Paillier Zero Knowledge proof

[gbenattar]

Pull request: mortendahl/rust-paillier#2.

The purpose of this task is to add Zero Knowledge proof that a Paillier public key (EK) was generated correctly.

Reference: Subsection 3.1 of Fast Secure Two-Party ECDSA Signing.

Example of scenario:

(1) Prover send EK to Verifier
(2) Verifier generates a challenge, send it to Prover
(3) Prover send a proof to Verifier based on his challenge
(4) Verifier verifies that EK is ligitimate by using his challenge and Prover's proof

Basic trait proposal:

pub struct CorrectInputProof<I> {
    pub e : I,
    pub z : Vec<I>,
}

pub struct CorrectKeyProof<I> {
    pub proof : I,
}

pub trait ProveCorrectKey<I, EK, DK> {
    fn generate_challenge(ek: &EK) -> (Vec<I>, CorrectInputProof<I>, Vec<I>);
    fn prove(dk: &DK, challenge: &Vec<I>, correct_input_proof: &CorrectInputProof<I>)
        -> Result<CorrectKeyProof<I>, ProofError>;
    fn verify(correct_key_proof: &CorrectKeyProof<I>, y: &Vec<I>) -> Result<(), ProofError>;
}

let (ek, dk) = test_keypair().keys();

let (challenge, correct_input_proof, y) = AbstractPaillier::generate_challenge(&ek);
let proof_results = AbstractPaillier::prove(&dk, &challenge, &correct_input_proof);
assert!(proof_results.is_ok());

let result = AbstractPaillier::verify(&proof_results.unwrap(), &y);
assert!(result.is_ok());