Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data Encryption crypto v c = Encryption {
- encryption_nonce :: !(G crypto c)
- encryption_vault :: !(G crypto c)
- type EncryptionNonce = E
- encrypt :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> E crypto c -> StateT r m (EncryptionNonce crypto c, Encryption crypto v c)
- data Proof crypto v c = Proof {
- proof_challenge :: !(Challenge crypto c)
- proof_response :: !(E crypto c)
- newtype ZKP = ZKP ByteString
- type Challenge = E
- type Oracle list crypto c = list (Commitment crypto c) -> Challenge crypto c
- prove :: forall crypto v c list m r. Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c)
- proveQuicker :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c)
- fakeProof :: GroupParams crypto c => Monad m => RandomGen r => StateT r m (Proof crypto v c)
- type Commitment = G
- commit :: forall crypto v c. Reifies v Version => GroupParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c
- commitQuicker :: GroupParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c
- type Disjunction = G
- booleanDisjunctions :: forall crypto c. GroupParams crypto c => [Disjunction crypto c]
- intervalDisjunctions :: forall crypto c. GroupParams crypto c => Natural -> Natural -> [Disjunction crypto c]
- type Opinion = E
- newtype DisjProof crypto v c = DisjProof [Proof crypto v c]
- proveEncryption :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> ZKP -> ([Disjunction crypto c], [Disjunction crypto c]) -> (EncryptionNonce crypto c, Encryption crypto v c) -> StateT r m (DisjProof crypto v c)
- verifyEncryption :: Reifies v Version => GroupParams crypto c => Monad m => PublicKey crypto c -> ZKP -> [Disjunction crypto c] -> (Encryption crypto v c, DisjProof crypto v c) -> ExceptT ErrorVerifyEncryption m Bool
- encryptionStatement :: GroupParams crypto c => ZKP -> Encryption crypto v c -> ByteString
- encryptionCommitments :: Reifies v Version => GroupParams crypto c => PublicKey crypto c -> Encryption crypto v c -> Disjunction crypto c -> Proof crypto v c -> [G crypto c]
- data ErrorVerifyEncryption = ErrorVerifyEncryption_InvalidProofLength Natural Natural
- data Question v = Question {
- question_text :: !Text
- question_choices :: ![Text]
- question_mini :: !Natural
- question_maxi :: !Natural
- data Answer crypto v c = Answer {
- answer_opinions :: ![(Encryption crypto v c, DisjProof crypto v c)]
- answer_sumProof :: !(DisjProof crypto v c)
- encryptAnswer :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> ZKP -> Question v -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer crypto v c)
- verifyAnswer :: Reifies v Version => GroupParams crypto c => PublicKey crypto c -> ZKP -> Question v -> Answer crypto v c -> Bool
- data ErrorAnswer
- data Election crypto v c = Election {
- election_name :: !Text
- election_description :: !Text
- election_questions :: ![Question v]
- election_uuid :: !UUID
- election_hash :: Base64SHA256
- election_crypto :: !crypto
- election_version :: !(Maybe Version)
- election_public_key :: !(PublicKey crypto c)
- hashElection :: Reifies v Version => GroupParams crypto c => ToJSON crypto => Election crypto v c -> Base64SHA256
- readElection :: forall crypto r. FromJSON crypto => ReifyCrypto crypto => FilePath -> (forall v c. Reifies v Version => GroupParams crypto c => Election crypto v c -> r) -> ExceptT String IO r
- data Ballot crypto v c = Ballot {
- ballot_answers :: ![Answer crypto v c]
- ballot_signature :: !(Maybe (Signature crypto v c))
- ballot_election_uuid :: !UUID
- ballot_election_hash :: !Base64SHA256
- encryptBallot :: Reifies v Version => GroupParams crypto c => Key crypto => Monad m => RandomGen r => Election crypto v c -> Maybe (SecretKey crypto c) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot crypto v c)
- verifyBallot :: Reifies v Version => GroupParams crypto c => Election crypto v c -> Ballot crypto v c -> Bool
- data Signature crypto v c = Signature {
- signature_publicKey :: !(PublicKey crypto c)
- signature_proof :: !(Proof crypto v c)
- signatureStatement :: GroupParams crypto c => Foldable f => f (Answer crypto v c) -> [G crypto c]
- signatureCommitments :: GroupParams crypto c => ToNatural (G crypto c) => ZKP -> Commitment crypto c -> ByteString
- data ErrorBallot
- data Version = Version {
- version_branch :: [Natural]
- version_tags :: [(Text, Natural)]
- hasVersionTag :: Version -> Text -> Bool
- experimentalVersion :: Version
- stableVersion :: Version
- versionTagQuicker :: Text
- readVersion :: String -> Maybe Version
- parseReadP :: ReadP a -> String -> Maybe a
Type Encryption
data Encryption crypto v c Source #
ElGamal-like encryption. Its security relies on the Discrete Logarithm problem.
