2018-02-24 00:12:58 -08:00
|
|
|
extern crate bn;
|
2018-02-24 23:46:52 -08:00
|
|
|
extern crate rand;
|
|
|
|
extern crate bincode;
|
|
|
|
extern crate sodiumoxide;
|
2018-06-07 23:57:46 -07:00
|
|
|
extern crate rustc_serialize;
|
2018-06-08 18:20:15 -07:00
|
|
|
extern crate secp256k1;
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-02-24 23:46:52 -08:00
|
|
|
use std::fmt;
|
2018-03-24 06:44:45 -07:00
|
|
|
use std::str;
|
|
|
|
use std::default;
|
2018-06-05 10:26:16 -07:00
|
|
|
use bn::{Group, Fr, G1, G2, Gt, pairing};
|
2018-02-24 23:46:52 -08:00
|
|
|
use bincode::SizeLimit::Infinite;
|
|
|
|
use bincode::rustc_serialize::{encode, decode};
|
2018-04-08 00:46:17 -07:00
|
|
|
use sodiumoxide::randombytes;
|
2018-03-24 06:44:45 -07:00
|
|
|
use sodiumoxide::crypto::hash::sha512;
|
2018-06-09 23:00:01 -07:00
|
|
|
use std::collections::HashMap;
|
2018-02-24 00:12:58 -08:00
|
|
|
|
2018-04-07 12:01:27 -07:00
|
|
|
pub mod prf;
|
2018-04-02 07:47:19 -07:00
|
|
|
pub mod sym;
|
2018-04-07 12:01:27 -07:00
|
|
|
pub mod ote;
|
2018-04-02 07:47:19 -07:00
|
|
|
pub mod clsigs;
|
|
|
|
pub mod commit_scheme;
|
|
|
|
|
2018-02-24 23:46:52 -08:00
|
|
|
// Begin CL Signature scheme data structures
|
2018-02-24 00:12:58 -08:00
|
|
|
|
2018-02-24 23:46:52 -08:00
|
|
|
// End CL Signature scheme data structures
|
2018-02-24 00:12:58 -08:00
|
|
|
|
2018-03-24 06:44:45 -07:00
|
|
|
//pub fn hash_string(s: &str) -> String {
|
|
|
|
// let digest = sha256::hash(s.as_bytes());
|
|
|
|
// format!("{:X}", HexSlice::new(&digest))
|
|
|
|
//}
|
2018-02-24 23:46:52 -08:00
|
|
|
|
2018-03-24 06:44:45 -07:00
|
|
|
pub fn debug_elem_in_hex(prefix: &str, r: &Fr) {
|
|
|
|
let encoded: Vec<u8> = encode(&r, Infinite).unwrap();
|
|
|
|
print!("{} (hex) = 0x", prefix);
|
|
|
|
for e in encoded.iter() {
|
|
|
|
print!("{:x}", e);
|
|
|
|
}
|
|
|
|
print!("\n");
|
2018-02-24 00:12:58 -08:00
|
|
|
}
|
|
|
|
|
2018-06-05 19:57:44 -07:00
|
|
|
pub fn debug_g1_in_hex(prefix: &str, g: &G1) {
|
|
|
|
let encoded: Vec<u8> = encode(&g, Infinite).unwrap();
|
|
|
|
print!("{} (hex) = 0x", prefix);
|
|
|
|
for e in encoded.iter() {
|
|
|
|
print!("{:x}", e);
|
|
|
|
}
|
|
|
|
print!("\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn debug_g2_in_hex(prefix: &str, g: &G2) {
|
|
|
|
let encoded: Vec<u8> = encode(&g, Infinite).unwrap();
|
|
|
|
print!("{} (hex) = 0x", prefix);
|
|
|
|
for e in encoded.iter() {
|
|
|
|
print!("{:x}", e);
|
|
|
|
}
|
|
|
|
print!("\n");
|
|
|
|
}
|
|
|
|
|
2018-06-07 23:57:46 -07:00
|
|
|
pub fn debug_gt_in_hex(prefix: &str, g: &Gt) {
|
|
|
|
let encoded: Vec<u8> = encode(&g, Infinite).unwrap();
|
|
|
|
print!("{} (hex) = 0x", prefix);
|
|
|
|
for e in encoded.iter() {
|
|
|
|
print!("{:x}", e);
|
|
|
|
}
|
|
|
|
print!("\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-03-24 06:44:45 -07:00
|
|
|
struct HexSlice<'a>(&'a [u8]);
|
|
|
|
|
|
|
|
impl<'a> HexSlice<'a> {
|
|
|
|
fn new<T>(data: &'a T) -> HexSlice<'a>
|
|
|
|
where T: ?Sized + AsRef<[u8]> + 'a
|
|
|
|
{
|
|
|
|
HexSlice(data.as_ref())
|
2018-02-24 23:46:52 -08:00
|
|
|
}
|
|
|
|
}
|
2018-02-24 00:12:58 -08:00
|
|
|
|
2018-03-24 06:44:45 -07:00
|
|
|
impl<'a> fmt::LowerHex for HexSlice<'a> {
|
2018-02-24 23:46:52 -08:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2018-03-24 06:44:45 -07:00
|
|
|
for byte in self.0 {
|
|
|
|
// Decide if you want upper- or lowercase results,
|
|
|
|
// padding the values to two characters, spaces
|
|
|
|
// between bytes, etc.
|
|
|
|
write!(f, "{:x}", byte)?;
|
2018-02-24 23:46:52 -08:00
|
|
|
}
|
2018-03-24 06:44:45 -07:00
|
|
|
Ok(())
|
2018-02-24 23:46:52 -08:00
|
|
|
}
|
2018-02-24 00:12:58 -08:00
|
|
|
}
|
|
|
|
|
2018-03-24 06:44:45 -07:00
|
|
|
impl<'a> fmt::UpperHex for HexSlice<'a> {
|
2018-02-24 23:46:52 -08:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2018-03-24 06:44:45 -07:00
|
|
|
for byte in self.0 {
|
|
|
|
// Decide if you want upper- or lowercase results,
|
|
|
|
// padding the values to two characters, spaces
|
|
|
|
// between bytes, etc.
|
|
|
|
write!(f, "{:X}", byte)?;
|
2018-02-24 23:46:52 -08:00
|
|
|
}
|
2018-03-24 06:44:45 -07:00
|
|
|
Ok(())
|
2018-02-24 23:46:52 -08:00
|
|
|
}
|
2018-02-24 00:12:58 -08:00
|
|
|
}
|
2018-03-24 06:44:45 -07:00
|
|
|
// To hash this message structure, encode each element in the tuple
|
|
|
|
// as a byte stream, then apply a hash on it. Then, convert the output value into
|
|
|
|
// a Fr element.
|
2018-02-24 00:12:58 -08:00
|
|
|
|
2018-02-24 23:46:52 -08:00
|
|
|
pub fn misc_tests() {
|
|
|
|
let rng = &mut rand::thread_rng();
|
|
|
|
let a = Fr::random(rng);
|
|
|
|
// println!("crs = {}", stringify!(a));
|
|
|
|
// let limit = bincode::SizeLimit::Bounded(256);
|
|
|
|
let encoded: Vec<u8> = encode(&a, Infinite).unwrap();
|
|
|
|
println!("a length = {}", encoded.len());
|
|
|
|
println!("a = {:?}", encoded);
|
|
|
|
print!("a (hex) = 0x");
|
|
|
|
for x in encoded.iter() {
|
|
|
|
print!("{:x}", x);
|
|
|
|
}
|
|
|
|
print!("\n");
|
2018-02-24 00:12:58 -08:00
|
|
|
|
|
|
|
}
|
2018-02-24 23:46:52 -08:00
|
|
|
|
2018-04-07 12:01:27 -07:00
|
|
|
pub fn print(g: &G1) -> String {
|
|
|
|
let c_vec: Vec<u8> = encode(g, Infinite).unwrap();
|
|
|
|
let mut c_s = String::new();
|
|
|
|
for x in c_vec.iter() {
|
|
|
|
c_s = format!("{}{:x}", c_s, x);
|
|
|
|
}
|
|
|
|
|
|
|
|
return c_s;
|
|
|
|
}
|
|
|
|
|
2018-04-02 07:47:19 -07:00
|
|
|
////////////////////////////////// ZK proof compiler ///////////////////////////////////
|
|
|
|
|
|
|
|
//pub mod zkp {
|
|
|
|
//
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! log {
|
|
|
|
// ($msg:expr) => {{
|
|
|
|
// let state: i32 = get_log_state();
|
|
|
|
// if state > 0 {
|
|
|
|
// println!("log({}): {}", state, $msg);
|
|
|
|
// }
|
|
|
|
// }};
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//#[doc(hidden)]
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! __compute_formula_scalarlist {
|
|
|
|
// // Unbracket a statement
|
|
|
|
// (($publics:ident, $scalars:ident) ($($x:tt)*)) => {
|
|
|
|
// // Add a trailing +
|
|
|
|
// __compute_formula_scalarlist!(($publics,$scalars) $($x)* +)
|
|
|
|
// };
|
|
|
|
// // Inner part of the formula: give a list of &Scalars
|
|
|
|
// // Since there's a trailing +, we can just generate the list as normal...
|
|
|
|
// (($publics:ident, $scalars:ident)
|
|
|
|
// $( $point:ident * $scalar:ident +)+ ) => {
|
|
|
|
// &[ $( $scalars.$scalar ,)* ]
|
|
|
|
// };
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//#[doc(hidden)]
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! __compute_formula_pointlist {
|
|
|
|
// // Unbracket a statement
|
|
|
|
// (($publics:ident, $scalars:ident) ($($x:tt)*)) => {
|
|
|
|
// // Add a trailing +
|
|
|
|
// __compute_formula_pointlist!(($publics,$scalars) $($x)* +)
|
|
|
|
// };
|
|
|
|
// // Inner part of the formula: give a list of &Scalars
|
|
|
|
// // Since there's a trailing +, we can just generate the list as normal...
|
|
|
|
// (($publics:ident, $scalars:ident)
|
|
|
|
// $( $point:ident * $scalar:ident +)* ) => {
|
|
|
|
// &[ $( *($publics.$point) ,)* ]
|
|
|
|
// };
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//#[doc(hidden)]
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! __compute_commitments_consttime {
|
|
|
|
// (($publics:ident, $scalars:ident) $($lhs:ident = $statement:tt),+) => {
|
|
|
|
// Commitments {
|
|
|
|
// $( $lhs :
|
|
|
|
// multiscalar_mult(
|
|
|
|
// __compute_formula_scalarlist!(($publics, $scalars) $statement),
|
|
|
|
// __compute_formula_pointlist!(($publics, $scalars) $statement),
|
|
|
|
// )
|
|
|
|
// ),+
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//#[doc(hidden)]
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! __recompute_commitments_vartime {
|
|
|
|
// (($publics:ident, $scalars:ident, $minus_c:ident) $($lhs:ident = $statement:tt),+) => {
|
|
|
|
// Commitments {
|
|
|
|
// $( $lhs :
|
|
|
|
// vartime::multiscalar_mult(
|
|
|
|
// __compute_formula_scalarlist!(($publics, $scalars) $statement)
|
|
|
|
// .into_iter()
|
|
|
|
// .chain(iter::once(&($minus_c)))
|
|
|
|
// ,
|
|
|
|
// __compute_formula_pointlist!(($publics, $scalars) $statement)
|
|
|
|
// .into_iter()
|
|
|
|
// .chain(iter::once($publics.$lhs))
|
|
|
|
// )
|
|
|
|
// ),+
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//#[macro_export]
|
|
|
|
//macro_rules! create_nipk {
|
|
|
|
//(
|
|
|
|
// $proof_module_name:ident // Name of the module to create
|
|
|
|
// ,
|
|
|
|
// ( $($secret:ident),+ ) // Secret variables, sep by commas
|
|
|
|
// ,
|
|
|
|
// ( $($public:ident),+ ) // Public variables, sep by commas
|
|
|
|
// :
|
|
|
|
// // List of statements to prove
|
|
|
|
// // Format: LHS = ( ... RHS expr ... ),
|
|
|
|
// $($lhs:ident = $statement:tt),+
|
|
|
|
//) => {
|
|
|
|
// mod $proof_module_name {
|
|
|
|
// use $crate::{Group, Fr, G1}
|
|
|
|
// use $crate::sodiumoxide::crypto::hash;
|
|
|
|
// // use $crate::sha2::{Digest, Sha512};
|
|
|
|
// use $crate::rand::Rng;
|
|
|
|
//
|
|
|
|
// use std::iter;
|
|
|
|
//
|
|
|
|
// #[derive(Copy, Clone)]
|
|
|
|
// pub struct Secrets<'a> {
|
|
|
|
// // Create a parameter for each secret value
|
|
|
|
// $(
|
|
|
|
// pub $secret : &'a Fr,
|
|
|
|
// )+
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// #[derive(Copy, Clone)]
|
|
|
|
// pub struct Publics<'a> {
|
|
|
|
// // Create a parameter for each public value
|
|
|
|
// $(
|
|
|
|
// pub $public : &'a G1,
|
|
|
|
// )+
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// // Hack because we can't concat identifiers,
|
|
|
|
// // so do responses.x instead of responses_x
|
|
|
|
// // rand.x instead of rand_x, etc.
|
|
|
|
//
|
|
|
|
// struct Commitments {$($lhs: G1,)+ }
|
|
|
|
// struct Randomnesses {$($secret : Scalar,)+}
|
|
|
|
// #[derive(Serialize, Deserialize)]
|
|
|
|
// struct Responses {$($secret : Scalar,)+}
|
|
|
|
//
|
|
|
|
// #[derive(Serialize, Deserialize)]
|
|
|
|
// pub struct Proof {
|
|
|
|
// challenge: Fr,
|
|
|
|
// responses: Responses,
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// impl Proof {
|
|
|
|
// /// Create a `Proof`, in constant time, from the given
|
|
|
|
// /// `Publics` and `Secrets`.
|
|
|
|
// #[allow(dead_code)]
|
|
|
|
// pub fn create<R: Rng>(
|
|
|
|
// rng: &mut R,
|
|
|
|
// publics: Publics,
|
|
|
|
// secrets: Secrets,
|
|
|
|
// ) -> Proof {
|
|
|
|
// let rand = Randomnesses{
|
|
|
|
// $(
|
|
|
|
// $secret : Fr::random(rng),
|
|
|
|
// )+
|
|
|
|
// };
|
|
|
|
// // $statement_rhs = `X * x + Y * y + Z * z`
|
|
|
|
// // should become
|
|
|
|
// // `publics.X * rand.x + publics.Y * rand.y + publics.Z * rand.z`
|
|
|
|
// let commitments: Commitments;
|
|
|
|
// commitments = __compute_commitments_consttime!(
|
|
|
|
// (publics, rand) $($lhs = $statement),*
|
|
|
|
// );
|
|
|
|
//
|
|
|
|
// let mut hash_state = hash::State::new();
|
|
|
|
//
|
|
|
|
// $(
|
|
|
|
// hash_state.update(publics.$public.as_bytes());
|
|
|
|
// )+
|
|
|
|
// $(
|
|
|
|
// hash_state.update(commitments.$lhs.as_bytes());
|
|
|
|
// )+
|
|
|
|
//
|
|
|
|
// let digest = hash_state.finalize();
|
|
|
|
// let mut digest_buf: [u8; 64] = [0; 64];
|
|
|
|
// digest_buf.copy_from_slice(&digest[0..64]);
|
|
|
|
// let challenge = Fr::interpret(&digest_buf); // Scalar::from_hash(hash);
|
|
|
|
//
|
|
|
|
// let responses = Responses{
|
|
|
|
// $(
|
|
|
|
// $secret : &(&challenge * secrets.$secret) + &rand.$secret,
|
|
|
|
// )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// Proof{ challenge: challenge, responses: responses }
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// /// Verify the `Proof` using the public parameters `Publics`.
|
|
|
|
// #[allow(dead_code)]
|
|
|
|
// pub fn verify(&self, publics: Publics) -> Result<(),()> {
|
|
|
|
// // `A = X * x + Y * y`
|
|
|
|
// // should become
|
|
|
|
// // `publics.X * responses.x + publics.Y * responses.y - publics.A * self.challenge`
|
|
|
|
// let responses = &self.responses;
|
|
|
|
// let minus_c = -&self.challenge;
|
|
|
|
// let commitments = __recompute_commitments_vartime!(
|
|
|
|
// (publics, responses, minus_c) $($lhs = $statement),*
|
|
|
|
// );
|
|
|
|
//
|
|
|
|
// let mut hash_state = hash::State::new();
|
|
|
|
// // Add each public point into the hash
|
|
|
|
// $(
|
|
|
|
// hash_state.update(publics.$public.as_bytes());
|
|
|
|
// )+
|
|
|
|
// // Add each (recomputed) commitment into the hash
|
|
|
|
// $(
|
|
|
|
// hash_state.update(commitments.$lhs.as_bytes());
|
|
|
|
// )*
|
|
|
|
//
|
|
|
|
// let digest = hash_state.finalize();
|
|
|
|
// let mut digest_buf: [u8; 64] = [0; 64];
|
|
|
|
// digest_buf.copy_from_slice(&digest[0..64]);
|
|
|
|
// // Recompute challenge
|
|
|
|
// let challenge = Fr::interpret(&digest_buf); // Scalar::from_hash(hash);
|
|
|
|
//
|
|
|
|
// if challenge == self.challenge { Ok(()) } else { Err(()) }
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// #[cfg(test)]
|
|
|
|
// mod bench {
|
|
|
|
// extern crate test;
|
|
|
|
//
|
|
|
|
// use $crate::rand;
|
|
|
|
//
|
|
|
|
// use super::*;
|
|
|
|
//
|
|
|
|
// use self::test::Bencher;
|
|
|
|
//
|
|
|
|
// #[bench]
|
|
|
|
// #[allow(dead_code)]
|
|
|
|
// fn create(b: &mut Bencher) {
|
|
|
|
// let rng = &mut rand::thread_rng();
|
|
|
|
// //let mut rng = OsRng::new().unwrap();
|
|
|
|
//
|
|
|
|
// // Need somewhere to actually put the public points
|
|
|
|
// struct DummyPublics { $( pub $public : G1, )+ }
|
|
|
|
// let dummy_publics = DummyPublics {
|
|
|
|
// $( $public : G1::random(&mut rng) , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// let publics = Publics {
|
|
|
|
// $( $public : &dummy_publics.$public , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// struct DummySecrets { $( pub $secret : Fr, )+ }
|
|
|
|
// let dummy_secrets = DummySecrets {
|
|
|
|
// $( $secret : Fr::random(&mut rng) , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// let secrets = Secrets {
|
|
|
|
// $( $secret : &dummy_secrets.$secret , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// b.iter(|| Proof::create(&mut rng, publics, secrets));
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// #[bench]
|
|
|
|
// #[allow(dead_code)]
|
|
|
|
// fn verify(b: &mut Bencher) {
|
|
|
|
// let mut rng = OsRng::new().unwrap();
|
|
|
|
//
|
|
|
|
// // Need somewhere to actually put the public points
|
|
|
|
// struct DummyPublics { $( pub $public : G1, )+ }
|
|
|
|
// let dummy_publics = DummyPublics {
|
|
|
|
// $( $public : G1::random(&mut rng) , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// let publics = Publics {
|
|
|
|
// $( $public : &dummy_publics.$public , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// struct DummySecrets { $( pub $secret : Fr, )+ }
|
|
|
|
// let dummy_secrets = DummySecrets {
|
|
|
|
// $( $secret : Fr::random(&mut rng) , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// let secrets = Secrets {
|
|
|
|
// $( $secret : &dummy_secrets.$secret , )+
|
|
|
|
// };
|
|
|
|
//
|
|
|
|
// let p = Proof::create(&mut rng, publics, secrets);
|
|
|
|
//
|
|
|
|
// b.iter(|| p.verify(publics));
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
//}
|
|
|
|
//
|
|
|
|
//}
|
|
|
|
////////////////////////////////// ZK proof compiler ///////////////////////////////////
|
|
|
|
|
2018-03-24 21:03:59 -07:00
|
|
|
////////////////////////////////// SymKeyEnc ///////////////////////////////////
|
|
|
|
/*
|
|
|
|
Symmetric Key Encryption Scheme.
|
|
|
|
*/
|
2018-03-25 20:20:05 -07:00
|
|
|
//pub mod sym {
|
2018-03-24 21:03:59 -07:00
|
|
|
// use std::fmt;
|
2018-03-25 20:20:05 -07:00
|
|
|
// use sodiumoxide;
|
|
|
|
// use sodiumoxide::crypto::secretbox;
|
2018-03-24 21:03:59 -07:00
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub struct SymCT {
|
|
|
|
// nonce: secretbox::Nonce,
|
|
|
|
// ciphertext: Vec<u8>
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
//
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// impl fmt::Display for SymCT {
|
2018-03-24 21:03:59 -07:00
|
|
|
// fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
// let mut y_s = String::new();
|
2018-03-25 20:20:05 -07:00
|
|
|
// for y in self.ciphertext.iter() {
|
2018-03-24 21:03:59 -07:00
|
|
|
// y_s = format!("{}{:x}", y_s, y);
|
|
|
|
// }
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// write!(f, "CT : (ct=0x{})", y_s)
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// #[derive(Clone)]
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub struct SymKey {
|
|
|
|
// key: secretbox::Key,
|
|
|
|
// l: i32
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub fn init() {
|
|
|
|
// sodiumoxide::init();
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub fn keygen(l: i32) -> SymKey {
|
|
|
|
// // TODO: make sure key is a l-bit key
|
|
|
|
// return SymKey { key: secretbox::gen_key(), l: l };
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub fn encrypt(key: &SymKey, plaintext: &String) -> SymCT {
|
|
|
|
// let nonce = secretbox::gen_nonce();
|
|
|
|
// let pt = plaintext.as_bytes();
|
|
|
|
// let ct = secretbox::seal(pt, &nonce, &key.key);
|
|
|
|
// return SymCT { nonce: nonce, ciphertext: ct };
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
|
|
|
//
|
2018-03-25 20:20:05 -07:00
|
|
|
// pub fn decrypt(key: &SymKey, ciphertext: &SymCT) -> String {
|
|
|
|
// let nonce = ciphertext.nonce;
|
|
|
|
// let pt = secretbox::open(&ciphertext.ciphertext, &nonce, &key.key).unwrap();
|
|
|
|
// // TODO: investigate better error handling here
|
|
|
|
// let plaintext = String::from_utf8(pt).expect("Found invalid UTF-8");
|
|
|
|
// return plaintext;
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
2018-03-25 20:20:05 -07:00
|
|
|
//}
|
|
|
|
|
|
|
|
////////////////////////////////// SymKeyEnc ///////////////////////////////////
|
|
|
|
|
2018-06-09 23:00:01 -07:00
|
|
|
// OLD RefundMessage
|
|
|
|
//impl<'a> RefundMessage<'a> {
|
|
|
|
// pub fn new(_c_id: Fr, _index: i32) -> RefundMessage<'a> {
|
|
|
|
// RefundMessage {
|
|
|
|
// prefix: "refund", c_id: _c_id, index: _index,
|
2018-03-24 21:03:59 -07:00
|
|
|
// }
|
2018-06-09 23:00:01 -07:00
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub fn hash(&self) -> Fr {
|
|
|
|
// let mut input_buf = Vec::new();
|
|
|
|
// input_buf.extend_from_slice(self.prefix.as_bytes());
|
|
|
|
// let c_id_vec: Vec<u8> = encode(&self.c_id, Infinite).unwrap();
|
|
|
|
// // encode cId in the vector
|
|
|
|
// input_buf.extend(c_id_vec);
|
|
|
|
// // encoee the balance as a hex string
|
|
|
|
// let b = format!("{:x}", self.index);
|
|
|
|
// input_buf.extend_from_slice(b.as_bytes());
|
|
|
|
// // TODO: add the ck vector (l-bit key)
|
|
|
|
//// let mut in_str = String::new();
|
|
|
|
//// for y in input_buf.iter() {
|
|
|
|
//// in_str = format!("{}{:x}", in_str, y);
|
|
|
|
//// }
|
|
|
|
//// println!("input_buf: {}", in_str);
|
|
|
|
//
|
|
|
|
// // hash the inputs via SHA256
|
|
|
|
// let sha2_digest = sha512::hash(input_buf.as_slice());
|
|
|
|
// // println!("hash: {:?}", sha2_digest);
|
|
|
|
// // let h = format!("{:x}", HexSlice::new(&sha2_digest));
|
|
|
|
// let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
// hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
// return Fr::interpret(&hash_buf);
|
|
|
|
// }
|
|
|
|
//}
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-06-09 23:00:01 -07:00
|
|
|
// spend message (for unidirectional scheme)
|
2018-05-06 18:50:37 -07:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct SpendMessage<'a> {
|
|
|
|
prefix: &'a str,
|
|
|
|
j: i32,
|
|
|
|
s: G1,
|
|
|
|
u: G1,
|
|
|
|
pi: Proof,
|
2018-06-05 10:26:16 -07:00
|
|
|
ck: sym::SymKey
|
2018-05-06 18:50:37 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
impl<'a> SpendMessage<'a> {
|
2018-06-05 10:26:16 -07:00
|
|
|
pub fn new(_j: i32, _s: G1, _u: G1, _pi: Proof, _ck: sym::SymKey) -> SpendMessage<'a> {
|
2018-05-06 18:50:37 -07:00
|
|
|
SpendMessage {
|
|
|
|
prefix: "spend", j: _j, s: _s, u: _u, pi: _pi, ck: _ck,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn hash(&self) -> Fr {
|
|
|
|
// hash into a Fr element
|
2018-06-05 10:26:16 -07:00
|
|
|
let rng = &mut rand::thread_rng();
|
|
|
|
return Fr::random(rng);
|
2018-05-06 18:50:37 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// coin message
|
|
|
|
|
|
|
|
|
2018-03-24 21:03:59 -07:00
|
|
|
////////////////////////////////// CL Sigs /////////////////////////////////////
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-03-24 21:03:59 -07:00
|
|
|
////////////////////////////////// COMMITMENT //////////////////////////////////
|
|
|
|
|
|
|
|
#[derive(Copy, Clone)]
|
|
|
|
pub struct Message {
|
|
|
|
sk: clsigs::SecretKey, // the secret key for the signature scheme (Is it possible to make this a generic field?)
|
|
|
|
k1: Fr, // seed 1 for PRF
|
|
|
|
k2: Fr, // seed 2 for PRF
|
|
|
|
balance: i32 // the balance for the user
|
|
|
|
}
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-03-24 21:03:59 -07:00
|
|
|
impl Message {
|
|
|
|
pub fn new(_sk: clsigs::SecretKey, _k1: Fr, _k2: Fr, _balance: i32) -> Message {
|
|
|
|
Message {
|
|
|
|
sk: _sk, k1: _k1, k2: _k2, balance: _balance,
|
2018-03-24 06:44:45 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-03-24 21:13:12 -07:00
|
|
|
pub fn hash(&self) -> Fr {
|
2018-03-24 21:03:59 -07:00
|
|
|
let mut input_buf = self.sk.encode();
|
|
|
|
// TODO: add sk_sigs to encode it
|
|
|
|
let k1_vec: Vec<u8> = encode(&self.k1, Infinite).unwrap();
|
|
|
|
let k2_vec: Vec<u8> = encode(&self.k2, Infinite).unwrap();
|
|
|
|
// encode k1 in the vector
|
|
|
|
input_buf.extend(k1_vec);
|
|
|
|
// encode k2 in the vector
|
|
|
|
input_buf.extend(k2_vec);
|
|
|
|
// encoee the balance as a hex string
|
|
|
|
let b = format!("{:x}", self.balance);
|
|
|
|
// println!("Balance: {}", b);
|
|
|
|
input_buf.extend_from_slice(b.as_bytes());
|
|
|
|
// let mut in_str = String::new();
|
|
|
|
// for y in input_buf.iter() {
|
|
|
|
// in_str = format!("{}{:x}", in_str, y);
|
|
|
|
// }
|
|
|
|
// println!("input_buf: {}", in_str);
|
|
|
|
|
|
|
|
// hash the inputs via SHA256
|
|
|
|
let sha2_digest = sha512::hash(input_buf.as_slice());
|
|
|
|
// println!("hash: {:?}", sha2_digest);
|
|
|
|
// let h = format!("{:x}", HexSlice::new(&sha2_digest));
|
|
|
|
let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
return Fr::interpret(&hash_buf);
|
2018-03-24 06:44:45 -07:00
|
|
|
}
|
2018-03-24 21:03:59 -07:00
|
|
|
}
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-03-25 20:20:05 -07:00
|
|
|
////////////////////////////////// COMMITMENT //////////////////////////////////
|
2018-03-24 06:44:45 -07:00
|
|
|
|
2018-05-06 18:50:37 -07:00
|
|
|
////////////////////////////////// NIZKP //////////////////////////////////
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn concat_to_vector(output: &mut Vec<u8>, t: &G2) {
|
|
|
|
let t_vec: Vec<u8> = encode(t, Infinite).unwrap();
|
|
|
|
output.extend(t_vec);
|
|
|
|
}
|
|
|
|
|
2018-05-06 18:50:37 -07:00
|
|
|
#[derive(Copy, Clone)]
|
|
|
|
pub struct Proof {
|
|
|
|
T: G1,
|
|
|
|
c: Fr,
|
|
|
|
s1: Fr,
|
|
|
|
s2: Fr
|
|
|
|
}
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
pub fn hash(g: &G1, h: &G1, X: &G1, Y: &G1, T: &Gt) -> Fr {
|
2018-05-06 18:50:37 -07:00
|
|
|
let g_vec: Vec<u8> = encode(&g, Infinite).unwrap();
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
// TODO: fix this
|
|
|
|
return Fr::from_str("1234567890").unwrap();
|
2018-05-06 18:50:37 -07:00
|
|
|
}
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
pub fn hashG1ToFr(x: &G1) -> Fr {
|
|
|
|
// TODO: change to serde (instead of rustc_serialize)
|
|
|
|
let x_vec: Vec<u8> = encode(&x, Infinite).unwrap();
|
|
|
|
let sha2_digest = sha512::hash(x_vec.as_slice());
|
2018-05-06 18:50:37 -07:00
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
return Fr::interpret(&hash_buf);
|
|
|
|
}
|
2018-05-06 18:50:37 -07:00
|
|
|
|
2018-06-08 18:20:15 -07:00
|
|
|
pub fn hashPubKeyToFr(wpk: &secp256k1::PublicKey) -> Fr {
|
|
|
|
let x_slice = wpk.serialize_uncompressed();
|
|
|
|
let sha2_digest = sha512::hash(&x_slice);
|
|
|
|
|
|
|
|
let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
return Fr::interpret(&hash_buf);
|
|
|
|
}
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
//pub fn hashStrToFr(x: &str) -> Fr {
|
|
|
|
// // TODO: change to serde (instead of rustc_serialize)
|
|
|
|
// let sha2_digest = sha512::hash(x.as_slice());
|
|
|
|
//
|
|
|
|
// let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
// hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
// return Fr::interpret(&hash_buf);
|
|
|
|
//}
|
2018-05-06 18:50:37 -07:00
|
|
|
|
2018-06-09 23:00:01 -07:00
|
|
|
fn convertToFr(input_buf: &Vec<u8>) -> Fr {
|
|
|
|
// hash the inputs via SHA256
|
|
|
|
let sha2_digest = sha512::hash(input_buf.as_slice());
|
|
|
|
// println!("hash: {:?}", sha2_digest);
|
|
|
|
// let h = format!("{:x}", HexSlice::new(&sha2_digest));
|
|
|
|
let mut hash_buf: [u8; 64] = [0; 64];
|
|
|
|
hash_buf.copy_from_slice(&sha2_digest[0..64]);
|
|
|
|
return Fr::interpret(&hash_buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
// refund message
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct RefundMessage<'a> {
|
2018-06-11 00:31:27 -07:00
|
|
|
pub msgtype: &'a str, // purpose type of message
|
|
|
|
pub cid: Fr, // channel identifier
|
|
|
|
pub wpk: secp256k1::PublicKey,
|
|
|
|
pub balance: usize, // the balance
|
|
|
|
pub r: Option<&'a Fr>, // randomness from customer wallet
|
|
|
|
pub rt: Option<&'a clsigs::SignatureD> // refund token
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
impl<'a> RefundMessage<'a> {
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn new(_msgtype: &'a str, _cid: Fr, _wpk: secp256k1::PublicKey,
|
2018-06-09 23:00:01 -07:00
|
|
|
_balance: usize, _r: Option<&'a Fr>, _rt: Option<&'a clsigs::SignatureD>) -> RefundMessage<'a> {
|
|
|
|
RefundMessage {
|
2018-06-11 00:31:27 -07:00
|
|
|
msgtype: _msgtype, cid: _cid, wpk: _wpk, balance: _balance, r: _r, rt: _rt
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn hash(&self) -> Vec<Fr> {
|
|
|
|
let mut v: Vec<Fr> = Vec::new();
|
|
|
|
let mut input_buf = Vec::new();
|
2018-06-11 00:31:27 -07:00
|
|
|
input_buf.extend_from_slice(self.msgtype.as_bytes());
|
2018-06-09 23:00:01 -07:00
|
|
|
v.push(convertToFr(&input_buf));
|
|
|
|
|
|
|
|
v.push(self.cid.clone());
|
|
|
|
|
|
|
|
v.push(hashPubKeyToFr(&self.wpk));
|
|
|
|
|
|
|
|
// encoee the balance as a hex string
|
|
|
|
let b = format!("{:x}", self.balance);
|
|
|
|
let mut b_buf = Vec::new();
|
|
|
|
b_buf.extend_from_slice(b.as_bytes());
|
|
|
|
v.push(convertToFr(&b_buf));
|
|
|
|
|
|
|
|
//let r_vec: Vec<u8> = encode(&self.r, Infinite).unwrap();
|
|
|
|
if (!self.r.is_none()) {
|
|
|
|
v.push(self.r.unwrap().clone());
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!self.rt.is_none()) {
|
2018-06-11 00:31:27 -07:00
|
|
|
let rt = self.rt.unwrap();
|
|
|
|
v.push(rt.hash(self.msgtype));
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
return v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct RevokedMessage<'a> {
|
2018-06-11 00:31:27 -07:00
|
|
|
pub msgtype: &'a str,
|
|
|
|
pub wpk: secp256k1::PublicKey,
|
|
|
|
pub sig: clsigs::SignatureD
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
impl<'a> RevokedMessage<'a> {
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn new(_msgtype: &'a str, _wpk: secp256k1::PublicKey, _sig: clsigs::SignatureD) -> RevokedMessage<'a> {
|
2018-06-09 23:00:01 -07:00
|
|
|
RevokedMessage {
|
2018-06-11 00:31:27 -07:00
|
|
|
msgtype: _msgtype, wpk: _wpk, sig: _sig
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn hash(&self) -> Vec<Fr> {
|
|
|
|
let mut v: Vec<Fr> = Vec::new();
|
|
|
|
let mut input_buf = Vec::new();
|
2018-06-11 00:31:27 -07:00
|
|
|
input_buf.extend_from_slice(self.msgtype.as_bytes());
|
2018-06-09 23:00:01 -07:00
|
|
|
v.push(convertToFr(&input_buf));
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
v.push(hashPubKeyToFr(&self.wpk));
|
|
|
|
|
|
|
|
v.push(self.sig.hash(self.msgtype));
|
2018-06-09 23:00:01 -07:00
|
|
|
return v;
|
|
|
|
}
|
|
|
|
}
|
2018-05-06 18:50:37 -07:00
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
//pub fn create_nizk_proof_one(pp: &PublicParams, pk: &clsigs::PublicKeyD, sk: &clsigs::SecretKeyD) -> Proof {
|
|
|
|
// let rng = &mut rand::thread_rng();
|
|
|
|
//
|
|
|
|
// let t1 = Fr::random(rng);
|
|
|
|
// let t2 = Fr::random(rng);
|
|
|
|
//
|
|
|
|
// let T = (pk.g * t1) + (pk.h * t2);
|
|
|
|
//
|
|
|
|
// let c = hash(pp.g, pp.h, pk.X, pk.Y, T);
|
|
|
|
//
|
|
|
|
// let s1 = (sk.x * c) + t1;
|
|
|
|
// let s2 = (sk.y * c) + t2;
|
|
|
|
//
|
|
|
|
// return Proof { T: T, c: c, s1: s1, s2: s2 };
|
|
|
|
//}
|
2018-05-06 18:50:37 -07:00
|
|
|
|
|
|
|
////////////////////////////////// NIZKP //////////////////////////////////
|
|
|
|
|
2018-05-10 14:08:42 -07:00
|
|
|
//pub mod unidirectional {
|
|
|
|
// use std::fmt;
|
|
|
|
// use rand;
|
|
|
|
// use bn::{Group, Fr};
|
|
|
|
// use sym;
|
|
|
|
// use commit_scheme;
|
|
|
|
// use clsigs;
|
|
|
|
// use Message;
|
|
|
|
// use sodiumoxide::randombytes;
|
|
|
|
//
|
|
|
|
// pub struct PublicParams {
|
|
|
|
// cm_mpk: commit_scheme::PublicKey,
|
|
|
|
// cl_mpk: clsigs::PublicParams,
|
|
|
|
// l_bits: i32
|
|
|
|
// // TODO: add NIZK proof system pub params
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub struct ChannelToken {
|
|
|
|
// w_com: commit_scheme::Commitment,
|
|
|
|
// pk: clsigs::PublicKey
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub struct CustSecretKey {
|
|
|
|
// sk: clsigs::SecretKey, // the secret key for the signature scheme (Is it possible to make this a generic field?)
|
|
|
|
// k1: Fr, // seed 1 for PRF
|
|
|
|
// k2: Fr, // seed 2 for PRF
|
|
|
|
// r: Fr, // random coins for commitment scheme
|
|
|
|
// balance: i32, // the balance for the user
|
|
|
|
// ck_vec: Vec<sym::SymKey>
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub struct MerchSecretKey {
|
|
|
|
// sk: clsigs::SecretKey,
|
|
|
|
// balance: i32
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub struct InitCustomerData {
|
|
|
|
// T: ChannelToken,
|
|
|
|
// csk: CustSecretKey
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub struct InitMerchantData {
|
|
|
|
// T: clsigs::PublicKey,
|
|
|
|
// csk: MerchSecretKey
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub fn setup() -> PublicParams {
|
|
|
|
// // TODO: provide option for generating CRS parameters
|
|
|
|
// let cm_pk = commit_scheme::setup();
|
|
|
|
// let cl_mpk = clsigs::setup();
|
|
|
|
// let l = 256;
|
|
|
|
// // let nizk = "nizk proof system";
|
|
|
|
// let pp = PublicParams { cm_mpk: cm_pk, cl_mpk: cl_mpk, l_bits: l };
|
|
|
|
// return pp;
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub fn keygen(pp: &PublicParams) -> clsigs::KeyPair {
|
|
|
|
// // TODO: figure out what we need from public params to generate keys
|
|
|
|
// println!("Run Keygen...");
|
|
|
|
// let keypair = clsigs::keygen(&pp.cl_mpk);
|
|
|
|
// return keypair;
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub fn init_customer(pp: &PublicParams, b0_customer: i32, keypair: &clsigs::KeyPair) -> InitCustomerData {
|
|
|
|
// println!("Run Init customer...");
|
|
|
|
// sym::init();
|
|
|
|
// let rng = &mut rand::thread_rng();
|
|
|
|
// // pick two distinct seeds
|
|
|
|
// let l = 256;
|
|
|
|
// let k1 = Fr::random(rng);
|
|
|
|
// let k2 = Fr::random(rng);
|
|
|
|
// let r = Fr::random(rng);
|
|
|
|
// let msg = Message::new(keypair.sk, k1, k2, b0_customer).hash();
|
|
|
|
//
|
|
|
|
// let mut ck_vec: Vec<sym::SymKey> = Vec::new();
|
|
|
|
// // generate the vector ck of sym keys
|
|
|
|
// for i in 1 .. b0_customer {
|
|
|
|
// let ck = sym::keygen(l);
|
|
|
|
// ck_vec.push(ck);
|
|
|
|
// }
|
|
|
|
// let w_com = commit_scheme::commit(&pp.cm_mpk, msg, Some(r));
|
|
|
|
// let t_c = ChannelToken { w_com: w_com, pk: keypair.pk };
|
|
|
|
// let csk_c = CustSecretKey { sk: keypair.sk, k1: k1, k2: k2, r: r, balance: b0_customer, ck_vec: ck_vec };
|
|
|
|
// return InitCustomerData { T: t_c, csk: csk_c };
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// pub fn init_merchant(pp: &PublicParams, b0_merchant: i32, keypair: &clsigs::KeyPair) -> InitMerchantData {
|
|
|
|
// println!("Run Init merchant...");
|
|
|
|
// let csk_m = MerchSecretKey { sk: keypair.sk, balance: b0_merchant };
|
|
|
|
// return InitMerchantData { T: keypair.pk, csk: csk_m };
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// // TODO: requires NIZK proof system
|
|
|
|
// pub fn establish_customer(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
|
|
|
|
// println ! ("Run establish_customer algorithm...");
|
|
|
|
// // set sk_0 to random bytes of length l
|
|
|
|
// // let sk_0 = random_bytes(pp.l);
|
|
|
|
// let buf_len: usize = pp.l_bits as usize;
|
|
|
|
// let mut sk0 = vec![0; buf_len];
|
|
|
|
// randombytes::randombytes_into(&mut sk0);
|
|
|
|
//
|
|
|
|
// let pi1 = create_nizk_proof_one(csk_c.sk, csk_c.k1, csk_c.k2, );
|
|
|
|
// }
|
|
|
|
//}
|
|
|
|
|
|
|
|
pub mod bidirectional {
|
2018-03-25 20:20:05 -07:00
|
|
|
use std::fmt;
|
|
|
|
use rand;
|
2018-06-12 11:30:24 -07:00
|
|
|
use bn::{Group, Fr, G1, G2, Gt};
|
2018-04-05 23:44:31 -07:00
|
|
|
use sym;
|
2018-03-25 20:20:05 -07:00
|
|
|
use commit_scheme;
|
|
|
|
use clsigs;
|
|
|
|
use Message;
|
2018-06-08 18:20:15 -07:00
|
|
|
use hashPubKeyToFr;
|
2018-04-08 00:46:17 -07:00
|
|
|
use sodiumoxide::randombytes;
|
2018-06-08 18:20:15 -07:00
|
|
|
use secp256k1; // ::{Secp256k1, PublicKey, SecretKey};
|
2018-06-09 23:00:01 -07:00
|
|
|
use RefundMessage;
|
|
|
|
use RevokedMessage;
|
2018-06-11 11:05:24 -07:00
|
|
|
use debug_elem_in_hex;
|
2018-06-12 11:30:24 -07:00
|
|
|
use debug_gt_in_hex;
|
|
|
|
|
|
|
|
fn print_secret_vector(x: &Vec<Fr>) {
|
|
|
|
for i in 0 .. x.len() {
|
|
|
|
let msg = format!("x[{}] => ", i);
|
|
|
|
debug_elem_in_hex(&msg, &x[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn print_public_bases_vector(g: &Vec<Gt>) {
|
|
|
|
for i in 0 .. g.len() {
|
|
|
|
let msg = format!("g[{}] => ", i);
|
|
|
|
debug_gt_in_hex(&msg, &g[i]);
|
|
|
|
}
|
|
|
|
}
|
2018-03-25 20:20:05 -07:00
|
|
|
|
|
|
|
pub struct PublicParams {
|
2018-04-05 23:44:31 -07:00
|
|
|
cl_mpk: clsigs::PublicParams,
|
2018-06-09 00:14:50 -07:00
|
|
|
l: usize // messages for committment
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
2018-04-05 23:44:31 -07:00
|
|
|
pub struct ChannelToken {
|
2018-03-25 20:20:05 -07:00
|
|
|
w_com: commit_scheme::Commitment,
|
2018-06-05 10:26:16 -07:00
|
|
|
pk: clsigs::PublicKeyD
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
2018-06-09 00:14:50 -07:00
|
|
|
pub struct CustomerWallet {
|
2018-06-05 10:26:16 -07:00
|
|
|
sk: clsigs::SecretKeyD, // the secret key for the signature scheme (Is it possible to make this a generic field?)
|
2018-05-11 13:21:35 -07:00
|
|
|
cid: Fr, // channel Id
|
2018-06-08 18:20:15 -07:00
|
|
|
wpk: secp256k1::PublicKey, // signature verification key
|
|
|
|
wsk: secp256k1::SecretKey, // signature signing key
|
2018-03-25 20:20:05 -07:00
|
|
|
r: Fr, // random coins for commitment scheme
|
2018-06-05 10:26:16 -07:00
|
|
|
balance: i32, // the balance for the user
|
2018-06-09 00:14:50 -07:00
|
|
|
signature: Option<clsigs::SignatureD>
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
pub struct MerchSecretKey {
|
2018-06-09 23:00:01 -07:00
|
|
|
sk: clsigs::SecretKeyD, // merchant signing key
|
2018-06-05 10:26:16 -07:00
|
|
|
balance: i32
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
pub struct InitCustomerData {
|
2018-06-09 00:14:50 -07:00
|
|
|
pub T: ChannelToken,
|
|
|
|
pub csk: CustomerWallet,
|
|
|
|
pub bases: Vec<G2>
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
pub struct InitMerchantData {
|
2018-06-09 00:14:50 -07:00
|
|
|
pub T: clsigs::PublicKeyD,
|
2018-06-11 11:05:24 -07:00
|
|
|
pub csk: MerchSecretKey,
|
|
|
|
pub bases: Vec<G2>
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
// TODO: add method to display contents of the channel state
|
|
|
|
// should include contents of the channel state
|
|
|
|
pub struct ChannelState<'a> {
|
2018-06-09 23:00:01 -07:00
|
|
|
//pub pub_keys: HashMap,
|
2018-06-11 00:31:27 -07:00
|
|
|
pub name: &'a str,
|
2018-06-09 23:00:01 -07:00
|
|
|
pub cid: Fr,
|
2018-06-11 00:31:27 -07:00
|
|
|
pub pay_init: bool,
|
|
|
|
pub channel_established: bool
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
pub struct ChannelClosure_C<'a> {
|
|
|
|
message: RefundMessage<'a>,
|
|
|
|
signature: clsigs::SignatureD
|
|
|
|
}
|
|
|
|
|
|
|
|
pub struct ChannelClosure_M<'a> {
|
|
|
|
message: RevokedMessage<'a>,
|
|
|
|
signature: clsigs::SignatureD
|
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
pub struct PaymentProof {
|
|
|
|
proof2a: clsigs::ProofCV, // proof of committed values in new wallet
|
|
|
|
proof2b: clsigs::ProofVS, // proof of knowledge of wallet signature
|
|
|
|
balance: i32, // balance increment
|
|
|
|
wpk: secp256k1::PublicKey, // verification key for old wallet
|
|
|
|
wallet_sig: clsigs::SignatureD // blinded signature for old wallet
|
|
|
|
// TODO: add proof2c: range proof that balance - balance_inc is between (0, val_max)
|
|
|
|
}
|
|
|
|
|
2018-03-25 20:20:05 -07:00
|
|
|
pub fn setup() -> PublicParams {
|
|
|
|
// TODO: provide option for generating CRS parameters
|
2018-06-05 10:26:16 -07:00
|
|
|
let cl_mpk = clsigs::setupD();
|
2018-06-09 00:14:50 -07:00
|
|
|
let l = 3;
|
2018-03-25 20:20:05 -07:00
|
|
|
// let nizk = "nizk proof system";
|
2018-06-09 00:14:50 -07:00
|
|
|
let pp = PublicParams { cl_mpk: cl_mpk, l: l }; // cm_csp: cm_pp,
|
2018-03-25 20:20:05 -07:00
|
|
|
return pp;
|
|
|
|
}
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
pub fn keygen(pp: &PublicParams) -> clsigs::KeyPairD {
|
2018-03-25 20:20:05 -07:00
|
|
|
// TODO: figure out what we need from public params to generate keys
|
|
|
|
println!("Run Keygen...");
|
2018-06-09 00:14:50 -07:00
|
|
|
let keypair = clsigs::keygenD(&pp.cl_mpk, pp.l);
|
2018-03-25 20:20:05 -07:00
|
|
|
return keypair;
|
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
fn generate_channel_id() -> Fr {
|
2018-06-09 00:14:50 -07:00
|
|
|
let rng = &mut rand::thread_rng();
|
|
|
|
return Fr::random(rng);
|
|
|
|
}
|
|
|
|
|
2018-06-11 11:05:24 -07:00
|
|
|
pub fn generate_commit_setup(pp: &PublicParams, pk: &clsigs::PublicKeyD) -> commit_scheme::CSParams {
|
|
|
|
let g2 = pp.cl_mpk.g2.clone();
|
|
|
|
let bases = pk.Z2.clone();
|
|
|
|
let cm_csp = commit_scheme::setup(pp.l, bases, g2);
|
|
|
|
return cm_csp;
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn init_customer(pp: &PublicParams, channel: &ChannelState, b0_customer: i32, cm_csp: &commit_scheme::CSParams, keypair: &clsigs::KeyPairD) -> InitCustomerData {
|
2018-03-25 20:20:05 -07:00
|
|
|
println!("Run Init customer...");
|
|
|
|
let rng = &mut rand::thread_rng();
|
2018-06-08 18:20:15 -07:00
|
|
|
// generate verification key and signing key (for wallet)
|
|
|
|
let mut schnorr = secp256k1::Secp256k1::new();
|
|
|
|
schnorr.randomize(rng);
|
|
|
|
let (wsk, wpk) = schnorr.generate_keypair(rng).unwrap();
|
|
|
|
let h_wpk = hashPubKeyToFr(&wpk);
|
|
|
|
// convert balance into Fr
|
2018-06-05 10:26:16 -07:00
|
|
|
let b0 = Fr::from_str(b0_customer.to_string().as_str()).unwrap();
|
2018-06-08 18:20:15 -07:00
|
|
|
// randomness for commitment
|
2018-03-25 20:20:05 -07:00
|
|
|
let r = Fr::random(rng);
|
2018-06-11 11:05:24 -07:00
|
|
|
// retreive the channel id
|
2018-06-11 00:31:27 -07:00
|
|
|
let cid = channel.cid.clone();
|
2018-06-05 10:26:16 -07:00
|
|
|
|
2018-06-08 18:20:15 -07:00
|
|
|
let mut x: Vec<Fr> = Vec::new();
|
2018-06-09 00:14:50 -07:00
|
|
|
x.push(r); // set randomness for commitment
|
2018-06-11 00:31:27 -07:00
|
|
|
x.push(cid);
|
2018-06-08 18:20:15 -07:00
|
|
|
x.push(h_wpk);
|
|
|
|
x.push(b0);
|
|
|
|
|
2018-06-09 00:14:50 -07:00
|
|
|
let w_com = commit_scheme::commit(&cm_csp, &x, r);
|
2018-06-05 10:26:16 -07:00
|
|
|
let t_c = ChannelToken { w_com: w_com, pk: keypair.pk.clone() };
|
2018-06-11 00:31:27 -07:00
|
|
|
let csk_c = CustomerWallet { sk: keypair.sk.clone(), cid: cid, wpk: wpk, wsk: wsk,
|
2018-06-09 00:14:50 -07:00
|
|
|
r: r, balance: b0_customer, signature: None };
|
2018-06-11 11:05:24 -07:00
|
|
|
return InitCustomerData { T: t_c, csk: csk_c, bases: cm_csp.pub_bases.clone() };
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
2018-06-05 10:26:16 -07:00
|
|
|
pub fn init_merchant(pp: &PublicParams, b0_merchant: i32, keypair: &clsigs::KeyPairD) -> InitMerchantData {
|
2018-03-25 20:20:05 -07:00
|
|
|
println!("Run Init merchant...");
|
2018-06-11 11:05:24 -07:00
|
|
|
let cm_csp = generate_commit_setup(&pp, &keypair.pk);
|
2018-06-05 10:26:16 -07:00
|
|
|
let csk_m = MerchSecretKey { sk: keypair.sk.clone(), balance: b0_merchant };
|
2018-06-11 11:05:24 -07:00
|
|
|
return InitMerchantData { T: keypair.pk.clone(), csk: csk_m, bases: cm_csp.pub_bases };
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn init_channel<'a>(name: &'a str) -> ChannelState<'a> {
|
|
|
|
let cid = generate_channel_id();
|
|
|
|
// TODO: add hashmap definition to store wpks and optionally store rev tokens?
