gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Rename Pedersen related structs and methods for consistency

Browse Source
This commit is contained in:
Sam Kim
2021-10-05 09:02:52 -04:00
committed by Michael Vines
parent 17cda46531
commit a40e7fc59b
8 changed files with 271 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
zk-token-sdk/src/encryption/elgamal.rs
View File

@ -3,7 +3,9 @@ use rand::{rngs::OsRng, CryptoRng, RngCore};
use { use {
crate::encryption::{ crate::encryption::{
discrete_log::DiscreteLog, discrete_log::DiscreteLog,
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen}, pedersen::{
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
},
}, },
arrayref::{array_ref, array_refs}, arrayref::{array_ref, array_refs},
core::ops::{Add, Div, Mul, Sub}, core::ops::{Add, Div, Mul, Sub},
@ -53,7 +55,7 @@ impl ElGamal {
/// returns an ElGamal ciphertext of the message under the public key. /// returns an ElGamal ciphertext of the message under the public key.
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
pub fn encrypt<T: Into<Scalar>>(pk: &ElGamalPubkey, amount: T) -> ElGamalCiphertext { pub fn encrypt<T: Into<Scalar>>(pk: &ElGamalPubkey, amount: T) -> ElGamalCiphertext {
let (message_comm, open) = Pedersen::commit(amount); let (message_comm, open) = Pedersen::new(amount);
let decrypt_handle = pk.gen_decrypt_handle(&open); let decrypt_handle = pk.gen_decrypt_handle(&open);
ElGamalCiphertext { ElGamalCiphertext {
@ -68,9 +70,9 @@ impl ElGamal {
pub fn encrypt_with<T: Into<Scalar>>( pub fn encrypt_with<T: Into<Scalar>>(
pk: &ElGamalPubkey, pk: &ElGamalPubkey,
amount: T, amount: T,
open: &PedersenOpen, open: &PedersenOpening,
) -> ElGamalCiphertext { ) -> ElGamalCiphertext {
let message_comm = Pedersen::commit_with(amount, open); let message_comm = Pedersen::with(amount, open);
let decrypt_handle = pk.gen_decrypt_handle(open); let decrypt_handle = pk.gen_decrypt_handle(open);
ElGamalCiphertext { ElGamalCiphertext {
@ -141,14 +143,18 @@ impl ElGamalPubkey {
} }
/// Utility method for code ergonomics. /// Utility method for code ergonomics.
pub fn encrypt_with<T: Into<Scalar>>(&self, msg: T, open: &PedersenOpen) -> ElGamalCiphertext { pub fn encrypt_with<T: Into<Scalar>>(
&self,
msg: T,
open: &PedersenOpening,
) -> ElGamalCiphertext {
ElGamal::encrypt_with(self, msg, open) ElGamal::encrypt_with(self, msg, open)
} }
/// Generate a decryption token from an ElGamal public key and a Pedersen /// Generate a decryption token from an ElGamal public key and a Pedersen
/// opening. /// opening.
pub fn gen_decrypt_handle(self, open: &PedersenOpen) -> PedersenDecHandle { pub fn gen_decrypt_handle(self, open: &PedersenOpening) -> PedersenDecryptHandle {
PedersenDecHandle::generate_handle(open, &self) PedersenDecryptHandle::generate_handle(open, &self)
} }
} }
@ -220,12 +226,12 @@ impl ConstantTimeEq for ElGamalSecretKey {
#[allow(non_snake_case)] #[allow(non_snake_case)]
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct ElGamalCiphertext { pub struct ElGamalCiphertext {
pub message_comm: PedersenComm, pub message_comm: PedersenCommitment,
pub decrypt_handle: PedersenDecHandle, pub decrypt_handle: PedersenDecryptHandle,
} }
impl ElGamalCiphertext { impl ElGamalCiphertext {
pub fn add_to_msg<T: Into<Scalar>>(&self, message: T) -> Self { pub fn add_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default()); let diff_comm = Pedersen::with(message, &PedersenOpening::default());
ElGamalCiphertext { ElGamalCiphertext {
message_comm: self.message_comm + diff_comm, message_comm: self.message_comm + diff_comm,
decrypt_handle: self.decrypt_handle, decrypt_handle: self.decrypt_handle,
@ -233,7 +239,7 @@ impl ElGamalCiphertext {
} }
pub fn sub_to_msg<T: Into<Scalar>>(&self, message: T) -> Self { pub fn sub_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default()); let diff_comm = Pedersen::with(message, &PedersenOpening::default());
ElGamalCiphertext { ElGamalCiphertext {
message_comm: self.message_comm - diff_comm, message_comm: self.message_comm - diff_comm,
decrypt_handle: self.decrypt_handle, decrypt_handle: self.decrypt_handle,
@ -257,8 +263,8 @@ impl ElGamalCiphertext {
let decrypt_handle = CompressedRistretto::from_slice(decrypt_handle).decompress()?; let decrypt_handle = CompressedRistretto::from_slice(decrypt_handle).decompress()?;
Some(ElGamalCiphertext { Some(ElGamalCiphertext {
message_comm: PedersenComm(message_comm), message_comm: PedersenCommitment(message_comm),
decrypt_handle: PedersenDecHandle(decrypt_handle), decrypt_handle: PedersenDecryptHandle(decrypt_handle),
}) })
} }
@ -378,7 +384,7 @@ mod tests {
let (pk_2, sk_2) = ElGamal::new(); let (pk_2, sk_2) = ElGamal::new();
let msg: u32 = 77; let msg: u32 = 77;
let (comm, open) = Pedersen::commit(msg); let (comm, open) = Pedersen::new(msg);
let decrypt_handle_1 = pk_1.gen_decrypt_handle(&open); let decrypt_handle_1 = pk_1.gen_decrypt_handle(&open);
let decrypt_handle_2 = pk_2.gen_decrypt_handle(&open); let decrypt_handle_2 = pk_2.gen_decrypt_handle(&open);
@ -406,8 +412,8 @@ mod tests {
let msg_1: u64 = 77; let msg_1: u64 = 77;
// Add two ElGamal ciphertexts // Add two ElGamal ciphertexts
let open_0 = PedersenOpen::random(&mut OsRng); let open_0 = PedersenOpening::random(&mut OsRng);
let open_1 = PedersenOpen::random(&mut OsRng); let open_1 = PedersenOpening::random(&mut OsRng);
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0); let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1); let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
@ -417,7 +423,7 @@ mod tests {
assert_eq!(ct_sum, ct_0 + ct_1); assert_eq!(ct_sum, ct_0 + ct_1);
// Add to ElGamal ciphertext // Add to ElGamal ciphertext
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let ct_sum = ElGamal::encrypt_with(&pk, msg_0 + msg_1, &open); let ct_sum = ElGamal::encrypt_with(&pk, msg_0 + msg_1, &open);
@ -431,8 +437,8 @@ mod tests {
let msg_1: u64 = 55; let msg_1: u64 = 55;
// Subtract two ElGamal ciphertexts // Subtract two ElGamal ciphertexts
let open_0 = PedersenOpen::random(&mut OsRng); let open_0 = PedersenOpening::random(&mut OsRng);
let open_1 = PedersenOpen::random(&mut OsRng); let open_1 = PedersenOpening::random(&mut OsRng);
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0); let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1); let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
@ -442,7 +448,7 @@ mod tests {
assert_eq!(ct_sub, ct_0 - ct_1); assert_eq!(ct_sub, ct_0 - ct_1);
// Subtract to ElGamal ciphertext // Subtract to ElGamal ciphertext
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let ct_sub = ElGamal::encrypt_with(&pk, msg_0 - msg_1, &open); let ct_sub = ElGamal::encrypt_with(&pk, msg_0 - msg_1, &open);
@ -455,7 +461,7 @@ mod tests {
let msg_0: u64 = 57; let msg_0: u64 = 57;
let msg_1: u64 = 77; let msg_1: u64 = 77;
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let scalar = Scalar::from(msg_1); let scalar = Scalar::from(msg_1);
@ -471,7 +477,7 @@ mod tests {
let msg_0: u64 = 55; let msg_0: u64 = 55;
let msg_1: u64 = 5; let msg_1: u64 = 5;
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let scalar = Scalar::from(msg_1); let scalar = Scalar::from(msg_1);

308
zk-token-sdk/src/encryption/pedersen.rs
View File

@ -1,10 +1,7 @@
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
use rand::{rngs::OsRng, CryptoRng, RngCore}; use rand::{rngs::OsRng, CryptoRng, RngCore};
use { use {
crate::{ crate::encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
errors::ProofError,
},
core::ops::{Add, Div, Mul, Sub}, core::ops::{Add, Div, Mul, Sub},
curve25519_dalek::{ curve25519_dalek::{
constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT}, constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT},
@ -53,9 +50,10 @@ impl Pedersen {
/// ///
/// TODO: Interface that takes a random generator as input /// TODO: Interface that takes a random generator as input
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
pub fn commit<T: Into<Scalar>>(amount: T) -> (PedersenComm, PedersenOpen) { #[allow(clippy::new_ret_no_self)]
let open = PedersenOpen(Scalar::random(&mut OsRng)); pub fn new<T: Into<Scalar>>(amount: T) -> (PedersenCommitment, PedersenOpening) {
let comm = Pedersen::commit_with(amount, &open); let open = PedersenOpening(Scalar::random(&mut OsRng));
let comm = Pedersen::with(amount, &open);
(comm, open) (comm, open)
} }
@ -63,54 +61,28 @@ impl Pedersen {
/// Given a number and an opening as inputs, the function returns their /// Given a number and an opening as inputs, the function returns their
/// Pedersen commitment. /// Pedersen commitment.
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub fn commit_with<T: Into<Scalar>>(amount: T, open: &PedersenOpen) -> PedersenComm { pub fn with<T: Into<Scalar>>(amount: T, open: &PedersenOpening) -> PedersenCommitment {
let G = PedersenBase::default().G; let G = PedersenBase::default().G;
let H = PedersenBase::default().H; let H = PedersenBase::default().H;
let x: Scalar = amount.into(); let x: Scalar = amount.into();
let r = open.get_scalar(); let r = open.get_scalar();
PedersenComm(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H])) PedersenCommitment(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]))
}
/// Given a number, opening, and Pedersen commitment, the function verifies
/// the validity of the commitment with respect to the number and opening.
///
/// This function is included for completeness and is not used for the
/// c-token program.
#[allow(non_snake_case)]
pub fn verify<T: Into<Scalar>>(
comm: PedersenComm,
open: PedersenOpen,
amount: T,
) -> Result<(), ProofError> {
let G = PedersenBase::default().G;
let H = PedersenBase::default().H;
let x: Scalar = amount.into();
let r = open.get_scalar();
let C = comm.get_point();
if C == RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]) {
Ok(())
} else {
Err(ProofError::VerificationError)
}
} }
} }
#[derive(Serialize, Deserialize, Clone, Debug, Zeroize)] #[derive(Serialize, Deserialize, Clone, Debug, Zeroize)]
#[zeroize(drop)] #[zeroize(drop)]
pub struct PedersenOpen(pub(crate) Scalar); pub struct PedersenOpening(pub(crate) Scalar);
impl PedersenOpen { impl PedersenOpening {
pub fn get_scalar(&self) -> Scalar { pub fn get_scalar(&self) -> Scalar {
self.0 self.0
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self { pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self {
PedersenOpen(Scalar::random(rng)) PedersenOpening(Scalar::random(rng))
} }
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
@ -118,83 +90,91 @@ impl PedersenOpen {
self.0.to_bytes() self.0.to_bytes()
} }
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpen> { pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpening> {
match bytes.try_into() { match bytes.try_into() {
Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpen), Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpening),
_ => None, _ => None,
} }
} }
} }
impl Eq for PedersenOpen {} impl Eq for PedersenOpening {}
impl PartialEq for PedersenOpen { impl PartialEq for PedersenOpening {
fn eq(&self, other: &Self) -> bool { fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).unwrap_u8() == 1u8 self.ct_eq(other).unwrap_u8() == 1u8
} }
} }
impl ConstantTimeEq for PedersenOpen { impl ConstantTimeEq for PedersenOpening {
fn ct_eq(&self, other: &Self) -> Choice { fn ct_eq(&self, other: &Self) -> Choice {
self.0.ct_eq(&other.0) self.0.ct_eq(&other.0)
} }
} }
impl Default for PedersenOpen { impl Default for PedersenOpening {
fn default() -> Self { fn default() -> Self {
PedersenOpen(Scalar::default()) PedersenOpening(Scalar::default())
} }
} }
impl<'a, 'b> Add<&'b PedersenOpen> for &'a PedersenOpen { impl<'a, 'b> Add<&'b PedersenOpening> for &'a PedersenOpening {
type Output = PedersenOpen; type Output = PedersenOpening;
fn add(self, other: &'b PedersenOpen) -> PedersenOpen { fn add(self, other: &'b PedersenOpening) -> PedersenOpening {
PedersenOpen(self.get_scalar() + other.get_scalar()) PedersenOpening(self.get_scalar() + other.get_scalar())
} }
} }
define_add_variants!( define_add_variants!(
LHS = PedersenOpen, LHS = PedersenOpening,
RHS = PedersenOpen, RHS = PedersenOpening,
Output = PedersenOpen Output = PedersenOpening
); );
impl<'a, 'b> Sub<&'b PedersenOpen> for &'a PedersenOpen { impl<'a, 'b> Sub<&'b PedersenOpening> for &'a PedersenOpening {
type Output = PedersenOpen; type Output = PedersenOpening;
fn sub(self, other: &'b PedersenOpen) -> PedersenOpen { fn sub(self, other: &'b PedersenOpening) -> PedersenOpening {
PedersenOpen(self.get_scalar() - other.get_scalar()) PedersenOpening(self.get_scalar() - other.get_scalar())
} }
} }
define_sub_variants!( define_sub_variants!(
LHS = PedersenOpen, LHS = PedersenOpening,
RHS = PedersenOpen, RHS = PedersenOpening,
Output = PedersenOpen Output = PedersenOpening
); );
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpen { impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpening {
type Output = PedersenOpen; type Output = PedersenOpening;
fn mul(self, other: &'b Scalar) -> PedersenOpen { fn mul(self, other: &'b Scalar) -> PedersenOpening {
PedersenOpen(self.get_scalar() * other) PedersenOpening(self.get_scalar() * other)
} }
} }
define_mul_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen); define_mul_variants!(
LHS = PedersenOpening,
RHS = Scalar,
Output = PedersenOpening
);
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpen { impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpening {
type Output = PedersenOpen; type Output = PedersenOpening;
#[allow(clippy::suspicious_arithmetic_impl)] #[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenOpen { fn div(self, other: &'b Scalar) -> PedersenOpening {
PedersenOpen(self.get_scalar() * other.invert()) PedersenOpening(self.get_scalar() * other.invert())
} }
} }
define_div_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen); define_div_variants!(
LHS = PedersenOpening,
RHS = Scalar,
Output = PedersenOpening
);
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct PedersenComm(pub(crate) RistrettoPoint); pub struct PedersenCommitment(pub(crate) RistrettoPoint);
impl PedersenComm { impl PedersenCommitment {
pub fn get_point(&self) -> RistrettoPoint { pub fn get_point(&self) -> RistrettoPoint {
self.0 self.0
} }
@ -204,79 +184,87 @@ impl PedersenComm {
self.0.compress().to_bytes() self.0.compress().to_bytes()
} }
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenComm> { pub fn from_bytes(bytes: &[u8]) -> Option<PedersenCommitment> {
Some(PedersenComm( Some(PedersenCommitment(
CompressedRistretto::from_slice(bytes).decompress()?, CompressedRistretto::from_slice(bytes).decompress()?,
)) ))
} }
} }
impl<'a, 'b> Add<&'b PedersenComm> for &'a PedersenComm { impl<'a, 'b> Add<&'b PedersenCommitment> for &'a PedersenCommitment {
type Output = PedersenComm; type Output = PedersenCommitment;
fn add(self, other: &'b PedersenComm) -> PedersenComm { fn add(self, other: &'b PedersenCommitment) -> PedersenCommitment {
PedersenComm(self.get_point() + other.get_point()) PedersenCommitment(self.get_point() + other.get_point())
} }
} }
define_add_variants!( define_add_variants!(
LHS = PedersenComm, LHS = PedersenCommitment,
RHS = PedersenComm, RHS = PedersenCommitment,
Output = PedersenComm Output = PedersenCommitment
); );
impl<'a, 'b> Sub<&'b PedersenComm> for &'a PedersenComm { impl<'a, 'b> Sub<&'b PedersenCommitment> for &'a PedersenCommitment {
type Output = PedersenComm; type Output = PedersenCommitment;
fn sub(self, other: &'b PedersenComm) -> PedersenComm { fn sub(self, other: &'b PedersenCommitment) -> PedersenCommitment {
PedersenComm(self.get_point() - other.get_point()) PedersenCommitment(self.get_point() - other.get_point())
} }
} }
define_sub_variants!( define_sub_variants!(
LHS = PedersenComm, LHS = PedersenCommitment,
RHS = PedersenComm, RHS = PedersenCommitment,
Output = PedersenComm Output = PedersenCommitment
); );
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenComm { impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenCommitment {
type Output = PedersenComm; type Output = PedersenCommitment;
fn mul(self, other: &'b Scalar) -> PedersenComm { fn mul(self, other: &'b Scalar) -> PedersenCommitment {
PedersenComm(self.get_point() * other) PedersenCommitment(self.get_point() * other)
} }
} }
define_mul_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm); define_mul_variants!(
LHS = PedersenCommitment,
RHS = Scalar,
Output = PedersenCommitment
);
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenComm { impl<'a, 'b> Div<&'b Scalar> for &'a PedersenCommitment {
type Output = PedersenComm; type Output = PedersenCommitment;
#[allow(clippy::suspicious_arithmetic_impl)] #[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenComm { fn div(self, other: &'b Scalar) -> PedersenCommitment {
PedersenComm(self.get_point() * other.invert()) PedersenCommitment(self.get_point() * other.invert())
} }
} }
define_div_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm); define_div_variants!(
LHS = PedersenCommitment,
RHS = Scalar,
Output = PedersenCommitment
);
/// Decryption handle for Pedersen commitment. /// Decryption handle for Pedersen commitment.
/// ///
/// A decryption handle can be combined with Pedersen commitments to form an /// A decryption handle can be combined with Pedersen commitments to form an
/// ElGamal ciphertext. /// ElGamal ciphertext.
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct PedersenDecHandle(pub(crate) RistrettoPoint); pub struct PedersenDecryptHandle(pub(crate) RistrettoPoint);
impl PedersenDecHandle { impl PedersenDecryptHandle {
pub fn get_point(&self) -> RistrettoPoint { pub fn get_point(&self) -> RistrettoPoint {
self.0 self.0
} }
pub fn generate_handle(open: &PedersenOpen, pk: &ElGamalPubkey) -> PedersenDecHandle { pub fn generate_handle(open: &PedersenOpening, pk: &ElGamalPubkey) -> PedersenDecryptHandle {
PedersenDecHandle(open.get_scalar() * pk.get_point()) PedersenDecryptHandle(open.get_scalar() * pk.get_point())
} }
/// Maps a decryption token and Pedersen commitment to ElGamal ciphertext /// Maps a decryption token and Pedersen commitment to ElGamal ciphertext
pub fn to_elgamal_ciphertext(self, comm: PedersenComm) -> ElGamalCiphertext { pub fn to_elgamal_ciphertext(self, comm: PedersenCommitment) -> ElGamalCiphertext {
ElGamalCiphertext { ElGamalCiphertext {
message_comm: comm, message_comm: comm,
decrypt_handle: self, decrypt_handle: self,
@ -288,94 +276,86 @@ impl PedersenDecHandle {
self.0.compress().to_bytes() self.0.compress().to_bytes()
} }
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecHandle> { pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecryptHandle> {
Some(PedersenDecHandle( Some(PedersenDecryptHandle(
CompressedRistretto::from_slice(bytes).decompress()?, CompressedRistretto::from_slice(bytes).decompress()?,
)) ))
} }
} }
impl<'a, 'b> Add<&'b PedersenDecHandle> for &'a PedersenDecHandle { impl<'a, 'b> Add<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
type Output = PedersenDecHandle; type Output = PedersenDecryptHandle;
fn add(self, other: &'b PedersenDecHandle) -> PedersenDecHandle { fn add(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
PedersenDecHandle(self.get_point() + other.get_point()) PedersenDecryptHandle(self.get_point() + other.get_point())
} }
} }
define_add_variants!( define_add_variants!(
LHS = PedersenDecHandle, LHS = PedersenDecryptHandle,
RHS = PedersenDecHandle, RHS = PedersenDecryptHandle,
Output = PedersenDecHandle Output = PedersenDecryptHandle
); );
impl<'a, 'b> Sub<&'b PedersenDecHandle> for &'a PedersenDecHandle { impl<'a, 'b> Sub<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
type Output = PedersenDecHandle; type Output = PedersenDecryptHandle;
fn sub(self, other: &'b PedersenDecHandle) -> PedersenDecHandle { fn sub(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
PedersenDecHandle(self.get_point() - other.get_point()) PedersenDecryptHandle(self.get_point() - other.get_point())
} }
} }
define_sub_variants!( define_sub_variants!(
LHS = PedersenDecHandle, LHS = PedersenDecryptHandle,
RHS = PedersenDecHandle, RHS = PedersenDecryptHandle,
Output = PedersenDecHandle Output = PedersenDecryptHandle
); );
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecHandle { impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecryptHandle {
type Output = PedersenDecHandle; type Output = PedersenDecryptHandle;
fn mul(self, other: &'b Scalar) -> PedersenDecHandle { fn mul(self, other: &'b Scalar) -> PedersenDecryptHandle {
