package org.cryptimeleon.craco.sig.sps.akot15.xsig;

import java.util.Objects;
import org.cryptimeleon.craco.common.plaintexts.GroupElementPlainText;
import org.cryptimeleon.craco.common.plaintexts.MessageBlock;
import org.cryptimeleon.craco.common.plaintexts.PlainText;
import org.cryptimeleon.craco.sig.MultiMessageStructurePreservingSignatureScheme;
import org.cryptimeleon.craco.sig.Signature;
import org.cryptimeleon.craco.sig.SignatureKeyPair;
import org.cryptimeleon.craco.sig.SigningKey;
import org.cryptimeleon.craco.sig.VerificationKey;
import org.cryptimeleon.craco.sig.sps.SPSMessageSpaceVerifier;
import org.cryptimeleon.math.serialization.ListRepresentation;
import org.cryptimeleon.math.serialization.Representation;
import org.cryptimeleon.math.serialization.annotations.ReprUtil;
import org.cryptimeleon.math.serialization.annotations.Represented;
import org.cryptimeleon.math.structures.groups.Group;
import org.cryptimeleon.math.structures.groups.GroupElement;
import org.cryptimeleon.math.structures.groups.elliptic.BilinearMap;
import org.cryptimeleon.math.structures.rings.zn.Zp;

/* loaded from: input_file:org/cryptimeleon/craco/sig/sps/akot15/xsig/SPSXSIGSignatureScheme.class */
public class SPSXSIGSignatureScheme implements MultiMessageStructurePreservingSignatureScheme, SPSMessageSpaceVerifier {

    @Represented
    private SPSXSIGPublicParameters pp;

    public SPSXSIGSignatureScheme(SPSXSIGPublicParameters sPSXSIGPublicParameters) {
        this.pp = sPSXSIGPublicParameters;
    }

    public SPSXSIGSignatureScheme(Representation representation) {
        new ReprUtil(this).deserialize(representation);
    }

    public SPSXSIGPublicParameters getPublicParameters() {
        return this.pp;
    }

    @Override // org.cryptimeleon.craco.sig.StandardMultiMessageSignatureScheme
    public SignatureKeyPair<SPSXSIGVerificationKey, SPSXSIGSigningKey> generateKeyPair(int i) {
        if (this.pp.getMessageLength().intValue() != i) {
            throw new IllegalArgumentException(String.format("The scheme expected messageLength %d, but was: %d", this.pp.getMessageLength(), Integer.valueOf(i)));
        }
        Zp.ZpElement uniformlyRandomElement = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement2 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement3 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement4 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement5 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement6 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement7 = this.pp.getZp().getUniformlyRandomElement();
        GroupElement group1ElementG = this.pp.getGroup1ElementG();
        GroupElement group2ElementH = this.pp.getGroup2ElementH();
        GroupElement compute = group2ElementH.pow(uniformlyRandomElement7).compute();
        GroupElement compute2 = group2ElementH.pow(uniformlyRandomElement6).compute();
        GroupElement compute3 = group2ElementH.pow(uniformlyRandomElement6.mul(uniformlyRandomElement7)).compute();
        GroupElement compute4 = group2ElementH.pow(uniformlyRandomElement.add(uniformlyRandomElement6.mul(uniformlyRandomElement2))).compute();
        GroupElement compute5 = compute4.pow(uniformlyRandomElement7).compute();
        GroupElement compute6 = group2ElementH.pow(uniformlyRandomElement3).compute();
        return new SignatureKeyPair<>(new SPSXSIGVerificationKey(compute, compute2, compute3, compute4, compute5, compute6, group1ElementG.pow(uniformlyRandomElement4).compute(), !uniformlyRandomElement4.isZero() ? group2ElementH.pow(uniformlyRandomElement5.mul(uniformlyRandomElement7).div(uniformlyRandomElement4)).compute() : group2ElementH.getStructure().getUniformlyRandomElement()), new SPSXSIGSigningKey(compute6, group1ElementG.pow(uniformlyRandomElement5).compute(), group1ElementG.pow(uniformlyRandomElement7).compute(), group1ElementG.pow(uniformlyRandomElement).compute(), group1ElementG.pow(uniformlyRandomElement2).compute()));
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public Signature sign(PlainText plainText, SigningKey signingKey) {
        doMessageChecks(plainText);
        MessageBlock messageBlock = (MessageBlock) plainText;
        if (!(signingKey instanceof SPSXSIGSigningKey)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        SPSXSIGSigningKey sPSXSIGSigningKey = (SPSXSIGSigningKey) signingKey;
        Zp.ZpElement uniformlyRandomElement = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement uniformlyRandomElement2 = this.pp.getZp().getUniformlyRandomElement();
        Zp.ZpElement add = uniformlyRandomElement.add(uniformlyRandomElement2);
        Zp.ZpElement uniformlyRandomElement3 = this.pp.getZp().getUniformlyRandomElement();
        GroupElement group2ElementV6 = sPSXSIGSigningKey.getGroup2ElementV6();
        for (int i = 0; i < messageBlock.length(); i++) {
            group2ElementV6 = group2ElementV6.op(((GroupElementPlainText) ((MessageBlock) messageBlock.get(i)).get(2)).get());
        }
        return new SPSXSIGSignature(group2ElementV6.pow(uniformlyRandomElement).compute(), new GroupElement[]{sPSXSIGSigningKey.getGroup1ElementK1().op(sPSXSIGSigningKey.getGroup1ElementK3().pow(add)).compute(), sPSXSIGSigningKey.getGroup1ElementK4().pow(add).op(this.pp.getGroup1ElementG().pow(uniformlyRandomElement3.neg()).compute()).compute(), sPSXSIGSigningKey.getGroup1ElementK2().pow(uniformlyRandomElement3).compute(), sPSXSIGSigningKey.getGroup1ElementK2().pow(uniformlyRandomElement2).compute(), this.pp.getGroup1ElementG().pow(uniformlyRandomElement).compute()});
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public Boolean verify(PlainText plainText, Signature signature, VerificationKey verificationKey) {
        doMessageChecks(plainText);
        if (!(verificationKey instanceof SPSXSIGVerificationKey)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        if (!(signature instanceof SPSXSIGSignature)) {
            throw new IllegalArgumentException("Not a valid signature for this scheme");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        SPSXSIGVerificationKey sPSXSIGVerificationKey = (SPSXSIGVerificationKey) verificationKey;
        SPSXSIGSignature sPSXSIGSignature = (SPSXSIGSignature) signature;
        BilinearMap bilinearMap = this.pp.getBilinearMap();
        return Boolean.valueOf(verifyFirstPPE(bilinearMap, sPSXSIGSignature, sPSXSIGVerificationKey, messageBlock) && verifySecondPPE(bilinearMap, sPSXSIGSignature, sPSXSIGVerificationKey) && verifyThirdPPE(bilinearMap, messageBlock) && verifyFourthPPE(bilinearMap, messageBlock));
    }

