1 /*******************************************************************************
2   GrothVSSHE.hh, |V|erifiable |S|ecret |S|huffle of |H|omomorphic |E|ncryptions
3 
4      [Gr05] Jens Groth: 'A Verifiable Secret Shuffle of Homomorphic Encryptions',
5      Cryptology ePrint Archive, Report 2005/246, 2005.
6 
7    This file is part of LibTMCG.
8 
9  Copyright (C) 2005, 2006, 2007, 2009,
10                2016, 2017, 2018  Heiko Stamer <HeikoStamer@gmx.net>
11 
12    LibTMCG is free software; you can redistribute it and/or modify
13    it under the terms of the GNU General Public License as published by
14    the Free Software Foundation; either version 2 of the License, or
15    (at your option) any later version.
16 
17    LibTMCG is distributed in the hope that it will be useful,
18    but WITHOUT ANY WARRANTY; without even the implied warranty of
19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20    GNU General Public License for more details.
21 
22    You should have received a copy of the GNU General Public License
23    along with LibTMCG; if not, write to the Free Software
24    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
25 *******************************************************************************/
26 
27 #ifndef INCLUDED_GrothVSSHE_HH
28 	#define INCLUDED_GrothVSSHE_HH
29 
30 // C and STL header
31 #include <cstdlib>
32 #include <iostream>
33 #include <vector>
34 
35 // GNU multiple precision library
36 #include <gmp.h>
37 
38 // generalized Pedersen commitment scheme
39 #include "PedersenCOM.hh"
40 // asynchronous unicast transmission of mpz_t
41 #include "aiounicast.hh"
42 // erasure-free distributed coinflip protocol [JL00]
43 #include "JareckiLysyanskayaASTC.hh"
44 
45 class GrothSKC
46 {
47 	private:
48 		const unsigned long int			l_e, l_e_nizk;
49 		PedersenCommitmentScheme		*com;
50 
51 	public:
52 		GrothSKC
53 			(size_t n,
54 			unsigned long int ell_e = TMCG_GROTH_L_E,
55 			unsigned long int fieldsize = TMCG_DDH_SIZE,
56 			unsigned long int subgroupsize = TMCG_DLSE_SIZE);
57 		GrothSKC
58 			(size_t n, std::istream &in,
59 			unsigned long int ell_e = TMCG_GROTH_L_E,
60 			unsigned long int fieldsize = TMCG_DDH_SIZE,
61 			unsigned long int subgroupsize = TMCG_DLSE_SIZE);
62 		void SetupGenerators_publiccoin
63 			(mpz_srcptr a);
64 		bool SetupGenerators_publiccoin
65 			(const size_t whoami, aiounicast *aiou,
66 			CachinKursawePetzoldShoupRBC *rbc,
67 			JareckiLysyanskayaEDCF *edcf, std::ostream &err);
68 		bool CheckGroup
69 			() const;
70 		void PublishGroup
71 			(std::ostream &out) const;
72 		void Prove_interactive
73 			(const std::vector<size_t> &pi, mpz_srcptr r,
74 			const std::vector<mpz_ptr> &m,
75 			std::istream &in, std::ostream &out) const;
76 		void Prove_interactive_publiccoin
77 			(const std::vector<size_t> &pi, mpz_srcptr r,
78 			const std::vector<mpz_ptr> &m,
79 			JareckiLysyanskayaEDCF *edcf,
80 			std::istream &in, std::ostream &out) const;
81 		void Prove_noninteractive
82 			(const std::vector<size_t> &pi, mpz_srcptr r,
83 			const std::vector<mpz_ptr> &m, std::ostream &out) const;
84 		bool Verify_interactive
85 			(mpz_srcptr c, const std::vector<mpz_ptr> &m,
86 			std::istream &in, std::ostream &out, bool optimizations = true) const;
87 		bool Verify_interactive_publiccoin
88 			(mpz_srcptr c, const std::vector<mpz_ptr> &m,
89 			JareckiLysyanskayaEDCF *edcf,
90 			std::istream &in, std::ostream &out, bool optimizations = true) const;
91 		bool Verify_noninteractive
