blockworks-foundation
/
solana-with-rpc-optimizations
mirror of https://github.com/blockworks-foundation/solana-with-rpc-optimizations.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename Pedersen related structs and methods for consistency

This commit is contained in:
Sam Kim 2021-10-05 09:02:52 -04:00 committed by Michael Vines
parent 17cda46531
commit a40e7fc59b
8 changed files with 271 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
zk-token-sdk/src/encryption/elgamal.rs
View File

@ -3,7 +3,9 @@ use rand::{rngs::OsRng, CryptoRng, RngCore};
use {
crate::encryption::{
discrete_log::DiscreteLog,
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen},
pedersen::{
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
},
},
arrayref::{array_ref, array_refs},
core::ops::{Add, Div, Mul, Sub},
@ -53,7 +55,7 @@ impl ElGamal {
/// returns an ElGamal ciphertext of the message under the public key.
#[cfg(not(target_arch = "bpf"))]
pub fn encrypt<T: Into<Scalar>>(pk: &ElGamalPubkey, amount: T) -> ElGamalCiphertext {
let (message_comm, open) = Pedersen::commit(amount);
let (message_comm, open) = Pedersen::new(amount);
let decrypt_handle = pk.gen_decrypt_handle(&open);
ElGamalCiphertext {
@ -68,9 +70,9 @@ impl ElGamal {
pub fn encrypt_with<T: Into<Scalar>>(
pk: &ElGamalPubkey,
amount: T,
open: &PedersenOpen,
open: &PedersenOpening,
) -> ElGamalCiphertext {
let message_comm = Pedersen::commit_with(amount, open);
let message_comm = Pedersen::with(amount, open);
let decrypt_handle = pk.gen_decrypt_handle(open);
ElGamalCiphertext {
@ -141,14 +143,18 @@ impl ElGamalPubkey {
}
/// Utility method for code ergonomics.
pub fn encrypt_with<T: Into<Scalar>>(&self, msg: T, open: &PedersenOpen) -> ElGamalCiphertext {
pub fn encrypt_with<T: Into<Scalar>>(
&self,
msg: T,
open: &PedersenOpening,
) -> ElGamalCiphertext {
ElGamal::encrypt_with(self, msg, open)
}
/// Generate a decryption token from an ElGamal public key and a Pedersen
/// opening.
pub fn gen_decrypt_handle(self, open: &PedersenOpen) -> PedersenDecHandle {
PedersenDecHandle::generate_handle(open, &self)
pub fn gen_decrypt_handle(self, open: &PedersenOpening) -> PedersenDecryptHandle {
PedersenDecryptHandle::generate_handle(open, &self)
}
}
@ -220,12 +226,12 @@ impl ConstantTimeEq for ElGamalSecretKey {
#[allow(non_snake_case)]
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct ElGamalCiphertext {
pub message_comm: PedersenComm,
pub decrypt_handle: PedersenDecHandle,
pub message_comm: PedersenCommitment,
pub decrypt_handle: PedersenDecryptHandle,
}
impl ElGamalCiphertext {
pub fn add_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default());
let diff_comm = Pedersen::with(message, &PedersenOpening::default());
ElGamalCiphertext {
message_comm: self.message_comm + diff_comm,
decrypt_handle: self.decrypt_handle,
@ -233,7 +239,7 @@ impl ElGamalCiphertext {
}
pub fn sub_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default());
let diff_comm = Pedersen::with(message, &PedersenOpening::default());
ElGamalCiphertext {
message_comm: self.message_comm - diff_comm,
decrypt_handle: self.decrypt_handle,
@ -257,8 +263,8 @@ impl ElGamalCiphertext {
let decrypt_handle = CompressedRistretto::from_slice(decrypt_handle).decompress()?;
Some(ElGamalCiphertext {
message_comm: PedersenComm(message_comm),
decrypt_handle: PedersenDecHandle(decrypt_handle),
message_comm: PedersenCommitment(message_comm),
decrypt_handle: PedersenDecryptHandle(decrypt_handle),
})
}
@ -378,7 +384,7 @@ mod tests {
let (pk_2, sk_2) = ElGamal::new();
let msg: u32 = 77;
let (comm, open) = Pedersen::commit(msg);
let (comm, open) = Pedersen::new(msg);
let decrypt_handle_1 = pk_1.gen_decrypt_handle(&open);
let decrypt_handle_2 = pk_2.gen_decrypt_handle(&open);
@ -406,8 +412,8 @@ mod tests {
let msg_1: u64 = 77;
// Add two ElGamal ciphertexts
let open_0 = PedersenOpen::random(&mut OsRng);
let open_1 = PedersenOpen::random(&mut OsRng);
let open_0 = PedersenOpening::random(&mut OsRng);
let open_1 = PedersenOpening::random(&mut OsRng);
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
@ -417,7 +423,7 @@ mod tests {
assert_eq!(ct_sum, ct_0 + ct_1);
// Add to ElGamal ciphertext
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let ct_sum = ElGamal::encrypt_with(&pk, msg_0 + msg_1, &open);
@ -431,8 +437,8 @@ mod tests {
let msg_1: u64 = 55;
// Subtract two ElGamal ciphertexts
let open_0 = PedersenOpen::random(&mut OsRng);
let open_1 = PedersenOpen::random(&mut OsRng);
let open_0 = PedersenOpening::random(&mut OsRng);
let open_1 = PedersenOpening::random(&mut OsRng);
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
@ -442,7 +448,7 @@ mod tests {
assert_eq!(ct_sub, ct_0 - ct_1);
// Subtract to ElGamal ciphertext
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let ct_sub = ElGamal::encrypt_with(&pk, msg_0 - msg_1, &open);
@ -455,7 +461,7 @@ mod tests {
let msg_0: u64 = 57;
let msg_1: u64 = 77;
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let scalar = Scalar::from(msg_1);
@ -471,7 +477,7 @@ mod tests {
let msg_0: u64 = 55;
let msg_1: u64 = 5;
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
let scalar = Scalar::from(msg_1);