Because (groupGen
^
encNonce ^
secKey ==
groupGen
^
secKey ^
encNonce),
knowing secKey
, one can divide encryption_vault
by (
to decipher encryption_nonce
^
secKey)(
, then the groupGen
^
clear)clear
text must be small to be decryptable,
because it is encrypted as a power of groupGen
(hence the "-like" in "ElGamal-like")
to enable the additive homomorphism.
NOTE: Since (
,
then: encryption_vault
*
encryption_nonce
==
encryption_nonce
^
(secKey +
clear))(logBase
.encryption_nonce
(encryption_vault
*
encryption_nonce
) ==
secKey +
clear)
Instances
Type EncryptionNonce
type EncryptionNonce = E Source #
encrypt :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> E crypto c -> StateT r m (EncryptionNonce crypto c, Encryption crypto v c) Source #
(
returns an ElGamal-like encrypt
pubKey clear)Encryption
.
WARNING: the secret encryption nonce (encNonce
)
is returned alongside the Encryption
in order to prove
the validity of the encrypted clear
text in proveEncryption
,
but this secret encNonce
MUST be forgotten after that,
as it may be used to decipher the Encryption
without the SecretKey
associated with pubKey
.
Type Proof
data Proof crypto v c Source #
Non-Interactive Zero-Knowledge Proof
of knowledge of a discrete logarithm:
(secret == logBase base (base^secret))
.
Proof | |
|
Instances
Eq (Proof crypto v c) Source # | |
Show (Proof crypto v c) Source # | |
Generic (Proof crypto v c) Source # | |
ToJSON (Proof crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
GroupParams crypto c => FromJSON (Proof crypto v c) Source # | |
NFData (Proof crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Proof crypto v c) Source # | |
Defined in Voting.Protocol.Election type Rep (Proof crypto v c) = D1 (MetaData "Proof" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" False) (C1 (MetaCons "Proof" PrefixI True) (S1 (MetaSel (Just "proof_challenge") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Challenge crypto c)) :*: S1 (MetaSel (Just "proof_response") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (E crypto c)))) |
Type ZKP
Zero-knowledge proof.
A protocol is zero-knowledge if the verifier learns nothing from the protocol except that the prover knows the secret.
DOC: Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM-CCS’93, 1993.
Type Challenge
Type Oracle
type Oracle list crypto c = list (Commitment crypto c) -> Challenge crypto c Source #
prove :: forall crypto v c list m r. Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c) Source #
(
returns a prove
sec commitmentBases oracle)Proof
that sec
is known
(by proving the knowledge of its discrete logarithm).
The Oracle
is given Commitment
s equal to the commitmentBases
raised to the power of the secret nonce of the Proof
,
as those are the Commitment
s that the verifier will obtain
when composing the proof_challenge
and proof_response
together
(with commit
).
WARNING: for prove
to be a so-called strong Fiat-Shamir transformation (not a weak):
the statement must be included in the hash
(along with the commitments).
NOTE: a random
nonce
is used to ensure each prove
does not reveal any information regarding the secret sec
,
because two Proof
s using the same Commitment
can be used to deduce sec
(using the special-soundness).
proveQuicker :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c) Source #
fakeProof :: GroupParams crypto c => Monad m => RandomGen r => StateT r m (Proof crypto v c) Source #
(
returns a fakeProof
)Proof
whose proof_challenge
and proof_response
are uniformly chosen at random,
instead of (
and proof_challenge
==
hash
statement commitments)(
as a proof_response
==
nonce +
sec *
proof_challenge
)Proof
returned by prove
.
Used in proveEncryption
to fill the returned DisjProof
with fake Proof
s for all Disjunction
s but the encrypted one.
Type Commitment
type Commitment = G Source #
commit :: forall crypto v c. Reifies v Version => GroupParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c Source #
(
returns a commit
proof base basePowSec)Commitment
from the given Proof
with the knowledge of the verifier.
commitQuicker :: GroupParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c Source #
Type Disjunction
type Disjunction = G Source #
A Disjunction
is an inv
ersed (
it's used in groupGen
^
opinion)proveEncryption
to generate a Proof
that an encryption_vault
contains a given (
,groupGen
^
opinion)
booleanDisjunctions :: forall crypto c. GroupParams crypto c => [Disjunction crypto c] Source #
intervalDisjunctions :: forall crypto c. GroupParams crypto c => Natural -> Natural -> [Disjunction crypto c] Source #
Type Opinion
Index of a Disjunction
within a list of them.
