From 4a478cb19f6a03268e4fb8415811c90393215ed1 Mon Sep 17 00:00:00 2001
From: Gijs Van Laer <gijs.vanlaer@gmail.com>
Date: Thu, 8 Aug 2019 14:41:59 +0200
Subject: [PATCH] nizk: fix for negative epsilon

---
 Cargo.toml  |  3 ++-
 src/nizk.rs | 34 ++++++++++++++++++++++++++++++++--
 src/util.rs | 16 ++++++++++++++--
 3 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index e6d8e54..fc2a135 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,7 +27,8 @@ rustc-serialize = "0.3"
 secp256k1 = { version = "0.15.0", features = ["rand", "serde"] }
 curve25519-dalek = { version = "1", features = ["serde"] }
 merlin = "1.0.0"
-bulletproofs = { git = "https://github.com/dalek-cryptography/bulletproofs", branch = "main" }
+#bulletproofs = { git = "https://github.com/dalek-cryptography/bulletproofs", branch = "main" }
+bulletproofs = { git = "https://github.com/dalek-cryptography/bulletproofs", tag = "1.0.2" }
 sha2 = { version = "0.8", default-features = false }
 
 [dev-dependencies.bincode]
diff --git a/src/nizk.rs b/src/nizk.rs
index a196c33..9b56d33 100644
--- a/src/nizk.rs
+++ b/src/nizk.rs
@@ -7,7 +7,6 @@ use cl::{KeyPair, Signature, PublicParams, setup, BlindKeyPair, ProofState, Sign
 use ped92::{CSParams, Commitment, CSMultiParams};
 use pairing::{Engine, CurveProjective};
 use ff::PrimeField;
-use util::hash_g2_to_fr;
 use commit_scheme::commit;
 use wallet::Wallet;
 use ccs08::{RPPublicParams, RangeProof};
@@ -206,6 +205,7 @@ impl<E: Engine> NIZKPublicParams<E> {
 mod tests {
     use super::*;
     use pairing::bls12_381::{Bls12, Fr};
+    use util::convert_int_to_fr;
 
     #[test]
     fn nizk_proof_works() {
@@ -233,8 +233,38 @@ mod tests {
 
         let proof = pubParams.prove(rng, r, wallet1, wallet2,
                           commitment2.clone(), rprime, &paymentToken);
+        let fr = convert_int_to_fr::<Bls12>(*epsilon);
+        assert_eq!(pubParams.verify(proof, fr, &commitment2, wpk), true);
+    }
 
-        assert_eq!(pubParams.verify(proof, Fr::from_str(&epsilon.to_string()).unwrap(), &commitment2, wpk), true);
+    #[test]
+    fn nizk_proof_negative_value_works() {
+        let rng = &mut rand::thread_rng();
+        let pkc = Fr::rand(rng);
+        let wpk = Fr::rand(rng);
+        let wpkprime = Fr::rand(rng);
+        let bc = rng.gen_range(100, 1000);
+        let mut bc2 = bc.clone();
+        let bm = rng.gen_range(100, 1000);
+        let mut bm2 = bm.clone();
+        let epsilon = &rng.gen_range(-100, -1);
+        bc2 -= epsilon;
+        bm2 += epsilon;
+        let r = Fr::rand(rng);
+        let rprime = Fr::rand(rng);
+
+        let pubParams = NIZKPublicParams::<Bls12>::setup(rng, 4);
+        let wallet1 = Wallet { pkc, wpk, bc, bm, close: None };
+        let commitment1 = pubParams.comParams.commit(&wallet1.as_fr_vec(), &r);
+        let wallet2 = Wallet { pkc, wpk: wpkprime, bc: bc2, bm: bm2, close: None };
+        let commitment2 = pubParams.comParams.commit(&wallet2.as_fr_vec(), &rprime);
+        let blindPaymentToken = pubParams.keypair.sign_blind(rng, &pubParams.mpk, commitment1.clone());
+        let paymentToken = pubParams.keypair.unblind(&r, &blindPaymentToken);
+
+        let proof = pubParams.prove(rng, r, wallet1, wallet2,
+                                    commitment2.clone(), rprime, &paymentToken);
+        let fr = convert_int_to_fr::<Bls12>(*epsilon);
+        assert_eq!(pubParams.verify(proof, fr, &commitment2, wpk), true);
     }
 
     #[test]
diff --git a/src/util.rs b/src/util.rs
index 5f71e24..75eb8ad 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -1,7 +1,7 @@
 use super::*;
 use sodiumoxide::crypto::hash::sha512;
 use pairing::{Engine, CurveProjective};
-use ff::PrimeField;
+use ff::{PrimeField};
 use rand::Rng;
 use ped92::CSMultiParams;
 use secp256k1::{Signature, PublicKey};
@@ -81,7 +81,9 @@ pub fn convert_int_to_fr<E: Engine>(value: i32) -> E::Fr {
     } else {
         // negative value
         let value2 = value * -1;
-        let res = E::Fr::from_str(value2.to_string().as_str()).unwrap();
+        let mut res = E::Fr::zero();
+        let val = E::Fr::from_str(value2.to_string().as_str()).unwrap();
+        res.sub_assign(&val);
         // TODO: look at how to do negation
         return res;
     }
@@ -258,4 +260,14 @@ mod tests {
         assert_eq!(fmt_bytes_to_int([12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123, 13, 43, 12, 235, 23, 123]),
                    "122352312313431223523123134312235231231343122352312313431223523123134312235231231343122352312313431223523123134312235231231343122352312313431223523123");
     }
+
+    #[test]
+    fn convert_int_to_fr_works() {
+        assert_eq!(format!("{}", convert_int_to_fr::<Bls12>(1).into_repr()),
+                   "0x0000000000000000000000000000000000000000000000000000000000000001");
+        assert_eq!(format!("{}", convert_int_to_fr::<Bls12>(-1).into_repr()),
+                   "0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000");
+        assert_eq!(format!("{}", convert_int_to_fr::<Bls12>(365).into_repr()),
+                   "0x000000000000000000000000000000000000000000000000000000000000016d");
+    }
 }