308
zk-token-sdk/src/encryption/pedersen.rs
View File

@ -1,10 +1,7 @@
#[cfg(not(target_arch = "bpf"))]
use rand::{rngs::OsRng, CryptoRng, RngCore};
use {
crate::{
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
errors::ProofError,
},
crate::encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
core::ops::{Add, Div, Mul, Sub},
curve25519_dalek::{
constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT},
@ -53,9 +50,10 @@ impl Pedersen {
///
/// TODO: Interface that takes a random generator as input
#[cfg(not(target_arch = "bpf"))]
pub fn commit<T: Into<Scalar>>(amount: T) -> (PedersenComm, PedersenOpen) {
let open = PedersenOpen(Scalar::random(&mut OsRng));
let comm = Pedersen::commit_with(amount, &open);
#[allow(clippy::new_ret_no_self)]
pub fn new<T: Into<Scalar>>(amount: T) -> (PedersenCommitment, PedersenOpening) {
let open = PedersenOpening(Scalar::random(&mut OsRng));
let comm = Pedersen::with(amount, &open);
(comm, open)
}
@ -63,54 +61,28 @@ impl Pedersen {
/// Given a number and an opening as inputs, the function returns their
/// Pedersen commitment.
#[allow(non_snake_case)]
pub fn commit_with<T: Into<Scalar>>(amount: T, open: &PedersenOpen) -> PedersenComm {
pub fn with<T: Into<Scalar>>(amount: T, open: &PedersenOpening) -> PedersenCommitment {
let G = PedersenBase::default().G;
let H = PedersenBase::default().H;
let x: Scalar = amount.into();
let r = open.get_scalar();
PedersenComm(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]))
}
/// Given a number, opening, and Pedersen commitment, the function verifies
/// the validity of the commitment with respect to the number and opening.
///
/// This function is included for completeness and is not used for the
/// c-token program.
#[allow(non_snake_case)]
pub fn verify<T: Into<Scalar>>(
comm: PedersenComm,
open: PedersenOpen,
amount: T,
) -> Result<(), ProofError> {
let G = PedersenBase::default().G;
let H = PedersenBase::default().H;
let x: Scalar = amount.into();
let r = open.get_scalar();
let C = comm.get_point();
if C == RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]) {
Ok(())
} else {
Err(ProofError::VerificationError)
}
PedersenCommitment(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]))
}
}
#[derive(Serialize, Deserialize, Clone, Debug, Zeroize)]
#[zeroize(drop)]
pub struct PedersenOpen(pub(crate) Scalar);
impl PedersenOpen {
pub struct PedersenOpening(pub(crate) Scalar);
impl PedersenOpening {
pub fn get_scalar(&self) -> Scalar {
self.0
}
#[cfg(not(target_arch = "bpf"))]
pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self {
PedersenOpen(Scalar::random(rng))
PedersenOpening(Scalar::random(rng))
}
#[allow(clippy::wrong_self_convention)]
@ -118,83 +90,91 @@ impl PedersenOpen {
self.0.to_bytes()
}
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpen> {
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpening> {
match bytes.try_into() {
Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpen),
Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpening),
_ => None,
}
}
}
impl Eq for PedersenOpen {}
impl PartialEq for PedersenOpen {
impl Eq for PedersenOpening {}
impl PartialEq for PedersenOpening {
fn eq(&self, other: &Self) -> bool {
self.ct_eq(other).unwrap_u8() == 1u8
}
}
impl ConstantTimeEq for PedersenOpen {
impl ConstantTimeEq for PedersenOpening {
fn ct_eq(&self, other: &Self) -> Choice {
self.0.ct_eq(&other.0)
}
}
impl Default for PedersenOpen {
impl Default for PedersenOpening {
fn default() -> Self {
PedersenOpen(Scalar::default())
PedersenOpening(Scalar::default())
}
}
impl<'a, 'b> Add<&'b PedersenOpen> for &'a PedersenOpen {
type Output = PedersenOpen;
impl<'a, 'b> Add<&'b PedersenOpening> for &'a PedersenOpening {
type Output = PedersenOpening;
fn add(self, other: &'b PedersenOpen) -> PedersenOpen {
PedersenOpen(self.get_scalar() + other.get_scalar())
fn add(self, other: &'b PedersenOpening) -> PedersenOpening {
PedersenOpening(self.get_scalar() + other.get_scalar())
}
}
define_add_variants!(
LHS = PedersenOpen,
RHS = PedersenOpen,
Output = PedersenOpen
LHS = PedersenOpening,
RHS = PedersenOpening,
Output = PedersenOpening
);
impl<'a, 'b> Sub<&'b PedersenOpen> for &'a PedersenOpen {
type Output = PedersenOpen;
impl<'a, 'b> Sub<&'b PedersenOpening> for &'a PedersenOpening {
type Output = PedersenOpening;
fn sub(self, other: &'b PedersenOpen) -> PedersenOpen {
PedersenOpen(self.get_scalar() - other.get_scalar())
fn sub(self, other: &'b PedersenOpening) -> PedersenOpening {
PedersenOpening(self.get_scalar() - other.get_scalar())
}
}
define_sub_variants!(
LHS = PedersenOpen,
RHS = PedersenOpen,
Output = PedersenOpen
LHS = PedersenOpening,
RHS = PedersenOpening,
Output = PedersenOpening
);
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpen {
type Output = PedersenOpen;
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpening {
type Output = PedersenOpening;
fn mul(self, other: &'b Scalar) -> PedersenOpen {
PedersenOpen(self.get_scalar() * other)
fn mul(self, other: &'b Scalar) -> PedersenOpening {
PedersenOpening(self.get_scalar() * other)
}
}
define_mul_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen);
define_mul_variants!(
LHS = PedersenOpening,
RHS = Scalar,
Output = PedersenOpening
);
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpen {
type Output = PedersenOpen;
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpening {
type Output = PedersenOpening;
#[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenOpen {
PedersenOpen(self.get_scalar() * other.invert())
fn div(self, other: &'b Scalar) -> PedersenOpening {
PedersenOpening(self.get_scalar() * other.invert())
}
}
define_div_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen);
define_div_variants!(
LHS = PedersenOpening,
RHS = Scalar,
Output = PedersenOpening
);
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct PedersenComm(pub(crate) RistrettoPoint);
impl PedersenComm {
pub struct PedersenCommitment(pub(crate) RistrettoPoint);
impl PedersenCommitment {
pub fn get_point(&self) -> RistrettoPoint {
self.0
}
@ -204,79 +184,87 @@ impl PedersenComm {
self.0.compress().to_bytes()
}
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenComm> {
Some(PedersenComm(
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenCommitment> {
Some(PedersenCommitment(
CompressedRistretto::from_slice(bytes).decompress()?,
))
}
}
impl<'a, 'b> Add<&'b PedersenComm> for &'a PedersenComm {
type Output = PedersenComm;
impl<'a, 'b> Add<&'b PedersenCommitment> for &'a PedersenCommitment {
type Output = PedersenCommitment;
fn add(self, other: &'b PedersenComm) -> PedersenComm {
PedersenComm(self.get_point() + other.get_point())
fn add(self, other: &'b PedersenCommitment) -> PedersenCommitment {
PedersenCommitment(self.get_point() + other.get_point())
}
}
define_add_variants!(
LHS = PedersenComm,
RHS = PedersenComm,
Output = PedersenComm
LHS = PedersenCommitment,
RHS = PedersenCommitment,
Output = PedersenCommitment
);
impl<'a, 'b> Sub<&'b PedersenComm> for &'a PedersenComm {
type Output = PedersenComm;
impl<'a, 'b> Sub<&'b PedersenCommitment> for &'a PedersenCommitment {
type Output = PedersenCommitment;
fn sub(self, other: &'b PedersenComm) -> PedersenComm {
PedersenComm(self.get_point() - other.get_point())
fn sub(self, other: &'b PedersenCommitment) -> PedersenCommitment {
PedersenCommitment(self.get_point() - other.get_point())
}
}
define_sub_variants!(
LHS = PedersenComm,
RHS = PedersenComm,
Output = PedersenComm
LHS = PedersenCommitment,
RHS = PedersenCommitment,
Output = PedersenCommitment
);
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenComm {
type Output = PedersenComm;
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenCommitment {
type Output = PedersenCommitment;
fn mul(self, other: &'b Scalar) -> PedersenComm {
PedersenComm(self.get_point() * other)
fn mul(self, other: &'b Scalar) -> PedersenCommitment {
PedersenCommitment(self.get_point() * other)
}
}
define_mul_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm);
define_mul_variants!(
LHS = PedersenCommitment,
RHS = Scalar,
Output = PedersenCommitment
);
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenComm {
type Output = PedersenComm;
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenCommitment {
type Output = PedersenCommitment;
#[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenComm {
PedersenComm(self.get_point() * other.invert())
fn div(self, other: &'b Scalar) -> PedersenCommitment {
PedersenCommitment(self.get_point() * other.invert())
}
}
define_div_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm);
define_div_variants!(
LHS = PedersenCommitment,
RHS = Scalar,
Output = PedersenCommitment
);
/// Decryption handle for Pedersen commitment.
///
/// A decryption handle can be combined with Pedersen commitments to form an
/// ElGamal ciphertext.
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
pub struct PedersenDecHandle(pub(crate) RistrettoPoint);
impl PedersenDecHandle {
pub struct PedersenDecryptHandle(pub(crate) RistrettoPoint);
impl PedersenDecryptHandle {
pub fn get_point(&self) -> RistrettoPoint {
self.0
}
pub fn generate_handle(open: &PedersenOpen, pk: &ElGamalPubkey) -> PedersenDecHandle {
PedersenDecHandle(open.get_scalar() * pk.get_point())
pub fn generate_handle(open: &PedersenOpening, pk: &ElGamalPubkey) -> PedersenDecryptHandle {
PedersenDecryptHandle(open.get_scalar() * pk.get_point())
}
/// Maps a decryption token and Pedersen commitment to ElGamal ciphertext
pub fn to_elgamal_ciphertext(self, comm: PedersenComm) -> ElGamalCiphertext {
pub fn to_elgamal_ciphertext(self, comm: PedersenCommitment) -> ElGamalCiphertext {
ElGamalCiphertext {
message_comm: comm,
decrypt_handle: self,
@ -288,94 +276,86 @@ impl PedersenDecHandle {
self.0.compress().to_bytes()
}
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecHandle> {
Some(PedersenDecHandle(
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecryptHandle> {
Some(PedersenDecryptHandle(
CompressedRistretto::from_slice(bytes).decompress()?,
))
}
}
impl<'a, 'b> Add<&'b PedersenDecHandle> for &'a PedersenDecHandle {
type Output = PedersenDecHandle;
impl<'a, 'b> Add<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
type Output = PedersenDecryptHandle;
fn add(self, other: &'b PedersenDecHandle) -> PedersenDecHandle {
PedersenDecHandle(self.get_point() + other.get_point())
fn add(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
PedersenDecryptHandle(self.get_point() + other.get_point())
}
}
define_add_variants!(
LHS = PedersenDecHandle,
RHS = PedersenDecHandle,
Output = PedersenDecHandle
LHS = PedersenDecryptHandle,
RHS = PedersenDecryptHandle,
Output = PedersenDecryptHandle
);
impl<'a, 'b> Sub<&'b PedersenDecHandle> for &'a PedersenDecHandle {
type Output = PedersenDecHandle;
impl<'a, 'b> Sub<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
type Output = PedersenDecryptHandle;
fn sub(self, other: &'b PedersenDecHandle) -> PedersenDecHandle {
PedersenDecHandle(self.get_point() - other.get_point())
fn sub(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
PedersenDecryptHandle(self.get_point() - other.get_point())
}
}
define_sub_variants!(
LHS = PedersenDecHandle,
RHS = PedersenDecHandle,
Output = PedersenDecHandle
LHS = PedersenDecryptHandle,
RHS = PedersenDecryptHandle,
Output = PedersenDecryptHandle
);