92 			(mpz_srcptr c, const std::vector<mpz_ptr> &m,
93 			std::istream &in, bool optimizations = true) const;
94 		bool Verify_interactive
95 			(mpz_srcptr c, const std::vector<mpz_ptr> &f_prime,
96 			const std::vector<mpz_ptr> &m,
97 			std::istream &in, std::ostream &out, bool optimizations = true) const;
98 		bool Verify_interactive_publiccoin
99 			(mpz_srcptr c, const std::vector<mpz_ptr> &f_prime,
100 			const std::vector<mpz_ptr> &m,
101 			JareckiLysyanskayaEDCF *edcf,
102 			std::istream &in, std::ostream &out, bool optimizations = true) const;
103 		bool Verify_noninteractive
104 			(mpz_srcptr c, const std::vector<mpz_ptr> &f_prime,
105 			const std::vector<mpz_ptr> &m,
106 			std::istream &in, bool optimizations = true) const;
107 		~GrothSKC
108 			();
109 };
110 
111 // =============================================================================
112 
113 class GrothVSSHE
114 {
115 	private:
116 		const unsigned long int			l_e, l_e_nizk;
117 		const unsigned long int			F_size, G_size;
118 		mpz_t							*fpowm_table_g, *fpowm_table_h;
119 		GrothSKC						*skc;
120 
121 	public:
122 		mpz_t							p, q, g, h;
123 		PedersenCommitmentScheme		*com;
124 
125 		GrothVSSHE
126 			(size_t n,
127 			mpz_srcptr p_ENC, mpz_srcptr q_ENC, mpz_srcptr k_ENC,
128 			mpz_srcptr g_ENC, mpz_srcptr h_ENC,
129 			unsigned long int ell_e = TMCG_GROTH_L_E,
130 			unsigned long int fieldsize = TMCG_DDH_SIZE,
131 			unsigned long int subgroupsize = TMCG_DLSE_SIZE);
132 		GrothVSSHE
133 			(size_t n, std::istream& in,
134 			unsigned long int ell_e = TMCG_GROTH_L_E,
135 			unsigned long int fieldsize = TMCG_DDH_SIZE,
136 			unsigned long int subgroupsize = TMCG_DLSE_SIZE);
137 		void SetupGenerators_publiccoin
138 			(mpz_srcptr a);
139 		bool SetupGenerators_publiccoin
140 			(const size_t whoami, aiounicast *aiou,
141 			CachinKursawePetzoldShoupRBC *rbc,
142 			JareckiLysyanskayaEDCF *edcf, std::ostream &err);
143 		bool CheckGroup
144 			() const;
145 		void PublishGroup
146 			(std::ostream& out) const;
147 		void Prove_interactive
148 			(const std::vector<size_t>& pi, const std::vector<mpz_ptr>& R,
149 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
150 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
151 			std::istream& in, std::ostream& out) const;
152 		void Prove_interactive_publiccoin
153 			(const std::vector<size_t>& pi, const std::vector<mpz_ptr>& R,
154 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
155 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
156 			JareckiLysyanskayaEDCF *edcf,
157 			std::istream& in, std::ostream& out) const;
158 		void Prove_noninteractive
159 			(const std::vector<size_t>& pi, const std::vector<mpz_ptr>& R,
160 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
161 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
162 			std::ostream& out) const;
163 		bool Verify_interactive
164 			(const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
165 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
166 			std::istream& in, std::ostream& out) const;
167 		bool Verify_interactive_publiccoin
168 			(const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
169 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
170 			JareckiLysyanskayaEDCF *edcf,
171 			std::istream& in, std::ostream& out) const;
172 		bool Verify_noninteractive
173 			(const std::vector<std::pair<mpz_ptr, mpz_ptr> >& e,
174 			const std::vector<std::pair<mpz_ptr, mpz_ptr> >& E,
175 			std::istream& in) const;
176 		~GrothVSSHE
177 			();
178 };
179 
180 #endif
181