View Javadoc
1   package civitas.crypto.proofdvr;
2   
3   import java.util.ArrayList;
4   import java.util.List;
5   
6   import org.springframework.beans.factory.annotation.Autowired;
7   import org.springframework.stereotype.Controller;
8   
9   import civitas.crypto.CryptoBase;
10  import civitas.crypto.algorithms.ConvertHashToBigInt;
11  import civitas.crypto.ciphertext.ElGamalCiphertext;
12  import civitas.crypto.ciphertext.ElGamalCiphertextish;
13  import civitas.crypto.messagedigest.CryptoHash;
14  import civitas.crypto.parameters.ElGamalParameters;
15  import civitas.crypto.privatekey.ElGamalPrivateKey;
16  import civitas.crypto.publickey.ElGamalPublicKey;
17  import civitas.util.CivitasBigInteger;
18  
19  @Controller
20  public class FakeElGamalProofDVR {
21  
22  	@Autowired
23  	CryptoBase cryptoBase;
24  
25  	@Autowired
26  	CryptoHash cryptoHash;
27  
28  	@Autowired
29  	ConvertHashToBigInt convertHashToBigInt;
30  
31  	public ElGamalProofDVR apply(
32  			final ElGamalPublicKey key,
33  			final ElGamalPublicKey verifierKey,
34  			final ElGamalPrivateKey verifierPrivKey,
35  			final ElGamalCiphertextish e,
36  			final ElGamalCiphertext ePrime) {
37  		return apply(e, ePrime, key, verifierKey, verifierPrivKey);
38  	}
39  
40  	public ElGamalProofDVR apply(
41  			final ElGamalCiphertextish e,
42  			final ElGamalCiphertext et,
43  			final ElGamalPublicKey key,
44  			final ElGamalPublicKey verifierKey,
45  			final ElGamalPrivateKey verifierPrivKey) {
46  
47  		ElGamalParameters ps = key.params;
48  		// CivitasBigInteger hv = verifierKey.y;
49  		CivitasBigInteger zv = verifierPrivKey.x();
50  
51  		CivitasBigInteger h = key.y;
52  		CivitasBigInteger x = e.getA();
53  		CivitasBigInteger y = e.getB();
54  		CivitasBigInteger xt = et.getA();
55  		CivitasBigInteger yt = et.getB();
56  
57  		CivitasBigInteger alpha = cryptoBase.generateRandomElement(ps.q);
58  		CivitasBigInteger beta = cryptoBase.generateRandomElement(ps.q);
59  		CivitasBigInteger ut = cryptoBase.generateRandomElement(ps.q);
60  
61  		CivitasBigInteger at =
62  				ps.g.modPow(ut, ps.p).modDivide(xt.modDivide(x, ps.p).modPow(alpha, ps.p), ps.p);
63  		CivitasBigInteger bt =
64  				h.modPow(ut, ps.p).modDivide(yt.modDivide(y, ps.p).modPow(alpha, ps.p), ps.p);
65  		CivitasBigInteger st = ps.g.modPow(beta, ps.p);
66  
67  		List<CivitasBigInteger> l = new ArrayList<>();
68  		l.add(e.getA());
69  		l.add(e.getB());
70  		l.add(et.getA());
71  		l.add(et.getB());
72  		l.add(at);
73  		l.add(bt);
74  		l.add(st);
75  		CivitasBigInteger ct = convertHashToBigInt.apply(cryptoHash.apply(l)).mod(ps.q);
76  
77  		CivitasBigInteger wt = alpha.modSubtract(ct, ps.q);
78  		CivitasBigInteger rt = beta.modSubtract(wt, ps.q).modDivide(zv, ps.q);
79  
80  		return new ElGamalProofDVR(e, et, ct, wt, rt, ut);
81  	}
82  }