From ea9d01c86d741f7419a11a43bf39b0ab1afccfa4 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Sun, 26 Jan 2025 21:24:20 +0100 Subject: [PATCH] Big refactoring of AMORE. --- bench/bench_cp.c | 113 +++++++----------------- include/relic_cp.h | 136 +++++++--------------------- src/cp/relic_cp_pcdel.c | 191 ++++++++++------------------------------ test/test_cp.c | 108 +++++++---------------- 4 files changed, 140 insertions(+), 408 deletions(-) diff --git a/bench/bench_cp.c b/bench/bench_cp.c index ffd5c8a55..265dd0c7d 100644 --- a/bench/bench_cp.c +++ b/bench/bench_cp.c @@ -876,10 +876,10 @@ static void pdpub(void) { #define AGGS 2 static void pdprv(void) { - bn_t r1, r2[3], ls[AGGS * AGGS], cs[AGGS], ks[AGGS]; - g1_t fs[AGGS], p[AGGS * AGGS], u1[2], v1[3], rs[AGGS * AGGS], ds[AGGS * AGGS]; - g2_t q[AGGS * AGGS], u2[2], v2[4], w2[4], bs[AGGS * AGGS]; - gt_t e[2], r, ts[2 * AGGS + 1], g[AGGS * AGGS + 1]; + bn_t r1, r2[3], ls[AGGS]; + g1_t fs[AGGS], p[AGGS], u1[2], v1[3], rs[AGGS]; + g2_t q[AGGS], u2[2], v2[4], w2[4]; + gt_t e[2], r, ts[AGGS + 1], g[RLC_MAX(4, AGGS + 1)]; bn_null(r1); gt_null(r); @@ -907,39 +907,27 @@ static void pdprv(void) { g2_new(w2[i]); } for (size_t i = 0; i < AGGS; i++) { - for (size_t j = 0; j < AGGS; j++) { - bn_null(ls[i * AGGS + j]); - g1_null(p[i * AGGS + j]); - g2_null(q[i * AGGS + j]); - g1_null(rs[i * AGGS + j]); - g1_null(ds[i * AGGS + j]); - g2_null(bs[i * AGGS + j]); - gt_null(g[i * AGGS + j]); - bn_new(ls[i * AGGS + j]); - g1_new(p[i * AGGS + j]); - g2_new(q[i * AGGS + j]); - g1_new(rs[i * AGGS + j]); - g1_new(ds[i * AGGS + j]); - g2_new(bs[i * AGGS + j]); - gt_new(g[i * AGGS + j]); - g1_rand(p[i * AGGS + j]); - g2_rand(q[i * AGGS + j]); - } - bn_null(ks[i]); - bn_null(cs[i]); + bn_null(ls[i]); + g1_null(p[i]); + g2_null(q[i]); + g1_null(rs[i]); g1_null(fs[i]); gt_null(ts[i]); - gt_null(ts[i + AGGS]); - bn_new(ks[i]); - bn_new(cs[i]) + gt_null(g[i]); + bn_new(ls[i]); + g1_new(p[i]); + g2_new(q[i]); + g1_rand(p[i]); + g2_rand(q[i]); + g1_new(rs[i]); g1_new(fs[i]); gt_new(ts[i]); - gt_new(ts[i + AGGS]); + gt_new(g[i]); } - gt_null(ts[2 * AGGS]); - gt_new(ts[2 * AGGS]); - gt_null(g[AGGS * AGGS]); - gt_new(g[AGGS * AGGS]); + gt_null(ts[AGGS]); + gt_null(g[AGGS]); + gt_new(ts[AGGS]); + gt_new(g[AGGS]); BENCH_RUN("cp_pdprv_gen") { BENCH_ADD(cp_pdprv_gen(r1, r2, u1, u2, v2, e)); @@ -1002,54 +990,21 @@ static void pdprv(void) { } BENCH_END; BENCH_RUN("cp_ambat_gen (AGGS)") { - BENCH_ADD(cp_ambat_gen(r1, u1[0], u2[0], e[0])); + BENCH_ADD(cp_ambat_gen(r1, u1[0], u2[0], fs[0], e[0])); } BENCH_END; BENCH_RUN("cp_ambat_ask (AGGS)") { - BENCH_ADD(cp_ambat_ask(ls, rs, u1[1], u2[1], w2[0], r1, p[0], q, u1[0], u2[0], e[0], AGGS)); + BENCH_ADD(cp_ambat_ask(ls, rs, v1[0], v2[0], w2[0], r1, u1[0], u2[0], fs[0], e[0], p, q, AGGS)); } BENCH_END; BENCH_RUN("cp_ambat_ans (AGGS)") { - BENCH_ADD(cp_ambat_ans(g, rs, u1[1], u2[1], w2[0], q, AGGS)); + BENCH_ADD(cp_ambat_ans(g, rs, v1[0], v2[0], w2[0], p, q, AGGS)); } BENCH_END; BENCH_RUN("cp_ambat_ver (AGGS)") { - BENCH_ADD(cp_ambat_ver(g, g, ls, e[0], AGGS)); - } BENCH_END; - - BENCH_RUN("cp_amprd_gen (AGGS)") { - BENCH_ADD(cp_amprd_gen(fs[0], r1, u1[0], u2[0], e[0])); - } BENCH_END; - - BENCH_RUN("cp_amprd_ask (AGGS)") { - BENCH_ADD(cp_amprd_ask(ks, ds, ls, rs, v1[0], v2[0], w2[0], bs, fs[0], r1, u1[0], u2[0], e[0], p, q, 1, AGGS)); + BENCH_ADD(cp_ambat_ver(g, ls, e[0], AGGS)); } BENCH_END; - BENCH_RUN("cp_amprd_ans (AGGS)") { - BENCH_ADD(cp_amprd_ans(g, ts, ds, rs, v1[0], v2[0], w2[0], bs, p, q, 1, AGGS)); - } BENCH_END; - - BENCH_RUN("cp_amprd_ver (AGGS)") { - BENCH_ADD(cp_amprd_ver(g, ts, ks, ls, e[0], 1, AGGS)); - } BENCH_END; - - BENCH_RUN("cp_amprd_gen (AGGS²)") { - BENCH_ADD(cp_amprd_gen(fs[0], r1, u1[0], u2[0], e[0])); - } BENCH_END; - - BENCH_RUN("cp_amprd_ask (AGGS²)") { - BENCH_ADD(cp_amprd_ask(ks, ds, ls, rs, v1[0], v2[0], w2[0], bs, fs[0], r1, u1[0], u2[0], e[0], p, q, AGGS, AGGS)); - } BENCH_END; - - BENCH_RUN("cp_amprd_ans (AGGS²)") { - BENCH_ADD(cp_amprd_ans(g, ts, ds, rs, v1[0], v2[0], w2[0], bs, p, q, AGGS, AGGS)); - } BENCH_END; - - BENCH_RUN("cp_amprd_ver (AGGS²)") { - BENCH_ADD(cp_amprd_ver(g, ts, ks, ls, e[0], AGGS, AGGS)); - } BENCH_END; - - bn_free(r1); gt_free(r); for (int i = 0; i < 2; i++) { @@ -1066,24 +1021,16 @@ static void pdprv(void) { g2_free(w2[i]); } for (size_t i = 0; i < AGGS; i++) { - for (size_t j = 0; j < AGGS; j++) { - bn_free(ls[i * AGGS + j]); - g1_free(p[i * AGGS + j]); - g2_free(q[i * AGGS + j]); - g1_free(rs[i * AGGS + j]); - g1_free(ds[i * AGGS + j]); - g2_free(bs[i * AGGS + j]); - gt_free(g[i * AGGS + j]); - } bn_free(ls[i]); - bn_free(cs[i]); - bn_free(ks[i]); + g1_free(p[i]); + g2_free(q[i]); + g1_free(rs[i]); g1_free(fs[i]); gt_free(ts[i]); - gt_free(ts[i + AGGS]); + gt_free(g[i]); } - gt_free(ts[2 * AGGS]); - gt_free(g[AGGS * AGGS]); + gt_free(ts[AGGS]); + gt_free(g[AGGS]); } static void sokaka(void) { diff --git a/include/relic_cp.h b/include/relic_cp.h index 847ef3b69..4921e1379 100644 --- a/include/relic_cp.h +++ b/include/relic_cp.h @@ -1480,137 +1480,63 @@ int cp_mvbat_ans(gt_t *as, const g1_t p0, const g1_t *ps, const g2_t q0, int cp_mvbat_ver(gt_t *rs, const gt_t *as, const gt_t *e, size_t m); /** - * Generates parameters for the AMORE batch pairing delegation protocol. + * Generates parameters for the AMORE batch pairing delegation protocol to + * compute m pairings. * - * @param[out] r - the randomness. - * @param[out] u - the mask in G_1. - * @param[out] v - the mask in G_2. - * @param[out] e - the precomputed value e(U1, U2). - * @return RLC_OK if no errors occurred, RLC_ERR otherwise. - */ -int cp_ambat_gen(bn_t r, g1_t u, g2_t v, gt_t e); - -/** - * Executes the client-side request for the AMORE batch pairing delegation - * protocol. - * - * @param[out] ls - the challenges. - * @param[out] rs - the group elements computed by the client. - * @param[out] a - the element in G_1 computed by the client. - * @param[out] b - the element in G_2 computed by the client. - * @param[out] c - the element in G_2 computed by the client. - * @param[in] r - the randomness. - * @param[in] p - the first argument of the pairing. - * @param[in] q - the second arguments of the