def verify_key_material(key_material, r, c, sc, sp, fe, fy, player, ID, AD=None): """ Verify key material Verify the conunterparty key material using the proof received The key material dictionary must have keys: * paillier_pk * ecdsa_pk Args:: key_material: dictionary with the key material r: secret value for the ECDSA PK commitment c: commitment for the ECDSA PK sc: commitment for the Schnorr's Proof sp: Schnorr's Proof fe: Factoring Proof. First component fy: Factoring Proof. Second component Returns:: """ # Decommit ECDSA PK rc = commitments.nm_decommit(key_material['ecdsa_pk'], r, c) assert rc == commitments.OK, f"[{player}] Failure decommitting ecdsa_pk. rc {rc}" # Verify ECDSA PK Schnorr's proof e = schnorr.challenge(key_material['ecdsa_pk'], sc, ID, AD=AD) rc = schnorr.verify(key_material['ecdsa_pk'], sc, e, sp) assert rc == schnorr.OK, f"[{player}] Invalid ECDSA PK Schnorr Proof. rc {rc}" # Verify factoring ZKP n = mpc.paillier_pk_to_octet(key_material['paillier_pk']) rc = factoring_zk.verify(n, fe, fy, ID, ad=AD) assert rc == factoring_zk.OK, f"[{player}] Invalid Factoring ZKP. rc {rc}"
def test_tv(self): """ Test using test vectors """ for vector in self.tv: V = bytes.fromhex(vector["V"]) C = bytes.fromhex(vector["C"]) e = bytes.fromhex(vector["E"]) p = bytes.fromhex(vector["P"]) ec = schnorr.verify(V, C, e, p) self.assertEqual(ec, schnorr.OK)
def test_error_code(self): """ Test error codes are propagated """ vector = self.tv[0] V = bytes.fromhex(vector["C"]) C = bytes.fromhex(vector["V"]) e = bytes.fromhex(vector["E"]) p = bytes.fromhex(vector["P"]) ec = schnorr.verify(V, C, e, p) self.assertEqual(ec, schnorr.FAIL)
ID = b"unique_user_identifier" AD_hex = "d7d3155616778fb436a1eb2070892205" if __name__ == "__main__": r = bytes.fromhex(r_hex) x = bytes.fromhex(x_hex) V = bytes.fromhex(V_hex) AD = bytes.fromhex(AD_hex) # Generate quantities for benchmark r, C = schnorr.commit(None, r) e = schnorr.challenge(V, C, ID, AD=AD) p = schnorr.prove(r, e, x) # Check consistency of the generated quantities assert schnorr.verify(V, C, e, p) == schnorr.OK # Run benchmark fncall = lambda: schnorr.commit(None, r) time_func("commit ", fncall, unit="us") fncall = lambda: schnorr.challenge(V, C, ID, AD=AD) time_func("challenge", fncall, unit="us") fncall = lambda: schnorr.prove(r, e, x) time_func("prove ", fncall, unit="us") fncall = lambda: schnorr.verify(V, C, e, p) time_func("verify ", fncall, unit="us")
GAMMA_schnorr_p1 = schnorr.prove(GAMMA_schnorr_r1, GAMMA_schnorr_e1, gamma1) print("[Bob] Generate Schnorr's Proof") GAMMA_schnorr_r2, GAMMA_schnorr_c2 = schnorr.commit(rng) GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD = bob_ad) GAMMA_schnorr_p2 = schnorr.prove(GAMMA_schnorr_r2, GAMMA_schnorr_e2, gamma2) print("[Alice] Transmit decommitment and Schnorr Proof for GAMMA1") print("[Bob] Transmit decommitment and Schnorr Proof for GAMMA2") # Decommit GAMMAi and verify Schnorr Proof rc = commitments.nm_decommit(GAMMA2, GAMMAR2, GAMMAC2) assert rc == commitments.OK, f'[Alice] Error decommitting GAMMA2. rc {rc}' GAMMA_schnorr_e2 = schnorr.challenge(GAMMA2, GAMMA_schnorr_c2, bob_id, AD=bob_ad) rc = schnorr.verify(GAMMA2, GAMMA_schnorr_c2, GAMMA_schnorr_e2, GAMMA_schnorr_p2) assert rc == schnorr.OK, f'[Alice] Error verifying Schnorr proof for GAMMA2' rc = commitments.nm_decommit(GAMMA1, GAMMAR1, GAMMAC1) assert rc == commitments.OK, f'[Bob] Error decommitting GAMMA1. rc {rc}' GAMMA_schnorr_e1 = schnorr.challenge(GAMMA1, GAMMA_schnorr_c1, alice_id, AD=alice_ad) rc = schnorr.verify(GAMMA1, GAMMA_schnorr_c1, GAMMA_schnorr_e1, GAMMA_schnorr_p1) assert rc == schnorr.OK, f'[Bob] Error verifying Schnorr proof for GAMMA1' ## Reconcile R component print("[Alice] Recombine kgamma^(-1)") ikgamma1 = mpc.mpc_invkgamma(delta1, delta2) rc, R1, _ = mpc.mpc_r(ikgamma1, GAMMA1, GAMMA2) assert rc == 0, f'[Alice] Error reconciling R. rc {rc}'
print("\n[Prover] Commitment C = r.G") print(f"\tr = {r.hex()}") print(f"\tC = {C.hex()}") # Generate deterministic challenge e = H(G, V, C, ID, AD) e = schnorr.challenge(V, C, ID, AD=AD) print("\n[Prover] Deterministic Challenge e = H(G, V, C, ID, AD)") print(f"\te = {e.hex()}") # Generate proof p = r - ex mod q p = schnorr.prove(r, e, x) print("\n[Prover] Generate proof p = r - ex") print(f"\tp = {p.hex()}") # Verifier regenerates deterministic challenge e = schnorr.challenge(V, C, ID, AD=AD) print("\n[Verifier] Deterministic Challenge e = H(G, V, C, ID, AD)") print(f"\te = {e.hex()}") # Verify rc = schnorr.verify(V, C, e, p) print("\n[Verifier] Verify proof p") if rc == schnorr.OK: print("\tSuccess") else: print("\tFailure")