Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data Encryption q = Encryption {
- encryption_nonce :: G q
- encryption_vault :: G q
- type EncryptionNonce = E
- encrypt :: Monad m => RandomGen r => SubGroup q => PublicKey q -> E q -> StateT r m (EncryptionNonce q, Encryption q)
- data Proof q = Proof {
- proof_challenge :: Challenge q
- proof_response :: E q
- newtype ZKP = ZKP ByteString
- type Challenge = E
- type Oracle list q = list (Commitment q) -> Challenge q
- prove :: Monad m => RandomGen r => SubGroup q => Functor list => E q -> list (G q) -> Oracle list q -> StateT r m (Proof q)
- fakeProof :: Monad m => RandomGen r => SubGroup q => StateT r m (Proof q)
- type Commitment = G
- commit :: SubGroup q => Proof q -> G q -> G q -> Commitment q
- type Disjunction = G
- booleanDisjunctions :: SubGroup q => [Disjunction q]
- intervalDisjunctions :: SubGroup q => Opinion q -> Opinion q -> [Disjunction q]
- type Opinion = E
- newtype DisjProof q = DisjProof [Proof q]
- proveEncryption :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> ([Disjunction q], [Disjunction q]) -> (EncryptionNonce q, Encryption q) -> StateT r m (DisjProof q)
- verifyEncryption :: Monad m => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> (Encryption q, DisjProof q) -> ExceptT ErrorVerifyEncryption m Bool
- encryptionStatement :: SubGroup q => ZKP -> Encryption q -> ByteString
- encryptionCommitments :: SubGroup q => PublicKey q -> Encryption q -> Disjunction q -> Proof q -> [G q]
- data ErrorVerifyEncryption = ErrorVerifyEncryption_InvalidProofLength Natural Natural
- data Question q = Question {
- question_text :: Text
- question_choices :: [Text]
- question_mini :: Opinion q
- question_maxi :: Opinion q
- data Answer q = Answer {
- answer_opinions :: [(Encryption q, DisjProof q)]
- answer_sumProof :: DisjProof q
- encryptAnswer :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> Question q -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer q)
- verifyAnswer :: SubGroup q => PublicKey q -> ZKP -> Question q -> Answer q -> Bool
- data ErrorAnswer
- data Election q = Election {}
- newtype Hash = Hash Text
- data Ballot q = Ballot {
- ballot_answers :: [Answer q]
- ballot_signature :: Maybe (Signature q)
- ballot_election_uuid :: UUID
- ballot_election_hash :: Hash
- encryptBallot :: Monad m => RandomGen r => SubGroup q => Election q -> Maybe (SecretKey q) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot q)
- verifyBallot :: SubGroup q => Election q -> Ballot q -> Bool
- data Signature q = Signature {
- signature_publicKey :: PublicKey q
- signature_proof :: Proof q
- signatureStatement :: Foldable f => SubGroup q => f (Answer q) -> [G q]
- signatureCommitments :: SubGroup q => ZKP -> Commitment q -> ByteString
- data ErrorBallot
- data DecryptionShare q = DecryptionShare {
- decryptionShare_factors :: [[DecryptionFactor q]]
- decryptionShare_proofs :: [[Proof q]]
- proveDecryptionShare :: Monad m => SubGroup q => RandomGen r => SecretKey q -> [[Encryption q]] -> StateT r m (DecryptionShare q)
- proveDecryptionFactor :: Monad m => SubGroup q => RandomGen r => SecretKey q -> Encryption q -> StateT r m (DecryptionFactor q, Proof q)
- decryptionShareStatement :: SubGroup q => PublicKey q -> ByteString
- type DecryptionFactor = G
- data ErrorDecryptionShare
- verifyDecryptionShare :: Monad m => SubGroup q => [[Encryption q]] -> PublicKey q -> DecryptionShare q -> ExceptT ErrorDecryptionShare m ()
- data Tally q = Tally {}
- type DecryptionShareCombinator q = [DecryptionShare q] -> Except ErrorDecryptionShare [[DecryptionFactor q]]
- proveTally :: Monad m => SubGroup q => [[Encryption q]] -> [DecryptionShare q] -> DecryptionShareCombinator q -> Except ErrorDecryptionShare (Tally q)
- verifyTally :: Monad m => SubGroup q => DecryptionShareCombinator q -> Tally q -> Except ErrorDecryptionShare ()
Type Encryption
data Encryption q Source #
ElGamal-like encryption. Its security relies on the Discrete Logarithm problem.
Because (groupGen
^
encNonce ^
secKey ==
groupGen
^
secKey ^
encNonce),
knowing secKey
, one can divide encryption_vault
by (
to decipher encryption_nonce
^
secKey)(
, then the groupGen
^
clear)clear
text must be small to be decryptable,
because it is encrypted as a power of groupGen
(hence the "-like" in "ElGamal-like")
to enable the additive homomorphism.
NOTE: Since (
,
then: encryption_vault
*
encryption_nonce
==
encryption_nonce
^
(secKey +
clear))(logBase
.encryption_nonce
(encryption_vault
*
encryption_nonce
) ==
secKey +
clear)
Instances
Type EncryptionNonce
type EncryptionNonce = E Source #
encrypt :: Monad m => RandomGen r => SubGroup q => PublicKey q -> E q -> StateT r m (EncryptionNonce q, Encryption q) Source #
(
returns an ElGamal-like encrypt
pubKey clear)Encryption
.
WARNING: the secret encryption nonce (encNonce
)
is returned alongside the Encryption
in order to prove
the validity of the encrypted clear
text in proveEncryption
,
but this secret encNonce
MUST be forgotten after that,
as it may be used to decipher the Encryption
without the SecretKey
associated with pubKey
.
Type Proof
Proof
of knowledge of a discrete logarithm:
(secret == logBase base (base^secret))
.
Proof | |
|
Instances
Eq (Proof q) Source # | |
Show (Proof q) Source # | |
Generic (Proof q) Source # | |
NFData (Proof q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Proof q) Source # | |
Defined in Voting.Protocol.Election type Rep (Proof q) = D1 (MetaData "Proof" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Proof" PrefixI True) (S1 (MetaSel (Just "proof_challenge") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Challenge q)) :*: S1 (MetaSel (Just "proof_response") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (E q)))) |
Type ZKP
Zero-knowledge proof.
A protocol is zero-knowledge if the verifier learns nothing from the protocol except that the prover knows the secret.
DOC: Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM-CCS’93, 1993.
Type Challenge
Type Oracle
type Oracle list q = list (Commitment q) -> Challenge q Source #
prove :: Monad m => RandomGen r => SubGroup q => Functor list => E q -> list (G q) -> Oracle list q -> StateT r m (Proof q) Source #
(
returns a prove
sec commitBases oracle)Proof
that sec
is known
(by proving the knowledge of its discrete logarithm).
The Oracle
is given Commitment
s equal to the commitBases
raised to the power of the secret nonce of the Proof
,
as those are the Commitment
s that the verifier will obtain
when composing the proof_challenge
and proof_response
together
(with commit
).
WARNING: for prove
to be a so-called strong Fiat-Shamir transformation (not a weak):
the statement must be included in the hash
(along with the commitments).
NOTE: a random
nonce
is used to ensure each prove
does not reveal any information regarding the secret sec
,
because two Proof
s using the same Commitment
can be used to deduce sec
(using the special-soundness).
fakeProof :: Monad m => RandomGen r => SubGroup q => StateT r m (Proof q) Source #
(
returns a fakeProof
)Proof
whose proof_challenge
and proof_response
are uniformly chosen at random,
instead of (
and proof_challenge
==
hash
statement commitments)(
as a proof_response
==
nonce +
sec *
proof_challenge
)Proof
returned by prove
.
Used in proveEncryption
to fill the returned DisjProof
with fake Proof
s for all Disjunction
s but the encrypted one.
Type Commitment
type Commitment = G Source #
commit :: SubGroup q => Proof q -> G q -> G q -> Commitment q Source #
(
returns a commit
proof base basePowSec)Commitment
from the given Proof
with the knowledge of the verifier.
Type Disjunction
type Disjunction = G Source #
A Disjunction
is an inv
ersed (
it's used in groupGen
^
opinion)proveEncryption
to generate a Proof
that an encryption_vault
contains a given (
,groupGen
^
opinion)
booleanDisjunctions :: SubGroup q => [Disjunction q] Source #
intervalDisjunctions :: SubGroup q => Opinion q -> Opinion q -> [Disjunction q] Source #
Type Opinion
Index of a Disjunction
within a list of them.
It is encrypted as an E
xponent by encrypt
.
Type DisjProof
A list of Proof
s to prove that the Opinion
within an Encryption
is indexing a Disjunction
within a list of them,
without revealing which Opinion
it is.
proveEncryption :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> ([Disjunction q], [Disjunction q]) -> (EncryptionNonce q, Encryption q) -> StateT r m (DisjProof q) Source #
(
returns a proveEncryption
elecPubKey voterZKP (prevDisjs,nextDisjs) (encNonce,enc))DisjProof
that enc
encrypt
s
the Disjunction
d
between prevDisjs
and nextDisjs
.
The prover proves that it knows an encNonce
, such that:
(enc
==
Encryption{encryption_nonce=groupGen
^
encNonce, encryption_vault=elecPubKey^
encNonce *
groupGen^
d})
A NIZK Disjunctive Chaum Pedersen Logarithm Equality is used.
DOC: Pierrick Gaudry. Some ZK security proofs for Belenios, 2017.
verifyEncryption :: Monad m => SubGroup q => PublicKey q -> ZKP -> [Disjunction q] -> (Encryption q, DisjProof q) -> ExceptT ErrorVerifyEncryption m Bool Source #
Hashing
encryptionStatement :: SubGroup q => ZKP -> Encryption q -> ByteString Source #
encryptionCommitments :: SubGroup q => PublicKey q -> Encryption q -> Disjunction q -> Proof q -> [G q] Source #
(
returns the encryptionCommitments
elecPubKey enc disj proof)Commitment
s with only the knowledge of the verifier.
For the prover the Proof
comes from fakeProof
,
and for the verifier the Proof
comes from the prover.
Type ErrorVerifyEncryption
data ErrorVerifyEncryption Source #
Error raised by verifyEncryption
.
ErrorVerifyEncryption_InvalidProofLength Natural Natural | When the number of proofs is different than
the number of |
Instances
Eq ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election (==) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # (/=) :: ErrorVerifyEncryption -> ErrorVerifyEncryption -> Bool # | |
Show ErrorVerifyEncryption Source # | |
Defined in Voting.Protocol.Election showsPrec :: Int -> ErrorVerifyEncryption -> ShowS # show :: ErrorVerifyEncryption -> String # showList :: [ErrorVerifyEncryption] -> ShowS # |
Type Question
Question | |
|
Instances
Eq (Question q) Source # | |
Show (Question q) Source # | |
Generic (Question q) Source # | |
NFData (Question q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Question q) Source # | |
Defined in Voting.Protocol.Election type Rep (Question q) = D1 (MetaData "Question" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Question" PrefixI True) ((S1 (MetaSel (Just "question_text") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Text) :*: S1 (MetaSel (Just "question_choices") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [Text])) :*: (S1 (MetaSel (Just "question_mini") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Opinion q)) :*: S1 (MetaSel (Just "question_maxi") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Opinion q))))) |
Type Answer
Answer | |
|
Instances
Eq (Answer q) Source # | |
Show (Answer q) Source # | |
Generic (Answer q) Source # | |
NFData (Answer q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Answer q) Source # | |
Defined in Voting.Protocol.Election type Rep (Answer q) = D1 (MetaData "Answer" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Answer" PrefixI True) (S1 (MetaSel (Just "answer_opinions") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [(Encryption q, DisjProof q)]) :*: S1 (MetaSel (Just "answer_sumProof") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (DisjProof q)))) |
encryptAnswer :: Monad m => RandomGen r => SubGroup q => PublicKey q -> ZKP -> Question q -> [Bool] -> StateT r (ExceptT ErrorAnswer m) (Answer q) Source #
(
returns an encryptAnswer
elecPubKey zkp quest opinions)Answer
validable by verifyAnswer
,
unless an ErrorAnswer
is returned.
Type ErrorAnswer
data ErrorAnswer Source #
Error raised by encryptAnswer
.
ErrorAnswer_WrongNumberOfOpinions Natural Natural | When the number of opinions is different than
the number of choices ( |
ErrorAnswer_WrongSumOfOpinions Natural Natural Natural | When the sum of opinions is not within the bounds
of |
Instances
Type Election
Election | |
|
Instances
Type Hash
Type Ballot
Ballot | |
|
Instances
Generic (Ballot q) Source # | |
NFData (Ballot q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Ballot q) Source # | |
Defined in Voting.Protocol.Election type Rep (Ballot q) = D1 (MetaData "Ballot" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Ballot" PrefixI True) ((S1 (MetaSel (Just "ballot_answers") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [Answer q]) :*: S1 (MetaSel (Just "ballot_signature") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe (Signature q)))) :*: (S1 (MetaSel (Just "ballot_election_uuid") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 UUID) :*: S1 (MetaSel (Just "ballot_election_hash") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Hash)))) |
encryptBallot :: Monad m => RandomGen r => SubGroup q => Election q -> Maybe (SecretKey q) -> [[Bool]] -> StateT r (ExceptT ErrorBallot m) (Ballot q) Source #
(
returns a encryptBallot
elec (Just
ballotSecKey) opinionsByQuest)Ballot
signed by secKey
(the voter's secret key)
where opinionsByQuest
is a list of Opinion
s
on each question_choices
of each election_questions
.
