From 3e516083aefbd50af66f45bf701644d4d37a5111 Mon Sep 17 00:00:00 2001 From: Gijs Van Laer Date: Fri, 14 Jun 2019 18:54:18 -0400 Subject: [PATCH 1/5] ped92: Pedersen commitment using Generics --- src/lib.rs | 1 + src/ped92.rs | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 230 insertions(+) create mode 100644 src/ped92.rs diff --git a/src/lib.rs b/src/lib.rs index 935a22a..6511a6d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -65,6 +65,7 @@ pub mod ote; pub mod cl; pub mod clsigs; pub mod commit_scheme; +pub mod ped92; pub mod clproto; pub mod serialization_wrappers; diff --git a/src/ped92.rs b/src/ped92.rs new file mode 100644 index 0000000..a6835a4 --- /dev/null +++ b/src/ped92.rs @@ -0,0 +1,229 @@ +// commit_schemes.rs +extern crate serde; + +use serialization_wrappers; +use std::fmt; +use rand::{thread_rng, Rng}; +use bn::{Group, Fr, G1, G2}; +use pairing::{Engine, CurveProjective, CurveAffine}; +use ff::Rand; +use clsigs; +use debug_elem_in_hex; +use bincode::SizeLimit::Infinite; +use bincode::rustc_serialize::encode; +use sodiumoxide::crypto::hash::sha512; + +use serde::{Serialize, Deserialize}; + +#[derive(Clone)] +pub struct PublicKey { + g: E::G2, + h: E::G2 +} + +#[derive(Clone)] +pub struct Commitment { + pub c: E::G2, + pub r: E::Fr +} + +#[derive(Clone)] +pub struct CSParams { + pub pub_bases: Vec +} + +//impl fmt::Display for PublicKey { +// fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { +// let g_vec: Vec = encode(&self.g, Infinite).unwrap(); +// let h_vec: Vec = encode(&self.h, Infinite).unwrap(); +// let mut g_s = String::new(); +// for x in g_vec.iter() { +// g_s = format!("{}{:x}", g_s, x); +// } +// +// let mut h_s = String::new(); +// for y in h_vec.iter() { +// h_s = format!("{}{:x}", h_s, y); +// } +// +// write!(f, "PK : (g=0x{}, h=0x{})", g_s, h_s) +// } +//} + +//impl fmt::Display for Commitment { +// fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { +// let c_vec: Vec = encode(&self.c, Infinite).unwrap(); +// let mut c_s = String::new(); +// for x in c_vec.iter() { +// c_s = format!("{}{:x}", c_s, x); +// } +// +// let d_vec: Vec = encode(&self.r, Infinite).unwrap(); +// let mut d_s = String::new(); +// for x in d_vec.iter() { +// d_s = format!("{}{:x}", d_s, x); +// } +// write!(f, "Commitment : (c=0x{}, r=0x{})", c_s, d_s) +// } +//} + +/* +Implements the setup algorithm for the Pedersen92 commitment scheme +*/ +pub fn ped92_setup() -> PublicKey { + println!("Run Setup..."); + let rng = &mut thread_rng(); + let g = E::G2::rand(rng); + let h = E::G2::rand(rng); + let pk = PublicKey { g, h }; + return pk; +} + +/* +commit(pk, msg) -> cm where +- pk is the public key generated from setup() +- msg is the message structure for the commitment scheme +- cm is the output commitment message for the given message +*/ +pub fn ped92_commit(pk: &PublicKey, m: E::Fr, R: Option) -> Commitment { + let rng = &mut thread_rng(); + + let r = R.unwrap_or(E::Fr::rand(rng)); + //let r = Fr::random(rng); + + //let m = msg.hash(); + let p = "commit -> m"; + // c = g^m * h^r + let mut c = pk.g.clone(); + c.mul_assign(m); + let mut h = pk.h.clone(); + h.mul_assign(r); + c.add_assign(&h); + // return (c, r) <- d=r + let commitment = Commitment { c, r }; + + // debugging + return commitment; +} + +/* +decommit(pk, cm, msg) -> bool where +- pk is the public key generated from setup() +- cm is the commitment +- m is the message to validate +- outputs T/F for whether the cm is a valid commitment to the msg +*/ +pub fn ped92_decommit(pk: &PublicKey, cm: &Commitment, m: E::Fr) -> bool { + let p = "decommit -> m"; + + let