allow compression of msk

Author: WeiqiNs

include/aggre.hpp

@@ -1,6 +1,6 @@
 #pragma once
 
-#include "helper.hpp"
+#include "crypto.hpp"
 
 struct AggrePP{
     // Suppose by default the length is 1.
@@ -15,6 +15,11 @@ struct AggreMsk{
     FpVec r;
     FpVec b;
     FpVec bi;
+    int d_int = 0;
+    int r_int = 0;
+    int b_int = 0;
+    bool compress;
+    std::unique_ptr<HMAC> hmac;
 };
 
 class Aggre{
@@ -30,9 +35,11 @@ class Aggre{
     /**
      * Generate master secret key.
      * @param pp the public parameters.
+    * @param key the HMAC key to use.
+     * @param compress boolean to indicate whether to compress the private keys.
      * @return the generated master secret key.
      */
-    static AggreMsk msk_gen(const AggrePP& pp);
+    static AggreMsk msk_gen(const AggrePP& pp, const CharVec& key = {}, const bool& compress = false);
 
     /**
      * Perform the Aggre FE encryption.

include/filter.hpp

@@ -20,7 +20,6 @@ struct FilterMsk{
     int d_int = 0;
     int r_int = 0;
     int b_int = 0;
-    int vec_len = 0;
     bool compress;
     std::unique_ptr<HMAC> hmac;
 };
@@ -40,6 +39,7 @@ class Filter{
      * Generate master secret key.
      * @param pp the public parameters.
      * @param key the HMAC key to use.
+     * @param compress boolean to indicate whether to compress the private keys.
      * @return the generated master secret key.
      */
     static FilterMsk msk_gen(const FilterPP& pp, const CharVec& key = {}, const bool& compress = false);

include/join.hpp

@@ -18,6 +18,11 @@ struct JoinMsk{
     FpVec r;
     FpVec b;
     FpVec bi;
+    int k_int = 0;
+    int d_int = 0;
+    int r_int = 0;
+    int b_int = 0;
+    bool compress;
     std::unique_ptr<HMAC> hmac;
 };
 
@@ -36,9 +41,10 @@ class Join{
      * Generate master secret key.
      * @param pp the public parameters.
      * @param key the HMAC key to use.
+     * @param compress boolean to indicate whether to compress the private keys.
      * @return the generated master secret key.
      */
-    static JoinMsk msk_gen(const JoinPP& pp, const CharVec& key = {});
+    static JoinMsk msk_gen(const JoinPP& pp, const CharVec& key = {}, const bool& compress = false);
 
     /**
      * Perform the Equal-Join encryption.

src/aggre.cpp

@@ -11,19 +11,30 @@ AggrePP Aggre::pp_gen(const int length, const bool pre){
     return pp;
 }
 
-AggreMsk Aggre::msk_gen(const AggrePP& pp){
+AggreMsk Aggre::msk_gen(const AggrePP& pp, const CharVec& key, const bool& compress){
     // Create the msk instance.
     AggreMsk msk;
-
-    // Sample a random point and find its inverse.
-    msk.d = pp.pairing_group->Zp->rand();
-    msk.di = pp.pairing_group->Zp->inv(msk.d);
-
-    // Sample two random vectors and find one of the inverse.
-    msk.r = pp.pairing_group->Zp->rand_vec(pp.l);
-    msk.b = pp.pairing_group->Zp->rand_vec(pp.l);
-    msk.bi = pp.pairing_group->Zp->vec_inv(msk.b);
-
+    // Save whether the values need to be compressed.
+    msk.compress = compress;
+
+    if (compress){
+        // Sample the starting point.
+        msk.d_int = Helper::rand_int();
+        msk.r_int = Helper::rand_int();
+        msk.b_int = Helper::rand_int();
+        // Get the unique point for HMAC.
+        msk.hmac = std::make_unique<HMAC>(key);
+    }
+    else{
+        // Sample a random point and find its inverse.
+        msk.d = pp.pairing_group->Zp->rand();
+        msk.di = pp.pairing_group->Zp->inv(msk.d);
+
+        // Sample two random vectors and find one of the inverse.
+        msk.r = pp.pairing_group->Zp->rand_vec(pp.l);
+        msk.b = pp.pairing_group->Zp->rand_vec(pp.l);
+        msk.bi = pp.pairing_group->Zp->vec_inv(msk.b);
+    }
     return msk;
 }
 
@@ -34,38 +45,106 @@ G1Vec Aggre::enc(const AggrePP& pp, const AggreMsk& msk, const IntVec& x){
     // Sample the random point alpha.
     const Fp alpha = pp.pairing_group->Zp->rand();
 
