Commit 2836d4bc authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Add public key to partial decryptions

parent 13b628bb
......@@ -485,8 +485,9 @@ accepted ballots:
\right\}
\end{gather*}
From the encrypted tally, each trustee computes a partial decryption
using the \hyperref[trustee-keys]{private key} $x$ he generated during
election setup. It consists of so-called decryption factors:
using the \hyperref[trustee-keys]{private key} $x$ (and the
corresponding public key $X=g^x$) he generated during election
setup. It consists of so-called decryption factors:
\[
\dfactors_{i,j}=\alphalabel(\etally_{i,j})^x
\]
......@@ -495,15 +496,16 @@ computed as follows:
\begin{enumerate}
\item pick a random $w\in\Z_q$
\item compute $A=g^w$ and $B=\alphalabel(\etally_{i,j})^w$
\item $\challenge=\Hash_\decrypt(A,B)\mod q$
\item $\challenge=\Hash_\decrypt(X,A,B)\mod q$
\item $\response=w+x\times\challenge\mod q$
\end{enumerate}
In the above, $\Hash_\decrypt$ is computed as follows:
\[
\Hash_\decrypt(A,B)=\shatwo(A\verb=,=B)
\Hash_\decrypt(X,A,B)=\shatwo(\verb=decrypt|=X\verb=|=A\verb=,=B)
\]
where the comma is verbatim and numbers are written in base 10. The
result is interpreted as a 256-bit big-endian number.
where \verb=decrypt=, the vertical bars and the comma are verbatim and
numbers are written in base 10. The result is interpreted as a 256-bit
big-endian number.
These proofs are verified using the $\tpk$ structure $k$ that the
trustee sent to the administrator during the election setup:
......@@ -514,7 +516,7 @@ A=\frac{g^\response}{\pklabel(k)^\challenge}
\quad\text{and}\quad
B=\frac{\alphalabel(\etally_{i,j})^\response}{\dfactors_{i,j}^\challenge}
\]
\item check that $\Hash_\decrypt(A,B)=\challenge\mod q$
\item check that $\Hash_\decrypt(\pklabel(k),A,B)=\challenge\mod q$
\end{enumerate}
\subsection{Election result}
......
......@@ -390,8 +390,9 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct
type factor = elt Serializable_t.partial_decryption
let eg_factor x {alpha; beta} =
let zkp = "decrypt|" ^ G.to_string (g **~ x) ^ "|" in
alpha **~ x,
fs_prove [| g; alpha |] x (hash "")
fs_prove [| g; alpha |] x (hash zkp)
let check_ciphertext c =
Array.fforall (fun {alpha; beta} -> G.check alpha && G.check beta) c
......@@ -407,6 +408,7 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct
)
let check_factor c y f =
let zkp = "decrypt|" ^ G.to_string y ^ "|" in
Array.fforall3 (fun {alpha; _} f {challenge; response} ->
check_modulo q challenge &&
check_modulo q response &&
......@@ -415,7 +417,7 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct
g **~ response / (y **~ challenge);
alpha **~ response / (f **~ challenge);
|]
in hash "" commitments =% challenge
in hash zkp commitments =% challenge
) c f.decryption_factors f.decryption_proofs
type result = elt Serializable_t.result
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment