Skip to content

Commit

Permalink
KB accumulator and misc. other improvements
Browse files Browse the repository at this point in the history
Signed-off-by: lovesh <[email protected]>
  • Loading branch information
lovesh committed Jan 4, 2024
1 parent 25b7339 commit e3b170a
Show file tree
Hide file tree
Showing 101 changed files with 11,936 additions and 1,012 deletions.
3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ members = [
"kvac",
"merlin",
"bulletproofs_plus_plus",
"smc_range_proof"
"smc_range_proof",
"short_group_sig"
]
resolver = "2"

Expand Down
2 changes: 0 additions & 2 deletions bbs_plus/src/proof.rs
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,10 @@ pub struct PoKOfSignatureG1Protocol<E: Pairing> {
#[serde_as(as = "ArkObjectBytes")]
pub d: E::G1Affine,
/// For proving relation `A_bar - d = A_prime * -e + h_0 * r2`
#[zeroize(skip)]
pub sc_comm_1: SchnorrCommitment<E::G1Affine>,
#[serde_as(as = "(ArkObjectBytes, ArkObjectBytes)")]
sc_wits_1: (E::ScalarField, E::ScalarField),
/// For proving relation `g1 + \sum_{i in D}(h_i*m_i)` = `d*r3 + {h_0}*{-s'} + sum_{j notin D}(h_j*m_j)`
#[zeroize(skip)]
pub sc_comm_2: SchnorrCommitment<E::G1Affine>,
#[serde_as(as = "Vec<ArkObjectBytes>")]
sc_wits_2: Vec<E::ScalarField>,
Expand Down
1 change: 0 additions & 1 deletion bbs_plus/src/proof_23.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ pub struct PoKOfSignature23G1Protocol<E: Pairing> {
#[serde_as(as = "ArkObjectBytes")]
pub B_bar: E::G1Affine,
/// For proving relation `g1 + \sum_{i in D}(h_i*m_i)` = `sum_{j notin D}(h_j*m_j)`
#[zeroize(skip)]
pub sc_comm: SchnorrCommitment<E::G1Affine>,
#[serde_as(as = "Vec<ArkObjectBytes>")]
sc_wits: Vec<E::ScalarField>,
Expand Down
1 change: 0 additions & 1 deletion bbs_plus/src/proof_23_cdl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ pub struct PoKOfSignature23G1Protocol<E: Pairing> {
#[serde_as(as = "(ArkObjectBytes, ArkObjectBytes)")]
sc_wits_1: (E::ScalarField, E::ScalarField),
/// For proving relation `g1 + \sum_{i in D}(h_i*m_i)` = `d*r3 + sum_{j notin D}(h_j*m_j)`
#[zeroize(skip)]
pub sc_comm_2: SchnorrCommitment<E::G1Affine>,
#[serde_as(as = "Vec<ArkObjectBytes>")]
sc_wits_2: Vec<E::ScalarField>,
Expand Down
9 changes: 5 additions & 4 deletions bbs_plus/src/threshold/multiplication_phase.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use ark_std::{
vec::Vec,
};
use digest::DynDigest;
use dock_crypto_utils::transcript::Merlin;
use dock_crypto_utils::transcript::MerlinTranscript;
use itertools::interleave;
use oblivious_transfer_protocols::{
ot_based_multiplication::{
Expand All @@ -29,7 +29,7 @@ pub struct Phase2<F: PrimeField, const KAPPA: u16, const STATISTICAL_SECURITY_PA
/// Number of threshold signatures being generated in a single batch.
pub batch_size: u32,
/// Transcripts to record protocol interactions with each participant and later used to generate random challenges
pub transcripts: BTreeMap<ParticipantId, Merlin>,
pub transcripts: BTreeMap<ParticipantId, MerlinTranscript>,
pub ote_params: MultiplicationOTEParams<KAPPA, STATISTICAL_SECURITY_PARAMETER>,
/// Map where this participant plays the role of sender, i.e Party1
pub multiplication_party1:
Expand Down Expand Up @@ -71,7 +71,7 @@ impl<F: PrimeField, const KAPPA: u16, const STATISTICAL_SECURITY_PARAMETER: u16>
assert_eq!(masked_signing_key_share.len(), masked_r.len());
let batch_size = masked_signing_key_share.len() as u32;

let mut transcripts = BTreeMap::<ParticipantId, Merlin>::new();
let mut transcripts = BTreeMap::<ParticipantId, MerlinTranscript>::new();
let mut multiplication_party1 =
BTreeMap::<ParticipantId, Party1<F, KAPPA, STATISTICAL_SECURITY_PARAMETER>>::new();
let mut multiplication_party2 =
Expand All @@ -86,7 +86,8 @@ impl<F: PrimeField, const KAPPA: u16, const STATISTICAL_SECURITY_PARAMETER: u16>
interleave(masked_r.clone(), masked_signing_key_share.clone()).collect::<Vec<_>>();

for other in others {
let mut trans = Merlin::new(b"Multiplication phase for threshold BBS and BBS+");
let mut trans =
MerlinTranscript::new(b"Multiplication phase for threshold BBS and BBS+");
if id > other {
if let Some((base_ot_choices, base_ot_keys)) =
base_ot_output.receiver.remove(&other)
Expand Down
57 changes: 38 additions & 19 deletions bulletproofs_plus_plus/src/range_proof_arbitrary_range.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,28 @@ impl<G: AffineRepr> ProofArbitraryRange<G> {
setup_params: SetupParams<G>,
transcript: &mut impl Transcript,
) -> Result<Self, BulletproofsPlusPlusError> {
let (V, v) =
Self::compute_commitments_and_values(values_and_bounds, &randomness, &setup_params)?;
let prover = Prover::new_with_given_base(base, num_bits, V.clone(), v, randomness)?;
let proof = prover.prove(rng, setup_params, transcript)?;
Ok(Self { V, proof })
}

pub fn verify(
&self,
num_bits: u16,
setup_params: &SetupParams<G>,
transcript: &mut impl Transcript,
) -> Result<(), BulletproofsPlusPlusError> {
self.proof
.verify(num_bits, &self.V, setup_params, transcript)
}

pub fn compute_commitments_and_values(
values_and_bounds: Vec<(u64, u64, u64)>,
randomness: &[G::ScalarField],
setup_params: &SetupParams<G>,
) -> Result<(Vec<G>, Vec<u64>), BulletproofsPlusPlusError> {
if values_and_bounds.len() * 2 != randomness.len() {
return Err(BulletproofsPlusPlusError::UnexpectedLengthOfVectors(
format!(
Expand Down Expand Up @@ -85,19 +107,7 @@ impl<G: AffineRepr> ProofArbitraryRange<G> {
v.push(v_i - min);
v.push(max - 1 - v_i);
}
let prover = Prover::new_with_given_base(base, num_bits, V.clone(), v, randomness)?;
let proof = prover.prove(rng, setup_params, transcript)?;
Ok(Self { V, proof })
}

pub fn verify(
&self,
num_bits: u16,
setup_params: &SetupParams<G>,
transcript: &mut impl Transcript,
) -> Result<(), BulletproofsPlusPlusError> {
self.proof
.verify(num_bits, &self.V, setup_params, transcript)
Ok((V, v))
}

pub fn num_proofs(&self) -> u32 {
Expand Down Expand Up @@ -134,9 +144,17 @@ impl<G: AffineRepr> ProofArbitraryRange<G> {
self.num_proofs() as usize,
));
}
let table = WindowTable::new(self.num_proofs() as usize * 2, g.into_group());
let mut comms = Vec::with_capacity(self.num_proofs() as usize);
for i in (0..self.V.len()).step_by(2) {
Self::get_commitments_to_values_given_transformed_commitments_and_g(&self.V, bounds, g)
}

pub fn get_commitments_to_values_given_transformed_commitments_and_g(
transformed_comms: &[G],
bounds: Vec<(u64, u64)>,
g: &G,
) -> Result<Vec<(G, G)>, BulletproofsPlusPlusError> {
let table = WindowTable::new(transformed_comms.len(), g.into_group());
let mut comms = Vec::with_capacity(transformed_comms.len() / 2);
for i in (0..transformed_comms.len()).step_by(2) {
let (min, max) = (bounds[i / 2].0, bounds[i / 2].1);
if max <= min {
return Err(BulletproofsPlusPlusError::IncorrectBounds(format!(
Expand All @@ -145,10 +163,11 @@ impl<G: AffineRepr> ProofArbitraryRange<G> {
)));
}
// `V[i]` is a commitment to `value - min` and `V[i+1]` is a commitment to `max - 1 - value`. Generate commitments
// to value by `V[i] + g * min` and `g * (max - 1) - V[i+1]`
// to `value` by `V[i] + g * min` and `g * (max - 1) - V[i+1]`
comms.push((
(self.V[i] + table.multiply(&G::ScalarField::from(min))).into_affine(),
(table.multiply(&G::ScalarField::from(max - 1)) - self.V[i + 1]).into_affine(),
(transformed_comms[i] + table.multiply(&G::ScalarField::from(min))).into_affine(),
(table.multiply(&G::ScalarField::from(max - 1)) - transformed_comms[i + 1])
.into_affine(),
));
}
Ok(comms)
Expand Down
10 changes: 7 additions & 3 deletions coconut/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
# Coconut
<!-- cargo-rdme start -->

- Threshold anonymous credentials
- Based on the paper [Security Analysis of Coconut, an Attribute-Based Credential Scheme with Threshold Issuance](https://eprint.iacr.org/2022/011)
# Threshold anonymous credentials using Coconut

- Based on the paper [Security Analysis of Coconut, an Attribute-Based Credential Scheme with Threshold Issuance](https://eprint.iacr.org/2022/011).
- Contains a modified implementation of PS (Pointcheval-Sanders) signature, as described in the above paper.

<!-- cargo-rdme end -->
10 changes: 1 addition & 9 deletions coconut/src/helpers/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,8 @@ use schnorr_pok::error::SchnorrError;
pub mod with_schnorr_and_blindings;
pub mod with_schnorr_response;

pub use iter::*;
pub use try_iter::*;
pub use utils::{
aliases::*,
extend_some::*,
iter::{self, *},
misc::*,
owned_pairs::*,
pairs::*,
try_iter::{self, *},
aliases::*, extend_some::*, iter::*, misc::*, owned_pairs::*, pairs::*, try_iter::*,
};
pub use with_schnorr_and_blindings::*;
pub use with_schnorr_response::*;
Expand Down
5 changes: 4 additions & 1 deletion coconut/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
//! Threshold anonymous credentials based on the paper [Security Analysis of Coconut, an Attribute-Based Credential Scheme with Threshold Issuance](https://eprint.iacr.org/2022/011).
//! # Threshold anonymous credentials using Coconut
//!
//! - Based on the paper [Security Analysis of Coconut, an Attribute-Based Credential Scheme with Threshold Issuance](https://eprint.iacr.org/2022/011).
//! - Contains a modified implementation of PS (Pointcheval-Sanders) signature, as described in the above paper.
#![cfg_attr(not(feature = "std"), no_std)]

Expand Down
4 changes: 2 additions & 2 deletions coconut/src/setup/keypair/secret.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ pub struct SecretKey<F: PrimeField> {
}

impl<F: PrimeField> SecretKey<F> {
pub const X_SALT: &[u8] = b"PS-SIG-X-KEYGEN-SALT";
pub const Y_SALT: &[u8] = b"PS-SIG-Y-KEYGEN-SALT";
pub const X_SALT: &'static [u8] = b"PS-SIG-X-KEYGEN-SALT";
pub const Y_SALT: &'static [u8] = b"PS-SIG-Y-KEYGEN-SALT";

/// Generates random secret key compatible with `message_count` messages.
pub fn rand<R: RngCore>(rng: &mut R, message_count: u32) -> Self {
Expand Down
1 change: 1 addition & 0 deletions delegatable_credentials/src/auditor.rs
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ pub struct Ciphertext<E: Pairing> {
}

impl<E: Pairing> Ciphertext<E> {
/// Returns the ciphertext and randomness created for encryption
pub fn new<R: RngCore>(
rng: &mut R,
upk: &E::G1Affine,
Expand Down
2 changes: 1 addition & 1 deletion delegatable_credentials/src/protego/show/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -432,7 +432,7 @@ pub fn show(
println!("Show time: {:?}", show_time);
println!("Verify time: {:?}", verify_time);
}
_ => panic!("this should never happen"),
_ => unreachable!(),
}
}

Expand Down
2 changes: 0 additions & 2 deletions legogroth16/tests/mimc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
variant_size_differences,
stable_features,
non_shorthand_field_patterns,
renamed_and_removed_lints,
private_in_public,
unsafe_code
)]

