Next: Communication Interfaces, Up: Basic Structures [Contents][Index]
LibTMCG provides several data structures for cards, stacks, and cryptographic keys.
There exist two different encoding schemes that can be used for the digital representation of playing cards. In the scheme of Schindelhauer [Sc98] the type of a card is shared among the players through bit-wise representation by quadratic (non-)residues. Thus the security relies on the well-known QRA (Quadratic Residuosity Assumption). Unfortunately, the size of a card grows linearly in the number of players and logarithmically in the number of card types. Recently the much more efficient solution of Barnett and Smart [BS03] has been implemented. This encoding works on a cyclic group of prime order and requires that the DDH (Decisional Diffie-Hellman Assumption) holds there.
For both schemes LibTMCG provides a structure whose name contains the
suffix Card. This data type is used to represent an open
or even a masked card. Further, there is a corresponding structure whose
name contains the suffix CardSecret. This data type is
used to represent the secret values involved in a card masking operation.
Because of the reduced computational and communication complexity
(see [St05] for more details) the usage of the second card
encoding scheme, i.e. VTMF_Card and VTMF_CardSecret, is
highly recommended.
This struct represents a card in the encoding scheme
of Schindelhauer [Sc98]. The type of the card is shared
among the players by quadratic residues and non-residues,
respectively. Thus the security relies on the Quadratic
Residuosity Assumption.
This k\times w-matrix encodes the type of the corresponding card in a shared way. For each of the k players there is a separate row and for each of the w bits in the binary representation of the type there is a column. The elements are numbers from the group {\bf Z}^{\circ}_{m_i} where m_i is the public modulus of the ith player.
This default constructor initializes the card with an empty
1\times 1-matrix. Later the method
TMCG_Card::resize can be used to enlarge the
card representation.
size_t k, size_t w)This constructor initializes the card with an empty k\times w-matrix. The parameter k is the number of players and w is the maximum number of bits used by the binary representation of the card type.
const TMCG_Card& that)This is a simple copy-constructor and that is the card to be copied.
const TMCG_Card& that)This is a simple assignment-operator and that is the card to be assigned.
const TMCG_Card& that)This operator tests two card representations for equality.
const TMCG_Card& that)This operator tests two card representations for inequality.
size_t k, size_t w)This method resizes the representation of the card.
The current content of the member z will be
released and a new k\times w-matrix is created.
The parameter k is the number of players and
w is the maximum number of bits used by the binary
representation of the card type.
std::string s)This method imports the content of the member z from
the correctly formatted input string s. It returns
true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_Card& card)This operator exports the content of the member z
(of the given TMCG_Card card) to the output
stream out.
std::istream& in, TMCG_Card& card)This operator imports the content of the member z
(of the given TMCG_Card card) from the input
stream in. The data has to be delimited by a newline
character. The failbit of the stream is set, if any
parse error occurred.
This struct represents the secret used for a card masking
operation in the original encoding scheme of Schindelhauer [Sc98].
This k\times w-matrix encodes the first part of the secret. For each of the k players there is a separate row and for each of the w bits in the binary representation of the corresponding card type there is a column. The elements are numbers from the group {\bf Z}^{\circ}_{m_i} where m_i is the public modulus of the ith player.
This k\times w-matrix encodes the second part of the secret. For each of the k players there is a separate row and for each of the w bits in the binary representation of the corresponding card type there is a column. The elements are simply numbers from \{0, 1\}.
This default constructor initializes both members with an empty
1\times 1-matrix. Later the method
TMCG_CardSecret::resize can be used to enlarge the
card representation.
size_t k, size_t w)This constructor initializes both members with an empty k\times w-matrix. The parameter k is the number of players and w is the maximum number of bits used by the binary representation of the corresponding card type.
const TMCG_CardSecret& that)This is a simple copy-constructor and that is the secret to be copied.
const TMCG_CardSecret& that)This is a simple assignment-operator and that is the secret to be assigned.
size_t k, size_t w)This method resizes the representation of the secret.
