relic-toolkit · dfaranha · Feb 8, 2024 · Feb 10, 2024 · Feb 11, 2024 · Feb 11, 2024
diff --git a/bench/bench_cp.c b/bench/bench_cp.c
@@ -699,11 +699,12 @@ static void etrs(void) {
 #if defined(WITH_PC)
 
 static void pdpub(void) {
-	bn_t r1, r2;
+	bn_t t, r1, r2;
 	g1_t p, u1, v1;
 	g2_t q, u2, v2, w2;
 	gt_t e, r, g[3];
 
+	bn_null(t);
 	bn_null(r1);
 	bn_null(r2);
 	g1_null(p);
@@ -719,6 +720,7 @@ static void pdpub(void) {
 	gt_null(g[1]);
 	gt_null(g[2]);
 
+	bn_new(t);
 	bn_new(r1);
 	bn_new(r2);
 	g1_new(p);
@@ -780,6 +782,40 @@ static void pdpub(void) {
 		BENCH_ADD(cp_lvpub_ver(r, g, r1, e));
 	} BENCH_END;
 
+	BENCH_RUN("cp_ampub_gen (first)") {
+		BENCH_ADD(cp_ampub_gen(r2, u1, u2, t, e, NULL, NULL, NULL));
+	} BENCH_END;
+
+	BENCH_RUN("cp_ampub_ask (first)") {
+		g1_rand(p);
+		g2_rand(q);
+		BENCH_ADD(cp_ampub_ask(r1, v1, w2, p, q, r2, u1, u2, t));
+	} BENCH_END;
+
+	BENCH_RUN("cp_ampub_ans (first)") {
+		g1_rand(p);
+		g2_rand(q);
+		BENCH_ADD(cp_ampub_ans(g, p, q, v1, t, w2, NULL));
+	} BENCH_END;
+
+	BENCH_RUN("cp_ampub_gen") {
+		BENCH_ADD(cp_ampub_gen(r2, u1, u2, t, e, r1, p, q));
+	} BENCH_END;
+
+	BENCH_RUN("cp_ampub_ans") {
+		cp_ampub_ask(r1, v1, w2, p, q, r2, u1, u2, t);
+		BENCH_ADD(cp_ampub_ans(g, p, q, v1, t, w2, q));
+	} BENCH_END;
+
+	BENCH_RUN("cp_ampub_ver") {
+		g1_rand(p);
+		g2_rand(q);
+		pc_map(e, p, q);
+		cp_ampub_ask(r1, v1, w2, p, q, r2, u1, u2, t);
+		BENCH_ADD(cp_ampub_ver(r, e, g, r1));
+	} BENCH_END;
+
+	bn_free(t);
 	bn_free(r1);
 	bn_free(r2);
 	g1_free(p);
@@ -863,13 +899,13 @@ static void pdprv(void) {
 	} BENCH_END;
 
 	BENCH_RUN("cp_lvprv_gen") {
-		BENCH_ADD(cp_lvprv_gen(r1, r2, u1, u2, v2, e));
+		BENCH_ADD(cp_lvprv_gen(r2, u1, u2, v2, e));
 	} BENCH_END;
 
 	BENCH_RUN("cp_lvprv_ask") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_lvprv_ask(v1, w2, p, q, r1, r2, u1, u2, v2));
+		BENCH_ADD(cp_lvprv_ask(r1, v1, w2, p, q, r2, u1, u2, v2));
 	} BENCH_END;
 
 	BENCH_RUN("cp_lvprv_ans") {

diff --git a/bench/bench_pc.c b/bench/bench_pc.c
@@ -519,6 +519,14 @@ static void arith2(void) {
 	}
 	BENCH_END;
 
+	BENCH_RUN("g2_mul (frb)") {
+		g2_rand(p);
+		pc_get_ord(n);
+		bn_rand_frb(k, &(core_get()->par), n, RLC_DIG);
+		BENCH_ADD(g2_mul(q, p, k));
+	}
+	BENCH_END;
+
 	BENCH_RUN("g2_map") {
 		uint8_t msg[5];
 		rand_bytes(msg, 5);
@@ -701,6 +709,14 @@ static void arith(void) {
 	}
 	BENCH_END;
 
