majurity-protocol-0.0.10.20191104: A cryptographic protocol for the Majority Judgment.
Safe HaskellNone
LanguageHaskell2010

Voting.Protocol.Cryptography

Synopsis

Type PublicKey

Type SecretKey

Type Hash

newtype Hash crypto c Source #

Constructors

Hash (E crypto c) 

Instances

Instances details
Eq (Hash crypto c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

(==) :: Hash crypto c -> Hash crypto c -> Bool #

(/=) :: Hash crypto c -> Hash crypto c -> Bool #

Ord (Hash crypto c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

compare :: Hash crypto c -> Hash crypto c -> Ordering #

(<) :: Hash crypto c -> Hash crypto c -> Bool #

(<=) :: Hash crypto c -> Hash crypto c -> Bool #

(>) :: Hash crypto c -> Hash crypto c -> Bool #

(>=) :: Hash crypto c -> Hash crypto c -> Bool #

max :: Hash crypto c -> Hash crypto c -> Hash crypto c #

min :: Hash crypto c -> Hash crypto c -> Hash crypto c #

Show (Hash crypto c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

showsPrec :: Int -> Hash crypto c -> ShowS #

show :: Hash crypto c -> String #

showList :: [Hash crypto c] -> ShowS #

NFData (Hash crypto c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: Hash crypto c -> () #

hash :: CryptoParams crypto c => ByteString -> [G crypto c] -> E crypto c Source #

(hash bs gs) returns as a number in E the SHA256 hash of the given ByteString bs prefixing the decimal representation of given subgroup elements gs, with a comma (",") intercalated between them.

NOTE: to avoid any collision when the hash function is used in different contexts, a message gs is actually prefixed by a bs indicating the context.

Used by proveEncryption and verifyEncryption, where the bs usually contains the statement to be proven, and the gs contains the commitments.

decodeBigEndian :: ByteString -> Natural Source #

(decodeBigEndian bs) interpret bs as big-endian number.

Type Base64SHA256

newtype Base64SHA256 Source #

Constructors

Base64SHA256 Text 

Instances

Instances details
Eq Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Ord Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Show Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Generic Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep Base64SHA256 :: Type -> Type #

ToJSON Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

FromJSON Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

NFData Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: Base64SHA256 -> () #

type Rep Base64SHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep Base64SHA256 = D1 ('MetaData "Base64SHA256" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'True) (C1 ('MetaCons "Base64SHA256" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))

base64SHA256 :: ByteString -> Base64SHA256 Source #

(base64SHA256 bs) returns the SHA256 hash of the given ByteString bs, as a Text escaped in base64 encoding (RFC 4648).

Type HexSHA256

newtype HexSHA256 Source #

Constructors

HexSHA256 Text 

Instances

Instances details
Eq HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Ord HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Show HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Generic HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep HexSHA256 :: Type -> Type #

ToJSON HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

FromJSON HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

NFData HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: HexSHA256 -> () #

type Rep HexSHA256 Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep HexSHA256 = D1 ('MetaData "HexSHA256" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'True) (C1 ('MetaCons "HexSHA256" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))

hexSHA256 :: ByteString -> Text Source #

(hexSHA256 bs) returns the SHA256 hash of the given ByteString bs, escaped in hexadecimal into a Text of 32 lowercase characters.

Used (in retro-dependencies of this library) to hash the PublicKey of a voter or a trustee.

Random

randomR :: Monad m => RandomGen r => Random i => Ring i => i -> StateT r m i Source #

(randomR i) returns a random integer in [0..i-1].

random :: Monad m => RandomGen r => Random i => Bounded i => StateT r m i Source #

(random) returns a random integer in the range determined by its type.

Type Encryption

data Encryption crypto v c Source #

ElGamal-like encryption. Its security relies on the Discrete Logarithm problem.

Because (groupGen ^encNonce ^secKey == groupGen ^secKey ^encNonce), knowing secKey, one can divide encryption_vault by (encryption_nonce ^secKey) to decipher (groupGen ^clear), then the clear text must be small to be decryptable, because it is encrypted as a power of groupGen (hence the "-like" in "ElGamal-like") to enable the additive homomorphism.

