Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data Encryption q = Encryption {
- encryption_nonce :: G q
- encryption_vault :: G q
- type EncryptionNonce = E
- encrypt :: Monad m => RandomGen r => SubGroup q => PublicKey q -> E q -> StateT r m (EncryptionNonce q, Encryption q)
- data Proof q = Proof {
- proof_challenge :: Challenge q
- proof_response :: E q
- type Challenge = E
- type Oracle list q = list (Commitment q) -> Challenge q
- prove :: Monad m => RandomGen r => SubGroup q => Functor list => E q -> list (Commitment q) -> Oracle list q -> StateT r m (Proof q)
- type Commitment = G
- commit :: SubGroup q => Proof q -> G q -> G q -> Commitment q
- type Opinion = E
- type Disjunction = G
- booleanDisjunctions :: SubGroup q => [Disjunction q]
- intervalDisjunctions :: SubGroup q => Opinion q -> Opinion q -> [Disjunction q]
- newtype DisjProof q = DisjProof [Proof q]
- proveEncryption :: forall m r q. Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> Opinion q -> (EncryptionNonce q, Encryption q) -> StateT r (ExceptT ErrorProove m) (DisjProof q)
- verifyEncryption :: Monad m => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> (Encryption q, DisjProof q) -> ExceptT ErrorValidateEncryption m Bool
- encryptionStatement :: SubGroup q => ZKP -> Encryption q -> ByteString
- encryptionCommitments :: SubGroup q => PublicKey q -> Encryption q -> (Disjunction q, Proof q) -> [G q]
- newtype ZKP = ZKP ByteString
- data ErrorProove = ErrorProove_InvalidOpinion Natural Natural
- data ErrorValidateEncryption = ErrorValidateEncryption_InvalidProofLength Natural Natural
- data Question q = Question {
- question_text :: Text
- question_choices :: [Text]
- question_mini :: Opinion q
- question_maxi :: Opinion q
- data Answer q = Answer {
- answer_opinions :: [(Encryption q, DisjProof q)]
- answer_sumProof :: DisjProof q
- data ErrorAnswer
- encryptAnswer :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> Question q -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer q)
- verifyAnswer :: SubGroup q => PublicKey q -> ZKP -> Question q -> Answer q -> Bool
- data Election q = Election {}
- newtype Hash = Hash Text
- data Ballot q = Ballot {
- ballot_answers :: [Answer q]
- ballot_signature :: Maybe (Signature q)
- ballot_election_uuid :: UUID
- ballot_election_hash :: Hash
- encryptBallot :: Monad m => RandomGen r => SubGroup q => Election q -> Maybe (SecretKey q) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot q)
- verifyBallot :: SubGroup q => Election q -> Ballot q -> Bool
- data Signature q = Signature {
- signature_publicKey :: PublicKey q
- signature_proof :: Proof q
- signatureStatement :: Foldable f => SubGroup q => f (Answer q) -> [G q]
- signatureCommitments :: SubGroup q => ZKP -> Commitment q -> ByteString
- data ErrorBallot
Type Encryption
data Encryption q Source #
ElGamal-like encryption. Its security relies on the Discrete Logarithm problem.
Because (groupGen
^
encNonce ^
secKey ==
groupGen
^
secKey ^
encNonce),
knowing secKey
, one can divide encryption_vault
by (
to decipher encryption_nonce
^
secKey)(
, then groupGen
^
clear)clear
must be small to be decryptable,
because it is encrypted as a power of groupGen
to enable the additive homomorphism.
Encryption | |
|
Instances
Eq (Encryption q) Source # | |
Defined in Protocol.Election (==) :: Encryption q -> Encryption q -> Bool # (/=) :: Encryption q -> Encryption q -> Bool # | |
Show (Encryption q) Source # | |
Defined in Protocol.Election showsPrec :: Int -> Encryption q -> ShowS # show :: Encryption q -> String # showList :: [Encryption q] -> ShowS # | |
SubGroup q => Additive (Encryption q) Source # | Additive homomorphism.
