def verify_checker(inputs, reference_inputs, parameters, outputs, returns,
dependencies):
try:
# retrieve data
instance = loads(reference_inputs[0])
# check format
if len(inputs) != 0 or len(reference_inputs) != 1 or len(
outputs) != 0 or len(returns) != 1:
return False
# verify signature
params = setup(instance['q'])
packed_sig = parameters[0]
sig = (unpackG1(params,
packed_sig[0]), unpackG1(params, packed_sig[1]))
clear_m = loads(parameters[1])
kappa = unpackG2(params, parameters[2])
proof_v = pet_unpack(parameters[3])
packed_vvk = instance['verifier']
vvk = (unpackG2(params,
packed_vvk[0]), unpackG2(params, packed_vvk[1]),
[unpackG2(params, y) for y in packed_vvk[2]])
if not mix_verify(params, vvk, kappa, sig, proof_v, clear_m):
return False
# otherwise
return True
except (KeyError, Exception):
return False
def issue(inputs, reference_inputs, parameters, sk, index):
# extract data
request = loads(inputs[0])
updated_request = loads(inputs[0])
instance = request['instance']
q = instance['q']
params = setup(q)
cm = unpackG1(params, request['cm'])
c = [(unpackG1(params, packed_ci[0]), unpackG1(params, packed_ci[1]))
for packed_ci in request['c']]
clear_m = pet_unpack(request['clear_m'])
# sign
(h, enc_epsilon) = mix_sign(params, sk, cm, c, clear_m)
packed_enc_sig = (pack(h), (pack(enc_epsilon[0]), pack(enc_epsilon[1])))
# update request
# NOTE: indexes are used to re-order the signature for threshold aggregation
updated_request['sigs'].append((index, packed_enc_sig))
# return
return {
'outputs': (dumps(updated_request), ),
'extra_parameters': ((index, packed_enc_sig), )
}
def request_checker(inputs, reference_inputs, parameters, outputs, returns,
dependencies):
try:
# retrieve instance
instance = loads(outputs[0])
request = loads(outputs[1])
# retrieve parameters
packed_proof = parameters[0]
packed_pub = parameters[1]
# check format
if len(inputs) != 1 or len(reference_inputs) != 0 or len(
outputs) != 2 or len(returns) != 0:
return False
# check types
if request['type'] != 'CoCoRequest': return False
# check fields
request['clear_m']
params = setup(instance['q'])
cm = unpackG1(params, request['cm'])
packed_c = request['c']
c = [(unpackG1(params, ci[0]), unpackG1(params, ci[1]))
for ci in packed_c]
if inputs[0] != outputs[0] or loads(inputs[0]) != request['instance']:
return False
if request['sigs']: return False
# verify proof
proof = pet_unpack(packed_proof)
pub = unpackG1(params, packed_pub)
if not verify_mix_sign(params, pub, c, cm, proof): return False
# verify depend transaction -- specified by 'callback'
# NOTE: the checker of the dependency is automatcally called
callback = dependencies[0]
if callback['contractID'] + '.' + callback['methodID'] != instance[
'callback']:
return False
# otherwise
return True
except (KeyError, Exception):
return False
def create_checker(inputs, reference_inputs, parameters, outputs, returns,
dependencies):
try:
# retrieve instance
instance = loads(outputs[1])
# retrieve parameters
packed_sig = parameters[0]
# check format
if len(inputs) != 1 or len(reference_inputs) != 0 or len(
outputs) != 2 or len(returns) != 0:
return False
# check types
if inputs[0] != outputs[0]: return False
if instance['type'] != 'CoCoInstance': return False
# check fields
q = instance['q']
t = instance['t']
n = instance['n']
instance['callback']
packed_vvk = instance['verifier']
if q < 1 or n < 1 or t > n: return False
# verify signature
params = setup(q)
sig = (unpackG1(params,
packed_sig[0]), unpackG1(params, packed_sig[1]))
vvk = (unpackG2(params,
packed_vvk[0]), unpackG2(params, packed_vvk[1]),
[unpackG2(params, y) for y in packed_vvk[2]])
hasher = sha256()
hasher.update(outputs[1].encode('utf8'))
