Golang Group.Scalar方法代碼示例

func Shuffle(pi []int, group abstract.Group, g, h abstract.Point, X, Y []abstract.Point,
	rand cipher.Stream) (XX, YY []abstract.Point, P proof.Prover) {

	k := len(X)
	if k != len(Y) {
		panic("X,Y vectors have inconsistent length")
	}

	ps := shuffle.PairShuffle{}
	ps.Init(group, k)

	// Pick a fresh ElGamal blinding factor for each pair
	beta := make([]abstract.Scalar, k)
	for i := 0; i < k; i++ {
		beta[i] = group.Scalar().Pick(rand)
	}

	// Create the output pair vectors
	Xbar := make([]abstract.Point, k)
	Ybar := make([]abstract.Point, k)
	for i := 0; i < k; i++ {
		Xbar[i] = group.Point().Mul(g, beta[pi[i]])
		Xbar[i].Add(Xbar[i], X[pi[i]])
		Ybar[i] = group.Point().Mul(h, beta[pi[i]])
		Ybar[i].Add(Ybar[i], Y[pi[i]])
	}

	prover := func(ctx proof.ProverContext) error {
		return ps.Prove(pi, g, h, beta, X, Y, rand, ctx)
	}
	return Xbar, Ybar, prover
}

func EncryptPoint(g abstract.Group, msgPt abstract.Point, pk abstract.Point) (abstract.Point, abstract.Point) {
	k := g.Scalar().Pick(random.Stream)
	c1 := g.Point().Mul(nil, k)
	c2 := g.Point().Mul(pk, k)
	c2 = c2.Add(c2, msgPt)
	return c1, c2
}

func NewGroupBench(g abstract.Group) *GroupBench {
	var gb GroupBench
	gb.g = g
	gb.x = g.Scalar().Pick(random.Stream)
	gb.y = g.Scalar().Pick(random.Stream)
	gb.xe, _ = gb.x.MarshalBinary()
	gb.X, _ = g.Point().Pick(nil, random.Stream)
	gb.Y, _ = g.Point().Pick(nil, random.Stream)
	gb.Xe, _ = gb.X.MarshalBinary()
	return &gb
}

// Create a fresh sharing polynomial in the Scalar space of a given group.
// Shares the provided Scalar s, or picks a random one if s == nil.
func (p *PriPoly) Pick(g abstract.Group, k int, s0 abstract.Scalar,
	rand cipher.Stream) *PriPoly {
	p.g = g
	s := make([]abstract.Scalar, k)
	if s0 == nil { // Choose secret to share if none provided
		s0 = g.Scalar().Pick(rand)
	}
	s[0] = s0
	for i := 1; i < k; i++ {
		s[i] = g.Scalar().Pick(rand)
	}
	p.s = s
	return p
}

func EncryptKey(g abstract.Group, msgPt abstract.Point, pks []abstract.Point) (abstract.Point, abstract.Point) {
	k := g.Scalar().Pick(random.Stream)
	c1 := g.Point().Mul(nil, k)
	var c2 abstract.Point = nil
	for _, pk := range pks {
		if c2 == nil {
			c2 = g.Point().Mul(pk, k)
		} else {
			c2 = c2.Add(c2, g.Point().Mul(pk, k))
		}
	}
	c2 = c2.Add(c2, msgPt)
	return c1, c2
}

func testScalarClone(g abstract.Group, rand cipher.Stream) {
	N := 1000
	one := g.Scalar().One()
	for i := 0; i < N; i++ {
		s1 := g.Scalar().Pick(rand)
		s2 := s1.Clone()
		if !s1.Equal(s2) {
			panic("Clone didn't create a scalar s2 with same value as s1's.")
		}
		if !s1.Equal(one) {
			s1.Mul(s1, s1)
			if s1.Equal(s2) {
				panic("Modifying s1 shouldn't modify s2")
			}
		}
	}
}

func Encrypt(g abstract.Group, msg []byte, pks []abstract.Point) ([]abstract.Point, []abstract.Point) {
	c1s := []abstract.Point{}
	c2s := []abstract.Point{}
	var msgPt abstract.Point
	remainder := msg
	for len(remainder) != 0 {
		msgPt, remainder = g.Point().Pick(remainder, random.Stream)
		k := g.Scalar().Pick(random.Stream)
		c1 := g.Point().Mul(nil, k)
		var c2 abstract.Point = nil
		for _, pk := range pks {
			if c2 == nil {
				c2 = g.Point().Mul(pk, k)
			} else {
				c2 = c2.Add(c2, g.Point().Mul(pk, k))
			}
		}
		c2 = c2.Add(c2, msgPt)
		c1s = append(c1s, c1)
		c2s = append(c2s, c2)
	}
	return c1s, c2s
}

// Simple helper to compute G^{ab-cd} for Theta vector computation.
func thenc(grp abstract.Group, G abstract.Point,
	a, b, c, d abstract.Scalar) abstract.Point {

	var ab, cd abstract.Scalar
	if a != nil {
		ab = grp.Scalar().Mul(a, b)
	} else {
		ab = grp.Scalar().Zero()
	}
	if c != nil {
		if d != nil {
			cd = grp.Scalar().Mul(c, d)
		} else {
			cd = c
		}
	} else {
		cd = grp.Scalar().Zero()
	}
	return grp.Point().Mul(G, ab.Sub(ab, cd))
}

