Big refactoring of AMORE.

relic-toolkit · Jan 26, 2025 · ea9d01c · ea9d01c
1 parent a524a82
commit ea9d01c
Show file tree

Hide file tree

Showing 4 changed files with 140 additions and 408 deletions.
diff --git a/bench/bench_cp.c b/bench/bench_cp.c
@@ -876,10 +876,10 @@ static void pdpub(void) {
 #define AGGS 	2
 
 static void pdprv(void) {
-	bn_t r1, r2[3], ls[AGGS * AGGS], cs[AGGS], ks[AGGS];
-	g1_t fs[AGGS], p[AGGS * AGGS], u1[2], v1[3], rs[AGGS * AGGS], ds[AGGS * AGGS];
-	g2_t q[AGGS * AGGS], u2[2], v2[4], w2[4], bs[AGGS * AGGS];
-	gt_t e[2], r, ts[2 * AGGS + 1], g[AGGS * AGGS + 1];
+	bn_t r1, r2[3], ls[AGGS];
+	g1_t fs[AGGS], p[AGGS], u1[2], v1[3], rs[AGGS];
+	g2_t q[AGGS], u2[2], v2[4], w2[4];
+	gt_t e[2], r, ts[AGGS + 1], g[RLC_MAX(4, AGGS + 1)];
 
 	bn_null(r1);
 	gt_null(r);
@@ -907,39 +907,27 @@ static void pdprv(void) {
 		g2_new(w2[i]);
 	}
 	for (size_t i = 0; i < AGGS; i++) {
-		for (size_t j = 0; j < AGGS; j++) {
-			bn_null(ls[i * AGGS + j]);
-			g1_null(p[i * AGGS + j]);
-			g2_null(q[i * AGGS + j]);
-			g1_null(rs[i * AGGS + j]);
-			g1_null(ds[i * AGGS + j]);
-			g2_null(bs[i * AGGS + j]);
-			gt_null(g[i * AGGS + j]);
-			bn_new(ls[i * AGGS + j]);
-			g1_new(p[i * AGGS + j]);
-			g2_new(q[i * AGGS + j]);
-			g1_new(rs[i * AGGS + j]);
-			g1_new(ds[i * AGGS + j]);
-			g2_new(bs[i * AGGS + j]);
-			gt_new(g[i * AGGS + j]);
-			g1_rand(p[i * AGGS + j]);
-			g2_rand(q[i * AGGS + j]);
-		}
-		bn_null(ks[i]);
-		bn_null(cs[i]);
+		bn_null(ls[i]);
+		g1_null(p[i]);
+		g2_null(q[i]);
+		g1_null(rs[i]);
 		g1_null(fs[i]);
 		gt_null(ts[i]);
-		gt_null(ts[i + AGGS]);
-		bn_new(ks[i]);
-		bn_new(cs[i])
+		gt_null(g[i]);
+		bn_new(ls[i]);
+		g1_new(p[i]);
+		g2_new(q[i]);
+		g1_rand(p[i]);
+		g2_rand(q[i]);
+		g1_new(rs[i]);
 		g1_new(fs[i]);
 		gt_new(ts[i]);
-		gt_new(ts[i + AGGS]);
+		gt_new(g[i]);
 	}
-	gt_null(ts[2 * AGGS]);
-	gt_new(ts[2 * AGGS]);
-	gt_null(g[AGGS * AGGS]);
-	gt_new(g[AGGS * AGGS]);
+	gt_null(ts[AGGS]);
+	gt_null(g[AGGS]);
+	gt_new(ts[AGGS]);
+	gt_new(g[AGGS]);
 
 	BENCH_RUN("cp_pdprv_gen") {
 		BENCH_ADD(cp_pdprv_gen(r1, r2, u1, u2, v2, e));
@@ -1002,54 +990,21 @@ static void pdprv(void) {
 	} BENCH_END;
 
 	BENCH_RUN("cp_ambat_gen (AGGS)") {
-		BENCH_ADD(cp_ambat_gen(r1, u1[0], u2[0], e[0]));
+		BENCH_ADD(cp_ambat_gen(r1, u1[0], u2[0], fs[0], e[0]));
 	} BENCH_END;
 
