diff options
author | Karn Seth <karn@google.com> | 2023-04-27 17:32:03 -0400 |
---|---|---|
committer | Karn Seth <karn@google.com> | 2023-04-27 17:32:03 -0400 |
commit | ad12d055c6eb4bee2565d9dc125d9ebe95db1dc4 (patch) | |
tree | d7b2601f433b5944e799a291ea1d374bd7b5f2fa | |
parent | 827d2aa796804f9ed28fc1c35ada56e0c62800be (diff) | |
download | anonymous-counting-tokens-ad12d055c6eb4bee2565d9dc125d9ebe95db1dc4.tar.gz |
adds additional parameters, updates protos
-rw-r--r-- | act/act.proto | 6 | ||||
-rw-r--r-- | act/act_v0/BUILD | 6 | ||||
-rw-r--r-- | act/act_v0/act_v0.cc | 8 | ||||
-rw-r--r-- | act/act_v0/act_v0_test.cc | 3 | ||||
-rw-r--r-- | act/act_v0/parameters.cc | 37 | ||||
-rw-r--r-- | act/act_v0/parameters.h | 18 | ||||
-rw-r--r-- | act/act_v0/parameters_test.cc | 45 | ||||
-rw-r--r-- | act/fake_act.cc | 3 |
8 files changed, 103 insertions, 23 deletions
diff --git a/act/act.proto b/act/act.proto index f40f608..1c39823 100644 --- a/act/act.proto +++ b/act/act.proto @@ -91,10 +91,12 @@ message TokensResponse { // An actual token recovered from the TokenResponse. message Token { - // Serialized BigNum corresponding to the nonce for this token. - string nonce = 1; + reserved 1; oneof token_oneof { TokenV0 token_v0 = 2; } + + // Serialized BigNum corresponding to the nonce for this token. + bytes nonce_bytes = 3; } diff --git a/act/act_v0/BUILD b/act/act_v0/BUILD index 64dacac..073d2fa 100644 --- a/act/act_v0/BUILD +++ b/act/act_v0/BUILD @@ -50,10 +50,7 @@ cc_library( "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:bb_oblivious_signature_cc_proto", "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:dy_verifiable_random_function", "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:dy_verifiable_random_function_cc_proto", - "@private_join_and_compute//private_join_and_compute/crypto/proto:big_num_cc_proto", - "@private_join_and_compute//private_join_and_compute/crypto/proto:camenisch_shoup_cc_proto", "@private_join_and_compute//private_join_and_compute/crypto/proto:ec_point_cc_proto", - "@private_join_and_compute//private_join_and_compute/crypto/proto:pedersen_cc_proto", "@private_join_and_compute//private_join_and_compute/crypto/proto:proto_util", "@private_join_and_compute//private_join_and_compute/util:status_includes", ], @@ -69,14 +66,11 @@ cc_test( "//act", "//act:act_cc_proto", "@com_github_google_googletest//:gtest_main", - "@com_google_absl//absl/strings", "@private_join_and_compute//private_join_and_compute/crypto:bn_util", "@private_join_and_compute//private_join_and_compute/crypto:camenisch_shoup", "@private_join_and_compute//private_join_and_compute/crypto:ec_util", "@private_join_and_compute//private_join_and_compute/crypto:pedersen_over_zn", - "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:bb_oblivious_signature", "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:bb_oblivious_signature_cc_proto", - "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:dy_verifiable_random_function", "@private_join_and_compute//private_join_and_compute/crypto/dodis_yampolskiy_prf:dy_verifiable_random_function_cc_proto", "@private_join_and_compute//private_join_and_compute/crypto/proto:big_num_cc_proto", "@private_join_and_compute//private_join_and_compute/crypto/proto:camenisch_shoup_cc_proto", diff --git a/act/act_v0/act_v0.cc b/act/act_v0/act_v0.cc index a0bab22..01921a5 100644 --- a/act/act_v0/act_v0.cc +++ b/act/act_v0/act_v0.cc @@ -77,6 +77,8 @@ StatusOr<std::unique_ptr<DyVerifiableRandomFunction>> CreateDyVrf( dy_vrf_parameters.set_random_oracle_prefix( scheme_parameters_v0.random_oracle_prefix()); dy_vrf_parameters.set_dy_prf_base_g(server_public_parameters_v0.prf_base_g()); + *dy_vrf_parameters.mutable_pedersen_parameters() = + server_public_parameters_v0.pedersen_parameters(); return DyVerifiableRandomFunction::Create(std::move(dy_vrf_parameters), ctx, ec_group, pedersen); @@ -846,7 +848,7 @@ StatusOr<std::vector<Token>> AnonymousCountingTokensV0::RecoverTokens( for (size_t i = 0; i < messages.size(); ++i) { Token token; TokenV0* token_v0 = token.mutable_token_v0(); - token.set_nonce(nonces[i].ToBytes()); + token.set_nonce_bytes(nonces[i].ToBytes()); ASSIGN_OR_RETURN(*token_v0->mutable_bb_signature(), signatures[i].ToBytesCompressed()); tokens.push_back(std::move(token)); @@ -890,10 +892,10 @@ Status