PedersenDecHandle(self.get_point() * other) PedersenDecryptHandle(self.get_point() * other)
} }
} }
define_mul_variants!( define_mul_variants!(
LHS = PedersenDecHandle, LHS = PedersenDecryptHandle,
RHS = Scalar, RHS = Scalar,
Output = PedersenDecHandle Output = PedersenDecryptHandle
); );
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecHandle { impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecryptHandle {
type Output = PedersenDecHandle; type Output = PedersenDecryptHandle;
#[allow(clippy::suspicious_arithmetic_impl)] #[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenDecHandle { fn div(self, other: &'b Scalar) -> PedersenDecryptHandle {
PedersenDecHandle(self.get_point() * other.invert()) PedersenDecryptHandle(self.get_point() * other.invert())
} }
} }
define_div_variants!( define_div_variants!(
LHS = PedersenDecHandle, LHS = PedersenDecryptHandle,
RHS = Scalar, RHS = Scalar,
Output = PedersenDecHandle Output = PedersenDecryptHandle
); );
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;
#[test]
fn test_commit_verification_correctness() {
let amt: u64 = 57;
let (comm, open) = Pedersen::commit(amt);
assert!(Pedersen::verify(comm, open, amt).is_ok());
}
#[test] #[test]
fn test_homomorphic_addition() { fn test_homomorphic_addition() {
let amt_0: u64 = 77; let amt_0: u64 = 77;
let amt_1: u64 = 57; let amt_1: u64 = 57;
let rng = &mut OsRng; let rng = &mut OsRng;
let open_0 = PedersenOpen(Scalar::random(rng)); let open_0 = PedersenOpening(Scalar::random(rng));
let open_1 = PedersenOpen(Scalar::random(rng)); let open_1 = PedersenOpening(Scalar::random(rng));
let comm_0 = Pedersen::commit_with(amt_0, &open_0); let comm_0 = Pedersen::with(amt_0, &open_0);
let comm_1 = Pedersen::commit_with(amt_1, &open_1); let comm_1 = Pedersen::with(amt_1, &open_1);
let comm_addition = Pedersen::commit_with(amt_0 + amt_1, &(open_0 + open_1)); let comm_addition = Pedersen::with(amt_0 + amt_1, &(open_0 + open_1));
assert_eq!(comm_addition, comm_0 + comm_1); assert_eq!(comm_addition, comm_0 + comm_1);
} }
@ -386,12 +366,12 @@ mod tests {
let amt_1: u64 = 57; let amt_1: u64 = 57;
let rng = &mut OsRng; let rng = &mut OsRng;
let open_0 = PedersenOpen(Scalar::random(rng)); let open_0 = PedersenOpening(Scalar::random(rng));
let open_1 = PedersenOpen(Scalar::random(rng)); let open_1 = PedersenOpening(Scalar::random(rng));
let comm_0 = Pedersen::commit_with(amt_0, &open_0); let comm_0 = Pedersen::with(amt_0, &open_0);
let comm_1 = Pedersen::commit_with(amt_1, &open_1); let comm_1 = Pedersen::with(amt_1, &open_1);
let comm_addition = Pedersen::commit_with(amt_0 - amt_1, &(open_0 - open_1)); let comm_addition = Pedersen::with(amt_0 - amt_1, &(open_0 - open_1));
assert_eq!(comm_addition, comm_0 - comm_1); assert_eq!(comm_addition, comm_0 - comm_1);
} }
@ -401,9 +381,9 @@ mod tests {
let amt_0: u64 = 77; let amt_0: u64 = 77;
let amt_1: u64 = 57; let amt_1: u64 = 57;
let (comm, open) = Pedersen::commit(amt_0); let (comm, open) = Pedersen::new(amt_0);
let scalar = Scalar::from(amt_1); let scalar = Scalar::from(amt_1);
let comm_addition = Pedersen::commit_with(amt_0 * amt_1, &(open * scalar)); let comm_addition = Pedersen::with(amt_0 * amt_1, &(open * scalar));
assert_eq!(comm_addition, comm * scalar); assert_eq!(comm_addition, comm * scalar);
} }
@ -413,9 +393,9 @@ mod tests {
let amt_0: u64 = 77; let amt_0: u64 = 77;
let amt_1: u64 = 7; let amt_1: u64 = 7;
let (comm, open) = Pedersen::commit(amt_0); let (comm, open) = Pedersen::new(amt_0);
let scalar = Scalar::from(amt_1); let scalar = Scalar::from(amt_1);
let comm_addition = Pedersen::commit_with(amt_0 / amt_1, &(open / scalar)); let comm_addition = Pedersen::with(amt_0 / amt_1, &(open / scalar));
assert_eq!(comm_addition, comm / scalar); assert_eq!(comm_addition, comm / scalar);
} }
@ -423,30 +403,30 @@ mod tests {
#[test] #[test]
fn test_commitment_bytes() { fn test_commitment_bytes() {
let amt: u64 = 77; let amt: u64 = 77;
let (comm, _) = Pedersen::commit(amt); let (comm, _) = Pedersen::new(amt);
let encoded = comm.to_bytes(); let encoded = comm.to_bytes();
let decoded = PedersenComm::from_bytes(&encoded).unwrap(); let decoded = PedersenCommitment::from_bytes(&encoded).unwrap();
assert_eq!(comm, decoded); assert_eq!(comm, decoded);
} }
#[test] #[test]
fn test_opening_bytes() { fn test_opening_bytes() {
let open = PedersenOpen(Scalar::random(&mut OsRng)); let open = PedersenOpening(Scalar::random(&mut OsRng));
let encoded = open.to_bytes(); let encoded = open.to_bytes();
let decoded = PedersenOpen::from_bytes(&encoded).unwrap(); let decoded = PedersenOpening::from_bytes(&encoded).unwrap();
assert_eq!(open, decoded); assert_eq!(open, decoded);
} }
#[test] #[test]
fn test_decrypt_handle_bytes() { fn test_decrypt_handle_bytes() {
let handle = PedersenDecHandle(RistrettoPoint::default()); let handle = PedersenDecryptHandle(RistrettoPoint::default());
let encoded = handle.to_bytes(); let encoded = handle.to_bytes();
let decoded = PedersenDecHandle::from_bytes(&encoded).unwrap(); let decoded = PedersenDecryptHandle::from_bytes(&encoded).unwrap();
assert_eq!(handle, decoded); assert_eq!(handle, decoded);
} }
@ -454,30 +434,30 @@ mod tests {
#[test] #[test]
fn test_serde_commitment() { fn test_serde_commitment() {
let amt: u64 = 77; let amt: u64 = 77;
let (comm, _) = Pedersen::commit(amt); let (comm, _) = Pedersen::new(amt);
let encoded = bincode::serialize(&comm).unwrap(); let encoded = bincode::serialize(&comm).unwrap();
let decoded: PedersenComm = bincode::deserialize(&encoded).unwrap(); let decoded: PedersenCommitment = bincode::deserialize(&encoded).unwrap();
assert_eq!(comm, decoded); assert_eq!(comm, decoded);
} }
#[test] #[test]
fn test_serde_opening() { fn test_serde_opening() {
let open = PedersenOpen(Scalar::random(&mut OsRng)); let open = PedersenOpening(Scalar::random(&mut OsRng));
let encoded = bincode::serialize(&open).unwrap(); let encoded = bincode::serialize(&open).unwrap();
let decoded: PedersenOpen = bincode::deserialize(&encoded).unwrap(); let decoded: PedersenOpening = bincode::deserialize(&encoded).unwrap();
assert_eq!(open, decoded); assert_eq!(open, decoded);
} }
#[test] #[test]
fn test_serde_decrypt_handle() { fn test_serde_decrypt_handle() {
let handle = PedersenDecHandle(RistrettoPoint::default()); let handle = PedersenDecryptHandle(RistrettoPoint::default());
let encoded = bincode::serialize(&handle).unwrap(); let encoded = bincode::serialize(&handle).unwrap();
let decoded: PedersenDecHandle = bincode::deserialize(&encoded).unwrap(); let decoded: PedersenDecryptHandle = bincode::deserialize(&encoded).unwrap();
assert_eq!(handle, decoded); assert_eq!(handle, decoded);
} }

