def __init__(self, polynomial_list, chosen_candidate, G, com_pk):
self.group = G
self.com_pk = com_pk
self.order = com_pk.order
time_start_proof = time.process_time()
chosen_candidate = Bn.from_num(chosen_candidate)
random_to_eval = self.order.random()
self.commitment_to_eval = com_pk.commit([chosen_candidate],
random_to_eval)[0]
value_eval = Bn.from_num(0)
random_eval = Bn.from_num(0)
commitment_eval = self.com_pk.commit([value_eval], random_eval)[0]
self.proof = PolynomialProof(
com_pk,
polynomial_list,
self.commitment_to_eval,
commitment_eval,
chosen_candidate,
value_eval,
random_to_eval,
random_eval,
)
time_end_proof = time.process_time()
self.time_proof = time_end_proof - time_start_proof
def verify(self, polynomial_list):
value_eval = Bn.from_num(0)
random_eval = Bn.from_num(0)
commitment_eval = self.com_pk.commit([value_eval], random_eval)[0]
time_start_verify = time.process_time()
self.proof.verify(self.com_pk, polynomial_list,
self.commitment_to_eval, commitment_eval)
time_end_verify = time.process_time()
self.time_verify = time_end_verify - time_start_verify
def __init__(self, com_pk, commitment, product, A, randomizers):
self.order = com_pk.group.order()
self.m = len(A)
self.n = len(A[0])
# Maybe here we have a calculation which slows down the running time
product_rows_A = [
modular_prod([Bn.from_num(a[i]) for a in A], self.order)
for i in range(self.n)
]
self.commitment_products, randomizer_commitment_products = com_pk.commit(
product_rows_A)
self.hadamard = HadamardProductArgument(
com_pk,
commitment,
self.commitment_products,
A,
randomizers,
randomizer_commitment_products,
)
self.single_value = SingleValueProdArg(
com_pk,
self.commitment_products,
product,
product_rows_A,
randomizer_commitment_products,
)
def __init__(
self,
kp_tally,
pk_vote,
added_token,
reencrypted_vote,
randomizer,
number_dummies,
):
# Security parameters
self.sec_param = 256
self.bn_two = Bn.from_num(2)
self.hash_reduction = self.bn_two.pow(self.sec_param)
self.pk_tally = kp_tally.pk
self.sk_tally = kp_tally.sk
self.group_tally = self.pk_tally.group
self.generator_tally = self.group_tally.generator()
self.order_tally = self.group_tally.order()
self.pk_vote = pk_vote
self.group_vote = self.pk_vote.group
self.generator_vote = self.pk_vote.generator
self.order_vote = self.group_vote.order()
self.token = added_token
self.reencrypted_vote = reencrypted_vote
self.nr_candidates = self.reencrypted_vote.length
self.randomizer = randomizer
self.number_dummies = number_dummies
self.hiding_sk = None
self.hiding_randomizer = None
def __init__(self, kp_tally, pk_vote, token, vote, reencrypted_vote,
randomizer):
# Security parameters
self.sec_param = 256
self.bn_two = Bn.from_num(2)
self.hash_reduction = self.bn_two.pow(self.sec_param)
# Public key used for tokens
self.pk_tally = kp_tally.pk
self.sk_tally = kp_tally.sk
self.group_tally = self.pk_tally.group
self.generator_tally = self.group_tally.generator()
self.order_tally = self.group_tally.order()
# Public key used for votes
self.pk_vote = pk_vote
self.group_vote = self.pk_vote.group
self.generator_vote = self.group_vote.generator()
self.order_vote = self.group_vote.order()
self.token = token
self.vote = vote
self.nr_candidates = self.vote.length
self.reencrypted_vote = reencrypted_vote
self.randomizer = randomizer
self.hiding_sk = None
self.hiding_randomizer = None
def election_setup(group, number_voters, security_param):
order = group.order()
counter_space = Bn.from_num(2).pow(security_param - 2)
vids = []
counter = []
for i in range(number_voters):
vids.append(order.random())
index = counter_space + counter_space.random()
counter.append(index)
return vids, counter
def __init__(self, commitments, responses, challenge=None):
# Security parameters
self.sec_param = 256
self.bn_two = Bn.from_num(2)
self.hash_reduction = self.bn_two.pow(self.sec_param)
(
self.commitment_pk,
self.commitment_token,
self.commitment_vote1,
self.commitment_vote2,
) = commitments
self.response_sk, self.response_randomizer = responses
self.challenge = challenge
def compute_challenge_poly(transcript, p):
"""
Compute challenge given transcript
"""
transcript = flatten(transcript)
m = hashlib.sha512()
for element in transcript:
try:
m.update(element.commitment.export())
except AttributeError:
try:
m.update(hex(element.commitment).encode())
except:
m.update(element.commitment.hex().encode())
hashed = m.hexdigest()
return (Bn.from_hex(hashed)).mod(Bn.from_num(p))
def compute_challenge(transcript, p):
"""Compute challenge given transcript
TODO: return something of the right size, l_c bits in the paper.
TODO: use proper unique encoding of elements
"""
m = hashlib.sha512()
for element in transcript:
try:
m.update(element.export())
except AttributeError:
try:
m.update(hex(element).encode())
except:
m.update(hex(element.vid).encode())
m.update(hex(element.index).encode())
m.update(hex(element.tag).encode())
m.update(hex(element.vote).encode())
hashed = m.hexdigest()
return (Bn.from_hex(hashed)).mod(Bn.from_num(p))
def __init__(self, com_pk, commitment, product, committed_values,
randomizer):
self.n = len(committed_values)
self.order = com_pk.group.order()
self.sec_param_l_e = 160
self.sec_param_l_s = 80
self.bn_two = Bn.from_num(2)
# Prepare announcement
products = [committed_values[0]]
for i in range(1, self.n):
products.append(
(products[i - 1] * committed_values[i]).mod(self.order))
commitment_rand_one = self.order.random()
commitment_rand_two = self.order.random()
commitment_rand_three = self.order.random()
d_randoms = [self.order.random() for _ in range(self.n)]
delta_randoms = [self.order.random() for _ in range(self.n)]
delta_randoms[0] = d_randoms[0]
delta_randoms[-1] = 0
value_to_commit_two = [
-delta_randoms[i] * d_randoms[i + 1] for i in range(self.n - 1)
]
value_to_commit_three = [
delta_randoms[i + 1] - committed_values[i + 1] * delta_randoms[i] -
products[i] * d_randoms[i + 1] for i in range(self.n - 1)
]
self.announcement_one, _ = com_pk.commit(d_randoms,
commitment_rand_one)
self.announcement_two, _ = com_pk.commit_reduced(
value_to_commit_two, self.n - 1, commitment_rand_two)
self.announcement_three, _ = com_pk.commit_reduced(
value_to_commit_three, self.n - 1, commitment_rand_three)
# Compute challenge [Verify validity of this]
self.challenge = compute_challenge(
[
commitment,
product,
self.announcement_one,
self.announcement_two,
self.announcement_three,
],
self.order,
)
# Compute response
self.response_committed_values = [
(self.challenge * committed_values[i] + d_randoms[i]).mod(
self.order) for i in range(self.n)
]
self.response_product = [
(self.challenge * products[i] + delta_randoms[i]).mod(self.order)
for i in range(self.n)
]
self.response_randomizer = (self.challenge * randomizer +
commitment_rand_one).mod(self.order)
self.response_randomizer_commitments = (
self.challenge * commitment_rand_three + commitment_rand_two).mod(
self.order)
values_sum = values[0]
if len(values) > 1:
for i in values[1:]:
values_sum = (values_sum + i).mod(modulo)
return values_sum
if __name__ == "__main__":
# import doctest
#
# doctest.testmod()
G = EcGroup()
com_pk = com.PublicKey(G, 3)
order = com_pk.group.order()
A = [
[Bn.from_num(10), Bn.from_num(20),
Bn.from_num(30)],
[Bn.from_num(40), Bn.from_num(20),
Bn.from_num(30)],
[Bn.from_num(60), Bn.from_num(20),
Bn.from_num(40)],
]
for _ in range(10):
A.extend(A)
length_A = len(A)
commits_rands_A = [com_pk.commit(a) for a in A]
comm_A = [a[0] for a in commits_rands_A]
random_comm_A = [a[1] for a in commits_rands_A]
b = modular_prod(
[
modular_prod([Bn.from_num(A[i][j])
product *= i
return product
if __name__ == "__main__":
# import doctest
#
# doctest.testmod()
G = EcGroup()
com_pk = com.PublicKey(G, 3)
key_pair = elgamal.KeyPair(G)
pk = key_pair.pk
ctxts = [pk.encrypt((i) * G.generator()) for i in range(9)]
ctxts = [ctxts[i * 3:(i + 1) * 3] for i in range(3)]
exponents = [2, 0, 1, 3, 5, 8, 6, 7, 4]
exponents_Bn = [Bn.from_num(i) for i in exponents]
exponents = [exponents_Bn[i * 3:(i + 1) * 3] for i in range(3)]
randomizers = [G.order().random() for _ in range(3)]
reencryption_randomization = G.order().random()
product_ctxts = prod([
MultiExponantiation.ctxt_weighted_sum(ctxts[i], exponents[i])
for i in range(3)
])
exponantiated_reencrypted_product = (
pk.encrypt(G.infinite(), reencryption_randomization) * product_ctxts)
commitment_permutation = [
com_pk.commit(exponents[i], randomizers[i])[0] for i in range(3)
]
def __init__(self, kp_tally, pk_vote, tokens, vote, max_tag=None):
# Security parameters
self.sec_param = 256
self.bn_two = Bn.from_num(2)
self.hash_reduction = self.bn_two.pow(self.sec_param)
self.pk_tally = kp_tally.pk
self.group_tally = self.pk_tally.group
self.order_tally = self.group_tally.order()
self.pk_vote = pk_vote
self.tokens = tokens
if max_tag:
self.max_tag = max_tag
else:
self.max_tag = self.tokens[-1]
self.dummy = self.max_tag.decrypt(
kp_tally.sk) == 1 * kp_tally.group.generator()
self.vote = vote
self.number_candidates = self.vote.length
self.number_dummies = len(tokens)
last_token_decryption = self.tokens[-1].decrypt(kp_tally.sk)
self.added_token = tokens[0]
for token in tokens[1:]:
self.added_token = self.added_token * token
if type(self.vote) != VoteVector:
raise ValueError("Expected vote type of VoteVector")
# reencryption of vote
randomizer_reencryption = self.order_tally.random()
if self.dummy:
self.reencrypted_vote = VoteVector([
pk_vote.encrypt(0 * kp_tally.group.generator(),
randomizer_reencryption)
] * self.number_candidates)
else:
self.reencrypted_vote = pk_vote.reencrypt(vote,
randomizer_reencryption)
# Prover for dummy
prover_dummy = DummyVoterReencryptionProver(
kp_tally,
pk_vote,
self.added_token,
self.reencrypted_vote,
randomizer_reencryption,
self.number_dummies,
)
# Prover for real
prover_real = RealVoterReencryptionProver(
kp_tally,
pk_vote,
self.max_tag,
vote,
self.reencrypted_vote,
randomizer_reencryption,
)
# If the voter is real
if last_token_decryption == 0 * self.group_tally.generator():
self.proof_dummy = prover_dummy.simulate()
commitment_pk, commitment_token, commitment_vote1, commitment_vote2 = list(
prover_real.commit())
# Challenge big proof
self.main_challenge = compute_challenge(
[commitment_pk] + [commitment_token] +
commitment_vote1.tolist() + commitment_vote2.tolist() +
[self.proof_dummy.commitment_pk] +
[self.proof_dummy.commitment_token] +
self.proof_dummy.commitment_vote1.tolist() +
self.proof_dummy.commitment_vote2.tolist() +
self.vote.tolist() + self.added_token.tolist() +
[self.pk_vote.pk] + [self.pk_tally.pk],
self.hash_reduction,
)
self.true_challenge = self.main_challenge - self.proof_dummy.challenge
self.proof_real = prover_real.create_proof(
[
commitment_pk, commitment_token, commitment_vote1,
commitment_vote2
],
self.true_challenge,
)
# If the voter is dummy
else:
self.proof_real = prover_real.simulate()
commitment_pk, commitment_token, commitment_vote1, commitment_vote2 = list(
prover_dummy.commit())
# Challenge big proof
self.main_challenge = compute_challenge(
[self.proof_real.commitment_pk] +
[self.proof_real.commitment_token] +
self.proof_real.commitment_vote1.tolist() +
self.proof_real.commitment_vote2.tolist() + [commitment_pk] +
[commitment_token] + commitment_vote1.tolist() +
commitment_vote2.tolist() + self.vote.tolist() +
self.added_token.tolist() + [self.pk_vote.pk] +
[self.pk_tally.pk],
self.hash_reduction,
)
self.true_challenge = self.main_challenge - self.proof_real.challenge
self.proof_dummy = prover_dummy.create_proof(
[
commitment_pk, commitment_token, commitment_vote1,
commitment_vote2
],
self.true_challenge,
)