From a40e7fc59b3e7ac4e1fb0f4f155e966dad8e1e4a Mon Sep 17 00:00:00 2001 From: Sam Kim Date: Tue, 5 Oct 2021 09:02:52 -0400 Subject: [PATCH] Rename Pedersen related structs and methods for consistency --- zk-token-sdk/src/encryption/elgamal.rs | 50 +-- zk-token-sdk/src/encryption/pedersen.rs | 308 +++++++++---------- zk-token-sdk/src/instruction/transfer.rs | 77 ++--- zk-token-sdk/src/instruction/withdraw.rs | 6 +- zk-token-sdk/src/range_proof/mod.rs | 26 +- zk-token-sdk/src/zk_token_elgamal/convert.rs | 42 +-- zk-token-sdk/src/zk_token_elgamal/ops.rs | 36 ++- zk-token-sdk/src/zk_token_elgamal/pod.rs | 4 +- 8 files changed, 271 insertions(+), 278 deletions(-) diff --git a/zk-token-sdk/src/encryption/elgamal.rs b/zk-token-sdk/src/encryption/elgamal.rs index c41e607c5..dfdc7852f 100644 --- a/zk-token-sdk/src/encryption/elgamal.rs +++ b/zk-token-sdk/src/encryption/elgamal.rs @@ -3,7 +3,9 @@ use rand::{rngs::OsRng, CryptoRng, RngCore}; use { crate::encryption::{ discrete_log::DiscreteLog, - pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen}, + pedersen::{ + Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening, + }, }, arrayref::{array_ref, array_refs}, core::ops::{Add, Div, Mul, Sub}, @@ -53,7 +55,7 @@ impl ElGamal { /// returns an ElGamal ciphertext of the message under the public key. #[cfg(not(target_arch = "bpf"))] pub fn encrypt>(pk: &ElGamalPubkey, amount: T) -> ElGamalCiphertext { - let (message_comm, open) = Pedersen::commit(amount); + let (message_comm, open) = Pedersen::new(amount); let decrypt_handle = pk.gen_decrypt_handle(&open); ElGamalCiphertext { @@ -68,9 +70,9 @@ impl ElGamal { pub fn encrypt_with>( pk: &ElGamalPubkey, amount: T, - open: &PedersenOpen, + open: &PedersenOpening, ) -> ElGamalCiphertext { - let message_comm = Pedersen::commit_with(amount, open); + let message_comm = Pedersen::with(amount, open); let decrypt_handle = pk.gen_decrypt_handle(open); ElGamalCiphertext { @@ -141,14 +143,18 @@ impl ElGamalPubkey { } /// Utility method for code ergonomics. - pub fn encrypt_with>(&self, msg: T, open: &PedersenOpen) -> ElGamalCiphertext { + pub fn encrypt_with>( + &self, + msg: T, + open: &PedersenOpening, + ) -> ElGamalCiphertext { ElGamal::encrypt_with(self, msg, open) } /// Generate a decryption token from an ElGamal public key and a Pedersen /// opening. - pub fn gen_decrypt_handle(self, open: &PedersenOpen) -> PedersenDecHandle { - PedersenDecHandle::generate_handle(open, &self) + pub fn gen_decrypt_handle(self, open: &PedersenOpening) -> PedersenDecryptHandle { + PedersenDecryptHandle::generate_handle(open, &self) } } @@ -220,12 +226,12 @@ impl ConstantTimeEq for ElGamalSecretKey { #[allow(non_snake_case)] #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] pub struct ElGamalCiphertext { - pub message_comm: PedersenComm, - pub decrypt_handle: PedersenDecHandle, + pub message_comm: PedersenCommitment, + pub decrypt_handle: PedersenDecryptHandle, } impl ElGamalCiphertext { pub fn add_to_msg>(&self, message: T) -> Self { - let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default()); + let diff_comm = Pedersen::with(message, &PedersenOpening::default()); ElGamalCiphertext { message_comm: self.message_comm + diff_comm, decrypt_handle: self.decrypt_handle, @@ -233,7 +239,7 @@ impl ElGamalCiphertext { } pub fn sub_to_msg>(&self, message: T) -> Self { - let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default()); + let diff_comm = Pedersen::with(message, &PedersenOpening::default()); ElGamalCiphertext { message_comm: self.message_comm - diff_comm, decrypt_handle: self.decrypt_handle, @@ -257,8 +263,8 @@ impl ElGamalCiphertext { let decrypt_handle = CompressedRistretto::from_slice(decrypt_handle).decompress()?; Some(ElGamalCiphertext { - message_comm: PedersenComm(message_comm), - decrypt_handle: PedersenDecHandle(decrypt_handle), + message_comm: PedersenCommitment(message_comm), + decrypt_handle: PedersenDecryptHandle(decrypt_handle), }) } @@ -378,7 +384,7 @@ mod tests { let (pk_2, sk_2) = ElGamal::new(); let msg: u32 = 77; - let (comm, open) = Pedersen::commit(msg); + let (comm, open) = Pedersen::new(msg); let decrypt_handle_1 = pk_1.gen_decrypt_handle(&open); let decrypt_handle_2 = pk_2.gen_decrypt_handle(&open); @@ -406,8 +412,8 @@ mod tests { let msg_1: u64 = 77; // Add two ElGamal ciphertexts - let open_0 = PedersenOpen::random(&mut OsRng); - let open_1 = PedersenOpen::random(&mut OsRng); + let open_0 = PedersenOpening::random(&mut OsRng); + let open_1 = PedersenOpening::random(&mut OsRng); let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0); let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1); @@ -417,7 +423,7 @@ mod tests { assert_eq!(ct_sum, ct_0 + ct_1); // Add to ElGamal ciphertext - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct_sum = ElGamal::encrypt_with(&pk, msg_0 + msg_1, &open); @@ -431,8 +437,8 @@ mod tests { let msg_1: u64 = 55; // Subtract two ElGamal ciphertexts - let open_0 = PedersenOpen::random(&mut OsRng); - let open_1 = PedersenOpen::random(&mut OsRng); + let open_0 = PedersenOpening::random(&mut OsRng); + let open_1 = PedersenOpening::random(&mut OsRng); let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0); let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1); @@ -442,7 +448,7 @@ mod tests { assert_eq!