def test_djcp_proofs_simple(self): # doesn't get any simpler than this keypair = elgamal_keypair_from_secret(TWO_MOD_Q) nonce = ONE_MOD_Q seed = TWO_MOD_Q message0 = get_optional(elgamal_encrypt(0, nonce, keypair.public_key)) proof0 = make_disjunctive_chaum_pedersen_zero(message0, nonce, keypair.public_key, ONE_MOD_Q, seed) proof0bad = make_disjunctive_chaum_pedersen_one( message0, nonce, keypair.public_key, ONE_MOD_Q, seed) self.assertTrue( proof0.is_valid(message0, keypair.public_key, ONE_MOD_Q)) self.assertFalse( proof0bad.is_valid(message0, keypair.public_key, ONE_MOD_Q)) message1 = get_optional(elgamal_encrypt(1, nonce, keypair.public_key)) proof1 = make_disjunctive_chaum_pedersen_one(message1, nonce, keypair.public_key, ONE_MOD_Q, seed) proof1bad = make_disjunctive_chaum_pedersen_zero( message1, nonce, keypair.public_key, ONE_MOD_Q, seed) self.assertTrue( proof1.is_valid(message1, keypair.public_key, ONE_MOD_Q)) self.assertFalse( proof1bad.is_valid(message1, keypair.public_key, ONE_MOD_Q))
def test_djcp_proof_broken(self, keypair: ElGamalKeyPair, nonce: ElementModQ, seed: ElementModQ): # verify two different ways to generate an invalid C-P proof. message = get_optional(elgamal_encrypt(0, nonce, keypair.public_key)) message_bad = get_optional( elgamal_encrypt(2, nonce, keypair.public_key)) proof = make_disjunctive_chaum_pedersen_zero(message, nonce, keypair.public_key, seed) proof_bad = make_disjunctive_chaum_pedersen_zero( message_bad, nonce, keypair.public_key, seed) self.assertFalse(proof_bad.is_valid(message_bad, keypair.public_key)) self.assertFalse(proof.is_valid(message_bad, keypair.public_key))
def test_djcp_proof_one(self, keypair: ElGamalKeyPair, nonce: ElementModQ, seed: ElementModQ): message = get_optional(elgamal_encrypt(1, nonce, keypair.public_key)) proof = make_disjunctive_chaum_pedersen_one(message, nonce, keypair.public_key, seed) proof_bad = make_disjunctive_chaum_pedersen_zero( message, nonce, keypair.public_key, seed) self.assertTrue(proof.is_valid(message, keypair.public_key)) self.assertFalse(proof_bad.is_valid(message, keypair.public_key))
def chaum_pedersen_bench(bi: BenchInput) -> Tuple[float, float]: """ Given an input (instance of the BenchInput tuple), constructs and validates a disjunctive Chaum-Pedersen proof, returning the time (in seconds) to do each operation. """ (keypair, r, s) = bi ciphertext = get_optional(elgamal_encrypt(0, r, keypair.public_key)) start1 = timer() proof = make_disjunctive_chaum_pedersen_zero(ciphertext, r, keypair.public_key, s) end1 = timer() valid = proof.is_valid(ciphertext, keypair.public_key) end2 = timer() if not valid: raise Exception( "Wasn't expecting an invalid proof during a benchmark!") return end1 - start1, end2 - end1