AnonymousCountingTokensV0::VerifyToken( server_private_parameters_v0.bb_oblivious_signature_private_key().y()); BigNum hashed_message = ctx.RandomOracleSha512(m, ec_group.GetOrder()); - BigNum nonce = ctx.CreateBigNum(token.nonce()); + BigNum nonce = ctx.CreateBigNum(token.nonce_bytes()); // Verify that reserializing the nonce comes out to the same value. - if (nonce.ToBytes() != token.nonce()) { + if (nonce.ToBytes() != token.nonce_bytes()) { return absl::InvalidArgumentError( "AnonymousCountingTokensV0::VerifyToken: nonce comes out to different " "value when serialized and deserialized."); diff --git a/act/act_v0/act_v0_test.cc b/act/act_v0/act_v0_test.cc index 387a993..2c17471 100644 --- a/act/act_v0/act_v0_test.cc +++ b/act/act_v0/act_v0_test.cc @@ -677,7 +677,8 @@ TEST_F(AnonymousCountingTokensV0Test, TokensHaveUniqueNonces) { std::vector<std::string> messages = {"message_1", "message_2"}; ASSERT_OK_AND_ASSIGN(Transcript transcript, GenerateTranscript(messages)); - EXPECT_NE(transcript.tokens[0].nonce(), transcript.tokens[1].nonce()); + EXPECT_NE(transcript.tokens[0].nonce_bytes(), + transcript.tokens[1].nonce_bytes()); } } // namespace diff --git a/act/act_v0/parameters.cc b/act/act_v0/parameters.cc index 8a2e6c5..e585177 100644 --- a/act/act_v0/parameters.cc +++ b/act/act_v0/parameters.cc @@ -80,5 +80,42 @@ SchemeParameters ActV0Batch32SchemeParameters() { return scheme_parameters; } +// Returns parameters supporting 32 messages in a batch, with CS vector +// encryption length set to 2, and modulus length 2048. +SchemeParameters +ActV0SchemeParametersPedersen32Modulus2048CamenischShoupVector2() { + int pedersen_batch_size = 32; + int modulus_length = 2048; + int camensich_shoup_vector_encryption_length = 2; + + return ActV0SchemeParameters(pedersen_batch_size, modulus_length, + camensich_shoup_vector_encryption_length); +} + +// Returns custom parameters. +SchemeParameters ActV0SchemeParameters(int pedersen_batch_size, + int modulus_length_bits, + int camenisch_shoup_vector_length) { + std::string random_oracle_prefix = absl::StrCat( + "ActV0SchemeParametersPedersenBatchSize", pedersen_batch_size, + "ModulusLengthBits", modulus_length_bits, "CamenischShoupVectorLength", + camenisch_shoup_vector_length); + + SchemeParameters scheme_parameters; + SchemeParametersV0* scheme_parameters_v0 = + scheme_parameters.mutable_scheme_parameters_v0(); + scheme_parameters_v0->set_security_parameter(kDefaultSecurityParameter); + scheme_parameters_v0->set_challenge_length_bits(kDefaultChallengeLength); + scheme_parameters_v0->set_modulus_length_bits(modulus_length_bits); + scheme_parameters_v0->set_camenisch_shoup_s(kDefaultCamenischShoupS); + scheme_parameters_v0->set_vector_encryption_length( + camenisch_shoup_vector_length); + scheme_parameters_v0->set_pedersen_batch_size(pedersen_batch_size); + scheme_parameters_v0->set_prf_ec_group(kDefaultCurveId); + scheme_parameters_v0->set_random_oracle_prefix(random_oracle_prefix); + + return scheme_parameters; +} + } // namespace anonymous_counting_tokens } // namespace private_join_and_compute diff --git a/act/act_v0/parameters.h b/act/act_v0/parameters.h index 288f237..5583adc 100644 --- a/act/act_v0/parameters.h +++ b/act/act_v0/parameters.h @@ -34,12 +34,26 @@ const int kDefaultModulusLengthBits = 3072; // bits, smaller batch size of 3). SchemeParameters ActV0TestSchemeParameters(); -// Returns parameters supporting 16 messages in a batch. +// Returns parameters supporting 16 messages in a batch, with both Pedersen and +// CS parameters set to 16, and modulus length 3072. SchemeParameters ActV0Batch16SchemeParameters(); -// Returns parameters supporting 32 messages in a batch. +// Returns parameters supporting 32 messages in a batch, with both Pedersen and +// CS parameters set to 32, and modulus length 3072. SchemeParameters ActV0Batch32SchemeParameters(); +// Returns parameters supporting 32 messages in a batch, with CS vector +// encryption length set to 2, and modulus length 2048. +// +// These parameters are currently the best-optimized for performance. +SchemeParameters +ActV0SchemeParametersPedersen32Modulus2048CamenischShoupVector2(); + +// Returns custom parameters. +SchemeParameters ActV0SchemeParameters(int pedersen_batch_size, + int modulus_length_bits, + int camenisch_shoup_vector_length); + } // namespace anonymous_counting_tokens } // namespace private_join_and_compute diff --git