hjugement-protocol (empty) → 0.0.0.20190428
raw patch · 12 files changed
+2096/−0 lines, 12 filesdep +QuickCheckdep +basedep +bytestring
Dependencies added: QuickCheck, base, bytestring, containers, cryptonite, hashable, hjugement-protocol, memory, mmorph, random, tasty, tasty-hunit, tasty-quickcheck, text, transformers, unordered-containers
Files
- COPYING +674/−0
- Protocol/Arithmetic.hs +304/−0
- Protocol/Credential.hs +134/−0
- Protocol/Election.hs +511/−0
- hjugement-protocol.cabal +201/−0
- stack.yaml +5/−0
- test/HUnit.hs +13/−0
- test/HUnit/Arithmetic.hs +38/−0
- test/HUnit/Credential.hs +53/−0
- test/HUnit/Election.hs +111/−0
- test/HUnit/Utils.hs +37/−0
- test/Main.hs +15/−0
+ COPYING view
@@ -0,0 +1,674 @@+ GNU GENERAL PUBLIC LICENSE+ Version 3, 29 June 2007++ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>+ Everyone is permitted to copy and distribute verbatim copies+ of this license document, but changing it is not allowed.++ Preamble++ The GNU General Public License is a free, copyleft license for+software and other kinds of works.++ The licenses for most software and other practical works are designed+to take away your freedom to share and change the works. By contrast,+the GNU General Public License is intended to guarantee your freedom to+share and change all versions of a program--to make sure it remains free+software for all its users. We, the Free Software Foundation, use the+GNU General Public License for most of our software; it applies also to+any other work released this way by its authors. You can apply it to+your programs, too.++ When we speak of free software, we are referring to freedom, not+price. Our General Public Licenses are designed to make sure that you+have the freedom to distribute copies of free software (and charge for+them if you wish), that you receive source code or can get it if you+want it, that you can change the software or use pieces of it in new+free programs, and that you know you can do these things.++ To protect your rights, we need to prevent others from denying you+these rights or asking you to surrender the rights. Therefore, you have+certain responsibilities if you distribute copies of the software, or if+you modify it: responsibilities to respect the freedom of others.++ For example, if you distribute copies of such a program, whether+gratis or for a fee, you must pass on to the recipients the same+freedoms that you received. You must make sure that they, too, receive+or can get the source code. And you must show them these terms so they+know their rights.++ Developers that use the GNU GPL protect your rights with two steps:+(1) assert copyright on the software, and (2) offer you this License+giving you legal permission to copy, distribute and/or modify it.++ For the developers' and authors' protection, the GPL clearly explains+that there is no warranty for this free software. For both users' and+authors' sake, the GPL requires that modified versions be marked as+changed, so that their problems will not be attributed erroneously to+authors of previous versions.++ Some devices are designed to deny users access to install or run+modified versions of the software inside them, although the manufacturer+can do so. This is fundamentally incompatible with the aim of+protecting users' freedom to change the software. The systematic+pattern of such abuse occurs in the area of products for individuals to+use, which is precisely where it is most unacceptable. Therefore, we+have designed this version of the GPL to prohibit the practice for those+products. If such problems arise substantially in other domains, we+stand ready to extend this provision to those domains in future versions+of the GPL, as needed to protect the freedom of users.++ Finally, every program is threatened constantly by software patents.+States should not allow patents to restrict development and use of+software on general-purpose computers, but in those that do, we wish to+avoid the special danger that patents applied to a free program could+make it effectively proprietary. To prevent this, the GPL assures that+patents cannot be used to render the program non-free.++ The precise terms and conditions for copying, distribution and+modification follow.++ TERMS AND CONDITIONS++ 0. Definitions.++ "This License" refers to version 3 of the GNU General Public License.++ "Copyright" also means copyright-like laws that apply to other kinds of+works, such as semiconductor masks.++ "The Program" refers to any copyrightable work licensed under this+License. Each licensee is addressed as "you". "Licensees" and+"recipients" may be individuals or organizations.++ To "modify" a work means to copy from or adapt all or part of the work+in a fashion requiring copyright permission, other than the making of an+exact copy. The resulting work is called a "modified version" of the+earlier work or a work "based on" the earlier work.++ A "covered work" means either the unmodified Program or a work based+on the Program.++ To "propagate" a work means to do anything with it that, without+permission, would make you directly or secondarily liable for+infringement under applicable copyright law, except executing it on a+computer or modifying a private copy. Propagation includes copying,+distribution (with or without modification), making available to the+public, and in some countries other activities as well.++ To "convey" a work means any kind of propagation that enables other+parties to make or receive copies. Mere interaction with a user through+a computer network, with no transfer of a copy, is not conveying.++ An interactive user interface displays "Appropriate Legal Notices"+to the extent that it includes a convenient and prominently visible+feature that (1) displays an appropriate copyright notice, and (2)+tells the user that there is no warranty for the work (except to the+extent that warranties are provided), that licensees may convey the+work under this License, and how to view a copy of this License. If+the interface presents a list of user commands or options, such as a+menu, a prominent item in the list meets this criterion.++ 1. Source Code.++ The "source code" for a work means the preferred form of the work+for making modifications to it. "Object code" means any non-source+form of a work.++ A "Standard Interface" means an interface that either is an official+standard defined by a recognized standards body, or, in the case of+interfaces specified for a particular programming language, one that+is widely used among developers working in that language.++ The "System Libraries" of an executable work include anything, other+than the work as a whole, that (a) is included in the normal form of+packaging a Major Component, but which is not part of that Major+Component, and (b) serves only to enable use of the work with that+Major Component, or to implement a Standard Interface for which an+implementation is available to the public in source code form. A+"Major Component", in this context, means a major essential component+(kernel, window system, and so on) of the specific operating system+(if any) on which the executable work runs, or a compiler used to+produce the work, or an object code interpreter used to run it.++ The "Corresponding Source" for a work in object code form means all+the source code needed to generate, install, and (for an executable+work) run the object code and to modify the work, including scripts to+control those activities. However, it does not include the work's+System Libraries, or general-purpose tools or generally available free+programs which are used unmodified in performing those activities but+which are not part of the work. For example, Corresponding Source+includes interface definition files associated with source files for+the work, and the source code for shared libraries and dynamically+linked subprograms that the work is specifically designed to require,+such as by intimate data communication or control flow between those+subprograms and other parts of the work.++ The Corresponding Source need not include anything that users+can regenerate automatically from other parts of the Corresponding+Source.++ The Corresponding Source for a work in source code form is that+same work.++ 2. Basic Permissions.++ All rights granted under this License are granted for the term of+copyright on the Program, and are irrevocable provided the stated+conditions are met. This License explicitly affirms your unlimited+permission to run the unmodified Program. The output from running a+covered work is covered by this License only if the output, given its+content, constitutes a covered work. This License acknowledges your+rights of fair use or other equivalent, as provided by copyright law.++ You may make, run and propagate covered works that you do not+convey, without conditions so long as your license otherwise remains+in force. You may convey covered works to others for the sole purpose+of having them make modifications exclusively for you, or provide you+with facilities for running those works, provided that you comply with+the terms of this License in conveying all material for which you do+not control copyright. Those thus making or running the covered works+for you must do so exclusively on your behalf, under your direction+and control, on terms that prohibit them from making any copies of+your copyrighted material outside their relationship with you.++ Conveying under any other circumstances is permitted solely under+the conditions stated below. Sublicensing is not allowed; section 10+makes it unnecessary.++ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.++ No covered work shall be deemed part of an effective technological+measure under any applicable law fulfilling obligations under article+11 of the WIPO copyright treaty adopted on 20 December 1996, or+similar laws prohibiting or restricting circumvention of such+measures.