| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=9"/> |
| <meta name="generator" content="Doxygen 1.9.1"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1"/> |
| <title>libmpc: mta.h File Reference</title> |
| <link href="tabs.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="jquery.js"></script> |
| <script type="text/javascript" src="dynsections.js"></script> |
| <link href="search/search.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="search/searchdata.js"></script> |
| <script type="text/javascript" src="search/search.js"></script> |
| <script type="text/x-mathjax-config"> |
| MathJax.Hub.Config({ |
| extensions: ["tex2jax.js"], |
| jax: ["input/TeX","output/HTML-CSS"], |
| }); |
| </script> |
| <script type="text/javascript" async="async" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js"></script> |
| <link href="doxygen.css" rel="stylesheet" type="text/css" /> |
| </head> |
| <body> |
| <div id="top"><!-- do not remove this div, it is closed by doxygen! --> |
| <div id="titlearea"> |
| <table cellspacing="0" cellpadding="0"> |
| <tbody> |
| <tr style="height: 56px;"> |
| <td id="projectalign" style="padding-left: 0.5em;"> |
| <div id="projectname">libmpc |
| </div> |
| </td> |
| </tr> |
| </tbody> |
| </table> |
| </div> |
| <!-- end header part --> |
| <!-- Generated by Doxygen 1.9.1 --> |
| <script type="text/javascript"> |
| /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ |
| var searchBox = new SearchBox("searchBox", "search",false,'Search','.html'); |
| /* @license-end */ |
| </script> |
| <script type="text/javascript" src="menudata.js"></script> |
| <script type="text/javascript" src="menu.js"></script> |
| <script type="text/javascript"> |
| /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ |
| $(function() { |
| initMenu('',true,false,'search.php','Search'); |
| $(document).ready(function() { init_search(); }); |
| }); |
| /* @license-end */</script> |
| <div id="main-nav"></div> |
| <!-- window showing the filter options --> |
| <div id="MSearchSelectWindow" |
| onmouseover="return searchBox.OnSearchSelectShow()" |
| onmouseout="return searchBox.OnSearchSelectHide()" |
| onkeydown="return searchBox.OnSearchSelectKey(event)"> |
| </div> |
| |
| <!-- iframe showing the search results (closed by default) --> |
| <div id="MSearchResultsWindow"> |
| <iframe src="javascript:void(0)" frameborder="0" |
| name="MSearchResults" id="MSearchResults"> |
| </iframe> |
| </div> |
| |
| <div id="nav-path" class="navpath"> |
| <ul> |
| <li class="navelem"><a class="el" href="dir_d44c64559bbebec7f509842c48db8b23.html">include</a></li><li class="navelem"><a class="el" href="dir_a166689341c37329f24f96bdba87a08b.html">amcl</a></li> </ul> |
| </div> |
| </div><!-- top --> |
| <div class="header"> |
| <div class="summary"> |
| <a href="#nested-classes">Data Structures</a> | |
| <a href="#define-members">Macros</a> | |
| <a href="#typedef-members">Typedefs</a> | |
| <a href="#func-members">Functions</a> </div> |
| <div class="headertitle"> |
| <div class="title">mta.h File Reference</div> </div> |
| </div><!--header--> |
| <div class="contents"> |
| |
| <p>MTA declarations. |
| <a href="#details">More...</a></p> |
| <div class="textblock"><code>#include "amcl/amcl.h"</code><br /> |
| <code>#include "amcl/paillier.h"</code><br /> |
| <code>#include "<a class="el" href="commitments_8h_source.html">amcl/commitments.h</a>"</code><br /> |
| <code>#include "amcl/ecp_SECP256K1.h"</code><br /> |
| <code>#include "amcl/ecdh_SECP256K1.h"</code><br /> |
| </div> |
| <p><a href="mta_8h_source.html">Go to the source code of this file.</a></p> |
| <table class="memberdecls"> |
| <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a> |
| Data Structures</h2></td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Secret random values for the Range Proof commitment. <a href="structMTA__RP__commitment__rv.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Public commitment for the Range Proof. <a href="structMTA__RP__commitment.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Range Proof. <a href="structMTA__RP__proof.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Secret random values for the receiver ZKP commitment. <a href="structMTA__ZK__commitment__rv.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Public commitment for the Receiver ZKP. <a href="structMTA__ZK__commitment.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Range Proof for the Receiver ZKP. <a href="structMTA__ZK__proof.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a></td></tr> |
| <tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">Public commitment for the Receiver ZKP with check. <a href="structMTA__ZKWC__commitment.html#details">More...</a><br /></td></tr> |
| <tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr> |
| </table><table class="memberdecls"> |
| <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a> |
| Macros</h2></td></tr> |
| <tr class="memitem:a38835fd15b3c165ca0acce5ba7f45dd6"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a38835fd15b3c165ca0acce5ba7f45dd6">MTA_OK</a>   0</td></tr> |
| <tr class="separator:a38835fd15b3c165ca0acce5ba7f45dd6"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a9cffabde5e58757768c87f8b96bed9be"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a9cffabde5e58757768c87f8b96bed9be">MTA_FAIL</a>   61</td></tr> |
| <tr class="separator:a9cffabde5e58757768c87f8b96bed9be"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ac83dee7822a61403334298331d63171c"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ac83dee7822a61403334298331d63171c">MTA_INVALID_ECP</a>   62</td></tr> |
| <tr class="separator:ac83dee7822a61403334298331d63171c"><td class="memSeparator" colspan="2"> </td></tr> |
| </table><table class="memberdecls"> |
| <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a> |
| Typedefs</h2></td></tr> |
| <tr class="memitem:a520066c511d8661c3ebfe4c2a612a046"><td class="memItemLeft" align="right" valign="top"><a id="a520066c511d8661c3ebfe4c2a612a046"></a> |
| typedef <a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a></td></tr> |
| <tr class="memdesc:a520066c511d8661c3ebfe4c2a612a046"><td class="mdescLeft"> </td><td class="mdescRight">Secret random values for the receiver ZKP with check commitment. <br /></td></tr> |
| <tr class="separator:a520066c511d8661c3ebfe4c2a612a046"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a96110337c3648cc19cc1bf60f085da14"><td class="memItemLeft" align="right" valign="top"><a id="a96110337c3648cc19cc1bf60f085da14"></a> |
| typedef <a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a></td></tr> |
| <tr class="memdesc:a96110337c3648cc19cc1bf60f085da14"><td class="mdescLeft"> </td><td class="mdescRight">Range Proof for the Receiver ZKP with check. <br /></td></tr> |
| <tr class="separator:a96110337c3648cc19cc1bf60f085da14"><td class="memSeparator" colspan="2"> </td></tr> |
| </table><table class="memberdecls"> |
| <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a> |
| Functions</h2></td></tr> |
| <tr class="memitem:a7bbc83a1d90c466061839c88375576a3"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a7bbc83a1d90c466061839c88375576a3">MPC_MTA_CLIENT1</a> (csprng *RNG, PAILLIER_public_key *PUB, octet *A, octet *CA, octet *R)</td></tr> |
| <tr class="memdesc:a7bbc83a1d90c466061839c88375576a3"><td class="mdescLeft"> </td><td class="mdescRight">Client MTA first pass. <a href="mta_8h.html#a7bbc83a1d90c466061839c88375576a3">More...</a><br /></td></tr> |
| <tr class="separator:a7bbc83a1d90c466061839c88375576a3"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a673e46de79006b3d5e349a0eec6bd5c5"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a673e46de79006b3d5e349a0eec6bd5c5">MPC_MTA_CLIENT2</a> (PAILLIER_private_key *PRIV, octet *CB, octet *ALPHA)</td></tr> |
| <tr class="memdesc:a673e46de79006b3d5e349a0eec6bd5c5"><td class="mdescLeft"> </td><td class="mdescRight">Client MtA second pass. <a href="mta_8h.html#a673e46de79006b3d5e349a0eec6bd5c5">More...</a><br /></td></tr> |
