emp-toolkit
elgamal.h
Go to the documentation of this file.
1 #ifndef ELGAMAL_H__
2 #define ELGAMAL_H__
3 #include <emp-tool/emp-tool.h>
4 
5 class Elgamal{ public:
6  NetIO * io;
7  eb_t g, h;
8  eb_t hTbl[RELIC_EB_TABLE_MAX];
9  const eb_t * gTbl;
10  bn_t w, q;
11  int party;
12  PRG prg;
13  int length;
14  Elgamal(NetIO * io, int party, int length)
15  : io(io), party(party) , length(length) {
16  initialize_relic();
17  eb_newl(g, h);
18  bn_newl(w, q);
19  eb_curve_get_ord(q);
20  eb_curve_get_gen(g);
21  gTbl = eb_curve_get_tab();
22  assert(setup_omega());
23  eb_mul_pre(hTbl, h);
24  }
25  bool setup_omega() {
26  if(party == ALICE) {
27  bn_t r, c;
28  bn_newl(r, c, w);
29  prg.random_bn(r, w);
30  eb_t t;
31  eb_newl(t);
32  eb_mul_fix_norm(h, gTbl, w);
33  eb_mul_fix_norm(t, gTbl, r);
34  io->send_eb(&h, 1);
35  io->send_eb(&t, 1);
36  io->recv_bn(&c, 1);
37  bn_mul_mod(c, c, w, q);
38  bn_add_mod(c, c, r, q);
39  io->send_bn(&c, 1);
40  return true;
41  } else {//BOB
42  eb_t t, hc, gs;
43  bn_t c, s;
44  eb_newl(t, hc, gs);
45  bn_newl(c, s);
46  prg.random_bn(c);
47  io->recv_eb(&h, 1);
48  io->recv_eb(&t, 1);
49  io->send_bn(&c, 1);
50  io->recv_bn(&s, 1);
51  eb_mul_norm(hc, h, c);
52  eb_mul_fix_norm(gs, gTbl, s);
53  eb_add_norm(hc, hc, t);
54  return (eb_cmp(hc, gs)==CMP_EQ);
55  }
56  }
57 
58  ~Elgamal(){
59  if(r!= nullptr)
60  delete[] r;
61  if(com!=nullptr)delete[] com;
62  }
63 
64  eb_tpl *com = nullptr, *nA = nullptr, *nB = nullptr;
65  bn_tpl *elgl_s = nullptr, *elgl_t = nullptr;
66  bn_t * r = nullptr;
67  void commit(bn_t r, eb_tpl com, bool b, PRG * prg) {
68  prg->random_bn(r);
69  eb_mul_fix_norm(com[0], gTbl, r);
70  eb_mul_fix_norm(com[1], hTbl, r);
71  if(b) eb_add_norm(com[1], com[1], g);
72  }
73  bool check_eq(eb_tpl new_com, eb_tpl old_com, bn_t r_diff) {
74  eb_t tmp;
75  eb_mul_fix_norm(tmp, gTbl, r_diff);
76  eb_add_norm(tmp, new_com[0], tmp);
77  if(eb_cmp(tmp, old_com[0])!=CMP_EQ)
78  return false;
79 
80  eb_mul_fix_norm(tmp, hTbl, r_diff);
81  eb_add_norm(tmp, new_com[1], tmp);
82  if(eb_cmp(tmp, old_com[1])!=CMP_EQ)
83  return false;
84  return true;
85  }
86  void send(eb_tpl* X) {
87  nA = new eb_tpl[length];
88  nB = new eb_tpl[length];
89  eb_t tmp; eb_newl(tmp);
90  com = new eb_tpl[length];
91  elgl_s = new bn_tpl[length];
92  elgl_t = new bn_tpl[length];
93  for(int i = 0; i < length; ++i) {
94  prg.random_bn(elgl_s[i][0], elgl_s[i][1], elgl_t[i][0], elgl_t[i][1]);
95  eb_mul_fix_norm(nA[i][0], gTbl, elgl_s[i][0]);//A0=g^s0
96  eb_mul_fix_norm(tmp, hTbl, elgl_t[i][0]);
97  eb_add_norm(nA[i][0], nA[i][0], tmp);//A0 = g^s0h^t0
98 
99  eb_mul_fix_norm(nA[i][1], gTbl, elgl_s[i][1]);//A1=g^s1
100  eb_mul_fix_norm(tmp, hTbl, elgl_t[i][1]);
101  eb_add_norm(nA[i][1], nA[i][1], tmp);//A1 = g^s1h^t1
102 
103  io->recv_eb(com[i], 2);
104  eb_mul_norm(nB[i][0], com[i][0], elgl_s[i][0]);
105  eb_mul_norm(tmp, com[i][1], elgl_t[i][0]);
106  eb_add_norm(nB[i][0], nB[i][0], tmp);
107  eb_add_norm(nB[i][0], nB[i][0], X[i][0]);
108 
109  eb_mul_norm(nB[i][1], com[i][0], elgl_s[i][1]);
110  eb_sub_norm(tmp, com[i][1], g);
111  eb_mul_norm(tmp, tmp, elgl_t[i][1]);
112  eb_add_norm(nB[i][1], nB[i][1], tmp);
113  eb_add_norm(nB[i][1], nB[i][1], X[i][1]);
114  }
115 
116  for(int i = 0; i < length; ++i) {
117  io->send_eb(nA[i], 2);
118  io->send_eb(nB[i], 2);
119  }
120  delete[] nA;
121  delete[] nB;
122  }
123 
124  void open( ) {
125  for(int i = 0; i < length; ++i) {
126  io->send_bn(elgl_s[i], 2);
127  io->send_bn(elgl_t[i], 2);
