View Javadoc
1   package civitas.crypto.proofdvr;
2   
3   import java.util.ArrayList;
4   import java.util.List;
5   
6   import org.springframework.beans.factory.annotation.Autowired;
7   import org.springframework.stereotype.Controller;
8   
9   import civitas.crypto.CryptoBase;
10  import civitas.crypto.algorithms.ConvertHashToBigInt;
11  import civitas.crypto.ciphertext.ElGamalCiphertext;
12  import civitas.crypto.ciphertext.ElGamalCiphertextish;
13  import civitas.crypto.messagedigest.CryptoHash;
14  import civitas.crypto.parameters.ElGamalParameters;
15  import civitas.crypto.publickey.ElGamalPublicKey;
16  import civitas.crypto.reencryptfactor.ElGamalReencryptFactor;
17  import civitas.util.CivitasBigInteger;
18  
19  @Controller
20  public class ConstructElGamalProofDVR {
21  	@Autowired
22  	CryptoBase cryptoBase;
23  
24  	@Autowired
25  	CryptoHash cryptoHash;
26  
27  	@Autowired
28  	private ConvertHashToBigInt convertHashToBigInt;
29  
30  	public ElGamalProofDVR apply(
31  			final ElGamalPublicKey k,
32  			final ElGamalPublicKey verifierKey,
33  			final ElGamalCiphertextish e,
34  			final ElGamalCiphertext ePrime,
35  			final ElGamalReencryptFactor er,
36  			final ElGamalReencryptFactor erPrime) {
37  		ElGamalParameters ps = k.params;
38  		CivitasBigInteger zeta = erPrime.r().modSubtract(er.r(), ps.q);
39  		return apply(e, ePrime, k, verifierKey, zeta);
40  	}
41  
42  	public ElGamalProofDVR apply(
43  			final ElGamalCiphertextish e,
44  			final ElGamalCiphertext eprime,
45  			final ElGamalPublicKey key,
46  			final ElGamalPublicKey verifierKey,
47  			final CivitasBigInteger zeta) {
48  
49  		ElGamalParameters ps = key.params;
50  		CivitasBigInteger d = cryptoBase.generateRandomElement(ps.q);
51  		CivitasBigInteger w = cryptoBase.generateRandomElement(ps.q);
52  		CivitasBigInteger r = cryptoBase.generateRandomElement(ps.q);
53  		CivitasBigInteger h = key.y;
54  		CivitasBigInteger hv = verifierKey.y;
55  		CivitasBigInteger a = ps.g.modPow(d, ps.p);
56  		CivitasBigInteger b = h.modPow(d, ps.p);
57  		CivitasBigInteger s = ps.g.modPow(w, ps.p).modMultiply(hv.modPow(r, ps.p), ps.p);
58  		List<CivitasBigInteger> l = new ArrayList<>();
59  		l.add(e.getA());
60  		l.add(e.getB());
61  		l.add(eprime.getA());
62  		l.add(eprime.getB());
63  		l.add(a);
64  		l.add(b);
65  		l.add(s);
66  
67  		CivitasBigInteger c = convertHashToBigInt.apply(cryptoHash.apply(l)).mod(ps.q);
68  
69  		CivitasBigInteger u = d.modAdd(zeta.modMultiply(c.modAdd(w, ps.q), ps.q), ps.q);
70  
71  		return new ElGamalProofDVR(e, eprime, c, w, r, u);
72  	}
73  }