| <tr class="separator:a673e46de79006b3d5e349a0eec6bd5c5"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:af6150f97b1d2df1d70ec419211d37592"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#af6150f97b1d2df1d70ec419211d37592">MPC_MTA_SERVER</a> (csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA)</td></tr> |
| <tr class="memdesc:af6150f97b1d2df1d70ec419211d37592"><td class="mdescLeft"> </td><td class="mdescRight">Server MtA. <a href="mta_8h.html#af6150f97b1d2df1d70ec419211d37592">More...</a><br /></td></tr> |
| <tr class="separator:af6150f97b1d2df1d70ec419211d37592"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a585141482d0be764359316dc4aa9a345"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a585141482d0be764359316dc4aa9a345">MPC_SUM_MTA</a> (const octet *A, const octet *B, const octet *ALPHA, const octet *BETA, octet *SUM)</td></tr> |
| <tr class="memdesc:a585141482d0be764359316dc4aa9a345"><td class="mdescLeft"> </td><td class="mdescRight">Sum of secret shares. <a href="mta_8h.html#a585141482d0be764359316dc4aa9a345">More...</a><br /></td></tr> |
| <tr class="separator:a585141482d0be764359316dc4aa9a345"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ae4971990b60c103d7cb596c9a0d1d205"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ae4971990b60c103d7cb596c9a0d1d205">MTA_ZK_random_challenge</a> (csprng *RNG, octet *E)</td></tr> |
| <tr class="memdesc:ae4971990b60c103d7cb596c9a0d1d205"><td class="mdescLeft"> </td><td class="mdescRight">Random challenge for any of the ZK Proofs. <a href="mta_8h.html#ae4971990b60c103d7cb596c9a0d1d205">More...</a><br /></td></tr> |
| <tr class="separator:ae4971990b60c103d7cb596c9a0d1d205"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a9ae812a8b7fa69ae98d8eec9db51cc83"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a9ae812a8b7fa69ae98d8eec9db51cc83">MTA_RP_commit</a> (csprng *RNG, PAILLIER_private_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, octet *M, <a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> *c, <a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:a9ae812a8b7fa69ae98d8eec9db51cc83"><td class="mdescLeft"> </td><td class="mdescRight">Commitment Generation. <a href="mta_8h.html#a9ae812a8b7fa69ae98d8eec9db51cc83">More...</a><br /></td></tr> |
| <tr class="separator:a9ae812a8b7fa69ae98d8eec9db51cc83"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:aae8035b9c2d5b29f3ad9df3c44466e1d"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#aae8035b9c2d5b29f3ad9df3c44466e1d">MTA_RP_challenge</a> (PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, const octet *CT, <a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> *c, octet *E)</td></tr> |
| <tr class="memdesc:aae8035b9c2d5b29f3ad9df3c44466e1d"><td class="mdescLeft"> </td><td class="mdescRight">Deterministic Challenge generations. <a href="mta_8h.html#aae8035b9c2d5b29f3ad9df3c44466e1d">More...</a><br /></td></tr> |
| <tr class="separator:aae8035b9c2d5b29f3ad9df3c44466e1d"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a840590c8db0b435bece74978adf0748d"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a840590c8db0b435bece74978adf0748d">MTA_RP_prove</a> (PAILLIER_private_key *key, <a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> *rv, octet *M, octet *R, octet *E, <a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> *p)</td></tr> |
| <tr class="memdesc:a840590c8db0b435bece74978adf0748d"><td class="mdescLeft"> </td><td class="mdescRight">Proof generation. <a href="mta_8h.html#a840590c8db0b435bece74978adf0748d">More...</a><br /></td></tr> |
| <tr class="separator:a840590c8db0b435bece74978adf0748d"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:aaa4c5afa267be00e1819becd53805795"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#aaa4c5afa267be00e1819becd53805795">MTA_RP_verify</a> (PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> *mod, octet *CT, octet *E, <a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> *c, <a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> *p)</td></tr> |
| <tr class="memdesc:aaa4c5afa267be00e1819becd53805795"><td class="mdescLeft"> </td><td class="mdescRight">Verify a Proof. <a href="mta_8h.html#aaa4c5afa267be00e1819becd53805795">More...</a><br /></td></tr> |
| <tr class="separator:aaa4c5afa267be00e1819becd53805795"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:aa60c3b4a80719d29f0ebb747f3fc31a1"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#aa60c3b4a80719d29f0ebb747f3fc31a1">MTA_RP_commitment_toOctets</a> (octet *Z, octet *U, octet *W, <a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> *c)</td></tr> |
| <tr class="memdesc:aa60c3b4a80719d29f0ebb747f3fc31a1"><td class="mdescLeft"> </td><td class="mdescRight">Dump the commitment to octets. <a href="mta_8h.html#aa60c3b4a80719d29f0ebb747f3fc31a1">More...</a><br /></td></tr> |
| <tr class="separator:aa60c3b4a80719d29f0ebb747f3fc31a1"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a5f42fb5d017f34db268c112f7c8d056e"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a5f42fb5d017f34db268c112f7c8d056e">MTA_RP_commitment_fromOctets</a> (<a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> *c, octet *Z, octet *U, octet *W)</td></tr> |
| <tr class="memdesc:a5f42fb5d017f34db268c112f7c8d056e"><td class="mdescLeft"> </td><td class="mdescRight">Read the commitments from octets. <a href="mta_8h.html#a5f42fb5d017f34db268c112f7c8d056e">More...</a><br /></td></tr> |
| <tr class="separator:a5f42fb5d017f34db268c112f7c8d056e"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a4c516e4898f3fbcdd55ed70ea0e336ef"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a4c516e4898f3fbcdd55ed70ea0e336ef">MTA_RP_proof_toOctets</a> (octet *S, octet *S1, octet *S2, <a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> *p)</td></tr> |
| <tr class="memdesc:a4c516e4898f3fbcdd55ed70ea0e336ef"><td class="mdescLeft"> </td><td class="mdescRight">Dump the proof to octets. <a href="mta_8h.html#a4c516e4898f3fbcdd55ed70ea0e336ef">More...</a><br /></td></tr> |
| <tr class="separator:a4c516e4898f3fbcdd55ed70ea0e336ef"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ad60da72de670c62131bc57f9e1070c84"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ad60da72de670c62131bc57f9e1070c84">MTA_RP_proof_fromOctets</a> (<a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> *p, octet *S, octet *S1, octet *S2)</td></tr> |
| <tr class="memdesc:ad60da72de670c62131bc57f9e1070c84"><td class="mdescLeft"> </td><td class="mdescRight">Read the proof from octets. <a href="mta_8h.html#ad60da72de670c62131bc57f9e1070c84">More...</a><br /></td></tr> |
| <tr class="separator:ad60da72de670c62131bc57f9e1070c84"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a83d69dbe4b86adcf814bf17593066b5d"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a83d69dbe4b86adcf814bf17593066b5d">MTA_RP_commitment_rv_kill</a> (<a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:a83d69dbe4b86adcf814bf17593066b5d"><td class="mdescLeft"> </td><td class="mdescRight">Clean the memory containing the random values. <a href="mta_8h.html#a83d69dbe4b86adcf814bf17593066b5d">More...</a><br /></td></tr> |
| <tr class="separator:a83d69dbe4b86adcf814bf17593066b5d"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a882f4c5922a453293eaaa7e3ec876bdf"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a882f4c5922a453293eaaa7e3ec876bdf">MTA_ZK_commit</a> (csprng *RNG, PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, octet *X, octet *Y, octet *C1, <a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> *c, <a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:a882f4c5922a453293eaaa7e3ec876bdf"><td class="mdescLeft"> </td><td class="mdescRight">Commitment Generation for Receiver ZKP. <a href="mta_8h.html#a882f4c5922a453293eaaa7e3ec876bdf">More...</a><br /></td></tr> |
