Skip to content

Commit

Permalink
cleaned up a bit
Browse files Browse the repository at this point in the history
  • Loading branch information
@Suchetaaa
Suchetaaa committed Oct 12, 2019
1 parent 5bd3f9e commit 2246fc2
Show file tree
Hide file tree
Showing 66 changed files with 81,635 additions and 1 deletion.
134 changes: 134 additions & 0 deletions AltBn128.sol
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
pragma solidity >=0.4.0 <0.6.0;

/**
* Heavily referenced from https://github.com/ethereum/py_ecc/blob/master/py_ecc/bn128/bn128_curve.py
*/

library AltBn128 {
uint256 constant public G1x = uint256(0x01);
uint256 constant public G1y = uint256(0x02);

// Number of elements in the field (often called `q`)
// n = n(u) = 36u^4 + 36u^3 + 18u^2 + 6u + 1
uint256 constant public N = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001;

// p = p(u) = 36u^4 + 36u^3 + 24u^2 + 6u + 1
// Field Order
uint256 constant public P = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47;

// (p+1) / 4
uint256 constant public A = 0xc19139cb84c680a6e14116da060561765e05aa45a1c72a34f082305b61f3f52;

/* ECC Functions */
function ecAdd(uint256[2] memory p0, uint256[2] memory p1) public view
returns (uint256[2] memory retP)
{
uint256[4] memory i = [p0[0], p0[1], p1[0], p1[1]];

assembly {
// call ecadd precompile
// inputs are: x1, y1, x2, y2
if iszero(staticcall(not(0), 0x06, i, 0x80, retP, 0x40)) {
revert(0, 0)
}
}
}

function ecMul(uint256[2] memory p, uint256 s) public view
returns (uint256[2] memory retP)
{
// With a public key (x, y), this computes p = scalar * (x, y).
uint256[3] memory i = [p[0], p[1], s];

assembly {
// call ecmul precompile
// inputs are: x, y, scalar
if iszero(staticcall(not(0), 0x07, i, 0x60, retP, 0x40)) {
revert(0, 0)
}
}
}

function ecMulG(uint256 s) public view
returns (uint256[2] memory retP)
{
return ecMul([G1x, G1y], s);
}

function powmod(uint256 base, uint256 e, uint256 m) public view
returns (uint256 o)
{
// returns pow(base, e) % m
assembly {
// define pointer
let p := mload(0x40)

// Store data assembly-favouring ways
mstore(p, 0x20) // Length of Base
mstore(add(p, 0x20), 0x20) // Length of Exponent
mstore(add(p, 0x40), 0x20) // Length of Modulus
mstore(add(p, 0x60), base) // Base
mstore(add(p, 0x80), e) // Exponent
mstore(add(p, 0xa0), m) // Modulus

// call modexp precompile! -- old school gas handling
let success := staticcall(sub(gas, 2000), 0x05, p, 0xc0, p, 0x20)

// gas fiddling
switch success case 0 {
revert(0, 0)
}

// data
o := mload(p)
}
}

// Keep everything contained within this lib
function addmodn(uint256 x, uint256 n) public pure
returns (uint256)
{
return addmod(x, n, N);
}

function modn(uint256 x) public pure
returns (uint256)
{
return x % N;
}

/*
Checks if the points x, y exists on alt_bn_128 curve
*/
function onCurve(uint256 x, uint256 y) public pure
returns(bool)
{
uint256 beta = mulmod(x, x, P);
beta = mulmod(beta, x, P);
beta = addmod(beta, 3, P);

return onCurveBeta(beta, y);
}

function onCurveBeta(uint256 beta, uint256 y) public pure
returns(bool)
{
return beta == mulmod(y, y, P);
}

/*
* Calculates point y value given x
*/
function evalCurve(uint256 x) public view
returns (uint256, uint256)
{
uint256 beta = mulmod(x, x, P);
beta = mulmod(beta, x, P);
beta = addmod(beta, 3, P);

uint256 y = powmod(beta, A, P);