m = Bn.from_binary(hasher.digest())
if not mix_verify(params, vvk, None, sig, None, [m]): return False
# otherwise
return True
except (KeyError, Exception):
return False
def redeem_checker(inputs, reference_inputs, parameters, outputs, returns, dependencies):
try:
# retrieve ID list
old_list = loads(inputs[0])
new_list = loads(outputs[0])
# retrieve parameters
bp_params = bp_setup()
ID = loads(parameters[0])
merchant_addr = loads(parameters[1])
packed_sig = parameters[2]
sig = (unpackG1(bp_params, packed_sig[0]), unpackG1(bp_params, packed_sig[1]))
# check format
if len(inputs) != 1 or len(reference_inputs) != 0 or len(outputs) != 1 or len(returns) != 0:
return False
# check types
if new_list['type'] != 'TList': return False
# check format & consistency with old object
packed_vvk = new_list['vvk']
if new_list['vvk'] != new_list['vvk']: return False
# check spent list
if (ID in old_list['list']) or (new_list['list'] != old_list['list'] + [ID]):
return False
# verify signature and nu's correctness
vvk = (unpackG2(bp_params,packed_vvk[0]), unpackG2(bp_params,packed_vvk[1]), unpackG2(bp_params,packed_vvk[2]))
hasher = sha256()
hasher.update(parameters[0].encode('utf8'))
hasher.update(parameters[1].encode('utf8'))
m = Bn.from_binary(hasher.digest())
if not verify(bp_params, vvk, m, sig): return False
# otherwise
return True
except (KeyError, Exception):
return False
def main():
coconut.contract._populate_empty_checkers()
print "operation\t\tmean (ms)\t\tsd (ms)\t\truns"
# == init ===============
init_tx = coconut.init()
# == create ===============
# gen
times = []
for i in range(RUNS):
start_time = time.time()
coconut.create((init_tx['transaction']['outputs'][0], ), None, None, q,
t, n, callback, vvk, auth_sig)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[g] create tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# check
create_tx = coconut.create((init_tx['transaction']['outputs'][0], ), None,
None, q, t, n, callback, vvk, auth_sig)
solution = transaction_to_solution(create_tx)
times = []
for i in range(RUNS):
start_time = time.time()
coconut.contract.checkers['create'](
solution['inputs'],
solution['referenceInputs'],
solution['parameters'],
solution['outputs'],
solution['returns'],
solution['dependencies'],
)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[c] create tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# == request ===============
# gen
times = []
for i in range(RUNS):
start_time = time.time()
coconut.request((create_tx['transaction']['outputs'][1], ), None, None,
clear_m, hidden_m, pub)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[g] request tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# check
request_tx = coconut.request((create_tx['transaction']['outputs'][1], ),
None, None, clear_m, hidden_m, pub)
solution = transaction_to_solution(request_tx)
times = []
for i in range(RUNS):
start_time = time.time()
coconut.contract.checkers['request'](
solution['inputs'],
solution['referenceInputs'],
solution['parameters'],
solution['outputs'],
solution['returns'],
solution['dependencies'],
)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[c] request tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# == issue ===============
# gen
times = []
for i in range(RUNS):
start_time = time.time()
coconut.issue((request_tx['transaction']['outputs'][1], ), None, None,
sk[0], 0)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[g] issue tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# check
issue_tx = coconut.issue((request_tx['transaction']['outputs'][1], ), None,
None, sk[0], 0)
solution = transaction_to_solution(issue_tx)
times = []
for i in range(RUNS):
start_time = time.time()