| <tr class="separator:a882f4c5922a453293eaaa7e3ec876bdf"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a437965ad4a0dd602a0c1a4339afb0cb6"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a437965ad4a0dd602a0c1a4339afb0cb6">MTA_ZK_challenge</a> (PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, const octet *C1, const octet *C2, <a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> *c, octet *E)</td></tr> |
| <tr class="memdesc:a437965ad4a0dd602a0c1a4339afb0cb6"><td class="mdescLeft"> </td><td class="mdescRight">Deterministic Challenge generations for Receiver ZKP. <a href="mta_8h.html#a437965ad4a0dd602a0c1a4339afb0cb6">More...</a><br /></td></tr> |
| <tr class="separator:a437965ad4a0dd602a0c1a4339afb0cb6"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a275057a0134ee0cbef05e1c719f3f94b"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a275057a0134ee0cbef05e1c719f3f94b">MTA_ZK_prove</a> (PAILLIER_public_key *key, <a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> *rv, octet *X, octet *Y, octet *R, octet *E, <a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> *p)</td></tr> |
| <tr class="memdesc:a275057a0134ee0cbef05e1c719f3f94b"><td class="mdescLeft"> </td><td class="mdescRight">Proof generation for Receiver ZKP. <a href="mta_8h.html#a275057a0134ee0cbef05e1c719f3f94b">More...</a><br /></td></tr> |
| <tr class="separator:a275057a0134ee0cbef05e1c719f3f94b"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a34fa2c06ff8a165243621fe6d32a4b64"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a34fa2c06ff8a165243621fe6d32a4b64">MTA_ZK_verify</a> (PAILLIER_private_key *key, <a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> *mod, octet *C1, octet *C2, octet *E, <a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> *c, <a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> *p)</td></tr> |
| <tr class="memdesc:a34fa2c06ff8a165243621fe6d32a4b64"><td class="mdescLeft"> </td><td class="mdescRight">Verify a Proof for Receiver ZKP. <a href="mta_8h.html#a34fa2c06ff8a165243621fe6d32a4b64">More...</a><br /></td></tr> |
| <tr class="separator:a34fa2c06ff8a165243621fe6d32a4b64"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:afa9bc2f3876442f8519c67c011d4b0c5"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#afa9bc2f3876442f8519c67c011d4b0c5">MTA_ZK_commitment_toOctets</a> (octet *Z, octet *Z1, octet *T, octet *V, octet *W, <a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> *c)</td></tr> |
| <tr class="memdesc:afa9bc2f3876442f8519c67c011d4b0c5"><td class="mdescLeft"> </td><td class="mdescRight">Dump the commitment to octets. <a href="mta_8h.html#afa9bc2f3876442f8519c67c011d4b0c5">More...</a><br /></td></tr> |
| <tr class="separator:afa9bc2f3876442f8519c67c011d4b0c5"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ad9cb35ed95b1ad3367fd78437e98aad5"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ad9cb35ed95b1ad3367fd78437e98aad5">MTA_ZK_commitment_fromOctets</a> (<a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> *c, octet *Z, octet *Z1, octet *T, octet *V, octet *W)</td></tr> |
| <tr class="memdesc:ad9cb35ed95b1ad3367fd78437e98aad5"><td class="mdescLeft"> </td><td class="mdescRight">Read the commitments from octets. <a href="mta_8h.html#ad9cb35ed95b1ad3367fd78437e98aad5">More...</a><br /></td></tr> |
| <tr class="separator:ad9cb35ed95b1ad3367fd78437e98aad5"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ae4cc541c94044beaf3a46cd5415da370"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ae4cc541c94044beaf3a46cd5415da370">MTA_ZK_proof_toOctets</a> (octet *S, octet *S1, octet *S2, octet *T1, octet *T2, <a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> *p)</td></tr> |
| <tr class="memdesc:ae4cc541c94044beaf3a46cd5415da370"><td class="mdescLeft"> </td><td class="mdescRight">Dump the proof to octets. <a href="mta_8h.html#ae4cc541c94044beaf3a46cd5415da370">More...</a><br /></td></tr> |
| <tr class="separator:ae4cc541c94044beaf3a46cd5415da370"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a4d280db3b810c0d69603a8ee97222565"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a4d280db3b810c0d69603a8ee97222565">MTA_ZK_proof_fromOctets</a> (<a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> *p, octet *S, octet *S1, octet *S2, octet *T1, octet *T2)</td></tr> |
| <tr class="memdesc:a4d280db3b810c0d69603a8ee97222565"><td class="mdescLeft"> </td><td class="mdescRight">Read the proof from octets. <a href="mta_8h.html#a4d280db3b810c0d69603a8ee97222565">More...</a><br /></td></tr> |
| <tr class="separator:a4d280db3b810c0d69603a8ee97222565"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a50085c31f3df46ac6814c46064ed2826"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a50085c31f3df46ac6814c46064ed2826">MTA_ZK_commitment_rv_kill</a> (<a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:a50085c31f3df46ac6814c46064ed2826"><td class="mdescLeft"> </td><td class="mdescRight">Clean the memory containing the random values. <a href="mta_8h.html#a50085c31f3df46ac6814c46064ed2826">More...</a><br /></td></tr> |
| <tr class="separator:a50085c31f3df46ac6814c46064ed2826"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a61bd2519a246c273ce42da382732c489"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a61bd2519a246c273ce42da382732c489">MTA_ZKWC_commit</a> (csprng *RNG, PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, octet *X, octet *Y, octet *C1, <a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> *c, <a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:a61bd2519a246c273ce42da382732c489"><td class="mdescLeft"> </td><td class="mdescRight">Commitment Generation for Receiver ZKP with check. <a href="mta_8h.html#a61bd2519a246c273ce42da382732c489">More...</a><br /></td></tr> |
| <tr class="separator:a61bd2519a246c273ce42da382732c489"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a4dd5d4b2d4fc3e530632fb61b56c3f25"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a4dd5d4b2d4fc3e530632fb61b56c3f25">MTA_ZKWC_challenge</a> (PAILLIER_public_key *key, <a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> *mod, const octet *C1, const octet *C2, const octet *X, <a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> *c, octet *E)</td></tr> |
| <tr class="memdesc:a4dd5d4b2d4fc3e530632fb61b56c3f25"><td class="mdescLeft"> </td><td class="mdescRight">Deterministic Challenge generations for Receiver ZKP with check. <a href="mta_8h.html#a4dd5d4b2d4fc3e530632fb61b56c3f25">More...</a><br /></td></tr> |
| <tr class="separator:a4dd5d4b2d4fc3e530632fb61b56c3f25"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:aec434d125d9f299a78388524ef5f0c51"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#aec434d125d9f299a78388524ef5f0c51">MTA_ZKWC_prove</a> (PAILLIER_public_key *key, <a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> *rv, octet *X, octet *Y, octet *R, octet *E, <a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> *p)</td></tr> |
| <tr class="memdesc:aec434d125d9f299a78388524ef5f0c51"><td class="mdescLeft"> </td><td class="mdescRight">Proof generation for Receiver ZKP with check. <a href="mta_8h.html#aec434d125d9f299a78388524ef5f0c51">More...</a><br /></td></tr> |
| <tr class="separator:aec434d125d9f299a78388524ef5f0c51"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:aec8c96b0b4983b7e16bdcf7f24b16c08"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#aec8c96b0b4983b7e16bdcf7f24b16c08">MTA_ZKWC_verify</a> (PAILLIER_private_key *key, <a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> *mod, octet *C1, octet *C2, octet *X, octet *E, <a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> *c, <a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> *p)</td></tr> |
| <tr class="memdesc:aec8c96b0b4983b7e16bdcf7f24b16c08"><td class="mdescLeft"> </td><td class="mdescRight">Verify a Proof for Receiver ZKP with check. <a href="mta_8h.html#aec8c96b0b4983b7e16bdcf7f24b16c08">More...</a><br /></td></tr> |
