From f294cd3a85c084490a10ae6ac9c1dab4c60a7678 Mon Sep 17 00:00:00 2001
From: Markus Teich <markus.teich@stusta.mhn.de>
Date: Wed, 31 Aug 2016 15:13:50 +0200
Subject: finish prep functions for first price auctions

---
 crypto.c      | 145 ++++++++++++++++++++++++++++++++++++----------------------
 crypto.h      |   6 ++-
 test_crypto.c |   7 ++-
 3 files changed, 97 insertions(+), 61 deletions(-)

diff --git a/crypto.c b/crypto.c
index afa72d4..edd51ad 100644
--- a/crypto.c
+++ b/crypto.c
@@ -1237,21 +1237,9 @@ struct BRANDT_Result *fp_pub_determine_outcome (struct BRANDT_Auction *ad,
 }
 
 
-/**
- * fp_priv_compute_outcome computes encrypted outcome shares and packs them into
- * a message buffer together with proofs of correctnes.
- *
- * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
- * @param[out] buflen Size of the returned message buffer in bytes
- * @return A buffer containing the encrypted outcome vectors
- * which needs to be broadcast
- */
-unsigned char *
-fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
+void
+fp_priv_prep_outcome (struct BRANDT_Auction *ad)
 {
-	unsigned char     *ret;
-	unsigned char     *cur;
-	struct msg_head   *head;
 	gcry_mpi_point_t  tmpa = gcry_mpi_point_new (0);
 	gcry_mpi_point_t  tmpb = gcry_mpi_point_new (0);
 	gcry_mpi_point_t  *tlta1;
@@ -1260,27 +1248,12 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 	gcry_mpi_point_t  **tltb2;
 	gcry_mpi_point_t  **tlta3;
 	gcry_mpi_point_t  **tltb3;
-	struct ec_mpi     *gamma;
-	struct ec_mpi     *delta;
-	struct proof_2dle *proof2;
-
-	brandt_assert (ad && buflen);
 
-	*buflen = (sizeof (*head) +                /* msg header */
-	           ad->n * ad->k *                 /* nk * (gamma, delta, proof2) */
-	           (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
-	ret = GNUNET_new_array (*buflen, unsigned char);
-	if (NULL == (ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k)) ||
-	    NULL == (ad->delta3 = smc_init3 (ad->n, ad->n, ad->k)))
-	{
-		weprintf ("unable to alloc memory for first price outcome computation");
-		return NULL;
-	}
+	ad->gamma3 = smc_init3 (ad->n, ad->n, ad->k);
+	brandt_assert (ad->gamma3);
 
-	head = (struct msg_head *)ret;
-	head->prot_version = htonl (0);
-	head->msg_type = htonl (msg_outcome);
-	cur = ret + sizeof (*head);
+	ad->delta3 = smc_init3 (ad->n, ad->n, ad->k);
+	brandt_assert (ad->delta3);
 
