AtHeartEngineer/ole-protocols
1
0
Fork 0
mirror of https://github.com/tlsnotary/ole-protocols.git synced 2026-01-08 22:18:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add more tests and fix bug

Browse Source
This commit is contained in:
th4s
2023-12-11 19:18:47 +01:00
parent 7bc7746db9
commit 8ffb51d173
3 changed files with 184 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
src/e2f/mod.rs
View File

@@ -3,85 +3,177 @@
mod prover;
mod verifier;
use crate::ole::Ole;
use mpz_share_conversion_core::fields::p256::P256;
pub use prover::Prover;
pub use verifier::Verifier;
/// Returns the x-coordinate shares of the sum of the two EC points
pub fn e2f(
prover_point: (P256, P256),
prover: &mut Prover,
verifier_point: (P256, P256),
verifier: &mut Verifier,
) -> (P256, P256) {
let mut ole = Ole::default();
// Preprocessing
prover.preprocess1();
verifier.preprocess1();
prover.preprocess2_ole_input(&mut ole);
verifier.preprocess2_ole_input(&mut ole);
prover.preprocess2_ole_output(&mut ole);
verifier.preprocess2_ole_output(&mut ole);
prover.preprocess3();
verifier.preprocess3();
prover.preprocess4();
verifier.preprocess4();
// Handshake
prover.handshake5_input_ec(prover_point);
verifier.handshake5_input_ec(verifier_point);
let varespilon1_share_prover = prover.handshake5_varepsilon1_share_open();
let varespilon1_share_verifier = verifier.handshake5_varepsilon1_share_open();
let varepsilon1 = varespilon1_share_prover + varespilon1_share_verifier;
prover.handshake5_set_omega(varepsilon1);
verifier.handshake5_set_omega(varepsilon1);
let omega_share_prover = prover.handshake6_omega_share_open();
let omega_share_verifier = verifier.handshake6_omega_share_open();
let omega = omega_share_prover + omega_share_verifier;
let varespilon2_share_prover = prover.handshake6_varepsilon2_share_open();
let varespilon2_share_verifier = verifier.handshake6_varepsilon2_share_open();
let varepsilon2 = varespilon2_share_prover + varespilon2_share_verifier;
prover.handshake6_set_eta(omega, varepsilon2);
verifier.handshake6_set_eta(omega, varepsilon2);
let varepsilon3_share_prover = prover.handshake7_varepsilon3_share_open();
let varepsilon3_share_verifier = verifier.handshake7_varepsilon3_share_open();
let varepsilon3 = varepsilon3_share_prover + varepsilon3_share_verifier;
prover.handshake7_set_z1(varepsilon3);
verifier.handshake7_set_z2(varepsilon3);
// Output
let z1 = prover.handshake8_z1_open();
let z2 = verifier.handshake8_z2_open();
(z1, z2)
}
#[cfg(test)]
mod tests {
use super::{Prover, Verifier};
use crate::ole::Ole;
use mpz_share_conversion_core::{fields::p256::P256, Field};
use p256::elliptic_curve::sec1::ToEncodedPoint;
use p256::{EncodedPoint, NonZeroScalar, PublicKey};
use super::*;
use mpz_share_conversion_core::Field;
use p256::{elliptic_curve::sec1::ToEncodedPoint, EncodedPoint, NonZeroScalar, PublicKey};
use rand::thread_rng;
#[test]
fn test_e2f() {
// Initialize
let mut rng = thread_rng();
let prover_scalar = p256::NonZeroScalar::random(&mut rng);
let verifier_scalar = p256::NonZeroScalar::random(&mut rng);
let prover_scalar = NonZeroScalar::random(&mut rng);
let verifier_scalar = NonZeroScalar::random(&mut rng);
let prover_ec = point_to_p256(scalar_to_encoded_point(prover_scalar));
let verifier_ec = point_to_p256(scalar_to_encoded_point(verifier_scalar));
let mut ole = Ole::default();
let mut prover = Prover::default();
let verifier_ec = point_to_p256(scalar_to_encoded_point(verifier_scalar));
let mut verifier = Verifier::default();
// Preprocessing
prover.preprocess1();
verifier.preprocess1();
prover.preprocess2_ole_input(&mut ole);
verifier.preprocess2_ole_input(&mut ole);
prover.preprocess2_ole_output(&mut ole);
verifier.preprocess2_ole_output(&mut ole);
prover.preprocess3();
verifier.preprocess3();
prover.preprocess4();
verifier.preprocess4();
// Handshake
prover.handshake5_input_ec(prover_ec);
verifier.handshake5_input_ec(verifier_ec);
let varespilon1_share_prover = prover.handshake5_varepsilon1_share_open();