pairing. - * @param[in] u - the U1 precomputed value in G_1. - * @param[in] v - the U2 precomputed value in G_2. - * @param[in] e - the precomputed value e(U1, U2). - * @param[in] m - the number of pairings delegated in the batch. - * @return RLC_OK if no errors occurred, RLC_ERR otherwise. - */ -int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t c, const bn_t r, - const g1_t p, const g2_t *q, const g1_t u, const g2_t v, const gt_t e, - size_t m); - -/** - * Executes the server-side response for the AMORE batch pairing delegation - * protocol. - * - * @param[out] gs - the group elements computed by the server. - * @param[out] rs - the group elements sent by the client. - * @param[in] a - the element in G_1 computed by the client. - * @param[in] b - the element in G_2 computed by the client. - * @param[in] c - the element in G_2 computed by the client. - * @param[in] q - the second arguments of the delegated pairings. - * @param[in] m - the number of pairings delegated in the batch. - * @return RLC_OK if no errors occurred, RLC_ERR otherwise. - */ -int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, - const g2_t c, const g2_t *q, size_t m); - -/** - * Verifies the result of the AMORE batch pairing delegation protocol. - * - * @param[out] es - the results of the computation. - * @param[in] gs - the group elements returned by the server. - * @param[in] ls - the challenges. - * @param[in] e - the precomputed value e(U1, U2). - * @param[in] m - the number of pairings delegated in the batch. - * @return a boolean value indicating if the computation is correct. - */ -int cp_ambat_ver(gt_t *es, const gt_t *gs, const bn_t *ls, const gt_t e, - size_t m); - -/** - * Generates parameters for the AMORE delegation protocol to compute the - * product of m pairings using a pairing delegation protocol. - * - * @param[out] r - the random point in G_1. - * @param[out] c - the randomness for the batch AMORE protocol. - * @param[out] u - the mask in G_1 for batch AMORE. - * @param[out] v - the mask in G_2 for batch AMORE. + * @param[out] r - the secret key for the pairing delegation. + * @param[out] u - the mask in G_1 for the pairing delegation. + * @param[out] v - the mask in G_2 for the pairing delegation. + * @param[out] w - the random point for the pairing delegation. * @param[out] e - the precomputed value e(U1, U2). */ -int cp_amprd_gen(g1_t r, bn_t c, g1_t u, g2_t v, gt_t e); +int cp_ambat_gen(bn_t r, g1_t u, g2_t v, g1_t w, gt_t e); /* - * Executes the client-side request for the AMORE pairing product delegation + * Executes the client-side request for the AMORE batch pairing delegation * protocol. * - * @param[out] ks - the (l) keys for the batch AMORE protocol. - * @param[out] ds - the (l) points for the batch AMORE protocol. - * @param[out] ls - the (l * m) scalars for the protocol. - * @param[out] rs - the (l * m) points for the protocol. - * @param[out] a - the setup for the batch AMORE protocol. - * @param[out] b - the setup for the batch AMORE protocol. - * @param[out] d - the setup for the batch AMORE protocol. - * @param[out] bs - the row-wise