 	/* create temporary lookup tables with partial sums */
 	tlta1 = smc_init1 (ad->k);
@@ -1349,10 +1322,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 	{
 		for (uint16_t j = 0; j < ad->k; j++)
 		{
-			gamma = (struct ec_mpi *)cur;
-			delta = &((struct ec_mpi *)cur)[1];
-			proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
-
 			/* compute inner gamma */
 			gcry_mpi_ec_add (tmpa, tlta1[j], tlta2[i][j], ec_ctx);
 			gcry_mpi_ec_add (tmpa, tmpa, tlta3[i][j], ec_ctx);
@@ -1369,6 +1338,63 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 				ec_point_copy (ad->gamma3[a][i][j], tmpa);
 				ec_point_copy (ad->delta3[a][i][j], tmpb);
 			}
+		}
+	}
+
+	gcry_mpi_point_release (tmpa);
+	gcry_mpi_point_release (tmpb);
+	smc_free1 (tlta1, ad->k);
+	smc_free1 (tltb1, ad->k);
+	smc_free2 (tlta2, ad->n, ad->k);
+	smc_free2 (tltb2, ad->n, ad->k);
+	smc_free2 (tlta3, ad->n, ad->k);
+	smc_free2 (tltb3, ad->n, ad->k);
+}
+
+
+/**
+ * fp_priv_compute_outcome computes encrypted outcome shares and packs them into
+ * a message buffer together with proofs of correctnes.
+ *
+ * @param[in] ad Pointer to the BRANDT_Auction struct to operate on
+ * @param[out] buflen Size of the returned message buffer in bytes
+ * @return A buffer containing the encrypted outcome vectors
+ * which needs to be broadcast
+ */
+unsigned char *
+fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
+{
+	unsigned char     *ret;
+	unsigned char     *cur;
+	struct msg_head   *head;
+	gcry_mpi_point_t  tmpa = gcry_mpi_point_new (0);
+	gcry_mpi_point_t  tmpb = gcry_mpi_point_new (0);
+	struct ec_mpi     *gamma;
+	struct ec_mpi     *delta;
+	struct proof_2dle *proof2;
+
+	brandt_assert (ad && buflen);
+
+	*buflen = (sizeof (*head) +                /* msg header */
+	           ad->n * ad->k *                 /* nk * (gamma, delta, proof2) */
+	           (sizeof (*gamma) + sizeof (*delta) + sizeof (*proof2)));
+	ret = GNUNET_new_array (*buflen, unsigned char);
+
+	head = (struct msg_head *)ret;
+	head->prot_version = htonl (0);
+	head->msg_type = htonl (msg_outcome);
+	cur = ret + sizeof (*head);
+
+	for (uint16_t i = 0; i < ad->n; i++)
+	{
+		for (uint16_t j = 0; j < ad->k; j++)
+		{
+			gamma = (struct ec_mpi *)cur;
+			delta = &((struct ec_mpi *)cur)[1];
+			proof2 = (struct proof_2dle *)(cur + 2 * sizeof (struct ec_mpi));
+
+			ec_point_copy (tmpa, ad->gamma3[ad->i][i][j]);
+			ec_point_copy (tmpb, ad->delta3[ad->i][i][j]);
 
 			/* apply random masking for losing bidders */
 			smc_zkp_2dle (ad->gamma3[ad->i][i][j],
@@ -1387,12 +1413,6 @@ fp_priv_compute_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 
 	gcry_mpi_point_release (tmpa);
 	gcry_mpi_point_release (tmpb);
-	smc_free1 (tlta1, ad->k);
-	smc_free1 (tltb1, ad->k);
-	smc_free2 (tlta2, ad->n, ad->k);
-	smc_free2 (tltb2, ad->n, ad->k);
-	smc_free2 (tlta3, ad->n, ad->k);
-	smc_free2 (tltb3, ad->n, ad->k);
 	return ret;
 }
 
@@ -1448,6 +1468,32 @@ quit:
 }
 
 
+void
+fp_priv_prep_decryption (struct BRANDT_Auction *ad)
+{
+	gcry_mpi_point_t  tmp = gcry_mpi_point_new (0);
+
+	ad->phi3 = smc_init3 (ad->n, ad->n, ad->k);
+	brandt_assert (ad->phi3);
+
+	for (uint16_t i = 0; i < ad->n; i++)
+	{
+		for (uint16_t j = 0; j < ad->k; j++)
+		{
+			smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
+
+			/* copy still encrypted outcome to all other bidder layers so they
+			 * don't have to be recomputed to check the ZK proof_2dle's from
+			 * other bidders when receiving their outcome decryption messages */
+			for (uint16_t a = 0; a < ad->n; a++)
+				ec_point_copy (ad->phi3[a][i][j], tmp);
+		}
+	}
+
+	gcry_mpi_point_release (tmp);
+}
+
+
 /**
  * fp_priv_decrypt_outcome decrypts the own shares of the outcome and packs them
  * into a message buffer together with proofs of correctnes.
@@ -1472,11 +1518,6 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 	*buflen = (sizeof (*head) +
 	           ad->n * ad->k * (sizeof (*phi) + sizeof (*proof2)));
 	ret = GNUNET_new_array (*buflen, unsigned char);
-	if (NULL == (ad->phi3 = smc_init3 (ad->n, ad->n, ad->k)))
-	{
-		weprintf ("unable to alloc memory for first price outcome decryption");
-		return NULL;
-	}
 
