def verify_key_material(key_material, r, c, sc, sp, fe, fy, player, ID, AD=None):
""" Verify key material
Verify the conunterparty key material using the
proof received
The key material dictionary must have keys:
* paillier_pk
* ecdsa_pk
Args::
key_material: dictionary with the key material
r: secret value for the ECDSA PK commitment
c: commitment for the ECDSA PK
sc: commitment for the Schnorr's Proof
sp: Schnorr's Proof
fe: Factoring Proof. First component
fy: Factoring Proof. Second component
Returns::
"""
# Decommit ECDSA PK
rc = commitments.nm_decommit(key_material['ecdsa_pk'], r, c)
assert rc == commitments.OK, f"[{player}] Failure decommitting ecdsa_pk. rc {rc}"
# Verify ECDSA PK Schnorr's proof
e = schnorr.challenge(key_material['ecdsa_pk'], sc, ID, AD=AD)
rc = schnorr.verify(key_material['ecdsa_pk'], sc, e, sp)
assert rc == schnorr.OK, f"[{player}] Invalid ECDSA PK Schnorr Proof. rc {rc}"
# Verify factoring ZKP
n = mpc.paillier_pk_to_octet(key_material['paillier_pk'])
rc = factoring_zk.verify(n, fe, fy, ID, ad=AD)
assert rc == factoring_zk.OK, f"[{player}] Invalid Factoring ZKP. rc {rc}"
def test_tv(self):
""" Test using test vectors """
for vector in self.tv:
V = bytes.fromhex(vector["V"])
C = bytes.fromhex(vector["C"])
e = bytes.fromhex(vector["E"])
p = bytes.fromhex(vector["P"])
ec = schnorr.verify(V, C, e, p)
self.assertEqual(ec, schnorr.OK)
def test_error_code(self):
""" Test error codes are propagated """
vector = self.tv[0]
V = bytes.fromhex(vector["C"])
C = bytes.fromhex(vector["V"])
e = bytes.fromhex(vector["E"])
p = bytes.fromhex(vector["P"])
ec = schnorr.verify(V, C, e, p)
self.assertEqual(ec, schnorr.FAIL)
ID = b"unique_user_identifier"
AD_hex = "d7d3155616778fb436a1eb2070892205"
if __name__ == "__main__":
r = bytes.fromhex(r_hex)
x = bytes.fromhex(x_hex)
V = bytes.fromhex(V_hex)
AD = bytes.fromhex(AD_hex)
# Generate quantities for benchmark
r, C = schnorr.commit(None, r)
e = schnorr.challenge(V, C, ID, AD=AD)
p = schnorr.prove(r, e, x)
# Check consistency of the generated quantities
assert schnorr.verify(V, C, e, p) == schnorr.OK
# Run benchmark
fncall = lambda: schnorr.commit(None, r)
time_func("commit ", fncall, unit="us")
fncall = lambda: schnorr.challenge(V, C, ID, AD=AD)
time_func("challenge", fncall, unit="us")
fncall = lambda: schnorr.prove(r, e, x)
time_func("prove ", fncall, unit="us")
fncall = lambda: schnorr.verify(V, C, e, p)
time_func("verify ", fncall, unit="us")
GAMMA_schnorr_p1 = schnorr.prove(GAMMA_schnorr_r1, GAMMA_schnorr_e1, gamma1)
print("[Bob] Generate Schnorr's Proof")
GAMMA_schnorr_r2, GAMMA_schnorr_c2 = schnorr.commit(rng)
GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD = bob_ad)
GAMMA_schnorr_p2 = schnorr.prove(GAMMA_schnorr_r2, GAMMA_schnorr_e2, gamma2)
print("[Alice] Transmit decommitment and Schnorr Proof for GAMMA1")
print("[Bob] Transmit decommitment and Schnorr Proof for GAMMA2")
# Decommit GAMMAi and verify Schnorr Proof
rc = commitments.nm_decommit(GAMMA2, GAMMAR2, GAMMAC2)
assert rc == commitments.OK, f'[Alice] Error decommitting GAMMA2. rc {rc}'
GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD=bob_ad)
rc = schnorr.verify(GAMMA2, GAMMA_schnorr_c2, GAMMA_schnorr_e2, GAMMA_schnorr_p2)
assert rc == schnorr.OK, f'[Alice] Error verifying Schnorr proof for GAMMA2'
rc = commitments.nm_decommit(GAMMA1, GAMMAR1, GAMMAC1)
assert rc == commitments.OK, f'[Bob] Error decommitting GAMMA1. rc {rc}'
GAMMA_schnorr_e1 = schnorr.challenge(GAMMA1, GAMMA_schnorr_c1, alice_id, AD=alice_ad)
rc = schnorr.verify(GAMMA1, GAMMA_schnorr_c1, GAMMA_schnorr_e1, GAMMA_schnorr_p1)
assert rc == schnorr.OK, f'[Bob] Error verifying Schnorr proof for GAMMA1'
## Reconcile R component
print("[Alice] Recombine kgamma^(-1)")
ikgamma1 = mpc.mpc_invkgamma(delta1, delta2)
rc, R1, _ = mpc.mpc_r(ikgamma1, GAMMA1, GAMMA2)
assert rc == 0, f'[Alice] Error reconciling R. rc {rc}'
print("\n[Prover] Commitment C = r.G")
print(f"\tr = {r.hex()}")
print(f"\tC = {C.hex()}")
# Generate deterministic challenge e = H(G, V, C, ID, AD)
e = schnorr.challenge(V, C, ID, AD=AD)
print("\n[Prover] Deterministic Challenge e = H(G, V, C, ID, AD)")
print(f"\te = {e.hex()}")
# Generate proof p = r - ex mod q
p = schnorr.prove(r, e, x)
print("\n[Prover] Generate proof p = r - ex")
print(f"\tp = {p.hex()}")
# Verifier regenerates deterministic challenge
e = schnorr.challenge(V, C, ID, AD=AD)
print("\n[Verifier] Deterministic Challenge e = H(G, V, C, ID, AD)")
print(f"\te = {e.hex()}")
# Verify
rc = schnorr.verify(V, C, e, p)
print("\n[Verifier] Verify proof p")
if rc == schnorr.OK:
print("\tSuccess")
else:
print("\tFailure")