Checking election parameters

lib/crypto.ml

 open Util
+open Serializable_t
 
 (** Helper functions *)
 
@@ -22,35 +23,42 @@ let map_and_concat_with_commas f xs =
 
 (** Finite field arithmetic *)
 
+let check_finite_field ~p ~q ~g =
+  Z.probab_prime p 10 > 0 &&
+  Z.probab_prime q 10 > 0 &&
+  check_modulo p g &&
+  check_modulo p q &&
+  Z.(powm g q p =% one)
+
 let finite_field ~p ~q ~g =
-  if
-    Z.probab_prime p 10 > 0 &&
-    Z.probab_prime q 10 > 0 &&
-    check_modulo p g &&
-    check_modulo p q &&
-    Z.(powm g q p =% one)
-  then
-    let module G = struct
-      open Z
-      type t = Z.t
-      let q = q
-      let one = Z.one
-      let g = g
-      let ( *~ ) a b = a * b mod p
-      let ( **~ ) a b = powm a b p
-      let invert x = invert x p
-      let ( =~ ) = equal
-      let check x = check_modulo p x && x **~ q =~ one
-      let hash xs = hashZ (map_and_concat_with_commas Z.to_string xs)
-      let compare = Z.compare
-    end in (module G : Crypto_sigs.GROUP with type t = Z.t)
-  else
-    invalid_arg "Invalid parameters for a multiplicative subgroup of finite field"
+  let module G = struct
+    open Z
+    type t = Z.t
+    let q = q
+    let one = Z.one
+    let g = g
+    let ( *~ ) a b = a * b mod p
+    let ( **~ ) a b = powm a b p
+    let invert x = Z.invert x p
+    let ( =~ ) = Z.equal
+    let check x = check_modulo p x && x **~ q =~ one
+    let hash xs = hashZ (map_and_concat_with_commas Z.to_string xs)
+    let compare = Z.compare
+  end in (module G : Crypto_sigs.GROUP with type t = Z.t)
+
+(** Parameters *)
+
+let check_election p =
+  let module P = (val p : Crypto_sigs.ELECTION_PARAMS) in
+  let open P in
+  let open G in
+  (* check public key *)
+  let computed = Array.fold_left ( *~ ) G.one public_keys in
+  computed =~ params.e_public_key
 
 (** Homomorphic elections *)
 
 module MakeElection (P : Crypto_sigs.ELECTION_PARAMS) = struct
-  open Serializable_t
   open P
   open G
   type elt = G.t

lib/crypto.mli

@@ -3,9 +3,13 @@
 val finite_field : p:Z.t -> q:Z.t -> g:Z.t ->
   (module Crypto_sigs.GROUP with type t = Z.t)
 (** [finite_field p q g] builds the multiplicative subgroup of F[p],
-    generated by [g], of order [q]. It performs basic consistency
-    checks on [p], [q] and [g] and raises [Invalid_argument] in caise
-    of failure. *)
+    generated by [g], of order [q]. *)
+
+val check_finite_field : p:Z.t -> q:Z.t -> g:Z.t -> bool
+(** Check consistency of finite field parameters. *)
+
+val check_election : (module Crypto_sigs.ELECTION_PARAMS) -> bool
+(** Check consistency of election parameters. *)
 
 module MakeElection (P : Crypto_sigs.ELECTION_PARAMS) :
   Crypto_sigs.ELECTION with type elt = P.G.t

tests/sandbox.ml

@@ -78,6 +78,9 @@ let verbose_assert msg it =
 let verbose_verify_election_test_data (e, ballots, signatures, private_data) =
   Printf.eprintf "Verifying election %S:\n%!" e.election.e_short_name;
   let {g; p; q; y} = e.election.e_public_key in
+  verbose_assert "group parameters" (lazy (
+    Crypto.check_finite_field ~p ~q ~g
+  ));
   let module P = struct
     module G = (val Crypto.finite_field ~p ~q ~g : Crypto_sigs.GROUP with type t = Z.t)
     let public_keys =
@@ -87,14 +90,10 @@ let verbose_verify_election_test_data (e, ballots, signatures, private_data) =
     let params = Serializable_compat.of_election e.election
     let fingerprint = e.fingerprint
   end in
-  let module Election = Crypto.MakeElection(P) in
-(*
   verbose_assert "election key" (lazy (
-    Crypto.check_election_key
-      e.election.e_public_key.y
-      e.public_data.public_keys
+    Crypto.check_election (module P : Crypto_sigs.ELECTION_PARAMS)
   ));
-*)
+  let module Election = Crypto.MakeElection(P) in
   if Array.length ballots = 0 then (
     Printf.eprintf "   no ballots available\n%!"
   ) else (