let varespilon1_share_verifier = verifier.handshake5_varepsilon1_share_open();
let varepsilon1 = varespilon1_share_prover + varespilon1_share_verifier;
prover.handshake5_set_omega(varepsilon1);
verifier.handshake5_set_omega(varepsilon1);
let omega_share_prover = prover.handshake6_omega_share_open();
let omega_share_verifier = verifier.handshake6_omega_share_open();
let omega = omega_share_prover + omega_share_verifier;
let varespilon2_share_prover = prover.handshake6_varepsilon2_share_open();
let varespilon2_share_verifier = verifier.handshake6_varepsilon2_share_open();
let var_epsilon2 = varespilon2_share_prover + varespilon2_share_verifier;
prover.handshake6_set_eta(omega, var_epsilon2);
verifier.handshake6_set_eta(omega, var_epsilon2);
let varepsilon3_share_prover = prover.handshake7_varepsilon3_share_open();
let varepsilon3_share_verifier = verifier.handshake7_varepsilon3_share_open();
let varepsilon3 = varepsilon3_share_prover + varepsilon3_share_verifier;
prover.handshake7_set_z1(varepsilon3);
verifier.handshake7_set_z2(varepsilon3);
// Output
let z1 = prover.handshake8_z1_open();
let z2 = verifier.handshake8_z2_open();
let (z1, z2) = e2f(prover_ec, &mut prover, verifier_ec, &mut verifier);
let x_ec_expected = add_ec_points(prover_ec, verifier_ec);
assert_eq!(z1 + z2, x_ec_expected.0);
}
#[test]
fn test_sharing_sums() {
let mut rng = thread_rng();
let prover_scalar = NonZeroScalar::random(&mut rng);
let verifier_scalar = NonZeroScalar::random(&mut rng);
let prover_ec = point_to_p256(scalar_to_encoded_point(prover_scalar));
let mut prover = Prover::default();
let verifier_ec = point_to_p256(scalar_to_encoded_point(verifier_scalar));
let mut verifier = Verifier::default();
let _ = e2f(prover_ec, &mut prover, verifier_ec, &mut verifier);
// Assertions
// c
let c = prover.a1.unwrap() * prover.b1.unwrap()
+ prover.a1_b2_share.unwrap()
+ prover.a2_b1_share.unwrap()
+ verifier.a2_b1_share.unwrap()
+ verifier.a1_b2_share.unwrap()
+ verifier.a2.unwrap() * verifier.b2.unwrap();
assert_eq!(prover.c1.unwrap() + verifier.c2.unwrap(), c);
// c_prime
let c_prime = prover.a1.unwrap() * prover.b1_prime.unwrap()
+ prover.a1_b2_prime_share.unwrap()
+ prover.a2_b1_prime_share.unwrap()
+ verifier.a2_b1_prime_share.unwrap()
+ verifier.a1_b2_prime_share.unwrap()
+ verifier.a2.unwrap() * verifier.b2_prime.unwrap();
assert_eq!(
prover.c1_prime.unwrap() + verifier.c2_prime.unwrap(),
c_prime
);
// r_squared
let r_squared = prover.r1.unwrap() * prover.r1.unwrap()
+ P256::new(2).unwrap() * (prover.r1_r2_share.unwrap() + verifier.r1_r2_share.unwrap())
+ verifier.r2.unwrap() * verifier.r2.unwrap();
assert_eq!(
prover.r_squared_share.unwrap() + verifier.r_squared_share.unwrap(),
r_squared
);
// omega
let b = prover.b1.unwrap() + verifier.b2.unwrap();
let varepsilon1 = -prover.ec_point.unwrap().0 + verifier.ec_point.unwrap().0 + -b;
let omega = varepsilon1 * (prover.a1.unwrap() + verifier.a2.unwrap())
+ prover.c1.unwrap()
+ verifier.c2.unwrap();
assert_eq!(
prover.omega_share.unwrap() + verifier.omega_share.unwrap(),
omega
);
// eta
let b_prime = prover.b1_prime.unwrap() + verifier.b2_prime.unwrap();
let varepsilon2 = -prover.ec_point.unwrap().1 + verifier.ec_point.unwrap().1 + -b_prime;
let eta = (prover.omega_share.unwrap() + verifier.omega_share.unwrap()).inverse()
* (varepsilon2 * (prover.a1.unwrap() + verifier.a2.unwrap())
+ prover.c1_prime.unwrap()
+ verifier.c2_prime.unwrap());
assert_eq!(prover.eta_share.unwrap() + verifier.eta_share.unwrap(), eta);
// z
let varepsilon3 = prover.eta_share.unwrap()
+ verifier.eta_share.unwrap()
+ -prover.r1.unwrap()
+ -verifier.r2.unwrap();
let z = varepsilon3 * varepsilon3
+ P256::new(2).unwrap() * varepsilon3 * (prover.r1.unwrap() + verifier.r2.unwrap())
+ prover.r_squared_share.unwrap()
+ verifier.r_squared_share.unwrap()
+ -prover.ec_point.unwrap().0
+ -verifier.ec_point.unwrap().0;
assert_eq!(prover.z1.unwrap() + verifier.z2.unwrap(), z);
}
#[test]
fn test_add_ec_points() {
let mut rng = thread_rng();

