DamgardTechnique (craco 4.0.2 API)

java.lang.Object
- org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardTechnique

All Implemented Interfaces:

InteractiveArgument, SigmaProtocol, TwoPartyProtocol
```
public class DamgardTechnique
extends java.lang.Object
implements SigmaProtocol
```
This class provides Damgard's Technique. Damgard's Technique is a construction to improve Sigma-Protocols in order to provide security against concurrent adversaries. The resulting protocol is a 'Concurrent black-box zero knowledge three-way interactive argument of knowledge'.
Damgard's Technique is applied on a given Sigma-Protocol. A given commitment scheme is used to achieve the security improvement by changing the original given Sigma-Protocol in the following way:
1. Instead of sending the announcement the protocol sends the commitment of the announcement.
2. The last message additionally contains the original announcement and the verify-value of the commitment of the announcement. These information are then used in the verify to check validity of the commitment as well as the original verification from the Sigma-Protocol.
The result of Damgard's Technique is a 'Concurrent black-box zero knowledge three-way interactive argument of knowledge'.

Field Summary

Fields
Modifier and Type Field and Description

protected CommitmentScheme commitmentScheme

protected SigmaProtocol innerProtocol
- Fields inherited from interface org.cryptimeleon.craco.protocols.arguments.InteractiveArgument
  PROVER_ROLE, VERIFIER_ROLE

Fields
Modifier and Type	Field and Description
`protected CommitmentScheme`	`commitmentScheme`
`protected SigmaProtocol`	`innerProtocol`

Constructor Summary

Constructors
Constructor and Description

DamgardTechnique(SigmaProtocol innerProtocol, CommitmentScheme commitmentScheme)

Constructors
Constructor and Description
`DamgardTechnique(SigmaProtocol innerProtocol, CommitmentScheme commitmentScheme)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected PlainText`	`announcementToCommitmentPlaintext(Announcement innerAnnouncement)`
`org.cryptimeleon.math.expressions.bool.BooleanExpression`	`checkTranscriptAsExpression(CommonInput commonInput, Announcement announcement, Challenge challenge, Response response)` Used by the verifier to check whether the given transcript is accepting.
`void`	`debugProof(CommonInput commonInput, SecretInput secretInput)` Checks if commonInput and secretInput are valid inputs for this protocol.
`Announcement`	`generateAnnouncement(CommonInput commonInput, SecretInput secretInput, AnnouncementSecret announcementSecret)` Used by the prover to generate an announcement (the first message sent in the protocol).
`DamgardAnnouncementSecret`	`generateAnnouncementSecret(CommonInput commonInput, SecretInput secretInput)` Used by the prover to generate a secret value that will be input for future method calls.
`Challenge`	`generateChallenge(CommonInput commonInput)` Used by the verifier to generate a challenge (the second message in the protocol).
`static CommitmentScheme`	`generateCommitmentScheme(org.cryptimeleon.math.structures.groups.Group group)`
`Response`	`generateResponse(CommonInput commonInput, SecretInput secretInput, Announcement announcement, AnnouncementSecret announcementSecret, Challenge challenge)` Used by the prover to generate a response (the third and last message sent in the protocol).
`SigmaProtocolTranscript`	`generateSimulatedTranscript(CommonInput commonInput, Challenge challenge)` Generates a random transcript with the same distribution as an honestly generated one that contains the given `Challenge`.
`ChallengeSpace`	`getChallengeSpace(CommonInput commonInput)` Returns the challenge space used by this protocol.
`org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardAnnouncement`	`restoreAnnouncement(CommonInput commonInput, org.cryptimeleon.math.serialization.Representation repr)`
`Challenge`	`restoreChallenge(CommonInput commonInput, org.cryptimeleon.math.serialization.Representation repr)`
`org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardResponse`	`restoreResponse(CommonInput commonInput, Announcement announcement, Challenge challenge, org.cryptimeleon.math.serialization.Representation repr)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.craco.protocols.arguments.sigma.SigmaProtocol
checkTranscript, checkTranscript, compressTranscript, decompressTranscript, getFirstMessageRole, getProverInstance, getVerifierInstance, instantiateProtocol, restoreTranscript

Methods inherited from interface org.cryptimeleon.craco.protocols.arguments.InteractiveArgument
getRoleNames, instantiateProver, instantiateVerifier

Methods inherited from interface org.cryptimeleon.craco.protocols.TwoPartyProtocol
runProtocolLocally

Field Detail

innerProtocol
```
protected SigmaProtocol innerProtocol
```

commitmentScheme

protected CommitmentScheme commitmentScheme

Constructor Detail
- DamgardTechnique
```
public DamgardTechnique(SigmaProtocol innerProtocol,
                        CommitmentScheme commitmentScheme)
```
  Parameters:
  
  innerProtocol - the sigma protocol to transform
  
  commitmentScheme - a commitment scheme for arbitrary bit strings (ByteArrayImplementation)

Method Detail

generateAnnouncementSecret
```
public DamgardAnnouncementSecret generateAnnouncementSecret(CommonInput commonInput,
                                                            SecretInput secretInput)
```
Description copied from interface: SigmaProtocol

Used by the prover to generate a secret value that will be input for future method calls.
For example, for an implementation of the original Schnorr protocol, the announcement secret would be a random exponent r.

Specified by:

generateAnnouncementSecret in interface SigmaProtocol

Parameters:

commonInput - input to the overall protocol that both prover and verifier use

secretInput - input to the overall protocol that only the prover gets

Returns:

a secret (internal) value used for generating announcements and responses

generateAnnouncement

public Announcement generateAnnouncement(CommonInput commonInput,
                                         SecretInput secretInput,
                                         AnnouncementSecret announcementSecret)

Description copied from interface: SigmaProtocol

Used by the prover to generate an announcement (the first message sent in the protocol).

Specified by:: generateAnnouncement in interface SigmaProtocol

generateChallenge
```
public Challenge generateChallenge(CommonInput commonInput)
```
Description copied from interface: SigmaProtocol

Used by the verifier to generate a challenge (the second message in the protocol).

Specified by:

generateChallenge in interface SigmaProtocol

generateResponse

public Response generateResponse(CommonInput commonInput,
                                 SecretInput secretInput,
                                 Announcement announcement,
                                 AnnouncementSecret announcementSecret,
                                 Challenge challenge)

Description copied from interface: SigmaProtocol

Used by the prover to generate a response (the third and last message sent in the protocol).

Specified by:: generateResponse in interface SigmaProtocol

checkTranscriptAsExpression

public org.cryptimeleon.math.expressions.bool.BooleanExpression checkTranscriptAsExpression(CommonInput commonInput,
                                                                                            Announcement announcement,
                                                                                            Challenge challenge,
                                                                                            Response response)

Description copied from interface: SigmaProtocol

Used by the verifier to check whether the given transcript is accepting. The result is a BooleanExpression, which makes it easier to provide optimization for composed protocols.

Specified by:: checkTranscriptAsExpression in interface SigmaProtocol
Returns:: a BooleanExpression without variables that evaluates to true (for accepting transcripts) or false.

generateSimulatedTranscript
```
public SigmaProtocolTranscript generateSimulatedTranscript(CommonInput commonInput,
                                                           Challenge challenge)
```
Description copied from interface: SigmaProtocol

Generates a random transcript with the same distribution as an honestly generated one that contains the given Challenge.

Specified by:

generateSimulatedTranscript in interface SigmaProtocol

restoreAnnouncement

public org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardAnnouncement restoreAnnouncement(CommonInput commonInput,
                                                                                                           org.cryptimeleon.math.serialization.Representation repr)

Specified by:: restoreAnnouncement in interface SigmaProtocol

restoreChallenge

public Challenge restoreChallenge(CommonInput commonInput,
                                  org.cryptimeleon.math.serialization.Representation repr)

Specified by:: restoreChallenge in interface SigmaProtocol

restoreResponse

public org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardResponse restoreResponse(CommonInput commonInput,
                                                                                                   Announcement announcement,
                                                                                                   Challenge challenge,
                                                                                                   org.cryptimeleon.math.serialization.Representation repr)

Specified by:: restoreResponse in interface SigmaProtocol

getChallengeSpace
```
public ChallengeSpace getChallengeSpace(CommonInput commonInput)
```
Description copied from interface: SigmaProtocol

Returns the challenge space used by this protocol.

Specified by:

getChallengeSpace in interface SigmaProtocol

announcementToCommitmentPlaintext

protected PlainText announcementToCommitmentPlaintext(Announcement innerAnnouncement)

generateCommitmentScheme

public static CommitmentScheme generateCommitmentScheme(org.cryptimeleon.math.structures.groups.Group group)

debugProof
```
public void debugProof(CommonInput commonInput,
                       SecretInput secretInput)
```
Description copied from interface: InteractiveArgument

Checks if commonInput and secretInput are valid inputs for this protocol. Use for debugging. Throws an exception if something is wrong.

Specified by:

debugProof in interface InteractiveArgument

Class DamgardTechnique

Field Summary

Fields inherited from interface org.cryptimeleon.craco.protocols.arguments.InteractiveArgument

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.cryptimeleon.craco.protocols.arguments.sigma.SigmaProtocol

Methods inherited from interface org.cryptimeleon.craco.protocols.arguments.InteractiveArgument

Methods inherited from interface org.cryptimeleon.craco.protocols.TwoPartyProtocol

Field Detail

innerProtocol

commitmentScheme

Constructor Detail

DamgardTechnique

Method Detail

generateAnnouncementSecret

generateAnnouncement

generateChallenge

generateResponse

checkTranscriptAsExpression

generateSimulatedTranscript

restoreAnnouncement

restoreChallenge

restoreResponse

getChallengeSpace

announcementToCommitmentPlaintext

generateCommitmentScheme

debugProof