2019-06-12 23:52:20 -07:00
|
|
|
// cl.rs
|
|
|
|
// CL Sigs - Pointcheval Sanders ('06)
|
|
|
|
extern crate pairing;
|
|
|
|
extern crate rand;
|
|
|
|
|
|
|
|
use super::*;
|
|
|
|
use pairing::{CurveAffine, CurveProjective, Engine};
|
2019-07-02 15:39:23 -07:00
|
|
|
use ff::PrimeField;
|
2019-06-12 23:52:20 -07:00
|
|
|
use rand::Rng;
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct PublicParams<E: Engine> {
|
|
|
|
pub g1: E::G1,
|
|
|
|
pub g2: E::G2
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct SecretKey<E: Engine> {
|
|
|
|
pub x: E::Fr,
|
|
|
|
pub y: Vec<E::Fr>
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
//#[derive(Clone, Serialize, Deserialize)]
|
|
|
|
#[derive(Clone)]
|
2019-06-12 23:52:20 -07:00
|
|
|
pub struct PublicKey<E: Engine> {
|
|
|
|
pub X: E::G2,
|
|
|
|
pub Y: Vec<E::G2>,
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
//#[derive(Clone, Serialize, Deserialize)]
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct BlindPublicKey<E: Engine> {
|
|
|
|
pub X: E::G2,
|
|
|
|
pub Y1: Vec<E::G1>,
|
|
|
|
pub Y2: Vec<E::G2>,
|
|
|
|
}
|
|
|
|
|
2019-06-12 23:52:20 -07:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct Signature<E: Engine> {
|
|
|
|
pub h: E::G1,
|
|
|
|
pub H: E::G1
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct KeyPair<E: Engine> {
|
|
|
|
pub secret: SecretKey<E>,
|
|
|
|
pub public: PublicKey<E>
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct BlindKeyPair<E: Engine> {
|
|
|
|
pub secret: SecretKey<E>,
|
|
|
|
pub public: BlindPublicKey<E>
|
|
|
|
}
|
|
|
|
|
2019-07-03 12:56:41 -07:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct ProofState<E: Engine> {
|
|
|
|
pub v: E::Fr,
|
|
|
|
pub s: E::Fr,
|
|
|
|
pub t: Vec<E::Fr>,
|
|
|
|
pub tt: E::Fr,
|
|
|
|
pub a: E::Fqk,
|
|
|
|
pub blindSig: Signature<E>
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct Proof<E: Engine> {
|
|
|
|
pub zx: E::Fr,
|
|
|
|
pub zsig: Vec<E::Fr>,
|
|
|
|
pub zv: E::Fr,
|
|
|
|
pub a: E::Fqk
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
|
2019-06-12 23:52:20 -07:00
|
|
|
impl<E: Engine> SecretKey<E> {
|
|
|
|
pub fn generate<R: Rng>(csprng: &mut R, l: usize) -> Self {
|
|
|
|
let mut y: Vec<E::Fr> = Vec::new();
|
|
|
|
for i in 0 .. l {
|
|
|
|
let _y = E::Fr::rand(csprng);
|
|
|
|
y.push(_y);
|
|
|
|
}
|
|
|
|
|
|
|
|
SecretKey { x: E::Fr::rand(csprng), y: y }
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
|
|
|
|
let h = E::G1::rand(csprng);
|
|
|
|
let mut s = E::Fr::zero();
|
2019-06-14 00:24:15 -07:00
|
|
|
// check vector length first
|
|
|
|
assert_eq!(self.y.len(), message.len());
|
|
|
|
for i in 0 .. message.len() {
|
2019-06-12 23:52:20 -07:00
|
|
|
// s = s + (self.y[i] * message[i]);
|
|
|
|
let mut res_yi = self.y[i];
|
|
|
|
res_yi.mul_assign(&message[i]);
|
|
|
|
s.add_assign(&res_yi);
|
|
|
|
}
|
|
|
|
|
|
|
|
// h ^ (x + s)
|
|
|
|
let mut res_x = self.x;
|
|
|
|
res_x.add_assign(&s);
|
|
|
|
|
|
|
|
let mut H = h;
|
|
|
|
H.mul_assign(res_x);
|
|
|
|
|
|
|
|
Signature { h: h, H: H }
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
pub fn blind<R: Rng>(&self, csprng: &mut R, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
|
2019-06-12 23:52:20 -07:00
|
|
|
let r = E::Fr::rand(csprng);
|
2019-06-14 00:24:15 -07:00
|
|
|
let t = bf.clone();
|
2019-06-12 23:52:20 -07:00
|
|
|
let mut h1 = signature.h;
|
|
|
|
h1.mul_assign(r); // sigma1 ^ r
|
|
|
|
|
|
|
|
let mut h = signature.h;
|
|
|
|
let mut H1 = signature.H;
|
2019-06-14 00:24:15 -07:00
|
|
|
h.mul_assign(t); // sigma1 ^ t (blinding factor)
|
2019-06-12 23:52:20 -07:00
|
|
|
H1.add_assign(&h); // (sigma2 * sigma1 ^ t)
|
|
|
|
|
|
|
|
// (sigma2 * sigma1 ^ t) ^ r
|
|
|
|
H1.mul_assign(r);
|
|
|
|
Signature { h: h1, H: H1 }
|
|
|
|
}
|
2019-06-14 00:24:15 -07:00
|
|
|
|
2019-06-12 23:52:20 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//impl<E: Engine> PublicKey<E> {
|
|
|
|
// pub fn encode(&self) -> Vec<u8> {
|
|
|
|
// let mut output_buf = Vec::new();
|
|
|
|
// let x_vec: Vec<u8> = encode(&self.X, Infinite).unwrap();
|
|
|
|
//
|
|
|
|
// output_buf.extend(x_vec);
|
|
|
|
// for i in 0 .. self.Y.len() {
|
|
|
|
// let yi_vec: Vec<u8> = encode(&self.Y[i], Infinite).unwrap();
|
|
|
|
// output_buf.extend(yi_vec);
|
|
|
|
// }
|
|
|
|
// return output_buf;
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
|
|
|
|
//impl fmt::Display for PublicKey {
|
|
|
|
// fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
// let a_vec: Vec<u8> = encode(&self.X, Infinite).unwrap();
|
|
|
|
//
|
|
|
|
// let mut a_s = String::new();
|
|
|
|
// for x in a_vec.iter() {
|
|
|
|
// a_s = format!("{}{:x}", a_s, x);
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// let mut Y = String::new();
|
|
|
|
//
|
|
|
|
// for i in 0 .. self.Y.len() {
|
|
|
|
// let b_vec: Vec<u8> = encode(&self.Y, Infinite).unwrap();
|
|
|
|
// let mut b_s = String::new();
|
|
|
|
// for y in b_vec.iter() {
|
|
|
|
// b_s = format!("{}{:x}", b_s, y);
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// write!(f, "PublicKey : (\nX = 0x{},\n{}\n)", a_s, Y)
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
|
|
|
|
impl<E: Engine> PublicKey<E> {
|
|
|
|
pub fn from_secret(mpk: &PublicParams<E>, secret: &SecretKey<E>) -> Self {
|
|
|
|
let mut Y: Vec<E::G2> = Vec::new();
|
|
|
|
for i in 0 .. secret.y.len() {
|
|
|
|
// Y[i] = g2 ^ y[i]
|
|
|
|
let mut g2 = mpk.g2;
|
|
|
|
g2.mul_assign(secret.y[i]);
|
|
|
|
Y.push(g2);
|
|
|
|
}
|
|
|
|
// X = g2 ^ x
|
|
|
|
let mut X = mpk.g2;
|
|
|
|
X.mul_assign(secret.x);
|
|
|
|
PublicKey {
|
|
|
|
X: X,
|
|
|
|
Y: Y
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, signature: &Signature<E>) -> bool {
|
|
|
|
let mut L = E::G2::zero();
|
|
|
|
for i in 0 .. self.Y.len() {
|
|
|
|
// L = L + self.Y[i].mul(message[i]);
|
|
|
|
let mut Y = self.Y[i];
|
|
|
|
Y.mul_assign(message[i]); // Y_i ^ m_i
|
|
|
|
L.add_assign(&Y); // L += Y_i ^m_i
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut X2 = self.X;
|
|
|
|
X2.add_assign(&L); // X2 = X + L
|
|
|
|
let lhs = E::pairing(signature.h, X2);
|
|
|
|
let rhs = E::pairing(signature.H, mpk.g2);
|
|
|
|
signature.h != E::G1::one() && lhs == rhs
