Rename Pedersen related structs and methods for consistency
This commit is contained in:
parent
17cda46531
commit
a40e7fc59b
|
@ -3,7 +3,9 @@ use rand::{rngs::OsRng, CryptoRng, RngCore};
|
|||
use {
|
||||
crate::encryption::{
|
||||
discrete_log::DiscreteLog,
|
||||
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen},
|
||||
pedersen::{
|
||||
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
|
||||
},
|
||||
},
|
||||
arrayref::{array_ref, array_refs},
|
||||
core::ops::{Add, Div, Mul, Sub},
|
||||
|
@ -53,7 +55,7 @@ impl ElGamal {
|
|||
/// returns an ElGamal ciphertext of the message under the public key.
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
pub fn encrypt<T: Into<Scalar>>(pk: &ElGamalPubkey, amount: T) -> ElGamalCiphertext {
|
||||
let (message_comm, open) = Pedersen::commit(amount);
|
||||
let (message_comm, open) = Pedersen::new(amount);
|
||||
let decrypt_handle = pk.gen_decrypt_handle(&open);
|
||||
|
||||
ElGamalCiphertext {
|
||||
|
@ -68,9 +70,9 @@ impl ElGamal {
|
|||
pub fn encrypt_with<T: Into<Scalar>>(
|
||||
pk: &ElGamalPubkey,
|
||||
amount: T,
|
||||
open: &PedersenOpen,
|
||||
open: &PedersenOpening,
|
||||
) -> ElGamalCiphertext {
|
||||
let message_comm = Pedersen::commit_with(amount, open);
|
||||
let message_comm = Pedersen::with(amount, open);
|
||||
let decrypt_handle = pk.gen_decrypt_handle(open);
|
||||
|
||||
ElGamalCiphertext {
|
||||
|
@ -141,14 +143,18 @@ impl ElGamalPubkey {
|
|||
}
|
||||
|
||||
/// Utility method for code ergonomics.
|
||||
pub fn encrypt_with<T: Into<Scalar>>(&self, msg: T, open: &PedersenOpen) -> ElGamalCiphertext {
|
||||
pub fn encrypt_with<T: Into<Scalar>>(
|
||||
&self,
|
||||
msg: T,
|
||||
open: &PedersenOpening,
|
||||
) -> ElGamalCiphertext {
|
||||
ElGamal::encrypt_with(self, msg, open)
|
||||
}
|
||||
|
||||
/// Generate a decryption token from an ElGamal public key and a Pedersen
|
||||
/// opening.
|
||||
pub fn gen_decrypt_handle(self, open: &PedersenOpen) -> PedersenDecHandle {
|
||||
PedersenDecHandle::generate_handle(open, &self)
|
||||
pub fn gen_decrypt_handle(self, open: &PedersenOpening) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle::generate_handle(open, &self)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -220,12 +226,12 @@ impl ConstantTimeEq for ElGamalSecretKey {
|
|||
#[allow(non_snake_case)]
|
||||
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct ElGamalCiphertext {
|
||||
pub message_comm: PedersenComm,
|
||||
pub decrypt_handle: PedersenDecHandle,
|
||||
pub message_comm: PedersenCommitment,
|
||||
pub decrypt_handle: PedersenDecryptHandle,
|
||||
}
|
||||
impl ElGamalCiphertext {
|
||||
pub fn add_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
|
||||
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default());
|
||||
let diff_comm = Pedersen::with(message, &PedersenOpening::default());
|
||||
ElGamalCiphertext {
|
||||
message_comm: self.message_comm + diff_comm,
|
||||
decrypt_handle: self.decrypt_handle,
|
||||
|
@ -233,7 +239,7 @@ impl ElGamalCiphertext {
|
|||
}
|
||||
|
||||
pub fn sub_to_msg<T: Into<Scalar>>(&self, message: T) -> Self {
|
||||
let diff_comm = Pedersen::commit_with(message, &PedersenOpen::default());
|
||||
let diff_comm = Pedersen::with(message, &PedersenOpening::default());
|
||||
ElGamalCiphertext {
|
||||
message_comm: self.message_comm - diff_comm,
|
||||
decrypt_handle: self.decrypt_handle,
|
||||
|
@ -257,8 +263,8 @@ impl ElGamalCiphertext {
|
|||
let decrypt_handle = CompressedRistretto::from_slice(decrypt_handle).decompress()?;
|
||||
|
||||
Some(ElGamalCiphertext {
|
||||
message_comm: PedersenComm(message_comm),
|
||||
decrypt_handle: PedersenDecHandle(decrypt_handle),
|
||||
message_comm: PedersenCommitment(message_comm),
|
||||
decrypt_handle: PedersenDecryptHandle(decrypt_handle),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -378,7 +384,7 @@ mod tests {
|
|||
let (pk_2, sk_2) = ElGamal::new();
|
||||
|
||||
let msg: u32 = 77;
|
||||
let (comm, open) = Pedersen::commit(msg);
|
||||
let (comm, open) = Pedersen::new(msg);
|
||||
|
||||
let decrypt_handle_1 = pk_1.gen_decrypt_handle(&open);
|
||||
let decrypt_handle_2 = pk_2.gen_decrypt_handle(&open);
|
||||
|
@ -406,8 +412,8 @@ mod tests {
|
|||
let msg_1: u64 = 77;
|
||||
|
||||
// Add two ElGamal ciphertexts
|
||||
let open_0 = PedersenOpen::random(&mut OsRng);
|
||||
let open_1 = PedersenOpen::random(&mut OsRng);
|
||||
let open_0 = PedersenOpening::random(&mut OsRng);
|
||||
let open_1 = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
|
||||
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
|
||||
|
@ -417,7 +423,7 @@ mod tests {
|
|||
assert_eq!(ct_sum, ct_0 + ct_1);
|
||||
|
||||
// Add to ElGamal ciphertext
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
|
||||
let ct_sum = ElGamal::encrypt_with(&pk, msg_0 + msg_1, &open);
|
||||
|
||||
|
@ -431,8 +437,8 @@ mod tests {
|
|||
let msg_1: u64 = 55;
|
||||
|
||||
// Subtract two ElGamal ciphertexts
|
||||
let open_0 = PedersenOpen::random(&mut OsRng);
|
||||
let open_1 = PedersenOpen::random(&mut OsRng);
|
||||
let open_0 = PedersenOpening::random(&mut OsRng);
|
||||
let open_1 = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let ct_0 = ElGamal::encrypt_with(&pk, msg_0, &open_0);
|
||||
let ct_1 = ElGamal::encrypt_with(&pk, msg_1, &open_1);
|
||||
|
@ -442,7 +448,7 @@ mod tests {
|
|||
assert_eq!(ct_sub, ct_0 - ct_1);
|
||||
|
||||
// Subtract to ElGamal ciphertext
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
|
||||
let ct_sub = ElGamal::encrypt_with(&pk, msg_0 - msg_1, &open);
|
||||
|
||||
|
@ -455,7 +461,7 @@ mod tests {
|
|||
let msg_0: u64 = 57;
|
||||
let msg_1: u64 = 77;
|
||||
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
|
||||
let scalar = Scalar::from(msg_1);
|
||||
|
@ -471,7 +477,7 @@ mod tests {
|
|||
let msg_0: u64 = 55;
|
||||
let msg_1: u64 = 5;
|
||||
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let ct = ElGamal::encrypt_with(&pk, msg_0, &open);
|
||||
let scalar = Scalar::from(msg_1);
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#[cfg(not(target_arch = "bpf"))]
|
||||
use rand::{rngs::OsRng, CryptoRng, RngCore};
|
||||
use {
|
||||
crate::{
|
||||
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
|
||||
errors::ProofError,
|
||||
},
|
||||
crate::encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
|
||||
core::ops::{Add, Div, Mul, Sub},
|
||||
curve25519_dalek::{
|
||||
constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT},
|
||||
|
@ -53,9 +50,10 @@ impl Pedersen {
|
|||
///
|
||||
/// TODO: Interface that takes a random generator as input
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
pub fn commit<T: Into<Scalar>>(amount: T) -> (PedersenComm, PedersenOpen) {
|
||||
let open = PedersenOpen(Scalar::random(&mut OsRng));
|
||||
let comm = Pedersen::commit_with(amount, &open);
|
||||
#[allow(clippy::new_ret_no_self)]
|
||||
pub fn new<T: Into<Scalar>>(amount: T) -> (PedersenCommitment, PedersenOpening) {
|
||||
let open = PedersenOpening(Scalar::random(&mut OsRng));
|
||||
let comm = Pedersen::with(amount, &open);
|
||||
|
||||
(comm, open)
|
||||
}
|
||||
|
@ -63,54 +61,28 @@ impl Pedersen {
|
|||
/// Given a number and an opening as inputs, the function returns their
|
||||
/// Pedersen commitment.
|
||||
#[allow(non_snake_case)]
|
||||
pub fn commit_with<T: Into<Scalar>>(amount: T, open: &PedersenOpen) -> PedersenComm {
|
||||
pub fn with<T: Into<Scalar>>(amount: T, open: &PedersenOpening) -> PedersenCommitment {
|
||||
let G = PedersenBase::default().G;
|
||||
let H = PedersenBase::default().H;
|
||||
|
||||
let x: Scalar = amount.into();
|
||||
let r = open.get_scalar();
|
||||
|
||||
PedersenComm(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]))
|
||||
}
|
||||
|
||||
/// Given a number, opening, and Pedersen commitment, the function verifies
|
||||
/// the validity of the commitment with respect to the number and opening.
|
||||
///
|
||||
/// This function is included for completeness and is not used for the
|
||||
/// c-token program.
|
||||
#[allow(non_snake_case)]
|
||||
pub fn verify<T: Into<Scalar>>(
|
||||
comm: PedersenComm,
|
||||
open: PedersenOpen,
|
||||
amount: T,
|
||||
) -> Result<(), ProofError> {
|
||||
let G = PedersenBase::default().G;
|
||||
let H = PedersenBase::default().H;
|
||||
|
||||
let x: Scalar = amount.into();
|
||||
|
||||
let r = open.get_scalar();
|
||||
let C = comm.get_point();
|
||||
|
||||
if C == RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]) {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(ProofError::VerificationError)
|
||||
}
|
||||
PedersenCommitment(RistrettoPoint::multiscalar_mul(&[x, r], &[G, H]))
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Clone, Debug, Zeroize)]
|
||||
#[zeroize(drop)]
|
||||
pub struct PedersenOpen(pub(crate) Scalar);
|
||||
impl PedersenOpen {
|
||||
pub struct PedersenOpening(pub(crate) Scalar);
|
||||
impl PedersenOpening {
|
||||
pub fn get_scalar(&self) -> Scalar {
|
||||
self.0
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self {
|
||||
PedersenOpen(Scalar::random(rng))
|
||||
PedersenOpening(Scalar::random(rng))
|
||||
}
|
||||
|
||||
#[allow(clippy::wrong_self_convention)]
|
||||
|
@ -118,83 +90,91 @@ impl PedersenOpen {
|
|||
self.0.to_bytes()
|
||||
}
|
||||
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpen> {
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenOpening> {
|
||||
match bytes.try_into() {
|
||||
Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpen),
|
||||
Ok(bytes) => Scalar::from_canonical_bytes(bytes).map(PedersenOpening),
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
}
|
||||
impl Eq for PedersenOpen {}
|
||||
impl PartialEq for PedersenOpen {
|
||||
impl Eq for PedersenOpening {}
|
||||
impl PartialEq for PedersenOpening {
|
||||
fn eq(&self, other: &Self) -> bool {
|
||||
self.ct_eq(other).unwrap_u8() == 1u8
|
||||
}
|
||||
}
|
||||
impl ConstantTimeEq for PedersenOpen {
|
||||
impl ConstantTimeEq for PedersenOpening {
|
||||
fn ct_eq(&self, other: &Self) -> Choice {
|
||||
self.0.ct_eq(&other.0)
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for PedersenOpen {
|
||||
impl Default for PedersenOpening {
|
||||
fn default() -> Self {
|
||||
PedersenOpen(Scalar::default())
|
||||
PedersenOpening(Scalar::default())
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a, 'b> Add<&'b PedersenOpen> for &'a PedersenOpen {
|
||||
type Output = PedersenOpen;
|
||||
impl<'a, 'b> Add<&'b PedersenOpening> for &'a PedersenOpening {
|
||||
type Output = PedersenOpening;
|
||||
|
||||
fn add(self, other: &'b PedersenOpen) -> PedersenOpen {
|
||||
PedersenOpen(self.get_scalar() + other.get_scalar())
|
||||
fn add(self, other: &'b PedersenOpening) -> PedersenOpening {
|
||||
PedersenOpening(self.get_scalar() + other.get_scalar())
|
||||
}
|
||||
}
|
||||
|
||||
define_add_variants!(
|
||||
LHS = PedersenOpen,
|
||||
RHS = PedersenOpen,
|
||||
Output = PedersenOpen
|
||||
LHS = PedersenOpening,
|
||||
RHS = PedersenOpening,
|
||||
Output = PedersenOpening
|
||||
);
|
||||
|
||||
impl<'a, 'b> Sub<&'b PedersenOpen> for &'a PedersenOpen {
|
||||
type Output = PedersenOpen;
|
||||
impl<'a, 'b> Sub<&'b PedersenOpening> for &'a PedersenOpening {
|
||||
type Output = PedersenOpening;
|
||||
|
||||
fn sub(self, other: &'b PedersenOpen) -> PedersenOpen {
|
||||
PedersenOpen(self.get_scalar() - other.get_scalar())
|
||||
fn sub(self, other: &'b PedersenOpening) -> PedersenOpening {
|
||||
PedersenOpening(self.get_scalar() - other.get_scalar())
|
||||
}
|
||||
}
|
||||
|
||||
define_sub_variants!(
|
||||
LHS = PedersenOpen,
|
||||
RHS = PedersenOpen,
|
||||
Output = PedersenOpen
|
||||
LHS = PedersenOpening,
|
||||
RHS = PedersenOpening,
|
||||
Output = PedersenOpening
|
||||
);
|
||||
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpen {
|
||||
type Output = PedersenOpen;
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpening {
|
||||
type Output = PedersenOpening;
|
||||
|
||||
fn mul(self, other: &'b Scalar) -> PedersenOpen {
|
||||
PedersenOpen(self.get_scalar() * other)
|
||||
