Commit 65de8172 authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Add public key to signatures

parent 2836d4bc
......@@ -410,15 +410,16 @@ the \ciphertext{}s $\gamma_1,\dots,\gamma_l$ that appear in the ballot
($l$ is the sum of the lengths of $\choices$). It is computed as
follows:
\begin{enumerate}
\item $s=\secret(c)$
\item compute $s=\secret(c)$
\item pick a random $w\in\Z_q$
\item $A=g^w$
\item $\challenge=\Hash_\siglabel(A,\gamma_1,\dots,\gamma_l)\mod q$
\item compute $A=g^w$
\item $\pklabel=g^s$
\item $\challenge=\Hash_\siglabel(\pklabel,A,\gamma_1,\dots,\gamma_l)\mod q$
\item $\response=w-s\times\challenge\mod q$
\end{enumerate}
In the above, $\Hash_\siglabel$ is computed as follows:
\[
\Hash_\siglabel(A,\gamma_1,\dots,\gamma_l)=\shatwo(\verb=sig|=A\verb=|=\alphalabel(\gamma_1)\verb=,=\betalabel(\gamma_1)\verb=,=\dots\verb=,=\alphalabel(\gamma_l)\verb=,=\betalabel(\gamma_l))
\Hash_\siglabel(S,A,\gamma_1,\dots,\gamma_l)=\shatwo(\verb=sig|=S\verb=|=A\verb=|=\alphalabel(\gamma_1)\verb=,=\betalabel(\gamma_1)\verb=,=\dots\verb=,=\alphalabel(\gamma_l)\verb=,=\betalabel(\gamma_l))
\]
where \verb=sig=, the vertical bars and commas are verbatim and
numbers are written in base 10. The result is interpreted as a 256-bit
......@@ -427,7 +428,7 @@ big-endian number.
Signatures are verified as follows:
\begin{enumerate}
\item compute $A=g^\response\times y^\challenge$
\item check that $\challenge=\Hash_\siglabel(A,\gamma_1,\dots,\gamma_l)\mod q$
\item check that $\challenge=\Hash_\siglabel(\pklabel,A,\gamma_1,\dots,\gamma_l)\mod q$
\end{enumerate}
\subsection{Ballots}
......
......@@ -69,7 +69,7 @@ HELIOS.EncryptedVote.prototype.doSignature = function(cred) {
var pk = this.election.public_key;
var w = Random.getRandomInteger(pk.q);
var commitment = pk.g.modPow(w, pk.p);
var prefix = "sig|" + commitment.toJSONObject() + "|";
var prefix = "sig|" + cred.y.toJSONObject() + "|" + commitment.toJSONObject() + "|";
var challenge = (new BigInt(hex_sha256(prefix + _(this.encrypted_answers).map(function(ea) {
return ElGamal.stringify_choices(ea.choices);
}).join(",")), 16)).mod(pk.q);
......
......@@ -369,7 +369,7 @@ module MakeElection (G : GROUP) (M : RANDOM) = struct
check_modulo q s_challenge &&
check_modulo q s_response &&
let commitment = g **~ s_response *~ y **~ s_challenge in
let prefix = "sig|" ^ G.to_string commitment ^ "|" in
let prefix = "sig|" ^ G.to_string y ^ "|" ^ G.to_string commitment ^ "|" in
let ciphertexts = List.flatten (
List.map (fun a ->
List.flatten (
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment