diff --git a/AnonymousVoting.sol b/AnonymousVoting.sol index 6782cbb..ceb43fd 100755 --- a/AnonymousVoting.sol +++ b/AnonymousVoting.sol @@ -1,4 +1,4 @@ -pragma solidity ^0.4.3; +pragma solidity ^0.4.17; /** * @title ECCMath @@ -13,9 +13,8 @@ library ECCMath { /// @param a The number. /// @param p The mmodulus. /// @return x such that ax = 1 (mod p) - function invmod(uint a, uint p) internal constant returns (uint) { - if (a == 0 || a == p || p == 0) - throw; + function invmod(uint a, uint p) internal pure returns (uint) { + require(a != 0 && a != p && p != 0); if (a > p) a = a % p; int t1; @@ -39,13 +38,12 @@ library ECCMath { /// @param e The exponent. /// @param m The modulus. /// @return x such that x = b**e (mod m) - function expmod(uint b, uint e, uint m) internal constant returns (uint r) { + function expmod(uint b, uint e, uint m) internal view returns (uint r) { + require(m != 0); if (b == 0) return 0; if (e == 0) return 1; - if (m == 0) - throw; r = 1; uint bit = 2 ** 255; bit = bit; @@ -69,7 +67,7 @@ library ECCMath { /// @param z2Inv The square of zInv /// @param prime The prime modulus. /// @return (Px", Py", 1) - function toZ1(uint[3] memory P, uint zInv, uint z2Inv, uint prime) internal constant { + function toZ1(uint[3] memory P, uint zInv, uint z2Inv, uint prime) internal pure { P[0] = mulmod(P[0], z2Inv, prime); P[1] = mulmod(P[1], mulmod(zInv, z2Inv, prime), prime); P[2] = 1; @@ -80,7 +78,7 @@ library ECCMath { /// @param PJ The point. /// @param prime The prime modulus. /// @return (Px", Py", 1) - function toZ1(uint[3] PJ, uint prime) internal constant { + function toZ1(uint[3] PJ, uint prime) internal pure { uint zInv = invmod(PJ[2], prime); uint zInv2 = mulmod(zInv, zInv, prime); PJ[0] = mulmod(PJ[0], zInv2, prime); @@ -115,7 +113,7 @@ library Secp256k1 { // uint constant beta = "0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"; /// @dev See Curve.onCurve - function onCurve(uint[2] P) internal constant returns (bool) { + function onCurve(uint[2] P) internal view returns (bool) { uint p = pp; if (0 == P[0] || P[0] == p || 0 == P[1] || P[1] == p) return false; @@ -125,13 +123,13 @@ library Secp256k1 { } /// @dev See Curve.isPubKey - function isPubKey(uint[2] memory P) internal constant returns (bool isPK) { + function isPubKey(uint[2] memory P) internal view returns (bool isPK) { isPK = onCurve(P); } /// @dev See Curve.isPubKey // TODO: We assume we are given affine co-ordinates for now - function isPubKey(uint[3] memory P) internal constant returns (bool isPK) { + function isPubKey(uint[3] memory P) internal view returns (bool isPK) { uint[2] memory a_P; a_P[0] = P[0]; a_P[1] = P[1]; @@ -139,7 +137,7 @@ library Secp256k1 { } /// @dev See Curve.validateSignature - function validateSignature(bytes32 message, uint[2] rs, uint[2] Q) internal constant returns (bool) { + function validateSignature(bytes32 message, uint[2] rs, uint[2] Q) internal view returns (bool) { uint n = nn; uint p = pp; if(rs[0] == 0 || rs[0] >= n || rs[1] == 0 || rs[1] > lowSmax) @@ -161,13 +159,13 @@ library Secp256k1 { } /// @dev See Curve.compress - function compress(uint[2] P) internal constant returns (uint8 yBit, uint x) { + function compress(uint[2] P) internal pure returns (uint8 yBit, uint x) { x = P[0]; yBit = P[1] & 1 == 1 ? 1 : 0; } /// @dev See Curve.decompress - function decompress(uint8 yBit, uint x) internal constant returns (uint[2] P) { + function decompress(uint8 yBit, uint x) internal view returns (uint[2] P) { uint p = pp; var y2 = addmod(mulmod(x, mulmod(x, x, p), p), 7, p); var y_ = ECCMath.expmod(y2, (p + 1) / 4, p); @@ -179,7 +177,7 @@ library Secp256k1 { // Point addition, P + Q // inData: Px, Py, Pz, Qx, Qy, Qz // outData: Rx, Ry, Rz - function _add(uint[3] memory P, uint[3] memory Q) internal constant returns (uint[3] memory R) { + function _add(uint[3] memory P, uint[3] memory Q) internal view returns (uint[3] memory R) { if(P[2] == 0) return Q; if(Q[2] == 0) @@ -218,7 +216,7 @@ library Secp256k1 { // Point addition, P + Q. P Jacobian, Q affine. // inData: Px, Py, Pz, Qx, Qy // outData: Rx, Ry, Rz - function _addMixed(uint[3] memory P, uint[2] memory Q) internal constant returns (uint[3] memory R) { + function _addMixed(uint[3] memory P, uint[2] memory Q) internal view returns (uint[3] memory R) { if(P[2] == 0) return [Q[0], Q[1], 1]; if(Q[1] == 0) @@ -258,7 +256,7 @@ library Secp256k1 { } // Same as addMixed but params are different and mutates P. - function _addMixedM(uint[3] memory P, uint[2] memory Q) internal constant { + function _addMixedM(uint[3] memory P, uint[2] memory Q) internal view { if(P[1] == 0) { P[0] = Q[0]; P[1] = Q[1]; @@ -304,7 +302,7 @@ library Secp256k1 { // Point doubling, 2*P // Params: Px, Py, Pz // Not concerned about the 1 extra mulmod. - function _double(uint[3] memory P) internal constant returns (uint[3] memory Q) { + function _double(uint[3] memory P) internal view returns (uint[3] memory Q) { uint p = pp; if (P[2] == 0) return; @@ -320,7 +318,7 @@ library Secp256k1 { } // Same as double but mutates P and is internal only. - function _doubleM(uint[3] memory P) internal constant { + function _doubleM(uint[3] memory P) internal view { uint p = pp; if (P[2] == 0) return; @@ -338,7 +336,7 @@ library Secp256k1 { // Multiplication dP. P affine, wNAF: w=5 // Params: d, Px, Py // Output: Jacobian Q - function _mul(uint d, uint[2] memory P) internal constant returns (uint[3] memory Q) { + function _mul(uint d, uint[2] memory P) internal view returns (uint[3] memory Q) { uint p = pp; if (d == 0) // TODO return; @@ -433,7 +431,7 @@ contract owned { /* Function to dictate that only the designated owner can call a function */ modifier onlyOwner { - if(owner != msg.sender) throw; + require(owner == msg.sender); _; } @@ -520,9 +518,7 @@ contract AnonymousVoting is owned { State public state; modifier inState(State s) { - if(state != s) { - throw; - } + require(state == s); _; } @@ -546,9 +542,7 @@ contract AnonymousVoting is owned { function setEligible(address[] addr) onlyOwner { // We can only handle up 50 people at the moment. - if(totaleligible > 50) { - throw; - } + require(totaleligible <= 50); // Sign up the addresses for(uint i=0; i finishSignupPhase) { - throw; // throw returns the voter's ether, but exhausts their gas. - } + require(block.timestamp <= finishSignupPhase); // Make sure the ether being deposited matches what we expect. if(msg.value != depositrequired) { @@ -1007,9 +999,7 @@ contract AnonymousVoting is owned { for(uint i=0; i p) a = a % p; int t1; @@ -39,13 +38,12 @@ library ECCMath_noconflict { /// @param e The exponent. /// @param m The modulus. /// @return x such that x = b**e (mod m) - function expmod(uint b, uint e, uint m) internal constant returns (uint r) { + function expmod(uint b, uint e, uint m) internal view returns (uint r) { + require(m != 0); if (b == 0) return 0; if (e == 0) return 1; - if (m == 0) - throw; r = 1; uint bit = 2 ** 255; bit = bit; @@ -69,7 +67,7 @@ library ECCMath_noconflict { /// @param z2Inv The square of zInv /// @param prime The prime modulus. /// @return (Px", Py", 1) - function toZ1(uint[3] memory P, uint zInv, uint z2Inv, uint prime) internal constant { + function toZ1(uint[3] memory P, uint zInv, uint z2Inv, uint prime) internal pure { P[0] = mulmod(P[0], z2Inv, prime); P[1] = mulmod(P[1], mulmod(zInv, z2Inv, prime), prime); P[2] = 1; @@ -80,7 +78,7 @@ library