diff options
| author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-28 17:24:59 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-06-28 17:24:59 +0200 |
| commit | 1a6dc56f1a67cda40da759abc1999022ec523f50 (patch) | |
| tree | 23a23adb509b63ac242b4fb852b529d059d4a32c /crypto.c | |
| parent | 81fb449262325d074ccf6c7038f2344515c8c658 (diff) | |
| download | libbrandt-1a6dc56f1a67cda40da759abc1999022ec523f50.tar.gz libbrandt-1a6dc56f1a67cda40da759abc1999022ec523f50.zip | |
add outcome decryption plus test
Diffstat (limited to 'crypto.c')
| -rw-r--r-- | crypto.c | 110 |
1 files changed, 108 insertions, 2 deletions
| @@ -820,7 +820,7 @@ smc_compute_outcome (struct AuctionData *ad, size_t *buflen) | |||
| 820 | 820 | ||
| 821 | brandt_assert (ad && buflen); | 821 | brandt_assert (ad && buflen); |
| 822 | 822 | ||
| 823 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 823 | *buflen = (ad->n * ad->k * /* nk * (gamma, delta, proof2) */ |
| 824 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | 824 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); |
| 825 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | 825 | if (NULL == (cur = (ret = calloc (1, *buflen))) || |
| 826 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || | 826 | NULL == (ad->gamma = smc_init3 (ad->n, ad->n, ad->k)) || |
| @@ -963,7 +963,7 @@ smc_recv_outcome (struct AuctionData *ad, | |||
| 963 | if (buflen != (ad->n * ad->k * | 963 | if (buflen != (ad->n * ad->k * |
| 964 | (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) | 964 | (2 * sizeof (struct ec_mpi) + sizeof (*proof2)))) |
| 965 | { | 965 | { |
| 966 | weprintf ("wrong size of received encrypted bid"); | 966 | weprintf ("wrong size of received outcome"); |
| 967 | goto quit; | 967 | goto quit; |
| 968 | } | 968 | } |
| 969 | 969 | ||
| @@ -998,6 +998,112 @@ quit: | |||
| 998 | 998 | ||
| 999 | 999 | ||
| 1000 | /** | 1000 | /** |
| 1001 | * smc_decrypt_outcome \todo | ||
| 1002 | * | ||
| 1003 | * @param ad TODO | ||
| 1004 | * @param buflen TODO | ||
| 1005 | */ | ||
| 1006 | unsigned char * | ||
| 1007 | smc_decrypt_outcome (struct AuctionData *ad, size_t *buflen) | ||
| 1008 | { | ||
| 1009 | unsigned char *ret; | ||
| 1010 | unsigned char *cur; | ||
| 1011 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
| 1012 | struct ec_mpi *phi; | ||
| 1013 | struct proof_2dle *proof2; | ||
| 1014 | |||
| 1015 | brandt_assert (ad && buflen); | ||
| 1016 | |||
| 1017 | *buflen = (ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | ||
| 1018 | if (NULL == (cur = (ret = calloc (1, *buflen))) || | ||
| 1019 | NULL == (ad->phi = smc_init3 (ad->n, ad->n, ad->k))) | ||
| 1020 | { | ||
| 1021 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
| 1022 | return NULL; | ||
| 1023 | } | ||
| 1024 | |||
| 1025 | for (uint16_t i = 0; i < ad->n; i++) | ||
| 1026 | { | ||
| 1027 | for (uint16_t j = 0; j < ad->k; j++) | ||
| 1028 | { | ||
| 1029 | phi = (struct ec_mpi *)cur; | ||
