | util.c | 3 |
9 files changed, 568 insertions, 210 deletions
diff --git a/Makefile.am b/Makefile.am index 0f9dd23..615870f 100644 --- a/Makefile.am +++ b/Makefile.am | |||
@@ -10,7 +10,7 @@ libbrandt_la_SOURCES = \ | |||
10 | util.c | 10 | util.c |
11 | 11 | ||
12 | libbrandt_la_LIBADD = \ | 12 | libbrandt_la_LIBADD = \ |
13 | -lgcrypt -lgpg-error | 13 | -lgcrypt -lgpg-error -lgnunetutil |
14 | 14 | ||
15 | libbrandt_la_LDFLAGS = \ | 15 | libbrandt_la_LDFLAGS = \ |
16 | -version-info 0:0:0 | 16 | -version-info 0:0:0 |
@@ -16,9 +16,12 @@ | |||
16 | 16 | ||
17 | /** | 17 | /** |
18 | * @file brandt.c | 18 | * @file brandt.c |
19 | * @brief \todo | 19 | * @brief Implementation of the high level libbrandt interface. |
20 | * @author Markus Teich | 20 | * @author Markus Teich |
21 | */ | 21 | */ |
22 | |||
23 | #include "brandt_config.h" | ||
24 | |||
22 | #include <gcrypt.h> | 25 | #include <gcrypt.h> |
23 | 26 | ||
24 | #include "crypto.h" | 27 | #include "crypto.h" |
@@ -33,6 +36,20 @@ typedef int | |||
33 | uint16_t sender); | 36 | uint16_t sender); |
34 | 37 | ||
35 | 38 | ||
39 | enum { | ||
40 | auction_firstPrice, | ||
41 | auction_mPlusFirstPrice, | ||
42 | auction_last | ||
43 | }; | ||
44 | |||
45 | |||
46 | enum { | ||
47 | outcome_private, | ||
48 | outcome_public, | ||
49 | outcome_last | ||
50 | }; | ||
51 | |||
52 | |||
36 | /** | 53 | /** |
37 | * stores the function pointers to receive functions for each state. | 54 | * stores the function pointers to receive functions for each state. |
38 | * | 55 | * |
@@ -43,43 +60,43 @@ typedef int | |||
43 | * The second index denotes if the outcome should be public or private. A value | 60 | * The second index denotes if the outcome should be public or private. A value |
44 | * of 0 means a private outcome, while a value of 1 means public outcome. | 61 | * of 0 means a private outcome, while a value of 1 means public outcome. |
45 | */ | 62 | */ |
46 | static msg_recv handler_in[2][2][msg_last] = | 63 | static msg_recv handler_in[auction_last][outcome_last][msg_last] = |
47 | { | 64 | { |
48 | [0] = | 65 | [auction_firstPrice] = |
49 | { | 66 | { |
50 | [0] = | 67 | [outcome_private] = |
51 | { | 68 | { |
52 | [msg_init] = smc_recv_keyshare, | 69 | [msg_init] = &smc_recv_keyshare, |
53 | [msg_bid] = smc_recv_encrypted_bid, | 70 | [msg_bid] = &smc_recv_encrypted_bid, |
54 | [msg_outcome] = fp_priv_recv_outcome, | 71 | [msg_outcome] = &fp_priv_recv_outcome, |
55 | [msg_decrypt] = fp_priv_recv_decryption, | 72 | [msg_decrypt] = &fp_priv_recv_decryption, |
56 | }, | 73 | }, |
57 | [1] = | 74 | [outcome_public] = |
58 | { | 75 | { |
59 | [msg_init] = smc_recv_keyshare, | 76 | [msg_init] = &smc_recv_keyshare, |
60 | [msg_bid] = smc_recv_encrypted_bid, | 77 | [msg_bid] = &smc_recv_encrypted_bid, |
61 | [msg_outcome] = fp_pub_recv_outcome, | 78 | [msg_outcome] = &fp_pub_recv_outcome, |
62 | [msg_decrypt] = fp_pub_recv_decryption, | 79 | [msg_decrypt] = &fp_pub_recv_decryption, |
63 | } | 80 | } |
64 | }, | 81 | }, |
65 | [1] = | 82 | [auction_mPlusFirstPrice] = |
66 | { | 83 | { |
67 | [0] = | 84 | [outcome_private] = |
68 | { | 85 | { |
69 | [msg_init] = smc_recv_keyshare, | 86 | [msg_init] = &smc_recv_keyshare, |
70 | [msg_bid] = smc_recv_encrypted_bid, | 87 | [msg_bid] = &smc_recv_encrypted_bid, |
71 | }, | 88 | }, |
72 | [1] = | 89 | [outcome_public] = |
73 | { | 90 | { |
74 | [msg_init] = smc_recv_keyshare, | 91 | [msg_init] = &smc_recv_keyshare, |
75 | [msg_bid] = smc_recv_encrypted_bid, | 92 | [msg_bid] = &smc_recv_encrypted_bid, |
76 | } | 93 | } |
77 | } | 94 | } |
78 | }; | 95 | }; |
79 | 96 | ||
80 | 97 | ||
81 | void | 98 | void |
82 | BRANDT_init () | 99 | BRANDT_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx) |
83 | { | 100 | { |
84 | gcry_error_t err = 0; | 101 | gcry_error_t err = 0; |
85 | 102 | ||
@@ -97,7 +114,7 @@ BRANDT_init () | |||
97 | gcry_strerror (err)); | 114 | gcry_strerror (err)); |
98 | 115 | ||
99 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | 116 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
100 | brandt_crypto_init (); | 117 | brandt_crypto_init (dlogctx); |
101 | } | 118 | } |
102 | 119 | ||
103 | 120 | ||
@@ -107,21 +124,23 @@ BRANDT_got_message (struct BRANDT_Auction *auction, | |||
107 | const unsigned char *msg, | 124 | const unsigned char *msg, |
108 | size_t msg_len) | 125 | size_t msg_len) |
109 | { | 126 | { |
110 | uint16_t type = *(uint16_t *)msg; | 127 | uint16_t mtype = *(uint16_t *)msg; |
111 | int m = !!auction->desc->m; | 128 | int atype; |
112 | int pub = !!auction->desc->outcome_public; | 129 | int outcome; |
113 | enum rounds round = auction->cur_round; | 130 | enum rounds round = auction->cur_round; |
114 | 131 | ||
115 | /** todo: cache out of order messages */ | 132 | atype = auction->desc->m > 0 ? auction_mPlusFirstPrice : auction_firstPrice; |
133 | outcome = auction->desc->outcome_public ? outcome_public : outcome_private; | ||
134 | |||
135 | /** \todo: cache out of order messages */ | ||
116 | 136 | ||
117 | if (!handler_in[m][pub][round] || | 137 | if (!handler_in[atype][outcome][round] || |
118 | !handler_in[m][pub][round](auction, | 138 | !handler_in[atype][outcome][round](auction, |
119 | msg + sizeof (type), | 139 | msg + sizeof (mtype), |
120 | msg_len - sizeof (type), | 140 | msg_len - sizeof (mtype), |
121 | sender)) | 141 | sender)) |
122 | { | 142 | { |
123 | /** \todo */ | 143 | /** \todo */ |
124 | weprintf ("wow fail"); | 144 | weprintf ("wow fail"); |
125 | } | 145 | } |
126 | msg + sizeof (type); | ||
127 | } | 146 | } |
@@ -26,6 +26,8 @@ | |||
26 | #include <stdint.h> | 26 | #include <stdint.h> |
27 | #include <unistd.h> | 27 | #include <unistd.h> |
28 | 28 | ||
29 | #include <gnunet/gnunet_util_lib.h> | ||
30 | |||
29 | /** defined in internals.h */ | 31 | /** defined in internals.h */ |
30 | struct BRANDT_Auction; | 32 | struct BRANDT_Auction; |
31 | 33 | ||
@@ -86,7 +88,7 @@ typedef void | |||
86 | 88 | ||
87 | 89 | ||
88 | void | 90 | void |
89 | BRANDT_init (); | 91 | BRANDT_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx); |
90 | 92 | ||
91 | /** | 93 | /** |
92 | * Join an auction described by the @a auction_data parameter. | 94 | * Join an auction described by the @a auction_data parameter. |
@@ -20,6 +20,7 @@ | |||
20 | * @author Markus Teich | 20 | * @author Markus Teich |
21 | */ | 21 | */ |
22 | 22 | ||
23 | #include "brandt_config.h" | ||
23 | 24 | ||
24 | #include <arpa/inet.h> | 25 | #include <arpa/inet.h> |
25 | #include <gcrypt.h> | 26 | #include <gcrypt.h> |
@@ -61,17 +62,22 @@ static gcry_ctx_t ec_ctx; | |||
61 | static gcry_mpi_point_t ec_gen; | 62 | static gcry_mpi_point_t ec_gen; |
62 | static gcry_mpi_point_t ec_zero; | 63 | static gcry_mpi_point_t ec_zero; |
63 | static gcry_mpi_t ec_n; | 64 | static gcry_mpi_t ec_n; |
65 | static GNUNET_CRYPTO_EccDlogContext *ec_dlogctx; | ||
64 | 66 | ||
65 | 67 | ||
66 | /** | 68 | /** |
67 | * brandt_crypto_init initializes the crypto system and must be called before | 69 | * brandt_crypto_init initializes the crypto system and must be called before |
68 | * any other function from this file. | 70 | * any other function from this file. |
71 | * | ||
72 | * @param[in] dlogctx Pointer to the prepared dlog context. | ||
69 | */ | 73 | */ |
70 | void | 74 | void |
71 | brandt_crypto_init () | 75 | brandt_crypto_init (GNUNET_CRYPTO_EccDlogContext *dlogctx) |
72 | { | 76 | { |
73 | gcry_error_t rc; | 77 | gcry_error_t rc; |
74 | 78 | ||
79 | ec_dlogctx = dlogctx; | ||
80 | |||
75 | rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); | 81 | rc = gcry_mpi_ec_new (&ec_ctx, NULL, CURVE); |
76 | brandt_assert_gpgerr (rc); | 82 | brandt_assert_gpgerr (rc); |
77 | 83 | ||
@@ -159,7 +165,7 @@ ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey) | |||
159 | gcry_mpi_t sk; | 165 | gcry_mpi_t sk; |
160 | 166 | ||
161 | brandt_assert (NULL != pkey); | 167 | brandt_assert (NULL != pkey); |
162 | sk = (NULL == skey) ? gcry_mpi_new (0) : skey; | 168 | sk = (NULL == skey) ? gcry_mpi_new (256) : skey; |
163 | 169 | ||
164 | ec_skey_create (sk); | 170 | ec_skey_create (sk); |
165 | gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); | 171 | gcry_mpi_ec_mul (pkey, sk, ec_gen, ec_ctx); |
@@ -191,6 +197,25 @@ ec_keypair_create_base (gcry_mpi_point_t pkey, | |||
191 | 197 | ||
192 | 198 | ||
193 | /** | 199 | /** |
200 | * ec_point_copy creates a copy of one curve point | ||
201 | * | ||
202 | * @param[out] dst where to store the copy | ||
203 | * @param[in] src the input point to be copied | ||
204 | */ | ||
205 | void | ||
206 | ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src) | ||
207 | { | ||
208 | gcry_mpi_t x = gcry_mpi_new (256); | ||
209 | gcry_mpi_t y = gcry_mpi_new (256); | ||
210 | gcry_mpi_t z = gcry_mpi_new (256); | ||
211 | |||
212 | brandt_assert (dst && src); | ||
213 | gcry_mpi_point_get (x, y, z, src); | ||
214 | gcry_mpi_point_snatch_set (dst, x, y, z); | ||
215 | } | ||
216 | |||
217 | |||
218 | /** | ||
194 | * ec_point_cmp compares two curve points | 219 | * ec_point_cmp compares two curve points |
195 | * | 220 | * |
196 | * @param[in] a the first point | 221 | * @param[in] a the first point |
@@ -202,10 +227,10 @@ int | |||
202 | ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) | 227 | ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b) |
203 | { | 228 | { |
204 | int ret = 1; | 229 | int ret = 1; |
205 | gcry_mpi_t ax = gcry_mpi_new (0); | 230 | gcry_mpi_t ax = gcry_mpi_new (256); |
206 | gcry_mpi_t bx = gcry_mpi_new (0); | 231 | gcry_mpi_t bx = gcry_mpi_new (256); |
207 | gcry_mpi_t ay = gcry_mpi_new (0); | 232 | gcry_mpi_t ay = gcry_mpi_new (256); |
208 | gcry_mpi_t by = gcry_mpi_new (0); | 233 | gcry_mpi_t by = gcry_mpi_new (256); |
209 | 234 | ||
210 | brandt_assert (a && b); | 235 | brandt_assert (a && b); |
211 | if (!ax || !bx || !ay || !by) | 236 | if (!ax || !bx || !ay || !by) |
@@ -592,8 +617,7 @@ smc_sum (gcry_mpi_point_t out, | |||
592 | uint16_t step) | 617 | uint16_t step) |
593 | { | 618 | { |
594 | brandt_assert (NULL != out); | 619 | brandt_assert (NULL != out); |
595 | /**\todo: how to copy a point more efficiently? */ | 620 | ec_point_copy (out, ec_zero); |
596 | gcry_mpi_ec_add (out, ec_zero, ec_zero, ec_ctx); | ||
597 | for (uint16_t i = 0; i < len * step; i += step) | 621 | for (uint16_t i = 0; i < len * step; i += step) |
598 | gcry_mpi_ec_add (out, out, in[i], ec_ctx); | 622 | gcry_mpi_ec_add (out, out, in[i], ec_ctx); |
599 | } | 623 | } |
@@ -603,12 +627,12 @@ smc_sum (gcry_mpi_point_t out, | |||
603 | * smc_gen_keyshare creates the private additive keyshare and computes the | 627 | * smc_gen_keyshare creates the private additive keyshare and computes the |
604 | * public multiplicative key share | 628 | * public multiplicative key share |
605 | * | 629 | * |
606 | * @param[in,out] ad Pointer to the AuctionData struct to operate on | 630 | * @param[in,out] ad Pointer to the BRANDT_Auction struct to operate on |
607 | * @param[out] buflen \todo | 631 | * @param[out] buflen \todo |
608 | * @return \todo | 632 | * @return \todo |
609 | */ | 633 | */ |
610 | unsigned char * | 634 | unsigned char * |
611 | smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | 635 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) |
612 | { | 636 | { |
613 | unsigned char *ret; | 637 | unsigned char *ret; |
614 | struct proof_dl *proof1; | 638 | struct proof_dl *proof1; |
@@ -624,7 +648,7 @@ smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | |||
624 | 648 | ||
625 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); | 649 | proof1 = (struct proof_dl *)(ret + sizeof (struct ec_mpi)); |
626 | 650 | ||
627 | ad->x = gcry_mpi_new (0); | 651 | ad->x = gcry_mpi_new (256); |
628 | ec_skey_create (ad->x); | 652 | ec_skey_create (ad->x); |
629 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); | 653 | smc_zkp_dl (ad->y[ad->i], ad->x, proof1); |
630 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); | 654 | ec_point_serialize ((struct ec_mpi *)ret, ad->y[ad->i]); |
@@ -633,8 +657,8 @@ smc_gen_keyshare (struct AuctionData *ad, size_t *buflen) | |||
633 | 657 | ||
634 | 658 | ||
635 | int | 659 | int |
636 | smc_recv_keyshare (struct AuctionData *ad, | 660 | smc_recv_keyshare (struct BRANDT_Auction *ad, |
637 | unsigned char *buf, | 661 | const unsigned char *buf, |
638 | size_t buflen, | 662 | size_t buflen, |
639 | uint16_t sender) | 663 | uint16_t sender) |
640 | { | 664 | { |
@@ -658,8 +682,7 @@ smc_recv_keyshare (struct AuctionData *ad, | |||
658 | goto quit; | 682 | goto quit; |
659 | } | 683 | } |
660 | 684 | ||
661 | /**\todo: how to copy a point more efficiently? */ | 685 | ec_point_copy (ad->y[sender], y); |
662 | gcry_mpi_ec_add (ad->y[sender], ec_zero, y, ec_ctx); | ||
663 | 686 | ||
664 | ret = 1; | 687 | ret = 1; |
665 | quit: | 688 | quit: |
@@ -675,7 +698,7 @@ quit: | |||
675 | * @param buflen TODO | 698 | * @param buflen TODO |
676 | */ | 699 | */ |
677 | unsigned char * | 700 | unsigned char * |
678 | smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | 701 | smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) |
679 | { | 702 | { |
680 | unsigned char *ret; | 703 | unsigned char *ret; |
681 | unsigned char *cur; | 704 | unsigned char *cur; |
@@ -699,8 +722,8 @@ smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | |||
699 | ad->Y = gcry_mpi_point_new (0); | 722 | ad->Y = gcry_mpi_point_new (0); |
700 | smc_sum (ad->Y, ad->y, ad->n, 1); | 723 | smc_sum (ad->Y, ad->y, ad->n, 1); |
701 | 724 | ||
702 | r_sum = gcry_mpi_new (0); | 725 | r_sum = gcry_mpi_new (256); |
703 | r_part = gcry_mpi_new (0); | 726 | r_part = gcry_mpi_new (256); |
704 | 727 | ||
705 | for (uint16_t j = 0; j < ad->k; j++) | 728 | for (uint16_t j = 0; j < ad->k; j++) |
706 | { | 729 | { |
@@ -726,13 +749,13 @@ smc_encrypt_bid (struct AuctionData *ad, size_t *buflen) | |||
726 | 749 | ||
727 | 750 | ||
728 | int | 751 | int |
729 | smc_recv_encrypted_bid (struct AuctionData *ad, | 752 | smc_recv_encrypted_bid (struct BRANDT_Auction *ad, |
730 | unsigned char *buf, | 753 | const unsigned char *buf, |
731 | size_t buflen, | 754 | size_t buflen, |
732 | uint16_t sender) | 755 | uint16_t sender) |
733 | { | 756 | { |
734 | int ret = 0; | 757 | int ret = 0; |
735 | unsigned char *cur = buf; | 758 | const unsigned char *cur = buf; |
736 | struct proof_0og *proof3; | 759 | struct proof_0og *proof3; |
737 | gcry_mpi_point_t **ct; /* ciphertexts */ | 760 | gcry_mpi_point_t **ct; /* ciphertexts */ |
738 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); | 761 | gcry_mpi_point_t alpha_sum = gcry_mpi_point_new (0); |
@@ -748,8 +771,8 @@ smc_recv_encrypted_bid (struct AuctionData *ad, | |||
748 | goto quit; | 771 | goto quit; |
749 | } | 772 | } |
750 | 773 | ||
751 | gcry_mpi_ec_mul (alpha_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx); | 774 | ec_point_copy (alpha_sum, ec_zero); |
752 | gcry_mpi_ec_mul (beta_sum, GCRYMPI_CONST_ONE, ec_zero, ec_ctx); | 775 | ec_point_copy (beta_sum, ec_zero); |
753 | 776 | ||
