def test_verify_election_partial_key_backup(self):
# Arrange
recipient_auxiliary_key_pair = generate_rsa_auxiliary_key_pair(
RECIPIENT_GUARDIAN_ID, RECIPIENT_SEQUENCE_ORDER)
sender_election_key_pair = generate_election_key_pair(
SENDER_GUARDIAN_ID, SENDER_SEQUENCE_ORDER, QUORUM)
recipient_auxiliary_public_key = AuxiliaryPublicKey(
RECIPIENT_GUARDIAN_ID,
RECIPIENT_SEQUENCE_ORDER,
recipient_auxiliary_key_pair.public_key,
)
partial_key_backup = generate_election_partial_key_backup(
SENDER_GUARDIAN_ID,
sender_election_key_pair.polynomial,
recipient_auxiliary_public_key,
identity_auxiliary_encrypt,
)
# Act
verification = verify_election_partial_key_backup(
RECIPIENT_GUARDIAN_ID,
partial_key_backup,
sender_election_key_pair.share(),
recipient_auxiliary_key_pair,
identity_auxiliary_decrypt,
)
# Assert
self.assertIsNotNone(verification)
self.assertEqual(verification.owner_id, SENDER_GUARDIAN_ID)
self.assertEqual(verification.designated_id, RECIPIENT_GUARDIAN_ID)
self.assertEqual(verification.verifier_id, RECIPIENT_GUARDIAN_ID)
self.assertTrue(verification.verified)
def create_guardian_backup(request: GuardianBackupRequest) -> GuardianBackup:
"""
Generate all election partial key backups based on existing public keys
:param request: Guardian backup request
:return: Guardian backup
"""
encrypt = identity if request.override_rsa else rsa_encrypt
backups: List[Any] = []
for auxiliary_public_key in request.auxiliary_public_keys:
backup = generate_election_partial_key_backup(
request.guardian_id,
read_json_object(request.election_polynomial, ElectionPolynomial),
AuxiliaryPublicKey(
auxiliary_public_key.owner_id,
auxiliary_public_key.sequence_order,
auxiliary_public_key.key,
),
encrypt,
)
if not backup:
raise HTTPException(status_code=500, detail="Backup failed to be generated")
backups.append(write_json_object(backup))
return GuardianBackup(
id=request.guardian_id,
election_partial_key_backups=backups,
)
def test_generate_election_partial_key_backup(self):
# Arrange
election_key_pair = generate_election_key_pair(SENDER_GUARDIAN_ID,
SENDER_SEQUENCE_ORDER,
QUORUM)
auxiliary_key_pair = generate_rsa_auxiliary_key_pair(
RECIPIENT_GUARDIAN_ID, RECIPIENT_SEQUENCE_ORDER)
auxiliary_public_key = AuxiliaryPublicKey(
RECIPIENT_GUARDIAN_ID,
RECIPIENT_SEQUENCE_ORDER,
auxiliary_key_pair.public_key,
)
# Act
backup = generate_election_partial_key_backup(
SENDER_GUARDIAN_ID,
election_key_pair.polynomial,
auxiliary_public_key,
identity_auxiliary_encrypt,
)
# Assert
self.assertIsNotNone(backup)
self.assertEqual(backup.designated_id, RECIPIENT_GUARDIAN_ID)
self.assertEqual(backup.designated_sequence_order,
RECIPIENT_SEQUENCE_ORDER)
self.assertIsNotNone(backup.encrypted_value)
def test_generate_election_partial_key_challenge(self):
# Arrange
recipient_auxiliary_key_pair = generate_rsa_auxiliary_key_pair(
RECIPIENT_GUARDIAN_ID, RECIPIENT_SEQUENCE_ORDER)
sender_election_key_pair = generate_election_key_pair(
SENDER_GUARDIAN_ID, SENDER_SEQUENCE_ORDER, QUORUM)
recipient_auxiliary_public_key = AuxiliaryPublicKey(
RECIPIENT_GUARDIAN_ID,
RECIPIENT_SEQUENCE_ORDER,
recipient_auxiliary_key_pair.public_key,
)
partial_key_backup = generate_election_partial_key_backup(
SENDER_GUARDIAN_ID,
sender_election_key_pair.polynomial,
recipient_auxiliary_public_key,
identity_auxiliary_encrypt,
)
# Act
challenge = generate_election_partial_key_challenge(
partial_key_backup, sender_election_key_pair.polynomial)
# Assert
self.assertIsNotNone(challenge)
self.assertEqual(challenge.designated_id, RECIPIENT_GUARDIAN_ID)
self.assertEqual(challenge.designated_sequence_order,
RECIPIENT_SEQUENCE_ORDER)
self.assertIsNotNone(challenge.value)
self.assertEqual(len(challenge.coefficient_commitments), QUORUM)
self.assertEqual(len(challenge.coefficient_proofs), QUORUM)
for proof in challenge.coefficient_proofs:
self.assertTrue(proof.is_valid())
def test_generate_election_partial_key_backup(self):
# Arrange
election_key_pair = generate_election_key_pair(QUORUM)
auxiliary_key_pair = generate_rsa_auxiliary_key_pair()
auxiliary_public_key = AuxiliaryPublicKey(
RECIPIENT_GUARDIAN_ID,
RECIPIENT_SEQUENCE_ORDER,
auxiliary_key_pair.public_key,
)
# Act
backup = generate_election_partial_key_backup(
SENDER_GUARDIAN_ID,
election_key_pair.polynomial,
auxiliary_public_key,
identity_auxiliary_encrypt,
)
# Assert
self.assertIsNotNone(backup)
self.assertEqual(backup.designated_id, RECIPIENT_GUARDIAN_ID)
self.assertEqual(backup.designated_sequence_order,
RECIPIENT_SEQUENCE_ORDER)
self.assertIsNotNone(backup.encrypted_value)
self.assertEqual(len(backup.coefficient_commitments), QUORUM)
self.assertEqual(len(backup.coefficient_proofs), QUORUM)
for proof in backup.coefficient_proofs:
self.assertTrue(proof.is_valid())
def test_verify_election_partial_key_challenge(self):
# Arrange
recipient_auxiliary_key_pair = generate_elgamal_auxiliary_key_pair()
sender_election_key_pair = generate_election_key_pair(QUORUM)
recipient_auxiliary_public_key = AuxiliaryPublicKey(
RECIPIENT_GUARDIAN_ID,
RECIPIENT_SEQUENCE_ORDER,
recipient_auxiliary_key_pair.public_key,
)
partial_key_backup = generate_election_partial_key_backup(
SENDER_GUARDIAN_ID,
sender_election_key_pair.polynomial,
recipient_auxiliary_public_key,
)
challenge = generate_election_partial_key_challenge(
partial_key_backup, sender_election_key_pair.polynomial)
# Act
verification = verify_election_partial_key_challenge(
ALTERNATE_VERIFIER_GUARDIAN_ID, challenge)
# Assert
self.assertIsNotNone(verification)
self.assertEqual(verification.owner_id, SENDER_GUARDIAN_ID)
self.assertEqual(verification.designated_id, RECIPIENT_GUARDIAN_ID)
self.assertEqual(verification.verifier_id,
ALTERNATE_VERIFIER_GUARDIAN_ID)
self.assertTrue(verification.verified)
def _guardian_generates_backups(self, sender_id: str) -> None:
"""
Guardian generates a partial key backup of
all other guardian keys
"""
backups = []
for recipient_auxiliary_key in self.auxiliary_key_pairs.values():
# Guardian skips themselves
if recipient_auxiliary_key.owner_id is sender_id:
continue
senders_polynomial = self.election_key_pairs[sender_id].polynomial
backup = generate_election_partial_key_backup(
sender_id,
senders_polynomial,
recipient_auxiliary_key.share(),
identity_auxiliary_encrypt,
)
backups.append(backup)
self.sent_backups[sender_id] = backups
