-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest-anonvtr.c
183 lines (138 loc) · 4.41 KB
/
test-anonvtr.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#include "vtr.h"
#include "utils.h"
#include "anonvtr.h"
#include "sput.h"
#include <stdio.h>
#include <relic/relic.h>
#include <time.h>
#define NR_MODS 5
#define THRESHOLD 3
#define NR_TESTS 10
#define NR_EXPERIMENTS 1000
struct system {
struct shuffle_elgamal_sk modsk[NR_MODS];
struct shuffle_elgamal_pk modpk[NR_MODS];
uint8_t *transaction;
size_t ltransaction;
uint8_t *epoch;
size_t lepoch;
bn_t x;
struct bbsplus_pk bbspk;
struct bbsplus_sign sign;
struct shuffle_com_pk ck;
};
void
setup_system(struct system *sys) {
for(int i = 0; i < NR_MODS; i++) {
shuffle_elgamal_keygen(sys->modpk + i, sys->modsk + i);
}
shuffle_commit_keygen(&sys->ck, NR_MODS);
sys->transaction = malloc(2);
sys->transaction[0] = 33;
sys->transaction[1] = 87;
sys->ltransaction = 2;
sys->epoch = malloc(2);
sys->epoch[0] = 11;
sys->epoch[1] = 37;
sys->lepoch = 2;
struct bbsplus_sk bbssk;
bbsplus_keygen(&sys->bbspk, &bbssk, 2);
bn_null(sys->x);
bn_new(sys->x);
bn_rand_mod(sys->x, sys->ck.q);
bbsplus_sign(&sys->sign, &sys->bbspk, &bbssk, &sys->x, 1);
}
void
test_pk_encoding() {
struct system sys;
setup_system(&sys);
struct shuffle_elgamal_pk stub_pk;
struct shuffle_elgamal_ctxt encoded_modpk[NR_MODS];
anonvtr_encode_pks(encoded_modpk, &stub_pk, sys.modpk, NR_MODS);
int valid_encoding =
anonvtr_verify_pk_encoding(sys.modpk, encoded_modpk, NR_MODS);
sput_fail_unless(valid_encoding, "encoding of pks should validate");
}
void
test_sp_msg() {
struct system sys;
setup_system(&sys);
struct anonvtr_msg_sp msg;
struct anonvtr_sp_private priv;
anonvtr_sp_randomize_pks(&msg, &priv, sys.modpk, NR_MODS,
&sys.ck, sys.transaction, sys.ltransaction);
int valid_sp_msg =
anonvtr_verify_msg_sp(&msg, sys.modpk, NR_MODS, &sys.ck,
sys.transaction, sys.ltransaction);
sput_fail_unless(valid_sp_msg, "sp shuffle pks msg should be valid");
}
void
test_user_msg() {
struct system sys;
setup_system(&sys);
struct anonvtr_msg_sp msg;
struct anonvtr_sp_private priv;
anonvtr_sp_randomize_pks(&msg, &priv, sys.modpk, NR_MODS,
&sys.ck, sys.transaction, sys.ltransaction);
struct anonvtr_msg_user msgu;
anonvtr_user_message(&msgu, &msg, &sys.sign, sys.x, &sys.bbspk,
&sys.ck, NR_MODS, THRESHOLD, sys.transaction, sys.ltransaction,
sys.epoch, sys.lepoch);
int valid_user_msg =
anonvtr_verify_msg_user(&msgu, &msg,
&sys.bbspk, &sys.ck,
NR_MODS, THRESHOLD, sys.transaction, sys.ltransaction);
sput_fail_unless(valid_user_msg, "User message should be valid");
struct shuffle_elgamal_ctxt res[NR_MODS];
anonvtr_sp_reconstruct_mod_messages(res, &msgu, &msg, &priv, NR_MODS);
struct tdh_dec_share dec_shares[NR_MODS];
for(int i = 0; i < NR_MODS; i++) {
anonvtr_moderator_decrypt(dec_shares + i, res + i, &sys.modsk[i], NR_MODS);
// printf("Recovered decryption share %i\n", dec_shares[i].i);
// g1_print(dec_shares[i].ui);
}
g1_t linking_token;
g1_null(linking_token);
g1_new(linking_token);
tdh_combine_base(&linking_token, &msgu.record.ctxt, msgu.tdhpk,
dec_shares, THRESHOLD, 0);
// printf("Recovered linking_token:\n");
// g1_norm(linking_token, linking_token); g1_print(linking_token);
// Verify linking token
gt_t t2;
gt_null(t2);
gt_new(t2);
pc_map(t2, linking_token, msgu.record.link_proof.t1);
int linking_token_ok = gt_cmp(t2, msgu.record.link_proof.t2) == CMP_EQ;
sput_fail_unless(linking_token_ok, "Recovered linking token shoul be valid");
}
void
test_step1_sp() {
test_pk_encoding();
test_sp_msg();
}
void
test_step2_user() {
test_user_msg();
}
int
main(int argc, char **argv) {
printf("Testing anonymous VtR scheme!\n");
// Initialize relic
if( core_init() != STS_OK ) {
core_clean();
printf("Error loading relic");
return 1;
}
if( pc_param_set_any() != STS_OK ) {
printf("Error: No curve!");
return 1;
}
sput_start_testing();
sput_enter_suite("Testing step 1 (from SP -> User)");
sput_run_test(test_step1_sp);
sput_enter_suite("Testing step 2 (from User -> SP)");
sput_run_test(test_step2_user);
sput_finish_testing();
return sput_get_return_value();
}