++ When you convey a covered work, you waive any legal power to forbid+circumvention of technological measures to the extent such circumvention+is effected by exercising rights under this License with respect to+the covered work, and you disclaim any intention to limit operation or+modification of the work as a means of enforcing, against the work's+users, your or third parties' legal rights to forbid circumvention of+technological measures.++ 4. Conveying Verbatim Copies.++ You may convey verbatim copies of the Program's source code as you+receive it, in any medium, provided that you conspicuously and+appropriately publish on each copy an appropriate copyright notice;+keep intact all notices stating that this License and any+non-permissive terms added in accord with section 7 apply to the code;+keep intact all notices of the absence of any warranty; and give all+recipients a copy of this License along with the Program.++ You may charge any price or no price for each copy that you convey,+and you may offer support or warranty protection for a fee.++ 5. Conveying Modified Source Versions.++ You may convey a work based on the Program, or the modifications to+produce it from the Program, in the form of source code under the+terms of section 4, provided that you also meet all of these conditions:++ a) The work must carry prominent notices stating that you modified+ it, and giving a relevant date.++ b) The work must carry prominent notices stating that it is+ released under this License and any conditions added under section+ 7. This requirement modifies the requirement in section 4 to+ "keep intact all notices".++ c) You must license the entire work, as a whole, under this+ License to anyone who comes into possession of a copy. This+ License will therefore apply, along with any applicable section 7+ additional terms, to the whole of the work, and all its parts,+ regardless of how they are packaged. This License gives no+ permission to license the work in any other way, but it does not+ invalidate such permission if you have separately received it.++ d) If the work has interactive user interfaces, each must display+ Appropriate Legal Notices; however, if the Program has interactive+ interfaces that do not display Appropriate Legal Notices, your+ work need not make them do so.++ A compilation of a covered work with other separate and independent+works, which are not by their nature extensions of the covered work,+and which are not combined with it such as to form a larger program,+in or on a volume of a storage or distribution medium, is called an+"aggregate" if the compilation and its resulting copyright are not+used to limit the access or legal rights of the compilation's users+beyond what the individual works permit. Inclusion of a covered work+in an aggregate does not cause this License to apply to the other+parts of the aggregate.++ 6. Conveying Non-Source Forms.++ You may convey a covered work in object code form under the terms+of sections 4 and 5, provided that you also convey the+machine-readable Corresponding Source under the terms of this License,+in one of these ways:++ a) Convey the object code in, or embodied in, a physical product+ (including a physical distribution medium), accompanied by the+ Corresponding Source fixed on a durable physical medium+ customarily used for software interchange.++ b) Convey the object code in, or embodied in, a physical product+ (including a physical distribution medium), accompanied by a+ written offer, valid for at least three years and valid for as+ long as you offer spare parts or customer support for that product+ model, to give anyone who possesses the object code either (1) a+ copy of the Corresponding Source for all the software in the+ product that is covered by this License, on a durable physical+ medium customarily used for software interchange, for a price no+ more than your reasonable cost of physically performing this+ conveying of source, or (2) access to copy the+ Corresponding Source from a network server at no charge.++ c) Convey individual copies of the object code with a copy of the+ written offer to provide the Corresponding Source. This+ alternative is allowed only occasionally and noncommercially, and+ only if you received the object code with such an offer, in accord+ with subsection 6b.++ d) Convey the object code by offering access from a designated+ place (gratis or for a charge), and offer equivalent access to the+ Corresponding Source in the same way through the same place at no+ further charge. You need not require recipients to copy the+ Corresponding Source along with the object code. If the place to+ copy the object code is a network server, the Corresponding Source+ may be on a different server (operated by you or a third party)+ that supports equivalent copying facilities, provided you maintain+ clear directions next to the object code saying where to find the+ Corresponding Source. Regardless of what server hosts the+ Corresponding Source, you remain obligated to ensure that it is+ available for as long as needed to satisfy these requirements.++ e) Convey the object code using peer-to-peer transmission, provided+ you inform other peers where the object code and Corresponding+ Source of the work are being offered to the general public at no+ charge under subsection 6d.++ A separable portion of the object code, whose source code is excluded+from the Corresponding Source as a System Library, need not be+included in conveying the object code work.++ A "User Product" is either (1) a "consumer product", which means any+tangible personal property which is normally used for personal, family,+or household purposes, or (2) anything designed or sold for incorporation+into a dwelling. In determining whether a product is a consumer product,+doubtful cases shall be resolved in favor of coverage. For a particular+product received by a particular user, "normally used" refers to a+typical or common use of that class of product, regardless of the status+of the particular user or of the way in which the particular user+actually uses, or expects or is expected to use, the product. A product+is a consumer product regardless of whether the product has substantial+commercial, industrial or non-consumer uses, unless such uses represent+the only significant mode of use of the product.++ "Installation Information" for a User Product means any methods,+procedures, authorization keys, or other information required to install+and execute modified versions of a covered work in that User Product from+a modified version of its Corresponding Source. The information must+suffice to ensure that the continued functioning of the modified object+code is in no case prevented or interfered with solely because+modification has been made.++ If you convey an object code work under this section in, or with, or+specifically for use in, a User Product, and the conveying occurs as+part of a transaction in which the right of possession and use of the+User Product is transferred to the recipient in perpetuity or for a+fixed term (regardless of how the transaction is characterized), the+Corresponding Source conveyed under this section must be accompanied+by the Installation Information. But this requirement does not apply+if neither you nor any third party retains the ability to install+modified object code on the User Product (for example, the work has+been installed in ROM).++ The requirement to provide Installation Information does not include a+requirement to continue to provide support service, warranty, or updates+for a work that has been modified or installed by the recipient, or for+the User Product in which it has been modified or installed. Access to a+network may be denied when the modification itself materially and+adversely affects the operation of the network or violates the rules and+protocols for communication across the network.++ Corresponding Source conveyed, and Installation Information provided,+in accord with this section must be in a format that is publicly+documented (and with an implementation available to the public in+source code form), and must require no special password or key for+unpacking, reading or copying.++ 7. Additional Terms.++ "Additional permissions" are terms that supplement the terms of this+License by making exceptions from one or more of its conditions.+Additional permissions that are applicable to the entire Program shall+be treated as though they were included in this License, to the extent+that they are valid under applicable law. If additional permissions+apply only to part of the Program, that part may be used separately+under those permissions, but the entire Program remains governed by+this License without regard to the additional permissions.++ When you convey a copy of a covered work, you may at your option+remove any additional permissions from that copy, or from any part of+it. (Additional permissions may be written to require their own+removal in certain cases when you modify the work.) You may place+additional permissions on material, added by you to a covered work,+for which you have or can give appropriate copyright permission.++ Notwithstanding any other provision of this License, for material you+add to a covered work, you may (if authorized by the copyright holders of+that material) supplement the terms of this License with terms:++ a) Disclaiming warranty or limiting liability differently from the+ terms of sections 15 and 16 of this License; or++ b) Requiring preservation of specified reasonable legal notices or+ author attributions in that material or in the Appropriate Legal+ Notices displayed by works containing it; or++ c) Prohibiting misrepresentation of the origin of that material, or+ requiring that modified versions of such material be marked in+ reasonable ways as different from the original version; or++ d) Limiting the use for publicity purposes of names of licensors or+ authors of the material; or++ e) Declining to grant rights under trademark law for use of some+ trade names, trademarks, or service marks; or++ f) Requiring indemnification of licensors and authors of that+ material by anyone who conveys the material (or modified versions of+ it) with contractual assumptions of liability to the recipient, for+ any liability that these contractual assumptions directly impose on+ those licensors and authors.