diff options
author | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 15:13:50 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-08-31 15:13:50 +0200 |
commit | f294cd3a85c084490a10ae6ac9c1dab4c60a7678 (patch) | |
tree | 1da393c61f4662eb4f18e71c5b7cc552a7c1cfae /crypto.c | |
parent | 7b84ab7fe10b0ccf6c5e93bebf06267e18a09bf8 (diff) | |
download | libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.tar.gz libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.zip |
finish prep functions for first price auctions
Diffstat (limited to 'crypto.c')
-rw-r--r-- | crypto.c | 145 |
1 files changed, 90 insertions, 55 deletions
@@ -1237,21 +1237,9 @@ struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad, | |||
1237 | } | 1237 | } |
1238 | 1238 | ||
1239 | 1239 | ||
1240 | /** | 1240 | void |
1241 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into | 1241 | fp_priv_prep_outcome (struct BRANDT_Auction *ad) |
1242 | * a message buffer together with proofs of correctnes. | ||
1243 | * | ||
1244 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
1245 | * @param[out] buflen Size of the returned message buffer in bytes | ||
1246 | * @return A buffer containing the encrypted outcome vectors | ||
1247 | * which needs to be broadcast | ||
1248 | */ | ||
1249 | unsigned char * | ||
1250 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1251 | { | 1242 | { |
1252 | unsigned char *ret; | ||
1253 | unsigned char *cur; | ||
1254 | struct msg_head *head; | ||
1255 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | 1243 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); |
1256 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | 1244 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); |
1257 | gcry_mpi_point_t *tlta1; | 1245 | gcry_mpi_point_t *tlta1; |
@@ -1260,27 +1248,12 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1260 | gcry_mpi_point_t **tltb2; | 1248 | gcry_mpi_point_t **tltb2; |
1261 | gcry_mpi_point_t **tlta3; | 1249 | gcry_mpi_point_t **tlta3; |
1262 | gcry_mpi_point_t **tltb3; | 1250 | gcry_mpi_point_t **tltb3; |
1263 | struct ec_mpi *gamma; | ||
1264 | struct ec_mpi *delta; | ||
1265 | struct proof_2dle *proof2; | ||
1266 | |||
1267 | brandt_assert (ad && buflen); | ||
1268 | 1251 | ||
1269 | *buflen = (sizeof (*head) + /* msg header */ | 1252 | ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k); |
1270 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | 1253 | brandt_assert (ad->gamma3); |
1271 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
1272 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
1273 | if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) || | ||
1274 | NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k))) | ||
1275 | { | ||
1276 | weprintf ("unable to alloc memory for first price outcome computation"); | ||
1277 | return NULL; | ||
1278 | } | ||
1279 | 1254 | ||
1280 | head = (struct msg_head *)ret; | 1255 | ad->delta3 = smc_init3 (ad->n, ad->n, ad->k); |
1281 | head->prot_version = htonl (0); | 1256 | brandt_assert (ad->delta3); |
1282 | head->msg_type = htonl (msg_outcome); | ||
1283 | cur = ret + sizeof (*head); | ||
1284 | 1257 | ||
1285 | /* create temporary lookup tables with partial sums */ | 1258 | /* create temporary lookup tables with partial sums */ |
1286 | tlta1 = smc_init1 (ad->k); | 1259 | tlta1 = smc_init1 (ad->k); |
@@ -1349,10 +1322,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1349 | { | 1322 | { |
1350 | for (uint16_t j = 0; j < ad->k; j++) | 1323 | for (uint16_t j = 0; j < ad->k; j++) |
