def __init__(self, polynomial_list, chosen_candidate, G, com_pk): self.group = G self.com_pk = com_pk self.order = com_pk.order time_start_proof = time.process_time() chosen_candidate = Bn.from_num(chosen_candidate) random_to_eval = self.order.random() self.commitment_to_eval = com_pk.commit([chosen_candidate], random_to_eval)[0] value_eval = Bn.from_num(0) random_eval = Bn.from_num(0) commitment_eval = self.com_pk.commit([value_eval], random_eval)[0] self.proof = PolynomialProof( com_pk, polynomial_list, self.commitment_to_eval, commitment_eval, chosen_candidate, value_eval, random_to_eval, random_eval, ) time_end_proof = time.process_time() self.time_proof = time_end_proof - time_start_proof
def verify(self, polynomial_list): value_eval = Bn.from_num(0) random_eval = Bn.from_num(0) commitment_eval = self.com_pk.commit([value_eval], random_eval)[0] time_start_verify = time.process_time() self.proof.verify(self.com_pk, polynomial_list, self.commitment_to_eval, commitment_eval) time_end_verify = time.process_time() self.time_verify = time_end_verify - time_start_verify
def __init__(self, com_pk, commitment, product, A, randomizers): self.order = com_pk.group.order() self.m = len(A) self.n = len(A[0]) # Maybe here we have a calculation which slows down the running time product_rows_A = [ modular_prod([Bn.from_num(a[i]) for a in A], self.order) for i in range(self.n) ] self.commitment_products, randomizer_commitment_products = com_pk.commit( product_rows_A) self.hadamard = HadamardProductArgument( com_pk, commitment, self.commitment_products, A, randomizers, randomizer_commitment_products, ) self.single_value = SingleValueProdArg( com_pk, self.commitment_products, product, product_rows_A, randomizer_commitment_products, )
def __init__( self, kp_tally, pk_vote, added_token, reencrypted_vote, randomizer, number_dummies, ): # Security parameters self.sec_param = 256 self.bn_two = Bn.from_num(2) self.hash_reduction = self.bn_two.pow(self.sec_param) self.pk_tally = kp_tally.pk self.sk_tally = kp_tally.sk self.group_tally = self.pk_tally.group self.generator_tally = self.group_tally.generator() self.order_tally = self.group_tally.order() self.pk_vote = pk_vote self.group_vote = self.pk_vote.group self.generator_vote = self.pk_vote.generator self.order_vote = self.group_vote.order() self.token = added_token self.reencrypted_vote = reencrypted_vote self.nr_candidates = self.reencrypted_vote.length self.randomizer = randomizer self.number_dummies = number_dummies self.hiding_sk = None self.hiding_randomizer = None
def __init__(self, kp_tally, pk_vote, token, vote, reencrypted_vote, randomizer): # Security parameters self.sec_param = 256 self.bn_two = Bn.from_num(2) self.hash_reduction = self.bn_two.pow(self.sec_param) # Public key used for tokens self.pk_tally = kp_tally.pk self.sk_tally = kp_tally.sk self.group_tally = self.pk_tally.group self.generator_tally = self.group_tally.generator() self.order_tally = self.group_tally.order() # Public key used for votes self.pk_vote = pk_vote self.group_vote = self.pk_vote.group self.generator_vote = self.group_vote.generator() self.order_vote = self.group_vote.order() self.token = token self.vote = vote self.nr_candidates = self.vote.length self.reencrypted_vote = reencrypted_vote self.randomizer = randomizer self.hiding_sk = None self.hiding_randomizer = None
def election_setup(group, number_voters, security_param): order = group.order() counter_space = Bn.from_num(2).pow(security_param - 2) vids = [] counter = [] for i in range(number_voters): vids.append(order.random()) index = counter_space + counter_space.random() counter.append(index) return vids, counter
def __init__(self, commitments, responses, challenge=None): # Security parameters self.sec_param = 256 self.bn_two = Bn.from_num(2) self.hash_reduction = self.bn_two.pow(self.sec_param) ( self.commitment_pk, self.commitment_token, self.commitment_vote1, self.commitment_vote2, ) = commitments self.response_sk, self.response_randomizer = responses self.challenge = challenge
