In [1]:
import json
from tqdm.auto import tqdm
with open('./data/election_results.json') as json_file:
    data = json.load(json_file)

# GreenBox 1 - Parameters

- p: the big prime under paramter, prime
- q: the given small prime q, the largest 256-bit prime

In [2]:
p = int(data["parameters"]["prime"]) #big prime p
q = (2**256)-189 #small prime q
r = 9019518416950528558373478086511232658951474842525520401496114928154304263969688620325252581860530315530388761452281877712231196058806031646907074277559473370572297540090428604411602693018377070889546964787739496022322950246312517502699463986951192313975731521354681322947788878024550616890271988181289436086993123844124081826919833872184902652628063144078714079634244146642499700831665412680547204745934123940354574013503597950343602132101017089380082841610400137824792383077494392552044526510629139497792899833045857689366071581441769949805150724536792169821049103573064478783799952470453824637099933325988702382591194694337062301961007784297524221505356007621628132437524841706671129031056637581480237864162587429181933054088169073871110373443662213261337856657295772697400789521898621292161426497918187680808577989308766609911108416501173578438902509841873262595682619326525580137302833521960231773265393262120677845658554762369159070434710606084145406469502947514163751046724516397063925584394050022770432995620280564512311142925214983072493529411787312820806325450291929554891757330726374483722453382212296718904393252553130440130518143907350270439056
g = pow(2, r, p) #generator g

# check the range of number of trustees
num_trustees = int(data["parameters"]["num_trustees"])
if (num_trustees <= 0):
    print("number of trustees must be nonzero: ", num_trustees)
else:
  print("Valid number of trustees")

# check the range of threshold of trustees
threshold = int(data["parameters"]["threshold"])
if (threshold <= 0):
    print("threshold must be nonzero: ", threshold)
else:
  print("Valid threshold ")


# check threshold and trustees
threshold = int(data["parameters"]["threshold"])
if (threshold > num_trustees):
    print("threshold must not exceed number of trustees: ", threshold, ">", num_trustees)
else:
  print("Valid threshold and number of trustees")    


# check if generator g is correct
generator = int(data["parameters"]["generator"])
if (generator != g):
  print("invalid generator")
else:
  print("Valid generator")

Valid number of trustees
Valid threshold 
Valid threshold and number of trustees
Valid generator


# GreenBox 2 - Correct Key Generation

Features Not Included: <br>
- 1st Bullet Point: Hashing

### 1st Bullet Point - INCOMPLETE

Below is what we have tried:

In [5]:
# Hash computuation pg.10
# import hashlib
# import json
# PK = str.encode(data['trustee_public_keys'][0][0]['public_key'])
# base = str.encode(data['extended_base_hash'])
# commit = str.encode(data['trustee_public_keys'][0][0]['proof']['commitment'])
# challenge = data['trustee_public_keys'][0][0]['proof']['challenge']
# print("base", base)
# print("PK", PK)
# print("Commitment", commit)

# m = hashlib.sha256()
# m.update(base)
# m.update(PK)
# m.update(commit)

### 2nd Bullet Point - <em>"g<sup>u<sub>i,j</sub></sup> mod p=h<sub>i,j</sub>K<sub>i,j</sub><sup>c<sub>i</sub></sup> mod p"
    
- key: trustee_public_keys, public_key
- response: trustee_public_keys, proff, response
- ch: trustee_public_keys, proof, challenge
- commitment: trustee_public_keys, proof, commitment

In [13]:
error = False
keys = data['trustee_public_keys']
for i in range(num_trustees):
    for j in range(len(keys[i])):
        key = int(keys[i][j]['public_key'])
        response = int(keys[i][j]['proof']['response'])
        ch = int(keys[i][j]['proof']['challenge'])
        commitment = int(keys[i][j]['proof']['commitment'])
        if pow(g, response, p) != commitment * pow(key,ch,p) % p:
            print("problem with trustee key generation proof: trustee_public_keys at", "[", i, "][", j, "] public key =", key)
            error = True
if not error:
    print("success")

success


# GreenBox 3 - Selection Correctness

Not Included Features:
- 2nd bullet point: hashing
- 4th bullet point: closely related to 2nd and again, due to hashing problems it is not complete

