You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/07 13:12:59 UTC
[incubator-milagro-MPC] 04/05: Add support for interactive schnorr/double schnorr proofs

This is an automated email from the ASF dual-hosted git repository.

sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git

commit 12f32776502f15ad11de6b2ff0d3c80f638179df
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:30:53 2020 +0000

    Add support for interactive schnorr/double schnorr proofs
---
 examples/example_schnorr_interactive.c      | 103 ++++++++++++++++++++++++++++
 include/amcl/schnorr.h                      |   8 +++
 src/schnorr.c                               |  13 ++++
 test/smoke/test_schnorr_interactive_smoke.c |  81 ++++++++++++++++++++++
 test/unit/CMakeLists.txt                    |  14 ++--
 5 files changed, 215 insertions(+), 4 deletions(-)

diff --git a/examples/example_schnorr_interactive.c b/examples/example_schnorr_interactive.c
new file mode 100644
index 0000000..9373dc0
--- /dev/null
+++ b/examples/example_schnorr_interactive.c
@@ -0,0 +1,103 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs example */
+
+int main()
+{
+    int rc;
+
+    BIG_256_56 x;
+    BIG_256_56 q;
+    ECP_SECP256K1 G;
+
+    char x_char[SGS_SECP256K1];
+    octet X = {0, sizeof(x_char), x_char};
+
+    char v[SFS_SECP256K1+1];
+    octet V = {0, sizeof(v), v};
+
+    char r[SGS_SECP256K1];
+    octet R = {0, sizeof(r), r};
+
+    char c[SFS_SECP256K1+1];
+    octet C = {0, sizeof(c), c};
+
+    char e[SGS_SECP256K1];
+    octet E = {0, sizeof(e), e};
+
+    char p[SGS_SECP256K1];
+    octet P = {0, sizeof(p), p};
+
+    // Deterministic RNG for example
+    char seed[32] = {0};
+    csprng RNG;
+    RAND_seed(&RNG, 32, seed);
+
+    // Generate DLOG
+    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+    BIG_256_56_randomnum(x, q, &RNG);
+
+    ECP_SECP256K1_generator(&G);
+    ECP_SECP256K1_mul(&G, x);
+
+    BIG_256_56_toBytes(X.val, x);
+    X.len = SGS_SECP256K1;
+
+    ECP_SECP256K1_toOctet(&V, &G, 1);
+
+    printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n");
+    printf("\tx = ");
+    OCT_output(&X);
+    printf("\tV = ");
+    OCT_output(&V);
+
+    printf("\n[Prover] Generate and transmit a commitment C = r.G\n");
+    SCHNORR_commit(&RNG, &R, &C);
+
+    printf("\tr = ");
+    OCT_output(&R);
+    printf("\tC = ");
+    OCT_output(&C);
+
+    printf("\n[Verifier] Generate and send back a random challenge\n");
+    SCHNORR_random_challenge(&RNG, &E);
+
+    printf("\te = ");
+    OCT_output(&E);
+
+    printf("\n[Prover] Generate and transmit the proof p for C = r.G and E\n");
+    SCHNORR_prove(&R, &E, &X, &P);
+
+    printf("\tp = ");
+    OCT_output(&P);
+
+    printf("\n[Verifier] Verify the proof against V, C and e\n");
+    rc = SCHNORR_verify(&V, &C, &E, &P);
+    if (rc)
+    {
+        printf("\tFailure! RC %d\n", rc);
+    }
+    else
+    {
+        printf("\tSuccess!\n");
+    }
+}
\ No newline at end of file
diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h
index 3a091cb..e659b04 100644
--- a/include/amcl/schnorr.h
+++ b/include/amcl/schnorr.h
@@ -44,6 +44,14 @@ extern "C"
 #define SCHNORR_FAIL	      51  /**< Invalid proof */
 #define SCHNORR_INVALID_ECP 52  /**< Not a valid point on the curve */
 
+/*! \brief Generate random challenge for any Schnorr Proof
+ *
+ * Generate a random challenge that can be used to make any
+ * of the following Schnorr Proofs interactive. This can be used
+ * to be interoperable with other implementations.
+ */
+extern void SCHNORR_random_challenge(csprng *RNG, octet *E);
+
 /* Classic Schnorr's proofs API */
 
 /*! \brief Generate a commitment for the proof
diff --git a/src/schnorr.c b/src/schnorr.c
index eb1a7a3..0d2a96f 100644
--- a/src/schnorr.c
+++ b/src/schnorr.c
@@ -29,6 +29,19 @@ void hash_octet(hash256 *sha, octet *O)
     }
 }
 