def compute_challenge_poly(transcript, p): """ Compute challenge given transcript """ transcript = flatten(transcript) m = hashlib.sha512() for element in transcript: try: m.update(element.commitment.export()) except AttributeError: try: m.update(hex(element.commitment).encode()) except: m.update(element.commitment.hex().encode()) hashed = m.hexdigest() return (Bn.from_hex(hashed)).mod(Bn.from_num(p))
def compute_challenge(transcript, p): """Compute challenge given transcript TODO: return something of the right size, l_c bits in the paper. TODO: use proper unique encoding of elements """ m = hashlib.sha512() for element in transcript: try: m.update(element.export()) except AttributeError: try: m.update(hex(element).encode()) except: m.update(hex(element.vid).encode()) m.update(hex(element.index).encode()) m.update(hex(element.tag).encode()) m.update(hex(element.vote).encode()) hashed = m.hexdigest() return (Bn.from_hex(hashed)).mod(Bn.from_num(p))
def __init__(self, com_pk, commitment, product, committed_values, randomizer): self.n = len(committed_values) self.order = com_pk.group.order() self.sec_param_l_e = 160 self.sec_param_l_s = 80 self.bn_two = Bn.from_num(2) # Prepare announcement products = [committed_values[0]] for i in range(1, self.n): products.append( (products[i - 1] * committed_values[i]).mod(self.order)) commitment_rand_one = self.order.random() commitment_rand_two = self.order.random() commitment_rand_three = self.order.random() d_randoms = [self.order.random() for _ in range(self.n)] delta_randoms = [self.order.random() for _ in range(self.n)] delta_randoms[0] = d_randoms[0] delta_randoms[-1] = 0 value_to_commit_two = [ -delta_randoms[i] * d_randoms[i + 1] for i in range(self.n - 1) ] value_to_commit_three = [ delta_randoms[i + 1] - committed_values[i + 1] * delta_randoms[i] - products[i] * d_randoms[i + 1] for i in range(self.n - 1) ] self.announcement_one, _ = com_pk.commit(d_randoms, commitment_rand_one) self.announcement_two, _ = com_pk.commit_reduced( value_to_commit_two, self.n - 1, commitment_rand_two) self.announcement_three, _ = com_pk.commit_reduced( value_to_commit_three, self.n - 1, commitment_rand_three) # Compute challenge [Verify validity of this] self.challenge = compute_challenge( [ commitment, product, self.announcement_one, self.announcement_two, self.announcement_three, ], self.order, ) # Compute response self.response_committed_values = [ (self.challenge * committed_values[i] + d_randoms[i]).mod( self.order) for i in range(self.n) ] self.response_product = [ (self.challenge * products[i] + delta_randoms[i]).mod(self.order) for i in range(self.n) ] self.response_randomizer = (self.challenge * randomizer + commitment_rand_one).mod(self.order) self.response_randomizer_commitments = ( self.challenge * commitment_rand_three + commitment_rand_two).mod( self.order)
values_sum = values[0] if len(values) > 1: for i in values[1:]: values_sum = (values_sum + i).mod(modulo) return values_sum if __name__ == "__main__": # import doctest # # doctest.testmod() G = EcGroup() com_pk = com.PublicKey(G, 3) order = com_pk.group.order() A = [ [Bn.from_num(10), Bn.from_num(20), Bn.from_num(30)], [Bn.from_num(40), Bn.from_num(20), Bn.from_num(30)], [Bn.from_num(60), Bn.from_num(20), Bn.from_num(40)], ] for _ in range(10): A.extend(A) length_A = len(A) commits_rands_A = [com_pk.commit(a) for a in A] comm_A = [a[0] for a in commits_rands_A] random_comm_A = [a[1] for a in commits_rands_A] b = modular_prod( [ modular_prod([Bn.from_num(A[i][j])