 	BENCH_RUN("cp_ambat_ask (AGGS)") {
-		BENCH_ADD(cp_ambat_ask(ls, rs, u1[1], u2[1], w2[0], r1, p[0], q, u1[0], u2[0], e[0], AGGS));
+		BENCH_ADD(cp_ambat_ask(ls, rs, v1[0], v2[0], w2[0], r1, u1[0], u2[0], fs[0], e[0], p, q, AGGS));
 	} BENCH_END;
 
 	BENCH_RUN("cp_ambat_ans (AGGS)") {
-		BENCH_ADD(cp_ambat_ans(g, rs, u1[1], u2[1], w2[0], q, AGGS));
+		BENCH_ADD(cp_ambat_ans(g, rs, v1[0], v2[0], w2[0], p, q, AGGS));
 	} BENCH_END;
 
 	BENCH_RUN("cp_ambat_ver (AGGS)") {
-		BENCH_ADD(cp_ambat_ver(g, g, ls, e[0], AGGS));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_gen (AGGS)") {
-		BENCH_ADD(cp_amprd_gen(fs[0], r1, u1[0], u2[0], e[0]));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_ask (AGGS)") {
-		BENCH_ADD(cp_amprd_ask(ks, ds, ls, rs, v1[0], v2[0], w2[0], bs, fs[0], r1, u1[0], u2[0], e[0], p, q, 1, AGGS));
+		BENCH_ADD(cp_ambat_ver(g, ls, e[0], AGGS));
 	} BENCH_END;
 
-	BENCH_RUN("cp_amprd_ans (AGGS)") {
-		BENCH_ADD(cp_amprd_ans(g, ts, ds, rs, v1[0], v2[0], w2[0], bs, p, q, 1, AGGS));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_ver (AGGS)") {
-		BENCH_ADD(cp_amprd_ver(g, ts, ks, ls, e[0], 1, AGGS));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_gen (AGGS²)") {
-		BENCH_ADD(cp_amprd_gen(fs[0], r1, u1[0], u2[0], e[0]));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_ask (AGGS²)") {
-		BENCH_ADD(cp_amprd_ask(ks, ds, ls, rs, v1[0], v2[0], w2[0], bs, fs[0], r1, u1[0], u2[0], e[0], p, q, AGGS, AGGS));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_ans (AGGS²)") {
-		BENCH_ADD(cp_amprd_ans(g, ts, ds, rs, v1[0], v2[0], w2[0], bs, p, q, AGGS, AGGS));
-	} BENCH_END;
-
-	BENCH_RUN("cp_amprd_ver (AGGS²)") {
-		BENCH_ADD(cp_amprd_ver(g, ts, ks, ls, e[0], AGGS, AGGS));
-	} BENCH_END;
-
-
 	bn_free(r1);
 	gt_free(r);
 	for (int i = 0; i < 2; i++) {
@@ -1066,24 +1021,16 @@ static void pdprv(void) {
 		g2_free(w2[i]);
 	}
 	for (size_t i = 0; i < AGGS; i++) {
-		for (size_t j = 0; j < AGGS; j++) {
-			bn_free(ls[i * AGGS + j]);
-			g1_free(p[i * AGGS + j]);
-			g2_free(q[i * AGGS + j]);
-			g1_free(rs[i * AGGS + j]);
-			g1_free(ds[i * AGGS + j]);
-			g2_free(bs[i * AGGS + j]);
-			gt_free(g[i * AGGS + j]);
-		}
 		bn_free(ls[i]);
-		bn_free(cs[i]);
-		bn_free(ks[i]);
+		g1_free(p[i]);
+		g2_free(q[i]);
+		g1_free(rs[i]);
 		g1_free(fs[i]);
 		gt_free(ts[i]);
-		gt_free(ts[i + AGGS]);
+		gt_free(g[i]);
 	}
-	gt_free(ts[2 * AGGS]);
-	gt_free(g[AGGS * AGGS]);
+	gt_free(ts[AGGS]);
+	gt_free(g[AGGS]);
 }
 
 static void sokaka(void) {

diff --git a/include/relic_cp.h b/include/relic_cp.h
@@ -1480,137 +1480,63 @@ int cp_mvbat_ans(gt_t *as, const g1_t p0, const g1_t *ps, const g2_t q0,
 int cp_mvbat_ver(gt_t *rs, const gt_t *as, const gt_t *e, size_t m);
 
