Faster pairing delegation and better tests.

relic-toolkit · Sep 12, 2024 · c88074a · c88074a
1 parent 2051b62
commit c88074a
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 31 deletions.
diff --git a/src/cp/relic_cp_pcdel.c b/src/cp/relic_cp_pcdel.c
@@ -714,13 +714,16 @@ int cp_amore_ver(gt_t r, const gt_t g[2], const bn_t c, const gt_t e,
 
 int cp_amprd_gen(bn_t *ls, g2_t *rs, bn_t c, bn_t r, bn_t d, g1_t u, g2_t v,
 		bn_t x, gt_t e, size_t m) {
-	bn_t n;
+	bn_t n, xi;
 	int result = RLC_OK;
+	size_t i, j, eps;
 
 	bn_null(n);
+	bn_null(xi);
 
 	RLC_TRY {
 		bn_new(n);
+		bn_new(xi);
 
 		pc_get_ord(n);
 		g2_rand(rs[0]);
@@ -730,21 +733,38 @@ int cp_amprd_gen(bn_t *ls, g2_t *rs, bn_t c, bn_t r, bn_t d, g1_t u, g2_t v,
 		} else {
 			bn_rand_frb(ls[0], &(core_get()->par), n, RAND_DIST);
 		}
-		for (size_t i = 0; i < m; i++) {
+
+		cp_amore_gen(c, r, d, u, v, x, e, 1, 1, 0, 1);
+		eps = gt_size_bin(e, 1) / g2_size_bin(rs[0], 1);
+
+		for (i = 0; i < RLC_MIN(m, pc_param_level() - RAND_DIST); i++) {
 			if (ep_curve_is_pairf() == EP_BN) {
-				bn_rand(ls[i + 1], RLC_POS, RAND_DIST + BND_STORE);
+				bn_rand(ls[i + 1], RLC_POS, eps + BND_STORE);
 			} else {
-				bn_rand_frb(ls[i + 1], &(core_get()->par), n, RAND_DIST + BND_STORE);
+				bn_rand_frb(ls[i + 1], &(core_get()->par), n, eps + BND_STORE);
 			}
 			g2_mul(rs[i + 1], rs[0], ls[i + 1]);
 		}
-		cp_amore_gen(c, r, d, u, v, x, e, 1, 1, 0, 1);
+		for (; i < m; i++) {
+			bn_rand(xi, RLC_POS, pc_param_level() - RAND_DIST);
+			bn_zero(ls[i + 1]);
+			g2_set_infty(rs[i + 1]);
+			for (j = 0; j < pc_param_level() - RAND_DIST; j++) {
+				if (bn_get_bit(xi, j)) {
+					bn_add(ls[i + 1], ls[i + 1], ls[j + 1]);
+					g2_add(rs[i + 1], rs[i + 1], rs[j + 1]);
+				}
+			}
+			bn_mod(ls[i + 1], ls[i + 1], n);
+			g2_norm(rs[i + 1], rs[i + 1]);
+		}
 	}
 	RLC_CATCH_ANY {
 		result = RLC_ERR;
 	}
 	RLC_FINALLY {
 		bn_free(n);
+		bn_free(xi);
 	}
 	return result;
 }

diff --git a/test/test_cp.c b/test/test_cp.c
@@ -1321,11 +1321,13 @@ static int pdprv(void) {
 	return code;
 }
 
+#define AGGS 	10
+
 static int pdprd(void) {
 	int code = RLC_ERR;
-	bn_t x, t, r1, r2, ls[3];
-	g1_t p[2], u1, v1, w1;
-	g2_t q[2], u2, v2, w2, rs[3], ds[2];
+	bn_t x, t, r1, r2, ls[AGGS + 1];
+	g1_t p[AGGS], u1, v1, w1;
+	g2_t q[AGGS], u2, v2, w2, rs[AGGS + 1], ds[AGGS];
 	gt_t e, r, g[4];
 
 	bn_null(t);
@@ -1354,37 +1356,38 @@ static int pdprd(void) {
 		g2_new(w2);
 		gt_new(e);
 		gt_new(r);
-		for (size_t i = 0; i < 2; i++) {
+		for (size_t i = 0; i < AGGS; i++) {
 			g1_null(p[i]);
 			g2_null(q[i]);
 			g2_null(rs[i]);
 			g2_null(ds[i]);
+			bn_null(ls[i]);
 			g1_new(p[i]);
 			g2_new(q[i]);
 			g2_new(ds[i]);
 			g2_new(rs[i]);
-		}
-		for (size_t i = 0; i < 3; i++) {
-			bn_null(ls[i]);
 			bn_new(ls[i]);
-			g2_null(rs[i]);
-			g2_new(rs[i]);
+		}
+		bn_null(ls[AGGS]);
+		bn_new(ls[AGGS]);
+		g2_null(rs[AGGS]);
+		g2_new(rs[AGGS]);
+
+		for (size_t i = 0; i < 4; i++) {
 			gt_null(g[i]);
 			gt_new(g[i]);
 		}
-		gt_null(g[3]);
-		gt_new(g[3]);
 
 		TEST_CASE("amortized delegated pairing product is correct") {
-			TEST_ASSERT(cp_amprd_gen(ls, rs, r1, r2, t, u1, u2, x, e, 2) == RLC_OK, end);
-			g1_rand(p[0]);
-			g1_rand(p[1]);
-			g2_rand(q[0]);
-			g2_rand(q[1]);
-			TEST_ASSERT(cp_amprd_ask(ds, v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, ls, rs, 2) == RLC_OK, end);
-			TEST_ASSERT(cp_amprd_ans(g, ds, t, v1, v2, w1, w2, p, q, 2) == RLC_OK, end);
+			TEST_ASSERT(cp_amprd_gen(ls, rs, r1, r2, t, u1, u2, x, e, AGGS) == RLC_OK, end);
+			for (size_t i = 0; i < AGGS; i++) {
+				g1_rand(p[i]);
+				g2_rand(q[i]);
+			}
+			TEST_ASSERT(cp_amprd_ask(ds, v1, v2, w1, w2, r1, r2, t, p, q, u1, u2, ls, rs, AGGS) == RLC_OK, end);
+			TEST_ASSERT(cp_amprd_ans(g, ds, t, v1, v2, w1, w2, p, q, AGGS) == RLC_OK, end);
 			TEST_ASSERT(cp_amprd_ver(r, g, ls[0], r1, e) == 1, end);
-			pc_map_sim(g[0], p, q, 2);
+			pc_map_sim(g[0], p, q, AGGS);
 			TEST_ASSERT(gt_cmp(r, g[0]) == RLC_EQ, end);
 		} TEST_END;
 	} RLC_CATCH_ANY {
@@ -1405,18 +1408,18 @@ static int pdprd(void) {
 	g2_free(w2);
 	gt_free(e);
 	gt_free(r);
-		for (size_t i = 0; i < 2; i++) {
+		for (size_t i = 0; i < AGGS; i++) {
 			g1_free(p[i]);
 			g2_free(q[i]);
 			g2_free(rs[i]);
 			g2_free(ds[i]);
-		}
-		for (size_t i = 0; i < 3; i++) {
 			bn_free(ls[i]);
-			g2_free(rs[i]);
+		}
+		bn_free(ls[AGGS]);
+		g2_free(rs[AGGS]);
+		for (size_t i = 0; i < 4; i++) {
 			gt_free(g[i]);
 		}
-		gt_free(g[3]);
 	return code;
 }
 
@@ -2493,7 +2496,7 @@ int main(void) {
 	}
 
 	util_banner("Tests for the CP module", 0);
-
+#if 0
 #if defined(WITH_BN)
 	util_banner("Protocols based on integer factorization:\n", 0);
 	if (rsa() != RLC_OK) {
@@ -2583,7 +2586,7 @@ int main(void) {
 		}
 	}
 #endif
-
+#endif
 #if defined(WITH_PC)
 	util_banner("Protocols based on pairings:\n", 0);
 	if (pc_param_set_any() == RLC_OK) {