The current content of the members r and b
will be released and new k\times w-matrices are
created. The parameter k is the number of players and
w is the maximum number of bits used by the binary
representation of the corresponding card type.
std::string s)This method imports the content of the members r and
b from the correctly formatted input string s.
It returns true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_CardSecret& cardsecret)This operator exports the content of the members r
and b (of the given TMCG_CardSecret
cardsecret) to the output stream out.
std::istream& in, TMCG_CardSecret& cardsecret)This operator imports the content of the members r
and b (of the given TMCG_CardSecret
cardsecret) from the input stream in.
The data has to be delimited by a newline character.
The failbit of the stream is set, if any parse error
occurred.
This struct represents a card in the encoding scheme
of Barnett and Smart [BS03]. Here we use the discrete logarithm
based instantiation of their general cryptographic primitive
VTMF (Verifiable k-out-of-k Threshold Masking
Function). The security relies on the DDH assumption in the
underlying abelian group G.
This is the first part of the encrypted card type. It is an element from the underlying group G.
This is the second part of the encrypted card type. It is also an element from the underlying group G.
This default constructor initializes an empty card where
the members c_1 and c_2 are set to zero.
const VTMF_Card& that)This is a simple copy-constructor and that is the card to be copied.
const VTMF_Card& that)This is a simple assignment-operator and that is the card to be assigned.
const VTMF_Card& that)This operator tests two card representations for equality.
const VTMF_Card& that)This operator tests two card representations for inequality.
std::string s)This method imports the content of the members c_1
and c_2 from a correctly formatted input string
s. It returns true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const VTMF_Card& card)This operator exports the content of the members c_1
and c_2 (of the given VTMF_Card card)
to the output stream out.
std::istream& in, VTMF_Card& card)This operator imports the content of the members c_1
and c_2 (of the given VTMF_Card card)
from the input stream in. The data has to be delimited
by a newline character. The failbit of the stream is
set, if any parse error occurred.
This struct represents the secrets used in the card masking
operation by the encoding scheme of Barnett and Smart [BS03].
This member is the exponent (randomizer) used in the masking operation. It should be chosen uniformly and randomly from {\bf Z}_q where q is the order of the finite abelian group G for which the DDH assumption holds.
According to the results of Koshiba and Kurosawa (see Short Exponent
Diffie-Hellman Problems, PKC 2004, LNCS 2947) the length of
this exponent can be shorten to a more efficient size (e.g. 160 bit),
if the corresponding generator of G is adjusted as well. Under the
additional DLSE (Discrete Logarithm with Short Exponents)
assumption the DDH problem in G seems to be still hard.
By such an optimization trick we gain a great performance advantage for
almost all modular exponentiations that are computed during the masking
operation, if the VTMF primitive was instantiated by the later explained
class BarnettSmartVTMF_dlog_GroupQR. Furthermore, the size of the
card secret is substantially reduced which results in an improved
communication complexity.
This default constructor initializes the secret with an
empty member r.
const VTMF_CardSecret& that)This is a simple copy-constructor and that is the secret to be copied.
const VTMF_CardSecret& that)This is a simple assignment-operator and that is the secret to be assigned.
std::string s)This method imports the content of the member r
from the correctly formatted input string s.
It returns true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const VTMF_CardSecret& cardsecret)This operator exports the content of the member r
(of the given VTMF_CardSecret cardsecret)
to the output stream out.
std::istream& in, VTMF_CardSecret& cardsecret)This operator imports the content of the member r
(of the given VTMF_CardSecret cardsecret)
from the input stream in. The data has to be
delimited by a newline character. The failbit of
the stream is set, if any parse error occurred.
All of the following data types are generic containers that can be
instantiated as C++ templates with the former explained Card
and CardSecret data types, respectively. Note the maximum
number of stackable data is upper-bounded by TMCG_MAX_CARDS.
There is no error reported, if this limit is exceeded.
This struct is a simple container for cards of the specified
CardType. Currently, the elements can be either of type
TMCG_Card or VTMF_Card depending on which kind of encoding
scheme is used. The TMCG_Stack structure is mainly used to represent
a stack of masked cards, i.e., playing cards that are stacked in a face-down
manner. It can be either a public stack where all participants have access to
or even a private stack, e.g. the players’ hand. If the corresponding
card types are known it can also serve as an “open stack”, although
TMCG_OpenStack is more suitable in that case.
This is the container that is used internally for storing the cards.
This default constructor initializes an empty stack.
const TMCG_Stack<CardType>& that)This is a simple assignment-operator and that is the stack to be assigned.
const TMCG_Stack<CardType>& that)This operator tests two stacks for equality. It checks whether the sizes of the stacks and the contained cards are equal with respect to the implied order.
const TMCG_Stack<CardType>& that)This operator tests two stacks for inequality. It returns true, if
either the sizes do not match or at least two corresponding cards are
not equal.
const size_t n)This operator provides read-only random access to the contained cards. It returns a const-reference to the nth card from the top of the stack.
const size_t n)This operator provides random access to the contained cards. It returns a reference to the nth card from the top of the stack.
This method returns the size of the stack.
const CardType& c)This method pushes the card c to the back of the stack.
const TMCG_Stack<CardType>& s)This method pushes the stack s to the back of the stack.
const TMCG_OpenStack<CardType>& s)This method pushes the cards of the open stack s to the back of the stack.
This method returns true, if the stack is empty.
CardType& c)This method removes a card from the back and stores the data in c.
It returns true, if the stack was not empty and thus c
contains useful data.
This method clears the stack, i.e., it removes all cards.
const CardType& c)This method returns true, if the card c was found in the
stack.
const CardType& c)This method removes the top-most card from the stack which is equal to
c. It returns true, if the card was found and successfully
removed.
const CardType& c)This method removes every card from the stack which is equal to c. It returns the number of removed cards.
std::string s)This method imports the stack from the correctly formatted input string
s. It returns true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_Stack<CardType>& stack)This operator exports the given stack to the output stream out.
std::istream& in, TMCG_Stack<CardType>& stack)This operator imports the given stack from the input stream in.
The data has to be delimited by a newline character. The failbit of
the stream is set, if any parse error occurred.
This struct is a simple container for cards of the specified
CardType whose types are known. The elements are pairs where
the first component is the type and the second component is the corresponding
card. The card type is represented by a size_t integer. Currently, the
cards can be either of type TMCG_Card or VTMF_Card depending on
which kind of encoding scheme is used.
This is the container that is used internally for storing the pairs.
This default constructor initializes an empty stack.
const TMCG_OpenStack<CardType>& that)This is a simple assignment-operator and that is the stack to be assigned.
const TMCG_OpenStack<CardType>& that)This operator tests two stacks for equality. It checks whether the types, the sizes, and the contained cards are equal with respect to the stack order.
const TMCG_OpenStack<CardType>& that)This operator tests two stacks for inequality. It returns true, if
either the sizes resp. types do not match or at least two corresponding cards
are not equal.
const size_t n)This operator provides read-only random access to the contained pairs. It returns a const-reference to the nth pair from the top of the stack.
const size_t n)This operator provides random access to the contained pairs. It returns a reference to the nth pair from the top of the stack.
This method returns the size of the stack.
const std::pair<size_t, CardType>& p)This method pushes the pair p to the back of the stack. The first component is the type and the second component is the corresponding card representation.
const size_t type, const CardType& c)This method pushes a pair to the back of the stack. The parameter type is the card type and c is the corresponding card representation.
const TMCG_OpenStack<CardType>& s)This method pushes the pairs of the stack s to the back of this stack.
