def test_and_proof_same_environment(params):
p1, p2, secrets_dict = params
and_proof = AndProofStmt(p1, p2)
prover = and_proof.get_prover(secrets_dict)
verifier = and_proof.get_verifier()
assert verify(verifier, prover)
def test_and_proof_different_environments(params):
x, y = Secret(), Secret()
p1, p2, secrets_dict = params
and_proof = AndProofStmt(p1, p2)
prover = and_proof.get_prover(secrets_dict)
verifier = and_proof.get_verifier()
assert verify(verifier, prover)
def test_compose_and_proofs_1(params):
p1, p2, secrets_dict = params
p3 = AndProofStmt(p1, p2)
p4 = AndProofStmt(AndProofStmt(p1, p2), p1)
prover = p4.get_prover(secrets_dict)
verifier = p4.get_verifier()
assert verify(verifier, prover)
def test_and_proof_fails_when_secret_is_wrong(params, group):
p1, p2, secrets_dict = params
and_proof = AndProofStmt(p1, p2)
sec = secrets_dict.copy()
u = list(sec.keys())
sec[u[0]] = group.order().random()
prover = and_proof.get_prover(sec)
verifier = and_proof.get_verifier()
assert not verify(verifier, prover)
def test_and_proof_simulation_1(group):
n = 3
secret_values = [Bn(i) for i in range(n)]
secrets = [Secret() for _ in range(n)]
generators = make_generators(n, group)
lhs = group.wsum(secret_values, generators)
subproof1 = DLRep(lhs, wsum_secrets(secrets, generators))
subproof2 = DLRep(lhs, wsum_secrets(secrets, generators))
andp = AndProofStmt(subproof1, subproof2)
andv = andp.get_verifier()
tr = andp.simulate_proof()
tr.stmt_hash = andp.prehash_statement().digest()
assert not andv.verify_nizk(tr)
def test_and_or_proof_composition(params):
p1, p2, secrets = params
g1 = 7 * p1.bases[0]
g2 = 8 * p1.bases[0]
xb = Secret(name="xb")
xa = Secret(name="xa")
p0 = DLRep(7 * g1 + 18 * g2, xb * g1 + xa * g2)
secrets[xb] = 7
secrets[xa] = 18
orproof = OrProofStmt(p1, p2)
andp = AndProofStmt(orproof, p0)
andp = AndProofStmt(andp, DLRep(15 * p1.bases[0], Secret(value=15) * p1.bases[0]))
prover = andp.get_prover(secrets)
verifier = andp.get_verifier()
assert verify(verifier, prover)
def test_and_proof_fails_when_bases_belong_to_different_groups(group):
"""
An alien EcPt is inserted in the generators
"""
g1 = group.generator()
other_group = EcGroup(706)
assert group != other_group
g2 = other_group.generator()
x = Secret(value=Bn(42))
y1 = group.wsum([x.value], [g1])
y2 = other_group.wsum([x.value], [g2])
p1 = DLRep(y1, wsum_secrets([x], [g1]))
p2 = DLRep(y2, wsum_secrets([x], [g2]))
and_proof = AndProofStmt(p1, p2)
prover = and_proof.get_prover()
verifier = and_proof.get_verifier()
# An exception should be raised because of a shared secrets linked to two different groups
with pytest.raises(GroupMismatchError):
verify(verifier, prover)
def test_malicious_and_proofs():
x0 = Secret()
x2 = Secret()
x1 = Secret()
generators = make_generators(3)
g1 = generators[0]
g2 = generators[1]
g3 = generators[2]
secret_dict = {x0: 3, x2: 50, x1: 12}
mal_secret_dict = {x0: 3, x2: 51}
andp = AndProofStmt(
DLRep(12 * g1 + 50 * g2, x1 * g1 + x2 * g2),
DLRep(3 * g3 + 51 * g2, x0 * g1 + x2 * g2),
)
prov = andp.get_prover(secret_dict)
prov.subs[1].secret_values = mal_secret_dict
verif = andp.get_verifier()
com = prov.commit()
chal = verif.send_challenge(com)
resp = prov.compute_response(chal)
with pytest.raises(ValidationError):
verif.verify(resp)
def test_multiple_and_proofs(params):
p1, p2, secrets_dict = params
and_proof = AndProofStmt(p1, p2, p2, p1, p1, p1, p2)
prover = and_proof.get_prover(secrets_dict)
verifier = and_proof.get_verifier()
assert verify(verifier, prover)