coconut.contract.checkers['issue'](
solution['inputs'],
solution['referenceInputs'],
solution['parameters'],
solution['outputs'],
solution['returns'],
solution['dependencies'],
)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[c] issue tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# == verify ===============
# gen
# issue t signatures
old_request = request_tx['transaction']['outputs'][1]
for i in range(t):
transaction = coconut.issue((old_request, ), None, None, sk[i], i)
old_request = transaction['transaction']['outputs'][0]
# some crypto
# ------------------------------------
packet = loads(old_request)['sigs']
(indexes, packed_enc_sigs) = zip(*packet)
(h, packed_enc_epsilon) = zip(*packed_enc_sigs)
enc_epsilon = [(unpackG1(params, x[0]), unpackG1(params, x[1]))
for x in packed_enc_epsilon]
dec_sigs = [(unpackG1(params, h[0]), elgamal_dec(params, priv, enc))
for enc in enc_epsilon]
aggr = aggregate_th_sign(params, dec_sigs)
aggr = randomize(params, aggr)
packed_sig = (pack(aggr[0]), pack(aggr[1]))
# ------------------------------------
times = []
for i in range(RUNS):
start_time = time.time()
coconut.verify(None, (create_tx['transaction']['outputs'][1], ),
(packed_sig, ), clear_m, hidden_m)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[g] verify tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
# check
verify_tx = coconut.verify(None,
(create_tx['transaction']['outputs'][1], ),
(packed_sig, ), clear_m, hidden_m)
solution = transaction_to_solution(verify_tx)
times = []
for i in range(RUNS):
start_time = time.time()
coconut.contract.checkers['verify'](
solution['inputs'],
solution['referenceInputs'],
solution['parameters'],
solution['outputs'],
solution['returns'],
solution['dependencies'],
)
end_time = time.time()
times.append((end_time - start_time) * 1000)
mean = numpy.mean(times)
sd = numpy.std(times)
print "[c] verify tx\t{:.10f}\t\t{:.10f}\t{}".format(mean, sd, RUNS)
'''
def test_verify(self):
with coconut_contract.test_service():
## create transactions
# init
init_transaction = coconut.init()
token = init_transaction['transaction']['outputs'][0]
# create instance
create_transaction = coconut.create(
(token,),
None,
None,
q,
t,
n,
callback,
vvk,
sig
)
instance = create_transaction['transaction']['outputs'][1]
# request
request_transaction = coconut.request(
(instance,),
None,
None,
clear_m,
hidden_m,
pub
)
old_request = request_transaction['transaction']['outputs'][1]
# issue t signatures
for i in range(t):
transaction = coconut.issue(
(old_request,),
None,
None,
sk[i],
i
)
old_request = transaction['transaction']['outputs'][0]
# some crypto
# ------------------------------------
packet = loads(old_request)['sigs']
(indexes, packed_enc_sigs) = zip(*packet)
(h, packed_enc_epsilon) = zip(*packed_enc_sigs)
enc_epsilon = [(unpackG1(params,x[0]), unpackG1(params,x[1])) for x in packed_enc_epsilon]
dec_sigs = [(unpackG1(params,h[0]), elgamal_dec(params, priv, enc)) for enc in enc_epsilon]
aggr = aggregate_th_sign(params, dec_sigs)
aggr = randomize(params, aggr)
packed_sig = (pack(aggr[0]),pack(aggr[1]))
# ------------------------------------
# verify signature
start_time = time.time()
transaction = coconut.verify(
None,
(instance,),
(packed_sig,),
clear_m,
hidden_m
)
end_time = time.time(); print((end_time-start_time)*1000)
## submit t ransaction
response = requests.post(
'http://127.0.0.1:5000/' + coconut_contract.contract_name
+ '/verify', json=transaction_to_solution(transaction)
)
self.assertTrue(response.json()['success'])
print("\n\n=================== VERIFICATION ===================\n")
print(transaction['transaction']['returns'][0])
print("\n====================================================\n\n")
