package org.cryptimeleon.craco.sig.ps;

import org.cryptimeleon.craco.commitment.CommitmentScheme;
import org.cryptimeleon.craco.common.plaintexts.MessageBlock;
import org.cryptimeleon.craco.common.plaintexts.RingElementPlainText;
import org.cryptimeleon.craco.protocols.CommonInput;
import org.cryptimeleon.craco.protocols.SecretInput;
import org.cryptimeleon.craco.protocols.arguments.damgardtechnique.DamgardTechnique;
import org.cryptimeleon.craco.protocols.arguments.sigma.ZnChallengeSpace;
import org.cryptimeleon.craco.protocols.arguments.sigma.instance.SigmaProtocolInstance;
import org.cryptimeleon.craco.protocols.arguments.sigma.instance.SigmaProtocolVerifierInstance;
import org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.DelegateProtocol;
import org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.LinearStatementFragment;
import org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.SendThenDelegateFragment;
import org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.variables.SchnorrZnVariable;
import org.cryptimeleon.craco.protocols.base.BaseProtocol;
import org.cryptimeleon.craco.protocols.base.BaseProtocolInstance;
import org.cryptimeleon.math.structures.cartesian.ExponentExpressionVector;
import org.cryptimeleon.math.structures.groups.GroupElement;
import org.cryptimeleon.math.structures.groups.elliptic.BilinearGroup;
import org.cryptimeleon.math.structures.rings.cartesian.RingElementVector;
import org.cryptimeleon.math.structures.rings.zn.Zn;

/* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol.class */
public class PSBlindSignProtocol extends BaseProtocol {
    protected final CommitmentScheme commitmentSchemeForDamgard;
    protected final PSExtendedSignatureScheme scheme;

    /* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol$BlindSignProtocolInstance.class */
    public static class BlindSignProtocolInstance extends BaseProtocolInstance {
        private final BilinearGroup group;
        private final Zn zn;
        private final PSExtendedVerificationKey commonInput;
        private final ReceiverInput receiverInput;
        private final PSSigningKey signerInput;
        private final PSBlindSignProtocol protocol;
        private GroupElement commitment;
        private Zn.ZnElement blindingFactor;
        private PSSignature resultSignature;
        private SigmaProtocolInstance openingProofInstance;

        /* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol$BlindSignProtocolInstance$OpeningCommonInput.class */
        public static class OpeningCommonInput implements CommonInput {
            public final GroupElement commitment;

            public OpeningCommonInput(GroupElement groupElement) {
                this.commitment = groupElement;
            }
        }

        /* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol$BlindSignProtocolInstance$OpeningProof.class */
        public class OpeningProof extends DelegateProtocol {
            public OpeningProof() {
            }

            @Override // org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.DelegateProtocol
            protected SendThenDelegateFragment.SubprotocolSpec provideSubprotocolSpec(CommonInput commonInput, SendThenDelegateFragment.SubprotocolSpecBuilder subprotocolSpecBuilder) {
                ExponentExpressionVector map = BlindSignProtocolInstance.this.commonInput.getGroup1ElementsYi().map((num, groupElement) -> {
                    return subprotocolSpecBuilder.addZnVariable("m" + num, BlindSignProtocolInstance.this.zn);
                }, ExponentExpressionVector::new);
                SchnorrZnVariable addZnVariable = subprotocolSpecBuilder.addZnVariable("blindingFactor", BlindSignProtocolInstance.this.zn);
                subprotocolSpecBuilder.addSubprotocol("knowledgeOfOpening", new LinearStatementFragment(BlindSignProtocolInstance.this.commonInput.getGroup1ElementsYi().expr().innerProduct(map).op(BlindSignProtocolInstance.this.commonInput.getGroup1ElementG().pow(addZnVariable)).isEqualTo(((OpeningCommonInput) commonInput).commitment)));
                return subprotocolSpecBuilder.build();
            }

            @Override // org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.DelegateProtocol
            protected SendThenDelegateFragment.ProverSpec provideProverSpecWithNoSendFirst(CommonInput commonInput, SecretInput secretInput, SendThenDelegateFragment.ProverSpecBuilder proverSpecBuilder) {
                OpeningSecretInput openingSecretInput = (OpeningSecretInput) secretInput;
                openingSecretInput.message.forEach((num, ringElement) -> {
                    proverSpecBuilder.putWitnessValue("m" + num, (Zn.ZnElement) ringElement);
                });
                proverSpecBuilder.putWitnessValue("blindingFactor", openingSecretInput.blindingFactor);
                return proverSpecBuilder.build();
            }

            @Override // org.cryptimeleon.craco.protocols.arguments.sigma.schnorr.SendThenDelegateProtocol, org.cryptimeleon.craco.protocols.arguments.sigma.SigmaProtocol
            public ZnChallengeSpace getChallengeSpace(CommonInput commonInput) {
                return new ZnChallengeSpace(BlindSignProtocolInstance.this.protocol.scheme.pp.getBilinearGroup().getZn());
            }
        }