fn mul(self, other: &'b Scalar) -> PedersenOpening {
|
||||
PedersenOpening(self.get_scalar() * other)
|
||||
}
|
||||
}
|
||||
|
||||
define_mul_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen);
|
||||
define_mul_variants!(
|
||||
LHS = PedersenOpening,
|
||||
RHS = Scalar,
|
||||
Output = PedersenOpening
|
||||
);
|
||||
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpen {
|
||||
type Output = PedersenOpen;
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenOpening {
|
||||
type Output = PedersenOpening;
|
||||
|
||||
#[allow(clippy::suspicious_arithmetic_impl)]
|
||||
fn div(self, other: &'b Scalar) -> PedersenOpen {
|
||||
PedersenOpen(self.get_scalar() * other.invert())
|
||||
fn div(self, other: &'b Scalar) -> PedersenOpening {
|
||||
PedersenOpening(self.get_scalar() * other.invert())
|
||||
}
|
||||
}
|
||||
|
||||
define_div_variants!(LHS = PedersenOpen, RHS = Scalar, Output = PedersenOpen);
|
||||
define_div_variants!(
|
||||
LHS = PedersenOpening,
|
||||
RHS = Scalar,
|
||||
Output = PedersenOpening
|
||||
);
|
||||
|
||||
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct PedersenComm(pub(crate) RistrettoPoint);
|
||||
impl PedersenComm {
|
||||
pub struct PedersenCommitment(pub(crate) RistrettoPoint);
|
||||
impl PedersenCommitment {
|
||||
pub fn get_point(&self) -> RistrettoPoint {
|
||||
self.0
|
||||
}
|
||||
|
@ -204,79 +184,87 @@ impl PedersenComm {
|
|||
self.0.compress().to_bytes()
|
||||
}
|
||||
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenComm> {
|
||||
Some(PedersenComm(
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenCommitment> {
|
||||
Some(PedersenCommitment(
|
||||
CompressedRistretto::from_slice(bytes).decompress()?,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a, 'b> Add<&'b PedersenComm> for &'a PedersenComm {
|
||||
type Output = PedersenComm;
|
||||
impl<'a, 'b> Add<&'b PedersenCommitment> for &'a PedersenCommitment {
|
||||
type Output = PedersenCommitment;
|
||||
|
||||
fn add(self, other: &'b PedersenComm) -> PedersenComm {
|
||||
PedersenComm(self.get_point() + other.get_point())
|
||||
fn add(self, other: &'b PedersenCommitment) -> PedersenCommitment {
|
||||
PedersenCommitment(self.get_point() + other.get_point())
|
||||
}
|
||||
}
|
||||
|
||||
define_add_variants!(
|
||||
LHS = PedersenComm,
|
||||
RHS = PedersenComm,
|
||||
Output = PedersenComm
|
||||
LHS = PedersenCommitment,
|
||||
RHS = PedersenCommitment,
|
||||
Output = PedersenCommitment
|
||||
);
|
||||
|
||||
impl<'a, 'b> Sub<&'b PedersenComm> for &'a PedersenComm {
|
||||
type Output = PedersenComm;
|
||||
impl<'a, 'b> Sub<&'b PedersenCommitment> for &'a PedersenCommitment {
|
||||
type Output = PedersenCommitment;
|
||||
|
||||
fn sub(self, other: &'b PedersenComm) -> PedersenComm {
|
||||
PedersenComm(self.get_point() - other.get_point())
|
||||
fn sub(self, other: &'b PedersenCommitment) -> PedersenCommitment {
|
||||
PedersenCommitment(self.get_point() - other.get_point())
|
||||
}
|
||||
}
|
||||
|
||||
define_sub_variants!(
|
||||
LHS = PedersenComm,
|
||||
RHS = PedersenComm,
|
||||
Output = PedersenComm
|
||||
LHS = PedersenCommitment,
|
||||
RHS = PedersenCommitment,
|
||||
Output = PedersenCommitment
|
||||
);
|
||||
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenComm {
|
||||
type Output = PedersenComm;
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenCommitment {
|
||||
type Output = PedersenCommitment;
|
||||
|
||||
fn mul(self, other: &'b Scalar) -> PedersenComm {
|
||||
PedersenComm(self.get_point() * other)
|
||||
fn mul(self, other: &'b Scalar) -> PedersenCommitment {
|
||||
PedersenCommitment(self.get_point() * other)
|
||||
}
|
||||
}
|
||||
|
||||
define_mul_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm);
|
||||
define_mul_variants!(
|
||||
LHS = PedersenCommitment,
|
||||
RHS = Scalar,
|
||||
Output = PedersenCommitment
|
||||
);
|
||||
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenComm {
|
||||
type Output = PedersenComm;
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenCommitment {
|
||||
type Output = PedersenCommitment;
|
||||
|
||||
#[allow(clippy::suspicious_arithmetic_impl)]
|
||||
fn div(self, other: &'b Scalar) -> PedersenComm {
|
||||
PedersenComm(self.get_point() * other.invert())
|
||||
fn div(self, other: &'b Scalar) -> PedersenCommitment {
|
||||
PedersenCommitment(self.get_point() * other.invert())
|
||||
}
|
||||
}
|
||||
|
||||
define_div_variants!(LHS = PedersenComm, RHS = Scalar, Output = PedersenComm);
|
||||
define_div_variants!(
|
||||
LHS = PedersenCommitment,
|
||||
RHS = Scalar,
|
||||
Output = PedersenCommitment
|
||||
);
|
||||
|
||||
/// Decryption handle for Pedersen commitment.
|
||||
///
|
||||
/// A decryption handle can be combined with Pedersen commitments to form an
|
||||
/// ElGamal ciphertext.
