diff --git a/src/nizk.rs b/src/nizk.rs index f70572b..cbe3d89 100644 --- a/src/nizk.rs +++ b/src/nizk.rs @@ -19,7 +19,7 @@ struct Proof { z: Vec, } -fn prove(rng: &mut R, comParams: &CSMultiParams, com1: &Commitment, com2: &Commitment, oldWallet: Vec, r: E::Fr, +fn prove(rng: &mut R, comParams: &CSMultiParams, com1: &Commitment, r: E::Fr, newWallet: Vec, rPrime: E::Fr, paymentToken: &Signature, mpk: &PublicParams, kp: &BlindKeyPair) -> Proof { //Commitment phase @@ -71,7 +71,7 @@ fn prove(rng: &mut R, comParams: &CSMultiParams, com1: &Co } fn verify(proof: Proof, epsilon: E::Fr, com1: &Commitment, com2: &Commitment, - paymentToken: &Signature, wpk: E::Fr, comParams: &CSMultiParams, mpk: &PublicParams, pk: &BlindPublicKey) -> bool { + wpk: E::Fr, comParams: &CSMultiParams, mpk: &PublicParams, pk: &BlindPublicKey) -> bool { let challenge = hash::(proof.sigProof.a, proof.T, proof.D); let mut gWpk = comParams.pub_bases[2].clone(); @@ -154,8 +154,55 @@ mod tests { let keypair = BlindKeyPair::::generate(rng, &mpk, 1); let payment_token = keypair.sign(rng, &vec! {hash_g2_to_fr::(&commitment1.c)}); - let proof = prove(rng, &comParams, &commitment1, &commitment2, wallet1, r, wallet2, rprime, &payment_token, &mpk, &keypair); + let proof = prove(rng, &comParams, &commitment1, r, wallet2, rprime, &payment_token, &mpk, &keypair); + + assert_eq!(verify(proof, *epsilon, &commitment1, &commitment2, wpk, &comParams, &mpk, &keypair.public), true); + } + + #[test] + fn nizk_proof_false_statements() { + let rng = &mut rand::thread_rng(); + let pkc = Fr::rand(rng); + let wpk = Fr::rand(rng); + let wpkprime = Fr::rand(rng); + let bc = Fr::rand(rng); + let mut bc2 = bc.clone(); + let bm = Fr::rand(rng); + let mut bm2 = bm.clone(); + let epsilon = &Fr::rand(rng); + bc2.sub_assign(epsilon); + bm2.add_assign(epsilon); + let r = Fr::rand(rng); + let rprime = Fr::rand(rng); + + let comParams = CSMultiParams::::setup_gen_params(rng, 5); + let wallet1 = vec! {r, pkc, wpk, bc, bm}; + let wallet2 = vec! {rprime, pkc, wpkprime, bc2, bm2}; + let mpk = setup(rng); + let keypair = BlindKeyPair::::generate(rng, &mpk, 1); + + let mut bc2Prime = bc.clone(); + let wallet3 = vec! {rprime, pkc, wpkprime, bc2Prime, bm2}; + let commitment1 = comParams.commit(rng, &wallet1, &r); + let commitment2 = comParams.commit(rng, &wallet3, &rprime); + let payment_token = keypair.sign(rng, &vec! {hash_g2_to_fr::(&commitment1.c)}); + let proof = prove(rng, &comParams, &commitment1, r, wallet3, rprime, &payment_token, &mpk, &keypair); + assert_eq!(verify(proof, *epsilon, &commitment1, &commitment2, wpk, &comParams, &mpk, &keypair.public), false); + + let mut bm2Prime = bm.clone(); + let wallet4 = vec! {rprime, pkc, wpkprime, bc2, bm2Prime}; + let commitment1 = comParams.commit(rng, &wallet1, &r); + let commitment2 = comParams.commit(rng, &wallet4, &rprime); + let payment_token = keypair.sign(rng, &vec! {hash_g2_to_fr::(&commitment1.c)}); + let proof = prove(rng, &comParams, &commitment1, r, wallet4, rprime, &payment_token, &mpk, &keypair); + assert_eq!(verify(proof, *epsilon, &commitment1, &commitment2, wpk, &comParams, &mpk, &keypair.public), false); + + let wallet5 = vec! {rprime, Fr::rand(rng), wpkprime, bc2, bm2}; + let commitment1 = comParams.commit(rng, &wallet1, &r); + let commitment2 = comParams.commit(rng, &wallet5, &rprime); + let payment_token = keypair.sign(rng, &vec! {hash_g2_to_fr::(&commitment1.c)}); + let proof = prove(rng, &comParams, &commitment1, r, wallet5, rprime, &payment_token, &mpk, &keypair); + assert_eq!(verify(proof, *epsilon, &commitment1, &commitment2, wpk, &comParams, &mpk, &keypair.public), false); - assert_eq!(verify(proof, *epsilon, &commitment1, &commitment2, &payment_token, wpk, &comParams, &mpk, &keypair.public), true); } } \ No newline at end of file