static void point_add(element_t c, element_t a, element_t b) {
point_ptr p1 = DATA(a), p2 = DATA(b), p3 = DATA(c);
int inf1 = p1->isinf, inf2 = p2->isinf;
element_ptr x1 = p1->x, y1 = p1->y, x2 = p2->x, y2 = p2->y;
field_ptr f = FIELD(x1);
if (inf1) {
point_set(c, b);
return;
}
if (inf2) {
point_set(c, a);
return;
}
element_t v0, v1, v2, v3, v4, ny2;
element_init(v0, f);
element_init(v1, f);
element_init(v2, f);
element_init(v3, f);
element_init(v4, f);
element_init(ny2, f);
if (!element_cmp(x1, x2)) { // x1 == x2
element_neg(ny2, y2); // ny2 == -y2
if (!element_cmp(y1, ny2)) {
p3->isinf = 1;
goto end;
}
if (!element_cmp(y1, y2)) { // y1 == y2
element_invert(v0, y1); // v0 == y1^{-1}
element_mul(v1, v0, v0); // v1 == [y1^{-1}]^2
element_add(p3->x, v1, x1); // v1 == [y1^{-1}]^2 + x1
element_cubic(v2, v0); // v2 == [y1^{-1}]^3
element_add(v2, v2, y1); // v2 == [y1^{-1}]^3 + y1
element_neg(p3->y, v2); // p3 == -([y1^{-1}]^3 + y1)
p3->isinf = 0;
goto end;
}
}
// $P1 \ne \pm P2$
element_sub(v0, x2, x1); // v0 == x2-x1
element_invert(v1, v0); // v1 == (x2-x1)^{-1}
element_sub(v0, y2, y1); // v0 == y2-y1
element_mul(v2, v0, v1); // v2 == (y2-y1)/(x2-x1)
element_mul(v3, v2, v2); // v3 == [(y2-y1)/(x2-x1)]^2
element_cubic(v4, v2); // v4 == [(y2-y1)/(x2-x1)]^3
element_add(v0, x1, x2); // v0 == x1+x2
element_sub(v3, v3, v0); // v3 == [(y2-y1)/(x2-x1)]^2 - (x1+x2)
element_add(v0, y1, y2); // v0 == y1+y2
element_sub(v4, v0, v4); // v4 == (y1+y2) - [(y2-y1)/(x2-x1)]^3
p3->isinf = 0;
element_set(p3->x, v3);
element_set(p3->y, v4);
end:
element_clear(v0);
element_clear(v1);
element_clear(v2);
element_clear(v3);
element_clear(v4);
element_clear(ny2);
}
static void sn_add(element_t c, element_t a, element_t b) {
point_ptr r = c->data;
point_ptr p = a->data;
point_ptr q = b->data;
if (p->inf_flag) {
sn_set(c, b);
return;
}
if (q->inf_flag) {
sn_set(c, a);
return;
}
if (!element_cmp(p->x, q->x)) {
if (!element_cmp(p->y, q->y)) {
if (element_is0(p->y)) {
r->inf_flag = 1;
return;
} else {
sn_double_no_check(r, p);
return;
}
}
//points are inverses of each other
r->inf_flag = 1;
return;
} else {
element_t lambda, e0, e1;
element_init(lambda, p->x->field);
element_init(e0, p->x->field);
element_init(e1, p->x->field);
//lambda = (y2-y1)/(x2-x1)
element_sub(e0, q->x, p->x);
element_invert(e0, e0);
element_sub(lambda, q->y, p->y);
element_mul(lambda, lambda, e0);
//x3 = lambda^2 - x1 - x2 - 1
element_square(e0, lambda);
element_sub(e0, e0, p->x);
element_sub(e0, e0, q->x);
element_set1(e1);
element_sub(e0, e0, e1);
//y3 = (x1-x3)lambda - y1
element_sub(e1, p->x, e0);
element_mul(e1, e1, lambda);
element_sub(e1, e1, p->y);
element_set(r->x, e0);
element_set(r->y, e1);
r->inf_flag = 0;
element_clear(lambda);
element_clear(e0);
element_clear(e1);
}
}
/* return 1 if $a!=b$, 0 otherwise. */
static int point_cmp(element_t a, element_t b) {