|
||||
#[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct PedersenDecHandle(pub(crate) RistrettoPoint);
|
||||
impl PedersenDecHandle {
|
||||
pub struct PedersenDecryptHandle(pub(crate) RistrettoPoint);
|
||||
impl PedersenDecryptHandle {
|
||||
pub fn get_point(&self) -> RistrettoPoint {
|
||||
self.0
|
||||
}
|
||||
|
||||
pub fn generate_handle(open: &PedersenOpen, pk: &ElGamalPubkey) -> PedersenDecHandle {
|
||||
PedersenDecHandle(open.get_scalar() * pk.get_point())
|
||||
pub fn generate_handle(open: &PedersenOpening, pk: &ElGamalPubkey) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle(open.get_scalar() * pk.get_point())
|
||||
}
|
||||
|
||||
/// Maps a decryption token and Pedersen commitment to ElGamal ciphertext
|
||||
pub fn to_elgamal_ciphertext(self, comm: PedersenComm) -> ElGamalCiphertext {
|
||||
pub fn to_elgamal_ciphertext(self, comm: PedersenCommitment) -> ElGamalCiphertext {
|
||||
ElGamalCiphertext {
|
||||
message_comm: comm,
|
||||
decrypt_handle: self,
|
||||
|
@ -288,94 +276,86 @@ impl PedersenDecHandle {
|
|||
self.0.compress().to_bytes()
|
||||
}
|
||||
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecHandle> {
|
||||
Some(PedersenDecHandle(
|
||||
pub fn from_bytes(bytes: &[u8]) -> Option<PedersenDecryptHandle> {
|
||||
Some(PedersenDecryptHandle(
|
||||
CompressedRistretto::from_slice(bytes).decompress()?,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a, 'b> Add<&'b PedersenDecHandle> for &'a PedersenDecHandle {
|
||||
type Output = PedersenDecHandle;
|
||||
impl<'a, 'b> Add<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
|
||||
type Output = PedersenDecryptHandle;
|
||||
|
||||
fn add(self, other: &'b PedersenDecHandle) -> PedersenDecHandle {
|
||||
PedersenDecHandle(self.get_point() + other.get_point())
|
||||
fn add(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle(self.get_point() + other.get_point())
|
||||
}
|
||||
}
|
||||
|
||||
define_add_variants!(
|
||||
LHS = PedersenDecHandle,
|
||||
RHS = PedersenDecHandle,
|
||||
Output = PedersenDecHandle
|
||||
LHS = PedersenDecryptHandle,
|
||||
RHS = PedersenDecryptHandle,
|
||||
Output = PedersenDecryptHandle
|
||||
);
|
||||
|
||||
impl<'a, 'b> Sub<&'b PedersenDecHandle> for &'a PedersenDecHandle {
|
||||
type Output = PedersenDecHandle;
|
||||
impl<'a, 'b> Sub<&'b PedersenDecryptHandle> for &'a PedersenDecryptHandle {
|
||||
type Output = PedersenDecryptHandle;
|
||||
|
||||
fn sub(self, other: &'b PedersenDecHandle) -> PedersenDecHandle {
|
||||
PedersenDecHandle(self.get_point() - other.get_point())
|
||||
fn sub(self, other: &'b PedersenDecryptHandle) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle(self.get_point() - other.get_point())
|
||||
}
|
||||
}
|
||||
|
||||
define_sub_variants!(
|
||||
LHS = PedersenDecHandle,
|
||||
RHS = PedersenDecHandle,
|
||||
Output = PedersenDecHandle
|
||||
LHS = PedersenDecryptHandle,
|
||||
RHS = PedersenDecryptHandle,
|
||||
Output = PedersenDecryptHandle
|
||||
);
|
||||
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecHandle {
|
||||
type Output = PedersenDecHandle;
|
||||
impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenDecryptHandle {
|
||||
type Output = PedersenDecryptHandle;
|
||||
|
||||
fn mul(self, other: &'b Scalar) -> PedersenDecHandle {
|
||||
PedersenDecHandle(self.get_point() * other)
|
||||
fn mul(self, other: &'b Scalar) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle(self.get_point() * other)
|
||||
}
|
||||
}
|
||||
|
||||
define_mul_variants!(
|
||||
LHS = PedersenDecHandle,
|
||||
LHS = PedersenDecryptHandle,
|
||||
RHS = Scalar,
|
||||
Output = PedersenDecHandle
|
||||
Output = PedersenDecryptHandle
|
||||
);
|
||||
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecHandle {
|
||||
type Output = PedersenDecHandle;
|
||||
impl<'a, 'b> Div<&'b Scalar> for &'a PedersenDecryptHandle {
|
||||
type Output = PedersenDecryptHandle;
|
||||
|
||||
#[allow(clippy::suspicious_arithmetic_impl)]
|
||||
fn div(self, other: &'b Scalar) -> PedersenDecHandle {
|
||||
PedersenDecHandle(self.get_point() * other.invert())
|
||||
fn div(self, other: &'b Scalar) -> PedersenDecryptHandle {
|
||||
PedersenDecryptHandle(self.get_point() * other.invert())
|
||||
}
|
||||
}
|
||||
|
||||
define_div_variants!(
|
||||
LHS = PedersenDecHandle,
|
||||
LHS = PedersenDecryptHandle,
|
||||
RHS = Scalar,
|
||||
Output = PedersenDecHandle
|
||||
Output = PedersenDecryptHandle
|
||||
);
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn test_commit_verification_correctness() {
|
||||
let amt: u64 = 57;
|
||||
let (comm, open) = Pedersen::commit(amt);
|
||||
|
||||
assert!(Pedersen::verify(comm, open, amt).is_ok());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_homomorphic_addition() {
|
||||
let amt_0: u64 = 77;
|
||||
let amt_1: u64 = 57;
|
||||
|
||||
let rng = &mut OsRng;
|
||||
let open_0 = PedersenOpen(Scalar::random(rng));
|
||||
let open_1 = PedersenOpen(Scalar::random(rng));
|
||||
let open_0 = PedersenOpening(Scalar::random(rng));
|
||||
let open_1 = PedersenOpening(Scalar::random(rng));
|
||||
|
||||
let comm_0 = Pedersen::commit_with(amt_0, &open_0);
|
||||
let comm_1 = Pedersen::commit_with(amt_1, &open_1);
|
||||
let comm_addition = Pedersen::commit_with(amt_0 + amt_1, &(open_0 + open_1));
|
||||
let comm_0 = Pedersen::with(amt_0, &open_0);
|
||||
let comm_1 = Pedersen::with(amt_1, &open_1);
|
||||
let comm_addition = Pedersen::with(amt_0 + amt_1, &(open_0 + open_1));
|
||||
|
||||
assert_eq!(comm_addition, comm_0 + comm_1);
|
||||
}
|
||||
|
@ -386,12 +366,12 @@ mod tests {
|
|||
let amt_1: u64 = 57;
|
||||
|
||||
let rng = &mut OsRng;
|
||||
let open_0 = PedersenOpen(Scalar::random(rng));
|
||||
let open_1 = PedersenOpen(Scalar::random(rng));
|
||||
let open_0 = PedersenOpening(Scalar::random(rng));
|
||||
let open_1 = PedersenOpening(Scalar::random(rng));
|
||||
|
||||
let comm_0 = Pedersen::commit_with(amt_0, &open_0);
|
||||
let comm_1 = Pedersen::commit_with(amt_1, &open_1);
|
||||
let comm_addition = Pedersen::commit_with(amt_0 - amt_1, &(open_0 - open_1));
|
||||
let comm_0 = Pedersen::with(amt_0, &open_0);
|
||||
let comm_1 = Pedersen::with(amt_1, &open_1);
|
||||
let comm_addition = Pedersen::with(amt_0 - amt_1, &(open_0 - open_1));
|
||||
|
||||
assert_eq!(comm_addition, comm_0 - comm_1);
|
||||
}
|
||||
|
@ -401,9 +381,9 @@ mod tests {
|
|||
let amt_0: u64 = 77;
|
||||
let amt_1: u64 = 57;
|
||||
|
||||
let (comm, open) = Pedersen::commit(amt_0);
|
||||
let (comm, open) = Pedersen::new(amt_0);
|
||||
let scalar = Scalar::from(amt_1);
|
||||
let comm_addition = Pedersen::commit_with(amt_0 * amt_1, &(open * scalar));
|
||||
let comm_addition = Pedersen::with(amt_0 * amt_1, &(open * scalar));
|
||||
|
||||
assert_eq!(comm_addition, comm * scalar);
|
||||
}
|
||||
|
@ -413,9 +393,9 @@ mod tests {
|
|||
let amt_0: u64 = 77;
|
||||
let amt_1: u64 = 7;
|
||||
|
||||
let (comm, open) = Pedersen::commit(amt_0);
|
||||
let (comm, open) = Pedersen::new(amt_0);
|
||||
let scalar = Scalar::from(amt_1);
|
||||
let comm_addition = Pedersen::commit_with(amt_0 / amt_1, &(open / scalar));
|
||||
let comm_addition = Pedersen::with(amt_0 / amt_1, &(open / scalar));
|
||||
|
||||
assert_eq!(comm_addition, comm / scalar);
|
||||
}
|
||||
|
@ -423,30 +403,30 @@ mod tests {
|
|||
#[test]
|
||||
fn test_commitment_bytes() {
|
||||
let amt: u64 = 77;
|
||||
let (comm, _) = Pedersen::commit(amt);
|
||||
let (comm, _) = Pedersen::new(amt);
|
||||
|
||||
let encoded = comm.to_bytes();
|
||||
let decoded = PedersenComm::from_bytes(&encoded).unwrap();
|
||||
let decoded = PedersenCommitment::from_bytes(&encoded).unwrap();
|
||||
|
||||
assert_eq!(comm, decoded);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_opening_bytes() {
|
||||
let open = PedersenOpen(Scalar::random(&mut OsRng));
|
||||
let open = PedersenOpening(Scalar::random(&mut OsRng));
|
||||
|
||||
let encoded = open.to_bytes();
|
||||
let decoded = PedersenOpen::from_bytes(&encoded).unwrap();
|
||||
let decoded = PedersenOpening::from_bytes(&encoded).unwrap();
|
||||
|
||||
assert_eq!(open, decoded);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_decrypt_handle_bytes() {
|
||||
let handle = PedersenDecHandle(RistrettoPoint::default());
|
||||
let handle = PedersenDecryptHandle(RistrettoPoint::default());
|
||||
|
||||
let encoded = handle.to_bytes();
|
||||
let decoded = PedersenDecHandle::from_bytes(&encoded).unwrap();
|
||||
let decoded = PedersenDecryptHandle::from_bytes(&encoded).unwrap();
|
||||
|
||||
assert_eq!(handle, decoded);
|
||||
}
|
||||
|
@ -454,30 +434,30 @@ mod tests {
|
|||
#[test]
|
||||
fn test_serde_commitment() {
|
||||
let amt: u64 = 77;
|
||||
let (comm, _) = Pedersen::commit(amt);
|
||||
let (comm, _) = Pedersen::new(amt);
|
||||
|
||||
let encoded = bincode::serialize(&comm).unwrap();
|
||||
let decoded: PedersenComm = bincode::deserialize(&encoded).unwrap();
|
||||
let decoded: PedersenCommitment = bincode::deserialize(&encoded).unwrap();
|
||||
|
||||
assert_eq!(comm, decoded);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_serde_opening() {
|
||||
let open = PedersenOpen(Scalar::random(&mut OsRng));
|
||||
let open = PedersenOpening(Scalar::random(&mut OsRng));
|
||||
|
||||
let encoded = bincode::serialize(&open).unwrap();
|
||||
let decoded: PedersenOpen = bincode::deserialize(&encoded).unwrap();
|
||||
let decoded: PedersenOpening = bincode::deserialize(&encoded).unwrap();
|
||||
|
||||
assert_eq!(open, decoded);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_serde_decrypt_handle() {
|
||||
let handle = PedersenDecHandle(RistrettoPoint::default());
|
||||
let handle = PedersenDecryptHandle(RistrettoPoint::default());
|
||||
|
||||
let encoded = bincode::serialize(&handle).unwrap();
|
||||
let decoded: PedersenDecHandle = bincode::deserialize(&encoded).unwrap();
|
||||
let decoded: PedersenDecryptHandle = bincode::deserialize(&encoded).unwrap();
|
||||
|
||||
assert_eq!(handle, decoded);
|
||||
}
|
||||
|
|
|
@ -7,7 +7,9 @@ use {
|
|||
crate::{
|
||||
encryption::{
|
||||
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
|
||||
pedersen::{Pedersen, PedersenBase, PedersenComm, PedersenDecHandle, PedersenOpen},
|
||||
pedersen::{
|
||||
Pedersen, PedersenBase, PedersenCommitment, PedersenDecryptHandle, PedersenOpening,
|
||||
},
|
||||
},
|
||||
errors::ProofError,
|
||||
instruction::Verifiable,
|
||||
|
@ -51,8 +53,8 @@ impl TransferData {
|
|||
// ciphertext separately.
|
||||
let (amount_lo, amount_hi) = split_u64_into_u32(transfer_amount);
|
||||
|
||||
let (comm_lo, open_lo) = Pedersen::commit(amount_lo);
|
||||
let (comm_hi, open_hi) = Pedersen::commit(amount_hi);
|
||||
let (comm_lo, open_lo) = Pedersen::new(amount_lo);
|
||||
let (comm_hi, open_hi) = Pedersen::new(amount_hi);
|
||||
|
||||
let handle_source_lo = source_pk.gen_decrypt_handle(&open_lo);
|
||||
let handle_dest_lo = dest_pk.gen_decrypt_handle(&open_lo);
|
||||
|
@ -139,16 +141,16 @@ impl TransferData {
|
|||
/// Extracts the lo and hi source ciphertexts associated with a transfer data and returns the
|
||||
/// *combined* ciphertext
|
||||
pub fn source_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
|
||||
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?;
|
||||
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?;
|
||||
let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
|
||||
let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
|
||||
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
|
||||
|
||||
let decryption_handle_lo: PedersenDecHandle = self
|
||||
let decryption_handle_lo: PedersenDecryptHandle = self
|
||||
.validity_proof
|
||||
.decryption_handles_lo
|
||||
.source
|
||||
.try_into()?;
|
||||
let decryption_handle_hi: PedersenDecHandle = self
|
||||
let decryption_handle_hi: PedersenDecryptHandle = self
|
||||
.validity_proof
|
||||
.decryption_handles_hi
|
||||
.source
|
||||
|
@ -161,13 +163,13 @@ impl TransferData {
|
|||
/// Extracts the lo and hi destination ciphertexts associated with a transfer data and returns
|
||||
/// the *combined* ciphertext
|
||||
pub fn dest_ciphertext(&self) -> Result<ElGamalCiphertext, ProofError> {
|
||||
let transfer_comms_lo: PedersenComm = self.range_proof.amount_comms.lo.try_into()?;
|
||||
let transfer_comms_hi: PedersenComm = self.range_proof.amount_comms.hi.try_into()?;
|
||||
let transfer_comms_lo: PedersenCommitment = self.range_proof.amount_comms.lo.try_into()?;
|
||||
let transfer_comms_hi: PedersenCommitment = self.range_proof.amount_comms.hi.try_into()?;
|
||||
let transfer_comm = combine_u32_comms(transfer_comms_lo, transfer_comms_hi);
|
||||
|
||||
let decryption_handle_lo: PedersenDecHandle =
|
||||
let decryption_handle_lo: PedersenDecryptHandle =
|
||||
self.validity_proof.decryption_handles_lo.dest.try_into()?;
|
||||
let decryption_handle_hi: PedersenDecHandle =
|
||||
let decryption_handle_hi: PedersenDecryptHandle =
|
||||
self.validity_proof.decryption_handles_hi.dest.try_into()?;
|
||||
let decryption_handle = combine_u32_handles(decryption_handle_lo, decryption_handle_hi);
|
||||
|
||||
|
@ -243,7 +245,7 @@ pub struct TransferValidityProofData {
|
|||
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
|
||||
#[repr(C)]
|
||||
pub struct TransferEphemeralState {
|
||||
pub spendable_comm_verification: pod::PedersenComm, // 32 bytes
|
||||
pub spendable_comm_verification: pod::PedersenCommitment, // 32 bytes
|
||||
pub x: pod::Scalar, // 32 bytes
|
||||
pub z: pod::Scalar, // 32 bytes
|
||||
pub t_x_blinding: pod::Scalar, // 32 bytes
|
||||
|
@ -281,8 +283,8 @@ impl TransferProofs {
|
|||
dest_pk: &ElGamalPubkey,
|
||||
auditor_pk: &ElGamalPubkey,
|
||||
transfer_amt: (u64, u64),
|
||||
lo_open: &PedersenOpen,
|
||||
hi_open: &PedersenOpen,
|
||||
lo_open: &PedersenOpening,
|
||||
hi_open: &PedersenOpening,
|
||||
new_spendable_balance: u64,
|
||||
new_spendable_ct: &ElGamalCiphertext,
|
||||
) -> (Self, TransferEphemeralState) {
|
||||
|
@ -302,14 +304,14 @@ impl TransferProofs {
|
|||
let c = transcript_validity_proof.challenge_scalar(b"c");
|
||||
|
||||
let z = s + c * y;
|
||||
let new_spendable_open = PedersenOpen(c * r_new);
|
||||
let new_spendable_open = PedersenOpening(c * r_new);
|
||||
|
||||
let spendable_comm_verification =
|
||||
Pedersen::commit_with(new_spendable_balance, &new_spendable_open);
|
||||
Pedersen::with(new_spendable_balance, &new_spendable_open);
|
||||
|
||||
// Generate proof for the transfer amounts
|
||||
let t_1_blinding = PedersenOpen::random(&mut OsRng);
|
||||
let t_2_blinding = PedersenOpen::random(&mut OsRng);
|
||||
let t_1_blinding = PedersenOpening::random(&mut OsRng);
|
||||
let t_2_blinding = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let u = transcript_validity_proof.challenge_scalar(b"u");
|
||||
let P_joint = RistrettoPoint::multiscalar_mul(
|
||||
|
@ -441,9 +443,9 @@ impl ValidityProof {
|
|||
let x = ephemeral_state.x.into();
|
||||
let z: Scalar = ephemeral_state.z.into();
|
||||
|
||||
let handle_source_lo: PedersenDecHandle = decryption_handles_lo.source.try_into()?;
|
||||
let handle_dest_lo: PedersenDecHandle = decryption_handles_lo.dest.try_into()?;
|
||||
let handle_auditor_lo: PedersenDecHandle = decryption_handles_lo.auditor.try_into()?;
|
||||
let handle_source_lo: PedersenDecryptHandle = decryption_handles_lo.source.try_into()?;
|
||||
let handle_dest_lo: PedersenDecryptHandle = decryption_handles_lo.dest.try_into()?;
|
||||
let handle_auditor_lo: PedersenDecryptHandle = decryption_handles_lo.auditor.try_into()?;
|
||||
|
||||
let D_joint: CompressedRistretto = self.T_joint.into();
|
||||
let D_joint = D_joint.decompress().ok_or(ProofError::VerificationError)?;
|
||||
|
@ -457,9 +459,9 @@ impl ValidityProof {
|
|||
],
|
||||
);
|
||||
|
||||
let handle_source_hi: PedersenDecHandle = decryption_handles_hi.source.try_into()?;
|
||||
let handle_dest_hi: PedersenDecHandle = decryption_handles_hi.dest.try_into()?;
|
||||
let handle_auditor_hi: PedersenDecHandle = decryption_handles_hi.auditor.try_into()?;
|
||||
let handle_source_hi: PedersenDecryptHandle = decryption_handles_hi.source.try_into()?;
|
||||
let handle_dest_hi: PedersenDecryptHandle = decryption_handles_hi.dest.try_into()?;
|
||||
let handle_auditor_hi: PedersenDecryptHandle = decryption_handles_hi.auditor.try_into()?;
|
||||
|
||||
let D_joint_hi = RistrettoPoint::vartime_multiscalar_mul(
|
||||
vec![Scalar::one(), u, u * u],
|
||||
|
@ -506,17 +508,17 @@ pub struct TransferPubKeys {
|
|||
#[derive(Clone, Copy, Pod, Zeroable)]
|
||||
#[repr(C)]
|
||||
pub struct TransferComms {
|
||||
pub lo: pod::PedersenComm, // 32 bytes
|
||||
pub hi: pod::PedersenComm, // 32 bytes
|
||||
pub lo: pod::PedersenCommitment, // 32 bytes
|
||||
pub hi: pod::PedersenCommitment, // 32 bytes
|
||||
}
|
||||
|
||||
/// The decryption handles needed for a transfer
|
||||
#[derive(Clone, Copy, Pod, Zeroable)]
|
||||
#[repr(C)]
|
||||
pub struct TransferHandles {
|
||||
pub source: pod::PedersenDecHandle, // 32 bytes
|
||||
pub dest: pod::PedersenDecHandle, // 32 bytes
|
||||
pub auditor: pod::PedersenDecHandle, // 32 bytes
|
||||
pub source: pod::PedersenDecryptHandle, // 32 bytes
|
||||
pub dest: pod::PedersenDecryptHandle, // 32 bytes
|
||||
pub auditor: pod::PedersenDecryptHandle, // 32 bytes
|
||||
}
|
||||
|
||||
/// Split u64 number into two u32 numbers
|
||||
|
@ -533,15 +535,18 @@ pub fn split_u64_into_u32(amt: u64) -> (u32, u32) {
|
|||
const TWO_32: u64 = 4294967296;
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
pub fn combine_u32_comms(comm_lo: PedersenComm, comm_hi: PedersenComm) -> PedersenComm {
|
||||
pub fn combine_u32_comms(
|
||||
comm_lo: PedersenCommitment,
|
||||
comm_hi: PedersenCommitment,
|
||||
) -> PedersenCommitment {
|
||||
comm_lo + comm_hi * Scalar::from(TWO_32)
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
pub fn combine_u32_handles(
|
||||
handle_lo: PedersenDecHandle,
|
||||
handle_hi: PedersenDecHandle,
|
||||
) -> PedersenDecHandle {
|
||||
handle_lo: PedersenDecryptHandle,
|
||||
handle_hi: PedersenDecryptHandle,
|
||||
) -> PedersenDecryptHandle {
|
||||
handle_lo + handle_hi * Scalar::from(TWO_32)
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ use {
|
|||
crate::{
|
||||
encryption::{
|
||||
elgamal::{ElGamalCiphertext, ElGamalPubkey, ElGamalSecretKey},
|
||||
pedersen::{PedersenBase, PedersenOpen},
|
||||
pedersen::{PedersenBase, PedersenOpening},
|
||||
},
|
||||
errors::ProofError,
|
||||
instruction::Verifiable,
|
||||
|
@ -54,7 +54,7 @@ impl WithdrawData {
|
|||
|
||||
// encode withdraw amount as an ElGamal ciphertext and subtract it from
|
||||
// current source balance
|
||||
let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpen::default());
|
||||
let amount_encoded = source_pk.encrypt_with(amount, &PedersenOpening::default());
|
||||
let final_balance_ct = current_balance_ct - amount_encoded;
|
||||
|
||||
let proof = WithdrawProof::new(source_sk, final_balance, &final_balance_ct);
|
||||
|
@ -126,7 +126,7 @@ impl WithdrawProof {
|
|||
let z = s + c * y;
|
||||
|
||||
// compute the new Pedersen commitment and opening
|
||||
let new_open = PedersenOpen(c * r_new);
|
||||
let new_open = PedersenOpening(c * r_new);
|
||||
|
||||
let range_proof = RangeProof::create(
|
||||
vec![final_balance],
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#[cfg(not(target_arch = "bpf"))]
|
||||
use {
|
||||
crate::encryption::pedersen::{Pedersen, PedersenOpen},
|
||||
crate::encryption::pedersen::{Pedersen, PedersenOpening},
|
||||
curve25519_dalek::traits::MultiscalarMul,
|
||||
rand::rngs::OsRng,
|
||||
subtle::{Choice, ConditionallySelectable},
|
||||
|
@ -44,11 +44,11 @@ impl RangeProof {
|
|||
pub fn create(
|
||||
amounts: Vec<u64>,
|
||||
bit_lengths: Vec<usize>,
|
||||
opens: Vec<&PedersenOpen>,
|
||||
opens: Vec<&PedersenOpening>,
|
||||
transcript: &mut Transcript,
|
||||
) -> Self {
|
||||
let t_1_blinding = PedersenOpen::random(&mut OsRng);
|
||||
let t_2_blinding = PedersenOpen::random(&mut OsRng);
|
||||
let t_1_blinding = PedersenOpening::random(&mut OsRng);
|
||||
let t_2_blinding = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let (range_proof, _, _) = Self::create_with(
|
||||
amounts,
|
||||
|
@ -67,9 +67,9 @@ impl RangeProof {
|
|||
pub fn create_with(
|
||||
amounts: Vec<u64>,
|
||||
bit_lengths: Vec<usize>,
|
||||
opens: Vec<&PedersenOpen>,
|
||||
t_1_blinding: &PedersenOpen,
|
||||
t_2_blinding: &PedersenOpen,
|
||||
opens: Vec<&PedersenOpening>,
|
||||
t_1_blinding: &PedersenOpening,
|
||||
t_2_blinding: &PedersenOpening,
|
||||
transcript: &mut Transcript,
|
||||
) -> (Self, Scalar, Scalar) {
|
||||
let nm = bit_lengths.iter().sum();
|
||||
|
@ -139,10 +139,10 @@ impl RangeProof {
|
|||
|
||||
let t_poly = l_poly.inner_product(&r_poly);
|
||||
|
||||
let T_1 = Pedersen::commit_with(t_poly.1, t_1_blinding)
|
||||
let T_1 = Pedersen::with(t_poly.1, t_1_blinding)
|
||||
.get_point()
|
||||
.compress();
|
||||
let T_2 = Pedersen::commit_with(t_poly.2, t_2_blinding)
|
||||
let T_2 = Pedersen::with(t_poly.2, t_2_blinding)
|
||||
.get_point()
|
||||
.compress();
|
||||
|
||||
|
@ -407,7 +407,7 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn test_single_rangeproof() {
|
||||
let (comm, open) = Pedersen::commit(55_u64);
|
||||
let (comm, open) = Pedersen::new(55_u64);
|
||||
|
||||
let mut transcript_create = Transcript::new(b"Test");
|
||||
let mut transcript_verify = Transcript::new(b"Test");
|
||||
|
@ -425,9 +425,9 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn test_aggregated_rangeproof() {
|
||||
let (comm_1, open_1) = Pedersen::commit(55_u64);
|
||||
let (comm_2, open_2) = Pedersen::commit(77_u64);
|
||||
let (comm_3, open_3) = Pedersen::commit(99_u64);
|
||||
let (comm_1, open_1) = Pedersen::new(55_u64);
|
||||
let (comm_2, open_2) = Pedersen::new(77_u64);
|
||||
let (comm_3, open_3) = Pedersen::new(99_u64);
|
||||
|
||||
let mut transcript_create = Transcript::new(b"Test");
|
||||
let mut transcript_verify = Transcript::new(b"Test");
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
use super::pod;
|
||||
pub use target_arch::*;
|
||||
|
||||
impl From<(pod::PedersenComm, pod::PedersenDecHandle)> for pod::ElGamalCiphertext {
|
||||
fn from((comm, decrypt_handle): (pod::PedersenComm, pod::PedersenDecHandle)) -> Self {
|
||||
impl From<(pod::PedersenCommitment, pod::PedersenDecryptHandle)> for pod::ElGamalCiphertext {
|
||||
fn from((comm, decrypt_handle): (pod::PedersenCommitment, pod::PedersenDecryptHandle)) -> Self {
|
||||
let mut buf = [0_u8; 64];
|
||||
buf[..32].copy_from_slice(&comm.0);
|
||||
buf[32..].copy_from_slice(&decrypt_handle.0);
|
||||
|
@ -16,7 +16,7 @@ mod target_arch {
|
|||
super::pod,
|
||||
crate::{
|
||||
encryption::elgamal::{ElGamalCiphertext, ElGamalPubkey},
|
||||
encryption::pedersen::{PedersenComm, PedersenDecHandle},
|
||||
encryption::pedersen::{PedersenCommitment, PedersenDecryptHandle},
|
||||
errors::ProofError,
|
||||
range_proof::RangeProof,
|
||||
},
|
||||
|
@ -88,62 +88,62 @@ mod target_arch {
|
|||
}
|
||||
}
|
||||
|
||||
impl From<PedersenComm> for pod::PedersenComm {
|
||||
fn from(comm: PedersenComm) -> Self {
|
||||
impl From<PedersenCommitment> for pod::PedersenCommitment {
|
||||
fn from(comm: PedersenCommitment) -> Self {
|
||||
Self(comm.to_bytes())
|
||||
}
|
||||
}
|
||||
|
||||
// For proof verification, interpret pod::PedersenComm directly as CompressedRistretto
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl From<pod::PedersenComm> for CompressedRistretto {
|
||||
fn from(pod: pod::PedersenComm) -> Self {
|
||||
impl From<pod::PedersenCommitment> for CompressedRistretto {
|
||||
fn from(pod: pod::PedersenCommitment) -> Self {
|
||||
Self(pod.0)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl TryFrom<pod::PedersenComm> for PedersenComm {
|
||||
impl TryFrom<pod::PedersenCommitment> for PedersenCommitment {
|
||||
type Error = ProofError;
|
||||
|
||||
fn try_from(pod: pod::PedersenComm) -> Result<Self, Self::Error> {
|
||||
fn try_from(pod: pod::PedersenCommitment) -> Result<Self, Self::Error> {
|
||||
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl fmt::Debug for pod::PedersenComm {
|
||||
impl fmt::Debug for pod::PedersenCommitment {
|
||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||
write!(f, "{:?}", self.0)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl From<PedersenDecHandle> for pod::PedersenDecHandle {
|
||||
fn from(handle: PedersenDecHandle) -> Self {
|
||||
impl From<PedersenDecryptHandle> for pod::PedersenDecryptHandle {
|
||||
fn from(handle: PedersenDecryptHandle) -> Self {
|
||||
Self(handle.to_bytes())
|
||||
}
|
||||
}
|
||||
|
||||
// For proof verification, interpret pod::PedersenDecHandle as CompressedRistretto
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl From<pod::PedersenDecHandle> for CompressedRistretto {