addition of the second arguments. - * @param[out] r - the additional random point for the protocol. - * @param[out] c - the challenge for the pairing delegation. - * @param[out] u - the mask in G_1 for the pairing delegation. - * @param[out] v - the mask in G_2 for the pairing delegation. - * @param[in] l - the number of pairing products to compute. - * @param[in] m - the number of pairings per product to compute. + * @param[out] ls - the m scalars for the protocol. + * @param[out] rs - the m points for the protocol. + * @param[out] a - the first element in G_1. + * @param[out] b - the second element in G_2. + * @param[out] d - the addition of G_2 elements. + * @param[in] r - the secret key for the pairing delegation. + * @param[in] u - the mask in G_1 for the pairing delegation. + * @param[in] v - the mask in G_2 for the pairing delegation. + * @param[in] w - the random point for the pairing delegation. + * @param[in] m - the number of pairings to compute. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_amprd_ask(bn_t *ks, g1_t *ds, bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d, - g2_t *bs, const g1_t c, const bn_t r, const g1_t u, const g2_t v, - gt_t e, const g1_t *p, const g2_t *q, size_t l, size_t m); +int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d, const bn_t r, + const g1_t u, const g2_t v, const g1_t w, const gt_t e, const g1_t *p, + const g2_t *q, size_t m); /** - * Executes the server-side response for the AMORE pairing product delegation + * Executes the server-side response for the AMORE batch pairing delegation * protocol. * * @param[out] gs - the results computed by the server. - * @param[out] ts - the group elements computed by the server. - * @param[in] ds - the (l) points for the batch AMORE protocol. - * @param[in] rs - the (l * m) points for the protocol. + * @param[in] rs - the m points in G_1 for the protocol. * @param[in] a - the first element in G_1. - * @param[in] b - the first element in G_2. * @param[in] b - the second element in G_2. + * @param[in] d - the addition of G_2 elements. * @param[in] p - the first argument inputs for the pairings. * @param[in] q - the second argument inputs for the pairings. - * @param[in] l - the number of pairing products to compute. - * @param[in] m - the number of pairings per product to compute. + * @param[in] m - the number of pairings to compute. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_amprd_ans(gt_t *gs, gt_t *ts, const g1_t *ds, const g1_t *rs, - const g1_t a, const g2_t b, const g2_t d, const g2_t *bs, const g1_t *p, - const g2_t *q, size_t l, size_t m); +int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, + const g2_t d, const g1_t *p, const g2_t *q, size_t m); /** - * Verifies the result of the AMORE pairing delegation protocol. + * Verifies the result of the AMORE batch pairing delegation protocol. * * @param[out] gs - the results of the computation. - * @param[in,out] ts - the group elements returned by the server. - * @param[in] ks - the pairing product keys. - * @param[in] cs - the challenges for the batch protocol. + * @param[in] ls - the scalars for the batch protocol. * @param[in] e - the precomputed value e(U1, U2). - * @param[in] l - the number of pairing products to compute. - * @param[in] m - the number of pairings per product to compute. + * @param[in] m - the number of pairings to compute. * @return a boolean value indicating if the computation is correct. */ -int cp_amprd_ver(gt_t *gs, gt_t *ts, const bn_t *ks, const bn_t *ls, - const gt_t e, size_t l, size_t m); +int cp_ambat_ver(gt_t *gs, const bn_t *ls, const gt_t e, size_t m); /** * Generates a master key for the SOKAKA identity-based non-interactive diff --git a/src/cp/relic_cp_pcdel.c b/src/cp/relic_cp_pcdel.c index 4de948431..13d508301 100644 --- a/src/cp/relic_cp_pcdel.c +++ b/src/cp/relic_cp_pcdel.c @@ -545,8 +545,8 @@ int cp_amore_ask(bn_t d, g1_t a1, g2_t b1, g1_t a2, g2_t b2, bn_t c, bn_t r, g1_mul_gen(u, t); g2_mul_gen(v, d); - if (ep_curve_is_pairf() == EP_BN) { - bn_rand(c, RLC_POS, RAND_DIST); + if (ep_curve_is_pairf() == EP_BN || ep_curve_embed() <= 2) { + bn_rand(c, RLC_POS, RAND_DIST + BND_STORE); } else { bn_rand_frb(c, &(core_get()->par), n, RAND_DIST + BND_STORE); } @@ -828,7 +828,7 @@ int cp_mvbat_ver(gt_t *rs, const gt_t *as, const gt_t *e, size_t m) { return result; } -int cp_ambat_gen(bn_t r, g1_t u, g2_t v, gt_t e) { +int cp_ambat_gen(bn_t r, g1_t u, g2_t v, g1_t w, gt_t e) { bn_t n, t; int result = RLC_OK; @@ -845,6 +845,7 @@ int cp_ambat_gen(bn_t r, g1_t u, g2_t v, gt_t e) { g1_mul_gen(u, r); g2_mul_gen(v, t); + g1_rand(w); bn_mul(t, t, r); bn_mod(t, t, n); @@ -856,14 +857,13 @@ int cp_ambat_gen(bn_t r, g1_t u, g2_t v, gt_t e) { bn_free(n); bn_free(t); } - return result; } -int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t c, const bn_t r, - const g1_t p, const g2_t *q, const g1_t u, const g2_t v, const gt_t e, - size_t m) { - bn_t n, *t = RLC_ALLOCA(bn_t, m); +int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d, const bn_t r, + const g1_t u, const g2_t v, const g1_t w, const gt_t e, const g1_t *p, + const g2_t *q, size_t m) { + bn_t n; int result = RLC_OK; bn_null(n); @@ -872,68 +872,71 @@ int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t c, const bn_t r, bn_new(n); pc_get_ord(n); - for (size_t i = 0; i < m; i++) { - bn_null(t[i]); - bn_new(t[i]); + g2_copy(d, q[0]); + for (size_t j = 1; j < m; j++) { + g2_add(d, d, q[j]); + } + g2_norm(d, d); - if (ep_curve_is_pairf() == EP_BN) { + for (size_t i = 0; i < m; i++) { + if (ep_curve_is_pairf() == EP_BN || ep_curve_embed() <= 2) { bn_rand(ls[i], RLC_POS, RAND_DIST + BND_STORE); } else { bn_rand_frb(ls[i], &(core_get()->par), n, RAND_DIST + BND_STORE); } + g1_mul(rs[i], p[i], ls[i]); + g1_add(rs[i], rs[i], w); } + g1_norm_sim(rs, rs, m); - g2_set_infty(c); - bn_mod_inv_sim(t, ls, n, m); - for (size_t i = 0; i < m; i++) { - g1_mul(rs[i], p, t[i]); - g2_add(c, c, q[i]); - } - - g1_sub(a, u, p); + g1_sub(a, u, w); g1_norm(a, a); - g2_sub(b, v, c); + + g2_sub(b, v, d); g2_norm(b, b); g2_mul(b, b, r); - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { bn_free(n); - for (size_t i = 0; i < m; i++) { - bn_free(t[i]); - } - RLC_FREE(t); } - return result; } -int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, - const g2_t c, const g2_t *q, size_t m) { +int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, + const g2_t d, const g1_t *p, const g2_t *q, size_t m) { g1_t ps[2]; g2_t qs[2]; + gt_t g; int result = RLC_OK; g1_null(ps[0]); g1_null(ps[1]); g2_null(qs[0]); g2_null(qs[1]); + gt_null(g); RLC_TRY { g1_new(ps[0]); g1_new(ps[1]); g2_new(qs[0]); g2_new(qs[1]); + gt_new(g); for (size_t i = 0; i < m; i++) { - pc_map(gs[i], rs[i], q[i]); + pc_map(gs[i], p[i], q[i]); } + g1_copy(ps[0], a); - g2_copy(qs[0], c); + g2_copy(qs[0], d); g1_get_gen(ps[1]); g2_copy(qs[1], b); pc_map_sim(gs[m], ps, qs, 2); + pc_map_sim(g, rs, q, m); + gt_mul(gs[m], gs[m], g); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { @@ -941,103 +944,12 @@ int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, g1_free(ps[1]); g2_free(qs[0]); g2_free(qs[1]); - } - - return result; -} - -int cp_ambat_ver(gt_t *es, const gt_t *gs, const bn_t *ls, const gt_t e, - size_t m) { - int result = 1; - gt_t t; - - gt_null(t); - - RLC_TRY { - gt_new(t); - gt_set_unity(t); - for (size_t i = 0; i < m; i++) { - result &= gt_is_valid(gs[i]); - gt_exp(es[i], gs[i], ls[i]); - gt_mul(t, t, es[i]); - } - gt_mul(t, t, gs[m]); - if (!result || gt_cmp(e, t) != RLC_EQ) { - for (size_t i = 0; i < m; i++) { - gt_set_unity(es[i]); - } - result = 0; - } - } RLC_CATCH_ANY { - result = RLC_ERR; - } - RLC_FINALLY { - gt_free(t); + gt_free(g); } return result; } -int cp_amprd_gen(g1_t c, bn_t r, g1_t u, g2_t v, gt_t e) { - g1_rand(c); - return cp_ambat_gen(r, u, v, e); -} - -int cp_amprd_ask(bn_t *ks, g1_t *ds, bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d, - g2_t *bs, const g1_t c, const bn_t r, const g1_t u, const g2_t v, - gt_t e, const g1_t *p, const g2_t *q, size_t l, size_t m) { - bn_t n; - int result = RLC_OK; - - bn_null(n); - - RLC_TRY { - bn_new(n); - - pc_get_ord(n); - for (size_t i = 0; i < l; i++) { - g2_set_infty(bs[i]); - for (size_t j = 0; j < m; j++) { - g2_add(bs[i], bs[i], q[i * m + j]); - } - } - g2_norm_sim(bs, bs, l); - - for (size_t i = 0; i < l * m; i++) { - if (ep_curve_is_pairf() == EP_BN) { - bn_rand(ls[i], RLC_POS, RAND_DIST + BND_STORE); - } else { - bn_rand_frb(ls[i], &(core_get()->par), n, RAND_DIST + BND_STORE); - } - g1_mul(rs[i], p[i], ls[i]); - g1_add(rs[i], rs[i], c); - } - g1_norm_sim(rs, rs, l * m); - cp_ambat_ask(ks, ds, a, b, d, r, c, bs, u, v, e, l); - } - RLC_CATCH_ANY { - result = RLC_ERR; - } - RLC_FINALLY { - bn_free(n); - } - return result; -} - -int cp_amprd_ans(gt_t *gs, gt_t *ts, const g1_t *ds, const g1_t *rs, const g1_t a, - const g2_t b, const g2_t d, const g2_t *bs, const g1_t *p, - const g2_t *q, size_t l, size_t m) { - for (size_t i = 0; i < l; i++) { - pc_map_sim(ts[i], rs + i * m, q + i * m, m); - } - cp_ambat_ans(ts + l, ds, a, b, d, bs, l); - for (size_t i = 0; i < l * m; i++) { - pc_map(gs[i], p[i], q[i]); - } - return RLC_OK; -} - -int cp_amprd_ver(gt_t *gs, gt_t *ts, const bn_t *ks, const bn_t *ls, - const gt_t e, size_t l, size_t