|
|
|
|
return ChannelState { name: name, cid: cid, channel_established: false, pay_init: false }
|
|
|
|
}
|
|
|
|
|
|
|
|
//// begin of establish channel protocol
|
2018-06-11 11:05:24 -07:00
|
|
|
pub fn establish_customer_phase1(pp: &PublicParams, c_data: &InitCustomerData, m_data: &InitMerchantData) -> clsigs::ProofCV {
|
2018-06-12 11:30:24 -07:00
|
|
|
println!("Run establish_customer algorithm...");
|
2018-06-08 18:20:15 -07:00
|
|
|
// obtain customer init data
|
|
|
|
let t_c = &c_data.T;
|
|
|
|
let csk_c = &c_data.csk;
|
2018-06-11 11:05:24 -07:00
|
|
|
let pub_bases = &m_data.bases;
|
2018-06-08 18:20:15 -07:00
|
|
|
|
|
|
|
let h_wpk = hashPubKeyToFr(&csk_c.wpk);
|
|
|
|
let b0 = Fr::from_str(csk_c.balance.to_string().as_str()).unwrap();
|
|
|
|
// collect secrets
|
|
|
|
let mut x: Vec<Fr> = Vec::new();
|
2018-06-09 00:14:50 -07:00
|
|
|
x.push(t_c.w_com.r); // set randomness used to generate commitment
|
2018-06-08 18:20:15 -07:00
|
|
|
x.push(csk_c.cid);
|
|
|
|
x.push(h_wpk);
|
|
|
|
x.push(b0);
|
2018-06-12 11:30:24 -07:00
|
|
|
println!("establish_customer_phase1 - secrets for original wallet");
|
|
|
|
print_secret_vector(&x);
|
2018-06-08 18:20:15 -07:00
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
// generate proof of knowledge for committed values
|
2018-06-08 18:20:15 -07:00
|
|
|
let proof_1 = clsigs::bs_gen_nizk_proof(&x, &pub_bases, t_c.w_com.c);
|
|
|
|
return proof_1;
|
2018-04-08 00:46:17 -07:00
|
|
|
}
|
|
|
|
|
2018-06-09 23:00:01 -07:00
|
|
|
// the merchant calls this method after obtaining proof from the customer
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn establish_merchant_phase2(pp: &PublicParams, state: &mut ChannelState, m_data: &InitMerchantData,
|
2018-06-09 23:00:01 -07:00
|
|
|
proof: &clsigs::ProofCV) -> clsigs::SignatureD {
|
2018-06-09 00:14:50 -07:00
|
|
|
// verifies proof and produces
|
|
|
|
let wallet_sig = clsigs::bs_gen_signature(&pp.cl_mpk, &m_data.csk.sk, &proof);
|
2018-06-11 00:31:27 -07:00
|
|
|
state.channel_established = true;
|
2018-06-09 00:14:50 -07:00
|
|
|
return wallet_sig;
|
|
|
|
}
|
2018-03-25 20:20:05 -07:00
|
|
|
|
2018-06-11 11:05:24 -07:00
|
|
|
pub fn establish_customer_phase3(pp: &PublicParams, sig: clsigs::SignatureD, pk_m: &clsigs::PublicKeyD, w: &mut CustomerWallet) -> bool {
|
2018-06-09 23:00:01 -07:00
|
|
|
if w.signature.is_none() {
|
2018-06-11 11:05:24 -07:00
|
|
|
let mut x: Vec<Fr> = Vec::new();
|
|
|
|
x.push(w.r.clone());
|
|
|
|
x.push(w.cid.clone());
|
|
|
|
x.push(hashPubKeyToFr(&w.wpk));
|
|
|
|
x.push(Fr::from_str(w.balance.to_string().as_str()).unwrap());
|
|
|
|
|
|
|
|
println!("establish_customer_phase3 - Print secrets");
|
2018-06-12 11:30:24 -07:00
|
|
|
print_secret_vector(&x);
|
|
|
|
|
2018-06-11 11:05:24 -07:00
|
|
|
assert!(clsigs::verifyD(&pp.cl_mpk, &pk_m, &x, &sig));
|
2018-06-09 23:00:01 -07:00
|
|
|
w.signature = Some(sig);
|
2018-06-09 00:14:50 -07:00
|
|
|
return true;
|
|
|
|
}
|
2018-06-11 00:31:27 -07:00
|
|
|
// must be an old wallet
|
2018-06-09 00:14:50 -07:00
|
|
|
return false;
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
2018-06-11 00:31:27 -07:00
|
|
|
///// end of establish channel protocol
|
2018-03-25 20:20:05 -07:00
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
///// begin of pay protocol
|
2018-06-12 11:30:24 -07:00
|
|
|
pub fn payment_by_customer_phase1(pp: &PublicParams, T: &ChannelToken, pk_m: &clsigs::PublicKeyD,
|
2018-06-11 00:31:27 -07:00
|
|
|
old_w: &CustomerWallet, balance_increment: i32) -> PaymentProof {
|
2018-06-05 10:26:16 -07:00
|
|
|
println!("Run pay algorithm by Customer - phase 1.");
|
2018-06-11 00:31:27 -07:00
|
|
|
// get balance, keypair, commitment randomness and wallet sig
|
|
|
|
let rng = &mut rand::thread_rng();
|
|
|
|
|
|
|
|
let B = old_w.balance;
|
|
|
|
let old_wpk = &old_w.wpk;
|
|
|
|
let old_wsk = &old_w.wsk;
|
|
|
|
let old_r = &old_w.r;
|
|
|
|
let old_wallet_sig = &old_w.signature;
|
2018-06-12 11:30:24 -07:00
|
|
|
//let pk = &T.pk;
|
2018-06-11 00:31:27 -07:00
|
|
|
|
|
|
|
// generate new keypair
|
|
|
|
let mut schnorr = secp256k1::Secp256k1::new();
|
|
|
|
schnorr.randomize(rng);
|
|
|
|
let (wsk, wpk) = schnorr.generate_keypair(rng).unwrap();
|
|
|
|
let h_wpk = hashPubKeyToFr(&wpk);
|
|
|
|
|
|
|
|
// new sample randomness r'
|
|
|
|
let r = Fr::random(rng);
|
|
|
|
|
2018-06-12 11:30:24 -07:00
|
|
|
// let g2 = pp.cl_mpk.g2.clone();
|
|
|
|
// let bases = pk.Z2.clone();
|
|
|
|
// let cm_csp = commit_scheme::setup(pp.l, bases, g2);
|
|
|
|
// retrieve the commitment scheme parameters based on merchant's PK
|
|
|
|
let cm_csp = generate_commit_setup(&pp, &pk_m);
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
let cid = old_w.cid.clone();
|
2018-06-11 11:05:24 -07:00
|
|
|
// retrieve old balance
|
|
|
|
let old_balance = Fr::from_str(B.to_string().as_str()).unwrap();
|
|
|
|
// convert balance into Fr (B - e)
|
2018-06-11 00:31:27 -07:00
|
|
|
let new_balance = Fr::from_str((B - balance_increment).to_string().as_str()).unwrap();
|
|
|
|
|
|
|
|
let mut x: Vec<Fr> = Vec::new();
|
|
|
|
x.push(r); // set randomness for commitment
|
|
|
|
x.push(cid);
|
|
|
|
x.push(h_wpk);
|
|
|
|
x.push(new_balance);
|
|
|
|
|
|
|
|
let w_com = commit_scheme::commit(&cm_csp, &x, r);
|
2018-06-09 00:14:50 -07:00
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
// generate proof of knowledge for committed values
|
2018-06-12 11:30:24 -07:00
|
|
|
// let mut pub_bases = pk.Z2.clone();
|
|
|
|
// pub_bases.insert(0, g2);
|
|
|
|
let proof_cv = clsigs::bs_gen_nizk_proof(&x, &cm_csp.pub_bases, w_com.c);
|
2018-06-11 00:31:27 -07:00
|
|
|
|
2018-06-12 11:30:24 -07:00
|
|
|
// generate proof of knowledge of valid signature on previous wallet signature
|
2018-06-11 00:31:27 -07:00
|
|
|
let wallet_sig = old_wallet_sig.clone().unwrap();
|
2018-06-12 11:30:24 -07:00
|
|
|
|
2018-06-11 11:05:24 -07:00
|
|
|
let old_h_wpk = hashPubKeyToFr(&old_wpk);
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
// added the blinding factor to list of secrets
|
2018-06-11 11:05:24 -07:00
|
|
|
let mut old_x: Vec<Fr> = Vec::new();
|
2018-06-12 11:30:24 -07:00
|
|
|
old_x.push(old_r.clone()); // set randomness for commitment
|
|
|
|
old_x.push(cid);
|
|
|
|
old_x.push(old_h_wpk);
|
|
|
|
old_x.push(old_balance);
|
2018-06-11 11:05:24 -07:00
|
|
|
|
2018-06-12 11:30:24 -07:00
|
|
|
let blind_sigs = clsigs::prover_generate_blinded_sig(&wallet_sig);
|
|
|
|
let common_params = clsigs::gen_common_params(&pp.cl_mpk, &pk_m, &wallet_sig);
|
|
|
|
|
|
|
|
//println!("payment_by_customer_phase1 - secrets for old wallet");
|
|
|
|
//print_secret_vector(&old_x);
|
|
|
|
|
|
|
|
let proof_vs = clsigs::vs_gen_nizk_proof(&old_x, &common_params, common_params.vs);
|
2018-06-11 00:31:27 -07:00
|
|
|
//clsigs::vs_verify_blind_sig(&pp.cl_mpk, &pk, &proof_vs, &blind_sigs);
|
2018-06-11 11:05:24 -07:00
|
|
|
return PaymentProof { proof2a: proof_cv, // proof of knowledge for committed values
|
|
|
|
proof2b: proof_vs, // proof of knowledge of signature on old wallet
|
2018-06-12 11:30:24 -07:00
|
|
|
balance: balance_increment, // epsilon - increment/decrement
|
|
|
|
wpk: old_wpk.clone(), // showing public key for old wallet
|
|
|
|
wallet_sig: blind_sigs // blinded signature for old wallet
|
|
|
|
};
|
2018-06-05 10:26:16 -07:00
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn payment_by_merchant_phase2(pp: &PublicParams, proof: &PaymentProof, m_data: &InitMerchantData) {
|
2018-06-09 00:14:50 -07:00
|
|
|
println!("Run pay algorithm by Merchant - phase 2");
|
2018-06-11 00:31:27 -07:00
|
|
|
let blind_sigs = &proof.wallet_sig;
|
2018-06-12 11:30:24 -07:00
|
|
|
let proof_cv = &proof.proof2a;
|
2018-06-11 00:31:27 -07:00
|
|
|
let proof_vs = &proof.proof2b;
|
2018-06-12 11:30:24 -07:00
|
|
|
let pk_m = &m_data.T;
|
|
|
|
let proof_vs_valid = clsigs::vs_verify_blind_sig(&pp.cl_mpk, &pk_m, &proof_vs, &blind_sigs);
|
|
|
|
if proof_vs_valid {
|
2018-06-11 00:31:27 -07:00
|
|
|
println!("Yay! Proof of knowledge of signature is valid!");
|
|
|
|
} else {
|
|
|
|
println!("FAILURE! Something is still wrong!");
|
|
|
|
}
|
2018-06-12 11:30:24 -07:00
|
|
|
|
|
|
|
// verify the proof of knowledgefor committed values in new wallet
|
|
|
|
let new_wallet_proof_cm_values = clsigs::bs_verify_nizk_proof(&proof_cv);
|
|
|
|
if new_wallet_proof_cm_values {
|
|
|
|
println!("Yay! Proof of knowledge of commitment on new wallet is valid");
|
|
|
|
}
|
|
|
|
|
|
|
|
// generate signature for new wallet with updated balance
|
|
|
|
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|
2018-06-11 00:31:27 -07:00
|
|
|
///// end of pay protocol
|
2018-03-25 20:20:05 -07:00
|
|
|
|
2018-06-09 23:00:01 -07:00
|
|
|
// for customer => on input a wallet w, it outputs a customer channel closure message rc_c
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn customer_refund<'a>(pp: &PublicParams, state: &ChannelState, m_data: &InitMerchantData,
|
2018-06-09 23:00:01 -07:00
|
|
|
c_data: &InitCustomerData, w: &'a CustomerWallet) -> ChannelClosure_C<'a> {
|
|
|
|
println!("Run Refund...");
|
2018-06-11 00:31:27 -07:00
|
|
|
let m;
|
2018-06-09 23:00:01 -07:00
|
|
|
let balance = w.balance as usize;
|
2018-06-11 00:31:27 -07:00
|
|
|
if !state.pay_init {
|
2018-06-09 23:00:01 -07:00
|
|
|
// pay protocol not invoked so take the balane
|
2018-06-11 00:31:27 -07:00
|
|
|
m = RefundMessage::new("refundUnsigned", state.cid, w.wpk, balance, Some(&w.r), None);
|
|
|
|
} else {
|
2018-06-09 23:00:01 -07:00
|
|
|
//let rng = &mut rand::thread_rng();
|
2018-06-11 00:31:27 -07:00
|
|
|
// let rt // TODO: replace with rt_w signature from pay protocol
|
|
|
|
// if channel has already been activated, then take unspent funds
|
|
|
|
m = RefundMessage::new("refundToken", state.cid, w.wpk, balance, None, None);
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
// generate signature on the balance/channel id, etc to obtain funds back
|
|
|
|
let m_vec = m.hash();
|
2018-06-11 11:05:24 -07:00
|
|
|
let sigma = clsigs::signD(&pp.cl_mpk, &w.sk, &m_vec);
|
2018-06-09 23:00:01 -07:00
|
|
|
return ChannelClosure_C { message: m, signature: sigma };
|
|
|
|
}
|
|
|
|
|
|
|
|
fn exist_in_merchant_state(s: &ChannelState, wpk: &secp256k1::PublicKey, sig_rev: &clsigs::SignatureD) -> bool {
|
|
|
|
// TODO: check the database for the fingerprint for the wpk + sig?
