diff --git a/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_2.rs index 1fb249957688dc..47614beb8f0e9b 100644 --- a/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_2.rs @@ -45,9 +45,9 @@ pub struct BatchedGroupedCiphertext2HandlesValidityProofData { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct BatchedGroupedCiphertext2HandlesValidityProofContext { - pub destination_pubkey: PodElGamalPubkey, // 32 bytes + pub first_pubkey: PodElGamalPubkey, // 32 bytes - pub auditor_pubkey: PodElGamalPubkey, // 32 bytes + pub second_pubkey: PodElGamalPubkey, // 32 bytes pub grouped_ciphertext_lo: PodGroupedElGamalCiphertext2Handles, // 96 bytes @@ -57,8 +57,8 @@ pub struct BatchedGroupedCiphertext2HandlesValidityProofContext { #[cfg(not(target_os = "solana"))] impl BatchedGroupedCiphertext2HandlesValidityProofData { pub fn new( - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, grouped_ciphertext_lo: &GroupedElGamalCiphertext<2>, grouped_ciphertext_hi: &GroupedElGamalCiphertext<2>, amount_lo: u64, @@ -66,14 +66,14 @@ impl BatchedGroupedCiphertext2HandlesValidityProofData { opening_lo: &PedersenOpening, opening_hi: &PedersenOpening, ) -> Result { - let pod_destination_pubkey = PodElGamalPubkey(destination_pubkey.into()); - let pod_auditor_pubkey = PodElGamalPubkey(auditor_pubkey.into()); + let pod_first_pubkey = PodElGamalPubkey(first_pubkey.into()); + let pod_second_pubkey = PodElGamalPubkey(second_pubkey.into()); let pod_grouped_ciphertext_lo = (*grouped_ciphertext_lo).into(); let pod_grouped_ciphertext_hi = (*grouped_ciphertext_hi).into(); let context = BatchedGroupedCiphertext2HandlesValidityProofContext { - destination_pubkey: pod_destination_pubkey, - auditor_pubkey: pod_auditor_pubkey, + first_pubkey: pod_first_pubkey, + second_pubkey: pod_second_pubkey, grouped_ciphertext_lo: pod_grouped_ciphertext_lo, grouped_ciphertext_hi: pod_grouped_ciphertext_hi, }; @@ -81,8 +81,8 @@ impl BatchedGroupedCiphertext2HandlesValidityProofData { let mut transcript = context.new_transcript(); let proof = BatchedGroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount_lo, amount_hi, opening_lo, @@ -108,31 +108,31 @@ impl ZkProofData fn verify_proof(&self) -> Result<(), ProofVerificationError> { let mut transcript = self.context.new_transcript(); - let destination_pubkey = self.context.destination_pubkey.try_into()?; - let auditor_pubkey = self.context.auditor_pubkey.try_into()?; + let first_pubkey = self.context.first_pubkey.try_into()?; + let second_pubkey = self.context.second_pubkey.try_into()?; let grouped_ciphertext_lo: GroupedElGamalCiphertext<2> = self.context.grouped_ciphertext_lo.try_into()?; let grouped_ciphertext_hi: GroupedElGamalCiphertext<2> = self.context.grouped_ciphertext_hi.try_into()?; - let destination_handle_lo = grouped_ciphertext_lo.handles.first().unwrap(); - let auditor_handle_lo = grouped_ciphertext_lo.handles.get(1).unwrap(); + let first_handle_lo = grouped_ciphertext_lo.handles.first().unwrap(); + let second_handle_lo = grouped_ciphertext_lo.handles.get(1).unwrap(); - let destination_handle_hi = grouped_ciphertext_hi.handles.first().unwrap(); - let auditor_handle_hi = grouped_ciphertext_hi.handles.get(1).unwrap(); + let first_handle_hi = grouped_ciphertext_hi.handles.first().unwrap(); + let second_handle_hi = grouped_ciphertext_hi.handles.get(1).unwrap(); let proof: BatchedGroupedCiphertext2HandlesValidityProof = self.proof.try_into()?; proof .verify( - &destination_pubkey, - &auditor_pubkey, + &first_pubkey, + &second_pubkey, &grouped_ciphertext_lo.commitment, &grouped_ciphertext_hi.commitment, - destination_handle_lo, - destination_handle_hi, - auditor_handle_lo, - auditor_handle_hi, + first_handle_lo, + first_handle_hi, + second_handle_lo, + second_handle_hi, &mut transcript, ) .map_err(|e| e.into()) @@ -145,8 +145,8 @@ impl BatchedGroupedCiphertext2HandlesValidityProofContext { let mut transcript = Transcript::new(b"batched-grouped-ciphertext-validity-2-handles-instruction"); - transcript.append_message(b"destination-pubkey", bytes_of(&self.destination_pubkey)); - transcript.append_message(b"auditor-pubkey", bytes_of(&self.auditor_pubkey)); + transcript.append_message(b"first-pubkey", bytes_of(&self.first_pubkey)); + transcript.append_message(b"second-pubkey", bytes_of(&self.second_pubkey)); transcript.append_message( b"grouped-ciphertext-lo", bytes_of(&self.grouped_ciphertext_lo), @@ -169,11 +169,11 @@ mod test { #[test] fn test_ciphertext_validity_proof_instruction_correctness() { - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount_lo: u64 = 11; let amount_hi: u64 = 22; @@ -181,21 +181,15 @@ mod test { let opening_lo = PedersenOpening::new_rand(); let opening_hi = PedersenOpening::new_rand(); - let grouped_ciphertext_lo = GroupedElGamal::encrypt_with( - [destination_pubkey, auditor_pubkey], - amount_lo, - &opening_lo, - ); + let grouped_ciphertext_lo = + GroupedElGamal::encrypt_with([first_pubkey, second_pubkey], amount_lo, &opening_lo); - let grouped_ciphertext_hi = GroupedElGamal::encrypt_with( - [destination_pubkey, auditor_pubkey], - amount_hi, - &opening_hi, - ); + let grouped_ciphertext_hi = + GroupedElGamal::encrypt_with([first_pubkey, second_pubkey], amount_hi, &opening_hi); let proof_data = BatchedGroupedCiphertext2HandlesValidityProofData::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, &grouped_ciphertext_lo, &grouped_ciphertext_hi, amount_lo, diff --git a/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_3.rs b/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_3.rs index a8ad6f799c47c7..405ff4d1764111 100644 --- a/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_3.rs +++ b/zk-sdk/src/elgamal_program/proof_data/batched_grouped_ciphertext_validity/handles_3.rs @@ -45,11 +45,11 @@ pub struct BatchedGroupedCiphertext3HandlesValidityProofData { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct BatchedGroupedCiphertext3HandlesValidityProofContext { - pub source_pubkey: PodElGamalPubkey, // 32 bytes + pub first_pubkey: PodElGamalPubkey, // 32 bytes - pub destination_pubkey: PodElGamalPubkey, // 32 bytes + pub second_pubkey: PodElGamalPubkey, // 32 bytes - pub auditor_pubkey: PodElGamalPubkey, // 32 bytes + pub third_pubkey: PodElGamalPubkey, // 32 bytes pub grouped_ciphertext_lo: PodGroupedElGamalCiphertext3Handles, // 128 bytes @@ -59,9 +59,9 @@ pub struct BatchedGroupedCiphertext3HandlesValidityProofContext { #[cfg(not(target_os = "solana"))] impl BatchedGroupedCiphertext3HandlesValidityProofData { pub fn new( - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, grouped_ciphertext_lo: &GroupedElGamalCiphertext<3>, grouped_ciphertext_hi: &GroupedElGamalCiphertext<3>, amount_lo: u64, @@ -69,16 +69,16 @@ impl BatchedGroupedCiphertext3HandlesValidityProofData { opening_lo: &PedersenOpening, opening_hi: &PedersenOpening, ) -> Result { - let pod_source_pubkey = PodElGamalPubkey(source_pubkey.into()); - let pod_destination_pubkey = PodElGamalPubkey(destination_pubkey.into()); - let pod_auditor_pubkey = PodElGamalPubkey(auditor_pubkey.into()); + let pod_first_pubkey = PodElGamalPubkey(first_pubkey.into()); + let pod_second_pubkey = PodElGamalPubkey(second_pubkey.into()); + let pod_third_pubkey = PodElGamalPubkey(third_pubkey.into()); let pod_grouped_ciphertext_lo = (*grouped_ciphertext_lo).into(); let pod_grouped_ciphertext_hi = (*grouped_ciphertext_hi).into(); let context = BatchedGroupedCiphertext3HandlesValidityProofContext { - source_pubkey: pod_source_pubkey, - destination_pubkey: pod_destination_pubkey, - auditor_pubkey: pod_auditor_pubkey, + first_pubkey: pod_first_pubkey, + second_pubkey: pod_second_pubkey, + third_pubkey: pod_third_pubkey, grouped_ciphertext_lo: pod_grouped_ciphertext_lo, grouped_ciphertext_hi: pod_grouped_ciphertext_hi, }; @@ -86,9 +86,9 @@ impl BatchedGroupedCiphertext3HandlesValidityProofData { let mut transcript = context.new_transcript(); let proof = BatchedGroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount_lo, amount_hi, opening_lo, @@ -114,37 +114,37 @@ impl ZkProofData fn verify_proof(&self) -> Result<(), ProofVerificationError> { let mut transcript = self.context.new_transcript(); - let source_pubkey = self.context.source_pubkey.try_into()?; - let destination_pubkey = self.context.destination_pubkey.try_into()?; - let auditor_pubkey = self.context.auditor_pubkey.try_into()?; + let first_pubkey = self.context.first_pubkey.try_into()?; + let second_pubkey = self.context.second_pubkey.try_into()?; + let third_pubkey = self.context.third_pubkey.try_into()?; let grouped_ciphertext_lo: GroupedElGamalCiphertext<3> = self.context.grouped_ciphertext_lo.try_into()?; let grouped_ciphertext_hi: GroupedElGamalCiphertext<3> = self.context.grouped_ciphertext_hi.try_into()?; - let source_handle_lo = grouped_ciphertext_lo.handles.first().unwrap(); - let destination_handle_lo = grouped_ciphertext_lo.handles.get(1).unwrap(); - let auditor_handle_lo = grouped_ciphertext_lo.handles.get(2).unwrap(); + let first_handle_lo = grouped_ciphertext_lo.handles.first().unwrap(); + let second_handle_lo = grouped_ciphertext_lo.handles.get(1).unwrap(); + let third_handle_lo = grouped_ciphertext_lo.handles.get(2).unwrap(); - let source_handle_hi = grouped_ciphertext_hi.handles.first().unwrap(); - let destination_handle_hi = grouped_ciphertext_hi.handles.get(1).unwrap(); - let auditor_handle_hi = grouped_ciphertext_hi.handles.get(2).unwrap(); + let first_handle_hi = grouped_ciphertext_hi.handles.first().unwrap(); + let second_handle_hi = grouped_ciphertext_hi.handles.get(1).unwrap(); + let third_handle_hi = grouped_ciphertext_hi.handles.get(2).unwrap(); let proof: BatchedGroupedCiphertext3HandlesValidityProof = self.proof.try_into()?; proof .verify( - &source_pubkey, - &destination_pubkey, - &auditor_pubkey, + &first_pubkey, + &second_pubkey, + &third_pubkey, &grouped_ciphertext_lo.commitment, &grouped_ciphertext_hi.commitment, - source_handle_lo, - source_handle_hi, - destination_handle_lo, - destination_handle_hi, - auditor_handle_lo, - auditor_handle_hi, + first_handle_lo, + first_handle_hi, + second_handle_lo, + second_handle_hi, + third_handle_lo, + third_handle_hi, &mut transcript, ) .map_err(|e| e.into()) @@ -157,9 +157,9 @@ impl BatchedGroupedCiphertext3HandlesValidityProofContext { let mut transcript = Transcript::new(b"batched-grouped-ciphertext-validity-3-handles-instruction"); - transcript.append_message(b"source-pubkey", bytes_of(&self.source_pubkey)); - transcript.append_message(b"destination-pubkey", bytes_of(&self.destination_pubkey)); - transcript.append_message(b"auditor-pubkey", bytes_of(&self.auditor_pubkey)); + transcript.append_message(b"first-pubkey", bytes_of(&self.first_pubkey)); + transcript.append_message(b"second-pubkey", bytes_of(&self.second_pubkey)); + transcript.append_message(b"third-pubkey", bytes_of(&self.third_pubkey)); transcript.append_message( b"grouped-ciphertext-lo", bytes_of(&self.grouped_ciphertext_lo), @@ -182,14 +182,14 @@ mod test { #[test] fn test_ciphertext_validity_proof_instruction_correctness() { - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount_lo: u64 = 11; let amount_hi: u64 = 22; @@ -198,21 +198,21 @@ mod test { let opening_hi = PedersenOpening::new_rand(); let grouped_ciphertext_lo = GroupedElGamal::encrypt_with( - [source_pubkey, destination_pubkey, auditor_pubkey], + [first_pubkey, second_pubkey, third_pubkey], amount_lo, &opening_lo, ); let grouped_ciphertext_hi = GroupedElGamal::encrypt_with( - [source_pubkey, destination_pubkey, auditor_pubkey], + [first_pubkey, second_pubkey, third_pubkey], amount_hi, &opening_hi, ); let proof_data = BatchedGroupedCiphertext3HandlesValidityProofData::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, &grouped_ciphertext_lo, &grouped_ciphertext_hi, amount_lo, diff --git a/zk-sdk/src/elgamal_program/proof_data/ciphertext_ciphertext_equality.rs b/zk-sdk/src/elgamal_program/proof_data/ciphertext_ciphertext_equality.rs index a00b9231edabd5..bc99eb38547bda 100644 --- a/zk-sdk/src/elgamal_program/proof_data/ciphertext_ciphertext_equality.rs +++ b/zk-sdk/src/elgamal_program/proof_data/ciphertext_ciphertext_equality.rs @@ -4,9 +4,6 @@ //! ciphertexts. The proof certifies that the two ciphertexts encrypt the same message. To generate //! the proof, a prover must provide the decryption key for the first ciphertext and the randomness //! used to generate the second ciphertext. -//! -//! The first ciphertext associated with the proof is referred to as the "source" ciphertext. The -//! second ciphertext associated with the proof is referred to as the "destination" ciphertext. #[cfg(not(target_os = "solana"))] use { @@ -48,44 +45,44 @@ pub struct CiphertextCiphertextEqualityProofData { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct CiphertextCiphertextEqualityProofContext { - pub source_pubkey: PodElGamalPubkey, // 32 bytes + pub first_pubkey: PodElGamalPubkey, // 32 bytes - pub destination_pubkey: PodElGamalPubkey, // 32 bytes + pub second_pubkey: PodElGamalPubkey, // 32 bytes - pub source_ciphertext: PodElGamalCiphertext, // 64 bytes + pub first_ciphertext: PodElGamalCiphertext, // 64 bytes - pub destination_ciphertext: PodElGamalCiphertext, // 64 bytes + pub second_ciphertext: PodElGamalCiphertext, // 64 bytes } #[cfg(not(target_os = "solana"))] impl CiphertextCiphertextEqualityProofData { pub fn new( - source_keypair: &ElGamalKeypair, - destination_pubkey: &ElGamalPubkey, - source_ciphertext: &ElGamalCiphertext, - destination_ciphertext: &ElGamalCiphertext, - destination_opening: &PedersenOpening, + first_keypair: &ElGamalKeypair, + second_pubkey: &ElGamalPubkey, + first_ciphertext: &ElGamalCiphertext, + second_ciphertext: &ElGamalCiphertext, + second_opening: &PedersenOpening, amount: u64, ) -> Result { - let pod_source_pubkey = PodElGamalPubkey(source_keypair.pubkey().into()); - let pod_destination_pubkey = PodElGamalPubkey(destination_pubkey.into()); - let pod_source_ciphertext = PodElGamalCiphertext(source_ciphertext.to_bytes()); - let pod_destination_ciphertext = PodElGamalCiphertext(destination_ciphertext.to_bytes()); + let pod_first_pubkey = PodElGamalPubkey(first_keypair.pubkey().into()); + let pod_second_pubkey = PodElGamalPubkey(second_pubkey.into()); + let pod_first_ciphertext = PodElGamalCiphertext(first_ciphertext.to_bytes()); + let pod_second_ciphertext = PodElGamalCiphertext(second_ciphertext.to_bytes()); let context = CiphertextCiphertextEqualityProofContext { - source_pubkey: pod_source_pubkey, - destination_pubkey: pod_destination_pubkey, - source_ciphertext: pod_source_ciphertext, - destination_ciphertext: pod_destination_ciphertext, + first_pubkey: pod_first_pubkey, + second_pubkey: pod_second_pubkey, + first_ciphertext: pod_first_ciphertext, + second_ciphertext: pod_second_ciphertext, }; let mut transcript = context.new_transcript(); let proof = CiphertextCiphertextEqualityProof::new( - source_keypair, - destination_pubkey, - source_ciphertext, - destination_opening, + first_keypair, + second_pubkey, + first_ciphertext, + second_opening, amount, &mut transcript, ) @@ -108,18 +105,18 @@ impl ZkProofData fn verify_proof(&self) -> Result<(), ProofVerificationError> { let mut transcript = self.context.new_transcript(); - let source_pubkey = self.context.source_pubkey.try_into()?; - let destination_pubkey = self.context.destination_pubkey.try_into()?; - let source_ciphertext = self.context.source_ciphertext.try_into()?; - let destination_ciphertext = self.context.destination_ciphertext.try_into()?; + let first_pubkey = self.context.first_pubkey.try_into()?; + let second_pubkey = self.context.second_pubkey.try_into()?; + let first_ciphertext = self.context.first_ciphertext.try_into()?; + let second_ciphertext = self.context.second_ciphertext.try_into()?; let proof: CiphertextCiphertextEqualityProof = self.proof.try_into()?; proof .verify( - &source_pubkey, - &destination_pubkey, - &source_ciphertext, - &destination_ciphertext, + &first_pubkey, + &second_pubkey, + &first_ciphertext, + &second_ciphertext, &mut transcript, ) .map_err(|e| e.into()) @@ -132,13 +129,10 @@ impl CiphertextCiphertextEqualityProofContext { fn new_transcript(&self) -> Transcript { let mut transcript = Transcript::new(b"ciphertext-ciphertext-equality-instruction"); - transcript.append_message(b"source-pubkey", bytes_of(&self.source_pubkey)); - transcript.append_message(b"destination-pubkey", bytes_of(&self.destination_pubkey)); - transcript.append_message(b"source-ciphertext", bytes_of(&self.source_ciphertext)); - transcript.append_message( - b"destination-ciphertext", - bytes_of(&self.destination_ciphertext), - ); + transcript.append_message(b"first-pubkey", bytes_of(&self.first_pubkey)); + transcript.append_message(b"second-pubkey", bytes_of(&self.second_pubkey)); + transcript.append_message(b"first-ciphertext", bytes_of(&self.first_ciphertext)); + transcript.append_message(b"second-ciphertext", bytes_of(&self.second_ciphertext)); transcript } @@ -150,23 +144,23 @@ mod test { #[test] fn test_ciphertext_ciphertext_instruction_correctness() { - let source_keypair = ElGamalKeypair::new_rand(); - let destination_keypair = ElGamalKeypair::new_rand(); + let first_keypair = ElGamalKeypair::new_rand(); + let second_keypair = ElGamalKeypair::new_rand(); let amount: u64 = 0; - let source_ciphertext = source_keypair.pubkey().encrypt(amount); + let first_ciphertext = first_keypair.pubkey().encrypt(amount); - let destination_opening = PedersenOpening::new_rand(); - let destination_ciphertext = destination_keypair + let second_opening = PedersenOpening::new_rand(); + let second_ciphertext = second_keypair .pubkey() - .encrypt_with(amount, &destination_opening); + .encrypt_with(amount, &second_opening); let proof_data = CiphertextCiphertextEqualityProofData::new( - &source_keypair, - destination_keypair.pubkey(), - &source_ciphertext, - &destination_ciphertext, - &destination_opening, + &first_keypair, + second_keypair.pubkey(), + &first_ciphertext, + &second_ciphertext, + &second_opening, amount, ) .unwrap(); @@ -174,19 +168,19 @@ mod test { assert!(proof_data.verify_proof().is_ok()); let amount: u64 = 55; - let source_ciphertext = source_keypair.pubkey().encrypt(amount); + let first_ciphertext = first_keypair.pubkey().encrypt(amount); - let destination_opening = PedersenOpening::new_rand(); - let destination_ciphertext = destination_keypair + let second_opening = PedersenOpening::new_rand(); + let second_ciphertext = second_keypair .pubkey() - .encrypt_with(amount, &destination_opening); + .encrypt_with(amount, &second_opening); let proof_data = CiphertextCiphertextEqualityProofData::new( - &source_keypair, - destination_keypair.pubkey(), - &source_ciphertext, - &destination_ciphertext, - &destination_opening, + &first_keypair, + second_keypair.pubkey(), + &first_ciphertext, + &second_ciphertext, + &second_opening, amount, ) .unwrap(); @@ -194,19 +188,19 @@ mod test { assert!