Expand Down
4 changes: 2 additions & 2 deletions merlin/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "dock_merlin"
version = "2.0.0"
version = "3.0.0"
authors = ["Henry de Valence <[email protected]>"]
edition = "2018"
readme = "README.md"
Expand Down Expand Up @@ -28,7 +28,7 @@ rand_core = { version = "0.6", default-features = false }
hex = {version = "0.4.3", default-features = false, optional = true}

[dev-dependencies]
strobe-rs = "0.5"
strobe-rs = "0.8.1"
curve25519-dalek = { version = "4", package = "curve25519-dalek-ng" }
rand_chacha = "0.3"

Expand Down
8 changes: 8 additions & 0 deletions merlin/src/transcript.rs
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,10 @@ impl Transcript {
/// Protocols](https://merlin.cool/use/protocol.html) section of
/// the Merlin website for details on labels.
pub fn append_message(&mut self, label: &'static [u8], message: &[u8]) {
self.append_message_with_non_static_label(label, message)
}

pub fn append_message_with_non_static_label(&mut self, label: &[u8], message: &[u8]) {
let data_len = encode_usize_as_u32(message.len());
self.strobe.meta_ad(label, false);
self.strobe.meta_ad(&data_len, true);
Expand Down Expand Up @@ -176,6 +180,10 @@ impl Transcript {
/// Protocols](https://merlin.cool/use/protocol.html) section of
/// the Merlin website for details on labels.
pub fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]) {
self.challenge_bytes_with_non_static_label(label, dest)
}

pub fn challenge_bytes_with_non_static_label(&mut self, label: &[u8], dest: &mut [u8]) {
let data_len = encode_usize_as_u32(dest.len());
self.strobe.meta_ad(label, false);
self.strobe.meta_ad(&data_len, true);
Expand Down
4 changes: 3 additions & 1 deletion proof_system/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,13 @@ ark-r1cs-std.workspace = true
ark-relations.workspace = true
zeroize.workspace = true
coconut-crypto = { version = "0.7.0", default-features = false, path = "../coconut" }
merlin = { package = "dock_merlin", version = "2.0", default-features = false, path = "../merlin" }
merlin = { package = "dock_merlin", version = "3.0.0", default-features = false, path = "../merlin" }
legogroth16 = { version = "0.11.0", default-features = false, features = ["circom", "aggregation"], path = "../legogroth16" }
bulletproofs_plus_plus = { version = "0.2.0", default-features = false, path = "../bulletproofs_plus_plus" }
smc_range_proof = { version = "0.2.0", default-features = false, path = "../smc_range_proof" }
itertools.workspace = true
aead = {version = "0.5.2", default-features = false, features = [ "alloc" ]}
chacha20poly1305 = {version = "0.10.1", default-features = false}

[dev-dependencies]
ark-bls12-381.workspace = true
Expand Down
8 changes: 8 additions & 0 deletions proof_system/src/constants.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
pub const COMPOSITE_PROOF_LABEL: &'static [u8; 15] = b"composite-proof";
pub const COMPOSITE_PROOF_CHALLENGE_LABEL: &'static [u8; 25] = b"composite-proof-challenge";
pub const NONCE_LABEL: &'static [u8; 5] = b"nonce";
pub const CONTEXT_LABEL: &'static [u8; 7] = b"context";
pub const BBS_PLUS_LABEL: &'static [u8; 4] = b"BBS+";
pub const BBS_23_LABEL: &'static [u8; 5] = b"BBS23";
pub const VB_ACCUM_MEM_LABEL: &'static [u8; 25] = b"VB-accumulator-membership";
pub const VB_ACCUM_NON_MEM_LABEL: &'static [u8; 29] = b"VB-accumulator-non-membership";
27 changes: 20 additions & 7 deletions proof_system/src/error.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
use ark_serialize::SerializationError;
use ark_std::{collections::BTreeSet, fmt::Debug, string::String, vec::Vec};
use bbs_plus::error::BBSPlusError;
use bulletproofs_plus_plus::error::BulletproofsPlusPlusError;
use dock_crypto_utils::try_iter::InvalidPair;
use legogroth16::{circom::CircomError, error::Error as LegoGroth16Error};
use saver::error::SaverError;
use schnorr_pok::error::SchnorrError;
use smc_range_proof::prelude::SmcRangeProofError;
use vb_accumulator::error::VBAccumulatorError;

