in UProveUnitTest/EndToEndTest.cs [99:178]
public void PseudonymAndCommitmentsTest()
{
// Issuer setup
IssuerSetupParameters isp = new IssuerSetupParameters();
isp.UidP = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
isp.E = new byte[] { (byte)1, (byte)1, (byte)1, (byte)1 };
isp.UseRecommendedParameterSet = true;
isp.S = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
IssuerKeyAndParameters ikap = isp.Generate();
IssuerParameters ip = ikap.IssuerParameters;
// Issuance
byte[][] attributes = new byte[][] { encoding.GetBytes("Attribute 1"), encoding.GetBytes("Attribute 2"), encoding.GetBytes("Attribute 3"), encoding.GetBytes("Attribute 4") };
byte[] tokenInformation = new byte[] { };
byte[] proverInformation = new byte[] { };
int numberOfTokens = 1;
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = attributes;
ipp.NumberOfTokens = numberOfTokens;
ipp.TokenInformation = tokenInformation;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
ppp.NumberOfTokens = numberOfTokens;
ppp.TokenInformation = tokenInformation;
ppp.ProverInformation = proverInformation;
Prover prover = ppp.CreateProver();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
// Pseudonym
int[] disclosed = new int[0];
int[] committed = new int[] { 2, 4 };
byte[] message = encoding.GetBytes("this is the presentation message, this can be a very long message");
byte[] scope = encoding.GetBytes("scope");
PresentationProof proof;
FieldZqElement[] tildeO;
// Valid presentation
proof = PresentationProof.Generate(ip, disclosed, committed, 1, scope, message, null, null, upkt[0], attributes, out tildeO);
proof.Verify(ip, disclosed, committed, 1, scope, message, null, upkt[0].Token);
// Invalid pseudonym (wrong scope)
proof = PresentationProof.Generate(ip, disclosed, committed, 1, scope, message, null, null, upkt[0], attributes, out tildeO);
try { proof.Verify(ip, disclosed, committed, 1, encoding.GetBytes("bad scope"), message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid pseudonym (wrong attribute)
try { proof.Verify(ip, disclosed, committed, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (null list)
try { proof.Verify(ip, disclosed, null, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (wrong committed values)
try { proof.Verify(ip, disclosed, new int[] { 1, 4 }, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (wront number of committed values)
try { proof.Verify(ip, disclosed, new int[] { 1 }, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (value)
proof.Commitments[0].TildeA[0]++;
try { proof.Verify(ip, disclosed, committed, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Ensure tildeO is correct
GroupElement Cx2 = proof.Commitments[0].TildeC; // x2 is the first committed attribute
FieldZqElement x2 = ProtocolHelper.ComputeXi(ip, 1, attributes[1]); // attributes[] is zero indexed.
FieldZqElement tildeO2 = tildeO[0];
// double check that Cx2 is computed correctly.
GroupElement Cx2Prime = ip.Gq.MultiExponentiate(new GroupElement[] { ip.Gq.G, ip.G[1] }, new FieldZqElement[] { x2, tildeO2 });
Assert.IsTrue(Cx2Prime.Equals(Cx2));
}