Safe Haskell | None |
---|---|
Language | Haskell2010 |
Mutually Independent Commitments Protocol (MICP)
- 1, 2(a): send pedersen bases to each other
- 2(b): Send bobGK1Map to alice
- 2(c): Send bobCommit to alice using alice params
- 3(a): Send aliceGK1Map to bob
- 3(b): Send aliceCommit to bob
- 3(c): Send aliceC to bob
- 4(a): Send bobC to alice
- 4(b): Send bobReveal to alice
- 4(c): Send bobDMap to alice
- 5(a): alice checks bob's commit
- 5(b): Send aliceReveal to bob
- 5(c): Send aliceDMap to bob
- 5(d): send alice's
a
to bob - 6(a): bob checks alice's commit
- 6(b): bob checks that alice's ga^a == ha
- 6(c): bob sends k'map and bob's
a
to alice - 7(a): alice checks that bob's ga^a == ha
- 7(b): alice checks k'map from bob matches gk'map received earlier
- 8(a): bob checks k'map from alice matches gk'map recieved earlier
- Reveal: Alice & Bob reveal KMaps
- data MICParams
- type K1Map = Map Int Integer
- type K2Map = Map Int Integer
- type DMap = Map Int Integer
- type GtoK1Map = Map Int Integer
- type GtoK2Map = Map Int Integer
- genKMaps :: MonadRandom m => [Word8] -> SPFM m (K1Map, K2Map)
- kmapToGKMap :: Monad m => Map Int Integer -> SPFM m (Map Int Integer)
- blumMicaliPRNG :: MonadRandom m => Int -> Integer -> SPF -> m Integer
- genPRNGSeed :: MonadRandom m => SPF -> m Integer
- genAndCommitR :: MonadRandom m => CommitParams -> SPFM m (Integer, Pedersen)
- computeDMap :: Integer -> K1Map -> Integer -> DMap
- mkMICParams :: Int -> ByteString -> SPF -> MICParams
- genC :: MonadRandom m => SPFM m Integer
- verifyDMap :: Monad m => DMap -> GtoK1Map -> Integer -> Integer -> SPFM m Bool
- micpReveal :: MonadRandom m => K1Map -> K2Map -> SPFM m ByteString
Documentation
genKMaps :: MonadRandom m => [Word8] -> SPFM m (K1Map, K2Map) Source #
2(b), 3(a): Generate two integer maps where the ith entry in each map corresponds to the ith k1 and k2 values respectively such that `Hn(k1_i) xor Hn(k2_i) == byte_i`. Two maps are generated map because the values k and k' are to be exposed at different stages of the protocol.
kmapToGKMap :: Monad m => Map Int Integer -> SPFM m (Map Int Integer) Source #
Takes a Map k v and returns Map k (g^v mod p)
:: MonadRandom m | |
=> Int | Number of bits to generate |
-> Integer | Initial seed (must be in Zp) |
-> SPF | Safe prime field to compute within |
-> m Integer | n-bit, pseudo-random result |
Generates a hardcore bit sequence using the result from the paper: "How to generate cryptographically strong sequences of pseudo random bits" - M. Blum and S. Micali, 1984
Reference: https://crypto.stanford.edu/pbc/notes/crypto/blummicali.html
genPRNGSeed :: MonadRandom m => SPF -> m Integer Source #
genAndCommitR :: MonadRandom m => CommitParams -> SPFM m (Integer, Pedersen) Source #
2(c), 3(b): Generate random r in Z_q and commit using Pedersen Commitment
4(c),5(c): computes d_i = c*k_i + r
mkMICParams :: Int -> ByteString -> SPF -> MICParams Source #
:: Monad m | |
=> DMap | Counterparty's DMap |
-> GtoK1Map | Counterparty's (g^k, g^k') map |
-> Integer | Current party's |
-> Integer | Counterparty's 'g^r' |
-> SPFM m Bool |
5(a), 6(a): Verifies that the counterparty has not lied about their original commitment and has not tampered with the k values they used to encrypt their original message: `g^d_i == (g^k_i)^c * g^r`
micpReveal :: MonadRandom m => K1Map -> K2Map -> SPFM m ByteString Source #
Computes the original bytestring that was commited by a counterparty once they have supplied the neccessary parameters k_i and k_i'.