77
zk-token-sdk/src/instruction/transfer.rs
View File

@ -7,7 +7,9 @@ use {
crate::{ crate::{
encryption::{ encryption::{
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey}, elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen}, pedersen::{
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
},
}, },
errors::ProofError, errors::ProofError,
instruction::Verifiable, instruction::Verifiable,
@ -51,8 +53,8 @@ impl TransferData {
// ciphertext separately. // ciphertext separately.
let (amount_lo, amount_hi) = split_u64_into_u32(transfer_amount); let (amount_lo, amount_hi) = split_u64_into_u32(transfer_amount);
let (comm_lo, open_lo) = Pedersen::commit(amount_lo); let (comm_lo, open_lo) = Pedersen::new(amount_lo);
let (comm_hi, open_hi) = Pedersen::commit(amount_hi); let (comm_hi, open_hi) = Pedersen::new(amount_hi);
let handle_source_lo = source_pk.gen_decrypt_handle(&open_lo); let handle_source_lo = source_pk.gen_decrypt_handle(&open_lo);
let handle_dest_lo = dest_pk.gen_decrypt_handle(&open_lo); let handle_dest_lo = dest_pk.gen_decrypt_handle(&open_lo);
@ -139,16 +141,16 @@ impl TransferData {
/// Extracts the lo and hi source ciphertexts associated with a transfer data and returns the /// Extracts the lo and hi source ciphertexts associated with a transfer data and returns the
/// *combined* ciphertext /// *combined* ciphertext
pub fn source_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> { pub fn source_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?; let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?; let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi); let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
let decryption_handle_lo: PedersenDecHandle = self let decryption_handle_lo: PedersenDecryptHandle = self
.validity_proof .validity_proof
.decryption_handles_lo .decryption_handles_lo
.source .source
.try_into()?; .try_into()?;
let decryption_handle_hi: PedersenDecHandle = self let decryption_handle_hi: PedersenDecryptHandle = self
.validity_proof .validity_proof
.decryption_handles_hi .decryption_handles_hi
.source .source
@ -161,13 +163,13 @@ impl TransferData {
/// Extracts the lo and hi destination ciphertexts associated with a transfer data and returns /// Extracts the lo and hi destination ciphertexts associated with a transfer data and returns
/// the *combined* ciphertext /// the *combined* ciphertext
pub fn dest_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> { pub fn dest_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?; let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?; let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi); let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
let decryption_handle_lo: PedersenDecHandle = let decryption_handle_lo: PedersenDecryptHandle =
self.validity_proof.decryption_handles_lo.dest.try_into()?; self.validity_proof.decryption_handles_lo.dest.try_into()?;
let decryption_handle_hi: PedersenDecHandle = let decryption_handle_hi: PedersenDecryptHandle =
self.validity_proof.decryption_handles_hi.dest.try_into()?; self.validity_proof.decryption_handles_hi.dest.try_into()?;
let decryption_handle = combine_u32_handles(decryption_handle_lo, decryption_handle_hi); let decryption_handle = combine_u32_handles(decryption_handle_lo, decryption_handle_hi);
@ -243,10 +245,10 @@ pub struct TransferValidityProofData {
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(C)] #[repr(C)]
pub struct TransferEphemeralState { pub struct TransferEphemeralState {
pub spendable_comm_verification: pod::PedersenComm, // 32 bytes pub spendable_comm_verification: pod::PedersenCommitment, // 32 bytes
pub x: pod::Scalar, // 32 bytes pub x: pod::Scalar, // 32 bytes
pub z: pod::Scalar, // 32 bytes pub z: pod::Scalar, // 32 bytes
pub t_x_blinding: pod::Scalar, // 32 bytes pub t_x_blinding: pod::Scalar, // 32 bytes
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
@ -281,8 +283,8 @@ impl TransferProofs {
dest_pk: &ElGamalPubkey, dest_pk: &ElGamalPubkey,
auditor_pk: &ElGamalPubkey, auditor_pk: &ElGamalPubkey,
transfer_amt: (u64, u64), transfer_amt: (u64, u64),
lo_open: &PedersenOpen, lo_open: &PedersenOpening,
hi_open: &PedersenOpen, hi_open: &PedersenOpening,
new_spendable_balance: u64, new_spendable_balance: u64,
new_spendable_ct: &ElGamalCiphertext, new_spendable_ct: &ElGamalCiphertext,
) -> (Self, TransferEphemeralState) { ) -> (Self, TransferEphemeralState) {
@ -302,14 +304,14 @@ impl TransferProofs {
let c = transcript_validity_proof.challenge_scalar(b"c"); let c = transcript_validity_proof.challenge_scalar(b"c");
let z = s + c * y; let z = s + c * y;
let new_spendable_open = PedersenOpen(c * r_new); let new_spendable_open = PedersenOpening(c * r_new);
let spendable_comm_verification = let spendable_comm_verification =
Pedersen::commit_with(new_spendable_balance, &new_spendable_open); Pedersen::with(new_spendable_balance, &new_spendable_open);
// Generate proof for the transfer amounts // Generate proof for the transfer amounts
let t_1_blinding = PedersenOpen::random(&mut OsRng); let t_1_blinding = PedersenOpening::random(&mut OsRng);
let t_2_blinding = PedersenOpen::random(&mut OsRng); let t_2_blinding = PedersenOpening::random(&mut OsRng);
let u = transcript_validity_proof.challenge_scalar(b"u"); let u = transcript_validity_proof.challenge_scalar(b"u");
let P_joint = RistrettoPoint::multiscalar_mul( let P_joint = RistrettoPoint::multiscalar_mul(
@ -441,9 +443,9 @@ impl ValidityProof {
let x = ephemeral_state.x.into(); let x = ephemeral_state.x.into();
let z: Scalar = ephemeral_state.z.into(); let z: Scalar = ephemeral_state.z.into();
let handle_source_lo: PedersenDecHandle = decryption_handles_lo.source.try_into()?; let handle_source_lo: PedersenDecryptHandle = decryption_handles_lo.source.try_into()?;
let handle_dest_lo: PedersenDecHandle = decryption_handles_lo.dest.try_into()?; let handle_dest_lo: PedersenDecryptHandle = decryption_handles_lo.dest.try_into()?;
let handle_auditor_lo: PedersenDecHandle = decryption_handles_lo.auditor.try_into()?; let handle_auditor_lo: PedersenDecryptHandle = decryption_handles_lo.auditor.try_into()?;
let D_joint: CompressedRistretto = self.T_joint.into(); let D_joint: CompressedRistretto = self.T_joint.into();
let D_joint = D_joint.decompress().ok_or(ProofError::VerificationError)?; let D_joint = D_joint.decompress().ok_or(ProofError::VerificationError)?;
@ -457,9 +459,9 @@ impl ValidityProof {
], ],
); );
let handle_source_hi: PedersenDecHandle = decryption_handles_hi.source.try_into()?; let handle_source_hi: PedersenDecryptHandle = decryption_handles_hi.source.try_into()?;
let handle_dest_hi: PedersenDecHandle = decryption_handles_hi.dest.try_into()?; let handle_dest_hi: PedersenDecryptHandle = decryption_handles_hi.dest.try_into()?;
let handle_auditor_hi: PedersenDecHandle = decryption_handles_hi.auditor.try_into()?; let handle_auditor_hi: PedersenDecryptHandle = decryption_handles_hi.auditor.try_into()?;
let D_joint_hi = RistrettoPoint::vartime_multiscalar_mul( let D_joint_hi = RistrettoPoint::vartime_multiscalar_mul(
vec![Scalar::one(), u, u * u], vec![Scalar::one(), u, u * u],
@ -506,17 +508,17 @@ pub struct TransferPubKeys {
#[derive(Clone, Copy, Pod, Zeroable)] #[derive(Clone, Copy, Pod, Zeroable)]
#[repr(C)] #[repr(C)]
pub struct TransferComms { pub struct TransferComms {
pub lo: pod::PedersenComm, // 32 bytes pub lo: pod::PedersenCommitment, // 32 bytes
pub hi: pod::PedersenComm, // 32 bytes pub hi: pod::PedersenCommitment, // 32 bytes
} }
/// The decryption handles needed for a transfer /// The decryption handles needed for a transfer
#[derive(Clone, Copy, Pod, Zeroable)] #[derive(Clone, Copy, Pod, Zeroable)]
#[repr(C)] #[repr(C)]
pub struct TransferHandles { pub struct TransferHandles {
pub source: pod::PedersenDecHandle, // 32 bytes pub source: pod::PedersenDecryptHandle, // 32 bytes
pub dest: pod::PedersenDecHandle, // 32 bytes pub dest: pod::PedersenDecryptHandle, // 32 bytes
pub auditor: pod::PedersenDecHandle, // 32 bytes pub auditor: pod::PedersenDecryptHandle, // 32 bytes
} }
/// Split u64 number into two u32 numbers /// Split u64 number into two u32 numbers
@ -533,15 +535,18 @@ pub fn split_u64_into_u32(amt: u64) -> (u32, u32) {
const TWO_32: u64 = 4294967296; const TWO_32: u64 = 4294967296;
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
pub fn combine_u32_comms(comm_lo: PedersenComm, comm_hi: PedersenComm) -> PedersenComm { pub fn combine_u32_comms(
comm_lo: PedersenCommitment,
comm_hi: PedersenCommitment,
) -> PedersenCommitment {
comm_lo + comm_hi * Scalar::from(TWO_32) comm_lo + comm_hi * Scalar::from(TWO_32)
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
pub fn combine_u32_handles( pub fn combine_u32_handles(
handle_lo: PedersenDecHandle, handle_lo: PedersenDecryptHandle,
handle_hi: PedersenDecHandle, handle_hi: PedersenDecryptHandle,
) -> PedersenDecHandle { ) -> PedersenDecryptHandle {
handle_lo + handle_hi * Scalar::from(TWO_32) handle_lo + handle_hi * Scalar::from(TWO_32)
} }

6
zk-token-sdk/src/instruction/withdraw.rs
View File

@ -7,7 +7,7 @@ use {
crate::{ crate::{
encryption::{ encryption::{
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey}, elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
pedersen::{PedersenBase, PedersenOpen}, pedersen::{PedersenBase, PedersenOpening},
}, },
errors::ProofError, errors::ProofError,
instruction::Verifiable, instruction::Verifiable,
@ -54,7 +54,7 @@ impl WithdrawData {
// encode withdraw amount as an ElGamal ciphertext and subtract it from // encode withdraw amount as an ElGamal ciphertext and subtract it from
// current source balance // current source balance
let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpen::default()); let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpening::default());
let final_balance_ct = current_balance_ct - amount_encoded; let final_balance_ct = current_balance_ct - amount_encoded;
let proof = WithdrawProof::new(source_sk, final_balance, &final_balance_ct); let proof = WithdrawProof::new(source_sk, final_balance, &final_balance_ct);
@ -126,7 +126,7 @@ impl WithdrawProof {
let z = s + c * y; let z = s + c * y;
// compute the new Pedersen commitment and opening // compute the new Pedersen commitment and opening
let new_open = PedersenOpen(c * r_new); let new_open = PedersenOpening(c * r_new);
let range_proof = RangeProof::create( let range_proof = RangeProof::create(
vec![final_balance], vec![final_balance],

