From 7dc3a88b9bc142e439cb7ab1da5c6ec870201ffa Mon Sep 17 00:00:00 2001
From: Yingtong Li <runassudo@yingtongli.me>
Date: Wed, 3 Jan 2018 13:50:03 +0800
Subject: [PATCH] Use strong Fiat-Shamir in proofs of decryption to protect
 against falsification of proofs

---
 eos/psr/crypto.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/eos/psr/crypto.py b/eos/psr/crypto.py
index 660b723..a7b9493 100644
--- a/eos/psr/crypto.py
+++ b/eos/psr/crypto.py
@@ -144,7 +144,7 @@ class EGPrivateKey(EmbeddedObject):
 		result.commitmentA = pow(self.public_key.group.g, w, self.public_key.group.p)
 		result.commitmentB = pow(ciphertext.gamma, w, self.public_key.group.p)
 		
-		result.challenge = SHA256().update_obj(ciphertext).update_obj(result.commitmentA).update_obj(result.commitmentB).hash_as_bigint()
+		result.challenge = SHA256().update_obj(ciphertext).update_obj(result.commitmentA).update_obj(result.commitmentB).update_obj(result.message).hash_as_bigint()
 		
 		result.response = w + self.x * result.challenge
 		
@@ -175,6 +175,8 @@ class EGCiphertext(EmbeddedObject):
 		return ct.gamma == self.gamma and ct.delta == self.delta
 
 class EGProvedPlaintext(EmbeddedObject):
+	_ver = StringField(default='0.6')
+	
 	message = EmbeddedObjectField(BigInt)
 	
 	ciphertext = EmbeddedObjectField()