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecHandle {
type Output = PedersenDecHandle;
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecryptHandle {
type Output = PedersenDecryptHandle;
fn mul(self, other: &'b Scalar) -> PedersenDecHandle {
PedersenDecHandle(self.get_point() * other)
fn mul(self, other: &'b Scalar) -> PedersenDecryptHandle {
PedersenDecryptHandle(self.get_point() * other)
}
}
define_mul_variants!(
LHS = PedersenDecHandle,
LHS = PedersenDecryptHandle,
RHS = Scalar,
Output = PedersenDecHandle
Output = PedersenDecryptHandle
);
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecHandle {
type Output = PedersenDecHandle;
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecryptHandle {
type Output = PedersenDecryptHandle;
#[allow(clippy::suspicious_arithmetic_impl)]
fn div(self, other: &'b Scalar) -> PedersenDecHandle {
PedersenDecHandle(self.get_point() * other.invert())
fn div(self, other: &'b Scalar) -> PedersenDecryptHandle {
PedersenDecryptHandle(self.get_point() * other.invert())
}
}
define_div_variants!(
LHS = PedersenDecHandle,
LHS = PedersenDecryptHandle,
RHS = Scalar,
Output = PedersenDecHandle
Output = PedersenDecryptHandle
);
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_commit_verification_correctness() {
let amt: u64 = 57;
let (comm, open) = Pedersen::commit(amt);
assert!(Pedersen::verify(comm, open, amt).is_ok());
}
#[test]
fn test_homomorphic_addition() {
let amt_0: u64 = 77;
let amt_1: u64 = 57;
let rng = &mut OsRng;
let open_0 = PedersenOpen(Scalar::random(rng));
let open_1 = PedersenOpen(Scalar::random(rng));
let open_0 = PedersenOpening(Scalar::random(rng));
let open_1 = PedersenOpening(Scalar::random(rng));
let comm_0 = Pedersen::commit_with(amt_0, &open_0);
let comm_1 = Pedersen::commit_with(amt_1, &open_1);
let comm_addition = Pedersen::commit_with(amt_0 + amt_1, &(open_0 + open_1));
let comm_0 = Pedersen::with(amt_0, &open_0);
let comm_1 = Pedersen::with(amt_1, &open_1);
let comm_addition = Pedersen::with(amt_0 + amt_1, &(open_0 + open_1));
assert_eq!(comm_addition, comm_0 + comm_1);
}
@ -386,12 +366,12 @@ mod tests {
let amt_1: u64 = 57;
let rng = &mut OsRng;
let open_0 = PedersenOpen(Scalar::random(rng));
let open_1 = PedersenOpen(Scalar::random(rng));
let open_0 = PedersenOpening(Scalar::random(rng));
let open_1 = PedersenOpening(Scalar::random(rng));
let comm_0 = Pedersen::commit_with(amt_0, &open_0);
let comm_1 = Pedersen::commit_with(amt_1, &open_1);
let comm_addition = Pedersen::commit_with(amt_0 - amt_1, &(open_0 - open_1));
let comm_0 = Pedersen::with(amt_0, &open_0);
let comm_1 = Pedersen::with(amt_1, &open_1);
let comm_addition = Pedersen::with(amt_0 - amt_1, &(open_0 - open_1));
assert_eq!(comm_addition, comm_0 - comm_1);
}
@ -401,9 +381,9 @@ mod tests {
let amt_0: u64 = 77;
let amt_1: u64 = 57;
let (comm, open) = Pedersen::commit(amt_0);
let (comm, open) = Pedersen::new(amt_0);
let scalar = Scalar::from(amt_1);
let comm_addition = Pedersen::commit_with(amt_0 * amt_1, &(open * scalar));
let comm_addition = Pedersen::with(amt_0 * amt_1, &(open * scalar));
assert_eq!(comm_addition, comm * scalar);
}
@ -413,9 +393,9 @@ mod tests {
let amt_0: u64 = 77;
let amt_1: u64 = 7;
let (comm, open) = Pedersen::commit(amt_0);
let (comm, open) = Pedersen::new(amt_0);
let scalar = Scalar::from(amt_1);
let comm_addition = Pedersen::commit_with(amt_0 / amt_1, &(open / scalar));
let comm_addition = Pedersen::with(amt_0 / amt_1, &(open / scalar));
assert_eq!(comm_addition, comm / scalar);
}
@ -423,30 +403,30 @@ mod tests {
#[test]
fn test_commitment_bytes() {
let amt: u64 = 77;
let (comm, _) = Pedersen::commit(amt);
let (comm, _) = Pedersen::new(amt);
let encoded = comm.to_bytes();
let decoded = PedersenComm::from_bytes(&encoded).unwrap();
let decoded = PedersenCommitment::from_bytes(&encoded).unwrap();
assert_eq!(comm, decoded);
}
#[test]
fn test_opening_bytes() {
let open = PedersenOpen(Scalar::random(&mut OsRng));
let open = PedersenOpening(Scalar::random(&mut OsRng));
let encoded = open.to_bytes();
let decoded = PedersenOpen::from_bytes(&encoded).unwrap();
let decoded = PedersenOpening::from_bytes(&encoded).unwrap();
assert_eq!(open, decoded);
}
#[test]
fn test_decrypt_handle_bytes() {
let handle = PedersenDecHandle(RistrettoPoint::default());
let handle = PedersenDecryptHandle(RistrettoPoint::default());
let encoded = handle.to_bytes();
let decoded = PedersenDecHandle::from_bytes(&encoded).unwrap();
let decoded = PedersenDecryptHandle::from_bytes(&encoded).unwrap();
assert_eq!(handle, decoded);
}
@ -454,30 +434,30 @@ mod tests {
#[test]
fn test_serde_commitment() {
let amt: u64 = 77;
let (comm, _) = Pedersen::commit(amt);
let (comm, _) = Pedersen::new(amt);
let encoded = bincode::serialize(&comm).unwrap();
let decoded: PedersenComm = bincode::deserialize(&encoded).unwrap();
let decoded: PedersenCommitment = bincode::deserialize(&encoded).unwrap();
assert_eq!(comm, decoded);
}
#[test]
fn test_serde_opening() {
let open = PedersenOpen(Scalar::random(&mut OsRng));
let open = PedersenOpening(Scalar::random(&mut OsRng));
let encoded = bincode::serialize(&open).unwrap();
let decoded: PedersenOpen = bincode::deserialize(&encoded).unwrap();
let decoded: PedersenOpening = bincode::deserialize(&encoded).unwrap();
assert_eq!(open, decoded);
}
#[test]
fn test_serde_decrypt_handle() {
let handle = PedersenDecHandle(RistrettoPoint::default());
let handle = PedersenDecryptHandle(RistrettoPoint::default());
let encoded = bincode::serialize(&handle).unwrap();
let decoded: PedersenDecHandle = bincode::deserialize(&encoded).unwrap();
let decoded: PedersenDecryptHandle = bincode::deserialize(&encoded).unwrap();
assert_eq!(handle, decoded);
}