+	BENCH_RUN("gt_exp (frb)") {
+		gt_rand(a);
+		pc_get_ord(d);
+		bn_rand_frb(e, &(core_get()->par), d, RLC_DIG);
+		BENCH_ADD(gt_exp(c, a, e));
+	}
+	BENCH_END;
+
 	gt_free(a);
 	gt_free(b);
 	gt_free(c);

diff --git a/include/relic_bn.h b/include/relic_bn.h
@@ -619,6 +619,17 @@ void bn_rand(bn_t a, int sign, size_t bits);
  */
 void bn_rand_mod(bn_t a, const bn_t b);
 
+/**
+ * Assigns a random value to a multiple precision integer with absolute value
+ * smaller tha a given modulus and encoded in a given basis.
+ *
+ * @param[out] a			- the multiple precision integer to assign.
+ * @param[in] b				- the basis.
+ * @param[in] n				- the modulus.
+ * @param[in] bits			- the precision in bits.
+ */
+void bn_rand_frb(bn_t a, const bn_t b, const bn_t n, size_t bits);
+
 /**
  * Prints a multiple precision integer to standard output.
  *

diff --git a/include/relic_cp.h b/include/relic_cp.h
@@ -1319,8 +1319,7 @@ int cp_lvpub_ver(gt_t r, const gt_t g[2], const bn_t c, const gt_t e);
  * @param[out] e			- the precomputed values e(U1, U2).
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4],
-		gt_t e[2]);
+int cp_lvprv_gen(bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2]);
 
 /**
  * Execute the client-side request for the LOVE pairing delegation protocol.
@@ -1336,9 +1335,8 @@ int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4],
  * @param[in] v2			- the image of the randomness in G_2.
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q,
-		const bn_t c, const bn_t r[3], const g1_t u1[2], const g2_t u2[2],
-		const g2_t v2[4]);
+int cp_lvprv_ask(bn_t c, g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q,
+		const bn_t r[3], const g1_t u1[2], const g2_t u2[2], const g2_t v2[4]);
 
 /**
  * Execute the server-side response for the LOVE pairing delegation protocol.
@@ -1364,6 +1362,67 @@ int cp_lvprv_ans(gt_t g[4], const g1_t v1[3], const g2_t w2[4]);
  */
 int cp_lvprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]);
 
+/**
+ * Generate parameters for the AMORE pairing delegation protocol with public
+ * inputs, using the result of a previous execution.
+ *
+ * @param[out] r			- the randomness.
+ * @param[out] u1			- the U1 precomputed value in G_1.
+ * @param[out] u2			- the U2 precomputed value in G_2.
+ * @param[out] v2			- the randomness for G_2.
+ * @param[out] e			- the precomputed values e(U1, U2).
+ * @param[in] c				- the previous challenge, NULL if first.
+ * @param[in] p				- the previous first argument, NULL if first.
+ * @param[in] q				- the previous second argument, NULL if first.
+ * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
+ */
+int cp_ampub_gen(bn_t r, g1_t u1, g2_t u2, bn_t v2, gt_t e, const bn_t c,
+		const g1_t p, const g2_t q);
+
+/**
+ * Execute the client-side request for the AMORE pairing delegation protocol.
+ *
+ * @param[out] c			- the challenge.
+ * @param[out] v1			- the blinded element in G_1.
+ * @param[out] w2			- the blinded element in G_2.
+ * @param[in] p				- the first argument of the pairing.
+ * @param[in] q				- the second argument of the pairing.
+ * @param[in] c				- the challenge.
+ * @param[in] r				- the randomness.
+ * @param[in] u1			- the U1 precomputed value in G_1.
+ * @param[in] u2			- the U2 precomputed value in G_2.
+ * @param[in] v2			- the randomness for G_2.
+ * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
+ */
+int cp_ampub_ask(bn_t c, g1_t v1, g2_t w2, const g1_t p, const g2_t q,
+		const bn_t r, const g1_t u1, const g2_t u2, const bn_t v2);
+
+/**
+ * Execute the server-side response for the AMORE pairing delegation protocol.
+ *
+ * @param[out] g			- the group elements computed by the server.
+ * @param[in] p				- the first argument of the pairing.
+ * @param[in] q				- the second argument of the pairing.
+ * @param[in] v1			- the blinded element in G_1.
+ * @param[in] v2			- the randomness for G_2.
+ * @param[in] w2			- the blinded element in G_2.
+ * @param[in] s				- the input to a previous execution, NULL if first.
+ * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
+ */
+int cp_ampub_ans(gt_t g[2], const g1_t p, const g2_t q, const g1_t v1,
+		const bn_t v2, const g2_t w2, const g2_t s);
+
+/**
+ * Verifies the result of the AMORE pairing delegation protocol.
+ *
+ * @param[out] r			- the result of the computation.
+ * @param[in, out] e		- the precomputed values e(U1, U2).
+ * @param[in] g				- the group elements returned by the server.
+ * @param[in] c				- the challenge.
+ * @return a boolean value indicating if the computation is correct.
+ */
+int cp_ampub_ver(gt_t r, gt_t e, const gt_t g[2], const bn_t c);
+
 /**
  * Generates a master key for the SOKAKA identity-based non-interactive
  * authenticated key agreement protocol.

