diff options
| author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 15:13:50 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 15:13:50 +0200 |
| commit | f294cd3a85c084490a10ae6ac9c1dab4c60a7678 (patch) | |
| tree | 1da393c61f4662eb4f18e71c5b7cc552a7c1cfae | |
| parent | 7b84ab7fe10b0ccf6c5e93bebf06267e18a09bf8 (diff) | |
| download | libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.tar.gz libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.zip | |
finish prep functions for first price auctions
| -rw-r--r-- | crypto.c | 145 | ||||
| -rw-r--r-- | crypto.h | 6 | ||||
| -rw-r--r-- | test_crypto.c | 7 |
3 files changed, 97 insertions, 61 deletions
| @@ -1237,21 +1237,9 @@ struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad, | |||
| 1237 | } | 1237 | } |
| 1238 | 1238 | ||
| 1239 | 1239 | ||
| 1240 | /** | 1240 | void |
| 1241 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into | 1241 | fp_priv_prep_outcome (struct BRANDT_Auction *ad) |
| 1242 | * a message buffer together with proofs of correctnes. | ||
| 1243 | * | ||
| 1244 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
| 1245 | * @param[out] buflen Size of the returned message buffer in bytes | ||
| 1246 | * @return A buffer containing the encrypted outcome vectors | ||
| 1247 | * which needs to be broadcast | ||
| 1248 | */ | ||
| 1249 | unsigned char * | ||
| 1250 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
| 1251 | { | 1242 | { |
| 1252 | unsigned char *ret; | ||
| 1253 | unsigned char *cur; | ||
| 1254 | struct msg_head *head; | ||
| 1255 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | 1243 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); |
| 1256 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | 1244 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); |
| 1257 | gcry_mpi_point_t *tlta1; | 1245 | gcry_mpi_point_t *tlta1; |
| @@ -1260,27 +1248,12 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1260 | gcry_mpi_point_t **tltb2; | 1248 | gcry_mpi_point_t **tltb2; |
| 1261 | gcry_mpi_point_t **tlta3; | 1249 | gcry_mpi_point_t **tlta3; |
| 1262 | gcry_mpi_point_t **tltb3; | 1250 | gcry_mpi_point_t **tltb3; |
| 1263 | struct ec_mpi *gamma; | ||
| 1264 | struct ec_mpi *delta; | ||
| 1265 | struct proof_2dle *proof2; | ||
| 1266 | |||
| 1267 | brandt_assert (ad && buflen); | ||
| 1268 | 1251 | ||
| 1269 | *buflen = (sizeof (*head) + /* msg header */ | 1252 | ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); |
| 1270 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1253 | brandt_assert (ad->gamma3); |
| 1271 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
| 1272 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
| 1273 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || | ||
| 1274 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) | ||
| 1275 | { | ||
| 1276 | weprintf ("unable to alloc memory for first price outcome computation"); | ||
| 1277 | return NULL; | ||
| 1278 | } | ||
| 1279 | 1254 | ||
| 1280 | head = (struct msg_head *)ret; | 1255 | ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); |
| 1281 | head->prot_version = htonl (0); | 1256 | brandt_assert (ad->delta3); |
| 1282 | head->msg_type = htonl (msg_outcome); | ||
| 1283 | cur = ret + sizeof (*head); | ||
| 1284 | 1257 | ||
| 1285 | /* create temporary lookup tables with partial sums */ | 1258 | /* create temporary lookup tables with partial sums */ |
| 1286 | tlta1 = smc_init1 (ad->k); | 1259 | tlta1 = smc_init1 (ad->k); |
| @@ -1349,10 +1322,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1349 | { | 1322 | { |
| 1350 | for (uint16_t j = 0; j < ad->k; j++) | 1323 | for (uint16_t j = 0; j < ad->k; j++) |
| 1351 | { | 1324 | { |
| 1352 | gamma = (struct ec_mpi *)cur; | ||
| 1353 | delta = &((struct ec_mpi *)cur)[1]; | ||
| 1354 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
| 1355 | |||
| 1356 | /* compute inner gamma */ | 1325 | /* compute inner gamma */ |
| 1357 | gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); | 1326 | gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); |
| 1358 | gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); | 1327 | gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); |
| @@ -1369,6 +1338,63 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1369 | ec_point_copy (ad->gamma3[a][i][j], tmpa); | 1338 | ec_point_copy (ad->gamma3[a][i][j], tmpa); |
| 1370 | ec_point_copy (ad->delta3[a][i][j], tmpb); | 1339 | ec_point_copy (ad->delta3[a][i][j], tmpb); |
| 1371 | } | 1340 | } |
| 1341 | } | ||
| 1342 | } | ||