### 1st Bullet Point - <em>"The given values alpha, beta, a0, b0, a1, and b1 are all in the set Z<sub>p</sub><sup>r</sup>. (A value x is in Z<sub>p</sub><sup>r</sup> if and only if x is an integer such that 0≤x<p and xq mod p=1 is satisfied.)"
    
- alpha: cast ballots, contests, selection, message, public_key
- beta: cast ballots, contests, selection, message, ciphertext
- a<sub>0</sub>: cast ballots, contests, selection, zero_proof, commitment, public_key
- a<sub>1</sub>: cast ballots, contests, selection, one_proof, commitment, public_key
- b<sub>0</sub>: cast ballots, contests, selection, zero_proof, commitment, ciphertext
- b<sub>1</sub>: cast ballots, contests, selection, one_proof, commitment, ciphertext

- For the sake of run time, we have reduced n

In [7]:
error = False
cast_ballots = data['cast_ballots']   
for i in tqdm(range(len(cast_ballots) // 2), desc="cast ballots"):
    b = cast_ballots[i]
    for j in range(len(b['contests']) // 2):
        contest = b['contests'][j]
        for k in range(len(contest['selections']) // 2):
            alpha = int(contest['selections'][k]['message']['public_key'])
            beta = int(contest['selections'][k]['message']['ciphertext'])
            a0 = int(contest['selections'][k]['zero_proof']['commitment']['public_key'])
            b0 = int(contest['selections'][k]['zero_proof']['commitment']['ciphertext'])
            a1 = int(contest['selections'][k]['one_proof']['commitment']['public_key'])
            b1 = int(contest['selections'][k]['one_proof']['commitment']['ciphertext'])
            alpha_1 = pow(alpha, q, p)
            beta_1 = pow(beta, q, p)
            a0_1 = pow(a0, q, p)
            b0_1 = pow(b0, q, p)
            a1_1 = pow(a1, q, p)
            b1_1 = pow(b1, q, p)
            if alpha < 0 or alpha >= p:
                print(f"alpha is out of range [{i}, {j}, {k}], alpha: {alpha}")
                error = True
            if beta < 0 or beta >= p:
                print(f"beta is out of range [{i}, {j}, {k}], beta: {beta}")
                error = True
            if a0 < 0 or a0 >= p:
                print(f"a0 is out of range [{i}, {j}, {k}], a0: {a0}")
                error = True
            if b0 < 0 or b0 >= p:
                print(f"b0 is out of range [{i}, {j}, {k}], b0: {b0}")
                error = True
            if a1 < 0 or a1 >= p:
                print(f"a1 is out of range [{i}, {j}, {k}], a1: {a1}")
                error = True
            if b1 < 0 or b1 >= p:
                print(f"b1 is out of range [{i}, {j}, {k}], b1: {b1}")
                error =True
            if alpha_1 != 1:
                print(f"alpha^q mod p does not equal to 1: [{i}, {j}, {k}], alpha: {alpha}")
                error = True
            if beta_1 != 1:
                print(f"beta^q mod p does not equal to 1: [{i}, {j}, {k}], beta: {beta}")
                error = True
            if a0_1 != 1:
                print(f"a0^q mod p does not equal to 1: [{i}, {j}, {k}], a0: {a0}")
                error = True
            if b0_1 != 1:
                print(f"b0^q mod p does not equal to 1: [{i}, {j}, {k}], b0: {b0}")
                error = True
            if a1_1 != 1:
                print(f"a1^q mod p does not equal to 1: [{i}, {j}, {k}], a1: {a1}")
                error = True
            if b1_1 != 1:
                print(f"b1^q mod p does not equal to 1: [{i}, {j}, {k}], b1: {b1}")
                error = True

            

if not error:
    print("success")                

HBox(children=(IntProgress(value=0, description='cast ballots', max=199, style=ProgressStyle(description_width…

success


### 3rd Bullet Point - <em>"The given values c0, c1, v0, and v1 are each in the set Z<sub>q</sub>.  (A value x is in Z<sub>q</sub> if and only if x is an integer such that 0≤x<q.)"