128  }
129  delete[] elgl_s;
130  delete[] elgl_t;
131  }
132 
133  void recv(eb_t* X, bool * b) {
134  nA = new eb_tpl[length];
135  nB = new eb_tpl[length];
136  r = new bn_t[length];
137  eb_tpl com;
138  for(int i = 0; i < length; ++i) {
139  commit(r[i], com, b[i], &prg);
140  io->send_eb(com, 2);
141  }
142 
143  for(int i = 0; i < length; ++i) {
144  io->recv_eb(nA[i], 2);
145  io->recv_eb(nB[i], 2);
146  int ind = b[i]? 1: 0;
147  eb_mul_norm(X[i], nA[i][ind], r[i]);
148  eb_sub_norm(X[i], nB[i][ind], X[i]);
149  }
150  }
151 
152  void open(eb_tpl* Xs, bool * b, eb_t * X) {
153  bn_tpl s, t;
154  eb_t Ar, gt;
155  for(int i = 0; i < length; ++i) {
156  io->recv_bn(s, 2);
157  io->recv_bn(t, 2);
158  int ind = b[i]? 1:0;
159  eb_copy(Xs[i][ind], X[i]);
160  eb_mul_norm(Ar, nA[i][1-ind], r[i]);
161  eb_sub_norm(Ar, nB[i][1-ind], Ar);
162  eb_mul_fix_norm(gt, gTbl, t[1-ind]);
163  if(ind == 1) {
164  eb_sub_norm(Xs[i][1-ind], Ar, gt);
165  } else {
166  eb_add_norm(Xs[i][1-ind], Ar, gt);
167  }
168  }
169  delete[] nA;
170  delete[] nB;
171  }
172  void recovery(bool* b, bn_t omega) {
173  for(int i = 0; i < length; ++i) {
174  eb_mul_norm(com[i][0], com[i][0], omega);
175  b[i] = (eb_cmp(com[i][0], com[i][1]) != CMP_EQ);
176  }
177  }
178 };
179 #endif// PKFC_H__
Elgamal::hTbl
eb_t hTbl[RELIC_EB_TABLE_MAX]
Definition: elgamal.h:8
IOChannel::send_bn
void send_bn(const bn_t *bn, size_t num)
Definition: io_channel.h:160
Elgamal::party
int party
Definition: elgamal.h:11
Elgamal::recovery
void recovery(bool *b, bn_t omega)
Definition: elgamal.h:172
Elgamal::nB
eb_tpl * nB
Definition: elgamal.h:64
Elgamal::send
void send(eb_tpl *X)
Definition: elgamal.h:86
NetIO
Definition: net_io_channel.h:22
Elgamal::w
bn_t w
Definition: elgamal.h:10
Elgamal::elgl_s
bn_tpl * elgl_s
Definition: elgamal.h:65
IOChannel::recv_eb
void recv_eb(eb_t *eb, size_t num)
Definition: io_channel.h:150
eb_tpl
eb_t eb_tpl[2]
Definition: utils_ec.h:14
Elgamal::check_eq
bool check_eq(eb_tpl new_com, eb_tpl old_com, bn_t r_diff)
Definition: elgamal.h:73
Elgamal::Elgamal
Elgamal(NetIO *io, int party, int length)
Definition: elgamal.h:14
Elgamal::r
bn_t * r
Definition: elgamal.h:66
IOChannel::send_eb
void send_eb(const eb_t *eb, size_t num)
Definition: io_channel.h:140
Elgamal::io
NetIO * io
Definition: elgamal.h:6
Elgamal::q
bn_t q
Definition: elgamal.h:10
Elgamal::prg
PRG prg
Definition: elgamal.h:12
Elgamal::~Elgamal
~Elgamal()
Definition: elgamal.h:58
Elgamal::gTbl
const eb_t * gTbl
Definition: elgamal.h:9
Elgamal::setup_omega
bool setup_omega()
Definition: elgamal.h:25
bn_tpl
bn_t bn_tpl[2]
Definition: utils_ec.h:15
Elgamal::length
int length
Definition: elgamal.h:13
Elgamal::recv
void recv(eb_t *X, bool *b)
Definition: elgamal.h:133
Elgamal::open
void open()
Definition: elgamal.h:124
ALICE
#define ALICE
Definition: utils.h:15
Elgamal::commit
void commit(bn_t r, eb_tpl com, bool b, PRG *prg)
Definition: elgamal.h:67
initialize_relic
void initialize_relic()
Definition: utils_ec.hpp:8
PRG
Definition: prg.h:16
PRG::random_bn
void random_bn(T t, L... l)
Definition: prg.h:87
Elgamal::nA
eb_tpl * nA
Definition: elgamal.h:64
IOChannel::recv_bn
void recv_bn(bn_t *bn, size_t num)
Definition: io_channel.h:171
Elgamal::elgl_t
bn_tpl * elgl_t
Definition: elgamal.h:65
Elgamal::h
eb_t h
Definition: elgamal.h:7
Elgamal::com
eb_tpl * com
Definition: elgamal.h:64
Elgamal
Definition: elgamal.h:5
Elgamal::open
void open(eb_tpl *Xs, bool *b, eb_t *X)
Definition: elgamal.h:152
Elgamal::g
eb_t g
Definition: elgamal.h:7