(proof_data.verify_proof().is_ok()); let amount = u64::MAX; - let source_ciphertext = source_keypair.pubkey().encrypt(amount); + let first_ciphertext = first_keypair.pubkey().encrypt(amount); - let destination_opening = PedersenOpening::new_rand(); - let destination_ciphertext = destination_keypair + let second_opening = PedersenOpening::new_rand(); + let second_ciphertext = second_keypair .pubkey() - .encrypt_with(amount, &destination_opening); + .encrypt_with(amount, &second_opening); let proof_data = CiphertextCiphertextEqualityProofData::new( - &source_keypair, - destination_keypair.pubkey(), - &source_ciphertext, - &destination_ciphertext, - &destination_opening, + &first_keypair, + second_keypair.pubkey(), + &first_ciphertext, + &second_ciphertext, + &second_opening, amount, ) .unwrap(); diff --git a/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_2.rs index 91c1edf5191ec6..51f08d3b4f7bc7 100644 --- a/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_2.rs @@ -45,9 +45,9 @@ pub struct GroupedCiphertext2HandlesValidityProofData { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct GroupedCiphertext2HandlesValidityProofContext { - pub destination_pubkey: PodElGamalPubkey, // 32 bytes + pub first_pubkey: PodElGamalPubkey, // 32 bytes - pub auditor_pubkey: PodElGamalPubkey, // 32 bytes + pub second_pubkey: PodElGamalPubkey, // 32 bytes pub grouped_ciphertext: PodGroupedElGamalCiphertext2Handles, // 96 bytes } @@ -55,27 +55,27 @@ pub struct GroupedCiphertext2HandlesValidityProofContext { #[cfg(not(target_os = "solana"))] impl GroupedCiphertext2HandlesValidityProofData { pub fn new( - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, grouped_ciphertext: &GroupedElGamalCiphertext<2>, amount: u64, opening: &PedersenOpening, ) -> Result { - let pod_destination_pubkey = PodElGamalPubkey(destination_pubkey.into()); - let pod_auditor_pubkey = PodElGamalPubkey(auditor_pubkey.into()); + let pod_first_pubkey = PodElGamalPubkey(first_pubkey.into()); + let pod_second_pubkey = PodElGamalPubkey(second_pubkey.into()); let pod_grouped_ciphertext = (*grouped_ciphertext).into(); let context = GroupedCiphertext2HandlesValidityProofContext { - destination_pubkey: pod_destination_pubkey, - auditor_pubkey: pod_auditor_pubkey, + first_pubkey: pod_first_pubkey, + second_pubkey: pod_second_pubkey, grouped_ciphertext: pod_grouped_ciphertext, }; let mut transcript = context.new_transcript(); let proof = GroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount, opening, &mut transcript, @@ -99,23 +99,23 @@ impl ZkProofData fn verify_proof(&self) -> Result<(), ProofVerificationError> { let mut transcript = self.context.new_transcript(); - let destination_pubkey = self.context.destination_pubkey.try_into()?; - let auditor_pubkey = self.context.auditor_pubkey.try_into()?; + let first_pubkey = self.context.first_pubkey.try_into()?; + let second_pubkey = self.context.second_pubkey.try_into()?; let grouped_ciphertext: GroupedElGamalCiphertext<2> = self.context.grouped_ciphertext.try_into()?; - let destination_handle = grouped_ciphertext.handles.first().unwrap(); - let auditor_handle = grouped_ciphertext.handles.get(1).unwrap(); + let first_handle = grouped_ciphertext.handles.first().unwrap(); + let second_handle = grouped_ciphertext.handles.get(1).unwrap(); let proof: GroupedCiphertext2HandlesValidityProof = self.proof.try_into()?; proof .verify( &grouped_ciphertext.commitment, - &destination_pubkey, - &auditor_pubkey, - destination_handle, - auditor_handle, + &first_pubkey, + &second_pubkey, + first_handle, + second_handle, &mut transcript, ) .map_err(|e| e.into()) @@ -127,8 +127,8 @@ impl GroupedCiphertext2HandlesValidityProofContext { fn new_transcript(&self) -> Transcript { let mut transcript = Transcript::new(b"grouped-ciphertext-validity-2-handles-instruction"); - transcript.append_message(b"destination-pubkey", bytes_of(&self.destination_pubkey)); - transcript.append_message(b"auditor-pubkey", bytes_of(&self.auditor_pubkey)); + transcript.append_message(b"first-pubkey", bytes_of(&self.first_pubkey)); + transcript.append_message(b"second-pubkey", bytes_of(&self.second_pubkey)); transcript.append_message(b"grouped-ciphertext", bytes_of(&self.grouped_ciphertext)); transcript @@ -144,20 +144,20 @@ mod test { #[test] fn test_ciphertext_validity_proof_instruction_correctness() { - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount: u64 = 55; let opening = PedersenOpening::new_rand(); let grouped_ciphertext = - GroupedElGamal::encrypt_with([destination_pubkey, auditor_pubkey], amount, &opening); + GroupedElGamal::encrypt_with([first_pubkey, second_pubkey], amount, &opening); let proof_data = GroupedCiphertext2HandlesValidityProofData::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, &grouped_ciphertext, amount, &opening, diff --git a/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_3.rs b/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_3.rs index 9243d80f667340..3bd0e87413a8b5 100644 --- a/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_3.rs +++ b/zk-sdk/src/elgamal_program/proof_data/grouped_ciphertext_validity/handles_3.rs @@ -45,11 +45,11 @@ pub struct GroupedCiphertext3HandlesValidityProofData { #[derive(Clone, Copy, Pod, Zeroable)] #[repr(C)] pub struct GroupedCiphertext3HandlesValidityProofContext { - pub source_pubkey: PodElGamalPubkey, // 32 bytes + pub first_pubkey: PodElGamalPubkey, // 32 bytes - pub destination_pubkey: PodElGamalPubkey, // 32 bytes + pub second_pubkey: PodElGamalPubkey, // 32 bytes - pub auditor_pubkey: PodElGamalPubkey, // 32 bytes + pub third_pubkey: PodElGamalPubkey, // 32 bytes pub grouped_ciphertext: PodGroupedElGamalCiphertext3Handles, // 128 bytes } @@ -57,31 +57,31 @@ pub struct GroupedCiphertext3HandlesValidityProofContext { #[cfg(not(target_os = "solana"))] impl GroupedCiphertext3HandlesValidityProofData { pub fn new( - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, grouped_ciphertext: &GroupedElGamalCiphertext<3>, amount: u64, opening: &PedersenOpening, ) -> Result { - let pod_source_pubkey = PodElGamalPubkey(source_pubkey.into()); - let pod_destination_pubkey = PodElGamalPubkey(destination_pubkey.into()); - let pod_auditor_pubkey = PodElGamalPubkey(auditor_pubkey.into()); + let pod_first_pubkey = PodElGamalPubkey(first_pubkey.into()); + let pod_second_pubkey = PodElGamalPubkey(second_pubkey.into()); + let pod_third_pubkey = PodElGamalPubkey(third_pubkey.into()); let pod_grouped_ciphertext = (*grouped_ciphertext).into(); let context = GroupedCiphertext3HandlesValidityProofContext { - source_pubkey: pod_source_pubkey, - destination_pubkey: pod_destination_pubkey, - auditor_pubkey: pod_auditor_pubkey, + first_pubkey: pod_first_pubkey, + second_pubkey: pod_second_pubkey, + third_pubkey: pod_third_pubkey, grouped_ciphertext: pod_grouped_ciphertext, }; let mut transcript = context.new_transcript(); let proof = GroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount, opening, &mut transcript, @@ -105,27 +105,27 @@ impl ZkProofData fn verify_proof(&self) -> Result<(), ProofVerificationError> { let mut transcript = self.context.new_transcript(); - let source_pubkey = self.context.source_pubkey.try_into()?; - let destination_pubkey = self.context.destination_pubkey.try_into()?; - let auditor_pubkey = self.context.auditor_pubkey.try_into()?; + let first_pubkey = self.context.first_pubkey.try_into()?; + let second_pubkey = self.context.second_pubkey.try_into()?; + let third_pubkey = self.context.third_pubkey.try_into()?; let grouped_ciphertext: GroupedElGamalCiphertext<3> = self.context.grouped_ciphertext.try_into()?; - let source_handle = grouped_ciphertext.handles.first().unwrap(); - let destination_handle = grouped_ciphertext.handles.get(1).unwrap(); - let auditor_handle = grouped_ciphertext.handles.get(2).unwrap(); + let first_handle = grouped_ciphertext.handles.first().unwrap(); + let second_handle = grouped_ciphertext.handles.get(1).unwrap(); + let third_handle = grouped_ciphertext.handles.get(2).unwrap(); let proof: GroupedCiphertext3HandlesValidityProof = self.proof.try_into()?; proof .verify( &grouped_ciphertext.commitment, - &source_pubkey, - &destination_pubkey, - &auditor_pubkey, - source_handle, - destination_handle, - auditor_handle, + &first_pubkey, + &second_pubkey, + &third_pubkey, + first_handle, + second_handle, + third_handle, &mut transcript, ) .map_err(|e| e.into()) @@ -137,9 +137,9 @@ impl GroupedCiphertext3HandlesValidityProofContext { fn new_transcript(&self) -> Transcript { let mut transcript = Transcript::new(b"grouped-ciphertext-validity-3-handles-instruction"); - transcript.append_message(b"source-pubkey", bytes_of(&self.source_pubkey)); - transcript.append_message(b"destination-pubkey", bytes_of(&self.destination_pubkey)); - transcript.append_message(b"auditor-pubkey", bytes_of(&self.auditor_pubkey)); + transcript.append_message(b"first-pubkey", bytes_of(&self.first_pubkey)); + transcript.append_message(b"second-pubkey", bytes_of(&self.second_pubkey)); + transcript.append_message(b"third-pubkey", bytes_of(&self.third_pubkey)); transcript.append_message(b"grouped-ciphertext", bytes_of(&self.grouped_ciphertext)); transcript @@ -155,27 +155,27 @@ mod test { #[test] fn test_ciphertext_validity_proof_instruction_correctness() { - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount: u64 = 55; let opening = PedersenOpening::new_rand(); let grouped_ciphertext = GroupedElGamal::encrypt_with( - [source_pubkey, destination_pubkey, auditor_pubkey], + [first_pubkey, second_pubkey, third_pubkey], amount, &opening, ); let proof_data = GroupedCiphertext3HandlesValidityProofData::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, &grouped_ciphertext, amount, &opening, diff --git a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs index 816bebe8a1cc32..2b8f747e38693e 100644 --- a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs @@ -29,10 +29,10 @@ use { /// /// A batched grouped ciphertext validity proof certifies the validity of two instances of a /// standard ciphertext validity proof. An instance of a standard validity proof consists of one -/// ciphertext and two decryption handles: `(commitment, destination_handle, auditor_handle)`. An +/// ciphertext and two decryption handles: `(commitment, first_handle, second_handle)`. An /// instance of a batched ciphertext validity proof is a pair `(commitment_0, -/// destination_handle_0, auditor_handle_0)` and `(commitment_1, destination_handle_1, -/// auditor_handle_1)`. The proof certifies the analogous decryptable properties for each one of +/// first_handle_0, second_handle_0)` and `(commitment_1, first_handle_1, +/// second_handle_1)`. The proof certifies the analogous decryptable properties for each one of /// these pairs of commitment and decryption handles. #[allow(non_snake_case)] #[derive(Clone)] @@ -48,8 +48,8 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { /// /// This function is randomized. It uses `OsRng` internally to generate random scalars. pub fn new>( - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, amount_lo: T, amount_hi: T, opening_lo: &PedersenOpening, @@ -64,8 +64,8 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { let batched_opening = opening_lo + &(opening_hi * &t); BatchedGroupedCiphertext2HandlesValidityProof(GroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, batched_message, &batched_opening, transcript, @@ -80,14 +80,14 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { #[allow(clippy::too_many_arguments)] pub fn verify( self, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, commitment_lo: &PedersenCommitment, commitment_hi: &PedersenCommitment, - destination_handle_lo: &DecryptHandle, - destination_handle_hi: &DecryptHandle, - auditor_handle_lo: &DecryptHandle, - auditor_handle_hi: &DecryptHandle, + first_handle_lo: &DecryptHandle, + first_handle_hi: &DecryptHandle, + second_handle_lo: &DecryptHandle, + second_handle_hi: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.batched_grouped_ciphertext_validity_proof_domain_separator(2); @@ -95,17 +95,17 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { let t = transcript.challenge_scalar(b"t"); let batched_commitment = commitment_lo + commitment_hi * t; - let destination_batched_handle = destination_handle_lo + destination_handle_hi * t; - let auditor_batched_handle = auditor_handle_lo + auditor_handle_hi * t; + let first_batched_handle = first_handle_lo + first_handle_hi * t; + let second_batched_handle = second_handle_lo + second_handle_hi * t; let BatchedGroupedCiphertext2HandlesValidityProof(validity_proof) = self; validity_proof.verify( &batched_commitment, - destination_pubkey, - auditor_pubkey, - &destination_batched_handle, - &auditor_batched_handle, + first_pubkey, + second_pubkey, + &first_batched_handle, + &second_batched_handle, transcript, ) } @@ -128,11 +128,11 @@ mod test { #[test] fn test_batched_grouped_ciphertext_validity_proof() { - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount_lo: u64 = 55; let amount_hi: u64 = 77; @@ -140,18 +140,18 @@ mod test { let (commitment_lo, open_lo) = Pedersen::new(amount_lo); let (commitment_hi, open_hi) = Pedersen::new(amount_hi); - let destination_handle_lo = destination_pubkey.decrypt_handle(&open_lo); - let destination_handle_hi = destination_pubkey.decrypt_handle(&open_hi); + let first_handle_lo = first_pubkey.decrypt_handle(&open_lo); + let first_handle_hi = first_pubkey.decrypt_handle(&open_hi); - let auditor_handle_lo = auditor_pubkey.decrypt_handle(&open_lo); - let auditor_handle_hi = auditor_pubkey.decrypt_handle(&open_hi); + let second_handle_lo = second_pubkey.decrypt_handle(&open_lo); + let second_handle_hi = second_pubkey.decrypt_handle(&open_hi); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = BatchedGroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount_lo, amount_hi, &open_lo, @@ -161,14 +161,14 @@ mod test { assert!(proof .verify( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, &commitment_lo, &commitment_hi, - &destination_handle_lo, - &destination_handle_hi, - &auditor_handle_lo, - &auditor_handle_hi, + &first_handle_lo, + &first_handle_hi, + &second_handle_lo, + &second_handle_hi, &mut verifier_transcript, ) .is_ok()); diff --git a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_3.rs b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_3.rs index d4d79905418c8a..83dfd2c786c185 100644 --- a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_3.rs +++ b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_3.rs @@ -3,10 +3,10 @@ //! A batched grouped ciphertext validity proof certifies the validity of two instances of a //! standard grouped ciphertext validity proof. An instance of a standard grouped ciphertext //! with 3 handles validity proof consists of one ciphertext and three decryption handles: -//! `(commitment, source_handle, destination_handle, auditor_handle)`. An instance of a batched +//! `(commitment, first_handle, second_handle, third_handle)`. An instance of a batched //! grouped ciphertext with 3 handles validity proof consist of a pair of `(commitment_0, -//! source_handle_0, destination_handle_0, auditor_handle_0)` and `(commitment_1, source_handle_1, -//! destination_handle_1, auditor_handle_1)`. The proof certifies the anagolous decryptable +//! first_handle_0, second_handle_0, third_handle_0)` and `(commitment_1, first_handle_1, +//! second_handle_1, third_handle_1)`. The proof certifies the anagolous decryptable //! properties for each one of these pairs of commitment and decryption handles. //! //! The protocol guarantees computational soundness (by the hardness of discrete log) and perfect @@ -48,9 +48,9 @@ impl BatchedGroupedCiphertext3HandlesValidityProof { /// The function simply batches the input openings and invokes the standard grouped ciphertext /// validity proof constructor. pub fn new>( - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, amount_lo: T, amount_hi: T, opening_lo: &PedersenOpening, @@ -65,9 +65,9 @@ impl BatchedGroupedCiphertext3HandlesValidityProof { let batched_opening = opening_lo + &(opening_hi * &t); BatchedGroupedCiphertext3HandlesValidityProof(GroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, batched_message, &batched_opening, transcript, @@ -84,17 +84,17 @@ impl BatchedGroupedCiphertext3HandlesValidityProof { #[allow(clippy::too_many_arguments)] pub fn verify( self, - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, commitment_lo: &PedersenCommitment, commitment_hi: &PedersenCommitment, - source_handle_lo: &DecryptHandle, - source_handle_hi: &DecryptHandle, - destination_handle_lo: &DecryptHandle, - destination_handle_hi: &DecryptHandle, - auditor_handle_lo: &DecryptHandle, - auditor_handle_hi: &DecryptHandle, + first_handle_lo: &DecryptHandle, + first_handle_hi: &DecryptHandle, + second_handle_lo: &DecryptHandle, + second_handle_hi: &DecryptHandle, + third_handle_lo: &DecryptHandle, + third_handle_hi: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.batched_grouped_ciphertext_validity_proof_domain_separator(3); @@ -102,20 +102,20 @@ impl BatchedGroupedCiphertext3HandlesValidityProof { let t = transcript.challenge_scalar(b"t"); let batched_commitment = commitment_lo + commitment_hi * t; - let source_batched_handle = source_handle_lo + source_handle_hi * t; - let destination_batched_handle = destination_handle_lo + destination_handle_hi * t; - let auditor_batched_handle = auditor_handle_lo + auditor_handle_hi * t; + let first_batched_handle = first_handle_lo + first_handle_hi * t; + let second_batched_handle = second_handle_lo + second_handle_hi * t; + let third_batched_handle = third_handle_lo + third_handle_hi * t; let BatchedGroupedCiphertext3HandlesValidityProof(validity_proof) = self; validity_proof.verify( &batched_commitment, - source_pubkey, - destination_pubkey, - auditor_pubkey, - &source_batched_handle, - &destination_batched_handle, - &auditor_batched_handle, + first_pubkey, + second_pubkey, + third_pubkey, + &first_batched_handle, + &second_batched_handle, + &third_batched_handle, transcript, ) } @@ -138,14 +138,14 @@ mod test { #[test] fn test_batched_grouped_ciphertext_validity_proof() { - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keyapir = ElGamalKeypair::new_rand(); + let second_pubkey = second_keyapir.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount_lo: u64 = 55; let amount_hi: u64 = 77; @@ -153,22 +153,22 @@ mod test { let (commitment_lo, open_lo) = Pedersen::new(amount_lo); let (commitment_hi, open_hi) = Pedersen::new(amount_hi); - let source_handle_lo = source_pubkey.decrypt_handle(&open_lo); - let source_handle_hi = source_pubkey.decrypt_handle(&open_hi); + let first_handle_lo = first_pubkey.decrypt_handle(&open_lo); + let first_handle_hi = first_pubkey.decrypt_handle(&open_hi); - let destination_handle_lo = destination_pubkey.decrypt_handle(&open_lo); - let destination_handle_hi = destination_pubkey.decrypt_handle(&open_hi); + let second_handle_lo = second_pubkey.decrypt_handle(&open_lo); + let second_handle_hi = second_pubkey.decrypt_handle(&open_hi); - let auditor_handle_lo = auditor_pubkey.decrypt_handle(&open_lo); - let auditor_handle_hi = auditor_pubkey.decrypt_handle(&open_hi); + let third_handle_lo = third_pubkey.decrypt_handle(&open_lo); + let third_handle_hi = third_pubkey.decrypt_handle(&open_hi); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = BatchedGroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount_lo, amount_hi, &open_lo, @@ -178,17 +178,17 @@ mod test { assert!(proof .verify( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, &commitment_lo, &commitment_hi, - &source_handle_lo, - &source_handle_hi, - &destination_handle_lo, - &destination_handle_hi, - &auditor_handle_lo, - &auditor_handle_hi, + &first_handle_lo, + &first_handle_hi, + &second_handle_lo, + &second_handle_hi, + &third_handle_lo, + &third_handle_hi, &mut verifier_transcript, ) .is_ok()); diff --git a/zk-sdk/src/sigma_proofs/ciphertext_ciphertext_equality.rs b/zk-sdk/src/sigma_proofs/ciphertext_ciphertext_equality.rs index 3116038d025d82..9ff9529e4a52e8 100644 --- a/zk-sdk/src/sigma_proofs/ciphertext_ciphertext_equality.rs +++ b/zk-sdk/src/sigma_proofs/ciphertext_ciphertext_equality.rs @@ -59,42 +59,42 @@ impl CiphertextCiphertextEqualityProof { /// /// This function is randomized. It uses `OsRng` internally to generate random scalars. /// - /// * `source_keypair` - The ElGamal keypair associated with the first ciphertext to be proved - /// * `destination_pubkey` - The ElGamal pubkey associated with the second ElGamal ciphertext - /// * `source_ciphertext` - The first ElGamal ciphertext for which the prover knows a + /// * `first_keypair` - The ElGamal keypair associated with the first ciphertext to be proved + /// * `second_pubkey` - The ElGamal pubkey associated with the second ElGamal ciphertext + /// * `first_ciphertext` - The first ElGamal ciphertext for which the prover knows a /// decryption key for - /// * `destination_opening` - The opening (randomness) associated with the second ElGamal ciphertext + /// * `second_opening` - The opening (randomness) associated with the second ElGamal ciphertext /// * `amount` - The message associated with the ElGamal ciphertext and Pedersen commitment /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn new( - source_keypair: &ElGamalKeypair, - destination_pubkey: &ElGamalPubkey, - source_ciphertext: &ElGamalCiphertext, - destination_opening: &PedersenOpening, + first_keypair: &ElGamalKeypair, + second_pubkey: &ElGamalPubkey, + first_ciphertext: &ElGamalCiphertext, + second_opening: &PedersenOpening, amount: u64, transcript: &mut Transcript, ) -> Self { transcript.ciphertext_ciphertext_equality_proof_domain_separator(); // extract the relevant scalar and Ristretto points from the inputs - let P_source = source_keypair.pubkey().get_point(); - let D_source = source_ciphertext.handle.get_point(); - let P_destination = destination_pubkey.get_point(); + let P_first = first_keypair.pubkey().get_point(); + let D_first = first_ciphertext.handle.get_point(); + let P_second = second_pubkey.get_point(); - let s = source_keypair.secret().get_scalar(); + let s = first_keypair.secret().get_scalar(); let x = Scalar::from(amount); - let r = destination_opening.get_scalar(); + let r = second_opening.get_scalar(); // generate random masking factors that also serves as nonces let mut y_s = Scalar::random(&mut OsRng); let mut y_x = Scalar::random(&mut OsRng); let mut y_r = Scalar::random(&mut OsRng); - let Y_0 = (&y_s * P_source).compress(); + let Y_0 = (&y_s * P_first).compress(); let Y_1 = - RistrettoPoint::multiscalar_mul(vec![&y_x, &y_s], vec![&(*G), D_source]).compress(); + RistrettoPoint::multiscalar_mul(vec![&y_x, &y_s], vec![&(*G), D_first]).compress(); let Y_2 = RistrettoPoint::multiscalar_mul(vec![&y_x, &y_r], vec![&(*G), &(*H)]).compress(); - let Y_3 = (&y_r * P_destination).compress(); + let Y_3 = (&y_r * P_second).compress(); // record masking factors in the transcript transcript.append_point(b"Y_0", &Y_0); @@ -128,29 +128,29 @@ impl CiphertextCiphertextEqualityProof { /// Verifies a ciphertext-ciphertext equality proof. /// - /// * `source_pubkey` - The ElGamal pubkey associated with the first ciphertext to be proved - /// * `destination_pubkey` - The ElGamal pubkey associated with the second ciphertext to be proved - /// * `source_ciphertext` - The first ElGamal ciphertext to be proved - /// * `destination_ciphertext` - The second ElGamal ciphertext to be proved + /// * `first_pubkey` - The ElGamal pubkey associated with the first ciphertext to be proved + /// * `second_pubkey` - The ElGamal pubkey associated with the second ciphertext to be proved + /// * `first_ciphertext` - The first ElGamal ciphertext to be proved + /// * `second_ciphertext` - The second ElGamal ciphertext to be proved /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn verify( self, - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - source_ciphertext: &ElGamalCiphertext, - destination_ciphertext: &ElGamalCiphertext, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + first_ciphertext: &ElGamalCiphertext, + second_ciphertext: &ElGamalCiphertext, transcript: &mut Transcript, ) -> Result<(), EqualityProofVerificationError> { transcript.ciphertext_ciphertext_equality_proof_domain_separator(); // extract the relevant scalar and Ristretto points from the inputs - let P_source = source_pubkey.get_point(); - let C_source = source_ciphertext.commitment.get_point(); - let D_source = source_ciphertext.handle.get_point(); + let P_first = first_pubkey.get_point(); + let C_first = first_ciphertext.commitment.get_point(); + let D_first = first_ciphertext.handle.get_point(); - let P_destination = destination_pubkey.get_point(); - let C_destination = destination_ciphertext.commitment.get_point(); - let D_destination = destination_ciphertext.handle.get_point(); + let P_second = second_pubkey.get_point(); + let C_second = second_ciphertext.commitment.get_point(); + let D_second = second_ciphertext.handle.get_point(); // include Y_0, Y_1, Y_2 to transcript and extract challenges transcript.validate_and_append_point(b"Y_0", &self.Y_0)?; @@ -203,20 +203,20 @@ impl CiphertextCiphertextEqualityProof { &www_negated, ], vec![ - P_source, // P_source - &(*H), // H - &Y_0, // Y_0 - &(*G), // G - D_source, // D_source - C_source, // C_source - &Y_1, // Y_1 - &(*G), // G - &(*H), // H - C_destination, // C_destination - &Y_2, // Y_2 - P_destination, // P_destination - D_destination, // D_destination - &Y_3, // Y_3 + P_first, // P_first + &(*H), // H + &Y_0, // Y_0 + &(*G), // G + D_first, // D_first + C_first, // C_first + &Y_1, // Y_1 + &(*G), // G + &(*H), // H + C_second, // C_second + &Y_2, // Y_2 + P_second, // P_second + D_second, // D_second + &Y_3, // Y_3 ], ); @@ -272,68 +272,68 @@ mod test { #[test] fn test_ciphertext_ciphertext_equality_proof_correctness() { // success case - let source_keypair = ElGamalKeypair::new_rand(); - let destination_keypair = ElGamalKeypair::new_rand(); + let first_keypair = ElGamalKeypair::new_rand(); + let second_keypair = ElGamalKeypair::new_rand(); let message: u64 = 55; - let source_ciphertext = source_keypair.pubkey().encrypt(message); + let first_ciphertext = first_keypair.pubkey().encrypt(message); - let destination_opening = PedersenOpening::new_rand(); - let destination_ciphertext = destination_keypair + let second_opening = PedersenOpening::new_rand(); + let second_ciphertext = second_keypair .pubkey() - .encrypt_with(message, &destination_opening); + .encrypt_with(message, &second_opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = CiphertextCiphertextEqualityProof::new( - &source_keypair, - destination_keypair.pubkey(), - &source_ciphertext, - &destination_opening, + &first_keypair, + second_keypair.pubkey(), + &first_ciphertext, + &second_opening, message, &mut prover_transcript, ); assert!(proof .verify( - source_keypair.pubkey(), - destination_keypair.pubkey(), - &source_ciphertext, - &destination_ciphertext, + first_keypair.pubkey(), + second_keypair.pubkey(), + &first_ciphertext, + &second_ciphertext, &mut verifier_transcript ) .is_ok()); // fail case: encrypted and committed messages are different - let source_message: u64 = 55; - let destination_message: u64 = 77; + let first_message: u64 = 55; + let second_message: u64 = 77; - let source_ciphertext = source_keypair.pubkey().encrypt(source_message); + let first_ciphertext = first_keypair.pubkey().encrypt(first_message); - let destination_opening = PedersenOpening::new_rand(); - let destination_ciphertext = destination_keypair + let second_opening = PedersenOpening::new_rand(); + let second_ciphertext = second_keypair .pubkey() - .encrypt_with(destination_message, &destination_opening); + .encrypt_with(second_message, &second_opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = CiphertextCiphertextEqualityProof::new( - &source_keypair, - destination_keypair.pubkey(), - &source_ciphertext, - &destination_opening, + &first_keypair, + second_keypair.pubkey(), + &first_ciphertext, + &second_opening, message, &mut prover_transcript, ); assert!