[zk-token-sdk] Allow all zero auditor pubkey in proofs (#33106)

* allow auditor ElGamal public key to be all zero * remove test components on all zero auditor ElGamal pubkey
2023-09-01 10:26:15 -07:00 · 2023-09-01 10:26:15 -07:00 · a4ceea32d7
parent 931665551e
commit a4ceea32d7
3 changed files with 4 additions and 93 deletions
--- a/zk-token-sdk/src/instruction/transfer/with_fee.rs
+++ b/zk-token-sdk/src/instruction/transfer/with_fee.rs
@ -840,7 +840,7 @@ mod test {

        assert!(fee_data.verify_proof().is_ok());

-        // Case 4: invalid destination, auditor, or withdraw authority pubkeys
+        // Case 4: destination pubkey invalid
        let spendable_balance: u64 = 120;
        let spendable_ciphertext = source_keypair.pubkey().encrypt(spendable_balance);

@ -871,47 +871,5 @@ mod test {
        .unwrap();

        assert!(fee_data.verify_proof().is_err());
-
-        // auditor pubkey invalid
-        let destination_keypair = ElGamalKeypair::new_rand();
-        let destination_pubkey = destination_keypair.pubkey();
-
-        let auditor_pubkey = pod::ElGamalPubkey::zeroed().try_into().unwrap();
-
-        let withdraw_withheld_authority_keypair = ElGamalKeypair::new_rand();
-        let withdraw_withheld_authority_pubkey = withdraw_withheld_authority_keypair.pubkey();
-
-        let fee_data = TransferWithFeeData::new(
-            transfer_amount,
-            (spendable_balance, &spendable_ciphertext),
-            &source_keypair,
-            (destination_pubkey, &auditor_pubkey),
-            fee_parameters,
-            withdraw_withheld_authority_pubkey,
-        )
-        .unwrap();
-
-        assert!(fee_data.verify_proof().is_err());
-
-        // withdraw authority invalid
-        let destination_keypair = ElGamalKeypair::new_rand();
-        let destination_pubkey = destination_keypair.pubkey();
-
-        let auditor_keypair = ElGamalKeypair::new_rand();
-        let auditor_pubkey = auditor_keypair.pubkey();
-
-        let withdraw_withheld_authority_pubkey = pod::ElGamalPubkey::zeroed().try_into().unwrap();
-
-        let fee_data = TransferWithFeeData::new(
-            transfer_amount,
-            (spendable_balance, &spendable_ciphertext),
-            &source_keypair,
-            (destination_pubkey, auditor_pubkey),
-            fee_parameters,
-            &withdraw_withheld_authority_pubkey,
-        )
-        .unwrap();
-
-        assert!(fee_data.verify_proof().is_err());
    }
 }
--- a/zk-token-sdk/src/instruction/transfer/without_fee.rs
+++ b/zk-token-sdk/src/instruction/transfer/without_fee.rs
@ -524,13 +524,11 @@ mod test {

        assert!(transfer_data.verify_proof().is_ok());

-        // Case 4: invalid destination or auditor pubkey
+        // Case 4: destination pubkey is invalid
        let spendable_balance: u64 = 0;
        let spendable_ciphertext = source_keypair.pubkey().encrypt(spendable_balance);
-
        let transfer_amount: u64 = 0;

-        // destination pubkey invalid
        let dest_pk = pod::ElGamalPubkey::zeroed().try_into().unwrap();
        let auditor_keypair = ElGamalKeypair::new_rand();
        let auditor_pk = auditor_keypair.pubkey();
@ -544,21 +542,6 @@ mod test {
        .unwrap();

        assert!(transfer_data.verify_proof().is_err());
-
-        // auditor pubkey invalid
-        let dest_keypair = ElGamalKeypair::new_rand();
-        let dest_pk = dest_keypair.pubkey();
-        let auditor_pk = pod::ElGamalPubkey::zeroed().try_into().unwrap();
-
-        let transfer_data = TransferData::new(
-            transfer_amount,
-            (spendable_balance, &spendable_ciphertext),
-            &source_keypair,
-            (dest_pk, &auditor_pk),
-        )
-        .unwrap();
-
-        assert!(transfer_data.verify_proof().is_err());
    }

    #[test]
--- a/zk-token-sdk/src/sigma_proofs/grouped_ciphertext_validity_proof.rs
+++ b/zk-token-sdk/src/sigma_proofs/grouped_ciphertext_validity_proof.rs
@ -134,7 +134,8 @@ impl GroupedCiphertext2HandlesValidityProof {
        // include Y_0, Y_1, Y_2 to transcript and extract challenges
        transcript.validate_and_append_point(b"Y_0", &self.Y_0)?;
        transcript.validate_and_append_point(b"Y_1", &self.Y_1)?;
-        transcript.validate_and_append_point(b"Y_2", &self.Y_2)?;
+        // Y_2 can be an all zero point if the auditor public key is all zero
+        transcript.append_point(b"Y_2", &self.Y_2);

        let c = transcript.challenge_scalar(b"c");
        let w = transcript.challenge_scalar(b"w");
@ -301,37 +302,6 @@ mod test {
            )
            .is_err());

-        // if auditor public key zeroed, then the proof should always reject
-        let destination_keypair = ElGamalKeypair::new_rand();
-        let destination_pubkey = destination_keypair.pubkey();
-
-        let auditor_pubkey = ElGamalPubkey::from_bytes(&[0u8; 32]).unwrap();
-
-        let amount: u64 = 55;
-        let (commitment, opening) = Pedersen::new(amount);
-
-        let destination_handle = destination_pubkey.decrypt_handle(&opening);
-        let auditor_handle = auditor_pubkey.decrypt_handle(&opening);
-
-        let mut prover_transcript = Transcript::new(b"Test");
-        let mut verifier_transcript = Transcript::new(b"Test");
-
-        let proof = GroupedCiphertext2HandlesValidityProof::new(
-            (destination_pubkey, &auditor_pubkey),
-            amount,
-            &opening,
-            &mut prover_transcript,
-        );
-
-        assert!(proof
-            .verify(
-                &commitment,
-                (destination_pubkey, &auditor_pubkey),
-                (&destination_handle, &auditor_handle),
-                &mut verifier_transcript,
-            )
-            .is_err());
-
        // all zeroed ciphertext should still be valid
        let destination_keypair = ElGamalKeypair::new_rand();
        let destination_pubkey = destination_keypair.pubkey();