77
zk-token-sdk/src/instruction/transfer.rs
View File

@ -7,7 +7,9 @@ use {
crate::{
encryption::{
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen},
pedersen::{
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
},
},
errors::ProofError,
instruction::Verifiable,
@ -51,8 +53,8 @@ impl TransferData {
// ciphertext separately.
let (amount_lo, amount_hi) = split_u64_into_u32(transfer_amount);
let (comm_lo, open_lo) = Pedersen::commit(amount_lo);
let (comm_hi, open_hi) = Pedersen::commit(amount_hi);
let (comm_lo, open_lo) = Pedersen::new(amount_lo);
let (comm_hi, open_hi) = Pedersen::new(amount_hi);
let handle_source_lo = source_pk.gen_decrypt_handle(&open_lo);
let handle_dest_lo = dest_pk.gen_decrypt_handle(&open_lo);
@ -139,16 +141,16 @@ impl TransferData {
/// Extracts the lo and hi source ciphertexts associated with a transfer data and returns the
/// *combined* ciphertext
pub fn source_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
let decryption_handle_lo: PedersenDecHandle = self
let decryption_handle_lo: PedersenDecryptHandle = self
.validity_proof
.decryption_handles_lo
.source
.try_into()?;
let decryption_handle_hi: PedersenDecHandle = self
let decryption_handle_hi: PedersenDecryptHandle = self
.validity_proof
.decryption_handles_hi
.source
@ -161,13 +163,13 @@ impl TransferData {
/// Extracts the lo and hi destination ciphertexts associated with a transfer data and returns
/// the *combined* ciphertext
pub fn dest_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
let decryption_handle_lo: PedersenDecHandle =
let decryption_handle_lo: PedersenDecryptHandle =
self.validity_proof.decryption_handles_lo.dest.try_into()?;
let decryption_handle_hi: PedersenDecHandle =
let decryption_handle_hi: PedersenDecryptHandle =
self.validity_proof.decryption_handles_hi.dest.try_into()?;
let decryption_handle = combine_u32_handles(decryption_handle_lo, decryption_handle_hi);
@ -243,10 +245,10 @@ pub struct TransferValidityProofData {
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(C)]
pub struct TransferEphemeralState {
pub spendable_comm_verification: pod::PedersenComm, // 32 bytes
pub x: pod::Scalar, // 32 bytes
pub z: pod::Scalar, // 32 bytes
pub t_x_blinding: pod::Scalar, // 32 bytes
pub spendable_comm_verification: pod::PedersenCommitment, // 32 bytes
pub x: pod::Scalar, // 32 bytes
pub z: pod::Scalar, // 32 bytes
pub t_x_blinding: pod::Scalar, // 32 bytes
}
#[cfg(not(target_arch = "bpf"))]
@ -281,8 +283,8 @@ impl TransferProofs {
dest_pk: &ElGamalPubkey,
auditor_pk: &ElGamalPubkey,
transfer_amt: (u64, u64),
lo_open: &PedersenOpen,
hi_open: &PedersenOpen,
lo_open: &PedersenOpening,
hi_open: &PedersenOpening,
new_spendable_balance: u64,
new_spendable_ct: &ElGamalCiphertext,
) -> (Self, TransferEphemeralState) {
@ -302,14 +304,14 @@ impl TransferProofs {
let c = transcript_validity_proof.challenge_scalar(b"c");
let z = s + c * y;
let new_spendable_open = PedersenOpen(c * r_new);
let new_spendable_open = PedersenOpening(c * r_new);
let spendable_comm_verification =
Pedersen::commit_with(new_spendable_balance, &new_spendable_open);
Pedersen::with(new_spendable_balance, &new_spendable_open);
// Generate proof for the transfer amounts
let t_1_blinding = PedersenOpen::random(&mut OsRng);
let t_2_blinding = PedersenOpen::random(&mut OsRng);
let t_1_blinding = PedersenOpening::random(&mut OsRng);
let t_2_blinding = PedersenOpening::random(&mut OsRng);
let u = transcript_validity_proof.challenge_scalar(b"u");
let P_joint = RistrettoPoint::multiscalar_mul(
@ -441,9 +443,9 @@ impl ValidityProof {
let x = ephemeral_state.x.into();
let z: Scalar = ephemeral_state.z.into();
