Relax bounds on KV range proofs, simplify CLS range proof

Signed-off-by: lovesh <[email protected]>

Cargo.toml

@@ -48,6 +48,7 @@ blake2 = { version = "0.10", default-features = false }
 ark-bls12-381 = { version = "^0.4.0", default-features = false, features = [ "curve" ] }
 ark-secp256r1 = { version = "^0.4.0", default-features = false }
 itertools = "0.12.1"
+sha3 = { version = "0.10.6", default-features = false }
 
 [profile.release]
 lto = true

README.md

@@ -55,6 +55,9 @@ For WASM, build as `cargo build --no-default-features --features=wasmer-js --tar
 The above maybe slower as it runs the tests in debug mode and some tests work on large inputs. 
 For running tests faster, run `cargo test --release`
 
+Some tess might cause a stack overflow error. To fix that, increase the stack size to about 8MB as
+
+`RUST_MIN_STACK=8388608 cargo test` or `RUST_MIN_STACK=8388608 cargo test --release`
 
 ## Benchmarking
 

bbs_plus/Cargo.toml

@@ -19,7 +19,6 @@ ark-std.workspace = true
 digest.workspace = true
 rayon = {workspace = true, optional = true}
 itertools.workspace = true
-sha3 = { version = "0.10.6", default-features = false }
 serde.workspace = true
 serde_with.workspace = true
 zeroize.workspace = true
@@ -33,7 +32,6 @@ blake2.workspace = true
 ark-bls12-381.workspace = true
 serde_json = "1.0"
 rmp-serde = "1.0"
-ark-poly.workspace = true
 test_utils = { path = "../test_utils" }
 
 [features]

bbs_plus/src/threshold/threshold_bbs.rs

@@ -36,7 +36,8 @@ pub struct Phase1Output<F: PrimeField> {
 }
 
 /// A share of the BBS signature created by one signer. A client will aggregate many such shares to
-/// create the final signature.
+/// create the final signature. Note that this is done by the signer where it uses outputs of
+/// phase 1 and 2 and these outputs should not be sent to the user. Only this share needs to be sent.
 #[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
 pub struct BBSSignatureShare<E: Pairing> {
     pub id: ParticipantId,

bbs_plus/src/threshold/threshold_bbs_plus.rs

@@ -36,7 +36,8 @@ pub struct Phase1Output<F: PrimeField> {
 }
 
 /// A share of the BBS+ signature created by one signer. A client will aggregate many such shares to
-/// create the final signature.
+/// create the final signature. Note that this is done by the signer where it uses outputs of
+/// phase 1 and 2 and these outputs should not be sent to the user. Only this share needs to be sent.
 #[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
 pub struct BBSPlusSignatureShare<E: Pairing> {
     pub id: ParticipantId,

compressed_sigma/src/utils.rs

@@ -1,10 +1,11 @@
+#![allow(unused)]
+
+use crate::transforms::{Homomorphism, LinearForm};
 use ark_ec::{AffineRepr, CurveGroup};
 use ark_ff::PrimeField;
 use ark_std::{vec, vec::Vec};
 use dock_crypto_utils::msm::multiply_field_elems_with_same_group_elem;
 
-use crate::transforms::{Homomorphism, LinearForm};
-
 /// Pad given homomorphisms such that all have the same size after padding
 pub fn pad_homomorphisms_to_have_same_size<
     G: AffineRepr,

kvac/src/bbs_sharp/README.md

@@ -1,3 +1,5 @@
+# BBS# (called BBS sharp)
+
 BBS# as described [here](https://github.com/user-attachments/files/15905230/BBS_Sharp_Short_TR.pdf)
 
 This assumes that the messages/attributes have already been prepared before signing, i.e. attributes are hashed

kvac/src/bbs_sharp/mod.rs

@@ -1,3 +1,5 @@
+//! # BBS# (called BBS sharp)
+//!
 //! BBS# as described [here](https://github.com/user-attachments/files/15905230/BBS_Sharp_Short_TR.pdf)
 //!
 //! This assumes that the messages/attributes have already been prepared before signing, i.e. attributes are hashed

kvac/src/lib.rs

@@ -12,6 +12,8 @@
 //! are not shared with the issuer. This lets us build for a use-case where issuer wants to allow anytime its issued credential is used
 //! (eg. to get paid by the verifier) while still not harming the user's privacy as it doesn't learn any revealed attributes. The first
 //! verifier, i.e. the issuer can also provide a proof of validity or invalidity to the second verifier.
+//!
+//! Implements BBS# (called BBS sharp) [here](./src/bbs_sharp)
 
 pub mod bbdt_2016;
 pub mod bbs_sharp;

legogroth16/Cargo.toml

@@ -23,7 +23,7 @@ ark-r1cs-std = { workspace = true, optional = true }
 tracing = { version = "0.1", default-features = false, features = [ "attributes" ], optional = true }
 derivative = { version = "2.0", features = ["use_core"], optional = true }
 rayon = { workspace = true, optional = true }
-wasmer = { version = "5.0.0", optional = true, default-features = false }
+wasmer = { version = "5.0.2", optional = true, default-features = false }
 fnv = { version = "1.0.3", default-features = false, optional = true }
 num-bigint = { version = "0.4", default-features = false, optional = true }
 log = "0.4"
@@ -32,9 +32,8 @@ ark-snark = { version = "^0.4.0", default-features = false, optional = true }
 dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" }
 
 [dev-dependencies]
-csv = { version = "1" }
 ark-bn254 = { version = "^0.4.0", default-features = false, features = ["curve"] }
-ark-bls12-381 = { version = "^0.4.0", default-features = false, features = ["curve"] }
+ark-bls12-381.workspace = true
 ark-bls12-377 = { version = "^0.4.0", default-features = false, features = ["curve"] }
 ark-cp6-782 = { version = "^0.4.0", default-features = false }
 ark-mnt4-298 = { version = "^0.4.0", default-features = false, features = ["r1cs", "curve"] }

oblivious_transfer/Cargo.toml

@@ -19,7 +19,7 @@ serde_with.workspace = true
 zeroize.workspace = true
 cipher = { version = "0.4.4", default-features = false, features = ["alloc"] }
 rayon = {workspace = true, optional = true}
-sha3 = { version = "0.10.6", default-features = false }
+sha3.workspace = true
 aes = { version = "0.8.2", default-features = false }
 itertools.workspace = true
 byteorder = { version = "1.4", default-features = false }
@@ -38,5 +38,5 @@ cc = "1.0.77"
 
 [features]
 default = [ "parallel"]
-std = [ "ark-ff/std", "ark-ec/std", "ark-std/std", "ark-serialize/std", "serde/std"]
-parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "ark-std/parallel", "rayon"]
+std = [ "ark-ff/std", "ark-ec/std", "ark-std/std", "ark-serialize/std", "serde/std", "dock_crypto_utils/std", "schnorr_pok/std"]
+parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "ark-std/parallel", "rayon", "dock_crypto_utils/parallel", "schnorr_pok/parallel"]

proof_system/Cargo.toml

@@ -25,8 +25,8 @@ ark-r1cs-std.workspace = true
 ark-relations.workspace = true
 zeroize.workspace = true
 itertools.workspace = true
-aead = {version = "0.5.2", default-features = false, features = [ "alloc" ]}
 chacha20poly1305 = {version = "0.10.1", default-features = false}
+sha3.workspace = true
 bbs_plus = { version = "0.22.0", default-features = false, path = "../bbs_plus" }
 schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" }
 vb_accumulator = { version = "0.26.0", default-features = false, path = "../vb_accumulator" }
@@ -40,7 +40,6 @@ smc_range_proof = { version = "0.6.0", default-features = false, path = "../smc_
 short_group_sig = { version = "0.4.0", default-features = false, path = "../short_group_sig" }
 kvac = { version = "0.5.0", default-features = false, path = "../kvac" }
 verifiable_encryption = { version = "0.1.0", default-features = false, path = "../verifiable_encryption" }
-sha3 = { version = "0.10.6", default-features = false }
 
 [dev-dependencies]
 ark-bls12-381.workspace = true
@@ -51,7 +50,7 @@ test_utils = { default-features = false, path = "../test_utils" }
 