- c<sub>0</sub>: cast ballots, contests, selections, zero proof, challenge
- c<sub>1</sub>: cast ballots, contests, selections, one proof, challenge
- v<sub>0</sub>: cast ballots, contests, selections, zero proof, response
- v<sub>1</sub>: cast ballots, contests, selections, one proof, response


In [8]:
error = False
cast_ballots = data['cast_ballots']   
for i in tqdm(range(len(cast_ballots)), desc="cast ballots"):
    b = cast_ballots[i]
    for j in range(len(b['contests'])):
        contest = b['contests'][j]
        for k in range(len(contest['selections'])):
            c0 = int(contest['selections'][k]['zero_proof']['challenge'])
            c1 = int(contest['selections'][k]['one_proof']['challenge'])
            v0 = int(contest['selections'][k]['zero_proof']['response'])
            v1 = int(contest['selections'][k]['one_proof']['response'])
            if c0 < 0 or c0 >= q:
                print(f"c0 is out of range [{i}, {j}, {k}], c0: {c0}")
                error = True
            if c1 < 0 or c1 >= q:
                print(f"c1 is out of range [{i}, {j}, {k}], c1: {c1}")
                error = True
            if v0 < 0 or v0 >= q:
                print(f"v0 is out of range [{i}, {j}, {k}], v0: {v0}")
                error = True
            if v1 < 0 or v1 >= q:
                print(f"v1 is out of range [{i}, {j}, {k}], v1: {v1}")
                error = True

if not error:
    print("success")   

HBox(children=(IntProgress(value=0, description='cast ballots', max=398, style=ProgressStyle(description_width…

success


### (INCOMPLETE) 4th Bullet Point - <em>"The equation c=c<sub>0</sub>+c<sub>1</sub> mod q is satisfied."</em> 

- below is what we have tried: 

In [56]:
# cast_ballots = data['cast_ballots']   
# for i in range(len(cast_ballots)):
#     b = cast_ballots[i]
#     for j in range(len(b['contests'])):
#         contest = b['contests'][j]
#         for k in range(len(contest['selections'])):
#             c0 = int(contest['selections'][k]['zero_proof']['challenge'])
#             c1 = int(contest['selections'][k]['one_proof']['challenge'])
#             c = (c0 + c1) % q

### 5th Bullet Point - <em>"the equations g<sup>v<sub>0</sub></sup>=a<sub>0</sub>alpha<sup>c<sub>0</sub></sup> mod p, g<sup>v<sub>1</sub></sup>=a<sub>1</sub>alpha<sup>c<sub>1</sub></sup> mod p, K<sup>v<sub>0</sub></sup>=b<sub>0</sub>beta<sup>c</sup><sub>0</sub> mod p, and g<sup>c<sub>1</sub></sup>K<sup>v<sub>1</sub></sup>=b<sub>1</sub>beta<sup>c<sub>1</sub></sup> mod p are all satisfied"


- We swapped K and alpha for this data. It's NOT consistent with spec.
- Also reduced n to improve run time