    private boolean verifyFirstPPE(BilinearMap bilinearMap, SPSXSIGSignature sPSXSIGSignature, SPSXSIGVerificationKey sPSXSIGVerificationKey, MessageBlock messageBlock) {
        GroupElement group2ElementV6 = sPSXSIGVerificationKey.getGroup2ElementV6();
        for (int i = 0; i < messageBlock.length(); i++) {
            group2ElementV6 = group2ElementV6.op(((GroupElementPlainText) ((MessageBlock) messageBlock.get(i)).get(2)).get());
        }
        return bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[4], group2ElementV6.compute()).compute().equals(bilinearMap.apply(this.pp.getGroup1ElementG(), sPSXSIGSignature.getGroup2ElementSigma0()).compute());
    }

    private boolean verifySecondPPE(BilinearMap bilinearMap, SPSXSIGSignature sPSXSIGSignature, SPSXSIGVerificationKey sPSXSIGVerificationKey) {
        GroupElement op = bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[0], sPSXSIGVerificationKey.getGroup2ElementV1()).op(bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[1], sPSXSIGVerificationKey.getGroup2ElementV3())).op(bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[2], sPSXSIGVerificationKey.getGroup2ElementV2()));
        op.compute();
        GroupElement op2 = bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[3], sPSXSIGVerificationKey.getGroup2ElementV4()).op(bilinearMap.apply(sPSXSIGSignature.getGroup1ElementsSigma()[4], sPSXSIGVerificationKey.getGroup2ElementV5())).op(bilinearMap.apply(sPSXSIGVerificationKey.getGroup1ElementV7(), sPSXSIGVerificationKey.getGroup2ElementV8()));
        op2.compute();
        return op.equals(op2);
    }

    private boolean verifyThirdPPE(BilinearMap bilinearMap, MessageBlock messageBlock) {
        for (int i = 0; i < messageBlock.length(); i++) {
            MessageBlock messageBlock2 = (MessageBlock) messageBlock.get(i);
            GroupElement groupElement = ((GroupElementPlainText) messageBlock2.get(0)).get();
            GroupElement apply = bilinearMap.apply(this.pp.getGroup1ElementF1(), ((GroupElementPlainText) messageBlock2.get(2)).get());
            apply.compute();
            GroupElement apply2 = bilinearMap.apply(this.pp.getGroup1ElementsU()[i], groupElement);
            apply2.compute();
            if (!apply.equals(apply2)) {
                return false;
            }
        }
        return true;
    }

    private boolean verifyFourthPPE(BilinearMap bilinearMap, MessageBlock messageBlock) {
        for (int i = 0; i < messageBlock.length(); i++) {
            MessageBlock messageBlock2 = (MessageBlock) messageBlock.get(i);
            GroupElement groupElement = ((GroupElementPlainText) messageBlock2.get(1)).get();
            GroupElement apply = bilinearMap.apply(this.pp.getGroup1ElementF2(), ((GroupElementPlainText) messageBlock2.get(2)).get());
            apply.compute();
            GroupElement apply2 = bilinearMap.apply(this.pp.getGroup1ElementsU()[i], groupElement);
            apply2.compute();
            if (!apply.equals(apply2)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.cryptimeleon.craco.sig.sps.SPSMessageSpaceVerifier
    public void doMessageChecks(PlainText plainText, int i, Group group) {
        doMessageChecks(plainText);
    }