It is encrypted as a GroupExponent
by encrypt
.
Type DisjProof
newtype DisjProof crypto v c Source #
A list of Proof
s to prove that the Opinion
within an Encryption
is indexing a Disjunction
within a list of them,
without revealing which Opinion
it is.
Instances
Eq (DisjProof crypto v c) Source # | |
Show (DisjProof crypto v c) Source # | |
Generic (DisjProof crypto v c) Source # | |
ToJSON (DisjProof crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
GroupParams crypto c => FromJSON (DisjProof crypto v c) Source # | |
NFData (DisjProof crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (DisjProof crypto v c) Source # | |
Defined in Voting.Protocol.Election type Rep (DisjProof crypto v c) = D1 (MetaData "DisjProof" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" True) (C1 (MetaCons "DisjProof" PrefixI False) (S1 (MetaSel (Nothing :: Maybe Symbol) NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [Proof crypto v c]))) |
proveEncryption :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> ZKP -> ([Disjunction crypto c], [Disjunction crypto c]) -> (EncryptionNonce crypto c, Encryption crypto v c) -> StateT r m (DisjProof crypto v c) Source #
(
returns a proveEncryption
elecPubKey voterZKP (prevDisjs,nextDisjs) (encNonce,enc))DisjProof
that enc
encrypt
s
the Disjunction
d
between prevDisjs
and nextDisjs
.
The prover proves that it knows an encNonce
, such that:
(enc
==
Encryption{encryption_nonce=groupGen
^
encNonce, encryption_vault=elecPubKey^
encNonce *
groupGen^
d})
A NIZK Disjunctive Chaum Pedersen Logarithm Equality is used.
DOC: Pierrick Gaudry. Some ZK security proofs for Belenios, 2017.
verifyEncryption :: Reifies v Version => GroupParams crypto c => Monad m => PublicKey crypto c -> ZKP -> [Disjunction crypto c] -> (Encryption crypto v c, DisjProof crypto v c) -> ExceptT ErrorVerifyEncryption m Bool Source #
Hashing
encryptionStatement :: GroupParams crypto c => ZKP -> Encryption crypto v c -> ByteString Source #
encryptionCommitments :: Reifies v Version => GroupParams crypto c => PublicKey crypto c -> Encryption crypto v c -> Disjunction crypto c -> Proof crypto v c -> [G crypto c] Source #
(
returns the encryptionCommitments
elecPubKey enc disj proof)Commitment
s with only the knowledge of the verifier.
For the prover the Proof
comes from fakeProof
,
and for the verifier the Proof
comes from the prover.
Type ErrorVerifyEncryption
data ErrorVerifyEncryption Source #
Error raised by verifyEncryption
.
ErrorVerifyEncryption_InvalidProofLength Natural Natural | When the number of proofs is different than
the number of |
Instances
Eq ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election (==) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # (/=) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # | |
Show ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election showsPrec :: Int -> ErrorVerifyEncryption -> ShowS # show :: ErrorVerifyEncryption -> String # showList :: [ErrorVerifyEncryption] -> ShowS # |
Type Question
Question | |
|
Instances
Eq (Question v) Source # | |
Show (Question v) Source # | |
Generic (Question v) Source # | |
Reifies v Version => ToJSON (Question v) Source # | |
Defined in Voting.Protocol.Election | |
Reifies v Version => FromJSON (Question v) Source # | |
NFData (Question v) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Question v) Source # | |
Defined in Voting.Protocol.Election type Rep (Question v) = D1 (MetaData "Question" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" False) (C1 (MetaCons "Question" PrefixI True) ((S1 (MetaSel (Just "question_text") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "question_choices") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [Text])) :*: (S1 (MetaSel (Just "question_mini") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Natural) :*: S1 (MetaSel (Just "question_maxi") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Natural)))) |
Type Answer
data Answer crypto v c Source #
Answer | |
|
Instances
Eq (G crypto c) => Eq (Answer crypto v c) Source # | |
(Show (G crypto c), Show (G crypto c)) => Show (Answer crypto v c) Source # | |
Generic (Answer crypto v c) Source # | |
(Reifies v Version, GroupParams crypto c) => ToJSON (Answer crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
(Reifies v Version, GroupParams crypto c) => FromJSON (Answer crypto v c) Source # | |
NFData (G crypto c) => NFData (Answer crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Answer crypto v c) Source # | |
Defined in Voting.Protocol.Election type Rep (Answer crypto v c) = D1 (MetaData "Answer" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" False) (C1 (MetaCons "Answer" PrefixI True) (S1 (MetaSel (Just "answer_opinions") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [(Encryption crypto v c, DisjProof crypto v c)]) :*: S1 (MetaSel (Just "answer_sumProof") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (DisjProof crypto v c)))) |
encryptAnswer :: Reifies v Version => GroupParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> ZKP -> Question v -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer crypto v c) Source #
(
returns an encryptAnswer
elecPubKey zkp quest opinions)Answer
validable by verifyAnswer
,
unless an ErrorAnswer
is returned.
verifyAnswer :: Reifies v Version => GroupParams crypto c => PublicKey crypto c -> ZKP -> Question v -> Answer crypto v c -> Bool Source #
Type ErrorAnswer
data ErrorAnswer Source #
Error raised by encryptAnswer
.
ErrorAnswer_WrongNumberOfOpinions Natural Natural | When the number of opinions is different than
the number of choices ( |
ErrorAnswer_WrongSumOfOpinions Natural Natural Natural | When the sum of opinions is not within the bounds
of |
Instances
Type Election
data Election crypto v c Source #
Election | |
|
Instances
hashElection :: Reifies v Version => GroupParams crypto c => ToJSON crypto => Election crypto v c -> Base64SHA256 Source #
readElection :: forall crypto r. FromJSON crypto => ReifyCrypto crypto => FilePath -> (forall v c. Reifies v Version => GroupParams crypto c => Election crypto v c -> r) -> ExceptT String IO r Source #
Type Ballot
data Ballot crypto v c Source #
Ballot | |
|
Instances
encryptBallot :: Reifies v Version => GroupParams crypto c => Key crypto => Monad m => RandomGen r => Election crypto v c -> Maybe (SecretKey crypto c) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot crypto v c) Source #
(
returns a encryptBallot
c (Just
ballotSecKey) opinionsByQuest)Ballot
signed by secKey
(the voter's secret key)
where opinionsByQuest
is a list of Opinion
s
on each question_choices
of each election_questions
.
verifyBallot :: Reifies v Version => GroupParams crypto c => Election crypto v c -> Ballot crypto v c -> Bool Source #
Type Signature
data Signature crypto v c Source #
Schnorr-like signature.
Used by each voter to sign his/her encrypted Ballot
using his/her Credential
,
in order to avoid ballot stuffing.
Signature | |
|
Instances
Generic (Signature crypto v c) Source # | |
(Reifies v Version, GroupParams crypto c) => ToJSON (Signature crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
(Reifies v Version, GroupParams crypto c) => FromJSON (Signature crypto v c) Source # | |
(NFData crypto, NFData (G crypto c)) => NFData (Signature crypto v c) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Signature crypto v c) Source # | |
Defined in Voting.Protocol.Election type Rep (Signature crypto v c) = D1 (MetaData "Signature" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" False) (C1 (MetaCons "Signature" PrefixI True) (S1 (MetaSel (Just "signature_publicKey") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (PublicKey crypto c)) :*: S1 (MetaSel (Just "signature_proof") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Proof crypto v c)))) |
Hashing
signatureStatement :: GroupParams crypto c => Foldable f => f (Answer crypto v c) -> [G crypto c] Source #
(
returns the encrypted material to be signed:
all the signatureStatement
answers)encryption_nonce
s and encryption_vault
s of the given answers
.
signatureCommitments :: GroupParams crypto c => ToNatural (G crypto c) => ZKP -> Commitment crypto c -> ByteString Source #
(signatureCommitments
voterZKP commitment)
Type ErrorBallot
data ErrorBallot Source #
Error raised by encryptBallot
.
ErrorBallot_WrongNumberOfAnswers Natural Natural | When the number of answers is different than the number of questions. |
ErrorBallot_Answer ErrorAnswer | When |
ErrorBallot_Wrong | TODO: to be more precise. |
Instances
Type Version
Version of the Helios-C protocol.
Version | |
|
Instances
Eq Version Source # | |
Ord Version Source # | |
Show Version Source # | |
IsString Version Source # | |
Defined in Voting.Protocol.Election fromString :: String -> Version # | |
Generic Version Source # | |
ToJSON Version Source # | |
Defined in Voting.Protocol.Election | |
FromJSON Version Source # | |
NFData Version Source # | |
Defined in Voting.Protocol.Election | |
type Rep Version Source # | |
Defined in Voting.Protocol.Election type Rep Version = D1 (MetaData "Version" "Voting.Protocol.Election" "hjugement-protocol-0.0.9.20191031-G4czrbu2qOeHMRyb9R422Q" False) (C1 (MetaCons "Version" PrefixI True) (S1 (MetaSel (Just "version_branch") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [Natural]) :*: S1 (MetaSel (Just "version_tags") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [(Text, Natural)]))) |