// require(beta == mulmod(y, y, P), "Invalid x for evalCurve");
return (beta, y);
}
}
1 change: 0 additions & 1 deletion Anonymous-e-voting
Submodule Anonymous-e-voting deleted from 392a83
21 changes: 21 additions & 0 deletions LICENSE
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2017 Fernando Lobato

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
158 changes: 158 additions & 0 deletions LSAG.sol
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
pragma solidity >=0.4.0 <0.6.0;

import "./AltBn128.sol";

/*
Linkable Spontaneous Anonymous Groups
https://eprint.iacr.org/2004/027.pdf
*/

library LSAG {
// abi.encodePacked is the "concat" or "serialization"
// of all supplied arguments into one long bytes value
// i.e. abi.encodePacked :: [a] -> bytes

/**
* Converts an integer to an elliptic curve point
*/
function intToPoint(uint256 _x) public view
returns (uint256[2] memory)
{
uint256 x = _x;
uint256 y;
uint256 beta;

while (true) {
(beta, y) = AltBn128.evalCurve(x);

if (AltBn128.onCurveBeta(beta, y)) {
return [x, y];
}

x = AltBn128.addmodn(x, 1);
}
}

/**
* Returns an integer representation of the hash
* of the input
*/
function H1(bytes memory b) public pure
returns (uint256)
{
return AltBn128.modn(uint256(keccak256(b)));
}

/**
* Returns elliptic curve point of the integer representation
* of the hash of the input
*/
function H2(bytes memory b) public view
returns (uint256[2] memory)
{
return intToPoint(H1(b));
}

/**
* Helper function to calculate Z1
* Avoids stack too deep problem
*/
function ringCalcZ1(
uint256[2] memory pubKey,
uint256 c,
uint256 s
) public view
returns (uint256[2] memory)
{
return AltBn128.ecAdd(
AltBn128.ecMulG(s),
AltBn128.ecMul(pubKey, c)
);
}

/**
* Helper function to calculate Z2
* Avoids stack too deep problem
*/
function ringCalcZ2(
uint256[2] memory keyImage,
uint256[2] memory h,
uint256 s,
uint256 c
) public view
returns (uint256[2] memory)
{
return AltBn128.ecAdd(
AltBn128.ecMul(h, s),
AltBn128.ecMul(keyImage, c)
);
}


/**
* Verifies the ring signature
* Section 4.2 of the paper https://eprint.iacr.org/2004/027.pdf
*/
function verify(
bytes memory message,
uint256 c0,
uint256[2] memory keyImage,
uint256[] memory s,
uint256[2][] memory publicKeys
) public view
returns (bool)
{
require(publicKeys.length >= 2, "Signature size too small");
require(publicKeys.length == s.length, "Signature sizes do not match!");

uint256 c = c0;
uint256 i = 0;

// Step 1
// Extract out public key bytes
bytes memory hBytes = "";

require(1==0, "Working till this point");
for (i = 0; i < publicKeys.length; i++) {
hBytes = abi.encodePacked(
hBytes,
publicKeys[i]
);
}

uint256[2] memory h = H2(hBytes);

// Step 2
uint256[2] memory z_1;
uint256[2] memory z_2;


for (i = 0; i < publicKeys.length; i++) {
z_1 = ringCalcZ1(publicKeys[i], c, s[i]);
z_2 = ringCalcZ2(keyImage, h, s[i], c);

if (i != publicKeys.length - 1) {
c = H1(
abi.encodePacked(
hBytes,
keyImage,
message,
z_1,
z_2
)
);
}
}

return c0 == H1(
abi.encodePacked(
hBytes,
keyImage,
message,
z_1,
z_2
)
);
}
}
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Anonymous EVoting
4 changes: 4 additions & 0 deletions __init__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
import sys
import os

sys.path.insert(0, os.path.realpath('./ecc_linkable_ring_signatures'))
Loading

0 comments on commit 2246fc2

Please sign in to comment.