++ All other non-permissive additional terms are considered "further+restrictions" within the meaning of section 10. If the Program as you+received it, or any part of it, contains a notice stating that it is+governed by this License along with a term that is a further+restriction, you may remove that term. If a license document contains+a further restriction but permits relicensing or conveying under this+License, you may add to a covered work material governed by the terms+of that license document, provided that the further restriction does+not survive such relicensing or conveying.++ If you add terms to a covered work in accord with this section, you+must place, in the relevant source files, a statement of the+additional terms that apply to those files, or a notice indicating+where to find the applicable terms.++ Additional terms, permissive or non-permissive, may be stated in the+form of a separately written license, or stated as exceptions;+the above requirements apply either way.++ 8. Termination.++ You may not propagate or modify a covered work except as expressly+provided under this License. Any attempt otherwise to propagate or+modify it is void, and will automatically terminate your rights under+this License (including any patent licenses granted under the third+paragraph of section 11).++ However, if you cease all violation of this License, then your+license from a particular copyright holder is reinstated (a)+provisionally, unless and until the copyright holder explicitly and+finally terminates your license, and (b) permanently, if the copyright+holder fails to notify you of the violation by some reasonable means+prior to 60 days after the cessation.++ Moreover, your license from a particular copyright holder is+reinstated permanently if the copyright holder notifies you of the+violation by some reasonable means, this is the first time you have+received notice of violation of this License (for any work) from that+copyright holder, and you cure the violation prior to 30 days after+your receipt of the notice.++ Termination of your rights under this section does not terminate the+licenses of parties who have received copies or rights from you under+this License. If your rights have been terminated and not permanently+reinstated, you do not qualify to receive new licenses for the same+material under section 10.++ 9. Acceptance Not Required for Having Copies.++ You are not required to accept this License in order to receive or+run a copy of the Program. Ancillary propagation of a covered work+occurring solely as a consequence of using peer-to-peer transmission+to receive a copy likewise does not require acceptance. However,+nothing other than this License grants you permission to propagate or+modify any covered work. These actions infringe copyright if you do+not accept this License. Therefore, by modifying or propagating a+covered work, you indicate your acceptance of this License to do so.++ 10. Automatic Licensing of Downstream Recipients.++ Each time you convey a covered work, the recipient automatically+receives a license from the original licensors, to run, modify and+propagate that work, subject to this License. You are not responsible+for enforcing compliance by third parties with this License.++ An "entity transaction" is a transaction transferring control of an+organization, or substantially all assets of one, or subdividing an+organization, or merging organizations. If propagation of a covered+work results from an entity transaction, each party to that+transaction who receives a copy of the work also receives whatever+licenses to the work the party's predecessor in interest had or could+give under the previous paragraph, plus a right to possession of the+Corresponding Source of the work from the predecessor in interest, if+the predecessor has it or can get it with reasonable efforts.++ You may not impose any further restrictions on the exercise of the+rights granted or affirmed under this License. For example, you may+not impose a license fee, royalty, or other charge for exercise of+rights granted under this License, and you may not initiate litigation+(including a cross-claim or counterclaim in a lawsuit) alleging that+any patent claim is infringed by making, using, selling, offering for+sale, or importing the Program or any portion of it.++ 11. Patents.++ A "contributor" is a copyright holder who authorizes use under this+License of the Program or a work on which the Program is based. The+work thus licensed is called the contributor's "contributor version".++ A contributor's "essential patent claims" are all patent claims+owned or controlled by the contributor, whether already acquired or+hereafter acquired, that would be infringed by some manner, permitted+by this License, of making, using, or selling its contributor version,+but do not include claims that would be infringed only as a+consequence of further modification of the contributor version. For+purposes of this definition, "control" includes the right to grant+patent sublicenses in a manner consistent with the requirements of+this License.++ Each contributor grants you a non-exclusive, worldwide, royalty-free+patent license under the contributor's essential patent claims, to+make, use, sell, offer for sale, import and otherwise run, modify and+propagate the contents of its contributor version.++ In the following three paragraphs, a "patent license" is any express+agreement or commitment, however denominated, not to enforce a patent+(such as an express permission to practice a patent or covenant not to+sue for patent infringement). To "grant" such a patent license to a+party means to make such an agreement or commitment not to enforce a+patent against the party.++ If you convey a covered work, knowingly relying on a patent license,+and the Corresponding Source of the work is not available for anyone+to copy, free of charge and under the terms of this License, through a+publicly available network server or other readily accessible means,+then you must either (1) cause the Corresponding Source to be so+available, or (2) arrange to deprive yourself of the benefit of the+patent license for this particular work, or (3) arrange, in a manner+consistent with the requirements of this License, to extend the patent+license to downstream recipients. "Knowingly relying" means you have+actual knowledge that, but for the patent license, your conveying the+covered work in a country, or your recipient's use of the covered work+in a country, would infringe one or more identifiable patents in that+country that you have reason to believe are valid.++ If, pursuant to or in connection with a single transaction or+arrangement, you convey, or propagate by procuring conveyance of, a+covered work, and grant a patent license to some of the parties+receiving the covered work authorizing them to use, propagate, modify+or convey a specific copy of the covered work, then the patent license+you grant is automatically extended to all recipients of the covered+work and works based on it.++ A patent license is "discriminatory" if it does not include within+the scope of its coverage, prohibits the exercise of, or is+conditioned on the non-exercise of one or more of the rights that are+specifically granted under this License. You may not convey a covered+work if you are a party to an arrangement with a third party that is+in the business of distributing software, under which you make payment+to the third party based on the extent of your activity of conveying+the work, and under which the third party grants, to any of the+parties who would receive the covered work from you, a discriminatory+patent license (a) in connection with copies of the covered work+conveyed by you (or copies made from those copies), or (b) primarily+for and in connection with specific products or compilations that+contain the covered work, unless you entered into that arrangement,+or that patent license was granted, prior to 28 March 2007.++ Nothing in this License shall be construed as excluding or limiting+any implied license or other defenses to infringement that may+otherwise be available to you under applicable patent law.++ 12. No Surrender of Others' Freedom.++ If conditions are imposed on you (whether by court order, agreement or+otherwise) that contradict the conditions of this License, they do not+excuse you from the conditions of this License. If you cannot convey a+covered work so as to satisfy simultaneously your obligations under this+License and any other pertinent obligations, then as a consequence you may+not convey it at all. For example, if you agree to terms that obligate you+to collect a royalty for further conveying from those to whom you convey+the Program, the only way you could satisfy both those terms and this+License would be to refrain entirely from conveying the Program.++ 13. Use with the GNU Affero General Public License.++ Notwithstanding any other provision of this License, you have+permission to link or combine any covered work with a work licensed+under version 3 of the GNU Affero General Public License into a single+combined work, and to convey the resulting work. The terms of this+License will continue to apply to the part which is the covered work,+but the special requirements of the GNU Affero General Public License,+section 13, concerning interaction through a network will apply to the+combination as such.++ 14. Revised Versions of this License.++ The Free Software Foundation may publish revised and/or new versions of+the GNU General Public License from time to time. Such new versions will+be similar in spirit to the present version, but may differ in detail to+address new problems or concerns.