 [features]
 default = ["parallel"]
-std = ["ark-ff/std", "ark-ec/std", "ark-std/std", "ark-serialize/std", "schnorr_pok/std", "dock_crypto_utils/std", "serde/std", "saver/std", "ark-groth16/std", "legogroth16/std", "ark-r1cs-std/std", "ark-relations/std", "merlin/std", "coconut-crypto/std", "bulletproofs_plus_plus/std", "smc_range_proof/std", "short_group_sig/std", "kvac/std", "verifiable_encryption/std"]
+std = ["ark-ff/std", "ark-ec/std", "ark-std/std", "ark-serialize/std", "schnorr_pok/std", "dock_crypto_utils/std", "serde/std", "saver/std", "ark-groth16/std", "legogroth16/std", "ark-r1cs-std/std", "ark-relations/std", "merlin/std", "bbs_plus/std", "vb_accumulator/std", "coconut-crypto/std", "bulletproofs_plus_plus/std", "smc_range_proof/std", "short_group_sig/std", "kvac/std", "verifiable_encryption/std"]
 print-trace = ["ark-std/print-trace", "schnorr_pok/print-trace", "bbs_plus/print-trace", "vb_accumulator/print-trace", "dock_crypto_utils/print-trace"]
 parallel = ["std", "ark-ff/parallel", "ark-ec/parallel", "ark-std/parallel", "rayon", "schnorr_pok/parallel", "bbs_plus/parallel", "vb_accumulator/parallel", "saver/parallel", "ark-groth16/parallel", "legogroth16/parallel", "ark-r1cs-std/parallel", "dock_crypto_utils/parallel", "coconut-crypto/parallel", "bulletproofs_plus_plus/parallel", "smc_range_proof/parallel", "short_group_sig/parallel", "kvac/parallel", "verifiable_encryption/parallel"]
 wasmer-js = ["legogroth16/wasmer-js"]

proof_system/src/proof_spec.rs

@@ -35,7 +35,7 @@ use saver::prelude::{
 use serde::{Deserialize, Serialize};
 use smc_range_proof::prelude::MemberCommitmentKey;
 
-use crate::prelude::bound_check_smc::{
+use crate::statement::bound_check_smc::{
     SmcParamsAndCommitmentKey, SmcParamsWithPairingAndCommitmentKey,
 };
 use vb_accumulator::{

proof_system/src/setup_params.rs

@@ -7,7 +7,9 @@
 
 use crate::{
     prelude::bound_check_smc::SmcParamsAndCommitmentKey,
-    statement::bound_check_smc_with_kv::SmcParamsAndCommitmentKeyAndSecretKey,
+    statement::bound_check_smc_with_kv::{
+        SmcParamsKVAndCommitmentKey, SmcParamsKVAndCommitmentKeyAndSecretKey,
+    },
 };
 use ark_ec::{pairing::Pairing, AffineRepr};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
@@ -66,7 +68,7 @@ pub enum SetupParams<E: Pairing> {
     BppSetupParams(#[serde_as(as = "ArkObjectBytes")] BppSetupParams<E::G1Affine>),
     SmcParamsAndCommKey(#[serde_as(as = "ArkObjectBytes")] SmcParamsAndCommitmentKey<E>),
     SmcParamsAndCommKeyAndSk(
-        #[serde_as(as = "ArkObjectBytes")] SmcParamsAndCommitmentKeyAndSecretKey<E>,
+        #[serde_as(as = "ArkObjectBytes")] SmcParamsKVAndCommitmentKeyAndSecretKey<E::G1Affine>,
     ),
     CommitmentKey(#[serde_as(as = "ArkObjectBytes")] PedersenCommitmentKey<E::G1Affine>),
     BBSigProvingKey(ProvingKey<E::G1Affine>),
@@ -75,6 +77,9 @@ pub enum SetupParams<E: Pairing> {
     BBDT16MACParams(MACParams<E::G1Affine>),
     PedersenCommitmentKeyG2(#[serde_as(as = "Vec<ArkObjectBytes>")] Vec<E::G2Affine>),
     CommitmentKeyG2(#[serde_as(as = "ArkObjectBytes")] PedersenCommitmentKey<E::G2Affine>),
+    SmcParamsKVAndCommKey(
+        #[serde_as(as = "ArkObjectBytes")] SmcParamsKVAndCommitmentKey<E::G1Affine>,
+    ),
     ElgamalEncryption(ElgamalEncryptionParams<E::G1Affine>),
 }
 
@@ -112,6 +117,7 @@ macro_rules! delegate {
                 BBDT16MACParams,
                 PedersenCommitmentKeyG2,
                 CommitmentKeyG2,
+                SmcParamsKVAndCommKey,
                 ElgamalEncryption
             : $($tt)+
         }
@@ -152,6 +158,7 @@ macro_rules! delegate_reverse {
                 BBDT16MACParams,
                 PedersenCommitmentKeyG2,
                 CommitmentKeyG2,
+                SmcParamsKVAndCommKey,
                 ElgamalEncryption
             : $($tt)+
         }

proof_system/src/statement/bound_check_smc.rs

@@ -12,7 +12,7 @@ use smc_range_proof::prelude::{
 use crate::setup_params::SetupParams;
 use dock_crypto_utils::serde_utils::ArkObjectBytes;
 
-/// For ease of use, keeping setup params together but they could be generated independently
+/// For ease of use, keeping setup params together, but they could be generated independently
 #[serde_as]
 #[derive(
     Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize, Serialize, Deserialize,