#[derive(Debug)]
Expand All @@ -31,7 +33,7 @@ pub enum ProofSystemError {
SubProtocolAlreadyInitialized(usize),
SubProtocolNotReadyToGenerateProof(usize),
InvalidSetupParamsIndex(usize),
TooManyCifertexts(usize),
TooManyCiphertexts(usize),
NeitherParamsNorRefGiven(usize),
IncompatibleBBSPlusSetupParamAtIndex(usize),
IncompatiblePSSetupParamAtIndex(usize),
Expand Down Expand Up @@ -86,9 +88,20 @@ pub enum ProofSystemError {
UnsupportedValue(String),
/// For an arbitrary range proof, the response of both Schnorr protocols should be same
DifferentResponsesForSchnorrProtocolInBpp(usize),
BulletproofsPlusPlus(bulletproofs_plus_plus::prelude::BulletproofsPlusPlusError),
SetMembershipBasedRangeProof(smc_range_proof::prelude::SmcRangeProofError),
BulletproofsPlusPlus(BulletproofsPlusPlusError),
SetMembershipBasedRangeProof(SmcRangeProofError),
SmcParamsNotProvided,
SchnorrProofContributionFailed(u32, SchnorrError),
BBSPlusProofContributionFailed(u32, BBSPlusError),
BBSProofContributionFailed(u32, BBSPlusError),
VBAccumProofContributionFailed(u32, VBAccumulatorError),
SaverProofContributionFailed(u32, SaverError),
LegoSnarkProofContributionFailed(u32, LegoGroth16Error),
PSProofContributionFailed(u32, coconut_crypto::SignaturePoKError),
BulletproofsPlusPlusProofContributionFailed(u32, BulletproofsPlusPlusError),
SmcRangeProofContributionFailed(u32, SmcRangeProofError),
DetachedVBAccumProofContributionFailed(u32, VBAccumulatorError),
IncorrectEncryptedAccumulator,
}

impl From<SchnorrError> for ProofSystemError {
Expand Down Expand Up @@ -139,14 +152,14 @@ impl From<coconut_crypto::SignaturePoKError> for ProofSystemError {
}
}

impl From<bulletproofs_plus_plus::prelude::BulletproofsPlusPlusError> for ProofSystemError {
fn from(e: bulletproofs_plus_plus::prelude::BulletproofsPlusPlusError) -> Self {
impl From<BulletproofsPlusPlusError> for ProofSystemError {
fn from(e: BulletproofsPlusPlusError) -> Self {
Self::BulletproofsPlusPlus(e)
}
}

impl From<smc_range_proof::prelude::SmcRangeProofError> for ProofSystemError {
fn from(e: smc_range_proof::prelude::SmcRangeProofError) -> Self {
impl From<SmcRangeProofError> for ProofSystemError {
fn from(e: SmcRangeProofError) -> Self {
Self::SetMembershipBasedRangeProof(e)
}
}
1 change: 1 addition & 0 deletions proof_system/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ extern crate core;
pub mod setup_params;
#[macro_use]
mod derived_params;
mod constants;
pub mod error;
mod macros;
pub mod meta_statement;
Expand Down
2 changes: 0 additions & 2 deletions proof_system/src/meta_statement.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ use ark_std::{
};
use serde::{Deserialize, Serialize};

pub use serialization::*;

/// Reference to a witness described as the tuple (`statement_id`, `witness_id`)
pub type WitnessRef = (usize, usize);

Expand Down
3 changes: 1 addition & 2 deletions proof_system/src/proof.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ pub struct AggregatedGroth16<E: Pairing> {
#[serde(bound = "")]
pub struct Proof<E: Pairing, G: AffineRepr> {
pub statement_proofs: Vec<StatementProof<E, G>>,
pub nonce: Option<Vec<u8>>,
// TODO: Remove this skip
#[serde(skip)]
pub aggregated_groth16: Option<Vec<AggregatedGroth16<E>>>,
Expand All @@ -27,7 +26,7 @@ pub struct Proof<E: Pairing, G: AffineRepr> {

impl<E: Pairing, G: AffineRepr> PartialEq for Proof<E, G> {
fn eq(&self, other: &Self) -> bool {
(self.statement_proofs == other.statement_proofs) && (self.nonce == other.nonce)
self.statement_proofs == other.statement_proofs
// TODO: Add remaining
}
}
Loading

0 comments on commit e3b170a

Please sign in to comment.