本文整理汇总了C++中CBigNum::pow_mod方法的典型用法代码示例。如果您正苦于以下问题:C++ CBigNum::pow_mod方法的具体用法?C++ CBigNum::pow_mod怎么用?C++ CBigNum::pow_mod使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类CBigNum的用法示例。
在下文中一共展示了CBigNum::pow_mod方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: hasher
/** Verifies that a commitment c is accumulated in accumulator a
*/
bool AccumulatorProofOfKnowledge:: Verify(const Accumulator& a, const CBigNum& valueOfCommitmentToCoin) const {
CBigNum sg = params->accumulatorPoKCommitmentGroup.g;
CBigNum sh = params->accumulatorPoKCommitmentGroup.h;
CBigNum g_n = params->accumulatorQRNCommitmentGroup.g;
CBigNum h_n = params->accumulatorQRNCommitmentGroup.h;
//According to the proof, this hash should be of length k_prime bits. It is currently greater than that, which should not be a problem, but we should check this.
CHashWriter hasher(0,0);
hasher << *params << sg << sh << g_n << h_n << valueOfCommitmentToCoin << C_e << C_u << C_r << st_1 << st_2 << st_3 << t_1 << t_2 << t_3 << t_4;
CBigNum c = CBigNum(hasher.GetHash()); //this hash should be of length k_prime bits
CBigNum st_1_prime = (valueOfCommitmentToCoin.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * sg.pow_mod(s_alpha, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_phi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
CBigNum st_2_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * ((valueOfCommitmentToCoin * sg.inverse(params->accumulatorPoKCommitmentGroup.modulus)).pow_mod(s_gamma, params->accumulatorPoKCommitmentGroup.modulus)) * sh.pow_mod(s_psi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
CBigNum st_3_prime = (sg.pow_mod(c, params->accumulatorPoKCommitmentGroup.modulus) * (sg * valueOfCommitmentToCoin).pow_mod(s_sigma, params->accumulatorPoKCommitmentGroup.modulus) * sh.pow_mod(s_xi, params->accumulatorPoKCommitmentGroup.modulus)) % params->accumulatorPoKCommitmentGroup.modulus;
CBigNum t_1_prime = (C_r.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_zeta, params->accumulatorModulus) * g_n.pow_mod(s_epsilon, params->accumulatorModulus)) % params->accumulatorModulus;
CBigNum t_2_prime = (C_e.pow_mod(c, params->accumulatorModulus) * h_n.pow_mod(s_eta, params->accumulatorModulus) * g_n.pow_mod(s_alpha, params->accumulatorModulus)) % params->accumulatorModulus;
CBigNum t_3_prime = ((a.getValue()).pow_mod(c, params->accumulatorModulus) * C_u.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;
CBigNum t_4_prime = (C_r.pow_mod(s_alpha, params->accumulatorModulus) * ((h_n.inverse(params->accumulatorModulus)).pow_mod(s_delta, params->accumulatorModulus)) * ((g_n.inverse(params->accumulatorModulus)).pow_mod(s_beta, params->accumulatorModulus))) % params->accumulatorModulus;
bool result_st1 = (st_1 == st_1_prime);
bool result_st2 = (st_2 == st_2_prime);
bool result_st3 = (st_3 == st_3_prime);
bool result_t1 = (t_1 == t_1_prime);
bool result_t2 = (t_2 == t_2_prime);
bool result_t3 = (t_3 == t_3_prime);
bool result_t4 = (t_4 == t_4_prime);
bool result_range = ((s_alpha >= -(params->maxCoinValue * CBigNum(2).pow(params->k_prime + params->k_dprime + 1))) && (s_alpha <= (params->maxCoinValue * CBigNum(2).pow(params->k_prime + params->k_dprime + 1))));
return result_st1 && result_st2 && result_st3 && result_t1 && result_t2 && result_t3 && result_t4 && result_range;
}示例2: Verify
bool SerialNumberSignatureOfKnowledge::Verify(const CBigNum& coinSerialNumber, const CBigNum& valueOfCommitmentToCoin,
const uint256 msghash) const {
CBigNum a = params->coinCommitmentGroup.g;
CBigNum b = params->coinCommitmentGroup.h;
CBigNum g = params->serialNumberSoKCommitmentGroup.g;
CBigNum h = params->serialNumberSoKCommitmentGroup.h;
CHashWriter hasher(0,0);
hasher << *params << valueOfCommitmentToCoin << coinSerialNumber << msghash;
vector<CBigNum> tprime(params->zkp_iterations);
unsigned char *hashbytes = (unsigned char*) &this->hash;
for(uint32_t i = 0; i < params->zkp_iterations; i++) {
int bit = i % 8;
int byte = i / 8;
bool challenge_bit = ((hashbytes[byte] >> bit) & 0x01);
if(challenge_bit) {
tprime[i] = challengeCalculation(coinSerialNumber, s_notprime[i], SeedTo1024(sprime[i].getuint256()));
} else {
CBigNum exp = b.pow_mod(s_notprime[i], params->serialNumberSoKCommitmentGroup.groupOrder);
tprime[i] = ((valueOfCommitmentToCoin.pow_mod(exp, params->serialNumberSoKCommitmentGroup.modulus) % params->serialNumberSoKCommitmentGroup.modulus) *
(h.pow_mod(sprime[i], params->serialNumberSoKCommitmentGroup.modulus) % params->serialNumberSoKCommitmentGroup.modulus)) %
params->serialNumberSoKCommitmentGroup.modulus;
}
}
for(uint32_t i = 0; i < params->zkp_iterations; i++) {
hasher << tprime[i];
}
return hasher.GetHash() == hash;
}示例3: challengeCalculation
inline CBigNum SerialNumberSignatureOfKnowledge::challengeCalculation(const CBigNum& a_exp,const CBigNum& b_exp,
const CBigNum& h_exp) const {
CBigNum a = params->coinCommitmentGroup.g;
CBigNum b = params->coinCommitmentGroup.h;
CBigNum g = params->serialNumberSoKCommitmentGroup.g;
CBigNum h = params->serialNumberSoKCommitmentGroup.h;
CBigNum exponent = (a.pow_mod(a_exp, params->serialNumberSoKCommitmentGroup.groupOrder)
* b.pow_mod(b_exp, params->serialNumberSoKCommitmentGroup.groupOrder)) % params->serialNumberSoKCommitmentGroup.groupOrder;
return (g.pow_mod(exponent, params->serialNumberSoKCommitmentGroup.modulus) * h.pow_mod(h_exp, params->serialNumberSoKCommitmentGroup.modulus)) % params->serialNumberSoKCommitmentGroup.modulus;
}示例4: Verify
bool CommitmentProofOfKnowledge::Verify(const CBigNum& A, const CBigNum& B) const
{
// Compute the maximum range of S1, S2, S3 and verify that the given values are
// in a correct range. This might be an unnecessary check.
uint32_t maxSize = 64 * (COMMITMENT_EQUALITY_CHALLENGE_SIZE + COMMITMENT_EQUALITY_SECMARGIN +
std::max(std::max(this->ap->modulus.bitSize(), this->bp->modulus.bitSize()),
std::max(this->ap->groupOrder.bitSize(), this->bp->groupOrder.bitSize())));
if ((uint32_t)this->S1.bitSize() > maxSize ||
(uint32_t)this->S2.bitSize() > maxSize ||
(uint32_t)this->S3.bitSize() > maxSize ||
this->S1 < CBigNum(0) ||
this->S2 < CBigNum(0) ||
this->S3 < CBigNum(0) ||
this->challenge < CBigNum(0) ||
this->challenge > (CBigNum(2).pow(COMMITMENT_EQUALITY_CHALLENGE_SIZE) - CBigNum(1))) {
// Invalid inputs. Reject.
return false;
}
// Compute T1 = g1^S1 * h1^S2 * inverse(A^{challenge}) mod p1
CBigNum T1 = A.pow_mod(this->challenge, ap->modulus).inverse(ap->modulus).mul_mod(
(ap->g.pow_mod(S1, ap->modulus).mul_mod(ap->h.pow_mod(S2, ap->modulus), ap->modulus)),
ap->modulus);
// Compute T2 = g2^S1 * h2^S3 * inverse(B^{challenge}) mod p2
CBigNum T2 = B.pow_mod(this->challenge, bp->modulus).inverse(bp->modulus).mul_mod(
(bp->g.pow_mod(S1, bp->modulus).mul_mod(bp->h.pow_mod(S3, bp->modulus), bp->modulus)),
bp->modulus);
// Hash T1 and T2 along with all of the public parameters
CBigNum computedChallenge = calculateChallenge(A, B, T1, T2);
// Return success if the computed challenge matches the incoming challenge
return computedChallenge == this->challenge;
}示例5: runtime_error
SerialNumberSignatureOfKnowledge::SerialNumberSignatureOfKnowledge(const
ZerocoinParams* p, const PrivateCoin& coin, const Commitment& commitmentToCoin,
uint256 msghash):params(p),
s_notprime(p->zkp_iterations),
sprime(p->zkp_iterations) {
// Sanity check: verify that the order of the "accumulatedValueCommitmentGroup" is
// equal to the modulus of "coinCommitmentGroup". Otherwise we will produce invalid
// proofs.
if (params->coinCommitmentGroup.modulus != params->serialNumberSoKCommitmentGroup.groupOrder) {
throw std::runtime_error("Groups are not structured correctly.");
}
CBigNum a = params->coinCommitmentGroup.g;
CBigNum b = params->coinCommitmentGroup.h;
CBigNum g = params->serialNumberSoKCommitmentGroup.g;
CBigNum h = params->serialNumberSoKCommitmentGroup.h;
CHashWriter hasher(0,0);
hasher << *params << commitmentToCoin.getCommitmentValue() << coin.getSerialNumber() << msghash;
vector<CBigNum> r(params->zkp_iterations);
vector<CBigNum> v_seed(params->zkp_iterations);
vector<CBigNum> v_expanded(params->zkp_iterations);
vector<CBigNum> c(params->zkp_iterations);
for(uint32_t i=0; i < params->zkp_iterations; i++) {
r[i] = CBigNum::randBignum(params->coinCommitmentGroup.groupOrder);
//use a random 256 bit seed that expands to 1024 bit for v[i]
while (true) {
uint256 hashRand = CBigNum::randBignum(CBigNum(~uint256(0))).getuint256();
CBigNum bnExpanded = SeedTo1024(hashRand);
if(bnExpanded > params->serialNumberSoKCommitmentGroup.groupOrder)
continue;
v_seed[i] = CBigNum(hashRand);
v_expanded[i] = bnExpanded;
break;
}
}
for(uint32_t i=0; i < params->zkp_iterations; i++) {
// compute g^{ {a^x b^r} h^v} mod p2
c[i] = challengeCalculation(coin.getSerialNumber(), r[i], v_expanded[i]);
}
// We can't hash data in parallel either
// because OPENMP cannot not guarantee loops
// execute in order.
for(uint32_t i=0; i < params->zkp_iterations; i++) {
hasher << c[i];
}
this->hash = hasher.GetHash();
unsigned char *hashbytes = (unsigned char*) &hash;
for(uint32_t i = 0; i < params->zkp_iterations; i++) {
int bit = i % 8;
int byte = i / 8;
bool challenge_bit = ((hashbytes[byte] >> bit) & 0x01);
if (challenge_bit) {
s_notprime[i] = r[i];
sprime[i] = v_seed[i];
} else {
s_notprime[i] = r[i] - coin.getRandomness();
sprime[i] = v_expanded[i] - (commitmentToCoin.getRandomness() *
b.pow_mod(r[i] - coin.getRandomness(), params->serialNumberSoKCommitmentGroup.groupOrder));
}
}
}