From 4b96407ab713fe81282b6b7d4d38cc4dbec95a7c Mon Sep 17 00:00:00 2001
From: Christoph Egger <egger@cs.fau.de>
Date: Wed, 15 Jan 2020 17:11:25 +0100
Subject: [PATCH] test & fix

---
 src/SS.cxx           | 71 ++++++++++++++++++++++++++----------
 tests/CMakeLists.txt |  1 +
 tests/testSS.cpp     | 85 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 138 insertions(+), 19 deletions(-)
 create mode 100644 tests/testSS.cpp

diff --git a/src/SS.cxx b/src/SS.cxx
index c762e98..721c004 100644
--- a/src/SS.cxx
+++ b/src/SS.cxx
@@ -6,9 +6,14 @@
 namespace {
 	void dipe_ss_esf(dipe_param_t param, size_t size, size_t m, size_t excl, element_t* elements, element_t* result) {
 		assert(size >= m);
+
+		if (m == 0) {
+			element_set1(*result);
+			return;
+		}
 		
 		/* m = n */
-		if (size == m || (m + 1 == size && excl < size)) {
+		if (size == m || (m + 1 == size && excl <= size)) {
 			assert((size == m) ? excl > size : true);
 			element_set1(*result);
 			for (size_t i = 0; i < size; ++i) {
@@ -57,8 +62,8 @@ namespace {
 				element_init_Zr(result[i][j], param->pairing);
 
 				/* numerator */
-				dipe_ss_esf(param, size, size-i, j, elements, &numerator);
-				if (((size - i) & 1) == 1) {
+				dipe_ss_esf(param, size, size-i-1, j, elements, &numerator);
+				if (((size - i-1) & 1) == 1) {
 					element_neg(numerator, numerator);
 				}
 				
@@ -83,8 +88,10 @@ namespace {
 void dipe_ss_share(dipe_param_t param, size_t id_size, element_t* ids, size_t fid_size, element_t* fake_ids, size_t share_size, element_t** shares,
                    element_t* secret, element_t** dummy_shares) {
 	element_t tmp;
+	element_t tmpz;
 	element_t a_pow;
-	element_init_Zr(tmp, param->pairing);
+	element_init_same_as(tmp, shares[0][0]);
+	element_init_Zr(tmpz, param->pairing);
 	element_init_Zr(a_pow, param->pairing);
 
 	/* Precompute V_I^{-1} needed in several steps */
@@ -96,10 +103,10 @@ void dipe_ss_share(dipe_param_t param, size_t id_size, element_t* ids, size_t fi
 
 	/* Compute Secret */
 	for (size_t k = 0; k < share_size; ++k) {
-		element_set0(secret[k]);
+		element_set1(secret[k]);
 		for (size_t j = 0; j < id_size; ++j) {
-			element_mul(tmp, b[0][j], shares[j][k]);
-			element_add(secret[k], secret[k], tmp);
+			element_pow_zn(tmp, shares[j][k], b[0][j]);
+			element_mul(secret[k], secret[k], tmp);
 		}
 	}
 
@@ -115,32 +122,49 @@ void dipe_ss_share(dipe_param_t param, size_t id_size, element_t* ids, size_t fi
 			element_set1(a_pow);
 			
 			for (size_t k = 0; k < id_size; ++ k) {
-				element_mul(tmp, a_pow, b[k][j]);
-				element_add(ab[i][j], ab[i][j], tmp);
+				element_mul(tmpz, a_pow, b[k][j]);
+				element_add(ab[i][j], ab[i][j], tmpz);
 				element_mul(a_pow, a_pow, fake_ids[i]);
 			}
 		}
 	}
 
-	/* Matrix Product */
+	/* Matrix Product. Note this is an abuse of notation and we're doing scalar * group in additive writing */
 	for (size_t i = 0; i < fid_size; ++ i) {
 		for (size_t j = 0; j < share_size; ++j) {
-			element_init_Zr(dummy_shares[i][j], param->pairing);
-			element_set0(dummy_shares[i][j]);
+			element_init_same_as(dummy_shares[i][j], shares[0][0]);
+			element_set1(dummy_shares[i][j]);
 			for (size_t k = 0; k < id_size; ++k) {
-				element_mul(tmp, ab[i][k], shares[j][k]);
-				element_add(dummy_shares[i][j], dummy_shares[i][j], tmp);
+				element_pow_zn(tmp, shares[k][j], ab[i][k]);
+				element_mul(dummy_shares[i][j], dummy_shares[i][j], tmp);
 			}
 		}
 	}
 
-	/* TODO: cleanup */
+	for (size_t i = 0; i < id_size; ++i) {
+		for (size_t j = 0; j < id_size; ++j) {
+			element_clear(b[i][j]);
+		}
+		free(b[i]);
+	}
+	free(b);
+
+	for (size_t i = 0; i < fid_size; ++i) {
+		for (size_t j = 0; j < id_size; ++j) {
+			element_clear(ab[i][j]);
+		}
+		free(ab[i]);
+	}
+	free(ab);
+	element_clear(tmp);
+	element_clear(tmpz);
+	element_clear(a_pow);
 }
 
 void dipe_ss_recover(dipe_param_t param, size_t id_size, element_t* ids, size_t share_size, element_t** shares, element_t* secret) {
 	element_t tmp;
 	/* TODO: fix type, shares are in G_t here~ */
-	element_init_Zr(tmp, param->pairing);
+	element_init_same_as(tmp, shares[0][0]);
 
