def __init__(self, g, x):
y = pow(g, x, DLP.p)
rr = randrange(1, DLP.q)
grr = pow(g, rr, DLP.p)
c = Web3.solidityKeccak(['bytes'], [
BigNumber.from_py(g).val + BigNumber.from_py(y).val +
BigNumber.from_py(grr).val
])
c = int.from_bytes(c, byteorder='big') % DLP.q
rrr = (rr + (c * x) % DLP.q) % DLP.q
assert (pow(g, rrr, DLP.p) == grr * pow(y, c, DLP.p) % DLP.p)
self.grr, self.rrr = grr, rrr
def to_sol(self):
return BigNumber.from_py(self.aa0).to_sol(), BigNumber.from_py(
self.aa1).to_sol(), BigNumber.from_py(
self.bb0).to_sol(), BigNumber.from_py(
self.bb1).to_sol(), BigNumber.from_py(
self.c0).to_sol(), BigNumber.from_py(
self.c1).to_sol(), BigNumber.from_py(
self.rrr0).to_sol(), BigNumber.from_py(
self.rrr1).to_sol()
def phase_1_bidder_init(self, value=10):
pi = DLProof(DLP.g, self.x).to_sol()
tx_hash = self.auction_contract.functions.phase1BidderInit(
BigNumber.from_py(self.y).to_sol(), pi).transact({
'from': self.addr,
'value': value,
'gas': gas_limit
})
tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash)
self.gasUsed += tx_receipt['gasUsed']
tx_print(tx_receipt, "B{}".format(self.index))
def phase_5_winner_decision(self):
y = self.auction_contract.functions.elgamalY().call()
y = BigNumber.from_sol(y).to_py()
jM = self.auction_contract.functions.jM().call()
bidA = [self.bids[-1]]
for i in reversed(range(len(self.bids) - 1)):
bidA = [self.bids[i].mul(bidA[0])] + bidA
piM_sols = CtMProof(bidA[jM].c, y, bidA[jM].r, 1).to_sol()
tx_hash = self.auction_contract.functions.phase5WinnerDecision(
piM_sols).transact({
'from': self.addr,
'gas': gas_limit
})
tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash)
self.gasUsed += tx_receipt['gasUsed']
tx_print(tx_receipt, "B{}".format(self.index))
def __init__(self, g1, g2, x):
y1, y2 = pow(g1, x, DLP.p), pow(g2, x, DLP.p)
rr = randrange(1, DLP.q)
grr1, grr2 = pow(g1, rr, DLP.p), pow(g2, rr, DLP.p)
c = Web3.solidityKeccak(['bytes'], [
BigNumber.from_py(g1).val + BigNumber.from_py(g2).val +
BigNumber.from_py(y1).val + BigNumber.from_py(y2).val +
BigNumber.from_py(grr1).val + BigNumber.from_py(grr2).val
])
c = int.from_bytes(c, byteorder='big') % DLP.q
rrr = (rr + c * x % DLP.q) % DLP.q
assert (pow(g1, rrr, DLP.p) == grr1 * pow(y1, c, DLP.p) % DLP.p)
assert (pow(g2, rrr, DLP.p) == grr2 * pow(y2, c, DLP.p) % DLP.p)
self.grr1, self.grr2, self.rrr = grr1, grr2, rrr
def phase_2_bidder_submit_bid(self, bid_price_j, value=10):
self.bid_price_j = bid_price_j
y = self.auction_contract.functions.elgamalY().call()
y = BigNumber.from_sol(y).to_py()
price_length = self.auction_contract.functions.priceLength().call()
self.bids = []
for j in range(price_length):
self.bids.append(Ct.from_vote(j == bid_price_j, y))
bid_pi01_sols = [bid.to_sol_with_01_proof() for bid in self.bids]
bid, pi01 = list(map(list, list(zip(*bid_pi01_sols))))
bidProd = functools.reduce(lambda ct1, ct2: ct1.mul(ct2), self.bids)
piM = CtMProof(bidProd.c, y, bidProd.r, 1).to_sol()
tx_hash = self.auction_contract.functions.phase2BidderSubmitBid(
bid, pi01, piM).transact({
'from': self.addr,
'gas': gas_limit
})
tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash)
self.gasUsed += tx_receipt['gasUsed']
tx_print(tx_receipt,
"B{} bid_price_j = {}".format(self.index, bid_price_j))
def to_sol(self):
return BigNumber.from_py(self.grr1).to_sol(), BigNumber.from_py(
self.grr2).to_sol(), BigNumber.from_py(self.rrr).to_sol()
def to_sol(self):
return BigNumber.from_py(self.ya).to_sol(), BigNumber.from_py(
self.ctCA).to_sol(), self.piA.to_sol(), self.piR.to_sol()
def __init__(self, v, a, b, r, y):
n = pow(2, 256)
if v == False:
# 1. Simulate the v = 1 proof.
c1 = random.randrange(0, n)
rrr1 = random.randrange(1, DLP.q)
bb = b * pow(DLP.z, -1, DLP.p)
aa1 = pow(DLP.g, rrr1, DLP.p) * pow(a, -c1, DLP.p) % DLP.p
bb1 = pow(y, rrr1, DLP.p) * pow(bb, -c1, DLP.p) % DLP.p
# 2. Setup the v = 0 proof.
rr0 = random.randrange(1, DLP.q)
aa0 = pow(DLP.g, rr0, DLP.p)
bb0 = pow(y, rr0, DLP.p)
# 3. Create the challenge for v = 0 proof.
c = Web3.solidityKeccak(['bytes'], [
BigNumber.from_py(y).val + BigNumber.from_py(a).val +
BigNumber.from_py(b).val + BigNumber.from_py(aa0).val +
BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val +
BigNumber.from_py(bb1).val
])
c = int.from_bytes(c, byteorder='big') % n
c0 = (c - c1) % n
# 4. Compute the v = 0 proof.
rrr0 = (rr0 + c0 * r % DLP.q) % DLP.q
else: # v == 1
# 1. Simulate the v = 0 proof.
c0 = random.randrange(0, n)
rrr0 = random.randrange(1, DLP.q)
aa0 = pow(DLP.g, rrr0, DLP.p) * pow(a, -c0, DLP.p) % DLP.p
bb0 = pow(y, rrr0, DLP.p) * pow(b, -c0, DLP.p) % DLP.p
# 2. Setup the v = 1 proof.
rr1 = random.randrange(1, DLP.q)
aa1 = pow(DLP.g, rr1, DLP.p)
bb1 = pow(y, rr1, DLP.p)
# 3. Create the challenge for v = 1 proof.
c = Web3.solidityKeccak(['bytes'], [
BigNumber.from_py(y).val + BigNumber.from_py(a).val +
BigNumber.from_py(b).val + BigNumber.from_py(aa0).val +
BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val +
BigNumber.from_py(bb1).val
])
c = int.from_bytes(c, byteorder='big') % n
c1 = (c - c0) % n
# 4. Compute the v = 0 proof.
rrr1 = (rr1 + c1 * r % DLP.q) % DLP.q
# 5. proof \pi
self.aa0, self.aa1 = aa0, aa1
self.bb0, self.bb1 = bb0, bb1
self.c0, self.c1 = c0, c1
self.rrr0, self.rrr1 = rrr0, rrr1
assert (pow(DLP.g, rrr0, DLP.p) == aa0 * pow(a, c0, DLP.p) % DLP.p)
assert (pow(DLP.g, rrr1, DLP.p) == aa1 * pow(a, c1, DLP.p) % DLP.p)
assert (pow(y, rrr0, DLP.p) == bb0 * pow(b, c0, DLP.p) % DLP.p)
assert (pow(y, rrr1, DLP.p) == bb1 *
pow(b * pow(DLP.z, -1, DLP.p) % DLP.p, c1, DLP.p) % DLP.p)
c = Web3.solidityKeccak(['bytes'], [
BigNumber.from_py(y).val + BigNumber.from_py(a).val +
BigNumber.from_py(b).val + BigNumber.from_py(aa0).val +
BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val +
BigNumber.from_py(bb1).val
])
c = int.from_bytes(c, byteorder='big') % n
assert ((c0 + c1) % n == c % n)
def to_sol(self):
return BigNumber.from_py(self.u).to_sol(), BigNumber.from_py(
self.c).to_sol()
def decrypt_to_sol(self, x):
ux, ux_inv, pi = self.decrypt(x)
return BigNumber.from_py(ux).to_sol(), BigNumber.from_py(
ux_inv).to_sol(), pi.to_sol()
def from_sol(cls, a):
u = BigNumber.from_sol(a[0]).to_py()
c = BigNumber.from_sol(a[1]).to_py()
return cls(u, c)