def test_and_proof_with_complex_expression(group): g = group.generator() g1 = 2 * g g2 = 5 * g g3 = 10 * g x1 = Secret() x2 = Secret() x3 = Secret() proof = DLRep(10 * g1 + 15 * g2, x1 * g1 + x2 * g2) & DLRep( 15 * g1 + 35 * g3, x2 * g1 + x3 * g3) prover = proof.get_prover({x1: 10, x2: 15, x3: 35}) verifier = proof.get_verifier() assert verify(verifier, prover)
# Next, create the proof statement. stmt = DLRep(y1, x0 * g0 + x1 * g1) \ & DLRep(y2, x0 * g2 + x2 * g3) # This is an equivalent way to create the proof statement above. stmt_1 = DLRep(y1, x0 * g0 + x1 * g1) stmt_2 = DLRep(y2, x0 * g2 + x2 * g3) equivalent_stmt = AndProofStmt(stmt_1, stmt_2) assert stmt.get_proof_id() == equivalent_stmt.get_proof_id() # Simulate the prover and verifier interacting. prover = stmt.get_prover({x0: 4, x1: 5, x2: 7}) verifier = stmt.get_verifier() commitment = prover.commit() challenge = verifier.send_challenge(commitment) response = prover.compute_response(challenge) assert verifier.verify(response) # Composition takes into account re-occuring secrets. x0 = Secret(4) x1 = Secret(4) stmt = DLRep(4 * g0, x0 * g0) & DLRep(4 * g1, x1 * g1) # NOT the same as above. Note that x1_prime is used for both clauses. x1_prime = Secret(4) another_stmt = DLRep(4 * g0, x1_prime * g0) & DLRep(4 * g1, x1_prime * g1)