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
impl<E: Engine> BlindPublicKey<E> {
|
|
|
|
pub fn from_secret(mpk: &PublicParams<E>, secret: &SecretKey<E>) -> Self {
|
|
|
|
let mut Y1: Vec<E::G1> = Vec::new();
|
|
|
|
let mut Y2: Vec<E::G2> = Vec::new();
|
|
|
|
for i in 0..secret.y.len() {
|
|
|
|
// Y[i] = g2 ^ y[i]
|
|
|
|
let mut g1y = mpk.g1;
|
|
|
|
let mut g2y = mpk.g2;
|
|
|
|
g1y.mul_assign(secret.y[i]);
|
|
|
|
g2y.mul_assign(secret.y[i]);
|
|
|
|
Y1.push(g1y);
|
|
|
|
Y2.push(g2y);
|
|
|
|
}
|
|
|
|
// X = g2 ^ x
|
|
|
|
let mut X = mpk.g2;
|
|
|
|
X.mul_assign(secret.x);
|
|
|
|
BlindPublicKey {
|
|
|
|
X: X,
|
|
|
|
Y1: Y1,
|
|
|
|
Y2: Y2
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, signature: &Signature<E>) -> bool {
|
|
|
|
let mut L = E::G2::zero();
|
|
|
|
let l = self.Y2.len();
|
|
|
|
assert_eq!(message.len(), l + 1);
|
|
|
|
|
|
|
|
for i in 0 .. l {
|
|
|
|
// L = L + self.Y[i].mul(message[i]);
|
|
|
|
let mut Y = self.Y2[i];
|
|
|
|
Y.mul_assign(message[i]); // Y_i ^ m_i
|
|
|
|
L.add_assign(&Y); // L += Y_i ^m_i
|
|
|
|
}
|
|
|
|
|
|
|
|
// Y_(l+1) ^ t
|
|
|
|
let mut Yt = mpk.g2;
|
|
|
|
Yt.mul_assign(message[l]);
|
|
|
|
L.add_assign(&Yt);
|
|
|
|
|
|
|
|
let mut X2 = self.X;
|
|
|
|
X2.add_assign(&L); // X2 = X + L
|
|
|
|
let lhs = E::pairing(signature.h, X2);
|
|
|
|
let rhs = E::pairing(signature.H, mpk.g2);
|
|
|
|
signature.h != E::G1::one() && lhs == rhs
|
|
|
|
}
|
|
|
|
|
2019-07-02 15:39:23 -07:00
|
|
|
/// Verify a proof of knowledge of a signature
|
2019-07-03 12:56:41 -07:00
|
|
|
/// Takes in a proof generated by prove_response(), a blind signature, and a challenge
|
|
|
|
/// outputs: boolean
|
|
|
|
pub fn verify_proof(&self, mpk: &PublicParams<E>, blindSig: Signature<E>, p: Proof<E>, challenge: E::Fr) -> bool {
|
2019-07-02 15:39:23 -07:00
|
|
|
let mut gx = E::pairing(blindSig.h, self.X);
|
2019-07-03 12:56:41 -07:00
|
|
|
gx = gx.pow(p.zx.into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
for j in 0..self.Y2.len() {
|
|
|
|
let mut gy = E::pairing(blindSig.h, self.Y2[j]);
|
2019-07-03 12:56:41 -07:00
|
|
|
gy = gy.pow(p.zsig[j].into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
gx.mul_assign(&gy);
|
|
|
|
}
|
|
|
|
let mut h = E::pairing(blindSig.h, mpk.g2);
|
2019-07-03 12:56:41 -07:00
|
|
|
h = h.pow(p.zv.into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
gx.mul_assign(&h);
|
|
|
|
let mut g = E::pairing(blindSig.H, mpk.g2);
|
|
|
|
g = g.pow(challenge.into_repr());
|
2019-07-03 12:56:41 -07:00
|
|
|
g.mul_assign(&p.a);
|
2019-07-02 15:39:23 -07:00
|
|
|
gx == g
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
}
|
|
|
|
|
2019-06-12 23:52:20 -07:00
|
|
|
|
|
|
|
|
|
|
|
pub fn setup<R: Rng, E: Engine>(csprng: &mut R) -> PublicParams<E> {
|
|
|
|
let g1 = E::G1::rand(csprng);
|
|
|
|
let g2 = E::G2::rand(csprng);
|
|
|
|
let mpk = PublicParams { g1: g1, g2: g2 };
|
|
|
|
return mpk;
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
///
|
|
|
|
/// KeyPair - implements the standard CL signature variant by Pointcheval-Sanders - Section 3.1
|
|
|
|
///
|
2019-06-12 23:52:20 -07:00
