def test_or_non_interactive_fails_on_wrong_secrets(group, params):
    p1, p2, secrets = params
    p = OrProofStmt(p1, p2)
    bad_secrets = secrets.copy()
    u = list(bad_secrets.keys())
    bad_secrets[u[0]] = group.order().random()
    bad_secrets[u[1]] = group.order().random()
    bad_secrets[u[2]] = group.order().random()
    bad_secrets[u[3]] = group.order().random()

    message = "whatever"
    tr = p.prove(bad_secrets, message=message)
    assert not p.verify(tr, message=message)
def test_or_non_interactive_serialization(params):
    p1, p2, secrets = params
    p = OrProofStmt(p1, p2)
    message = "whatever"
    tr = p.prove(secrets, message=message)
    tr_enc = tr.serialize()
    tr_dec = NIZK.deserialize(tr_enc)
    assert tr_dec.challenge == tr.challenge
    assert len(tr_dec.responses) == len(tr.responses)
    for resp1, resp2 in zip(tr_dec.responses, tr.responses):
        assert resp1 == resp2
    assert tr_dec.precommitment == tr.precommitment
    assert tr_dec.stmt_hash == tr.stmt_hash
    assert p.verify(tr_dec, message=message)
Exemple #3
0
def test_dlrep_or_rangeproof(group):
    g, h = make_generators(2)

    x = Secret(9)
    y = Secret(42)
    z = Secret(40)

    c = x.value * g + y.value * h
    c2 = z.value * g + y.value * h

    stmt1 = DLRep(c, x * g + y * h) & RangeStmt(c, g, h, 0, 50, x, y)
    stmt2 = DLRep(c2, z * g + y * h) & RangeStmt(c2, g, h, 0, 50, z, y)
    stmt1.set_simulated()
    or_stmt = OrProofStmt(stmt1, stmt2)
    nizk = or_stmt.prove()
    assert or_stmt.verify(nizk)
Exemple #4
0
def test_or_signature_non_interactive():
    mG = BilinearGroupPair()
    keypair = BBSPlusKeypair.generate(mG, 9)
    messages = [Bn(30), Bn(31), Bn(32)]

    pk, sk = keypair.pk, keypair.sk
    generators, h0 = keypair.generators, keypair.h0

    creator = BBSPlusSignatureCreator(pk)
    lhs = creator.commit(messages)
    presignature = sk.sign(lhs.com_message)
    signature = creator.obtain_signature(presignature)
    e, s, m1, m2, m3 = (Secret() for _ in range(5))
    secret_dict = {
        e: signature.e,
        s: signature.s,
        m1: messages[0],
        m2: messages[1],
        m3: messages[2],
    }
    sigproof = BBSPlusSignatureStmt([e, s, m1, m2, m3], pk, signature)
    creator = BBSPlusSignatureCreator(pk)
    lhs = creator.commit(messages)
    presignature2 = sk.sign(lhs.com_message)
    signature2 = creator.obtain_signature(presignature2)

    e1, s1 = (Secret() for _ in range(2))
    secret_dict2 = {
        e1: signature2.e,
        s1: signature2.s,
        m1: messages[0],
        m2: messages[1],
    }
    sigproof1 = BBSPlusSignatureStmt([e1, s1, m1, m2, m3], pk, signature2)

    secret_dict.update(secret_dict2)
    andp = sigproof | sigproof1
    orp = OrProofStmt(andp, sigproof)
    tr = orp.prove(secret_dict)
    assert orp.verify(tr)
def test_or_non_interactive(params):
    p1, p2, secrets = params
    p = OrProofStmt(p1, p2)
    message = "whatever"
    tr = p.prove(secrets, message=message)
    assert p.verify(tr, message=message)