Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data Encryption c = Encryption {
- encryption_nonce :: !(G c)
- encryption_vault :: !(G c)
- type EncryptionNonce = E
- encrypt :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> E c -> StateT r m (EncryptionNonce c, Encryption c)
- data Proof c = Proof {
- proof_challenge :: Challenge c
- proof_response :: E c
- newtype ZKP = ZKP ByteString
- type Challenge = E
- type Oracle list c = list (Commitment c) -> Challenge c
- prove :: Reifies c FFC => Monad m => RandomGen r => Functor list => E c -> list (G c) -> Oracle list c -> StateT r m (Proof c)
- fakeProof :: Reifies c FFC => Monad m => RandomGen r => StateT r m (Proof c)
- type Commitment = G
- commit :: Reifies c FFC => Proof c -> G c -> G c -> Commitment c
- type Disjunction = G
- booleanDisjunctions :: Reifies c FFC => [Disjunction c]
- intervalDisjunctions :: Reifies c FFC => Natural -> Natural -> [Disjunction c]
- type Opinion = E
- newtype DisjProof c = DisjProof [Proof c]
- proveEncryption :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> ZKP -> ([Disjunction c], [Disjunction c]) -> (EncryptionNonce c, Encryption c) -> StateT r m (DisjProof c)
- verifyEncryption :: Reifies c FFC => Monad m => PublicKey c -> ZKP -> [Disjunction c] -> (Encryption c, DisjProof c) -> ExceptT ErrorVerifyEncryption m Bool
- encryptionStatement :: Reifies c FFC => ZKP -> Encryption c -> ByteString
- encryptionCommitments :: Reifies c FFC => PublicKey c -> Encryption c -> Disjunction c -> Proof c -> [G c]
- data ErrorVerifyEncryption = ErrorVerifyEncryption_InvalidProofLength Natural Natural
- data Question = Question {
- question_text :: !Text
- question_choices :: ![Text]
- question_mini :: !Natural
- question_maxi :: !Natural
- data Answer c = Answer {
- answer_opinions :: ![(Encryption c, DisjProof c)]
- answer_sumProof :: !(DisjProof c)
- encryptAnswer :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> ZKP -> Question -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer c)
- verifyAnswer :: Reifies c FFC => PublicKey c -> ZKP -> Question -> Answer c -> Bool
- data ErrorAnswer
- data Election c = Election {
- election_name :: !Text
- election_description :: !Text
- election_crypto :: !(ElectionCrypto c)
- election_questions :: ![Question]
- election_uuid :: !UUID
- election_hash :: !Hash
- data ElectionCrypto c = ElectionCrypto_FFC {}
- reifyElection :: Election () -> (forall c. Reifies c FFC => Election c -> k) -> k
- newtype Hash = Hash Text
- hashJSON :: ToJSON a => a -> Hash
- hashElection :: Election c -> Election c
- data Ballot c = Ballot {
- ballot_answers :: ![Answer c]
- ballot_signature :: !(Maybe (Signature c))
- ballot_election_uuid :: !UUID
- ballot_election_hash :: !Hash
- encryptBallot :: Reifies c FFC => Monad m => RandomGen r => Election c -> Maybe (SecretKey c) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot c)
- verifyBallot :: Reifies c FFC => Election c -> Ballot c -> Bool
- data Signature c = Signature {
- signature_publicKey :: !(PublicKey c)
- signature_proof :: !(Proof c)
- signatureStatement :: Reifies c FFC => Foldable f => f (Answer c) -> [G c]
- signatureCommitments :: ZKP -> Commitment c -> ByteString
- data ErrorBallot
Type Encryption
data Encryption c Source #
ElGamal-like encryption. Its security relies on the Discrete Logarithm problem.
Because (groupGen
^
encNonce ^
secKey ==
groupGen
^
secKey ^
encNonce),
knowing secKey
, one can divide encryption_vault
by (
to decipher encryption_nonce
^
secKey)(
, then the groupGen
^
clear)clear
text must be small to be decryptable,
because it is encrypted as a power of groupGen
(hence the "-like" in "ElGamal-like")
to enable the additive homomorphism.