|
|
|
impl<E: Engine> KeyPair<E> {
|
|
|
|
pub fn generate<R: Rng>(csprng: &mut R, mpk: &PublicParams<E>, l: usize) -> Self {
|
|
|
|
let secret = SecretKey::generate(csprng, l);
|
|
|
|
let public = PublicKey::from_secret(mpk, &secret);
|
|
|
|
KeyPair { secret, public }
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
/// sign a vector of messages (of size l)
|
2019-06-12 23:52:20 -07:00
|
|
|
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
|
|
|
|
self.secret.sign(csprng, message)
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, signature: &Signature<E>) -> bool {
|
|
|
|
self.public.verify(mpk, message, signature)
|
|
|
|
}
|
2019-06-14 00:24:15 -07:00
|
|
|
}
|
2019-06-12 23:52:20 -07:00
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
///
|
|
|
|
/// BlindingKeyPair - implements the blinding signature scheme in Pointcheval-Sanders - Section 3.1.1
|
|
|
|
///
|
|
|
|
impl<E: Engine> BlindKeyPair<E> {
|
|
|
|
/// generate public/private keypair given public params and size of vectors
|
|
|
|
pub fn generate<R: Rng>(csprng: &mut R, mpk: &PublicParams<E>, l: usize) -> Self {
|
|
|
|
let secret = SecretKey::generate(csprng, l);
|
|
|
|
let public = BlindPublicKey::from_secret(mpk, &secret);
|
|
|
|
BlindKeyPair { secret, public }
|
2019-06-12 23:52:20 -07:00
|
|
|
}
|
|
|
|
|
2019-06-14 00:39:58 -07:00
|
|
|
/// extract unblinded public key
|
|
|
|
pub fn get_public_key(&self, mpk: &PublicParams<E>) -> PublicKey<E> {
|
|
|
|
PublicKey::from_secret(mpk, &self.secret)
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
/// sign a vector of messages
|
|
|
|
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
|
|
|
|
self.secret.sign(csprng, message)
|
|
|
|
}
|
|
|
|
|
|
|
|
/// computes a blind signature from an existing one
|
|
|
|
pub fn blind<R: Rng>(&self, csprng: &mut R, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
|
|
|
|
self.secret.blind(csprng, bf, signature)
|
|
|
|
}
|
|
|
|
|
|
|
|
/// unblinds a signature given knowledge of blinding factor, t. Output should be
|
|
|
|
/// verifiable with standard signature scheme.
|
|
|
|
pub fn unblind(&self, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
|
|
|
|
let mut H = signature.h;
|
|
|
|
let inv_bf = bf.inverse().unwrap();
|
|
|
|
|
|
|
|
// sigma2 / sigma1 ^ t
|
|
|
|
H.mul_assign(inv_bf);
|
|
|
|
H.add_assign(&signature.H);
|
|
|
|
|
|
|
|
Signature { h: signature.h, H: H }
|
|
|
|
}
|
|
|
|
|
|
|
|
/// verify a blinded signature without unblinding it first
|
|
|
|
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, bf: &E::Fr, signature: &Signature<E>) -> bool {
|
|
|
|
let mut m = message.clone();
|
|
|
|
let t = bf.clone();
|
|
|
|
m.push(t);
|
|
|
|
self.public.verify(mpk, &m, signature)
|
|
|
|
}
|
2019-07-02 15:39:23 -07:00
|
|
|
|
|
|
|
/// prove knowledge of a signature: commitment phase
|
2019-07-03 12:56:41 -07:00
|
|
|
/// returns the proof state, including commitment a and a blind signature blindSig
|
|
|
|
pub fn prove_commitment<R: Rng>(&self, rng: &mut R, mpk: &PublicParams<E>, signature: &Signature<E>) -> ProofState<E> {
|
|
|
|
