Module: RSA::ACC::PoKE2

Extended by:

Functions

Includes:

Functions

Defined in:

lib/rsa/acc/poke2.rb

Overview

Non-Interactive Proof of knowledge of exponent2.

Class Method Summary

• .prove(base, exp, result, modulus) ⇒ RSA::ACC::PoKE2Proof

  Computes a proof that you know exp s.t.

• .verify(base, result, proof, modulus) ⇒ Boolean

  Verifies that the prover knows exp s.t.

Methods included from Functions

blake2_hash, compute_challenge, egcd, elements_to_prime, hash_to_prime, shamir_trick

Class Method Details

.prove(base, exp, result, modulus) ⇒ RSA::ACC::PoKE2Proof

Computes a proof that you know exp s.t. base ^ exp = result.

Parameters:

• base (Integer)
• exp (Integer)
• result (Integer)
• modulus (Integer)

Returns:

• (RSA::ACC::PoKE2Proof) —

  a proof.

# File 'lib/rsa/acc/poke2.rb', line 44

def prove(base, exp, result, modulus)
  g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
  z = g.pow(exp, modulus)
  l = compute_challenge(base, result, z)
  alpha = blake2_hash(base, result, z, l)
  q, r = exp.divmod(l)
  RSA::ACC::PoKE2Proof.new(z, ((base * g.pow(alpha, modulus)) % modulus).pow(q, modulus), r)
end

.verify(base, result, proof, modulus) ⇒ Boolean

Verifies that the prover knows exp s.t. base ^ exp = result

Parameters:

• base (Integer)
• result (Integer)
• proof (RSA::ACC::PoKE2Proof)
• modulus (Integer)

Returns:

• (Boolean) —

  Returns true for successful verification, false otherwise.

# File 'lib/rsa/acc/poke2.rb', line 59

def verify(base, result, proof, modulus)
  g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
  l = compute_challenge(base, result, proof.z)
  alpha = blake2_hash(base, result, proof.z, l)
  lhs = (proof.q.pow(l, modulus) * ((base * g.pow(alpha, modulus) % modulus)).pow(proof.r, modulus)) % modulus
  rhs = (result * proof.z.pow(alpha, modulus) % modulus)
  lhs == rhs
end