NOTE: Since (encryption_vault * encryption_nonce == encryption_nonce ^ (secKey + clear)), then: (logBase encryption_nonce (encryption_vault * encryption_nonce) == secKey + clear).

Constructors

Encryption 

Fields

Instances

Instances details
Eq (G crypto c) => Eq (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

(==) :: Encryption crypto v c -> Encryption crypto v c -> Bool #

(/=) :: Encryption crypto v c -> Encryption crypto v c -> Bool #

(Show (G crypto c), Show (G crypto c)) => Show (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

showsPrec :: Int -> Encryption crypto v c -> ShowS #

show :: Encryption crypto v c -> String #

showList :: [Encryption crypto v c] -> ShowS #

Generic (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep (Encryption crypto v c) :: Type -> Type #

Methods

from :: Encryption crypto v c -> Rep (Encryption crypto v c) x #

to :: Rep (Encryption crypto v c) x -> Encryption crypto v c #

(Reifies v Version, CryptoParams crypto c) => ToJSON (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

toJSON :: Encryption crypto v c -> Value #

toEncoding :: Encryption crypto v c -> Encoding #

toJSONList :: [Encryption crypto v c] -> Value #

toEncodingList :: [Encryption crypto v c] -> Encoding #

(Reifies v Version, CryptoParams crypto c) => FromJSON (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

parseJSON :: Value -> Parser (Encryption crypto v c) #

parseJSONList :: Value -> Parser [Encryption crypto v c] #

NFData (G crypto c) => NFData (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: Encryption crypto v c -> () #

CryptoParams crypto c => Additive (Encryption crypto v c) Source #

Additive homomorphism. Using the fact that: groupGen ^x * groupGen ^y == groupGen ^(x+y).

Instance details

Defined in Voting.Protocol.Cryptography

Methods

zero :: Encryption crypto v c Source #

(+) :: Encryption crypto v c -> Encryption crypto v c -> Encryption crypto v c Source #

sum :: Foldable f => f (Encryption crypto v c) -> Encryption crypto v c Source #

type Rep (Encryption crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep (Encryption crypto v c) = D1 ('MetaData "Encryption" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'False) (C1 ('MetaCons "Encryption" 'PrefixI 'True) (S1 ('MetaSel ('Just "encryption_nonce") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (G crypto c)) :*: S1 ('MetaSel ('Just "encryption_vault") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (G crypto c))))

Type EncryptionNonce

encrypt :: Reifies v Version => CryptoParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> E crypto c -> StateT r m (EncryptionNonce crypto c, Encryption crypto v c) Source #

(encrypt pubKey clear) returns an ElGamal-like Encryption.

WARNING: the secret encryption nonce (encNonce) is returned alongside the Encryption in order to prove the validity of the encrypted clear text in proveEncryption, but this secret encNonce MUST be forgotten after that, as it may be used to decipher the Encryption without the SecretKey associated with pubKey.

Type Proof

data Proof crypto v c Source #

Non-Interactive Zero-Knowledge Proof of knowledge of a discrete logarithm: (secret == logBase base (base^secret)).

Constructors

Proof 

Fields

Instances

Instances details
Eq (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

(==) :: Proof crypto v c -> Proof crypto v c -> Bool #

(/=) :: Proof crypto v c -> Proof crypto v c -> Bool #

Show (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

showsPrec :: Int -> Proof crypto v c -> ShowS #

show :: Proof crypto v c -> String #

showList :: [Proof crypto v c] -> ShowS #

Generic (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep (Proof crypto v c) :: Type -> Type #

Methods

from :: Proof crypto v c -> Rep (Proof crypto v c) x #

to :: Rep (Proof crypto v c) x -> Proof crypto v c #

Reifies v Version => ToJSON (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

toJSON :: Proof crypto v c -> Value #

toEncoding :: Proof crypto v c -> Encoding #

toJSONList :: [Proof crypto v c] -> Value #

toEncodingList :: [Proof crypto v c] -> Encoding #

(CryptoParams crypto c, Reifies v Version) => FromJSON (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

parseJSON :: Value -> Parser (Proof crypto v c) #

parseJSONList :: Value -> Parser [Proof crypto v c] #

NFData (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: Proof crypto v c -> () #

type Rep (Proof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep (Proof crypto v c) = D1 ('MetaData "Proof" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'False) (C1 ('MetaCons "Proof" 'PrefixI 'True) (S1 ('MetaSel ('Just "proof_challenge") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (Challenge crypto c)) :*: S1 ('MetaSel ('Just "proof_response") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (E crypto c))))

Type ZKP

newtype ZKP Source #

Zero-knowledge proof.