let handle_source_lo: PedersenDecHandle = decryption_handles_lo.source.try_into()?;
let handle_dest_lo: PedersenDecHandle = decryption_handles_lo.dest.try_into()?;
let handle_auditor_lo: PedersenDecHandle = decryption_handles_lo.auditor.try_into()?;
let handle_source_lo: PedersenDecryptHandle = decryption_handles_lo.source.try_into()?;
let handle_dest_lo: PedersenDecryptHandle = decryption_handles_lo.dest.try_into()?;
let handle_auditor_lo: PedersenDecryptHandle = decryption_handles_lo.auditor.try_into()?;
let D_joint: CompressedRistretto = self.T_joint.into();
let D_joint = D_joint.decompress().ok_or(ProofError::VerificationError)?;
@ -457,9 +459,9 @@ impl ValidityProof {
],
);
let handle_source_hi: PedersenDecHandle = decryption_handles_hi.source.try_into()?;
let handle_dest_hi: PedersenDecHandle = decryption_handles_hi.dest.try_into()?;
let handle_auditor_hi: PedersenDecHandle = decryption_handles_hi.auditor.try_into()?;
let handle_source_hi: PedersenDecryptHandle = decryption_handles_hi.source.try_into()?;
let handle_dest_hi: PedersenDecryptHandle = decryption_handles_hi.dest.try_into()?;
let handle_auditor_hi: PedersenDecryptHandle = decryption_handles_hi.auditor.try_into()?;
let D_joint_hi = RistrettoPoint::vartime_multiscalar_mul(
vec![Scalar::one(), u, u * u],
@ -506,17 +508,17 @@ pub struct TransferPubKeys {
#[derive(Clone, Copy, Pod, Zeroable)]
#[repr(C)]
pub struct TransferComms {
pub lo: pod::PedersenComm, // 32 bytes
pub hi: pod::PedersenComm, // 32 bytes
pub lo: pod::PedersenCommitment, // 32 bytes
pub hi: pod::PedersenCommitment, // 32 bytes
}
/// The decryption handles needed for a transfer
#[derive(Clone, Copy, Pod, Zeroable)]
#[repr(C)]
pub struct TransferHandles {
pub source: pod::PedersenDecHandle, // 32 bytes
pub dest: pod::PedersenDecHandle, // 32 bytes
pub auditor: pod::PedersenDecHandle, // 32 bytes
pub source: pod::PedersenDecryptHandle, // 32 bytes
pub dest: pod::PedersenDecryptHandle, // 32 bytes
pub auditor: pod::PedersenDecryptHandle, // 32 bytes
}
/// Split u64 number into two u32 numbers
@ -533,15 +535,18 @@ pub fn split_u64_into_u32(amt: u64) -> (u32, u32) {
const TWO_32: u64 = 4294967296;
#[cfg(not(target_arch = "bpf"))]
pub fn combine_u32_comms(comm_lo: PedersenComm, comm_hi: PedersenComm) -> PedersenComm {
pub fn combine_u32_comms(
comm_lo: PedersenCommitment,
comm_hi: PedersenCommitment,
) -> PedersenCommitment {
comm_lo + comm_hi * Scalar::from(TWO_32)
}
#[cfg(not(target_arch = "bpf"))]
pub fn combine_u32_handles(
handle_lo: PedersenDecHandle,
handle_hi: PedersenDecHandle,
) -> PedersenDecHandle {
handle_lo: PedersenDecryptHandle,
handle_hi: PedersenDecryptHandle,
) -> PedersenDecryptHandle {
handle_lo + handle_hi * Scalar::from(TWO_32)
}

6
zk-token-sdk/src/instruction/withdraw.rs
View File

@ -7,7 +7,7 @@ use {
crate::{
encryption::{
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
pedersen::{PedersenBase, PedersenOpen},
pedersen::{PedersenBase, PedersenOpening},
},
errors::ProofError,
instruction::Verifiable,
@ -54,7 +54,7 @@ impl WithdrawData {
// encode withdraw amount as an ElGamal ciphertext and subtract it from
// current source balance
let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpen::default());
let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpening::default());
let final_balance_ct = current_balance_ct - amount_encoded;
let proof = WithdrawProof::new(source_sk, final_balance, &final_balance_ct);
@ -126,7 +126,7 @@ impl WithdrawProof {
let z = s + c * y;
// compute the new Pedersen commitment and opening
let new_open = PedersenOpen(c * r_new);
let new_open = PedersenOpening(c * r_new);
let range_proof = RangeProof::create(
vec![final_balance],

26
zk-token-sdk/src/range_proof/mod.rs
View File

@ -1,6 +1,6 @@
#[cfg(not(target_arch = "bpf"))]
use {
crate::encryption::pedersen::{Pedersen, PedersenOpen},
crate::encryption::pedersen::{Pedersen, PedersenOpening},
curve25519_dalek::traits::MultiscalarMul,
rand::rngs::OsRng,
subtle::{Choice, ConditionallySelectable},
@ -44,11 +44,11 @@ impl RangeProof {
pub fn create(
amounts: Vec<u64>,
bit_lengths: Vec<usize>,
opens: Vec<&PedersenOpen>,
opens: Vec<&PedersenOpening>,
transcript: &mut Transcript,
) -> Self {
let t_1_blinding = PedersenOpen::random(&mut OsRng);
let t_2_blinding = PedersenOpen::random(&mut OsRng);
let t_1_blinding = PedersenOpening::random(&mut OsRng);
let t_2_blinding = PedersenOpening::random(&mut OsRng);
let (range_proof, _, _) = Self::create_with(
amounts,
@ -67,9 +67,9 @@ impl RangeProof {
pub fn create_with(
amounts: Vec<u64>,
bit_lengths: Vec<usize>,
opens: Vec<&PedersenOpen>,
t_1_blinding: &PedersenOpen,
t_2_blinding: &PedersenOpen,
opens: Vec<&PedersenOpening>,
t_1_blinding: &PedersenOpening,
t_2_blinding: &PedersenOpening,
transcript: &mut Transcript,
) -> (Self, Scalar, Scalar) {
let nm = bit_lengths.iter().sum();
@ -139,10 +139,10 @@ impl RangeProof {
let t_poly = l_poly.inner_product(&r_poly);
let T_1 = Pedersen::commit_with(t_poly.1, t_1_blinding)
let T_1 = Pedersen::with(t_poly.1, t_1_blinding)
.get_point()
.compress();
let T_2 = Pedersen::commit_with(t_poly.2, t_2_blinding)
let T_2 = Pedersen::with(t_poly.2, t_2_blinding)
.get_point()
.compress();
@ -407,7 +407,7 @@ mod tests {
#[test]
fn test_single_rangeproof() {
let (comm, open) = Pedersen::commit(55_u64);
let (comm, open) = Pedersen::new(55_u64);
let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test");
@ -425,9 +425,9 @@ mod tests {
#[test]
fn test_aggregated_rangeproof() {
let (comm_1, open_1) = Pedersen::commit(55_u64);
let (comm_2, open_2) = Pedersen::commit(77_u64);
let (comm_3, open_3) = Pedersen::commit(99_u64);
let (comm_1, open_1) = Pedersen::new(55_u64);
let (comm_2, open_2) = Pedersen::new(77_u64);
let (comm_3, open_3) = Pedersen::new(99_u64);
let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test");

42
zk-token-sdk/src/zk_token_elgamal/convert.rs
View File

@ -1,8 +1,8 @@
use super::pod;
pub use target_arch::*;
impl From<(pod::PedersenComm, pod::PedersenDecHandle)> for pod::ElGamalCiphertext {
fn from((comm, decrypt_handle): (pod::PedersenComm, pod::PedersenDecHandle)) -> Self {
impl From<(pod::PedersenCommitment, pod::PedersenDecryptHandle)> for pod::ElGamalCiphertext {
fn from((comm, decrypt_handle): (pod::PedersenCommitment, pod::PedersenDecryptHandle)) -> Self {
let mut buf = [0_u8; 64];
buf[..32].copy_from_slice(&comm.0);
buf[32..].copy_from_slice(&decrypt_handle.0);
@ -16,7 +16,7 @@ mod target_arch {
super::pod,
crate::{
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
encryption::pedersen::{PedersenComm, PedersenDecHandle},
encryption::pedersen::{PedersenCommitment, PedersenDecryptHandle},
errors::ProofError,
range_proof::RangeProof,
},
@ -88,62 +88,62 @@ mod target_arch {
}
}
impl From<PedersenComm> for pod::PedersenComm {
fn from(comm: PedersenComm) -> Self {
impl From<PedersenCommitment> for pod::PedersenCommitment {
fn from(comm: PedersenCommitment) -> Self {
Self(comm.to_bytes())
}
}
// For proof verification, interpret pod::PedersenComm directly as CompressedRistretto
#[cfg(not(target_arch = "bpf"))]
impl From<pod::PedersenComm> for CompressedRistretto {
fn from(pod: pod::PedersenComm) -> Self {
impl From<pod::PedersenCommitment> for CompressedRistretto {
fn from(pod: pod::PedersenCommitment) -> Self {
Self(pod.0)
}
}
#[cfg(not(target_arch = "bpf"))]
impl TryFrom<pod::PedersenComm> for PedersenComm {
impl TryFrom<pod::PedersenCommitment> for PedersenCommitment {
type Error = ProofError;
fn try_from(pod: pod::PedersenComm) -> Result<Self, Self::Error> {
fn try_from(pod: pod::PedersenCommitment) -> Result<Self, Self::Error> {
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
}
}
#[cfg(not(target_arch = "bpf"))]
impl fmt::Debug for pod::PedersenComm {
impl fmt::Debug for pod::PedersenCommitment {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self.0)
}
}
#[cfg(not(target_arch = "bpf"))]
impl From<PedersenDecHandle> for pod::PedersenDecHandle {
fn from(handle: PedersenDecHandle) -> Self {
impl From<PedersenDecryptHandle> for pod::PedersenDecryptHandle {
fn from(handle: PedersenDecryptHandle) -> Self {
Self(handle.to_bytes())
}
}
// For proof verification, interpret pod::PedersenDecHandle as CompressedRistretto
#[cfg(not(target_arch = "bpf"))]
impl From<pod::PedersenDecHandle> for CompressedRistretto {
fn from(pod: pod::PedersenDecHandle) -> Self {
impl From<pod::PedersenDecryptHandle> for CompressedRistretto {
fn from(pod: pod::PedersenDecryptHandle) -> Self {
Self(pod.0)
}
}
#[cfg(not(target_arch = "bpf"))]
impl TryFrom<pod::PedersenDecHandle> for PedersenDecHandle {
impl TryFrom<pod::PedersenDecryptHandle> for PedersenDecryptHandle {
type Error = ProofError;
fn try_from(pod: pod::PedersenDecHandle) -> Result<Self, Self::Error> {
fn try_from(pod: pod::PedersenDecryptHandle) -> Result<Self, Self::Error> {
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
}
}
#[cfg(not(target_arch = "bpf"))]
impl fmt::Debug for pod::PedersenDecHandle {
impl fmt::Debug for pod::PedersenDecryptHandle {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self.0)
}
@ -224,7 +224,7 @@ mod tests {
#[test]
fn test_pod_range_proof_64() {
let (comm, open) = Pedersen::commit(55_u64);
let (comm, open) = Pedersen::new(55_u64);
let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test");
@ -250,9 +250,9 @@ mod tests {
#[test]
fn test_pod_range_proof_128() {
let (comm_1, open_1) = Pedersen::commit(55_u64);
let (comm_2, open_2) = Pedersen::commit(77_u64);
let (comm_3, open_3) = Pedersen::commit(99_u64);
let (comm_1, open_1) = Pedersen::new(55_u64);
let (comm_2, open_2) = Pedersen::new(77_u64);
let (comm_3, open_3) = Pedersen::new(99_u64);
let mut transcript_create = Transcript::new(b"Test");
let mut transcript_verify = Transcript::new(b"Test");

