-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathHashedDDH.game
More file actions
68 lines (59 loc) · 1.8 KB
/
HashedDDH.game
File metadata and controls
68 lines (59 loc) · 1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Hashed Decisional Diffie-Hellman assumption.
// Counter-based single-challenge version: Challenge() may be called at most
// once (subsequent calls return None). Same Initialize/Hash/Challenge
// interface as HashedDDHMultiChal so a hybrid argument can lift this to
// HashedDDHMultiChal.
// Left: (pk, g^r, H(pk^r)) Right: (pk, g^r, random)
Game Left(Group G, Int n, Function<GroupElem<G>, BitString<n>> H) {
GroupElem<G> pk;
GroupElem<G> gr_saved;
BitString<n> val_saved;
Int count;
GroupElem<G> Initialize() {
ModInt<G.order> a <- ModInt<G.order>;
pk = G.generator ^ a;
ModInt<G.order> r <- ModInt<G.order>;
gr_saved = G.generator ^ r;
val_saved = H(pk ^ r);
count = 0;
return pk;
}
BitString<n> Hash(GroupElem<G> x) {
return H(x);
}
[GroupElem<G>, BitString<n>]? Challenge() {
[GroupElem<G>, BitString<n>]? result = None;
count = count + 1;
if (count == 1) {
result = [gr_saved, val_saved];
}
return result;
}
}
Game Right(Group G, Int n, Function<GroupElem<G>, BitString<n>> H) {
GroupElem<G> pk;
GroupElem<G> gr_saved;
BitString<n> val_saved;
Int count;
GroupElem<G> Initialize() {
ModInt<G.order> a <- ModInt<G.order>;
pk = G.generator ^ a;
ModInt<G.order> r <- ModInt<G.order>;
gr_saved = G.generator ^ r;
val_saved <- BitString<n>;
count = 0;
return pk;
}
BitString<n> Hash(GroupElem<G> x) {
return H(x);
}
[GroupElem<G>, BitString<n>]? Challenge() {
[GroupElem<G>, BitString<n>]? result = None;
count = count + 1;
if (count == 1) {
result = [gr_saved, val_saved];
}
return result;
}
}
export as HashedDDH;