Upgrade wasmer version and add docs

Signed-off-by: lovesh <[email protected]>

README.md

@@ -11,7 +11,7 @@ Library providing privacy enhancing cryptographic primitives.
 1. [Schnorr proof of knowledge protocol](./schnorr_pok) to prove knowledge of discrete log and inequality of discrete logs. [This](https://crypto.stanford.edu/cs355/19sp/lec5.pdf) is a good reference. 
 2. [BBS and BBS+ signatures](./bbs_plus) for anonymous credentials. BBS+ is based on the paper [Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited](https://eprint.iacr.org/2016/663) and 
    BBS is based on the paper [Revisiting BBS Signatures](https://eprint.iacr.org/2023/275). Also implements the threshold variants of these based on the paper [Threshold BBS+ Signatures for Distributed Anonymous Credential Issuance](https://eprint.iacr.org/2023/602)
-3. [Dynamic accumulators, both positive and universal](./vb_accumulator). Based on the papers [Dynamic Universal Accumulator with Batch Update over Bilinear Groups](https://eprint.iacr.org/2020/777) and [Efficient Constructions of Pairing Based Accumulators](https://eprint.iacr.org/2021/638)
+3. [Dynamic accumulators, both positive and universal](./vb_accumulator). Based on the papers [Dynamic Universal Accumulator with Batch Update over Bilinear Groups](https://eprint.iacr.org/2020/777) and [Efficient Constructions of Pairing Based Accumulators](https://eprint.iacr.org/2021/638). Implements a keyed-verification variant of these accumulators as well which does not require pairings.
 4. [Composite proof system](./proof_system) that combines above primitives for use cases like 
    - prove knowledge of a BBS+ signature and the corresponding messages
    - prove knowledge of a modified PS signature and the corresponding messages
@@ -29,6 +29,7 @@ Library providing privacy enhancing cryptographic primitives.
 10. [Oblivious Transfer (OT) and Oblivious Transfer Extensions (OTE)](./oblivious_transfer).
 11. [Short group signatures](./short_group_sig/). BB signature and weak-BB signature and their proofs of knowledge based on the papers [Short Signatures Without Random Oracles](https://eprint.iacr.org/2004/171) and [Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs](http://library.usc.edu.ph/ACM/SIGSAC%202017/wpes/p123.pdf).
 12. [Keyed-Verification Anonymous Credentials (KVAC)](./kvac). Implements Keyed-Verification Anonymous Credentials (KVAC) schemes.
+13. [SyRA](./syra). Implements sybil resilient signatures to be used for generating pseudonyms for low-entropy credential attributes.
 
 ## Composite proof system
 

legogroth16/Cargo.toml

@@ -23,7 +23,7 @@ ark-r1cs-std = { workspace = true, optional = true }
 tracing = { version = "0.1", default-features = false, features = [ "attributes" ], optional = true }
 derivative = { version = "2.0", features = ["use_core"], optional = true }
 rayon = { workspace = true, optional = true }
-wasmer = { version = "3.3.0", optional = true, default-features = false }
+wasmer = { version = "4.3.6", optional = true, default-features = false }
 fnv = { version = "1.0.3", default-features = false, optional = true }
 num-bigint = { version = "0.4", default-features = false, optional = true }
 log = "0.4"

saver/src/saver_groth16.rs

@@ -319,9 +319,12 @@ mod tests {
 
             println!("For chunk_bit_size {}, encryption key has compressed size {} and uncompressed size {}", chunk_bit_size, ek.compressed_size(), ek.uncompressed_size());
 
+            let start = Instant::now();
             let (ct, r) =
                 Encryption::encrypt_decomposed_message(&mut rng, msgs.clone(), &ek, g_i).unwrap();
+            println!("Time taken to encrypt: {:?}", start.elapsed());
 
+            let start = Instant::now();
             let (m_, _) = Encryption::decrypt_to_chunks(
                 &ct[0],
                 &ct[1..n as usize + 1],
@@ -331,6 +334,7 @@ mod tests {
                 chunk_bit_size,
             )
             .unwrap();
+            println!("Time taken to decrypt: {:?}", start.elapsed());
 
             assert_eq!(m_, msgs);
 

syra/src/pseudonym.rs

@@ -129,7 +129,7 @@ pub struct PseudonymProof<E: Pairing> {
 }
 
 impl<E: Pairing> PseudonymGenProtocol<E> {
-    /// `Z` is the context (ctx, msg) pair mapped (hashed) to a group element
+    /// `Z` is the context ctx mapped (hashed) to a group element
     /// `s` is the user-id which was the message in the VRF and `blinding` is the randomness used for `s` in the Schnorr protocol.
     /// This will be set by the caller when this is used in conjunction with another Schnorr protocol and `s` has to be
     /// proved equal to the witness.
@@ -441,10 +441,11 @@ mod tests {
         // Verifier gives message and context to user
         let context = b"test-context";
         let msg = b"test-message";
-        let mut pair = vec![];
-        pair.extend_from_slice(context);
-        pair.extend_from_slice(msg);
-        let Z = affine_group_elem_from_try_and_incr::<G1Affine, Blake2b512>(&pair);
+
+        // Generate Z from context
+        let mut Z_bytes = vec![];
+        Z_bytes.extend_from_slice(context);
+        let Z = affine_group_elem_from_try_and_incr::<G1Affine, Blake2b512>(&Z_bytes);
 
         // User generates a pseudonym
         let start = Instant::now();
@@ -461,6 +462,8 @@ mod tests {
         protocol
             .challenge_contribution(&Z, &mut chal_bytes)
             .unwrap();
+        // Add message to the transcript (message contributes to challenge)
+        chal_bytes.extend_from_slice(msg);
         let challenge_prover = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
         let proof = protocol.gen_proof(&challenge_prover);
         println!("Time to create proof {:?}", start.elapsed());
@@ -469,6 +472,8 @@ mod tests {
         let start = Instant::now();
         let mut chal_bytes = vec![];
         proof.challenge_contribution(&Z, &mut chal_bytes).unwrap();
+        // Add message to the transcript (message contributes to challenge)
+        chal_bytes.extend_from_slice(msg);
         let challenge_verifier = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
         proof
             .verify(&challenge_verifier, Z, prepared_ipk.clone(), params.clone())

syra/src/setup.rs

@@ -61,7 +61,8 @@ pub struct IssuerPublicKey<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub vk: E::G2Affine,
     // NOTE: w and w_hat don't need to be part of the issuer's public key. These could be agreed upon between each
-    // pair of user and verifier and chosen such that they are random (hash string to group)
+    // pair of user and verifier and chosen such that they are random (hash string to group).
+    // Or they could be made part of setup params by generating them transparently (hashing public strings to group elements).
     #[serde_as(as = "ArkObjectBytes")]
     pub w: E::G1Affine,
     #[serde_as(as = "ArkObjectBytes")]
@@ -73,7 +74,8 @@ pub struct IssuerPublicKey<E: Pairing> {
 pub struct PreparedIssuerPublicKey<E: Pairing> {
     pub vk: E::G2Affine,
     // NOTE: w and w_hat don't need to be part of the issuer's public key. These could be agreed upon between each
-    // pair of user and verifier and chosen such that they are random (hash string to group)
+    // pair of user and verifier and chosen such that they are random (hash string to group).
+    // Or they could be made part of setup params by generating them transparently (hashing public strings to group elements).
     pub w: E::G1Affine,
     pub w_hat: E::G2Affine,
     pub vk_prepared: E::G2Prepared,