Commit 20067dc9 authored by Gijs Van Laer's avatar Gijs Van Laer
Browse files

proof for blind sign

parent 9a98ab5f
......@@ -21,17 +21,20 @@
*/
package edu.jhu.isi.CLSign;
import edu.jhu.isi.CLSign.keygen.KeyGen;
import edu.jhu.isi.CLSign.keygen.KeyPair;
import edu.jhu.isi.CLSign.keygen.PublicKey;
import edu.jhu.isi.CLSign.keygen.SecretKey;
import edu.jhu.isi.CLSign.sign.Signature;
import edu.jhu.isi.CLSign.keygen.KeyGen;
import edu.jhu.isi.CLSign.proof.Proof;
import edu.jhu.isi.CLSign.proof.Prover;
import edu.jhu.isi.CLSign.sign.Sign;
import edu.jhu.isi.CLSign.sign.Signature;
import edu.jhu.isi.CLSign.verify.Verify;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.jpbc.Pairing;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import java.util.ArrayList;
import java.util.List;
public class CLSign {
......@@ -56,16 +59,31 @@ public class CLSign {
return doCommit(messages, pk);
}
public static Proof proofCommitment(final Element commitment, final List<ZrElement> messages, final PublicKey pk) {
final List<Element> t = new ArrayList<>();
final Element proofComm = Prover.computeProofComm(pk, t, messages.size());
final Element challenge = Prover.computeChallenge(commitment, proofComm, pk);
final List<Element> s = Prover.computeProof(t, messages, challenge);
return new Proof(proofComm, s);
}
public static Signature sign(final List<ZrElement> messages, final KeyPair keys) {
final Element commitment = commit(messages, keys.getPk());
return signBlind(commitment, keys);
return Sign.sign(commitment, keys);
}
public static Signature signBlind(final Element commitment, final KeyPair keys) {
public static Signature signBlind(final Element commitment, final Proof proof, final KeyPair keys) {
if (!Prover.verify(commitment, proof, keys.getPk())) {
return null;
}
return Sign.sign(commitment, keys);
}
public static Signature signPartiallyBlind(final List<ZrElement> messages, final Element commitment, final KeyPair keys) {
public static Signature signPartiallyBlind(final List<ZrElement> messages, final Element commitment, final Proof proof, final KeyPair keys) {
if (!Prover.verify(commitment, proof, keys.getPk())) {
return null;
}
final List<Element> Z = keys.getPk().getZ();
final List<Element> subKey = Z.subList(Z.size() - messages.size(), Z.size());
final Element extendCommitment = keys.getPk().getPairing().getG1().newOneElement();
......
package edu.jhu.isi.CLSign.proof;
import it.unisa.dia.gas.jpbc.Element;
import java.util.List;
public class Proof {
private Element commitment;
private List<Element> openings;
public Proof(final Element commitment, final List<Element> openings) {
this.commitment = commitment;
this.openings = openings;
}
public Element getCommitment() {
return commitment;
}
public void setCommitment(final Element commitment) {
this.commitment = commitment;
}
public List<Element> getOpenings() {
return openings;
}
}
package edu.jhu.isi.CLSign.proof;
import edu.jhu.isi.CLSign.keygen.PublicKey;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class Prover {
public static List<Element> computeProof(final List<Element> t, final List<ZrElement> messages, final Element challenge) {
final List<Element> s = new ArrayList<>();
for (int i = 0; i < t.size(); i++) {
s.add(messages.get(i).mul(challenge).add(t.get(i)));
}
return s;
}
public static Element computeProofComm(final PublicKey pk, final List<Element> t, final int size) {
t.add(pk.getPairing().getZr().newRandomElement());
Element proofComm = pk.getGenerator().powZn(t.get(0));
for (int i = 1; i < size; i++) {
t.add(pk.getPairing().getZr().newRandomElement());
proofComm = proofComm.mul(pk.getZ(i).powZn(t.get(i)));
}
return proofComm;
}
public static Element computeChallenge(final Element commitment, final Element proofComm, final PublicKey pk) {
try {
final MessageDigest digest = MessageDigest.getInstance("SHA-256");