(proof .verify( - source_keypair.pubkey(), - destination_keypair.pubkey(), - &source_ciphertext, - &destination_ciphertext, + first_keypair.pubkey(), + second_keypair.pubkey(), + &first_ciphertext, + &second_ciphertext, &mut verifier_transcript ) .is_err()); diff --git a/zk-sdk/src/sigma_proofs/ciphertext_commitment_equality.rs b/zk-sdk/src/sigma_proofs/ciphertext_commitment_equality.rs index 4a0c68eef25ebf..341d8e5a3aee2b 100644 --- a/zk-sdk/src/sigma_proofs/ciphertext_commitment_equality.rs +++ b/zk-sdk/src/sigma_proofs/ciphertext_commitment_equality.rs @@ -66,14 +66,14 @@ impl CiphertextCommitmentEqualityProof { /// Note that the proof constructor does not take the actual Pedersen commitment as input; it /// takes the associated Pedersen opening instead. /// - /// * `source_keypair` - The ElGamal keypair associated with the first to be proved - /// * `source_ciphertext` - The main ElGamal ciphertext to be proved + /// * `keypair` - The ElGamal keypair associated with the first to be proved + /// * `ciphertext` - The main ElGamal ciphertext to be proved /// * `amount` - The message associated with the ElGamal ciphertext and Pedersen commitment /// * `opening` - The opening associated with the main Pedersen commitment to be proved /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn new( - source_keypair: &ElGamalKeypair, - source_ciphertext: &ElGamalCiphertext, + keypair: &ElGamalKeypair, + ciphertext: &ElGamalCiphertext, opening: &PedersenOpening, amount: u64, transcript: &mut Transcript, @@ -81,10 +81,10 @@ impl CiphertextCommitmentEqualityProof { transcript.ciphertext_commitment_equality_proof_domain_separator(); // extract the relevant scalar and Ristretto points from the inputs - let P_source = source_keypair.pubkey().get_point(); - let D_source = source_ciphertext.handle.get_point(); + let P = keypair.pubkey().get_point(); + let D = ciphertext.handle.get_point(); - let s = source_keypair.secret().get_scalar(); + let s = keypair.secret().get_scalar(); let x = Scalar::from(amount); let r = opening.get_scalar(); @@ -93,9 +93,8 @@ impl CiphertextCommitmentEqualityProof { let mut y_x = Scalar::random(&mut OsRng); let mut y_r = Scalar::random(&mut OsRng); - let Y_0 = (&y_s * P_source).compress(); - let Y_1 = - RistrettoPoint::multiscalar_mul(vec![&y_x, &y_s], vec![&(*G), D_source]).compress(); + let Y_0 = (&y_s * P).compress(); + let Y_1 = RistrettoPoint::multiscalar_mul(vec![&y_x, &y_s], vec![&(*G), D]).compress(); let Y_2 = RistrettoPoint::multiscalar_mul(vec![&y_x, &y_r], vec![&(*G), &(*H)]).compress(); // record masking factors in the transcript @@ -128,24 +127,24 @@ impl CiphertextCommitmentEqualityProof { /// Verifies a ciphertext-commitment equality proof. /// - /// * `source_pubkey` - The ElGamal pubkey associated with the ciphertext to be proved - /// * `source_ciphertext` - The main ElGamal ciphertext to be proved - /// * `destination_commitment` - The main Pedersen commitment to be proved + /// * `pubkey` - The ElGamal pubkey associated with the ciphertext to be proved + /// * `ciphertext` - The main ElGamal ciphertext to be proved + /// * `commitment` - The main Pedersen commitment to be proved /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn verify( self, - source_pubkey: &ElGamalPubkey, - source_ciphertext: &ElGamalCiphertext, - destination_commitment: &PedersenCommitment, + pubkey: &ElGamalPubkey, + ciphertext: &ElGamalCiphertext, + commitment: &PedersenCommitment, transcript: &mut Transcript, ) -> Result<(), EqualityProofVerificationError> { transcript.ciphertext_commitment_equality_proof_domain_separator(); // extract the relevant scalar and Ristretto points from the inputs - let P_source = source_pubkey.get_point(); - let C_source = source_ciphertext.commitment.get_point(); - let D_source = source_ciphertext.handle.get_point(); - let C_destination = destination_commitment.get_point(); + let P = pubkey.get_point(); + let C_ciphertext = ciphertext.commitment.get_point(); + let D = ciphertext.handle.get_point(); + let C_commitment = commitment.get_point(); // include Y_0, Y_1, Y_2 to transcript and extract challenges transcript.validate_and_append_point(b"Y_0", &self.Y_0)?; @@ -188,17 +187,17 @@ impl CiphertextCommitmentEqualityProof { &ww_negated, // -ww ], vec![ - P_source, // P_source - &(*H), // H - &Y_0, // Y_0 - &(*G), // G - D_source, // D_source - C_source, // C_source - &Y_1, // Y_1 - &(*G), // G - &(*H), // H - C_destination, // C_destination - &Y_2, // Y_2 + P, // P + &(*H), // H + &Y_0, // Y_0 + &(*G), // G + D, // D + C_ciphertext, // C_ciphertext + &Y_1, // Y_1 + &(*G), // G + &(*H), // H + C_commitment, // C_commitment + &Y_2, // Y_2 ], ); @@ -251,56 +250,56 @@ mod test { #[test] fn test_ciphertext_commitment_equality_proof_correctness() { // success case - let source_keypair = ElGamalKeypair::new_rand(); + let keypair = ElGamalKeypair::new_rand(); let message: u64 = 55; - let source_ciphertext = source_keypair.pubkey().encrypt(message); - let (destination_commitment, destination_opening) = Pedersen::new(message); + let ciphertext = keypair.pubkey().encrypt(message); + let (commitment, opening) = Pedersen::new(message); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = CiphertextCommitmentEqualityProof::new( - &source_keypair, - &source_ciphertext, - &destination_opening, + &keypair, + &ciphertext, + &opening, message, &mut prover_transcript, ); assert!(proof .verify( - source_keypair.pubkey(), - &source_ciphertext, - &destination_commitment, + keypair.pubkey(), + &ciphertext, + &commitment, &mut verifier_transcript ) .is_ok()); // fail case: encrypted and committed messages are different - let source_keypair = ElGamalKeypair::new_rand(); + let keypair = ElGamalKeypair::new_rand(); let encrypted_message: u64 = 55; let committed_message: u64 = 77; - let source_ciphertext = source_keypair.pubkey().encrypt(encrypted_message); - let (destination_commitment, destination_opening) = Pedersen::new(committed_message); + let ciphertext = keypair.pubkey().encrypt(encrypted_message); + let (commitment, opening) = Pedersen::new(committed_message); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = CiphertextCommitmentEqualityProof::new( - &source_keypair, - &source_ciphertext, - &destination_opening, + &keypair, + &ciphertext, + &opening, message, &mut prover_transcript, ); assert!(proof .verify( - source_keypair.pubkey(), - &source_ciphertext, - &destination_commitment, + keypair.pubkey(), + &ciphertext, + &commitment, &mut verifier_transcript ) .is_err()); diff --git a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs index 1e6500edb8bbee..2b5ecd44dc5843 100644 --- a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs @@ -65,14 +65,14 @@ impl GroupedCiphertext2HandlesValidityProof { /// Note that the proof constructor does not take the actual Pedersen commitment or decryption /// handles as input; it only takes the associated Pedersen opening instead. /// - /// * `destination_pubkey` - The destination ElGamal public key - /// * `auditor_pubkey` - The auditor ElGamal public key + /// * `first_pubkey` - The first ElGamal public key + /// * `second_pubkey` - The second ElGamal public key /// * `amount` - The committed message in the commitment /// * `opening` - The opening associated with the Pedersen commitment /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn new>( - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, amount: T, opening: &PedersenOpening, transcript: &mut Transcript, @@ -80,8 +80,8 @@ impl GroupedCiphertext2HandlesValidityProof { transcript.grouped_ciphertext_validity_proof_domain_separator(2); // extract the relevant scalar and Ristretto points from the inputs - let P_dest = destination_pubkey.get_point(); - let P_auditor = auditor_pubkey.get_point(); + let P_first = first_pubkey.get_point(); + let P_second = second_pubkey.get_point(); let x = amount.into(); let r = opening.get_scalar(); @@ -91,8 +91,8 @@ impl GroupedCiphertext2HandlesValidityProof { let mut y_x = Scalar::random(&mut OsRng); let Y_0 = RistrettoPoint::multiscalar_mul(vec![&y_r, &y_x], vec![&(*H), &(*G)]).compress(); - let Y_1 = (&y_r * P_dest).compress(); - let Y_2 = (&y_r * P_auditor).compress(); + let Y_1 = (&y_r * P_first).compress(); + let Y_2 = (&y_r * P_second).compress(); // record masking factors in transcript and get challenges transcript.append_point(b"Y_0", &Y_0); @@ -121,18 +121,18 @@ impl GroupedCiphertext2HandlesValidityProof { /// Verifies a grouped ciphertext validity proof for 2 handles. /// /// * `commitment` - The Pedersen commitment - /// * `destination_pubkey` - The destination ElGamal public key - /// * `auditor_pubkey` - The auditor ElGamal public key - /// * `destination_handle` - The destination decryption handle - /// * `auditor_handle` - The auditor decryption handle + /// * `first_pubkey` - The first ElGamal public key + /// * `second_pubkey` - The second ElGamal public key + /// * `first_handle` - The first decryption handle + /// * `second_handle` - The second decryption handle /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn verify( self, commitment: &PedersenCommitment, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, - destination_handle: &DecryptHandle, - auditor_handle: &DecryptHandle, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + first_handle: &DecryptHandle, + second_handle: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.grouped_ciphertext_validity_proof_domain_separator(2); @@ -140,7 +140,7 @@ impl GroupedCiphertext2HandlesValidityProof { // include Y_0, Y_1, Y_2 to transcript and extract challenges transcript.validate_and_append_point(b"Y_0", &self.Y_0)?; transcript.validate_and_append_point(b"Y_1", &self.Y_1)?; - // Y_2 can be an all zero point if the auditor public key is all zero + // Y_2 can be an all zero point if the second public key is all zero transcript.append_point(b"Y_2", &self.Y_2); let c = transcript.challenge_scalar(b"c"); @@ -164,12 +164,12 @@ impl GroupedCiphertext2HandlesValidityProof { .decompress() .ok_or(SigmaProofVerificationError::Deserialization)?; - let P_dest = destination_pubkey.get_point(); - let P_auditor = auditor_pubkey.get_point(); + let P_first = first_pubkey.get_point(); + let P_second = second_pubkey.get_point(); let C = commitment.get_point(); - let D_dest = destination_handle.get_point(); - let D_auditor = auditor_handle.get_point(); + let D_first = first_handle.get_point(); + let D_second = second_handle.get_point(); let check = RistrettoPoint::vartime_multiscalar_mul( vec![ @@ -185,16 +185,16 @@ impl GroupedCiphertext2HandlesValidityProof { &ww_negated, // -ww ], vec![ - &(*H), // H - &(*G), // G - C, // C - &Y_0, // Y_0 - P_dest, // P_dest - D_dest, // D_dest - &Y_1, // Y_1 - P_auditor, // P_auditor - D_auditor, // D_auditor - &Y_2, // Y_2 + &(*H), // H + &(*G), // G + C, // C + &Y_0, // Y_0 + P_first, // P_first + D_first, // D_first + &Y_1, // Y_1 + P_second, // P_second + D_second, // D_second + &Y_2, // Y_2 ], ); @@ -243,24 +243,24 @@ mod test { #[test] fn test_grouped_ciphertext_validity_proof_correctness() { - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount: u64 = 55; let (commitment, opening) = Pedersen::new(amount); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount, &opening, &mut prover_transcript, @@ -269,10 +269,10 @@ mod test { assert!(proof .verify( &commitment, - destination_pubkey, - auditor_pubkey, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + &first_handle, + &second_handle, &mut verifier_transcript, ) .is_ok()); @@ -280,24 +280,24 @@ mod test { #[test] fn test_grouped_ciphertext_validity_proof_edge_cases() { - // if destination public key zeroed, then the proof should always reject - let destination_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); + // if the first public key zeroed, then the proof should always reject + let first_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount: u64 = 55; let (commitment, opening) = Pedersen::new(amount); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - &destination_pubkey, - auditor_pubkey, + &first_pubkey, + second_pubkey, amount, &opening, &mut prover_transcript, @@ -306,34 +306,34 @@ mod test { assert!(proof .verify( &commitment, - &destination_pubkey, - auditor_pubkey, - &destination_handle, - &auditor_handle, + &first_pubkey, + second_pubkey, + &first_handle, + &second_handle, &mut verifier_transcript, ) .is_err()); // all zeroed ciphertext should still be valid - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount: u64 = 0; let commitment = PedersenCommitment::from_bytes(&[0u8; 32]).unwrap(); let opening = PedersenOpening::from_bytes(&[0u8; 32]).unwrap(); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount, &opening, &mut prover_transcript, @@ -342,33 +342,33 @@ mod test { assert!(proof .verify( &commitment, - destination_pubkey, - auditor_pubkey, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + &first_handle, + &second_handle, &mut verifier_transcript, ) .is_ok()); // decryption handles can be zero as long as the Pedersen commitment is valid - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); let amount: u64 = 55; let (commitment, opening) = Pedersen::new(amount); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, amount, &opening, &mut prover_transcript, @@ -377,10 +377,10 @@ mod test { assert!(proof .verify( &commitment, - destination_pubkey, - auditor_pubkey, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + &first_handle, + &second_handle, &mut verifier_transcript, ) .is_ok()); diff --git a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_3.rs b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_3.rs index e9fae1abafefd9..a825eabb6235af 100644 --- a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_3.rs +++ b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_3.rs @@ -7,10 +7,6 @@ //! //! The protocol guarantees computational soundness (by the hardness of discrete log) and perfect //! zero-knowledge in the random oracle model. -//! -//! In accordance with its application to the SPL Token program, the first decryption handle -//! associated with the proof is referred to as the "source" handle, the second as the -//! "destination" handle, and the third as the "auditor" handle. #[cfg(not(target_os = "solana"))] use { @@ -70,16 +66,16 @@ impl GroupedCiphertext3HandlesValidityProof { /// Note that the proof constructor does not take the actual Pedersen commitment or decryption /// handles as input; it only takes the associated Pedersen opening instead. /// - /// * `source_pubkey` - The source ElGamal public key - /// * `destination_pubkey` - The destination ElGamal public key - /// * `auditor_pubkey` - The auditor ElGamal public key + /// * `first_pubkey` - The first ElGamal public key + /// * `second_pubkey` - The second ElGamal public key + /// * `third_pubkey` - The third ElGamal public key /// * `amount` - The committed message in the commitment /// * `opening` - The opening associated with the Pedersen commitment /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn new>( - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, amount: T, opening: &PedersenOpening, transcript: &mut Transcript, @@ -87,9 +83,9 @@ impl GroupedCiphertext3HandlesValidityProof { transcript.grouped_ciphertext_validity_proof_domain_separator(3); // extract the relevant scalar and Ristretto points from the inputs - let P_source = source_pubkey.get_point(); - let P_destination = destination_pubkey.get_point(); - let P_auditor = auditor_pubkey.get_point(); + let P_first = first_pubkey.get_point(); + let P_second = second_pubkey.get_point(); + let P_third = third_pubkey.get_point(); let x = amount.into(); let r = opening.get_scalar(); @@ -99,9 +95,9 @@ impl GroupedCiphertext3HandlesValidityProof { let mut y_x = Scalar::random(&mut OsRng); let Y_0 = RistrettoPoint::multiscalar_mul(vec![&y_r, &y_x], vec![&(*H), &(*G)]).compress(); - let Y_1 = (&y_r * P_source).compress(); - let Y_2 = (&y_r * P_destination).compress(); - let Y_3 = (&y_r * P_auditor).compress(); + let Y_1 = (&y_r * P_first).compress(); + let Y_2 = (&y_r * P_second).compress(); + let Y_3 = (&y_r * P_third).compress(); // record masking factors in transcript and get challenges transcript.append_point(b"Y_0", &Y_0); @@ -132,22 +128,22 @@ impl GroupedCiphertext3HandlesValidityProof { /// Verifies a grouped ciphertext with 3 handles validity proof. /// /// * `commitment` - The Pedersen commitment - /// * `source_pubkey` - The source ElGamal public key - /// * `destination_pubkey` - The destination ElGamal public key - /// * `auditor_pubkey` - The auditor ElGamal public key - /// * `source_handle` - The source decryption handle - /// * `destination_handle` - The destination decryption handle - /// * `auditor_handle` - The auditor decryption handle + /// * `first_pubkey` - The first ElGamal public key + /// * `second_pubkey` - The second ElGamal public key + /// * `third_pubkey` - The third ElGamal public key + /// * `first_handle` - The first decryption handle + /// * `second_handle` - The second decryption handle + /// * `third_handle` - The third decryption handle /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn verify( self, commitment: &PedersenCommitment, - source_pubkey: &ElGamalPubkey, - destination_pubkey: &ElGamalPubkey, - auditor_pubkey: &ElGamalPubkey, - source_handle: &DecryptHandle, - destination_handle: &DecryptHandle, - auditor_handle: &DecryptHandle, + first_pubkey: &ElGamalPubkey, + second_pubkey: &ElGamalPubkey, + third_pubkey: &ElGamalPubkey, + first_handle: &DecryptHandle, + second_handle: &DecryptHandle, + third_handle: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.grouped_ciphertext_validity_proof_domain_separator(3); @@ -156,8 +152,8 @@ impl GroupedCiphertext3HandlesValidityProof { transcript.validate_and_append_point(b"Y_0", &self.Y_0)?; transcript.validate_and_append_point(b"Y_1", &self.Y_1)?; transcript.validate_and_append_point(b"Y_2", &self.Y_2)?; - // the point `Y_3` is defined with respect to the auditor public key and can be zero if the - // auditor public key is zero + // the point `Y_3` is defined with respect to the third public key and can be zero if the + // third public key is zero transcript.append_point(b"Y_3", &self.Y_3); let c = transcript.challenge_scalar(b"c"); @@ -187,14 +183,14 @@ impl GroupedCiphertext3HandlesValidityProof { .decompress() .ok_or(SigmaProofVerificationError::Deserialization)?; - let P_source = source_pubkey.get_point(); - let P_destination = destination_pubkey.get_point(); - let P_auditor = auditor_pubkey.get_point(); + let P_first = first_pubkey.get_point(); + let P_second = second_pubkey.get_point(); + let P_third = third_pubkey.get_point(); let C = commitment.get_point(); - let D_source = source_handle.get_point(); - let D_destination = destination_handle.get_point(); - let D_auditor = auditor_handle.get_point(); + let D_first = first_handle.get_point(); + let D_second = second_handle.get_point(); + let D_third = third_handle.get_point(); let check = RistrettoPoint::vartime_multiscalar_mul( vec![ @@ -213,19 +209,19 @@ impl GroupedCiphertext3HandlesValidityProof { &www_negated, // -www ], vec![ - &(*H), // H - &(*G), // G - C, // C - &Y_0, // Y_0 - P_source, // P_destination - D_source, // D_destination - &Y_1, // Y_1 - P_destination, // P_destination - D_destination, // D_destination - &Y_2, // Y_1 - P_auditor, // P_auditor - D_auditor, // D_auditor - &Y_3, // Y_2 + &(*H), // H + &(*G), // G + C, // C + &Y_0, // Y_0 + P_first, // P_first + D_first, // D_first + &Y_1, // Y_1 + P_second, // P_second + D_second, // D_second + &Y_2, // Y_1 + P_third, // P_third + D_third, // D_third + &Y_3, // Y_2 ], ); @@ -277,29 +273,29 @@ mod test { #[test] fn test_grouped_ciphertext_3_handles_validity_proof_correctness() { - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount: u64 = 55; let (commitment, opening) = Pedersen::new(amount); - let source_handle = source_pubkey.decrypt_handle(&opening); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); + let third_handle = third_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount, &opening, &mut prover_transcript, @@ -308,12 +304,12 @@ mod test { assert!(proof .verify( &commitment, - source_pubkey, - destination_pubkey, - auditor_pubkey, - &source_handle, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + third_pubkey, + &first_handle, + &second_handle, + &third_handle, &mut verifier_transcript, ) .is_ok()); @@ -321,27 +317,27 @@ mod test { #[test] fn test_grouped_ciphertext_3_handles_validity_proof_edge_cases() { - // if source or destination public key zeroed, then the proof should always reject - let source_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); - let destination_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); + // if first or second public key zeroed, then the proof should always reject + let first_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); + let second_pubkey = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount: u64 = 55; let (commitment, opening) = Pedersen::new(amount); - let source_handle = destination_pubkey.decrypt_handle(&opening); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = second_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); + let third_handle = third_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext3HandlesValidityProof::new( - &source_pubkey, - &destination_pubkey, - auditor_pubkey, + &first_pubkey, + &second_pubkey, + third_pubkey, amount, &opening, &mut prover_transcript, @@ -350,41 +346,41 @@ mod test { assert!(proof .verify( &commitment, - &source_pubkey, - &destination_pubkey, - auditor_pubkey, - &source_handle, - &destination_handle, - &auditor_handle, + &first_pubkey, + &second_pubkey, + third_pubkey, + &first_handle, + &second_handle, + &third_handle, &mut verifier_transcript, ) .is_err()); // all zeroed ciphertext should still be valid - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount: u64 = 0; let commitment = PedersenCommitment::from_bytes(&[0u8; 32]).unwrap(); let opening = PedersenOpening::from_bytes(&[0u8; 32]).unwrap(); - let source_handle = source_pubkey.decrypt_handle(&opening); - let destination_handle = destination_pubkey.decrypt_handle(&opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&opening); + let first_handle = first_pubkey.decrypt_handle(&opening); + let second_handle = second_pubkey.decrypt_handle(&opening); + let third_handle = third_pubkey.decrypt_handle(&opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount, &opening, &mut prover_transcript, @@ -393,42 +389,42 @@ mod test { assert!(proof .verify( &commitment, - source_pubkey, - destination_pubkey, - auditor_pubkey, - &source_handle, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + third_pubkey, + &first_handle, + &second_handle, + &third_handle, &mut verifier_transcript, ) .is_ok()); // decryption handles can be zero as long as the Pedersen commitment is valid - let source_keypair = ElGamalKeypair::new_rand(); - let source_pubkey = source_keypair.pubkey(); + let first_keypair = ElGamalKeypair::new_rand(); + let first_pubkey = first_keypair.pubkey(); - let destination_keypair = ElGamalKeypair::new_rand(); - let destination_pubkey = destination_keypair.pubkey(); + let second_keypair = ElGamalKeypair::new_rand(); + let second_pubkey = second_keypair.pubkey(); - let auditor_keypair = ElGamalKeypair::new_rand(); - let auditor_pubkey = auditor_keypair.pubkey(); + let third_keypair = ElGamalKeypair::new_rand(); + let third_pubkey = third_keypair.pubkey(); let amount: u64 = 55; let zeroed_opening = PedersenOpening::default(); let commitment = Pedersen::with(amount, &zeroed_opening); - let source_handle = source_pubkey.decrypt_handle(&zeroed_opening); - let destination_handle = destination_pubkey.decrypt_handle(&zeroed_opening); - let auditor_handle = auditor_pubkey.decrypt_handle(&zeroed_opening); + let first_handle = first_pubkey.decrypt_handle(&zeroed_opening); + let second_handle = second_pubkey.decrypt_handle(&zeroed_opening); + let third_handle = third_pubkey.decrypt_handle(&zeroed_opening); let mut prover_transcript = Transcript::new(b"Test"); let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext3HandlesValidityProof::new( - source_pubkey, - destination_pubkey, - auditor_pubkey, + first_pubkey, + second_pubkey, + third_pubkey, amount, &opening, &mut prover_transcript, @@ -437,12 +433,12 @@ mod test { assert!(proof .verify( &commitment, - source_pubkey, - destination_pubkey, - auditor_pubkey, - &source_handle, - &destination_handle, - &auditor_handle, + first_pubkey, + second_pubkey, + third_pubkey, + &first_handle, + &second_handle, + &third_handle, &mut verifier_transcript, ) .is_ok()); diff --git a/zk-sdk/src/sigma_proofs/zero_ciphertext.rs b/zk-sdk/src/sigma_proofs/zero_ciphertext.rs index b995a51ce813b2..498758aaa9b295 100644 --- a/zk-sdk/src/sigma_proofs/zero_ciphertext.rs +++ b/zk-sdk/src/sigma_proofs/zero_ciphertext.rs @@ -188,30 +188,28 @@ mod test { #[test] fn test_zero_cipehrtext_proof_correctness() { - let source_keypair = ElGamalKeypair::new_rand(); + let keypair = ElGamalKeypair::new_rand(); let mut prover_transcript = Transcript::new(b"test"); let mut verifier_transcript = Transcript::new(b"test"); // general case: encryption of 0 - let elgamal_ciphertext = source_keypair.pubkey().encrypt(0_u64); - let proof = - ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); + let elgamal_ciphertext = keypair.pubkey().encrypt(0_u64); + let proof = ZeroCiphertextProof::new(&keypair, &elgamal_ciphertext, &mut prover_transcript); assert!(proof .verify( - source_keypair.pubkey(), + keypair.pubkey(), &elgamal_ciphertext, &mut verifier_transcript ) .is_ok()); // general case: encryption of > 0 - let elgamal_ciphertext = source_keypair.pubkey().encrypt(1_u64); - let proof = - ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); + let elgamal_ciphertext = keypair.pubkey().encrypt(1_u64); + let proof = ZeroCiphertextProof::new(&keypair, &elgamal_ciphertext, &mut prover_transcript); assert!(proof .verify( - source_keypair.pubkey(), + keypair.pubkey(), &elgamal_ciphertext, &mut verifier_transcript ) @@ -220,7 +218,7 @@ mod test { #[test] fn test_zero_ciphertext_proof_edge_cases() { - let source_keypair = ElGamalKeypair::new_rand(); + let keypair = ElGamalKeypair::new_rand(); let mut prover_transcript = Transcript::new(b"test"); let mut verifier_transcript = Transcript::new(b"test"); @@ -228,14 +226,10 @@ mod test { // all zero ciphertext should always be a valid encryption of 0 let ciphertext = ElGamalCiphertext::from_bytes(&[0u8; 64]).unwrap(); - let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&keypair, &ciphertext, &mut prover_transcript); assert!(proof - .verify( - source_keypair.pubkey(), - &ciphertext, - &mut verifier_transcript - ) + .verify(keypair.pubkey(), &ciphertext, &mut verifier_transcript) .is_ok()); // if only either commitment or handle is zero, the ciphertext is always invalid and proof @@ -244,7 +238,7 @@ mod test { let mut verifier_transcript = Transcript::new(b"test"); let zeroed_commitment = PedersenCommitment::from_bytes(&[0u8; 32]).unwrap(); - let handle = source_keypair + let handle = keypair .pubkey() .decrypt_handle(&PedersenOpening::new_rand()); @@ -253,14 +247,10 @@ mod test { handle, }; - let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&keypair, &ciphertext, &mut prover_transcript); assert!(proof - .verify( - source_keypair.pubkey(), - &ciphertext, - &mut verifier_transcript - ) + .verify(keypair.pubkey(), &ciphertext, &mut verifier_transcript) .is_err()); let mut prover_transcript = Transcript::new(b"test"); @@ -272,14 +262,10 @@ mod test { handle: DecryptHandle::from_bytes(&[0u8; 32]).unwrap(), }; - let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&keypair, &ciphertext, &mut prover_transcript); assert!(proof - .verify( - source_keypair.pubkey(), - &ciphertext, - &mut verifier_transcript - ) + .verify(keypair.pubkey(), &ciphertext, &mut verifier_transcript) .is_err()); // if public key is always zero, then the proof should always reject @@ -289,14 +275,10 @@ mod test { let public = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); let ciphertext = public.encrypt(0_u64); - let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&keypair, &ciphertext, &mut prover_transcript); assert!(proof - .verify( - source_keypair.pubkey(), - &ciphertext, - &mut verifier_transcript - ) + .verify(keypair.pubkey(), &ciphertext, &mut verifier_transcript) .is_err()); } }