Type Signature
Schnorr-like signature.
Used by each voter to sign his/her encrypted Ballot
using his/her Credential
,
in order to avoid ballot stuffing.
Signature | |
|
Instances
Generic (Signature q) Source # | |
NFData (Signature q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Signature q) Source # | |
Defined in Voting.Protocol.Election type Rep (Signature q) = D1 (MetaData "Signature" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Signature" PrefixI True) (S1 (MetaSel (Just "signature_publicKey") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (PublicKey q)) :*: S1 (MetaSel (Just "signature_proof") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Proof q)))) |
Hashing
signatureStatement :: Foldable f => SubGroup q => f (Answer q) -> [G q] Source #
(
returns the encrypted material to be signed:
all the signatureStatement
answers)encryption_nonce
s and encryption_vault
s of the given answers
.
signatureCommitments :: SubGroup q => ZKP -> Commitment q -> ByteString Source #
(signatureCommitments
voterZKP commitment)
Type ErrorBallot
data ErrorBallot Source #
Error raised by encryptBallot
.
ErrorBallot_WrongNumberOfAnswers Natural Natural | When the number of answers is different than the number of questions. |
ErrorBallot_Answer ErrorAnswer | When |
Instances
Type DecryptionShare
data DecryptionShare q Source #
A decryption share. It is computed by a trustee from his/her
private key share and the encrypted tally,
and contains a cryptographic Proof
that it didn't cheat.
DecryptionShare | |
|
proveDecryptionShare :: Monad m => SubGroup q => RandomGen r => SecretKey q -> [[Encryption q]] -> StateT r m (DecryptionShare q) Source #
proveDecryptionFactor :: Monad m => SubGroup q => RandomGen r => SecretKey q -> Encryption q -> StateT r m (DecryptionFactor q, Proof q) Source #
decryptionShareStatement :: SubGroup q => PublicKey q -> ByteString Source #
Type DecryptionFactor
type DecryptionFactor = G Source #
Type ErrorDecryptionShare
data ErrorDecryptionShare Source #
ErrorDecryptionShare_Invalid | The number of |
ErrorDecryptionShare_Wrong | The |
verifyDecryptionShare :: Monad m => SubGroup q => [[Encryption q]] -> PublicKey q -> DecryptionShare q -> ExceptT ErrorDecryptionShare m () Source #
(
checks that verifyDecryptionShare
encByQuestByBallot pubKey decShare)decShare
(supposedly submitted by a trustee whose public key is pubKey
)
is valid with respect to the encrypted tally encByQuestByBallot
.
Type Tally
Tally | |
|
Instances
Eq (Tally q) Source # | |
Show (Tally q) Source # | |
Generic (Tally q) Source # | |
NFData (Tally q) Source # | |
Defined in Voting.Protocol.Election | |
type Rep (Tally q) Source # | |
Defined in Voting.Protocol.Election type Rep (Tally q) = D1 (MetaData "Tally" "Voting.Protocol.Election" "hjugement-protocol-0.0.0.20190511-LA4cRAbw6ds9q7ND2QPV9H" False) (C1 (MetaCons "Tally" PrefixI True) ((S1 (MetaSel (Just "tally_numBallots") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Natural) :*: S1 (MetaSel (Just "tally_encByQuestByBallot") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [[Encryption q]])) :*: (S1 (MetaSel (Just "tally_decShareByTrustee") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [DecryptionShare q]) :*: S1 (MetaSel (Just "tally_countByQuestByBallot") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 [[Natural]])))) |
type DecryptionShareCombinator q = [DecryptionShare q] -> Except ErrorDecryptionShare [[DecryptionFactor q]] Source #
proveTally :: Monad m => SubGroup q => [[Encryption q]] -> [DecryptionShare q] -> DecryptionShareCombinator q -> Except ErrorDecryptionShare (Tally q) Source #
verifyTally :: Monad m => SubGroup q => DecryptionShareCombinator q -> Tally q -> Except ErrorDecryptionShare () Source #