Skip to content
Permalink
Browse files

Small fix and adjustment for moving ECPoint functions to ZKCurveParams

  • Loading branch information...
gertjaap committed Mar 1, 2019
1 parent 789a95a commit b507b834c38c42ef5f57225b455ff18b0f7d66ef
Showing with 47 additions and 47 deletions.
  1. +16 −16 audit.go
  2. +25 −25 bank.go
  3. +1 −1 bank_test.go
  4. +1 −1 pki.go
  5. +4 −4 transaction.go
@@ -125,14 +125,14 @@ func (a *Auditor) start() {
if etx.Type == Transfer {
for i := 0; i < len(etx.Entries); i++ {
//Dprintf("[A] Adding RToken %v...\n", etx.Entries[i].RToken)
a.RTokenCache[i] = a.RTokenCache[i].Add(etx.Entries[i].RToken, ZKLedgerCurve)
a.CommsCache[i] = a.CommsCache[i].Add(etx.Entries[i].Comm, ZKLedgerCurve)
a.RTokenCache[i] = ZKLedgerCurve.Add(a.RTokenCache[i], etx.Entries[i].RToken)
a.CommsCache[i] = ZKLedgerCurve.Add(a.CommsCache[i], etx.Entries[i].Comm)
}
} else if etx.Type == Issuance || etx.Type == Withdrawal {
// Only one bank for now
en := &etx.Entries[etx.Sender]
gval := ZKLedgerCurve.G.Mult(en.V, ZKLedgerCurve)
a.CommsCache[etx.Sender] = a.CommsCache[etx.Sender].Add(gval, ZKLedgerCurve)
gval := ZKLedgerCurve.Mult(ZKLedgerCurve.G, en.V)
a.CommsCache[etx.Sender] = ZKLedgerCurve.Add(a.CommsCache[etx.Sender], gval)
}
Dprintf("[A][%v] Processed txn\n", etx.Index)
a.mu.Unlock()
@@ -174,17 +174,17 @@ func (a *Auditor) computeSum(bank_i int) (*big.Int, bool) {
for i := 0; i < len(a.local_ledger.Transactions); i++ {
etx := &a.local_ledger.Transactions[i]
if etx.Type == Transfer {
comms = comms.Add(etx.Entries[bank_i].Comm, ZKLedgerCurve)
rtokens = rtokens.Add(etx.Entries[bank_i].RToken, ZKLedgerCurve)
comms = ZKLedgerCurve.Add(comms, etx.Entries[bank_i].Comm)
rtokens = ZKLedgerCurve.Add(rtokens, etx.Entries[bank_i].RToken)
} else if (etx.Type == Issuance || etx.Type == Withdrawal) && etx.Sender == bank_i {
gval := ZKLedgerCurve.G.Mult(etx.Entries[etx.Sender].V, ZKLedgerCurve)
comms = comms.Add(gval, ZKLedgerCurve)
gval := ZKLedgerCurve.Mult(ZKLedgerCurve.G, etx.Entries[etx.Sender].V)
comms = ZKLedgerCurve.Add(comms, gval)
}
}
}
a.mu.Unlock()
gv := ZKLedgerCurve.G.Mult(rep.Sum, ZKLedgerCurve).Neg(ZKLedgerCurve) // 1 / g^\sum{v_i}
T := comms.Add(gv, ZKLedgerCurve)
gv := ZKLedgerCurve.Neg(ZKLedgerCurve.Mult(ZKLedgerCurve.G, rep.Sum)) // 1 / g^\sum{v_i}
T := ZKLedgerCurve.Add(comms, gv)
verifies, _ := rep.Eproof.Verify(ZKLedgerCurve, T, rtokens, ZKLedgerCurve.H, a.pki.Get(bank_i))
if !verifies {
Dprintf("[A] Bank %v proof didn't verify! Their total: %v\n", bank_i, rep.Sum)
@@ -209,16 +209,16 @@ func (a *Auditor) sumOneBank(wg *sync.WaitGroup, bank_i int, totals []*big.Int,
for i := 0; i < len(a.local_ledger.Transactions); i++ {
etx := &a.local_ledger.Transactions[i]
if etx.Type == Transfer {
comms = comms.Add(etx.Entries[bank_i].Comm, ZKLedgerCurve)
rtokens = rtokens.Add(etx.Entries[bank_i].RToken, ZKLedgerCurve)
comms = ZKLedgerCurve.Add(comms, etx.Entries[bank_i].Comm)
rtokens = ZKLedgerCurve.Add(rtokens, etx.Entries[bank_i].RToken)
} else if (etx.Type == Issuance || etx.Type == Withdrawal) && etx.Sender == bank_i {
gval := ZKLedgerCurve.G.Mult(etx.Entries[etx.Sender].V, ZKLedgerCurve)
comms = comms.Add(gval, ZKLedgerCurve)
gval := ZKLedgerCurve.Mult(ZKLedgerCurve.G, etx.Entries[etx.Sender].V)
comms = ZKLedgerCurve.Add(comms, gval)
}
}
}
gv := ZKLedgerCurve.G.Mult(rep.Sum, ZKLedgerCurve).Neg(ZKLedgerCurve) // 1 / g^\sum{v_i}
T := comms.Add(gv, ZKLedgerCurve)
gv := ZKLedgerCurve.Neg(ZKLedgerCurve.Mult(ZKLedgerCurve.G, rep.Sum)) // 1 / g^\sum{v_i}
T := ZKLedgerCurve.Add(comms, gv)
verifies, _ := rep.Eproof.Verify(ZKLedgerCurve, T, rtokens, ZKLedgerCurve.H, a.pki.Get(bank_i))
if !verifies {
Dprintf("[A] Bank %v proof didn't verify! Their total: %v\n", bank_i, rep.Sum)
50 bank.go
@@ -525,12 +525,12 @@ func (b *Bank) createLocal(etx *EncryptedTransaction, bank_j int, value *big.Int

// items for simulated proof
b.mu.Lock()
SA := b.CommsCache[i].Add(etx.Entries[i].Comm, ZKLedgerCurve)
SB := b.RTokenCache[i].Add(rtoken, ZKLedgerCurve)
SA := ZKLedgerCurve.Add(b.CommsCache[i], etx.Entries[i].Comm)
SB := ZKLedgerCurve.Add(b.RTokenCache[i], rtoken)
b.mu.Unlock()
Base1 := commaux.Add(SA.Neg(ZKLedgerCurve), ZKLedgerCurve) // Base1 = CommAux - (\Sum_{i=0}^{n-1} CM_i + CM_n)
Result1 := baux.Add(SB.Neg(ZKLedgerCurve), ZKLedgerCurve) // Result1 = Baux - SB
Result2 := commaux.Add(etx.Entries[i].Comm.Neg(ZKLedgerCurve), ZKLedgerCurve)
Base1 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(SA)) // Base1 = CommAux - (\Sum_{i=0}^{n-1} CM_i + CM_n)
Result1 := ZKLedgerCurve.Add(baux, ZKLedgerCurve.Neg(SB)) // Result1 = Baux - SB
Result2 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(etx.Entries[i].Comm))

// TODO: Error handling
etx.Entries[i].Assets, _ = zksigma.NewDisjunctiveProof(ZKLedgerCurve, Base1, Result1, ZKLedgerCurve.H, Result2, rpmr, 1)
@@ -564,15 +564,15 @@ func (b *Bank) createLocal(etx *EncryptedTransaction, bank_j int, value *big.Int
// structures have been updated from the n-1th
// transaction, because I should have been stuck in the wait()

SA := b.CommsCache[i].Add(etx.Entries[i].Comm, ZKLedgerCurve) // SA = n-1 sum + curSum
SB := b.RTokenCache[i].Add(rtoken, ZKLedgerCurve) //SB = n-1 sum + current rtoken
SA := ZKLedgerCurve.Add(b.CommsCache[i], etx.Entries[i].Comm) // SA = n-1 sum + curSum
SB := ZKLedgerCurve.Add(b.RTokenCache[i], rtoken) //SB = n-1 sum + current rtoken
b.mu.Unlock()

commaux = zksigma.PedCommitR(ZKLedgerCurve, sum, rp)
etx.Entries[i].CommAux = commaux
Base1 := commaux.Add(SA.Neg(ZKLedgerCurve), ZKLedgerCurve)
Result1 := baux.Add(SB.Neg(ZKLedgerCurve), ZKLedgerCurve) // Result1 = commaux - (sum of entries)
Result2 := commaux.Add(etx.Entries[i].Comm.Neg(ZKLedgerCurve), ZKLedgerCurve)
Base1 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(SA))
Result1 := ZKLedgerCurve.Add(baux, ZKLedgerCurve.Neg(SB)) // Result1 = commaux - (sum of entries)
Result2 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(etx.Entries[i].Comm))