754 | for (uint16_t j = 0; j < ad->k; j++) | 777 | for (uint16_t j = 0; j < ad->k; j++) |
755 | { | 778 | { |
@@ -779,9 +802,8 @@ smc_recv_encrypted_bid (struct AuctionData *ad, | |||
779 | 802 | ||
780 | for (uint16_t j = 0; j < ad->k; j++) | 803 | for (uint16_t j = 0; j < ad->k; j++) |
781 | { | 804 | { |
782 | /**\todo: how to copy a point more efficiently? */ | 805 | ec_point_copy (ad->alpha[sender][j], ct[0][j]); |
783 | gcry_mpi_ec_add (ad->alpha[sender][j], ec_zero, ct[0][j], ec_ctx); | 806 | ec_point_copy (ad->beta[sender][j], ct[1][j]); |
784 | gcry_mpi_ec_add (ad->beta[sender][j], ec_zero, ct[1][j], ec_ctx); | ||
785 | } | 807 | } |
786 | smc_free2 (ct, 2, ad->k); | 808 | smc_free2 (ct, 2, ad->k); |
787 | 809 | ||
@@ -794,13 +816,345 @@ quit: | |||
794 | 816 | ||
795 | 817 | ||
796 | /** | 818 | /** |
797 | * smc_compute_outcome \todo | 819 | * fp_pub_compute_outcome \todo |
820 | * | ||
821 | * @param ad TODO | ||
822 | * @param buflen TODO | ||
823 | */ | ||
824 | unsigned char * | ||
825 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
826 | { | ||
827 | unsigned char *ret; | ||
828 | unsigned char *cur; | ||
829 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); | ||
830 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
831 | gcry_mpi_point_t *tlta1; | ||
832 | gcry_mpi_point_t *tltb1; | ||
833 | gcry_mpi_point_t **tlta2; | ||
834 | gcry_mpi_point_t **tltb2; | ||
835 | struct ec_mpi *gamma; | ||
836 | struct ec_mpi *delta; | ||
837 | struct proof_2dle *proof2; | ||
838 | |||
839 | brandt_assert (ad && buflen); | ||
840 | |||
841 | *buflen = (ad->k * (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
842 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
843 | NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || | ||
844 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || | ||
845 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || | ||
846 | NULL == (ad->tmpb1 = smc_init1 (ad->k))) | ||
847 | { | ||
848 | weprintf ("unable to alloc memory for first price outcome computation"); | ||
849 | return NULL; | ||
850 | } | ||
851 | |||
852 | /* create temporary lookup tables with partial sums */ | ||
853 | tlta1 = smc_init1 (ad->k); | ||
854 | tltb1 = smc_init1 (ad->k); | ||
855 | tlta2 = smc_init2 (ad->n, ad->k); | ||
856 | tltb2 = smc_init2 (ad->n, ad->k); | ||
857 | |||
858 | /* temporary lookup table for sum of bid vectors */ | ||
859 | for (uint16_t i = 0; i < ad->n; i++) | ||
860 | { | ||
861 | smc_sums_partial (tlta2[i], ad->alpha[i], ad->k, 1, 1); | ||
862 | smc_sums_partial (tltb2[i], ad->beta[i], ad->k, 1, 1); | ||
863 | for (uint16_t j = 0; j < ad->k; j++) | ||
864 | { | ||
865 | gcry_mpi_ec_sub (tlta2[i][j], | ||
866 | tlta2[i][ad->k - 1], | ||
867 | tlta2[i][j], | ||
868 | ec_ctx); | ||
869 | gcry_mpi_ec_sub (tltb2[i][j], | ||
870 | tltb2[i][ad->k - 1], | ||
871 | tltb2[i][j], | ||
872 | ec_ctx); | ||
873 | } | ||
874 | brandt_assert (!ec_point_cmp (ec_zero, tlta2[i][ad->k - 1])); | ||
875 | brandt_assert (!ec_point_cmp (ec_zero, tltb2[i][ad->k - 1])); | ||
876 | } | ||
877 | for (uint16_t j = 0; j < ad->k; j++) | ||
878 | { | ||
879 | smc_sum (tlta1[j], &tlta2[0][j], ad->n, ad->k); | ||
880 | smc_sum (tltb1[j], &tltb2[0][j], ad->n, ad->k); | ||
881 | } | ||
882 | smc_free2 (tlta2, ad->n, ad->k); | ||
883 | smc_free2 (tltb2, ad->n, ad->k); | ||
884 | brandt_assert (!ec_point_cmp (ec_zero, tlta1[ad->k - 1])); | ||
885 | brandt_assert (!ec_point_cmp (ec_zero, tltb1[ad->k - 1])); | ||
886 | |||
887 | /* temporarily store the \sum_{i=1}^n2^{i-1}b_i in tmp1, since it is needed | ||
888 | * each time a gamma,delta pair is received from another bidder */ | ||
889 | for (uint16_t i = 0; i < ad->n; i++) | ||
890 | { | ||
891 | for (uint16_t j = 0; j < ad->k; j++) | ||
892 | { | ||
893 | gcry_mpi_ec_mul (tmp, coeff, ad->alpha[i][j], ec_ctx); | ||
894 | gcry_mpi_ec_add (ad->tmpa1[j], ad->tmpa1[j], tmp, ec_ctx); | ||
895 | gcry_mpi_ec_mul (tmp, coeff, ad->beta[i][j], ec_ctx); | ||
896 | gcry_mpi_ec_add (ad->tmpb1[j], ad->tmpb1[j], tmp, ec_ctx); | ||
897 | } | ||
898 | gcry_mpi_mul_ui (coeff, coeff, 2); | ||
899 | } | ||
900 | |||
901 | for (uint16_t j = 0; j < ad->k; j++) | ||
902 | { | ||
903 | gamma = (struct ec_mpi *)cur; | ||
904 | delta = &((struct ec_mpi *)cur)[1]; | ||
905 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
906 | |||
907 | /* copy unmasked outcome to all other bidder layers so they don't | ||
908 | * have to be recomputed to check the ZK proof_2dle's from other | ||
909 | * bidders when receiving their outcome messages */ | ||
910 | for (uint16_t a = 0; a < ad->n; a++) | ||
911 | { | ||
912 | ec_point_copy (ad->gamma2[a][j], tlta1[j]); | ||
913 | ec_point_copy (ad->delta2[a][j], tltb1[j]); | ||
914 | } | ||
915 | |||
916 | /* apply random masking for losing bidders */ | ||
917 | smc_zkp_2dle (ad->gamma2[ad->i][j], | ||
918 | ad->delta2[ad->i][j], | ||
919 | tlta1[j], | ||
920 | tltb1[j], | ||
921 | NULL, | ||
922 | proof2); | ||
923 | |||
924 | ec_point_serialize (gamma, ad->gamma2[ad->i][j]); | ||
925 | ec_point_serialize (delta, ad->delta2[ad->i][j]); | ||
926 | |||
927 | /* add winner determination for own gamma,delta */ | ||
928 | gcry_mpi_ec_add (ad->gamma2[ad->i][j], | ||
929 | ad->gamma2[ad->i][j], | ||
930 | ad->tmpa1[j], | ||
931 | ec_ctx); | ||
932 | gcry_mpi_ec_add (ad->delta2[ad->i][j], | ||
933 | ad->delta2[ad->i][j], | ||
934 | ad->tmpb1[j], | ||
935 | ec_ctx); | ||
936 | |||
937 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); | ||
938 | } | ||
939 | |||
940 | gcry_mpi_release (coeff); | ||
941 | gcry_mpi_point_release (tmp); | ||
942 | smc_free1 (tlta1, ad->k); | ||
943 | smc_free1 (tltb1, ad->k); | ||
944 | return ret; | ||
945 | } | ||
946 | |||
947 | |||
948 | int | ||
949 | fp_pub_recv_outcome (struct BRANDT_Auction *ad, | ||
950 | const unsigned char *buf, | ||
951 | size_t buflen, | ||
952 | uint16_t sender) | ||
953 | { | ||
954 | int ret = 0; | ||
955 | const unsigned char *cur = buf; | ||
956 | struct proof_2dle *proof2; | ||
957 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | ||
958 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | ||
959 | |||
960 | brandt_assert (ad && buf); | ||
961 | |||
962 | if (buflen != (ad->k * (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
963 | { | ||
964 | weprintf ("wrong size of received outcome"); | ||
965 | goto quit; | ||
966 | } | ||
967 | |||
968 | for (uint16_t j = 0; j < ad->k; j++) | ||
969 | { | ||
970 | ec_point_parse (gamma, (struct ec_mpi *)cur); | ||
971 | ec_point_parse (delta, &((struct ec_mpi *)cur)[1]); | ||
972 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
973 | if (smc_zkp_2dle_check (gamma, | ||
974 | delta, | ||
975 | ad->gamma2[sender][j], | ||
976 | ad->delta2[sender][j], | ||
977 | proof2)) | ||
978 | { | ||
979 | weprintf ("wrong zkp2 for gamma, delta received"); | ||
980 | goto quit; | ||
981 | } | ||
982 | ec_point_copy (ad->gamma2[sender][j], gamma); | ||
983 | ec_point_copy (ad->delta2[sender][j], delta); | ||
984 | |||
985 | /* add winner determination summand */ | ||
986 | gcry_mpi_ec_add (ad->gamma2[sender][j], | ||
987 | ad->gamma2[sender][j], | ||
988 | ad->tmpa1[j], | ||
989 | ec_ctx); | ||
990 | gcry_mpi_ec_add (ad->delta2[sender][j], | ||
991 | ad->delta2[sender][j], | ||
992 | ad->tmpb1[j], | ||
993 | ec_ctx); | ||
994 | |||
995 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); | ||
996 | } | ||
997 | |||
998 | ret = 1; | ||
999 | quit: | ||
1000 | gcry_mpi_point_release (gamma); | ||
