prove and verify rounds

static/js/modules/crypto/paillier.js

@@ -52,18 +52,25 @@ class Ciphertext {
         this.pubKey = key;
         this.plainText = plainText;
 
+        while (this.plainText < 0n) {
+            this.plainText += key.n2;
+        }
+
         this.readOnly = false;
     }
 
     update(c) {
         this.cipherText = (this.cipherText * c.cipherText) % this.pubKey.n2;
         this.r = (this.r * c.r) % this.pubKey.n2;
-        this.plainText += c.plainText;
+        this.plainText = (this.plainText + c.plainText) % this.pubKey.n2;
 
         // Force into range
         while (this.cipherText < 0n) {
             this.cipherText += this.pubKey.n2;
         }
+        while (this.plainText < 0n) {
+            this.plainText += this.pubKey.n2;
+        }
     }
 
     toString() {
@@ -195,7 +202,11 @@ export class ReadOnlyCiphertext {
             BigInt(statement.challenge)
         );
 
-        return verifier.verify(BigInt(statement.proof));
+        if (verifier.verify(BigInt(statement.proof))) {
+            return BigInt(statement.plainText);
+        } else {
+            return null;
+        }
     }
 
     clone() {

static/js/modules/crypto/random_primes.js

@@ -20,9 +20,9 @@ export function cryptoRandom(bits) {
 }
 
 /**
- * Generate random integer of length 2048 bits.
+ * Generate random integer of length N bits.
  *
- * We generate between 2^2047 and 2^2048 - 1 by adding differences.
+ * We generate between 2^(N - 1) and 2^N - 1 by adding differences.
  */
 function generate_bigint() {
     let intRepr = cryptoRandom();