 	head = (struct msg_head *)ret;
 	head->prot_version = htonl (0);
@@ -1490,13 +1531,7 @@ fp_priv_decrypt_outcome (struct BRANDT_Auction *ad, size_t *buflen)
 			phi = (struct ec_mpi *)cur;
 			proof2 = (struct proof_2dle *)(cur + sizeof (*phi));
 
-			smc_sum (tmp, &ad->delta3[0][i][j], ad->n, ad->n * ad->k);
-
-			/* copy still encrypted outcome to all other bidder layers so they
-			 * don't have to be recomputed to check the ZK proof_2dle's from
-			 * other bidders when receiving their outcome decryption messages */
-			for (uint16_t a = 0; a < ad->n; a++)
-				ec_point_copy (ad->phi3[a][i][j], tmp);
+			ec_point_copy (tmp, ad->phi3[ad->i][i][j]);
 
 			/* decrypt outcome component and prove the correct key was used */
 			smc_zkp_2dle (ad->phi3[ad->i][i][j],
diff --git a/crypto.h b/crypto.h
index b3520d0..16aa536 100644
--- a/crypto.h
+++ b/crypto.h
@@ -130,6 +130,7 @@ int smc_recv_encrypted_bid (struct BRANDT_Auction *ad,
                             size_t                buflen,
                             uint16_t              sender_index);
 
+void fp_priv_prep_outcome (struct BRANDT_Auction *ad);
 unsigned char *fp_priv_compute_outcome (struct BRANDT_Auction *ad,
                                         size_t                *buflen);
 int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
@@ -137,6 +138,7 @@ int fp_priv_recv_outcome (struct BRANDT_Auction *ad,
                           size_t                buflen,
                           uint16_t              sender);
 
+void fp_priv_prep_decryption (struct BRANDT_Auction *ad);
 unsigned char *fp_priv_decrypt_outcome (struct BRANDT_Auction *ad,
                                         size_t                *buflen);
 int fp_priv_recv_decryption (struct BRANDT_Auction *ad,
@@ -204,8 +206,8 @@ static const RoundPrep handler_prep[auction_last][outcome_last][msg_last] = {
 		[outcome_private] =     {
 			[msg_init] = &smc_prep_keyshare,
 			[msg_bid] = &smc_prep_bid,
-//			[msg_outcome] = &fp_priv_prep_outcome,
-//			[msg_decrypt] = &fp_priv_prep_decryption,
+			[msg_outcome] = &fp_priv_prep_outcome,
+			[msg_decrypt] = &fp_priv_prep_decryption,
 		},
 		[outcome_public] =      {
 			[msg_init] = &smc_prep_keyshare,
diff --git a/test_crypto.c b/test_crypto.c
index 057754a..2d1b50a 100644
--- a/test_crypto.c
+++ b/test_crypto.c
@@ -302,16 +302,15 @@ test_all_auctions ()
 		if (auction_firstPrice != atype) /* others not yet implemented */
 			continue;
 
-//		for (size_t oc = 0; oc < outcome_last; oc++)
-//		{
-		size_t oc = outcome_public;
+		for (size_t oc = 0; oc < outcome_last; oc++)
+		{
 			if (!test_setup_auction_data() || !test_auction (atype, oc))
 			{
 				cleanup_auction_data ();
 				return 0;
 			}
 			cleanup_auction_data ();
-//		}
+		}
 	}
 
 	return 1;
-- 
cgit v1.2.3