def test_statement_zk_proof() -> None: vm = sy.VirtualMachine() client = vm.get_root_client() sy.load("zksk") # third party from zksk import DLRep from zksk import Secret from zksk import utils num = 2 seed = 42 num_sy = sy.lib.python.Int(num) seed_sy = sy.lib.python.Int(seed) # Setup: Peggy and Victor agree on two group generators. G, H = utils.make_generators(num=num, seed=seed) # Setup: generate a secret randomizer. r = Secret(utils.get_random_num(bits=128)) # This is Peggy's secret bit. top_secret_bit = 1 # A Pedersen commitment to the secret bit. C = top_secret_bit * G + r.value * H # Peggy's definition of the proof statement, and proof generation. # (The first or-clause corresponds to the secret value 0, and the second to the value 1. Because # the real value of the bit is 1, the clause that corresponds to zero is marked as simulated.) stmt = DLRep(C, r * H, simulated=True) | DLRep(C - G, r * H) zk_proof = stmt.prove() # send over the network and get back num_ptr = num_sy.send(client) seed_prt = seed_sy.send(client) c_ptr = C.send(client) zk_proof_ptr = zk_proof.send(client) num2 = num_ptr.get().upcast() seed2 = seed_prt.get().upcast() C2 = c_ptr.get() zk_proof2 = zk_proof_ptr.get() # Setup: get the agreed group generators. G, H = utils.make_generators(num=num2, seed=seed2) # Setup: define a randomizer with an unknown value. r = Secret() stmt = DLRep(C2, r * H) | DLRep(C2 - G, r * H) assert stmt.verify(zk_proof2)
def ZK_equality(G,H): ##Generate two El-Gamal ciphertexts (C1,C2) and (D1,D2) # Setup: generate secret randomizers. # m is the secret bit. m = Secret(utils.get_random_num(bits=2)) r1 = Secret(utils.get_random_num(bits=128)) r2 = Secret(utils.get_random_num(bits=128)) C1 = r1.value*G #print("this is C1:", C1) C2 = r1.value * H + m.value * G D1 = r2.value * G D2 = r2.value * H + m.value * G ##Generate a NIZK proving equality of the plaintexts stmt = DLRep(C1,r1*G) & DLRep(C2,r1*H+m*G) & DLRep(D1,r2*G) & DLRep(D2,r2*H+m*G) zk_proof = stmt.prove() #Return two ciphertexts and the proof return (C1,C2), (D1,D2), zk_proof
def test_nizk_serde() -> None: vm = sy.VirtualMachine() client = vm.get_root_client() # third party from zksk import DLRep from zksk import Secret from zksk import utils sy.load("zksk") num = 2 seed = 42 G, H = utils.make_generators(num=num, seed=seed) # Setup: generate a secret randomizer. r = Secret(utils.get_random_num(bits=128)) # This is Peggy's secret bit. top_secret_bit = 1 # A Pedersen commitment to the secret bit. C = top_secret_bit * G + r.value * H # Peggy's definition of the proof statement, and proof generation. # (The first or-clause corresponds to the secret value 0, and the second to the value 1. Because # the real value of the bit is 1, the clause that corresponds to zero is marked as simulated.) stmt = DLRep(C, r * H, simulated=True) | DLRep(C - G, r * H) # zksk.base.NIZK zk_proof = stmt.prove() # test serde zk_proof_ptr = zk_proof.send(client) zk_proof2 = zk_proof_ptr.get() assert zk_proof == zk_proof2
# Create the base points on the curve. g0 = group.hash_to_point(b"g0") g1 = group.hash_to_point(b"g1") # Preparing the secrets. # In practice, they probably should be big integers (petlib.bn.Bn) x0 = Secret() x1 = Secret() # Set up the proof statement. # First, compute the value, "left-hand side". y = 4 * g0 + 42 * g1 # Next, create the proof statement. stmt = DLRep(y, x0 * g0 + x1 * g1) # Simulate the prover and the verifier interacting. prover = stmt.get_prover({x0: 4, x1: 42}) verifier = stmt.get_verifier() commitment = prover.commit() challenge = verifier.send_challenge(commitment) response = prover.compute_response(challenge) assert verifier.verify(response) # Non-interactive proof. nizk = stmt.prove({x0: 4, x1: 42}) stmt.verify(nizk)