| 1343 | |||
| 1344 | gcry_mpi_point_release (tmpa); | ||
| 1345 | gcry_mpi_point_release (tmpb); | ||
| 1346 | smc_free1 (tlta1, ad->k); | ||
| 1347 | smc_free1 (tltb1, ad->k); | ||
| 1348 | smc_free2 (tlta2, ad->n, ad->k); | ||
| 1349 | smc_free2 (tltb2, ad->n, ad->k); | ||
| 1350 | smc_free2 (tlta3, ad->n, ad->k); | ||
| 1351 | smc_free2 (tltb3, ad->n, ad->k); | ||
| 1352 | } | ||
| 1353 | |||
| 1354 | |||
| 1355 | /** | ||
| 1356 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into | ||
| 1357 | * a message buffer together with proofs of correctnes. | ||
| 1358 | * | ||
| 1359 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
| 1360 | * @param[out] buflen Size of the returned message buffer in bytes | ||
| 1361 | * @return A buffer containing the encrypted outcome vectors | ||
| 1362 | * which needs to be broadcast | ||
| 1363 | */ | ||
| 1364 | unsigned char * | ||
| 1365 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
| 1366 | { | ||
| 1367 | unsigned char *ret; | ||
| 1368 | unsigned char *cur; | ||
| 1369 | struct msg_head *head; | ||
| 1370 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | ||
| 1371 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | ||
| 1372 | struct ec_mpi *gamma; | ||
| 1373 | struct ec_mpi *delta; | ||
| 1374 | struct proof_2dle *proof2; | ||
| 1375 | |||
| 1376 | brandt_assert (ad && buflen); | ||
| 1377 | |||
| 1378 | *buflen = (sizeof (*head) + /* msg header */ | ||
| 1379 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | ||
| 1380 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
| 1381 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
| 1382 | |||
| 1383 | head = (struct msg_head *)ret; | ||
| 1384 | head->prot_version = htonl (0); | ||
| 1385 | head->msg_type = htonl (msg_outcome); | ||
| 1386 | cur = ret + sizeof (*head); | ||
| 1387 | |||
| 1388 | for (uint16_t i = 0; i < ad->n; i++) | ||
| 1389 | { | ||
| 1390 | for (uint16_t j = 0; j < ad->k; j++) | ||
| 1391 | { | ||
| 1392 | gamma = (struct ec_mpi *)cur; | ||
| 1393 | delta = &((struct ec_mpi *)cur)[1]; | ||
| 1394 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
| 1395 | |||
| 1396 | ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]); | ||
| 1397 | ec_point_copy (tmpb, ad->delta3[ad->i][i][j]); | ||
| 1372 | 1398 | ||
| 1373 | /* apply random masking for losing bidders */ | 1399 | /* apply random masking for losing bidders */ |
| 1374 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], | 1400 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], |
| @@ -1387,12 +1413,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1387 | 1413 | ||
| 1388 | gcry_mpi_point_release (tmpa); | 1414 | gcry_mpi_point_release (tmpa); |
| 1389 | gcry_mpi_point_release (tmpb); | 1415 | gcry_mpi_point_release (tmpb); |
| 1390 | smc_free1 (tlta1, ad->k); | ||
| 1391 | smc_free1 (tltb1, ad->k); | ||
| 1392 | smc_free2 (tlta2, ad->n, ad->k); | ||
| 1393 | smc_free2 (tltb2, ad->n, ad->k); | ||
| 1394 | smc_free2 (tlta3, ad->n, ad->k); | ||
| 1395 | smc_free2 (tltb3, ad->n, ad->k); | ||
| 1396 | return ret; | 1416 | return ret; |
| 1397 | } | 1417 | } |
| 1398 | 1418 | ||
| @@ -1448,6 +1468,32 @@ quit: | |||
| 1448 | } | 1468 | } |
| 1449 | 1469 | ||
| 1450 | 1470 | ||
| 1471 | void | ||
| 1472 | fp_priv_prep_decryption (struct BRANDT_Auction *ad) | ||
| 1473 | { | ||
| 1474 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
| 1475 | |||
| 1476 | ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); | ||
| 1477 | brandt_assert (ad->phi3); | ||
| 1478 | |||
| 1479 | for (uint16_t i = 0; i < ad->n; i++) | ||
| 1480 | { | ||
| 1481 | for (uint16_t j = 0; j < ad->k; j++) | ||
| 1482 | { | ||
| 1483 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); | ||
| 1484 | |||
| 1485 | /* copy still encrypted outcome to all other bidder layers so they | ||
| 1486 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
| 1487 | * other bidders when receiving their outcome decryption messages */ | ||
| 1488 | for (uint16_t a = 0; a < ad->n; a++) | ||
| 1489 | ec_point_copy (ad->phi3[a][i][j], tmp); | ||
| 1490 | } | ||
| 1491 | } | ||
| 1492 | |||
| 1493 | gcry_mpi_point_release (tmp); | ||
| 1494 | } | ||
| 1495 | |||
| 1496 | |||
| 1451 | /** | 1497 | /** |
| 1452 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them | 1498 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them |
| 1453 | * into a message buffer together with proofs of correctnes. | 1499 | * into a message buffer together with proofs of correctnes. |
