Commit ea1ea7ce authored by Stephane Glondu's avatar Stephane Glondu

Change signature of PKI.{sign,verify}

parent 22ee1edc
...@@ -243,8 +243,8 @@ module type PKI = sig ...@@ -243,8 +243,8 @@ module type PKI = sig
val genkey : unit -> string m val genkey : unit -> string m
val derive_sk : string -> private_key val derive_sk : string -> private_key
val derive_dk : string -> private_key val derive_dk : string -> private_key
val sign : private_key -> string -> proof m val sign : private_key -> string -> signed_msg m
val verify : public_key -> string -> proof -> bool val verify : public_key -> signed_msg -> bool
val encrypt : public_key -> string -> string m val encrypt : public_key -> string -> string m
val decrypt : private_key -> string -> string val decrypt : private_key -> string -> string
val make_cert : sk:private_key -> dk:private_key -> cert m val make_cert : sk:private_key -> dk:private_key -> cert m
......
...@@ -109,20 +109,21 @@ module MakePKI (G : GROUP) (M : RANDOM) = struct ...@@ -109,20 +109,21 @@ module MakePKI (G : GROUP) (M : RANDOM) = struct
let derive_dk p = let derive_dk p =
Z.of_string_base 16 (sha256_hex ("dk|" ^ p)) Z.of_string_base 16 (sha256_hex ("dk|" ^ p))
let sign sk msg = let sign sk s_message =
M.bind (M.random G.q) (fun w -> M.bind (M.random G.q) (fun w ->
let commitment = G.(g **~ w) in let commitment = G.(g **~ w) in
let prefix = "sigmsg|" ^ msg ^ "|" in let prefix = "sigmsg|" ^ s_message ^ "|" in
let challenge = G.hash prefix [|commitment|] in let challenge = G.hash prefix [|commitment|] in
let response = Z.(erem (w - sk * challenge) G.q) in let response = Z.(erem (w - sk * challenge) G.q) in
M.return { challenge; response } let s_signature = { challenge; response } in
M.return { s_message; s_signature }
) )
let verify vk msg { challenge; response } = let verify vk {s_message; s_signature = { challenge; response }} =
check_modulo G.q challenge && check_modulo G.q challenge &&
check_modulo G.q response && check_modulo G.q response &&
let commitment = G.(g **~ response *~ vk **~ challenge) in let commitment = G.(g **~ response *~ vk **~ challenge) in
let prefix = "sigmsg|" ^ msg ^ "|" in let prefix = "sigmsg|" ^ s_message ^ "|" in
Z.(challenge =% G.hash prefix [|commitment|]) Z.(challenge =% G.hash prefix [|commitment|])
let encrypt y s = let encrypt y s =
...@@ -136,14 +137,12 @@ module MakePKI (G : GROUP) (M : RANDOM) = struct ...@@ -136,14 +137,12 @@ module MakePKI (G : GROUP) (M : RANDOM) = struct
cert_verification = G.(g **~ sk); cert_verification = G.(g **~ sk);
cert_encryption = G.(g **~ dk); cert_encryption = G.(g **~ dk);
} in } in
let s_message = string_of_cert_keys G.write cert_keys in let cert = string_of_cert_keys G.write cert_keys in
M.bind (sign sk s_message) (fun s_signature -> sign sk cert
M.return { s_message; s_signature }
)
let verify_cert { s_message; s_signature } = let verify_cert x =
let keys = cert_keys_of_string G.read s_message in let keys = cert_keys_of_string G.read x.s_message in
verify keys.cert_verification s_message s_signature verify keys.cert_verification x
end end
...@@ -158,18 +157,16 @@ module MakeChannels (G : GROUP) (M : RANDOM) ...@@ -158,18 +157,16 @@ module MakeChannels (G : GROUP) (M : RANDOM)
let send sk c_recipient c_message = let send sk c_recipient c_message =
let msg = { c_recipient; c_message } in let msg = { c_recipient; c_message } in
let s_message = string_of_channel_msg G.write msg in let msg = string_of_channel_msg G.write msg in
M.bind (P.sign sk s_message) (fun s_signature -> M.bind (P.sign sk msg) (fun msg ->
let msg = { s_message; s_signature } in
P.encrypt c_recipient (string_of_signed_msg msg) P.encrypt c_recipient (string_of_signed_msg msg)
) )
let recv dk vk msg = let recv dk vk msg =
let msg = P.decrypt dk msg |> signed_msg_of_string in let msg = P.decrypt dk msg |> signed_msg_of_string in
let { s_message; s_signature } = msg in if not (P.verify vk msg) then
if not (P.verify vk s_message s_signature) then
failwith "invalid signature on received message"; failwith "invalid signature on received message";
let msg = channel_msg_of_string G.read s_message in let msg = channel_msg_of_string G.read msg.s_message in
let { c_recipient; c_message } = msg in let { c_recipient; c_message } = msg in
if not G.(c_recipient =~ g **~ dk) then if not G.(c_recipient =~ g **~ dk) then
failwith "invalid recipient on received message"; failwith "invalid recipient on received message";
...@@ -220,8 +217,8 @@ module MakePedersen (G : GROUP) (M : RANDOM) ...@@ -220,8 +217,8 @@ module MakePedersen (G : GROUP) (M : RANDOM)
let check t = let check t =
Array.forall P.verify_cert t.t_certs && Array.forall P.verify_cert t.t_certs &&
let certs = Array.map (fun x -> cert_keys_of_string G.read x.s_message) t.t_certs in let certs = Array.map (fun x -> cert_keys_of_string G.read x.s_message) t.t_certs in
Array.forall2 (fun cert { s_message; s_signature } -> Array.forall2 (fun cert x ->
P.verify cert.cert_verification s_message s_signature P.verify cert.cert_verification x
) certs t.t_coefexps && ) certs t.t_coefexps &&
let coefexps = Array.map (fun x -> (raw_coefexps_of_string G.read x.s_message).coefexps) t.t_coefexps in let coefexps = Array.map (fun x -> (raw_coefexps_of_string G.read x.s_message).coefexps) t.t_coefexps in
Array.forall K.check t.t_verification_keys && Array.forall K.check t.t_verification_keys &&
...@@ -328,9 +325,8 @@ module MakePedersen (G : GROUP) (M : RANDOM) ...@@ -328,9 +325,8 @@ module MakePedersen (G : GROUP) (M : RANDOM)
in fill_polynomial 0 >>= fun () -> in fill_polynomial 0 >>= fun () ->
C.send sk ek (string_of_raw_polynomial polynomial) >>= fun p_polynomial -> C.send sk ek (string_of_raw_polynomial polynomial) >>= fun p_polynomial ->
let coefexps = Array.map (fun x -> g **~ x) polynomial in let coefexps = Array.map (fun x -> g **~ x) polynomial in
let s_message = string_of_raw_coefexps G.write {coefexps} in let coefexps = string_of_raw_coefexps G.write {coefexps} in
P.sign sk s_message >>= fun s_signature -> P.sign sk coefexps >>= fun p_coefexps ->
let p_coefexps = {s_message; s_signature} in
let p_secrets = Array.make n "" in let p_secrets = Array.make n "" in
let rec fill_secrets j = let rec fill_secrets j =
if j < n then if j < n then
...@@ -349,8 +345,8 @@ module MakePedersen (G : GROUP) (M : RANDOM) ...@@ -349,8 +345,8 @@ module MakePedersen (G : GROUP) (M : RANDOM)
assert (n = Array.length polynomials); assert (n = Array.length polynomials);
let certs = Array.map (fun x -> cert_keys_of_string G.read x.s_message) certs.certs in let certs = Array.map (fun x -> cert_keys_of_string G.read x.s_message) certs.certs in
let vi_coefexps = Array.map (fun x -> x.p_coefexps) polynomials in let vi_coefexps = Array.map (fun x -> x.p_coefexps) polynomials in
Array.iteri (fun i {s_message; s_signature} -> Array.iteri (fun i x ->
if P.verify certs.(i).cert_verification s_message s_signature then () if P.verify certs.(i).cert_verification x then ()
else else
let msg = Printf.sprintf "coefexps %d does not validate" (i+1) in let msg = Printf.sprintf "coefexps %d does not validate" (i+1) in
raise (PedersenFailure msg) raise (PedersenFailure msg)
...@@ -389,10 +385,10 @@ module MakePedersen (G : GROUP) (M : RANDOM) ...@@ -389,10 +385,10 @@ module MakePedersen (G : GROUP) (M : RANDOM)
assert (n = Array.length vinput.vi_coefexps); assert (n = Array.length vinput.vi_coefexps);
let coefexps = let coefexps =
Array.init n (fun i -> Array.init n (fun i ->
let { s_message; s_signature } = vinput.vi_coefexps.(i) in let x = vinput.vi_coefexps.(i) in
if not (P.verify certs.(i).cert_verification s_message s_signature) then if not (P.verify certs.(i).cert_verification x) then
raise (PedersenFailure (Printf.sprintf "coefexps %d does not validate" (i+1))); raise (PedersenFailure (Printf.sprintf "coefexps %d does not validate" (i+1)));
let res = (raw_coefexps_of_string G.read s_message).coefexps in let res = (raw_coefexps_of_string G.read x.s_message).coefexps in
assert (Array.length res = threshold); assert (Array.length res = threshold);
res res
) )
...@@ -425,10 +421,10 @@ module MakePedersen (G : GROUP) (M : RANDOM) ...@@ -425,10 +421,10 @@ module MakePedersen (G : GROUP) (M : RANDOM)
assert (n = Array.length voutputs); assert (n = Array.length voutputs);
let coefexps = let coefexps =
Array.init n (fun i -> Array.init n (fun i ->
let { s_message; s_signature } = polynomials.(i).p_coefexps in let x = polynomials.(i).p_coefexps in
if not (P.verify certs.(i).cert_verification s_message s_signature) then if not (P.verify certs.(i).cert_verification x) then
raise (PedersenFailure (Printf.sprintf "coefexps %d does not validate" (i+1))); raise (PedersenFailure (Printf.sprintf "coefexps %d does not validate" (i+1)));
(raw_coefexps_of_string G.read s_message).coefexps (raw_coefexps_of_string G.read x.s_message).coefexps
) )
in in
let computed_vks = compute_verification_keys coefexps in let computed_vks = compute_verification_keys coefexps in
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment