zecfoundation
/
libbolt
mirror of https://github.com/ZcashFoundation/libbolt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

several improvements to libbolt

This commit is contained in:
J. Ayo Akinyele 2018-06-05 13:26:16 -04:00
parent 703946362a
commit 364794f2c6
6 changed files with 175 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Cargo.toml
View File

@ -12,10 +12,11 @@ license = "MIT License"
[dependencies]
bn = "0.4.3"
rand = "~0.3.14"
bincode = "0.5.9"
bincode = "0.6.1"
sodiumoxide = "0.0.16"
serde = "1.0"
serde_derive = "1.0"
time = "*"
[dev-dependencies.bincode]
version = "~0.6.0"

5
Makefile
View File

@ -1,9 +1,12 @@
.PHONY: all test doc clean
.PHONY: all bench test doc clean
all:
cargo build
cargo run
bench:
cargo bench
test:
# runs the unit test suite
cargo test

36
bin/bolt.rs
View File

@ -5,6 +5,7 @@ extern crate bincode;
#[macro_use]
extern crate serde_derive;
extern crate serde;
extern crate time;
use std::fmt;
use bn::{Group, Fr, G1, G2, pairing};
@ -16,6 +17,7 @@ use libbolt::sym;
use libbolt::ote;
use libbolt::clsigs;
use libbolt::commit_scheme;
use time::PreciseTime;
#[doc(hidden)]
#[macro_export]
@ -338,6 +340,40 @@ fn main() {
assert!(m.m1 == orig_m.m1 && m.m2 == orig_m.m2);
println!("OTE scheme works as expected!");
// Test the CL sigs
// CL sig tests
let mpk = clsigs::setupD();
let l = 3;
let keypair = clsigs::keygenD(&mpk, l);
//println!("{}", keypair.pk);
// let msg1 = libbolt::RefundMessage::new(alice_sk, 10).hash(); // TODO: add ck (l-bit key)
// let msg2 = libbolt::RefundMessage::new(alice_sk, 11).hash(); // TODO: add ck (l-bit key)
let mut m1 : Vec<Fr> = Vec::new();
let mut m2 : Vec<Fr> = Vec::new();
let mut m3 : Vec<Fr> = Vec::new();
for i in 0 .. l+1 {
m1.push(Fr::random(rng));
m2.push(Fr::random(rng));
m3.push(Fr::random(rng));
}
let signature = clsigs::signD(&keypair.sk, &m1);
//println!("{}", signature);
let start1 = PreciseTime::now();
assert!(clsigs::verifyD(&mpk, &keypair.pk, &m1, &signature) == true);
let end1 = PreciseTime::now();
assert!(clsigs::verifyD(&mpk, &keypair.pk, &m2, &signature) == false);
let end2 = PreciseTime::now();
// assert!(clsigs::verifyD(&mpk, &keypair.pk, &m1, &signature) == true);
// assert!(clsigs::verifyD(&mpk, &keypair.pk, &m3, &signature) == false);
println!("CL signatures verified!");
println!("{} seconds for verifying valid signatures.", start1.to(end1));
println!("{} seconds for verifying invalid signatures.", end1.to(end2));
// let rng = &mut rand::thread_rng();
// let G = G1::random(rng); // &dalek_constants::RISTRETTO_BASEPOINT_POINT;
// let H = G1::random(rng); // RistrettoPoint::hash_from_bytes::<Sha256>(G.compress().as_bytes());

81
src/clsigs.rs
View File

@ -4,7 +4,7 @@ use std::fmt;
use std::str;
//use std::default;
use rand;
use bn::{Group, Fr, G1, G2, pairing};
use bn::{Group, Fr, G1, G2, Gt, pairing};
//use debug_elem_in_hex;
use bincode::SizeLimit::Infinite;
use bincode::rustc_serialize::encode;
@ -55,11 +55,13 @@ impl SecretKey {
}
}
#[derive(Clone)]
pub struct KeyPair {
pub sk: SecretKey,
pub pk: PublicKey
}
pub struct Signature {
a: G2,
b: G2,
@ -140,7 +142,7 @@ pub fn verify_A(mpk: &PublicParams, pk: &PublicKey, m: Fr, sig: &Signature) -> b
//}
// scheme D - for a vector of messages
#[derive(Copy, Clone)]
#[derive(Clone)]
pub struct PublicKeyD {
X: G1,
Y: G1,
@ -148,14 +150,20 @@ pub struct PublicKeyD {
W: Vec<G1>
}
#[derive(Copy, Clone)]
#[derive(Clone)]
pub struct SecretKeyD {
x: Fr,
y: Fr,
z: Vec<Fr>
}
#[derive(Copy, Clone)]
#[derive(Clone)]
pub struct KeyPairD {
pub sk: SecretKeyD,
pub pk: PublicKeyD
}
#[derive(Clone)]
pub struct SignatureD {
a: G2,
A: Vec<G2>,
@ -172,7 +180,7 @@ pub fn setupD() -> PublicParams {
return mpk;
}
pub fn keygenD(mpk : &PublicParams, l: i32) -> KeyPair {
pub fn keygenD(mpk : &PublicParams, l: i32) -> KeyPairD {
let rng = &mut rand::thread_rng();
let x = Fr::random(rng);
let y = Fr::random(rng);
@ -182,7 +190,7 @@ pub fn keygenD(mpk : &PublicParams, l: i32) -> KeyPair {
let mut Z: Vec<G1> = Vec::new();
let mut W: Vec<G1> = Vec::new();
// generate the vector ck of sym keys
for i in 1 .. l {
for i in 0 .. l {
let _z = Fr::random(rng);
let _Z = mpk.g * _z;
let _W = Y * _z;
@ -196,8 +204,8 @@ pub fn keygenD(mpk : &PublicParams, l: i32) -> KeyPair {
return KeyPairD { sk: sk, pk: pk }
}
pub fn signD(sk: &SecretKeyD, m: Vec<Fr>) -> Signature {
assert_eq!(m.len(), sk.z.len());
pub fn signD(sk: &SecretKeyD, m: &Vec<Fr>) -> SignatureD {
assert_eq!(m.len(), sk.z.len()+1);
let l = m.len();
let rng = &mut rand::thread_rng();
@ -207,45 +215,54 @@ pub fn signD(sk: &SecretKeyD, m: Vec<Fr>) -> Signature {
let mut B: Vec<G2> = Vec::new();
let mut c = (a * (sk.x + (m[0] * sk.x * sk.y)));
for i in 1 .. l {
let _A = a * z[i];
for i in 0 .. l-1 {
let _A = a * sk.z[i];
let _B = _A * sk.y;
A.push(_A);
B.push(_B);
c = c + (_A * (m[i] * sk.x * sk.y));
c = c + (_A * (m[i+1] * sk.x * sk.y));
}
let sig = SignatureD { a: a, A: A, b: b, B: B, c: c };
// Ok(sig);
return sig;
}
pub fn verifyD(mpk: &PublicParams, pk: &PublicKeyD, m: Vec<Fr>, sig: &SignatureD) -> bool {
assert_eq!(m.len(), sig.A.len());
assert_eq!(m.len(), sig.B.len());
pub fn verifyD(mpk: &PublicParams, pk: &PublicKeyD, m: &Vec<Fr>, sig: &SignatureD) -> bool {
assert_eq!(m.len(), sig.A.len()+1);
assert_eq!(m.len(), sig.B.len()+1);
let l = m.len();
let lhs1 = pairing(pk.Z, sig.a);
let rhs1 = pairing(mpk.g, sig.b);
let lhs2a = pairing(pk.Y, a);
// lhs2a and rhs2a checks that sig.b was formed correctly
let lhs2a = pairing(pk.Y, sig.a);
let rhs2a = pairing(mpk.g, sig.b);
let mut result1 = true;
let mut result2b = true;
for i in 1 .. l {
// lhs3 and rhs3 checks that sig.c was formed correctly
let mut lhs3 = pairing(pk.X, sig.a) * pairing(pk.X, sig.b * m[0]);
let rhs3 = pairing(mpk.g, sig.c);
for i in 0 .. l-1 {
// checks that {sig.A}_i was formed correctly
let lhs1 = pairing(pk.Z[i], sig.a);
let rhs1 = pairing(mpk.g, sig.A[i]);
if (lhs1 != rhs1) {
result1 = false;
}
let lhs2b = pairing(pk.Y, sig.A[i]);
let rhs2b = pairing(mpk.g, sig.B[i]);
if lhs2b != rhs2b {
result2b = false;
}
lhs3 = lhs3 * pairing(pk.X, sig.B[i] * m[i+1]);
}
let mut lhs3 = pairing(pk.X, sig.a) * pairing(pk.X, sig.b * m[0]);
for i in 1 .. l {
lhs3 = lhs3 * pairing(pk.X, sig.B[i] * m[i]);
}
let rhs3 = pairing(mpk.g, sig.c);
return (lhs1 == rhs1) && (lhs2a == rhs2a) && (result2b == true) && (lhs3 == rhs3);
// let mut lhs3 = pairing(pk.X, sig.a) * pairing(pk.X, sig.b * m[0]);
// for i in 1 .. l {
// lhs3 = lhs3 * pairing(pk.X, sig.B[i] * m[i]);
// }
return (result1 == true) && (lhs2a == rhs2a) && (result2b == true) && (lhs3 == rhs3);
}
// NIZK protocol for proving knowledge of a signature
@ -261,7 +278,10 @@ pub fn prover_gen_blind(sig: &SignatureD) -> SignatureD {
let c = (sig.c * r) * rpr;
let mut A: Vec<G2> = Vec::new();
let mut B: Vec<G2> = Vec::new();
for i in 1 .. l {
assert!(sig.A.len() == sig.B.len());
let l = sig.A.len();
for i in 0 .. l {
A.push(sig.A[i] * r);
B.push(sig.B[i] * r);
}
@ -271,11 +291,14 @@ pub fn prover_gen_blind(sig: &SignatureD) -> SignatureD {
}
pub fn verify_proof_for_blind_sigs(mpk: &PublicParams, pk: &PublicKeyD, sig: &SignatureD) {
assert!(sig.A.len() == sig.B.len());
let l = sig.A.len();
let vx = pairing(pk.X, sig.a);
let vxy = pairing(pk.X, sig.b);
// generate vector
let mut vxyi: Vec<GT> = Vec::new();
for i in 1 .. l {
let mut vxyi: Vec<Gt> = Vec::new();
for i in 0 .. l {
vxyi.push(pairing(pk.X, sig.B[i]));
}
let vs = pairing(mpk.g, sig.c);

