In [32]:
import json
import tqdm
import hashlib
from typing import (
    Union,
    Sequence
)
import math
import random
import sympy as sp
import glob
import pandas as pd

In [11]:

# function hub
def read_json_file(file_path): 
    ''' opens a json file, return its content save in a dictionary
    @input: file path to the json file
    @output: a dictionary of json file content
    '''
    file = open(file_path, 'r')
    values = json.load(file)
    file.close()
    return values

# main hash function
def hash_elems(*a):
    
    
    h = hashlib.sha256()
    h.update("|".encode("utf-8"))
    
    for x in a:

        if not x:
            # This case captures empty lists and None, nicely guaranteeing that we don't
            # need to do a recursive call if the list is empty. So we need a string to
            # feed in for both of these cases. "None" would be a Python-specific thing,
            # so we'll go with the more JSON-ish "null".
            hash_me = "null"

        elif isinstance(x, str):
            # strings are iterable, so it's important to handle them before the following check
            hash_me = x
        elif isinstance(x, Sequence):
             # The simplest way to deal with lists, tuples, and such are to crunch them recursively.
            hash_me = str(hash_elems(*x))           
        else:
            hash_me = str(x)
        h.update((hash_me + "|").encode("utf-8"))

    # Note: the returned value will range from [1,Q), because zeros are bad
    # for some of the nonces. (g^0 == 1, which would be an unhelpful thing
    # to multiply something with, if you were trying to encrypt it.)

    # Also, we don't need the checked version of int_to_q, because the
    # modulo operation here guarantees that we're in bounds.
    # return int_to_q_unchecked(
    #     1 + (int.from_bytes(h.digest(), byteorder="big") % Q_MINUS_ONE)
    # )

    return (int.from_bytes(h.digest(), byteorder="big") % (q - 1))



def is_valid_of_Z_boundary(n, boundary):
    is_valid = True
    if isinstance(n, str):
        n = int(n) 
    if n < 0 or n >= boundary:
        is_valid = False
 
    return is_valid   

# the boundary should always be p.
def is_valid_of_Zr_boundary(n, boundary):
    is_valid = True
    if isinstance(n, str):
        n = int(n)    
    if n < 0 or n >= p:
        is_valid = False
    
    n_power = pow(n, q, p)    
    if not equals(n_power, 1):
        is_valid = False
    return is_valid


def equals(a, b):
    ''''compares two values
    @input: two integers a, b 
    @output: True if a, b have same values, False otherwise
    '''
    return (a == b)

def get_length(num):
    ''' get the length of an integer using log
    @input: a positive integer
    @output: its length 
    '''
    len_of_num = int(math.log(num, 10) + 1)
    return len_of_num

def mod_p(n):
    if isinstance(n, str):
        n = int(n) 
    return n % p

def get_production(*targets):
    
    product = 1
    for target in targets:
        if isinstance(target, str):
            target = int(target) 
        product = mod_p(product * target)
    return product
    

# the following code is adapted from GeeksforGeeks
def power_mod(x, y, p): 
    ''' do modular exponentiation. 
    @input: x - base, 
            y - exponent,
            m - modulus
    @output: integer result of x^y % m
    '''
    # Initialize result 
    res = 1
      
    # Update x if it is more than or equal to p 
    if(x >= p):
        x = x % p

    # positive exponential
    while (y > 0): 
          
        # If y is odd, multiply x with result 
        if (y & 1): 
            res = (res * x) % p
  
        # y must be even now 
        y = y >> 1; # y = y/2 
        x = (x * x) % p
    return res
    
def __miller_test(d, num):
    ''' find a odd number of d such that num - 1 = d * 2^r
    @input: d - a odd number that num - 1 = d * 2^r for r >= 1
            num - the number needs to be check against
    @output: True if num is prime, False if it's a composite
    '''
    # Pick a random number in [2..n-2] 
    # Corner cases make sure that n > 4 
    a = 2 + random.randint(1, num - 4)

    # Compute a^d % n 
    x = power_mod(a, d, num)
  
    if (x == 1 or x == num - 1): 
        return True
  
    # Keep squaring x while one of the following doesn't happen 
    # (i) d does not reach n-1 
    # (ii) (x^2) % n is not 1 
    # (iii) (x^2) % n is not n-1 
    while (d != num - 1): 
        x = (x * x) % num
        d *= 2
  
        if (x == 1): 
            return False; 
        if (x == num - 1): 
            return True
  
    # Return composite 
    return False

def is_prime(num, k): 
    ''' implements Miller-Rabin algorithm to test the primality of a number
    @input: num - a positive integer
            k - the number of iterations, impacting accuracy
    @output: True if it's a prime, False otherwise 
    '''
    # Corner cases 
    if (num <= 1 or num == 4): 
        return False
    if (num <= 3): 
        return True
  
