 ### Add public key to partial decryptions

parent 13b628bb
 ... ... @@ -485,8 +485,9 @@ accepted ballots: \right\} \end{gather*} From the encrypted tally, each trustee computes a partial decryption using the \hyperref[trustee-keys]{private key} $x$ he generated during election setup. It consists of so-called decryption factors: using the \hyperref[trustee-keys]{private key} $x$ (and the corresponding public key $X=g^x$) he generated during election setup. It consists of so-called decryption factors: $\dfactors_{i,j}=\alphalabel(\etally_{i,j})^x$ ... ... @@ -495,15 +496,16 @@ computed as follows: \begin{enumerate} \item pick a random $w\in\Z_q$ \item compute $A=g^w$ and $B=\alphalabel(\etally_{i,j})^w$ \item $\challenge=\Hash_\decrypt(A,B)\mod q$ \item $\challenge=\Hash_\decrypt(X,A,B)\mod q$ \item $\response=w+x\times\challenge\mod q$ \end{enumerate} In the above, $\Hash_\decrypt$ is computed as follows: $\Hash_\decrypt(A,B)=\shatwo(A\verb=,=B) \Hash_\decrypt(X,A,B)=\shatwo(\verb=decrypt|=X\verb=|=A\verb=,=B)$ where the comma is verbatim and numbers are written in base 10. The result is interpreted as a 256-bit big-endian number. where \verb=decrypt=, the vertical bars and the comma are verbatim and numbers are written in base 10. The result is interpreted as a 256-bit big-endian number. These proofs are verified using the $\tpk$ structure $k$ that the trustee sent to the administrator during the election setup: ... ... @@ -514,7 +516,7 @@ A=\frac{g^\response}{\pklabel(k)^\challenge} \quad\text{and}\quad B=\frac{\alphalabel(\etally_{i,j})^\response}{\dfactors_{i,j}^\challenge} \] \item check that $\Hash_\decrypt(A,B)=\challenge\mod q$ \item check that $\Hash_\decrypt(\pklabel(k),A,B)=\challenge\mod q$ \end{enumerate} \subsection{Election result} ... ...
 ... ... @@ -390,8 +390,9 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct type factor = elt Serializable_t.partial_decryption let eg_factor x {alpha; beta} = let zkp = "decrypt|" ^ G.to_string (g **~ x) ^ "|" in alpha **~ x, fs_prove [| g; alpha |] x (hash "") fs_prove [| g; alpha |] x (hash zkp) let check_ciphertext c = Array.fforall (fun {alpha; beta} -> G.check alpha && G.check beta) c ... ... @@ -407,6 +408,7 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct ) let check_factor c y f = let zkp = "decrypt|" ^ G.to_string y ^ "|" in Array.fforall3 (fun {alpha; _} f {challenge; response} -> check_modulo q challenge && check_modulo q response && ... ... @@ -415,7 +417,7 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct g **~ response / (y **~ challenge); alpha **~ response / (f **~ challenge); |] in hash "" commitments =% challenge in hash zkp commitments =% challenge ) c f.decryption_factors f.decryption_proofs type result = elt Serializable_t.result ... ...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!