point_ptr pa = DATA(a), pb = DATA(b);
if (pa->isinf == pb->isinf) {
if (pa->isinf)
return 0;
else
return element_cmp(pa->x, pb->x) || element_cmp(pa->y, pb->y);
} else
return 1;
}
static void curve_mul(element_ptr c, element_ptr a, element_ptr b) {
curve_data_ptr cdp = (curve_data_ptr)a->field->data;
point_ptr r = (point_ptr)c->data, p = (point_ptr)a->data, q = (point_ptr)b->data;
if (p->inf_flag) {
curve_set(c, b);
return;
}
if (q->inf_flag) {
curve_set(c, a);
return;
}
if (!element_cmp(p->x, q->x)) {
if (!element_cmp(p->y, q->y)) {
if (element_is0(p->y)) {
r->inf_flag = 1;
return;
} else {
double_no_check(r, p, cdp->a);
return;
}
}
//points are inverses of each other
r->inf_flag = 1;
return;
} else {
element_t lambda, e0, e1;
element_init(lambda, cdp->field);
element_init(e0, cdp->field);
element_init(e1, cdp->field);
//lambda = (y2-y1)/(x2-x1)
element_sub(e0, q->x, p->x);
element_invert(e0, e0);
element_sub(lambda, q->y, p->y);
element_mul(lambda, lambda, e0);
//x3 = lambda^2 - x1 - x2
element_square(e0, lambda);
element_sub(e0, e0, p->x);
element_sub(e0, e0, q->x);
//y3 = (x1-x3)lambda - y1
element_sub(e1, p->x, e0);
element_mul(e1, e1, lambda);
element_sub(e1, e1, p->y);
element_set(r->x, e0);
element_set(r->y, e1);
r->inf_flag = 0;
element_clear(lambda);
element_clear(e0);
element_clear(e1);
}
}
static void test_gf3m_add(void) {
element_random(a);
element_add(b, a, a);
element_add(b, b, b);
element_sub(b, b, a);
element_sub(b, b, a);
element_sub(b, b, a);
EXPECT(!element_cmp(a, b));
element_add(b, params(a)->p, a);
element_sub(b, b, params(a)->p);
EXPECT(!element_cmp(a, b));
}
static void test_gf3m_inverse(void) {
element_set1(a);
element_invert(b, a);
EXPECT(!element_cmp(b, e1));
element_set(a, e2);
element_invert(b, a);
EXPECT(!element_cmp(b, e2));
element_random(a);
element_invert(b, a);
element_mul(a, a, b);
EXPECT(!element_cmp(a, e1));
}
static void test_gf3m_mult(void) {
element_random(a);
element_mul(a, a, e0);
EXPECT(!element_cmp(a, e0));
element_random(a);
element_mul(b, a, e1);
EXPECT(!element_cmp(a, b));
element_random(a);
element_mul(b, a, e2);
element_add(a, a, b);
EXPECT(!element_cmp(a, e0));
}
static void test_gf3m_cubic(void) {
element_random(a);
element_mul(b, a, a);
element_mul(b, a, b);
element_cubic(a, a);
EXPECT(!element_cmp(a, b));
}
//============================================
// Frobenius Map \phi_p
//============================================
void test_frob(Field f)
{
int i;
unsigned long long int t1, t2;
mpz_t p;
Element a, b, c;
mpz_init_set(p, *field_get_char(f));
element_init(a, f);
element_init(b, f);
element_init(c, f);
for (i = 0; i < 100; i++)
{
element_random(a);
element_pow(b, a, p);
bn254_fp2_frob_p(c, a);
assert(element_cmp(b, c) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { bn254_fp2_frob_p(c, a); }
t2 = rdtsc();
