verify for list of random challenges

Author: algys

Ecc.hh

@@ -71,11 +71,11 @@ public:
         _curve{Secp256k1}
     { }
 
-    Point(int1024_t const & x, int1024_t const & y) :
+    Point(uint256_t const & x, uint256_t const & y) :
         _x{x}, _y{y}, _curve{Secp256k1}
     { }
 
-    Point(Curve curve, int1024_t const & x, int1024_t const & y) :
+    Point(Curve curve, uint256_t const & x, uint256_t const & y) :
         _x{x}, _y{y}, _curve{std::move(curve)}
     { }
 
@@ -159,7 +159,7 @@ private:
         auto v = ((int1024_t)y() + curve().p - (m * (int1024_t)x()) % curve().p) % curve().p;
         auto x = (m * m + curve().p - (int1024_t)this->x() + curve().p - (int1024_t)point.x()) % curve().p;
         auto y = (curve().p - (m * x) % curve().p + curve().p - v) % curve().p;
-        return {curve(), x, y};
+        return {curve(), (uint256_t)x, (uint256_t)y};
     }
 
 private:

Proof.hh

@@ -7,6 +7,7 @@
 
 #include <array>
 #include <cstring>
+#include <vector>
 #include "Ecc.hh"
 
 
@@ -17,7 +18,7 @@ struct Proof {
     Point h, z;
     Point a, b;
 
-    uint256_t r, c;
+    std::vector<std::pair<uint256_t, uint256_t>> cr;
 
     bool verify() {
         if (!h.isOnCurve() || !g.isOnCurve())
@@ -26,28 +27,34 @@ struct Proof {
         if (!z.isOnCurve() || !m.isOnCurve())
             return false;
 
-        auto ch = h.scalarMult(c);
-        auto rg = g.scalarMult(r);
-        auto aa = rg.add(ch);
+        for (auto pair: cr) {
+            auto ch = h.scalarMult(pair.first);
+            auto rg = g.scalarMult(pair.second);
+            auto aa = rg.add(ch);
 
-        auto cz = z.scalarMult(c);
-        auto rm = m.scalarMult(r);
-        auto bb = rm.add(cz);
+            auto cz = z.scalarMult(pair.first);
+            auto rm = m.scalarMult(pair.second);
+            auto bb = rm.add(cz);
 
-        return a == aa && b == bb;
-    }
+            if (a != aa || b != bb)
+                return false;
+        }
 
-    static Proof generate(Point g, Point m, uint256_t x) {
-        uint256_t c = rand();
+        return true;
+    }
 
+    static Proof generate(Point g, Point m, uint256_t x, std::vector<uint256_t> const & cList) {
         // s must be large then Curve.N
         uint256_t s = Secp256k1.n;
         s += rand();
 
-        uint256_t r{};
-
-        c = c % Secp256k1.n;
-        r = (s - c * x) % Secp256k1.n;
+        std::vector<std::pair<uint256_t, uint256_t>> cr;
+        uint256_t cc, rr;
+        for (auto c: cList) {
+            cc = c % Secp256k1.n;
+            rr = (s - cc * x) % Secp256k1.n;
+            cr.push_back(std::make_pair(cc, rr));
+        }
 
         auto a = g.scalarMult(s);
         auto b = m.scalarMult(s);
@@ -56,7 +63,7 @@ struct Proof {
             g, m,
             g.scalarMult(x), m.scalarMult(x),
             a, b,
-            r, c
+            std::move(cr)
         };
     }
 };

main.cpp

@@ -47,9 +47,22 @@ void proofTest() {
     // Init generators (public keys)
     Point g = curve.scalarMult(rand1);
     Point m = curve.scalarMult(rand2);
+    std::coud << "g: " << g.x() << " " < g.y() << "\n";
+    std::coud << "m: " << m.x() << " " < m.y() << "\n";
+
+
+    // Prepare list of random tests
+    std::vector<uint256_t> cList;
+    for (auto k = 0; k < 5; ++k)
+        cList.push_back((uint256_t)rand());
 
     // Proof
-    auto proof = Proof::generate(g, m, x);
+    auto proof = Proof::generate(g, m, x, cList);
+
+    // Print a, b
+    std::cout << "Proof generated\n";
+    std::cout << "a: " << proof.a.x() << " " << proof.a.y() << "\n";
+    std::cout << "b: " << proof.b.x() << " " << proof.b.y() << "\n";
 
     // Validate
     std::cout << "valid for x: " << proof.verify() << "\n";