This method returns true, if the stack is empty.
size_t& type, CardType& c)This method removes a pair from the back of the stack. It stores the card type
in type and the representation in c. It returns true, if the stack
was not empty and thus type and c contain useful data.
This method clears the stack, i.e., it removes all pairs.
const size_t type)This method returns true, if a pair with the first component type was
found in the stack.
const size_t type)This method removes the top-most pair with the first component type from the
stack. It returns true, if such a pair was found and successfully removed.
const size_t type)This method removes every pair from the stack whose first component is equal to type. Further it returns the number of removed pairs.
const size_t type, TMCG_Stack<CardType>& s)This method moves the top-most card representation of the given type to another
stack s. It returns true, if such a pair was found and successfully moved.
This destructor releases all occupied resources.
This struct is a simple container for the secrets involved
in the masking operation of cards. Additionally, the permutation
of a corresponding shuffle of the stack is stored.
The elements are pairs where the first component is a permutation
index of type size_t and the second component is a card
secret of the specified CardSecretType. Currently,
such secrets can be either of type TMCG_CardSecret or
VTMF_CardSecret depending on which kind of encoding scheme
is used.
This is the container that is used internally for storing the pairs.
This default constructor initializes an empty stack secret.
const TMCG_StackSecret<CardSecretType>& that)This is a simple assignment-operator and that is the stack secret to be assigned.
const size_t n)This operator provides read-only random access to the contained pairs. It returns a const-reference to the nth pair from the top of the stack secret.
const size_t n)This operator provides random access to the contained pairs. It returns a reference to the nth pair from the top of the stack secret.
This method returns the size of the stack secret.
const size_t index, const CardSecretType& cs)This method pushes a pair to the back of the stack secret. The parameter index is the permutation index and cs is the corresponding card secret.
This method clears the stack secret, i.e., it removes all pairs.
const size_t index)This method searches for a given permutation index in the stack secret. It returns the corresponding position7 in the stack secret, if the index was found. Otherwise, the size of the stack secret is returned. Please note that in this case the returned value is not a valid position for an access to the stack secret.
const size_t index)This method searches for a given permutation index in the stack secret.
It returns true, if such an index was found.
std::string s)This method imports the stack secret from a correctly formatted input string
s. It returns true, if the import was successful.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_StackSecret<CardSecretType>& stacksecret)This operator exports the given stacksecret to the output stream out.
std::istream& in, TMCG_StackSecret<CardSecretType>& stacksecret)This operator imports the given stacksecret from the input stream in.
The data has to be delimited by a newline character. The failbit of
the stream is set, if any parse error occurred.
LibTMCG provides corresponding data types for keys used by the encoding scheme of Schindelhauer [Sc98], because in this scheme it is not efficient to perform the process of key generation for every new game session. These keys are called TMCG keys. However, they also can be utilized to encrypt and sign messages for the more general reasons of confidentiality and integrity, even if the card encoding scheme of Schindelhauer is not used. Therefore these structures may be of independent interest, for example to establish authenticated communication channels between players. However, like for all public key cryptosystems a trusted PKI (Public Key Infrastructure) is needed. This might not be a serious problem in distributed game environments, because the players can include key fingerprints in their individual profile or a service provider can issue public key certificates.
This struct represents the secret part of the key. The
underlying public key cryptosystem is due to Rabin (see Digitalized
Signatures and Public-Key Functions as Intractable as Factorization,
MIT Technical Report 212, 1979) and Williams (see A modification of the
RSA public-key encryption procedure, IEEE Transactions on Information
Theory, 26(6):726–729, 1980) with minor modifications for encryption padding
(SAEP scheme of Boneh [Bo01]) and digital signatures (PRab scheme of
Bellare and Rogaway [BR96]).
This string contains the name or a pseudonym of the key owner.
This string contains the email address of the key owner.
