From c3fca1914bb0f838e0d106ccd709108889bf8bc9 Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 14:46:25 +0100 Subject: [PATCH 1/6] Some refactoring --- shuffle/shuffle_test.go | 73 +++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 8eafc2466..1f524eb81 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -1,6 +1,7 @@ package shuffle import ( + "crypto/cipher" "testing" "go.dedis.ch/kyber/v3" @@ -11,7 +12,7 @@ import ( var k = 5 var NQ = 6 -var N = 10 +var N = 1 func TestShufflePair(t *testing.T) { s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) @@ -23,47 +24,51 @@ func TestShuffleSequence(t *testing.T) { sequenceShuffleTest(s, k, NQ, N) } -func pairShuffleTest(suite Suite, k, N int) { - rand := suite.RandomStream() - +func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) + h0 := suite.Scalar().Pick(rand) + h1 := suite.Point().Mul(h0, nil) // Create a set of ephemeral "client" keypairs to shuffle - c := make([]kyber.Scalar, k) - C := make([]kyber.Point, k) - // fmt.Println("\nclient keys:") + c0 := make([]kyber.Scalar, k) + c1 := make([]kyber.Point, k) + for i := 0; i < k; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - // fmt.Println(" "+C[i].String()) + c0[i] = suite.Scalar().Pick(rand) + c1[i] = suite.Point().Mul(c0[i], nil) + } + return h0, h1, c0, c1 +} + +func pairShuffleTest(suite Suite, k, n int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + // ElGamal-encrypt all these keypairs with the "server" key - X := make([]kyber.Point, k) - Y := make([]kyber.Point, k) + x := make([]kyber.Point, k) + y := make([]kyber.Point, k) r := suite.Scalar() // temporary for i := 0; i < k; i++ { r.Pick(rand) - X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[i].Add(Y[i], C[i]) // Encrypted client public key + x[i] = suite.Point().Mul(r, nil) + y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + y[i].Add(y[i], c1[i]) // Encrypted client public key } - // Repeat only the actual shuffle portion for test purposes. - for i := 0; i < N; i++ { + // Repeat only the actual shuffle portion for benchmark purposes. + for i := 0; i < n; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, H, X, Y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) prf, err := proof.HashProve(suite, "PairShuffle", prover) if err != nil { panic("Shuffle proof failed: " + err.Error()) } - //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := Verifier(suite, nil, H, X, Y, Xbar, Ybar) + verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { panic("Shuffle verify failed: " + err.Error()) @@ -73,19 +78,7 @@ func pairShuffleTest(suite Suite, k, N int) { func sequenceShuffleTest(suite Suite, k, NQ, N int) { rand := suite.RandomStream() - - // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) - - // Create a set of ephemeral "client" keypairs to shuffle - c := make([]kyber.Scalar, k) - C := make([]kyber.Point, k) - - for i := 0; i < k; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - } + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) X := make([][]kyber.Point, NQ) Y := make([][]kyber.Point, NQ) @@ -110,16 +103,16 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { for i := 0; i < k; i++ { r.Pick(rand) X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], C[i]) // Encrypted client public key + Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key } } - // Repeat only the actual shuffle portion for test purposes. + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, H, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) e := make([]kyber.Scalar, NQ) for j := 0; j < NQ; j++ { @@ -139,7 +132,7 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, H, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { From 3f60ce2255ca5bf7699dc6f2f58d2e448ed8945e Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 14:50:58 +0100 Subject: [PATCH 2/6] Add test wrong shuffles on pair --- shuffle/shuffle_test.go | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 1f524eb81..0972b7c3b 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -4,6 +4,7 @@ import ( "crypto/cipher" "testing" + "github.com/stretchr/testify/assert" "go.dedis.ch/kyber/v3" "go.dedis.ch/kyber/v3/group/edwards25519" "go.dedis.ch/kyber/v3/proof" @@ -19,6 +20,11 @@ func TestShufflePair(t *testing.T) { pairShuffleTest(s, k, N) } +func TestShuffleInvalidPair(t *testing.T) { + s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) + pairInvalidShuffleTest(t, s, k) +} + func TestShuffleSequence(t *testing.T) { s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) sequenceShuffleTest(s, k, NQ, N) @@ -76,6 +82,36 @@ func pairShuffleTest(suite Suite, k, n int) { } } +func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + + // ElGamal-encrypt all these keypairs with the "server" key + x := make([]kyber.Point, k) + y := make([]kyber.Point, k) + r := suite.Scalar() // temporary + for i := 0; i < k; i++ { + r.Pick(rand) + x[i] = suite.Point().Mul(r, nil) + y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + y[i].Add(y[i], c1[i]) // Encrypted client public key + } + + // Do a key-shuffle + Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + + // Corrupt the shuffle + Xbar[1], Xbar[0] = Xbar[0], Xbar[1] + + prf, err := proof.HashProve(suite, "PairShuffle", prover) + assert.Nil(t, err) + + // Check it + verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + err = proof.HashVerify(suite, "PairShuffle", verifier, prf) + assert.Error(t, err) +} + func sequenceShuffleTest(suite