github.com/jiajun1992/watercarver@v0.0.0-20191031150618-dfc2b17c0c4a/StadiumForWaterCarver/src/Verifier_toom.h (about)

     1  /*
     2   * Verifier_toom.h
     3   *
     4   *  Created on: 25.04.2011
     5   *      Author: stephaniebayer
     6   */
     7  
     8  #ifndef VERIFIER_TOOM_H_
     9  #define VERIFIER_TOOM_H_
    10  
    11  #include "Functions.h"
    12  #include<vector>
    13  #include "Cipher_elg.h"
    14  #include "G_q.h"
    15  #include "Mod_p.h"
    16  #include "Pedersen.h"
    17  #include "ElGammal.h"
    18  #include "FakeZZ.h"
    19  NTL_CLIENT
    20  
    21  
    22  class Verifier_toom {
    23  private:
    24  	long& m_r;
    25  	long n,m; // User input, defines the dimensions of the matrix used in the protocol, m rows, n columns
    26  	long omega; //window size for multi-exponentiation technique
    27  	long omega_sw; //window size for multi-exponentiation technique sliding window and LL
    28  	long omega_LL; //window size for multi-exponentiation technique of LL
    29  
    30  	vector<Mod_p>* c_A; //Commitments to the rows of A send from the prover in round 1
    31  	Mod_p c_D0; //commitment to the 0-th row in D
    32  	vector<Mod_p>* c_B; //Commitments to the rows of permuted exponents B send from the prover in round 3
    33  	vector<Mod_p>* c_B_small; //commitments after reduction with challenges x
    34  	vector<vector<Cipher_elg>* >* C_small; //smaller matrix of ciphertexts constructed for interaction
    35  
    36  
    37  	ZZ chal_x2; //Challenges for round 2, exponents for permutation
    38  	ZZ chal_y4; // Challenges to prove the use of the permutation in the prove of ciphertexts
    39  	ZZ chal_z4; // Challenges to create the polynomial prod(y_ij -z4), created in round 4
    40  	vector<ZZ>* chal_x6; // Vector of Vandermonde challenges x6, x6^2, ..., x6^m, generated in round 6
    41  	vector<ZZ>* chal_y6; // Vector of Vandermonde challenges y6, y6^2, ..., y6^m, generated in round 6
    42  	vector<ZZ> * chal_x8; // Vector of Vandermode challenges x8, x8^2 ... in round 8
    43  	vector<vector<long>* >* basis_chal_x8; //Vector of basis_vec for multi-expo
    44  	vector<ZZ>* mul_chal_x8; //Vector of basis_vec for multi-expo
    45  	vector<ZZ>* x; //Vector of challenges for reduction
    46  
    47  	Mod_p c_z; //Commitments to the vector containing z
    48  
    49  	//Commitments vectors from round 5
    50  	vector<Mod_p>* c_Dh; // commitments to D_h;
    51  	vector<Mod_p>* c_Ds;//contains commitment to D_s
    52  	Mod_p c_Dm;  //  commitment to last row in D_s;
    53  	vector<Mod_p>* c_Dl; // commitments to the values D_l
    54  	Mod_p c_B0; //Vector containing commitments to B_0i
    55  	vector<Mod_p>* c_a; //Vector containing the commitments to values used for the reencryption in 5
    56  	Mod_p c_d; //commitment to vector d
    57  	Mod_p c_Delta; //commitment to vector Delta
    58  	Mod_p c_dh; // commitment to vector d_h
    59  	vector<Mod_p>* c_a_c; //vector containing values used to reencrypt the E_c
    60  
    61  	vector<Cipher_elg>* E; //reencrypted product of the diogonals of the matrix of ciphertexts
    62  	vector<Cipher_elg>* C_c; //Ciphertexts to prove correctness of reduction
    63  
    64  	vector<ZZ>* D_h_bar;//Sum over the row in D_h multiplied by chal^i
    65  	ZZ r_Dh_bar;// sum over the random elements used for commiments to D_h
    66  
    67  	vector<ZZ>* d_bar; // chal_x8*D_h(m-1) +d
    68  	vector<ZZ>* Delta_bar;//chal_x8*d_h+Delta
    69  	ZZ r_d_bar; //chal_x8*r_Dh(m-1)+r_d
    70  	ZZ r_Delta_bar; //chal_x8*r_dh +r_Delta
    71  
    72  	vector<ZZ>* B_bar; // sum over the rows in B multiplied by chal^i
    73  	ZZ a_bar; //sum over the elements in a times chal^i
    74  	ZZ r_B_bar; //sum over the random elements used for B
    75  	ZZ r_a_bar; // sum over random elements used for a
    76  	ZZ rho_bar; //sum over random elements rho_a
    77  
    78  	vector<ZZ>* A_bar; //sum over the row in A times the challenges
    79  	vector<ZZ>* Ds_bar; //sum over the rows in Ds_bar times the challenges
    80  
    81  	ZZ r_A_bar; //sum over the random elements in r_A times the challenges
    82  	ZZ r_Ds_bar; //sum over the random elements in r_Ds times the challenges
    83  	ZZ r_Dl_bar; //sum over the random elements in r_Dl times the challenges
    84  
    85  
    86  	ZZ a_c_bar; //sum over elements to reencrypt E_low_up
    87  	ZZ r_ac_bar; // sum over random elements
    88  /*	ZZ F_c; //sum over elements to reencrypt E_low_up
    89  	ZZ Z_c; // sum over random elements
    90  	ZZ zeta_c; //sum over random elements rho_c*/
    91  
    92  public:
    93  	Verifier_toom(long& mr, bool do_process);
    94  	Verifier_toom(vector<long> num, int m, int n, long& mr, bool do_process, ElGammal* elgammal);
    95  	virtual ~Verifier_toom();
    96  	
    97  	void set_public_vector(istringstream& f, long n, int o1, int o2, int o3);
    98  
    99  
   100  	//Stores the commitments to matrix Y and sends challenges vector s_1 and s_2 to the prover
   101  	string round_2(const string& name, ZZ* challenge, ZZ* random_out);
   102  	string round_2(const string& name, ZZ& challenge, ZZ& random_in);
   103  	
   104  	//round_4 stores the in output a of round_1 and outputs the challenges for round 3
   105  	string round_4(const string& name, ZZ* challenge, ZZ* random_out);
   106  	string round_4(const string& name, ZZ& challenge, ZZ& random_in);
   107  	
   108  	//round_6 outputs the challenge t, t^2,..
   109  	string round_6(const string& input, ZZ* challenge, ZZ* random_out);
   110  	string round_6(const string& input, ZZ& challenge, ZZ& random_in);
   111  	
   112  	//first round for reductions, outputs challenges and
   113  	string round_6_red(const string& name, vector<vector<Cipher_elg>* >* enc, ZZ* challenge, ZZ* random_out);
   114  	string round_6_red(const string& name, vector<vector<Cipher_elg>* >* enc, ZZ& challenge, ZZ& random_in);
   115  	
   116  	//round_6_red_2 second round of reduction outputs the challenge t, t^2,..
   117  	string round_6_red1(const string& input, ZZ* challenge, ZZ* random_out);
   118  	string round_6_red1(const string& input, ZZ& challenge, ZZ& random_in);
   119  	
   120  	//round 6 stores the output com of round 1 and outputs the challenges for round 7
   121  	string round_8(const string& input, ZZ* challenge, ZZ* random_out);
   122  	string round_8(const string& input, ZZ& challenge, ZZ& random_in);
   123  
   124  	//round 8 stores the input and checks the first set of equation, if all is true return challenges e, else -1
   125  	bool round_10(const string& name, vector<vector<Cipher_elg>* >* e,vector<vector<Cipher_elg>* >* E);
   126  	bool round_10_red(const string& name, vector<vector<Cipher_elg>* >* e,vector<vector<Cipher_elg>* >* E);
   127  
   128  	void calculate_c(Cipher_elg& c, vector<vector<Cipher_elg>* >* enc);
   129  	void calculate_ac(Mod_p& com);
   130  	void reduce_c_B();
   131  	void calculate_C(Cipher_elg& C, vector<Cipher_elg>* E_c, vector<ZZ>* x);
   132  
   133  	void check_B(bool& b);
   134  	void check_B_red(bool& b);
   135  	void check_a(bool& b);
   136  	void check_c(vector<vector<Cipher_elg>* >* enc, bool& b);
   137  	void check_c_red(bool& b);
   138  	void check_E(vector<vector<Cipher_elg>* >* E, bool& b);
   139  	void check_E_red(vector<vector<Cipher_elg>* >* E, bool& b);
   140  	void check_ac(bool& b);
   141  	
   142  private:
   143  	ZZ make_challenge(ZZ* random) const;
   144  	bool check_challenge(ZZ& challenge, ZZ& random) const;
   145  	ZZ derive_from_challenge(ZZ& challenge, string id);
   146  	
   147  	string round_2(const string& input, ZZ& challenge);
   148  	string round_4(const string& input, ZZ& challenge);
   149  	string round_6(const string& input, ZZ& challenge);
   150  	string round_6_red(const string& name, vector<vector<Cipher_elg>* >* enc, ZZ& challenge);
   151  	string round_6_red1(const string& name, ZZ& challenge);
   152  
   153  	string round_8(const string& name, ZZ& challenge);	
   154  	bool do_process_;
   155  	ElGammal* elgammal_;
   156  	Pedersen ped_;
   157  };
   158  
   159  #endif /* VERIFIER_TOOM_H_ */