1001 | gcry_mpi_point_release (delta); | ||
1002 | return ret; | ||
1003 | } | ||
1004 | |||
1005 | |||
1006 | /** | ||
1007 | * fp_pub_decrypt_outcome \todo | ||
1008 | * | ||
1009 | * @param ad TODO | ||
1010 | * @param buflen TODO | ||
1011 | */ | ||
1012 | unsigned char * | ||
1013 | fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1014 | { | ||
1015 | unsigned char *ret; | ||
1016 | unsigned char *cur; | ||
1017 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1018 | struct ec_mpi *phi; | ||
1019 | struct proof_2dle *proof2; | ||
1020 | |||
1021 | brandt_assert (ad && buflen); | ||
1022 | |||
1023 | *buflen = (ad->k * (sizeof (*phi) + sizeof (*proof2))); | ||
1024 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
1025 | NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) | ||
1026 | { | ||
1027 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
1028 | return NULL; | ||
1029 | } | ||
1030 | |||
1031 | for (uint16_t j = 0; j < ad->k; j++) | ||
1032 | { | ||
1033 | phi = (struct ec_mpi *)cur; | ||
1034 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | ||
1035 | |||
1036 | smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->n * ad->k); | ||
1037 | |||
1038 | /* copy still encrypted outcome to all other bidder layers so they | ||
1039 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1040 | * other bidders when receiving their outcome decryption messages */ | ||
1041 | for (uint16_t a = 0; a < ad->n; a++) | ||
1042 | ec_point_copy (ad->phi2[a][j], tmp); | ||
1043 | |||
1044 | /* decrypt outcome component and prove the correct key was used */ | ||
1045 | smc_zkp_2dle (ad->phi2[ad->i][j], | ||
1046 | NULL, | ||
1047 | tmp, | ||
1048 | ec_gen, | ||
1049 | ad->x, | ||
1050 | proof2); | ||
1051 | |||
1052 | ec_point_serialize (phi, ad->phi2[ad->i][j]); | ||
1053 | |||
1054 | cur += sizeof (*phi) + sizeof (*proof2); | ||
1055 | } | ||
1056 | |||
1057 | gcry_mpi_point_release (tmp); | ||
1058 | return ret; | ||
1059 | } | ||
1060 | |||
1061 | |||
1062 | int | ||
1063 | fp_pub_recv_decryption (struct BRANDT_Auction *ad, | ||
1064 | const unsigned char *buf, | ||
1065 | size_t buflen, | ||
1066 | uint16_t sender) | ||
1067 | { | ||
1068 | int ret = 0; | ||
1069 | const unsigned char *cur = buf; | ||
1070 | struct proof_2dle *proof2; | ||
1071 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | ||
1072 | |||
1073 | brandt_assert (ad && buf); | ||
1074 | |||
1075 | if (buflen != (ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
1076 | { | ||
1077 | weprintf ("wrong size of received outcome decryption"); | ||
1078 | goto quit; | ||
1079 | } | ||
1080 | |||
1081 | for (uint16_t j = 0; j < ad->k; j++) | ||
1082 | { | ||
1083 | ec_point_parse (phi, (struct ec_mpi *)cur); | ||
1084 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | ||
1085 | if (smc_zkp_2dle_check (phi, | ||
1086 | ad->y[sender], | ||
1087 | ad->phi2[sender][j], | ||
1088 | ec_gen, | ||
1089 | proof2)) | ||
1090 | { | ||
1091 | weprintf ("wrong zkp2 for phi, y received"); | ||
1092 | goto quit; | ||
1093 | } | ||
1094 | ec_point_copy (ad->phi2[sender][j], phi); | ||
1095 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | ||
1096 | } | ||
1097 | |||
1098 | ret = 1; | ||
1099 | quit: | ||
1100 | gcry_mpi_point_release (phi); | ||
1101 | return ret; | ||
1102 | } | ||
1103 | |||
1104 | |||
1105 | int32_t | ||
1106 | fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | ||
1107 | { | ||
1108 | int32_t ret = -1; | ||
1109 | int dlogi = -1; | ||
1110 | gcry_mpi_t dlog = gcry_mpi_new (256); | ||
1111 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | ||
1112 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); | ||
1113 | |||
1114 | brandt_assert (ad); | ||
1115 | |||
1116 | for (uint16_t j = ad->k - 1; j >= 0; j--) | ||
1117 | { | ||
1118 | smc_sum (sum_gamma, &ad->gamma2[0][j], ad->n, ad->k); | ||
1119 | smc_sum (sum_phi, &ad->phi2[0][j], ad->n, ad->k); | ||
1120 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | ||
1121 | /* first non-zero component determines the price */ | ||
1122 | if (ec_point_cmp (sum_gamma, ec_zero)) | ||
1123 | { | ||
1124 | ret = j; | ||
1125 | break; | ||
1126 | } | ||
1127 | } | ||
1128 | |||
1129 | dlogi = GNUNET_CRYPTO_ecc_dlog (ec_dlogctx, sum_gamma); | ||
1130 | brandt_assert (dlogi > 0); | ||
1131 | gcry_mpi_set_ui (dlog, (unsigned long)dlogi); | ||
1132 | |||
1133 | for (uint16_t i = 0; i < ad->n; i++) | ||
1134 | { | ||
1135 | if (gcry_mpi_test_bit (dlog, i)) | ||
1136 | { | ||
1137 | if (winner) | ||
1138 | winner = i; | ||
1139 | break; | ||
1140 | } | ||
1141 | } | ||
1142 | |||
1143 | gcry_mpi_release (dlog); | ||
1144 | gcry_mpi_point_release (sum_gamma); | ||
1145 | gcry_mpi_point_release (sum_phi); | ||
1146 | return ret; | ||
1147 | } | ||
1148 | |||
1149 | |||
1150 | /** | ||
1151 | * fp_priv_compute_outcome \todo | ||
798 | * | 1152 | * |
799 | * @param ad TODO | 1153 | * @param ad TODO |
800 | * @param buflen TODO | 1154 | * @param buflen TODO |
801 | */ | 1155 | */ |
802 | unsigned char * | 1156 | unsigned char * |
803 | smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | 1157 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
804 | { | 1158 | { |
805 | unsigned char *ret; | 1159 | unsigned char *ret; |
806 | unsigned char *cur; | 1160 | unsigned char *cur; |
@@ -821,8 +1175,8 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
821 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1175 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ |
822 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 1176 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
823 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 1177 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
824 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || | 1178 | NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || |
825 | NULL == (ad->delta = smc_init3 (ad->n, ad->n, ad->k))) | 1179 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) |
826 | { | 1180 | { |
827 | weprintf ("unable to alloc memory for first price outcome computation"); | 1181 | weprintf ("unable to alloc memory for first price outcome computation"); |
828 | return NULL; | 1182 | return NULL; |
@@ -912,21 +1266,20 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
912 | * bidders when receiving their outcome messages */ | 1266 | * bidders when receiving their outcome messages */ |
913 | for (uint16_t a = 0; a < ad->n; a++) | 1267 | for (uint16_t a = 0; a < ad->n; a++) |
914 | { | 1268 | { |
915 | /**\todo: how to copy a point more efficiently? */ | 1269 | ec_point_copy (ad->gamma3[a][i][j], tmpa); |
916 | gcry_mpi_ec_add (ad->gamma[a][i][j], ec_zero, tmpa, ec_ctx); | 1270 | ec_point_copy (ad->delta3[a][i][j], tmpb); |
917 | gcry_mpi_ec_add (ad->delta[a][i][j], ec_zero, tmpb, ec_ctx); | ||
918 | } | 1271 | } |
919 | 1272 | ||
920 | /* apply random masking for losing bidders */ | 1273 | /* apply random masking for losing bidders */ |
921 | smc_zkp_2dle (ad->gamma[ad->i][i][j], | 1274 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], |
922 | ad->delta[ad->i][i][j], | 1275 | ad->delta3[ad->i][i][j], |
923 | tmpa, | 1276 | tmpa, |
924 | tmpb, | 1277 | tmpb, |
925 | NULL, | 1278 | NULL, |
926 | proof2); | 1279 | proof2); |
927 | 1280 | ||
928 | ec_point_serialize (gamma, ad->gamma[ad->i][i][j]); | 1281 | ec_point_serialize (gamma, ad->gamma3[ad->i][i][j]); |
929 | ec_point_serialize (delta, ad->delta[ad->i][i][j]); | 1282 | ec_point_serialize (delta, ad->delta3[ad->i][i][j]); |
930 | 1283 | ||
931 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); | 1284 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); |
932 | } | 1285 | } |
@@ -945,13 +1298,13 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
945 | 1298 | ||
946 | 1299 | ||
947 | int | 1300 | int |
948 | smc_recv_outcome (struct AuctionData *ad, | 1301 | fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
949 | unsigned char *buf, | 1302 | const unsigned char *buf, |
950 | size_t buflen, | 1303 | size_t buflen, |
951 | uint16_t sender) | 1304 | uint16_t sender) |
952 | { | 1305 | { |
953 | int ret = 0; | 1306 | int ret = 0; |
954 | unsigned char *cur = buf; | 1307 | const unsigned char *cur = buf; |
955 | struct proof_2dle *proof2; | 1308 | struct proof_2dle *proof2; |
956 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); | 1309 | gcry_mpi_point_t gamma = gcry_mpi_point_new (0); |
957 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); | 1310 | gcry_mpi_point_t delta = gcry_mpi_point_new (0); |
@@ -974,15 +1327,15 @@ smc_recv_outcome (struct AuctionData *ad, | |||
974 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | 1327 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); |
975 | if (smc_zkp_2dle_check (gamma, | 1328 | if (smc_zkp_2dle_check (gamma, |
976 | delta, | 1329 | delta, |
977 | ad->gamma[sender][i][j], | 1330 | ad->gamma3[sender][i][j], |
978 | ad->delta[sender][i][j], | 1331 | ad->delta3[sender][i][j], |
979 | proof2)) | 1332 | proof2)) |
980 | { | 1333 | { |
981 | weprintf ("wrong zkp2 for gamma, delta received"); | 1334 | weprintf ("wrong zkp2 for gamma, delta received"); |
982 | goto quit; | 1335 | goto quit; |
983 | } | 1336 | } |
984 | gcry_mpi_ec_add (ad->gamma[sender][i][j], gamma, ec_zero, ec_ctx); | 1337 | ec_point_copy (ad->gamma3[sender][i][j], gamma); |
985 | gcry_mpi_ec_add (ad->delta[sender][i][j], delta, ec_zero, ec_ctx); | 1338 | ec_point_copy (ad->delta3[sender][i][j], delta); |
986 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); | 1339 | cur += 2 * sizeof (struct ec_mpi) + sizeof (*proof2); |
987 | } | 1340 | } |
988 | } | 1341 | } |
@@ -996,13 +1349,13 @@ quit: | |||
996 | 1349 | ||
997 | 1350 | ||
998 | /** | 1351 | /** |
999 | * smc_decrypt_outcome \todo | 1352 | * fp_priv_decrypt_outcome \todo |
1000 | * | 1353 | * |
1001 | * @param ad TODO | 1354 | * @param ad TODO |
1002 | * @param buflen TODO | 1355 | * @param buflen TODO |
1003 | */ | 1356 | */ |
1004 | unsigned char * | 1357 | unsigned char * |
1005 | smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | 1358 | fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) |
1006 | { | 1359 | { |
1007 | unsigned char *ret; | 1360 | unsigned char *ret; |
1008 | unsigned char *cur; | 1361 | unsigned char *cur; |
@@ -1014,7 +1367,7 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1014 | 1367 | ||
1015 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1368 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1016 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 1369 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
1017 | NULL == (ad->phi = smc_init3 (ad->n, ad->n, ad->k))) | 1370 | NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) |
1018 | { | 1371 | { |
1019 | weprintf ("unable to alloc memory for first price outcome decryption"); | 1372 | weprintf ("unable to alloc memory for first price outcome decryption"); |
1020 | return NULL; | 1373 | return NULL; |
@@ -1027,24 +1380,23 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1027 | phi = (struct ec_mpi *)cur; | 1380 | phi = (struct ec_mpi *)cur; |
1028 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | 1381 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); |
1029 | 1382 | ||
1030 | smc_sum (tmp, &ad->delta[0][i][j], ad->n, ad->n * ad->k); | 1383 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); |
1031 | 1384 | ||
1032 | /* copy still encrypted outcome to all other bidder layers so they | 1385 | /* copy still encrypted outcome to all other bidder layers so they |
1033 | * don't have to be recomputed to check the ZK proof_2dle's from | 1386 | * don't have to be recomputed to check the ZK proof_2dle's from |
1034 | * other bidders when receiving their outcome decryption messages */ | 1387 | * other bidders when receiving their outcome decryption messages */ |
1035 | for (uint16_t a = 0; a < ad->n; a++) | 1388 | for (uint16_t a = 0; a < ad->n; a++) |
1036 | /**\todo: how to copy a point more efficiently? */ | 1389 | ec_point_copy (ad->phi3[a][i][j], tmp); |
1037 | gcry_mpi_ec_add (ad->phi[a][i][j], ec_zero, tmp, ec_ctx); | ||
1038 | 1390 | ||
1039 | /* decrypt outcome component and prove the correct key was used */ | 1391 | /* decrypt outcome component and prove the correct key was used */ |
1040 | smc_zkp_2dle (ad->phi[ad->i][i][j], | 1392 | smc_zkp_2dle (ad->phi3[ad->i][i][j], |
1041 | NULL, | 1393 | NULL, |
1042 | tmp, | 1394 | tmp, |
1043 | ec_gen, | 1395 | ec_gen, |
1044 | ad->x, | 1396 | ad->x, |
1045 | proof2); | 1397 | proof2); |
1046 | 1398 | ||
1047 | ec_point_serialize (phi, ad->phi[ad->i][i][j]); | 1399 | ec_point_serialize (phi, ad->phi3[ad->i][i][j]); |
1048 | 1400 | ||
1049 | cur += sizeof (*phi) + sizeof (*proof2); | 1401 | cur += sizeof (*phi) + sizeof (*proof2); |
1050 | } | 1402 | } |
@@ -1056,13 +1408,13 @@ smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | |||
1056 | 1408 | ||
1057 | 1409 | ||
1058 | int | 1410 | int |
1059 | smc_recv_decryption (struct AuctionData *ad, | 1411 | fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
1060 | unsigned char *buf, | 1412 | const unsigned char *buf, |
1061 | size_t buflen, | 1413 | size_t buflen, |
1062 | uint16_t sender) | 1414 | uint16_t sender) |
1063 | { | 1415 | { |
1064 | int ret = 0; | 1416 | int ret = 0; |
1065 | unsigned char *cur = buf; | 1417 | const unsigned char *cur = buf; |
1066 | struct proof_2dle *proof2; | 1418 | struct proof_2dle *proof2; |
1067 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | 1419 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); |
1068 | 1420 | ||
@@ -1082,14 +1434,14 @@ smc_recv_decryption (struct AuctionData *ad, | |||
1082 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | 1434 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); |
1083 | if (smc_zkp_2dle_check (phi, | 1435 | if (smc_zkp_2dle_check (phi, |
1084 | ad->y[sender], | 1436 | ad->y[sender], |
1085 | ad->phi[sender][i][j], | 1437 | ad->phi3[sender][i][j], |
1086 | ec_gen, | 1438 | ec_gen, |
1087 | proof2)) | 1439 | proof2)) |
1088 | { | 1440 | { |
1089 | weprintf ("wrong zkp2 for phi, y received"); | 1441 | weprintf ("wrong zkp2 for phi, y received"); |
1090 | goto quit; | 1442 | goto quit; |
1091 | } | 1443 | } |
1092 | gcry_mpi_ec_add (ad->phi[sender][i][j], phi, ec_zero, ec_ctx); | 1444 | ec_point_copy (ad->phi3[sender][i][j], phi); |
1093 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | 1445 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); |
1094 | } | 1446 | } |
1095 | } | 1447 | } |
@@ -1102,7 +1454,7 @@ quit: | |||
1102 | 1454 | ||
1103 | 1455 | ||
1104 | int32_t | 1456 | int32_t |
1105 | smc_determine_outcome (struct AuctionData *ad) | 1457 | fp_priv_determine_outcome (struct BRANDT_Auction *ad) |
1106 | { | 1458 | { |
1107 | int32_t ret = -1; | 1459 | int32_t ret = -1; |
1108 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | 1460 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); |
@@ -1112,8 +1464,8 @@ smc_determine_outcome (struct AuctionData *ad) | |||
1112 | 1464 | ||