final byte[] hash = digest.digest((Arrays.toString(proofComm.toBytes()) +
Arrays.toString(commitment.toBytes())).getBytes());
return pk.getPairing().getZr().newElementFromBytes(hash);
} catch (final Exception e) {
throw new IllegalStateException(e);
}
}
public static boolean verify(final Element commitment, final Proof proof, final PublicKey pk) {
Element lhs = pk.getGenerator().powZn(proof.getOpenings().get(0));
for (int i = 1; i < proof.getOpenings().size(); i++) {
lhs = lhs.mul(pk.getZ(i).powZn(proof.getOpenings().get(i)));
}
final Element rhs = commitment.powZn(computeChallenge(commitment, proof.getCommitment(), pk)).mul(proof.getCommitment());
return lhs.equals(rhs);
}
}
......@@ -3,6 +3,7 @@ package edu.jhu.isi.CLSign;
import edu.jhu.isi.CLSign.keygen.KeyPair;
import edu.jhu.isi.CLSign.keygen.PublicKey;
import edu.jhu.isi.CLSign.keygen.SecretKey;
import edu.jhu.isi.CLSign.proof.Proof;
import edu.jhu.isi.CLSign.sign.Signature;
import it.unisa.dia.gas.jpbc.Element;
import it.unisa.dia.gas.plaf.jpbc.field.z.ZrElement;
......@@ -14,6 +15,7 @@ import java.util.stream.IntStream;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
public class CLSignTest {
......@@ -133,7 +135,8 @@ public class CLSignTest {
.mapToObj(i -> (ZrElement) keyPair.getPk().getPairing().getZr().newRandomElement().getImmutable())
.collect(Collectors.toList());
final Element commitment = CLSign.commit(messages, keyPair.getPk());
final Signature sigma = CLSign.signBlind(commitment, keyPair);
final Proof proof = CLSign.proofCommitment(commitment, messages, keyPair.getPk());
final Signature sigma = CLSign.signBlind(commitment, proof, keyPair);
assertTrue(CLSign.verify(messages, sigma, keyPair.getPk()));
}
......@@ -145,8 +148,38 @@ public class CLSignTest {
.mapToObj(i -> (ZrElement) keyPair.getPk().getPairing().getZr().newRandomElement().getImmutable())
.collect(Collectors.toList());
final Element partialCommitment = CLSign.partialCommit(messages.subList(0, messageSize - 2), keyPair.getPk());
final Proof proof = CLSign.proofCommitment(partialCommitment, messages.subList(0, messageSize - 2), keyPair.getPk());
final Signature sigma = CLSign.signPartiallyBlind(messages.subList(messageSize - 2, messageSize),
partialCommitment, keyPair);
partialCommitment, proof, keyPair);
assertTrue(CLSign.verify(messages, sigma, keyPair.getPk()));
}
@Test
public void testBlindSignature_badProof() throws Exception {
final int messageSize = 5;
final KeyPair keyPair = CLSign.keyGen(messageSize);
final List<ZrElement> messages = IntStream.range(0, messageSize)
.mapToObj(i -> (ZrElement) keyPair.getPk().getPairing().getZr().newRandomElement().getImmutable())
.collect(Collectors.toList());
final Element commitment = CLSign.commit(messages, keyPair.getPk());
final Proof proof = CLSign.proofCommitment(commitment, messages, keyPair.getPk());
proof.setCommitment(keyPair.getPk().getPairing().getG1().newRandomElement());
final Signature sigma = CLSign.signBlind(commitment, proof, keyPair);
assertNull(sigma);
}
@Test
public void testPartiallyBlindSignature_badProof() throws Exception {
final int messageSize = 5;
final KeyPair keyPair = CLSign.keyGen(messageSize);
final List<ZrElement> messages = IntStream.range(0, messageSize)
.mapToObj(i -> (ZrElement) keyPair.getPk().getPairing().getZr().newRandomElement().getImmutable())
.collect(Collectors.toList());
final Element partialCommitment = CLSign.partialCommit(messages.subList(0, messageSize - 2), keyPair.getPk());
final Proof proof = CLSign.proofCommitment(partialCommitment, messages.subList(0, messageSize - 2), keyPair.getPk());
proof.setCommitment(keyPair.getPk().getPairing().getG1().newRandomElement());
final Signature sigma = CLSign.signPartiallyBlind(messages.subList(messageSize - 2, messageSize),
partialCommitment, proof, keyPair);
assertNull(sigma);
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment