def trusted_setup(self): s = group.random(ZR) alpha = group.random(ZR) monomials_short = [s**i for i in range(1, self.num_constraints + 1)] encrypted_monomials_short = [self.g**s_i for s_i in monomials_short] encrypted_monomials = [self.g] + encrypted_monomials_short encrypted_shifted_monomials = [ encrypted_monomial**alpha for encrypted_monomial in encrypted_monomials ] encrypted_variable_polynomials = [{ variable: polynomial.evaluate_encrypted(self.g, encrypted_monomials_short) for variable, polynomial in variable_polynomial_dict.items() } for variable_polynomial_dict in self.variable_polynomials] encrypted_shifted_variable_polynomials = [{ variable: polynomial.evaluate_encrypted(encrypted_shifted_monomials[0], encrypted_shifted_monomials[1:]) for variable, polynomial in variable_polynomial_dict.items() } for variable_polynomial_dict in self.variable_polynomials] g_t = self.g**self.t.evaluate(s) proving_key = [ encrypted_monomials_short, encrypted_variable_polynomials, encrypted_shifted_variable_polynomials, ] verification_key = [encrypted_shifted_monomials[0], g_t] return [proving_key, verification_key]
def challenge(self): self.s = group.random(ZR) self.alpha = group.random(ZR) monomials = [self.s**i for i in range(1, self.problem.max_order + 1)] encrypted_monomials = [self.problem.g**s_i for s_i in monomials] shifted_encrypted_monomials = [ encrypted_monomial**self.alpha for encrypted_monomial in ([self.problem.g] + encrypted_monomials) ] return [encrypted_monomials, shifted_encrypted_monomials]
def trusted_setup(self): s = group.random(ZR) alpha = group.random(ZR) monomials = [s**i for i in range(1, self.max_order + 1)] encrypted_monomials = [self.g**s_i for s_i in monomials] shifted_encrypted_monomials = [ encrypted_monomial**alpha for encrypted_monomial in ([self.g] + encrypted_monomials) ] g_t = self.g**self.t.evaluate(s) proving_key = [encrypted_monomials, shifted_encrypted_monomials] verification_key = [shifted_encrypted_monomials[0], g_t] return [proving_key, verification_key]
def trusted_setup(self): s = group.random(ZR) alpha = group.random(ZR) monomials_short = [s**i for i in range(1, self.num_constraints + 1)] encrypted_monomials_short = [self.g**s_i for s_i in monomials_short] encrypted_monomials = [self.g] + encrypted_monomials_short encrypted_shifted_monomials = [ encrypted_monomial**alpha for encrypted_monomial in encrypted_monomials ] g_t = self.g**self.t.evaluate(s) proving_key = [encrypted_monomials_short, encrypted_shifted_monomials] verification_key = [encrypted_shifted_monomials[0], g_t] return [proving_key, verification_key]
def __init__(self): self.g = group.random(G1) self.g.initPP() self.num_constraints = 1 self.t = Polynomial([1]) for constraint in range(1, self.num_constraints + 1): self.t = self.t * Polynomial([-constraint, 1])
def respond(self, challenge): [encrypted_monomials, shifted_encrypted_monomials] = challenge h = self.p / self.problem.t delta = group.random(ZR) return [ self.p.evaluate_encrypted(self.problem.g, encrypted_monomials)**delta, h.evaluate_encrypted(self.problem.g, encrypted_monomials)**delta, self.p.evaluate_encrypted(shifted_encrypted_monomials[0], shifted_encrypted_monomials[1:])**delta, ]
def trusted_setup(self): s = group.random(ZR) alphas = [group.random(ZR), group.random(ZR), group.random(ZR)] betas = [group.random(ZR), group.random(ZR), group.random(ZR)] gamma = group.random(ZR) monomials_short = [s**i for i in range(1, self.num_constraints + 1)] encrypted_monomials_short = [self.g**s_i for s_i in monomials_short] encrypted_monomials = [self.g] + encrypted_monomials_short encrypted_shifted_monomials_list = [[ encrypted_monomial**alpha for encrypted_monomial in encrypted_monomials ] for alpha in alphas] encrypted_variable_polynomials = [{ variable: polynomial.evaluate_encrypted(self.g, encrypted_monomials_short) for variable, polynomial in variable_polynomial_dict.items() } for variable_polynomial_dict in self.variable_polynomials] encrypted_shifted_variable_polynomials = [{ variable: polynomial.evaluate_encrypted(encrypted_shifted_monomials[0], encrypted_shifted_monomials[1:]) for variable, polynomial in variable_polynomial_dict.items() } for variable_polynomial_dict, encrypted_shifted_monomials in zip( self.variable_polynomials, encrypted_shifted_monomials_list)] variable_consistency_polynomials = { variable: prod([(encrypted_variable_polynomial_dict.get(variable) or group.init(G1, 0))**beta for encrypted_variable_polynomial_dict, beta in zip( encrypted_variable_polynomials, betas)]) for variable in self.variables } g_t = self.g**self.t.evaluate(s) encrypted_shifted_betas = [self.g**(beta * gamma) for beta in betas] encrypted_gamma = self.g**gamma proving_key = [ encrypted_monomials_short, encrypted_variable_polynomials, encrypted_shifted_variable_polynomials, variable_consistency_polynomials, ] verification_key = [ [ encrypted_shifted_monomials[0] for encrypted_shifted_monomials in encrypted_shifted_monomials_list ], g_t, encrypted_shifted_betas, encrypted_gamma, ] return [proving_key, verification_key]
def prove(self, p): assert p.degree <= self.problem.max_order h = p / self.problem.t delta = group.random(ZR) return [ p.evaluate_encrypted(self.problem.g, self.encrypted_monomials)**delta, h.evaluate_encrypted(self.problem.g, self.encrypted_monomials)**delta, p.evaluate_encrypted( self.shifted_encrypted_monomials[0], self.shifted_encrypted_monomials[1:], )**delta, ]
def __init__(self, constraints): self.g = group.random(G1) self.g.initPP() self.num_constraints = len(constraints) self.t = Polynomial([1]) for constraint_num in range(1, self.num_constraints + 1): self.t = self.t * Polynomial([-constraint_num, 1]) self.variable_polynomials = [{}, {}, {}] for i, constraint in enumerate(constraints): constraint_num = i + 1 partial_t = self.t / Polynomial([-constraint_num, 1]) partial_t = partial_t * (1 / partial_t.evaluate(constraint_num)) for constraint_dict, variable_polynomial_dict in zip( constraint, self.variable_polynomials): for variable, coefficient in constraint_dict.items(): variable_polynomial_dict[variable] = ( variable_polynomial_dict.get(variable) or Polynomial([0])) + partial_t * coefficient self.variables = (self.variable_polynomials[0].keys() | self.variable_polynomials[1].keys() | self.variable_polynomials[2].keys())
def __init__(self, t, max_order): self.g = group.random(G1) self.g.initPP() self.t = t self.max_order = max_order
def challenge(self): self.s = group.random(ZR) monomials = [self.s**i for i in range(1, self.problem.max_order + 1)] encrypted_monomials = [self.problem.g**s_i for s_i in monomials] return [encrypted_monomials]