    # Find r such that n = 2^d * r + 1 for some r >= 1 
    d = num - 1
    while (d % 2 == 0): 
        d //= 2
  
    # Iterate given number of 'k' times 
    for i in range(k): 
        if (__miller_test(d, num) == False): 
            return False
  
    return True

def is_divisor(a, b): 
    '''check if a is a divisor of b
    @input: a, b - positive integers 
    @output: True if a is a divisor of b, False otherwise'''
    return (a % b == 0)

def create_hash_parameter_list(i): 
    '''create a list of parameters needed for hash computation
    @input: i - the i-th trustee/guardian
            base-hash - given base hash code
    @output: a list of all the parameters needed, including base hash Q, Ki,j, hi,j
    '''
    # invalid index input
    if (i < 0 or i > 4): 
        raise ValueError('i should be within range of 0 - 4.')

    else:
        # declare variables
        coefficient_file_path = ''
        param_list = []

        #append base hash to list
        #param_list.append(base_hash)

        # get file name dynamically
        coefficients_file_path = (coefficients_path + str(i) + '.json')
        
        
        # read file 
        coefficients = read_json_file(coefficients_file_path)

        # get all the commitment values Ki,j and append to list 
        commitments = coefficients['coefficient_commitments']
        for commitment in commitments: 
            param_list.append(commitment)
        
        # get all the hi,j values and append to list
        proofs = coefficients['coefficient_proofs']
        for item in proofs:
            h_ij = item['commitment']  # h
            param_list.append(h_ij)

        return param_list


### Green box 1.1 Baseline parameters - overview 

In [37]:
# TODO: needs to update paths to new results when the constants.json is given with non-null 


In [63]:

# file path configuration
constants_file_path = 'results/constants.json'
context_file_path = 'new_results/context.json'
ballot_file_path = 'new_results/encrypted_ballots/ballot_ballot-ce63a048-d67c-11ea-8412-acde48001122.json'
ballot_folder_path = 'new_results/encrypted_ballots/'
tally_file_path = 'new_results/tally.json'
coefficients_path = 'new_results/coefficients/coefficient_validation_set_hamilton-county-canvass-board-member-'
description_path = 'new_results/description.json'

constants = read_json_file(constants_file_path)
context = read_json_file(context_file_path)
ballot = read_json_file(ballot_file_path)
tally = read_json_file(tally_file_path)

# basic parameters
g = constants['g']
p = constants['p']
q = constants['q']
r = constants['r']
g_inv = constants['gInv']
K = int(context['elgamal_public_key'])
num_of_guardian = context['number_of_guardians']
threshold = context['quorum']
base_hash = context['crypto_base_hash']
extended_hash = context['crypto_extended_base_hash']

In [6]:
p_expected = int(('''104438888141315250669175271071662438257996424904738378038423348328
3953907971553643537729993126875883902173634017777416360502926082946377942955704498
5420976148418252467735806893983863204397479111608977315510749039672438834271329188
1374801626975452234350528589881677721176191239277291448552115552164104927344620757
8961939840619466145806859275053476560973295158703823395710210329314709715239251736
5523840808458360487786673189314183384224438910259118847234330847012077719019445932
8662497991739135056466263272370300796422984915475619689061525228653308964318490270
6926081744149289517418249153634178342075381874131646013444796894582106870531535803
6662545796026324531037414525697939055519015418561732513850474148403927535855819099
5015804625681054267836812127850996052095762473794291460031064660979266501285839738
1435755902851312071248102599442308951327039250818892493767423329663783709190716162
0235296692173009397831714158082331468230007669177892861540060422814237337064629052
4377485454312723950024587358201266366643058386277816736954760301634424272959224454
4608279405999759391099775667746401633668308698186721172238255007962658564443858927
6348504157753488390520266757856948263869301753031434500465754608438799417919463132
99322976993405829119''').replace('\n', ''))

q_expected = pow(2, 256) - 189

### Green box 1.2 Baseline parameters - check against each election

In [9]:
error = False 

# check p and q
if not equals(p, p_expected):
    error = True 
    print("The actual p value doesn't equal to the expected. ")
if not equals(q, q_expected):
    error = True
    print("The actual q value doesn't equal to the expected. ")
    
# use Miller-Rabin algorithm to check the primality of p and q
# set iteration to run 50 times by default
DEFAULT_K = 50
if not is_prime(p, DEFAULT_K): 
    error = True
    print('''It\'s verfied as {res} that {var} is a prime number.'''
      .format(res = is_prime(p, DEFAULT_K), var = "p"))
if not is_prime(q, DEFAULT_K): 
    error = True
    print('''It\'s verfied as {res} that {var} is a prime number.'''
      .format(res = is_prime(q, DEFAULT_K), var = "q"))

# check equation p - 1 = qr
if not equals(p - 1, q * r): 
    error = True
    print('''It\'s verfied as {res} that {equation}.'''
      .format(res = equals(p - 1, q * r), equation = "p - 1 = q * r"))

# check q is not a divisor of r, and 1 < g < p
if is_divisor(q, r):
    error = True
    print('''It\'s verfied as {res} that {var1} is not a divisor of {var2}.'''
      .format(res = not(is_divisor(q, r)), var1 = "q", var2 = "r"))

# check 1 < g < p
is_within_range = ((g > 1) and (g < p))
if not is_within_range: 
    error = True
    print('''It\'s verfied as {res} that {cond}.'''
      .format(res = is_within_range, cond = "1 < g < p"))

# check g^q mod p = 1 
result_actual = power_mod(g, q, p)
result_expected = 1 
if not equals(result_actual, result_expected):
    error = True
    print('''It\'s verfied as {res} that {equation}.'''
      .format(res = str(equals(result_actual, result_expected)), 
              equation = 'g^q mod p = 1'))
if not error:
    print('success')


success


### Green box 2.1 Key Generation, confirm hash computation
calculate $c_i = H(Q,K_{i,0},K_{i,1},K_{i,2},...,K_{i, k-1},h_{i,0},h_{i,1},h_{i,2},...,h_{i,k-1})$ mod q

related file: context.json

coefficients files


In [13]:

# save all members' hash results in a list
hash_res_list = []
ci_list = []

for i in range(0, 5): 
    param_list = create_hash_parameter_list(i)
    #print(param_list)
    hash_res = hash_elems(extended_hash, param_list) % q
    ci = hash_res % q
    print('Guardian {i} hash:  {hashcode}'.format(i = i, hashcode = hash_res))
    print('Guardian {i} ci :   {ci}'.format(i = i, ci = ci))
    hash_res_list.append(hash_res)
    ci_list.append(ci)


Guardian 0 hash:  90300496677343988670857127617605653352928110387542336021160656730989455891010
Guardian 0 ci :   90300496677343988670857127617605653352928110387542336021160656730989455891010
Guardian 1 hash:  89380250375184780652679467874340169584404842349752126427661503921452882246560
Guardian 1 ci :   89380250375184780652679467874340169584404842349752126427661503921452882246560
Guardian 2 hash:  25845009259854117067874015552206938062750683174857025757556878100321423505093
Guardian 2 ci :   25845009259854117067874015552206938062750683174857025757556878100321423505093
Guardian 3 hash:  69641446572162496577491122828501469137505680981499104086212376923415098790097
Guardian 3 ci :   69641446572162496577491122828501469137505680981499104086212376923415098790097
Guardian 4 hash:  25434192339295377631833574410701579640781712690360444092002177299615909771340
Guardian 4 ci :   25434192339295377631833574410701579640781712690360444092002177299615909771340


### Green box 2.2 - check: $g^{u_{ij}} mod p = h_{i,j}K^{c_i}_{i,j} mod p$

In [29]:
# uses double for-loop to check, 0 <= i < 5, 0 <= j < 3

for i in range(0, num_of_guardian): 
    coefficients = read_json_file(coefficients_path + str(i) + '.json')
    for j in range(0, threshold): 
        coefficient_proofs = coefficients['coefficient_proofs'][j]
        u_ij = int(coefficient_proofs['response']) # u, modify to new data field
        h_ij = int(coefficient_proofs['commitment']) # h, modify to new data field
        k_ij = int(coefficient_proofs['public_key'])
        
        left = pow(g, u_ij, p)
        right = mod_p(mod_p(h_ij) * pow(k_ij, hash_res_list[i], p))
        print(left)
        print(right)
        print("--------------------------------------------------")
        
        print('It\'s verified as {res} that {equation} when {i_name} = {i_val}, {j_name} = {j_val}'
        .format(res = equals(left, right), 
                equation = '𝑔𝑢𝑖𝑗𝑚𝑜𝑑𝑝=ℎ𝑖,𝑗𝐾𝑐𝑖𝑖,𝑗𝑚𝑜𝑑𝑝',
                i_name = 'i',
                i_val = str(i),
                j_name = 'j',
                j_val = str(j)))
                

7878767157384152613778031467760980782000374553137100343769981460601776638981683612037993045624900887725174502808612463253992358267767085488553878533049440410176262937658335953942563261504073943579057979032894713581655245713279542604952796044057193009674253236643037461067789736627206988768793421149049458035801234455232418235795465130160640667300314328913840630963548866424590471643542260346666835605460015290288037681859619546889912646783245954266643718200103827883779288351476998854045807697377610466425474835803844161754675428177209019273911442469081933061823090519826138933633598809028459142065106886706504859560526067235485988585173026964018331805001313106482458967979116601889182789644847280380442253103316353291924653475421541030622815180850078160849831716340742226310339027155915908629228079268383106986616071144322246525944020587128043776142951298112838152427064032194419026563585298208281822548825191830825253168680888966832419644454697871257249759029184412773274312618863100067281715666380