1351 | { | 1324 | { |
1352 | gamma = (struct ec_mpi *)cur; | ||
1353 | delta = &((struct ec_mpi *)cur)[1]; | ||
1354 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
1355 | |||
1356 | /* compute inner gamma */ | 1325 | /* compute inner gamma */ |
1357 | gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); | 1326 | gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx); |
1358 | gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); | 1327 | gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx); |
@@ -1369,6 +1338,63 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1369 | ec_point_copy (ad->gamma3[a][i][j], tmpa); | 1338 | ec_point_copy (ad->gamma3[a][i][j], tmpa); |
1370 | ec_point_copy (ad->delta3[a][i][j], tmpb); | 1339 | ec_point_copy (ad->delta3[a][i][j], tmpb); |
1371 | } | 1340 | } |
1341 | } | ||
1342 | } | ||
1343 | |||
1344 | gcry_mpi_point_release (tmpa); | ||
1345 | gcry_mpi_point_release (tmpb); | ||
1346 | smc_free1 (tlta1, ad->k); | ||
1347 | smc_free1 (tltb1, ad->k); | ||
1348 | smc_free2 (tlta2, ad->n, ad->k); | ||
1349 | smc_free2 (tltb2, ad->n, ad->k); | ||
1350 | smc_free2 (tlta3, ad->n, ad->k); | ||
1351 | smc_free2 (tltb3, ad->n, ad->k); | ||
1352 | } | ||
1353 | |||
1354 | |||
1355 | /** | ||
1356 | * fp_priv_compute_outcome computes encrypted outcome shares and packs them into | ||
1357 | * a message buffer together with proofs of correctnes. | ||
1358 | * | ||
1359 | * @param[in] ad Pointer to the BRANDT_Auction struct to operate on | ||
1360 | * @param[out] buflen Size of the returned message buffer in bytes | ||
1361 | * @return A buffer containing the encrypted outcome vectors | ||
1362 | * which needs to be broadcast | ||
1363 | */ | ||
1364 | unsigned char * | ||
1365 | fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | ||
1366 | { | ||
1367 | unsigned char *ret; | ||
1368 | unsigned char *cur; | ||
1369 | struct msg_head *head; | ||
1370 | gcry_mpi_point_t tmpa = gcry_mpi_point_new (0); | ||
1371 | gcry_mpi_point_t tmpb = gcry_mpi_point_new (0); | ||
1372 | struct ec_mpi *gamma; | ||
1373 | struct ec_mpi *delta; | ||
1374 | struct proof_2dle *proof2; | ||
1375 | |||
1376 | brandt_assert (ad && buflen); | ||
1377 | |||
1378 | *buflen = (sizeof (*head) + /* msg header */ | ||
1379 | ad->n * ad->k * /* nk * (gamma, delta, proof2) */ | ||
1380 | (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2))); | ||
1381 | ret = GNUNET_new_array (*buflen, unsigned char); | ||
1382 | |||
1383 | head = (struct msg_head *)ret; | ||
1384 | head->prot_version = htonl (0); | ||
1385 | head->msg_type = htonl (msg_outcome); | ||
1386 | cur = ret + sizeof (*head); | ||
1387 | |||
1388 | for (uint16_t i = 0; i < ad->n; i++) | ||
1389 | { | ||
1390 | for (uint16_t j = 0; j < ad->k; j++) | ||
1391 | { | ||
1392 | gamma = (struct ec_mpi *)cur; | ||
1393 | delta = &((struct ec_mpi *)cur)[1]; | ||
1394 | proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi)); | ||
1395 | |||
1396 | ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]); | ||
1397 | ec_point_copy (tmpb, ad->delta3[ad->i][i][j]); | ||
1372 | 1398 | ||
1373 | /* apply random masking for losing bidders */ | 1399 | /* apply random masking for losing bidders */ |
1374 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], | 1400 | smc_zkp_2dle (ad->gamma3[ad->i][i][j], |
@@ -1387,12 +1413,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1387 | 1413 | ||
1388 | gcry_mpi_point_release (tmpa); | 1414 | gcry_mpi_point_release (tmpa); |