NOTE: Since (
,
then: encryption_vault
*
encryption_nonce
==
encryption_nonce
^
(secKey +
clear))(logBase
.encryption_nonce
(encryption_vault
*
encryption_nonce
) ==
secKey +
clear)
Instances
Type EncryptionNonce
type EncryptionNonce = E Source #
encrypt :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> E c -> StateT r m (EncryptionNonce c, Encryption c) Source #
(
returns an ElGamal-like encrypt
pubKey clear)Encryption
.
WARNING: the secret encryption nonce (encNonce
)
is returned alongside the Encryption
in order to prove
the validity of the encrypted clear
text in proveEncryption
,
but this secret encNonce
MUST be forgotten after that,
as it may be used to decipher the Encryption
without the SecretKey
associated with pubKey
.
Type Proof
Non-Interactive Zero-Knowledge Proof
of knowledge of a discrete logarithm:
(secret == logBase base (base^secret))
.
Proof | |
|
Instances
Eq (Proof c) Source # | |
Show (Proof c) Source # | |
Generic (Proof c) Source # | |
Reifies c FFC => ToJSON (Proof c) Source # | |
Defined in Voting.Protocol.Election | |
Reifies c FFC => FromJSON (Proof c) Source # | |
NFData (Proof c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Proof c) Source # | |
Defined in Voting.Protocol.Election type Rep (Proof c) = D1 (MetaData "Proof" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190519-C0jAKryjQbCA8A0oOhdfpH" False) (C1 (MetaCons "Proof" PrefixI True) (S1 (MetaSel (Just "proof_challenge") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Challenge c)) :*: S1 (MetaSel (Just "proof_response") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (E c)))) |
Type ZKP
Zero-knowledge proof.
A protocol is zero-knowledge if the verifier learns nothing from the protocol except that the prover knows the secret.
DOC: Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM-CCS’93, 1993.
Type Challenge
Type Oracle
type Oracle list c = list (Commitment c) -> Challenge c Source #
prove :: Reifies c FFC => Monad m => RandomGen r => Functor list => E c -> list (G c) -> Oracle list c -> StateT r m (Proof c) Source #
(
returns a prove
sec commitmentBases oracle)Proof
that sec
is known
(by proving the knowledge of its discrete logarithm).
The Oracle
is given Commitment
s equal to the commitmentBases
raised to the power of the secret nonce of the Proof
,
as those are the Commitment
s that the verifier will obtain
when composing the proof_challenge
and proof_response
together
(with commit
).
WARNING: for prove
to be a so-called strong Fiat-Shamir transformation (not a weak):
the statement must be included in the hash
(along with the commitments).
NOTE: a random
nonce
is used to ensure each prove
does not reveal any information regarding the secret sec
,
because two Proof
s using the same Commitment
can be used to deduce sec
(using the special-soundness).
fakeProof :: Reifies c FFC => Monad m => RandomGen r => StateT r m (Proof c) Source #
(
returns a fakeProof
)Proof
whose proof_challenge
and proof_response
are uniformly chosen at random,
instead of (
and proof_challenge
==
hash
statement commitments)(
as a proof_response
==
nonce +
sec *
proof_challenge
)Proof
returned by prove
.
Used in proveEncryption
to fill the returned DisjProof
with fake Proof
s for all Disjunction
s but the encrypted one.
Type Commitment
type Commitment = G Source #
commit :: Reifies c FFC => Proof c -> G c -> G c -> Commitment c Source #
(
returns a commit
proof base basePowSec)Commitment
from the given Proof
with the knowledge of the verifier.
Type Disjunction
type Disjunction = G Source #
A Disjunction
is an inv
ersed (
it's used in groupGen
^
opinion)proveEncryption
to generate a Proof
that an encryption_vault
contains a given (
,groupGen
^
opinion)
booleanDisjunctions :: Reifies c FFC => [Disjunction c] Source #
intervalDisjunctions :: Reifies c FFC => Natural -> Natural -> [Disjunction c] Source #
Type Opinion
Index of a Disjunction
within a list of them.