m) { +int cp_ambat_ver(gt_t *gs, const bn_t *ls, const gt_t e, size_t m) { int result = 1; gt_t t, u; @@ -1048,30 +960,19 @@ int cp_amprd_ver(gt_t *gs, gt_t *ts, const bn_t *ks, const bn_t *ls, gt_new(t); gt_new(u); - result = cp_ambat_ver((gt_t *)ts + l, ts + l, ks, e, l); - for (size_t i = 0; i < l; i++) { - result &= !gt_is_unity(ts[i]); - result &= gt_is_valid(ts[i]); - } - for (size_t i = 0; i < l; i++) { - gt_set_unity(t); - for (size_t j = 0; j < m; j++) { - gt_exp(u, gs[i * m + j], ls[i * m + j]); - gt_mul(t, t, u); - } - gt_mul(t, t, ts[l + i]); - result &= (gt_cmp(t, ts[i]) == RLC_EQ); + gt_set_unity(t); + for (size_t i = 0; i < m; i++) { + gt_exp(u, gs[i], ls[i]); + gt_mul(t, t, u); } + gt_mul(t, t, e); + result &= (gt_cmp(t, gs[m]) == RLC_EQ); + result &= gt_is_valid(gs[m]); + if (!result) { - for (size_t i = 0; i < l * m; i++) { + for (size_t i = 0; i < m; i++) { gt_set_unity(gs[i]); } - } else { - for (size_t i = 0; i < l; i++) { - for (size_t j = 1; j < m; j++) { - gt_mul(gs[i * m], gs[i * m], gs[i * m + j]); - } - } } } RLC_CATCH_ANY { result = RLC_ERR; diff --git a/test/test_cp.c b/test/test_cp.c index 3ebf275ac..564b88392 100644 --- a/test/test_cp.c +++ b/test/test_cp.c @@ -1164,6 +1164,7 @@ static int pdpub(void) { TEST_ASSERT(cp_amore_ans(g, t, v1, v2, w1, w2, 0, 0) == RLC_OK, end); TEST_ASSERT(cp_amore_ver(r, g, r1, e, 0, 0) == 1, end); pc_map(g[0], p, q); + TEST_ASSERT(gt_cmp(r, g[0]) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); @@ -1273,6 +1274,7 @@ static int pdprv(void) { TEST_ASSERT(cp_amore_ans(g, r2[1], u1[0], u2[0], u1[1], u2[1], pa, pb) == RLC_OK, end); TEST_ASSERT(cp_amore_ver(r, g, r1, e[0], pa, pb) == 1, end); pc_map(g[0], p, q); + printf("%d %d\n", pa, pb); TEST_ASSERT(gt_cmp(r, g[0]) == RLC_EQ, end); } } @@ -1308,10 +1310,10 @@ static int pdprv(void) { static int pdprd(void) { int code = RLC_ERR; - bn_t x, t, r, ls[AGGS * AGGS], cs[AGGS], ks[AGGS]; - g1_t fs[AGGS], p[AGGS * AGGS], u1, v1, rs[AGGS * AGGS], ds[AGGS * AGGS]; - g2_t q[AGGS * AGGS], u2, v2, w2, bs[AGGS * AGGS]; - gt_t e, ts[2 * AGGS + 1], g[AGGS * AGGS + 1]; + bn_t x, t, r, ls[AGGS]; + g1_t fs[AGGS], p[AGGS], u1, v1, rs[AGGS]; + g2_t q[AGGS], u2, v2, w2; + gt_t e, ts[AGGS + 1], g[AGGS + 1]; bn_null(t); bn_null(x); @@ -1334,37 +1336,27 @@ static int pdprd(void) { g2_new(w2); gt_new(e); for (size_t i = 0; i < AGGS; i++) { - for (size_t j = 0; j < AGGS; j++) { - bn_null(ls[i * AGGS + j]); - g1_null(p[i * AGGS + j]); - g2_null(q[i * AGGS + j]); - g1_null(rs[i * AGGS + j]); - g1_null(ds[i * AGGS + j]); - g2_null(bs[i * AGGS + j]); - gt_null(g[i * AGGS + j]); - bn_new(ls[i * AGGS + j]); - g1_new(p[i * AGGS + j]); - g2_new(q[i * AGGS + j]); - g1_new(rs[i * AGGS + j]); - g1_new(ds[i * AGGS + j]); - g2_new(bs[i * AGGS + j]); - gt_new(g[i * AGGS + j]); - } - bn_null(ks[i]); - bn_null(cs[i]); + bn_null(ls[i]); + g1_null(p[i]); + g2_null(q[i]); + g1_null(rs[i]); g1_null(fs[i]); gt_null(ts[i]); - gt_null(ts[i + AGGS]); - bn_new(ks[i]); - bn_new(cs[i]) + gt_null(g[i]); + bn_new(ls[i]); + g1_new(p[i]); + g2_new(q[i]); + g1_rand(p[i]); + g2_rand(q[i]); + g1_new(rs[i]); g1_new(fs[i]); gt_new(ts[i]); - gt_new(ts[i + AGGS]); + gt_new(g[i]); } - gt_null(ts[2 * AGGS]); - gt_new(ts[2 * AGGS]); - gt_null(g[AGGS * AGGS]); - gt_new(g[AGGS * AGGS]); + gt_null(ts[AGGS]); + gt_null(g[AGGS]); + gt_new(ts[AGGS]); + gt_new(g[AGGS]); TEST_CASE("delegated batch pairing is correct") { TEST_ASSERT(cp_mvbat_gen(r, fs, AGGS) == RLC_OK, end); @@ -1382,41 +1374,15 @@ static int pdprd(void) { } TEST_END; TEST_CASE("amortized delegated batch pairing is correct") { - TEST_ASSERT(cp_ambat_gen(r, u1, u2, e) == RLC_OK, end); - g1_rand(p[0]); + TEST_ASSERT(cp_ambat_gen(r, u1, u2, fs[0], e) == RLC_OK, end); + TEST_ASSERT(cp_ambat_ask(ls, rs, v1, v2, w2, r, u1, u2, fs[0], e, p, q, AGGS) == RLC_OK, end); + TEST_ASSERT(cp_ambat_ans(g, rs, v1, v2, w2, p, q, AGGS) == RLC_OK, end); + TEST_ASSERT(cp_ambat_ver(g, ls, e, AGGS) == 1, end); for (size_t i = 0; i < AGGS; i++) { - g2_rand(q[i]); - } - TEST_ASSERT(cp_ambat_ask(ls, rs, v1, v2, w2, r, p[0], q, u1, u2, e, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_ambat_ans(g, rs, v1, v2, w2, q, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_ambat_ver(g, g, ls, e, AGGS) == 1, end); - for (size_t i = 0; i < AGGS; i++) { - pc_map(e, p[0], q[i]); + pc_map(e, p[i], q[i]); TEST_ASSERT(gt_cmp(e, g[i]) == RLC_EQ, end); } } TEST_END; - - TEST_CASE("amortized delegated pairing product is correct") { - TEST_ASSERT(cp_amprd_gen(fs[0], r, u1, u2, e) == RLC_OK, end); - for (size_t i = 0; i < AGGS * AGGS; i++) { - g1_rand(p[i]); - g2_rand(q[i]); - } - TEST_ASSERT(cp_amprd_ask(ks, ds, ls, rs, v1, v2, w2, bs, fs[0], r, u1, u2, e, p, q, 1, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_amprd_ans(g, ts, ds, rs, v1, v2, w2, bs, p, q, 1, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_amprd_ver(g, ts, ks, ls, e, 1, AGGS) == 1, end); - pc_map_sim(e, p, q, AGGS); - TEST_ASSERT(gt_cmp(g[0], e) == RLC_EQ, end); - - TEST_ASSERT(cp_amprd_gen(fs[0], r, u1, u2, e) == RLC_OK, end); - TEST_ASSERT(cp_amprd_ask(ks, ds, ls, rs, v1, v2, w2, bs, fs[0], r, u1, u2, e, p, q, AGGS, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_amprd_ans(g, ts, ds, rs, v1, v2, w2, bs, p, q, AGGS, AGGS) == RLC_OK, end); - TEST_ASSERT(cp_amprd_ver(g, ts, ks, ls, e, AGGS, AGGS) == 1, end); - for (size_t i = 0; i < AGGS; i++) { - pc_map_sim(e, p + i * AGGS, q + i * AGGS, AGGS); - TEST_ASSERT(gt_cmp(g[i * AGGS], e) == RLC_EQ, end); - } - } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); } @@ -1433,24 +1399,16 @@ static int pdprd(void) { g2_free(w2); gt_free(e); for (size_t i = 0; i < AGGS; i++) { - for (size_t j = 0; j < AGGS; j++) { - bn_free(ls[i * AGGS + j]); - g1_free(p[i * AGGS + j]); - g2_free(q[i * AGGS + j]); - g1_free(rs[i * AGGS + j]); - g1_free(ds[i * AGGS + j]); - g2_free(bs[i * AGGS + j]); - gt_free(g[i * AGGS + j]); - } bn_free(ls[i]); - bn_free(cs[i]); - bn_free(ks[i]); + g1_free(p[i]); + g2_free(q[i]); + g1_free(rs[i]); g1_free(fs[i]); gt_free(ts[i]); - gt_free(ts[i + AGGS]); + gt_free(g[i]); } - gt_free(ts[2 * AGGS]); - gt_free(g[AGGS * AGGS]); + gt_free(ts[AGGS]); + gt_free(g[AGGS]); return code; }