mut dm = pk.g.clone(); + dm.mul_assign(m); + let mut h = pk.h.clone(); + h.mul_assign(cm.r.clone()); + dm.add_assign(&h); + return dm == cm.c; +} + + +/* +Implements the setup algorithm for the Pedersen92 commitment scheme over +a vector of messages. +*/ + +pub fn setup(len: usize, pub_bases: Vec, h: E::G2) -> CSParams { + let rng = &mut thread_rng(); + //let base_h = h.unwrap_or(G2::random(rng)); + let mut p: Vec = Vec::new(); + p.push(h); + + let _p = pub_bases; + for i in 0 .. _p.len() { + p.push(_p[i]); + } + return CSParams { pub_bases: p }; +} + +pub fn setup_gen_params(len: usize) -> CSParams { + let rng = &mut thread_rng(); + + let mut p: Vec = Vec::new(); + for i in 0 .. len { + p.push(E::G2::rand(rng)); + } + return CSParams { pub_bases: p }; +} + +pub fn commit(csp: &CSParams, x: &Vec, r: E::Fr) -> Commitment { + let rng = &mut thread_rng(); + + //let r = R.unwrap_or(Fr::random(rng)); + // c = g1^m1 * ... * gn^mn * h^r + //println!("(commit) index: 0"); + let mut c = csp.pub_bases[0].clone(); + c.mul_assign(r); + for i in 1 .. x.len() { + //println!("(commit) index: {}", i); + let mut basis= csp.pub_bases[i]; + basis.mul_assign(x[i]); + c.add_assign(&basis); + } + // return (c, r) <- r + let commitment = Commitment { c, r }; + + // debugging + //println!("{}", commitment); + return commitment; +} + +pub fn decommit(csp: &CSParams, cm: &Commitment, x: &Vec) -> bool { + let l = x.len(); + // pub_base[0] => h, x[0] => r + // check that cm.r == x[0] + // assert!(cm.r == x[0]); + let mut dc = csp.pub_bases[0].clone(); + dc.mul_assign(cm.r.clone()); + for i in 1 .. l { + let mut basis= csp.pub_bases[i]; + basis.mul_assign(x[i]); + dc.add_assign(&basis); + } + return dc == cm.c && cm.r == x[0]; +} + +#[cfg(test)] +mod tests { + use super::*; + use pairing::bls12_381::{Bls12, Fr}; + use ff::Field; + + #[test] + fn commit_one_message_works() { + let rng = &mut thread_rng(); + let pk = ped92_setup::(); + + let m1 = Fr::rand(rng); + let mut m2 = m1.clone(); + m2.add_assign(&Fr::one()); + let r = Fr::rand(rng); + let c = ped92_commit(&pk, m1, Some(r)); + + assert!(ped92_decommit(&pk, &c, m1) == true); + assert!(ped92_decommit(&pk, &c, m2) == false); + } + + #[test] + fn commit_n_message_works() { + let rng = &mut thread_rng(); + let len = 3; + let csp = setup_gen_params::(len); + + let mut m: Vec = Vec::new(); + for i in 0 .. len { + m.push(Fr::rand(rng)); + } + let r = m[0].clone(); + let c = commit(&csp, &m, r); + + assert!(decommit(&csp, &c, &m) == true); + } +} From 1f2e56bef2058edd83e3cde0a44baea265e9c000 Mon Sep 17 00:00:00 2001 From: Gijs Van Laer Date: Fri, 14 Jun 2019 18:59:33 -0400 Subject: [PATCH 2/5] ped92: cleanup asserts --- src/ped92.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/ped92.rs b/src/ped92.rs index a6835a4..429860b 100644 --- a/src/ped92.rs +++ b/src/ped92.rs @@ -18,13 +18,13 @@ use serde::{Serialize, Deserialize}; #[derive(Clone)] pub struct PublicKey { g: E::G2, - h: E::G2 + h: E::G2, } #[derive(Clone)] pub struct Commitment { pub c: E::G2, - pub r: E::Fr + pub r: E::Fr, } #[derive(Clone)] @@ -137,7 +137,7 @@ pub fn setup(len: usize, pub_bases: Vec, h: E::G2) -> CSParams p.push(h); let _p = pub_bases; - for i in 0 .. _p.len() { + for i in 0.._p.len() { p.push(_p[i]); } return CSParams { pub_bases: p }; @@ -147,7 +147,7 @@ pub fn setup_gen_params(len: usize) -> CSParams { let rng = &mut thread_rng(); let mut p: Vec = Vec::new(); - for i in 0 .. len { + for i in 0..len { p.push(E::G2::rand(rng)); } return CSParams { pub_bases: p }; @@ -161,9 +161,9 @@ pub fn commit(csp: &CSParams, x: &Vec, r: E::Fr) -> Commitm //println!