This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch update-model-no-replay in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 1b36543a2174667b2e8c6ad059551c0c101c122c Author: Samuele Andreoli <[email protected]> AuthorDate: Thu Feb 6 13:30:53 2020 +0000 Add support for interactive schnorr/double schnorr proofs --- examples/example_schnorr_interactive.c | 103 ++++++++++++++++++++++++++++ include/amcl/schnorr.h | 8 +++ src/schnorr.c | 13 ++++ test/smoke/test_schnorr_interactive_smoke.c | 81 ++++++++++++++++++++++ test/unit/CMakeLists.txt | 14 ++-- 5 files changed, 215 insertions(+), 4 deletions(-) diff --git a/examples/example_schnorr_interactive.c b/examples/example_schnorr_interactive.c new file mode 100644 index 0000000..9373dc0 --- /dev/null +++ b/examples/example_schnorr_interactive.c @@ -0,0 +1,103 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +#include "amcl/schnorr.h" + +/* Schnorr's proofs example */ + +int main() +{ + int rc; + + BIG_256_56 x; + BIG_256_56 q; + ECP_SECP256K1 G; + + char x_char[SGS_SECP256K1]; + octet X = {0, sizeof(x_char), x_char}; + + char v[SFS_SECP256K1+1]; + octet V = {0, sizeof(v), v}; + + char r[SGS_SECP256K1]; + octet R = {0, sizeof(r), r}; + + char c[SFS_SECP256K1+1]; + octet C = {0, sizeof(c), c}; + + char e[SGS_SECP256K1]; + octet E = {0, sizeof(e), e}; + + char p[SGS_SECP256K1]; + octet P = {0, sizeof(p), p}; + + // Deterministic RNG for example + char seed[32] = {0}; + csprng RNG; + RAND_seed(&RNG, 32, seed); + + // Generate DLOG + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); + BIG_256_56_randomnum(x, q, &RNG); + + ECP_SECP256K1_generator(&G); + ECP_SECP256K1_mul(&G, x); + + BIG_256_56_toBytes(X.val, x); + X.len = SGS_SECP256K1; + + ECP_SECP256K1_toOctet(&V, &G, 1); + + printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n"); + printf("\tx = "); + OCT_output(&X); + printf("\tV = "); + OCT_output(&V); + + printf("\n[Prover] Generate and transmit a commitment C = r.G\n"); + SCHNORR_commit(&RNG, &R, &C); + + printf("\tr = "); + OCT_output(&R); + printf("\tC = "); + OCT_output(&C); + + printf("\n[Verifier] Generate and send back a random challenge\n"); + SCHNORR_random_challenge(&RNG, &E); + + printf("\te = "); + OCT_output(&E); + + printf("\n[Prover] Generate and transmit the proof p for C = r.G and E\n"); + SCHNORR_prove(&R, &E, &X, &P); + + printf("\tp = "); + OCT_output(&P); + + printf("\n[Verifier] Verify the proof against V, C and e\n"); + rc = SCHNORR_verify(&V, &C, &E, &P); + if (rc) + { + printf("\tFailure! RC %d\n", rc); + } + else + { + printf("\tSuccess!\n"); + } +} \ No newline at end of file diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h index 3a091cb..e659b04 100644 --- a/include/amcl/schnorr.h +++ b/include/amcl/schnorr.h @@ -44,6 +44,14 @@ extern "C" #define SCHNORR_FAIL 51 /**< Invalid proof */ #define SCHNORR_INVALID_ECP 52 /**< Not a valid point on the curve */ +/*! \brief Generate random challenge for any Schnorr Proof + * + * Generate a random challenge that can be used to make any + * of the following Schnorr Proofs interactive. This can be used + * to be interoperable with other implementations. + */ +extern void SCHNORR_random_challenge(csprng *RNG, octet *E); + /* Classic Schnorr's proofs API */ /*! \brief Generate a commitment for the proof diff --git a/src/schnorr.c b/src/schnorr.c index eb1a7a3..0d2a96f 100644 --- a/src/schnorr.c +++ b/src/schnorr.c @@ -29,6 +29,19 @@ void hash_octet(hash256 *sha, octet *O) } } +void SCHNORR_random_challenge(csprng *RNG, octet *E) +{ + BIG_256_56 e; + BIG_256_56 q; + + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); + + BIG_256_56_randomnum(e, q, RNG); + + BIG_256_56_toBytes(E->val, e); + E->len = SGS_SECP256K1; +} + /* Classic Schnorr's Proof Definitions */ void SCHNORR_commit(csprng *RNG, octet *R, octet *C) diff --git a/test/smoke/test_schnorr_interactive_smoke.c b/test/smoke/test_schnorr_interactive_smoke.c new file mode 100644 index 0000000..82a8d14 --- /dev/null +++ b/test/smoke/test_schnorr_interactive_smoke.c @@ -0,0 +1,81 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +#include "amcl/schnorr.h" + +/* Schnorr's proofs smoke test using random challenge */ + +int main() +{ + int rc; + + BIG_256_56 x; + BIG_256_56 q; + ECP_SECP256K1 G; + + char x_char[SGS_SECP256K1]; + octet X = {0, sizeof(x_char), x_char}; + + char v[SFS_SECP256K1+1]; + octet V = {0, sizeof(v), v}; + + char r[SGS_SECP256K1]; + octet R = {0, sizeof(r), r}; + + char c[SFS_SECP256K1+1]; + octet C = {0, sizeof(c), c}; + + char e[SGS_SECP256K1]; + octet E = {0, sizeof(e), e}; + + char p[SGS_SECP256K1]; + octet P = {0, sizeof(p), p}; + + // Deterministic RNG for testing + char seed[32] = {0}; + csprng RNG; + RAND_seed(&RNG, 32, seed); + + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); + BIG_256_56_randomnum(x, q, &RNG); + + ECP_SECP256K1_generator(&G); + ECP_SECP256K1_mul(&G, x); + + BIG_256_56_toBytes(X.val, x); + X.len = SGS_SECP256K1; + + ECP_SECP256K1_toOctet(&V, &G, 1); + + SCHNORR_commit(&RNG, &R, &C); + + SCHNORR_random_challenge(&RNG, &E); + + SCHNORR_prove(&R, &E, &X, &P); + + rc = SCHNORR_verify(&V, &C, &E, &P); + if (rc) + { + printf("FAILURE SCHNORR_verify. RC %d\n", rc); + exit(EXIT_FAILURE); + } + + printf("SUCCESS\n"); + exit(EXIT_SUCCESS); +} \ No newline at end of file diff --git a/test/unit/CMakeLists.txt b/test/unit/CMakeLists.txt index c03672f..e1f0ffb 100644 --- a/test/unit/CMakeLists.txt +++ b/test/unit/CMakeLists.txt @@ -52,13 +52,19 @@ amcl_test(test_factoring_zk_prove test_factoring_zk_prove.c amcl_mpc "SUCCESS" amcl_test(test_factoring_zk_verify test_factoring_zk_verify.c amcl_mpc "SUCCESS" "factoring_zk/verify.txt") # Classic Schnorr tests -amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt") +amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt") amcl_test(test_schnorr_challenge test_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/challenge.txt") -amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt") -amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt") +amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt") +amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt") + +# Double Schnorr tests +amcl_test(test_d_schnorr_commit test_d_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/dcommit.txt") +amcl_test(test_d_schnorr_challenge test_d_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/dchallenge.txt") +amcl_test(test_d_schnorr_prove test_d_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/dprove.txt") +amcl_test(test_d_schnorr_verify test_d_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/dverify.txt") # BC Commitment tests -amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt") +amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt") amcl_test(test_bc_internals test_bc_internals.c amcl_mpc "SUCCESS") # MTA Range Proof tests