printf("element frob: %.2lf [clock]\n", (double)(t2 - t1) / N);
mpz_clear(p);
element_clear(a);
element_clear(b);
element_clear(c);
}
static void test_gf36m_cubic(void) {
element_random(a6);
element_mul(b6, a6, a6);
element_mul(b6, b6, a6);
element_cubic(a6, a6);
EXPECT(!element_cmp(a6, b6));
}
static void point_random(element_t a) {
point_ptr p = DATA(a);
element_ptr x = p->x, y = p->y;
field_ptr f = x->field;
p->isinf = 0;
element_t t, t2, e1;
element_init(t, f);
element_init(e1, f);
element_set1(e1);
element_init(t2, f);
do {
element_random(x);
if (element_is0(x))
continue;
element_cubic(t, x); // t == x^3
element_sub(t, t, x); // t == x^3 - x
element_add(t, t, e1); // t == x^3 - x + 1
element_sqrt(y, t); // y == sqrt(x^3 - x + 1)
element_mul(t2, y, y); // t2 == x^3 - x + 1
} while (element_cmp(t2, t)); // t2 != t
// make sure order of $a$ is order of $G_1$
pairing_ptr pairing = FIELD(a)->pairing;
pairing_data_ptr dp = pairing->data;
element_pow_mpz(a, a, dp->n2);
element_clear(t);
element_clear(t2);
element_clear(e1);
}
static void test_gf33m_inverse(void) {
element_random(a3);
element_invert(b3, a3);
element_mul(a3, a3, b3);
element_ptr a0 = element_item(a3, 0);
EXPECT(!element_cmp(a0, e1));
}
static void test_gf33m_cubic(void) {
element_random(a3);
element_mul(b3, a3, a3);
element_mul(b3, b3, a3);
element_cubic(a3, a3);
EXPECT(!element_cmp(a3, b3));
}
static void test_gf32m_cubic(void) {
element_random(a2);
element_mul(b2, a2, a2);
element_mul(b2, b2, a2);
element_cubic(a2, a2);
EXPECT(!element_cmp(a2, b2));
}
static val_ptr fun_cmp(val_ptr v[], int(*fun)(int)) {
int i = element_cmp(v[0]->elem, v[1]->elem);
element_ptr e = (element_ptr)pbc_malloc(sizeof(*e));
element_init(e, M);
element_set_si(e, fun(i));
v[0]->elem = e;
return v[0];
}
static void test_gf3m_cubic2(void) {
if (sizeof(pbc_mpui) < 8) return; // 64-bit test only
pbc_mpui x[] = { (pbc_mpui)1153286547535200267ul, (pbc_mpui)6715371622ul, (pbc_mpui)4990694927524257316ul, (pbc_mpui)210763913ul };
pbc_mpui y[] = { (pbc_mpui)8145587063258678275ul, (pbc_mpui)6451025920ul, (pbc_mpui)9976895054123379152ul, (pbc_mpui)1275593166ul };
memcpy(a->data, x, sizeof(x));
memcpy(b->data, y, sizeof(y));
element_cubic(a, a);
EXPECT(!element_cmp(a, b));
}
static void test_gf3m_sqrt(void) {
mpz_t t;
mpz_init(t);
mpz_sub_ui(t, a->field->order, 1); // t == field_order - 1
element_random(a);
element_pow_mpz(a, a, t);
EXPECT(!element_cmp(a, e1));
while(1){
element_random(a);
element_mul(b, a, a);
element_sqrt(b, b);
if(element_cmp(a, b)) {// a != b
element_neg(b, b);
if(!element_cmp(a, b)) break;
}
}
mpz_clear(t);
}
int main(int argc, char **argv) {
pairing_t pairing;
pbc_demo_pairing_init(pairing, argc, argv);
char m[80]={0};
if (!pairing_is_symmetric(pairing)) pbc_die("pairing must be symmetric");
printf("Enter the message to be encrypted : ");
gets(m);
size_t len_m = sizeof(m);
