module RSA::ACC::PoKE2

Non-Interactive Proof of knowledge of exponent2.

Public Instance Methods

prove(base, exp, result, modulus) click to toggle source

Computes a proof that you know exp s.t. base ^ exp = result. @param [Integer] base @param [Integer] exp @param [Integer] result @param [Integer] modulus @return [RSA::ACC::PoKE2Proof] a proof.

# File lib/rsa/acc/poke2.rb, line 44
def prove(base, exp, result, modulus)
  g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
  z = g.pow(exp, modulus)
  l = compute_challenge(base, result, z)
  alpha = blake2_hash(base, result, z, l)
  q, r = exp.divmod(l)
  RSA::ACC::PoKE2Proof.new(z, ((base * g.pow(alpha, modulus)) % modulus).pow(q, modulus), r)
end
verify(base, result, proof, modulus) click to toggle source

Verifies that the prover knows exp s.t. base ^ exp = result @param [Integer] base @param [Integer] result @param [RSA::ACC::PoKE2Proof] proof @param [Integer] modulus @return [Boolean] Returns true for successful verification, false otherwise.

# File lib/rsa/acc/poke2.rb, line 59
def verify(base, result, proof, modulus)
  g = RSA::Accumulator::RSA2048_UNKNOWN_ELEM
  l = compute_challenge(base, result, proof.z)
  alpha = blake2_hash(base, result, proof.z, l)
  lhs = (proof.q.pow(l, modulus) * ((base * g.pow(alpha, modulus) % modulus)).pow(proof.r, modulus)) % modulus
  rhs = (result * proof.z.pow(alpha, modulus) % modulus)
  lhs == rhs
end