++ Each version is given a distinguishing version number. If the+Program specifies that a certain numbered version of the GNU General+Public License "or any later version" applies to it, you have the+option of following the terms and conditions either of that numbered+version or of any later version published by the Free Software+Foundation. If the Program does not specify a version number of the+GNU General Public License, you may choose any version ever published+by the Free Software Foundation.++ If the Program specifies that a proxy can decide which future+versions of the GNU General Public License can be used, that proxy's+public statement of acceptance of a version permanently authorizes you+to choose that version for the Program.++ Later license versions may give you additional or different+permissions. However, no additional obligations are imposed on any+author or copyright holder as a result of your choosing to follow a+later version.++ 15. Disclaimer of Warranty.++ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.++ 16. Limitation of Liability.++ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF+SUCH DAMAGES.++ 17. Interpretation of Sections 15 and 16.++ If the disclaimer of warranty and limitation of liability provided+above cannot be given local legal effect according to their terms,+reviewing courts shall apply local law that most closely approximates+an absolute waiver of all civil liability in connection with the+Program, unless a warranty or assumption of liability accompanies a+copy of the Program in return for a fee.++ END OF TERMS AND CONDITIONS++ How to Apply These Terms to Your New Programs++ If you develop a new program, and you want it to be of the greatest+possible use to the public, the best way to achieve this is to make it+free software which everyone can redistribute and change under these terms.++ To do so, attach the following notices to the program. It is safest+to attach them to the start of each source file to most effectively+state the exclusion of warranty; and each file should have at least+the "copyright" line and a pointer to where the full notice is found.++ <one line to give the program's name and a brief idea of what it does.>+ Copyright (C) <year> <name of author>++ This program is free software: you can redistribute it and/or modify+ it under the terms of the GNU General Public License as published by+ the Free Software Foundation, either version 3 of the License, or+ (at your option) any later version.++ This program is distributed in the hope that it will be useful,+ but WITHOUT ANY WARRANTY; without even the implied warranty of+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the+ GNU General Public License for more details.++ You should have received a copy of the GNU General Public License+ along with this program. If not, see <http://www.gnu.org/licenses/>.++Also add information on how to contact you by electronic and paper mail.++ If the program does terminal interaction, make it output a short+notice like this when it starts in an interactive mode:++ <program> Copyright (C) <year> <name of author>+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.+ This is free software, and you are welcome to redistribute it+ under certain conditions; type `show c' for details.++The hypothetical commands `show w' and `show c' should show the appropriate+parts of the General Public License. Of course, your program's commands+might be different; for a GUI interface, you would use an "about box".++ You should also get your employer (if you work as a programmer) or school,+if any, to sign a "copyright disclaimer" for the program, if necessary.+For more information on this, and how to apply and follow the GNU GPL, see+<http://www.gnu.org/licenses/>.++ The GNU General Public License does not permit incorporating your program+into proprietary programs. If your program is a subroutine library, you+may consider it more useful to permit linking proprietary applications with+the library. If this is what you want to do, use the GNU Lesser General+Public License instead of this License. But first, please read+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+ Protocol/Arithmetic.hs view
@@ -0,0 +1,304 @@+{-# OPTIONS_GHC -fno-warn-orphans #-}+module Protocol.Arithmetic where++import Control.Arrow (first)+import Control.Monad (Monad(..))+import Data.Bits+import Data.Bool+import Data.Eq (Eq(..))+import Data.Foldable (Foldable, foldl', foldMap)+import Data.Function (($), (.))+import Data.Int (Int)+import Data.Maybe (Maybe(..))+import Data.Ord (Ord(..))+import Data.Semigroup (Semigroup(..))+import Data.String (IsString(..))+import Numeric.Natural (Natural)+import Prelude (Integer, Integral(..), fromIntegral, Enum(..))+import Text.Show (Show(..))+import qualified Control.Monad.Trans.State.Strict as S+import qualified Crypto.Hash as Crypto+import qualified Data.ByteArray as ByteArray+import qualified Data.ByteString as BS+import qualified Data.List as List+import qualified Prelude as N+import qualified System.Random as Random++-- * Type 'F'+-- | The type of the elements of a 'PrimeField'.+--+-- A field must satisfy the following properties:+--+-- * @(f, ('+'), 'zero')@ forms an abelian group,+-- called the 'Additive' group of 'f'.+--+-- * @('NonNull' f, ('*'), 'one')@ forms an abelian group,+-- called the 'Multiplicative' group of 'f'.+--+-- * ('*') is associative:+-- @(a'*'b)'*'c == a'*'(b'*'c)@ and+-- @a'*'(b'*'c) == (a'*'b)'*'c@.+--+-- * ('*') and ('+') are both commutative:+-- @a'*'b == b'*'a@ and+-- @a'+'b == b'+'a@+--+-- * ('*') and ('+') are both left and right distributive:+-- @a'*'(b'+'c) == (a'*'b) '+' (a'*'c)@ and+-- @(a'+'b)'*'c == (a'*'c) '+' (b'*'c)@+--+-- The 'Natural' is always within @[0..'fieldCharac'-1]@.+newtype F p = F { unF :: Natural }+ deriving (Eq,Ord,Show)++inF :: forall p i. PrimeField p => Integral i => i -> F p+inF i = F (abs (fromIntegral i `mod` fieldCharac @p))+ where abs x | x < 0 = x + fieldCharac @p+ | otherwise = x++instance PrimeField p => Additive (F p) where+ zero = F 0+ F x + F y = F ((x + y) `mod` fieldCharac @p)+instance PrimeField p => Negable (F p) where+ neg (F x) | x == 0 = zero+ | otherwise = F (fromIntegral (N.negate (toInteger x) + toInteger (fieldCharac @p)))+instance PrimeField p => Multiplicative (F p) where+ one = F 1+ -- | Because 'fieldCharac' is prime,+ -- all elements of the field are invertible modulo 'fieldCharac'.+ F x * F y = F ((x * y) `mod` fieldCharac @p)+instance PrimeField p => Random.Random (F p) where+ randomR (F lo, F hi) =+ first (F . fromIntegral) .+ Random.randomR+ ( 0`max`toInteger lo+ , toInteger hi`min`(toInteger (fieldCharac @p) - 1))+ random = first (F . fromIntegral) . Random.randomR (0, toInteger (fieldCharac @p) - 1)++-- ** Class 'PrimeField'+-- | Parameter for a prime field.+class PrimeField p where+ -- | The prime number characteristic of a 'PrimeField'.+ --+ -- ElGamal's hardness to decrypt requires a large prime number+ -- to form the 'Multiplicative' 'SubGroup'.+ fieldCharac :: Natural++-- ** Class 'Additive'+class Additive a where+ zero :: a+ (+) :: a -> a -> a; infixl 6 ++ sum :: Foldable f => f a -> a+ sum = foldl' (+) zero+instance Additive Natural where+ zero = 0+ (+) = (N.+)+instance Additive Integer where+ zero = 0+ (+) = (N.+)+instance Additive Int where+ zero = 0+ (+) = (N.+)++-- *** Class 'Negable'+class Additive a => Negable a where+ neg :: a -> a+ (-) :: a -> a -> a; infixl 6 -+ x-y = x + neg y+instance Negable Integer where+ neg = N.negate+instance Negable Int where+ neg = N.negate++-- ** Class 'Multiplicative'+class Multiplicative a where+ one :: a+ (*) :: a -> a -> a; infixl 7 *+instance Multiplicative Natural where+ one = 1+ (*) = (N.*)+instance Multiplicative Integer where+ one = 1+ (*) = (N.*)+instance Multiplicative Int where+ one = 1+ (*) = (N.*)++-- ** Class 'Invertible'+class Multiplicative a => Invertible a where+ inv :: a -> a+ (/) :: a -> a -> a; infixl 7 /+ x/y = x * inv y++-- * Type 'G'+-- | The type of the elements of a 'Multiplicative' 'SubGroup' of a 'PrimeField'.+newtype G q = G { unG :: F (P q) }+ deriving (Eq,Ord,Show)++-- | @('natG' g)@ returns the element of the 'SubGroup' 'g'+-- as an 'Natural' within @[0..'fieldCharac'-1]@.+natG :: SubGroup q => G q -> Natural+natG = unF . unG++instance (SubGroup q, Multiplicative (F (P q))) => Multiplicative (G q) where+ one = G one+ G x * G y = G (x * y)+instance (SubGroup q, Multiplicative (F (P q))) => Invertible (G q) where+ -- | NOTE: add 'groupOrder' so the exponent given to (^) is positive.+ inv = (^ E (neg one + groupOrder @q))++-- ** Class 'SubGroup'+-- | A 'SubGroup' of a 'PrimeField'.+-- Used for signing (Schnorr) and encrypting (ElGamal).+class+ ( PrimeField (P q)+ , Multiplicative (F (P q))+ ) => SubGroup q where+ -- | Setting 'q' determines 'p', equals to @'P' q@.+ type P q :: *+ -- | A generator of the 'SubGroup'.+ -- NOTE: since @F p@ is a 'PrimeField',+ -- the 'Multiplicative' 'SubGroup' is cyclic,+ -- and there are phi('fieldCharac'-1) many choices for the generator of the group,+ -- where phi is the Euler totient function.+ groupGen :: G q+ -- | The order of the 'SubGroup'.+ --+ -- WARNING: 'groupOrder' MUST be a prime number dividing @('fieldCharac'-1)@+ -- to ensure that ensures that ElGamal is secure in terms+ -- of the DDH assumption.+ groupOrder :: F (P q)+ + -- | 'groupGenInverses' returns the infinite list+ -- of 'inv'erse powers of 'groupGen':+ -- @['groupGen' '^' 'neg' i | i <- [0..]]@,+ -- but by computing each value from the previous one.+ --+ -- NOTE: 'groupGenInverses' is in the 'SubGroup' class in order to keep+ -- computed terms in memory accross calls to 'groupGenInverses'.+ --+ -- Used by 'validableEncryption'.+ groupGenInverses :: [G q]+ groupGenInverses = go one+ where+ go g = g : go (g * invGen)+ invGen = inv groupGen++-- | @('hash' prefix gs)@ returns as a number in @('F' p)@+-- the SHA256 of the given 'prefix' prefixing the decimal representation+-- of given 'SubGroup' elements 'gs', each one postfixed with a comma (",").+--+-- Used by 'proveEncryption' and 'validateEncryption',+-- where the 'prefix' contains the 'statement' to be proven,+-- and the 'gs' contains the 'commitments'.