let v = E::Fr::rand(rng);
|
|
|
|
let blindSig = self.blind(rng, &v, signature);
|
|
|
|
let s = E::Fr::rand(rng);
|
|
|
|
let mut t = Vec::<E::Fr>::with_capacity(self.public.Y2.len());
|
|
|
|
let tt = E::Fr::rand(rng);
|
2019-07-02 15:39:23 -07:00
|
|
|
let mut gx = E::pairing(blindSig.h, self.public.X);
|
2019-07-03 12:56:41 -07:00
|
|
|
gx = gx.pow(s.into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
for j in 0..self.public.Y2.len() {
|
2019-07-03 12:56:41 -07:00
|
|
|
t.push(E::Fr::rand(rng));
|
2019-07-02 15:39:23 -07:00
|
|
|
let mut gy = E::pairing(blindSig.h, self.public.Y2[j]);
|
2019-07-03 12:56:41 -07:00
|
|
|
gy = gy.pow(t[j].into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
gx.mul_assign(&gy);
|
|
|
|
}
|
|
|
|
let mut h = E::pairing(blindSig.h, mpk.g2);
|
2019-07-03 12:56:41 -07:00
|
|
|
h = h.pow(tt.into_repr());
|
2019-07-02 15:39:23 -07:00
|
|
|
gx.mul_assign(&h);
|
2019-07-03 12:56:41 -07:00
|
|
|
ProofState { v, s, t, tt, a: gx, blindSig }
|
2019-07-02 15:39:23 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/// prove knowledge of a signature: response phase
|
2019-07-03 12:56:41 -07:00
|
|
|
/// returns a proof that can be send to the verifier together with the challenge and the blind signature
|
|
|
|
pub fn prove_response(&self, ps: ProofState<E>, challenge: E::Fr, message: &mut Vec<E::Fr>) -> Proof<E> {
|
|
|
|
let mut zsig = ps.t.clone();
|
|
|
|
for i in 0..zsig.len() {
|
2019-07-02 15:39:23 -07:00
|
|
|
let mut message1 = message[i];
|
|
|
|
message1.mul_assign(&challenge);
|
2019-07-03 12:56:41 -07:00
|
|
|
zsig[i].add_assign(&message1);
|
2019-07-02 15:39:23 -07:00
|
|
|
}
|
2019-07-03 12:56:41 -07:00
|
|
|
let mut zx = ps.s.clone();
|
|
|
|
zx.add_assign(&challenge);
|
|
|
|
let mut zv = ps.tt.clone();
|
|
|
|
let mut vic = ps.v.clone();
|
2019-07-02 15:39:23 -07:00
|
|
|
vic.mul_assign(&challenge);
|
2019-07-03 12:56:41 -07:00
|
|
|
zv.add_assign(&vic);
|
|
|
|
Proof {zsig, zx, zv, a: ps.a }
|
2019-07-02 15:39:23 -07:00
|
|
|
}
|
2019-06-14 00:24:15 -07:00
|
|
|
}
|
2019-06-12 23:52:20 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
// display CL signature (PS)
|
|
|
|
impl fmt::Display for SignaturePS {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
let a_vec: Vec<u8> = encode(&self.h, Infinite).unwrap();
|
|
|
|
let b_vec: Vec<u8> = encode(&self.H, Infinite).unwrap();
|
|
|
|
|
|
|
|
let mut a_s = String::new();
|
|
|
|
for x in a_vec.iter() {
|
|
|
|
a_s = format!("{}{:x}", a_s, x);
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut b_s = String::new();
|
|
|
|
for y in b_vec.iter() {
|
|
|
|
b_s = format!("{}{:x}", b_s, y);
|
|
|
|
}
|
|
|
|
|
|
|
|
write!(f, "SignaturePS : (\nh = 0x{},\nH = 0x{}\n)", a_s, b_s)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
use ff::Rand;
|
|
|
|
use pairing::bls12_381::{Bls12, Fr};
|
|
|
|
use rand::{SeedableRng};
|
|
|
|
use rand_xorshift::XorShiftRng;
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn sign_and_verify() {
|
|
|
|
// let mut rng = XorShiftRng::seed_from_u64(0xbc4f6d44d62f276c);
|
|
|
|
// let mut rng = XorShiftRng::seed_from_u64(0xb963afd05455863d);
