finish prep functions for first price auctions

author: Markus Teich <markus.teich@stusta.mhn.de> 2016-08-31 15:13:50 +0200
committer: Markus Teich <markus.teich@stusta.mhn.de> 2016-08-31 15:13:50 +0200
commit: f294cd3a85c084490a10ae6ac9c1dab4c60a7678 (patch)
tree: 1da393c61f4662eb4f18e71c5b7cc552a7c1cfae /crypto.c
parent: 7b84ab7fe10b0ccf6c5e93bebf06267e18a09bf8 (diff)
download: libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.tar.gz
libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.zip
1 files changed, 90 insertions, 55 deletions
diff --git a/crypto.c b/crypto.c
index afa72d4..edd51ad 100644
--- a/crypto.c
+++ b/crypto.c
@@ -1237,21 +1237,9 @@ struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad,
 }
-/**
+void
- * fp_priv_compute_outcome computes encrypted outcome shares and packs them into
+fp_priv_prep_outcome (struct BRANDT_Auction *ad)
- * a message buffer together with proofs of correctnes.
- *
- * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
- * @param[out] buflen Size of the returned message buffer in bytes
- * @return A buffer containing the encrypted outcome vectors
- * which needs to be broadcast
- */
-unsigned char *
-fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 {
-        unsigned char     *ret;
-        unsigned char     *cur;
-        struct msg_head   *head;
        gcry_mpi_point_t  tmpa = gcry_mpi_point_new (0);
        gcry_mpi_point_t  tmpb = gcry_mpi_point_new (0);
        gcry_mpi_point_t  *tlta1;
@@ -1260,27 +1248,12 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
        gcry_mpi_point_t  **tltb2;
        gcry_mpi_point_t  **tlta3;
        gcry_mpi_point_t  **tltb3;
-        struct ec_mpi     *gamma;
-        struct ec_mpi     *delta;
-        struct proof_2dle *proof2;
-        brandt_assert (ad && buflen);
-        *buflen = (sizeof (*head) +                /* msg header */
+        ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
-                   ad->n * ad->k *                 /* nk * (gamma, delta, proof2) */
+        brandt_assert (ad->gamma3);
-                   (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
-        ret = GNUNET_new_array (*buflen, unsigned char);
-        if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) ||
-            NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k)))
-        {
-                weprintf ("unable to alloc memory for first price outcome computation");
-                return NULL;
-        }
-        head = (struct msg_head *)ret;
+        ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
-        head->prot_version = htonl (0);
+        brandt_assert (ad->delta3);
-        head->msg_type = htonl (msg_outcome);
-        cur = ret + sizeof (*head);
        /* create temporary lookup tables with partial sums */
        tlta1 = smc_init1 (ad->k);
@@ -1349,10 +1322,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
        {
                for (uint16_t j = 0; j < ad->k; j++)
                {
-                        gamma = (struct ec_mpi *)cur;
-                        delta = &((struct ec_mpi *)cur)[1];
-                        proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
                        /* compute inner gamma */
                        gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
                        gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
@@ -1369,6 +1338,63 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
                                ec_point_copy (ad->gamma3[a][i][j], tmpa);
                                ec_point_copy (ad->delta3[a][i][j], tmpb);
                        }
+                }
+        }
+        gcry_mpi_point_release (tmpa);
+        gcry_mpi_point_release (tmpb);
+        smc_free1 (tlta1, ad->k);
+        smc_free1 (tltb1, ad->k);
+        smc_free2 (tlta2, ad->n, ad->k);
+        smc_free2 (tltb2, ad->n, ad->k);
+        smc_free2 (tlta3, ad->n, ad->k);
+        smc_free2 (tltb3, ad->n, ad->k);
+}
+/**
+ * fp_priv_compute_outcome computes encrypted outcome shares and packs them into
+ * a message buffer together with proofs of correctnes.
