From 73aeac28965f8e3c05fae07d0545f717c1efe760 Mon Sep 17 00:00:00 2001 From: gogoex <110195520+gogoex@users.noreply.github.com> Date: Sat, 23 Mar 2024 08:02:32 +0900 Subject: [PATCH 1/2] use the same salt_str for generator deriver in range proof and set mem proof. swap g and h generators in set mem proof to make it work with range proof --- src/blsct/range_proof/generators.cpp | 10 +- src/blsct/range_proof/generators.h | 8 +- .../set_mem_proof/set_mem_proof_prover.cpp | 15 ++- src/blsct/set_mem_proof/set_mem_proof_setup.h | 2 +- .../set_mem_proof_prover_tests.cpp | 109 ++++++++++++++++-- 5 files changed, 120 insertions(+), 24 deletions(-) diff --git a/src/blsct/range_proof/generators.cpp b/src/blsct/range_proof/generators.cpp index 1d15d79ec55cd..77b3e6fc54c91 100644 --- a/src/blsct/range_proof/generators.cpp +++ b/src/blsct/range_proof/generators.cpp @@ -65,13 +65,13 @@ range_proof::Generators range_proof::GeneratorsFactory::GetInstance(const using Point = typename T::Point; // if G for the given seed hasn't been created, create and cache it - if (GeneratorsFactory::m_G_cache.count(seed) == 0) { - const Point G = m_deriver.Derive(GeneratorsFactory::m_H, 0, seed); - GeneratorsFactory::m_G_cache.emplace(seed, G); + if (m_G_cache.count(seed) == 0) { + const Point G = m_deriver.Derive(m_H, 0, seed); + m_G_cache.emplace(seed, G); } - Point G = GeneratorsFactory::m_G_cache[seed]; + Point G = m_G_cache[seed]; - Generators gens(m_H, G, m_Gi, m_Hi); + Generators gens(G, m_H, m_Gi, m_Hi); return gens; } template range_proof::Generators range_proof::GeneratorsFactory::GetInstance(const Seed&) const; diff --git a/src/blsct/range_proof/generators.h b/src/blsct/range_proof/generators.h index 58cad4c7fb4e4..73e33e2e9059b 100644 --- a/src/blsct/range_proof/generators.h +++ b/src/blsct/range_proof/generators.h @@ -21,17 +21,17 @@ struct Generators { public: Generators( - const Point& H, const Point& G, + const Point& H, const Points& Gi, const Points& Hi - ) : H{H}, G{G}, Gi{Gi}, Hi{Hi} {} + ) : G{G}, H{H}, Gi{Gi}, Hi{Hi} {} Points GetGiSubset(const size_t& size) const; Points GetHiSubset(const size_t& size) const; - const Point H; const Point G; + const Point H; const Points Gi; const Points Hi; }; @@ -69,7 +69,7 @@ class GeneratorsFactory private: inline const static GeneratorDeriver m_deriver = - GeneratorDeriver("bulletproofs"); + GeneratorDeriver("proof-of-stake"); // G generators are cached inline static std::map m_G_cache; diff --git a/src/blsct/set_mem_proof/set_mem_proof_prover.cpp b/src/blsct/set_mem_proof/set_mem_proof_prover.cpp index 34f1056bed938..581ac36412775 100644 --- a/src/blsct/set_mem_proof/set_mem_proof_prover.cpp +++ b/src/blsct/set_mem_proof/set_mem_proof_prover.cpp @@ -143,9 +143,13 @@ SetMemProof SetMemProofProver::Prove( // Commit 1 Point h2 = setup.H5(Ys.GetVch()); + auto gens = setup.Gf().GetInstance(eta_phi); - Point h3 = gens.G; - Point g2 = gens.H; + // generators are swapped to make set mem proof + // work with proof of stake. originally in PoS paper + // h3 = G and g2 = H + Point g2 = gens.G; + Point h3 = gens.H; // generate random scalars Scalar alpha = Scalar::Rand(true); @@ -277,8 +281,11 @@ bool SetMemProofProver::Verify( Point h2 = setup.H5(Ys.GetVch()); auto gens = setup.Gf().GetInstance(eta_phi); - Point h3 = gens.G; - Point g2 = gens.H; + // generators are swapped to make set mem proof + // work with proof of stake. originally in PoS paper + // h3 = G and g2 = H + Point g2 = gens.G; + Point h3 = gens.H; retry: GEN_FIAT_SHAMIR_VAR(y, fiat_shamir, retry); diff --git a/src/blsct/set_mem_proof/set_mem_proof_setup.h b/src/blsct/set_mem_proof/set_mem_proof_setup.h index 6f5a432ffc170..642a46cc473fa 100644 --- a/src/blsct/set_mem_proof/set_mem_proof_setup.h +++ b/src/blsct/set_mem_proof/set_mem_proof_setup.h @@ -55,7 +55,7 @@ class SetMemProofSetup { static Point GenPoint(const std::vector& msg, const uint64_t& i); static Points GenGenerators(const Point& base_point, const size_t& size); - inline static const GeneratorDeriver m_deriver = GeneratorDeriver("set_membership_proof"); + inline static const GeneratorDeriver m_deriver = GeneratorDeriver("proof-of-stake"); inline static range_proof::GeneratorsFactory* m_gf; inline static std::mutex m_init_mutex; diff --git a/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp b/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp index c1d2e9425a0af..aa3add9cc9714 100644 --- a/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp +++ b/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp @@ -2,6 +2,7 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include "blsct/range_proof/bulletproofs/range_proof.h" #define BOOST_UNIT_TEST #include @@ -11,10 +12,15 @@ #include #include #include +#include #include #include #include +using Scalar = Mcl::Scalar; +using Scalars = Elements; +using MsgPair = std::pair>; + BOOST_FIXTURE_TEST_SUITE(set_mem_proof_prover_tests, BasicTestingSetup) using Arith = Mcl; @@ -83,10 +89,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_good_inputs_of_power_of_2) auto y4 = Point::MapToPoint("y4", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points Ys; Ys.Add(y1); @@ -112,10 +120,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_good_inputs_of_non_power_of_2) auto y2 = Point::MapToPoint("y2", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points Ys; Ys.Add(y1); @@ -141,10 +151,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_sigma_not_included) auto y4 = Point::MapToPoint("y4", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points prove_Ys; prove_Ys.Add(y1); @@ -174,6 +186,8 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_sigma_not_included) BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_sigma_generated_from_other_inputs) { auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); // Commitment set includes A=g*f_a+h*m_a, B=g*f_b+h*m_b, and C=g*f_c+h*m_c Scalar m_a = Scalar::Rand(); @@ -202,7 +216,7 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_sigma_generated_from_other_inp // A proof over the membership of D=A+B=g*(f_a+f_b)+h*(m_a+m_b) should be deemed as invalid auto m_d = m_a + m_b; auto f_d = f_a + f_b; - auto D = setup.pedersen.Commit(m_d, f_d); + auto D = gen.G * m_d + gen.H * f_d; auto proof = Prover::Prove( setup, ys, D, m_d, f_d, eta_fiat_shamir, eta_phi @@ -221,10 +235,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_sigma_in_different_pos) auto y3 = Point::MapToPoint("y4", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points prove_Ys; prove_Ys.Add(y1); @@ -258,10 +274,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_different_eta) auto y4 = Point::MapToPoint("y4", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points ys; ys.Add(y1); @@ -294,10 +312,12 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_same_sigma_different_ys) auto y4_2 = Point::MapToPoint("y4_2", Endianness::Little); auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); Scalar m = Scalar::Rand(); Scalar f = Scalar::Rand(); - auto sigma = setup.pedersen.Commit(m, f); + auto sigma = gen.G * m + gen.H * f; Points prove_Ys; prove_Ys.Add(y1_1); @@ -328,12 +348,14 @@ BOOST_AUTO_TEST_CASE(test_prove_verify_small_size_same_sigma_different_ys) BOOST_AUTO_TEST_CASE(test_prove_verify_large_size_input) { auto setup = SetMemProofSetup::Get(); + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); + Scalar m = Scalar::Rand(); + Scalar f = Scalar::Rand(); + auto sigma = gen.G * m + gen.H * f; const size_t NUM_INPUTS = setup.N; Points Ys; - Scalar m = Scalar::Rand(); - Scalar f = Scalar::Rand(); - Point sigma = setup.pedersen.Commit(m, f); for (size_t i=0; i message { s.begin(), s.end() }; + return std::pair(s, message); +} + +static bulletproofs::RangeProof CreateTokenIdRangeProof( + Point nonce, + Scalar value +) { + auto msg = GenMsgPair("test"); + + Scalars vs; + vs.Add(value); + + bulletproofs::RangeProofLogic rp; + auto proof = rp.Prove(vs, nonce, msg.second, TokenId()); + + return proof; +} + +BOOST_AUTO_TEST_CASE(test_pos_scenario) +{ + auto setup = SetMemProofSetup::Get(); + + auto value = Scalar(12345); + auto nonce = Point::Rand(); + auto gamma = nonce.GetHashWithSalt(100); + + auto range_proof = CreateTokenIdRangeProof(nonce, value); + auto stake_c = range_proof.Vs[0]; + + std::vector staked_commitments { + Point::MapToPoint("stake_a", Endianness::Little), + Point::MapToPoint("stake_b", Endianness::Little), + stake_c, + Point::MapToPoint("stake_d", Endianness::Little), + }; + + range_proof::Generators gen = + setup.Gf().GetInstance(TokenId()); + auto sigma = gen.G * value + gen.H * gamma; + + Scalar eta_fiat_shamir = Scalar::Rand(); + blsct::Message eta_phi { 1, 2, 3 }; + + auto proof = Prover::Prove( + setup, + staked_commitments, + sigma, + value, + gamma, + eta_fiat_shamir, + eta_phi + ); + + auto res = Prover::Verify( + setup, + staked_commitments, + eta_fiat_shamir, + eta_phi, + proof + ); + + BOOST_CHECK_EQUAL(res, true); +} + BOOST_AUTO_TEST_SUITE_END() From c792c9a0e116381ce6d87adb1ad636f606aa2fe2 Mon Sep 17 00:00:00 2001 From: gogoex <110195520+gogoex@users.noreply.github.com> Date: Sat, 23 Mar 2024 15:03:13 +0900 Subject: [PATCH 2/2] fix lint issue --- src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp b/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp index aa3add9cc9714..21a8fe0484643 100644 --- a/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp +++ b/src/test/blsct/set_mem_proof/set_mem_proof_prover_tests.cpp @@ -2,7 +2,6 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -#include "blsct/range_proof/bulletproofs/range_proof.h" #define BOOST_UNIT_TEST #include @@ -12,6 +11,7 @@ #include #include #include +#include #include #include #include