Update protocol to match paper.

relic-toolkit · Oct 3, 2024 · e8b5029 · e8b5029
1 parent 8f0e9fe
commit e8b5029
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 61 deletions.
diff --git a/bench/bench_cp.c b/bench/bench_cp.c
@@ -795,7 +795,7 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (1, 0, 0)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ans (0, 0)") {
@@ -808,7 +808,7 @@ static void pdpub(void) {
 		g1_rand(p);
 		g2_rand(q);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 0, 0);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 0, 0);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 0, 0));
 	} BENCH_END;
@@ -820,15 +820,15 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (0, 0, 0)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ver (0, 0, 0)") {
 		g1_rand(p);
 		g2_rand(q);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 0, 0);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 0, 0, 0, 0);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 0, 0);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 0, 0));
 	} BENCH_END;
@@ -840,7 +840,7 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (1, 0, 1)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 1));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 1));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ans (0, 1)") {
@@ -853,7 +853,7 @@ static void pdpub(void) {
 		g1_rand(p);
 		g2_rand(q);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 0, 1);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 1);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 1);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 0, 1);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 0, 1));
 	} BENCH_END;
@@ -865,15 +865,15 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (0, 0, 1)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 1));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 1));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ver (0, 0, 1)") {
 		g1_rand(p);
 		g2_rand(q);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 0, 1);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 0, 0, 0, 1);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 1);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 1);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 0, 1);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 0, 1));
 	} BENCH_END;
@@ -885,7 +885,7 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (1, 1)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 1, 1));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 1, 1));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ans (1, 1)") {
@@ -898,7 +898,7 @@ static void pdpub(void) {
 		g1_rand(p);
 		g2_rand(q);
 		pc_map(e, p, q);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 1, 1);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 1, 1);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 1, 1);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 1, 1));
 	} BENCH_END;
@@ -910,15 +910,15 @@ static void pdpub(void) {
 	BENCH_RUN("cp_amore_ask (0, 1, 1)") {
 		g1_rand(p);
 		g2_rand(q);
-		BENCH_ADD(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 1, 1));
+		BENCH_ADD(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 1, 1));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amore_ver (0, 1, 1)") {
 		g1_rand(p);
 		g2_rand(q);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 1, 1);
 		cp_amore_gen(r1, r2, t, u1, u2, x, e, 0, 0, 1, 1);
-		cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 1, 1);
+		cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 1, 1);
 		cp_amore_ans(g, t, v1, v2, w1, w2, 1, 1);
 		BENCH_ADD(cp_amore_ver(r, g, r1, e, 1, 1));
 	} BENCH_END;
@@ -1054,7 +1054,7 @@ static void pdprv(void) {
 	} BENCH_END;
 
 	BENCH_RUN("cp_amprd_ask (AGGS)") {
-		BENCH_ADD(cp_amprd_ask(ds, v1[0], v2[0], v1[1], v2[1], r1, r2[0], r2[1], p, q, u1[0], u2[0], ls, rs, AGGS));
+		BENCH_ADD(cp_amprd_ask(r2[1], ds, v1[0], v2[0], v1[1], v2[1], r1, r2[0], p, q, u1[0], u2[0], ls, rs, AGGS));
 	} BENCH_END;
 
 	BENCH_RUN("cp_amprd_ans (AGGS)") {

diff --git a/include/relic_cp.h b/include/relic_cp.h
@@ -1388,13 +1388,13 @@ int cp_amore_gen(bn_t c, bn_t r, bn_t d, g1_t u, g2_t v, bn_t x, gt_t e,
 /**
  * Executes the client-side request for the AMORE pairing delegation protocol.
  *
+ * @param[in, out] d		- the delta value computed during setup.
  * @param[out] a1			- the first element in G_1.
  * @param[out] b1			- the first element in G_2.
  * @param[out] a2			- the second element in G_1.
  * @param[out] b2			- the second element in G_2.
  * @param[in] c				- the challenge.
  * @param[in] r				- the randomness.
- * @param[in] d				- the delta value computed during setup.
  * @param[in] p				- the first argument of the pairing.
  * @param[in] q				- the second argument of the pairing.
  * @param[in] u				- the U1 precomputed value in G_1.
@@ -1403,8 +1403,8 @@ int cp_amore_gen(bn_t c, bn_t r, bn_t d, g1_t u, g2_t v, bn_t x, gt_t e,
  * @param[in] privb			- the flag to indicate if second point is private.
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_amore_ask(g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c, const bn_t r,
-		const bn_t d, const g1_t p, const g2_t q, const g1_t u, const g2_t v,
+int cp_amore_ask(bn_t d, g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c,
+		const bn_t r, const g1_t p, const g2_t q, const g1_t u, const g2_t v,
 		int priva, int privb);
 