1389 | gcry_mpi_point_release (tmpb); | 1415 | gcry_mpi_point_release (tmpb); |
1390 | smc_free1 (tlta1, ad->k); | ||
1391 | smc_free1 (tltb1, ad->k); | ||
1392 | smc_free2 (tlta2, ad->n, ad->k); | ||
1393 | smc_free2 (tltb2, ad->n, ad->k); | ||
1394 | smc_free2 (tlta3, ad->n, ad->k); | ||
1395 | smc_free2 (tltb3, ad->n, ad->k); | ||
1396 | return ret; | 1416 | return ret; |
1397 | } | 1417 | } |
1398 | 1418 | ||
@@ -1448,6 +1468,32 @@ quit: | |||
1448 | } | 1468 | } |
1449 | 1469 | ||
1450 | 1470 | ||
1471 | void | ||
1472 | fp_priv_prep_decryption (struct BRANDT_Auction *ad) | ||
1473 | { | ||
1474 | gcry_mpi_point_t tmp = gcry_mpi_point_new (0); | ||
1475 | |||
1476 | ad->phi3 = smc_init3 (ad->n, ad->n, ad->k); | ||
1477 | brandt_assert (ad->phi3); | ||
1478 | |||
1479 | for (uint16_t i = 0; i < ad->n; i++) | ||
1480 | { | ||
1481 | for (uint16_t j = 0; j < ad->k; j++) | ||
1482 | { | ||
1483 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); | ||
1484 | |||
1485 | /* copy still encrypted outcome to all other bidder layers so they | ||
1486 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1487 | * other bidders when receiving their outcome decryption messages */ | ||
1488 | for (uint16_t a = 0; a < ad->n; a++) | ||
1489 | ec_point_copy (ad->phi3[a][i][j], tmp); | ||
1490 | } | ||
1491 | } | ||
1492 | |||
1493 | gcry_mpi_point_release (tmp); | ||
1494 | } | ||
1495 | |||
1496 | |||
1451 | /** | 1497 | /** |
1452 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them | 1498 | * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them |
1453 | * into a message buffer together with proofs of correctnes. | 1499 | * into a message buffer together with proofs of correctnes. |
@@ -1472,11 +1518,6 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1472 | *buflen = (sizeof (*head) + | 1518 | *buflen = (sizeof (*head) + |
1473 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); | 1519 | ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2))); |
1474 | ret = GNUNET_new_array (*buflen, unsigned char); | 1520 | ret = GNUNET_new_array (*buflen, unsigned char); |
1475 | if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k))) | ||
1476 | { | ||
1477 | weprintf ("unable to alloc memory for first price outcome decryption"); | ||
1478 | return NULL; | ||
1479 | } | ||
1480 | 1521 | ||
1481 | head = (struct msg_head *)ret; | 1522 | head = (struct msg_head *)ret; |
1482 | head->prot_version = htonl (0); | 1523 | head->prot_version = htonl (0); |
@@ -1490,13 +1531,7 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen) | |||
1490 | phi = (struct ec_mpi *)cur; | 1531 | phi = (struct ec_mpi *)cur; |
1491 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); | 1532 | proof2 = (struct proof_2dle *)(cur + sizeof (*phi)); |
1492 | 1533 | ||
1493 | smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k); | 1534 | ec_point_copy (tmp, ad->phi3[ad->i][i][j]); |
1494 | |||
1495 | /* copy still encrypted outcome to all other bidder layers so they | ||
1496 | * don't have to be recomputed to check the ZK proof_2dle's from | ||
1497 | * other bidders when receiving their outcome decryption messages */ | ||
1498 | for (uint16_t a = 0; a < ad->n; a++) | ||
1499 | ec_point_copy (ad->phi3[a][i][j], tmp); | ||
1500 | 1535 | ||
1501 | /* decrypt outcome component and prove the correct key was used */ | 1536 | /* decrypt outcome component and prove the correct key was used */ |
1502 | smc_zkp_2dle (ad->phi3[ad->i][i][j], | 1537 | smc_zkp_2dle (ad->phi3[ad->i][i][j], |