("(commit) index: 0"); let mut c = csp.pub_bases[0].clone(); c.mul_assign(r); - for i in 1 .. x.len() { + for i in 1..x.len() { //println!("(commit) index: {}", i); - let mut basis= csp.pub_bases[i]; + let mut basis = csp.pub_bases[i]; basis.mul_assign(x[i]); c.add_assign(&basis); } @@ -182,8 +182,8 @@ pub fn decommit(csp: &CSParams, cm: &Commitment, x: &Vec // assert!(cm.r == x[0]); let mut dc = csp.pub_bases[0].clone(); dc.mul_assign(cm.r.clone()); - for i in 1 .. l { - let mut basis= csp.pub_bases[i]; + for i in 1..l { + let mut basis = csp.pub_bases[i]; basis.mul_assign(x[i]); dc.add_assign(&basis); } @@ -207,8 +207,8 @@ mod tests { let r = Fr::rand(rng); let c = ped92_commit(&pk, m1, Some(r)); - assert!(ped92_decommit(&pk, &c, m1) == true); - assert!(ped92_decommit(&pk, &c, m2) == false); + assert_eq!(true, ped92_decommit(&pk, &c, m1)); + assert_eq!(false, ped92_decommit(&pk, &c, m2)); } #[test] @@ -218,12 +218,12 @@ mod tests { let csp = setup_gen_params::(len); let mut m: Vec = Vec::new(); - for i in 0 .. len { + for i in 0..len { m.push(Fr::rand(rng)); } let r = m[0].clone(); let c = commit(&csp, &m, r); - assert!(decommit(&csp, &c, &m) == true); + assert_eq!(true, decommit(&csp, &c, &m)); } } From 1195f0fdc27892750b14878cb4ae70d59f6d0bd6 Mon Sep 17 00:00:00 2001 From: Gijs Van Laer Date: Fri, 14 Jun 2019 19:57:52 -0400 Subject: [PATCH 3/5] ped92: add methods to CSParams --- src/ped92.rs | 112 ++++++++++++++++++--------------------------------- 1 file changed, 39 insertions(+), 73 deletions(-) diff --git a/src/ped92.rs b/src/ped92.rs index 429860b..d2ce75d 100644 --- a/src/ped92.rs +++ b/src/ped92.rs @@ -1,19 +1,7 @@ -// commit_schemes.rs -extern crate serde; - -use serialization_wrappers; -use std::fmt; +// ped92.rs use rand::{thread_rng, Rng}; -use bn::{Group, Fr, G1, G2}; use pairing::{Engine, CurveProjective, CurveAffine}; use ff::Rand; -use clsigs; -use debug_elem_in_hex; -use bincode::SizeLimit::Infinite; -use bincode::rustc_serialize::encode; -use sodiumoxide::crypto::hash::sha512; - -use serde::{Serialize, Deserialize}; #[derive(Clone)] pub struct PublicKey { @@ -125,69 +113,47 @@ pub fn ped92_decommit(pk: &PublicKey, cm: &Commitment, m: E::Fr } -/* -Implements the setup algorithm for the Pedersen92 commitment scheme over -a vector of messages. -*/ -pub fn setup(len: usize, pub_bases: Vec, h: E::G2) -> CSParams { - let rng = &mut thread_rng(); - //let base_h = h.unwrap_or(G2::random(rng)); - let mut p: Vec = Vec::new(); - p.push(h); - - let _p = pub_bases; - for i in 0.._p.len() { - p.push(_p[i]); +impl CSParams { + /* + Implements the setup algorithm for the Pedersen92 commitment scheme over + a vector of messages. + */ + pub fn setup_gen_params(rng: &mut R, len: usize) -> Self { + let mut p: Vec = Vec::new(); + for i in 0..len { + p.push(E::G2::rand(rng)); + } + return CSParams { pub_bases: p }; } - return CSParams { pub_bases: p }; -} -pub fn setup_gen_params(len: usize) -> CSParams { - let rng = &mut thread_rng(); - - let mut p: Vec = Vec::new(); - for i in 0..len { - p.push(E::G2::rand(rng)); + pub fn commit(&self, rng: &mut R, x: &Vec, r: E::Fr) -> Commitment { + //let r = R.unwrap_or(Fr::random(rng)); + // c = g1^m1 * ... * gn^mn * h^r + let mut c = self.pub_bases[0].clone(); + c.mul_assign(r); + for i in 1..x.len() { + let mut basis = self.pub_bases[i]; + basis.mul_assign(x[i]); + c.add_assign(&basis); + } + // return (c, r) <- r + Commitment { c, r } } - return CSParams { pub_bases: p }; -} -pub fn commit(csp: &CSParams, x: &Vec, r: E::Fr) -> Commitment { - let rng = &mut thread_rng(); - - //let r = R.unwrap_or(Fr::random(rng)); - // c = g1^m1 * ... * gn^mn * h^r - //println!("(commit) index: 0"); - let mut c = csp.pub_bases[0].clone(); - c.mul_assign(r); - for i in 1..x.len() { - //println!("(commit) index: {}", i); - let mut basis = csp.pub_bases[i]; - basis.mul_assign(x[i]); - c.add_assign(&basis); + pub fn decommit(&self, cm: &Commitment, x: &Vec) -> bool { + let l = x.len(); + // pub_base[0] => h, x[0] => r + // check that cm.r == x[0] + let mut dc = self.pub_bases[0].clone(); + dc.mul_assign(cm.r.clone()); + for i in 1..l { + let mut basis = self.pub_bases[i]; + basis.mul_assign(x[i]); + dc.add_assign(&basis); + } + return dc == cm.c && cm.r == x[0]; } - // return (c, r) <- r - let commitment = Commitment { c, r }; - - // debugging - //println!("{}", commitment); - return commitment; -} - -pub fn decommit(csp: &CSParams, cm: &Commitment, x: &Vec) -> bool { - let l = x.len(); - // pub_base[0] => h, x[0] => r - // check that cm.r == x[0] - // assert!(cm.r == x[0]); - let mut dc = csp.pub_bases[0].clone(); - dc.mul_assign(cm.r.clone()); - for i in 1..l { - let mut basis = csp.pub_bases[i]; - basis.mul_assign(x[i]); - dc.add_assign(&basis); - } - return dc == cm.c && cm.r == x[0]; } #[cfg(test)] @@ -215,15 +181,15 @@ mod tests { fn commit_n_message_works() { let rng = &mut thread_rng(); let len = 3; - let csp = setup_gen_params::(len); + let csp = CSParams::::setup_gen_params(rng, len); let mut m: Vec = Vec::new(); for i in 0..len { m.push(Fr::rand(rng)); } let r = m[0].clone(); - let c = commit(&csp, &m, r); + let c = csp.commit(rng, &m, r); - assert_eq!(true, decommit(&csp, &c, &m)); + assert_eq!(true, csp.decommit( &c, &m)); } } From 0b277eb2e19345b4a03f360ec7b6314a778ca30f Mon Sep 17 00:00:00 2001 From: Gijs Van Laer Date: Fri, 14 Jun 2019 20:55:02 -0400 Subject: [PATCH 4/5] ped92: move commitment to PublicKey --- src/ped92.rs | 80 +++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 41 deletions(-) diff --git a/src/ped92.rs b/src/ped92.rs index d2ce75d..0a30a88 100644 --- a/src/ped92.rs +++ b/src/ped92.rs @@ -55,61 +55,59 @@ pub struct CSParams { // } //} -/* +impl PublicKey { + /* Implements the setup algorithm for the Pedersen92 commitment scheme */ -pub fn ped92_setup() -> PublicKey { - println!("Run Setup..."); - let rng = &mut thread_rng(); - let g = E::G2::rand(rng); - let h = E::G2::rand(rng); - let pk = PublicKey { g, h }; - return pk; -} + pub fn setup(rng: &mut R) -> Self { + let g = E::G2::rand(rng); + let h = E::G2::rand(rng); + let pk = PublicKey { g, h }; + return pk; + } -/* + /* commit(pk, msg) -> cm where - pk is the public key generated from setup() - msg is the message structure for the commitment scheme - cm is the output commitment message for the given message */ -pub fn ped92_commit(pk: &PublicKey, m: E::Fr, R: Option) -> Commitment { - let rng = &mut thread_rng(); + pub fn commit(&self, rng: &mut R, m: E::Fr, R: Option) -> Commitment { + let r = R.unwrap_or(E::Fr::rand(rng)); + //let r = Fr::random(rng); - let r = R.unwrap_or(E::Fr::rand(rng)); - //let r = Fr::random(rng); + //let m = msg.hash(); + let p = "commit -> m"; + // c = g^m * h^r + let mut c = self.g.clone(); + c.mul_assign(m); + let mut h = self.h.clone(); + h.mul_assign(r); + c.add_assign(&h); + // return (c, r) <- d=r + let commitment = Commitment { c, r }; - //let m = msg.hash(); - let p = "commit -> m"; - // c = g^m * h^r - let mut c = pk.g.clone(); - c.mul_assign(m); - let mut h = pk.h.clone(); - h.mul_assign(r); - c.add_assign(&h); - // return (c, r) <- d=r - let commitment = Commitment { c, r }; + // debugging + return commitment; + } - // debugging - return commitment; -} - -/* + /* decommit(pk, cm, msg) -> bool where - pk is the public key generated from setup() - cm is the commitment - m is the message to validate - outputs T/F for whether the cm is a valid commitment to the msg */ -pub fn ped92_decommit(pk: &PublicKey, cm: &Commitment, m: E::Fr) -> bool { - let p = "decommit -> m"; + pub fn decommit(&self, cm: &Commitment, m: E::Fr) -> bool { + let p = "decommit -> m"; - let mut dm = pk.g.clone(); - dm.mul_assign(m); - let mut h = pk.h.clone(); - h.mul_assign(cm.r.clone()); - dm.add_assign(&h); - return dm == cm.c; + let mut dm = self.g.clone(); + dm.mul_assign(m); + let mut h = self.h.clone(); + h.mul_assign(cm.r.clone()); + dm.add_assign(&h); + return dm == cm.c; + } } @@ -165,16 +163,16 @@ mod tests { #[test] fn commit_one_message_works() { let rng = &mut thread_rng(); - let pk = ped92_setup::(); + let pk = PublicKey::::setup(rng); let m1 = Fr::rand(rng); let mut m2 = m1.clone(); m2.add_assign(&Fr::one()); let r = Fr::rand(rng); - let c = ped92_commit(&pk, m1, Some(r)); + let c = pk.commit(rng, m1, Some(r)); - assert_eq!(true, ped92_decommit(&pk, &c, m1)); - assert_eq!(false, ped92_decommit(&pk, &c, m2)); + assert_eq!(true, pk.decommit(&c, m1)); + assert_eq!(false, pk.decommit(&c, m2)); } #[test] From effbc54e658a1af8419aad4577ca0176361a952c Mon Sep 17 00:00:00 2001 From: Gijs Van Laer Date: Sun, 16 Jun 2019 10:38:30 -0400 Subject: [PATCH 5/5] ped92: renaming --- src/ped92.rs | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/ped92.rs b/src/ped92.rs index 0a30a88..762377f 100644 --- a/src/ped92.rs +++ b/src/ped92.rs @@ -4,7 +4,7 @@ use pairing::{Engine, CurveProjective, CurveAffine}; use ff::Rand; #[derive(Clone)] -pub struct PublicKey { +pub struct CSPublicKey { g: E::G2, h: E::G2, } @@ -16,11 +16,11 @@ pub struct Commitment { } #[derive(Clone)] -pub struct CSParams { +pub struct CSMultiPublicKey { pub pub_bases: Vec } -//impl fmt::Display for PublicKey { +//impl fmt::Display for CSPublicKey { // fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { // let g_vec: Vec = encode(&self.g, Infinite).unwrap(); // let h_vec: Vec = encode(&self.h, Infinite).unwrap(); @@ -55,14 +55,14 @@ pub struct CSParams { // } //} -impl PublicKey { +impl CSPublicKey { /* Implements the setup algorithm for the Pedersen92 commitment scheme */ pub fn setup(rng: &mut R) -> Self { let g = E::G2::rand(rng); let h = E::G2::rand(rng); - let pk = PublicKey { g, h }; + let pk = CSPublicKey { g, h }; return pk; } @@ -111,8 +111,7 @@ decommit(pk, cm, msg) -> bool where } - -impl CSParams { +impl CSMultiPublicKey { /* Implements the setup algorithm for the Pedersen92 commitment scheme over a vector of messages. @@ -122,7 +121,7 @@ impl CSParams { for i in 0..len { p.push(E::G2::rand(rng)); } - return CSParams { pub_bases: p }; + return CSMultiPublicKey { pub_bases: p }; } pub fn commit(&self, rng: &mut R, x: &Vec, r: E::Fr) -> Commitment { @@ -163,7 +162,7 @@ mod tests { #[test] fn commit_one_message_works() { let rng = &mut thread_rng(); - let pk = PublicKey::::setup(rng); + let pk = CSPublicKey::::setup(rng); let m1 = Fr::rand(rng); let mut m2 = m1.clone(); @@ -179,7 +178,7 @@ mod tests { fn commit_n_message_works() { let rng = &mut thread_rng(); let len = 3; - let csp = CSParams::::setup_gen_params(rng, len); + let csp = CSMultiPublicKey::::setup_gen_params(rng, len); let mut m: Vec = Vec::new(); for i in 0..len { @@ -188,6 +187,6 @@ mod tests { let r = m[0].clone(); let c = csp.commit(rng, &m, r); - assert_eq!(true, csp.decommit( &c, &m)); + assert_eq!(true, csp.decommit(&c, &m)); } }