In [9]:
error = False
cast_ballots = data['cast_ballots']
K = int(data['joint_public_key'])
for i in tqdm(range(len(cast_ballots) // 2), desc="cast ballots"):
    b = cast_ballots[i]
    for j in range(len(b['contests']) // 2):
        contest = b['contests'][j]
        for k in range(len(contest['selections']) // 2):
            v0 = int(contest['selections'][k]['zero_proof']['response'])
            v1 = int(contest['selections'][k]['one_proof']['response'])
            a0 = int(contest['selections'][k]['zero_proof']['commitment']['public_key'])
            a1 = int(contest['selections'][k]['one_proof']['commitment']['public_key'])
            alpha = int(contest['selections'][k]['message']['public_key'])
            beta = int(contest['selections'][k]['message']['ciphertext'])
            c0 = int(contest['selections'][k]['zero_proof']['challenge'])
            c1 = int(contest['selections'][k]['one_proof']['challenge'])
            b0 = int(contest['selections'][k]['zero_proof']['commitment']['ciphertext'])
            b1 = int(contest['selections'][k]['one_proof']['commitment']['ciphertext'])
            
#           1st equation
            g_v0_left_side = pow(g, v0, p)
            g_v0_right_side = (a0 * pow(K, c0, p)) % p
        
#           2nd equation
            g_v1_left_side = pow(g, v1, p)
            g_v1_right_side = (a1 * pow(K, c1, p)) % p

#           3rd equation
            K_v0_left_side = pow(alpha, v0, p)
            K_v0_right_side = (b0 * pow(beta, c0, p)) % p
        
#           4th 
            fourth_left_side = (pow(g, c1, p) * pow(alpha, v1, p) % p)
            fourth_right_side = (b1 * pow(beta, c1, p)) % p

#           checking
            if g_v0_left_side != g_v0_right_side:
                print(f"g_vo != a_0*alpha^c_0 at cast_ballots {i}, contest {j}, selection {k}")
                error = True
            if g_v1_left_side != g_v1_right_side:
                print(f"g_v1 != a_1*alpha^c_1")
                error = True
            if K_v0_left_side != K_v0_right_side:
                print(f"K_v0 != b_0*alpha^c_0")
                error = True
            if fourth_left_side != fourth_right_side:
                print(f"g_c1 * K_v1 != (b1 * beta^c1) % p")
                error = True
if not error:
    print("success")   

HBox(children=(IntProgress(value=0, description='cast ballots', max=199, style=ProgressStyle(description_width…

success


# GreenBox 4 Selection Limit Proof

Features not included: <br>
- 1st bullet point: our pilot data wasn't applicable<br>
- 2nd bullet point: issues when conducting row product - absence of A and B in data <br>
- 5th bullet point: hashing <br>
- 6th bullet point, part 2: absence of A in data

### 3rd bullet point - <em>"The given value V is in Z<sub>q</sub>"

In [20]:
error = False
cast_ballots = data['cast_ballots']
for i in range(len(cast_ballots)):
    ballot = cast_ballots[i]
    for j in range(len(ballot['contests'])):
        num_selections_proof = ballot['contests'][j]['num_selections_proof']
        response = int(num_selections_proof['response'])
        if response < 0 or response >= q:
            print(f"V is not in Z_qv at cast_ballot {i} and contest {j}")
            error = True
if not error:
    print("success")   

success


### 4th bullet point - <em>"The given values a and b are each in Z<sub>p</sub><sup>r</sup>"
    
- a: cast ballots, contests, num_selections_proof, commitment, public key
- b: cast ballots, contests, num_selections_proof, commitment, ciphertext

In [10]:
error = False
cast_ballots = data['cast_ballots']
for i in tqdm(range(len(cast_ballots)), desc="cast ballots"):
    ballot = cast_ballots[i]
    for j in range(len(ballot['contests'])):
        num_selections_proof = ballot['contests'][j]['num_selections_proof']
        a = int(num_selections_proof['commitment']['public_key'])
        b = int(num_selections_proof['commitment']['ciphertext'])
        if pow(a, q, p) != 1:
            print(f'a is not in Z^r_p at cast_ballot {i} and contest {j}')
            error = True
        if pow(b, q, p) != 1:
            print(f'b is not in Z^r_p at cast_ballot {i} and contest {j}')
            error = True
if not error:
    print("success")   