 /**
- * Generates parameters for the AMORE batch pairing delegation protocol.
+ * Generates parameters for the AMORE batch pairing delegation protocol to
+ * compute m pairings.
  *
- * @param[out] r			- the randomness.
- * @param[out] u			- the mask in G_1.
- * @param[out] v			- the mask in G_2.
- * @param[out] e			- the precomputed value e(U1, U2).
- * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
- */
-int cp_ambat_gen(bn_t r, g1_t u, g2_t v, gt_t e);
-
-/**
- * Executes the client-side request for the AMORE batch pairing delegation
- * protocol.
- *
- * @param[out] ls			- the challenges.
- * @param[out] rs			- the group elements computed by the client.
- * @param[out] a			- the element in G_1 computed by the client.
- * @param[out] b			- the element in G_2 computed by the client.
- * @param[out] c			- the element in G_2 computed by the client.
- * @param[in] r				- the randomness.
- * @param[in] p				- the first argument of the pairing.
- * @param[in] q				- the second arguments of the pairing.
- * @param[in] u				- the U1 precomputed value in G_1.
- * @param[in] v				- the U2 precomputed value in G_2.
- * @param[in] e				- the precomputed value e(U1, U2).
- * @param[in] m				- the number of pairings delegated in the batch.
- * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
- */
-int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t c, const bn_t r, 
-		const g1_t p, const g2_t *q, const g1_t u, const g2_t v, const gt_t e,
-		size_t m);
-
-/**
- * Executes the server-side response for the AMORE batch pairing delegation
- * protocol.
- *
- * @param[out] gs			- the group elements computed by the server.
- * @param[out] rs			- the group elements sent by the client.
- * @param[in] a				- the element in G_1 computed by the client.
- * @param[in] b				- the element in G_2 computed by the client.
- * @param[in] c				- the element in G_2 computed by the client.
- * @param[in] q				- the second arguments of the delegated pairings.
- * @param[in] m				- the number of pairings delegated in the batch.
- * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
- */
-int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b, 
-		const g2_t c, const g2_t *q, size_t m);
-
-/**
- * Verifies the result of the AMORE batch pairing delegation protocol.
- *
- * @param[out] es			- the results of the computation.
- * @param[in] gs			- the group elements returned by the server.
- * @param[in] ls			- the challenges.
- * @param[in] e				- the precomputed value e(U1, U2).
- * @param[in] m				- the number of pairings delegated in the batch.
- * @return a boolean value indicating if the computation is correct.
- */
-int cp_ambat_ver(gt_t *es, const gt_t *gs, const bn_t *ls, const gt_t e,
-		size_t m);
-
-/**
- * Generates parameters for the AMORE delegation protocol to compute the
- * product of m pairings using a pairing delegation protocol.
- *
- * @param[out] r			- the random point in G_1.
- * @param[out] c			- the randomness for the batch AMORE protocol.
- * @param[out] u			- the mask in G_1 for batch AMORE.
- * @param[out] v			- the mask in G_2 for batch AMORE.
+ * @param[out] r			- the secret key for the pairing delegation.
+ * @param[out] u			- the mask in G_1 for the pairing delegation.
+ * @param[out] v			- the mask in G_2 for the pairing delegation.
+ * @param[out] w			- the random point for the pairing delegation.
  * @param[out] e			- the precomputed value e(U1, U2). 
  */
-int cp_amprd_gen(g1_t r, bn_t c, g1_t u, g2_t v, gt_t e);
+int cp_ambat_gen(bn_t r, g1_t u, g2_t v, g1_t w, gt_t e);
 
