Implement combine_factors

lib/crypto.ml

@@ -42,6 +42,7 @@ let finite_field ~p ~q ~g =
       let ( =~ ) = equal
       let check x = check_modulo p x && x **~ q =~ one
       let hash xs = hashZ (map_and_concat_with_commas Z.to_string xs)
+      let compare = Z.compare
     end in (module G : Crypto_sigs.GROUP with type t = Z.t)
   else
     invalid_arg "Invalid parameters for a multiplicative subgroup of finite field"
@@ -227,9 +228,32 @@ module MakeHomomorphicElection (P : Crypto_sigs.ELECTION_PARAMS) = struct
 
   type result = public_key Serializable_t.result
 
-  let combine_factors nb_tallied c fs = assert false
+  let combine_factors nb_tallied encrypted_tally partial_decryptions =
+    let dummy = Array.mmap (fun _ -> G.one) encrypted_tally in
+    let factors = Array.fold_left (fun a b ->
+      Array.mmap2 ( *~ ) a b.decryption_factors
+    ) dummy partial_decryptions in
+    let exp_results = Array.mmap2 (fun {beta; _} f ->
+      beta / f
+    ) encrypted_tally factors in
+    let log =
+      let module GMap = Map.Make(G) in
+      let rec loop i cur accu =
+        if i < nb_tallied
+        then loop (succ i) (cur *~ g) (GMap.add cur i accu)
+        else accu
+      in
+      let map = loop 0 G.one GMap.empty in
+      fun x ->
+        try
+          GMap.find x map
+        with Not_found ->
+          invalid_arg "Cannot compute result"
+    in
+    let result = Array.mmap log exp_results in
+    {nb_tallied; encrypted_tally; partial_decryptions; result}
 
   let check_result r = assert false
 
-  let extract_tally r = assert false
+  let extract_tally r = r.result
 end

lib/crypto_sigs.mli

@@ -35,6 +35,9 @@ module type GROUP = sig
 
   val hash : t array -> Z.t
   (** Hash an array of elements into an integer mod [q]. *)
+
+  val compare : t -> t -> int
+  (** A total ordering over the elements of the group. *)
 end
 
 (** Parameters for an election. *)
@@ -126,8 +129,8 @@ module type HOMOMORPHIC = sig
 
   val combine_factors : int -> ciphertext -> factor array -> result
   (** Combine the encrypted tally and the factors from all trustees to
-      produce the election result. This first argument is the number
-      of tallied ballots. *)
+      produce the election result. The first argument is the number of
+      tallied ballots. May raise [Invalid_argument]. *)
 
   val check_result : result -> bool
 

lib/serializable.atd

@@ -62,6 +62,7 @@ type 'a partial_decryption = {
 }
 
 type 'a result = {
+  nb_tallied : int;
   encrypted_tally : 'a ciphertext list <ocaml repr="array"> list <ocaml repr="array">;
   partial_decryptions : 'a partial_decryption list <ocaml repr="array">;
   result : int list <ocaml repr="array"> list <ocaml repr="array">;

lib/serializable_compat.ml

@@ -50,6 +50,16 @@ let of_partial_decryption p =
   let open Serializable_t in
   {decryption_factors; decryption_proofs}
 
+let of_result r =
+  let {encrypted_tally; partial_decryptions; result} = r in
+  let nb_tallied = encrypted_tally.num_tallied in
+  let encrypted_tally = encrypted_tally.tally in
+  let partial_decryptions =
+    Array.map of_partial_decryption partial_decryptions
+  in
+  let open Serializable_t in
+  {nb_tallied; encrypted_tally; partial_decryptions; result}
+
 module type COMPAT = sig
   type t
   val to_ballot : t Serializable_t.ballot -> t ballot

lib/serializable_compat.mli

@@ -6,6 +6,7 @@ val of_election : 'a election -> 'a Serializable_t.election
 val of_ballot : 'a ballot -> 'a Serializable_t.ballot
 val of_partial_decryption :
   'a partial_decryption -> 'a Serializable_t.partial_decryption
+val of_result : 'a result -> 'a Serializable_t.result
 
 module type COMPAT = sig
   type t