// Apply a generic set of validation tests to a cryptographic Group,
// using a given source of [pseudo-]randomness.
//
// Returns a log of the pseudorandom Points produced in the test,
// for comparison across alternative implementations
// that are supposed to be equivalent.
//
func testGroup(g abstract.Group, rand cipher.Stream) []abstract.Point {
	//	fmt.Printf("\nTesting group '%s': %d-byte Point, %d-byte Scalar\n",
	//			g.String(), g.PointLen(), g.ScalarLen())

	points := make([]abstract.Point, 0)
	ptmp := g.Point()
	stmp := g.Scalar()
	pzero := g.Point().Null()
	szero := g.Scalar().Zero()
	sone := g.Scalar().One()

	// Do a simple Diffie-Hellman test
	s1 := g.Scalar().Pick(rand)
	s2 := g.Scalar().Pick(rand)
	if s1.Equal(s2) {
		panic("uh-oh, not getting unique secrets!")
	}

	gen := g.Point().Base()
	points = append(points, gen)

	// Verify additive and multiplicative identities of the generator.
	ptmp.Mul(nil, stmp.SetInt64(-1)).Add(ptmp, gen)
	if !ptmp.Equal(pzero) {
		panic("oops, generator additive identity doesn't work")
	}
	if g.PrimeOrder() { // secret.Inv works only in prime-order groups
		ptmp.Mul(nil, stmp.SetInt64(2)).Mul(ptmp, stmp.Inv(stmp))
		if !ptmp.Equal(gen) {
			panic("oops, generator multiplicative identity doesn't work")
		}
	}

	p1 := g.Point().Mul(gen, s1)
	p2 := g.Point().Mul(gen, s2)
	if p1.Equal(p2) {
		panic("uh-oh, encryption isn't producing unique points!")
	}
	points = append(points, p1)

	dh1 := g.Point().Mul(p1, s2)
	dh2 := g.Point().Mul(p2, s1)
	if !dh1.Equal(dh2) {
		panic("Diffie-Hellman didn't work")
	}
	points = append(points, dh1)
	//println("shared secret = ",dh1.String())

	// Test secret inverse to get from dh1 back to p1
	if g.PrimeOrder() {
		ptmp.Mul(dh1, g.Scalar().Inv(s2))
		if !ptmp.Equal(p1) {
			panic("Scalar inverse didn't work")
		}
	}

	// Zero and One identity secrets
	//println("dh1^0 = ",ptmp.Mul(dh1, szero).String())
	if !ptmp.Mul(dh1, szero).Equal(pzero) {
		panic("Encryption with secret=0 didn't work")
	}
	if !ptmp.Mul(dh1, sone).Equal(dh1) {
		panic("Encryption with secret=1 didn't work")
	}

	// Additive homomorphic identities
	ptmp.Add(p1, p2)
	stmp.Add(s1, s2)
	pt2 := g.Point().Mul(gen, stmp)
	if !pt2.Equal(ptmp) {
		panic("Additive homomorphism doesn't work")
	}
	ptmp.Sub(p1, p2)
	stmp.Sub(s1, s2)
	pt2.Mul(gen, stmp)
	if !pt2.Equal(ptmp) {
		panic("Additive homomorphism doesn't work")
	}
	st2 := g.Scalar().Neg(s2)
	st2.Add(s1, st2)
	if !stmp.Equal(st2) {
		panic("Scalar.Neg doesn't work")
	}
	pt2.Neg(p2).Add(pt2, p1)
	if !pt2.Equal(ptmp) {
		panic("Point.Neg doesn't work")
	}

	// Multiplicative homomorphic identities
	stmp.Mul(s1, s2)
	if !ptmp.Mul(gen, stmp).Equal(dh1) {
		panic("Multiplicative homomorphism doesn't work")
	}
//.........這裏部分代碼省略.........

/* This file is a testing suite for sharing.go. It provides multiple test cases
 * for ensuring that encryption schemes built upon this package such as Shamir
 * secret sharing are safe and secure.
 *
 * The tests can also serve as references for how to work with this library.
 */

/* Global Variables */

var group abstract.Group = new(edwards.ExtendedCurve).Init(
	edwards.Param25519(), false)
var altGroup abstract.Group = new(edwards.ProjectiveCurve).Init(
	edwards.ParamE382(), false)
var k int = 10
var n int = 20
var secret = group.Scalar().Pick(random.Stream)
var point = group.Point().Mul(group.Point().Base(), secret)
var altSecret = altGroup.Scalar().Pick(random.Stream)
var altPoint = altGroup.Point().Mul(altGroup.Point().Base(), altSecret)

/* Setup Functions
 *
 * These functions provide greater modularity by consolidating commonly used
 * setup tasks.
 *
 * Not every function uses these methods, since they may have unique set-up
 * needs that do not warrant their own set-up function.
 */

// Tests that checks whether a method panics can use this funcition
func deferTest(t *testing.T, message string) {