def __init__(self, g, x): y = pow(g, x, DLP.p) rr = randrange(1, DLP.q) grr = pow(g, rr, DLP.p) c = Web3.solidityKeccak(['bytes'], [ BigNumber.from_py(g).val + BigNumber.from_py(y).val + BigNumber.from_py(grr).val ]) c = int.from_bytes(c, byteorder='big') % DLP.q rrr = (rr + (c * x) % DLP.q) % DLP.q assert (pow(g, rrr, DLP.p) == grr * pow(y, c, DLP.p) % DLP.p) self.grr, self.rrr = grr, rrr
def to_sol(self): return BigNumber.from_py(self.aa0).to_sol(), BigNumber.from_py( self.aa1).to_sol(), BigNumber.from_py( self.bb0).to_sol(), BigNumber.from_py( self.bb1).to_sol(), BigNumber.from_py( self.c0).to_sol(), BigNumber.from_py( self.c1).to_sol(), BigNumber.from_py( self.rrr0).to_sol(), BigNumber.from_py( self.rrr1).to_sol()
def phase_1_bidder_init(self, value=10): pi = DLProof(DLP.g, self.x).to_sol() tx_hash = self.auction_contract.functions.phase1BidderInit( BigNumber.from_py(self.y).to_sol(), pi).transact({ 'from': self.addr, 'value': value, 'gas': gas_limit }) tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash) self.gasUsed += tx_receipt['gasUsed'] tx_print(tx_receipt, "B{}".format(self.index))
def phase_5_winner_decision(self): y = self.auction_contract.functions.elgamalY().call() y = BigNumber.from_sol(y).to_py() jM = self.auction_contract.functions.jM().call() bidA = [self.bids[-1]] for i in reversed(range(len(self.bids) - 1)): bidA = [self.bids[i].mul(bidA[0])] + bidA piM_sols = CtMProof(bidA[jM].c, y, bidA[jM].r, 1).to_sol() tx_hash = self.auction_contract.functions.phase5WinnerDecision( piM_sols).transact({ 'from': self.addr, 'gas': gas_limit }) tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash) self.gasUsed += tx_receipt['gasUsed'] tx_print(tx_receipt, "B{}".format(self.index))
def __init__(self, g1, g2, x): y1, y2 = pow(g1, x, DLP.p), pow(g2, x, DLP.p) rr = randrange(1, DLP.q) grr1, grr2 = pow(g1, rr, DLP.p), pow(g2, rr, DLP.p) c = Web3.solidityKeccak(['bytes'], [ BigNumber.from_py(g1).val + BigNumber.from_py(g2).val + BigNumber.from_py(y1).val + BigNumber.from_py(y2).val + BigNumber.from_py(grr1).val + BigNumber.from_py(grr2).val ]) c = int.from_bytes(c, byteorder='big') % DLP.q rrr = (rr + c * x % DLP.q) % DLP.q assert (pow(g1, rrr, DLP.p) == grr1 * pow(y1, c, DLP.p) % DLP.p) assert (pow(g2, rrr, DLP.p) == grr2 * pow(y2, c, DLP.p) % DLP.p) self.grr1, self.grr2, self.rrr = grr1, grr2, rrr
def phase_2_bidder_submit_bid(self, bid_price_j, value=10): self.bid_price_j = bid_price_j y = self.auction_contract.functions.elgamalY().call() y = BigNumber.from_sol(y).to_py() price_length = self.auction_contract.functions.priceLength().call() self.bids = [] for j in range(price_length): self.bids.append(Ct.from_vote(j == bid_price_j, y)) bid_pi01_sols = [bid.to_sol_with_01_proof() for bid in self.bids] bid, pi01 = list(map(list, list(zip(*bid_pi01_sols)))) bidProd = functools.reduce(lambda ct1, ct2: ct1.mul(ct2), self.bids) piM = CtMProof(bidProd.c, y, bidProd.r, 1).to_sol() tx_hash = self.auction_contract.functions.phase2BidderSubmitBid( bid, pi01, piM).transact({ 'from': self.addr, 'gas': gas_limit }) tx_receipt = self.web3.eth.waitForTransactionReceipt(tx_hash) self.gasUsed += tx_receipt['gasUsed'] tx_print(tx_receipt, "B{} bid_price_j = {}".format(self.index, bid_price_j))