// TODO: Error handling
etx.Entries[i].Assets, _ = zksigma.NewDisjunctiveProof(ZKLedgerCurve, Base1, Result1, ZKLedgerCurve.H, Result2, b.pki.GetSK(b.id), 0)
@@ -612,12 +612,12 @@ func (b *Bank) createLocal(etx *EncryptedTransaction, bank_j int, value *big.Int
rpmr.Mod(rpmr, ZKLedgerCurve.C.Params().N)

b.mu.Lock()
SA := b.CommsCache[i].Add(etx.Entries[i].Comm, ZKLedgerCurve)
SB := b.RTokenCache[i].Add(rtoken, ZKLedgerCurve)
SA := ZKLedgerCurve.Add(b.CommsCache[i], etx.Entries[i].Comm)
SB := ZKLedgerCurve.Add(b.RTokenCache[i], rtoken)
b.mu.Unlock()
Base1 := commaux.Add(SA.Neg(ZKLedgerCurve), ZKLedgerCurve)
Result1 := baux.Add(SB.Neg(ZKLedgerCurve), ZKLedgerCurve)
Result2 := commaux.Add(etx.Entries[i].Comm.Neg(ZKLedgerCurve), ZKLedgerCurve)
Base1 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(SA))
Result1 := ZKLedgerCurve.Add(baux, ZKLedgerCurve.Neg(SB))
Result2 := ZKLedgerCurve.Add(commaux, ZKLedgerCurve.Neg(etx.Entries[i].Comm))

// TODO: Error handling
etx.Entries[i].Assets, _ = zksigma.NewDisjunctiveProof(ZKLedgerCurve, Base1, Result1, ZKLedgerCurve.H, Result2, rpmr, 1)
@@ -666,8 +666,8 @@ func (b *Bank) updateLocalData(etx *EncryptedTransaction) {
b.local_ledger.add(etx)
if etx.Type == Transfer {
for i := 0; i < b.num; i++ {
b.RTokenCache[i] = b.RTokenCache[i].Add(etx.Entries[i].RToken, ZKLedgerCurve)
b.CommsCache[i] = b.CommsCache[i].Add(etx.Entries[i].Comm, ZKLedgerCurve)
b.RTokenCache[i] = ZKLedgerCurve.Add(b.RTokenCache[i], etx.Entries[i].RToken)
b.CommsCache[i] = ZKLedgerCurve.Add(b.CommsCache[i], etx.Entries[i].Comm)
}
req, ok := b.StoreRequests[etx.Index]
if !ok {
@@ -678,8 +678,8 @@ func (b *Bank) updateLocalData(etx *EncryptedTransaction) {
} else if etx.Type == Issuance || etx.Type == Withdrawal {
// Only one bank
en := &etx.Entries[etx.Sender]
gval := ZKLedgerCurve.G.Mult(en.V, ZKLedgerCurve)
b.CommsCache[etx.Sender] = b.CommsCache[etx.Sender].Add(gval, ZKLedgerCurve)
gval := ZKLedgerCurve.Mult(ZKLedgerCurve.G, en.V)
b.CommsCache[etx.Sender] = ZKLedgerCurve.Add(b.CommsCache[etx.Sender], gval)
}
}
// Processed transaction etx.Index, signal whoever might be waiting for it.
@@ -753,18 +753,18 @@ func (b *Bank) answerSum() (*big.Int, *zksigma.EquivalenceProof) {
for i := 0; i < len(b.local_ledger.Transactions); i++ {
etx := &b.local_ledger.Transactions[i]
if etx.Type == Transfer {
total_comms = total_comms.Add(etx.Entries[b.id].Comm, ZKLedgerCurve)
total_rtoken = total_rtoken.Add(etx.Entries[b.id].RToken, ZKLedgerCurve)
total_comms = ZKLedgerCurve.Add(total_comms, etx.Entries[b.id].Comm)
total_rtoken = ZKLedgerCurve.Add(total_rtoken, etx.Entries[b.id].RToken)
} else if (etx.Type == Issuance || etx.Type == Withdrawal) && etx.Sender == b.id {
gval := ZKLedgerCurve.G.Mult(etx.Entries[etx.Sender].V, ZKLedgerCurve)
total_comms = total_comms.Add(gval, ZKLedgerCurve)
gval := ZKLedgerCurve.Mult(ZKLedgerCurve.G, etx.Entries[etx.Sender].V)
total_comms = ZKLedgerCurve.Add(total_comms, gval)
}
}
}
b.print_transactions()
b.mu.Unlock()
gv := ZKLedgerCurve.G.Mult(total_clear, ZKLedgerCurve).Neg(ZKLedgerCurve) // 1 / g^\sum{v_i}
T := total_comms.Add(gv, ZKLedgerCurve) // should be h^r
gv := ZKLedgerCurve.Neg(ZKLedgerCurve.Mult(ZKLedgerCurve.G, total_clear)) // 1 / g^\sum{v_i}
T := ZKLedgerCurve.Add(total_comms, gv) // should be h^r
Dprintf("[%v] Audit:\n", b.id)
Dprintf("[%v] \\sum{v_i}: %v\n", b.id, total_clear)
Dprintf("[%v] 1 /g^\\sum{v_i}: %v\n", b.id, gv)
@@ -401,6 +401,6 @@ func BenchmarkUpdateCommCache(b *testing.B) {
comm, _, _ := zksigma.PedCommit(ZKLedgerCurve, value)
b.ResetTimer()
for n := 0; n < b.N; n++ {
comm = comm.Add(comm, ZKLedgerCurve)
comm = ZKLedgerCurve.Add(comm, comm)
}
}
2 pki.go
@@ -123,7 +123,7 @@ func (p *PKI) loadPKI(n int) ([]zksigma.ECPoint, []*big.Int, error) {
}