32
src/e2f/prover.rs
View File

@@ -7,34 +7,34 @@ use rand::thread_rng;
#[derive(Debug, Default)]
pub struct Prover {
// Preprocess 1
a1: Option<P256>,
b1: Option<P256>,
b1_prime: Option<P256>,
r1: Option<P256>,
pub(crate) a1: Option<P256>,
pub(crate) b1: Option<P256>,
pub(crate) b1_prime: Option<P256>,
pub(crate) r1: Option<P256>,
// Preprocess 2
a1_b2_share: Option<P256>,
a2_b1_share: Option<P256>,
a1_b2_prime_share: Option<P256>,
a2_b1_prime_share: Option<P256>,
r1_r2_share: Option<P256>,
pub(crate) a1_b2_share: Option<P256>,
pub(crate) a2_b1_share: Option<P256>,
pub(crate) a1_b2_prime_share: Option<P256>,
pub(crate) a2_b1_prime_share: Option<P256>,
pub(crate) r1_r2_share: Option<P256>,
// Preprocess 3
c1: Option<P256>,
c1_prime: Option<P256>,
pub(crate) c1: Option<P256>,
pub(crate) c1_prime: Option<P256>,
// Preprocess 4
r_squared_share: Option<P256>,
pub(crate) r_squared_share: Option<P256>,
// Handshake 5
ec_point: Option<(P256, P256)>,
omega_share: Option<P256>,
pub(crate) ec_point: Option<(P256, P256)>,
pub(crate) omega_share: Option<P256>,
// Handshake 6
eta_share: Option<P256>,
pub(crate) eta_share: Option<P256>,
// Handshake 7
z1: Option<P256>,
pub(crate) z1: Option<P256>,
}
impl Prover {

34
src/e2f/verifier.rs
View File

@@ -7,34 +7,34 @@ use rand::thread_rng;
#[derive(Debug, Default)]
pub struct Verifier {
// Preprocess 1
a2: Option<P256>,
b2: Option<P256>,
b2_prime: Option<P256>,
r2: Option<P256>,
pub(crate) a2: Option<P256>,
pub(crate) b2: Option<P256>,
pub(crate) b2_prime: Option<P256>,
pub(crate) r2: Option<P256>,
// Preprocess 2
a1_b2_share: Option<P256>,
a2_b1_share: Option<P256>,
a1_b2_prime_share: Option<P256>,
a2_b1_prime_share: Option<P256>,
r1_r2_share: Option<P256>,
pub(crate) a1_b2_share: Option<P256>,
pub(crate) a2_b1_share: Option<P256>,
pub(crate) a1_b2_prime_share: Option<P256>,
pub(crate) a2_b1_prime_share: Option<P256>,
pub(crate) r1_r2_share: Option<P256>,
// Preprocess 3
c2: Option<P256>,
c2_prime: Option<P256>,
pub(crate) c2: Option<P256>,
pub(crate) c2_prime: Option<P256>,
// Preprocess 4
r_squared_share: Option<P256>,
pub(crate) r_squared_share: Option<P256>,
// Handshake 5
ec_point: Option<(P256, P256)>,
omega_share: Option<P256>,
pub(crate) ec_point: Option<(P256, P256)>,
pub(crate) omega_share: Option<P256>,
// Handshake 6
eta_share: Option<P256>,
pub(crate) eta_share: Option<P256>,
// Handshake 7
z2: Option<P256>,
pub(crate) z2: Option<P256>,
}
impl Verifier {
@@ -131,7 +131,7 @@ impl Verifier {
let r_squared_share = self.r_squared_share.unwrap();
let x2 = self.ec_point.unwrap().0;
self.z2 = Some(varepsilon3 * varepsilon3 + two * varepsilon3 * r2 + r_squared_share + -x2);
self.z2 = Some(two * varepsilon3 * r2 + r_squared_share + -x2);
}
pub fn handshake8_z2_open(&self) -> P256 {