(ct_sub, ct_0 - ct_1); // Subtract to ElGamal ciphertext - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let ct_sub = ElGamal::encrypt_with(&pk, msg_0 - msg_1, &open); @@ -455,7 +461,7 @@ mod tests { let msg_0: u64 = 57; let msg_1: u64 = 77; - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let scalar = Scalar::from(msg_1); @@ -471,7 +477,7 @@ mod tests { let msg_0: u64 = 55; let msg_1: u64 = 5; - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let ct = ElGamal::encrypt_with(&pk, msg_0, &open); let scalar = Scalar::from(msg_1); diff --git a/zk-token-sdk/src/encryption/pedersen.rs b/zk-token-sdk/src/encryption/pedersen.rs index a20e5460e..47f077520 100644 --- a/zk-token-sdk/src/encryption/pedersen.rs +++ b/zk-token-sdk/src/encryption/pedersen.rs @@ -1,10 +1,7 @@ #[cfg(not(target_arch = "bpf"))] use rand::{rngs::OsRng, CryptoRng, RngCore}; use { - crate::{ - encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey}, - errors::ProofError, - }, + crate::encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey}, core::ops::{Add, Div, Mul, Sub}, curve25519_dalek::{ constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT}, @@ -53,9 +50,10 @@ impl Pedersen { /// /// TODO: Interface that takes a random generator as input #[cfg(not(target_arch = "bpf"))] - pub fn commit>(amount: T) -> (PedersenComm, PedersenOpen) { - let open = PedersenOpen(Scalar::random(&mut OsRng)); - let comm = Pedersen::commit_with(amount, &open); + #[allow(clippy::new_ret_no_self)] + pub fn new>(amount: T) -> (PedersenCommitment, PedersenOpening) { + let open = PedersenOpening(Scalar::random(&mut OsRng)); + let comm = Pedersen::with(amount, &open); (comm, open) } @@ -63,54 +61,28 @@ impl Pedersen { /// Given a number and an opening as inputs, the function returns their /// Pedersen commitment. #[allow(non_snake_case)] - pub fn commit_with>(amount: T, open: &PedersenOpen) -> PedersenComm { + pub fn with>(amount: T, open: &PedersenOpening) -> PedersenCommitment { let G = PedersenBase::default().G; let H = PedersenBase::default().H; let x: Scalar = amount.into(); let r = open.get_scalar(); - PedersenComm(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H])) - } - - /// Given a number, opening, and Pedersen commitment, the function verifies - /// the validity of the commitment with respect to the number and opening. - /// - /// This function is included for completeness and is not used for the - /// c-token program. - #[allow(non_snake_case)] - pub fn verify>( - comm: PedersenComm, - open: PedersenOpen, - amount: T, - ) -> Result<(), ProofError> { - let G = PedersenBase::default().G; - let H = PedersenBase::default().H; - - let x: Scalar = amount.into(); - - let r = open.get_scalar(); - let C = comm.get_point(); - - if C == RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]) { - Ok(()) - } else { - Err(ProofError::VerificationError) - } + PedersenCommitment(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H])) } } #[derive(Serialize, Deserialize, Clone, Debug, Zeroize)] #[zeroize(drop)] -pub struct PedersenOpen(pub(crate) Scalar); -impl PedersenOpen { +pub struct PedersenOpening(pub(crate) Scalar); +impl PedersenOpening { pub fn get_scalar(&self) -> Scalar { self.0 } #[cfg(not(target_arch = "bpf"))] pub fn random(rng: &mut T) -> Self { - PedersenOpen(Scalar::random(rng)) + PedersenOpening(Scalar::random(rng)) } #[allow(clippy::wrong_self_convention)] @@ -118,83 +90,91 @@ impl PedersenOpen { self.0.to_bytes() } - pub fn from_bytes(bytes: &[u8]) -> Option { + pub fn from_bytes(bytes: &[u8]) -> Option { match bytes.try_into() { - Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpen), + Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpening), _ => None, } } } -impl Eq for PedersenOpen {} -impl PartialEq for PedersenOpen { +impl Eq for PedersenOpening {} +impl PartialEq for PedersenOpening { fn eq(&self, other: &Self) -> bool { self.ct_eq(other).unwrap_u8() == 1u8 } } -impl ConstantTimeEq for PedersenOpen { +impl ConstantTimeEq for PedersenOpening { fn ct_eq(&self, other: &Self) -> Choice { self.0.ct_eq(&other.0) } } -impl Default for PedersenOpen { +impl Default for PedersenOpening { fn default() -> Self { - PedersenOpen(Scalar::default()) + PedersenOpening(Scalar::default()) } } -impl<'a, 'b> Add<&'b PedersenOpen> for &'a PedersenOpen { - type Output = PedersenOpen; +impl<'a, 'b> Add<&'b PedersenOpening> for &'a PedersenOpening { + type Output = PedersenOpening; - fn add(self, other: &'b PedersenOpen) -> PedersenOpen { - PedersenOpen(self.get_scalar() + other.get_scalar()) + fn add(self, other: &'b PedersenOpening) -> PedersenOpening { + PedersenOpening(self.get_scalar() + other.get_scalar()) } } define_add_variants!( - LHS = PedersenOpen, - RHS = PedersenOpen, - Output = PedersenOpen + LHS = PedersenOpening, + RHS = PedersenOpening, + Output = PedersenOpening ); -impl<'a, 'b> Sub<&'b PedersenOpen> for &'a PedersenOpen { - type Output = PedersenOpen; +impl<'a, 'b> Sub<&'b PedersenOpening> for &'a PedersenOpening { + type Output = PedersenOpening; - fn sub(self, other: &'b PedersenOpen) -> PedersenOpen { - PedersenOpen(self.get_scalar() - other.get_scalar()) + fn sub(self, other: &'b PedersenOpening) -> PedersenOpening { + PedersenOpening(self.get_scalar() - other.get_scalar()) } } define_sub_variants!