diff --git a/.gitignore b/.gitignore index 6c2df41..6550ea8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .idea/ target -Cargo.lock \ No newline at end of file +Cargo.lock +py/__pycache__/ \ No newline at end of file diff --git a/src/ccs08.rs b/src/ccs08.rs index aaf74c7..625f3d9 100644 --- a/src/ccs08.rs +++ b/src/ccs08.rs @@ -7,16 +7,13 @@ Asiacrypt 2008 extern crate pairing; extern crate rand; -use rand::{thread_rng, Rng}; +use rand::Rng; use super::*; -use cl::{KeyPair, Signature, PublicParams, setup, BlindKeyPair, ProofState, SignatureProof}; +use cl::{Signature, PublicParams, setup, BlindKeyPair, ProofState, SignatureProof}; use ped92::{Commitment, CSMultiParams}; use pairing::{Engine, CurveProjective}; use ff::PrimeField; use std::collections::HashMap; -use std::fmt::Display; -use std::mem::transmute; -use util::fmt_bytes_to_int; /** paramsUL contains elements generated by the verifier, which are necessary for the prover. @@ -339,9 +336,6 @@ impl RPPublicParams { let loglogb = logb.log2(); if loglogb > 0.0 { let mut u = (logb / loglogb) as i32; - if u < 2 { - u = 2; - } u = 57; //TODO: optimize u? let l = (b as f32).log(u as f32).ceil() as i32; @@ -412,7 +406,7 @@ impl RPPublicParams { first & &second } - fn compute_challenge(&self, proof: &RangeProof) -> E::Fr { + pub fn compute_challenge(&self, proof: &RangeProof) -> E::Fr { let mut a = Vec::::with_capacity(self.p.l as usize); for i in 0..proof.p1.sigProofs.len() { a.push(proof.p1.sigProofs[i].a); @@ -426,7 +420,7 @@ impl RPPublicParams { #[cfg(test)] mod tests { use super::*; - use pairing::bls12_381::{Bls12, G1, Fq12, Fr}; + use pairing::bls12_381::{Bls12, G1, Fr}; use time::PreciseTime; use std::ops::Add; use core::mem; @@ -576,7 +570,7 @@ mod tests { let mut averageProofSize = 0; let mut averageVerify = time::Duration::nanoseconds(0); let iter = 5; - for i in 0..iter { + for _i in 0..iter { let a = rng.gen_range(0, 1000000); let b = rng.gen_range(a, 1000000); let x = rng.gen_range(a, b); diff --git a/src/channels.rs b/src/channels.rs index d4c1300..7628af0 100644 --- a/src/channels.rs +++ b/src/channels.rs @@ -378,7 +378,7 @@ impl CustomerState { let prev_pay_token = self.pay_tokens.get(&i).unwrap(); //println!("Found prev pay token: {}", prev_pay_token); - let pay_proof = cp.pub_params.prove(csprng, self.t.clone(), old_wallet, new_wallet.clone(), + let pay_proof = cp.pub_params.prove(csprng, old_wallet, new_wallet.clone(), new_wcom.clone(), new_t, &prev_pay_token); // update internal state after proof has been verified by remote diff --git a/src/nizk.rs b/src/nizk.rs index 6858698..1c63113 100644 --- a/src/nizk.rs +++ b/src/nizk.rs @@ -3,10 +3,9 @@ extern crate rand; use super::*; use rand::Rng; -use cl::{KeyPair, Signature, PublicParams, setup, BlindKeyPair, ProofState, SignatureProof, BlindPublicKey}; -use ped92::{CSParams, Commitment, CSMultiParams, CommitmentProof}; +use cl::{Signature, PublicParams, setup, BlindKeyPair, SignatureProof}; +use ped92::{Commitment, CSMultiParams, CommitmentProof}; use pairing::{Engine, CurveProjective}; -use ff::PrimeField; use wallet::Wallet; use ccs08::{RPPublicParams, RangeProof}; use serde::{Serialize, Deserialize}; @@ -67,16 +66,15 @@ impl NIZKPublicParams { /** This method can be called to create the proof during the payment and closing protocol Input: rng: random generator - r: randomness of commitment of old wallet (TODO: still necessary?) oldWallet: This is the wallet before payment occurs newWallet: This is the new state of the wallet after payment newWalletCom: A commitment of the new wallet - rPrime: randomness of commitment of new wallet + rPrime: blinding value of commitment of new wallet paymentToken: A blind signature on the old wallet Output: NIZKProof: a proof that can be verified by the merchant during payment or closing protocol */ - pub fn prove(&self, rng: &mut R, r: E::Fr, oldWallet: Wallet, newWallet: Wallet, + pub fn prove(&self, rng: &mut R, oldWallet: Wallet, newWallet: Wallet, newWalletCom: Commitment, rPrime: E::Fr, paymentToken: &Signature) -> NIZKProof { //Commitment phase //commit commitment @@ -87,7 +85,7 @@ impl NIZKPublicParams { false => self.comParams.pub_bases.len() }; - let (D, t, rt, mut reveal_wallet) = CommitmentProof::::prove_commitment(rng, &self.comParams, &newWallet.as_fr_vec(), &vec! {}); + let (D, t, rt) = CommitmentProof::::prove_commitment(rng, &self.comParams, &newWallet.as_fr_vec(), &vec! {}); //commit signature let zero = E::Fr::zero(); @@ -111,7 +109,7 @@ impl NIZKPublicParams { //response commitment let newWalletVec = newWallet.as_fr_vec(); - let comProof = CommitmentProof::::prove_response(&newWalletVec, &rPrime, &vec! {}, D, &t, rt, reveal_wallet.borrow_mut(), &challenge); + let comProof = CommitmentProof::::prove_response(&newWalletVec, &rPrime, &vec! {}, D, &t, rt, &challenge); //response range proof let mut vec01 = newWalletVec[0..2].to_vec(); @@ -228,6 +226,8 @@ mod tests { use super::*; use pairing::bls12_381::{Bls12, Fr}; use util::convert_int_to_fr; + use rand::thread_rng; + use ff::PrimeField; #[test] fn nizk_proof_works() { @@ -253,7 +253,7 @@ mod tests { let blindPaymentToken = pubParams.keypair.sign_blind(rng, &pubParams.mpk, commitment1.clone()); let paymentToken = pubParams.keypair.unblind(&r, &blindPaymentToken); - let proof = pubParams.prove(rng, r, wallet1, wallet2, + let proof = pubParams.prove(rng, wallet1, wallet2, commitment2.clone(), rprime, &paymentToken); let fr = convert_int_to_fr::(*epsilon); assert_eq!(pubParams.verify(proof, fr, &commitment2, wpk), true); @@ -283,7 +283,7 @@ mod tests { let blindPaymentToken = pubParams.keypair.sign_blind(rng, &pubParams.mpk, commitment1.clone()); let paymentToken = pubParams.keypair.unblind(&r, &blindPaymentToken); - let proof = pubParams.prove(rng, r, wallet1, wallet2, + let proof = pubParams.prove(rng, wallet1, wallet2, commitment2.clone(), rprime, &paymentToken); let fr = convert_int_to_fr::(*epsilon); assert_eq!(pubParams.verify(proof, fr, &commitment2, wpk), true); @@ -324,7 +324,7 @@ mod tests { println!("close => {}", &wallet2); assert!(pk.verify(&pubParams.mpk, &wallet2.as_fr_vec(), &closeToken)); - let proof = pubParams.prove(rng, r, wallet1, wallet2, + let proof = pubParams.prove(rng, wallet1, wallet2, commitment2.clone(), rprime, &paymentToken); assert_eq!(pubParams.verify(proof, Fr::from_str(&epsilon.to_string()).unwrap(), &commitment2, wpk), true); @@ -348,7 +348,6 @@ mod tests { let pubParams = NIZKPublicParams::::setup(rng, 4); let wallet1 = Wallet { pkc, wpk, bc, bm, close: None }; - let wallet2 = Wallet:: { pkc, wpk: wpkprime, bc: bc2, bm: bm2, close: None }; let bc2Prime = bc.clone(); let wallet3 = Wallet { pkc, wpk: wpkprime, bc: bc2Prime, bm: bm2, close: None }; @@ -356,18 +355,18 @@ mod tests { let commitment2 = pubParams.comParams.commit(&wallet3.as_fr_vec(), &rprime); let blindPaymentToken = pubParams.keypair.sign_blind(rng, &pubParams.mpk, commitment1.clone()); let paymentToken = pubParams.keypair.unblind(&r, &blindPaymentToken); - let proof = pubParams.prove(rng, r, wallet1.clone(), wallet3, commitment2.clone(), rprime, &paymentToken); + let proof = pubParams.prove(rng, wallet1.clone(), wallet3, commitment2.clone(), rprime, &paymentToken); assert_eq!(pubParams.verify(proof, Fr::from_str(&epsilon.to_string()).unwrap(), &commitment2, wpk), false); let bm2Prime = bm.clone(); let wallet4 = Wallet { pkc, wpk: wpkprime, bc: bc2, bm: bm2Prime, close: None }; let commitment2 = pubParams.comParams.commit(&wallet4.as_fr_vec(), &rprime); - let proof = pubParams.prove(rng, r, wallet1.clone(), wallet4, commitment2.clone(), rprime, &paymentToken); + let proof = pubParams.prove(rng, wallet1.clone(), wallet4, commitment2.clone(), rprime, &paymentToken); assert_eq!(pubParams.verify(proof, Fr::from_str(&epsilon.to_string()).unwrap(), &commitment2, wpk), false); let wallet5 = Wallet { pkc: Fr::rand(rng), wpk: wpkprime, bc: bc2, bm: bm2, close: None }; let commitment2 = pubParams.comParams.commit(&wallet5.as_fr_vec(), &rprime); - let proof = pubParams.prove(rng, r, wallet1.clone(), wallet5, commitment2.clone(), rprime, &paymentToken); + let proof = pubParams.prove(rng, wallet1.clone(), wallet5, commitment2.clone(), rprime, &paymentToken); assert_eq!