1484365148814666391931225002451932868379015670063135663563636300691311793374697671810197157436620925157310492497551156394315434868811121929483009582718274340387675171839757372440910579201892067100466662724088261551049304334164452070639752926233009240870362187221199309075318898110550215520979379214740329757287674313613649647868012457507231326151222614019634173537551250489759253954644027127064346357778808186343152854634281225383658986309464421989168224608322777143511920362236300493723486601229155781320313162313251953322410639085154555098286270491978005747475352993918046575927687335976255939318222233642816662411942692195983766966584698243031818776567137343454936130602760103311470697428957752061866367911607556537416275242028366758522208665675626277502335532273873771461077494437458626283532585100992804533689896630651433281046668193402565777482511522153694258747662867309890205009367106142327698992558350799439269309018519970511881915194598946660871171393806840572727626561556716793414145825492

9479955291810416320761607274493479609637666951647050786332409791315216962837991690505785831676897370348140685201861939875156037239200158459212202409312257156751720901033315621767826893234127189829488866150592052437954729625554778090095017403514108580174503182945980130830122482913193772535099526002637549643455346882311476648854186843890936316923692112994219344568306601757982885034264562183331051267279317827503078209160373056163434008323925353158843968916228848668081366668609759680792952892685536628839584570763648382712790737242519266146287663011230723312391191222311654050766993804734591955709525728663255769028738871562815771934191763541045231070283522971845034601241384494567656151019531233467000169412680451193039671169051364170698247644186020794192863397597017548164808587079624501239116899139409404976401201160019865772218564082988086110802419696724810431988374203446168176947693661802669974992326609341199032655406361753949056608849180894658372524224222655912135119300799202378318519404290

### green box 3 & 4

In [None]:
#TODO: flatten all the aggregated "if" statements, keep only one parameter in one statement

In [16]:

# entire ballot files
big_alpha_list = []
big_beta_list = []

for file in glob.glob(ballot_folder_path + "*.json"):
    
    ballot = read_json_file(file)
    error = False
    
    # green box 3
    contests = ballot['contests']
    for contest in contests:

        ballot_selections = contest['ballot_selections']
        for ballot_selection in ballot_selections:


            objectId = ballot_selection['object_id']

            alpha = int(ballot_selection['ciphertext']['pad'])
            beta = int(ballot_selection['ciphertext']['data'])
            big_alpha_list.append(alpha)
            big_beta_list.append(beta)

            a0 = int(ballot_selection['proof']['proof_zero_pad'])
            a1 = int(ballot_selection['proof']['proof_one_pad'])
            b0 = int(ballot_selection['proof']['proof_zero_data'])
            b1 = int(ballot_selection['proof']['proof_one_data'])
            c0 = int(ballot_selection['proof']['proof_zero_challenge'])
            c1 = int(ballot_selection['proof']['proof_one_challenge'])
            v0 = int(ballot_selection['proof']['proof_zero_response'])
            v1 = int(ballot_selection['proof']['proof_one_response'])

            alpha_pow = pow(alpha, q, p)
            beta_pow = pow(beta, q, p)
            a0_pow = pow(a0, q, p)
            b0_pow = pow(b0, q, p)
            a1_pow = pow(a1, q, p)
            b1_pow = pow(b1, q, p)

            #print("a0:"+str(a0))
            #print("alpha_1:"+str(alpha_1))
            # 3.1 The given values alpha, beta, a0, b0, a1, and b1 are all in the set Zpr.


            if not is_valid_of_Zrp(alpha) or \
               not is_valid_of_Zrp(beta) or \
               not is_valid_of_Zrp(a0) or \
               not is_valid_of_Zrp(a1) or \
               not is_valid_of_Zrp(b0) or \
               not is_valid_of_Zrp(b1):
                print ("alpha, beta, a0, a1, b0, b1, one of them is out of range.")
                error = True  

            # 3.2 The challenge c is computed as c = H(Q, (alpha, beta), (a0, b0), (a1, b1))
            # tempString = str(q_bar) + str(alpha) + str(beta) + str(a0) + str(b0) + str(a1) + str(b1)
            # tempList = (q_bar, (alpha, beta), (a0, b0), (a1, b1))
            c = hash_elems(q_bar, alpha, beta, a0, b0, a1, b1)
            #print(c)

            #print((c0 + c1) % q)

            if c != (c0 + c1) % q:
                print("c != (c0 + c1) % q.")
                error = True

            # 3.3 The given values c0, c1, v0, and v1 are each in the set Zq.
            if not is_valid_of_Z_boundary(c0, q) or \
               not is_valid_of_Z_boundary(c1, q) or \
               not is_valid_of_Z_boundary(v0, q) or \
               not is_valid_of_Z_boundary(v1, q):
                print("c0, c1, v0, v1, one of them is out of range.")
                error = True               

            # 1st equation: gv0=a0alphac0 mod p
            g_v0_ls = pow(g, v0, p)
            g_v0_rs = mod_p(a0 * pow(alpha, c0, p))

            # 2nd equation: gv1=a1alphac1 mod p
            g_v1_ls = pow(g, v1, p)
            g_v1_rs = mod_p(a1 * pow(alpha, c1, p))

            # 3rd equation: Kv0=b0betac0 mod p
            K_v0_ls = pow(K, v0, p)
            K_v0_rs = mod_p(b0 * pow(beta, c0, p))

            # 4th equation: gc1Kv1=b1betac1 mod p
            fourth_ls = mod_p(pow(g, c1, p) * pow(K, v1, p))
            fourth_rs = mod_p(b1 * pow(beta, c1, p))

            # checking
            if not equals(g_v0_ls,g_v0_rs):
                print("g_vo != a_0*alpha^c_0 at cast_ballots {i}, contest {j}, selection {k}")
                error = True
            if not equals(g_v1_ls, g_v1_rs):
                print("g_v1 != a_1*alpha^c_1")
                error = True
            if not equals(K_v0_ls, K_v0_rs):
                print("K_v0 != b_0*alpha^c_0")
                error = True
            if not equals(fourth_ls, fourth_rs):
                print("g_c1 * K_v1 != (b1 * beta^c1) % p")
                error = True


    if not error:
        print("[green box 3 success] "+file)  
    
    # green box 4
    for contest in contests:

        # total parameters
        big_a = int(contest['proof']['pad'])
        big_b = int(contest['proof']['data'])
        big_c = int(contest['proof']['challenge'])
        big_v = int(contest['proof']['response'])
        big_constant = int(contest['proof']['constant'])
        big_alpha = 1
        big_beta = 1

        if not is_valid_of_Z_boundary(big_v, q) or \
           not is_valid_of_Zr_boundary(big_a, p) or \
           not is_valid_of_Zr_boundary(big_b, p):
            error = True
            print("big_a, big_b, big_v, one of them is out of range.")

        ballotSelections = contest['ballot_selections']
        for ballotSelection in ballotSelections:

            alpha = int(ballot_selection['ciphertext']['pad'])
            beta = int(ballot_selection['ciphertext']['data'])  
            big_alpha = mod_p(big_alpha * alpha)
            big_beta = mod_p(big_beta * beta)

        temp_c = hash_elems(q_bar, big_alpha, big_beta, big_a, big_b)
        #print(temp_c)
        #print(big_c)


        # g power v mod p = a * A power c mod p
        g_v_ls = pow(g, big_v, p)
        a_ac_rs = mod_p((mod_p(big_a)) * pow(big_alpha, big_c, p))

        #print(g_v_ls)
        #print(a_ac_rs)
        if g_v_ls != a_ac_rs:
            error = True
            print("g_v_ls is not equal a_ac_rs.")


        if big_constant is None:
            constant_q = 0
        else:
            constant_q = big_constant

        # g power Lc mod p * K power v mod p = b * B power c mod p
        g_l_k_ls = mod_p(pow(g, mod_p(constant_q * big_c), p) * pow(K, big_v, p))
        b_bc_rs = mod_p(mod_p(big_b) * pow(big_beta, big_c, p))


        # mult_p(g_pow_p(mult_p(c, constant_q)), pow_p(k, v))
        # mult_p(b, pow_p(beta, c))
        #print(g_l_k_ls)
        #print(b_bc_rs)
        if g_l_k_ls != b_bc_rs:
            error = True
            print("g_l_k_ls is not equal b_bc_rs.")        

    if not error:
        print("[green box 4 success] "+file)
    
    

NameError: name 'is_valid_of_Zrp' is not defined

In [110]:

# one sample data
ballot = read_json_file(ballot_file_path)

error = False

contests = ballot['contests']
for contest in contests:
    
    ballot_selections = contest['ballot_selections']
    for ballot_selection in ballot_selections:


        objectId = ballot_selection['object_id']

        alpha = int(ballot_selection['ciphertext']['pad'])
        beta = int(ballot_selection['ciphertext']['data'])

        a0 = int(ballot_selection['proof']['proof_zero_pad'])
        a1 = int(ballot_selection['proof']['proof_one_pad'])
        b0 = int(ballot_selection['proof']['proof_zero_data'])
        b1 = int(ballot_selection['proof']['proof_one_data'])
        c0 = int(ballot_selection['proof']['proof_zero_challenge'])
        c1 = int(ballot_selection['proof']['proof_one_challenge'])
        v0 = int(ballot_selection['proof']['proof_zero_response'])
        v1 = int(ballot_selection['proof']['proof_one_response'])

        alphaPow = pow(alpha, q, p)
        betaPow = pow(beta, q, p)
        a0Pow = pow(a0, q, p)
        b0Pow = pow(b0, q, p)
        a1Pow = pow(a1, q, p)
        b1Pow = pow(b1, q, p)

        #print("a0:"+str(a0))
        #print("alpha_1:"+str(alpha_1))
        # 3.1 The given values alpha, beta, a0, b0, a1, and b1 are all in the set Zpr.
        
        
        if (not is_valid_of_Zrp(alpha) or not is_valid_of_Zrp(beta) or not is_valid_of_Zrp(a0) 
            or not is_valid_of_Zrp(a1) or not is_valid_of_Zrp(b0) or not is_valid_of_Zrp(b1)):
            print ("alpha, beta, a0, a1, b0, b1, one of them is out of range.")
            error = True  

        # 3.2 The challenge c is computed as c = H(Q, (alpha, beta), (a0, b0), (a1, b1))
        # tempString = str(q_bar) + str(alpha) + str(beta) + str(a0) + str(b0) + str(a1) + str(b1)
        # tempList = (q_bar, (alpha, beta), (a0, b0), (a1, b1))
        c = hash_elems(extended_hash, alpha, beta, a0, b0, a1, b1)
        #print(c)
        
        #print((c0 + c1) % q)
        
        if c != (c0 + c1) % q:
            print("c != (c0 + c1) % q.")
            error = True

        # 3.3 The given values c0, c1, v0, and v1 are each in the set Zq.
        if not is_valid_of_Z_boundary(c0, q) or \
           not is_valid_of_Z_boundary(c1, q) or \
           not is_valid_of_Z_boundary(v0, q) or \
           not is_valid_of_Z_boundary(v1, q):
            print("c0, c1, v0, v1, one of them is out of range.")
            error = True               

        # 1st equation: gv0=a0alphac0 mod p
        g_v0_ls = pow(g, v0, p)
        g_v0_rs = mod_p(a0 * pow(alpha, c0, p))
    
        # 2nd equation: gv1=a1alphac1 mod p
        g_v1_ls = pow(g, v1, p)
        g_v1_rs = mod_p(a1 * pow(alpha, c1, p))

        # 3rd equation: Kv0=b0betac0 mod p
        K_v0_ls = pow(K, v0, p)
        K_v0_rs = mod_p(b0 * pow(beta, c0, p))
    
        # 4th equation: gc1Kv1=b1betac1 mod p
        fourth_ls = mod_p(pow(g, c1, p) * pow(K, v1, p))
        fourth_rs = mod_p(b1 * pow(beta, c1, p))

        # checking
        if not equals(g_v0_ls,g_v0_rs):
            print("g_vo != a_0*alpha^c_0 at cast_ballots {i}, contest {j}, selection {k}")
            error = True
        if not equals(g_v1_ls, g_v1_rs):
            print("g_v1 != a_1*alpha^c_1")
            error = True
        if not equals(K_v0_ls, K_v0_rs):
            print("K_v0 != b_0*alpha^c_0")
            error = True
        if not equals(fourth_ls, fourth_rs):
            print("g_c1 * K_v1 != (b1 * beta^c1) % p")
            error = True

                                               
if not error:
    print("success")   



success


In [19]:
# Green box 4

for file in glob.glob(ballot_folder_path + "*.json"):
    
    ballot = read_json_file(file)

    error = False

    contests = ballot['contests']
    for contest in contests:

        # total parameters
        big_a = int(contest['proof']['pad'])
        big_b = int(contest['proof']['data'])
        big_c = int(contest['proof']['challenge'])
        big_v = int(contest['proof']['response'])
        big_constant = int(contest['proof']['constant'])
        big_alpha = 1
        big_beta = 1

        if not is_valid_of_Z_boundary(big_v, q) or \
           not is_valid_of_Zr_boundary(big_a, p) or \
           not is_valid_of_Zr_boundary(big_b, p):
            error = True
            print("big_a, big_b, big_v, one of them is out of range.")

        ballot_selections = contest['ballot_selections']
        for ballot_selection in ballot_selections:

            alpha = int(ballot_selection['ciphertext']['pad'])
            beta = int(ballot_selection['ciphertext']['data'])  
            big_alpha = mod_p(big_alpha * alpha)
            big_beta = mod_p(big_beta * beta)

        temp_c = hash_elems(extended_hash, big_alpha, big_beta, big_a, big_b)
        #print(temp_c)
        #print(big_c)


        # g power v mod p = a * A power c mod p
        g_v_ls = pow(g, big_v, p)
        a_ac_rs = mod_p((mod_p(big_a)) * pow(big_alpha, big_c, p))

        #print(g_v_ls)
        #print(a_ac_rs)
        if g_v_ls != a_ac_rs:
            error = True
            print("g_v_ls is not equal a_ac_rs.")


        if big_constant is None:
            constant_q = 0
        else:
            constant_q = big_constant

