more tweaks to design \& implementation
This commit is contained in:
parent
b4d7726749
commit
7ca8df6c16
12
bin/bolt.rs
12
bin/bolt.rs
|
@ -318,6 +318,7 @@ fn main() {
|
|||
|
||||
println!("******************************************");
|
||||
|
||||
// Test the PRF
|
||||
let s = Fr::random(rng);
|
||||
let key = prf::initPRF(s, None);
|
||||
|
||||
|
@ -326,6 +327,17 @@ fn main() {
|
|||
|
||||
println!("Compute y = 0x{}", libbolt::print(&y));
|
||||
|
||||
// Test the OTE scheme
|
||||
let k = ote::keygen();
|
||||
let X = G1::random(rng);
|
||||
let Y = G1::random(rng);
|
||||
let m = ote::OTMessage { m1: X, m2: Y };
|
||||
let c = ote::otenc(k, &m);
|
||||
let orig_m = ote::otdec(k, &c);
|
||||
|
||||
assert!(m.m1 == orig_m.m1 && m.m2 == orig_m.m2);
|
||||
println!("OTE scheme works as expected!");
|
||||
|
||||
// let rng = &mut rand::thread_rng();
|
||||
// let G = G1::random(rng); // &dalek_constants::RISTRETTO_BASEPOINT_POINT;
|
||||
// let H = G1::random(rng); // RistrettoPoint::hash_from_bytes::<Sha256>(G.compress().as_bytes());
|
||||
|
|
|
@ -269,6 +269,40 @@ ${\sf Init_{M}}(PP, \BC, \BM, pk_m, sk_m) \rightarrow {\sf T}_m, csk_m$. On inpu
|
|||
\item Output ${\sf T}_m = pk_m$ and $csk_m = (sk_m, \BM)$.
|
||||
\end{itemize}
|
||||
|
||||
\medskip \noindent
|
||||
${\sf Establish}( C\{PP, {\sf T}_m, csk_c)\}, \{M(PP, {\sf T}_c, csk_{m})\}$. On input public parameters and each of the initial
channel tokens, the {\sf Establish} protocol activates a channel between customer and merchant who have previously
escrowed funds. If the interaction succeeds, the merchant receives {\sf established} message and the customer
receives a wallet $w$. Either party may receive an error denoted by $\bot$.
|
||||
|
||||
\medskip \noindent
|
||||
The customer executes the following algorithm:
|
||||
\begin{itemize}
|
||||
\item Parse $csk_c$ as $(pk_c, sk_c, k_1, k_2, r, \BC)$.
|
||||
\item Sample $sk_0 \in \{0,1\}^\ell$.
|
||||
\item Generate $\pi_1 = PK\{ (sk_c, k_1, k_2, r) : {\sf wCom} = {\sf Commit}(sk_c, k_1, k_2; r) \wedge (pk_c, sk_c) \in {\sf KeyGen}(1^\lambda)\}$
|
||||
% breakdown Proof of knowledge statement
|
||||
\begin{itemize}
|
||||
\item Proof of statement: ${\sf wCom} = g^m \cdot h^r \wedge X = g^x \wedge Y = g^y$ where $m = H(sk_c, k_1, k_2)$
|
||||
\end{itemize}
|
||||
\item For $j = 1$ to $B$:
|
||||
\begin{enumerate}
|
||||
\item Compute $s_j \leftarrow F_{k_1}(j), u_j \leftarrow F_{k_2}(j)$.
|
||||
\item $\pi_{j}^r = PK\{ (sk_c, k_1, k_2, r) : s_j \leftarrow F_{k_1}(j) \wedge u_j \leftarrow F_{k_2}(j) \\ \wedge {\sf wCom} = {\sf Commit}(sk_c, k_1, k_2; r) \\ \wedge (pk_c, sk_c) \in {\sf KeyGen}(1^\lambda)\}$
|
||||
\item Compute internal signature $\sigma_j = {\sf Sign}(sk_c, {\sf spend}||j||s_j||u_j||\pi_{j}^r||ck_{j+1})$.
|
||||
\item Compute $C_j = {\sf SymEnc}(ck_j, j||s_j||u_j||\pi_{j}^r||\sigma_j||ck_{j+1})$
|
||||
\item Compute external signature $\sigma_j = {\sf Sign}(sk_c, {\sf coin}||j||C_j)$.
|
||||
\end{enumerate}
|
||||
\item Customer sends ${\sf wCom}, \pi, (C_1, \sigma_1,\dots,C_B,\sigma_B)$ to the merchant.
|
||||
\end{itemize}
|
||||
|
||||
\noindent
|
||||
The merchant executes the following algorithm in response:
|
||||
\begin{itemize}
|
||||
\item Verify the signature on ${\sf T}_c$.
|
||||
\item Check that $\BC = B$.
|
||||
\item Verify $\pi_1$.
|
||||
\item For $i = 1$ to $B$, verify the signature $\sigma_j$ on $C_j$.
|
||||
\item If any of the above conditions do not hold, abort and output $\bot$.
|
||||
\item Return a blind signature $\sigma_w$ on the contents of {\sf wCom}.
|
||||
\end{itemize}
|
||||
|
||||
\subsection{Bidirectional Scheme}
|
||||
|
||||
|
|
10
src/lib.rs
10
src/lib.rs
|
@ -9,6 +9,7 @@ use std::default;
|
|||
use bn::{Group, Fr, G1, G2, pairing};
|
||||
use bincode::SizeLimit::Infinite;
|
||||
use bincode::rustc_serialize::{encode, decode};
|
||||
use sodiumoxide::randombytes;
|
||||
use sodiumoxide::crypto::hash::sha512;
|
||||
|
||||
pub mod prf;
|
||||
|
@ -542,6 +543,7 @@ pub mod unidirectional {
|
|||
use commit_scheme;
|
||||
use clsigs;
|
||||
use Message;
|
||||
use sodiumoxide::randombytes;
|
||||
|
||||
pub struct PublicParams {
|
||||
cm_mpk: commit_scheme::PublicKey,
|
||||
|
@ -626,10 +628,16 @@ pub mod unidirectional {
|
|||
}
|
||||
|
||||
// TODO: requires NIZK proof system
|
||||
pub fn establish_customer(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
|
||||
pub fn establish_customer_send(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
|
||||
println ! ("Run establish_customer algorithm...");
|
||||
// set sk_0 to random bytes of length l
|
||||
// let sk_0 = random_bytes(pp.l);
|
||||
let buf_len: usize = pp.l_bits as usize;
|
||||
let mut sk0 = vec![0; buf_len];
|
||||
randombytes::randombytes_into(&mut sk0);
|
||||
}
|
||||
|
||||
pub fn estalibsh_mercahnt_send() {
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ use bn::{Group, Fr, G1};
|
|||
use rand;
|
||||
|
||||
pub struct OTMessage {
|
||||
m1: G1,
|
||||
m2: G1
|
||||
pub m1: G1,
|
||||
pub m2: G1
|
||||
}
|
||||
|
||||
pub struct OTCiphertext {
|
||||
|
|
Loading…
Reference in New Issue