Don't short circuit the test
This commit is contained in:
parent
035201447f
commit
bc9fc9209b
15
src/lib.rs
15
src/lib.rs
|
@ -20,9 +20,6 @@ use std::ops::{Add, Mul, Sub};
|
|||
/// * Correctness: Valid tags constructed for a specific public key will always validate when tested using the detection key
|
||||
/// * Fuzziness: Invalid tags will produce false positives with probability _p_ related to the security property (_γ_)
|
||||
/// * Security: An adversarial server with access to the detection key is unable to distinguish false positives from true positives. (Detection Ambiguity)
|
||||
|
||||
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct FuzzyMetaTag {
|
||||
u: RistrettoPoint,
|
||||
|
@ -52,6 +49,7 @@ impl FuzzyMetaDetectionKey {
|
|||
let w = g.mul(m).add(tag.u.mul(tag.y));
|
||||
|
||||
// for each secret key part...
|
||||
let mut result = true;
|
||||
for (i, x_i) in self.0.iter().enumerate() {
|
||||
// re-derive the key from the tag
|
||||
let k_i = FuzzyMetaTagKeyPair::h(tag.u, tag.u.mul(x_i), w);
|
||||
|
@ -61,13 +59,13 @@ impl FuzzyMetaDetectionKey {
|
|||
true => 0x01,
|
||||
false => 0x00,
|
||||
};
|
||||
|
||||
let b_i = k_i ^ c_i;
|
||||
// if these don't match then return false
|
||||
if b_i != 1 {
|
||||
return false;
|
||||
}
|
||||
|
||||
// assert that the plaintext is all 1's
|
||||
result = result & (b_i == 1);
|
||||
}
|
||||
return true;
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -90,6 +88,7 @@ impl FuzzyMetaPublicKey {
|
|||
let mut ciphertexts = BitVec::new();
|
||||
for (_i, h_i) in self.0.iter().enumerate() {
|
||||
let k_i = FuzzyMetaTagKeyPair::h(u, h_i.mul(r), w);
|
||||
// encrypt a plaintext of all 1's
|
||||
let c_i = k_i ^ 0x01;
|
||||
ciphertexts.push(c_i == 0x01);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue