zecfoundation
/
libbolt
mirror of https://github.com/ZcashFoundation/libbolt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nizk: add proof of knowledge of committed values

This commit is contained in:
Gijs Van Laer 2019-07-05 16:57:30 -04:00
parent 074d5aa1ae
commit 30f9916a42
1 changed files with 43 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/nizk.rs
View File

@ -15,12 +15,14 @@ struct Proof<E: Engine> {
sig: Signature<E>,
sigProof: SignatureProof<E>,
T: E::G2,
D: E::G2,
z: Vec<E::Fr>,
}
fn prove<R: Rng, E: Engine>(rng: &mut R, comParams: &CSMultiParams<E>, com1: &Commitment<E>, com2: &Commitment<E>, oldWallet: Vec<E::Fr>, r: E::Fr,
newWallet: Vec<E::Fr>, rPrime: E::Fr, paymentToken: &Signature<E>,
mpk: &PublicParams<E>, kp: &BlindKeyPair<E>) -> Proof<E> {
//Commitment phase
let mut T = comParams.pub_bases[2].clone();
let t1 = E::Fr::rand(rng);
T.mul_assign(t1);
@ -29,23 +31,48 @@ fn prove<R: Rng, E: Engine>(rng: &mut R, comParams: &CSMultiParams<E>, com1: &Co
h.mul_assign(t2);
T.add_assign(&h);
let proofState = kp.prove_commitment(rng, &mpk, &paymentToken);
let challenge = hash::<E>(proofState.a, T);
let mut D = E::G2::zero();
let mut t = Vec::<E::Fr>::with_capacity(comParams.pub_bases.len() - 1);
for g in comParams.pub_bases.clone() {
let ti = E::Fr::rand(rng);
t.push(ti);
let mut gt = g.clone();
gt.mul_assign(ti.into_repr());
D.add_assign(&gt);
}
//Compute challenge
let challenge = hash::<E>(proofState.a, T, D);
//Response phase
let sigProof = kp.prove_response(&proofState, challenge, &mut vec! {hash_g2_to_fr::<E>(&com1.c)});
let mut z = Vec::<E::Fr>::with_capacity(t.len() + 2);
let mut z1 = newWallet[2].clone();
z1.negate();
z1.mul_assign(&challenge);
z1.add_assign(&t1);
z.push(z1);
let mut z2 = r.clone();
z2.sub_assign(&rPrime.clone());
z2.mul_assign(&challenge);
z2.add_assign(&t2);
Proof { sig: proofState.blindSig, sigProof, T, z: vec! {z1, z2} }
z.push(z2);
for i in 0..t.len() {
let mut zi = newWallet[i].clone();
zi.mul_assign(&challenge);
zi.add_assign(&t[i]);
z.push(zi);
}
Proof { sig: proofState.blindSig, sigProof, T, D, z }
}
fn verify<E: Engine>(proof: Proof<E>, epsilon: E::Fr, com1: &Commitment<E>, com2: &Commitment<E>,
paymentToken: &Signature<E>, wpk: E::Fr, comParams: &CSMultiParams<E>, mpk: &PublicParams<E>, pk: &BlindPublicKey<E>) -> bool {
let challenge = hash::<E>(proof.sigProof.a, proof.T);
let challenge = hash::<E>(proof.sigProof.a, proof.T, proof.D);
let mut gWpk = comParams.pub_bases[2].clone();
let mut minWpk = wpk.clone();
@ -75,13 +102,24 @@ fn verify<E: Engine>(proof: Proof<E>, epsilon: E::Fr, com1: &Commitment<E>, com2
let r = pk.verify_proof(&mpk, proof.sig, proof.sigProof, challenge);
r && commitment == g2
let mut comc = com2.c.clone();
comc.mul_assign(challenge.into_repr());
comc.add_assign(&proof.D.clone());
let mut x = E::G2::zero();
for i in 2..proof.z.len() {
let mut base = comParams.pub_bases[i - 2].clone();
base.mul_assign(proof.z[i].into_repr());
x.add_assign(&base);
}
r && commitment == g2 && x == comc
}
fn hash<E: Engine>(a: E::Fqk, T: E::G2) -> E::Fr {
fn hash<E: Engine>(a: E::Fqk, T: E::G2, D: E::G2) -> E::Fr {
let mut x_vec: Vec<u8> = Vec::new();
x_vec.extend(format!("{}", a).bytes());
x_vec.extend(format!("{}", T).bytes());
x_vec.extend(format!("{}", D).bytes());
util::hash_to_fr::<E>(x_vec)
}