diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 14:37:22 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 14:37:22 +0200 |
commit | 9f0e72f1e8615c9c03222372b2c579471bcce602 (patch) | |
tree | a7fd357b79a9f939de5d5f67de1a030b59ff4418 /crypto.c | |
parent | 0d3b32b24881cb9ce89d0b6689ada53f88d0008e (diff) | |
download | libbrandt-9f0e72f1e8615c9c03222372b2c579471bcce602.tar.gz libbrandt-9f0e72f1e8615c9c03222372b2c579471bcce602.zip |
temporary dump for discussion
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 280 |
1 files changed, 179 insertions, 101 deletions
@@ -609,6 +609,14 @@ smc_sum (gcry_mpi_point_t out, | |||
609 | } | 609 | } |
610 | 610 | ||
611 | 611 | ||
612 | void | ||
613 | smc_prep_keyshare (struct BRANDT_Auction *ad) | ||
614 | { | ||
615 | ad->y = smc_init1 (ad->n); | ||
616 | brandt_assert (ad->y); | ||
617 | } | ||
618 | |||
619 | |||
612 | /** | 620 | /** |
613 | * smc_gen_keyshare creates the private keyshare and computes the | 621 | * smc_gen_keyshare creates the private keyshare and computes the |
614 | * public key share | 622 | * public key share |
@@ -622,20 +630,15 @@ unsigned char * | |||
622 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) | 630 | smc_gen_keyshare (struct BRANDT_Auction *ad, size_t *buflen) |
623 | { | 631 | { |
624 | unsigned char *ret; | 632 | unsigned char *ret; |
625 | struct proof_dl *proof1; | ||
626 | struct msg_head *head; | 633 | struct msg_head *head; |
627 | struct ec_mpi *pubkey_share; | 634 | struct ec_mpi *pubkey_share; |
635 | struct proof_dl *proof1; | ||
628 | 636 | ||
629 | brandt_assert (ad && buflen); | 637 | brandt_assert (ad && buflen); |
630 | *buflen = (sizeof (*head) + | 638 | *buflen = (sizeof (*head) + |
631 | sizeof (*pubkey_share) + | 639 | sizeof (*pubkey_share) + |
632 | sizeof (*proof1)); | 640 | sizeof (*proof1)); |
633 | ret = GNUNET_new_array (*buflen, unsigned char); | 641 | ret = GNUNET_new_array (*buflen, unsigned char); |
634 | if (NULL == (ad->y = smc_init1 (ad->n))) | ||
635 | { | ||
636 | weprintf ("unable to alloc memory for key shares"); | ||
637 | return NULL; | ||
638 | } | ||
639 | 642 | ||
640 | head = (struct msg_head *)ret; | 643 | head = (struct msg_head *)ret; |
641 | head->prot_version = htonl (0); | 644 | head->prot_version = htonl (0); |
@@ -688,6 +691,22 @@ quit: | |||
688 | } | 691 | } |
689 | 692 | ||
690 | 693 | ||
694 | void | ||
695 | smc_prep_bid (struct BRANDT_Auction *ad) | ||
696 | { | ||
697 | ad->alpha = smc_init2 (ad->n, ad->k); | ||
698 | brandt_assert (ad->alpha); | ||
699 | |||
700 | ad->beta = smc_init2 (ad->n, ad->k); | ||
701 | brandt_assert (ad->beta); | ||
702 | |||
703 | ad->Y = gcry_mpi_point_new (0); | ||
704 | brandt_assert (ad->Y); | ||
705 | smc_sum (ad->Y, ad->y, ad->n, 1); | ||
706 | brandt_assert (ad->Y); | ||
707 | } | ||
708 | |||
709 | |||
691 | /** | 710 | /** |
692 | * smc_encrypt_bid encrypts the own bid with the shared public key and packs it | 711 | * smc_encrypt_bid encrypts the own bid with the shared public key and packs it |
693 | * into a message together with proofs of correctnes. | 712 | * into a message together with proofs of correctnes. |
@@ -702,33 +721,24 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen) | |||
702 | { | 721 | { |
703 | unsigned char *ret; | 722 | unsigned char *ret; |
704 | unsigned char *cur; | 723 | unsigned char *cur; |
705 | struct proof_0og *proof3; | ||