ECCMath_noconflict { /// @param PJ The point. /// @param prime The prime modulus. /// @return (Px", Py", 1) - function toZ1(uint[3] PJ, uint prime) internal constant { + function toZ1(uint[3] PJ, uint prime) internal pure { uint zInv = invmod(PJ[2], prime); uint zInv2 = mulmod(zInv, zInv, prime); PJ[0] = mulmod(PJ[0], zInv2, prime); @@ -115,7 +113,7 @@ library Secp256k1_noconflict { // uint constant beta = "0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"; /// @dev See Curve.onCurve - function onCurve(uint[2] P) internal constant returns (bool) { + function onCurve(uint[2] P) internal view returns (bool) { uint p = pp; if (0 == P[0] || P[0] == p || 0 == P[1] || P[1] == p) return false; @@ -125,13 +123,13 @@ library Secp256k1_noconflict { } /// @dev See Curve.isPubKey - function isPubKey(uint[2] memory P) internal constant returns (bool isPK) { + function isPubKey(uint[2] memory P) internal view returns (bool isPK) { isPK = onCurve(P); } /// @dev See Curve.isPubKey // TODO: We assume we are given affine co-ordinates for now - function isPubKey(uint[3] memory P) internal constant returns (bool isPK) { + function isPubKey(uint[3] memory P) internal view returns (bool isPK) { uint[2] memory a_P; a_P[0] = P[0]; a_P[1] = P[1]; @@ -139,7 +137,7 @@ library Secp256k1_noconflict { } /// @dev See Curve.validateSignature - function validateSignature(bytes32 message, uint[2] rs, uint[2] Q) internal constant returns (bool) { + function validateSignature(bytes32 message, uint[2] rs, uint[2] Q) internal view returns (bool) { uint n = nn; uint p = pp; if(rs[0] == 0 || rs[0] >= n || rs[1] == 0 || rs[1] > lowSmax) @@ -161,13 +159,13 @@ library Secp256k1_noconflict { } /// @dev See Curve.compress - function compress(uint[2] P) internal constant returns (uint8 yBit, uint x) { + function compress(uint[2] P) internal pure returns (uint8 yBit, uint x) { x = P[0]; yBit = P[1] & 1 == 1 ? 1 : 0; } /// @dev See Curve.decompress - function decompress(uint8 yBit, uint x) internal constant returns (uint[2] P) { + function decompress(uint8 yBit, uint x) internal view returns (uint[2] P) { uint p = pp; var y2 = addmod(mulmod(x, mulmod(x, x, p), p), 7, p); var y_ = ECCMath_noconflict.expmod(y2, (p + 1) / 4, p); @@ -179,7 +177,7 @@ library Secp256k1_noconflict { // Point addition, P + Q // inData: Px, Py, Pz, Qx, Qy, Qz // outData: Rx, Ry, Rz - function _add(uint[3] memory P, uint[3] memory Q) internal constant returns (uint[3] memory R) { + function _add(uint[3] memory P, uint[3] memory Q) internal view returns (uint[3] memory R) { if(P[2] == 0) return Q; if(Q[2] == 0) @@ -218,7 +216,7 @@ library Secp256k1_noconflict { // Point addition, P + Q. P Jacobian, Q affine. // inData: Px, Py, Pz, Qx, Qy // outData: Rx, Ry, Rz - function _addMixed(uint[3] memory P, uint[2] memory Q) internal constant returns (uint[3] memory R) { + function _addMixed(uint[3] memory P, uint[2] memory Q) internal view returns (uint[3] memory R) { if(P[2] == 0) return [Q[0], Q[1], 1]; if(Q[1] == 0) @@ -258,7 +256,7 @@ library Secp256k1_noconflict { } // Same as addMixed but params are different and mutates P. - function _addMixedM(uint[3] memory P, uint[2] memory Q) internal constant { + function _addMixedM(uint[3] memory P, uint[2] memory Q) internal view { if(P[1] == 0) { P[0] = Q[0]; P[1] = Q[1]; @@ -304,7 +302,7 @@ library Secp256k1_noconflict { // Point doubling, 2*P // Params: Px, Py, Pz // Not concerned about the 1 extra mulmod. - function _double(uint[3] memory P) internal constant returns (uint[3] memory Q) { + function _double(uint[3] memory P) internal view returns (uint[3] memory Q) { uint p = pp; if (P[2] == 0) return; @@ -320,7 +318,7 @@ library Secp256k1_noconflict { } // Same as double but mutates P and is internal only. - function _doubleM(uint[3] memory P) internal constant { + function _doubleM(uint[3] memory P) internal view { uint p = pp; if (P[2] == 0) return; @@ -338,7 +336,7 @@ library Secp256k1_noconflict { // Multiplication dP. P affine, wNAF: w=5 // Params: d, Px, Py // Output: Jacobian Q - function _mul(uint d, uint[2] memory P) internal constant returns (uint[3] memory Q) { + function _mul(uint d, uint[2] memory P) internal view returns (uint[3] memory Q) { uint p = pp; if (d == 0) // TODO return; @@ -473,14 +471,13 @@ contract LocalCrypto { // r = v - xz (mod p); // return(r,vG) function createZKP(uint x, uint v, uint[2] xG) returns (uint[4] res) { + //Must be on the curve! + require(Secp256k1_noconflict.isPubKey(xG)); uint[2] memory G; G[0] = Gx; G[1] = Gy; - if(!Secp256k1_noconflict.isPubKey(xG)) { - throw; //Must be on the curve! - } // Get g^{v} uint[3] memory vG = Secp256k1_noconflict._mul(v, G); @@ -811,9 +808,7 @@ contract LocalCrypto { c_affine[1] = c[1]; // Sanity check that everything worked as expected. - if(!Secp256k1_noconflict.isPubKey(c_affine)) { - throw; //Must be on the curve! - } + assert(Secp256k1_noconflict.isPubKey(c_affine)); return c_affine; } @@ -837,14 +832,8 @@ contract LocalCrypto { // 3. Compute n = h*(r1,r2) + r3. // return t,n. function createEqualityProof(uint r1, uint r2, uint r3, uint[2] c1, uint[2] c2) returns (uint[2] t, uint n) { - - if(!Secp256k1_noconflict.isPubKey(c1)) { - throw; //Must be on the curve! - } - - if(!Secp256k1_noconflict.isPubKey(c2)) { - throw; //Must be on the curve! - } + //Must be on the curve! + require(Secp256k1_noconflict.isPubKey(c1) && Secp256k1_noconflict.isPubKey(c2)); uint[3] memory r3Y = Secp256k1_noconflict._mul(r3,Y); ECCMath_noconflict.toZ1(r3Y, pp); @@ -891,9 +880,7 @@ contract LocalCrypto { // 1. Compute h = H(ID, G, Y, C1, C2, t), where G,Y are generators, C1, C2 are both commitments, and t is random factor. // 2. Does nY == h*(c1-c2) + t function verifyEqualityProof(uint n, uint[2] c1, uint[2] c2, uint[2] t) returns (bool) { - if(!Secp256k1_noconflict.isPubKey(c1)) { throw; } - if(!Secp256k1_noconflict.isPubKey(c2)) { throw; } - if(!Secp256k1_noconflict.isPubKey(t)) { throw; } + require(Secp256k1_noconflict.isPubKey(c1) && Secp256k1_noconflict.isPubKey(c2) && Secp256k1_noconflict.isPubKey(t)); // Time to start trying to verify it... will be moved to another function uint h = uint(sha256(msg.sender, G, Y, c1, c2, t)); @@ -918,9 +905,7 @@ contract LocalCrypto { // 3. n1 = h*(b1-b2) + r3, n2 = h*(r1-r2) + r4. // return random factors t1,t2 and proofs n1,n2. function createInequalityProof(uint b1, uint b2, uint r1, uint r2, uint r3, uint r4, uint[2] c1, uint[2] c2) returns (uint[2] t1, uint[2] t2, uint n1, uint n2) { - - if(!Secp256k1_noconflict.isPubKey(c1)) { throw; } - if(!Secp256k1_noconflict.isPubKey(c2)) { throw; } + require(Secp256k1_noconflict.isPubKey(c1) && Secp256k1_noconflict.isPubKey(c2)); // r3 * G uint[3] memory temp = Secp256k1_noconflict._mul(r3,G); @@ -980,10 +965,7 @@ contract LocalCrypto { // 2. Verify n1G + n2Y = h*(c1-c2) + t1 + t2 // 3. Verify n2Y != h*(c1-c2) + t2 function verifyInequalityProof(uint[2] c1, uint[2] c2, uint[2] t1, uint[2] t2, uint n1, uint n2) returns (bool) { - if(!Secp256k1_noconflict.isPubKey(c1)) { throw; } - if(!Secp256k1_noconflict.isPubKey(c2)) { throw; } - if(!Secp256k1_noconflict.isPubKey(t1)) { throw; } - if(!Secp256k1_noconflict.isPubKey(t2)) { throw; } + require(Secp256k1_noconflict.isPubKey(c1) && Secp256k1_noconflict.isPubKey(c2) && Secp256k1_noconflict.isPubKey(t1) && Secp256k1_noconflict.isPubKey(t2)); uint h = uint(sha256(msg.sender, G, Y, c1, c2, t1, t2));