( - LHS = PedersenOpen, - RHS = PedersenOpen, - Output = PedersenOpen + LHS = PedersenOpening, + RHS = PedersenOpening, + Output = PedersenOpening ); -impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpen { - type Output = PedersenOpen; +impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpening { + type Output = PedersenOpening; - fn mul(self, other: &'b Scalar) -> PedersenOpen { - PedersenOpen(self.get_scalar() * other) + fn mul(self, other: &'b Scalar) -> PedersenOpening { + PedersenOpening(self.get_scalar() * other) } } -define_mul_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen); +define_mul_variants!( + LHS = PedersenOpening, + RHS = Scalar, + Output = PedersenOpening +); -impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpen { - type Output = PedersenOpen; +impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpening { + type Output = PedersenOpening; #[allow(clippy::suspicious_arithmetic_impl)] - fn div(self, other: &'b Scalar) -> PedersenOpen { - PedersenOpen(self.get_scalar() * other.invert()) + fn div(self, other: &'b Scalar) -> PedersenOpening { + PedersenOpening(self.get_scalar() * other.invert()) } } -define_div_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen); +define_div_variants!( + LHS = PedersenOpening, + RHS = Scalar, + Output = PedersenOpening +); #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] -pub struct PedersenComm(pub(crate) RistrettoPoint); -impl PedersenComm { +pub struct PedersenCommitment(pub(crate) RistrettoPoint); +impl PedersenCommitment { pub fn get_point(&self) -> RistrettoPoint { self.0 } @@ -204,79 +184,87 @@ impl PedersenComm { self.0.compress().to_bytes() } - pub fn from_bytes(bytes: &[u8]) -> Option { - Some(PedersenComm( + pub fn from_bytes(bytes: &[u8]) -> Option { + Some(PedersenCommitment( CompressedRistretto::from_slice(bytes).decompress()?, )) } } -impl<'a, 'b> Add<&'b PedersenComm> for &'a PedersenComm { - type Output = PedersenComm; +impl<'a, 'b> Add<&'b PedersenCommitment> for &'a PedersenCommitment { + type Output = PedersenCommitment; - fn add(self, other: &'b PedersenComm) -> PedersenComm { - PedersenComm(self.get_point() + other.get_point()) + fn add(self, other: &'b PedersenCommitment) -> PedersenCommitment { + PedersenCommitment(self.get_point() + other.get_point()) } } define_add_variants!( - LHS = PedersenComm, - RHS = PedersenComm, - Output = PedersenComm + LHS = PedersenCommitment, + RHS = PedersenCommitment, + Output = PedersenCommitment ); -impl<'a, 'b> Sub<&'b PedersenComm> for &'a PedersenComm { - type Output = PedersenComm; +impl<'a, 'b> Sub<&'b PedersenCommitment> for &'a PedersenCommitment { + type Output = PedersenCommitment; - fn sub(self, other: &'b PedersenComm) -> PedersenComm { - PedersenComm(self.get_point() - other.get_point()) + fn sub(self, other: &'b PedersenCommitment) -> PedersenCommitment { + PedersenCommitment(self.get_point() - other.get_point()) } } define_sub_variants!( - LHS = PedersenComm, - RHS = PedersenComm, - Output = PedersenComm + LHS = PedersenCommitment, + RHS = PedersenCommitment, + Output = PedersenCommitment ); -impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenComm { - type Output = PedersenComm; +impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenCommitment { + type Output = PedersenCommitment; - fn mul(self, other: &'b Scalar) -> PedersenComm { - PedersenComm(self.get_point() * other) + fn mul(self, other: &'b Scalar) -> PedersenCommitment { + PedersenCommitment(self.get_point() * other) } } -define_mul_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm); +define_mul_variants!( + LHS = PedersenCommitment, + RHS = Scalar, + Output = PedersenCommitment +); -impl<'a, 'b> Div<&'b Scalar> for &'a PedersenComm { - type Output = PedersenComm; +impl<'a, 'b> Div<&'b Scalar> for &'a PedersenCommitment { + type Output = PedersenCommitment; #[allow(clippy::suspicious_arithmetic_impl)] - fn div(self, other: &'b Scalar) -> PedersenComm { - PedersenComm(self.get_point() * other.invert()) + fn div(self, other: &'b Scalar) -> PedersenCommitment { + PedersenCommitment(self.get_point() * other.invert()) } } -define_div_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm); +define_div_variants!( + LHS = PedersenCommitment, + RHS = Scalar, + Output = PedersenCommitment +); /// Decryption handle for Pedersen commitment. /// /// A decryption handle can be combined with Pedersen commitments to form an /// ElGamal ciphertext. #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)] -pub struct PedersenDecHandle(pub(crate) RistrettoPoint); -impl PedersenDecHandle { +pub struct PedersenDecryptHandle(pub(crate) RistrettoPoint); +impl PedersenDecryptHandle { pub fn get_point(&self) -> RistrettoPoint { self.0 } - pub fn generate_handle(open: &PedersenOpen, pk: &ElGamalPubkey) -> PedersenDecHandle { - PedersenDecHandle(open.get_scalar() * pk.get_point()) + pub fn generate_handle(open: &PedersenOpening, pk: &ElGamalPubkey) -> PedersenDecryptHandle { + PedersenDecryptHandle(open.get_scalar() * pk.get_point()) } /// Maps a decryption token and Pedersen commitment to ElGamal ciphertext - pub fn to_elgamal_ciphertext(self, comm: PedersenComm) -> ElGamalCiphertext { + pub fn to_elgamal_ciphertext(self, comm: PedersenCommitment) -> ElGamalCiphertext { ElGamalCiphertext { message_comm: comm, decrypt_handle: self, @@ -288,94 +276,86 @@ impl PedersenDecHandle { self.0.compress().to_bytes() } - pub fn from_bytes(bytes: &[u8]) -> Option { - Some(PedersenDecHandle( + pub fn from_bytes(bytes: &[u8]) -> Option { + Some(PedersenDecryptHandle( CompressedRistretto::from_slice(bytes).decompress()?, )) } } -impl<'a, 'b> Add<&'b PedersenDecHandle> for &'a PedersenDecHandle { - type Output = PedersenDecHandle; +impl<'a, 'b> Add<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle { + type Output = PedersenDecryptHandle; - fn add(self, other: &'b PedersenDecHandle) -> PedersenDecHandle { - PedersenDecHandle(self.get_point() + other.get_point()) + fn add(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle { + PedersenDecryptHandle(self.get_point() + other.get_point()) } } define_add_variants!( - LHS = PedersenDecHandle, - RHS = PedersenDecHandle, - Output = PedersenDecHandle + LHS = PedersenDecryptHandle, + RHS = PedersenDecryptHandle, + Output = PedersenDecryptHandle ); -impl<'a, 'b> Sub<&'b PedersenDecHandle> for &'a PedersenDecHandle { - type Output = PedersenDecHandle; +impl<'a, 'b> Sub<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle { + type Output = PedersenDecryptHandle; - fn sub(self, other: &'b PedersenDecHandle) -> PedersenDecHandle { - PedersenDecHandle(self.get_point() - other.get_point()) + fn sub(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle { + PedersenDecryptHandle(self.get_point() - other.get_point()) } } define_sub_variants!( - LHS = PedersenDecHandle, - RHS = PedersenDecHandle, - Output = PedersenDecHandle + LHS = PedersenDecryptHandle, + RHS = PedersenDecryptHandle, + Output = PedersenDecryptHandle ); -impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecHandle { - type Output = PedersenDecHandle; +impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecryptHandle { + type Output = PedersenDecryptHandle; - fn mul(self, other: &'b Scalar) -> PedersenDecHandle { - PedersenDecHandle(self.get_point() * other) + fn mul(self, other: &'b Scalar) -> PedersenDecryptHandle { + PedersenDecryptHandle(self.get_point() * other) } } define_mul_variants!( - LHS = PedersenDecHandle, + LHS = PedersenDecryptHandle, RHS = Scalar, - Output = PedersenDecHandle + Output = PedersenDecryptHandle ); -impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecHandle { - type Output = PedersenDecHandle; +impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecryptHandle { + type Output = PedersenDecryptHandle; #[allow(clippy::suspicious_arithmetic_impl)] - fn div(self, other: &'b Scalar) -> PedersenDecHandle { - PedersenDecHandle(self.get_point() * other.invert()) + fn div(self, other: &'b Scalar) -> PedersenDecryptHandle { + PedersenDecryptHandle(self.get_point() * other.invert()) } } define_div_variants!( - LHS = PedersenDecHandle, + LHS = PedersenDecryptHandle, RHS = Scalar, - Output = PedersenDecHandle + Output = PedersenDecryptHandle ); #[cfg(test)] mod tests { use super::*; - #[test] - fn test_commit_verification_correctness() { - let amt: u64 = 57; - let (comm, open) = Pedersen::commit(amt); - - assert!(Pedersen::verify(comm, open, amt).is_ok()); - } - #[test] fn test_homomorphic_addition() { let amt_0: u64 = 77; let amt_1: u64 = 57; let rng = &mut OsRng; - let open_0 = PedersenOpen(Scalar::random(rng)); - let open_1 = PedersenOpen(Scalar::random(rng)); + let open_0 = PedersenOpening(Scalar::random(rng)); + let open_1 = PedersenOpening(Scalar::random(rng)); - let comm_0 = Pedersen::commit_with(amt_0, &open_0); - let comm_1 = Pedersen::commit_with(amt_1, &open_1); - let comm_addition = Pedersen::commit_with(amt_0 + amt_1, &(open_0 + open_1)); + let comm_0 = Pedersen::with(amt_0, &open_0); + let comm_1 = Pedersen::with(amt_1, &open_1); + let comm_addition = Pedersen::with(amt_0 + amt_1, &(open_0 + open_1)); assert_eq!(comm_addition, comm_0 + comm_1); } @@ -386,12 +366,12 @@ mod tests { let amt_1: u64 = 57; let rng = &mut OsRng; - let open_0 = PedersenOpen(Scalar::random(rng)); - let open_1 = PedersenOpen(Scalar::random(rng)); + let open_0 = PedersenOpening(Scalar::random(rng)); + let open_1 = PedersenOpening(Scalar::random(rng)); - let comm_0 = Pedersen::commit_with(amt_0, &open_0); - let comm_1 = Pedersen::commit_with(amt_1, &open_1); - let comm_addition = Pedersen::commit_with(amt_0 - amt_1, &(open_0 - open_1)); + let comm_0 = Pedersen::with(amt_0, &open_0); + let comm_1 = Pedersen::with(amt_1, &open_1); + let comm_addition = Pedersen::with(amt_0 - amt_1, &(open_0 - open_1)); assert_eq!(comm_addition, comm_0 - comm_1); } @@ -401,9 +381,9 @@ mod tests { let amt_0: u64 = 77; let amt_1: u64 = 57; - let (comm, open) = Pedersen::commit(amt_0); + let (comm, open) = Pedersen::new(amt_0); let scalar = Scalar::from(amt_1); - let comm_addition = Pedersen::commit_with(amt_0 * amt_1, &(open * scalar)); + let comm_addition = Pedersen::with(amt_0 * amt_1, &(open * scalar)); assert_eq!(comm_addition, comm * scalar); } @@ -413,9 +393,9 @@ mod tests { let amt_0: u64 = 77; let amt_1: u64 = 7; - let (comm, open) = Pedersen::commit(amt_0); + let (comm, open) = Pedersen::new(amt_0); let scalar = Scalar::from(amt_1); - let comm_addition = Pedersen::commit_with(amt_0 / amt_1, &(open / scalar)); + let comm_addition = Pedersen::with(amt_0 / amt_1, &(open / scalar)); assert_eq!(comm_addition, comm / scalar); } @@ -423,30 +403,30 @@ mod tests { #[test] fn test_commitment_bytes() { let amt: u64 = 77; - let (comm, _) = Pedersen::commit(amt); + let (comm, _) = Pedersen::new(amt); let encoded = comm.to_bytes(); - let decoded = PedersenComm::from_bytes(&encoded).unwrap(); + let decoded = PedersenCommitment::from_bytes(&encoded).unwrap(); assert_eq!(comm, decoded); } #[test] fn test_opening_bytes() { - let open = PedersenOpen(Scalar::random(&mut OsRng)); + let open = PedersenOpening(Scalar::random(&mut OsRng)); let encoded = open.to_bytes(); - let decoded = PedersenOpen::from_bytes(&encoded).unwrap(); + let decoded = PedersenOpening::from_bytes(&encoded).unwrap(); assert_eq!(open, decoded); } #[test] fn test_decrypt_handle_bytes() { - let handle = PedersenDecHandle(RistrettoPoint::default()); + let handle = PedersenDecryptHandle(RistrettoPoint::default()); let encoded = handle.to_bytes(); - let decoded = PedersenDecHandle::from_bytes(&encoded).unwrap(); + let decoded = PedersenDecryptHandle::from_bytes(&encoded).unwrap(); assert_eq!(handle, decoded); } @@ -454,30 +434,30 @@ mod tests { #[test] fn test_serde_commitment() { let amt: u64 = 77; - let (comm, _) = Pedersen::commit(amt); + let (comm, _) = Pedersen::new(amt); let encoded = bincode::serialize(&comm).unwrap(); - let decoded: PedersenComm = bincode::deserialize(&encoded).unwrap(); + let decoded: PedersenCommitment = bincode::deserialize(&encoded).unwrap(); assert_eq!(comm, decoded); } #[test] fn test_serde_opening() { - let open = PedersenOpen(Scalar::random(&mut OsRng)); + let open = PedersenOpening(Scalar::random(&mut OsRng)); let encoded = bincode::serialize(&open).unwrap(); - let decoded: PedersenOpen = bincode::deserialize(&encoded).unwrap(); + let decoded: PedersenOpening = bincode::deserialize(&encoded).unwrap(); assert_eq!(open, decoded); } #[test] fn test_serde_decrypt_handle() { - let handle = PedersenDecHandle(RistrettoPoint::default()); + let handle = PedersenDecryptHandle(RistrettoPoint::default()); let encoded = bincode::serialize(&handle).unwrap(); - let decoded: PedersenDecHandle = bincode::deserialize(&encoded).unwrap(); + let decoded: PedersenDecryptHandle = bincode::deserialize(&encoded).unwrap(); assert_eq!(handle, decoded); } diff --git a/zk-token-sdk/src/instruction/transfer.rs b/zk-token-sdk/src/instruction/transfer.rs index 3ea89e1ee..6e9fa029a 100644 --- a/zk-token-sdk/src/instruction/transfer.rs +++ b/zk-token-sdk/src/instruction/transfer.rs @@ -7,7 +7,9 @@ use { crate::{ encryption::{ elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey}, - pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen}, + pedersen::{ + Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening, + }, }, errors::ProofError, instruction::Verifiable, @@ -51,8 +53,8 @@ impl TransferData { // ciphertext separately. let (amount_lo, amount_hi) = split_u64_into_u32(transfer_amount); - let (comm_lo, open_lo) = Pedersen::commit(amount_lo); - let (comm_hi, open_hi) = Pedersen::commit(amount_hi); + let (comm_lo, open_lo) = Pedersen::new(amount_lo); + let (comm_hi, open_hi) = Pedersen::new(amount_hi); let handle_source_lo = source_pk.gen_decrypt_handle(&open_lo); let handle_dest_lo = dest_pk.gen_decrypt_handle(&open_lo); @@ -139,16 +141,16 @@ impl TransferData { /// Extracts the lo and hi source ciphertexts associated with a transfer data and returns the /// *combined* ciphertext pub fn source_ciphertext(&self) -> Result { - let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?; - let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?; + let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?; + let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?; let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi); - let decryption_handle_lo: PedersenDecHandle = self + let decryption_handle_lo: PedersenDecryptHandle = self .validity_proof .decryption_handles_lo .source .try_into()?; - let decryption_handle_hi: PedersenDecHandle = self + let decryption_handle_hi: PedersenDecryptHandle = self .validity_proof .decryption_handles_hi .source @@ -161,13 +163,13 @@ impl TransferData { /// Extracts the lo and hi destination ciphertexts associated with a transfer data and returns /// the *combined* ciphertext pub fn dest_ciphertext(&self) -> Result { - let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?; - let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?; + let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?; + let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?; let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi); - let decryption_handle_lo: PedersenDecHandle = + let decryption_handle_lo: PedersenDecryptHandle = self.validity_proof.decryption_handles_lo.dest.try_into()?; - let decryption_handle_hi: PedersenDecHandle = + let decryption_handle_hi: PedersenDecryptHandle = self.validity_proof.decryption_handles_hi.dest.try_into()?; let decryption_handle = combine_u32_handles(decryption_handle_lo, decryption_handle_hi); @@ -243,10 +245,10 @@ pub struct TransferValidityProofData { #[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[repr(C)] pub struct TransferEphemeralState { - pub spendable_comm_verification: pod::PedersenComm, // 32 bytes - pub x: pod::Scalar, // 32 bytes - pub z: pod::Scalar, // 32 bytes - pub t_x_blinding: pod::Scalar, // 32 bytes + pub spendable_comm_verification: pod::PedersenCommitment, // 32 bytes + pub x: pod::Scalar, // 32 bytes + pub z: pod::Scalar, // 32 bytes + pub t_x_blinding: pod::Scalar, // 32 bytes } #[cfg(not(target_arch = "bpf"))] @@ -281,8 +283,8 @@ impl TransferProofs { dest_pk: &ElGamalPubkey, auditor_pk: &ElGamalPubkey, transfer_amt: (u64, u64), - lo_open: &PedersenOpen, - hi_open: &PedersenOpen, + lo_open: &PedersenOpening, + hi_open: &PedersenOpening, new_spendable_balance: u64, new_spendable_ct: &ElGamalCiphertext, ) -> (Self, TransferEphemeralState) { @@ -302,14 +304,14 @@ impl TransferProofs { let c = transcript_validity_proof.challenge_scalar(b"c"); let z = s + c * y; - let new_spendable_open = PedersenOpen(c * r_new); + let new_spendable_open = PedersenOpening(c * r_new); let spendable_comm_verification = - Pedersen::commit_with(new_spendable_balance, &new_spendable_open); + Pedersen::with(new_spendable_balance, &new_spendable_open); // Generate proof for the transfer amounts - let t_1_blinding = PedersenOpen::random(&mut OsRng); - let t_2_blinding = PedersenOpen::random(&mut OsRng); + let t_1_blinding = PedersenOpening::random(&mut OsRng); + let t_2_blinding = PedersenOpening::random(&mut OsRng); let u = transcript_validity_proof.challenge_scalar(b"u"); let P_joint = RistrettoPoint::multiscalar_mul( @@ -441,9 +443,9 @@ impl ValidityProof { let x = ephemeral_state.x.into(); let z: Scalar = ephemeral_state.z.into(); - let handle_source_lo: PedersenDecHandle = decryption_handles_lo.source.try_into()?; - let handle_dest_lo: PedersenDecHandle = decryption_handles_lo.dest.try_into()?; - let handle_auditor_lo: PedersenDecHandle = decryption_handles_lo.auditor.try_into()?; + let handle_source_lo: PedersenDecryptHandle = decryption_handles_lo.source.try_into()?; + let handle_dest_lo: PedersenDecryptHandle = decryption_handles_lo.dest.try_into()?; + let handle_auditor_lo: PedersenDecryptHandle = decryption_handles_lo.auditor.try_into()?; let D_joint: CompressedRistretto = self.T_joint.into(); let D_joint = D_joint.decompress().ok_or(ProofError::VerificationError)?; @@ -457,9 +459,9 @@ impl ValidityProof { ], ); - let handle_source_hi: PedersenDecHandle = decryption_handles_hi.source.try_into()?; - let handle_dest_hi: PedersenDecHandle = decryption_handles_hi.dest.try_into()?; - let handle_auditor_hi: PedersenDecHandle = decryption_handles_hi.auditor.try_into()?; + let handle_source_hi: PedersenDecryptHandle = decryption_handles_hi.source.try_into()?; + let handle_dest_hi: PedersenDecryptHandle = decryption_handles_hi.dest.try_into()?; + let handle_auditor_hi: PedersenDecryptHandle = decryption_handles_hi.auditor.try_into()?; let D_joint_hi = RistrettoPoint::vartime_multiscalar_mul( vec![Scalar::one(), u, u * u], @@ -506,17 +508,17 @@ pub struct TransferPubKeys { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct TransferComms { - pub lo: pod::PedersenComm, // 32 bytes - pub hi: pod::PedersenComm, // 32 bytes + pub lo: pod::PedersenCommitment, // 32 bytes + pub hi: pod::PedersenCommitment, // 32 bytes } /// The decryption handles needed for a transfer #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct TransferHandles { - pub source: pod::PedersenDecHandle, // 32 bytes - pub dest: pod::PedersenDecHandle, // 32 bytes - pub auditor: pod::PedersenDecHandle, // 32 bytes + pub source: pod::PedersenDecryptHandle, // 32 bytes + pub dest: pod::PedersenDecryptHandle, // 32 bytes + pub auditor: pod::PedersenDecryptHandle, // 32 bytes } /// Split u64 number into two u32 numbers @@ -533,15 +535,18 @@ pub fn split_u64_into_u32(amt: u64) -> (u32, u32) { const TWO_32: u64 = 4294967296; #[cfg(not(target_arch = "bpf"))] -pub fn combine_u32_comms(comm_lo: PedersenComm, comm_hi: PedersenComm) -> PedersenComm { +pub fn combine_u32_comms( + comm_lo: PedersenCommitment, + comm_hi: PedersenCommitment, +) -> PedersenCommitment { comm_lo + comm_hi * Scalar::from(TWO_32) } #[cfg(not(target_arch = "bpf"))] pub fn combine_u32_handles( - handle_lo: PedersenDecHandle, - handle_hi: PedersenDecHandle, -) -> PedersenDecHandle { + handle_lo: PedersenDecryptHandle, + handle_hi: PedersenDecryptHandle, +) -> PedersenDecryptHandle { handle_lo + handle_hi * Scalar::from(TWO_32) } diff --git a/zk-token-sdk/src/instruction/withdraw.rs b/zk-token-sdk/src/instruction/withdraw.rs index b335d7a36..5d68a0993 100644 --- a/zk-token-sdk/src/instruction/withdraw.rs +++ b/zk-token-sdk/src/instruction/withdraw.rs @@ -7,7 +7,7 @@ use { crate::{ encryption::{ elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey}, - pedersen::{PedersenBase, PedersenOpen}, + pedersen::{PedersenBase, PedersenOpening}, }, errors::ProofError, instruction::Verifiable, @@ -54,7 +54,7 @@ impl WithdrawData { // encode withdraw amount as an ElGamal ciphertext and subtract it from // current source balance - let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpen::default()); + let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpening::default()); let final_balance_ct = current_balance_ct - amount_encoded; let proof = WithdrawProof::new(source_sk, final_balance, &final_balance_ct); @@ -126,7 +126,7 @@ impl WithdrawProof { let z = s + c * y; // compute the new Pedersen commitment and opening - let new_open = PedersenOpen(c * r_new); + let new_open = PedersenOpening(c * r_new); let range_proof = RangeProof::create( vec![final_balance], diff --git a/zk-token-sdk/src/range_proof/mod.rs b/zk-token-sdk/src/range_proof/mod.rs index c377e2910..8cae7b03e 100644 --- a/zk-token-sdk/src/range_proof/mod.rs +++ b/zk-token-sdk/src/range_proof/mod.rs @@ -1,6 +1,6 @@ #[cfg(not(target_arch = "bpf"))] use { - crate::encryption::pedersen::{Pedersen, PedersenOpen}, + crate::encryption::pedersen::{Pedersen, PedersenOpening}, curve25519_dalek::traits::MultiscalarMul, rand::rngs::OsRng, subtle::{Choice, ConditionallySelectable}, @@ -44,11 +44,11 @@ impl RangeProof { pub fn create( amounts: Vec, bit_lengths: Vec, - opens: Vec<&PedersenOpen>, + opens: Vec<&PedersenOpening>, transcript: &mut Transcript, ) -> Self { - let t_1_blinding = PedersenOpen::random(&mut OsRng); - let t_2_blinding = PedersenOpen::random(&mut OsRng); + let t_1_blinding = PedersenOpening::random(&mut OsRng); + let t_2_blinding = PedersenOpening::random(&mut OsRng); let (range_proof, _, _) = Self::create_with( amounts, @@ -67,9 +67,9 @@ impl RangeProof { pub fn create_with( amounts: Vec, bit_lengths: Vec, - opens: Vec<&PedersenOpen>, - t_1_blinding: &PedersenOpen, - t_2_blinding: &PedersenOpen, + opens: Vec<&PedersenOpening>, + t_1_blinding: &PedersenOpening, + t_2_blinding: &PedersenOpening, transcript: &mut Transcript, ) -> (Self, Scalar, Scalar) { let nm = bit_lengths.iter().sum(); @@ -139,10 +139,10 @@ impl RangeProof { let t_poly = l_poly.inner_product(&r_poly); - let T_1 = Pedersen::commit_with(t_poly.1, t_1_blinding) + let T_1 = Pedersen::with(t_poly.1, t_1_blinding) .get_point() .compress(); - let T_2 = Pedersen::commit_with(t_poly.2, t_2_blinding) + let T_2 = Pedersen::with(t_poly.2, t_2_blinding) .get_point() .compress(); @@ -407,7 +407,7 @@ mod tests { #[test] fn test_single_rangeproof() { - let (comm, open) = Pedersen::commit(55_u64); + let (comm, open) = Pedersen::new(55_u64); let mut transcript_create = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test"); @@ -425,9 +425,9 @@ mod tests { #[test] fn test_aggregated_rangeproof() { - let (comm_1, open_1) = Pedersen::commit(55_u64); - let (comm_2, open_2) = Pedersen::commit(77_u64); - let (comm_3, open_3) = Pedersen::commit(99_u64); + let (comm_1, open_1) = Pedersen::new(55_u64); + let (comm_2, open_2) = Pedersen::new(77_u64); + let (comm_3, open_3) = Pedersen::new(99_u64); let mut transcript_create = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test"); diff --git a/zk-token-sdk/src/zk_token_elgamal/convert.rs b/zk-token-sdk/src/zk_token_elgamal/convert.rs index 4f16cf3a1..9dd08dd07 100644 --- a/zk-token-sdk/src/zk_token_elgamal/convert.rs +++ b/zk-token-sdk/src/zk_token_elgamal/convert.rs @@ -1,8 +1,8 @@ use super::pod; pub use target_arch::*; -impl From<(pod::PedersenComm, pod::PedersenDecHandle)> for pod::ElGamalCiphertext { - fn from((comm, decrypt_handle): (pod::PedersenComm, pod::PedersenDecHandle)) -> Self { +impl From<(pod::PedersenCommitment, pod::PedersenDecryptHandle)> for pod::ElGamalCiphertext { + fn from((comm, decrypt_handle): (pod::PedersenCommitment, pod::PedersenDecryptHandle)) -> Self { let mut buf = [0_u8; 64]; buf[..32].copy_from_slice(&comm.0); buf[32..].copy_from_slice(&decrypt_handle.0); @@ -16,7 +16,7 @@ mod target_arch { super::pod, crate::{ encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey}, - encryption::pedersen::{PedersenComm, PedersenDecHandle}, + encryption::pedersen::{PedersenCommitment, PedersenDecryptHandle}, errors::ProofError, range_proof::RangeProof, }, @@ -88,62 +88,62 @@ mod target_arch { } } - impl From for pod::PedersenComm { - fn from(comm: PedersenComm) -> Self { + impl From for pod::PedersenCommitment { + fn from(comm: PedersenCommitment) -> Self { Self(comm.to_bytes()) } } // For proof verification, interpret pod::PedersenComm directly as CompressedRistretto #[cfg(not(target_arch = "bpf"))] - impl From for CompressedRistretto { - fn from(pod: pod::PedersenComm) -> Self { + impl From for CompressedRistretto { + fn from(pod: pod::PedersenCommitment) -> Self { Self(pod.0) } } #[cfg(not(target_arch = "bpf"))] - impl TryFrom for PedersenComm { + impl TryFrom for PedersenCommitment { type Error = ProofError; - fn try_from(pod: pod::PedersenComm) -> Result { + fn try_from(pod: pod::PedersenCommitment) -> Result { Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData) } } #[cfg(not(target_arch = "bpf"))] - impl fmt::Debug for pod::PedersenComm { + impl fmt::Debug for pod::PedersenCommitment { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{:?}", self.0) } } #[cfg(not(target_arch = "bpf"))] - impl From for pod::PedersenDecHandle { - fn from(handle: PedersenDecHandle) -> Self { + impl From for pod::PedersenDecryptHandle { + fn from(handle: PedersenDecryptHandle) -> Self { Self(handle.to_bytes()) } } // For proof verification, interpret pod::PedersenDecHandle as CompressedRistretto #[cfg(not(target_arch = "bpf"))] - impl From for CompressedRistretto { - fn from(pod: pod::PedersenDecHandle) -> Self { + impl From for CompressedRistretto { + fn from(pod: pod::PedersenDecryptHandle) -> Self { Self(pod.0) } } #[cfg(not(target_arch = "bpf"))] - impl TryFrom for PedersenDecHandle { + impl TryFrom for PedersenDecryptHandle { type Error = ProofError; - fn try_from(pod: pod::PedersenDecHandle) -> Result { + fn try_from(pod: pod::PedersenDecryptHandle) -> Result { Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData) } } #[cfg(not(target_arch = "bpf"))] - impl fmt::Debug for pod::PedersenDecHandle { + impl fmt::Debug for pod::PedersenDecryptHandle { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{:?}", self.0) } @@ -224,7 +224,7 @@ mod tests { #[test] fn test_pod_range_proof_64() { - let (comm, open) = Pedersen::commit(55_u64); + let (comm, open) = Pedersen::new(55_u64); let mut transcript_create = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test"); @@ -250,9 +250,9 @@ mod tests { #[test] fn test_pod_range_proof_128() { - let (comm_1, open_1) = Pedersen::commit(55_u64); - let (comm_2, open_2) = Pedersen::commit(77_u64); - let (comm_3, open_3) = Pedersen::commit(99_u64); + let (comm_1, open_1) = Pedersen::new(55_u64); + let (comm_2, open_2) = Pedersen::new(77_u64); + let (comm_3, open_3) = Pedersen::new(99_u64); let mut transcript_create = Transcript::new(b"Test"); let mut transcript_verify = Transcript::new(b"Test"); diff --git a/zk-token-sdk/src/zk_token_elgamal/ops.rs b/zk-token-sdk/src/zk_token_elgamal/ops.rs index 2f0913503..d24281103 100644 --- a/zk-token-sdk/src/zk_token_elgamal/ops.rs +++ b/zk-token-sdk/src/zk_token_elgamal/ops.rs @@ -235,7 +235,7 @@ mod tests { crate::{ encryption::{ elgamal::{ElGamal, ElGamalCiphertext}, - pedersen::{Pedersen, PedersenOpen}, + pedersen::{Pedersen, PedersenOpening}, }, zk_token_elgamal::{ops, pod}, }, @@ -256,11 +256,11 @@ mod tests { let balance: u64 = 0; assert_eq!( spendable_ct, - pk.encrypt_with(balance, &PedersenOpen::default()) + pk.encrypt_with(balance, &PedersenOpening::default()) ); // homomorphism should work like any other ciphertext - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let transfer_amount_ct = pk.encrypt_with(55_u64, &open); let transfer_amount_pod: pod::ElGamalCiphertext = transfer_amount_ct.into(); @@ -278,7 +278,7 @@ mod tests { let (pk, _) = ElGamal::new(); let expected: pod::ElGamalCiphertext = - pk.encrypt_with(55_u64, &PedersenOpen::default()).into(); + pk.encrypt_with(55_u64, &PedersenOpening::default()).into(); assert_eq!(expected, added_ct); } @@ -287,7 +287,7 @@ mod tests { fn test_subtract_from() { let amount = 77_u64; let (pk, _) = ElGamal::new(); - let open = PedersenOpen::random(&mut OsRng); + let open = PedersenOpening::random(&mut OsRng); let encrypted_amount: pod::ElGamalCiphertext = pk.encrypt_with(amount, &open).into(); let subtracted_ct = ops::subtract_from(&encrypted_amount, 55).unwrap(); @@ -317,28 +317,30 @@ mod tests { let (auditor_pk, _) = ElGamal::new(); // commitments associated with TransferRangeProof - let (comm_lo, open_lo) = Pedersen::commit(amount_lo); - let (comm_hi, open_hi) = Pedersen::commit(amount_hi); + let (comm_lo, open_lo) = Pedersen::new(amount_lo); + let (comm_hi, open_hi) = Pedersen::new(amount_hi); - let comm_lo: pod::PedersenComm = comm_lo.into(); - let comm_hi: pod::PedersenComm = comm_hi.into(); + let comm_lo: pod::PedersenCommitment = comm_lo.into(); + let comm_hi: pod::PedersenCommitment = comm_hi.into(); // decryption handles associated with TransferValidityProof - let handle_source_lo: pod::PedersenDecHandle = + let handle_source_lo: pod::PedersenDecryptHandle = source_pk.gen_decrypt_handle(&open_lo).into(); - let handle_dest_lo: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_lo).into(); - let _handle_auditor_lo: pod::PedersenDecHandle = + let handle_dest_lo: pod::PedersenDecryptHandle = + dest_pk.gen_decrypt_handle(&open_lo).into(); + let _handle_auditor_lo: pod::PedersenDecryptHandle = auditor_pk.gen_decrypt_handle(&open_lo).into(); - let handle_source_hi: pod::PedersenDecHandle = + let handle_source_hi: pod::PedersenDecryptHandle = source_pk.gen_decrypt_handle(&open_hi).into(); - let handle_dest_hi: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_hi).into(); - let _handle_auditor_hi: pod::PedersenDecHandle = + let handle_dest_hi: pod::PedersenDecryptHandle = + dest_pk.gen_decrypt_handle(&open_hi).into(); + let _handle_auditor_hi: pod::PedersenDecryptHandle = auditor_pk.gen_decrypt_handle(&open_hi).into(); // source spendable and recipient pending - let source_open = PedersenOpen::random(&mut OsRng); - let dest_open = PedersenOpen::random(&mut OsRng); + let source_open = PedersenOpening::random(&mut OsRng); + let dest_open = PedersenOpening::random(&mut OsRng); let source_spendable_ct: pod::ElGamalCiphertext = source_pk.encrypt_with(77_u64, &source_open).into(); diff --git a/zk-token-sdk/src/zk_token_elgamal/pod.rs b/zk-token-sdk/src/zk_token_elgamal/pod.rs index 12c65ee7c..9b1ff138c 100644 --- a/zk-token-sdk/src/zk_token_elgamal/pod.rs +++ b/zk-token-sdk/src/zk_token_elgamal/pod.rs @@ -18,11 +18,11 @@ pub struct ElGamalPubkey(pub [u8; 32]); #[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[repr(transparent)] -pub struct PedersenComm(pub [u8; 32]); +pub struct PedersenCommitment(pub [u8; 32]); #[derive(Clone, Copy, Pod, Zeroable, PartialEq)] #[repr(transparent)] -pub struct PedersenDecHandle(pub [u8; 32]); +pub struct PedersenDecryptHandle(pub [u8; 32]); /// Serialization of range proofs for 64-bit numbers (for `Withdraw` instruction) #[derive(Clone, Copy)]