HBox(children=(IntProgress(value=0, description='cast ballots', max=398, style=ProgressStyle(description_width…

success


### 6th Bullet Point pt 1 - <em>"g<sup>V</sup>=aA<sup>C</sup> mod p"

- v: cast ballots, contests, num_selections_proof, response
- a: cast ballots, contests, num_selections_proof, commitment public key
- c: cast ballots, contests, num_selections_proof, challenge
- in our pilot data, A and K are swapped

In [26]:
error = False
cast_ballots = data['cast_ballots']
K = int(data['joint_public_key'])
for i in range(len(cast_ballots)):
    ballot = cast_ballots[i]
    for j in range(len(ballot['contests'])):
        num_selections_proof = ballot['contests'][j]['num_selections_proof']
        v = int(num_selections_proof['response'])
        a = int(num_selections_proof['commitment']['public_key'])
        c = int(num_selections_proof['challenge'])
        left_side = pow(g, v, p)
        right_side = (a * pow(K, c, p)) % p
        if (left_side != right_side):
            print(f"g^v != a*K^ at cast_ballots {i} and contest {j}")
            error = True
if not error:
    print("success")  

success


# GreenBox 5 - Hashing

- Hashing (Not Included)

# GreenBox 6 - Verifiable Decryption

Features Not Included:<br>
- 3rd bullet point: hashing

### Column Product of Alpha

In [27]:
error = False
for i in range(len(data['contest_tallies'])):
    contest = data['contest_tallies'][i]
    for j in range(len(contest)):
        total_tally = int(contest[j]['encrypted_tally']['public_key'])
        product_A = 1
        for k in range(len(data['cast_ballots'])):
            cast_ballots = data['cast_ballots']
            contests = cast_ballots[k]['contests']
            product_A *=int(contests[i]['selections'][j]['message']['public_key'])
        if total_tally != (product_A % p):
            print(f"Product of alphas and A don't match with contest {i} and selection {j}")
            error = True
if not error:
    print("success")

success


### Column Product of Beta

In [28]:
error = False
for i in range(len(data['contest_tallies'])):
    contest = data['contest_tallies'][i]
    for j in range(len(contest)):
        total_tally = int(contest[j]['encrypted_tally']['ciphertext'])
        product_B = 1
        for k in range(len(data['cast_ballots'])):
            cast_ballots = data['cast_ballots']
            contests = cast_ballots[k]['contests']
            product_B *=int(contests[i]['selections'][j]['message']['ciphertext'])
        if total_tally != (product_B % p):
            print(f"Product of betas and B don't match with contest {i} and selection {j}")
            error = True
if not error:
    print("success")

success


### 1st Bullet Point - <em>"The given value v<sub>i</sub> is in the set Z<sub>q</sub>"

In [29]:
error = False
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    for j in range(len(contest_tally)):
        shares = contest_tally[j]['shares']
        for k in range(len(shares)):
            v = int(shares[k]['proof']['response'])
            if v < 0 or v >= p:
                print(f"v is not in the range Z_q at contest_tally {i}, contest {j}, share {k}")
                error = True
if not error:
    print("success")      

success


### 2nd Bullet Point - <em>"The given values a<sub>i</sub> and b<sub>i</sub> are both in the set Z<sub>q</sub><sup>r</sup>"

In [None]:
error = False
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    for j in range(len(contest_tally)):
        shares = contest_tally[j]['shares']
        for k in range(len(shares)):
            a = int(shares[k]['proof']['commitment']['public_key'])
            b = int(shares[k]['proof']['commitment']['ciphertext'])
            if pow(a, q, p) != 1:
                print(f"a is not in Z^r_p at contest_tallies {i}, shares {j}, share{k}")
                error = True
            if pow(b, q, p) != 1:
                print(f"b is not in Z^r_p at contest_tallies {i}, shares {j}, share{k}")
                error = True
if not error:
    print("success")  