 /**
@@ -1460,23 +1460,23 @@ int cp_amprd_gen(bn_t *ls, g2_t *rs, bn_t c, bn_t r, bn_t d, g1_t u, g2_t v,
  * Executes the client-side request for the AMORE pairing product delegation
  * protocol.
  *
+ * @param[in,out] d			- the delta value computed during setup.
  * @param[out] ds			- the m points for the protocol.
  * @param[out] a1			- the first element in G_1.
  * @param[out] b1			- the first element in G_2.
  * @param[out] a2			- the second element in G_1.
  * @param[out] b2			- the second element in G_2.
  * @param[in] c				- the challenge.
  * @param[in] r				- the randomness.
- * @param[in] d				- the delta value computed during setup.
  * @param[in] p				- the first argument inputs for the pairings.
  * @param[in] q				- the second argument inputs for the pairings.
  * @param[in] u				- the U1 precomputed value in G_1.
  * @param[in] v				- the U2 precomputed value in G_2.
  * @param[in] m				- the number of pairing to compute.
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_amprd_ask(g2_t *ds, g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c,
-		const bn_t r, const bn_t d, const g1_t *p, const g2_t *q, const g1_t u,
+int cp_amprd_ask(bn_t d, g2_t *ds, g1_t a1, g2_t b1, g1_t a2, g2_t b2,
+		const bn_t c, const bn_t r, const g1_t *p, const g2_t *q, const g1_t u,
 		const g2_t v, const bn_t *ls, const g2_t *rs, size_t m);
 
 /**

diff --git a/src/cp/relic_cp_pcdel.c b/src/cp/relic_cp_pcdel.c
@@ -499,26 +499,26 @@ int cp_lvprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]) {
 
 int cp_amore_gen(bn_t c, bn_t r, bn_t d, g1_t u, g2_t v, bn_t x, gt_t e,
 		int first, int longc, int priva, int privb) {
-	bn_t n, u1, u2;
+	bn_t n, t;
 	int result = RLC_OK;
 
 	bn_null(n);
+	bn_null(t);
 
 	RLC_TRY {
 		bn_new(n);
-		bn_new(u1);
-		bn_new(u2);
+		bn_new(t);
 
 		pc_get_ord(n);
 		if (first) {
 			/* Generate random U1, U2, x, c. */
 			bn_rand_mod(x, n);
-			bn_rand_mod(u1, n);
-			bn_mod_inv(u2, u1, n);
-			bn_mul(u2, u2, x);
-			bn_mod(u2, u2, n);
-			g1_mul_gen(u, u1);
-			g2_mul_gen(v, u2);
+			bn_rand_mod(t, n);
+			bn_mod_inv(d, t, n);
+			bn_mul(d, d, x);
+			bn_mod(d, d, n);
+			g1_mul_gen(u, t);
+			g2_mul_gen(v, d);
 			/* Compute gamma = e(U1, U2). */
 #if FP_PRIME < 1536
 			gt_get_gen(e);
@@ -540,12 +540,13 @@ int cp_amore_gen(bn_t c, bn_t r, bn_t d, g1_t u, g2_t v, bn_t x, gt_t e,
 				}
 			}
 		} else {
-			bn_rand_mod(u1, n);
-			bn_mod_inv(u2, u1, n);
-			bn_mul(u2, u2, x);
-			bn_mod(u2, u2, n);
-			g1_mul_gen(u, u1);
-			g2_mul_gen(v, u2);
+			bn_rand_mod(t, n);
+			/* d = x/u here. */
+			bn_mod_inv(d, t, n);
+			bn_mul(d, d, x);
+			bn_mod(d, d, n);
+			g1_mul_gen(u, t);
+			g2_mul_gen(v, d);
 			if (ep_curve_is_pairf() == EP_BN) {
 				bn_rand(c, RLC_POS, RAND_DIST + BND_STORE);
 			} else {
@@ -555,45 +556,46 @@ int cp_amore_gen(bn_t c, bn_t r, bn_t d, g1_t u, g2_t v, bn_t x, gt_t e,
 
