def trusted_setup(self):
s = group.random(ZR)
alpha = group.random(ZR)
monomials_short = [s**i for i in range(1, self.num_constraints + 1)]
encrypted_monomials_short = [self.g**s_i for s_i in monomials_short]
encrypted_monomials = [self.g] + encrypted_monomials_short
encrypted_shifted_monomials = [
encrypted_monomial**alpha
for encrypted_monomial in encrypted_monomials
]
encrypted_variable_polynomials = [{
variable: polynomial.evaluate_encrypted(self.g,
encrypted_monomials_short)
for variable, polynomial in variable_polynomial_dict.items()
} for variable_polynomial_dict in self.variable_polynomials]
encrypted_shifted_variable_polynomials = [{
variable:
polynomial.evaluate_encrypted(encrypted_shifted_monomials[0],
encrypted_shifted_monomials[1:])
for variable, polynomial in variable_polynomial_dict.items()
} for variable_polynomial_dict in self.variable_polynomials]
g_t = self.g**self.t.evaluate(s)
proving_key = [
encrypted_monomials_short,
encrypted_variable_polynomials,
encrypted_shifted_variable_polynomials,
]
verification_key = [encrypted_shifted_monomials[0], g_t]
return [proving_key, verification_key]
def challenge(self):
self.s = group.random(ZR)
self.alpha = group.random(ZR)
monomials = [self.s**i for i in range(1, self.problem.max_order + 1)]
encrypted_monomials = [self.problem.g**s_i for s_i in monomials]
shifted_encrypted_monomials = [
encrypted_monomial**self.alpha
for encrypted_monomial in ([self.problem.g] + encrypted_monomials)
]
return [encrypted_monomials, shifted_encrypted_monomials]
def trusted_setup(self):
s = group.random(ZR)
alpha = group.random(ZR)
monomials = [s**i for i in range(1, self.max_order + 1)]
encrypted_monomials = [self.g**s_i for s_i in monomials]
shifted_encrypted_monomials = [
encrypted_monomial**alpha
for encrypted_monomial in ([self.g] + encrypted_monomials)
]
g_t = self.g**self.t.evaluate(s)
proving_key = [encrypted_monomials, shifted_encrypted_monomials]
verification_key = [shifted_encrypted_monomials[0], g_t]
return [proving_key, verification_key]
def trusted_setup(self):
s = group.random(ZR)
alpha = group.random(ZR)
monomials_short = [s**i for i in range(1, self.num_constraints + 1)]
encrypted_monomials_short = [self.g**s_i for s_i in monomials_short]
encrypted_monomials = [self.g] + encrypted_monomials_short
encrypted_shifted_monomials = [
encrypted_monomial**alpha
for encrypted_monomial in encrypted_monomials
]
g_t = self.g**self.t.evaluate(s)
proving_key = [encrypted_monomials_short, encrypted_shifted_monomials]
verification_key = [encrypted_shifted_monomials[0], g_t]
return [proving_key, verification_key]
def __init__(self):
self.g = group.random(G1)
self.g.initPP()
self.num_constraints = 1
self.t = Polynomial([1])
for constraint in range(1, self.num_constraints + 1):
self.t = self.t * Polynomial([-constraint, 1])
def respond(self, challenge):
[encrypted_monomials, shifted_encrypted_monomials] = challenge
h = self.p / self.problem.t
delta = group.random(ZR)
return [
self.p.evaluate_encrypted(self.problem.g,
encrypted_monomials)**delta,
h.evaluate_encrypted(self.problem.g, encrypted_monomials)**delta,
self.p.evaluate_encrypted(shifted_encrypted_monomials[0],
shifted_encrypted_monomials[1:])**delta,
]
def trusted_setup(self):
s = group.random(ZR)
alphas = [group.random(ZR), group.random(ZR), group.random(ZR)]
betas = [group.random(ZR), group.random(ZR), group.random(ZR)]
gamma = group.random(ZR)
monomials_short = [s**i for i in range(1, self.num_constraints + 1)]
encrypted_monomials_short = [self.g**s_i for s_i in monomials_short]
encrypted_monomials = [self.g] + encrypted_monomials_short
encrypted_shifted_monomials_list = [[
encrypted_monomial**alpha
for encrypted_monomial in encrypted_monomials
] for alpha in alphas]
encrypted_variable_polynomials = [{
variable: polynomial.evaluate_encrypted(self.g,
encrypted_monomials_short)
for variable, polynomial in variable_polynomial_dict.items()
} for variable_polynomial_dict in self.variable_polynomials]
encrypted_shifted_variable_polynomials = [{
variable:
polynomial.evaluate_encrypted(encrypted_shifted_monomials[0],
encrypted_shifted_monomials[1:])
for variable, polynomial in variable_polynomial_dict.items()
} for variable_polynomial_dict, encrypted_shifted_monomials in zip(
self.variable_polynomials, encrypted_shifted_monomials_list)]
variable_consistency_polynomials = {
variable:
prod([(encrypted_variable_polynomial_dict.get(variable)
or group.init(G1, 0))**beta
for encrypted_variable_polynomial_dict, beta in zip(
encrypted_variable_polynomials, betas)])
for variable in self.variables
}
g_t = self.g**self.t.evaluate(s)
encrypted_shifted_betas = [self.g**(beta * gamma) for beta in betas]
encrypted_gamma = self.g**gamma
proving_key = [
encrypted_monomials_short,
encrypted_variable_polynomials,
encrypted_shifted_variable_polynomials,
variable_consistency_polynomials,
]
verification_key = [
[
encrypted_shifted_monomials[0] for encrypted_shifted_monomials
in encrypted_shifted_monomials_list
],
g_t,
encrypted_shifted_betas,
encrypted_gamma,
]
return [proving_key, verification_key]
def prove(self, p):
assert p.degree <= self.problem.max_order
h = p / self.problem.t
delta = group.random(ZR)
return [
p.evaluate_encrypted(self.problem.g,
self.encrypted_monomials)**delta,
h.evaluate_encrypted(self.problem.g,
self.encrypted_monomials)**delta,
p.evaluate_encrypted(
self.shifted_encrypted_monomials[0],
self.shifted_encrypted_monomials[1:],
)**delta,
]
def __init__(self, constraints):
self.g = group.random(G1)
self.g.initPP()
self.num_constraints = len(constraints)
self.t = Polynomial([1])
for constraint_num in range(1, self.num_constraints + 1):
self.t = self.t * Polynomial([-constraint_num, 1])
self.variable_polynomials = [{}, {}, {}]
for i, constraint in enumerate(constraints):
constraint_num = i + 1
partial_t = self.t / Polynomial([-constraint_num, 1])
partial_t = partial_t * (1 / partial_t.evaluate(constraint_num))
for constraint_dict, variable_polynomial_dict in zip(
constraint, self.variable_polynomials):
for variable, coefficient in constraint_dict.items():
variable_polynomial_dict[variable] = (
variable_polynomial_dict.get(variable)
or Polynomial([0])) + partial_t * coefficient
self.variables = (self.variable_polynomials[0].keys()
| self.variable_polynomials[1].keys()
| self.variable_polynomials[2].keys())
def __init__(self, t, max_order):
self.g = group.random(G1)
self.g.initPP()
self.t = t
self.max_order = max_order
def challenge(self):
self.s = group.random(ZR)
monomials = [self.s**i for i in range(1, self.problem.max_order + 1)]
encrypted_monomials = [self.problem.g**s_i for s_i in monomials]
return [encrypted_monomials]
