Fix bug where ciphertexts could end up negative

2023-04-06 12:15:19 +01:00
parent 474fe9f70a
commit 9d1d64f1d9
4 changed files with 119 additions and 38 deletions
--- a/static/js/modules/crypto/paillier.js
+++ b/static/js/modules/crypto/paillier.js
@ -28,6 +28,14 @@ class Cyphertext {
        this.cyphertext = (this.cyphertext * c.cyphertext) % this.pubKey.n ** 2n;
        this.r = (this.r * c.r) % this.pubKey.n ** 2n;
        this.plainText += c.plainText;
+
+        // Force into range
+        while (this.cyphertext < 0n) {
+            this.cyphertext += this.pubKey.n ** 2n;
+        }
+        while (this.r < 0n) {
+            this.r += this.pubKey.n ** 2n;
+        }
    }

    toString() {
@ -88,6 +96,11 @@ export class ReadOnlyCyphertext {

    update(c) {
        this.cyphertext = (this.cyphertext * c.cyphertext) % this.pubKey.n ** 2n;
+
+        // Force into range
+        while (this.cyphertext < 0n) {
+            this.cyphertext += this.pubKey.n ** 2n;
+        }
    }

    prove(plainText, a) {
@ -106,14 +119,16 @@ class ProofSessionVerifier {

    verify(proof) {
        // check coprimality
-        if (gcd(proof, this.cipherText.pubKey.n) !== 1n) return false;
-        if (gcd(this.cipherText.cyphertext, this.cipherText.pubKey.n) !== 1n)
-            return false;
-        if (gcd(this.a, this.cipherText.pubKey.n) !== 1n) return false;
+        if (gcd(proof, this.cipherText.pubKey.n) !== 1n) return -1;
+        if (gcd(this.cipherText.cyphertext, this.cipherText.pubKey.n) !== 1n) return -2;
+        if (gcd(this.a, this.cipherText.pubKey.n) !== 1n) return -3;

        // check exp
-        return (
-            mod_exp(proof, this.cipherText.pubKey.n, this.cipherText.pubKey.n ** 2n) ===
+        return mod_exp(
+            proof,
+            this.cipherText.pubKey.n,
+            this.cipherText.pubKey.n ** 2n
+        ) ===
            (this.a *
                mod_exp(
                    this.cipherText.cyphertext,
@ -121,7 +136,8 @@ class ProofSessionVerifier {
                    this.cipherText.pubKey.n ** 2n
                )) %
                this.cipherText.pubKey.n ** 2n
-        );
+            ? 1
+            : -4;
    }
 }

--- a/static/js/modules/interface/map.js
+++ b/static/js/modules/interface/map.js
@ -76,12 +76,12 @@ class Strength {
                const data = ev.detail;

                if (data.region === region && data.stage === "PROOF") {
-                    if (proofSessionVerifier.verify(BigInt(data.z))) {
-                        console.log("verified");
+                    let result = proofSessionVerifier.verify(BigInt(data.z));
+                    if (result > 0) {
                        this.assumedStrength = plainText;
                        controller.abort();
                    } else {
-                        console.warn("Failed to verify ciphertext!");
+                        console.warn(`Failed to verify ciphertext! ${result}`);
                    }
                }
            },