def test_issue(self):
with coconut_contract.test_service():
## create transactions
# init
init_transaction = coconut.init()
token = init_transaction['transaction']['outputs'][0]
# create instance
create_transaction = coconut.create(
(token,),
None,
None,
q,
t,
n,
callback,
vvk,
sig
)
instance = create_transaction['transaction']['outputs'][1]
# request
request_transaction = coconut.request(
(instance,),
None,
None,
clear_m,
hidden_m,
pub
)
old_request = request_transaction['transaction']['outputs'][1]
# issue a signatures
transaction = coconut.issue(
(old_request,),
None,
None,
sk[0],
0
)
old_request = transaction['transaction']['outputs'][0]
## submit transaction
response = requests.post(
'http://127.0.0.1:5000/' + coconut_contract.contract_name
+ '/issue', json=transaction_to_solution(transaction)
)
self.assertTrue(response.json()['success'])
# issue the other t-1 signatures
for i in range(1,t):
transaction = coconut.issue(
(old_request,),
None,
None,
sk[i],
i
)
old_request = transaction['transaction']['outputs'][0]
# some crypto - to show that this actually works
# ------------------------------------
packet = loads(old_request)['sigs']
(indexes, packed_enc_sigs) = zip(*packet)
(h, packed_enc_epsilon) = zip(*packed_enc_sigs)
enc_epsilon = [(unpackG1(params,x[0]), unpackG1(params,x[1])) for x in packed_enc_epsilon]
dec_sigs = [(unpackG1(params,h[0]), elgamal_dec(params, priv, enc)) for enc in enc_epsilon]
aggr = aggregate_th_sign(params, dec_sigs)
aggr = randomize(params, aggr)
(kappa, proof_v) = show_mix_sign(params, vvk, hidden_m)
print("\n\n=================== VERIFICATION ===================\n")
print(mix_verify(params, vvk, kappa, aggr, proof_v, clear_m))
print("\n====================================================\n\n")
def sign_checker(inputs, reference_inputs, parameters, outputs, returns,
dependencies):
try:
# retrieve petition
old_petition = loads(inputs[0])
new_petition = loads(outputs[0])
# retrieve ID list
old_list = loads(inputs[1])
new_list = loads(outputs[1])
# retrieve parameters
bp_params = bp_setup()
new_values = loads(parameters[0])
packed_sig = parameters[1]
sig = (unpackG1(bp_params,
packed_sig[0]), unpackG1(bp_params, packed_sig[1]))
kappa = unpackG2(bp_params, parameters[2])
nu = unpackG1(bp_params, parameters[3])
proof_v = pet_unpack(parameters[4])
# check format
if len(inputs) != 2 or len(reference_inputs) != 0 or len(
outputs) != 2 or len(returns) != 0:
return False
# check types
if new_petition['type'] != 'PObject' or new_list['type'] != 'PList':
return False
# check format & consistency with old object
UUID = pet_unpack(new_petition['UUID'])
options = new_petition['options']
packed_vvk = new_petition['verifier']
scores = new_petition['scores']
if old_petition['UUID'] != new_petition['UUID']: return False
if len(old_petition['owner']) != len(new_petition['owner']):
return False
if len(old_petition['options']) != len(new_petition['options']):
return False
if old_petition['verifier'] != new_petition['verifier']: return False
# check new values
if sum(new_values) != 1: return False
for i in range(len(scores)):
if scores[i] != old_petition['scores'][i] + new_values[i]:
return False
if new_values[i] != 0 and new_values[i] != 1: return False
# check spent list
packed_nu = parameters[3]
if (packed_nu in old_list['list']) or (new_list['list'] !=
old_list['list'] + [packed_nu]):
return False
# verify signature and nu's correctness
vvk = (unpackG2(bp_params,
packed_vvk[0]), unpackG2(bp_params, packed_vvk[1]),
unpackG2(bp_params, packed_vvk[2]))
if not coconut_petition_verify(bp_params, vvk, kappa, sig, proof_v,
UUID, nu):
return False
# otherwise
return True
except (KeyError, Exception):
return False