search

LFDT-Lockness / paillier-zk

Zero-knoledge proofs of some paillier cryptosystem properties for use in CGGMP21
Apache License 2.0
0 stars 1 forks source link

Correctly use +- for remaining proofs as well #18

Closed maurges closed 1 year ago

maurges commented 1 year ago

Changes Пfac and Пdec

Also updated documentation on other proofs to no longer mention l+1 ranges

survived commented 1 year ago

I'm reviewing other proofs as well. I found that in $\Pi^{\text{mod}}$ you deviate from the CGGMP protocol by computing $xi = \sqrt[4]{y\{a_i, b_i}}$ instead of $xi = \sqrt[4]{y\{a_i, b_i}} \mod N$. See my comments in the specs.

survived commented 1 year ago

https://github.com/dfns-labs/paillier-zk/blob/6f0f1757cace1a61336b0d2e1c1ae3f4f1864f1a/src/paillier_blum_modulus.rs#L148-L148

Why not using BigNumber::inverse? I.e.

let n_inverse = n.inverse(&phi).ok_or(Error::NotInversible)?;
maurges commented 1 year ago

Regarding sqrt: you are wrong, it is a modulo square root. But it seems I do deviate from the paper in another place, which you pointed out.

survived commented 1 year ago

Ah yes, github code wrongly pointed out to definition of sqrt, it showed crate::common::sqrt. I'll use IDE instead :)

But it seems I do deviate from the paper in another place, which you pointed out.

Where?

maurges commented 1 year ago

where

The one with y_{a,b}. Actually since we then immediately do a modulo square root of that, I think this change I made is correct. Let me think for some time and I'll update the writeup

maurges commented 1 year ago

Yep, it seems to me I made a correct change with calculating y'. Updated the writeup.

maurges commented 1 year ago

Why not using BigNumber::inverse

Fixed. Why was that not a comment in code? =)

survived commented 1 year ago

Fixed. Why was that not a comment in code? =)

I can't comment code that hasn't been modified :(

survived commented 1 year ago

I've reviewed mod, and fac proofs (with specs), looks great! Just one suggestion: can we add a comment where untrivial algorithms like jacobi and blum_sqrt were taken from? Either in the code or in spec

survived commented 1 year ago

I've reviewed mod, and fac proofs (with specs), looks great! Just one suggestion: can we add a comment where untrivial algorithms like jacobi and blum_sqrt were taken from? Either in the code or in spec

I'll make a issue out of that, PR can be merged without it

survived commented 1 year ago

Created #20

maurges commented 1 year ago

Ok, I was just being slow =)