+void SCHNORR_random_challenge(csprng *RNG, octet *E)
+{
+    BIG_256_56 e;
+    BIG_256_56 q;
+
+    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+    BIG_256_56_randomnum(e, q, RNG);
+
+    BIG_256_56_toBytes(E->val, e);
+    E->len = SGS_SECP256K1;
+}
+
 /* Classic Schnorr's Proof Definitions */
 
 void SCHNORR_commit(csprng *RNG, octet *R, octet *C)
diff --git a/test/smoke/test_schnorr_interactive_smoke.c b/test/smoke/test_schnorr_interactive_smoke.c
new file mode 100644
index 0000000..82a8d14
--- /dev/null
+++ b/test/smoke/test_schnorr_interactive_smoke.c
@@ -0,0 +1,81 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs smoke test using random challenge */
+
+int main()
+{
+    int rc;
+
+    BIG_256_56 x;
+    BIG_256_56 q;
+    ECP_SECP256K1 G;
+
+    char x_char[SGS_SECP256K1];
+    octet X = {0, sizeof(x_char), x_char};
+
+    char v[SFS_SECP256K1+1];
+    octet V = {0, sizeof(v), v};
+
+    char r[SGS_SECP256K1];
+    octet R = {0, sizeof(r), r};
+
+    char c[SFS_SECP256K1+1];
+    octet C = {0, sizeof(c), c};
+
+    char e[SGS_SECP256K1];
+    octet E = {0, sizeof(e), e};
+
+    char p[SGS_SECP256K1];
+    octet P = {0, sizeof(p), p};
+
+    // Deterministic RNG for testing
+    char seed[32] = {0};
+    csprng RNG;
+    RAND_seed(&RNG, 32, seed);
+
+    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+    BIG_256_56_randomnum(x, q, &RNG);
+
+    ECP_SECP256K1_generator(&G);
+    ECP_SECP256K1_mul(&G, x);
+
+    BIG_256_56_toBytes(X.val, x);
+    X.len = SGS_SECP256K1;
+
+    ECP_SECP256K1_toOctet(&V, &G, 1);
+
+    SCHNORR_commit(&RNG, &R, &C);
+
+    SCHNORR_random_challenge(&RNG, &E);
+
+    SCHNORR_prove(&R, &E, &X, &P);
+
+    rc = SCHNORR_verify(&V, &C, &E, &P);
+    if (rc)
+    {
+        printf("FAILURE SCHNORR_verify. RC %d\n", rc);
+        exit(EXIT_FAILURE);
+    }
+
+    printf("SUCCESS\n");
+    exit(EXIT_SUCCESS);
+}
\ No newline at end of file
diff --git a/test/unit/CMakeLists.txt b/test/unit/CMakeLists.txt
index c03672f..e1f0ffb 100644
--- a/test/unit/CMakeLists.txt
+++ b/test/unit/CMakeLists.txt
@@ -52,13 +52,19 @@ amcl_test(test_factoring_zk_prove  test_factoring_zk_prove.c  amcl_mpc "SUCCESS"
 amcl_test(test_factoring_zk_verify test_factoring_zk_verify.c amcl_mpc "SUCCESS" "factoring_zk/verify.txt")
 
 # Classic Schnorr tests
-amcl_test(test_schnorr_commit    test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt")
+amcl_test(test_schnorr_commit    test_schnorr_commit.c    amcl_mpc "SUCCESS" "schnorr/commit.txt")
 amcl_test(test_schnorr_challenge test_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/challenge.txt")
-amcl_test(test_schnorr_prove     test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt")
-amcl_test(test_schnorr_verify    test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt")
+amcl_test(test_schnorr_prove     test_schnorr_prove.c     amcl_mpc "SUCCESS" "schnorr/prove.txt")
+amcl_test(test_schnorr_verify    test_schnorr_verify.c    amcl_mpc "SUCCESS" "schnorr/verify.txt")
+
+# Double Schnorr tests
+amcl_test(test_d_schnorr_commit    test_d_schnorr_commit.c    amcl_mpc "SUCCESS" "schnorr/dcommit.txt")
+amcl_test(test_d_schnorr_challenge test_d_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/dchallenge.txt")
+amcl_test(test_d_schnorr_prove     test_d_schnorr_prove.c     amcl_mpc "SUCCESS" "schnorr/dprove.txt")
+amcl_test(test_d_schnorr_verify    test_d_schnorr_verify.c    amcl_mpc "SUCCESS" "schnorr/dverify.txt")
 
 # BC Commitment tests
-amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
+amcl_test(test_bc_setup     test_bc_setup.c     amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
 amcl_test(test_bc_internals test_bc_internals.c amcl_mpc "SUCCESS")
 
 # MTA Range Proof tests