In [38]:
import json
import tqdm
import hashlib
from typing import (
    Union,
    Sequence
)

# function hub
def read_json_file(file_path): 
    ''' opens a json file, return its content save in a dictionary
    @input: file path to the json file
    @output: a dictionary of json file content
    '''
    file = open(file_path, 'r')
    values = json.load(file)
    file.close()
    return values

def hash_elems(*a):
    
    
    h = hashlib.sha256()
    h.update("|".encode("utf-8"))
    
    for x in a:

        if not x:
            # This case captures empty lists and None, nicely guaranteeing that we don't
            # need to do a recursive call if the list is empty. So we need a string to
            # feed in for both of these cases. "None" would be a Python-specific thing,
            # so we'll go with the more JSON-ish "null".
            hash_me = "null"

        elif isinstance(x, str):
            # strings are iterable, so it's important to handle them before the following check
            hash_me = x
        elif isinstance(x, Sequence):
             # The simplest way to deal with lists, tuples, and such are to crunch them recursively.
            hash_me = str(hash_elems(*x))           
        else:
            hash_me = str(x)
        h.update((hash_me + "|").encode("utf-8"))

    # Note: the returned value will range from [1,Q), because zeros are bad
    # for some of the nonces. (g^0 == 1, which would be an unhelpful thing
    # to multiply something with, if you were trying to encrypt it.)

    # Also, we don't need the checked version of int_to_q, because the
    # modulo operation here guarantees that we're in bounds.
    # return int_to_q_unchecked(
    #     1 + (int.from_bytes(h.digest(), byteorder="big") % Q_MINUS_ONE)
    # )

    return 1 + (int.from_bytes(h.digest(), byteorder="big") % (q - 1))
        

In [39]:

# file path configuration
constants_file_path = 'results/constants.json'
context_file_path = 'results/context.json'
ballot_file_path = 'results/encrypted_ballots/ballot_ballot-af0a2a64-c786-11ea-a311-acde48001122.json'


# basic parameters
g = 0
p = 0
q = 0
r = 0
gInv = 0
K = 0

In [40]:


constants = read_json_file(constants_file_path)
#print(constants)

g = constants['g']
p = constants['p']
q = constants['q']
q_test = pow(2, 256) - 189

r = constants['r']
gInv = constants['gInv']

#print('g:'+str(g))
#print('p:'+str(p))
#print('q:'+str(q))

context = read_json_file(context_file_path)
#print(context)

K = int(context['elgamalPublicKey'])
QBar = context['cryptoExtendedBaseHash']

print("K:"+str(K))
print("QBar:"+str(QBar))



K:89022282623525074823760247455314859714433402104642868751796343202275927432747060983810645328831604612116269518580085190768368118809850978024201119496759318041354923419362142047818821407809572524422153809576248548415076808323667041185303381146031921172154671778144013029032431410535445208187138240083992569267077213751045669533656579245901531868535819013801884982539514056128419213426060697430210061233047000091207120814395168530138961979397985390337386914461355079429727486540432416286125197826884881325535116588318806208955888708618119871091482800565552287331583089434375569664755968011354732895527516669896260574275351085296922972751668849735978722601365545614399831545038918403482406852108204908247165530295314468558467021528256650484873397216743999809786688819458555972594931136471415204841866163083056613334431198265057169141181920194633200221970129985398632350373206222308782214137759345375521834083396886968535989183600329978047754000943027329932719622828455224212577665863145481179387803494

In [49]:
# one sample data
ballot = read_json_file(ballot_file_path)

error = False

contests = ballot['contests']
for contest in contests:
    
    ballotSelections = contest['ballotSelections']
    for ballotSelection in ballotSelections:


        objectId = ballotSelection['objectId']

        alpha = int(ballotSelection['message']['alpha'])
        beta = int(ballotSelection['message']['beta'])

        a0 = int(ballotSelection['proof']['a0'])
        a1 = int(ballotSelection['proof']['a1'])
        b0 = int(ballotSelection['proof']['b0'])
        b1 = int(ballotSelection['proof']['b1'])
        c0 = int(ballotSelection['proof']['c0'])
        c1 = int(ballotSelection['proof']['c1'])
        v0 = int(ballotSelection['proof']['v0'])
        v1 = int(ballotSelection['proof']['v1'])

        alphaPow = pow(alpha, q, p)
        betaPow = pow(beta, q, p)
        a0Pow = pow(a0, q, p)
        b0Pow = pow(b0, q, p)
        a1Pow = pow(a1, q, p)
        b1Pow = pow(b1, q, p)

        #print("a0:"+str(a0))
        #print("alpha_1:"+str(alpha_1))
        # 3.1 The given values alpha, beta, a0, b0, a1, and b1 are all in the set Zpr.
        if alpha < 0 or alpha >= p:
            print("alpha is out of range.")
            error = True  
        if beta < 0 or beta >= p:
            print("beta is out of range.")
            error = True
        if a0 < 0 or a0 >= p:
            print("a0 is out of range.")
            error = True
        if a1 < 0 or a1 >= p:
            print("a1 is out of range.")
            error = True
        if b0 < 0 or b0 >= p:
            print("b0 is out of range.")
            error = True
        if b1 < 0 or b1 >= p:
            print("b1 is out of range.")
            error = True           
        if alphaPow != 1:
            print("alpha^q mod p does not equal to 1.")
            error = True
        if betaPow != 1:
            print("beta^q mod p does not equal to 1.")
            error = True
        if a0Pow != 1:
            print("a0^q mod p does not equal to 1.")
            error = True
        if a1Pow != 1:
            print("a1^q mod p does not equal to 1.")
            error = True
        if b0Pow != 1:
            print("b0^q mod p does not equal to 1.")
            error = True
        if b1Pow != 1:
            print("b1^q mod p does not equal to 1.")
            error = True   

        # 3.2 The challenge c is computed as c = H(Q, (alpha, beta), (a0, b0), (a1, b1))
        # tempString = str(QBar) + str(alpha) + str(beta) + str(a0) + str(b0) + str(a1) + str(b1)
        # tempList = (QBar, (alpha, beta), (a0, b0), (a1, b1))
        c = hash_elems(alpha, beta, a0, b0, a1, b1)
        print(c)
        
        print((c0 + c1) % q)

        # 3.3 The given values c0, c1, v0, and v1 are each in the set Zq.
        if c0 < 0 or c0 >= q:
            print("c0 is out of range.")
            error = True
        if c1 < 0 or c1 >= q:
            print("c1 is out of range.")
            error = True
        if v0 < 0 or v0 >= q:
            print("v0 is out of range.")
            error = True
        if v1 < 0 or v1 >= q:
            print("v1 is out of range.")
            error = True       

        # 1st equation: gv0=a0alphac0 mod p
        g_v0_ls = pow(g, v0, p) % p
        g_v0_rs = (a0 * pow(alpha, c0, p)) % p
    
        # 2nd equation: gv1=a1alphac1 mod p
        g_v1_ls = pow(g, v1, p) % p
        g_v1_rs = (a1 * pow(alpha, c1, p)) % p

        # 3rd equation: Kv0=b0betac0 mod p
        K_v0_ls = pow(K, v0, p) % p
        K_v0_rs = (b0 * pow(beta, c0, p)) % p
    
        # 4th equation: gc1Kv1=b1betac1 mod p
        fourth_ls = (pow(g, c1, p) * pow(K, v1, p) % p)
        fourth_rs = (b1 * pow(beta, c1, p)) % p

        # checking
        if g_v0_ls != g_v0_rs:
            print("g_vo != a_0*alpha^c_0 at cast_ballots {i}, contest {j}, selection {k}")
            error = True
        if g_v1_ls != g_v1_rs:
            print("g_v1 != a_1*alpha^c_1")
            error = True
        if K_v0_ls != K_v0_rs:
            print("K_v0 != b_0*alpha^c_0")
            error = True
        if fourth_ls != fourth_rs:
            print("g_c1 * K_v1 != (b1 * beta^c1) % p")
            error = True

                                               
if not error:
    print("success")   



33285869800280409293114928088983070922312889221944825640132403977078849428535
33285869800280409293114928088983070922312889221944825640132403977078849428535
82071252119171949055009215620562529313680691657219459859422098975895246170205
82071252119171949055009215620562529313680691657219459859422098975895246170205
55095633399546337575996357195354203298312740726786148417868569994576587501594
55095633399546337575996357195354203298312740726786148417868569994576587501594
125842983719908810649283092374128351663797248114753319661291376263075302013
125842983719908810649283092374128351663797248114753319661291376263075302013
22821877268652836319799001004990425312361984747555289060651625786577408439302
22821877268652836319799001004990425312361984747555289060651625786577408439302
9235944592218750804572118404723751501164003458936314083727604195990826817745
9235944592218750804572118404723751501164003458936314083727604195990826817745
3797153901377335811095500042748408652978759609075991621329504232995713

In [48]:

trackingId = ballot['trackingId']
print(trackingId)

tempH0 = hash_elems(QBar)
print(tempH0)




1523622118379541849599281920650694066588491847389919292171412356764087677419
94785420952387377032288458839737637198311323630260456934738630321103885145869