a/act/act_v0/parameters_test.cc b/act/act_v0/parameters_test.cc index 04927e5..b275c00 100644 --- a/act/act_v0/parameters_test.cc +++ b/act/act_v0/parameters_test.cc @@ -33,8 +33,7 @@ namespace private_join_and_compute { namespace anonymous_counting_tokens { namespace { -Status EndToEndTestNoVerification(SchemeParameters scheme_parameters, - int num_messages) { +Status EndToEndTest(SchemeParameters scheme_parameters, int num_messages) { std::unique_ptr<AnonymousCountingTokens> act = AnonymousCountingTokensV0::Create(); @@ -42,12 +41,17 @@ Status EndToEndTestNoVerification(SchemeParameters scheme_parameters, ASSIGN_OR_RETURN(ServerParameters server_parameters, act->GenerateServerParameters(scheme_parameters)); - // Generate client parameters. + // Generate client parameters and check them. ASSIGN_OR_RETURN( ClientParameters client_parameters, act->GenerateClientParameters(scheme_parameters, server_parameters.public_parameters())); + RETURN_IF_ERROR(act->CheckClientParameters( + scheme_parameters, client_parameters.public_parameters(), + server_parameters.public_parameters(), + server_parameters.private_parameters())); + // Generate messages. std::vector<std::string> messages; messages.reserve(num_messages); @@ -55,7 +59,7 @@ Status EndToEndTestNoVerification(SchemeParameters scheme_parameters, messages.push_back(absl::StrCat("message", i)); } - // Generate Tokens Request. + // Generate Tokens Request and check it. std::vector<std::string> client_fingerprints; TokensRequest tokens_request; TokensRequestPrivateState tokens_request_private_state; @@ -66,14 +70,24 @@ Status EndToEndTestNoVerification(SchemeParameters scheme_parameters, client_parameters.public_parameters(), client_parameters.private_parameters(), server_parameters.public_parameters())); + RETURN_IF_ERROR(act->CheckTokensRequest( + client_fingerprints, tokens_request, scheme_parameters, + client_parameters.public_parameters(), + server_parameters.public_parameters(), + server_parameters.private_parameters())); - // Generate Tokens Response. + // Generate Tokens Response and check it. ASSIGN_OR_RETURN( TokensResponse tokens_response, act->GenerateTokensResponse(tokens_request, scheme_parameters, client_parameters.public_parameters(), server_parameters.public_parameters(), server_parameters.private_parameters())); + RETURN_IF_ERROR(act->VerifyTokensResponse( + messages, tokens_request, tokens_request_private_state, tokens_response, + scheme_parameters, client_parameters.public_parameters(), + client_parameters.private_parameters(), + server_parameters.public_parameters())); // Extract Tokens. ASSIGN_OR_RETURN( @@ -97,15 +111,30 @@ Status EndToEndTestNoVerification(SchemeParameters scheme_parameters, } TEST(ActV0ParametersTest, EndToEndWithTestParameters) { - EXPECT_OK(EndToEndTestNoVerification(ActV0TestSchemeParameters(), 3)); + EXPECT_OK(EndToEndTest(ActV0TestSchemeParameters(), 3)); } TEST(ActV0ParametersTest, EndToEndWithBatch16Parameters) { - EXPECT_OK(EndToEndTestNoVerification(ActV0Batch16SchemeParameters(), 16)); + EXPECT_OK(EndToEndTest(ActV0Batch16SchemeParameters(), 16)); } TEST(ActV0ParametersTest, EndToEndWithBatch32Parameters) { - EXPECT_OK(EndToEndTestNoVerification(ActV0Batch32SchemeParameters(), 32)); + EXPECT_OK(EndToEndTest(ActV0Batch32SchemeParameters(), 32)); +} + +TEST(ActV0ParametersTest, EndToEndWithBatch32Cs2Modulus2048Parameters) { + EXPECT_OK(EndToEndTest( + ActV0SchemeParametersPedersen32Modulus2048CamenischShoupVector2(), 32)); +} + +TEST(ActV0ParametersTest, EndToEndWithCustomParameters) { + int pedersen_batch_size = 32; + int modulus_length_bits = 1576; + int camenisch_shoup_vector_length = 2; + EXPECT_OK(EndToEndTest( + ActV0SchemeParameters(pedersen_batch_size, modulus_length_bits, + camenisch_shoup_vector_length), + 32)); } // More extensive tests are in act_v0_test.cc. These tests simply ensure that diff --git a/act/fake_act.cc b/act/fake_act.cc index 349a1cb..48cf40f 100644 --- a/act/fake_act.cc +++ b/act/fake_act.cc @@ -123,7 +123,8 @@ StatusOr<std::vector<Token>> FakeAnonymousCountingTokens::RecoverTokens( result.reserve(messages.size()); for (size_t i = 0; i < messages.size(); ++i) { Token fake_token; - fake_token.set_nonce(context.GenerateRandLessThan(nonce_bound).ToBytes()); + fake_token.set_nonce_bytes( + context.GenerateRandLessThan(nonce_bound).ToBytes()); result.push_back(fake_token); } |