| 1030 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | ||
| 1031 | |||
| 1032 | smc_sum (tmp, &ad->delta[0][i][j], ad->n, ad->n * ad->k); | ||
| 1033 | |||
| 1034 | /* copy still encrypted outcome to all other bidder layers so they | ||
| 1035 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
| 1036 | * other bidders when receiving their outcome decryption messages */ | ||
| 1037 | for (uint16_t a = 0; a < ad->n; a++) | ||
| 1038 | /**\todo: how to copy a point more efficiently? */ | ||
| 1039 | gcry_mpi_ec_add (ad->phi[a][i][j], ec_zero, tmp, ec_ctx); | ||
| 1040 | |||
| 1041 | /* decrypt outcome component and prove the correct key was used */ | ||
| 1042 | smc_zkp_2dle (ad->phi[ad->i][i][j], | ||
| 1043 | NULL, | ||
| 1044 | tmp, | ||
| 1045 | ec_gen, | ||
| 1046 | ad->x, | ||
| 1047 | proof2); | ||
| 1048 | |||
| 1049 | ec_point_serialize (phi, ad->phi[ad->i][i][j]); | ||
| 1050 | |||
| 1051 | cur += sizeof (*phi) + sizeof (*proof2); | ||
| 1052 | } | ||
| 1053 | } | ||
| 1054 | |||
| 1055 | gcry_mpi_point_release (tmp); | ||
| 1056 | return ret; | ||
| 1057 | } | ||
| 1058 | |||
| 1059 | |||
| 1060 | int | ||
| 1061 | smc_recv_decryption (struct AuctionData *ad, | ||
| 1062 | unsigned char *buf, | ||
| 1063 | size_t buflen, | ||
| 1064 | uint16_t sender) | ||
| 1065 | { | ||
| 1066 | int ret = 0; | ||
| 1067 | unsigned char *cur = buf; | ||
| 1068 | struct proof_2dle *proof2; | ||
| 1069 | gcry_mpi_point_t phi = gcry_mpi_point_new (0); | ||
| 1070 | |||
| 1071 | brandt_assert (ad && buf); | ||
| 1072 | |||
| 1073 | if (buflen != (ad->n * ad->k * (sizeof (struct ec_mpi) + sizeof (*proof2)))) | ||
| 1074 | { | ||
| 1075 | weprintf ("wrong size of received outcome decryption"); | ||
| 1076 | goto quit; | ||
| 1077 | } | ||
| 1078 | |||
| 1079 | for (uint16_t i = 0; i < ad->n; i++) | ||
| 1080 | { | ||
| 1081 | for (uint16_t j = 0; j < ad->k; j++) | ||
| 1082 | { | ||
| 1083 | ec_point_parse (phi, (struct ec_mpi *)cur); | ||
| 1084 | proof2 = (struct proof_2dle *)(cur + sizeof (struct ec_mpi)); | ||
| 1085 | if (smc_zkp_2dle_check (phi, | ||
| 1086 | ad->y[sender], | ||
| 1087 | ad->phi[sender][i][j], | ||
| 1088 | ec_gen, | ||
| 1089 | proof2)) | ||
| 1090 | { | ||
| 1091 | weprintf ("wrong zkp2 for phi, y received"); | ||
| 1092 | goto quit; | ||
| 1093 | } | ||
| 1094 | gcry_mpi_ec_add (ad->phi[sender][i][j], phi, ec_zero, ec_ctx); | ||
| 1095 | cur += sizeof (struct ec_mpi) + sizeof (*proof2); | ||
| 1096 | } | ||
| 1097 | } | ||
| 1098 | |||
| 1099 | ret = 1; | ||
| 1100 | quit: | ||
| 1101 | gcry_mpi_point_release (phi); | ||
| 1102 | return ret; | ||
| 1103 | } | ||
| 1104 | |||
| 1105 | |||
| 1106 | /** | ||
| 1001 | * smc_zkp_dl creates a proof of knowledge of @a x with \f$v = xg\f$ where | 1107 | * smc_zkp_dl creates a proof of knowledge of @a x with \f$v = xg\f$ where |
| 1002 | * \f$g\f$ is the base point on Ed25519. | 1108 | * \f$g\f$ is the base point on Ed25519. |
| 1003 | * | 1109 | * |