26
zk-token-sdk/src/range_proof/mod.rs
View File

@ -1,6 +1,6 @@
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
use { use {
crate::encryption::pedersen::{Pedersen, PedersenOpen}, crate::encryption::pedersen::{Pedersen, PedersenOpening},
curve25519_dalek::traits::MultiscalarMul, curve25519_dalek::traits::MultiscalarMul,
rand::rngs::OsRng, rand::rngs::OsRng,
subtle::{Choice, ConditionallySelectable}, subtle::{Choice, ConditionallySelectable},
@ -44,11 +44,11 @@ impl RangeProof {
pub fn create( pub fn create(
amounts: Vec<u64>, amounts: Vec<u64>,
bit_lengths: Vec<usize>, bit_lengths: Vec<usize>,
opens: Vec<&PedersenOpen>, opens: Vec<&PedersenOpening>,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> Self { ) -> Self {
let t_1_blinding = PedersenOpen::random(&mut OsRng); let t_1_blinding = PedersenOpening::random(&mut OsRng);
let t_2_blinding = PedersenOpen::random(&mut OsRng); let t_2_blinding = PedersenOpening::random(&mut OsRng);
let (range_proof, _, _) = Self::create_with( let (range_proof, _, _) = Self::create_with(
amounts, amounts,
@ -67,9 +67,9 @@ impl RangeProof {
pub fn create_with( pub fn create_with(
amounts: Vec<u64>, amounts: Vec<u64>,
bit_lengths: Vec<usize>, bit_lengths: Vec<usize>,
opens: Vec<&PedersenOpen>, opens: Vec<&PedersenOpening>,
t_1_blinding: &PedersenOpen, t_1_blinding: &PedersenOpening,
t_2_blinding: &PedersenOpen, t_2_blinding: &PedersenOpening,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> (Self, Scalar, Scalar) { ) -> (Self, Scalar, Scalar) {
let nm = bit_lengths.iter().sum(); let nm = bit_lengths.iter().sum();
@ -139,10 +139,10 @@ impl RangeProof {
let t_poly = l_poly.inner_product(&r_poly); let t_poly = l_poly.inner_product(&r_poly);
let T_1 = Pedersen::commit_with(t_poly.1, t_1_blinding) let T_1 = Pedersen::with(t_poly.1, t_1_blinding)
.get_point() .get_point()
.compress(); .compress();
let T_2 = Pedersen::commit_with(t_poly.2, t_2_blinding) let T_2 = Pedersen::with(t_poly.2, t_2_blinding)
.get_point() .get_point()
.compress(); .compress();
@ -407,7 +407,7 @@ mod tests {
#[test] #[test]
fn test_single_rangeproof() { fn test_single_rangeproof() {
let (comm, open) = Pedersen::commit(55_u64); let (comm, open) = Pedersen::new(55_u64);
let mut transcript_create = Transcript::new(b"Test"); let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test");
@ -425,9 +425,9 @@ mod tests {
#[test] #[test]
fn test_aggregated_rangeproof() { fn test_aggregated_rangeproof() {
let (comm_1, open_1) = Pedersen::commit(55_u64); let (comm_1, open_1) = Pedersen::new(55_u64);
let (comm_2, open_2) = Pedersen::commit(77_u64); let (comm_2, open_2) = Pedersen::new(77_u64);
let (comm_3, open_3) = Pedersen::commit(99_u64); let (comm_3, open_3) = Pedersen::new(99_u64);
let mut transcript_create = Transcript::new(b"Test"); let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test");

42
zk-token-sdk/src/zk_token_elgamal/convert.rs
View File

@ -1,8 +1,8 @@
use super::pod; use super::pod;
pub use target_arch::*; pub use target_arch::*;
impl From<(pod::PedersenComm, pod::PedersenDecHandle)> for pod::ElGamalCiphertext { impl From<(pod::PedersenCommitment, pod::PedersenDecryptHandle)> for pod::ElGamalCiphertext {
fn from((comm, decrypt_handle): (pod::PedersenComm, pod::PedersenDecHandle)) -> Self { fn from((comm, decrypt_handle): (pod::PedersenCommitment, pod::PedersenDecryptHandle)) -> Self {
let mut buf = [0_u8; 64]; let mut buf = [0_u8; 64];
buf[..32].copy_from_slice(&comm.0); buf[..32].copy_from_slice(&comm.0);
buf[32..].copy_from_slice(&decrypt_handle.0); buf[32..].copy_from_slice(&decrypt_handle.0);
@ -16,7 +16,7 @@ mod target_arch {
super::pod, super::pod,
crate::{ crate::{
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey}, encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
encryption::pedersen::{PedersenComm, PedersenDecHandle}, encryption::pedersen::{PedersenCommitment, PedersenDecryptHandle},
errors::ProofError, errors::ProofError,
range_proof::RangeProof, range_proof::RangeProof,
}, },
@ -88,62 +88,62 @@ mod target_arch {
} }
} }
impl From<PedersenComm> for pod::PedersenComm { impl From<PedersenCommitment> for pod::PedersenCommitment {
fn from(comm: PedersenComm) -> Self { fn from(comm: PedersenCommitment) -> Self {
Self(comm.to_bytes()) Self(comm.to_bytes())
} }
} }
// For proof verification, interpret pod::PedersenComm directly as CompressedRistretto // For proof verification, interpret pod::PedersenComm directly as CompressedRistretto
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl From<pod::PedersenComm> for CompressedRistretto { impl From<pod::PedersenCommitment> for CompressedRistretto {
fn from(pod: pod::PedersenComm) -> Self { fn from(pod: pod::PedersenCommitment) -> Self {
Self(pod.0) Self(pod.0)
} }
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl TryFrom<pod::PedersenComm> for PedersenComm { impl TryFrom<pod::PedersenCommitment> for PedersenCommitment {
type Error = ProofError; type Error = ProofError;
fn try_from(pod: pod::PedersenComm) -> Result<Self, Self::Error> { fn try_from(pod: pod::PedersenCommitment) -> Result<Self, Self::Error> {
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData) Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
} }
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl fmt::Debug for pod::PedersenComm { impl fmt::Debug for pod::PedersenCommitment {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self.0) write!(f, "{:?}", self.0)
} }
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl From<PedersenDecHandle> for pod::PedersenDecHandle { impl From<PedersenDecryptHandle> for pod::PedersenDecryptHandle {
fn from(handle: PedersenDecHandle) -> Self { fn from(handle: PedersenDecryptHandle) -> Self {
Self(handle.to_bytes()) Self(handle.to_bytes())
} }
} }
// For proof verification, interpret pod::PedersenDecHandle as CompressedRistretto // For proof verification, interpret pod::PedersenDecHandle as CompressedRistretto
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl From<pod::PedersenDecHandle> for CompressedRistretto { impl From<pod::PedersenDecryptHandle> for CompressedRistretto {
fn from(pod: pod::PedersenDecHandle) -> Self { fn from(pod: pod::PedersenDecryptHandle) -> Self {
Self(pod.0) Self(pod.0)
} }
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl TryFrom<pod::PedersenDecHandle> for PedersenDecHandle { impl TryFrom<pod::PedersenDecryptHandle> for PedersenDecryptHandle {
type Error = ProofError; type Error = ProofError;
fn try_from(pod: pod::PedersenDecHandle) -> Result<Self, Self::Error> { fn try_from(pod: pod::PedersenDecryptHandle) -> Result<Self, Self::Error> {
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData) Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
} }
} }
#[cfg(not(target_arch = "bpf"))] #[cfg(not(target_arch = "bpf"))]
impl fmt::Debug for pod::PedersenDecHandle { impl fmt::Debug for pod::PedersenDecryptHandle {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self.0) write!(f, "{:?}", self.0)
} }
@ -224,7 +224,7 @@ mod tests {
#[test] #[test]
fn test_pod_range_proof_64() { fn test_pod_range_proof_64() {
let (comm, open) = Pedersen::commit(55_u64); let (comm, open) = Pedersen::new(55_u64);
let mut transcript_create = Transcript::new(b"Test"); let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test");
@ -250,9 +250,9 @@ mod tests {
#[test] #[test]
fn test_pod_range_proof_128() { fn test_pod_range_proof_128() {
let (comm_1, open_1) = Pedersen::commit(55_u64); let (comm_1, open_1) = Pedersen::new(55_u64);
let (comm_2, open_2) = Pedersen::commit(77_u64); let (comm_2, open_2) = Pedersen::new(77_u64);
let (comm_3, open_3) = Pedersen::commit(99_u64); let (comm_3, open_3) = Pedersen::new(99_u64);
let mut transcript_create = Transcript::new(b"Test"); let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test");