706 | struct msg_head *head; | 724 | struct msg_head *head; |
725 | struct proof_0og *proof3; | ||
707 | gcry_mpi_t r_sum; | 726 | gcry_mpi_t r_sum; |
708 | gcry_mpi_t r_part; | 727 | gcry_mpi_t r_part; |
709 | 728 | ||
710 | brandt_assert (ad && buflen); | 729 | brandt_assert (ad && buflen); |
711 | *buflen = (sizeof (*head) + /* msg header */ | 730 | *buflen = (sizeof (*head) + /* msg header */ |
712 | ad->k * /* k * (alpha, beta, proof3) */ | 731 | ad->k * /* k * (alpha, beta, proof3) */ |
713 | (sizeof (struct ec_mpi) * 2 + /* alpha, beta */ | 732 | (sizeof (struct ec_mpi) * 2 + |
714 | sizeof (*proof3)) + | 733 | sizeof (*proof3)) + |
715 | sizeof (struct proof_2dle)); | 734 | sizeof (struct proof_2dle)); /* proof2 */ |
716 | ret = GNUNET_new_array (*buflen, unsigned char); | 735 | ret = GNUNET_new_array (*buflen, unsigned char); |
717 | if (NULL == (ad->alpha = smc_init2 (ad->n, ad->k)) || | ||
718 | NULL == (ad->beta = smc_init2 (ad->n, ad->k))) | ||
719 | { | ||
720 | weprintf ("unable to alloc memory for encrypted bids"); | ||
721 | return NULL; | ||
722 | } | ||
723 | 736 | ||
724 | head = (struct msg_head *)ret; | 737 | head = (struct msg_head *)ret; |
725 | head->prot_version = htonl (0); | 738 | head->prot_version = htonl (0); |
726 | head->msg_type = htonl (msg_bid); | 739 | head->msg_type = htonl (msg_bid); |
727 | cur = ret + sizeof (*head); | 740 | cur = ret + sizeof (*head); |
728 | 741 | ||
729 | ad->Y = gcry_mpi_point_new (0); | ||
730 | smc_sum (ad->Y, ad->y, ad->n, 1); | ||
731 | |||
732 | r_sum = gcry_mpi_new (256); | 742 | r_sum = gcry_mpi_new (256); |
733 | r_part = gcry_mpi_new (256); | 743 | r_part = gcry_mpi_new (256); |
734 | 744 | ||
@@ -822,52 +832,27 @@ quit: | |||
822 | } | 832 | } |
823 | 833 | ||
824 | 834 | ||
825 | /** | 835 | void |
826 | * fp_pub_compute_outcome computes the outcome for first price auctions with a | 836 | fp_pub_prep_outcome (struct BRANDT_Auction *ad) |
827 | * public outcome and packs it into a message buffer together with proofs of | ||
828 | * correctnes. | ||
829 | * | ||
830 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
831 | * @param[out] buflen Size of the returned message buffer in bytes | ||
832 | * @return A buffer containing the encrypted outcome vectors | ||
833 | * which needs to be broadcast | ||
834 | */ | ||
835 | unsigned char * | ||
836 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
837 | { | 837 | { |
838 | unsigned char *ret; | ||
839 | unsigned char *cur; | ||
840 | struct msg_head *head; | ||
841 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); | 838 | gcry_mpi_t coeff = gcry_mpi_copy (GCRYMPI_CONST_ONE); |
842 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 839 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
843 | gcry_mpi_point_t *tlta1; | 840 | gcry_mpi_point_t *tlta1; |
844 | gcry_mpi_point_t *tltb1; | 841 | gcry_mpi_point_t *tltb1; |
845 | gcry_mpi_point_t **tlta2; | 842 | gcry_mpi_point_t **tlta2; |
846 | gcry_mpi_point_t **tltb2; | 843 | gcry_mpi_point_t **tltb2; |
847 | struct ec_mpi *gamma; | ||
848 | struct ec_mpi *delta; | ||
849 | struct proof_2dle *proof2; | ||
850 | 844 | ||
851 | brandt_assert (ad && buflen); | 845 | ad->gamma2 = smc_init2 (ad->n, ad->k); |
846 | brandt_assert (ad->gamma2); | ||
852 | 847 | ||
853 | *buflen = (sizeof (*head) + | 848 | ad->delta2 = smc_init2 (ad->n, ad->k); |
854 | ad->k * (sizeof (*gamma) + | 849 | brandt_assert (ad->delta2); |