### 4th Bullet Point - <em>"The equations g<sup>v<sub>i</sub></sup>=a<sub>i</sub>K<sub>i</sub><sup>c<sub>i</sub></sup> mod p and A<sup>v<sub>i</sub></sup>=b<sub>i</sub>M<sub>i</sub><sup>c<sub>i</sub></sup> mod p are satisfied"
    
- a: contest tallies, shares, proof, commitment, public key
- s: contest tallies, shares

1st Part

In [31]:
error = False
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    A = int(contest_tally[i]['encrypted_tally']['public_key'])
    for j in range(len(contest_tally)):
        shares = contest_tally[j]['shares']
        for k in range(len(shares)):
            K = int(data['trustee_public_keys'][k][0]['public_key'])
            v = int(shares[k]['proof']['response'])
            c = int(shares[k]['proof']['challenge'])
            a = int(shares[k]['proof']['commitment']['public_key'])
            s = int(shares[k]['share'])
            left_side = pow(g, v, p)
            right_side = (a * pow(K, c, p)) % p
            if left_side != right_side:
                print(f"g^v doesn't match aK^c mod p at contest_tallies {i}, shares {j}, share {k}")
                error = True
if not error:
    print("success")

success


2nd Part

In [39]:
error = False
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    for j in range(len(contest_tally)):
        shares = contest_tally[j]['shares']
        A = int(contest_tally[j]['encrypted_tally']['public_key'])
        for k in range(len(shares)):
            v = int(shares[k]['proof']['response'])
            m = int(shares[k]['share'])
            c = int(shares[k]['proof']['challenge'])
            b = int(shares[k]['proof']['commitment']['ciphertext'])
            left_side = pow(A, v, p)
            right_side = (b * pow(m, c, p)) % p
            if (left_side != right_side):
                print(f"A^v doesn't match bM^c mod p at contest_tallies {i}, selection {j}, share {k}")
if not error:
    print("success")

success


# GreenBox 7 - Missing Trustee

- Not Included. Our data was not applicable

# GreenBox 8 - Missing Trustee Lagrange

- Not Included. Our data was not applicable

# GreenBox 9 - Tallies Verification

### 1st Bullet Point - <em>"B=M⋅(product of M<sub>i</sub> for n times) mod p"

- B: contest tallies, encrypted_tally, ciphertext
- M: contest tallies, decrypted_tally

In [43]:
error = False
m = 1
product_m = 1
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    for j in range(len(contest_tally)):
        shares = contest_tally[j]['shares']
        B = int(contest_tally[j]['encrypted_tally']['ciphertext'])
        M = int(contest_tally[j]['decrypted_tally'])
        m = 1
        for k in range(len(shares)):
            m = m * int(shares[k]['share'])
        product_m = M * m % p
        if product_m != B:
            print(f"B does not match product of m at contest_tallies {i}, shares for selection {j}, share {k}")
            error = True
if not error:
    print("success")        

5
0
1
2
3
4
9
0
1
2
3
4
5
6
7
8
success


### 2nd Bullet Point - <em>"M = g<sup>t</sup> mod p"
    
- t: contest tallies, cleartext
- M: contest tallies, decrypted tally

In [2]:
error = False
for i in range(len(data['contest_tallies'])):
    contest_tally = data['contest_tallies'][i]
    for j in range(len(contest_tally)):
        t = int(contest_tally[j]['cleartext'])
        M = int(contest_tally[j]['decrypted_tally'])
        if M != pow(g, t, p):
            print(f"M does not match g^t mod p at contest_tallies {i}, selection {j}")
            error = True
if not error:
    print("success")  

NameError: name 'g' is not defined

# GreenBox 10 - Spoiled Ballots Verification

Features Not Included:
- 3rd Bullet Point: Hashing 

### 1st Bullet Point - <em>"The given value v<sub>i</sub> is in the set Z<sub>q</sub>"

In [48]:
error = False
for i in range(len(data['spoiled_ballots'])):
    spoiled_ballot = data['spoiled_ballots'][i]['contests']
    for j in range(len(spoiled_ballot)):
        contests = spoiled_ballot[j]
        for k in range(len(contests)):
            shares = contests[k]['shares']
            for l in range(len(shares)):
                v = int(shares[l]['proof']['response'])
            if v < 0 or v >= p:
                print(f"v is not in Z_q at spoiled_ballots {i}, contest {j}, shares for selection {k}, share {l}")
                error = True
if not error:
    print("success") 

success


### 2nd Bullet Point - <em>"The given values a<sub>i</sub> and b<sub>i</sub> are both in the set Z<sub>q</sub><sup>r</sup>"

In [49]:
error = False
for i in range(len(data['spoiled_ballots'])):
    spoiled_ballot = data['spoiled_ballots'][i]['contests']
    for j in range(len(spoiled_ballot)):
        contests = spoiled_ballot[j]
        for k in range(len(contests)):
            shares = contests[k]['shares']
            for l in range(len(shares)):
                a = int(shares[l]['proof']['commitment']['public_key'])
                b = int(shares[l]['proof']['commitment']['ciphertext'])
                if pow(a, q, p) != 1:
                    print(f"a is not in Z^r_p spoiled_ballots {i}, contest {j}, shares for selection {k}, share {l}")
                    error = True
                if pow(b, q, p) != 1:
                    print(f"b is not in Z^r_p spoiled_ballots {i}, contest {j}, shares for selection {k}, share {l}")
                    error = True
if not error:
    print("success") 

success


### 4th Bullet Point - <em>"The equations g<sup>v<sub>i</sub></sup>=a<sub>i</sub>K<sub>i</sub><sup>c<sub>i</sub></sup> mod p and A<sup>v<sub>i</sub></sup>=b<sub>i</sub>M<sub>i</sub><sup>c<sub>i</sub></sup> mod p are satisfied"

Part 1

In [50]:
error = False
for i in range(len(data['spoiled_ballots'])):
    spoiled_ballot = data['spoiled_ballots'][i]['contests']
    for j in range(len(spoiled_ballot)):
        contests = spoiled_ballot[j]
        for k in range(len(contests)):
            shares = contests[k]['shares']
            for l in range(len(shares)):
                K = int(data['trustee_public_keys'][l][0]['public_key'])
                v = int(shares[l]['proof']['response'])
                c = int(shares[l]['proof']['challenge'])
                a = int(shares[l]['proof']['commitment']['public_key'])
                s = int(shares[l]['share'])
                left_side = pow(g, v, p)
                right_side = (a * pow(K, c, p)) % p
                if left_side != right_side:
                    print(f"g^v does not match a*K^c mod p at spoiled_ballots {i}, contest {j}, shares for selection {k}, share {l}")
                    error = True
if not error:
    print("success")

success


Part 2

In [51]:
error = False
for i in range(len(data['spoiled_ballots'])):
    spoiled_ballot = data['spoiled_ballots'][i]['contests']
    for j in range(len(spoiled_ballot)):
        contests = spoiled_ballot[j]
        for k in range(len(contests)):
            A = int(contests[k]['encrypted_message']['public_key'])
            shares = contests[k]['shares']
            for l in range(len(shares)):
                v = int(shares[l]['proof']['response'])
                m = int(shares[l]['share'])
                c = int(shares[l]['proof']['challenge'])
                b = int(shares[l]['proof']['commitment']['ciphertext'])
                left_side = pow(A, v, p)
                right_side = (b * pow(m, c, p)) % p
                if (left_side != right_side):
                    print(f"A^v does not match b*M^c mod p at spoiled_ballots {i}, contest {j}, shares for selection {k}, share {l}")
                    error = True
if not error:
    print("success")

success
