Exemplo n.º 1
0
    // Check for players with insufficient funds.
    private void blameInsufficientFunds()
        throws CoinNetworkException, TimeoutException, Matrix, IOException, InterruptedException,
            FormatException, AddressFormatException {

      List<VerificationKey> offenders = new LinkedList<>();

      // Check that each participant has the required amounts.
      for (VerificationKey player : players.values()) {
        if (!coin.sufficientFunds(player.address(), amount + fee)) {
          // Enter the blame phase.
          offenders.add(player);
        }
      }

      // If they do, return.
      if (offenders.isEmpty()) return;

      // If not, enter blame phase and find offending transactions.
      phase.set(Phase.Blame);
      Message blameMessage = messages.make();
      for (VerificationKey offender : offenders) {
        blameMessage = blameMessage.attach(Blame.InsufficientFunds(offender));
      }

      // Broadcast offending transactions.
      mailbox.broadcast(blameMessage, phase.get());

      // Get all subsequent blame messages.
      throw fillBlameMatrix();
    }
Exemplo n.º 2
0
    // In the shuffle phase, we have to receive a set of strings from the previous player and
    // decrypt them all.
    final Message decryptAll(Message message, DecryptionKey key, int expected)
        throws IOException, InterruptedException, FormatException {

      Message decrypted = messages.make();

      int count = 0;
      Set<String> addrs = new HashSet<>(); // Used to check that all addresses are different.

      while (!message.isEmpty()) {
        String encrypted = message.readString();
        message = message.rest();

        addrs.add(encrypted);
        count++;
        decrypted = decrypted.attach(key.decrypt(encrypted));
      }

      if (addrs.size() != count || count != expected) {
        phase.set(Phase.Blame);
        mailbox.broadcast(
            messages.make().attach(Blame.ShuffleFailure(players.get(N))), phase.get());

        return null;
      }

      return decrypted;
    }
Exemplo n.º 3
0
    void blameBroadcastShuffleMessages()
        throws TimeoutException, Matrix, IOException, InterruptedException, FormatException {

      phase.set(Phase.Blame);
      log.warn("Player " + me + " enters blame phase and sends broadcast messages.");

      // Collect all packets from phase 2 and 3.
      Queue<Packet> evidence = mailbox.getPacketsByPhase(Phase.Shuffling);
      evidence.addAll(mailbox.getPacketsByPhase(Phase.BroadcastOutput));

      // Send them all with the decryption key.
      mailbox.broadcast(
          messages.make().attach(Blame.ShuffleAndEquivocationFailure(dk, evidence)), phase.get());

      throw fillBlameMatrix();
    }
Exemplo n.º 4
0
    // Some misbehavior that has occurred during the shuffle phase and we want to
    // find out what happened!
    private void blameShuffleMisbehavior()
        throws TimeoutException, Matrix, InterruptedException, FormatException, IOException {

      // Skip to phase 4 and do an equivocation check.
      phase.set(Phase.EquivocationCheck);
      equivocationCheck(encryptionKeys, newAddresses, true);
    }
Exemplo n.º 5
0
    // In the broadcast phase, we have to either receive all the
    // new addresses or send them all out. This is set off in its own function so that the
    // malicious machine can override it.
    Deque<Address> readAndBroadcastNewAddresses(Message shuffled)
        throws IOException, InterruptedException, TimeoutException, BlameException,
            FormatException {

      Deque<Address> newAddresses;
      if (me == N) {
        // The last player adds his own new address in without
        // encrypting anything and shuffles the result.
        newAddresses = readNewAddresses(shuffled);
        mailbox.broadcast(shuffled, phase.get());
      } else {
        // All other players just receive their addresses from the last one.
        newAddresses = readNewAddresses(mailbox.receiveFrom(players.get(N), phase.get()));
      }

      return newAddresses;
    }
Exemplo n.º 6
0
 final void execute(PhaseId startPhaseId) throws IOException {
   PhaseId currentPhaseId = startPhaseId;
   while (currentPhaseId != null) {
     IPhase currentPhase = findPhase(currentPhaseId);
     CurrentPhase.set(currentPhaseId);
     phaseListenerManager.notifyBeforePhase(currentPhaseId, lifecycle);
     PhaseId nextPhaseId = currentPhase.execute(getDisplay());
     phaseListenerManager.notifyAfterPhase(currentPhaseId, lifecycle);
     currentPhaseId = nextPhaseId;
   }
 }
Exemplo n.º 7
0
    void checkDoubleSpending(Transaction t)
        throws InterruptedException, IOException, FormatException, TimeoutException, Matrix,
            CoinNetworkException, AddressFormatException {

      // Check for double spending.
      Message doubleSpend = messages.make();
      for (VerificationKey key : players.values()) {
        Transaction o = coin.getConflictingTransaction(t, key.address(), amount);
        if (o != null) {
          doubleSpend = doubleSpend.attach(Blame.DoubleSpend(key, o));
        }
      }

      if (!doubleSpend.isEmpty()) {
        phase.set(Phase.Blame);

        mailbox.broadcast(doubleSpend, phase.get());
        throw fillBlameMatrix();
      }
    }
Exemplo n.º 8
0
    // Players run an equivocation check when they must confirm that they all have
    // the same information.
    void equivocationCheck(
        Map<VerificationKey, EncryptionKey> encryptonKeys,
        Queue<Address> newAddresses,
        boolean errorCase // There is an equivocation check that occurs
        ) throws InterruptedException, TimeoutException, Matrix, IOException, FormatException {

      Message equivocationCheck = equivocationCheckHash(players, encryptonKeys, newAddresses);
      mailbox.broadcast(equivocationCheck, phase.get());
      System.out.println("Player " + me + " equivocation message " + equivocationCheck);

      // Wait for a similar message from everyone else and check that the result is the name.
      Map<VerificationKey, Message> hashes = null;
      hashes = mailbox.receiveFromMultipleBlameless(playerSet(1, players.size()), phase.get());

      hashes.put(vk, equivocationCheck);

      if (areEqual(hashes.values())) {
        // We may have got this far as part of a normal part of the protocol or as a part
        // of an error case. If this is a normal part of the protocol, a blame message
        // having been received indicates that another player has a problem with the
        // output vector received from the last player in phase 3.
        if (errorCase
            || mailbox.blame(Reason.ShuffleFailure)
            || mailbox.blame(Reason.MissingOutput)) {
          blameBroadcastShuffleMessages();
        }

        return;
      }

      log.warn("Player " + me + " equivocation check fails.");

      // If the hashes are not equal, enter the blame phase.
      // Collect all packets from phase 1 and 3.
      phase.set(Phase.Blame);
      Queue<Packet> evidence = mailbox.getPacketsByPhase(Phase.Announcement);
      evidence.addAll(mailbox.getPacketsByPhase(Phase.BroadcastOutput));
      mailbox.broadcast(messages.make().attach(Blame.EquivocationFailure(evidence)), phase.get());

      throw fillBlameMatrix();
    }
Exemplo n.º 9
0
    // Everyone except player 1 creates a new keypair and sends it around to everyone else.
    DecryptionKey broadcastNewKey(Map<VerificationKey, Address> changeAddresses)
        throws TimeoutException, InterruptedException, IOException, FormatException {
      DecryptionKey dk = null;
      dk = crypto.makeDecryptionKey();

      // Broadcast the public key and store it in the set with everyone else's.
      encryptionKeys.put(vk, dk.EncryptionKey());
      changeAddresses.put(vk, change);
      Message message = messages.make().attach(dk.EncryptionKey());
      if (change != null) {
        message = message.attach(change);
      }
      mailbox.broadcast(message, phase.get());
      return dk;
    }
Exemplo n.º 10
0
    Transaction protocolDefinition()
        throws TimeoutException, Matrix, InterruptedException, FormatException, IOException,
            CoinNetworkException, ExecutionException, AddressFormatException {

      if (amount <= 0) {
        throw new IllegalArgumentException();
      }

      // Phase 1: Announcement
      // In the announcement phase, participants distribute temporary encryption keys.
      phase.set(Phase.Announcement);
      log.info("Player " + me + " begins CoinShuffle protocol " + " with " + N + " players.");
      System.out.println(
          "Player " + me + " begins CoinShuffle protocol " + " with " + N + " players.");

      // Check for sufficient funds.
      // There was a problem with the wording of the original paper which would have meant
      // that player 1's funds never would have been checked, but it's necessary to check
      // everybody.
      blameInsufficientFunds();
      System.out.println("Player " + me + " finds sufficient funds");

      // This will contain the change addresses.
      Map<VerificationKey, Address> changeAddresses = new HashMap<>();

      // Everyone creates a new keypair and sends it around to everyone else.
      // Note that the key for player 1 is not actually used; however, player 1
      // needs to send an announcement message at this point too because he might
      // have a change address. Therefore he just follows the same procedure as
      // everyone else.
      dk = broadcastNewKey(changeAddresses);
      System.out.println("Player " + me + " has broadcasted the new encryption key.");

      // Now we wait to receive similar key from everyone else.
      Map<VerificationKey, Message> announcement;
      try {
        announcement = mailbox.receiveFromMultiple(playerSet(1, N), phase.get());
      } catch (BlameException e) {
        // might receive blame messages about insufficient funds.
        phase.set(Phase.Blame);
        throw fillBlameMatrix();
      }
      System.out.println("Player " + me + " is about to read announcements.");

      readAnnouncements(announcement, encryptionKeys, changeAddresses);

      // Phase 2: Shuffle
      // In the shuffle phase, players go in order and reorder the addresses they have been
      // given by the previous player. They insert their own address in a random location.
      // Everyone has the incentive to insert their own address at a random location, which
      // is sufficient to ensure that the result appears random to everybody.
      phase.set(Phase.Shuffling);
      System.out.println("Player " + me + " reaches phase 2: " + encryptionKeys);

      try {
        // Player one begins the cycle and encrypts its new address with everyone's
        // public encryption key, in order.
        // Each subsequent player reorders the cycle and removes one layer of encryption.
        Message shuffled;
        if (me != 1) {
          shuffled = decryptAll(mailbox.receiveFrom(players.get(me - 1), phase.get()), dk, me - 1);

          if (shuffled == null) {
            blameShuffleMisbehavior();
          }
        } else {
          shuffled = messages.make();
        }

        // Make an encrypted address to the mix, and then shuffle everything ourselves.
        shuffled = shufflePhase(shuffled, addrNew);

        // Pass it along to the next player.
        if (me != N) {
          mailbox.send(shuffled, phase.get(), players.get(me + 1));
        }

        // Phase 3: broadcast outputs.
        // In this phase, the last player just broadcasts the transaction to everyone else.
        phase.set(Phase.BroadcastOutput);
        System.out.println("Player " + me + " reaches phase 3 ");

        newAddresses = readAndBroadcastNewAddresses(shuffled);

      } catch (BlameException e) {
        switch (e.packet.payload().readBlame().reason) {
          case MissingOutput:
            {
              // This was sent by a player in phase 3, which means that the new addresses
              // were sent out by the last player, which means that we need to receive
              // the new addresses before proceeding.
              if (newAddresses == null) {
                newAddresses =
                    readNewAddresses(mailbox.receiveFromBlameless(players.get(N), phase.get()));
              }
              // Continue on to next case.
            }
          case ShuffleFailure:
            {
              blameShuffleMisbehavior();
            }
          default:
            {
              throw fillBlameMatrix();
            }
        }
      }

      // Everyone else receives the broadcast and checks that their message was included.
      if (!newAddresses.contains(addrNew)) {
        phase.set(Phase.Blame);
        mailbox.broadcast(messages.make().attach(Blame.MissingOutput(players.get(N))), phase.get());

        blameShuffleMisbehavior();
      }

      // Phase 4: equivocation check.
      // In this phase, participants check whether any player has history different
      // encryption keys to different players.
      phase.set(Phase.EquivocationCheck);
      System.out.println("Player " + me + " reaches phase 4: ");

      equivocationCheck(encryptionKeys, newAddresses, false);

      // Phase 5: verification and submission.
      // Everyone creates a Bitcoin transaction and signs it, then broadcasts the signature.
      // If all signatures check out, then the transaction is history into the net.
      phase.set(Phase.VerificationAndSubmission);
      System.out.println("Player " + me + " reaches phase 5. ");

      List<VerificationKey> inputs = new LinkedList<>();
      for (int i = 1; i <= N; i++) {
        inputs.add(players.get(i));
      }

      // Generate the join transaction.
      Transaction t = coin.shuffleTransaction(amount, fee, inputs, newAddresses, changeAddresses);

      checkDoubleSpending(t);
      if (t == null) throw new RuntimeException("Transaction in null. This should not happen.");

      // Generate the input script using our signing key.
      Message inputScript = messages.make().attach(t.sign(sk));

      System.out.println("Player " + me + " broadcasts signature ");

      mailbox.broadcast(inputScript, phase.get());

      // Send signature messages around and receive them from other players.
      // During this time we could also get notices of invalid signatures
      // or double spends, so we have to watch out for that.
      Map<VerificationKey, Message> signatureMessages = null;
      boolean invalidClaim = false;
      try {
        signatureMessages = mailbox.receiveFromMultiple(playerSet(1, N), phase.get());
        signatureMessages.put(vk, inputScript);
        System.out.println("Player " + me + " receives signatures ");
      } catch (BlameException e) {
        switch (e.packet.payload().readBlame().reason) {
          case InvalidSignature:
            {
              // Continue receiving messages and ignore any further blame messages.
              signatureMessages =
                  mailbox.receiveFromMultipleBlameless(playerSet(1, N), phase.get());

              invalidClaim = true;
              break;
            }
          case DoubleSpend:
          default:
            {
              phase.set(Phase.Blame);
              // Could receive notice of double spending here.
              throw fillBlameMatrix();
            }
        }
      }

      // Verify the signatures.
      Map<VerificationKey, Bytestring> invalid = new HashMap<>();
      for (Map.Entry<VerificationKey, Message> sig : signatureMessages.entrySet()) {
        VerificationKey key = sig.getKey();
        Bytestring signature = sig.getValue().readSignature();
        signatures.put(key, signature);

        if (!t.addInputScript(signature)) {
          invalid.put(key, signature);
        }
      }

      if (invalid.size() > 0 || invalidClaim) {
        phase.set(Phase.Blame);
        Message blameMessage = messages.make();

        for (Map.Entry<VerificationKey, Bytestring> bad : invalid.entrySet()) {
          VerificationKey key = bad.getKey();
          Bytestring signature = bad.getValue();

          blameMessage = blameMessage.attach(Blame.InvalidSignature(key, signature));
        }
        mailbox.broadcast(blameMessage, phase.get());
        throw fillBlameMatrix();
      }

      // Send the transaction into the net.
      t.send();

      // The protocol has completed successfully.
      phase.set(Phase.Completed);

      return t;
    }