855 | sizeof (*delta) + | ||
856 | sizeof (*proof2))); | ||
857 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
858 | if (NULL == (ad->gamma2 = smc_init2 (ad->n, ad->k)) || | ||
859 | NULL == (ad->delta2 = smc_init2 (ad->n, ad->k)) || | ||
860 | NULL == (ad->tmpa1 = smc_init1 (ad->k)) || | ||
861 | NULL == (ad->tmpb1 = smc_init1 (ad->k))) | ||
862 | { | ||
863 | weprintf ("unable to alloc memory for first price outcome computation"); | ||
864 | return NULL; | ||
865 | } | ||
866 | 850 | ||
867 | head = (struct msg_head *)ret; | 851 | ad->tmpa1 = smc_init1 (ad->k); |
868 | head->prot_version = htonl (0); | 852 | brandt_assert (ad->tmpa1); |
869 | head->msg_type = htonl (msg_outcome); | 853 | |
870 | cur = ret + sizeof (*head); | 854 | ad->tmpb1 = smc_init1 (ad->k); |
855 | brandt_assert (ad->tmpb1); | ||
871 | 856 | ||
872 | /* create temporary lookup tables with partial sums */ | 857 | /* create temporary lookup tables with partial sums */ |
873 | tlta1 = smc_init1 (ad->k); | 858 | tlta1 = smc_init1 (ad->k); |
@@ -927,10 +912,6 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
927 | 912 | ||
928 | for (uint16_t j = 0; j < ad->k; j++) | 913 | for (uint16_t j = 0; j < ad->k; j++) |
929 | { | 914 | { |
930 | gamma = (struct ec_mpi *)cur; | ||
931 | delta = &((struct ec_mpi *)cur)[1]; | ||
932 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
933 | |||
934 | /* copy unmasked outcome to all other bidder layers so they don't | 915 | /* copy unmasked outcome to all other bidder layers so they don't |
935 | * have to be recomputed to check the ZK proof_2dle's from other | 916 | * have to be recomputed to check the ZK proof_2dle's from other |
936 | * bidders when receiving their outcome messages */ | 917 | * bidders when receiving their outcome messages */ |
@@ -939,12 +920,64 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
939 | ec_point_copy (ad->gamma2[a][j], tlta1[j]); | 920 | ec_point_copy (ad->gamma2[a][j], tlta1[j]); |
940 | ec_point_copy (ad->delta2[a][j], tltb1[j]); | 921 | ec_point_copy (ad->delta2[a][j], tltb1[j]); |
941 | } | 922 | } |
923 | } | ||
924 | |||
925 | gcry_mpi_release (coeff); | ||
926 | gcry_mpi_point_release (tmp); | ||
927 | smc_free1 (tlta1, ad->k); | ||
928 | smc_free1 (tltb1, ad->k); | ||
929 | } | ||
930 | |||
931 | |||
932 | /** | ||
933 | * fp_pub_compute_outcome computes the outcome for first price auctions with a | ||
934 | * public outcome and packs it into a message buffer together with proofs of | ||
935 | * correctnes. | ||
936 | * | ||
937 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
938 | * @param[out] buflen Size of the returned message buffer in bytes | ||
939 | * @return A buffer containing the encrypted outcome vectors | ||
940 | * which needs to be broadcast | ||
941 | */ | ||
942 | unsigned char * | ||
943 | fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
944 | { | ||
945 | unsigned char *ret; | ||
946 | unsigned char *cur; | ||
947 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | ||
948 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | ||
949 | struct msg_head *head; | ||
950 | struct ec_mpi *gamma; | ||
951 | struct ec_mpi *delta; | ||
952 | struct proof_2dle *proof2; | ||
953 | |||
954 | brandt_assert (ad && buflen); | ||
955 | |||
956 | *buflen = (sizeof (*head) + | ||
957 | ad->k * (sizeof (*gamma) + | ||
958 | sizeof (*delta) + | ||
959 | sizeof (*proof2))); | ||
960 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
961 | |||
962 | head = (struct msg_head *)ret; | ||
963 | head->prot_version = htonl (0); | ||
964 | head->msg_type = htonl (msg_outcome); | ||
965 | cur = ret + sizeof (*head); | ||
966 | |||
967 | for (uint16_t j = 0; j < ad->k; j++) | ||
968 | { | ||
969 | gamma = (struct ec_mpi *)cur; | ||
970 | delta = &((struct ec_mpi *)cur)[1]; | ||
971 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
972 | |||
973 | ec_point_copy (tmpa, ad->gamma2[ad->i][j]); | ||
974 | ec_point_copy (tmpb, ad->delta2[ad->i][j]); | ||
942 | 975 | ||
943 | /* apply random masking for losing bidders */ | 976 | /* apply random masking for losing bidders */ |
944 | smc_zkp_2dle (ad->gamma2[ad->i][j], | 977 | smc_zkp_2dle (ad->gamma2[ad->i][j], |
945 | ad->delta2[ad->i][j], | 978 | ad->delta2[ad->i][j], |
946 | tlta1[j], | 979 | tmpa, |
947 | tltb1[j], | 980 | tmpb, |
948 | NULL, | 981 | NULL, |
949 | proof2); | 982 | proof2); |
950 | 983 | ||
@@ -964,10 +997,8 @@ fp_pub_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
964 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); | 997 | cur += sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2); |
965 | } | 998 | } |
966 | 999 | ||
967 | gcry_mpi_release (coeff); | 1000 | gcry_mpi_point_release (tmpa); |
968 | gcry_mpi_point_release (tmp); | 1001 | gcry_mpi_point_release (tmpb); |
969 | smc_free1 (tlta1, ad->k); | ||
970 | smc_free1 (tltb1, ad->k); | ||
971 | return ret; | 1002 | return ret; |
972 | } | 1003 | } |
973 | 1004 | ||
@@ -1030,6 +1061,29 @@ quit: | |||
1030 | } | 1061 | } |
1031 | 1062 | ||
1032 | 1063 | ||
1064 | void | ||
1065 | fp_pub_prep_decryption (struct BRANDT_Auction *ad) | ||
1066 | { | ||
1067 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1068 | |||
1069 | ad->phi2 = smc_init2 (ad->n, ad->k); | ||
1070 | brandt_assert (ad->phi2); | ||
1071 | |||
1072 | for (uint16_t j = 0; j < ad->k; j++) | ||
1073 | { | ||
1074 | smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); | ||
1075 | |||
1076 | /* copy still encrypted outcome to all other bidder layers so they | ||
1077 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1078 | * other bidders when receiving their outcome decryption messages */ | ||
1079 | for (uint16_t a = 0; a < ad->n; a++) | ||
1080 | ec_point_copy (ad->phi2[a][j], tmp); | ||
1081 | } | ||
1082 | |||
1083 | gcry_mpi_point_release (tmp); | ||
1084 | } | ||
1085 | |||
1086 | |||
1033 | /** | 1087 | /** |
1034 | * fp_pub_decrypt_outcome decrypts part of the outcome and packs it into a | 1088 | * fp_pub_decrypt_outcome decrypts part of the outcome and packs it into a |
1035 | * message buffer together with proofs of correctnes. | 1089 | * message buffer together with proofs of correctnes. |
@@ -1044,8 +1098,8 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1044 | { | 1098 | { |
1045 | unsigned char *ret; | 1099 | unsigned char *ret; |
1046 | unsigned char *cur; | 1100 | unsigned char *cur; |
1047 | struct msg_head *head; | ||
1048 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | 1101 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); |
1102 | struct msg_head *head; | ||
1049 | struct ec_mpi *phi; | 1103 | struct ec_mpi *phi; |
1050 | struct proof_2dle *proof2; | 1104 | struct proof_2dle *proof2; |
1051 | 1105 | ||
@@ -1053,11 +1107,6 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1053 | 1107 | ||
