feat: add verification for fee proof

2021-12-23 11:23:38 -05:00 · 2021-12-23 11:23:38 -05:00 · 826c3bee4a
parent e561fbc25a
commit 826c3bee4a
1 changed files with 42 additions and 7 deletions
--- a/zk-token-sdk/src/sigma_proofs/fee_proof.rs
+++ b/zk-token-sdk/src/sigma_proofs/fee_proof.rs
@ -1,9 +1,6 @@
 #[cfg(not(target_arch = "bpf"))]
 use {
-    crate::encryption::{
-        elgamal::{ElGamalCiphertext, ElGamalPubkey},
-        pedersen::{PedersenBase, PedersenCommitment, PedersenOpening},
-    },
+    crate::encryption::pedersen::{PedersenBase, PedersenCommitment, PedersenOpening},
    rand::rngs::OsRng,
 };
 use {
@ -25,9 +22,11 @@ pub struct FeeProof {
 #[allow(non_snake_case, dead_code)]
 #[cfg(not(target_arch = "bpf"))]
 impl FeeProof {
+    #[allow(clippy::too_many_arguments)]
    pub fn new(
        amount_fee: u64,
        max_fee: u64,
+        delta_fee: u64,
        commitment_fee: &PedersenCommitment,
        opening_fee: &PedersenOpening,
        commitment_delta_real: &PedersenCommitment,
@ -40,7 +39,7 @@ impl FeeProof {
        let G = PedersenBase::default().G;
        let H = PedersenBase::default().H;

-        let x = Scalar::from(amount_fee);
+        let x = Scalar::from(delta_fee);
        let m = Scalar::from(max_fee);

        let C_max = commitment_fee.get_point();
@ -93,6 +92,8 @@ impl FeeProof {
            let c = transcript.challenge_scalar(b"c");
            let c_equality = c - c_max;

+            transcript.challenge_scalar(b"w");
+
            let z_x = c_equality * x + y_x;
            let z_delta_real = c_equality * r_delta_real + y_delta_real;
            let z_delta_claimed = c_equality * r_delta_claimed + y_delta_claimed;
@ -147,6 +148,8 @@ impl FeeProof {
            let c = transcript.challenge_scalar(b"c");
            let c_max = c - c_equality;

+            transcript.challenge_scalar(b"w");
+
            let z_max = c_max * r_max + y_max;

            let fee_max_proof = FeeMaxProof {
@ -220,9 +223,40 @@ impl FeeProof {
        let c_max = self.fee_max_proof.c_max;
        let c_equality = c - c_max;

+        let w = transcript.challenge_scalar(b"w");
+        let ww = w * w;
+
+        println!("{:?}", C_delta_real.compress());
+
        let check = RistrettoPoint::vartime_multiscalar_mul(
-            vec![c_max, -c_max * m, -z_max, Scalar::one()],
-            vec![C_max, G, H, Y_max],
+            vec![
+                c_max,
+                -c_max * m,
+                -z_max,
+                Scalar::one(),
+                w * z_x,
+                w * z_delta_real,
+                -w * c_equality,
+                -w,
+                ww * z_x,
+                ww * z_delta_claimed,
+                -ww * c_equality,
+                -ww,
+            ],
+            vec![
+                C_max,
+                G,
+                H,
+                Y_max,
+                G,
+                H,
+                C_delta_real,
+                Y_delta_real,
+                G,
+                H,
+                C_delta_claimed,
+                Y_delta_claimed,
+            ],
        );

        if check.is_identity() {
@ -282,6 +316,7 @@ mod test {
        let proof = FeeProof::new(
            amount_fee,
            max_fee,
+            delta_fee,
            &commitment_fee,
            &opening_fee,
            &commitment_delta_real,