        # g power Lc mod p * K power v mod p = b * B power c mod p
        g_l_k_ls = mod_p(pow(g, mod_p(constant_q * big_c), p) * pow(K, big_v, p))
        b_bc_rs = mod_p(mod_p(big_b) * pow(big_beta, big_c, p))


        # mult_p(g_pow_p(mult_p(c, constant_q)), pow_p(k, v))
        # mult_p(b, pow_p(beta, c))
        #print(g_l_k_ls)
        #print(b_bc_rs)
        if g_l_k_ls != b_bc_rs:
            error = True
            print("g_l_k_ls is not equal b_bc_rs.")        

    if not error:
        print("success")   

success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success


### green box 6

In [81]:
# TODO: verify big_A, big_B by getting products from 100 ballot files

# create data frames with column names 

selection_name_lists = []

def switch_idx(contest_name): 
    switcher = {
        'president-vice-president-contest': 0,
        'ozark-governor': 1,
        'congress-district-5-contest': 2,
        'congress-district-7-contest': 3,
        'pismo-beach-school-board-contest': 4,
        'somerset-school-board-contest': 5,
        'arlington-chief-justice-retain-demergue': 6,
        'exeter-utility-district-referendum-contest': 7,
    }
    
    if (contest_name in switcher.keys()): 
        return switcher[contest_name]
    else: 
        return None


description = read_json_file(description_path)
contests = description['contests']
for i in range(len(contests)):
    selection_name_lists.append(['id'])
    
for i in range(len(contests)):
    contest = contests[i]
    contest_name = contest['object_id']
    selections = contest['ballot_selections']
    curr_list = selection_name_lists[switch_idx(contest_name)]
    for selection in selections: 
        selection_name = selection['object_id']
        if not selection_name in curr_list: 
            curr_list.append(selection_name)

In [82]:
print(selection_name_lists)

[['id', 'barchi-hallaren-selection', 'cramer-vuocolo-selection', 'court-blumhardt-selection', 'boone-lian-selection', 'hildebrand-garritty-selection', 'patterson-lariviere-selection', 'write-in-selection-president'], ['id', 'franz-selection', 'harris-selection', 'bargmann-selection', 'abcock-selection', 'steel-loy-selection', 'sharp-selection', 'walace-selection', 'williams-selection', 'alpern-selection', 'windbeck-selection', 'sharp-althea-selection', 'greher-selection', 'alexander-selection', 'mitchell-selection', 'lee-selection', 'ash-selection', 'kennedy-selection', 'jackson-selection', 'brown-selection', 'teller-selection', 'ward-selection', 'murphy-selection', 'newman-selection', 'callanann-selection', 'york-selection', 'chandler-selection', 'write-in-selection-governor'], ['id', 'soliz-selection', 'keller-selection', 'rangel-selection', 'argent-selection', 'witherspoon-smithson-selection', 'write-in-selection-us-congress-district-5'], ['id', 'bainbridge-selection', 'hennessey-se

In [83]:
dfs = []

for i in range(len(selection_name_lists)):
    df = pd.DataFrame(columns = selection_name_lists[i])
    print(df)
    dfs.append(df)

Empty DataFrame
Columns: [id, barchi-hallaren-selection, cramer-vuocolo-selection, court-blumhardt-selection, boone-lian-selection, hildebrand-garritty-selection, patterson-lariviere-selection, write-in-selection-president]
Index: []
Empty DataFrame
Columns: [id, franz-selection, harris-selection, bargmann-selection, abcock-selection, steel-loy-selection, sharp-selection, walace-selection, williams-selection, alpern-selection, windbeck-selection, sharp-althea-selection, greher-selection, alexander-selection, mitchell-selection, lee-selection, ash-selection, kennedy-selection, jackson-selection, brown-selection, teller-selection, ward-selection, murphy-selection, newman-selection, callanann-selection, york-selection, chandler-selection, write-in-selection-governor]
Index: []

[0 rows x 28 columns]
Empty DataFrame
Columns: [id, soliz-selection, keller-selection, rangel-selection, argent-selection, witherspoon-smithson-selection, write-in-selection-us-congress-district-5]
Index: []
Empty 

In [None]:
# read all ballot files
# unfinished
for file in glob.glob(ballot_folder_path + "*.json"):
    ballot = read_json_file(file)
    ballot_id = ballot['object_id']
    ballot_state = ballot['state']
    contests = ballot['contests']
    
    if (ballot_state == 'CAST'): 
        for i in range(len(contests)):
            contest = contests[i]
            selections = contest['ballot_selections']
    
            for selection in selections:
                is_placeholder = selection['is_placeholder_selection']
                if not is_placeholder: 
                    selection_name = selection['object_id']
                    curr_df = switch_idx(selection_name)
                    curr_df['id'] = ballot_id
                    curr_df[ballot_id][selection_name]
                    

In [31]:
# green box 6

# get all ki_0
k_i0_list = []
for i in range(0, num_of_guardian): 
    coefficients = read_json_file(coefficients_path + str(i) + '.json')
    k_i0 = int(coefficients['coefficient_commitments'][0])
    k_i0_list.append(k_i0)

#for file in glob.glob(ballot_folder_path + "*.json"):
    
# get all the contest names stored in the first layer
contest_names = list(tally.keys())

# loop over each contest 
for contest_name in contest_names: 
    error = False
    print(contest_name)
    
    # get all the selection names in a contest
    selection_names = list(tally[contest_name]['selections'].keys())
    
    
    # loop over each selection within a contest
    for selection_name in selection_names:
        print("     " + selection_name)
        selection = tally[contest_name]['selections'][selection_name]
        shares = selection['shares']
        big_A = int(selection['message']['pad'])
        big_B = int(selection['message']['data'])
        
        # loop over each guardian's share of decryption
        for i in range(num_of_guardian):
            share = shares[i]
            M_i = int(share['share'])
            proof = share['proof']
            v_i = int(proof['response'])
            a_i = int(proof['pad'])
            b_i = int(proof['data'])
            c_i = int(proof['challenge'])
            k_i = k_i0_list[i]
            
            # calculate using given values
            c_i_expected = hash_elems(extended_hash, big_A, big_B, a_i, b_i, M_i)
            #print("actual c   " + str(c_i))
            #print("expected c " + str(c_i_expected))
            equ_1_left = pow(g, v_i, p)
            equ_1_right = mod_p(mod_p(a_i) * pow(k_i, c_i, p))
            equ_2_left = pow(big_A, v_i, p)
            equ_2_right = mod_p(mod_p(b_i) * pow(M_i, c_i, p))
            #print("equation1 left   " + str(equ_1_left))
            #print("equation1 right   " + str(equ_1_right))
            
            # confirm that v_i is in the set of Z_q
            if not is_valid_of_Z_boundary(v_i, q):
                error = True
                print("       v_i error " + str(error))
                
            # confirm that a_i and b_i are both in the set Z_r_q
            if not is_valid_of_Zr_boundary(a_i, q):
                error = True
                print("       a_i error " + str(error))
            if not is_valid_of_Zr_boundary(b_i, q):
                error = True
                print("       b_i error " + str(error))
                
            # confirm challege value c_i = H(q_bar, (A,B), (a_i, b_i), M_i)
            if not equals(c_i, c_i_expected):
                error = True
                print("       c_i error " + str(error))
                
            # check first equation, g^v_i = a_i * K_i^c_i
            if not equals(equ_1_left, equ_1_right):
                error = True
                print("       equation1 error " + str(error))
                
            # check second equation, A^v_i = b_i * M_i^c_i
            if not equals(equ_2_left, equ_2_right):
                error = True
                print("       equation2 error " + str(error))
                
            
        
if not error:
    print("success")

president-vice-president-contest
     barchi-hallaren-selection
     cramer-vuocolo-selection
     court-blumhardt-selection
     boone-lian-selection
     hildebrand-garritty-selection
     patterson-lariviere-selection
     write-in-selection-president
ozark-governor
     franz-selection
     harris-selection
     bargmann-selection
     abcock-selection
     steel-loy-selection
     sharp-selection
     walace-selection
     williams-selection
     alpern-selection
     windbeck-selection
     sharp-althea-selection
     greher-selection
     alexander-selection
     mitchell-selection
     lee-selection
     ash-selection
     kennedy-selection
     jackson-selection
     brown-selection
     teller-selection
     ward-selection
     murphy-selection
     newman-selection
     callanann-selection
     york-selection
     chandler-selection
     write-in-selection-governor
congress-district-5-contest
     soliz-selection
     keller-selection
     rangel-selection
     argent-select

In [21]:


70994832482198157778563778077321339890089723449913247716198644394282333863496
76399268070314868948319433133099194084979953104525111530814451833587822877544
89915174162554549280401364803765952977396227696680226394538786049235446808187


In [75]:
# green box 9 
error = False

for contest_name in contest_names: 
    # get all the selection names in a contest
    selection_names = list(tally[contest_name]['selections'].keys())
    #print(contest_name) 
    
    # loop over each selection within a contest
    for selection_name in selection_names:
        #print("     " + selection_name)
        m_product = 1
        selection = tally[contest_name]['selections'][selection_name]
        shares = selection['shares']
        big_B = int(selection['message']['data'])
        big_M = int(selection['value'])
        t = int(selection['tally']) 
        
        for share in shares: 
            M_i = int(share['share'])
            m_product *= mod_p(M_i)
            
        # check equation B = M * (M_i products) mod p
        if not equals(mod_p(big_B), mod_p(big_M * m_product)):
            error = True
            print(error)
            
        # check equation M = g^t mod p
        if not equals(big_M, pow(g, t, p)):
            error = True
            print(error)
if not error:
    print("success")

success
