Exemplo n.º 1
0
    def __init__(self, valid_tuple, invalid_tuple, x):
        self.lhs = [valid_tuple[0], invalid_tuple[0]]
        self.generators = [valid_tuple[1], invalid_tuple[1]]
        self.x = x

        # The internal ZK proof uses two constructed secrets
        self.alpha, self.beta = Secret(), Secret()
Exemplo n.º 2
0
def test_expr_eval_no_values_specified(group):
    g = group.generator()
    g1 = 2 * g
    g2 = 5 * g

    rhs = Secret(name="x1") * g1 + Secret(name="x2") * g2
    with pytest.raises(IncompleteValuesError):
        rhs.eval()
Exemplo n.º 3
0
    def commit(self, messages, zkp=True):
        """
        Construct the product of messages and optionaly a Pedersen commitment and its proof.

        Args:
            messages: Messages (attributes) to commit to
            zkp (bool): Whether to construct a Pedersen commitment and proof the knowledge of the
                messages for this commitment.

        Returns:
            :py:class:`UserCommitmentMessage`: user's packed commitment.
        """
        lhs = self.pk.generators[0].group.wsum(
            messages, self.pk.generators[2 : len(messages) + 2]
        )
        com_nizk_proof = None
        if zkp:
            self.s1 = self.pk.generators[0].group.order().random()
            lhs = self.s1 * self.pk.generators[1] + lhs

            # TODO: Extract into a separate ExtendedProofStmt.
            secret_vars = [Secret() for _ in range(len(messages) + 1)]
            secrets = [self.s1] + messages
            rhs = wsum_secrets(secret_vars, self.pk.generators[1 : len(messages) + 2])
            com_stmt = DLRep(lhs, rhs)
            com_nizk_proof = com_stmt.prove(
                {s: v for s, v in zip(secret_vars, secrets)}
            )

        return UserCommitmentMessage(com_message=lhs, com_nizk_proof=com_nizk_proof)
Exemplo n.º 4
0
def test_expr_repr(group, num):
    secrets = [Secret() for _ in range(num)]
    generators = make_generators(num, group)
    expr = wsum_secrets(secrets, generators)

    expected_repr = " + ".join("Expression({}, {})".format(x, g)
                               for x, g in zip(secrets, generators))
    assert expected_repr == repr(expr)
Exemplo n.º 5
0
    def __init__(self,
                 valid_pair,
                 invalid_pair,
                 x,
                 bind=False,
                 simulated=False):
        if len(valid_pair) != 2 or len(invalid_pair) != 2:
            raise TypeException(
                "The valid_pair and invalid_pair must be pairs")

        self.x = x

        # The internal ZK proof uses two constructed secrets
        self.alpha, self.beta = Secret(), Secret()

        self.lhs = [valid_pair[0], invalid_pair[0]]
        self.g = valid_pair[1]
        self.h = invalid_pair[1]

        self.bind = bind
        self.set_simulated(simulated)
Exemplo n.º 6
0
    def __init__(self, secret_vars, pk, signature=None, binding=True, simulated=False):
        self.pk = pk
        self.signature = signature
        if not binding:
            # We add two Secret slots for e and s if necessary
            secret_vars = [Secret(), Secret()] + secret_vars

        # We need L+1 generators for L messages. secret_vars are messages plus 'e' and 's'
        self.bases = pk.generators[: len(secret_vars)]
        self.order = self.bases[0].group.order()

        # The prover will compute the following secrets:
        self.r1, self.r2, self.delta1, self.delta2 = (
            Secret(),
            Secret(),
            Secret(),
            Secret(),
        )

        # Below is boilerplate
        self.secret_vars = secret_vars
        if signature is not None:
            # Digest the signature parameters
            self.secret_vars[0].value = signature.e
            self.secret_vars[1].value = signature.s

        self.set_simulated(simulated)
Exemplo n.º 7
0
    def verify_blinding(self, pk):
        """
        Verify the NIZK proof for Pedersen commitment.
        """
        if self.com_nizk_proof is None:
            raise ValueError("No proof to verify")

        # TODO: Extract into a separate ExtendedProofStmt.
        lhs = self.com_message
        generators = pk.generators[1 : len(self.com_nizk_proof.responses) + 1]
        secret_vars = [Secret() for _ in self.com_nizk_proof.responses]
        proof = DLRep(lhs, wsum_secrets(secret_vars, generators))

        return proof.verify(self.com_nizk_proof)
Exemplo n.º 8
0
def test_expr_invalid_expression(group, other):
    g = group.generator()
    expr = Secret() * g

    with pytest.raises(InvalidExpression):
        expr + other
Exemplo n.º 9
0
def test_expr_2(group):
    g = group.generator()
    x = Secret()
    expr = x * g
    assert expr.bases == (g, )
    assert expr.secrets == (x, )
Exemplo n.º 10
0
def test_expr_1(group):
    g = group.generator()
    x = Secret()
    expr = Expression(x, g)
    assert expr.bases == (g, )
    assert expr.secrets == (x, )
Exemplo n.º 11
0
def test_secret_different_anonymous_secrets():
    x, y = Secret(), Secret()
    assert x.name != y.name
    assert hash(x) != hash(y)
    assert x != y
Exemplo n.º 12
0
def test_secret_same_names_different_values():
    x, y = Secret(name="same"), Secret(name="same", value=100)
    assert x.name == y.name
    assert hash(x) == hash(y)
    assert x != y
Exemplo n.º 13
0
def test_secret_same_names():
    x, y = Secret(name="same"), Secret(name="same")
    assert x.name == y.name
    assert hash(x) == hash(y)
    assert x == y
Exemplo n.º 14
0
def test_secret_named():
    x = Secret(name="x")
    assert x.name == "x"
Exemplo n.º 15
0
    assert x.name == y.name
    assert hash(x) == hash(y)
    assert x != y


def test_secret_different_anonymous_secrets():
    x, y = Secret(), Secret()
    assert x.name != y.name
    assert hash(x) != hash(y)
    assert x != y


@pytest.mark.parametrize(
    "x,pattern",
    [
        (Secret(), r"Secret\(name='.+'\)"),
        (Secret(name="x"), r"Secret\(name='x'\)"),
        (Secret(value=42), r"Secret\(42, '.+'\)"),
        (Secret(value=42, name="x"), r"Secret\(42, 'x'\)"),
    ],
)
def test_secret_repr(x, pattern):
    assert re.match(pattern, repr(x)) is not None


def test_expr_1(group):
    g = group.generator()
    x = Secret()
    expr = Expression(x, g)
    assert expr.bases == (g, )
    assert expr.secrets == (x, )
Exemplo n.º 16
0
        precommitment = blinder * (self.x.value * self.generators[1] -
                                   self.lhs[1])
        return precommitment

    def construct_stmt(self, precommitment):
        infty = self.generators[0].group.infinite()
        p1 = DLRep(infty,
                   self.alpha * self.generators[0] + self.beta * self.lhs[0])
        p2 = DLRep(precommitment,
                   self.alpha * self.generators[1] + self.beta * self.lhs[1])
        return p1 & p2

    def validate(self, precommitment):
        if precommitment == self.generators[0].group.infinite():
            raise ValidationError("Invalid precommitment")

    def simulate_precommit(self):
        group = self.generators[0].group
        precommitment = group.order().random() * group.generator()
        return precommitment


g, h = make_generators(2)
x = Secret(value=42)
a = 42 * g
b = 41 * h
stmt = DLNotEqual((a, g), (b, h), x)
nizk = stmt.prove()
stmt.verify(nizk)