Пример #1
0
  /**
   * Computes the simulator computation.
   *
   * @param input MUST be an instance of SigmaDHCommonInput.
   * @param challenge
   * @return the output of the computation - (a, e, z).
   * @throws CheatAttemptException if the received challenge's length is not equal to the soundness
   *     parameter.
   * @throws IllegalArgumentException if the given input is not an instance of SigmaDHCommonInput.
   */
  public SigmaSimulatorOutput simulate(SigmaCommonInput input, byte[] challenge)
      throws CheatAttemptException {
    // check the challenge validity.
    if (!checkChallengeLength(challenge)) {
      throw new CheatAttemptException(
          "the length of the given challenge is differ from the soundness parameter");
    }
    if (!(input instanceof SigmaDHCommonInput)) {
      throw new IllegalArgumentException("the given input must be an instance of SigmaDHInput");
    }
    SigmaDHCommonInput dhInput = ((SigmaDHCommonInput) input);

    // Sample a random z <- Zq
    BigInteger z = BigIntegers.createRandomInRange(BigInteger.ZERO, qMinusOne, random);

    // Compute a = g^z*u^(-e) (where -e here means -e mod q)
    GroupElement gToZ = dlog.exponentiate(dlog.getGenerator(), z);
    BigInteger e = new BigInteger(1, challenge);
    BigInteger minusE = dlog.getOrder().subtract(e);
    GroupElement uToE = dlog.exponentiate(dhInput.getU(), minusE);
    GroupElement a = dlog.multiplyGroupElements(gToZ, uToE);

    // Compute b = h^z*v^(-e) (where -e here means -e mod q)
    GroupElement hToZ = dlog.exponentiate(dhInput.getH(), z);
    GroupElement vToE = dlog.exponentiate(dhInput.getV(), minusE);
    GroupElement b = dlog.multiplyGroupElements(hToZ, vToE);

    // Output ((a,b),e,z).
    return new SigmaDHSimulatorOutput(
        new SigmaDHMsg(a.generateSendableData(), b.generateSendableData()),
        challenge,
        new SigmaBIMsg(z));
  }
  /**
   * Converts the input for the underlying prover computation.
   *
   * @param input MUST be an instance of SigmaPedersenCommittedValueProverInput.
   * @throws IllegalArgumentException if input is not an instance of
   *     SigmaPedersenCommittedValueProverInput.
   */
  private SigmaDlogProverInput convertInput(SigmaProverInput in) {
    if (!(in instanceof SigmaPedersenCommittedValueProverInput)) {
      throw new IllegalArgumentException(
          "the given input must be an instance of SigmaPedersenCommittedValueProverInput");
    }
    SigmaPedersenCommittedValueProverInput input = (SigmaPedersenCommittedValueProverInput) in;
    SigmaPedersenCommittedValueCommonInput params = input.getCommonParams();

    // Convert the input to the underlying Dlog prover. h' = c*h^(-x).
    BigInteger minusX = dlog.getOrder().subtract(params.getX());
    GroupElement hToX = dlog.exponentiate(params.getH(), minusX);
    GroupElement c = params.getCommitment();
    GroupElement hTag = dlog.multiplyGroupElements(c, hToX);

    return new SigmaDlogProverInput(hTag, input.getR());
  }
Пример #3
0
 /**
  * Checks the validity of the given soundness parameter.
  *
  * @return true if the soundness parameter is valid; false, otherwise.
  */
 private boolean checkSoundnessParam() {
   // If soundness parameter does not satisfy 2^t<q, return false.
   BigInteger soundness = new BigInteger("2").pow(t);
   BigInteger q = dlog.getOrder();
   if (soundness.compareTo(q) >= 0) {
     return false;
   }
   return true;
 }
Пример #4
0
  /**
   * Constructor that gets the underlying DlogGroup, soundness parameter and SecureRandom.
   *
   * @param dlog
   * @param t Soundness parameter in BITS.
   * @param random
   */
  public SigmaDHSimulator(DlogGroup dlog, int t, SecureRandom random) {
    // Sets the parameters.
    this.dlog = dlog;
    this.t = t;

    // Check the soundness validity.
    if (!checkSoundnessParam()) {
      throw new IllegalArgumentException("soundness parameter t does not satisfy 2^t<q");
    }

    this.random = random;
    qMinusOne = dlog.getOrder().subtract(BigInteger.ONE);
  }