if keysFound != n+1 {
Dprintf("Key files not found for all the banks! Dumping pk map:", pk)
Dprintf("Key files not found for all the banks! Dumping pk map: %v", pk)
}

return pk, sk, nil
@@ -101,9 +101,9 @@ func (en *Entry) verify(pks []zksigma.ECPoint, CommCache zksigma.ECPoint, RToken
return false
}
// Check Proof of Assets
Base1 := en.CommAux.Add(CommCache.Add(en.Comm, ZKLedgerCurve).Neg(ZKLedgerCurve), ZKLedgerCurve)
Result1 := en.BAux.Add(RTokenCache.Add(en.RToken, ZKLedgerCurve).Neg(ZKLedgerCurve), ZKLedgerCurve)
Result2 := en.CommAux.Add(en.Comm.Neg(ZKLedgerCurve), ZKLedgerCurve)
Base1 := ZKLedgerCurve.Add(en.CommAux, ZKLedgerCurve.Neg(ZKLedgerCurve.Add(CommCache, en.Comm)))
Result1 := ZKLedgerCurve.Add(en.BAux, ZKLedgerCurve.Neg(ZKLedgerCurve.Add(RTokenCache, en.RToken)))
Result2 := ZKLedgerCurve.Add(en.CommAux, ZKLedgerCurve.Neg(en.Comm))
ok, err = en.Assets.Verify(ZKLedgerCurve, Base1, Result1, ZKLedgerCurve.H, Result2)
if !ok {
fmt.Printf(" [%v] %v/%v Base1: %v\n", debug, eidx, i, Base1)
@@ -175,7 +175,7 @@ func (e *EncryptedTransaction) Verify(pks []zksigma.ECPoint, CommCache []zksigma
rets := make(chan bool)
for i := 0; i < len(e.Entries); i++ {
en := &e.Entries[i]
commitmentSum = commitmentSum.Add(en.Comm, ZKLedgerCurve)
commitmentSum = ZKLedgerCurve.Add(commitmentSum, en.Comm)
if en.Bank != i {
Dprintf(" [%v] ETX %v Failed verify mismatching bank %#v\n", debug, e.Index, en)
return false

0 comments on commit b507b83

Please sign in to comment.
You can’t perform that action at this time.