product *= i return product if __name__ == "__main__": # import doctest # # doctest.testmod() G = EcGroup() com_pk = com.PublicKey(G, 3) key_pair = elgamal.KeyPair(G) pk = key_pair.pk ctxts = [pk.encrypt((i) * G.generator()) for i in range(9)] ctxts = [ctxts[i * 3:(i + 1) * 3] for i in range(3)] exponents = [2, 0, 1, 3, 5, 8, 6, 7, 4] exponents_Bn = [Bn.from_num(i) for i in exponents] exponents = [exponents_Bn[i * 3:(i + 1) * 3] for i in range(3)] randomizers = [G.order().random() for _ in range(3)] reencryption_randomization = G.order().random() product_ctxts = prod([ MultiExponantiation.ctxt_weighted_sum(ctxts[i], exponents[i]) for i in range(3) ]) exponantiated_reencrypted_product = ( pk.encrypt(G.infinite(), reencryption_randomization) * product_ctxts) commitment_permutation = [ com_pk.commit(exponents[i], randomizers[i])[0] for i in range(3) ]
def __init__(self, kp_tally, pk_vote, tokens, vote, max_tag=None): # Security parameters self.sec_param = 256 self.bn_two = Bn.from_num(2) self.hash_reduction = self.bn_two.pow(self.sec_param) self.pk_tally = kp_tally.pk self.group_tally = self.pk_tally.group self.order_tally = self.group_tally.order() self.pk_vote = pk_vote self.tokens = tokens if max_tag: self.max_tag = max_tag else: self.max_tag = self.tokens[-1] self.dummy = self.max_tag.decrypt( kp_tally.sk) == 1 * kp_tally.group.generator() self.vote = vote self.number_candidates = self.vote.length self.number_dummies = len(tokens) last_token_decryption = self.tokens[-1].decrypt(kp_tally.sk) self.added_token = tokens[0] for token in tokens[1:]: self.added_token = self.added_token * token if type(self.vote) != VoteVector: raise ValueError("Expected vote type of VoteVector") # reencryption of vote randomizer_reencryption = self.order_tally.random() if self.dummy: self.reencrypted_vote = VoteVector([ pk_vote.encrypt(0 * kp_tally.group.generator(), randomizer_reencryption) ] * self.number_candidates) else: self.reencrypted_vote = pk_vote.reencrypt(vote, randomizer_reencryption) # Prover for dummy prover_dummy = DummyVoterReencryptionProver( kp_tally, pk_vote, self.added_token, self.reencrypted_vote, randomizer_reencryption, self.number_dummies, ) # Prover for real prover_real = RealVoterReencryptionProver( kp_tally, pk_vote, self.max_tag, vote, self.reencrypted_vote, randomizer_reencryption, ) # If the voter is real if last_token_decryption == 0 * self.group_tally.generator(): self.proof_dummy = prover_dummy.simulate() commitment_pk, commitment_token, commitment_vote1, commitment_vote2 = list( prover_real.commit()) # Challenge big proof self.main_challenge = compute_challenge( [commitment_pk] + [commitment_token] + commitment_vote1.tolist() + commitment_vote2.tolist() + [self.proof_dummy.commitment_pk] + [self.proof_dummy.commitment_token] + self.proof_dummy.commitment_vote1.tolist() + self.proof_dummy.commitment_vote2.tolist() + self.vote.tolist() + self.added_token.tolist() + [self.pk_vote.pk] + [self.pk_tally.pk], self.hash_reduction, ) self.true_challenge = self.main_challenge - self.proof_dummy.challenge self.proof_real = prover_real.create_proof( [ commitment_pk, commitment_token, commitment_vote1, commitment_vote2 ], self.true_challenge, ) # If the voter is dummy else: self.proof_real = prover_real.simulate() commitment_pk, commitment_token, commitment_vote1, commitment_vote2 = list( prover_dummy.commit()) # Challenge big proof self.main_challenge = compute_challenge( [self.proof_real.commitment_pk] + [self.proof_real.commitment_token] + self.proof_real.commitment_vote1.tolist() + self.proof_real.commitment_vote2.tolist() + [commitment_pk] + [commitment_token] + commitment_vote1.tolist() + commitment_vote2.tolist() + self.vote.tolist() + self.added_token.tolist() + [self.pk_vote.pk] + [self.pk_tally.pk], self.hash_reduction, ) self.true_challenge = self.main_challenge - self.proof_real.challenge self.proof_dummy = prover_dummy.create_proof( [ commitment_pk, commitment_token, commitment_vote1, commitment_vote2 ], self.true_challenge, )