1 /******************************************************************************* 2 GennaroJareckiKrawczykRabinDKG.hh, 3 Secure |D|istributed |K|ey |G|eneration 4 5 [GJKR07] Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin: 6 'Secure Distributed Key Generation for Discrete-Log Based Cryptosystems', 7 Journal of Cryptology, Vol. 20 Nr. 1, pp. 51--83, Springer 2007. 8 9 This file is part of LibTMCG. 10 11 Copyright (C) 2016, 2017, 2018 Heiko Stamer <HeikoStamer@gmx.net> 12 13 LibTMCG is free software; you can redistribute it and/or modify 14 it under the terms of the GNU General Public License as published by 15 the Free Software Foundation; either version 2 of the License, or 16 (at your option) any later version. 17 18 LibTMCG is distributed in the hope that it will be useful, 19 but WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 GNU General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with LibTMCG; if not, write to the Free Software 25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 26 *******************************************************************************/ 27 28 #ifndef INCLUDED_GennaroJareckiKrawczykRabinDKG_HH 29 #define INCLUDED_GennaroJareckiKrawczykRabinDKG_HH 30 31 // C and STL header 32 #include <cstdlib> 33 #include <string> 34 #include <iostream> 35 #include <vector> 36 37 // GNU multiple precision library 38 #include <gmp.h> 39 40 #include "aiounicast.hh" 41 #include "CachinKursawePetzoldShoupSEABP.hh" 42 43 /* This protocol for dlog-based distributed key generation is called New-DKG in [GJKR07]. */ 44 /* $v_i$ is an array of public verification keys (see p. 64 [GJKR07], proof of Theorem 1) */ 45 class GennaroJareckiKrawczykRabinDKG 46 { 47 private: 48 mpz_t *fpowm_table_g, *fpowm_table_h; 49 const unsigned long int F_size, G_size; 50 const bool canonical_g; 51 const bool use_very_strong_randomness; 52 const std::string label; 53 54 public: 55 mpz_t p, q, g, h; 56 size_t n, t, i; 57 std::vector<size_t> QUAL; 58 mpz_t x_i, xprime_i, y; 59 std::vector<mpz_ptr> y_i, z_i, v_i; 60 std::vector< std::vector<mpz_ptr> > s_ij, sprime_ij, C_ik; 61 62 GennaroJareckiKrawczykRabinDKG 63 (const size_t n_in, const size_t t_in, const size_t i_in, 64 mpz_srcptr p_CRS, mpz_srcptr q_CRS, mpz_srcptr g_CRS, mpz_srcptr h_CRS, 65 const unsigned long int fieldsize = TMCG_DDH_SIZE, 66 const unsigned long int subgroupsize = TMCG_DLSE_SIZE, 67 const bool canonical_g_usage = false, 68 const bool use_very_strong_randomness_in = true, 69 const std::string label_in = ""); 70 GennaroJareckiKrawczykRabinDKG 71 (std::istream &in, 72 const unsigned long int fieldsize = TMCG_DDH_SIZE, 73 const unsigned long int subgroupsize = TMCG_DLSE_SIZE, 74 const bool canonical_g_usage = false, 75 const bool use_very_strong_randomness_in = true, 76 const std::string label_in = ""); 77 void PublishState 78 (std::ostream &out) const; 79 void PublishVerificationKeys 80 (std::ostream &out) const; 81 bool CheckGroup 82 () const; 83 bool CheckElement 84 (mpz_srcptr a) const; 85 bool Generate 86 (aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc, 87 std::ostream &err, 88 const bool simulate_faulty_behaviour = false, 89 mpz_t ssrandomm_cache[TMCG_MAX_SSRANDOMM_CACHE] = NULL, 90 mpz_srcptr ssrandomm_cache_mod = NULL, 91 size_t *ssrandomm_cache_avail = NULL); 92 bool CheckKey 93 (const size_t i_in) const; 94 bool CheckKey 95 () const; 96 bool Reconstruct 97 (const std::vector<size_t> &complaints, 98 std::vector<mpz_ptr> &z_i_in, 99 std::vector< std::vector<mpz_ptr> > &a_ik_in, 100 CachinKursawePetzoldShoupRBC *rbc, std::ostream &err); 101 ~GennaroJareckiKrawczykRabinDKG 102 (); 103 }; 104 105 /* This protocol is a threshold version of Schnorr's signature scheme. However, 106 instead of JF-DKG the above New-DKG is used for the distributed key generation. 107 This version of the signature scheme is called "new-TSch" in [GJKR07]. */ 108 class GennaroJareckiKrawczykRabinNTS 109 { 110 private: 111 mpz_t *fpowm_table_g, *fpowm_table_h; 112 const unsigned long int F_size, G_size; 113 const bool canonical_g; 114 const bool use_very_strong_randomness; 115 GennaroJareckiKrawczykRabinDKG *dkg; 116 117 public: 118 mpz_t p, q, g, h; 119 size_t n, t, i; 120 std::vector<size_t> QUAL; 121 mpz_t z_i, y; 122 std::vector<mpz_ptr> y_i; 123 124 GennaroJareckiKrawczykRabinNTS 125 (const size_t n_in, const size_t t_in, const size_t i_in, 126 mpz_srcptr p_CRS, mpz_srcptr q_CRS, mpz_srcptr g_CRS, mpz_srcptr h_CRS, 127 const unsigned long int fieldsize = TMCG_DDH_SIZE, 128 const unsigned long int subgroupsize = TMCG_DLSE_SIZE, 129 const bool canonical_g_usage = false, 130 const bool use_very_strong_randomness_in = true); 131 bool CheckGroup 132 () const; 133 bool Generate 134 (aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc, 135 std::ostream &err, 136 const bool simulate_faulty_behaviour = false, 137 mpz_t ssrandomm_cache[TMCG_MAX_SSRANDOMM_CACHE] = NULL, 138 mpz_srcptr ssrandomm_cache_mod = NULL, 139 size_t *ssrandomm_cache_avail = NULL); 140 bool Sign 141 (mpz_srcptr m, mpz_ptr c, mpz_ptr s, 142 aiounicast *aiou, CachinKursawePetzoldShoupRBC *rbc, 143 std::ostream &err, 144 const bool simulate_faulty_behaviour = false); 145 bool Verify 146 (mpz_srcptr m, mpz_srcptr c, mpz_srcptr s); 147 ~GennaroJareckiKrawczykRabinNTS 148 (); 149 }; 150 151 #endif 152