This string contains information about the key type. The common
prefix is TMCG/RABIN. It is followed by the decimal encoded
bit size of the modulus m. The suffix NIZK signals
that the correctness of the key is shown by an appended non-interactive
zero-knowledge proof. The single parts of the description are separated
by underscore characters _, e.g., TMCG/RABIN_2048_NIZK has
the correct form. The suffix can be left empty, if the key is only used
for encryption and signing (so-called non-NIZK key) without card encoding.
This string contains two stages of the non-interactive zero-knowledge proof of Gennaro, Micciancio, and Rabin [GMR98]. The proof shows that m was correctly generated as product of at most two primes and both are congruent to 3 (modulo 4). Further there is another non-interactive zero-knowledge proof appended which shows that the condition y\in{\bf NQR}^\circ_m holds.
This string contains a self signature of the public key.
This is the public modulus m = p \cdot q which is the product
of two secret primes p and q. The size of m
is determined by the security parameter TMCG_QRA_SIZE.
This is the public quadratic non-residue y\in {\bf NQR}^\circ_m which is used in several zero-knowledge proofs of Schindelhauer’s encoding scheme [Sc98].
This is the secret prime number p which is a factor of the modulus m.
This is the secret prime number q which is a factor of the modulus m.
This default constructor initializes an empty secret key.
const std::string& n, const std::string& e, const unsigned long int keysize =TMCG_QRA_SIZE, const bool nizk_key =true)This constructor generates a new secret key, where n is the name or
a pseudonym of the owner, e is a corresponding email address,
keysize is the desired bit length of the modulus m, and
nizk_key indicates whether or not a NIZK proof will be appended. The
default value of the third argument is set to TMCG_QRA_SIZE,
if keysize is omitted in the call. The default value of the fourth
argument is set to true, whenever it is omitted in the call.
Depending on keysize and nizk_key the generation is a very
time-consuming task that should be taken into account by the
application designer.
const std::string& s)This constructor initializes the key from a correctly formatted input string s.
const TMCG_SecretKey& that)This is a simple copy-constructor and that is the key to be copied.
const TMCG_SecretKey& that)This is a simple assignment-operator and that is the key to be assigned.
This method tests whether the self signature is valid and whether the
non-interactive zero-knowledge proofs are sound. It returns true,
if all checks have been successfully passed. Due to the computational
complexity of the verification procedure these checks are a very
time-consuming task.
This method returns the fingerprint of the key. The fingerprint is the
hexadecimal notation of the hash value (using algorithm TMCG_GCRY_MD_ALGO)
on the concatenated members name, email, type,
m, y, nizk, and sig.
This method returns the real value of the self signature. The string
ERROR is returned, if any parse error occurred. The string
SELFSIG-SELFSIG-SELFSIG-SELFSIG-SELFSIG-SELFSIG is returned,
if the self signature sig was empty.
const size_t size =TMCG_KEYID_SIZE)This method returns the unique key identifier of length size.
The default value of the first argument is set to TMCG_KEYID_SIZE,
if size is omitted in the call.
const std::string& s)This method returns the length of the unique key identifier s. Zero is returned, if any parse error occurred.
std::string s)This method returns the unique key identifier which is included in the
signature s. The string ERROR is returned, if any parse
error occurred.
std::string s)This method imports the key from a correctly formatted input string
s. It returns true, if the import was successful.
unsigned char* value, std::string s)This method decrypts the given encryption packet s and stores
the content in value which is a pointer to a character array
of size TMCG_SAEP_S0. The method returns true, if the
decryption was successful.
const std::string& data)This method returns a digital signature on data.
const unsigned char* value)This method encrypts the content of value which is a pointer to a
character array of size TMCG_SAEP_S0. The method returns a
corresponding encryption packet that can be decrypted by the owner of the
secret key.
const std::string& data, std::string s)This method verifies whether the signature s on data is valid
or not. It returns true, if everything was sound.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_SecretKey& key)This operator exports the given key to the output stream out.
std::istream& in, TMCG_SecretKey& key)This operator imports the given key from the input stream in.