+hash ::+ SubGroup q =>+ BS.ByteString -> [G q] -> E q+hash prefix gs =+ let s = prefix <> foldMap (\(G (F i)) -> fromString (show i) <> fromString ",") gs in+ let h = ByteArray.convert (Crypto.hashWith Crypto.SHA256 s) in+ inE (BS.foldl' (\acc b -> acc`shiftL`3 + fromIntegral b) (0::Natural) h)++-- * Type 'E'+-- | An exponent of a (necessarily cyclic) 'SubGroup' of a 'PrimeField'.+-- The value is always in @[0..'groupOrder'-1]@.+newtype E q = E { unE :: F (P q) }+ deriving (Eq,Ord,Show)++inE :: forall q i. SubGroup q => Integral i => i -> E q+inE i = E (F (abs (fromIntegral i `mod` unF (groupOrder @q))))+ where abs x | x < 0 = x + unF (groupOrder @q)+ | otherwise = x++natE :: forall q. SubGroup q => E q -> Natural+natE = unF . unE++instance (SubGroup q, Additive (F (P q))) => Additive (E q) where+ zero = E zero+ E (F x) + E (F y) = E (F ((x + y) `mod` unF (groupOrder @q)))+instance (SubGroup q, Negable (F (P q))) => Negable (E q) where+ neg (E (F x)) | x == 0 = zero+ | otherwise = E (F (fromIntegral ( neg (toInteger x)+ + toInteger (unF (groupOrder @q)) )))+instance (SubGroup q, Multiplicative (F (P q))) => Multiplicative (E q) where+ one = E one+ E (F x) * E (F y) = E (F ((x * y) `mod` unF (groupOrder @q)))+instance SubGroup q => Random.Random (E q) where+ randomR (E (F lo), E (F hi)) =+ first (E . F . fromIntegral) .+ Random.randomR+ ( 0`max`toInteger lo+ , toInteger hi`min`(toInteger (unF (groupOrder @q)) - 1) )+ random =+ first (E . F . fromIntegral) .+ Random.randomR (0, toInteger (unF (groupOrder @q)) - 1)+instance SubGroup q => Enum (E q) where+ toEnum = inE+ fromEnum = fromIntegral . natE+ enumFromTo lo hi = List.unfoldr+ (\i -> if i<=hi then Just (i, i+one) else Nothing) lo++infixr 8 ^+-- | @(b '^' e)@ returns the modular exponentiation of base 'b' by exponent 'e'.+(^) :: SubGroup q => G q -> E q -> G q+(^) b (E (F e))+ | e == zero = one+ | otherwise = t * (b*b) ^ E (F (e`shiftR`1))+ where+ t | testBit e 0 = b+ | otherwise = one++-- * Type 'RandomGen'+type RandomGen = Random.RandomGen++-- | @('randomR' i)@ returns a random integer in @[0..i-1]@.+randomR ::+ Monad m =>+ RandomGen r =>+ Random.Random i =>+ Negable i =>+ Multiplicative i =>+ i -> S.StateT r m i+randomR i = S.StateT $ return . Random.randomR (zero, i-one)++-- | @('random')@ returns a random integer+-- in the range determined by its type.+random ::+ Monad m =>+ RandomGen r =>+ Random.Random i =>+ Negable i =>+ Multiplicative i =>+ S.StateT r m i+random = S.StateT $ return . Random.random++instance Random.Random Natural where+ randomR (mini,maxi) =+ first (fromIntegral::Integer -> Natural) .+ Random.randomR (fromIntegral mini, fromIntegral maxi)+ random = first (fromIntegral::Integer -> Natural) . Random.random++-- * Groups++-- ** Type 'WeakParams'+-- | Weak parameters for debugging purposes only.+data WeakParams+instance PrimeField WeakParams where+ fieldCharac = 263+instance SubGroup WeakParams where+ type P WeakParams = WeakParams+ groupGen = G (F 2)+ groupOrder = F 131++-- ** Type 'BeleniosParams'+-- | Parameters used in Belenios.+-- A 2048-bit 'fieldCharac' of a 'PrimeField',+-- with a 256-bit 'groupOrder' for a 'Multiplicative' 'SubGroup'+-- generated by 'groupGen'.+data BeleniosParams+instance PrimeField BeleniosParams where+ fieldCharac = 20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719+instance SubGroup BeleniosParams where+ type P BeleniosParams = BeleniosParams+ groupGen = G (F 2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627)+ groupOrder = F 78571733251071885079927659812671450121821421258408794611510081919805623223441
+ Protocol/Credential.hs view
@@ -0,0 +1,134 @@+module Protocol.Credential where++import Control.Monad (Monad(..), replicateM)+import Data.Bits+import Data.Bool+import Data.Char (Char)+import Data.Either (Either(..))+import Data.Eq (Eq(..))+import Data.Function (($))+import Data.Functor ((<$>))+import Data.Int (Int)+import Data.Maybe (maybe)+import Data.Ord (Ord(..))+import Data.Text (Text)+import Numeric.Natural (Natural)+import Prelude (Integral(..), fromIntegral, div)+import Text.Show (Show)+import qualified Control.Monad.Trans.State.Strict as S+import qualified Crypto.KDF.PBKDF2 as Crypto+import qualified Data.ByteArray as ByteArray+import qualified Data.ByteString as BS+import qualified Data.Char as Char+import qualified Data.List as List+import qualified Data.Text as Text+import qualified Data.Text.Encoding as Text+import qualified System.Random as Random++import Protocol.Arithmetic++-- * Type 'Credential'+-- | A 'Credential' is a word of @('tokenLength'+1 '==' 15)@-characters+-- from a base alphabet of (@'tokenBase' '==' 58)@ characters:+-- "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"+-- (beware the absence of "0", \"O", \"I", and "l").+-- The last character is a checksum.+-- The entropy is: @('tokenLength' * log 'tokenBase' / log 2) '==' 82.01… bits@.+newtype Credential = Credential Text+ deriving (Eq, Show)++credentialAlphabet :: [Char] -- TODO: make this an array+credentialAlphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"+tokenBase :: Int+tokenBase = List.length credentialAlphabet+tokenLength ::Int+tokenLength = 14++-- | @'randomCredential'@ generates a random 'Credential'.+randomCredential ::+ Monad m =>+ Random.RandomGen r =>+ S.StateT r m Credential+randomCredential = do+ rs <- replicateM tokenLength (randomR (fromIntegral tokenBase))+ let (tot, cs) = List.foldl' (\(acc,ds) d ->+ ( acc * tokenBase + d+ , charOfDigit d : ds )+ ) (zero::Int, []) rs+ let checksum = (neg tot + 53) `mod` 53 -- NOTE: why 53 and not 'tokenBase' ?+ return $ Credential $ Text.reverse $ Text.pack (charOfDigit checksum:cs)+ where+ charOfDigit = (credentialAlphabet List.!!)++-- | @'readCredential'@ reads and check the well-formedness of a 'Credential'+-- from raw 'Text'.+readCredential :: Text -> Either CredentialError Credential+readCredential s+ | Text.length s /= tokenLength + 1 = Left CredentialError_Length+ | otherwise = do+ tot <- Text.foldl'+ (\acc c -> acc >>= \a -> ((a * tokenBase) +) <$> digitOfChar c)+ (Right (zero::Int))+ (Text.init s)+ checksum <- digitOfChar (Text.last s)+ if (tot + checksum) `mod` 53 == 0+ then Right (Credential s)+ else Left CredentialError_Checksum+ where+ digitOfChar c =+ maybe (Left $ CredentialError_BadChar c) Right $+ List.elemIndex c credentialAlphabet++-- ** Type 'CredentialError'+data CredentialError+ = CredentialError_BadChar Char.Char+ | CredentialError_Checksum+ | CredentialError_Length+ deriving (Eq, Show)++-- ** Type 'UUID'+newtype UUID = UUID Text+ deriving (Eq,Ord,Show)++-- | @'randomUUID'@ generates a random 'UUID'.+randomUUID ::+ Monad m =>+ Random.RandomGen r =>+ S.StateT r m UUID+randomUUID = do+ rs <- replicateM tokenLength (randomR (fromIntegral tokenBase))+ let cs = List.foldl' (\ds d -> charOfDigit d : ds) [] rs+ return $ UUID $ Text.reverse $ Text.pack cs+ where+ charOfDigit = (credentialAlphabet List.!!)++-- ** Type 'SecretKey'+type SecretKey = E++-- | @('secretKey' uuid cred)@ returns the 'SecretKey'+-- derived from given 'uuid' and 'cred'+-- using 'Crypto.fastPBKDF2_SHA256'.+secretKey :: SubGroup q => UUID -> Credential -> SecretKey q+secretKey (UUID uuid) (Credential cred) =+ inE $ BS.foldl'+ (\acc b -> acc`shiftL`3 + fromIntegral b)+ (0::Natural)+ (ByteArray.convert deriv)+ where+ deriv :: BS.ByteString+ deriv =+ Crypto.fastPBKDF2_SHA256+ Crypto.Parameters+ { Crypto.iterCounts = 1000+ , Crypto.outputLength = 256 `div` 8+ }+ (Text.encodeUtf8 cred)+ (Text.encodeUtf8 uuid)++-- ** Type 'PublicKey'+type PublicKey = G++-- | @('publicKey' secKey)@ returns the 'PublicKey'+-- derived from given 'SecretKey'.+publicKey :: SubGroup q => SecretKey q -> PublicKey q+publicKey = (groupGen ^)
+ Protocol/Election.hs view
@@ -0,0 +1,511 @@+{-# LANGUAGE DataKinds #-}+{-# LANGUAGE GADTs #-}+{-# LANGUAGE OverloadedStrings #-}+module Protocol.Election where++import Control.Monad (Monad(..), mapM, zipWithM)+import Control.Monad.Morph (MFunctor(..))+import Control.Monad.Trans.Class (MonadTrans(..))+import Data.Bool+import Data.Either (either)+import Data.Eq (Eq(..))+import Data.Foldable (Foldable, foldMap, and)+import Data.Function (($), id, const)+import Data.Functor (Functor, (<$>))+import Data.Functor.Identity (Identity(..))+import Data.Maybe (Maybe(..), fromMaybe)+import Data.Ord (Ord(..))+import Data.Semigroup (Semigroup(..))+import Data.String (IsString(..))+import Data.Text (Text)+import Data.Traversable (Traversable(..))+import Data.Tuple (fst, snd)+import GHC.Natural (minusNaturalMaybe)+import Numeric.Natural (Natural)+import Prelude (error, fromIntegral)+import Text.Show (Show(..))+import qualified Control.Monad.Trans.Except as Exn+import qualified Control.Monad.Trans.State.Strict as S+import qualified Data.ByteString as BS+import qualified Data.List as List++import Protocol.Arithmetic+import Protocol.Credential++-- * Type 'Encryption'+-- | ElGamal-like encryption.+-- Its security relies on the /Discrete Logarithm problem/.+--+-- Because ('groupGen' '^'encNonce '^'secKey '==' 'groupGen' '^'secKey '^'encNonce),+-- knowing @secKey@, one can divide 'encryption_vault' by @('encryption_nonce' '^'secKey)@+-- to decipher @('groupGen' '^'clear)@, then @clear@ must be small to be decryptable,+-- because it is encrypted as a power of 'groupGen' to enable the additive homomorphism.+data Encryption q = Encryption+ { encryption_nonce :: G q+ -- ^ Public part of the random 'encNonce': @('groupGen' '^'encNonce)@+ , encryption_vault :: G q+ -- ^ Encrypted clear: @('pubKey' '^'r '*' 'groupGen' '^'clear)@+ } deriving (Eq,Show)++-- | Additive homomorphism.+-- Using the fact that: @'groupGen' '^'x '*' 'groupGen' '^'y '==' 'groupGen' '^'(x'+'y)@.+instance SubGroup q => Additive (Encryption q) where+ zero = Encryption one one+ x+y = Encryption+ (encryption_nonce x * encryption_nonce y)+ (encryption_vault x * encryption_vault y)++-- *** Type 'EncryptionNonce'+type EncryptionNonce = E++-- | @('encrypt' pubKey clear)@ returns an ElGamal-like 'Encryption'.+--+-- WARNING: the secret encryption nonce (@encNonce@)+-- is returned alongside the 'Encryption'+-- in order to prove the validity of the encrypted clear in 'prove',+-- but this secret @encNonce@ MUST be forgotten after that,+-- as it may be used to decipher the 'Encryption'+-- without the secret key associated with 'pubKey'.