unsigned char hash[30];
SHA1(m, len_m, hash);
printf("The hash is : %s", hash);
element_t g, h;
element_t public_key, secret_key;
element_t sig;
element_t temp1, temp2;
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(sig, pairing);
element_init_GT(temp1, pairing);
element_init_GT(temp2, pairing);
element_init_Zr(secret_key, pairing);
element_random(g);
element_random(secret_key);
element_pow_zn(public_key, g, secret_key);
element_printf("The public key is %B\n", public_key);
element_from_hash(h, hash, 30);
element_pow_zn(sig, h, secret_key);
pairing_apply(temp1, sig, g, pairing);
pairing_apply(temp2, h, public_key, pairing);
if(!element_cmp(temp1, temp2)){
printf("\nVerified\n");}
else{
printf("\nNot verified\n");
}
}
// g, h in some group of order r
// finds x such that g^x = h
// will hang if no such x exists
// x in some field_t that set_mpz makes sense for
void element_dlog_brute_force(element_t x, element_t g, element_t h) {
element_t g0;
mpz_t count;
mpz_init(count);
element_init_same_as(g0, g);
element_set(g0, g);
mpz_set_ui(count, 1);
while (element_cmp(g0, h)) {
element_mul(g0, g0, g);
//element_printf("g0^%Zd = %B\n", count, g0);
mpz_add_ui(count, count, 1);
}
element_set_mpz(x, count);
mpz_clear(count);
element_clear(g0);
}
int bb_verify(unsigned char *sig, unsigned int hashlen, unsigned char *hash, bb_public_key_t pk)
{
element_t sigma, r;
element_t m;
element_t t0, t1, t2;
int res;
int len;
pairing_ptr pairing = pk->param->pairing;
element_init(m, pairing->Zr);
element_from_hash(m, hash, hashlen);
element_init(sigma, pairing->G1);
len = element_from_bytes_x_only(sigma, sig);
element_init(r, pairing->Zr);
element_from_bytes(r, sig + len);
element_init(t0, pairing->G2);
element_init(t1, pairing->G2);
element_init(t2, pairing->GT);
element_pow_zn(t0, pk->g2, m);
element_pow_zn(t1, pk->v, r);
element_mul(t0, t0, t1);
element_mul(t0, t0, pk->u);
element_pairing(t2, sigma, t0);
if (!element_cmp(t2, pk->z)) {
res = 1;
} else {
element_mul(t2, t2, pk->z);
res = element_is1(t2);
}
element_clear(t0);
element_clear(t1);
element_clear(t2);
element_clear(m);
element_clear(sigma);
element_clear(r);
return res;
}
static int generic_is_almost_coddh(element_ptr a, element_ptr b,
element_ptr c, element_ptr d, pairing_t pairing) {
int res = 0;
element_t t0, t1;
element_init(t0, pairing->GT);
element_init(t1, pairing->GT);
element_pairing(t0, a, d);
element_pairing(t1, b, c);
if (!element_cmp(t0, t1)) {
res = 1;
} else {
element_mul(t0, t0, t1);
if (element_is1(t0)) res = 1;
}
element_clear(t0);
element_clear(t1);
return res;
}
//============================================
// 平方根計算のテスト
//============================================
void test_sqrt(Field f)
{
int i;
unsigned long long int t1, t2;
Element a, b, c, d;
element_init(a, f);
element_init(b, f);
element_init(c, f);
element_init(d, f);