    private void doMessageChecks(PlainText plainText) {
        if (!(plainText instanceof MessageBlock)) {
            throw new IllegalArgumentException("The scheme requires its messages to a MessageBlock");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        if (messageBlock.length() != this.pp.getMessageLength().intValue()) {
            throw new IllegalArgumentException(String.format("The scheme expected a message of length %d, but the size was: %d", this.pp.getMessageLength(), Integer.valueOf(messageBlock.length())));
        }
        for (int i = 0; i < messageBlock.length(); i++) {
            if (!(messageBlock.get(i) instanceof MessageBlock)) {
                throw new IllegalArgumentException(String.format("The scheme requires its messages to only contain inner MessageBlocks, but element %d was %s", Integer.valueOf(i), ((PlainText) messageBlock.get(i)).getClass()));
            }
            MessageBlock messageBlock2 = (MessageBlock) messageBlock.get(i);
            if (messageBlock2.length() != 3) {
                throw new IllegalArgumentException(String.format("The scheme requires its inner MessageBlocks to contain three elements, but element %d contained: %d elements", Integer.valueOf(i), Integer.valueOf(messageBlock2.length())));
            }
            for (int i2 = 0; i2 < messageBlock2.length(); i2++) {
                if (!(messageBlock2.get(i2) instanceof GroupElementPlainText)) {
                    throw new IllegalArgumentException(String.format("The scheme requires its inner MessageBlocks to contain GroupElements, but element %d was of type: %s", Integer.valueOf(i), ((PlainText) messageBlock.get(i)).getClass().toString()));
                }
                GroupElementPlainText groupElementPlainText = (GroupElementPlainText) messageBlock2.get(i2);
                if (!groupElementPlainText.get().getStructure().equals(this.pp.getG2GroupGenerator().getStructure())) {
                    throw new IllegalArgumentException(String.format("Expected message elements to be in G_2, but element %d in inner MessageBlock %d was in: %s", Integer.valueOf(i2), Integer.valueOf(i), groupElementPlainText.get().getStructure().toString()));
                }
            }
        }
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText restorePlainText(Representation representation) {
        ListRepresentation listRepresentation = (ListRepresentation) representation;
        Representation[] representationArr = new Representation[listRepresentation.size()];
        for (int i = 0; i < representationArr.length; i++) {
            representationArr[i] = listRepresentation.get(i);
        }
        MessageBlock[] messageBlockArr = new MessageBlock[representationArr.length];
        for (int i2 = 0; i2 < representationArr.length; i2++) {
            messageBlockArr[i2] = new MessageBlock(representationArr[i2], representation2 -> {
                return new GroupElementPlainText(representation2, this.pp.getG2GroupGenerator().getStructure());
            });
        }
        return new MessageBlock(messageBlockArr);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public Signature restoreSignature(Representation representation) {
        return new SPSXSIGSignature(representation, this.pp.getG1GroupGenerator().getStructure(), this.pp.getG2GroupGenerator().getStructure());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public SigningKey restoreSigningKey(Representation representation) {
        return new SPSXSIGSigningKey(this.pp.getG1GroupGenerator().getStructure(), this.pp.getG2GroupGenerator().getStructure(), representation);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public VerificationKey restoreVerificationKey(Representation representation) {
        return new SPSXSIGVerificationKey(this.pp.getG1GroupGenerator().getStructure(), this.pp.getG2GroupGenerator().getStructure(), representation);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText mapToPlaintext(byte[] bArr, VerificationKey verificationKey) {
        if (this.pp == null) {
            throw new NullPointerException("Number of messages is stored in public parameters but they are not set");
        }
        return mapToPlaintext(bArr, this.pp.getMessageLength().intValue());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText mapToPlaintext(byte[] bArr, SigningKey signingKey) {
        if (this.pp == null) {
            throw new NullPointerException("Number of messages is stored in public parameters but they are not set");
        }
        return mapToPlaintext(bArr, this.pp.getMessageLength().intValue());
    }

    private MessageBlock mapToPlaintext(byte[] bArr, int i) {
        GroupElementPlainText[] groupElementPlainTextArr = new GroupElementPlainText[i];
        groupElementPlainTextArr[0] = new GroupElementPlainText(this.pp.getG1GroupGenerator().pow(this.pp.getZp().injectiveValueOf(bArr)));
        for (int i2 = 1; i2 < groupElementPlainTextArr.length; i2++) {
            groupElementPlainTextArr[i2] = new GroupElementPlainText(this.pp.getG1GroupGenerator());
        }
        return new MessageBlock(new MessageBlock(groupElementPlainTextArr), new MessageBlock(new PlainText[0]));
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public int getMaxNumberOfBytesForMapToPlaintext() {
        return (this.pp.getG1GroupGenerator().getStructure().size().bitLength() - 1) / 8;
    }

    public Representation getRepresentation() {
        return ReprUtil.serialize(this);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.pp, ((SPSXSIGSignatureScheme) obj).pp);
    }

    public int hashCode() {
        return Objects.hash(this.pp);
    }
}
