Add public key to trustees' pok

doc/specification.tex

@@ -200,20 +200,22 @@ $\textsf{field}(o)$ to access the field \textsf{field} of $o$.
 \end{gather*}
 
 A private key is a random number $x$ modulo $q$. The corresponding
-$\pklabel$ is $g^x$. A $\tpk$ is a bundle of this public key with a
+$\pklabel$ is $X=g^x$. A $\tpk$ is a bundle of this public key with a
 \hyperref[common]{$\proof$} of knowledge computed as follows:
 \begin{enumerate}
 \item pick a random $w\in\Z_q$
 \item compute $A=g^w$
-\item $\challenge=\Hash_\pok(A)\mod q$
+\item $\challenge=\Hash_\pok(X,A)\mod q$
 \item $\response=w+x\times\challenge\mod q$
 \end{enumerate}
-where $\Hash_\pok$ is $\shatwo$ with input written in base 10 and
-output interpreted as a 256-bit big-endian number. The proof is
-verified as follows:
+where $\Hash_\pok$ is computed as follows:
+\[\Hash_\pok(X,A) = \shatwo(\verb=pok|=X\verb=|=A) \]
+where $\pok$ and the vertical bars are verbatim and numbers are
+written in base 10. The result is interpreted as a 256-bit big-endian
+number. The proof is verified as follows:
 \begin{enumerate}
 \item compute $A={g^\response}/{y^\challenge}$
-\item check that $\challenge=\Hash_\pok(A)\mod q$
+\item check that $\challenge=\Hash_\pok(\pklabel,A)\mod q$
 \end{enumerate}
 
 \subsection{Credentials}

src/lib/election.ml

@@ -140,7 +140,8 @@ module MakeSimpleDistKeyGen (G : GROUP) (M : RANDOM) = struct
   let generate_and_prove () =
     random q >>= fun x ->
     let trustee_public_key = g **~ x in
-    fs_prove [| g |] x (G.hash "") >>= fun trustee_pok ->
+    let zkp = "pok|" ^ G.to_string trustee_public_key ^ "|" in
+    fs_prove [| g |] x (G.hash zkp) >>= fun trustee_pok ->
     return (x, {trustee_pok; trustee_public_key})
 
   let check {trustee_pok; trustee_public_key = y} =
@@ -149,7 +150,8 @@ module MakeSimpleDistKeyGen (G : GROUP) (M : RANDOM) = struct
     check_modulo q challenge &&
     check_modulo q response &&
     let commitment = g **~ response / (y **~ challenge) in
-    challenge =% G.hash "" [| commitment |]
+    let zkp = "pok|" ^ G.to_string y ^ "|" in
+    challenge =% G.hash zkp [| commitment |]
 
   let combine pks =
     Array.fold_left (fun y {trustee_public_key; _} ->