 	/* Precompute V_I^{-1} needed in several steps */
 	/* Actually for recover we only need the values b[0][j] */
@@ -152,10 +176,19 @@ void dipe_ss_recover(dipe_param_t param, size_t id_size, element_t* ids, size_t
 
 	/* Compute Secret */
 	for (size_t k = 0; k < share_size; ++k) {
-		element_set0(secret[k]);
+		element_set1(secret[k]);
+		for (size_t j = 0; j < id_size; ++j) {
+			element_pow_zn(tmp, shares[j][k], b[0][j]);
+			element_mul(secret[k], secret[k], tmp);
+		}
+	}
+
+	for (size_t i = 0; i < id_size; ++i) {
 		for (size_t j = 0; j < id_size; ++j) {
-			element_mul(tmp, b[0][j], shares[j][k]);
-			element_add(secret[k], secret[k], tmp);
+			element_clear(b[i][j]);
 		}
+		free(b[i]);
 	}
+	free(b);
+	element_clear(tmp);
 }
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 288ed8c..fa500f4 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -17,4 +17,5 @@ endmacro()
 add_subdirectory(/usr/src/gtest gtest)
 
 package_add_test(testDIPE testDIPE.cpp)
+package_add_test(testSS testSS.cpp)
 package_add_test(testPBC testPBC.cpp)
diff --git a/tests/testSS.cpp b/tests/testSS.cpp
new file mode 100644
index 0000000..d5c1244
--- /dev/null
+++ b/tests/testSS.cpp
@@ -0,0 +1,85 @@
+#include <gtest/gtest.h>
+#include <pbc/pbc.h>
+
+#include "DIPE.h"
+
+static dipe_param_t param;
+
+TEST(SSText, SSBaseTest) {
+	element_t types[3];
+	element_init_G1(types[0], *dipe_get_pairing(param));
+	element_init_G2(types[1], *dipe_get_pairing(param));
+	element_init_GT(types[2], *dipe_get_pairing(param));
+	size_t parties = 7;
+	size_t dummies = 7;
+	
+	element_t shared_secret;
+	element_t recovered_secret;
+
+	element_t* shares[parties];
+	element_t* dummy_shares[dummies];
+	element_t identities[parties];
+	element_t dummy_identities[dummies];
+
+	for (size_t j = 0; j < parties; ++j) {
+		shares[j] = (element_t*)calloc(1, sizeof(element_t));
+		element_init_Zr(identities[j], *dipe_get_pairing(param));
+		element_random(identities[j]);
+
+		if (j < dummies) {
+			dummy_shares[j] = (element_t*)calloc(1, sizeof(element_t));
+			element_init_Zr(dummy_identities[j], *dipe_get_pairing(param));
+			element_random(dummy_identities[j]);
+		}
+	}
+
+	
+	for (size_t i = 0; i < 3; ++i) {
+		element_init_same_as(shared_secret, types[i]);
+		element_init_same_as(recovered_secret, types[i]);
+		
+		for (size_t j = 0; j < parties; ++j) {
+			element_init_same_as(shares[j][0], types[i]);
+			//element_init_same_as(dummy_shares[j][0], types[i]);
+			element_random(shares[j][0]);
+		}
+
+		dipe_ss_share(param, parties, identities, parties, dummy_identities, 1, shares, &shared_secret, dummy_shares);
+		dipe_ss_recover(param, parties, identities, 1, shares, &recovered_secret);
+		EXPECT_EQ(element_cmp(shared_secret, recovered_secret), 0);
+		dipe_ss_recover(param, parties, dummy_identities, 1, dummy_shares, &recovered_secret);
+		EXPECT_EQ(element_cmp(shared_secret, recovered_secret), 0);
+
+		
+		for (size_t j = 0; j < parties; ++j) {
+			element_clear(shares[j][0]);
+			element_clear(dummy_shares[j][0]);
+		}
+		
+		element_clear(shared_secret);
+		element_clear(recovered_secret);
+	}
+
+	for (size_t i = 0; i < 3; ++i) {
+		element_clear(types[i]);
+	}
+	for (size_t j = 0; j < parties; ++j) {
+		element_clear(identities[j]);
+		element_clear(dummy_identities[j]);
+
+		free(shares[j]);
+		free(dummy_shares[j]);
+	}
+}
+
+
+int main(int argc, char **argv) {
+    ::testing::InitGoogleTest(&argc, argv);
+
+	dipe_init(fopen("../tests/a.param", "r"), &param);
+
+	int result = RUN_ALL_TESTS();
+	dipe_free_param(param);
+	return result;
+}
+
-- 
2.39.2