zk-token-sdk: add support for scalar - ciphertext/commitment multiplication (#24120)

zk-token-sdk/src/encryption/elgamal.rs

@@ -460,10 +460,10 @@ impl ElGamalCiphertext {
 impl<'a, 'b> Add<&'b ElGamalCiphertext> for &'a ElGamalCiphertext {
     type Output = ElGamalCiphertext;
 
-    fn add(self, other: &'b ElGamalCiphertext) -> ElGamalCiphertext {
+    fn add(self, ciphertext: &'b ElGamalCiphertext) -> ElGamalCiphertext {
         ElGamalCiphertext {
-            commitment: &self.commitment + &other.commitment,
+            commitment: &self.commitment + &ciphertext.commitment,
-            handle: &self.handle + &other.handle,
+            handle: &self.handle + &ciphertext.handle,
         }
     }
 }
@@ -477,10 +477,10 @@ define_add_variants!(
 impl<'a, 'b> Sub<&'b ElGamalCiphertext> for &'a ElGamalCiphertext {
     type Output = ElGamalCiphertext;
 
-    fn sub(self, other: &'b ElGamalCiphertext) -> ElGamalCiphertext {
+    fn sub(self, ciphertext: &'b ElGamalCiphertext) -> ElGamalCiphertext {
         ElGamalCiphertext {
-            commitment: &self.commitment - &other.commitment,
+            commitment: &self.commitment - &ciphertext.commitment,
-            handle: &self.handle - &other.handle,
+            handle: &self.handle - &ciphertext.handle,
         }
     }
 }
@@ -494,10 +494,10 @@ define_sub_variants!(
 impl<'a, 'b> Mul<&'b Scalar> for &'a ElGamalCiphertext {
     type Output = ElGamalCiphertext;
 
-    fn mul(self, other: &'b Scalar) -> ElGamalCiphertext {
+    fn mul(self, scalar: &'b Scalar) -> ElGamalCiphertext {
         ElGamalCiphertext {
-            commitment: &self.commitment * other,
+            commitment: &self.commitment * scalar,
-            handle: &self.handle * other,
+            handle: &self.handle * scalar,
         }
     }
 }
@@ -508,6 +508,23 @@ define_mul_variants!(
     Output = ElGamalCiphertext
 );
 
+impl<'a, 'b> Mul<&'b ElGamalCiphertext> for &'a Scalar {
+    type Output = ElGamalCiphertext;
+
+    fn mul(self, ciphertext: &'b ElGamalCiphertext) -> ElGamalCiphertext {
+        ElGamalCiphertext {
+            commitment: self * &ciphertext.commitment,
+            handle: self * &ciphertext.handle,
+        }
+    }
+}
+
+define_mul_variants!(
+    LHS = Scalar,
+    RHS = ElGamalCiphertext,
+    Output = ElGamalCiphertext
+);
+
 /// Decryption handle for Pedersen commitment.
 #[derive(Clone, Copy, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 pub struct DecryptHandle(RistrettoPoint);
@@ -535,8 +552,8 @@ impl DecryptHandle {
 impl<'a, 'b> Add<&'b DecryptHandle> for &'a DecryptHandle {
     type Output = DecryptHandle;
 
-    fn add(self, other: &'b DecryptHandle) -> DecryptHandle {
+    fn add(self, handle: &'b DecryptHandle) -> DecryptHandle {
-        DecryptHandle(&self.0 + &other.0)
+        DecryptHandle(&self.0 + &handle.0)
     }
 }
 
@@ -549,8 +566,8 @@ define_add_variants!(
 impl<'a, 'b> Sub<&'b DecryptHandle> for &'a DecryptHandle {
     type Output = DecryptHandle;
 
-    fn sub(self, other: &'b DecryptHandle) -> DecryptHandle {
+    fn sub(self, handle: &'b DecryptHandle) -> DecryptHandle {
-        DecryptHandle(&self.0 - &other.0)
+        DecryptHandle(&self.0 - &handle.0)
     }
 }
 
@@ -563,13 +580,23 @@ define_sub_variants!(
 impl<'a, 'b> Mul<&'b Scalar> for &'a DecryptHandle {
     type Output = DecryptHandle;
 
-    fn mul(self, other: &'b Scalar) -> DecryptHandle {
+    fn mul(self, scalar: &'b Scalar) -> DecryptHandle {
-        DecryptHandle(&self.0 * other)
+        DecryptHandle(&self.0 * scalar)
     }
 }
 
 define_mul_variants!(LHS = DecryptHandle, RHS = Scalar, Output = DecryptHandle);
 
+impl<'a, 'b> Mul<&'b DecryptHandle> for &'a Scalar {
+    type Output = DecryptHandle;
+
+    fn mul(self, handle: &'b DecryptHandle) -> DecryptHandle {
+        DecryptHandle(self * &handle.0)
+    }
+}
+
+define_mul_variants!(LHS = Scalar, RHS = DecryptHandle, Output = DecryptHandle);
+
 #[cfg(test)]
 mod tests {
     use {
@@ -700,6 +727,7 @@ mod tests {
             ElGamal::encrypt_with(amount_0 * amount_1, &public, &(&opening * scalar));
 
         assert_eq!(ciphertext_prod, ciphertext * scalar);
+        assert_eq!(ciphertext_prod, scalar * ciphertext);
     }
 
