def test_or_non_interactive_fails_on_wrong_secrets(group, params):
p1, p2, secrets = params
p = OrProofStmt(p1, p2)
bad_secrets = secrets.copy()
u = list(bad_secrets.keys())
bad_secrets[u[0]] = group.order().random()
bad_secrets[u[1]] = group.order().random()
bad_secrets[u[2]] = group.order().random()
bad_secrets[u[3]] = group.order().random()
message = "whatever"
tr = p.prove(bad_secrets, message=message)
assert not p.verify(tr, message=message)
def test_or_non_interactive_serialization(params):
p1, p2, secrets = params
p = OrProofStmt(p1, p2)
message = "whatever"
tr = p.prove(secrets, message=message)
tr_enc = tr.serialize()
tr_dec = NIZK.deserialize(tr_enc)
assert tr_dec.challenge == tr.challenge
assert len(tr_dec.responses) == len(tr.responses)
for resp1, resp2 in zip(tr_dec.responses, tr.responses):
assert resp1 == resp2
assert tr_dec.precommitment == tr.precommitment
assert tr_dec.stmt_hash == tr.stmt_hash
assert p.verify(tr_dec, message=message)
def test_dlrep_or_rangeproof(group):
g, h = make_generators(2)
x = Secret(9)
y = Secret(42)
z = Secret(40)
c = x.value * g + y.value * h
c2 = z.value * g + y.value * h
stmt1 = DLRep(c, x * g + y * h) & RangeStmt(c, g, h, 0, 50, x, y)
stmt2 = DLRep(c2, z * g + y * h) & RangeStmt(c2, g, h, 0, 50, z, y)
stmt1.set_simulated()
or_stmt = OrProofStmt(stmt1, stmt2)
nizk = or_stmt.prove()
assert or_stmt.verify(nizk)
def test_or_signature_non_interactive():
mG = BilinearGroupPair()
keypair = BBSPlusKeypair.generate(mG, 9)
messages = [Bn(30), Bn(31), Bn(32)]
pk, sk = keypair.pk, keypair.sk
generators, h0 = keypair.generators, keypair.h0
creator = BBSPlusSignatureCreator(pk)
lhs = creator.commit(messages)
presignature = sk.sign(lhs.com_message)
signature = creator.obtain_signature(presignature)
e, s, m1, m2, m3 = (Secret() for _ in range(5))
secret_dict = {
e: signature.e,
s: signature.s,
m1: messages[0],
m2: messages[1],
m3: messages[2],
}
sigproof = BBSPlusSignatureStmt([e, s, m1, m2, m3], pk, signature)
creator = BBSPlusSignatureCreator(pk)
lhs = creator.commit(messages)
presignature2 = sk.sign(lhs.com_message)
signature2 = creator.obtain_signature(presignature2)
e1, s1 = (Secret() for _ in range(2))
secret_dict2 = {
e1: signature2.e,
s1: signature2.s,
m1: messages[0],
m2: messages[1],
}
sigproof1 = BBSPlusSignatureStmt([e1, s1, m1, m2, m3], pk, signature2)
secret_dict.update(secret_dict2)
andp = sigproof | sigproof1
orp = OrProofStmt(andp, sigproof)
tr = orp.prove(secret_dict)
assert orp.verify(tr)
def test_or_non_interactive(params):
p1, p2, secrets = params
p = OrProofStmt(p1, p2)
message = "whatever"
tr = p.prove(secrets, message=message)
assert p.verify(tr, message=message)
def test_or_proof_simulation(params):
p1, p2, secrets = params
first_or = OrProofStmt(p1, p2)
tr = first_or.simulate()
assert first_or.verify_simulation_consistency(tr)
assert not first_or.verify(tr)