Using the fact that: |
Defined in Protocol.Election zero :: Encryption q Source # (+) :: Encryption q -> Encryption q -> Encryption q Source # sum :: Foldable f => f (Encryption q) -> Encryption q Source # |
Type EncryptionNonce
type EncryptionNonce = E Source #
encrypt :: Monad m => RandomGen r => SubGroup q => PublicKey q -> E q -> StateT r m (EncryptionNonce q, Encryption q) Source #
(
returns an ElGamal-like encrypt
pubKey clear)Encryption
.
WARNING: the secret encryption nonce (encNonce
)
is returned alongside the Encryption
in order to prove the validity of the encrypted clear in prove
,
but this secret encNonce
MUST be forgotten after that,
as it may be used to decipher the Encryption
without the secret key associated with pubKey
.
Type Proof
Proof
of knowledge of a discrete logarithm:
secret == logBase base (base^secret)
.
NOTE: Since (pubKey ==
, then:
groupGen
^
secKey)(logBase
.encryption_nonce
(encryption_vault
*
encryption_nonce
) ==
secKey +
clear)
Proof | |
|
Type Challenge
Type Oracle
type Oracle list q = list (Commitment q) -> Challenge q Source #
prove :: Monad m => RandomGen r => SubGroup q => Functor list => E q -> list (Commitment q) -> Oracle list q -> StateT r m (Proof q) Source #
(
returns a prove
sec commitments oracle)Proof
that sec
is known.
The Oracle
is given the commitments
raised to the power of the secret nonce of the Proof
,
as those are the commitments
that the verifier will obtain
when composing the proof_challenge
and proof_response
together
(in encryptionCommitments
).
NOTE: sec
is secKey
in signature_proof
or encNonce
in proveEncryption
.
NOTE: The commitments
are [
in groupGen
]signature_proof
or [
in groupGen
, pubKey
]proveEncryption
.
WARNING: for prove
to be a so-called strong Fiat-Shamir transformation (not a weak):
the statement must be included in the hash (not only the commitments).
NOTE: a random
nonce
is used to ensure each prove
does not reveal any information regarding the secret sec
.
Type Commitment
type Commitment = G Source #
commit :: SubGroup q => Proof q -> G q -> G q -> Commitment q Source #
(
returns a commit
proof x y)Commitment
from the given Proof
with the knowledge of the verifier.
NOTE: Contrary to Helios-C specifications,
(
is used instead of *
)(
to avoid the performance cost of a modular exponentiation
/
)(
,
this is compensated by using ^
(groupOrder
-
one
))(
instead of -
)(
in +
)prove
.
Type Opinion
Index of a Disjunction
within a list of them.
It is encrypted as an E
xponent by encrypt
.
Type Disjunction
type Disjunction = G Source #
A Disjunction
is an inv
ersed (
it's used in groupGen
^
opinion)proveEncryption
to generate a Proof
that an encryption_vault
contains a given (
,groupGen
^
opinion)
booleanDisjunctions :: SubGroup q => [Disjunction q] Source #
intervalDisjunctions :: SubGroup q => Opinion q -> Opinion q -> [Disjunction q] Source #
Type DisjProof
A list of Proof
s to prove that the Opinion
within an Encryption
is indexing a Disjunction
within a list of them,
without knowing which Opinion
it is.
proveEncryption :: forall m r q. Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> Opinion q -> (EncryptionNonce q, Encryption q) -> StateT r (ExceptT ErrorProove m) (DisjProof q) Source #
(
returns a proveEncryption
pubKey zkp disjs opin (encNonce, enc))DisjProof
that enc
encrypt
s
one of the Disjunction
s within disjs
,
without revealing which one it is.
A NIZK Disjunctive Chaum Pedersen Logarithm Equality is used.
verifyEncryption :: Monad m => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> (Encryption q, DisjProof q) -> ExceptT ErrorValidateEncryption m Bool Source #
encryptionStatement :: SubGroup q => ZKP -> Encryption q -> ByteString Source #
encryptionCommitments :: SubGroup q => PublicKey q -> Encryption q -> (Disjunction q, Proof q) -> [G q] Source #
(
returns the encryptionCommitments
pubKey enc (disj,proof))Commitment
s with only the knowledge of the verifier.