     #[test]

zk-token-sdk/src/encryption/pedersen.rs

@@ -109,8 +109,8 @@ impl ConstantTimeEq for PedersenOpening {
 impl<'a, 'b> Add<&'b PedersenOpening> for &'a PedersenOpening {
     type Output = PedersenOpening;
 
-    fn add(self, other: &'b PedersenOpening) -> PedersenOpening {
+    fn add(self, opening: &'b PedersenOpening) -> PedersenOpening {
-        PedersenOpening(&self.0 + &other.0)
+        PedersenOpening(&self.0 + &opening.0)
     }
 }
 
@@ -123,8 +123,8 @@ define_add_variants!(
 impl<'a, 'b> Sub<&'b PedersenOpening> for &'a PedersenOpening {
     type Output = PedersenOpening;
 
-    fn sub(self, other: &'b PedersenOpening) -> PedersenOpening {
+    fn sub(self, opening: &'b PedersenOpening) -> PedersenOpening {
-        PedersenOpening(&self.0 - &other.0)
+        PedersenOpening(&self.0 - &opening.0)
     }
 }
 
@@ -137,8 +137,8 @@ define_sub_variants!(
 impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenOpening {
     type Output = PedersenOpening;
 
-    fn mul(self, other: &'b Scalar) -> PedersenOpening {
+    fn mul(self, scalar: &'b Scalar) -> PedersenOpening {
-        PedersenOpening(&self.0 * other)
+        PedersenOpening(&self.0 * scalar)
     }
 }
 
@@ -148,6 +148,20 @@ define_mul_variants!(
     Output = PedersenOpening
 );
 
+impl<'a, 'b> Mul<&'b PedersenOpening> for &'a Scalar {
+    type Output = PedersenOpening;
+
+    fn mul(self, opening: &'b PedersenOpening) -> PedersenOpening {
+        PedersenOpening(self * &opening.0)
+    }
+}
+
+define_mul_variants!(
+    LHS = Scalar,
+    RHS = PedersenOpening,
+    Output = PedersenOpening
+);
+
 /// Pedersen commitment type.
 #[derive(Clone, Copy, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 pub struct PedersenCommitment(pub(crate) RistrettoPoint);
@@ -171,8 +185,8 @@ impl PedersenCommitment {
 impl<'a, 'b> Add<&'b PedersenCommitment> for &'a PedersenCommitment {
     type Output = PedersenCommitment;
 
-    fn add(self, other: &'b PedersenCommitment) -> PedersenCommitment {
+    fn add(self, commitment: &'b PedersenCommitment) -> PedersenCommitment {
-        PedersenCommitment(&self.0 + &other.0)
+        PedersenCommitment(&self.0 + &commitment.0)
     }
 }
 
@@ -185,8 +199,8 @@ define_add_variants!(
 impl<'a, 'b> Sub<&'b PedersenCommitment> for &'a PedersenCommitment {
     type Output = PedersenCommitment;
 
-    fn sub(self, other: &'b PedersenCommitment) -> PedersenCommitment {
+    fn sub(self, commitment: &'b PedersenCommitment) -> PedersenCommitment {
-        PedersenCommitment(&self.0 - &other.0)
+        PedersenCommitment(&self.0 - &commitment.0)
     }
 }
 
@@ -199,8 +213,8 @@ define_sub_variants!(
 impl<'a, 'b> Mul<&'b Scalar> for &'a PedersenCommitment {
     type Output = PedersenCommitment;
 
-    fn mul(self, other: &'b Scalar) -> PedersenCommitment {
+    fn mul(self, scalar: &'b Scalar) -> PedersenCommitment {
-        PedersenCommitment(&self.0 * other)
+        PedersenCommitment(scalar * &self.0)
     }
 }
 
@@ -210,6 +224,20 @@ define_mul_variants!(
     Output = PedersenCommitment
 );
 
+impl<'a, 'b> Mul<&'b PedersenCommitment> for &'a Scalar {
+    type Output = PedersenCommitment;
+
+    fn mul(self, commitment: &'b PedersenCommitment) -> PedersenCommitment {
+        PedersenCommitment(self * &commitment.0)
+    }
+}
+
+define_mul_variants!(
+    LHS = Scalar,
+    RHS = PedersenCommitment,
+    Output = PedersenCommitment
+);
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -256,6 +284,7 @@ mod tests {
         let comm_addition = Pedersen::with(amt_0 * amt_1, &(open * scalar));
 
         assert_eq!(comm_addition, comm * scalar);
+        assert_eq!(comm_addition, scalar * comm);
     }
 
     #[test]