        /* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol$BlindSignProtocolInstance$OpeningSecretInput.class */
        public static class OpeningSecretInput implements SecretInput {
            public final RingElementVector message;
            public final Zn.ZnElement blindingFactor;

            public OpeningSecretInput(RingElementVector ringElementVector, Zn.ZnElement znElement) {
                this.message = ringElementVector;
                this.blindingFactor = znElement;
            }
        }

        public BlindSignProtocolInstance(PSBlindSignProtocol pSBlindSignProtocol, String str, PSExtendedVerificationKey pSExtendedVerificationKey, SecretInput secretInput) {
            super(pSBlindSignProtocol, str);
            this.protocol = pSBlindSignProtocol;
            this.commonInput = pSExtendedVerificationKey;
            this.group = pSBlindSignProtocol.scheme.pp.getBilinearGroup();
            this.zn = this.group.getZn();
            this.receiverInput = str.equals("receiver") ? (ReceiverInput) secretInput : null;
            this.signerInput = str.equals("signer") ? (PSSigningKey) secretInput : null;
        }

        @Override // org.cryptimeleon.craco.protocols.base.BaseProtocolInstance
        protected void doRoundForFirstRole(int i) {
            switch (i) {
                case 0:
                    this.blindingFactor = this.zn.getUniformlyRandomElement();
                    this.commitment = this.commonInput.getGroup1ElementsYi().innerProduct(this.receiverInput.message).op(this.commonInput.getGroup1ElementG().pow(this.blindingFactor));
                    send("commitment", this.commitment.getRepresentation());
                    this.openingProofInstance = new DamgardTechnique(new OpeningProof(), this.protocol.commitmentSchemeForDamgard).getProverInstance(new OpeningCommonInput(this.commitment), new OpeningSecretInput(this.receiverInput.message, this.blindingFactor));
                    runSubprotocolConcurrently("openingProof", this.openingProofInstance);
                    return;
                case 1:
                case 2:
                case 3:
                default:
                    return;
                case 4:
                    GroupElement restoreElement = this.group.getG1().restoreElement(receive("sigma0"));
                    this.resultSignature = new PSSignature(restoreElement, this.group.getG1().restoreElement(receive("blindedSigma1")).op(restoreElement.pow(this.blindingFactor.neg())));
                    terminate();
                    return;
            }
        }

        @Override // org.cryptimeleon.craco.protocols.base.BaseProtocolInstance
        protected void doRoundForSecondRole(int i) {
            switch (i) {
                case 1:
                    this.commitment = this.group.getG1().restoreElement(receive("commitment"));
                    SigmaProtocolVerifierInstance verifierInstance = new DamgardTechnique(new OpeningProof(), this.protocol.commitmentSchemeForDamgard).getVerifierInstance(new OpeningCommonInput(this.commitment));
                    this.openingProofInstance = verifierInstance;
                    runSubprotocolConcurrently("openingProof", verifierInstance);
                    return;
                case 3:
                    if (!this.openingProofInstance.isAccepting()) {
                        throw new IllegalStateException("Proof was not accepted");
                    }
                    Zn.ZnElement uniformlyRandomNonzeroElement = this.zn.getUniformlyRandomNonzeroElement();
                    send("sigma0", this.commonInput.getGroup1ElementG().pow(uniformlyRandomNonzeroElement).getRepresentation());
                    send("blindedSigma1", this.commitment.op(this.commonInput.getGroup1ElementG().pow(this.signerInput.getExponentX())).pow(uniformlyRandomNonzeroElement).getRepresentation());
                    terminate();
                    return;
                default:
                    return;
            }
        }

        public PSSignature getResultSignature() {
            return this.resultSignature;
        }
    }

    /* loaded from: input_file:org/cryptimeleon/craco/sig/ps/PSBlindSignProtocol$ReceiverInput.class */
    public static class ReceiverInput implements SecretInput {
        public final RingElementVector message;

        public ReceiverInput(RingElementVector ringElementVector) {
            this.message = ringElementVector;
        }

        public ReceiverInput(MessageBlock messageBlock) {
            this(messageBlock.map(plainText -> {
                return ((RingElementPlainText) plainText).getRingElement();
            }, RingElementVector::new));
        }
    }

    public PSBlindSignProtocol(PSExtendedSignatureScheme pSExtendedSignatureScheme, CommitmentScheme commitmentScheme) {
        super("receiver", "signer");
        this.commitmentSchemeForDamgard = commitmentScheme;
        this.scheme = pSExtendedSignatureScheme;
    }

    public static CommitmentScheme generatePp(PSExtendedSignatureScheme pSExtendedSignatureScheme) {
        return DamgardTechnique.generateCommitmentScheme(pSExtendedSignatureScheme.pp.getBilinearGroup().getG1());
    }

    @Override // org.cryptimeleon.craco.protocols.TwoPartyProtocol
    public BlindSignProtocolInstance instantiateProtocol(String str, CommonInput commonInput, SecretInput secretInput) {
        return new BlindSignProtocolInstance(this, str, (PSExtendedVerificationKey) commonInput, secretInput);
    }

    public BlindSignProtocolInstance instantiateProtocolForSigner(PSExtendedVerificationKey pSExtendedVerificationKey, PSSigningKey pSSigningKey) {
        return instantiateProtocol("signer", (CommonInput) pSExtendedVerificationKey, (SecretInput) pSSigningKey);
    }

    public BlindSignProtocolInstance instantiateProtocolForReceiver(PSExtendedVerificationKey pSExtendedVerificationKey, ReceiverInput receiverInput) {
        return instantiateProtocol("receiver", (CommonInput) pSExtendedVerificationKey, (SecretInput) receiverInput);
    }
}