It is encrypted as an E
xponent by encrypt
.
Type DisjProof
A list of Proof
s to prove that the Opinion
within an Encryption
is indexing a Disjunction
within a list of them,
without revealing which Opinion
it is.
Instances
Eq (DisjProof c) Source # | |
Show (DisjProof c) Source # | |
Generic (DisjProof c) Source # | |
Reifies c FFC => ToJSON (DisjProof c) Source # | |
Defined in Voting.Protocol.Election | |
Reifies c FFC => FromJSON (DisjProof c) Source # | |
NFData (DisjProof c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (DisjProof c) Source # | |
Defined in Voting.Protocol.Election |
proveEncryption :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> ZKP -> ([Disjunction c], [Disjunction c]) -> (EncryptionNonce c, Encryption c) -> StateT r m (DisjProof c) Source #
(
returns a proveEncryption
elecPubKey voterZKP (prevDisjs,nextDisjs) (encNonce,enc))DisjProof
that enc
encrypt
s
the Disjunction
d
between prevDisjs
and nextDisjs
.
The prover proves that it knows an encNonce
, such that:
(enc
==
Encryption{encryption_nonce=groupGen
^
encNonce, encryption_vault=elecPubKey^
encNonce *
groupGen^
d})
A NIZK Disjunctive Chaum Pedersen Logarithm Equality is used.
DOC: Pierrick Gaudry. Some ZK security proofs for Belenios, 2017.
verifyEncryption :: Reifies c FFC => Monad m => PublicKey c -> ZKP -> [Disjunction c] -> (Encryption c, DisjProof c) -> ExceptT ErrorVerifyEncryption m Bool Source #
Hashing
encryptionStatement :: Reifies c FFC => ZKP -> Encryption c -> ByteString Source #
encryptionCommitments :: Reifies c FFC => PublicKey c -> Encryption c -> Disjunction c -> Proof c -> [G c] Source #
(
returns the encryptionCommitments
elecPubKey enc disj proof)Commitment
s with only the knowledge of the verifier.
For the prover the Proof
comes from fakeProof
,
and for the verifier the Proof
comes from the prover.
Type ErrorVerifyEncryption
data ErrorVerifyEncryption Source #
Error raised by verifyEncryption
.
ErrorVerifyEncryption_InvalidProofLength Natural Natural | When the number of proofs is different than
the number of |
Instances
Eq ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election (==) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # (/=) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # | |
Show ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election showsPrec :: Int -> ErrorVerifyEncryption -> ShowS # show :: ErrorVerifyEncryption -> String # showList :: [ErrorVerifyEncryption] -> ShowS # |
Type Question
Question | |
|
Instances
Eq Question Source # | |
Show Question Source # | |
Generic Question Source # | |
ToJSON Question Source # | |
Defined in Voting.Protocol.Election | |
FromJSON Question Source # | |
NFData Question Source # | |
Defined in Voting.Protocol.Election | |
type Rep Question Source # | |
Defined in Voting.Protocol.Election type Rep Question = D1 (MetaData "Question" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190519-C0jAKryjQbCA8A0oOhdfpH" False) (C1 (MetaCons "Question" PrefixI True) ((S1 (MetaSel (Just "question_text") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "question_choices") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [Text])) :*: (S1 (MetaSel (Just "question_mini") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Natural) :*: S1 (MetaSel (Just "question_maxi") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Natural)))) |
Type Answer
Answer | |
|
Instances
Eq (Answer c) Source # | |
Show (Answer c) Source # | |
Generic (Answer c) Source # | |
Reifies c FFC => ToJSON (Answer c) Source # | |
Defined in Voting.Protocol.Election | |
Reifies c FFC => FromJSON (Answer c) Source # | |
NFData (Answer c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Answer c) Source # | |
Defined in Voting.Protocol.Election type Rep (Answer c) = D1 (MetaData "Answer" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190519-C0jAKryjQbCA8A0oOhdfpH" False) (C1 (MetaCons "Answer" PrefixI True) (S1 (MetaSel (Just "answer_opinions") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [(Encryption c, DisjProof c)]) :*: S1 (MetaSel (Just "answer_sumProof") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (DisjProof c)))) |
encryptAnswer :: Reifies c FFC => Monad m => RandomGen r => PublicKey c -> ZKP -> Question -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer c) Source #
(
returns an encryptAnswer
elecPubKey zkp quest opinions)Answer
validable by verifyAnswer
,
unless an ErrorAnswer
is returned.