1054 | *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1108 | *buflen = (sizeof (*head) + ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1055 | ret = GNUNET_new_array (*buflen, unsigned char); | 1109 | ret = GNUNET_new_array (*buflen, unsigned char); |
1056 | if (NULL == (ad->phi2 = smc_init2 (ad->n, ad->k))) | ||
1057 | { | ||
1058 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
1059 | return NULL; | ||
1060 | } | ||
1061 | 1110 | ||
1062 | head = (struct msg_head *)ret; | 1111 | head = (struct msg_head *)ret; |
1063 | head->prot_version = htonl (0); | 1112 | head->prot_version = htonl (0); |
@@ -1069,13 +1118,7 @@ fp_pub_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1069 | phi = (struct ec_mpi *)cur; | 1118 | phi = (struct ec_mpi *)cur; |
1070 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | 1119 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); |
1071 | 1120 | ||
1072 | smc_sum (tmp, &ad->delta2[0][j], ad->n, ad->k); | 1121 | ec_point_copy (tmp, ad->phi2[ad->i][j]); |
1073 | |||
1074 | /* copy still encrypted outcome to all other bidder layers so they | ||
1075 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1076 | * other bidders when receiving their outcome decryption messages */ | ||
1077 | for (uint16_t a = 0; a < ad->n; a++) | ||
1078 | ec_point_copy (ad->phi2[a][j], tmp); | ||
1079 | 1122 | ||
1080 | /* decrypt outcome component and prove the correct key was used */ | 1123 | /* decrypt outcome component and prove the correct key was used */ |
1081 | smc_zkp_2dle (ad->phi2[ad->i][j], | 1124 | smc_zkp_2dle (ad->phi2[ad->i][j], |
@@ -1138,12 +1181,13 @@ quit: | |||
1138 | } | 1181 | } |
1139 | 1182 | ||
1140 | 1183 | ||
1141 | int32_t | 1184 | struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad, |
1142 | fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | 1185 | uint16_t *len) |
1143 | { | 1186 | { |
1144 | int32_t ret = -1; | 1187 | struct BRANDT_Result *ret; |
1188 | int32_t price = -1; | ||
1189 | int32_t winner = -1; | ||
1145 | int dlogi = -1; | 1190 | int dlogi = -1; |
1146 | gcry_mpi_t dlog = gcry_mpi_new (256); | ||
1147 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | 1191 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); |
1148 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); | 1192 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); |
1149 | 1193 | ||
@@ -1157,28 +1201,38 @@ fp_pub_determine_outcome (struct BRANDT_Auction *ad, uint16_t *winner) | |||
1157 | /* first non-zero component determines the price */ | 1201 | /* first non-zero component determines the price */ |
1158 | if (ec_point_cmp (sum_gamma, ec_zero)) | 1202 | if (ec_point_cmp (sum_gamma, ec_zero)) |
1159 | { | 1203 | { |
1160 | ret = j; | 1204 | price = j; |
1161 | break; | 1205 | break; |
1162 | } | 1206 | } |
1163 | } | 1207 | } |
1164 | 1208 | ||
1165 | dlogi = GNUNET_CRYPTO_ecc_dlog (ec_dlogctx, sum_gamma); | 1209 | dlogi = GNUNET_CRYPTO_ecc_dlog (ec_dlogctx, sum_gamma); |
1166 | brandt_assert (dlogi > 0); | 1210 | brandt_assert (dlogi > 0); |
1167 | gcry_mpi_set_ui (dlog, (unsigned long)dlogi); | ||
1168 | 1211 | ||
1212 | /* can only support up to bits(dlogi) bidders */ | ||
1213 | brandt_assert (sizeof (int) * 8 - 1 >= ad->n); | ||
1169 | for (uint16_t i = 0; i < ad->n; i++) | 1214 | for (uint16_t i = 0; i < ad->n; i++) |
1170 | { | 1215 | { |
1171 | if (gcry_mpi_test_bit (dlog, i)) | 1216 | /* first set bit determines the winner */ |
1217 | if (dlogi & (1 << i)) | ||