18
src/commit_scheme.rs
View File

@ -12,10 +12,10 @@ use sodiumoxide::crypto::hash::sha512;
// define some structures here
#[derive(Copy, Clone)]
pub struct PublicParams {
g1: G1,
g2: G1,
g3: G1,
h: G1
pub g1: G1,
pub g2: G1,
pub g3: G1,
pub h: G1
}
@ -135,11 +135,11 @@ pub fn setup() -> PublicParams {
let g4 = G1::random(rng);
let h = G1::random(rng);
let pp = PublicParams { g1: g1, g2: g2, g3: g3, h: h };
println!("{}", pp);
//println!("{}", pp);
return pp;
}
pub fn commit(pp: &PublicParams, channelId: Fr, wpk: G1, balance: u32, R: Option<Fr>) -> Commitment {
pub fn commit(pp: &PublicParams, channelId: Fr, wpk: Fr, balance: Fr, R: Option<Fr>) -> Commitment {
let rng = &mut rand::thread_rng();
let r = R.unwrap_or(Fr::random(rng));
@ -147,7 +147,7 @@ pub fn commit(pp: &PublicParams, channelId: Fr, wpk: G1, balance: u32, R: Option
let p = "commit -> cid";
debug_elem_in_hex(p, &channelId);
// c = g^m * h^r
let c = (pp.g1 * channelId) + (pp.g2 + wpk) + (pp.g3 * balance) + (pp.h * r);
let c = (pp.g1 * channelId) + (pp.g2 * wpk) + (pp.g3 * balance) + (pp.h * r);
// return (c, r) <- d=r
let commitment = Commitment { c: c, d: r };
@ -156,9 +156,9 @@ pub fn commit(pp: &PublicParams, channelId: Fr, wpk: G1, balance: u32, R: Option
return commitment;
}
pub fn decommit(pp: &PublicParams, cm: &Commitment, channelId: Fr, wpk: G1, balance: u32) -> bool {
pub fn decommit(pp: &PublicParams, cm: &Commitment, channelId: Fr, wpk: Fr, balance: Fr) -> bool {
let p = "decommit -> cid";
debug_elem_in_hex(p, &channelId);
let dm = (pp.g1 * channelId) + (pp.g2 + wpk) + (pp.g3 * balance) + (pp.h * cm.d);
let dm = (pp.g1 * channelId) + (pp.g2 * wpk) + (pp.g3 * balance) + (pp.h * cm.d);
return dm == cm.c;
}