| <tr class="separator:aec8c96b0b4983b7e16bdcf7f24b16c08"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:ab2611cfca7b4350f0921d56a3aed3185"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#ab2611cfca7b4350f0921d56a3aed3185">MTA_ZKWC_commitment_toOctets</a> (octet *U, octet *Z, octet *Z1, octet *T, octet *V, octet *W, <a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> *c)</td></tr> |
| <tr class="memdesc:ab2611cfca7b4350f0921d56a3aed3185"><td class="mdescLeft"> </td><td class="mdescRight">Dump the commitment to octets. <a href="mta_8h.html#ab2611cfca7b4350f0921d56a3aed3185">More...</a><br /></td></tr> |
| <tr class="separator:ab2611cfca7b4350f0921d56a3aed3185"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a051196472aca3ad711f8c8f9f39280ce"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a051196472aca3ad711f8c8f9f39280ce">MTA_ZKWC_commitment_fromOctets</a> (<a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> *c, octet *U, octet *Z, octet *Z1, octet *T, octet *V, octet *W)</td></tr> |
| <tr class="memdesc:a051196472aca3ad711f8c8f9f39280ce"><td class="mdescLeft"> </td><td class="mdescRight">Read the commitments from octets. <a href="mta_8h.html#a051196472aca3ad711f8c8f9f39280ce">More...</a><br /></td></tr> |
| <tr class="separator:a051196472aca3ad711f8c8f9f39280ce"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:a127a8be76fdcde455e6d8645fcc93362"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#a127a8be76fdcde455e6d8645fcc93362">MTA_ZKWC_proof_toOctets</a> (octet *S, octet *S1, octet *S2, octet *T1, octet *T2, <a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> *p)</td></tr> |
| <tr class="memdesc:a127a8be76fdcde455e6d8645fcc93362"><td class="mdescLeft"> </td><td class="mdescRight">Dump the proof to octets. <a href="mta_8h.html#a127a8be76fdcde455e6d8645fcc93362">More...</a><br /></td></tr> |
| <tr class="separator:a127a8be76fdcde455e6d8645fcc93362"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:afdc55dcddd98123e60590190425edab3"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#afdc55dcddd98123e60590190425edab3">MTA_ZKWC_proof_fromOctets</a> (<a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> *p, octet *S, octet *S1, octet *S2, octet *T1, octet *T2)</td></tr> |
| <tr class="memdesc:afdc55dcddd98123e60590190425edab3"><td class="mdescLeft"> </td><td class="mdescRight">Read the proof from octets. <a href="mta_8h.html#afdc55dcddd98123e60590190425edab3">More...</a><br /></td></tr> |
| <tr class="separator:afdc55dcddd98123e60590190425edab3"><td class="memSeparator" colspan="2"> </td></tr> |
| <tr class="memitem:adc4cbeae2c13b0e005c70532d2f96e46"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="mta_8h.html#adc4cbeae2c13b0e005c70532d2f96e46">MTA_ZKWC_commitment_rv_kill</a> (<a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> *rv)</td></tr> |
| <tr class="memdesc:adc4cbeae2c13b0e005c70532d2f96e46"><td class="mdescLeft"> </td><td class="mdescRight">Clean the memory containing the random values. <a href="mta_8h.html#adc4cbeae2c13b0e005c70532d2f96e46">More...</a><br /></td></tr> |
| <tr class="separator:adc4cbeae2c13b0e005c70532d2f96e46"><td class="memSeparator" colspan="2"> </td></tr> |
| </table> |
| <h2 class="groupheader">Macro Definition Documentation</h2> |
| <a id="a9cffabde5e58757768c87f8b96bed9be"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a9cffabde5e58757768c87f8b96bed9be">◆ </a></span>MTA_FAIL</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">#define MTA_FAIL   61</td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Invalid proof </p> |
| |
| </div> |
| </div> |
| <a id="ac83dee7822a61403334298331d63171c"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ac83dee7822a61403334298331d63171c">◆ </a></span>MTA_INVALID_ECP</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">#define MTA_INVALID_ECP   62</td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Invalid ECP </p> |
| |
| </div> |
| </div> |
| <a id="a38835fd15b3c165ca0acce5ba7f45dd6"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a38835fd15b3c165ca0acce5ba7f45dd6">◆ </a></span>MTA_OK</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">#define MTA_OK   0</td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Proof successfully verified </p> |
| |
| </div> |
| </div> |
| <h2 class="groupheader">Function Documentation</h2> |
| <a id="a7bbc83a1d90c466061839c88375576a3"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a7bbc83a1d90c466061839c88375576a3">◆ </a></span>MPC_MTA_CLIENT1()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MPC_MTA_CLIENT1 </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>PUB</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>A</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>CA</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>R</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Encrypt multiplicative share, \( a \), of secret \( s = a.b \)</p> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>Pointer to a cryptographically secure random number generator </td></tr> |
| <tr><td class="paramname">PUB</td><td>Paillier Public key </td></tr> |
| <tr><td class="paramname">A</td><td>Multiplicative share of secret </td></tr> |
| <tr><td class="paramname">CA</td><td>Ciphertext </td></tr> |
| <tr><td class="paramname">R</td><td>R value for testing. If RNG is NULL then this value is read. </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a673e46de79006b3d5e349a0eec6bd5c5"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a673e46de79006b3d5e349a0eec6bd5c5">◆ </a></span>MPC_MTA_CLIENT2()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MPC_MTA_CLIENT2 </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_private_key * </td> |
| <td class="paramname"><em>PRIV</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>CB</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>ALPHA</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Calculate additive share, \( \alpha \), of secret \( s = a.b \)</p> |
| <ol> |
| <li> |
| Choose a random non-zero value \( z \in F_q \) where \(q\) is the curve order </li> |
| <li> |
| \( \alpha = D_A(cb) = D_A(E_A(ab + z)) = ab + z \text{ }\mathrm{mod}\text{ }q \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">PRIV</td><td>Paillier Private key </td></tr> |
| <tr><td class="paramname">CB</td><td>Ciphertext </td></tr> |
| <tr><td class="paramname">ALPHA</td><td>Additive share of secret </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="af6150f97b1d2df1d70ec419211d37592"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#af6150f97b1d2df1d70ec419211d37592">◆ </a></span>MPC_MTA_SERVER()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MPC_MTA_SERVER </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>PUB</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>B</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>CA</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>R</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>CB</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>BETA</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Calculate additive share, \( \beta \), of secret \( s = a.b \) and ciphertext allowing client to calculate their additive share.</p> |
| <ol> |
| <li> |
| Choose a random non-zero value \( z \in F_q \) where \(q\) is the curve order </li> |
| <li> |
| \( \beta = -z\text{ }\mathrm{mod}\text{ }q \) </li> |
| <li> |
| \( cb = ca \otimes{} b \oplus{} z = E_A(ab + z) \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>Pointer to a cryptographically secure random number generator </td></tr> |
| <tr><td class="paramname">PUB</td><td>Paillier Public key </td></tr> |
| <tr><td class="paramname">B</td><td>Multiplicative share of secret </td></tr> |
| <tr><td class="paramname">CA</td><td>Ciphertext of client's additive share of secret </td></tr> |
| <tr><td class="paramname">Z</td><td>Plaintext z value (see above) </td></tr> |
| <tr><td class="paramname">R</td><td>R value for testing. If RNG is NULL then this value is read. </td></tr> |
| <tr><td class="paramname">CB</td><td>Ciphertext </td></tr> |
| <tr><td class="paramname">BETA</td><td>Additive share of secret (see above) </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a585141482d0be764359316dc4aa9a345"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a585141482d0be764359316dc4aa9a345">◆ </a></span>MPC_SUM_MTA()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MPC_SUM_MTA </td> |
| <td>(</td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>A</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>B</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>ALPHA</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>BETA</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>SUM</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Sum of secret shares generated by multiplicative to additive scheme</p> |
| <ol> |
| <li> |
| \( sum = a.b + \alpha + \beta \text{ }\mathrm{mod}\text{ }q \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">A</td><td>A1 value </td></tr> |
| <tr><td class="paramname">B</td><td>B1 value </td></tr> |
| <tr><td class="paramname">ALPHA</td><td>Additive share of A1.B2 </td></tr> |
| <tr><td class="paramname">BETA</td><td>Additive share of A2.B1 </td></tr> |
| <tr><td class="paramname">SUM</td><td>The sum of all values </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="aae8035b9c2d5b29f3ad9df3c44466e1d"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#aae8035b9c2d5b29f3ad9df3c44466e1d">◆ </a></span>MTA_RP_challenge()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_challenge </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>CT</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a challenge binding together public parameters and commitment</p> |
| <ol> |
| <li> |
| \( e = H( g | \tilde{N} | h_1 | h_2 | q | CT | z | u | w ) \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">CT</td><td>Encrypted Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment of the prover </td></tr> |
| <tr><td class="paramname">E</td><td>Destination challenge </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a9ae812a8b7fa69ae98d8eec9db51cc83"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a9ae812a8b7fa69ae98d8eec9db51cc83">◆ </a></span>MTA_RP_commit()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_commit </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">PAILLIER_private_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>M</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a commitment for the message M</p> |
| <ol> |
| <li> |
| \( \alpha \in_R [0, \ldots, q^3]\) </li> |
| <li> |
| \( \beta \in_R [0, \ldots, N]\) </li> |
| <li> |
| \( \gamma \in_R [0, \ldots, q^{3}\tilde{N}]\) </li> |
| <li> |
| \( \rho \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( z = h_1^{m}h_2^{\rho} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( u = h_1^{\alpha}h_2^{\gamma} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( w = g^{\alpha}\beta^{N} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>csprng for random generation </td></tr> |
| <tr><td class="paramname">key</td><td>Paillier key used to encrypt M </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">M</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment. If RNG is NULL this is read </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a5f42fb5d017f34db268c112f7c8d056e"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a5f42fb5d017f34db268c112f7c8d056e">◆ </a></span>MTA_RP_commitment_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_commitment_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>U</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">Z</td><td>Octet with the z component of the proof </td></tr> |
| <tr><td class="paramname">U</td><td>Octet with the u component of the proof </td></tr> |
| <tr><td class="paramname">W</td><td>Octet with the w component of the proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a83d69dbe4b86adcf814bf17593066b5d"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a83d69dbe4b86adcf814bf17593066b5d">◆ </a></span>MTA_RP_commitment_rv_kill()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_commitment_rv_kill </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em></td><td>)</td> |
| <td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">rv</td><td>Random values to clean </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="aa60c3b4a80719d29f0ebb747f3fc31a1"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#aa60c3b4a80719d29f0ebb747f3fc31a1">◆ </a></span>MTA_RP_commitment_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_commitment_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>U</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> * </td> |
| <td class="paramname"><em>c</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">Z</td><td>Destination Octet for the z component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">U</td><td>Destination Octet for the u component of the commitment. FS_4096 long </td></tr> |
| <tr><td class="paramname">W</td><td>Destination Octet for the w component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="ad60da72de670c62131bc57f9e1070c84"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ad60da72de670c62131bc57f9e1070c84">◆ </a></span>MTA_RP_proof_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_proof_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> * </td> |
| <td class="paramname"><em>p</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| <tr><td class="paramname">S</td><td>Octet with the s component of the proof </td></tr> |
| <tr><td class="paramname">S1</td><td>Octet with the s1 component of the proof </td></tr> |
| <tr><td class="paramname">S2</td><td>Octet with the s2 component of the proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a4c516e4898f3fbcdd55ed70ea0e336ef"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a4c516e4898f3fbcdd55ed70ea0e336ef">◆ </a></span>MTA_RP_proof_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_proof_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">S</td><td>Destination Octet for the s component of the proof. FS_2048 long </td></tr> |
| <tr><td class="paramname">S1</td><td>Destination Octet for the s1 component of the proof. HFS_2048 long </td></tr> |
| <tr><td class="paramname">S2</td><td>Destination Octet for the s2 component of the proof. FS_2048 + HFS_2048 long </td></tr> |
| <tr><td class="paramname">p</td><td>Proof to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a840590c8db0b435bece74978adf0748d"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a840590c8db0b435bece74978adf0748d">◆ </a></span>MTA_RP_prove()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_RP_prove </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_private_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment__rv.html">MTA_RP_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>M</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>R</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a proof of knowledge of m and of its range</p> |
| <ol> |
| <li> |
| \( s = \beta r^e \text{ }\mathrm{mod}\text{ }N \) </li> |
| <li> |
| \( s_1 = em + \alpha \) </li> |
| <li> |
| \( s_2 = e\rho + \gamma \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Private Paillier key of the prover </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment </td></tr> |
| <tr><td class="paramname">M</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">R</td><td>Random value used in the Paillier encryption of M </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="aaa4c5afa267be00e1819becd53805795"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#aaa4c5afa267be00e1819becd53805795">◆ </a></span>MTA_RP_verify()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">int MTA_RP_verify </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>CT</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__commitment.html">MTA_RP_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__RP__proof.html">MTA_RP_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Verify the proof of knowledge of m associated to CT and of its range</p> |