1113 | for (uint16_t j = 0; j < ad->k; j++) | 1465 | for (uint16_t j = 0; j < ad->k; j++) |
1114 | { | 1466 | { |
1115 | smc_sum (sum_gamma, &ad->gamma[0][ad->i][j], ad->n, ad->n * ad->k); | 1467 | smc_sum (sum_gamma, &ad->gamma3[0][ad->i][j], ad->n, ad->n * ad->k); |
1116 | smc_sum (sum_phi, &ad->phi[0][ad->i][j], ad->n, ad->n * ad->k); | 1468 | smc_sum (sum_phi, &ad->phi3[0][ad->i][j], ad->n, ad->n * ad->k); |
1117 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | 1469 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); |
1118 | if (!ec_point_cmp (sum_gamma, ec_zero)) | 1470 | if (!ec_point_cmp (sum_gamma, ec_zero)) |
1119 | { | 1471 | { |
@@ -1149,9 +1501,9 @@ smc_zkp_dl (gcry_mpi_point_t v, | |||
1149 | struct zkp_challenge_dl challenge; | 1501 | struct zkp_challenge_dl challenge; |
1150 | struct brandt_hash_code challhash; | 1502 | struct brandt_hash_code challhash; |
1151 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1503 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1152 | gcry_mpi_t r = gcry_mpi_new (0); | 1504 | gcry_mpi_t r = gcry_mpi_new (256); |
1153 | gcry_mpi_t c = gcry_mpi_new (0); | 1505 | gcry_mpi_t c = gcry_mpi_new (256); |
1154 | gcry_mpi_t z = gcry_mpi_new (0); | 1506 | gcry_mpi_t z = gcry_mpi_new (256); |
1155 | 1507 | ||
1156 | /* v = xg */ | 1508 | /* v = xg */ |
1157 | gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); | 1509 | gcry_mpi_ec_mul (v, x, ec_gen, ec_ctx); |
@@ -1197,8 +1549,8 @@ smc_zkp_dl_check (const gcry_mpi_point_t v, | |||
1197 | struct zkp_challenge_dl challenge; | 1549 | struct zkp_challenge_dl challenge; |
1198 | struct brandt_hash_code challhash; | 1550 | struct brandt_hash_code challhash; |
1199 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1551 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1200 | gcry_mpi_t r = gcry_mpi_new (0); | 1552 | gcry_mpi_t r = gcry_mpi_new (256); |
1201 | gcry_mpi_t c = gcry_mpi_new (0); | 1553 | gcry_mpi_t c = gcry_mpi_new (256); |
1202 | gcry_mpi_point_t left = gcry_mpi_point_new (0); | 1554 | gcry_mpi_point_t left = gcry_mpi_point_new (0); |
1203 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1555 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1204 | 1556 | ||
@@ -1260,13 +1612,13 @@ smc_zkp_2dle (gcry_mpi_point_t v, | |||
1260 | gcry_mpi_t rx; | 1612 | gcry_mpi_t rx; |
1261 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1613 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1262 | gcry_mpi_point_t b = gcry_mpi_point_new (0); | 1614 | gcry_mpi_point_t b = gcry_mpi_point_new (0); |
1263 | gcry_mpi_t r = gcry_mpi_new (0); | 1615 | gcry_mpi_t r = gcry_mpi_new (256); |
1264 | gcry_mpi_t c = gcry_mpi_new (0); | 1616 | gcry_mpi_t c = gcry_mpi_new (256); |
1265 | gcry_mpi_t z = gcry_mpi_new (0); | 1617 | gcry_mpi_t z = gcry_mpi_new (256); |
1266 | 1618 | ||
1267 | rv = (NULL == v) ? gcry_mpi_point_new (0) : v; | 1619 | rv = (NULL == v) ? gcry_mpi_point_new (0) : v; |
1268 | rw = (NULL == w) ? gcry_mpi_point_new (0) : w; | 1620 | rw = (NULL == w) ? gcry_mpi_point_new (0) : w; |
1269 | rx = (NULL == x) ? gcry_mpi_new (0) : x; | 1621 | rx = (NULL == x) ? gcry_mpi_new (256) : x; |
1270 | 1622 | ||
1271 | if (NULL == x) | 1623 | if (NULL == x) |
1272 | ec_skey_create (rx); | 1624 | ec_skey_create (rx); |
@@ -1339,8 +1691,8 @@ smc_zkp_2dle_check (const gcry_mpi_point_t v, | |||
1339 | struct brandt_hash_code challhash; | 1691 | struct brandt_hash_code challhash; |
1340 | gcry_mpi_point_t a = gcry_mpi_point_new (0); | 1692 | gcry_mpi_point_t a = gcry_mpi_point_new (0); |
1341 | gcry_mpi_point_t b = gcry_mpi_point_new (0); | 1693 | gcry_mpi_point_t b = gcry_mpi_point_new (0); |
1342 | gcry_mpi_t r = gcry_mpi_new (0); | 1694 | gcry_mpi_t r = gcry_mpi_new (256); |
1343 | gcry_mpi_t c = gcry_mpi_new (0); | 1695 | gcry_mpi_t c = gcry_mpi_new (256); |
1344 | gcry_mpi_point_t left = gcry_mpi_point_new (0); | 1696 | gcry_mpi_point_t left = gcry_mpi_point_new (0); |
1345 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1697 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1346 | 1698 | ||
@@ -1415,15 +1767,15 @@ smc_zkp_0og (int m_is_gen, | |||
1415 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); | 1767 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); |
1416 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); | 1768 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); |
1417 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); | 1769 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); |
1418 | gcry_mpi_t d1 = gcry_mpi_new (0); | 1770 | gcry_mpi_t d1 = gcry_mpi_new (256); |
1419 | gcry_mpi_t d2 = gcry_mpi_new (0); | 1771 | gcry_mpi_t d2 = gcry_mpi_new (256); |
1420 | gcry_mpi_t r1 = gcry_mpi_new (0); | 1772 | gcry_mpi_t r1 = gcry_mpi_new (256); |
1421 | gcry_mpi_t r2 = gcry_mpi_new (0); | 1773 | gcry_mpi_t r2 = gcry_mpi_new (256); |
1422 | gcry_mpi_t c = gcry_mpi_new (0); | 1774 | gcry_mpi_t c = gcry_mpi_new (256); |
1423 | gcry_mpi_t rr; | 1775 | gcry_mpi_t rr; |
1424 | gcry_mpi_t w = gcry_mpi_new (0); | 1776 | gcry_mpi_t w = gcry_mpi_new (256); |
1425 | 1777 | ||
1426 | rr = (NULL == r) ? gcry_mpi_new (0) : r; | 1778 | rr = (NULL == r) ? gcry_mpi_new (256) : r; |
1427 | 1779 | ||
1428 | /* beta = r*g */ | 1780 | /* beta = r*g */ |
1429 | ec_keypair_create (beta, rr); | 1781 | ec_keypair_create (beta, rr); |
@@ -1559,12 +1911,12 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
1559 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); | 1911 | gcry_mpi_point_t a2 = gcry_mpi_point_new (0); |
1560 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); | 1912 | gcry_mpi_point_t b1 = gcry_mpi_point_new (0); |
1561 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); | 1913 | gcry_mpi_point_t b2 = gcry_mpi_point_new (0); |
1562 | gcry_mpi_t d1 = gcry_mpi_new (0); | 1914 | gcry_mpi_t d1 = gcry_mpi_new (256); |
1563 | gcry_mpi_t d2 = gcry_mpi_new (0); | 1915 | gcry_mpi_t d2 = gcry_mpi_new (256); |
1564 | gcry_mpi_t r1 = gcry_mpi_new (0); | 1916 | gcry_mpi_t r1 = gcry_mpi_new (256); |
1565 | gcry_mpi_t r2 = gcry_mpi_new (0); | 1917 | gcry_mpi_t r2 = gcry_mpi_new (256); |
1566 | gcry_mpi_t c = gcry_mpi_new (0); | 1918 | gcry_mpi_t c = gcry_mpi_new (256); |
1567 | gcry_mpi_t sum = gcry_mpi_new (0); | 1919 | gcry_mpi_t sum = gcry_mpi_new (256); |
1568 | gcry_mpi_point_t right = gcry_mpi_point_new (0); | 1920 | gcry_mpi_point_t right = gcry_mpi_point_new (0); |
1569 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1921 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
1570 | 1922 | ||
@@ -1635,52 +1987,3 @@ smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
1635 | weprintf ("ret: 0x%x", ret); | 1987 | weprintf ("ret: 0x%x", ret); |
1636 | return ret; | 1988 | return ret; |
1637 | } | 1989 | } |
1638 | |||
1639 | |||
1640 | /* --- unused stuff, might become useful later --- */ | ||
1641 | |||
1642 | ///** | ||
1643 | // * Clear memory that was used to store a private key. | ||
1644 | // * | ||
1645 | // * @param skey the key | ||
1646 | // */ | ||
1647 | //void | ||
1648 | //brandt_ec_key_clear (gcry_mpi_t skey) | ||
1649 | //{ | ||
1650 | // gcry_mpi_randomize (skey, 256, GCRY_WEAK_RANDOM); | ||
1651 | // gcry_mpi_release (skey); | ||
1652 | //} | ||
1653 | |||
1654 | |||
1655 | ///** | ||
1656 | // * Generate a random value mod n. | ||
1657 | // * | ||
1658 | // * @param edc ECC context | ||
1659 | // * @return random value mod n. | ||
1660 | // */ | ||
1661 | //gcry_mpi_t | ||
1662 | //GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc) | ||
1663 | //{ | ||
1664 | // gcry_mpi_t n; | ||
1665 | // unsigned int highbit; | ||
1666 | // gcry_mpi_t r; | ||
1667 | // | ||
1668 | // n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1); | ||
1669 | // | ||
1670 | // /* check public key for number of bits, bail out if key is all zeros */ | ||
1671 | // highbit = 256; /* Curve25519 */ | ||
1672 | // while ( (! gcry_mpi_test_bit (n, highbit)) && | ||
1673 | // (0 != highbit) ) | ||
1674 | // highbit--; | ||
1675 | // GNUNET_assert (0 != highbit); | ||
1676 | // /* generate fact < n (without bias) */ | ||
1677 | // GNUNET_assert (NULL != (r = gcry_mpi_new (0))); | ||
1678 | // do { | ||
1679 | // gcry_mpi_randomize (r, | ||
1680 | // highbit + 1, | ||
1681 | // GCRY_STRONG_RANDOM); | ||
1682 | // } | ||
1683 | // while (gcry_mpi_cmp (r, n) >= 0); | ||
1684 | // gcry_mpi_release (n); | ||
1685 | // return r; | ||
1686 | //} | ||
@@ -26,9 +26,11 @@ | |||
26 | #include <gcrypt.h> | 26 | #include <gcrypt.h> |
27 | #include <stdint.h> | 27 | #include <stdint.h> |
28 | 28 | ||
29 | #include <gnunet/gnunet_util_lib.h> | ||
30 | |||
29 | #include "internals.h" | 31 | #include "internals.h" |
30 | 32 | ||
31 | void brandt_crypto_init (); | 33 | void brandt_crypto_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx); |
32 | 34 | ||
33 | 35 | ||
34 | /* --- HASHING --- */ | 36 | /* --- HASHING --- */ |
@@ -48,6 +50,7 @@ struct ec_mpi { | |||
48 | unsigned char data[256 / 8]; | 50 | unsigned char data[256 / 8]; |
49 | }; | 51 | }; |
50 | 52 | ||
53 | void ec_point_copy (gcry_mpi_point_t dst, const gcry_mpi_point_t src); | ||
51 | int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b); | 54 | int ec_point_cmp (const gcry_mpi_point_t a, const gcry_mpi_point_t b); |
52 | void ec_skey_create (gcry_mpi_t skey); | 55 | void ec_skey_create (gcry_mpi_t skey); |
53 | void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey); | 56 | void ec_keypair_create (gcry_mpi_point_t pkey, gcry_mpi_t skey); |
@@ -111,30 +114,42 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y, | |||
111 | 114 | ||
112 | /* --- Protocol implementation --- */ | 115 | /* --- Protocol implementation --- */ |
113 | 116 | ||
114 | unsigned char *smc_gen_keyshare (struct AuctionData *ad, size_t *buflen); | 117 | unsigned char *smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen); |
115 | int smc_recv_keyshare (struct AuctionData *ad, | 118 | int smc_recv_keyshare (struct BRANDT_Auction *ad, |
116 | unsigned char *buf, | 119 | const unsigned char *buf, |
117 | size_t buflen, | 120 | size_t buflen, |
118 | uint16_t sender_index); | 121 | uint16_t sender_index); |
119 | 122 | ||
120 | unsigned char *smc_encrypt_bid (struct AuctionData *ad, size_t *buflen); | 123 | unsigned char *smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen); |
121 | int smc_recv_encrypted_bid (struct AuctionData *ad, | 124 | int smc_recv_encrypted_bid (struct BRANDT_Auction *ad, |
122 | unsigned char *buf, | 125 | const unsigned char *buf, |
123 | size_t buflen, | 126 | size_t buflen, |
124 | uint16_t sender_index); | 127 | uint16_t sender_index); |
125 | 128 | ||
126 | unsigned char *smc_compute_outcome (struct AuctionData *ad, size_t *buflen); | 129 | unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen); |
127 | int smc_recv_outcome (struct AuctionData *ad, | 130 | int fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
128 | unsigned char *buf, | 131 | const unsigned char *buf, |
129 | size_t buflen, | 132 | size_t buflen, |
130 | uint16_t sender); | 133 | uint16_t sender); |
131 | 134 | ||
132 | unsigned char *smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen); | 135 | unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen); |
133 | int smc_recv_decryption (struct AuctionData *ad, | 136 | int fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
134 | unsigned char *buf, | 137 | const unsigned char *buf, |
135 | size_t buflen, | 138 | size_t buflen, |
136 | uint16_t sender); | 139 | uint16_t sender); |
137 | 140 | ||
138 | int32_t smc_determine_outcome (struct AuctionData *ad); | 141 | unsigned char *fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen); |
142 | int fp_pub_recv_outcome (struct BRANDT_Auction *ad, | ||
143 | const unsigned char *buf, | ||
144 | size_t buflen, | ||
145 | uint16_t sender); | ||
146 | |||
147 | unsigned char *fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen); | ||
148 | int fp_pub_recv_decryption (struct BRANDT_Auction *ad, | ||
149 | const unsigned char *buf, | ||
150 | size_t buflen, | ||
151 | uint16_t sender); | ||
152 | |||
153 | int32_t fp_priv_determine_outcome (struct BRANDT_Auction *ad); | ||
139 | 154 | ||
140 | #endif /* ifndef _BRANDT_CRYPTO_H */ | 155 | #endif /* ifndef _BRANDT_CRYPTO_H */ |
diff --git a/internals.h b/internals.h index 7dab0d6..4624347 100644 --- a/internals.h +++ b/internals.h | |||
@@ -40,8 +40,10 @@ enum rounds { | |||
40 | /** | 40 | /** |
41 | * This struct describes an auction and has to be followed by #description_len | 41 | * This struct describes an auction and has to be followed by #description_len |
42 | * bytes of arbitrary data where the description of the item to be sold is | 42 | * bytes of arbitrary data where the description of the item to be sold is |
43 | * stored. */ | 43 | * stored. |
44 | struct AuctionDescr { | 44 | * |
45 | * \todo: align to a multiple of 64bit */ | ||
46 | struct BRANDT_AuctionDescrP { | ||
45 | /** The length of the description in bytes directly following this struct */ | 47 | /** The length of the description in bytes directly following this struct */ |
46 | uint32_t description_len; | 48 | uint32_t description_len; |
47 | 49 | ||
@@ -55,11 +57,13 @@ struct AuctionDescr { | |||
55 | 57 | ||
56 | /** The amount of possible prices */ | 58 | /** The amount of possible prices */ |
57 | uint16_t price_range; | 59 | uint16_t price_range; |
60 | |||
61 | /** \todo: time */ | ||
58 | }; | 62 | }; |
59 | 63 | ||
60 | 64 | ||
61 | struct BRANDT_Auction { | 65 | struct BRANDT_Auction { |
62 | struct AuctionDescr *desc; /** pointer to the auction information */ | 66 | struct BRANDT_AuctionDescrP *desc; /** pointer to the auction information */ |
63 | 67 | ||
64 | BRANDT_CbBroadcast bcast; /** broadcast callback */ | 68 | BRANDT_CbBroadcast bcast; /** broadcast callback */ |
65 | BRANDT_CbUnicast ucast; /** unicast callback */ | 69 | BRANDT_CbUnicast ucast; /** unicast callback */ |
diff --git a/test_crypto.c b/test_crypto.c index c1774e4..b039011 100644 --- a/test_crypto.c +++ b/test_crypto.c | |||
@@ -20,6 +20,8 @@ | |||
20 | * @author Markus Teich | 20 | * @author Markus Teich |
21 | */ | 21 | */ |
22 | 22 | ||
23 | #include "brandt_config.h" | ||
24 | |||
23 | /* For testing static functions and variables we include the whole source */ | 25 | /* For testing static functions and variables we include the whole source */ |
24 | #include "crypto.c" | 26 | #include "crypto.c" |
25 | 27 | ||
@@ -30,7 +32,7 @@ | |||
30 | 32 | ||
31 | static uint16_t bidders; | 33 | static uint16_t bidders; |
32 | static uint16_t prizes; | 34 | static uint16_t prizes; |
33 | static struct AuctionData *ad; | 35 | static struct BRANDT_Auction *ad; |
34 | 36 | ||
35 | int | 37 | int |
36 | test_smc_2d_array () | 38 | test_smc_2d_array () |
@@ -79,8 +81,8 @@ test_serialization () | |||
79 | { | 81 | { |
80 | gcry_mpi_point_t oldp = gcry_mpi_point_new (0); | 82 | gcry_mpi_point_t oldp = gcry_mpi_point_new (0); |
81 | gcry_mpi_point_t newp = gcry_mpi_point_new (0); | 83 | gcry_mpi_point_t newp = gcry_mpi_point_new (0); |
82 | gcry_mpi_t oldi = gcry_mpi_new (0); | 84 | gcry_mpi_t oldi = gcry_mpi_new (256); |
83 | gcry_mpi_t newi = gcry_mpi_new (0); | 85 | gcry_mpi_t newi = gcry_mpi_new (256); |
84 | struct ec_mpi serp; | 86 | struct ec_mpi serp; |
85 | struct ec_mpi seri; | 87 | struct ec_mpi seri; |
86 | 88 | ||
@@ -111,7 +113,7 @@ int | |||
111 | test_smc_zkp_dl () | 113 | test_smc_zkp_dl () |
112 | { | 114 | { |
113 | struct proof_dl proof; | 115 | struct proof_dl proof; |
114 | gcry_mpi_t x = gcry_mpi_new (0); | 116 | gcry_mpi_t x = gcry_mpi_new (256); |
115 | gcry_mpi_point_t v = gcry_mpi_point_new (0); | 117 | gcry_mpi_point_t v = gcry_mpi_point_new (0); |
116 | 118 | ||
117 | ec_skey_create (x); | 119 | ec_skey_create (x); |
@@ -130,7 +132,7 @@ int | |||
130 | test_smc_zkp_2dle () | 132 | test_smc_zkp_2dle () |
131 | { | 133 | { |
132 | struct proof_2dle proof; | 134 | struct proof_2dle proof; |
133 | gcry_mpi_t x = gcry_mpi_new (0); | 135 | gcry_mpi_t x = gcry_mpi_new (256); |
134 | gcry_mpi_point_t g1 = gcry_mpi_point_new (0); | 136 | gcry_mpi_point_t g1 = gcry_mpi_point_new (0); |
135 | gcry_mpi_point_t g2 = gcry_mpi_point_new (0); | 137 | gcry_mpi_point_t g2 = gcry_mpi_point_new (0); |
136 | gcry_mpi_point_t v = gcry_mpi_point_new (0); | 138 | gcry_mpi_point_t v = gcry_mpi_point_new (0); |
@@ -184,7 +186,7 @@ test_setup_auction_data () | |||
184 | { | 186 | { |
185 | uint16_t i; | 187 | uint16_t i; |
186 | 188 | ||
187 | ad = calloc (bidders, sizeof (struct AuctionData)); | 189 | ad = calloc (bidders, sizeof (struct BRANDT_Auction)); |
188 | 190 | ||
189 | for (i = 0; i < bidders; i++) | 191 | for (i = 0; i < bidders; i++) |
190 | { | 192 | { |
@@ -266,7 +268,7 @@ test_round2 () | |||
266 | 268 | ||
267 | for (i = 0; i < bidders; i++) | 269 | for (i = 0; i < bidders; i++) |
268 | { | 270 | { |
269 | bufs[i] = smc_compute_outcome (&ad[i], &lens[i]); | 271 | bufs[i] = fp_priv_compute_outcome (&ad[i], &lens[i]); |
270 | check (bufs[i], "failed to compute outcome"); | 272 | check (bufs[i], "failed to compute outcome"); |
271 | } | 273 | } |
272 | 274 | ||
@@ -276,7 +278,7 @@ test_round2 () | |||
276 | { | 278 | { |
277 | if (s == i) | 279 | if (s == i) |
278 | continue; | 280 | continue; |
279 | check (smc_recv_outcome (&ad[i], bufs[s], lens[s], s), | 281 | check (fp_priv_recv_outcome (&ad[i], bufs[s], lens[s], s), |
280 | "failed checking outcome"); | 282 | "failed checking outcome"); |
281 | } | 283 | } |
282 | } | 284 | } |
@@ -296,7 +298,7 @@ test_round3 () | |||
296 | 298 | ||
297 | for (i = 0; i < bidders; i++) | 299 | for (i = 0; i < bidders; i++) |
298 | { | 300 | { |
299 | bufs[i] = smc_decrypt_outcome (&ad[i], &lens[i]); | 301 | bufs[i] = fp_priv_decrypt_outcome (&ad[i], &lens[i]); |
300 | check (bufs[i], "failed to decrypt outcome"); | 302 | check (bufs[i], "failed to decrypt outcome"); |
301 | } | 303 | } |
302 | 304 | ||
@@ -306,7 +308,7 @@ test_round3 () | |||
306 | { | 308 | { |
307 | if (s == i) | 309 | if (s == i) |
308 | continue; | 310 | continue; |
309 | check (smc_recv_decryption (&ad[i], bufs[s], lens[s], s), | 311 | check (fp_priv_recv_decryption (&ad[i], bufs[s], lens[s], s), |
310 | "failed checking decrypted outcome"); | 312 | "failed checking decrypted outcome"); |
311 | } | 313 | } |
312 | } | 314 | } |
@@ -324,7 +326,7 @@ test_outcome () | |||
324 | 326 | ||
325 | for (uint16_t i = 0; i < ad->n; i++) | 327 | for (uint16_t i = 0; i < ad->n; i++) |
326 | { | 328 | { |
327 | if (-1 != smc_determine_outcome (&ad[i])) | 329 | if (-1 != fp_priv_determine_outcome (&ad[i])) |
328 | { | 330 | { |
329 | check (-1 == ret, "multiple winners detected"); | 331 | check (-1 == ret, "multiple winners detected"); |
330 | ret = i; | 332 | ret = i; |
@@ -346,9 +348,14 @@ cleanup_auction_data () | |||
346 | smc_free1 (ad[i].y, ad[i].n); | 348 | smc_free1 (ad[i].y, ad[i].n); |
347 | smc_free2 (ad[i].alpha, ad[i].n, ad[i].k); | 349 | smc_free2 (ad[i].alpha, ad[i].n, ad[i].k); |
348 | smc_free2 (ad[i].beta, ad[i].n, ad[i].k); | 350 | smc_free2 (ad[i].beta, ad[i].n, ad[i].k); |
349 | smc_free3 (ad[i].gamma, ad[i].n, ad[i].n, ad[i].k); | 351 | smc_free2 (ad[i].gamma2, ad[i].n, ad[i].k); |
350 | smc_free3 (ad[i].delta, ad[i].n, ad[i].n, ad[i].k); | 352 | smc_free2 (ad[i].delta2, ad[i].n, ad[i].k); |
351 | smc_free3 (ad[i].phi, ad[i].n, ad[i].n, ad[i].k); | 353 | smc_free2 (ad[i].phi2, ad[i].n, ad[i].k); |
354 | smc_free3 (ad[i].gamma3, ad[i].n, ad[i].n, ad[i].k); | ||
355 | smc_free3 (ad[i].delta3, ad[i].n, ad[i].n, ad[i].k); | ||
356 | smc_free3 (ad[i].phi3, ad[i].n, ad[i].n, ad[i].k); | ||
357 | smc_free1 (ad[i].tmpa1, ad[i].k); | ||
358 | smc_free1 (ad[i].tmpb1, ad[i].k); | ||
352 | } | 359 | } |
353 | free (ad); | 360 | free (ad); |
354 | } | 361 | } |
@@ -358,11 +365,13 @@ int | |||
358 | main (int argc, char *argv[]) | 365 | main (int argc, char *argv[]) |
359 | { | 366 | { |
360 | int repeat = 8; | 367 | int repeat = 8; |
368 | struct GNUNET_CRYPTO_EccDlogContext *edc; | ||
361 | 369 | ||
362 | bidders = 2; | 370 | bidders = 2; |
363 | prizes = 2 * bidders; | 371 | prizes = 2 * bidders; |
364 | 372 | ||
365 | BRANDT_init (); | 373 | edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024 * 1024, 1024); |
374 | BRANDT_init (edc); | ||
366 | 375 | ||
367 | /* tests that need to run only once */ | 376 | /* tests that need to run only once */ |
368 | run (test_smc_2d_array); | 377 | run (test_smc_2d_array); |
@@ -384,5 +393,6 @@ main (int argc, char *argv[]) | |||
384 | cleanup_auction_data (); | 393 | cleanup_auction_data (); |
385 | } | 394 | } |
386 | 395 | ||
396 | GNUNET_CRYPTO_ecc_dlog_release (edc); | ||
387 | return ret; | 397 | return ret; |
388 | } | 398 | } |
diff --git a/tex-stuff/math.tex b/tex-stuff/math.tex index e274e39..c515973 100644 --- a/tex-stuff/math.tex +++ b/tex-stuff/math.tex | |||
@@ -76,7 +76,7 @@ case, in other words, it is shown that $M \in \{0, G\}$. \\ | |||
76 | Proof: & $A_1, A_2, B_1, B_2, d_1, d_2, r_1, r_2$ | 76 | Proof: & $A_1, A_2, B_1, B_2, d_1, d_2, r_1, r_2$ |
77 | \end{tabular} | 77 | \end{tabular} |
78 | 78 | ||
79 | \subsection{Protocol} | 79 | \subsection{First Price Auction Protocol With Private Outcome} |
80 | 80 | ||
81 | Let $n$ be the number of participating bidders/agents in the protocol and $k$ be | 81 | Let $n$ be the number of participating bidders/agents in the protocol and $k$ be |
82 | the amount of possible valuations/prices for the sold good. Let $G$ be the | 82 | the amount of possible valuations/prices for the sold good. Let $G$ be the |
@@ -131,6 +131,8 @@ each $i, j$ and $h \neq i$ after having received all of them. | |||
131 | \item If $\exists w: V_{aw} = 0$, then bidder $a$ is the winner of the auction. $p_w$ is the selling price. | 131 | \item If $\exists w: V_{aw} = 0$, then bidder $a$ is the winner of the auction. $p_w$ is the selling price. |
132 | \end{enumerate} | 132 | \end{enumerate} |
133 | 133 | ||
134 | \subsection{First Price Auction Protocol With Public Outcome} | ||
135 | |||
134 | 136 | ||
135 | 137 | ||
136 | 138 | ||
@@ -19,6 +19,9 @@ | |||
19 | * @brief Implementation of common utility functions. | 19 | * @brief Implementation of common utility functions. |
20 | * @author Markus Teich | 20 | * @author Markus Teich |
21 | */ | 21 | */ |
22 | |||
23 | #include "brandt_config.h" | ||
24 | |||
22 | #include <errno.h> | 25 | #include <errno.h> |
23 | #include <stdarg.h> | 26 | #include <stdarg.h> |
24 | #include <stdio.h> | 27 | #include <stdio.h> |