This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch update-model-no-replay in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 955310c5ac6cb874966a599f845f1c415d875951 Author: Samuele Andreoli <[email protected]> AuthorDate: Wed Feb 5 17:04:04 2020 +0000 Amend mtawc model --- model/examples/run_mta.py | 3 ++- model/sec256k1/mta.py | 14 +++++++------- model/vectors/mta/genVector.py | 7 +++++-- model/vectors/mta/genZK.py | 16 ++++++++++++---- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/model/examples/run_mta.py b/model/examples/run_mta.py index cea22d0..efa5f66 100755 --- a/model/examples/run_mta.py +++ b/model/examples/run_mta.py @@ -344,7 +344,8 @@ if __name__ == "__main__": alice["mtawc_rrp_e"] = mta.mtawc_challenge( alice["paillier_g"], alice["zk_N"], alice["zk_b0"], alice["zk_b1"], curve.r, - alice["mta_CA"], bob["mtawc_CB"], bob["mtawc_rrp_u"], bob["mtawc_rrp_z"], bob["mtawc_rrp_z1"], bob["mtawc_rrp_t"], bob["mtawc_rrp_v"], bob["mtawc_rrp_w"]) + alice["mta_CA"], bob["mtawc_CB"], bob["mtawc_X"], + bob["mtawc_rrp_u"], bob["mtawc_rrp_z"], bob["mtawc_rrp_z1"], bob["mtawc_rrp_t"], bob["mtawc_rrp_v"], bob["mtawc_rrp_w"]) s, s1, s2, t1, t2 = mta.mtawc_prove( bob["mta_mult_share"], bob["mtawc_beta1"], bob["mtawc_r"], diff --git a/model/sec256k1/mta.py b/model/sec256k1/mta.py index e6262a6..871a42f 100644 --- a/model/sec256k1/mta.py +++ b/model/sec256k1/mta.py @@ -353,7 +353,7 @@ def mtawc_commit( return alpha, beta, gamma, rho, rho1, sigma, tau, u, z, z1, t, v, w -def mtawc_challenge(Gamma, Nt, h1, h2, q, c1, c2, u, z, z1, t, v, w): +def mtawc_challenge(Gamma, Nt, h1, h2, q, c1, c2, X, u, z, z1, t, v, w): ''' Use Fiat-Shamir to make this NIZK. @@ -379,13 +379,15 @@ def mtawc_challenge(Gamma, Nt, h1, h2, q, c1, c2, u, z, z1, t, v, w): c1_bytes = c1.to_bytes(DFS_2048, byteorder='big') c2_bytes = c2.to_bytes(DFS_2048, byteorder='big') - u_bytes = u.toBytes(True) z_bytes = z.to_bytes(FS_2048, byteorder='big') z1_bytes = z1.to_bytes(FS_2048, byteorder='big') t_bytes = t.to_bytes(FS_2048, byteorder='big') w_bytes = w.to_bytes(FS_2048, byteorder='big') v_bytes = v.to_bytes(2 * FS_2048, byteorder='big') + u_bytes = u.toBytes(True) + X_bytes = X.toBytes(True) + sha.update(Gamma_bytes) sha.update(Nt_bytes) sha.update(h1_bytes) @@ -393,6 +395,7 @@ def mtawc_challenge(Gamma, Nt, h1, h2, q, c1, c2, u, z, z1, t, v, w): sha.update(q_bytes) sha.update(c1_bytes) sha.update(c2_bytes) + sha.update(X_bytes) sha.update(u_bytes) sha.update(z_bytes) @@ -415,11 +418,8 @@ def mtawc_prove(x,y,r,e,alpha,beta,gamma,rho,rho1,sigma,tau,N): def mtawc_verify(c1, c2, X, s, s1, s2, t1, t2, u, z, z1, t, v, w, e, Gamma, h1, h2, q, P, Q, Pt, Qt): # Verify knowldege of DLOG - dsa_proof = s1 * ecp.generator() - dsa_gt = u.add(e * X) - if dsa_proof != dsa_gt: - print(dsa_proof.toBytes(True).hex()) - print(dsa_gt.toBytes(True).hex()) + proof = ecp.generator().mul(s1 % q, -X, e) + if proof != u: return False # Carry on with the regular verification for the MtA diff --git a/model/vectors/mta/genVector.py b/model/vectors/mta/genVector.py index 0d575c0..c7bdef3 100644 --- a/model/vectors/mta/genVector.py +++ b/model/vectors/mta/genVector.py @@ -142,7 +142,7 @@ def genRPVector(test_no, P, Q, Pt, Qt, h1 = None, h2 = None, m=None, r=None, c=N vector['BETA'] = hex(beta)[2:].zfill(512) vector['GAMMA'] = hex(gamma)[2:].zfill(768) vector['RHO'] = hex(rho)[2:].zfill(768) - + vector['Z'] = hex(z)[2:].zfill(512) vector['U'] = hex(u)[2:].zfill(1024) vector['W'] = hex(w)[2:].zfill(512) @@ -196,6 +196,8 @@ def genMTAZKVector(test_no, P, Q, Pt, Qt, check, h1 = None, h2 = None, m=None, x Gamma = P*Q+1 + print((3 * ecp.generator()).toBytes(True).hex()) + if h1 is None or h2 is None: _, _, _, _, _, _, h1, h2 = commitments.bc_setup(2048, Pt, Qt) @@ -226,7 +228,7 @@ def genMTAZKVector(test_no, P, Q, Pt, Qt, check, h1 = None, h2 = None, m=None, x if check: e = mta.mtawc_challenge( Gamma, Pt*Qt, h1, h2, curve.r, - c1, c2, + c1, c2, X, U, z, z1, t, v, w) else: e = mta.mta_challenge( @@ -250,6 +252,7 @@ def genMTAZKVector(test_no, P, Q, Pt, Qt, check, h1 = None, h2 = None, m=None, x vector['P'] = hex(P)[2:].zfill(256) vector['Q'] = hex(Q)[2:].zfill(256) vector['N'] = hex(P*Q)[2:].zfill(512) + vector['G'] = hex(P*Q+1)[2:].zfill(512) vector['PT'] = hex(Pt)[2:].zfill(256) vector['QT'] = hex(Qt)[2:].zfill(256) vector['NT'] = hex(Pt*Qt)[2:].zfill(512) diff --git a/model/vectors/mta/genZK.py b/model/vectors/mta/genZK.py index 4964b1e..304105f 100755 --- a/model/vectors/mta/genZK.py +++ b/model/vectors/mta/genZK.py @@ -38,10 +38,10 @@ primes = [ typeKeys = { 'commit': [ - 'TEST', 'X', 'Y', 'C1', 'N', 'H1', 'H2', 'NT', 'ALPHA', 'BETA', 'GAMMA', 'RHO', 'RHO1', 'SIGMA', 'TAU', 'Z', 'Z1', 'T', 'V', 'W' + 'TEST', 'X', 'Y', 'C1', 'N', 'H1', 'H2', 'NT', 'ALPHA', 'BETA', 'GAMMA', 'RHO', 'RHO1', 'SIGMA', 'TAU', 'Z', 'Z1', 'T', 'V', 'W' ], 'challenge': [ - 'TEST', 'N', 'NT', 'H1', 'H2', 'C1', 'C2', 'Z', 'Z1', 'T', 'V', 'W', 'E' + 'TEST', 'G', 'NT', 'H1', 'H2', 'C1', 'C2', 'Z', 'Z1', 'T', 'V', 'W', 'E' ], 'prove': [ 'TEST', 'X', 'Y', 'R', 'E', 'ALPHA', 'BETA', 'GAMMA', 'RHO', 'RHO1', 'SIGMA', 'TAU', 'N', 'S', 'S1', 'S2', 'T1', 'T2' @@ -51,6 +51,13 @@ typeKeys = { ], } +wc_extra_keys = { + 'commit': ['U'], + 'challenge': ['ECPX', 'U'], + 'prove': [], + 'verify': ['ECPX', 'U'] +} + if __name__ == "__main__": parser = argparse.ArgumentParser() @@ -68,8 +75,9 @@ if __name__ == "__main__": keys = typeKeys[tvType] wc = args.wc - if wc and (tvType != 'prove'): - keys.append('ECPX') + if wc: + keys.extend(wc_extra_keys[tvType]) + vectors = []