|
|
|
|
let mut rng = &mut rand::thread_rng();
|
|
|
|
|
|
|
|
let l = 5;
|
|
|
|
let mpk = setup(&mut rng);
|
|
|
|
let keypair = KeyPair::<Bls12>::generate(&mut rng, &mpk, l);
|
|
|
|
|
|
|
|
let mut message1 : Vec<Fr> = Vec::new();
|
|
|
|
let mut message2 : Vec<Fr> = Vec::new();
|
|
|
|
|
|
|
|
for i in 0..l {
|
|
|
|
message1.push(Fr::rand(&mut rng));
|
|
|
|
message2.push(Fr::rand(&mut rng));
|
|
|
|
}
|
|
|
|
|
|
|
|
let sig = keypair.sign(&mut rng, &message1);
|
|
|
|
assert_eq!(keypair.verify(&mpk, &message1, &sig), true);
|
|
|
|
assert_eq!(keypair.verify(&mpk, &message2, &sig), false);
|
|
|
|
}
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
#[test]
|
|
|
|
fn blind_sign_and_verify() {
|
|
|
|
let mut rng = &mut rand::thread_rng();
|
|
|
|
|
|
|
|
let l = 5;
|
|
|
|
let mpk = setup(&mut rng);
|
|
|
|
let keypair = BlindKeyPair::<Bls12>::generate(&mut rng, &mpk, l);
|
|
|
|
|
2019-06-14 00:39:58 -07:00
|
|
|
let public_key = keypair.get_public_key(&mpk);
|
|
|
|
|
2019-06-14 00:24:15 -07:00
|
|
|
let mut message1 : Vec<Fr> = Vec::new();
|
|
|
|
let mut message2 : Vec<Fr> = Vec::new();
|
|
|
|
|
|
|
|
for i in 0..l {
|
|
|
|
message1.push(Fr::rand(&mut rng));
|
|
|
|
message2.push(Fr::rand(&mut rng));
|
|
|
|
}
|
|
|
|
|
|
|
|
let sig = keypair.sign(&mut rng, &message1);
|
2019-06-14 00:39:58 -07:00
|
|
|
assert_eq!(public_key.verify(&mpk, &message1, &sig), true);
|
|
|
|
assert_eq!(public_key.verify(&mpk, &message2, &sig), false);
|
2019-06-14 00:24:15 -07:00
|
|
|
|
|
|
|
let t = Fr::rand(&mut rng);
|
|
|
|
let blind_sig = keypair.blind(&mut rng, &t,&sig);
|
|
|
|
|
|
|
|
// pick another blinding factor
|
|
|
|
let t1 = Fr::rand(&mut rng);
|
|
|
|
|
|
|
|
// verify blind signatures and provide blinding factor as input
|
|
|
|
assert_eq!(keypair.verify(&mpk,&message1, &t,&blind_sig), true);
|
|
|
|
assert_eq!(keypair.verify(&mpk,&message2, &t,&blind_sig), false);
|
|
|
|
assert_eq!(keypair.verify(&mpk,&message1, &t1,&blind_sig), false);
|
|
|
|
}
|
|
|
|
|
2019-07-02 15:39:23 -07:00
|
|
|
#[test]
|
|
|
|
fn proof_of_knowledge_of_signature() {
|
|
|
|
let mut rng = &mut rand::thread_rng();
|
|
|
|
|
|
|
|
let l = 5;
|
|
|
|
let mpk = setup(&mut rng);
|
|
|
|
let keypair = BlindKeyPair::<Bls12>::generate(&mut rng, &mpk, l);
|
|
|
|
|
|
|
|
let public_key = keypair.get_public_key(&mpk);
|
|
|
|
|
|
|
|
let mut message1 : Vec<Fr> = Vec::new();
|
|
|
|
|
|
|
|
for i in 0..l {
|
|
|
|
message1.push(Fr::rand(&mut rng));
|
|
|
|
}
|
|
|
|
|
|
|
|
let sig = keypair.sign(&mut rng, &message1);
|
2019-07-03 12:56:41 -07:00
|
|
|
let proof_state = keypair.prove_commitment(rng, &mpk, &sig);
|
2019-07-02 15:39:23 -07:00
|
|
|
let challenge = Fr::rand(&mut rng);
|
2019-07-03 12:56:41 -07:00
|
|
|
let proof = keypair.prove_response(proof_state.clone(), challenge, &mut message1);
|
2019-07-02 15:39:23 -07:00
|
|
|
|
2019-07-03 12:56:41 -07:00
|
|
|
assert_eq!(keypair.public.verify_proof(&mpk, proof_state.blindSig, proof, challenge), true);
|
2019-07-02 15:39:23 -07:00
|
|
|
}
|
|
|
|
|
2019-06-12 23:52:20 -07:00
|
|
|
}
|
|
|
|
|