| <ol> |
| <li> |
| \( s1 \stackrel{?}{\leq} q^3 \) </li> |
| <li> |
| \( w \stackrel{?}{=} h_1^{s_1}h_2^{s_2}z^{-e} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( u \stackrel{?}{=} g^{s_1}s^{N}c^{-e} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Private BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">CT</td><td>Encrypted Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">c</td><td>Received commitment </td></tr> |
| <tr><td class="paramname">p</td><td>Received proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| <dl class="section return"><dt>Returns</dt><dd>MTA_OK if the proof is valid, MTA_FAIL otherwise </dd></dl> |
| |
| </div> |
| </div> |
| <a id="a437965ad4a0dd602a0c1a4339afb0cb6"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a437965ad4a0dd602a0c1a4339afb0cb6">◆ </a></span>MTA_ZK_challenge()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_challenge </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>C2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a challenge binding together public parameters and commitment</p> |
| <ol> |
| <li> |
| \( e = H( g | \tilde{N} | h_1 | h_2 | q | c_1 | c_2 | z | z1 | t | v | w ) \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">C2</td><td>New Paillier Ciphertext to prove knowledge and range </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment of the prover </td></tr> |
| <tr><td class="paramname">E</td><td>Destination challenge </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a882f4c5922a453293eaaa7e3ec876bdf"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a882f4c5922a453293eaaa7e3ec876bdf">◆ </a></span>MTA_ZK_commit()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_commit </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Y</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a commitment for the values x, y and c1</p> |
| <ol> |
| <li> |
| \( \alpha \in_R [0, \ldots, q^3]\) </li> |
| <li> |
| \( \beta \in_R [0, \ldots, N]\) </li> |
| <li> |
| \( \gamma \in_R [0, \ldots, N]\) </li> |
| <li> |
| \( \rho \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( \rho_1 \in_R [0, \ldots, q^{3}\tilde{N}]\) </li> |
| <li> |
| \( \sigma \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( \tau \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( z = h_1^{x}h_2^{\rho} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( z_1 = h_1^{\alpha}h_2^{\rho_1} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( t = h_1^{y}h_2^{\sigma} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( w = h_1^{\gamma}h_2^{\tau} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( v = c1^{\alpha}g^{\gamma}\beta^{N} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>csprng for random generation </td></tr> |
| <tr><td class="paramname">key</td><td>Paillier key used to encrypt C1 </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">X</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">Y</td><td>Message to prove knowledge </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment. If RNG is NULL this is read </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="ad9cb35ed95b1ad3367fd78437e98aad5"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ad9cb35ed95b1ad3367fd78437e98aad5">◆ </a></span>MTA_ZK_commitment_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_commitment_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>V</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">Z</td><td>Destination Octet for the z component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">Z1</td><td>Destination Octet for the z1 component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">T</td><td>Destination Octet for the t component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">V</td><td>Destination Octet for the v component of the commitment. FS_4096 long </td></tr> |
| <tr><td class="paramname">W</td><td>Destination Octet for the w component of the commitment. FS_2048 long </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a50085c31f3df46ac6814c46064ed2826"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a50085c31f3df46ac6814c46064ed2826">◆ </a></span>MTA_ZK_commitment_rv_kill()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_commitment_rv_kill </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em></td><td>)</td> |
| <td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">rv</td><td>Random values to clean </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="afa9bc2f3876442f8519c67c011d4b0c5"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#afa9bc2f3876442f8519c67c011d4b0c5">◆ </a></span>MTA_ZK_commitment_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_commitment_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>V</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> * </td> |
| <td class="paramname"><em>c</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">Z</td><td>Destination Octet for the z component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">Z1</td><td>Destination Octet for the z1 component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">T</td><td>Destination Octet for the t component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">V</td><td>Destination Octet for the v component of the commitment. FS_4096 long </td></tr> |
| <tr><td class="paramname">W</td><td>Destination Octet for the w component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a4d280db3b810c0d69603a8ee97222565"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a4d280db3b810c0d69603a8ee97222565">◆ </a></span>MTA_ZK_proof_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_proof_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> * </td> |
| <td class="paramname"><em>p</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T2</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| <tr><td class="paramname">S</td><td>Octet with the s component of the proof </td></tr> |
| <tr><td class="paramname">S1</td><td>Octet with the s1 component of the proof </td></tr> |
| <tr><td class="paramname">S2</td><td>Octet with the s2 component of the proof </td></tr> |
| <tr><td class="paramname">T1</td><td>Octet with the t1 component of the proof </td></tr> |
| <tr><td class="paramname">T2</td><td>Octet with the t2 component of the proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="ae4cc541c94044beaf3a46cd5415da370"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ae4cc541c94044beaf3a46cd5415da370">◆ </a></span>MTA_ZK_proof_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_proof_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">S</td><td>Destination Octet for the s component of the proof. FS_2048 long </td></tr> |
| <tr><td class="paramname">S1</td><td>Destination Octet for the s1 component of the proof. HFS_2048 long </td></tr> |
| <tr><td class="paramname">S2</td><td>Destination Octet for the s2 component of the proof. FS_2048 + HFS_2048 long </td></tr> |
| <tr><td class="paramname">T1</td><td>Destination Octet for the t1 component of the proof. FS_2048 long </td></tr> |
| <tr><td class="paramname">T2</td><td>Destination Octet for the t2 component of the proof. FS_2048 + HFS_2048 long </td></tr> |
| <tr><td class="paramname">p</td><td>Proof to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a275057a0134ee0cbef05e1c719f3f94b"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a275057a0134ee0cbef05e1c719f3f94b">◆ </a></span>MTA_ZK_prove()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_prove </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment__rv.html">MTA_ZK_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Y</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>R</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a proof of knowledge of x, y and a range proof for x</p> |
| <ol> |
| <li> |
| \( s = \beta r^e \text{ }\mathrm{mod}\text{ }N \) </li> |
| <li> |
| \( s_1 = ex + \alpha \) </li> |
| <li> |
| \( s_2 = e\rho + \rho_1 \) </li> |
| <li> |
| \( t_1 = ey + \gamma \) </li> |
| <li> |
| \( t_2 = e\sigma + \tau \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Private Paillier key of the prover </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment </td></tr> |
| <tr><td class="paramname">X</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">Y</td><td>Message to prove knowledge </td></tr> |
| <tr><td class="paramname">R</td><td>Random value used in the Paillier addition </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="ae4971990b60c103d7cb596c9a0d1d205"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ae4971990b60c103d7cb596c9a0d1d205">◆ </a></span>MTA_ZK_random_challenge()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZK_random_challenge </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a random challenge for any of the ZK Proofs below. This can be used instead of the deterministic challenges produced for each specific proof to make any of the proofs interactive and be interoperable with other implementations.</p> |
| <ol> |
| <li> |
| \( e \in_R [0, \ldots, q] \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>csprng for random generation </td></tr> |
| <tr><td class="paramname">E</td><td>Destination octet for the challenge. </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a34fa2c06ff8a165243621fe6d32a4b64"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a34fa2c06ff8a165243621fe6d32a4b64">◆ </a></span>MTA_ZK_verify()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">int MTA_ZK_verify </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_private_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__commitment.html">MTA_ZK_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZK__proof.html">MTA_ZK_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Verify the proof of knowledge of x, y associated to c1, c2 and of x range</p> |
| <ol> |
| <li> |
| \( s_1 \stackrel{?}{\leq} q^3 \) </li> |
| <li> |
| \( z_1 \stackrel{?}{=} h_1^{s_1}h_2^{s_2}z^{-e} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( w \stackrel{?}{=} h_1^{t_1}h_2^{t_2}t^{-e} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( v \stackrel{?}{=} c1^{s_1}s^{N}g^{t_1}c2^{-e} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Private BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">C2</td><td>New Paillier Ciphertext to prove knowledge and range </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">c</td><td>Received commitment </td></tr> |
| <tr><td class="paramname">p</td><td>Received proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| <dl class="section return"><dt>Returns</dt><dd>MTA_OK if the proof is valid, MTA_FAIL otherwise </dd></dl> |
| |
| </div> |
| </div> |
| <a id="a4dd5d4b2d4fc3e530632fb61b56c3f25"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a4dd5d4b2d4fc3e530632fb61b56c3f25">◆ </a></span>MTA_ZKWC_challenge()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_challenge </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>C2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">const octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a challenge binding together public parameters and commitment</p> |
| <ol> |
| <li> |
| \( e = H( g | \tilde{N} | h_1 | h_2 | q | c_1 | c_2 | U | z | z1 | t | v | w ) \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">C2</td><td>New Paillier Ciphertext to prove knowledge and range </td></tr> |
| <tr><td class="paramname">X</td><td>Public exponent of the associated DLOG to prove knowledge </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment of the prover </td></tr> |
| <tr><td class="paramname">E</td><td>Destination challenge </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a61bd2519a246c273ce42da382732c489"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a61bd2519a246c273ce42da382732c489">◆ </a></span>MTA_ZKWC_commit()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_commit </td> |
| <td>(</td> |
| <td class="paramtype">csprng * </td> |
| <td class="paramname"><em>RNG</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__pub__modulus.html">COMMITMENTS_BC_pub_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Y</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a commitment for the values x, y and c1</p> |
| <ol> |
| <li> |
| \( \alpha \in_R [0, \ldots, q^3]\) </li> |
| <li> |
| \( \beta \in_R [0, \ldots, N]\) </li> |
| <li> |
| \( \gamma \in_R [0, \ldots, N]\) </li> |
| <li> |
| \( \rho \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( \rho_1 \in_R [0, \ldots, q^{3}\tilde{N}]\) </li> |
| <li> |
| \( \sigma \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( \tau \in_R [0, \ldots, q\tilde{N}]\) </li> |
| <li> |
| \( z = h_1^{x}h_2^{\rho} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( z_1 = h_1^{\alpha}h_2^{\rho_1} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( t = h_1^{y}h_2^{\sigma} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( w = h_1^{\gamma}h_2^{\tau} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( v = c1^{\alpha}g^{\gamma}\beta^{N} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| <li> |
| \( U = \alpha.G \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">RNG</td><td>csprng for random generation </td></tr> |
| <tr><td class="paramname">key</td><td>Paillier key used to encrypt C1 </td></tr> |
| <tr><td class="paramname">mod</td><td>Public BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">X</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">Y</td><td>Message to prove knowledge </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment. If RNG is NULL this is read </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a051196472aca3ad711f8c8f9f39280ce"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a051196472aca3ad711f8c8f9f39280ce">◆ </a></span>MTA_ZKWC_commitment_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">int MTA_ZKWC_commitment_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>U</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>V</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">c</td><td>Destination commitment </td></tr> |
| <tr><td class="paramname">U</td><td>Octet with the commitment for the DLOG ZKP </td></tr> |
| <tr><td class="paramname">Z</td><td>Octet with the z component of the commitment </td></tr> |
| <tr><td class="paramname">Z1</td><td>Octet with the z1 component of the commitment </td></tr> |
| <tr><td class="paramname">T</td><td>Octet with the t component of the commitment </td></tr> |
| <tr><td class="paramname">V</td><td>Octet with the v component of the commitment </td></tr> |
| <tr><td class="paramname">W</td><td>Octet with the w component of the commitment </td></tr> |
| </table> |
| </dd> |
| </dl> |
| <dl class="section return"><dt>Returns</dt><dd>MTA_INVALID_ECP if U is not a valid ECP, MTA_OK otherwise </dd></dl> |
| |
| </div> |
| </div> |
| <a id="adc4cbeae2c13b0e005c70532d2f96e46"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#adc4cbeae2c13b0e005c70532d2f96e46">◆ </a></span>MTA_ZKWC_commitment_rv_kill()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_commitment_rv_kill </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em></td><td>)</td> |
| <td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">rv</td><td>Random values to clean </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="ab2611cfca7b4350f0921d56a3aed3185"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#ab2611cfca7b4350f0921d56a3aed3185">◆ </a></span>MTA_ZKWC_commitment_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_commitment_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>U</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Z1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>V</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>W</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> * </td> |
| <td class="paramname"><em>c</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">U</td><td>Octet with the commitment for the DLOG ZKP. EGS_SECP256K1 + 1 long </td></tr> |
| <tr><td class="paramname">Z</td><td>Destination Octet for the z component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">Z1</td><td>Destination Octet for the z1 component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">T</td><td>Destination Octet for the t component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">V</td><td>Destination Octet for the v component of the commitment. FS_4096 long </td></tr> |
| <tr><td class="paramname">W</td><td>Destination Octet for the w component of the commitment. FS_2048 long </td></tr> |
| <tr><td class="paramname">c</td><td>Commitment to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="afdc55dcddd98123e60590190425edab3"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#afdc55dcddd98123e60590190425edab3">◆ </a></span>MTA_ZKWC_proof_fromOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_proof_fromOctets </td> |
| <td>(</td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> * </td> |
| <td class="paramname"><em>p</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T2</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| <tr><td class="paramname">S</td><td>Octet with the s component of the proof </td></tr> |
| <tr><td class="paramname">S1</td><td>Octet with the s1 component of the proof </td></tr> |
| <tr><td class="paramname">S2</td><td>Octet with the s2 component of the proof </td></tr> |
| <tr><td class="paramname">T1</td><td>Octet with the t1 component of the proof </td></tr> |
| <tr><td class="paramname">T2</td><td>Octet with the t2 component of the proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="a127a8be76fdcde455e6d8645fcc93362"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#a127a8be76fdcde455e6d8645fcc93362">◆ </a></span>MTA_ZKWC_proof_toOctets()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_proof_toOctets </td> |
| <td>(</td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>S2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>T2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">S</td><td>Destination Octet for the s component of the proof. FS_2048 long </td></tr> |
| <tr><td class="paramname">S1</td><td>Destination Octet for the s1 component of the proof. HFS_2048 long </td></tr> |
| <tr><td class="paramname">S2</td><td>Destination Octet for the s2 component of the proof. FS_2048 + HFS_2048 long </td></tr> |
| <tr><td class="paramname">T1</td><td>Destination Octet for the t1 component of the proof. FS_2048 long </td></tr> |
| <tr><td class="paramname">T2</td><td>Destination Octet for the t2 component of the proof. FS_2048 + HFS_2048 long </td></tr> |
| <tr><td class="paramname">p</td><td>Proof to export </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="aec434d125d9f299a78388524ef5f0c51"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#aec434d125d9f299a78388524ef5f0c51">◆ </a></span>MTA_ZKWC_prove()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">void MTA_ZKWC_prove </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_public_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a520066c511d8661c3ebfe4c2a612a046">MTA_ZKWC_commitment_rv</a> * </td> |
| <td class="paramname"><em>rv</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>Y</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>R</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Generate a proof of knowledge of x, y and a range proof for x. These values are the same as for the ZKP without check. The knowledge of the DLOG can be verified using the value U in the commitment</p> |
| <ol> |
| <li> |
| \( s = \beta r^e \text{ }\mathrm{mod}\text{ }N \) </li> |
| <li> |
| \( s_1 = ex + \alpha \) </li> |
| <li> |
| \( s_2 = e\rho + \rho_1 \) </li> |
| <li> |
| \( t_1 = ey + \gamma \) </li> |
| <li> |
| \( t_2 = e\sigma + \tau \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Private Paillier key of the prover </td></tr> |
| <tr><td class="paramname">rv</td><td>Random values associated to the commitment </td></tr> |
| <tr><td class="paramname">X</td><td>Message to prove knowledge and range </td></tr> |
| <tr><td class="paramname">Y</td><td>Message to prove knowledge </td></tr> |
| <tr><td class="paramname">R</td><td>Random value used in the Paillier addition </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">p</td><td>Destination proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| |
| </div> |
| </div> |
| <a id="aec8c96b0b4983b7e16bdcf7f24b16c08"></a> |
| <h2 class="memtitle"><span class="permalink"><a href="#aec8c96b0b4983b7e16bdcf7f24b16c08">◆ </a></span>MTA_ZKWC_verify()</h2> |
| |
| <div class="memitem"> |
| <div class="memproto"> |
| <table class="memname"> |
| <tr> |
| <td class="memname">int MTA_ZKWC_verify </td> |
| <td>(</td> |
| <td class="paramtype">PAILLIER_private_key * </td> |
| <td class="paramname"><em>key</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structCOMMITMENTS__BC__priv__modulus.html">COMMITMENTS_BC_priv_modulus</a> * </td> |
| <td class="paramname"><em>mod</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C1</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>C2</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>X</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype">octet * </td> |
| <td class="paramname"><em>E</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="structMTA__ZKWC__commitment.html">MTA_ZKWC_commitment</a> * </td> |
| <td class="paramname"><em>c</em>, </td> |
| </tr> |
| <tr> |
| <td class="paramkey"></td> |
| <td></td> |
| <td class="paramtype"><a class="el" href="mta_8h.html#a96110337c3648cc19cc1bf60f085da14">MTA_ZKWC_proof</a> * </td> |
| <td class="paramname"><em>p</em> </td> |
| </tr> |
| <tr> |
| <td></td> |
| <td>)</td> |
| <td></td><td></td> |
| </tr> |
| </table> |
| </div><div class="memdoc"> |
| <p>Verify the proof of knowledge of x, y associated to c1, c2 and of x range. Additionally verify the knowledge of X = x.G</p> |
| <ol> |
| <li> |
| \( s_1 \stackrel{?}{\leq} q^3 \) </li> |
| <li> |
| \( z_1 \stackrel{?}{=} h_1^{s_1}h_2^{s_2}z^{-e} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( w \stackrel{?}{=} h_1^{t_1}h_2^{t_2}t^{-e} \text{ }\mathrm{mod}\text{ }\tilde{N} \) </li> |
| <li> |
| \( v \stackrel{?}{=} c1^{s_1}s^{N}g^{t_1}c2^{-e} \text{ }\mathrm{mod}\text{ }N^2 \) </li> |
| <li> |
| \( U \stackrel{?}{=} s_1.G - e.X \) </li> |
| </ol> |
| <dl class="params"><dt>Parameters</dt><dd> |
| <table class="params"> |
| <tr><td class="paramname">key</td><td>Public Paillier key of the prover </td></tr> |
| <tr><td class="paramname">mod</td><td>Private BC modulus of the verifier </td></tr> |
| <tr><td class="paramname">C1</td><td>Base Paillier Ciphertext </td></tr> |
| <tr><td class="paramname">C2</td><td>New Paillier Ciphertext to prove knowledge and range </td></tr> |
| <tr><td class="paramname">X</td><td>Public ECP of the DLOG x.G </td></tr> |
| <tr><td class="paramname">E</td><td>Generated challenge </td></tr> |
| <tr><td class="paramname">c</td><td>Received commitment </td></tr> |
| <tr><td class="paramname">p</td><td>Received proof </td></tr> |
| </table> |
| </dd> |
| </dl> |
| <dl class="section return"><dt>Returns</dt><dd>MTA_OK if the proof is valid, MTA_FAIL otherwise </dd></dl> |
| |
| </div> |
| </div> |
| </div><!-- contents --> |
| <!-- start footer part --> |
| <hr class="footer"/><address class="footer"><small> |
| Generated by <a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 |
| </small></address> |
| </body> |
| </html> |
