-
Notifications
You must be signed in to change notification settings - Fork 75
/
nth_rooot.go
85 lines (77 loc) · 2.41 KB
/
nth_rooot.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright © 2022 AMIS Technologies
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package paillier
import (
"math/big"
"github.com/getamis/alice/crypto/utils"
)
func NewNthRoot(config *CurveConfig, ssidInfo []byte, rho, rhoNPower, n *big.Int) (*NthRootMessage, error) {
curveN := config.Curve.Params().N
nSquare := new(big.Int).Exp(n, big2, nil)
// Sample r in Z_{N}^ast
r, err := utils.RandomCoprimeInt(n)
if err != nil {
return nil, err
}
// A = r^{N} mod N^2
A := new(big.Int).Exp(r, n, nSquare)
e, salt, err := GetE(curveN, utils.GetAnyMsg(ssidInfo, n.Bytes(), rhoNPower.Bytes(), A.Bytes())...)
if err != nil {
return nil, err
}
// z1 = r·ρ^e mod N_0
z1 := new(big.Int).Mul(r, new(big.Int).Exp(rho, e, n))
z1.Mod(z1, n)
return &NthRootMessage{
Salt: salt,
A: A.Bytes(),
Z1: z1.Bytes(),
}, nil
}
func (msg *NthRootMessage) Verify(config *CurveConfig, ssidInfo []byte, NPower, n *big.Int) error {
curveN := config.Curve.Params().N
nSquare := new(big.Int).Exp(n, big2, nil)
A := new(big.Int).SetBytes(msg.A)
err := utils.InRange(A, big0, nSquare)
// check A ∈ Z^*_{n^2}, and z1 ∈ [0,n).
if err != nil {
return err
}
if !utils.IsRelativePrime(A, n) {
return ErrVerifyFailure
}
z1 := new(big.Int).SetBytes(msg.Z1)
err = utils.InRange(z1, big0, n)
if err != nil {
return err
}
seed, err := utils.HashProtos(msg.Salt, utils.GetAnyMsg(ssidInfo, n.Bytes(), NPower.Bytes(), A.Bytes())...)
if err != nil {
return err
}
e := utils.RandomAbsoluteRangeIntBySeed(msg.Salt, seed, curveN)
err = utils.InRange(e, new(big.Int).Neg(curveN), new(big.Int).Add(big1, curveN))
if err != nil {
return err
}
// Check z1^{N} = A*NPower^e mod N^2.
ANPowerexpe := new(big.Int).Exp(NPower, e, nSquare)
ANPowerexpe.Mul(ANPowerexpe, A)
ANPowerexpe.Mod(ANPowerexpe, nSquare)
compare := new(big.Int).Exp(z1, n, nSquare)
if compare.Cmp(ANPowerexpe) != 0 {
return ErrVerifyFailure
}
return nil
}