The Proof
comes from prove
of fakeProof
in proveEncryption
.
Type ZKP
Type ErrorProove
data ErrorProove Source #
Error raised by proveEncryption
.
ErrorProove_InvalidOpinion Natural Natural | When the opinion is not within the number of |
Instances
Eq ErrorProove Source # | |
Defined in Protocol.Election (==) :: ErrorProove -> ErrorProove -> Bool # (/=) :: ErrorProove -> ErrorProove -> Bool # | |
Show ErrorProove Source # | |
Defined in Protocol.Election showsPrec :: Int -> ErrorProove -> ShowS # show :: ErrorProove -> String # showList :: [ErrorProove] -> ShowS # |
Type ErrorValidateEncryption
data ErrorValidateEncryption Source #
Error raised by verifyEncryption
.
ErrorValidateEncryption_InvalidProofLength Natural Natural | When the number of proofs is different than
the number of |
Instances
Eq ErrorValidateEncryption Source # | |
Defined in Protocol.Election | |
Show ErrorValidateEncryption Source # | |
Defined in Protocol.Election showsPrec :: Int -> ErrorValidateEncryption -> ShowS # show :: ErrorValidateEncryption -> String # showList :: [ErrorValidateEncryption] -> ShowS # |
Type Question
Question | |
|
Type Answer
Answer | |
|
Type ErrorAnswer
data ErrorAnswer Source #
Error raised by encryptAnswer
.
ErrorAnswer_WrongNumberOfOpinions Natural Natural | When the number of opinions is different than
the number of choices ( |
ErrorAnswer_WrongSumOfOpinions Natural Natural Natural | When the sum of opinions is not within the bounds
of |
Instances
Eq ErrorAnswer Source # | |
Defined in Protocol.Election (==) :: ErrorAnswer -> ErrorAnswer -> Bool # (/=) :: ErrorAnswer -> ErrorAnswer -> Bool # | |
Show ErrorAnswer Source # | |
Defined in Protocol.Election showsPrec :: Int -> ErrorAnswer -> ShowS # show :: ErrorAnswer -> String # showList :: [ErrorAnswer] -> ShowS # |
encryptAnswer :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> Question q -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer q) Source #
(
returns an encryptAnswer
pubKey zkp quest opinions)Answer
validable by verifyAnswer
,
unless an ErrorAnswer
is returned.
Type Election
Election | |
|
Type Hash
Type Ballot
Ballot | |
|
encryptBallot :: Monad m => RandomGen r => SubGroup q => Election q -> Maybe (SecretKey q) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot q) Source #
(
returns a encryptBallot
elec (Just
secKey) opinionsByQuest)Ballot
signed by secKey
(the voter's secret key)
where opinionsByQuest
is a list of Opinion
s
on each question_choices
of each election_questions
.
Type Signature
Schnorr-like signature.
Used to avoid Ballot
stuffing.
signatureStatement :: Foldable f => SubGroup q => f (Answer q) -> [G q] Source #
(
returns all the signatureStatement
answers)encryption_nonce
s and encryption_vault
s
of the given answers
.
signatureCommitments :: SubGroup q => ZKP -> Commitment q -> ByteString Source #
(
returns the hashable content from the knowledge of the verifier.signatureCommitments
zkp commitment)
Type ErrorBallot
data ErrorBallot Source #
Error raised by encryptBallot
.
ErrorBallot_WrongNumberOfAnswers Natural Natural | When the number of answers is different than the number of questions. |
ErrorBallot_Answer ErrorAnswer | When |
Instances
Eq ErrorBallot Source # | |
Defined in Protocol.Election (==) :: ErrorBallot -> ErrorBallot -> Bool # (/=) :: ErrorBallot -> ErrorBallot -> Bool # | |
Show ErrorBallot Source # | |
Defined in Protocol.Election showsPrec :: Int -> ErrorBallot -> ShowS # show :: ErrorBallot -> String # showList :: [ErrorBallot] -> ShowS # |