Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add proof version and improve range proofs #414

Merged
merged 8 commits into from
Aug 7, 2023
Merged

Add proof version and improve range proofs #414

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
fc8e8a7
Add proof version and improve range proofs in version 2.
eb-concordium Aug 1, 2023
c53983d
Clippy
eb-concordium Aug 1, 2023
1234ada
Format.
eb-concordium Aug 1, 2023
628edba
Test commit.
eb-concordium Aug 2, 2023
179dd43
Remove whitespaces.
eb-concordium Aug 2, 2023
cfae256
Add commitment and keys to transcript when revealing attribute in ver…
eb-concordium Aug 2, 2023
9f4dafb
Address review comments.
eb-concordium Aug 4, 2023
d92df0b
Address more review comments.
eb-concordium Aug 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions mobile_wallet/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ use concordium_base::{
id::{
self, account_holder,
constants::{ArCurve, AttributeKind},
id_proof_types::{Statement, StatementWithContext},
id_proof_types::{ProofVersion, Statement, StatementWithContext},
pedersen_commitment::Value as PedersenValue,
ps_sig,
secret_sharing::Threshold,
Expand Down Expand Up @@ -1051,7 +1051,13 @@ fn prove_id_statement_aux(input: &str) -> anyhow::Result<String> {
let id_object: IdentityObjectV1<Bls12, ArCurve, AttributeKind> = try_get(&v, "identityObject")?;
let challenge: [u8; 32] = try_get(&v, "challenge")?;
let proof = statement
.prove(&global, &challenge, &id_object.alist, &credential_context)
.prove(
ProofVersion::Version1,
&global,
&challenge,
&id_object.alist,
&credential_context,
)
.context("Could not produce proof.")?;
let response = serde_json::json!({
"idProof": common::Versioned::new(common::VERSION_0, proof),
Expand Down
16 changes: 13 additions & 3 deletions rust-src/concordium_base/benches/bulletproofs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ extern crate criterion;
use concordium_base::{
bulletproofs::{inner_product_proof::*, range_proof::*, utils::Generators},
curve_arithmetic::*,
id::id_proof_types::ProofVersion,
pedersen_commitment::*,
random_oracle::RandomOracle,
};
Expand Down Expand Up @@ -71,6 +72,7 @@ pub fn prove_verify_benchmarks(c: &mut Criterion) {
group.bench_function("Prove", move |b| {
b.iter(|| {
prove(
ProofVersion::Version1,
&mut transcript,
rng,
n,
Expand All @@ -86,6 +88,7 @@ pub fn prove_verify_benchmarks(c: &mut Criterion) {
let rng = &mut thread_rng();
let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version1,
&mut transcript,
rng,
n,
Expand All @@ -100,9 +103,16 @@ pub fn prove_verify_benchmarks(c: &mut Criterion) {
group.bench_function("Verify Efficient", move |b| {
b.iter(|| {
let mut transcript = RandomOracle::empty();
assert!(
verify_efficient(&mut transcript, n, &commitments, &proof, &gens, &keys).is_ok()
);
assert!(verify_efficient(
ProofVersion::Version1,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys
)
.is_ok());
})
});
}
Expand Down
18 changes: 16 additions & 2 deletions rust-src/concordium_base/benches/set_proof_bench.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ extern crate criterion;
use concordium_base::{
bulletproofs::{set_membership_proof, set_non_membership_proof, utils::Generators},
curve_arithmetic::*,
id::id_proof_types::ProofVersion,
pedersen_commitment::{CommitmentKey, Randomness},
random_oracle::RandomOracle,
};
Expand Down Expand Up @@ -68,6 +69,7 @@ pub fn bench_set_proofs(c: &mut Criterion) {
let rng = &mut thread_rng();
let mut transcript = RandomOracle::empty();
set_membership_proof::prove(
ProofVersion::Version1,
&mut transcript,
rng,
&the_set_p,
Expand All @@ -90,6 +92,7 @@ pub fn bench_set_proofs(c: &mut Criterion) {
let rng = &mut thread_rng();
let mut transcript = RandomOracle::empty();
set_non_membership_proof::prove(
ProofVersion::Version1,
&mut transcript,
rng,
&the_set_p,
Expand All @@ -105,6 +108,7 @@ pub fn bench_set_proofs(c: &mut Criterion) {
// Generate valid proofs for verification
let mut transcript = RandomOracle::empty();
let snm_proof = set_non_membership_proof::prove(
ProofVersion::Version1,
&mut transcript,
rng,
&the_set,
Expand All @@ -116,8 +120,16 @@ pub fn bench_set_proofs(c: &mut Criterion) {
assert!(snm_proof.is_ok());
let snm_proof = snm_proof.unwrap();
let mut transcript = RandomOracle::empty();
let sm_proof =
set_membership_proof::prove(&mut transcript, rng, &the_set, w, &gens, &v_keys, &w_rand);
let sm_proof = set_membership_proof::prove(
ProofVersion::Version1,
&mut transcript,
rng,
&the_set,
w,
&gens,
&v_keys,
&w_rand,
);
assert!(sm_proof.is_ok());
let sm_proof = sm_proof.unwrap();

