github.com/jiajun1992/watercarver@v0.0.0-20191031150618-dfc2b17c0c4a/StadiumForWaterCarver/src/Prover_toom.h (about)

     1  /*
     2   * Prover_toom.h
     3   *
     4   *  Created on: 24.04.2011
     5   *      Author: stephaniebayer
     6   *
     7   *      This version requires m = 16!!!!!
     8   */
     9  
    10  #ifndef PROVER_TOOM_H_
    11  #define PROVER_TOOM_H_
    12  
    13  #include "Functions.h"
    14  #include<vector>
    15  #include "Cipher_elg.h"
    16  #include "G_q.h"
    17  #include "Mod_p.h"
    18  #include "Pedersen.h"
    19  
    20  #include "FakeZZ.h"
    21  NTL_CLIENT
    22  
    23  
    24  class Prover_toom {
    25  	private:
    26  	long & m_r;
    27  	long n,m; //Userinput, defines the dimensions of the vectors used, N = n*m
    28  	int omega_sw; //windowsize for sliding-window technique
    29  	int omega_LL; //windowsize for multi-expo technique by Lim and Lee
    30  	int omega_mulex; //windowsize for multi-expo technique
    31  	double time_di; //time to calculate the Di's
    32  
    33  	vector<vector<ZZ>* >* A; //Matrix containing the numbers 1 to N after the permutation
    34  	vector<vector<vector<long>* >* >* pi; // Matrix containing the  permutation
    35  	vector<vector<Cipher_elg>* >* C;//Contains the reencryptetd ciphers
    36  	vector<vector<Cipher_elg>* >* C_small; //smaller matrix of ciphertexts constructed for interaction
    37  	vector<vector<ZZ>*>* R; //Random elements from the reencryption
    38  	vector<vector<ZZ>* >* R_small; //matrix constructed for interaction
    39  
    40  	vector<vector<ZZ>* >* B;//Matrix of permuted Vandermond challenges, generated out of challenges x2;
    41  	vector<vector<ZZ>* >* B_small; //matrix constructed for interaction
    42  	vector<vector<vector<long>* >*>* basis_B;//Matrix containing the basis_vec for multi-expo.
    43  	ZZ chal_y4; //random challenge from round 4
    44  	ZZ chal_z4; //random challenge element from round 4,
    45  	vector<ZZ>* chal_x6; //Vector of challenges, output of round 6
    46  	vector<ZZ>* chal_y6; //Vector of challenges, output of round 6
    47  	vector<ZZ>* chal_x8; //Vector of Vandermonde challenges, output of round 8
    48  	vector<ZZ>* x; //challenges for reduction m=64
    49  
    50  	vector<ZZ>* r_A; //random elements to generate the commitments for A
    51  	ZZ r_D0; //random element to generate the commitment to first row in D
    52  	vector<ZZ>* B_0; //Vector containing random exponents B_0i
    53  	vector<vector<long>* >* basis_B0; // contains the basis_vec for multi-expo
    54  	vector<ZZ>* r_B; //Random elements to commit to rows in B
    55  	vector<ZZ>* r_B_small; //Random elements to commit to rows in T_small
    56  	ZZ r_B0; //random element to commit to B_0
    57  	vector<Mod_p>* c_B; //Vector containing the commitments B_i to the values in B
    58  	Mod_p c_B0; //commitment to B_0
    59  	vector<Mod_p>* c_a; //Vector containing the commitments to values used for the reencryption in 5
    60  	vector<ZZ>* r_a;//Vector containing the random elements used for a
    61  	vector<ZZ>* a; //vector containing exponents for reencryption
    62  	vector<Mod_p>* c_A; //Commitments from round 1 to the values of A
    63  	Mod_p c_D0; //commitment to D_0