1172 | { | 1218 | { |
1173 | if (winner) | 1219 | winner = i; |
1174 | *winner = i; | ||
1175 | break; | 1220 | break; |
1176 | } | 1221 | } |
1177 | } | 1222 | } |
1178 | 1223 | ||
1179 | gcry_mpi_release (dlog); | ||
1180 | gcry_mpi_point_release (sum_gamma); | 1224 | gcry_mpi_point_release (sum_gamma); |
1181 | gcry_mpi_point_release (sum_phi); | 1225 | gcry_mpi_point_release (sum_phi); |
1226 | |||
1227 | if (-1 == winner || -1 == price) | ||
1228 | return NULL; | ||
1229 | |||
1230 | ret = GNUNET_new(struct BRANDT_Result); | ||
1231 | ret->bidder = winner; | ||
1232 | ret->price = price; | ||
1233 | ret->status = BRANDT_bidder_won; | ||
1234 | if (len) | ||
1235 | *len = 1; | ||
1182 | return ret; | 1236 | return ret; |
1183 | } | 1237 | } |
1184 | 1238 | ||
@@ -1509,33 +1563,57 @@ quit: | |||
1509 | } | 1563 | } |
1510 | 1564 | ||
1511 | 1565 | ||
1512 | int32_t | 1566 | struct BRANDT_Result *fp_priv_determine_outcome (struct BRANDT_Auction *ad, |
1513 | fp_priv_determine_outcome (struct BRANDT_Auction *ad) | 1567 | uint16_t *len) |
1514 | { | 1568 | { |
1515 | int32_t ret = -1; | 1569 | struct BRANDT_Result *ret; |
1516 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | 1570 | int32_t price = -1; |
1517 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); | 1571 | int32_t winner = -1; |
1572 | gcry_mpi_point_t sum_gamma = gcry_mpi_point_new (0); | ||
1573 | gcry_mpi_point_t sum_phi = gcry_mpi_point_new (0); | ||
1518 | 1574 | ||
1519 | brandt_assert (ad); | 1575 | brandt_assert (ad); |
1520 | 1576 | ||
1521 | for (uint16_t j = 0; j < ad->k; j++) | 1577 | for (uint16_t i = 0; i < ad->n; i++) |
1522 | { | 1578 | { |
1523 | smc_sum (sum_gamma, &ad->gamma3[0][ad->i][j], ad->n, ad->n * ad->k); | 1579 | if (!ad->seller_mode && i != ad->i) |
1524 | smc_sum (sum_phi, &ad->phi3[0][ad->i][j], ad->n, ad->n * ad->k); | 1580 | continue; |
1525 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | 1581 | |
1526 | if (!ec_point_cmp (sum_gamma, ec_zero)) | 1582 | for (uint16_t j = 0; j < ad->k; j++) |
1527 | { | 1583 | { |
1528 | if (-1 != ret) | 1584 | smc_sum (sum_gamma, &ad->gamma3[0][i][j], ad->n, ad->n * ad->k); |
1585 | smc_sum (sum_phi, &ad->phi3[0][i][j], ad->n, ad->n * ad->k); | ||
1586 | gcry_mpi_ec_sub (sum_gamma, sum_gamma, sum_phi, ec_ctx); | ||
1587 | if (!ec_point_cmp (sum_gamma, ec_zero)) | ||
1529 | { | 1588 | { |
1530 | weprintf ("multiple winning prices detected"); | 1589 | if (-1 != price) |
1531 | return -1; | 1590 | { |
1591 | weprintf ("multiple winning prices detected"); | ||
1592 | return NULL; | ||
1593 | } | ||
1594 | if (-1 != winner) | ||
1595 | { | ||
1596 | weprintf ("multiple winners detected"); | ||
1597 | return NULL; | ||
1598 | } | ||
1599 | price = j; | ||
1600 | winner = i; | ||
1532 | } | 1601 | } |
1533 | ret = j; | ||
1534 | } | 1602 | } |
1535 | } | 1603 | } |
1536 | 1604 | ||
1537 | gcry_mpi_point_release (sum_gamma); | 1605 | gcry_mpi_point_release (sum_gamma); |
1538 | gcry_mpi_point_release (sum_phi); | 1606 | gcry_mpi_point_release (sum_phi); |
1607 | |||
1608 | if (-1 == winner || -1 == price) | ||
1609 | return NULL; | ||
1610 | |||
1611 | ret = GNUNET_new(struct BRANDT_Result); | ||
1612 | ret->bidder = winner; | ||
1613 | ret->price = price; | ||
1614 | ret->status = BRANDT_bidder_won; | ||
1615 | if (len) | ||
1616 | *len = 1; | ||
1539 | return ret; | 1617 | return ret; |
1540 | } | 1618 | } |
1541 | 1619 | ||