Expand All @@ -131,6 +143,7 @@ pub fn bench_set_proofs(c: &mut Criterion) {
b.iter(|| {
let mut transcript = RandomOracle::empty();
set_membership_proof::verify(
ProofVersion::Version1,
&mut transcript,
&the_set_p,
&w_com_p,
Expand All @@ -152,6 +165,7 @@ pub fn bench_set_proofs(c: &mut Criterion) {
b.iter(|| {
let mut transcript = RandomOracle::empty();
set_non_membership_proof::verify(
ProofVersion::Version1,
&mut transcript,
&the_set_p,
&v_com_p,
Expand Down
136 changes: 126 additions & 10 deletions rust-src/concordium_base/src/bulletproofs/range_proof.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use super::{inner_product_proof::*, utils::*};
use crate::{
common::*,
curve_arithmetic::{multiexp, multiexp_table, multiexp_worker_given_table, Curve, Value},
id::id_proof_types::ProofVersion,
pedersen_commitment::*,
random_oracle::RandomOracle,
};
Expand Down Expand Up @@ -78,6 +79,7 @@ fn two_n_vec<F: Field>(n: u8) -> Vec<F> {
/// See the documentation of `prove` below for the meaning of arguments.
#[allow(clippy::too_many_arguments)]
pub fn prove_given_scalars<C: Curve, T: Rng>(
version: ProofVersion,
transcript: &mut RandomOracle,
csprng: &mut T,
n: u8,
Expand All @@ -95,6 +97,7 @@ pub fn prove_given_scalars<C: Curve, T: Rng>(
}

prove(
version,
transcript,
csprng,
n,
Expand All @@ -120,6 +123,7 @@ pub fn prove_given_scalars<C: Curve, T: Rng>(
#[allow(non_snake_case)]
#[allow(clippy::too_many_arguments)]
pub fn prove<C: Curve, T: Rng>(
version: ProofVersion,
transcript: &mut RandomOracle,
csprng: &mut T,
n: u8,
Expand Down Expand Up @@ -164,6 +168,13 @@ pub fn prove<C: Curve, T: Rng>(
let mut v_tilde_vec: Vec<C::Scalar> = Vec::with_capacity(usize::from(m));
let mut a_tilde_vec: Vec<C::Scalar> = Vec::with_capacity(usize::from(m));
let mut s_tilde_vec: Vec<C::Scalar> = Vec::with_capacity(usize::from(m));
if version >= ProofVersion::Version2 {
// Explicitly add n, generators and commitment keys to the transcript
transcript.append_message(b"G", &G);
transcript.append_message(b"H", &H);
transcript.append_message(b"v_keys", &v_keys);
transcript.append_message(b"n", &n);
}
for j in 0..v_vec.len() {
// get binary representation of value j
let (a_L_j, a_R_j) = a_L_a_R(v_vec[j], n);
Expand All @@ -185,6 +196,7 @@ pub fn prove<C: Curve, T: Rng>(
transcript.append_message(b"Vj", &V_j.0);
V_vec.push(V_j);
}

eb-concordium marked this conversation as resolved.
Show resolved Hide resolved
// compute blinding factor of A and S
let mut a_tilde_sum = C::Scalar::zero();
let mut s_tilde_sum = C::Scalar::zero();
Expand Down Expand Up @@ -477,6 +489,7 @@ pub enum VerificationError {
#[allow(clippy::too_many_arguments)]
#[allow(clippy::many_single_char_names)]
pub fn verify_efficient<C: Curve>(
version: ProofVersion,
transcript: &mut RandomOracle,
n: u8,
commitments: &[Commitment<C>],
Expand All @@ -495,6 +508,13 @@ pub fn verify_efficient<C: Curve>(
let (G, H): (Vec<_>, Vec<_>) = gens.G_H.iter().take(nm).cloned().unzip();
let B = v_keys.g;
let B_tilde = v_keys.h;
if version >= ProofVersion::Version2 {
// Explicitly add n, generators and commitment keys to the transcript
transcript.append_message(b"G", &G);
transcript.append_message(b"H", &H);
transcript.append_message(b"v_keys", &v_keys);
transcript.append_message(b"n", &n);
}
// append commitment V_j to transcript!
for V in commitments {
transcript.append_message(b"Vj", &V.0);
Expand Down Expand Up @@ -669,10 +689,17 @@ pub fn prove_less_than_or_equal<C: Curve, T: Rng>(
) -> Option<RangeProof<C>> {
let mut randomness = **randomness_b;
randomness.sub_assign(randomness_a);
prove(transcript, csprng, n, 2, &[b - a, a], gens, key, &[
Randomness::new(randomness),
Randomness::new(**randomness_a),
])
prove(
ProofVersion::Version1,
transcript,
csprng,
n,
2,
&[b - a, a],
gens,
key,
&[Randomness::new(randomness), Randomness::new(**randomness_a)],
)
}

/// Given commitments to a and b, verify that a <= b
Expand All @@ -690,6 +717,7 @@ pub fn verify_less_than_or_equal<C: Curve>(
) -> bool {
let commitment = Commitment(commitment_b.0.minus_point(&commitment_a.0));
verify_efficient(
ProofVersion::Version1,
transcript,
n,
&[commitment, *commitment_a],
Expand Down Expand Up @@ -889,6 +917,7 @@ mod tests {
}
let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version1,
&mut transcript,
rng,
n,
Expand All @@ -901,8 +930,42 @@ mod tests {
assert!(proof.is_some());
let proof = proof.unwrap();
let mut transcript = RandomOracle::empty();
let result = verify_efficient(&mut transcript, n, &commitments, &proof, &gens, &keys);
assert!(result.is_ok());
let result = verify_efficient(
ProofVersion::Version1,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert!(result.is_ok(), "Version 1 proof should verify");

let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version2,
&mut transcript,
rng,
n,
m,
&v_vec,
&gens,
&keys,
&randomness,
);
assert!(proof.is_some());
let proof = proof.unwrap();
let mut transcript = RandomOracle::empty();
let result = verify_efficient(
ProofVersion::Version2,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert!(result.is_ok(), "Version 2 proof should verify");
}

#[allow(non_snake_case)]
Expand Down Expand Up @@ -954,6 +1017,7 @@ mod tests {
}
let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version1,
&mut transcript,
rng,
n,
Expand All @@ -967,8 +1031,43 @@ mod tests {
let proof = proof.unwrap();

let mut transcript = RandomOracle::empty();
let result = verify_efficient(&mut transcript, n, &commitments, &proof, &gens, &keys);
assert!(result.is_ok());
let result = verify_efficient(
ProofVersion::Version1,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert!(result.is_ok(), "Version 1 proof should verify");

let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version2,
&mut transcript,
rng,
n,
m,
&v_vec,
&gens,
&keys,
&randomness,
);
assert!(proof.is_some());
let proof = proof.unwrap();

let mut transcript = RandomOracle::empty();
let result = verify_efficient(
ProofVersion::Version2,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert!(result.is_ok(), "Version 2 proof should verify");
}

#[allow(non_snake_case)]
Expand Down Expand Up @@ -1071,7 +1170,15 @@ mod tests {
assert!(proof.is_some());
let proof = proof.unwrap();
let mut transcript = RandomOracle::empty();
let result = verify_efficient(&mut transcript, n, &commitments, &proof, &gens, &keys);
let result = verify_efficient(
ProofVersion::Version1,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert_eq!(
result,
Err(VerificationError::Second),
Expand Down Expand Up @@ -1112,6 +1219,7 @@ mod tests {

let mut transcript = RandomOracle::empty();
let proof = prove(
ProofVersion::Version1,
&mut transcript,
rng,
n,
Expand All @@ -1125,7 +1233,15 @@ mod tests {
let proof = proof.unwrap();

let mut transcript = RandomOracle::empty();
let result = verify_efficient(&mut transcript, n, &commitments, &proof, &gens, &keys);
let result = verify_efficient(
ProofVersion::Version1,
&mut transcript,
n,
&commitments,
&proof,
&gens,
&keys,
);
assert!(result.is_ok());
}
}
Loading
Loading