The data has to be delimited by a newline character. The failbit
is set, if any parse error occurred.
This struct represents the public part of the TMCG key.
This string contains the name or a pseudonym of the key owner.
This string contains the email address of the key owner.
This string contains information about the key type. The common
prefix is TMCG/RABIN. It is followed by the decimal encoded
bit size of the modulus m. The suffix NIZK signals
that the correctness of the key is shown by an appended non-interactive
zero-knowledge proof. The single parts of the string are separated by underscore
characters _, e.g., TMCG/RABIN_2048_NIZK has the correct
form. However, the suffix can be left empty, if the key is
only used for encryption and signing.
This string contains two stages of non-interactive zero-knowledge proof of Gennaro, Micciancio and Rabin [GMR98]. This gives strong evidence that m was generated correctly. Further there is another non-interactive zero-knowledge proof appended which shows that the condition y\in{\bf NQR}^\circ_m holds.
This string contains the self signature of the public key.
This is the public modulus m = p \cdot q which is the product
of two secret primes p and q. The size of m
is determined by the security parameter TMCG_QRA_SIZE.
This is the public quadratic non-residue y\in {\bf NQR}^\circ_m which is used by several zero-knowledge proofs of the toolbox.
This default constructor initializes an empty public key.
const TMCG_SecretKey& skey)This constructor initializes the key using public values of the secret key skey.
const TMCG_PublicKey& pkey)This is a simple copy-constructor and pkey is the key to be copied.
const TMCG_PublicKey& that)This is a simple assignment-operator and that is the key to be assigned.
This method tests whether the self signature is valid and whether the
non-interactive zero-knowledge proofs are sound. It returns true,
if all checks have been successfully passed. Due to the computational
complexity of the verification procedure these checks are an extremely
time-consuming task.
This method returns the fingerprint of the key. The fingerprint is the
hexadecimal notation of the hash value (using algorithm TMCG_GCRY_MD_ALGO)
on the concatenated members name, email, type,
m, y, nizk, and sig.
This method returns the real value of the self signature. The string
ERROR is returned, if any parse error occurred. The string
SELFSIG-SELFSIG-SELFSIG-SELFSIG-SELFSIG-SELFSIG is returned,
if the self signature sig was empty.
const size_t size =TMCG_KEYID_SIZE)This method returns the unique key identifier of length size.
The default value of the first argument is set to TMCG_KEYID_SIZE,
if size is omitted in the call.
const std::string& s)This method returns the length of the unique key identifier s. Zero is returned, if any parse error occurred.
std::string s)This method returns the unique key identifier which is included in the
signature s. The string ERROR is returned, if any parse
error occurred.
std::string s)This method imports the key from a correctly formatted input string
s. It returns true, if the import was successful.
const unsigned char* value)This method encrypts the content of value which is a pointer to a
character array of size TMCG_SAEP_S0. The method returns a
corresponding encryption packet that can be decrypted by the owner of the
secret key.
const std::string& data, std::string s)This method verifies whether the signature s on data is valid
or not. It returns true, if everything was sound.
This destructor releases all occupied resources.
std::ostream& out, const TMCG_PublicKey& key)This operator exports the given key to the output stream out.
std::istream& in, TMCG_PublicKey& key)This operator imports the given key from the input stream in.
The data has to be delimited by a newline character. The failbit
is set, if any parse error occurred.
This struct is just a simple container for TMCG public keys. There are
no particular methods provided by TMCG_PublicKeyRing. You have to use
the regular interface of the STL container std::vector to access the
single keys of the ring.
This is the real container that is used to store the keys.
This default constructor initializes an empty public key ring.
size_t n)This constructor initializes the container for storing exactly n keys.
This destructor releases all occupied resources.
According to the behavior
of the []-operator, the zero denotes always the top-most position.
Next: Communication Interfaces, Up: Basic Structures [Contents][Index]