(pubParams.verify(proof, Fr::from_str(&epsilon.to_string()).unwrap(), &commitment2, wpk), false); } diff --git a/src/ped92.rs b/src/ped92.rs index c040fc8..0cd525b 100644 --- a/src/ped92.rs +++ b/src/ped92.rs @@ -1,5 +1,5 @@ // ped92.rs -use rand::{thread_rng, Rng}; +use rand::Rng; use pairing::{Engine, CurveProjective}; use ff::{Rand, Field, PrimeField}; use std::fmt; @@ -116,7 +116,7 @@ impl CSMultiParams { pub fn setup_gen_params(rng: &mut R, len: usize) -> Self { let mut p: Vec = Vec::new(); // 1 extra base element for the random parameter - for i in 0..len + 1 { + for _i in 0..len + 1 { p.push(E::G1::rand(rng)); } CSMultiParams { pub_bases: p } @@ -194,23 +194,21 @@ pub struct CommitmentProof { impl CommitmentProof { pub fn new(csprng: &mut R, com_params: &CSMultiParams, com: &E::G1, wallet: &Vec, r: &E::Fr, reveal_index: &Vec) -> Self { - let (Tvals, t, rt, mut reveal_wallet) = CommitmentProof::::prove_commitment::(csprng, com_params, wallet, reveal_index); + let (Tvals, t, rt) = CommitmentProof::::prove_commitment::(csprng, com_params, wallet, reveal_index); // compute the challenge let x: Vec = vec![Tvals, com.clone()]; let challenge = util::hash_g1_to_fr::(&x); // compute the response - CommitmentProof::::prove_response(wallet, r, reveal_index, Tvals, &t, rt, reveal_wallet.borrow_mut(), &challenge) + CommitmentProof::::prove_response(wallet, r, reveal_index, Tvals, &t, rt, &challenge) } - pub fn prove_commitment(csprng: &mut R, com_params: &CSMultiParams, wallet: &Vec, reveal_index: &Vec) -> (E::G1, Vec, Vec, Vec) { + pub fn prove_commitment(csprng: &mut R, com_params: &CSMultiParams, wallet: &Vec, reveal_index: &Vec) -> (E::G1, Vec, Vec) { let mut Tvals = E::G1::zero(); assert!(wallet.len() <= com_params.pub_bases.len()); let mut t = Vec::::with_capacity(wallet.len() + 1); let mut rt: Vec = Vec::new(); - // t values that will be revealed - let mut reveal_wallet: Vec = Vec::new(); // aspects of wallet being revealed for i in 0..wallet.len() + 1 { let ti = E::Fr::rand(csprng); @@ -225,15 +223,17 @@ impl CommitmentProof { gt.mul_assign(ti.into_repr()); Tvals.add_assign(>); } - (Tvals, t, rt, reveal_wallet) + (Tvals, t, rt) } - pub fn prove_response(wallet: &Vec, r: &E::Fr, reveal_index: &Vec, Tvals: E::G1, t: &Vec, rt: Vec, reveal_wallet: &mut Vec, challenge: &E::Fr) -> CommitmentProof { + pub fn prove_response(wallet: &Vec, r: &E::Fr, reveal_index: &Vec, Tvals: E::G1, t: &Vec, rt: Vec, challenge: &E::Fr) -> CommitmentProof { let mut z: Vec = Vec::new(); let mut z0 = r.clone(); z0.mul_assign(&challenge); z0.add_assign(&t[0]); z.push(z0); + // t values that will be revealed + let mut reveal_wallet: Vec = Vec::new(); reveal_wallet.push(E::Fr::zero()); for i in 1..t.len() { let mut zi = wallet[i - 1].clone(); @@ -276,6 +276,7 @@ impl CommitmentProof { mod tests { use super::*; use pairing::bls12_381::{Bls12, Fr, G1}; + use rand::thread_rng; use ff::Field; use wallet::Wallet; @@ -301,7 +302,7 @@ mod tests { let csp = CSMultiParams::::setup_gen_params(rng, len); let mut m: Vec = Vec::new(); - for i in 0..len { + for _i in 0..len { m.push(Fr::rand(rng)); } let r = Fr::rand(rng); @@ -320,7 +321,7 @@ mod tests { let csp = CSMultiParams::::setup_gen_params(rng, len); let mut m1: Vec = Vec::new(); - for i in 0..len-1 { + for _i in 0..len-1 { m1.push(Fr::rand(rng)); } let extra_m = Fr::rand(rng); @@ -342,7 +343,7 @@ mod tests { #[test] fn test_csp_basic_serialize() { - let mut rng = &mut rand::thread_rng(); + let rng = &mut rand::thread_rng(); let len = 5; let csp = CSMultiParams::::setup_gen_params(rng, len); @@ -359,7 +360,6 @@ mod tests { let t = Fr::rand(rng); let bc = rng.gen_range(100, 1000); - let bc2 = rng.gen_range(100, 1000); let bm = rng.gen_range(100, 1000); let wallet = Wallet:: { pkc: pkc, wpk: wpk, bc: bc, bm: bm, close: None };