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
fn update_merchant_state(s: &mut ChannelState, wpk: &secp256k1::PublicKey) -> bool {
|
|
|
|
// TODO: implement this method to update channel state db with current public key hash?
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// for merchant => on input the merchant's current state S_old and a customer channel closure message,
|
|
|
|
// outputs a merchant channel closure message rc_m and updated merchant state S_new
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn merchant_refute<'a>(pp: &PublicParams, T_c: &ChannelToken, m_data: &InitMerchantData,
|
2018-06-09 23:00:01 -07:00
|
|
|
state: &mut ChannelState, rc_c: ChannelClosure_C<'a>) -> Option<ChannelClosure_M<'a>> {
|
|
|
|
println!("Run Refute...");
|
|
|
|
|
|
|
|
let is_valid = clsigs::verifyD(&pp.cl_mpk, &T_c.pk, &rc_c.message.hash(), &rc_c.signature);
|
|
|
|
if is_valid {
|
|
|
|
let wpk = rc_c.message.wpk;
|
|
|
|
let sig_rev = rc_c.signature; // TODO: change to \sigma_rev
|
|
|
|
let balance = rc_c.message.balance;
|
|
|
|
if exist_in_merchant_state(&state, &wpk, &sig_rev) {
|
2018-06-11 00:31:27 -07:00
|
|
|
let rm = RevokedMessage::new("revoked", wpk, sig_rev);
|
|
|
|
// sign the revoked message
|
2018-06-11 11:05:24 -07:00
|
|
|
let signature = clsigs::signD(&pp.cl_mpk, &m_data.csk.sk, &rm.hash());
|
2018-06-09 23:00:01 -07:00
|
|
|
return Some(ChannelClosure_M { message: rm, signature: signature });
|
|
|
|
} else {
|
|
|
|
// update state to include the user's wallet key
|
|
|
|
assert!(update_merchant_state(state, &wpk));
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
panic!("Signature on customer closure message is invalid!");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// on input th ecustmomer and merchant channel tokens T_c, T_m
|
|
|
|
// along with closure messages rc_c, rc_m
|
2018-06-11 00:31:27 -07:00
|
|
|
pub fn resolve<'a>(pp: &PublicParams, c: &InitCustomerData, m: &InitMerchantData, // cust and merch
|
2018-06-09 23:00:01 -07:00
|
|
|
rc_c: Option<ChannelClosure_C<'a>>, rc_m: Option<ChannelClosure_M<'a>>) -> (i32, i32) {
|
|
|
|
println!("Run Resolve...");
|
2018-06-11 00:31:27 -07:00
|
|
|
let total_balance = c.csk.balance + m.csk.balance;
|
2018-06-09 23:00:01 -07:00
|
|
|
if (rc_c.is_none() && rc_m.is_none()) {
|
2018-06-11 00:31:27 -07:00
|
|
|
panic!("resolve - Did not specify channel closure messages for either customer or merchant!");
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
if rc_c.is_none() {
|
2018-06-11 00:31:27 -07:00
|
|
|
// customer did not specify channel closure message
|
|
|
|
return (0, total_balance);
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
// TODO: use matching instead
|
|
|
|
// match rc_c.unwrap() {
|
|
|
|
// Some(v) => foo,
|
|
|
|
// _ => return (0, 0);
|
|
|
|
// }
|
2018-06-09 23:00:01 -07:00
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
let pk_c = &c.T.pk;
|
2018-06-09 23:00:01 -07:00
|
|
|
let pk_m = &m.T;
|
|
|
|
|
|
|
|
let rc_cust = rc_c.unwrap();
|
2018-06-11 00:31:27 -07:00
|
|
|
let rcc_valid = clsigs::verifyD(&pp.cl_mpk, &pk_c, &rc_cust.message.hash(), &rc_cust.signature);
|
|
|
|
if !rcc_valid {
|
|
|
|
panic!("resolve - rc_c signature is invalid!");
|
|
|
|
}
|
|
|
|
let msg = &rc_cust.message;
|
|
|
|
let w_com = &c.T.w_com;
|
|
|
|
|
|
|
|
if msg.msgtype == "refundUnsigned" {
|
|
|
|
// assert the validity of the w_com
|
|
|
|
let bases = c.bases.clone();
|
|
|
|
let g2 = pp.cl_mpk.g2.clone();
|
|
|
|
let cm_csp = commit_scheme::setup(pp.l, bases, g2);
|
|
|
|
let h_wpk = hashPubKeyToFr(&c.csk.wpk);
|
|
|
|
// convert balance into Fr
|
|
|
|
let balance = Fr::from_str(c.csk.balance.to_string().as_str()).unwrap();
|
|
|
|
|
|
|
|
let mut x: Vec<Fr> = Vec::new();
|
|
|
|
x.push(w_com.r); // Token if decommit is valid
|
|
|
|
x.push(c.csk.cid);
|
|
|
|
x.push(h_wpk);
|
|
|
|
x.push(balance);
|
|
|
|
|
|
|
|
// check that w_com is a valid commitment
|
|
|
|
if !commit_scheme::decommit(&cm_csp, &w_com, &x) {
|
|
|
|
// if this fails, then customer gets 0 and merchant gets full channel balance
|
|
|
|
return (0, total_balance);
|
|
|
|
}
|
|
|
|
} else if msg.msgtype == "refundToken" {
|
|
|
|
// TODO: check that rt_w is a valid refund token on wpk and balance
|
|
|
|
let rt_w = &rc_cust.signature; // TODO: replace with real rt_w
|
|
|
|
let rt_valid = clsigs::verifyD(&pp.cl_mpk, &pk_c, &msg.hash(), &rt_w);
|
|
|
|
if !rt_valid {
|
|
|
|
// refund token signature not valid, so pay full channel balance to merchant
|
|
|
|
return (0, total_balance)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if !rc_m.is_none() {
|
|
|
|
let rc_merch = rc_m.unwrap();
|
|
|
|
let refute_valid = clsigs::verifyD(&pp.cl_mpk, &pk_m, &rc_merch.message.hash(), &rc_merch.signature);
|
|
|
|
if !refute_valid {
|
|
|
|
// refutation si invalid, so return customer balance and merchant balanace - claimed value
|
|
|
|
let claimed_value = 0; // TODO: figure out where this value comes from
|
|
|
|
return (c.csk.balance, m.csk.balance - claimed_value); // TODO: ensure merchant balance > 0
|
|
|
|
} else {
|
|
|
|
// if refutation is valid
|
|
|
|
return (0, total_balance);
|
|
|
|
}
|
|
|
|
}
|
2018-06-09 23:00:01 -07:00
|
|
|
|
2018-06-11 00:31:27 -07:00
|
|
|
panic!("resolve - Did not specify channel closure messages for either customer or merchant!");
|
2018-06-09 23:00:01 -07:00
|
|
|
}
|
2018-03-25 20:20:05 -07:00
|
|
|
}
|