110
src/lib.rs
View File

@ -6,7 +6,7 @@ extern crate sodiumoxide;
use std::fmt;
use std::str;
use std::default;
use bn::{Group, Fr, G1, G2, pairing};
use bn::{Group, Fr, G1, G2, Gt, pairing};
use bincode::SizeLimit::Infinite;
use bincode::rustc_serialize::{encode, decode};
use sodiumoxide::randombytes;
@ -494,11 +494,11 @@ pub struct SpendMessage<'a> {
s: G1,
u: G1,
pi: Proof,
ck: SymKey
ck: sym::SymKey
}
impl<'a> SpendMessage<'a> {
pub fn new(_j: i32, _s: G1, _u: G1, _pi: Proof, _ck: SymKey) -> SpendMessage<'a> {
pub fn new(_j: i32, _s: G1, _u: G1, _pi: Proof, _ck: sym::SymKey) -> SpendMessage<'a> {
SpendMessage {
prefix: "spend", j: _j, s: _s, u: _u, pi: _pi, ck: _ck,
}
@ -506,6 +506,8 @@ impl<'a> SpendMessage<'a> {
pub fn hash(&self) -> Fr {
// hash into a Fr element
let rng = &mut rand::thread_rng();
return Fr::random(rng);
}
}
@ -572,29 +574,52 @@ pub struct Proof {
s2: Fr
}
pub fn hash(g: &G1, h: &G1, X: &G1, Y: &G1, ) -> Fr {
pub fn hash(g: &G1, h: &G1, X: &G1, Y: &G1, T: &Gt) -> Fr {
let g_vec: Vec<u8> = encode(&g, Infinite).unwrap();
// TODO: fix this
return Fr::from_str("1234567890").unwrap();
}
pub fn create_nizk_proof_one(pp: &PublicParams, pk: &PublicKey, sk: &SecretKey) -> Proof {
let rng = &mut rand::thread_rng();
pub fn hashG1ToFr(x: &G1) -> Fr {
// TODO: change to serde (instead of rustc_serialize)
let x_vec: Vec<u8> = encode(&x, Infinite).unwrap();
let sha2_digest = sha512::hash(x_vec.as_slice());
let t1 = Fr::random(rng);
let t2 = Fr::random(rng);
let T = (pk.g * t1) + (pk.h * t2);
let c = hash(pp.g, pp.h, pk.X, pk.Y, T);
let s1 = (sk.x * c) + t1;
let s2 = (sk.y * c) + t2;
return Proof { T: T, c: c, s1: s1, s2: s2 };
let mut hash_buf: [u8; 64] = [0; 64];
hash_buf.copy_from_slice(&sha2_digest[0..64]);
return Fr::interpret(&hash_buf);
}
//pub fn hashStrToFr(x: &str) -> Fr {
// // TODO: change to serde (instead of rustc_serialize)
// let sha2_digest = sha512::hash(x.as_slice());
//
// let mut hash_buf: [u8; 64] = [0; 64];
// hash_buf.copy_from_slice(&sha2_digest[0..64]);
// return Fr::interpret(&hash_buf);
//}
//pub fn create_nizk_proof_one(pp: &PublicParams, pk: &clsigs::PublicKeyD, sk: &clsigs::SecretKeyD) -> Proof {
// let rng = &mut rand::thread_rng();
//
// let t1 = Fr::random(rng);
// let t2 = Fr::random(rng);
//
// let T = (pk.g * t1) + (pk.h * t2);
//
// let c = hash(pp.g, pp.h, pk.X, pk.Y, T);
//
// let s1 = (sk.x * c) + t1;
// let s2 = (sk.y * c) + t2;
//
// return Proof { T: T, c: c, s1: s1, s2: s2 };
//}
pub fn verify_nizk_proof_one(proof: &Proof) -> bool {
// how do we verify the proof?
return true;
}
////////////////////////////////// NIZKP //////////////////////////////////
@ -706,11 +731,12 @@ pub fn verify_nizk_proof_one(proof: &Proof) -> bool {
pub mod bidirectional {
use std::fmt;
use rand;
use bn::{Group, Fr};
use bn::{Group, Fr, G1};
use sym;
use commit_scheme;
use clsigs;
use Message;
use hashG1ToFr;
use sodiumoxide::randombytes;
pub struct PublicParams {
@ -722,22 +748,22 @@ pub mod bidirectional {
pub struct ChannelToken {
w_com: commit_scheme::Commitment,
pk: clsigs::PublicKey
pk: clsigs::PublicKeyD
}
pub struct CustSecretKey {
sk: clsigs::SecretKey, // the secret key for the signature scheme (Is it possible to make this a generic field?)
sk: clsigs::SecretKeyD, // the secret key for the signature scheme (Is it possible to make this a generic field?)
cid: Fr, // channel Id
wpk: G1, // signature verification key
wsk: Fr, // signature private key
r: Fr, // random coins for commitment scheme
balance: u32, // the balance for the user
balance: i32, // the balance for the user
ck_vec: Vec<sym::SymKey>
}
pub struct MerchSecretKey {
sk: clsigs::SecretKey,
balance: u32
sk: clsigs::SecretKeyD,
balance: i32
}
pub struct InitCustomerData {
@ -746,28 +772,28 @@ pub mod bidirectional {
}
pub struct InitMerchantData {
T: clsigs::PublicKey,
T: clsigs::PublicKeyD,
csk: MerchSecretKey
}
pub fn setup() -> PublicParams {
// TODO: provide option for generating CRS parameters
let cm_pp = commit_scheme::setup();
let cl_mpk = clsigs::setup();
let cl_mpk = clsigs::setupD();
let l = 256;
// let nizk = "nizk proof system";
let pp = PublicParams { cm_mpk: cm_pp, cl_mpk: cl_mpk, l_bits: l };
return pp;
}
pub fn keygen(pp: &PublicParams) -> clsigs::KeyPair {
pub fn keygen(pp: &PublicParams) -> clsigs::KeyPairD {
// TODO: figure out what we need from public params to generate keys
println!("Run Keygen...");
let keypair = clsigs::keygen(&pp.cl_mpk);
let keypair = clsigs::keygenD(&pp.cl_mpk, 3);
return keypair;
}
pub fn init_customer(pp: &PublicParams, channelId: Fr, b0_customer: u32, keypair: &clsigs::KeyPair) -> InitCustomerData {
pub fn init_customer(pp: &PublicParams, channelId: Fr, b0_customer: i32, keypair: &clsigs::KeyPairD) -> InitCustomerData {
println!("Run Init customer...");
sym::init();
let rng = &mut rand::thread_rng();
@ -776,6 +802,8 @@ pub mod bidirectional {
// keygen for wallet
let wsk = Fr::random(rng);
let wpk = pp.cm_mpk.g2 * wsk;
let h_wpk = hashG1ToFr(&wpk);
let b0 = Fr::from_str(b0_customer.to_string().as_str()).unwrap();
let r = Fr::random(rng);
//let msg = Message::new(keypair.sk, k1, k2, b0_customer).hash();
@ -785,21 +813,23 @@ pub mod bidirectional {
let ck = sym::keygen(l);
ck_vec.push(ck);
}
let w_com = commit_scheme::commit(&pp.cm_pp, channelId, wpk, b0_customer, Some(r));
let t_c = ChannelToken { w_com: w_com, pk: keypair.pk };
let csk_c = CustSecretKey { sk: keypair.sk, cid: channelId, wpk: wpk, wsk: wsk,
// TODO: hash (wpk) and convert b0_customer into Fr
let w_com = commit_scheme::commit(&pp.cm_mpk, channelId, h_wpk, b0, Some(r));
let t_c = ChannelToken { w_com: w_com, pk: keypair.pk.clone() };
let csk_c = CustSecretKey { sk: keypair.sk.clone(), cid: channelId, wpk: wpk, wsk: wsk,
r: r, balance: b0_customer, ck_vec: ck_vec };
return InitCustomerData { T: t_c, csk: csk_c };
}
pub fn init_merchant(pp: &PublicParams, b0_merchant: u32, keypair: &clsigs::KeyPair) -> InitMerchantData {
pub fn init_merchant(pp: &PublicParams, b0_merchant: i32, keypair: &clsigs::KeyPairD) -> InitMerchantData {
println!("Run Init merchant...");
let csk_m = MerchSecretKey { sk: keypair.sk, balance: b0_merchant };
return InitMerchantData { T: keypair.pk, csk: csk_m };
let csk_m = MerchSecretKey { sk: keypair.sk.clone(), balance: b0_merchant };
return InitMerchantData { T: keypair.pk.clone(), csk: csk_m };
}
// TODO: requires NIZK proof system
pub fn establish_customer(pp: &PublicParams, t_m: &clsigs::PublicKey, csk_c: &CustSecretKey) {
pub fn establish_customer(pp: &PublicParams, t_m: &clsigs::PublicKeyD, csk_c: &CustSecretKey) {
println ! ("Run establish_customer algorithm...");
// set sk_0 to random bytes of length l
// let sk_0 = random_bytes(pp.l);
@ -807,7 +837,7 @@ pub mod bidirectional {
let mut sk0 = vec![0; buf_len];
randombytes::randombytes_into(&mut sk0);
let pi1 = create_nizk_proof_one(csk_c.sk, csk_c.k1, csk_c.k2, );
//let pi1 = create_nizk_proof_one(csk_c.sk, csk_c.k1, csk_c.k2, );
}
// the merchant calls this method after obtaining
@ -816,8 +846,12 @@ pub mod bidirectional {
}
// TODO: requires NIZK proof system calls
pub fn pay() {
println!("Run pay algorithm...");
pub fn pay_by_customer() {
println!("Run pay algorithm by Customer - phase 1.");
}
pub fn pay_by_merchant() {
println!("Run pay algorithm by Merchant - phase 1");
}
// pub fn refund(pp: &PublicParams, imd : &InitMerchantData, w: Wallet) {