more tweaks to design \& implementation

This commit is contained in:
J. Ayo Akinyele 2018-04-08 03:46:17 -04:00
parent b4d7726749
commit 7ca8df6c16
4 changed files with 57 additions and 3 deletions

View File

@ -318,6 +318,7 @@ fn main() {
println!("******************************************");
// Test the PRF
let s = Fr::random(rng);
let key = prf::initPRF(s, None);
@ -326,6 +327,17 @@ fn main() {
println!("Compute y = 0x{}", libbolt::print(&y));
// Test the OTE scheme
let k = ote::keygen();
let X = G1::random(rng);
let Y = G1::random(rng);
let m = ote::OTMessage { m1: X, m2: Y };
let c = ote::otenc(k, &m);
let orig_m = ote::otdec(k, &c);
assert!(m.m1 == orig_m.m1 && m.m2 == orig_m.m2);
println!("OTE scheme works as expected!");
// let rng = &mut rand::thread_rng();
// let G = G1::random(rng); // &dalek_constants::RISTRETTO_BASEPOINT_POINT;
// let H = G1::random(rng); // RistrettoPoint::hash_from_bytes::<Sha256>(G.compress().as_bytes());

View File

@ -269,6 +269,40 @@ ${\sf Init_{M}}(PP, \BC, \BM, pk_m, sk_m) \rightarrow {\sf T}_m, csk_m$. On inpu
\item Output ${\sf T}_m = pk_m$ and $csk_m = (sk_m, \BM)$.
\end{itemize}
\medskip \noindent
${\sf Establish}( C\{PP, {\sf T}_m, csk_c)\}, \{M(PP, {\sf T}_c, csk_{m})\}$. On input public parameters and each of the initial channel tokens, the {\sf Establish} protocol activates a channel between customer and merchant who have previously escrowed funds. If the interaction succeeds, the merchant receives {\sf established} message and the customer receives a wallet $w$. Either party may receive an error denoted by $\bot$.
\medskip \noindent
The customer executes the following algorithm:
\begin{itemize}
\item Parse $csk_c$ as $(pk_c, sk_c, k_1, k_2, r, \BC)$.
\item Sample $sk_0 \in \{0,1\}^\ell$.
\item Generate $\pi_1 = PK\{ (sk_c, k_1, k_2, r) : {\sf wCom} = {\sf Commit}(sk_c, k_1, k_2; r) \wedge (pk_c, sk_c) \in {\sf KeyGen}(1^\lambda)\}$
% breakdown Proof of knowledge statement
\begin{itemize}
\item Proof of statement: ${\sf wCom} = g^m \cdot h^r \wedge X = g^x \wedge Y = g^y$ where $m = H(sk_c, k_1, k_2)$
\end{itemize}
\item For $j = 1$ to $B$:
\begin{enumerate}
\item Compute $s_j \leftarrow F_{k_1}(j), u_j \leftarrow F_{k_2}(j)$.
\item $\pi_{j}^r = PK\{ (sk_c, k_1, k_2, r) : s_j \leftarrow F_{k_1}(j) \wedge u_j \leftarrow F_{k_2}(j) \\ \wedge {\sf wCom} = {\sf Commit}(sk_c, k_1, k_2; r) \\ \wedge (pk_c, sk_c) \in {\sf KeyGen}(1^\lambda)\}$
\item Compute internal signature $\sigma_j = {\sf Sign}(sk_c, {\sf spend}||j||s_j||u_j||\pi_{j}^r||ck_{j+1})$.
\item Compute $C_j = {\sf SymEnc}(ck_j, j||s_j||u_j||\pi_{j}^r||\sigma_j||ck_{j+1})$
\item Compute external signature $\sigma_j = {\sf Sign}(sk_c, {\sf coin}||j||C_j)$.
\end{enumerate}
\item Customer sends ${\sf wCom}, \pi, (C_1, \sigma_1,\dots,C_B,\sigma_B)$ to the merchant.
\end{itemize}
\noindent
The merchant executes the following algorithm in response:
\begin{itemize}
\item Verify the signature on ${\sf T}_c$.
\item Check that $\BC = B$.
\item Verify $\pi_1$.
\item For $i = 1$ to $B$, verify the signature $\sigma_j$ on $C_j$.
\item If any of the above conditions do not hold, abort and output $\bot$.
\item Return a blind signature $\sigma_w$ on the contents of {\sf wCom}.
\end{itemize}
\subsection{Bidirectional Scheme}

View File

@ -9,6 +9,7 @@ use std::default;
use bn::{Group, Fr, G1, G2, pairing};
use bincode::SizeLimit::Infinite;
use bincode::rustc_serialize::{encode, decode};
use sodiumoxide::randombytes;
use sodiumoxide::crypto::hash::sha512;
pub mod prf;
@ -542,6 +543,7 @@ pub mod unidirectional {
use commit_scheme;
use clsigs;
use Message;
use sodiumoxide::randombytes;
pub struct PublicParams {
cm_mpk: commit_scheme::PublicKey,
@ -626,10 +628,16 @@ pub mod unidirectional {
}
// TODO: requires NIZK proof system
pub fn establish_customer(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
pub fn establish_customer_send(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
println ! ("Run establish_customer algorithm...");
// set sk_0 to random bytes of length l
// let sk_0 = random_bytes(pp.l);
let buf_len: usize = pp.l_bits as usize;
let mut sk0 = vec![0; buf_len];
randombytes::randombytes_into(&mut sk0);
}
pub fn estalibsh_mercahnt_send() {
}

View File

@ -7,8 +7,8 @@ use bn::{Group, Fr, G1};
use rand;
pub struct OTMessage {
m1: G1,
m2: G1
pub m1: G1,
pub m2: G1
}
pub struct OTCiphertext {