zecfoundation
/
libbolt
mirror of https://github.com/ZcashFoundation/libbolt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add Blind signature scheme by Pointcheval-Sanders

This commit is contained in:
J. Ayo Akinyele 2019-06-14 03:24:15 -04:00
parent 02982526d7
commit 7c8a81e0cd
3 changed files with 155 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -8,11 +8,15 @@ BOLT is a system for conducting **privacy-preserving off-chain payments** betwee
The libbolt library is a proof of concept implementation that relies on experimental libraries and dependencies at the moment. It is not suitable for production software yet.
# NOTE
Active development of libbolt is ongoing at [Bolt Labs, Inc](https://github.com/boltlabs-inc/libbolt) to instantiate on a cryptocurrency. We will submit pull requests periodically when new features are complete.
# Dependencies
* secp256k1
* sodiumoxide
* bn
* pairing
* curve25519_dalek
* merlin
* bulletproofs
@ -55,7 +59,7 @@ To use the libbolt library, add the `libbolt` crate to your dependency file in `
```toml
[dependencies]
bolt = "0.2.0"
bolt = "0.3.0"
```
Then add an extern declaration at the root of your crate as follows:

203
src/cl.rs
View File

@ -19,12 +19,21 @@ pub struct SecretKey<E: Engine> {
pub y: Vec<E::Fr>
}
#[derive(Clone, Serialize, Deserialize)]
//#[derive(Clone, Serialize, Deserialize)]
#[derive(Clone)]
pub struct PublicKey<E: Engine> {
pub X: E::G2,
pub Y: Vec<E::G2>,
}
//#[derive(Clone, Serialize, Deserialize)]
#[derive(Clone)]
pub struct BlindPublicKey<E: Engine> {
pub X: E::G2,
pub Y1: Vec<E::G1>,
pub Y2: Vec<E::G2>,
}
#[derive(Clone)]
pub struct Signature<E: Engine> {
pub h: E::G1,
@ -37,6 +46,13 @@ pub struct KeyPair<E: Engine> {
pub public: PublicKey<E>
}
#[derive(Clone)]
pub struct BlindKeyPair<E: Engine> {
pub secret: SecretKey<E>,
pub public: BlindPublicKey<E>
}
impl<E: Engine> SecretKey<E> {
pub fn generate<R: Rng>(csprng: &mut R, l: usize) -> Self {
let mut y: Vec<E::Fr> = Vec::new();
@ -51,8 +67,9 @@ impl<E: Engine> SecretKey<E> {
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
let h = E::G1::rand(csprng);
let mut s = E::Fr::zero();
// assert(self.y.len() == message.len());
for i in 0 .. self.y.len() {
// check vector length first
assert_eq!(self.y.len(), message.len());
for i in 0 .. message.len() {
// s = s + (self.y[i] * message[i]);
let mut res_yi = self.y[i];
res_yi.mul_assign(&message[i]);
@ -69,21 +86,22 @@ impl<E: Engine> SecretKey<E> {
Signature { h: h, H: H }
}
pub fn blind<R: Rng>(&self, csprng: &mut R, signature: &Signature<E>) -> Signature<E> {
pub fn blind<R: Rng>(&self, csprng: &mut R, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
let r = E::Fr::rand(csprng);
let t = E::Fr::rand(csprng);
let t = bf.clone();
let mut h1 = signature.h;
h1.mul_assign(r); // sigma1 ^ r
let mut h = signature.h;
let mut H1 = signature.H;
h.mul_assign(t); // sigma1 ^ t
h.mul_assign(t); // sigma1 ^ t (blinding factor)
H1.add_assign(&h); // (sigma2 * sigma1 ^ t)
// (sigma2 * sigma1 ^ t) ^ r
H1.mul_assign(r);
Signature { h: h1, H: H1 }
}
}
@ -158,6 +176,55 @@ impl<E: Engine> PublicKey<E> {
}
}
impl<E: Engine> BlindPublicKey<E> {
pub fn from_secret(mpk: &PublicParams<E>, secret: &SecretKey<E>) -> Self {
let mut Y1: Vec<E::G1> = Vec::new();
let mut Y2: Vec<E::G2> = Vec::new();
for i in 0..secret.y.len() {
// Y[i] = g2 ^ y[i]
let mut g1y = mpk.g1;
let mut g2y = mpk.g2;
g1y.mul_assign(secret.y[i]);
g2y.mul_assign(secret.y[i]);
Y1.push(g1y);
Y2.push(g2y);
}
// X = g2 ^ x
let mut X = mpk.g2;
X.mul_assign(secret.x);
BlindPublicKey {
X: X,
Y1: Y1,
Y2: Y2
}
}
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, signature: &Signature<E>) -> bool {
let mut L = E::G2::zero();
let l = self.Y2.len();
assert_eq!(message.len(), l + 1);
for i in 0 .. l {
// L = L + self.Y[i].mul(message[i]);
let mut Y = self.Y2[i];
Y.mul_assign(message[i]); // Y_i ^ m_i
L.add_assign(&Y); // L += Y_i ^m_i
}
// Y_(l+1) ^ t
let mut Yt = mpk.g2;
Yt.mul_assign(message[l]);
L.add_assign(&Yt);
let mut X2 = self.X;
X2.add_assign(&L); // X2 = X + L
let lhs = E::pairing(signature.h, X2);
let rhs = E::pairing(signature.H, mpk.g2);
signature.h != E::G1::one() && lhs == rhs
}
}
pub fn setup<R: Rng, E: Engine>(csprng: &mut R) -> PublicParams<E> {
@ -167,6 +234,9 @@ pub fn setup<R: Rng, E: Engine>(csprng: &mut R) -> PublicParams<E> {
return mpk;
}
///
/// KeyPair - implements the standard CL signature variant by Pointcheval-Sanders - Section 3.1
///
impl<E: Engine> KeyPair<E> {
pub fn generate<R: Rng>(csprng: &mut R, mpk: &PublicParams<E>, l: usize) -> Self {
let secret = SecretKey::generate(csprng, l);
@ -174,6 +244,7 @@ impl<E: Engine> KeyPair<E> {
KeyPair { secret, public }
}
/// sign a vector of messages (of size l)
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
self.secret.sign(csprng, message)
}
@ -181,34 +252,50 @@ impl<E: Engine> KeyPair<E> {
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, signature: &Signature<E>) -> bool {
self.public.verify(mpk, message, signature)
}
pub fn blind<R: Rng>(&self, csprng: &mut R, signature: &Signature<E>) -> Signature<E> {
self.secret.blind(csprng, signature)
}
}
//impl<E: Engine> SignaturePS<E> {
// pub fn new(_h: E::G1, _H: E::G1) -> SignaturePS {
// SignaturePS {
// h: _h, H: _H
// }
// }
//
// pub fn hash(&self, prefix: &str) -> Fr {
// let mut output_buf: Vec<u8> = Vec::new();
// output_buf.extend_from_slice(prefix.as_bytes());
// concat_g1_to_vector(&mut output_buf, &self.h);
// concat_g1_to_vector(&mut output_buf, &self.H);
//
// // println!("DEBUG: signature len => {}", output_buf.len());
// // let's hash the final output_buf
// let sha2_digest = sha512::hash(output_buf.as_slice());
//
// let mut hash_buf: [u8; 64] = [0; 64];
// hash_buf.copy_from_slice(&sha2_digest[0..64]);
// return Fr::interpret(&hash_buf);
// }
//}
///
/// BlindingKeyPair - implements the blinding signature scheme in Pointcheval-Sanders - Section 3.1.1
///
impl<E: Engine> BlindKeyPair<E> {
/// generate public/private keypair given public params and size of vectors
pub fn generate<R: Rng>(csprng: &mut R, mpk: &PublicParams<E>, l: usize) -> Self {
let secret = SecretKey::generate(csprng, l);
let public = BlindPublicKey::from_secret(mpk, &secret);
BlindKeyPair { secret, public }
}
/// sign a vector of messages
pub fn sign<R: Rng>(&self, csprng: &mut R, message: &Vec<E::Fr>) -> Signature<E> {
self.secret.sign(csprng, message)
}
/// computes a blind signature from an existing one
pub fn blind<R: Rng>(&self, csprng: &mut R, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
self.secret.blind(csprng, bf, signature)
}
/// unblinds a signature given knowledge of blinding factor, t. Output should be
/// verifiable with standard signature scheme.
pub fn unblind(&self, bf: &E::Fr, signature: &Signature<E>) -> Signature<E> {
let mut H = signature.h;
let inv_bf = bf.inverse().unwrap();
// sigma2 / sigma1 ^ t
H.mul_assign(inv_bf);
H.add_assign(&signature.H);
Signature { h: signature.h, H: H }
}
/// verify a blinded signature without unblinding it first
pub fn verify(&self, mpk: &PublicParams<E>, message: &Vec<E::Fr>, bf: &E::Fr, signature: &Signature<E>) -> bool {
let mut m = message.clone();
let t = bf.clone();
m.push(t);
self.public.verify(mpk, &m, signature)
}
}
/*
// display CL signature (PS)
@ -264,27 +351,35 @@ mod tests {
assert_eq!(keypair.verify(&mpk, &message2, &sig), false);
}
// #[test]
// fn scheme_ps_sign_and_verify_works() {
// // test ability to sign/verify a vector of messages
// let rng = &mut thread_rng();
//
// let mpk = setup_ps();
// let l = 5;
// let keypair = keygen_ps(&mpk, l);
//
// let mut m1 : Vec<Fr> = Vec::new();
// let mut m2 : Vec<Fr> = Vec::new();
//
// for i in 0 .. l {
// m1.push(Fr::random(rng));
// m2.push(Fr::random(rng));
// }
//
// let signature = sign_ps(&mpk, &keypair.sk, &m1);
//
// assert!(verify_ps(&mpk, &keypair.pk, &m1, &signature) == true);
// assert!(verify_ps(&mpk, &keypair.pk, &m2, &signature) == false);
// }
#[test]
fn blind_sign_and_verify() {
let mut rng = &mut rand::thread_rng();
let l = 5;
let mpk = setup(&mut rng);
let keypair = BlindKeyPair::<Bls12>::generate(&mut rng, &mpk, l);
let mut message1 : Vec<Fr> = Vec::new();
let mut message2 : Vec<Fr> = Vec::new();
for i in 0..l {
message1.push(Fr::rand(&mut rng));
message2.push(Fr::rand(&mut rng));
}
let sig = keypair.sign(&mut rng, &message1);
let t = Fr::rand(&mut rng);
let blind_sig = keypair.blind(&mut rng, &t,&sig);
// pick another blinding factor
let t1 = Fr::rand(&mut rng);
// verify blind signatures and provide blinding factor as input
assert_eq!(keypair.verify(&mpk,&message1, &t,&blind_sig), true);
assert_eq!(keypair.verify(&mpk,&message2, &t,&blind_sig), false);
assert_eq!(keypair.verify(&mpk,&message1, &t1,&blind_sig), false);
}
}

1
src/lib.rs
View File

@ -62,7 +62,6 @@ use serde::{Serialize, Deserialize};
pub mod prf;
pub mod sym;
pub mod ote;
pub mod bls;
pub mod cl;
pub mod clsigs;
pub mod commit_scheme;