+encrypt ::+ Monad m => RandomGen r => SubGroup q =>+ PublicKey q -> E q ->+ S.StateT r m (EncryptionNonce q, Encryption q)+encrypt pubKey clear = do+ encNonce <- random+ -- NOTE: preserve the 'encNonce' for 'prove'.+ return $ (encNonce,)+ Encryption+ { encryption_nonce = groupGen^encNonce+ , encryption_vault = pubKey ^encNonce * groupGen^clear+ -- NOTE: 'clear' is put as exponent in order+ -- to make an additive homomorphism+ -- instead of a multiplicative homomorphism.+ -- log (a*b) = log a + log b+ }++-- * Type 'Proof'+-- | 'Proof' of knowledge of a discrete logarithm:+-- @secret == logBase base (base^secret)@.+--+-- NOTE: Since @(pubKey == 'groupGen' '^'secKey)@, then:+-- @(logBase 'encryption_nonce' ('encryption_vault' '*' 'encryption_nonce') '==' secKey '+' clear)@.+data Proof q = Proof+ { proof_challenge :: Challenge q+ -- ^ 'Challenge' sent by the verifier to the prover+ -- to ensure that the prover really has knowledge+ -- of the secret and is not replaying.+ -- Actually, 'proof_challenge' is not sent in a 'prove',+ -- but derived from the prover's 'Commitment's and statements+ -- with a collision resistant hash.+ , proof_response :: E q+ -- ^ Response sent by the prover to the verifier.+ -- Usually: @nonce '+' sec '*' 'proof_challenge'@.+ --+ -- To be computed efficiently, it requires @sec@:+ -- either the @secKey@ (in 'signature_proof')+ -- or the @encNonce@ (in 'prove').+ } deriving (Eq,Show)++-- ** Type 'Challenge'+type Challenge = E++-- ** Type 'Oracle'+-- An 'Oracle' returns the 'Challenge' of the 'Commitment's+-- by hashing them (eventually with other 'Commitment's).+--+-- Used in 'prove' it enables a Fiat-Shamir transformation+-- of an /interactive zero-knowledge/ (IZK) proof+-- into a /non-interactive zero-knowledge/ (NIZK) proof.+-- That is to say that the verifier does not have+-- to send a 'Challenge' to the prover.+-- Indeed, the prover now handles the 'Challenge'+-- which becomes a (collision resistant) hash+-- of the prover's commitments (and statements to be a stronger proof).+type Oracle list q = list (Commitment q) -> Challenge q++-- | @('prove' sec commitments oracle)@+-- returns a 'Proof' that @sec@ is known.+--+-- The 'Oracle' is given the 'commitments'+-- raised to the power of the secret nonce of the 'Proof',+-- as those are the 'commitments' that the verifier will obtain+-- when composing the 'proof_challenge' and 'proof_response' together+-- (in 'encryptionCommitments').+--+-- NOTE: 'sec' is @secKey@ in 'signature_proof' or @encNonce@ in 'proveEncryption'.+--+-- NOTE: The 'commitments' are @['groupGen']@ in 'signature_proof'+-- or @['groupGen', 'pubKey']@ in 'proveEncryption'.+--+-- WARNING: for 'prove' to be a so-called /strong Fiat-Shamir transformation/ (not a weak):+-- the statement must be included in the hash (not only the commitments).+--+-- NOTE: a 'random' @nonce@ is used to ensure each 'prove'+-- does not reveal any information regarding the secret 'sec'.+prove ::+ Monad m => RandomGen r => SubGroup q => Functor list =>+ E q -> list (Commitment q) -> Oracle list q -> S.StateT r m (Proof q)+prove sec commitments oracle = do+ nonce <- random+ let proof_challenge = oracle $ (^ nonce) <$> commitments+ return Proof+ { proof_challenge+ , proof_response = nonce - sec*proof_challenge+ }++-- ** Type 'Commitment'+type Commitment = G++-- | @('commit' proof x y)@ returns a 'Commitment'+-- from the given 'Proof' with the knowledge of the verifier.+--+-- NOTE: Contrary to Helios-C specifications,+-- @('*')@ is used instead of @('/')@+-- to avoid the performance cost of a modular exponentiation+-- @('^' ('groupOrder' '-' 'one'))@,+-- this is compensated by using @('-')@ instead of @('+')@ in 'prove'.+commit :: SubGroup q => Proof q -> G q -> G q -> Commitment q+commit Proof{..} x y = x^proof_response * y^proof_challenge+{-# INLINE commit #-}++-- ** Type 'Opinion'+-- | Index of a 'Disjunction' within a list of them.+-- It is encrypted as an 'E'xponent by 'encrypt'.+type Opinion = E++-- ** Type 'Disjunction'+-- | A 'Disjunction' is an 'inv'ersed @('groupGen' '^'opinion)@+-- it's used in 'proveEncryption' to generate a 'Proof'+-- that an 'encryption_vault' contains a given @('groupGen' '^'opinion)@,+type Disjunction = G++booleanDisjunctions :: SubGroup q => [Disjunction q]+booleanDisjunctions = List.take 2 groupGenInverses++intervalDisjunctions :: SubGroup q => Opinion q -> Opinion q -> [Disjunction q]+intervalDisjunctions mini maxi =+ List.genericTake (fromMaybe 0 $ (natE maxi + 1)`minusNaturalMaybe`natE mini) $+ List.genericDrop (natE mini) $+ groupGenInverses++-- ** Type 'DisjProof'+-- | A list of 'Proof's to prove that the 'Opinion' within an 'Encryption'+-- is indexing a 'Disjunction' within a list of them,+-- without knowing which 'Opinion' it is.+newtype DisjProof q = DisjProof [Proof q]+ deriving (Eq,Show)++-- | @('proveEncryption' pubKey zkp disjs opin (encNonce, enc))@+-- returns a 'DisjProof' that 'enc' 'encrypt's+-- one of the 'Disjunction's within 'disjs',+-- without revealing which one it is.+--+-- A /NIZK Disjunctive Chaum Pedersen Logarithm Equality/ is used.+proveEncryption ::+ forall m r q.+ Monad m => RandomGen r => SubGroup q =>+ PublicKey q -> ZKP ->+ [Disjunction q] -> Opinion q ->+ (EncryptionNonce q, Encryption q) ->+ S.StateT r (Exn.ExceptT ErrorProove m) (DisjProof q)+proveEncryption pubKey zkp disjs opinion (encNonce, enc)+ | (prevDisjs, _indexedDisj:nextDisjs) <-+ List.genericSplitAt (natE opinion) disjs = do+ -- Fake proofs for all values except the correct one.+ prevFakes <- fakeProof `mapM` prevDisjs+ nextFakes <- fakeProof `mapM` nextDisjs+ let prevProofs = fst <$> prevFakes+ let nextProofs = fst <$> nextFakes+ let challengeSum =+ sum (proof_challenge <$> prevProofs) ++ sum (proof_challenge <$> nextProofs)+ correctProof <- prove encNonce [groupGen, pubKey] $+ -- 'Oracle'+ \correctCommitments ->+ let commitments =+ foldMap snd prevFakes <>+ correctCommitments <>+ foldMap snd nextFakes in+ hash (encryptionStatement zkp enc) commitments - challengeSum+ return $ DisjProof $ prevProofs <> (correctProof : nextProofs)+ | otherwise = lift $ Exn.throwE $+ ErrorProove_InvalidOpinion+ (fromIntegral $ List.length disjs)+ (natE opinion)+ where+ fakeProof :: Disjunction q -> S.StateT r (Exn.ExceptT ErrorProove m) (Proof q, [Commitment q])+ fakeProof disj = do+ -- Returns 'Commitment's verifiables by the verifier,+ -- but computed from random 'proof_challenge' and 'proof_response'+ -- instead of correct ones.+ proof_challenge <- random+ proof_response <- random+ let proof = Proof{..}+ return (proof, encryptionCommitments pubKey enc (disj, proof))++verifyEncryption ::+ Monad m =>+ SubGroup q =>+ PublicKey q -> ZKP ->+ [Disjunction q] ->+ (Encryption q, DisjProof q) ->+ Exn.ExceptT ErrorValidateEncryption m Bool+verifyEncryption pubKey zkp disjs (enc, DisjProof proofs)+ | List.length proofs /= List.length disjs =+ Exn.throwE $ ErrorValidateEncryption_InvalidProofLength+ (fromIntegral $ List.length proofs)+ (fromIntegral $ List.length disjs)+ | otherwise = return $ challengeSum == hash (encryptionStatement zkp enc) commitments+ where+ challengeSum = sum (proof_challenge <$> proofs)+ commitments = foldMap (encryptionCommitments pubKey enc) (List.zip disjs proofs)++encryptionStatement :: SubGroup q => ZKP -> Encryption q -> BS.ByteString+encryptionStatement (ZKP zkp) Encryption{..} =+ "prove|"<>zkp<>"|"<>+ fromString (show (natG encryption_nonce))<>","<>+ fromString (show (natG encryption_vault))<>"|"++-- | @('encryptionCommitments' pubKey enc (disj,proof))@+-- returns the 'Commitment's with only the knowledge of the verifier.+--+-- The 'Proof' comes from 'prove' of @fakeProof@ in 'proveEncryption'.+encryptionCommitments ::+ SubGroup q =>+ PublicKey q -> Encryption q ->+ (Disjunction q, Proof q) -> [G q]+encryptionCommitments pubKey Encryption{..} (disj, proof) =+ [ commit proof groupGen encryption_nonce+ -- == groupGen ^ nonce if 'Proof' comes from 'prove'+ , commit proof pubKey (encryption_vault*disj)+ -- == pubKey ^ nonce if 'Proof' comes from 'prove'+ -- and 'encryption_vault' encrypts (- logBase groupGen disj).+ ]++-- ** Type 'ZKP'+-- | Zero-knowledge proof+newtype ZKP = ZKP BS.ByteString++-- ** Type 'ErrorProove'+-- | Error raised by 'proveEncryption'.+data ErrorProove+ = ErrorProove_InvalidOpinion Natural Natural+ -- ^ When the opinion is not within the number of 'Disjunction's.+ deriving (Eq,Show)++-- ** Type 'ErrorValidateEncryption'+-- | Error raised by 'verifyEncryption'.+data ErrorValidateEncryption+ = ErrorValidateEncryption_InvalidProofLength Natural Natural+ -- ^ When the number of proofs is different than+ -- the number of 'Disjunction's.+ deriving (Eq,Show)++-- * Type 'Question'+data Question q = Question+ { question_text :: Text+ , question_choices :: [Text]+ , question_mini :: Opinion q+ , question_maxi :: Opinion q+ -- , question_blank :: Maybe Bool+ } deriving (Eq, Show)++-- * Type 'Answer'+data Answer q = Answer+ { answer_opinions :: [(Encryption q, DisjProof q)]+ -- ^ Encrypted 'Opinion' for each 'question_choices'+ -- with a 'DisjProof' that they belong to [0,1].+ , answer_sumProof :: DisjProof q+ -- ^ Proofs that the sum of the 'Opinon's encrypted in 'answer_opinions'+ -- is an element of @[mini..maxi]@.+ -- , answer_blankProof ::+ } deriving (Eq,Show)++-- ** Type 'ErrorAnswer'+-- | Error raised by 'encryptAnswer'.+data ErrorAnswer+ = ErrorAnswer_WrongNumberOfOpinions Natural Natural+ -- ^ When the number of opinions is different than+ -- the number of choices ('question_choices').+ | ErrorAnswer_WrongSumOfOpinions Natural Natural Natural+ -- ^ When the sum of opinions is not within the bounds+ -- of 'question_mini' and 'question_maxi'.+ deriving (Eq,Show)++-- | @('encryptAnswer' pubKey zkp quest opinions)@+-- returns an 'Answer' validable by 'verifyAnswer',+-- unless an 'ErrorAnswer' is returned.+encryptAnswer ::+ Monad m => RandomGen r => SubGroup q =>+ PublicKey q -> ZKP ->+ Question q -> [Bool] ->+ S.StateT r (Exn.ExceptT ErrorAnswer m) (Answer q)+encryptAnswer pubKey zkp Question{..} opinionsBools+ | not (question_mini <= opinionsSum && opinionsSum <= question_maxi) =+ lift $ Exn.throwE $+ ErrorAnswer_WrongSumOfOpinions+ (natE opinionsSum)+ (natE question_mini)+ (natE question_maxi)+ | List.length opinions /= List.length question_choices =+ lift $ Exn.throwE $+ ErrorAnswer_WrongNumberOfOpinions+ (fromIntegral $ List.length opinions)+ (fromIntegral $ List.length question_choices)+ | otherwise = do+ encryptions <- encrypt pubKey `mapM` opinions+ hoist (Exn.withExceptT (\case+ ErrorProove_InvalidOpinion{} -> error "encryptAnswer: impossible happened"+ )) $ do+ individualProofs <- zipWithM+ (proveEncryption pubKey zkp booleanDisjunctions)+ opinions encryptions+ sumProof <- proveEncryption pubKey zkp+ (intervalDisjunctions question_mini question_maxi)+ (opinionsSum - question_mini)+ ( sum (fst <$> encryptions) -- NOTE: sum the 'encNonce's+ , sum (snd <$> encryptions) -- NOTE: sum the 'Encryption's+ )+ return $ Answer+ { answer_opinions = List.zip+ (snd <$> encryptions) -- NOTE: drop encNonce+ individualProofs+ , answer_sumProof = sumProof+ }+ where+ opinionsSum = sum opinions+ opinions = (\o -> if o then one else zero) <$> opinionsBools++verifyAnswer ::+ SubGroup q =>+ PublicKey q -> ZKP ->+ Question q -> Answer q -> Bool+verifyAnswer pubKey zkp Question{..} Answer{..}+ | List.length question_choices /= List.length answer_opinions = False+ | otherwise = either (const False) id $ Exn.runExcept $ do+ validOpinions <-+ verifyEncryption pubKey zkp booleanDisjunctions+ `traverse` answer_opinions+ validSum <- verifyEncryption pubKey zkp+ (intervalDisjunctions question_mini question_maxi)+ ( sum (fst <$> answer_opinions)+ , answer_sumProof )+ return (and validOpinions && validSum)++-- * Type 'Election'+data Election q = Election+ { election_name :: Text+ , election_description :: Text+ , election_publicKey :: PublicKey q+ , election_questions :: [Question q]+ , election_uuid :: UUID+ , election_hash :: Hash -- TODO: serialize to JSON to calculate this+ } deriving (Eq,Show)++-- ** Type 'Hash'+newtype Hash = Hash Text+ deriving (Eq,Ord,Show)++-- * Type 'Ballot'+data Ballot q = Ballot+ { ballot_answers :: [Answer q]+ , ballot_signature :: Maybe (Signature q)+ , ballot_election_uuid :: UUID+ , ballot_election_hash :: Hash+ }++-- | @('encryptBallot' elec ('Just' secKey) opinionsByQuest)@+-- returns a 'Ballot' signed by 'secKey' (the voter's secret key)+-- where 'opinionsByQuest' is a list of 'Opinion's+-- on each 'question_choices' of each 'election_questions'.+encryptBallot ::+ Monad m => RandomGen r => SubGroup q =>+ Election q -> Maybe (SecretKey q) -> [[Bool]] ->+ S.StateT r (Exn.ExceptT ErrorBallot m) (Ballot q)+encryptBallot Election{..} secKeyMay opinionsByQuest+ | List.length election_questions /= List.length opinionsByQuest =+ lift $ Exn.throwE $+ ErrorBallot_WrongNumberOfAnswers+ (fromIntegral $ List.length opinionsByQuest)+ (fromIntegral $ List.length election_questions)+ | otherwise = do+ let (keysMay, zkp) =+ case secKeyMay of+ Nothing -> (Nothing, ZKP "")+ Just secKey ->+ ( Just (secKey, pubKey)+ , ZKP (fromString (show (natG pubKey))) )+ where pubKey = groupGen ^ secKey+ ballot_answers <-+ hoist (Exn.withExceptT ErrorBallot_Answer) $+ zipWithM (encryptAnswer election_publicKey zkp)+ election_questions opinionsByQuest+ ballot_signature <- case keysMay of+ Nothing -> return Nothing+ Just (secKey, signature_publicKey) -> do+ signature_proof <-+ prove secKey (Identity groupGen) $+ \(Identity commitment) ->+ hash+ (signatureCommitments zkp commitment)+ (signatureStatement ballot_answers)+ return $ Just Signature{..}+ return Ballot+ { ballot_answers+ , ballot_election_hash = election_hash+ , ballot_election_uuid = election_uuid+ , ballot_signature+ }++verifyBallot :: SubGroup q => Election q -> Ballot q -> Bool+verifyBallot Election{..} Ballot{..} =+ ballot_election_uuid == election_uuid &&+ ballot_election_hash == election_hash &&+ List.length election_questions == List.length ballot_answers &&+ let (isValidSign, zkpSign) =+ case ballot_signature of+ Nothing -> (True, ZKP "")+ Just Signature{..} ->+ let zkp = ZKP (fromString (show (natG signature_publicKey))) in+ (, zkp) $+ proof_challenge signature_proof == hash+ (signatureCommitments zkp (commit signature_proof groupGen signature_publicKey))+ (signatureStatement ballot_answers)+ in+ and $ isValidSign :+ List.zipWith (verifyAnswer election_publicKey zkpSign)+ election_questions ballot_answers++-- ** Type 'Signature'+-- | Schnorr-like signature.+--+-- Used to avoid 'Ballot' stuffing.+data Signature q = Signature+ { signature_publicKey :: PublicKey q+ , signature_proof :: Proof q+ }++-- | @('signatureStatement' answers)@+-- returns all the 'encryption_nonce's and 'encryption_vault's+-- of the given @answers@.+signatureStatement :: Foldable f => SubGroup q => f (Answer q) -> [G q]+signatureStatement =+ foldMap $ \Answer{..} ->+ (`foldMap` answer_opinions) $ \(Encryption{..}, _proof) ->+ [encryption_nonce, encryption_vault]++-- | @('signatureCommitments' zkp commitment)@+-- returns the hashable content from the knowledge of the verifier.+signatureCommitments :: SubGroup q => ZKP -> Commitment q -> BS.ByteString+signatureCommitments (ZKP zkp) commitment =+ "sig|"<>zkp<>"|"<>fromString (show (natG commitment))<>"|"++-- ** Type 'ErrorBallot'+-- | Error raised by 'encryptBallot'.+data ErrorBallot+ = ErrorBallot_WrongNumberOfAnswers Natural Natural+ -- ^ When the number of answers+ -- is different than the number of questions.+ | ErrorBallot_Answer ErrorAnswer+ -- ^ When 'encryptAnswer' raised an 'ErrorAnswer'.+ deriving (Eq,Show)
+ hjugement-protocol.cabal view
@@ -0,0 +1,201 @@+name: hjugement-protocol+-- PVP: +-+------- breaking API changes+-- | | +----- non-breaking API additions+-- | | | +--- code changes with no API change+version: 0.0.0.20190428+category: Politic+synopsis: A cryptographic protocol for the Majority Judgment.+description:+ This work-in-progress library aims at implementing an online voting protocol+ named <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)+ by its authors from the <https://www.cnrs.fr/ CNRS>,+ the <http://www.loria.fr INRIA>+ and the <https://www.univ-lorraine.fr/ Université de Lorraine>:+ <http://www.loria.fr/~cortier/ Véronique Cortier>,+ <https://dgalindo.es/ David Galindo>,+ <http://www.loria.fr/~gaudry/ Pierrick Gaudry>,+ <http://stephane.glondu.net/ Stéphane Glondu>+ and Malika Izabachène.+ .+ (TODO) Actually, this protocol is adapted a little bit here to better support+ a better method of voting known as the <http://libgen.io/book/index.php?md5=BF67AA4298C1CE7633187546AA53E01D Majority Judgment>.+ .+ A large-public introduction (in french) to Helios-C is available here:+ <https://members.loria.fr/VCortier/files/Papers/Bulletin1024-2016.pdf Bulletin de la société informatique de France – numéro 9, novembre 2016>.+ .+ The main properties of this protocol are:+ .+ * /fully correct/: the published result are proven to correspond+ to the (sum of) intended votes of the voters,+ while accounting for a malicious bulletin board (BB) (adding fake ballots)+ by requiring a registration authority (RA)+ (responsible for generating and sending voters' credentials).+ Assuming that the BB and the RA are not simultaneously dishonest.+ .+ * /verifiable/: each voter is able to check that:+ his\/her ballot did contribute to the outcome (/individual verifiability/),+ and that the tallying authorities did their job properly (/universal verifiability/).+ .+ * /private/: the identities of the voters who cast a vote are not publicly revealed.+ .+ More specifically, in this protocol :+ .+ * Ballots are encrypted using public-key cryptography+ secured by the /Discrete Logarithm problem/:+ finding @x@ in @g^x `mod` p@, where @p@ is a large prime+ and @g@ a generator of @Gq@, the multiplicative subgroup of order @q@,+ in @Fp@ (the finite prime field whose characteristic is @p@).+ Here, @p@ is 2048-bit and @q@ is 256-bit.+ The signing (Schnorr-like), the encrypting (ElGamal-like)+ and the /Decisional Diffe Hellman/ (DDH) assumption,+ all rely on the hardness of that problem.+ * Ballots are added without being decrypted+ because adding (multiplying actually) ciphertexts then decrypting,+ is like decrypting then adding plaintexts (/additive homomorphism/).+ Which requires to solve the /Discrete Logarithm Problem/+ for numbers in the order of the number of voters,+ which is not hard for small numbers (with a lookup table as here,+ or with Pollard’s rho algorithm for logarithms).+ * The /Schnorr protocol/ is used to prove that a voter has knowledge+ of the secret key used to sign their votes.+ A voter's credentials is a secret key (the signing key)+ that has a public part (the verification key).+ The association between the public part and the corresponding voter’s identity+ does not need to be known, and actually should not be disclosed to satisfy+ e.g. the French requirements regarding voting systems.+ Using credentials prevent the submission of duplicated ballots+ (because they are added as an additional input to the random oracle+ in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).+ This allows a testing of duplicates which depends only on the size of the number of voters,+ and thus enables Helios-C to scale for larger elections while attaining correctness.+ * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)+ is used to prove that ciphertexts are well-formed+ (encrypting a 0 or a 1… or any expected natural) without decrypting them.+ Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.+ * A /strong Fiat-Shamir transformation/ is used+ to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/+ into a /non-interactive zero-knowledge/ (NIZK) proof, using a SHA256 hash.+ * (TODO) A Pedersen's /distributed key generation/ (DKG) protocol+ coupled with ElGamal keys (under the DDH assumption),+ is used to have a fully distributed semantically secure encryption.