 /*
- * Executes the client-side request for the AMORE pairing product delegation
+ * Executes the client-side request for the AMORE batch pairing delegation
  * protocol.
  *
- * @param[out] ks			- the (l) keys for the batch AMORE protocol.
- * @param[out] ds			- the (l) points for the batch AMORE protocol.
- * @param[out] ls			- the (l * m) scalars for the protocol.
- * @param[out] rs			- the (l * m) points for the protocol.
- * @param[out] a			- the setup for the batch AMORE protocol.
- * @param[out] b			- the setup for the batch AMORE protocol.
- * @param[out] d			- the setup for the batch AMORE protocol.
- * @param[out] bs			- the row-wise addition of the second arguments.
- * @param[out] r			- the additional random point for the protocol.
- * @param[out] c			- the challenge for the pairing delegation.
- * @param[out] u			- the mask in G_1 for the pairing delegation.
- * @param[out] v			- the mask in G_2 for the pairing delegation.
- * @param[in] l				- the number of pairing products to compute.
- * @param[in] m				- the number of pairings per product to compute.
+ * @param[out] ls			- the m scalars for the protocol.
+ * @param[out] rs			- the m points for the protocol.
+ * @param[out] a			- the first element in G_1.
+ * @param[out] b			- the second element in G_2.
+ * @param[out] d			- the addition of G_2 elements.
+ * @param[in] r				- the secret key for the pairing delegation.
+ * @param[in] u				- the mask in G_1 for the pairing delegation.
+ * @param[in] v				- the mask in G_2 for the pairing delegation.
+ * @param[in] w				- the random point for the pairing delegation.
+ * @param[in] m				- the number of pairings to compute.
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_amprd_ask(bn_t *ks, g1_t *ds, bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d,
-		g2_t *bs, const g1_t c, const bn_t r, const g1_t u, const g2_t v,
-		gt_t e,  const g1_t *p, const g2_t *q, size_t l, size_t m);
+int cp_ambat_ask(bn_t *ls, g1_t *rs, g1_t a, g2_t b, g2_t d, const bn_t r,
+		const g1_t u, const g2_t v, const g1_t w, const gt_t e, const g1_t *p,
+		const g2_t *q, size_t m);
 /**
- * Executes the server-side response for the AMORE pairing product delegation
+ * Executes the server-side response for the AMORE batch pairing delegation
  * protocol.
  *
  * @param[out] gs			- the results computed by the server.
- * @param[out] ts			- the group elements computed by the server.
- * @param[in] ds			- the (l) points for the batch AMORE protocol.
- * @param[in] rs			- the (l * m) points for the protocol.
+ * @param[in] rs			- the m points in G_1 for the protocol.
  * @param[in] a				- the first element in G_1.
- * @param[in] b				- the first element in G_2.
  * @param[in] b				- the second element in G_2.
+ * @param[in] d				- the addition of G_2 elements.
  * @param[in] p				- the first argument inputs for the pairings.
  * @param[in] q				- the second argument inputs for the pairings.
- * @param[in] l				- the number of pairing products to compute.
- * @param[in] m				- the number of pairings per product to compute.
+ * @param[in] m				- the number of pairings to compute.
  * @return RLC_OK if no errors occurred, RLC_ERR otherwise.
  */
-int cp_amprd_ans(gt_t *gs, gt_t *ts, const g1_t *ds, const g1_t *rs,
-		const g1_t a, const g2_t b, const g2_t d, const g2_t *bs, const g1_t *p,
-		const g2_t *q,  size_t l, size_t m);
+int cp_ambat_ans(gt_t *gs, const g1_t *rs, const g1_t a, const g2_t b,
+		const g2_t d, const g1_t *p, const g2_t *q, size_t m);
 
 /**
- * Verifies the result of the AMORE pairing delegation protocol.
+ * Verifies the result of the AMORE batch pairing delegation protocol.
  *
  * @param[out] gs			- the results of the computation.
- * @param[in,out] ts		- the group elements returned by the server.
- * @param[in] ks			- the pairing product keys.
- * @param[in] cs			- the challenges for the batch protocol.
+ * @param[in] ls			- the scalars for the batch protocol.
  * @param[in] e				- the precomputed value e(U1, U2).
- * @param[in] l				- the number of pairing products to compute.
- * @param[in] m				- the number of pairings per product to compute.
+ * @param[in] m				- the number of pairings to compute.
  * @return a boolean value indicating if the computation is correct.
  */
-int cp_amprd_ver(gt_t *gs, gt_t *ts, const bn_t *ks, const bn_t *ls,
-		const gt_t e, size_t l, size_t m);
+int cp_ambat_ver(gt_t *gs, const bn_t *ls, const gt_t e, size_t m);
 
 /**
  * Generates a master key for the SOKAKA identity-based non-interactive