def test_dlrep_bad_hash(group):
g, h = make_generators(2, group=group)
x, y = Secret(), Secret()
secret_dict = {x: 2, y: 3}
p1 = DLRep(2 * g + 3 * h, x * g + y * h)
p2 = DLRep(2 * g + 3 * h, y * h + x * g)
tr = p1.prove(secret_dict)
assert p1.verify(tr)
with pytest.raises(StatementMismatch):
p2.verify(tr)
def test_dlrep_non_interactive_1(group):
g, h = make_generators(2, group)
expr = Secret(value=3) * g + Secret(value=4) * h
p = DLRep(expr.eval(), expr)
tr = p.prove()
prover = p.get_prover()
assert p.verify(tr)
def test_dlrep_simulation(group):
g, h = make_generators(2, group=group)
x, y = Secret(value=3), Secret(value=4)
expr = x * g + y * h
p = DLRep(expr.eval(), expr)
tr = p.simulate()
assert (not p.verify(tr)) and p.verify_simulation_consistency(tr)
def test_dlrep_wrong_response_non_interactive(group):
g, h = make_generators(2, group=group)
x, y = Secret(value=3), Secret(value=4)
expr = x * g + y * h
p = DLRep(expr.eval(), expr)
tr = p.prove(message="mymessage")
# Turn one of the responses random
tr.responses[1] = group.order().random()
assert not p.verify(tr, message="mymessage")
def verify_blinding(self, pk):
"""
Verify the NIZK proof for Pedersen commitment.
"""
if self.com_nizk_proof is None:
raise ValueError("No proof to verify")
# TODO: Extract into a separate ExtendedProofStmt.
lhs = self.com_message
generators = pk.generators[1 : len(self.com_nizk_proof.responses) + 1]
secret_vars = [Secret() for _ in self.com_nizk_proof.responses]
proof = DLRep(lhs, wsum_secrets(secret_vars, generators))
return proof.verify(self.com_nizk_proof)
def test_dlrep_non_interactive_2(group):
(g, ) = make_generators(1, group)
x = Secret()
p = DLRep(4 * g, x * g)
tr = p.prove({x: 4})
assert p.verify(tr)