You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/07 13:12:59 UTC
[incubator-milagro-MPC] 04/05: Add support for interactive
schnorr/double schnorr proofs
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 12f32776502f15ad11de6b2ff0d3c80f638179df
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:30:53 2020 +0000
Add support for interactive schnorr/double schnorr proofs
---
examples/example_schnorr_interactive.c | 103 ++++++++++++++++++++++++++++
include/amcl/schnorr.h | 8 +++
src/schnorr.c | 13 ++++
test/smoke/test_schnorr_interactive_smoke.c | 81 ++++++++++++++++++++++
test/unit/CMakeLists.txt | 14 ++--
5 files changed, 215 insertions(+), 4 deletions(-)
diff --git a/examples/example_schnorr_interactive.c b/examples/example_schnorr_interactive.c
new file mode 100644
index 0000000..9373dc0
--- /dev/null
+++ b/examples/example_schnorr_interactive.c
@@ -0,0 +1,103 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs example */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 x;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+
+ char x_char[SGS_SECP256K1];
+ octet X = {0, sizeof(x_char), x_char};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char r[SGS_SECP256K1];
+ octet R = {0, sizeof(r), r};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char p[SGS_SECP256K1];
+ octet P = {0, sizeof(p), p};
+
+ // Deterministic RNG for example
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ // Generate DLOG
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(x, q, &RNG);
+
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_mul(&G, x);
+
+ BIG_256_56_toBytes(X.val, x);
+ X.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n");
+ printf("\tx = ");
+ OCT_output(&X);
+ printf("\tV = ");
+ OCT_output(&V);
+
+ printf("\n[Prover] Generate and transmit a commitment C = r.G\n");
+ SCHNORR_commit(&RNG, &R, &C);
+
+ printf("\tr = ");
+ OCT_output(&R);
+ printf("\tC = ");
+ OCT_output(&C);
+
+ printf("\n[Verifier] Generate and send back a random challenge\n");
+ SCHNORR_random_challenge(&RNG, &E);
+
+ printf("\te = ");
+ OCT_output(&E);
+
+ printf("\n[Prover] Generate and transmit the proof p for C = r.G and E\n");
+ SCHNORR_prove(&R, &E, &X, &P);
+
+ printf("\tp = ");
+ OCT_output(&P);
+
+ printf("\n[Verifier] Verify the proof against V, C and e\n");
+ rc = SCHNORR_verify(&V, &C, &E, &P);
+ if (rc)
+ {
+ printf("\tFailure! RC %d\n", rc);
+ }
+ else
+ {
+ printf("\tSuccess!\n");
+ }
+}
\ No newline at end of file
diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h
index 3a091cb..e659b04 100644
--- a/include/amcl/schnorr.h
+++ b/include/amcl/schnorr.h
@@ -44,6 +44,14 @@ extern "C"
#define SCHNORR_FAIL 51 /**< Invalid proof */
#define SCHNORR_INVALID_ECP 52 /**< Not a valid point on the curve */
+/*! \brief Generate random challenge for any Schnorr Proof
+ *
+ * Generate a random challenge that can be used to make any
+ * of the following Schnorr Proofs interactive. This can be used
+ * to be interoperable with other implementations.
+ */
+extern void SCHNORR_random_challenge(csprng *RNG, octet *E);
+
/* Classic Schnorr's proofs API */
/*! \brief Generate a commitment for the proof
diff --git a/src/schnorr.c b/src/schnorr.c
index eb1a7a3..0d2a96f 100644
--- a/src/schnorr.c
+++ b/src/schnorr.c
@@ -29,6 +29,19 @@ void hash_octet(hash256 *sha, octet *O)
}
}
+void SCHNORR_random_challenge(csprng *RNG, octet *E)
+{
+ BIG_256_56 e;
+ BIG_256_56 q;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+ BIG_256_56_randomnum(e, q, RNG);
+
+ BIG_256_56_toBytes(E->val, e);
+ E->len = SGS_SECP256K1;
+}
+
/* Classic Schnorr's Proof Definitions */
void SCHNORR_commit(csprng *RNG, octet *R, octet *C)
diff --git a/test/smoke/test_schnorr_interactive_smoke.c b/test/smoke/test_schnorr_interactive_smoke.c
new file mode 100644
index 0000000..82a8d14
--- /dev/null
+++ b/test/smoke/test_schnorr_interactive_smoke.c
@@ -0,0 +1,81 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs smoke test using random challenge */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 x;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+
+ char x_char[SGS_SECP256K1];
+ octet X = {0, sizeof(x_char), x_char};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char r[SGS_SECP256K1];
+ octet R = {0, sizeof(r), r};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char p[SGS_SECP256K1];
+ octet P = {0, sizeof(p), p};
+
+ // Deterministic RNG for testing
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(x, q, &RNG);
+
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_mul(&G, x);
+
+ BIG_256_56_toBytes(X.val, x);
+ X.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ SCHNORR_commit(&RNG, &R, &C);
+
+ SCHNORR_random_challenge(&RNG, &E);
+
+ SCHNORR_prove(&R, &E, &X, &P);
+
+ rc = SCHNORR_verify(&V, &C, &E, &P);
+ if (rc)
+ {
+ printf("FAILURE SCHNORR_verify. RC %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
\ No newline at end of file
diff --git a/test/unit/CMakeLists.txt b/test/unit/CMakeLists.txt
index c03672f..e1f0ffb 100644
--- a/test/unit/CMakeLists.txt
+++ b/test/unit/CMakeLists.txt
@@ -52,13 +52,19 @@ amcl_test(test_factoring_zk_prove test_factoring_zk_prove.c amcl_mpc "SUCCESS"
amcl_test(test_factoring_zk_verify test_factoring_zk_verify.c amcl_mpc "SUCCESS" "factoring_zk/verify.txt")
# Classic Schnorr tests
-amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt")
+amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt")
amcl_test(test_schnorr_challenge test_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/challenge.txt")
-amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt")
-amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt")
+amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt")
+amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt")
+
+# Double Schnorr tests
+amcl_test(test_d_schnorr_commit test_d_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/dcommit.txt")
+amcl_test(test_d_schnorr_challenge test_d_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/dchallenge.txt")
+amcl_test(test_d_schnorr_prove test_d_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/dprove.txt")
+amcl_test(test_d_schnorr_verify test_d_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/dverify.txt")
# BC Commitment tests
-amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
+amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
amcl_test(test_bc_internals test_bc_internals.c amcl_mpc "SUCCESS")
# MTA Range Proof tests