diff --git a/include/relic_ep.h b/include/relic_ep.h
@@ -177,7 +177,7 @@ enum {
     SG18_P638,
 	/** New family with embeeding degree 16. */
 	N16_P765,
-	/* Fotiadis-Moartindale with embedding degree 16. */
+	/* Fotiadis-Martindale with embedding degree 16. */
 	FM16_P765,
 	/** Kachisa-Schaefer-Scott with embedding degree 16. */
 	K16_P766,

diff --git a/include/relic_label.h b/include/relic_label.h
@@ -3260,6 +3260,10 @@
 #undef cp_lvprv_ask
 #undef cp_lvprv_ans
 #undef cp_lvprv_ver
+#undef cp_ampub_gen
+#undef cp_ampub_ask
+#undef cp_ampub_ans
+#undef cp_ampub_ver
 #undef cp_sokaka_gen
 #undef cp_sokaka_gen_prv
 #undef cp_sokaka_key
@@ -3410,6 +3414,10 @@
 #define cp_lvprv_ask 	RLC_PREFIX(cp_lvprv_ask)
 #define cp_lvprv_ans 	RLC_PREFIX(cp_lvprv_ans)
 #define cp_lvprv_ver 	RLC_PREFIX(cp_lvprv_ver)
+#define cp_ampub_gen 	RLC_PREFIX(cp_ampub_gen)
+#define cp_ampub_ask 	RLC_PREFIX(cp_ampub_ask)
+#define cp_ampub_ans 	RLC_PREFIX(cp_ampub_ans)
+#define cp_ampub_ver 	RLC_PREFIX(cp_ampub_ver)
 #define cp_sokaka_gen 	RLC_PREFIX(cp_sokaka_gen)
 #define cp_sokaka_gen_prv 	RLC_PREFIX(cp_sokaka_gen_prv)
 #define cp_sokaka_key 	RLC_PREFIX(cp_sokaka_key)

diff --git a/src/bn/relic_bn_util.c b/src/bn/relic_bn_util.c
@@ -230,6 +230,35 @@
 	}
 }
 
+void bn_rand_frb(bn_t a, const bn_t x, const bn_t order, size_t bits) {
+	size_t i, dim = RLC_CEIL(bn_bits(order), bn_bits(x));
+	bn_t t, u;
+
+	bn_null(t);
+	bn_null(u);
+
+	RLC_TRY {
+		bn_new(t);
+		bn_new(u);
+
+		bits = RLC_CEIL(bits, dim);
+
+		bn_abs(u, x);
+		bn_zero(a);
+		for (i = 0; i < dim; i++) {
+			bn_rand(t, RLC_POS, bits);
+			bn_mul(a, a, u);
+			bn_add(a, a, t);
+		}
+		bn_mod(a, a, order);
+	} RLC_CATCH_ANY {
+		RLC_THROW(ERR_CAUGHT);
+	} RLC_FINALLY {
+		bn_free(t);
+		bn_free(u);
+	}
+}
+
 void bn_print(const bn_t a) {
 	int i;