+extra-doc-files: +license: GPL-3+license-file: COPYING+stability: experimental+author: Julien Moutinho <julm+hjugement@autogeree.net>+maintainer: Julien Moutinho <julm+hjugement@autogeree.net>+bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>+-- homepage:++build-type: Simple+cabal-version: 1.24+tested-with: GHC==8.4.4+extra-source-files:+ stack.yaml+extra-tmp-files:++Source-Repository head+ location: git://git.autogeree.net/hjugement+ type: git++Library+ exposed-modules:+ Protocol.Arithmetic+ Protocol.Credential+ Protocol.Election+ default-language: Haskell2010+ default-extensions:+ AllowAmbiguousTypes+ ConstraintKinds+ DefaultSignatures+ FlexibleContexts+ FlexibleInstances+ GeneralizedNewtypeDeriving+ LambdaCase+ MonoLocalBinds+ MultiParamTypeClasses+ NamedFieldPuns+ NoImplicitPrelude+ NoMonomorphismRestriction+ RecordWildCards+ ScopedTypeVariables+ TupleSections+ TypeApplications+ TypeFamilies+ TypeOperators+ UndecidableInstances+ ghc-options:+ -Wall+ -Wincomplete-uni-patterns+ -Wincomplete-record-updates+ -fno-warn-tabs+ -- -fhide-source-paths+ build-depends:+ base >= 4.6 && < 5+ , bytestring >= 0.10+ , containers >= 0.5+ , cryptonite >= 0.25+ -- , fixed-vector >= 1.1+ -- , hashable >= 1.2.6+ , memory >= 0.14+ , mmorph >= 1.1+ -- , monad-classes >= 0.3+ , random >= 1.1+ -- , reflection >= 2.1+ , text >= 1.2+ , transformers >= 0.5+ , unordered-containers >= 0.2.8++Test-Suite hjugement-protocol-test+ type: exitcode-stdio-1.0+ hs-source-dirs: test+ main-is: Main.hs+ other-modules:+ HUnit+ HUnit.Arithmetic+ HUnit.Credential+ HUnit.Election+ HUnit.Utils+ -- QuickCheck+ default-language: Haskell2010+ default-extensions:+ AllowAmbiguousTypes+ ConstraintKinds+ DefaultSignatures+ FlexibleContexts+ FlexibleInstances+ GeneralizedNewtypeDeriving+ LambdaCase+ MonoLocalBinds+ MultiParamTypeClasses+ NamedFieldPuns+ NoImplicitPrelude+ NoMonomorphismRestriction+ RecordWildCards+ ScopedTypeVariables+ TupleSections+ TypeApplications+ TypeFamilies+ TypeOperators+ UndecidableInstances+ ghc-options:+ -Wall+ -Wincomplete-uni-patterns+ -Wincomplete-record-updates+ -fno-warn-tabs+ -- -fhide-source-paths+ build-depends:+ hjugement-protocol+ , base >= 4.6 && < 5+ , containers >= 0.5+ , hashable >= 1.2.6+ , QuickCheck >= 2.0+ -- , monad-classes >= 0.3+ , random >= 1.1+ -- , reflection >= 2.1+ , tasty >= 0.11+ , tasty-hunit >= 0.9+ , tasty-quickcheck+ , text >= 1.2+ , transformers >= 0.5+ , unordered-containers >= 0.2.8
+ stack.yaml view
@@ -0,0 +1,5 @@+resolver: lts-12.26+packages:+- '.'+- location: '../hjugement'+ extra-dep: true
+ test/HUnit.hs view
@@ -0,0 +1,13 @@+module HUnit where+import Test.Tasty+import qualified HUnit.Arithmetic+import qualified HUnit.Credential+import qualified HUnit.Election++hunits :: TestTree+hunits =+ testGroup "HUnit"+ [ HUnit.Arithmetic.hunit+ , HUnit.Credential.hunit+ , HUnit.Election.hunit+ ]
+ test/HUnit/Arithmetic.hs view
@@ -0,0 +1,38 @@+{-# LANGUAGE AllowAmbiguousTypes #-}+{-# LANGUAGE OverloadedStrings #-}+module HUnit.Arithmetic where++import Protocol.Arithmetic+import HUnit.Utils++hunit :: TestTree+hunit = testGroup "Arithmetic"+ [ testGroup "inv"+ [ testGroup "WeakParams"+ [ testCase "groupGen" $+ inv (groupGen @WeakParams) @?=+ groupGen ^ E (groupOrder @WeakParams + neg one)+ ]+ , testGroup "BeleniosParams"+ [ testCase "groupGen" $+ inv (groupGen @BeleniosParams) @?=+ groupGen ^ E (groupOrder @BeleniosParams + neg one)+ ]+ ]+ , testGroup "hash"+ [ testGroup "WeakParams"+ [ testCase "[groupGen]" $+ hash "start" [groupGen @WeakParams] @?= inE 80+ , testCase "[groupGen, groupGen]" $+ hash "start" [groupGen @WeakParams, groupGen] @?= inE 117+ ]+ , testGroup "BeleniosParams"+ [ testCase "[groupGen]" $+ hash "start" [groupGen @BeleniosParams] @?=+ inE 1115773133278002110129249165266+ , testCase "[groupGen, groupGen]" $+ hash "start" [groupGen @BeleniosParams, groupGen] @?=+ inE 1237765159213600087872608890753+ ]+ ]+ ]
+ test/HUnit/Credential.hs view
@@ -0,0 +1,53 @@+{-# LANGUAGE AllowAmbiguousTypes #-}+{-# LANGUAGE OverloadedStrings #-}+module HUnit.Credential where++import Control.Applicative (Applicative(..))+import qualified Control.Monad.Trans.State.Strict as S+import qualified System.Random as Random++import Protocol.Arithmetic+import Protocol.Credential+import HUnit.Utils++hunit :: TestTree+hunit = testGroup "Credential"+ [ testGroup "randomCredential"+ [ testCase "0" $+ S.evalState randomCredential (Random.mkStdGen 0) @?=+ Credential "xLcs7ev6Jy6FHHE"+ ]+ , testGroup "randomUUID"+ [ testCase "0" $+ S.evalState randomUUID (Random.mkStdGen 0) @?=+ UUID "xLcs7ev6Jy6FHH"+ ]+ , testGroup "readCredential" $+ let (==>) inp exp =+ testCase (show inp) $ readCredential inp @?= exp in+ [ "" ==> Left CredentialError_Length+ , "xLcs7ev6Jy6FH_E" ==> Left (CredentialError_BadChar '_')+ , "xLcs7ev6Jy6FHIE" ==> Left (CredentialError_BadChar 'I')+ , "xLcs7ev6Jy6FH0E" ==> Left (CredentialError_BadChar '0')+ , "xLcs7ev6Jy6FHOE" ==> Left (CredentialError_BadChar 'O')+ , "xLcs7ev6Jy6FHlE" ==> Left (CredentialError_BadChar 'l')+ , "xLcs7ev6Jy6FH6" ==> Left CredentialError_Length+ , "xLcs7ev6Jy6FHHy1" ==> Left CredentialError_Length+ , "xLcs7ev6Jy6FHHF" ==> Left CredentialError_Checksum+ , "xLcs7ev6Jy6FHHE" ==> Right (Credential "xLcs7ev6Jy6FHHE")+ ]+ , testGroup "secretKey" $+ [ testSecretKey @WeakParams 0 $ E (F 122)+ , testSecretKey @WeakParams 1 $ E (F 35)+ , testSecretKey @BeleniosParams 0 $ E (F 2317630607062989137269685509390)+ , testSecretKey @BeleniosParams 1 $ E (F 1968146140481358915910346867611)+ ]+ ]++testSecretKey :: forall q. SubGroup q => Int -> E q -> TestTree+testSecretKey seed exp =+ let (uuid@(UUID u), cred@(Credential c)) =+ (`S.evalState` Random.mkStdGen seed) $+ (,) <$> randomUUID <*> randomCredential in+ testCase (show (u,c)) $+ secretKey @q uuid cred @?= exp
+ test/HUnit/Election.hs view
@@ -0,0 +1,111 @@+{-# LANGUAGE AllowAmbiguousTypes #-}+{-# LANGUAGE DataKinds #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+module HUnit.Election where++-- import Control.Applicative (Applicative(..))+import qualified Control.Monad.Trans.Except as Exn+import qualified Control.Monad.Trans.State.Strict as S+import qualified Data.List as List+import qualified System.Random as Random++import Protocol.Arithmetic+import Protocol.Credential+import Protocol.Election+import HUnit.Utils++-- * Type 'Params'+class SubGroup q => Params q where+ paramsName :: String+instance Params WeakParams where+ paramsName = "WeakParams"+instance Params BeleniosParams where+ paramsName = "BeleniosParams"++hunit :: TestTree+hunit = testGroup "Election"+ [ testGroup "groupGenInverses"+ [ testCase "WeakParams" $+ List.take 10 (groupGenInverses @WeakParams) @?=+ [groupGen^neg (inE i) | i <- [0..9::Int]]+ , testCase "BeleniosParams" $+ List.take 10 (groupGenInverses @BeleniosParams) @?=+ [groupGen^neg (inE i) | i <- [0..9::Int]]+ ]+ , testGroup "encryptBallot" $+ [ testsEncryptBallot @WeakParams+ , testsEncryptBallot @BeleniosParams+ ]+ ]++testsEncryptBallot :: forall q. Params q => TestTree+testsEncryptBallot =+ testGroup (paramsName @q)+ [ testEncryptBallot @q 0+ [Question "q1" ["a1","a2","a3"] zero one]+ [[True, False, False]]+ (Right True)+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2","a3"] zero one]+ [[False, False, False]]+ (Right True)+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2","a3"] zero one]+ [[False, False, False]]+ (Right True)+ , testEncryptBallot @q 0+ [Question "q1" [] zero one]+ []+ (Left (ErrorBallot_WrongNumberOfAnswers 0 1))+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2"] one one]+ [[True]]+ (Left (ErrorBallot_Answer (ErrorAnswer_WrongNumberOfOpinions 1 2)))+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2","a3"] zero one]+ [[True, True, False]]+ (Left (ErrorBallot_Answer (ErrorAnswer_WrongSumOfOpinions 2 0 1)))+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2","a3"] one one]+ [[False, False, False]]+ (Left (ErrorBallot_Answer (ErrorAnswer_WrongSumOfOpinions 0 1 1)))+ , testEncryptBallot @q 0+ [Question "q1" ["a1","a2"] one one]+ [[False, False, True]]+ (Left (ErrorBallot_Answer (ErrorAnswer_WrongNumberOfOpinions 3 2)))+ , testEncryptBallot @q 0+ [ Question "q1" ["a11","a12","a13"] zero (one+one)+ , Question "q2" ["a21","a22","a23"] one one+ ]+ [ [True, False, True]+ , [False, True, False] ]+ (Right True)+ ]++testEncryptBallot ::+ forall q. SubGroup q =>+ Int -> [Question q] -> [[Bool]] ->+ Either ErrorBallot Bool ->+ TestTree+testEncryptBallot seed quests opins exp =+ let verify =+ Exn.runExcept $+ (`S.evalStateT` Random.mkStdGen seed) $ do+ uuid <- randomUUID+ cred <- randomCredential+ let secKey = secretKey @q uuid cred+ let pubKey = publicKey secKey+ let elec = Election+ { election_name = "election"+ , election_description = "description"+ , election_publicKey = pubKey+ , election_questions = quests+ , election_uuid = uuid+ , election_hash = Hash ""+ }+ verifyBallot elec+ <$> encryptBallot elec (Just secKey) opins+ in+ testCase (show opins) $+ verify @?= exp
+ test/HUnit/Utils.hs view
@@ -0,0 +1,37 @@+module HUnit.Utils+ ( module Test.Tasty+ , module Test.Tasty.HUnit+ , Monad(..), replicateM, when+ , module Data.Bool+ , Eq(..)+ , Either(..)+ , ($), (.)+ , (<$>)+ , Int+ , Maybe(..)+ , Monoid(..)+ , Ord(..)+ , String+ , Text+ , Word8+ , Num, Fractional(..), Integral(..), Integer, undefined, fromIntegral+ , Show(..)+ ) where++import Control.Monad (Monad(..), replicateM, when)+import Data.Bool+import Data.Either (Either(..))+import Data.Eq (Eq(..))+import Data.Function (($), (.))+import Data.Functor ((<$>))+import Data.Int (Int)+import Data.Maybe (Maybe(..))+import Data.Monoid (Monoid(..))+import Data.Ord (Ord(..))+import Data.String (String)+import Data.Text (Text)+import Data.Word (Word8)+import Prelude (Num, Fractional(..), Integral(..), Integer, undefined, fromIntegral)+import Test.Tasty+import Test.Tasty.HUnit+import Text.Show (Show(..))
+ test/Main.hs view
@@ -0,0 +1,15 @@+module Main where++import System.IO (IO)+import Data.Function (($))+import Test.Tasty+-- import QuickCheck+import HUnit++main :: IO ()+main =+ defaultMain $+ testGroup "Protocol"+ [ hunits+ -- , quickchecks+ ]