| @@ -1472,11 +1518,6 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1472 | *buflen = (sizeof (*head) + | 1518 | *buflen = (sizeof (*head) + |
| 1473 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1519 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
| 1474 | ret = GNUNET_new_array (*buflen, unsigned char); | 1520 | ret = GNUNET_new_array (*buflen, unsigned char); |
| 1475 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) | ||
| 1476 | { | ||
| 1477 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
| 1478 | return NULL; | ||
| 1479 | } | ||
| 1480 | 1521 | ||
| 1481 | head = (struct msg_head *)ret; | 1522 | head = (struct msg_head *)ret; |
| 1482 | head->prot_version = htonl (0); | 1523 | head->prot_version = htonl (0); |
| @@ -1490,13 +1531,7 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
| 1490 | phi = (struct ec_mpi *)cur; | 1531 | phi = (struct ec_mpi *)cur; |
| 1491 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | 1532 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); |
| 1492 | 1533 | ||
| 1493 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); | 1534 | ec_point_copy (tmp, ad->phi3[ad->i][i][j]); |
| 1494 | |||
| 1495 | /* copy still encrypted outcome to all other bidder layers so they | ||
| 1496 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
| 1497 | * other bidders when receiving their outcome decryption messages */ | ||
| 1498 | for (uint16_t a = 0; a < ad->n; a++) | ||
| 1499 | ec_point_copy (ad->phi3[a][i][j], tmp); | ||
| 1500 | 1535 | ||
| 1501 | /* decrypt outcome component and prove the correct key was used */ | 1536 | /* decrypt outcome component and prove the correct key was used */ |
| 1502 | smc_zkp_2dle (ad->phi3[ad->i][i][j], | 1537 | smc_zkp_2dle (ad->phi3[ad->i][i][j], |
| @@ -130,6 +130,7 @@ int smc_recv_encrypted_bid (struct BRANDT_Auction *ad, | |||
| 130 | size_t buflen, | 130 | size_t buflen, |
| 131 | uint16_t sender_index); | 131 | uint16_t sender_index); |
| 132 | 132 | ||
| 133 | void fp_priv_prep_outcome (struct BRANDT_Auction *ad); | ||
| 133 | unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, | 134 | unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad, |
| 134 | size_t *buflen); | 135 | size_t *buflen); |
| 135 | int fp_priv_recv_outcome (struct BRANDT_Auction *ad, | 136 | int fp_priv_recv_outcome (struct BRANDT_Auction *ad, |
| @@ -137,6 +138,7 @@ int fp_priv_recv_outcome (struct BRANDT_Auction *ad, | |||
| 137 | size_t buflen, | 138 | size_t buflen, |
| 138 | uint16_t sender); | 139 | uint16_t sender); |
| 139 | 140 | ||
| 141 | void fp_priv_prep_decryption (struct BRANDT_Auction *ad); | ||
| 140 | unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, | 142 | unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, |
| 141 | size_t *buflen); | 143 | size_t *buflen); |
| 142 | int fp_priv_recv_decryption (struct BRANDT_Auction *ad, | 144 | int fp_priv_recv_decryption (struct BRANDT_Auction *ad, |
| @@ -204,8 +206,8 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = { | |||
| 204 | [outcome_private] = { | 206 | [outcome_private] = { |
| 205 | [msg_init] = &smc_prep_keyshare, | 207 | [msg_init] = &smc_prep_keyshare, |
| 206 | [msg_bid] = &smc_prep_bid, | 208 | [msg_bid] = &smc_prep_bid, |
| 207 | // [msg_outcome] = &fp_priv_prep_outcome, | 209 | [msg_outcome] = &fp_priv_prep_outcome, |
| 208 | // [msg_decrypt] = &fp_priv_prep_decryption, | 210 | [msg_decrypt] = &fp_priv_prep_decryption, |
| 209 | }, | 211 | }, |
| 210 | [outcome_public] = { | 212 | [outcome_public] = { |
| 211 | [msg_init] = &smc_prep_keyshare, | 213 | [msg_init] = &smc_prep_keyshare, |
diff --git a/test_crypto.c b/test_crypto.c index 057754a..2d1b50a 100644 --- a/test_crypto.c +++ b/test_crypto.c | |||
| @@ -302,16 +302,15 @@ test_all_auctions () | |||
| 302 | if (auction_firstPrice != atype) /* others not yet implemented */ | 302 | if (auction_firstPrice != atype) /* others not yet implemented */ |
| 303 | continue; | 303 | continue; |
| 304 | 304 | ||
| 305 | // for (size_t oc = 0; oc < outcome_last; oc++) | 305 | for (size_t oc = 0; oc < outcome_last; oc++) |
| 306 | // { | 306 | { |
| 307 | size_t oc = outcome_public; | ||
| 308 | if (!test_setup_auction_data() || !test_auction (atype, oc)) | 307 | if (!test_setup_auction_data() || !test_auction (atype, oc)) |
| 309 | { | 308 | { |
| 310 | cleanup_auction_data (); | 309 | cleanup_auction_data (); |
| 311 | return 0; | 310 | return 0; |
| 312 | } | 311 | } |
| 313 | cleanup_auction_data (); | 312 | cleanup_auction_data (); |
| 314 | // } | 313 | } |
| 315 | } | 314 | } |
| 316 | 315 | ||
| 317 | return 1; | 316 | return 1; |