A protocol is zero-knowledge if the verifier learns nothing from the protocol except that the prover knows the secret.

DOC: Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM-CCS’93, 1993.

Constructors

ZKP ByteString 

Type Challenge

Type Oracle

type Oracle list crypto c = list (Commitment crypto c) -> Challenge crypto c Source #

prove :: forall crypto v c list m r. Reifies v Version => CryptoParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c) Source #

(prove sec commitmentBases oracle) returns a Proof that sec is known (by proving the knowledge of its discrete logarithm).

The Oracle is given Commitments equal to the commitmentBases raised to the power of the secret nonce of the Proof, as those are the Commitments that the verifier will obtain when composing the proof_challenge and proof_response together (with commit).

WARNING: for prove to be a so-called strong Fiat-Shamir transformation (not a weak): the statement must be included in the hash (along with the commitments).

NOTE: a random nonce is used to ensure each prove does not reveal any information regarding the secret sec, because two Proofs using the same Commitment can be used to deduce sec (using the special-soundness).

proveQuicker :: Reifies v Version => CryptoParams crypto c => Monad m => RandomGen r => Functor list => E crypto c -> list (G crypto c) -> Oracle list crypto c -> StateT r m (Proof crypto v c) Source #

Like prove but quicker. It should replace prove entirely when Helios-C specifications will be fixed.

fakeProof :: CryptoParams crypto c => Monad m => RandomGen r => StateT r m (Proof crypto v c) Source #

(fakeProof) returns a Proof whose proof_challenge and proof_response are uniformly chosen at random, instead of (proof_challenge == hash statement commitments) and (proof_response == nonce + sec * proof_challenge) as a Proof returned by prove.

Used in proveEncryption to fill the returned DisjProof with fake Proofs for all Disjunctions but the encrypted one.

Type Commitment

type Commitment = G Source #

A commitment from the prover to the verifier. It's a power of groupGen chosen randomly by the prover when making a Proof with prove.

commit :: forall crypto v c. Reifies v Version => CryptoParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c Source #

(commit proof base basePowSec) returns a Commitment from the given Proof with the knowledge of the verifier.

commitQuicker :: CryptoParams crypto c => Proof crypto v c -> G crypto c -> G crypto c -> Commitment crypto c Source #

Like commit but quicker. It chould replace commit entirely when Helios-C specifications will be fixed.

Type Disjunction

type Disjunction = G Source #

A Disjunction is an inversed (groupGen ^opinion) it's used in proveEncryption to generate a Proof that an encryption_vault contains a given (groupGen ^opinion),

booleanDisjunctions :: forall crypto c. CryptoParams crypto c => [Disjunction crypto c] Source #

intervalDisjunctions :: forall crypto c. CryptoParams crypto c => Natural -> Natural -> [Disjunction crypto c] Source #

Type DisjProof

newtype DisjProof crypto v c Source #

A list of Proofs to prove that the opinion within an Encryption is indexing a Disjunction within a list of them, without revealing which opinion it is.

Constructors

DisjProof [Proof crypto v c] 

Instances

Instances details
Eq (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

(==) :: DisjProof crypto v c -> DisjProof crypto v c -> Bool #

(/=) :: DisjProof crypto v c -> DisjProof crypto v c -> Bool #

Show (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

showsPrec :: Int -> DisjProof crypto v c -> ShowS #

show :: DisjProof crypto v c -> String #

showList :: [DisjProof crypto v c] -> ShowS #

Generic (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep (DisjProof crypto v c) :: Type -> Type #

Methods

from :: DisjProof crypto v c -> Rep (DisjProof crypto v c) x #

to :: Rep (DisjProof crypto v c) x -> DisjProof crypto v c #

Reifies v Version => ToJSON (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

toJSON :: DisjProof crypto v c -> Value #

toEncoding :: DisjProof crypto v c -> Encoding #

toJSONList :: [DisjProof crypto v c] -> Value #

toEncodingList :: [DisjProof crypto v c] -> Encoding #

(Reifies v Version, CryptoParams crypto c) => FromJSON (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

parseJSON :: Value -> Parser (DisjProof crypto v c) #

parseJSONList :: Value -> Parser [DisjProof crypto v c] #

NFData (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: DisjProof crypto v c -> () #

type Rep (DisjProof crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep (DisjProof crypto v c) = D1 ('MetaData "DisjProof" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'True) (C1 ('MetaCons "DisjProof" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 [Proof crypto v c])))

proveEncryption :: Reifies v Version => CryptoParams crypto c => Monad m => RandomGen r => PublicKey crypto c -> ZKP -> ([Disjunction crypto c], [Disjunction crypto c]) -> (EncryptionNonce crypto c, Encryption crypto v c) -> StateT r m (DisjProof crypto v c) Source #

(proveEncryption elecPubKey voterZKP (prevDisjs,nextDisjs) (encNonce,enc)) returns a DisjProof that enc encrypts the Disjunction d between prevDisjs and nextDisjs.

The prover proves that it knows an encNonce, such that: (enc == Encryption{encryption_nonce=groupGen ^encNonce, encryption_vault=elecPubKey^encNonce * groupGen^d})

A NIZK Disjunctive Chaum Pedersen Logarithm Equality is used.

DOC: Pierrick Gaudry. Some ZK security proofs for Belenios, 2017.

verifyEncryption :: Reifies v Version => CryptoParams crypto c => Monad m => PublicKey crypto c -> ZKP -> [Disjunction crypto c] -> (Encryption crypto v c, DisjProof crypto v c) -> ExceptT ErrorVerifyEncryption m Bool Source #

Hashing

encryptionCommitments :: Reifies v Version => CryptoParams crypto c => PublicKey crypto c -> Encryption crypto v c -> Disjunction crypto c -> Proof crypto v c -> [G crypto c] Source #

(encryptionCommitments elecPubKey enc disj proof) returns the Commitments with only the knowledge of the verifier.

For the prover the Proof comes from fakeProof, and for the verifier the Proof comes from the prover.

Type ErrorVerifyEncryption

Type Signature

data Signature crypto v c Source #

Schnorr-like signature.

Used by each voter to sign his/her encrypted Ballot using his/her Credential, in order to avoid ballot stuffing.

Constructors

Signature 

Fields

Instances

Instances details
Generic (Signature crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Associated Types

type Rep (Signature crypto v c) :: Type -> Type #

Methods

from :: Signature crypto v c -> Rep (Signature crypto v c) x #

to :: Rep (Signature crypto v c) x -> Signature crypto v c #

(Reifies v Version, CryptoParams crypto c) => ToJSON (Signature crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

toJSON :: Signature crypto v c -> Value #

toEncoding :: Signature crypto v c -> Encoding #

toJSONList :: [Signature crypto v c] -> Value #

toEncodingList :: [Signature crypto v c] -> Encoding #

(Reifies v Version, CryptoParams crypto c) => FromJSON (Signature crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

parseJSON :: Value -> Parser (Signature crypto v c) #

parseJSONList :: Value -> Parser [Signature crypto v c] #

(NFData crypto, NFData (G crypto c)) => NFData (Signature crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

Methods

rnf :: Signature crypto v c -> () #

type Rep (Signature crypto v c) Source # 
Instance details

Defined in Voting.Protocol.Cryptography

type Rep (Signature crypto v c) = D1 ('MetaData "Signature" "Voting.Protocol.Cryptography" "majurity-protocol-0.0.10.20191104-inplace" 'False) (C1 ('MetaCons "Signature" 'PrefixI 'True) (S1 ('MetaSel ('Just "signature_publicKey") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (PublicKey crypto c)) :*: S1 ('MetaSel ('Just "signature_proof") 'NoSourceUnpackedness 'SourceStrict 'DecidedStrict) (Rec0 (Proof crypto v c))))