def test_hex_basic(self): """ This method tests put_hex's and get_hex's basic functionality. """ bitstream = BitStream() # Generate a random string of hex digits, ie: ('0'-'9'|'a'-'f'|'A'-'F')* valid_hex_digits = "0123456789abcdefABCDEF" num_digits = 50 digits = "" for i in range(0, num_digits): digits += random.choice(valid_hex_digits) # Put those digits in the BitStream... bitstream.put_hex(digits) # ...and get them back bitstream.seek(0) read_digits = bitstream.get_hex(len(digits) * 4) # 1 hex digit == 4 bits # Check that the hexadecimal digits were recovered correctly # Note that case information may be lost. Comparison must be case # insensitive (ie. 'a9Bc' and 'A9bC' are equal) self.assertEqual(read_digits.lower(), digits.lower())
def test_get_hex_invalid_length(self): """ Test that trying to read a number of bits that is not a multiple of 4 as hex data raises an exception. """ bitstream = BitStream() bitstream.put_hex("DfF7CE69fF5478A") # 15 digits, 60 bits bitstream.seek(0) self.assertRaises(ValueError, bitstream.get_hex, 47) # read 11.75 hex digits?
def test_get_hex_zero_bits(self): """ Test that reading zero bits from the stream as hex data results in getting the empty string: \"\". """ bitstream = BitStream() self.assertEquals(bitstream.get_hex(0), "") # Store some hex data in the stream. bitstream.put_hex("DfF7CE69fF5478A") # 15 digits, 60 bits bitstream.seek(0) self.assertEquals(bitstream.get_hex(0), "")
def test_get_hex_beyond_eos(self): """ Test that trying to read beyond the end of the stream raises an exception when calling get_hex(...). """ bitstream = BitStream() self.assertRaises(NotEnoughBitsInStreamError, bitstream.get_hex, 1) # Current position should not have been changed self.assertEquals(bitstream.get_current_pos(), 0) bitstream.put_hex("DfF7CE69fF5478A") # 15 digits, 60 bits bitstream.seek(0) # Read beyond EOS self.assertRaises(NotEnoughBitsInStreamError, bitstream.get_hex, 61) # Current position should not have been changed self.assertEquals(bitstream.get_current_pos(), 0)
def test_get_hex_beyond_eos(self): """ Test that trying to read beyond the end of the stream raises an exception when calling get_hex(...). """ bitstream = BitStream() self.assertRaises(NotEnoughBitsInStreamError, bitstream.get_hex, 1) # Current position should not have been changed self.assertEquals(bitstream.get_current_pos(),0) bitstream.put_hex("DfF7CE69fF5478A") # 15 digits, 60 bits bitstream.seek(0) # Read beyond EOS self.assertRaises(NotEnoughBitsInStreamError, bitstream.get_hex, 61) # Current position should not have been changed self.assertEquals(bitstream.get_current_pos(),0)
def test_hex_basic(self): """ This method tests put_hex's and get_hex's basic functionality. """ bitstream = BitStream() # Generate a random string of hex digits, ie: ('0'-'9'|'a'-'f'|'A'-'F')* valid_hex_digits = "0123456789abcdefABCDEF" num_digits = 50 digits = "" for i in range(0,num_digits): digits += random.choice(valid_hex_digits) # Put those digits in the BitStream... bitstream.put_hex(digits) # ...and get them back bitstream.seek(0) read_digits = bitstream.get_hex(len(digits)*4) # 1 hex digit == 4 bits # Check that the hexadecimal digits were recovered correctly # Note that case information may be lost. Comparison must be case # insensitive (ie. 'a9Bc' and 'A9bC' are equal) self.assertEqual(read_digits.lower(), digits.lower())
def verify(self, original_collection, shuffled_collection): """ Verifies that original_collection and shuffled_collection are equivalent as proven by this ShufflingProof object. If this method returns true, then we have proof that both collections contain encryptions of the same collection of plaintexts, save for the negligible probability (for a correct security parameter configured in params.py) that the zero-knowledge proof has been faked. Otherwise we gain no information about the two collections, other than they are not shown to be equivalent by this particular proof. ShufflingProof is a zero-knowledge proof: the result of this verification or the information within the ShufflingProof object for which two collections pass this verification, provide no information as to the association of particular ciphertexts in original_collection with particular ciphertexts of shuffled_collection. Arguments: original_collection::CiphertextCollection -- The original collection of ciphertexts. shuffled_collection::CiphertextCollection -- Another collection for which we wish to know if the current ShufflingProof object demonstrates equivalence with original_collection. Returns: result::bool -- True if this proof shows both collections to be equivalent. False otherwise. """ # Get the security parameter P with which the proof was originally # created. This is reflect in the length of self._collections and # self._mappings. assert len(self._collections) == len(self._mappings), \ "The length of the private properties self._collections and " \ "self._mappings of ShufflingProof must always be the same." security_parameter = len(self._collections) # Get the security parameter specified in params minimum_allowed_security_parameter = params.SHUFFLING_PROOF_SECURITY_PARAMETER # Check that the security parameter is <= 256, since that is the most # bits of challenge we can currently have. Also check that P is at least 1 if(minimum_allowed_security_parameter < 1 or minimum_allowed_security_parameter > 256): raise ValueError("Security parameter for shuffling proof " \ "(params.SHUFFLING_PROOF_SECURITY_PARAMETER) is out of " \ "range. The security parameter must be between 1 and 256, "\ "its current value is %d. If you have set " \ "CUSTOM_SHUFFLING_PROOF_SECURITY_PARAMETER in the file " \ "params.py, please correct this value or set it to None, " \ "in order for the security parameter to be decided based " \ "on the global SECURITY_LEVEL of plonevotecryptolib. It " \ "is recommended that " \ "CUSTOM_SHUFFLING_PROOF_SECURITY_PARAMETER be always set " \ "to None for deployment operation of plonevotecryptolib." \ % security_parameter) # Check that the security parameter for which the proof was generated # is correct and meets the security standards declared in params.py if(security_parameter < minimum_allowed_security_parameter or security_parameter < 1 or security_parameter > 256): raise InvalidShuffilingProofError("The security parameter for " \ "(which the current proof was created is %d. This is " \ "(either an incorrect value (outside of the [1,256] " \ "(range) or not secure enough to meet the standards set " \ "(in the configuration of params.py (< %d). The proof " \ "(is thus invalid." \ % (security_parameter, minimum_allowed_security_parameter)) # Generate the challenge challenge = \ self._generate_challenge(original_collection, shuffled_collection) # Verify that the challenge corresponds to the stored one if(challenge != self._challenge): return False # Get the challenge as a BitStream for easier manipulation challenge_bits = BitStream() challenge_bits.put_hex(challenge) challenge_bits.seek(0) # back to the beginning of the stream # For each of the first P bits in the stream for i in range(0, security_parameter): bit = challenge_bits.get_num(1) if(bit == 0): # verify that self._mapping[i] maps original_collection into # self._collections[i] if(not self._mappings[i].verify(original_collection, self._collections[i])): return False elif(bit == 1): # verify that self._mapping[i] self._collections[i] into # self._collections[i] if(not self._mappings[i].verify(self._collections[i], shuffled_collection)): return False else: assert False, "We took a single bit, its value must be either "\ "0 or 1." # If we made it so far, the proof is correct # (each mapping is in accordance to the challenge and valid) return True
def new(cls, original_collection, shuffled_collection, mapping): """ Constructs a new proof of equivalence between original_collection and shuffled_collection. This method should not be used outside of plonevotecryptolib.Mixnet. Consider using CiphertextCollection.shuffle_with_proof() instead. The given CiphertextCollectionMapping must be a valid mapping between original_collection and shuffled_collection. Arguments: original_collection::CiphertextCollection -- The original collection to be shuffled. shuffled_collection::CiphertextCollection -- The shuffled collection resulting from applying mapping to original_collection. mapping::CiphertextCollectionMapping -- The mapping between original_collection and shuffled_collection. Returns: proof::ShufflingProof -- The zero-knowledge proof of equivalence between original_collection and shuffled_collection. Throws: InvalidCiphertextCollectionMappingError -- If mapping is not a valid mapping between original_collection and shuffled_collection. ValueError -- If params.SHUFFLING_PROOF_SECURITY_PARAMETER is within an invalid range. """ # Check that we have a valid mapping between the two collections: if(not mapping.verify(original_collection, shuffled_collection)): raise InvalidCiphertextCollectionMappingError( \ "mapping was expected to be a CiphertextCollectionMapping "\ "object representing a valid mapping between "\ "original_collection and shuffled_collection. However, "\ "mapping.verify(original_collection, shuffled_collection) "\ "returns False. A zero-knowledge proof of equivalence "\ "between two shuffled collections cannot be constructed "\ "without first having a valid mapping between them.") # Get the security parameter P security_parameter = params.SHUFFLING_PROOF_SECURITY_PARAMETER # Check that the security parameter is <= 256, since that is the most # bits of challenge we can currently have. Also check that P is at least 1 if(security_parameter < 1 or security_parameter > 256): raise ValueError("Security parameter for shuffling proof " \ "(params.SHUFFLING_PROOF_SECURITY_PARAMETER) is out of " \ "range. The security parameter must be between 1 and 256, "\ "its current value is %d. If you have set " \ "CUSTOM_SHUFFLING_PROOF_SECURITY_PARAMETER in the file " \ "params.py, please correct this value or set it to None, " \ "in order for the security parameter to be decided based " \ "on the global SECURITY_LEVEL of plonevotecryptolib. It " \ "is recommended that " \ "CUSTOM_SHUFFLING_PROOF_SECURITY_PARAMETER be always set " \ "to None for deployment operation of plonevotecryptolib." \ % security_parameter) # Construct a new empty proof proof = ShufflingProof() # Populate proof._collections with P random shuffles of # original_collection. We save each mapping for now in proof._mappings. # (ie. every mapping in proof._mappings[i] will initially be from the # original collection into proof._collections[i]) for i in range(0, security_parameter): ## print "Generating collection #%d" % i # replace with TaskMonitor API calls new_mapping = CiphertextCollectionMapping.new(original_collection) proof._mappings.append(new_mapping) proof._collections.append(new_mapping.apply(original_collection)) # Generate the challenge proof._challenge = \ proof._generate_challenge(original_collection, shuffled_collection) # Get the challenge as a BitStream for easier manipulation challenge_bits = BitStream() challenge_bits.put_hex(proof._challenge) challenge_bits.seek(0) # back to the beginning of the stream # For each of the first P bits in the stream for i in range(0, security_parameter): ## print "Processing challenge bit %d" % i # replace with TaskMonitor API calls bit = challenge_bits.get_num(1) if(bit == 0): # Do nothing. # proof._mappings[i] is already a mapping from # original_collection unto proof._collections[i] pass elif(bit == 1): # Change proof._mappings[i] to be a mapping from # proof._collections[i] unto shuffled_collection, using # CiphertextCollectionMapping.rebase(...) # rebase(O->D, O->C_{i}) => C_{i}->D rebased_mapping = mapping.rebase(proof._mappings[i]) # Replace O->C_{i} with C_{i}->D proof._mappings[i] = rebased_mapping else: assert False, "We took a single bit, its value must be either "\ "0 or 1." # return the proof object return proof