36
zk-token-sdk/src/zk_token_elgamal/ops.rs
View File

@ -235,7 +235,7 @@ mod tests {
crate::{
encryption::{
elgamal::{ElGamal, ElGamalCiphertext},
pedersen::{Pedersen, PedersenOpen},
pedersen::{Pedersen, PedersenOpening},
},
zk_token_elgamal::{ops, pod},
},
@ -256,11 +256,11 @@ mod tests {
let balance: u64 = 0;
assert_eq!(
spendable_ct,
pk.encrypt_with(balance, &PedersenOpen::default())
pk.encrypt_with(balance, &PedersenOpening::default())
);
// homomorphism should work like any other ciphertext
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let transfer_amount_ct = pk.encrypt_with(55_u64, &open);
let transfer_amount_pod: pod::ElGamalCiphertext = transfer_amount_ct.into();
@ -278,7 +278,7 @@ mod tests {
let (pk, _) = ElGamal::new();
let expected: pod::ElGamalCiphertext =
pk.encrypt_with(55_u64, &PedersenOpen::default()).into();
pk.encrypt_with(55_u64, &PedersenOpening::default()).into();
assert_eq!(expected, added_ct);
}
@ -287,7 +287,7 @@ mod tests {
fn test_subtract_from() {
let amount = 77_u64;
let (pk, _) = ElGamal::new();
let open = PedersenOpen::random(&mut OsRng);
let open = PedersenOpening::random(&mut OsRng);
let encrypted_amount: pod::ElGamalCiphertext = pk.encrypt_with(amount, &open).into();
let subtracted_ct = ops::subtract_from(&encrypted_amount, 55).unwrap();
@ -317,28 +317,30 @@ mod tests {
let (auditor_pk, _) = ElGamal::new();
// commitments associated with TransferRangeProof
let (comm_lo, open_lo) = Pedersen::commit(amount_lo);
let (comm_hi, open_hi) = Pedersen::commit(amount_hi);
let (comm_lo, open_lo) = Pedersen::new(amount_lo);
let (comm_hi, open_hi) = Pedersen::new(amount_hi);
let comm_lo: pod::PedersenComm = comm_lo.into();
let comm_hi: pod::PedersenComm = comm_hi.into();
let comm_lo: pod::PedersenCommitment = comm_lo.into();
let comm_hi: pod::PedersenCommitment = comm_hi.into();
// decryption handles associated with TransferValidityProof
let handle_source_lo: pod::PedersenDecHandle =
let handle_source_lo: pod::PedersenDecryptHandle =
source_pk.gen_decrypt_handle(&open_lo).into();
let handle_dest_lo: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_lo).into();
let _handle_auditor_lo: pod::PedersenDecHandle =
let handle_dest_lo: pod::PedersenDecryptHandle =
dest_pk.gen_decrypt_handle(&open_lo).into();
let _handle_auditor_lo: pod::PedersenDecryptHandle =
auditor_pk.gen_decrypt_handle(&open_lo).into();
let handle_source_hi: pod::PedersenDecHandle =
let handle_source_hi: pod::PedersenDecryptHandle =
source_pk.gen_decrypt_handle(&open_hi).into();
let handle_dest_hi: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_hi).into();
let _handle_auditor_hi: pod::PedersenDecHandle =
let handle_dest_hi: pod::PedersenDecryptHandle =
dest_pk.gen_decrypt_handle(&open_hi).into();
let _handle_auditor_hi: pod::PedersenDecryptHandle =
auditor_pk.gen_decrypt_handle(&open_hi).into();
// source spendable and recipient pending
let source_open = PedersenOpen::random(&mut OsRng);
let dest_open = PedersenOpen::random(&mut OsRng);
let source_open = PedersenOpening::random(&mut OsRng);
let dest_open = PedersenOpening::random(&mut OsRng);
let source_spendable_ct: pod::ElGamalCiphertext =
source_pk.encrypt_with(77_u64, &source_open).into();

4
zk-token-sdk/src/zk_token_elgamal/pod.rs
View File

@ -18,11 +18,11 @@ pub struct ElGamalPubkey(pub [u8; 32]);
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(transparent)]
pub struct PedersenComm(pub [u8; 32]);
pub struct PedersenCommitment(pub [u8; 32]);
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
#[repr(transparent)]
pub struct PedersenDecHandle(pub [u8; 32]);
pub struct PedersenDecryptHandle(pub [u8; 32]);
/// Serialization of range proofs for 64-bit numbers (for `Withdraw` instruction)
#[derive(Clone, Copy)]