for (i = 0; i < 50; i++)
{
element_random(a);
element_sqr(b, a);
assert(element_is_sqr(b));
element_sqrt(c, b);
element_sqr(d, c);
assert(element_cmp(d, b) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { element_is_sqr(b); }
t2 = rdtsc();
printf("element is sqr: %.2lf [clock]\n", (double)(t2 - t1) / N);
t1 = rdtsc();
for (i = 0; i < M; i++) { element_sqrt(c, b); }
t2 = rdtsc();
printf("element sqrt: %.2lf [clock]\n", (double)(t2 - t1) / M);
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(d);
}
static int curve_is_valid_point(element_ptr e) {
element_t t0, t1;
int result;
curve_data_ptr cdp = (curve_data_ptr)e->field->data;
point_ptr p = (point_ptr)e->data;
if (p->inf_flag) return 1;
element_init(t0, cdp->field);
element_init(t1, cdp->field);
element_square(t0, p->x);
element_add(t0, t0, cdp->a);
element_mul(t0, t0, p->x);
element_add(t0, t0, cdp->b);
element_square(t1, p->y);
result = !element_cmp(t0, t1);
element_clear(t0);
element_clear(t1);
return result;
}
// USER JOIN PHASE 5 - user key generation (Join)
int xsgs_user_join_phase5(XSGS_PUBLIC_KEY* gpk, XSGS_USER_CERT* ucert,
XSGS_USER_KEY* uk, XSGS_JOIN_PHASE4* jpd4) {
int ret;
pairing_ptr pairing = gpk->pairing;
field_ptr Fp = pairing->Zr;
element_t gt1, gt2, y_neg, g1;
element_init(ucert->x, Fp);
element_set(ucert->x, jpd4->x);
// check A^(x + gamma) = G1 * H^y
// i.e.: e(A, G2)^x * e(A, W) * e(H, G2)^-y == e(G1, G2)
element_init(y_neg, Fp);
element_init_G1(g1, pairing);
element_init_GT(gt1, pairing);
element_init_GT(gt2, pairing);
// gt1 = e(A, G2)^x * e(A, W) * e(H, G2)^-y
// = e(A^x * H^-y, G2) * e(A, W)
element_neg(y_neg, uk->y);
element_pow_naf2(g1, ucert->A, ucert->x, gpk->H, y_neg);
element_pairing(gt1, g1, gpk->G2);
element_pairing(gt2, ucert->A, gpk->W);
element_mul(gt1, gt1, gt2);
// gt2 = e(G1, G2)
element_pairing(gt2, gpk->G1, gpk->G2);
// check gt1 == gt2
ret = element_cmp(gt1, gt2);
element_clear(g1);
element_clear(y_neg);
element_clear(gt1);
element_clear(gt2);
return ret;
}
// x in Z_r, g, h in some group of order r
// finds x such that g^x = h
void element_dlog_pollard_rho(element_t x, element_t g, element_t h) {
// see Blake, Seroussi and Smart
// only one snark for this implementation
int i, s = 20;
field_ptr Zr = x->field, G = g->field;
element_t asum;
element_t bsum;
element_t a[s];
element_t b[s];
element_t m[s];
element_t g0, snark;
darray_t hole;
int interval = 5;
mpz_t counter;
int found = 0;
mpz_init(counter);
element_init(g0, G);
element_init(snark, G);
element_init(asum, Zr);
element_init(bsum, Zr);
darray_init(hole);
//set up multipliers
for (i = 0; i < s; i++) {
element_init(a[i], Zr);
element_init(b[i], Zr);
element_init(m[i], G);
element_random(a[i]);
element_random(b[i]);
element_pow_zn(g0, g, a[i]);
element_pow_zn(m[i], h, b[i]);
element_mul(m[i], m[i], g0);
}
element_random(asum);
element_random(bsum);
element_pow_zn(g0, g, asum);
element_pow_zn(snark, h, bsum);
element_mul(snark, snark, g0);
record(asum, bsum, snark, hole, counter);
for (;;) {
int len = element_length_in_bytes(snark);
unsigned char *buf = pbc_malloc(len);
unsigned char hash = 0;
element_to_bytes(buf, snark);
for (i = 0; i < len; i++) {
hash += buf[i];
}
i = hash % s;
pbc_free(buf);
element_mul(snark, snark, m[i]);
element_add(asum, asum, a[i]);
element_add(bsum, bsum, b[i]);
for (i = 0; i < hole->count; i++) {
snapshot_ptr ss = hole->item[i];
if (!element_cmp(snark, ss->snark)) {
element_sub(bsum, bsum, ss->b);
element_sub(asum, ss->a, asum);
//answer is x such that x * bsum = asum
//complications arise if gcd(bsum, r) > 1
//which can happen if r is not prime
if (!mpz_probab_prime_p(Zr->order, 10)) {
mpz_t za, zb, zd, zm;
mpz_init(za);
mpz_init(zb);
mpz_init(zd);
mpz_init(zm);
element_to_mpz(za, asum);
element_to_mpz(zb, bsum);
mpz_gcd(zd, zb, Zr->order);
mpz_divexact(zm, Zr->order, zd);
mpz_divexact(zb, zb, zd);
//if zd does not divide za there is no solution
mpz_divexact(za, za, zd);
mpz_invert(zb, zb, zm);
mpz_mul(zb, za, zb);
mpz_mod(zb, zb, zm);
do {
element_pow_mpz(g0, g, zb);
if (!element_cmp(g0, h)) {
element_set_mpz(x, zb);
break;
}
mpz_add(zb, zb, zm);
mpz_sub_ui(zd, zd, 1);
} while (mpz_sgn(zd));
mpz_clear(zm);
mpz_clear(za);
mpz_clear(zb);
mpz_clear(zd);
} else {
element_div(x, asum, bsum);
}
found = 1;
break;
}
}
if (found) break;
mpz_add_ui(counter, counter, 1);
if (mpz_tstbit(counter, interval)) {
record(asum, bsum, snark, hole, counter);
interval++;
}
}
for (i = 0; i < s; i++) {
element_clear(a[i]);
element_clear(b[i]);
element_clear(m[i]);
}
element_clear(g0);
element_clear(snark);
for (i = 0; i < hole->count; i++) {
snapshot_ptr ss = hole->item[i];
element_clear(ss->a);
element_clear(ss->b);
element_clear(ss->snark);
pbc_free(ss);
}
darray_clear(hole);
element_clear(asum);
element_clear(bsum);
mpz_clear(counter);
}
// XSGS USER JOIN - complete offline user join algorithm
int xsgs_user_join_offline(XSGS_PUBLIC_KEY* gpk, XSGS_ISSUER_KEY* ik,
XSGS_USER_CERT** ucert, XSGS_USER_KEY** uk, XSGS_USER_DB_ENTRY** udbe,
char* usk_pem_filename) {
element_t z, g11, g12;
int ret = 0;
*ucert = (XSGS_USER_CERT*) malloc(sizeof(XSGS_USER_CERT));
*uk = (XSGS_USER_KEY*) malloc(sizeof(XSGS_USER_KEY));
*udbe = (XSGS_USER_DB_ENTRY*) malloc(sizeof(XSGS_USER_DB_ENTRY));
element_init(z, gpk->pairing->Zr);
element_init(g11, gpk->pairing->G1);
element_init(g12, gpk->pairing->G1);
// 1. choose x, y e Zp at random
element_init((*ucert)->x, gpk->pairing->Zr);
element_init((*udbe)->UCert.x, gpk->pairing->Zr);
element_init((*uk)->y, gpk->pairing->Zr);
element_random((*ucert)->x);
element_set((*udbe)->UCert.x, (*ucert)->x);
element_random((*uk)->y);
// 2. C <- H^y
element_init((*udbe)->C, gpk->pairing->G1);
element_pow_naf((*udbe)->C, gpk->H, (*uk)->y);
// 3. A <- (G1 * C)^{1/(gamma + x)}
element_init((*ucert)->A, gpk->pairing->G1);
element_init((*udbe)->UCert.A, gpk->pairing->G1);
element_add(z, ik->gamma, (*ucert)->x);
element_invert(z, z);
element_mul((*ucert)->A, gpk->G1, (*udbe)->C);
element_pow_naf((*ucert)->A, (*ucert)->A, z);
element_set((*udbe)->UCert.A, (*ucert)->A);
// 4. S <- sign(A)
DWORD msg_len = element_length_in_bytes((*ucert)->A);
BYTE* msg = (BYTE*) malloc(msg_len);
element_to_bytes(msg, (*ucert)->A);
ret = xsgs_rsa_sign(usk_pem_filename, msg, msg_len, &((*udbe)->S.sig),
&((*udbe)->S.len));
free(msg);
if (!ret) {
// 5. check A^(x + gamma) = G1 * H^y
element_add(z, ik->gamma, (*ucert)->x);
element_pow_naf(g11, (*ucert)->A, z);
element_pow_naf(g12, gpk->H, (*uk)->y);
element_mul(g12, g12, gpk->G1);
ret = element_cmp(g11, g12);
}
element_clear(z);
element_clear(g11);
element_clear(g12);
return ret;
}
static int fq_cmp(element_ptr a, element_ptr b) {
eptr p = a->data;
eptr q = b->data;
return element_cmp(p->x, q->x) || element_cmp(p->y, q->y);
}
int Manager::Open(string sign, char*mes, int len_mes)
{
int ret;
if(Verification(sign, mes, len_mes)!=true)
return -1;
//compare variable
bool cmp_var=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
element_t c_H;
element_t tmp_pow;
element_t check_T4;
element_t tmp_T2;
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(H, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(c_H, pairing);
element_init_Zr(tmp_pow, pairing);
element_init_GT(check_T4, pairing);
element_init_GT(tmp_T2, pairing);
//read sign
SignatureFromString(sign, c_H, Sp, Sm, Sv, T1, T2, T3, T4, T5, T6, T7);
//add verify sign
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//T4 check
element_mul(tmp_pow, x5,H);
element_add(tmp_pow, tmp_pow,x3);
element_pow_zn(check_T4, T1, tmp_pow);
element_pow_zn(tmp_T2, T2, x4);
element_mul(check_T4, check_T4,tmp_T2);
cmp_var=element_cmp(check_T4,T4);//0==ok
//compute Pi2
element_t check_Pi2;
element_init_GT(check_Pi2, pairing);
element_pow_zn(tmp_T2, T1, x1);
element_pow_zn(check_Pi2, T2, x2);
element_mul(tmp_T2, tmp_T2,check_Pi2);
element_div(check_Pi2, T3,tmp_T2);
//find Pi2 in reg list
if(cmp_var)
ret=-1;
else
ret=SearchInRegistrationList(check_Pi2);
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(H);
element_clear(c_H);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(tmp_pow);
element_clear(check_T4);
element_clear(tmp_T2);
return ret;
}
static int mulg_cmp(element_ptr x, element_t a) {
return element_cmp(x->data, a->data);
}
bool Manager::Verification(string signature, char*mes, int len_mes)
{
//compare variables
bool cmp_value_1=0;
bool cmp_value_2=0;
//elements
element_t T1,T2,T3,T4;
element_t T5, T6, T7;
element_t c_H;
element_t H;
element_t Sp;
element_t Sm;
element_t Sv;
//init
element_init_GT(T1, pairing);
element_init_GT(T2, pairing);
element_init_GT(T3, pairing);
element_init_GT(T4, pairing);
element_init_G1(T5, pairing);
element_init_G1(T6, pairing);
element_init_G1(T7, pairing);
element_init_Zr(Sp,pairing);
element_init_Zr(Sm,pairing);
element_init_Zr(Sv,pairing);
element_init_Zr(H, pairing);
element_init_Zr(c_H, pairing);
SignatureFromString(signature, c_H,Sp,Sm,Sv,T1,T2,T3,T4,T5,T6,T7);
//heshing
Helper::Hash_T1_T2_T3(H,T1,T2,T3);
//compute R1'
element_t tmp_1;
element_t tmp_2;
element_t tmp_3;
element_t R1_;
element_init_GT(R1_, pairing);
element_init_GT(tmp_1, pairing);
element_init_GT(tmp_2, pairing);
element_init_GT(tmp_3, pairing);
element_pairing(tmp_1, g, T7);
element_pow_zn(tmp_2, tmp_1, Sp);
element_pairing(tmp_1, X, T6);
element_pow_zn(tmp_3, tmp_1, Sm);
element_div(R1_, tmp_2, tmp_3);
element_pairing(tmp_3, X, T5);
element_pow_zn(tmp_3, tmp_3, c_H);
element_div(R1_, R1_, tmp_3);
//compute R2'
element_t R2_;
element_init_GT(R2_, pairing);
element_pow_zn(R2_, gt, Sv);
element_pow_zn(tmp_1, T1, c_H);
element_div(R2_, R2_, tmp_1);
//compute R3'
element_t R3_;
element_init_GT(R3_, pairing);
element_pow_zn(tmp_1, h, Sv);
element_pow_zn(tmp_2, T2, c_H);
element_sub(R3_, tmp_1, tmp_2);
//compute R4'
element_t R4_;
element_init_GT(R4_, pairing);
element_pow_zn(tmp_1, y1, Sv);
element_pow_zn(tmp_2, gt, Sm);
element_mul(tmp_3, tmp_1, tmp_2);
element_pow_zn(tmp_1,T3, c_H);
element_sub(R4_, tmp_3, tmp_1);
//compute R5'
element_t R5_;
element_init_GT(R5_, pairing);
element_t tmp_pow;
element_init_Zr(tmp_pow, pairing);
element_t tmp_div;
element_init_GT(tmp_div, pairing);
element_pow_zn(R5_, y2, Sv);
element_pow_zn(tmp_div,y3,H);
element_pow_zn(tmp_div,tmp_div,Sv);
element_mul(R5_,R5_,tmp_div);
element_pow_zn(tmp_div,T4, c_H);
element_div(R5_, R5_, tmp_div);
//check c_H == c_H'
element_t check_c_H;
element_init_Zr(check_c_H, pairing);
Helper::Hash_C(check_c_H,R1_,R2_,R3_,R4_,R5_,g,gt,X,Y,h,y1,y2,y3,mes,len_mes);
//check e(T 5 , Y ) == e(g, T 6 )
element_t check_1;
element_init_GT(check_1, pairing);
element_t check_2;
element_init_GT(check_2, pairing);
element_pairing(check_1, T5,Y);
element_pairing(check_2, g,T6);
//cmp_value_1
cmp_value_1=element_cmp(check_c_H,c_H);//0==ok
//cmp_value_2
cmp_value_2=element_cmp(check_1,check_2);//0==ok
//clear elements
element_clear(T1);
element_clear(T2);
element_clear(T3);
element_clear(T4);
element_clear(T5);
element_clear(T6);
element_clear(T7);
element_clear(Sp);
element_clear(Sm);
element_clear(Sv);
element_clear(H);
element_clear(c_H);
element_clear(R1_);
element_clear(R2_);
element_clear(R3_);
element_clear(R4_);
element_clear(R5_);
element_clear(tmp_1);
element_clear(tmp_2);
element_clear(tmp_3);
element_clear(tmp_pow);
element_clear(tmp_div);
element_clear(check_c_H);
element_clear(check_1);
element_clear(check_2);
if(cmp_value_1||cmp_value_2)
return 0;
else
return 1;
}