def to_sol(self): return BigNumber.from_py(self.grr1).to_sol(), BigNumber.from_py( self.grr2).to_sol(), BigNumber.from_py(self.rrr).to_sol()
def to_sol(self): return BigNumber.from_py(self.ya).to_sol(), BigNumber.from_py( self.ctCA).to_sol(), self.piA.to_sol(), self.piR.to_sol()
def __init__(self, v, a, b, r, y): n = pow(2, 256) if v == False: # 1. Simulate the v = 1 proof. c1 = random.randrange(0, n) rrr1 = random.randrange(1, DLP.q) bb = b * pow(DLP.z, -1, DLP.p) aa1 = pow(DLP.g, rrr1, DLP.p) * pow(a, -c1, DLP.p) % DLP.p bb1 = pow(y, rrr1, DLP.p) * pow(bb, -c1, DLP.p) % DLP.p # 2. Setup the v = 0 proof. rr0 = random.randrange(1, DLP.q) aa0 = pow(DLP.g, rr0, DLP.p) bb0 = pow(y, rr0, DLP.p) # 3. Create the challenge for v = 0 proof. c = Web3.solidityKeccak(['bytes'], [ BigNumber.from_py(y).val + BigNumber.from_py(a).val + BigNumber.from_py(b).val + BigNumber.from_py(aa0).val + BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val + BigNumber.from_py(bb1).val ]) c = int.from_bytes(c, byteorder='big') % n c0 = (c - c1) % n # 4. Compute the v = 0 proof. rrr0 = (rr0 + c0 * r % DLP.q) % DLP.q else: # v == 1 # 1. Simulate the v = 0 proof. c0 = random.randrange(0, n) rrr0 = random.randrange(1, DLP.q) aa0 = pow(DLP.g, rrr0, DLP.p) * pow(a, -c0, DLP.p) % DLP.p bb0 = pow(y, rrr0, DLP.p) * pow(b, -c0, DLP.p) % DLP.p # 2. Setup the v = 1 proof. rr1 = random.randrange(1, DLP.q) aa1 = pow(DLP.g, rr1, DLP.p) bb1 = pow(y, rr1, DLP.p) # 3. Create the challenge for v = 1 proof. c = Web3.solidityKeccak(['bytes'], [ BigNumber.from_py(y).val + BigNumber.from_py(a).val + BigNumber.from_py(b).val + BigNumber.from_py(aa0).val + BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val + BigNumber.from_py(bb1).val ]) c = int.from_bytes(c, byteorder='big') % n c1 = (c - c0) % n # 4. Compute the v = 0 proof. rrr1 = (rr1 + c1 * r % DLP.q) % DLP.q # 5. proof \pi self.aa0, self.aa1 = aa0, aa1 self.bb0, self.bb1 = bb0, bb1 self.c0, self.c1 = c0, c1 self.rrr0, self.rrr1 = rrr0, rrr1 assert (pow(DLP.g, rrr0, DLP.p) == aa0 * pow(a, c0, DLP.p) % DLP.p) assert (pow(DLP.g, rrr1, DLP.p) == aa1 * pow(a, c1, DLP.p) % DLP.p) assert (pow(y, rrr0, DLP.p) == bb0 * pow(b, c0, DLP.p) % DLP.p) assert (pow(y, rrr1, DLP.p) == bb1 * pow(b * pow(DLP.z, -1, DLP.p) % DLP.p, c1, DLP.p) % DLP.p) c = Web3.solidityKeccak(['bytes'], [ BigNumber.from_py(y).val + BigNumber.from_py(a).val + BigNumber.from_py(b).val + BigNumber.from_py(aa0).val + BigNumber.from_py(bb0).val + BigNumber.from_py(aa1).val + BigNumber.from_py(bb1).val ]) c = int.from_bytes(c, byteorder='big') % n assert ((c0 + c1) % n == c % n)
def to_sol(self): return BigNumber.from_py(self.u).to_sol(), BigNumber.from_py( self.c).to_sol()
def decrypt_to_sol(self, x): ux, ux_inv, pi = self.decrypt(x) return BigNumber.from_py(ux).to_sol(), BigNumber.from_py( ux_inv).to_sol(), pi.to_sol()
def from_sol(cls, a): u = BigNumber.from_sol(a[0]).to_py() c = BigNumber.from_sol(a[1]).to_py() return cls(u, c)