 		bn_rand_mod(r, n);
 		if (priva && !privb) {
-			/* Compute d = (xu)/r mod q. */
-			bn_mul(d, r, u2);
-			bn_mod(d, d, n);
-			bn_copy(u2, x);
-		} else if (priva && privb) {
-			/* Compute d = x/(rcu) mod q. */
-			bn_mul(d, r, c);
-			bn_mod(d, d, n);
-		} else {
-			/* Compute d = x/(ru) mod q. */
-			bn_copy(d, r);
+			/* In this case, make d = u. */
+			bn_copy(d, t);
 		}
-		bn_mod_inv(d, d, n);
-		bn_mul(d, d, u2);
-		bn_mod(d, d, n);
 	}
 	RLC_CATCH_ANY {
 		result = RLC_ERR;
 	}
 	RLC_FINALLY {
 		bn_free(n);
-		bn_free(u1);
-		bn_free(u2);
+		bn_free(t);
 	}
 	return result;
 }
 
-int cp_amore_ask(g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c, const bn_t r,
-		const bn_t d, const g1_t p, const g2_t q, const g1_t u, const g2_t v,
+int cp_amore_ask(bn_t d, g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c,
+		const bn_t r, const g1_t p, const g2_t q, const g1_t u, const g2_t v,
 		int priva, int privb) {
-	bn_t n;
+	bn_t n, t;
 	int result = RLC_OK;
 
 	bn_null(n);
+	bn_null(t);
 
 	RLC_TRY {
 		bn_new(n);
+		bn_new(t);
 
 		pc_get_ord(n);
+		if (priva && privb) {
+			/* Compute t = 1/(rc) mod q, so d/t = x/(rcu) mod q.  */
+			bn_mul(t, r, c);
+			bn_mod(t, t, n);
+		} else {
+			/* Compute t = 1/r mod q. */			
+			bn_copy(t, r);
+		}
+		bn_mod_inv(t, t, n);
+		bn_mul(d, d, t);
+		bn_mod(d, d, n);
+
 		if (!priva && !privb) {
 			g1_copy(a1, p);
 			g2_copy(b1, q);
@@ -629,6 +631,7 @@ int cp_amore_ask(g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c, const bn_t r,
 	}
 	RLC_FINALLY {
 		bn_free(n);
+		bn_free(t);
 	}
 	return result;
 }
@@ -780,8 +783,8 @@ int cp_amprd_gen(bn_t *ls, g2_t *rs, bn_t c, bn_t r, bn_t d, g1_t u, g2_t v,
 	return result;
 }
 
-int cp_amprd_ask(g2_t *ds, g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c,
-		const bn_t r, const bn_t d, const g1_t *p, const g2_t *q, const g1_t u,
+int cp_amprd_ask(bn_t d, g2_t *ds, g1_t a1, g2_t b1, g1_t a2, g2_t b2,
+		const bn_t c, const bn_t r, const g1_t *p, const g2_t *q, const g1_t u,
 		const g2_t v, const bn_t *ls, const g2_t *rs, size_t m) {
 	g1_t a, t;
 	int result = RLC_OK;
@@ -801,7 +804,7 @@ int cp_amprd_ask(g2_t *ds, g1_t a1, g2_t b1, g1_t a2, g2_t b2, const bn_t c,
 		}
 		g2_norm_sim(ds, ds, m);
 		g1_norm(a, a);
-		cp_amore_ask(a1, b1, a2, b2, c, r, d, a, rs[0], u, v, 0, 1);
+		cp_amore_ask(d, a1, b1, a2, b2, c, r, a, rs[0], u, v, 0, 1);
 	} RLC_CATCH_ANY {
 		g1_free(a);
 		g1_free(t);

diff --git a/test/test_cp.c b/test/test_cp.c
@@ -1160,15 +1160,15 @@ static int pdpub(void) {
 			TEST_ASSERT(cp_amore_gen(r1, r2, t, u1, u2, x, e, 1, 0, 0, 0) == RLC_OK, end);
 			g1_rand(p);
 			g2_rand(q);
-			TEST_ASSERT(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0) == RLC_OK, end);
+			TEST_ASSERT(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0) == RLC_OK, end);
 			TEST_ASSERT(cp_amore_ans(g, t, v1, v2, w1, w2, 0, 0) == RLC_OK, end);
 			TEST_ASSERT(cp_amore_ver(r, g, r1, e, 0, 0) == 1, end);
 			pc_map(g[0], p, q);
 			TEST_ASSERT(gt_cmp(r, g[0]) == RLC_EQ, end);
 			TEST_ASSERT(cp_amore_gen(r1, r2, t, u1, u2, x, e, 0, 0, 0, 0) == RLC_OK, end);
 			g1_rand(p);
 			g2_rand(q);
-			TEST_ASSERT(cp_amore_ask(v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, 0, 0) == RLC_OK, end);
+			TEST_ASSERT(cp_amore_ask(t, v1, v2, w1, w2, r1, r2, p, q, u1, u2, 0, 0) == RLC_OK, end);
 			TEST_ASSERT(cp_amore_ans(g, t, v1, v2, w1, w2, 0, 0) == RLC_OK, end);
 			TEST_ASSERT(cp_amore_ver(r, g, r1, e, 0, 0) == 1, end);
 			pc_map(e, p, q);
@@ -1278,15 +1278,15 @@ static int pdprv(void) {
 					TEST_ASSERT(cp_amore_gen(r1, r2[0], r2[1], v1[0], v2[0], r2[2], e[0], 1, 0, pa, pb) == RLC_OK, end);
 					g1_rand(p);
 					g2_rand(q);
-					TEST_ASSERT(cp_amore_ask(u1[0], u2[0], u1[1], u2[1], r1, r2[0], r2[1], p, q, v1[0], v2[0], pa, pb) == RLC_OK, end);
+					TEST_ASSERT(cp_amore_ask(r2[1], u1[0], u2[0], u1[1], u2[1], r1, r2[0], p, q, v1[0], v2[0], pa, pb) == RLC_OK, end);
 					TEST_ASSERT(cp_amore_ans(g, r2[1], u1[0], u2[0], u1[1], u2[1], pa, pb) == RLC_OK, end);
 					TEST_ASSERT(cp_amore_ver(r, g, r1, e[0], pa, pb) == 1, end);
 					pc_map(g[0], p, q);
 					TEST_ASSERT(gt_cmp(r, g[0]) == RLC_EQ, end);
 					TEST_ASSERT(cp_amore_gen(r1, r2[0], r2[1], v1[0], v2[0], r2[2], e[0], 0, 0, pa, pb) == RLC_OK, end);
 					g1_rand(p);
 					g2_rand(q);
-					TEST_ASSERT(cp_amore_ask(u1[0], u2[0], u1[1], u2[1], r1, r2[0], r2[1], p, q, v1[0], v2[0], pa, pb) == RLC_OK, end);
+					TEST_ASSERT(cp_amore_ask(r2[1], u1[0], u2[0], u1[1], u2[1], r1, r2[0], p, q, v1[0], v2[0], pa, pb) == RLC_OK, end);
 					TEST_ASSERT(cp_amore_ans(g, r2[1], u1[0], u2[0], u1[1], u2[1], pa, pb) == RLC_OK, end);
 					TEST_ASSERT(cp_amore_ver(r, g, r1, e[0], pa, pb) == 1, end);
 					pc_map(g[0], p, q);
@@ -1384,7 +1384,7 @@ static int pdprd(void) {
 				g1_rand(p[i]);
 				g2_rand(q[i]);
 			}
-			TEST_ASSERT(cp_amprd_ask(ds, v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, ls, rs, AGGS) == RLC_OK, end);
+			TEST_ASSERT(cp_amprd_ask(t, ds, v1, v2, w1, w2, r1, r2, p, q, u1, u2, ls, rs, AGGS) == RLC_OK, end);
 			TEST_ASSERT(cp_amprd_ans(g, ds, t, v1, v2, w1, w2, p, q, AGGS) == RLC_OK, end);
 			TEST_ASSERT(cp_amprd_ver(r, g, ls[0], r1, e) == 1, end);
 			pc_map_sim(g[0], p, q, AGGS);