Suite, k, NQ, N int) { rand := suite.RandomStream() _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) From 2925950f3a65f0387375d58fe00d4e11b3d23b80 Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 16:03:15 +0100 Subject: [PATCH 3/6] Add test wrong Shuffle Sequence --- shuffle/shuffle_test.go | 63 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 0972b7c3b..51e96cb67 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -30,6 +30,11 @@ func TestShuffleSequence(t *testing.T) { sequenceShuffleTest(s, k, NQ, N) } +func TestInvalidShuffleSequence(t *testing.T) { + s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) + sequenceInvalidShuffleTest(t, s, k, NQ) +} + func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { // Create a "server" private/public keypair h0 := suite.Scalar().Pick(rand) @@ -176,3 +181,61 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { } } } + +func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + + X := make([][]kyber.Point, NQ) + Y := make([][]kyber.Point, NQ) + + // generate random sequences + for i := 0; i < NQ; i++ { + xs := make([]kyber.Point, k) + ys := make([]kyber.Point, k) + + for j := 0; j < k; j++ { + xs[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) + ys[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) + } + + X[i] = xs + Y[i] = ys + } + + // ElGamal-encrypt all these keypairs with the "server" key + r := suite.Scalar() // temporary + for j := 0; j < NQ; j++ { + for i := 0; i < k; i++ { + r.Pick(rand) + X[j][i] = suite.Point().Mul(r, nil) + Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key + } + } + + // Do a key-shuffle + XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + + // Corrupt original inputs + X[0][0], Y[0][0] = X[0][1], Y[0][1] + + e := make([]kyber.Scalar, NQ) + for j := 0; j < NQ; j++ { + e[j] = suite.Scalar().Pick(suite.RandomStream()) + } + + prover, err := getProver(e) + assert.Nil(t, err) + + prf, err := proof.HashProve(suite, "PairShuffle", prover) + assert.Nil(t, err) + + XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) + + // Check it + verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + + err = proof.HashVerify(suite, "PairShuffle", verifier, prf) + assert.Error(t, err) +} From e04ef543c50165d3a47867b5722a6718860df383 Mon Sep 17 00:00:00 2001 From: lauener Date: Mon, 18 Mar 2024 14:54:42 +0100 Subject: [PATCH 4/6] Add negative test for shuffle/Biffle --- shuffle/biffle_test.go | 61 +++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 18 deletions(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 2b73cde33..00f017ae1 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -15,22 +15,15 @@ func TestBiffle(t *testing.T) { biffleTest(s, N) } +func TestInvalidBiffle(t *testing.T) { + rand := blake2xb.New(nil) + s := edwards25519.NewBlakeSHA256Ed25519WithRand(rand) + biffleInvalidTest(s) +} + func biffleTest(suite Suite, N int) { rand := suite.RandomStream() - - // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) - - // Create a set of ephemeral "client" keypairs to shuffle - var c [2]kyber.Scalar - var C [2]kyber.Point - // fmt.Println("\nclient keys:") - for i := 0; i < 2; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - // fmt.Println(" "+C[i].String()) - } + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -38,15 +31,15 @@ func biffleTest(suite Suite, N int) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[i].Add(Y[i], C[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[i].Add(Y[i], c1[i]) // Encrypted client public key } // Repeat only the actual shuffle portion for test purposes. for i := 0; i < N; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, H, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -54,10 +47,42 @@ func biffleTest(suite Suite, N int) { //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := BiffleVerifier(suite, nil, H, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err != nil { panic("Biffle verify failed: " + err.Error()) } } } + +func biffleInvalidTest(suite Suite) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + + // ElGamal-encrypt all these keypairs with the "server" key + var X, Y [2]kyber.Point + r := suite.Scalar() // temporary + for i := 0; i < 2; i++ { + r.Pick(rand) + X[i] = suite.Point().Mul(r, nil) + Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[i].Add(Y[i], c1[i]) // Encrypted client public key + } + + // Do a key-shuffle + Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + prf, err := proof.HashProve(suite, "Biffle", prover) + if err != nil { + panic("Biffle proof failed: " + err.Error()) + } + + // Corrupt inputs + X[0], Y[0] = X[1], Y[1] + + // Check it + verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + err = proof.HashVerify(suite, "Biffle", verifier, prf) + if err == nil { + panic("Biffle verify should have failed") + } +} From a7a0352aab312ad48d3c665334e55c85d9134a9b Mon Sep 17 00:00:00 2001 From: lauener Date: Mon, 18 Mar 2024 14:57:25 +0100 Subject: [PATCH 5/6] Fix comment --- shuffle/biffle_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 00f017ae1..18a34e916 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -35,7 +35,7 @@ func biffleTest(suite Suite, N int) { Y[i].Add(Y[i], c1[i]) // Encrypted client public key } - // Repeat only the actual shuffle portion for test purposes. + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle From b00ef18a9229e7fad0697d9d0bfc37529e50493c Mon Sep 17 00:00:00 2001 From: lauener Date: Wed, 20 Mar 2024 18:09:10 +0100 Subject: [PATCH 6/6] Reduce code duplication --- shuffle/biffle_test.go | 20 +++---- shuffle/shuffle_test.go | 114 +++++++++++++++++----------------------- 2 files changed, 57 insertions(+), 77 deletions(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 18a34e916..c4150eaa6 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -23,7 +23,7 @@ func TestInvalidBiffle(t *testing.T) { func biffleTest(suite Suite, N int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -31,15 +31,15 @@ func biffleTest(suite Suite, N int) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -47,7 +47,7 @@ func biffleTest(suite Suite, N int) { //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err != nil { panic("Biffle verify failed: " + err.Error()) @@ -57,7 +57,7 @@ func biffleTest(suite Suite, N int) { func biffleInvalidTest(suite Suite) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -65,12 +65,12 @@ func biffleInvalidTest(suite Suite) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -80,7 +80,7 @@ func biffleInvalidTest(suite Suite) { X[0], Y[0] = X[1], Y[1] // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err == nil { panic("Biffle verify should have failed") diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 51e96cb67..822f31e30 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -35,27 +35,27 @@ func TestInvalidShuffleSequence(t *testing.T) { sequenceInvalidShuffleTest(t, s, k, NQ) } -func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { +func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Point, []kyber.Point) { // Create a "server" private/public keypair h0 := suite.Scalar().Pick(rand) h1 := suite.Point().Mul(h0, nil) // Create a set of ephemeral "client" keypairs to shuffle - c0 := make([]kyber.Scalar, k) c1 := make([]kyber.Point, k) for i := 0; i < k; i++ { - c0[i] = suite.Scalar().Pick(rand) - c1[i] = suite.Point().Mul(c0[i], nil) - + c0 := suite.Scalar().Pick(rand) + c1[i] = suite.Point().Mul(c0, nil) } - return h0, h1, c0, c1 + return h1, c1 } -func pairShuffleTest(suite Suite, k, n int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) +func elGamalEncryptPair( + rand cipher.Stream, + suite Suite, + c []kyber.Point, + h kyber.Point, k int) ([]kyber.Point, []kyber.Point) { // ElGamal-encrypt all these keypairs with the "server" key x := make([]kyber.Point, k) @@ -64,22 +64,29 @@ func pairShuffleTest(suite Suite, k, n int) { for i := 0; i < k; i++ { r.Pick(rand) x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key + y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + y[i].Add(y[i], c[i]) // Encrypted client public key } + return x, y +} + +func pairShuffleTest(suite Suite, k, n int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < n; i++ { - // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) prf, err := proof.HashProve(suite, "PairShuffle", prover) if err != nil { panic("Shuffle proof failed: " + err.Error()) } // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { panic("Shuffle verify failed: " + err.Error()) @@ -89,21 +96,11 @@ func pairShuffleTest(suite Suite, k, n int) { func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - // ElGamal-encrypt all these keypairs with the "server" key - x := make([]kyber.Point, k) - y := make([]kyber.Point, k) - r := suite.Scalar() // temporary - for i := 0; i < k; i++ { - r.Pick(rand) - x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key - } + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) // Corrupt the shuffle Xbar[1], Xbar[0] = Xbar[0], Xbar[1] @@ -112,15 +109,17 @@ func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { assert.Nil(t, err) // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err) } -func sequenceShuffleTest(suite Suite, k, NQ, N int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - +func generateAndEncryptRandomSequences( + rand cipher.Stream, + suite Suite, + h kyber.Point, + c []kyber.Point, + k int) ([][]kyber.Point, [][]kyber.Point) { X := make([][]kyber.Point, NQ) Y := make([][]kyber.Point, NQ) @@ -144,16 +143,24 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { for i := 0; i < k; i++ { r.Pick(rand) X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key + Y[j][i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c[i]) // Encrypted client public key } } + return X, Y +} + +func sequenceShuffleTest(suite Suite, k, NQ, N int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) e := make([]kyber.Scalar, NQ) for j := 0; j < NQ; j++ { @@ -173,7 +180,7 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { @@ -184,38 +191,11 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - X := make([][]kyber.Point, NQ) - Y := make([][]kyber.Point, NQ) - - // generate random sequences - for i := 0; i < NQ; i++ { - xs := make([]kyber.Point, k) - ys := make([]kyber.Point, k) - - for j := 0; j < k; j++ { - xs[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - ys[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - } - - X[i] = xs - Y[i] = ys - } - - // ElGamal-encrypt all these keypairs with the "server" key - r := suite.Scalar() // temporary - for j := 0; j < NQ; j++ { - for i := 0; i < k; i++ { - r.Pick(rand) - X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key - } - } + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) // Corrupt original inputs X[0][0], Y[0][0] = X[0][1], Y[0][1] @@ -234,7 +214,7 @@ func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err)