36
zk-token-sdk/src/zk_token_elgamal/ops.rs
View File

@ -235,7 +235,7 @@ mod tests {
crate::{ crate::{
encryption::{ encryption::{
elgamal::{ElGamal, ElGamalCiphertext}, elgamal::{ElGamal, ElGamalCiphertext},
pedersen::{Pedersen, PedersenOpen}, pedersen::{Pedersen, PedersenOpening},
}, },
zk_token_elgamal::{ops, pod}, zk_token_elgamal::{ops, pod},
}, },
@ -256,11 +256,11 @@ mod tests {
let balance: u64 = 0; let balance: u64 = 0;
assert_eq!( assert_eq!(
spendable_ct, spendable_ct,
pk.encrypt_with(balance, &PedersenOpen::default()) pk.encrypt_with(balance, &PedersenOpening::default())
); );
// homomorphism should work like any other ciphertext // homomorphism should work like any other ciphertext
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let transfer_amount_ct = pk.encrypt_with(55_u64, &open); let transfer_amount_ct = pk.encrypt_with(55_u64, &open);
let transfer_amount_pod: pod::ElGamalCiphertext = transfer_amount_ct.into(); let transfer_amount_pod: pod::ElGamalCiphertext = transfer_amount_ct.into();
@ -278,7 +278,7 @@ mod tests {
let (pk, _) = ElGamal::new(); let (pk, _) = ElGamal::new();
let expected: pod::ElGamalCiphertext = let expected: pod::ElGamalCiphertext =
pk.encrypt_with(55_u64, &PedersenOpen::default()).into(); pk.encrypt_with(55_u64, &PedersenOpening::default()).into();
assert_eq!(expected, added_ct); assert_eq!(expected, added_ct);
} }
@ -287,7 +287,7 @@ mod tests {
fn test_subtract_from() { fn test_subtract_from() {
let amount = 77_u64; let amount = 77_u64;
let (pk, _) = ElGamal::new(); let (pk, _) = ElGamal::new();
let open = PedersenOpen::random(&mut OsRng); let open = PedersenOpening::random(&mut OsRng);
let encrypted_amount: pod::ElGamalCiphertext = pk.encrypt_with(amount, &open).into(); let encrypted_amount: pod::ElGamalCiphertext = pk.encrypt_with(amount, &open).into();
let subtracted_ct = ops::subtract_from(&encrypted_amount, 55).unwrap(); let subtracted_ct = ops::subtract_from(&encrypted_amount, 55).unwrap();
@ -317,28 +317,30 @@ mod tests {
let (auditor_pk, _) = ElGamal::new(); let (auditor_pk, _) = ElGamal::new();
// commitments associated with TransferRangeProof // commitments associated with TransferRangeProof
let (comm_lo, open_lo) = Pedersen::commit(amount_lo); let (comm_lo, open_lo) = Pedersen::new(amount_lo);
let (comm_hi, open_hi) = Pedersen::commit(amount_hi); let (comm_hi, open_hi) = Pedersen::new(amount_hi);
let comm_lo: pod::PedersenComm = comm_lo.into(); let comm_lo: pod::PedersenCommitment = comm_lo.into();
let comm_hi: pod::PedersenComm = comm_hi.into(); let comm_hi: pod::PedersenCommitment = comm_hi.into();
// decryption handles associated with TransferValidityProof // decryption handles associated with TransferValidityProof
let handle_source_lo: pod::PedersenDecHandle = let handle_source_lo: pod::PedersenDecryptHandle =
source_pk.gen_decrypt_handle(&open_lo).into(); source_pk.gen_decrypt_handle(&open_lo).into();
let handle_dest_lo: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_lo).into(); let handle_dest_lo: pod::PedersenDecryptHandle =
let _handle_auditor_lo: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_lo).into();
let _handle_auditor_lo: pod::PedersenDecryptHandle =
auditor_pk.gen_decrypt_handle(&open_lo).into(); auditor_pk.gen_decrypt_handle(&open_lo).into();
let handle_source_hi: pod::PedersenDecHandle = let handle_source_hi: pod::PedersenDecryptHandle =
source_pk.gen_decrypt_handle(&open_hi).into(); source_pk.gen_decrypt_handle(&open_hi).into();
let handle_dest_hi: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_hi).into(); let handle_dest_hi: pod::PedersenDecryptHandle =
let _handle_auditor_hi: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_hi).into();
let _handle_auditor_hi: pod::PedersenDecryptHandle =
auditor_pk.gen_decrypt_handle(&open_hi).into(); auditor_pk.gen_decrypt_handle(&open_hi).into();
// source spendable and recipient pending // source spendable and recipient pending
let source_open = PedersenOpen::random(&mut OsRng); let source_open = PedersenOpening::random(&mut OsRng);
let dest_open = PedersenOpen::random(&mut OsRng); let dest_open = PedersenOpening::random(&mut OsRng);
let source_spendable_ct: pod::ElGamalCiphertext = let source_spendable_ct: pod::ElGamalCiphertext =
source_pk.encrypt_with(77_u64, &source_open).into(); source_pk.encrypt_with(77_u64, &source_open).into();

4
zk-token-sdk/src/zk_token_elgamal/pod.rs
View File

@ -18,11 +18,11 @@ pub struct ElGamalPubkey(pub [u8; 32]);
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(transparent)] #[repr(transparent)]
pub struct PedersenComm(pub [u8; 32]); pub struct PedersenCommitment(pub [u8; 32]);
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(transparent)] #[repr(transparent)]
pub struct PedersenDecHandle(pub [u8; 32]); pub struct PedersenDecryptHandle(pub [u8; 32]);
/// Serialization of range proofs for 64-bit numbers (for `Withdraw` instruction) /// Serialization of range proofs for 64-bit numbers (for `Withdraw` instruction)
#[derive(Clone, Copy)] #[derive(Clone, Copy)]