+ *
+ * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
+ * @param[out] buflen Size of the returned message buffer in bytes
+ * @return A buffer containing the encrypted outcome vectors
+ * which needs to be broadcast
+ */
+unsigned char *
+fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
+{
+        unsigned char     *ret;
+        unsigned char     *cur;
+        struct msg_head   *head;
+        gcry_mpi_point_t  tmpa = gcry_mpi_point_new (0);
+        gcry_mpi_point_t  tmpb = gcry_mpi_point_new (0);
+        struct ec_mpi     *gamma;
+        struct ec_mpi     *delta;
+        struct proof_2dle *proof2;
+        brandt_assert (ad && buflen);
+        *buflen = (sizeof (*head) +                /* msg header */
+                   ad->n * ad->k *                 /* nk * (gamma, delta, proof2) */
+                   (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
+        ret = GNUNET_new_array (*buflen, unsigned char);
+        head = (struct msg_head *)ret;
+        head->prot_version = htonl (0);
+        head->msg_type = htonl (msg_outcome);
+        cur = ret + sizeof (*head);
+        for (uint16_t i = 0; i < ad->n; i++)
+        {
+                for (uint16_t j = 0; j < ad->k; j++)
+                {
+                        gamma = (struct ec_mpi *)cur;
+                        delta = &((struct ec_mpi *)cur)[1];
+                        proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
+                        ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
+                        ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
                        /* apply random masking for losing bidders */
                        smc_zkp_2dle (ad->gamma3[ad->i][i][j],
@@ -1387,12 +1413,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
        gcry_mpi_point_release (tmpa);
        gcry_mpi_point_release (tmpb);
-        smc_free1 (tlta1, ad->k);
-        smc_free1 (tltb1, ad->k);
-        smc_free2 (tlta2, ad->n, ad->k);
-        smc_free2 (tltb2, ad->n, ad->k);
-        smc_free2 (tlta3, ad->n, ad->k);
-        smc_free2 (tltb3, ad->n, ad->k);
        return ret;
 }
@@ -1448,6 +1468,32 @@ quit:
 }
+void
+fp_priv_prep_decryption (struct BRANDT_Auction *ad)
+{
+        gcry_mpi_point_t  tmp = gcry_mpi_point_new (0);
+        ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
+        brandt_assert (ad->phi3);
+        for (uint16_t i = 0; i < ad->n; i++)
+        {
+                for (uint16_t j = 0; j < ad->k; j++)
+                {
+                        smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
+                        /* copy still encrypted outcome to all other bidder layers so they
+                         * don't have to be recomputed to check the ZK proof_2dle's from
+                         * other bidders when receiving their outcome decryption messages */
+                        for (uint16_t a = 0; a < ad->n; a++)
+                                ec_point_copy (ad->phi3[a][i][j], tmp);
+                }
+        }
+        gcry_mpi_point_release (tmp);
+}
 /**
 * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them
 * into a message buffer together with proofs of correctnes.
@@ -1472,11 +1518,6 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
        *buflen = (sizeof (*head) +
                   ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
        ret = GNUNET_new_array (*buflen, unsigned char);
-        if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k)))
-        {
-                weprintf ("unable to alloc memory for first price outcome decryption");
-                return NULL;
-        }
        head = (struct msg_head *)ret;
        head->prot_version = htonl (0);
@@ -1490,13 +1531,7 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
                        phi = (struct ec_mpi *)cur;
                        proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
-                        smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
+                        ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
-                        /* copy still encrypted outcome to all other bidder layers so they
-                         * don't have to be recomputed to check the ZK proof_2dle's from
-                         * other bidders when receiving their outcome decryption messages */
-                        for (uint16_t a = 0; a < ad->n; a++)
-                                ec_point_copy (ad->phi3[a][i][j], tmp);
                        /* decrypt outcome component and prove the correct key was used */
                        smc_zkp_2dle (ad->phi3[ad->i][i][j],
author	Markus Teich <markus.teich@stusta.mhn.de>	2016-08-31 15:13:50 +0200
committer	Markus Teich <markus.teich@stusta.mhn.de>	2016-08-31 15:13:50 +0200
commit	f294cd3a85c084490a10ae6ac9c1dab4c60a7678 (patch)
tree	1da393c61f4662eb4f18e71c5b7cc552a7c1cfae /crypto.c
parent	7b84ab7fe10b0ccf6c5e93bebf06267e18a09bf8 (diff)
download	libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.tar.gz libbrandt-f294cd3a85c084490a10ae6ac9c1dab4c60a7678.zip