|
||||
fn from(pod: pod::PedersenDecHandle) -> Self {
|
||||
impl From<pod::PedersenDecryptHandle> for CompressedRistretto {
|
||||
fn from(pod: pod::PedersenDecryptHandle) -> Self {
|
||||
Self(pod.0)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl TryFrom<pod::PedersenDecHandle> for PedersenDecHandle {
|
||||
impl TryFrom<pod::PedersenDecryptHandle> for PedersenDecryptHandle {
|
||||
type Error = ProofError;
|
||||
|
||||
fn try_from(pod: pod::PedersenDecHandle) -> Result<Self, Self::Error> {
|
||||
fn try_from(pod: pod::PedersenDecryptHandle) -> Result<Self, Self::Error> {
|
||||
Self::from_bytes(&pod.0).ok_or(ProofError::InconsistentCTData)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "bpf"))]
|
||||
impl fmt::Debug for pod::PedersenDecHandle {
|
||||
impl fmt::Debug for pod::PedersenDecryptHandle {
|
||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||
write!(f, "{:?}", self.0)
|
||||
}
|
||||
|
@ -224,7 +224,7 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn test_pod_range_proof_64() {
|
||||
let (comm, open) = Pedersen::commit(55_u64);
|
||||
let (comm, open) = Pedersen::new(55_u64);
|
||||
|
||||
let mut transcript_create = Transcript::new(b"Test");
|
||||
let mut transcript_verify = Transcript::new(b"Test");
|
||||
|
@ -250,9 +250,9 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn test_pod_range_proof_128() {
|
||||
let (comm_1, open_1) = Pedersen::commit(55_u64);
|
||||
let (comm_2, open_2) = Pedersen::commit(77_u64);
|
||||
let (comm_3, open_3) = Pedersen::commit(99_u64);
|
||||
let (comm_1, open_1) = Pedersen::new(55_u64);
|
||||
let (comm_2, open_2) = Pedersen::new(77_u64);
|
||||
let (comm_3, open_3) = Pedersen::new(99_u64);
|
||||
|
||||
let mut transcript_create = Transcript::new(b"Test");
|
||||
let mut transcript_verify = Transcript::new(b"Test");
|
||||
|
|
|
@ -235,7 +235,7 @@ mod tests {
|
|||
crate::{
|
||||
encryption::{
|
||||
elgamal::{ElGamal, ElGamalCiphertext},
|
||||
pedersen::{Pedersen, PedersenOpen},
|
||||
pedersen::{Pedersen, PedersenOpening},
|
||||
},
|
||||
zk_token_elgamal::{ops, pod},
|
||||
},
|
||||
|
@ -256,11 +256,11 @@ mod tests {
|
|||
let balance: u64 = 0;
|
||||
assert_eq!(
|
||||
spendable_ct,
|
||||
pk.encrypt_with(balance, &PedersenOpen::default())
|
||||
pk.encrypt_with(balance, &PedersenOpening::default())
|
||||
);
|
||||
|
||||
// homomorphism should work like any other ciphertext
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
let transfer_amount_ct = pk.encrypt_with(55_u64, &open);
|
||||
let transfer_amount_pod: pod::ElGamalCiphertext = transfer_amount_ct.into();
|
||||
|
||||
|
@ -278,7 +278,7 @@ mod tests {
|
|||
|
||||
let (pk, _) = ElGamal::new();
|
||||
let expected: pod::ElGamalCiphertext =
|
||||
pk.encrypt_with(55_u64, &PedersenOpen::default()).into();
|
||||
pk.encrypt_with(55_u64, &PedersenOpening::default()).into();
|
||||
|
||||
assert_eq!(expected, added_ct);
|
||||
}
|
||||
|
@ -287,7 +287,7 @@ mod tests {
|
|||
fn test_subtract_from() {
|
||||
let amount = 77_u64;
|
||||
let (pk, _) = ElGamal::new();
|
||||
let open = PedersenOpen::random(&mut OsRng);
|
||||
let open = PedersenOpening::random(&mut OsRng);
|
||||
let encrypted_amount: pod::ElGamalCiphertext = pk.encrypt_with(amount, &open).into();
|
||||
|
||||
let subtracted_ct = ops::subtract_from(&encrypted_amount, 55).unwrap();
|
||||
|
@ -317,28 +317,30 @@ mod tests {
|
|||
let (auditor_pk, _) = ElGamal::new();
|
||||
|
||||
// commitments associated with TransferRangeProof
|
||||
let (comm_lo, open_lo) = Pedersen::commit(amount_lo);
|
||||
let (comm_hi, open_hi) = Pedersen::commit(amount_hi);
|
||||
let (comm_lo, open_lo) = Pedersen::new(amount_lo);
|
||||
let (comm_hi, open_hi) = Pedersen::new(amount_hi);
|
||||
|
||||
let comm_lo: pod::PedersenComm = comm_lo.into();
|
||||
let comm_hi: pod::PedersenComm = comm_hi.into();
|
||||
let comm_lo: pod::PedersenCommitment = comm_lo.into();
|
||||
let comm_hi: pod::PedersenCommitment = comm_hi.into();
|
||||
|
||||
// decryption handles associated with TransferValidityProof
|
||||
let handle_source_lo: pod::PedersenDecHandle =
|
||||
let handle_source_lo: pod::PedersenDecryptHandle =
|
||||
source_pk.gen_decrypt_handle(&open_lo).into();
|
||||
let handle_dest_lo: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_lo).into();
|
||||
let _handle_auditor_lo: pod::PedersenDecHandle =
|
||||
let handle_dest_lo: pod::PedersenDecryptHandle =
|
||||
dest_pk.gen_decrypt_handle(&open_lo).into();
|
||||
let _handle_auditor_lo: pod::PedersenDecryptHandle =
|
||||
auditor_pk.gen_decrypt_handle(&open_lo).into();
|
||||
|
||||
let handle_source_hi: pod::PedersenDecHandle =
|
||||
let handle_source_hi: pod::PedersenDecryptHandle =
|
||||
source_pk.gen_decrypt_handle(&open_hi).into();
|
||||
let handle_dest_hi: pod::PedersenDecHandle = dest_pk.gen_decrypt_handle(&open_hi).into();
|
||||
let _handle_auditor_hi: pod::PedersenDecHandle =
|
||||
let handle_dest_hi: pod::PedersenDecryptHandle =
|
||||
dest_pk.gen_decrypt_handle(&open_hi).into();
|
||||
let _handle_auditor_hi: pod::PedersenDecryptHandle =
|
||||
auditor_pk.gen_decrypt_handle(&open_hi).into();
|
||||
|
||||
// source spendable and recipient pending
|
||||
let source_open = PedersenOpen::random(&mut OsRng);
|
||||
let dest_open = PedersenOpen::random(&mut OsRng);
|
||||
let source_open = PedersenOpening::random(&mut OsRng);
|
||||
let dest_open = PedersenOpening::random(&mut OsRng);
|
||||
|
||||
let source_spendable_ct: pod::ElGamalCiphertext =
|
||||
source_pk.encrypt_with(77_u64, &source_open).into();
|
||||
|
|
|
@ -18,11 +18,11 @@ pub struct ElGamalPubkey(pub [u8; 32]);
|
|||
|
||||
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
|
||||
#[repr(transparent)]
|
||||
pub struct PedersenComm(pub [u8; 32]);
|
||||
pub struct PedersenCommitment(pub [u8; 32]);
|
||||
|
||||
#[derive(Clone, Copy, Pod, Zeroable, PartialEq)]
|
||||
#[repr(transparent)]
|
||||
pub struct PedersenDecHandle(pub [u8; 32]);
|
||||
pub struct PedersenDecryptHandle(pub [u8; 32]);
|
||||
|
||||
/// Serialization of range proofs for 64-bit numbers (for `Withdraw` instruction)
|
||||
#[derive(Clone, Copy)]
|
||||
|
|
Loading…
Reference in New Issue