+    // Create pointers for values that needs to be used.
+    const Fp* d;
+    const FpVec *r, *b;
+    Fp temp_d;
+    FpVec temp_r, temp_b;
+
+    // In this case, first figure out whether the msk values needs to be sampled.
+    if (msk.compress){
+        // Only one value is generated.
+        temp_d = msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.d_int, 1)[0];
+        // Sample r and b.
+        temp_r = msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.r_int, pp.l);
+        temp_b = msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.b_int, pp.l);
+        // Assign the pointers with generated values.
+        d = &temp_d;
+        r = &temp_r;
+        b = &temp_b;
+    }
+    else{
+        // Assign the pointers with values from msk.
+        d = &msk.d;
+        r = &msk.r;
+        b = &msk.b;
+    }
+
     // Compute x + r.
-    const auto xr = pp.pairing_group->Zp->vec_add(x_vec, msk.r);
+    const auto xr = pp.pairing_group->Zp->vec_add(x_vec, *r);
     // Compute b * (x + r).
-    const auto bxr = pp.pairing_group->Zp->vec_mul(xr, msk.b);
+    const auto bxr = pp.pairing_group->Zp->vec_mul(xr, *b);
     // Compute alpha * b * (x + r).
     auto abxr = pp.pairing_group->Zp->vec_mul(bxr, alpha);
     // Add the last point -alpha * delta.
-    abxr.push_back(pp.pairing_group->Zp->neg(pp.pairing_group->Zp->mul(alpha, msk.d)));
+    abxr.push_back(pp.pairing_group->Zp->neg(pp.pairing_group->Zp->mul(alpha, *d)));
 
     // Raise the vector to g1 and return.
     return pp.pairing_group->Gp->g1_raise(abxr);
 }
 
 G2Vec Aggre::keygen(const AggrePP& pp, const AggreMsk& msk, const IntVec& y, int p, const IntVec& sel){
     // Convert the input y integer vector to FpVec.
-    FpVec y_vec = pp.pairing_group->Zp->from_int(y);
+    const FpVec y_vec = pp.pairing_group->Zp->from_int(y);
 
-    // Select r and bi based on the input sel.
-    FpVec sel_r, sel_bi;
-    if (sel.empty()){
-        sel_r = msk.r;
-        sel_bi = msk.bi;
+    // Sample the random point beta.
+    const Fp beta = pp.pairing_group->Zp->rand();
+
+    // Create pointers for values that needs to be used and static variables to hold computed values.
+    const Fp* di;
+    const FpVec *r, *bi;
+    Fp temp_di;
+    FpVec temp_r, temp_bi;
+
+    // In this case, first figure out whether the msk values needs to be sampled.
+    if (msk.compress){
+        // Only one value is generated.
+        temp_di = pp.pairing_group->Zp->inv(
+            msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.d_int, 1)[0]
+        );
+        // Sample r and b.
+        temp_r = msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.r_int, pp.l);
+        // Compute the bi.
+        temp_bi = pp.pairing_group->Zp->vec_inv(
+            msk.hmac->digest_int_to_fp_vec_mod(*pp.pairing_group, msk.b_int, pp.l)
+        );
+
+        // Assign the pointers with generated values.
+        di = &temp_di;
+        r = &temp_r;
+        bi = &temp_bi;
     }
     else{
-        for (auto& i : sel){
-            sel_r.push_back(msk.r[i]);
-            sel_bi.push_back(msk.bi[i]);
-        }
+        // Assign the pointers with values from msk.
+        di = &msk.di;
+        r = &msk.r;
+        bi = &msk.bi;
     }
 
-    // Sample the random point beta.
-    const Fp beta = pp.pairing_group->Zp->rand();
+    // Depends on whether sel is provided, we use the correct set of randomness.
+    if (sel.empty()){
+        // Compute b' * y.
+        const auto biy = pp.pairing_group->Zp->vec_mul(y_vec, *bi);
+        // Compute beta * b' * y.
+        auto bbiy = pp.pairing_group->Zp->vec_mul(biy, beta);
+        // Compute the last point beta * delta' * (p + <r, y>);
+        auto temp = pp.pairing_group->Zp->vec_ip(y_vec, *r);
+        temp = pp.pairing_group->Zp->add(temp, Fp(p));
+        temp = pp.pairing_group->Zp->mul(temp, *di);
+        temp = pp.pairing_group->Zp->mul(temp, beta);
+        // Add the last point.
+        bbiy.push_back(temp);
+
+        // Raise the vector to g2 and return.
+        return pp.pairing_group->Gp->g2_raise(bbiy);
+    }
+
+    // Create the selected vectors.
+    FpVec sel_r, sel_bi;
+    for (auto& i : sel){
+        sel_r.push_back(r->at(i));
+        sel_bi.push_back(bi->at(i));
+    }
 
     // Compute b' * y.
     const auto biy = pp.pairing_group->Zp->vec_mul(y_vec, sel_bi);
@@ -74,7 +153,7 @@ G2Vec Aggre::keygen(const AggrePP& pp, const AggreMsk& msk, const IntVec& y, int
     // Compute the last point beta * delta' * (p + <r, y>);
     auto temp = pp.pairing_group->Zp->vec_ip(y_vec, sel_r);
     temp = pp.pairing_group->Zp->add(temp, Fp(p));
-    temp = pp.pairing_group->Zp->mul(temp, msk.di);
+    temp = pp.pairing_group->Zp->mul(temp, *di);
     temp = pp.pairing_group->Zp->mul(temp, beta);
     // Add the last point.
     bbiy.push_back(temp);