Type ErrorAnswer
data ErrorAnswer Source #
Error raised by encryptAnswer
.
ErrorAnswer_WrongNumberOfOpinions Natural Natural | When the number of opinions is different than
the number of choices ( |
ErrorAnswer_WrongSumOfOpinions Natural Natural Natural | When the sum of opinions is not within the bounds
of |
Instances
Type Election
Election | |
|
Instances
Type ElectionCrypto
data ElectionCrypto c Source #
Instances
Type Hash
hashElection :: Election c -> Election c Source #
Type Ballot
Ballot | |
|
Instances
Generic (Ballot c) Source # | |
Reifies c FFC => ToJSON (Ballot c) Source # | |
Defined in Voting.Protocol.Election | |
Reifies c FFC => FromJSON (Ballot c) Source # | |
NFData (Ballot c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Ballot c) Source # | |
Defined in Voting.Protocol.Election type Rep (Ballot c) = D1 (MetaData "Ballot" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190519-C0jAKryjQbCA8A0oOhdfpH" False) (C1 (MetaCons "Ballot" PrefixI True) ((S1 (MetaSel (Just "ballot_answers") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [Answer c]) :*: S1 (MetaSel (Just "ballot_signature") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Signature c)))) :*: (S1 (MetaSel (Just "ballot_election_uuid") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 UUID) :*: S1 (MetaSel (Just "ballot_election_hash") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Hash)))) |
encryptBallot :: Reifies c FFC => Monad m => RandomGen r => Election c -> Maybe (SecretKey c) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot c) Source #
(
returns a encryptBallot
elec (Just
ballotSecKey) opinionsByQuest)Ballot
signed by secKey
(the voter's secret key)
where opinionsByQuest
is a list of Opinion
s
on each question_choices
of each election_questions
.
Type Signature
Schnorr-like signature.
Used by each voter to sign his/her encrypted Ballot
using his/her Credential
,
in order to avoid ballot stuffing.
Signature | |
|
Instances
Generic (Signature c) Source # | |
Reifies c FFC => ToJSON (Signature c) Source # | |
Defined in Voting.Protocol.Election | |
Reifies c FFC => FromJSON (Signature c) Source # | |
NFData (Signature c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Signature c) Source # | |
Defined in Voting.Protocol.Election type Rep (Signature c) = D1 (MetaData "Signature" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190519-C0jAKryjQbCA8A0oOhdfpH" False) (C1 (MetaCons "Signature" PrefixI True) (S1 (MetaSel (Just "signature_publicKey") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (PublicKey c)) :*: S1 (MetaSel (Just "signature_proof") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Proof c)))) |
Hashing
signatureStatement :: Reifies c FFC => Foldable f => f (Answer c) -> [G c] Source #
(
returns the encrypted material to be signed:
all the signatureStatement
answers)encryption_nonce
s and encryption_vault
s of the given answers
.
signatureCommitments :: ZKP -> Commitment c -> ByteString Source #
(signatureCommitments
voterZKP commitment)
Type ErrorBallot
data ErrorBallot Source #
Error raised by encryptBallot
.
ErrorBallot_WrongNumberOfAnswers Natural Natural | When the number of answers is different than the number of questions. |
ErrorBallot_Answer ErrorAnswer | When |
ErrorBallot_Wrong | TODO: to be more precise. |