diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-28 17:24:59 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-28 17:24:59 +0200 |
commit | 1a6dc56f1a67cda40da759abc1999022ec523f50 (patch) | |
tree | 23a23adb509b63ac242b4fb852b529d059d4a32c /crypto.c | |
parent | 81fb449262325d074ccf6c7038f2344515c8c658 (diff) | |
download | libbrandt-1a6dc56f1a67cda40da759abc1999022ec523f50.tar.gz libbrandt-1a6dc56f1a67cda40da759abc1999022ec523f50.zip |
add outcome decryption plus test
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 110 |
1 files changed, 108 insertions, 2 deletions
@@ -820,7 +820,7 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
820 | 820 | ||
821 | brandt_assert (ad && buflen); | 821 | brandt_assert (ad && buflen); |
822 | 822 | ||
823 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 823 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ |
824 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 824 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
825 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 825 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
826 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || | 826 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || |
@@ -963,7 +963,7 @@ smc_recv_outcome (struct AuctionData *ad, | |||
963 | if (buflen != (ad->n * ad->k * | 963 | if (buflen != (ad->n * ad->k * |
964 | (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) | 964 | (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) |
965 | { | 965 | { |
966 | weprintf ("wrong size of received encrypted bid"); | 966 | weprintf ("wrong size of received outcome"); |
967 | goto quit; | 967 | goto quit; |
968 | } | 968 | } |
969 | 969 | ||
@@ -998,6 +998,112 @@ quit: | |||
998 | 998 | ||
999 | 999 | ||
1000 | /** | 1000 | /** |
1001 | * smc_decrypt_outcome \todo | ||
1002 | * | ||
1003 | * @param ad TODO | ||
1004 | * @param buflen TODO | ||
1005 | */ | ||
1006 | unsigned char * | ||
1007 | smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | ||
1008 | { | ||
1009 | unsigned char *ret; | ||
1010 | unsigned char *cur; | ||
1011 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1012 | struct ec_mpi *phi; | ||
1013 | struct proof_2dle *proof2; | ||
1014 | |||
1015 | brandt_assert (ad && buflen); | ||
1016 | |||
1017 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | ||
1018 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
1019 | NULL == (ad->phi = smc_init3 (ad->n, ad->n, ad->k))) | ||
1020 | { | ||
1021 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
1022 | return NULL; | ||
1023 | } | ||
1024 | |||
1025 | for (uint16_t i = 0; i < ad->n; i++) | ||
1026 | { | ||
1027 | for (uint16_t j = 0; j < ad->k; j++) | ||
1028 | { | ||
1029 | phi = (struct ec_mpi *)cur; | ||
1030 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | ||
1031 | |||
1032 | smc_sum (tmp, &ad->delta[0][i][j], ad->n, ad->n * ad->k); | ||
1033 | |||
1034 | /* copy still encrypted outcome to all other bidder layers so they | ||
1035 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1036 | * other bidders when receiving their outcome decryption messages */ | ||
1037 | for (uint16_t a = 0; a < ad->n; a++) | ||
1038 | /**\todo: how to copy a point more efficiently? */ | ||
1039 | gcry_mpi_ec_add (ad->phi[a][i][j], ec_zero, tmp, ec_ctx); | ||
1040 | |||
1041 | /* decrypt outcome component and prove the correct key was used */ | ||
1042 | smc_zkp_2dle (ad->phi[ad->i][i][j], | ||
1043 | NULL, | ||
1044 | tmp, | ||
1045 | ec_gen, | ||
1046 | ad->x, | ||
1047 | proof2); | ||
1048 | |||
1049 | ec_point_serialize (phi, ad->phi[ad->i][i][j]); | ||
1050 | |||
1051 | cur += sizeof (*phi) + sizeof (*proof2); | ||
1052 | } | ||
1053 | } | ||
1054 | |||
1055 | gcry_mpi_point_release (tmp); | ||
1056 | return ret; | ||
1057 | } | ||
1058 | |||
1059 | |||
1060 | int | ||
1061 | smc_recv_decryption (struct AuctionData *ad, | ||
1062 | unsigned char *buf, | ||
1063 | size_t buflen, | ||
1064 | uint16_t sender) | ||
1065 | { | ||
1066 | int ret = 0; | ||
1067 | unsigned char *cur = buf; | ||
1068 | struct proof_2dle *proof2; | ||
1069 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | ||
1070 | |||
1071 | brandt_assert (ad && buf); | ||
1072 | |||
1073 | if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
1074 | { | ||
1075 | weprintf ("wrong size of received outcome decryption"); | ||
1076 | goto quit; | ||
1077 | } | ||
1078 | |||
1079 | for (uint16_t i = 0; i < ad->n; i++) | ||
1080 | { | ||
1081 | for (uint16_t j = 0; j < ad->k; j++) | ||
1082 | { | ||
1083 | ec_point_parse (phi, (struct ec_mpi *)cur); | ||
1084 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | ||
1085 | if (smc_zkp_2dle_check (phi, | ||
1086 | ad->y[sender], | ||
1087 | ad->phi[sender][i][j], | ||
1088 | ec_gen, | ||
1089 | proof2)) | ||
1090 | { | ||
1091 | weprintf ("wrong zkp2 for phi, y received"); | ||
1092 | goto quit; | ||
1093 | } | ||
1094 | gcry_mpi_ec_add (ad->phi[sender][i][j], phi, ec_zero, ec_ctx); | ||
1095 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | ||
1096 | } | ||
1097 | } | ||
1098 | |||
1099 | ret = 1; | ||
1100 | quit: | ||
1101 | gcry_mpi_point_release (phi); | ||
1102 | return ret; | ||
1103 | } | ||
1104 | |||
1105 | |||
1106 | /** | ||
1001 | * smc_zkp_dl creates a proof of knowledge of @a x with \f$v = xg\f$ where | 1107 | * smc_zkp_dl creates a proof of knowledge of @a x with \f$v = xg\f$ where |
1002 | * \f$g\f$ is the base point on Ed25519. | 1108 | * \f$g\f$ is the base point on Ed25519. |
1003 | * | 1109 | * |