    64  	vector<Cipher_elg>* E;//vector of the products of the diogonals of Y^T generated in round 5
    65  	ZZ R_b; //contains the negative sum of B_ij*R_ij
    66  	vector<ZZ>* rho_a; //contains random elements used for the reencryption in 5
    67  
    68  	vector<Cipher_elg>*  C_c; //Ciphertexts to prove correctness of reduction
    69  	vector<Mod_p>* c_a_c; //vector containing the commitments to value used for the reencryption of C_c
    70  	vector<ZZ>* a_c; //vector containing the exponents
    71  	vector<ZZ>* r_c; //vector of random elements to commit to a_c
    72  	vector<ZZ>* rho_c; //contains random elements used for the reencryption
    73  
    74  	vector<vector<ZZ>* >* D; //Matrix containing the values y*A_ij +Bij - z
    75  	vector<vector<ZZ>* >* D_h; //Vector of the Hadamar products D_h_i = A_1¡...¡A_i of the rows of (A_ij-z)
    76  	vector<vector<ZZ>* >* D_s; //Vector of the shifted Hadamar proucts in D_h
    77  	vector<ZZ>* d; //containing random elements to proof product of D_hm
    78  	vector<ZZ>* Delta; //containing random elements to proof product of D_hm
    79  	vector<ZZ>* d_h; //containing random products w_j=prod_i=1^j D_hm[i]
    80  
    81  	ZZ r_z; // random element to commit to vector z
    82  	vector<ZZ>* r_D_h; // vector of random elements for commitments to D_h;
    83  	ZZ r_Dm; //random element for commitment to last row in D;
    84  	ZZ r_d; //random element for commitment to d
    85  	ZZ r_Delta; //random element for commitment to Delta
    86  	ZZ r_d_h; //random element for commitment to d_h
    87  
    88  	Mod_p  c_z; // commitment to vector of z's
    89  	vector<Mod_p>* c_D_h; //  commitments to D_h;
    90  	Mod_p c_Dm; // commitment to last row in D, D=D_h*t_1;
    91  	Mod_p c_d; //commitment to vector d
    92  	Mod_p c_Delta; //commitment to vector Delta
    93  	Mod_p c_d_h; // commitment to vector d_h
    94  
    95  	vector<ZZ>* Dl; //vector containing the sums of bilinear maps of rows of Y and U
    96  	vector<ZZ>* r_Dl; // vector of random elements  for the commitments  to D_l;
    97  	vector<Mod_p>* c_Dl; // commitments to the values D_l
    98  
    99  	vector<ZZ>* D_h_bar;//Sum over the row in D_h multiplied by chal^i
   100  	ZZ r_Dh_bar;// sum over the random elements used for commitments to D_h
   101  	vector<ZZ>* d_bar; // chal_x8*D_h(m-1) +d
   102  	vector<ZZ>* Delta_bar;//chal_x8*d_h+Delta
   103  	ZZ r_d_bar; //chal_x8*r_Dh(m-1)+r_d
   104  	ZZ r_Delta_bar; //chal_x8*r_dh +r_Delta
   105  
   106  	ZZ a_c_bar; //sum over elements to reencrypt E_low_up
   107  	ZZ r_ac_bar; // sum over random elements
   108  	vector<ZZ>* B_bar; // sum over the rows in B multiplied by chal^i
   109  	ZZ a_bar; //sum over the elements in a times chal^i
   110  	ZZ r_a_bar; // sum over random elements used for commitments to a
   111  	ZZ r_B_bar; //sum over the random elements used for commitments to B
   112  	ZZ rho_bar; //sum over random elements rho_a
   113  	ZZ rho_c_bar; //sum over random elements rho_c
   114  
   115  	vector<ZZ>* A_bar; //sum over the row in A times the challenges
   116  	vector<ZZ>* D_s_bar; //sum over the rows in D_S_bar times the challenges
   117  
   118  	ZZ r_A_bar; //sum over the random elements in r_A times the challenges
   119  	ZZ r_Ds_bar; //sum over the random elements in r_DS times the challenges
   120  	ZZ r_Dl_bar; //sum over the random elements in r_Dl times the challenges
   121  
   122  	ZZ Sigma_C; //sum over the elements C times the challenges
   123  
   124  	ElGammal* elgammal_;
   125  	Pedersen ped_;
   126  public:
   127  	Prover_toom(long& mr);
   128  	Prover_toom(long& mr, vector<vector<Cipher_elg>* >* E, vector<vector<ZZ>*>* R, vector<vector<vector<long>* >* >* pi, vector<long> num, int m_in, int n_in, ElGammal* elgammal);
   129  	virtual ~Prover_toom();
   130  	
   131  	string get_public_vector();
   132  
   133  	//round_1 calculates and returns the commitment to the row in Y
   134  	string round_1();
   135  	//round_3 calculates and returns the commitment to permuted exponents s_1(i)*s_2(j)
   136  	string round_3(const string& name);
   137  	//round_5a calculates the commitments to the vectors h, W, and C,c and returns them
   138  	void round_5a();
   139  	void round_5b();
   140  	//round_5, combines the round 5a and 5b
   141  	string round_5(const string& name);
   142  	//calculates the first set of extra Elements for the reduction loop
   143  	string round_5_red(const string& name);
   144  	//last reduction from m=16 to m=4, after reduction loop, calls also 5a
   145  	string round_5_red1(const string& name);
   146  	//round_5_opt_red, combines the round 5a and 5b_red
   147  //	string round_5_red2(string name );
   148  	//round_7a calculates the commitments to the vectors C and c
   149  	void round_7a();
   150  	void round_7b();
   151  	void round_7c();
   152  	void round_7c_red();
   153  	//round_7 reads the values in and writes them, and combines 7a-7c
   154  	string round_7(const string& name);
   155  	string round_7_red(const string& name);
   156  	void round_9a();
   157  	void round_9b();
   158  	void round_9c();
   159  	string round_9(const string& name);
   160  
   161  	void commit_ac();
   162  	void calculate_Cc(vector<vector<Cipher_elg>* >* C, vector<vector<vector<long>*>* >* B);
   163  	void calculate_Cc(vector<vector<Cipher_elg>* >* C, vector<vector<ZZ>*>* B);
   164  	void calculate_ac_bar(vector<ZZ>* x);
   165  	void calculate_r_ac_bar(vector<ZZ>* x);
   166  	void reduce_C(vector<vector<Cipher_elg>*>* C, vector<vector<ZZ>* >* B, vector<ZZ>* r_B,  vector<ZZ>* x, long length);
   167  	void set_Rb1(vector<ZZ>* x);
   168  
   169  	vector<Cipher_elg>* calculate_e();
   170  	void calculate_E(vector<Cipher_elg>* d);
   171  
   172  
   173  	vector<vector<Cipher_elg>*>* copy_C();
   174  	vector<vector<ZZ>* >* copy_B();
   175  	vector<ZZ>* copy_r_B();
   176  
   177  
   178  	static vector<vector<ZZ>*>* evulation(vector<vector<ZZ>*>* p);
   179  	static vector<vector<vector<CurvePoint>*>*>* evulation_pow(vector<vector<Cipher_elg>*>* p);
   180  	static vector<vector<vector<CurvePoint>*>*>* point_pow(vector<vector<vector<CurvePoint>*>*>* p, vector<vector<ZZ>*>* q);
   181  	static vector<vector<CurvePoint>*>* mult_points(vector<vector<vector<CurvePoint>* >*>* points);
   182  	static vector<Cipher_elg>* toom4_pow(vector<vector<Cipher_elg>*>* p, vector<vector<ZZ>*>* q);
   183  	static vector<CurvePoint>* interpolation_pow(vector<CurvePoint>* points);
   184  
   185  
   186  };
   187  
   188  #endif /* PROVER_TOOM_H_ */