package org.cryptimeleon.craco.sig.ps18;

import org.cryptimeleon.craco.common.plaintexts.MessageBlock;
import org.cryptimeleon.craco.common.plaintexts.PlainText;
import org.cryptimeleon.craco.common.plaintexts.RingElementPlainText;
import org.cryptimeleon.craco.sig.Signature;
import org.cryptimeleon.craco.sig.SigningKey;
import org.cryptimeleon.craco.sig.VerificationKey;
import org.cryptimeleon.craco.sig.ps.PSPublicParameters;
import org.cryptimeleon.math.serialization.Representation;
import org.cryptimeleon.math.structures.groups.GroupElement;
import org.cryptimeleon.math.structures.rings.zn.HashIntoZp;
import org.cryptimeleon.math.structures.rings.zn.Zp;

/* loaded from: input_file:org/cryptimeleon/craco/sig/ps18/PS18ROMSignatureScheme.class */
public class PS18ROMSignatureScheme extends PS18SignatureScheme {
    public PS18ROMSignatureScheme(PSPublicParameters pSPublicParameters) {
        super(pSPublicParameters);
    }

    public PS18ROMSignatureScheme(Representation representation) {
        super(representation);
    }

    @Override // org.cryptimeleon.craco.sig.ps18.PS18SignatureScheme, org.cryptimeleon.craco.sig.SignatureScheme
    public Signature sign(PlainText plainText, SigningKey signingKey) {
        if (plainText instanceof RingElementPlainText) {
            plainText = new MessageBlock(plainText);
        }
        if (!(plainText instanceof MessageBlock)) {
            throw new IllegalArgumentException("Plaintext is not a 'MessageBlock' instance.");
        }
        if (!(signingKey instanceof PS18SigningKey)) {
            throw new IllegalArgumentException("Signing key is not a 'PS18SigningKey' instance.");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        PS18SigningKey pS18SigningKey = (PS18SigningKey) signingKey;
        if (messageBlock.length() != pS18SigningKey.getNumberOfMessages()) {
            throw new IllegalArgumentException("Message length does not match length supported by signing key.");
        }
        Zp zp = this.pp.getZp();
        GroupElement compute = this.pp.getBilinearMap().getG1().getUniformlyRandomNonNeutral().compute();
        return new PS18ROMSignature(compute, new PS18SignatureScheme(this.pp).computeSigma2(messageBlock, pS18SigningKey, romHashIntoZp(messageBlock, zp), compute).compute());
    }

    @Override // org.cryptimeleon.craco.sig.ps18.PS18SignatureScheme, org.cryptimeleon.craco.sig.SignatureScheme
    public Boolean verify(PlainText plainText, Signature signature, VerificationKey verificationKey) {
        if (plainText instanceof RingElementPlainText) {
            plainText = new MessageBlock(plainText);
        }
        if (!(plainText instanceof MessageBlock)) {
            throw new IllegalArgumentException("Plaintext is not a 'MessageBlock' instance.");
        }
        if (!(signature instanceof PS18ROMSignature)) {
            throw new IllegalArgumentException("Signature is not a 'PS18Signature' instance.");
        }
        if (!(verificationKey instanceof PS18VerificationKey)) {
            throw new IllegalArgumentException("Public key is not a 'PS18VerificationKey' instance.");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        PS18VerificationKey pS18VerificationKey = (PS18VerificationKey) verificationKey;
        PS18ROMSignature pS18ROMSignature = (PS18ROMSignature) signature;
        if (pS18ROMSignature.getGroup1ElementSigma1().isNeutralElement()) {
            return false;
        }
        return Boolean.valueOf(new PS18SignatureScheme(this.pp).computeLeftHandSide(messageBlock, pS18VerificationKey, romHashIntoZp(messageBlock, this.pp.getZp()), pS18ROMSignature.getGroup1ElementSigma1()).equals(this.pp.getBilinearMap().apply(pS18ROMSignature.getGroup1ElementSigma2(), pS18VerificationKey.getGroup2ElementTildeG())));
    }

    @Override // org.cryptimeleon.craco.sig.ps18.PS18SignatureScheme, org.cryptimeleon.craco.sig.SignatureScheme
    public Signature restoreSignature(Representation representation) {
        return new PS18ROMSignature(representation, this.pp.getBilinearMap().getG1());
    }

    private Zp.ZpElement romHashIntoZp(MessageBlock messageBlock, Zp zp) {
        return new HashIntoZp(zp).hash(messageBlock.getUniqueByteRepresentation());
    }
}
