1 /*******************************************************************************
2   GennaroJareckiKrawczykRabinDKG.hh,
3                                        Secure |D|istributed |K|ey |G|eneration
4 
5      [GJKR07] Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin:
6        'Secure Distributed Key Generation for Discrete-Log Based Cryptosystems',
7      Journal of Cryptology, Vol. 20 Nr. 1, pp. 51--83, Springer 2007.
8 
9    This file is part of LibTMCG.
10 
11  Copyright (C) 2016, 2017, 2018  Heiko Stamer <HeikoStamer@gmx.net>
12 
13    LibTMCG is free software; you can redistribute it and/or modify
14    it under the terms of the GNU General Public License as published by
15    the Free Software Foundation; either version 2 of the License, or
16    (at your option) any later version.
17 
18    LibTMCG is distributed in the hope that it will be useful,
19    but WITHOUT ANY WARRANTY; without even the implied warranty of
20    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21    GNU General Public License for more details.
22 
23    You should have received a copy of the GNU General Public License
24    along with LibTMCG; if not, write to the Free Software
25    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
26 *******************************************************************************/
27 
28 #ifndef INCLUDED_GennaroJareckiKrawczykRabinDKG_HH
29 	#define INCLUDED_GennaroJareckiKrawczykRabinDKG_HH
30 
31 // C and STL header
32 #include <cstdlib>
33 #include <string>
34 #include <iostream>
35 #include <vector>
36 
37 // GNU multiple precision library
38 #include <gmp.h>
39 
40 #include "aiounicast.hh"
41 #include "CachinKursawePetzoldShoupSEABP.hh"
42 
43 /* This protocol for dlog-based distributed key generation is called New-DKG in [GJKR07]. */
44 /* $v_i$ is an array of public verification keys (see p. 64 [GJKR07], proof of Theorem 1) */
45 class GennaroJareckiKrawczykRabinDKG
46 {
47 	private:
48 		mpz_t					*fpowm_table_g, *fpowm_table_h;
49 		const unsigned long int			F_size, G_size;
50 		const bool				canonical_g;
51 		const bool				use_very_strong_randomness;
52 		const std::string			label;
53 
54 	public:
55 		mpz_t					p, q, g, h;
56 		size_t					n, t, i;
57 		std::vector<size_t>			QUAL;
58 		mpz_t					x_i, xprime_i, y;
59 		std::vector<mpz_ptr>			y_i, z_i, v_i;
60 		std::vector< std::vector<mpz_ptr> >	s_ij, sprime_ij, C_ik;
61 
62 		GennaroJareckiKrawczykRabinDKG
63 			(const size_t n_in, const size_t t_in, const size_t i_in,
64 			mpz_srcptr p_CRS, mpz_srcptr q_CRS, mpz_srcptr g_CRS, mpz_srcptr h_CRS,
65 			const unsigned long int fieldsize = TMCG_DDH_SIZE,
66 			const unsigned long int subgroupsize = TMCG_DLSE_SIZE,
67 			const bool canonical_g_usage = false,
68 			const bool use_very_strong_randomness_in = true,
69 			const std::string label_in = "");
70 		GennaroJareckiKrawczykRabinDKG
71 			(std::istream &in,
72 			const unsigned long int fieldsize = TMCG_DDH_SIZE,
73 			const unsigned long int subgroupsize = TMCG_DLSE_SIZE,
74 			const bool canonical_g_usage = false,
75 			const bool use_very_strong_randomness_in = true,
76 			const std::string label_in = "");
77 		void PublishState
78 			(std::ostream &out) const;
79 		void PublishVerificationKeys
80 			(std::ostream &out) const;
81 		bool CheckGroup
82 			() const;
83 		bool CheckElement
84 			(mpz_srcptr a) const;
85 		bool Generate
86 			(aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc,
87 			std::ostream &err,
88 			const bool simulate_faulty_behaviour = false,
89 			mpz_t ssrandomm_cache[TMCG_MAX_SSRANDOMM_CACHE] = NULL,
90 			mpz_srcptr ssrandomm_cache_mod = NULL,
91 			size_t *ssrandomm_cache_avail = NULL);
92 		bool CheckKey
93 			(const size_t i_in) const;
94 		bool CheckKey
95 			() const;
96 		bool Reconstruct
97 			(const std::vector<size_t> &complaints,
98 			std::vector<mpz_ptr> &z_i_in,
99 			std::vector< std::vector<mpz_ptr> > &a_ik_in,
100 			CachinKursawePetzoldShoupRBC *rbc, std::ostream &err);
101 		~GennaroJareckiKrawczykRabinDKG
102 			();
103 };
104 
105 /* This protocol is a threshold version of Schnorr's signature scheme. However,
106    instead of JF-DKG the above New-DKG is used for the distributed key generation.
107    This version of the signature scheme is called "new-TSch" in [GJKR07]. */
108 class GennaroJareckiKrawczykRabinNTS
109 {
110 	private:
111 		mpz_t				*fpowm_table_g, *fpowm_table_h;
112 		const unsigned long int		F_size, G_size;
113 		const bool			canonical_g;
114 		const bool			use_very_strong_randomness;
115 		GennaroJareckiKrawczykRabinDKG 	*dkg;
116 
117 	public:
118 		mpz_t				p, q, g, h;
119 		size_t				n, t, i;
120 		std::vector<size_t>		QUAL;
121 		mpz_t				z_i, y;
122 		std::vector<mpz_ptr>		y_i;
123 
124 		GennaroJareckiKrawczykRabinNTS
125 			(const size_t n_in, const size_t t_in, const size_t i_in,
126 			mpz_srcptr p_CRS, mpz_srcptr q_CRS, mpz_srcptr g_CRS, mpz_srcptr h_CRS,
127 			const unsigned long int fieldsize = TMCG_DDH_SIZE,
128 			const unsigned long int subgroupsize = TMCG_DLSE_SIZE,
129 			const bool canonical_g_usage = false,
130 			const bool use_very_strong_randomness_in = true);
131 		bool CheckGroup
132 			() const;
133 		bool Generate
134 			(aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc,
135 			std::ostream &err,
136 			const bool simulate_faulty_behaviour = false,
137 			mpz_t ssrandomm_cache[TMCG_MAX_SSRANDOMM_CACHE] = NULL,
138 			mpz_srcptr ssrandomm_cache_mod = NULL,
139 			size_t *ssrandomm_cache_avail = NULL);
140 		bool Sign
141 			(mpz_srcptr m, mpz_ptr c, mpz_ptr s,
142 			aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc,
143 			std::ostream &err,
144 			const bool simulate_faulty_behaviour = false);
145 		bool Verify
146 			(mpz_srcptr m, mpz_srcptr c, mpz_srcptr s);
147 		~GennaroJareckiKrawczykRabinNTS
148 			();
149 };
150 
151 #endif
152