diff --git a/zk-sdk/src/sigma_proofs/errors.rs b/zk-sdk/src/sigma_proofs/errors.rs index 1ce28b01bf85a8..3d4783ff8ce7e5 100644 --- a/zk-sdk/src/sigma_proofs/errors.rs +++ b/zk-sdk/src/sigma_proofs/errors.rs @@ -34,9 +34,9 @@ pub struct ValidityProofVerificationError(#[from] pub(crate) SigmaProofVerificat impl_from_transcript_error!(ValidityProofVerificationError); #[derive(Error, Clone, Debug, Eq, PartialEq)] -#[error("zero-balance proof verification failed: {0}")] -pub struct ZeroBalanceProofVerificationError(#[from] pub(crate) SigmaProofVerificationError); -impl_from_transcript_error!(ZeroBalanceProofVerificationError); +#[error("zero-ciphertext proof verification failed: {0}")] +pub struct ZeroCiphertextProofVerificationError(#[from] pub(crate) SigmaProofVerificationError); +impl_from_transcript_error!(ZeroCiphertextProofVerificationError); #[derive(Error, Clone, Debug, Eq, PartialEq)] #[error("fee sigma proof verification failed: {0}")] diff --git a/zk-sdk/src/sigma_proofs/mod.rs b/zk-sdk/src/sigma_proofs/mod.rs index 343b1583ac7a3e..99ab734b22a03a 100644 --- a/zk-sdk/src/sigma_proofs/mod.rs +++ b/zk-sdk/src/sigma_proofs/mod.rs @@ -15,7 +15,7 @@ pub mod ciphertext_commitment_equality; pub mod fee; pub mod grouped_ciphertext_validity; pub mod pubkey; -pub mod zero_balance; +pub mod zero_ciphertext; use { crate::{sigma_proofs::errors::SigmaProofVerificationError, RISTRETTO_POINT_LEN, SCALAR_LEN}, diff --git a/zk-sdk/src/sigma_proofs/zero_balance.rs b/zk-sdk/src/sigma_proofs/zero_ciphertext.rs similarity index 86% rename from zk-sdk/src/sigma_proofs/zero_balance.rs rename to zk-sdk/src/sigma_proofs/zero_ciphertext.rs index 3585978c76c1df..28c64bded3c3d3 100644 --- a/zk-sdk/src/sigma_proofs/zero_balance.rs +++ b/zk-sdk/src/sigma_proofs/zero_ciphertext.rs @@ -1,4 +1,4 @@ -//! The zero-balance sigma proof system. +//! The zero-ciphertext sigma proof system. //! //! The protocol guarantees computationally soundness (by the hardness of discrete log) and perfect //! zero-knowledge in the random oracle model. @@ -19,7 +19,7 @@ use { }; use { crate::{ - sigma_proofs::errors::{SigmaProofVerificationError, ZeroBalanceProofVerificationError}, + sigma_proofs::errors::{SigmaProofVerificationError, ZeroCiphertextProofVerificationError}, transcript::TranscriptProtocol, }, curve25519_dalek::{ @@ -30,15 +30,15 @@ use { merlin::Transcript, }; -/// Byte length of a zero-balance proof. -const ZERO_BALANCE_PROOF_LEN: usize = UNIT_LEN * 3; +/// Byte length of a zero-ciphertext proof. +const ZERO_CIPHERTEXT_PROOF_LEN: usize = UNIT_LEN * 3; -/// Zero-balance proof. +/// Zero-ciphertext proof. /// /// Contains all the elliptic curve and scalar components that make up the sigma protocol. #[allow(non_snake_case)] #[derive(Clone)] -pub struct ZeroBalanceProof { +pub struct ZeroCiphertextProof { Y_P: CompressedRistretto, Y_D: CompressedRistretto, z: Scalar, @@ -46,8 +46,8 @@ pub struct ZeroBalanceProof { #[allow(non_snake_case)] #[cfg(not(target_os = "solana"))] -impl ZeroBalanceProof { - /// Creates a zero-balance proof. +impl ZeroCiphertextProof { + /// Creates a zero-ciphertext proof. /// /// The function does *not* hash the public key and ciphertext into the transcript. For /// security, the caller (the main protocol) should hash these public components prior to @@ -94,7 +94,7 @@ impl ZeroBalanceProof { Self { Y_P, Y_D, z } } - /// Verifies a zero-balance proof. + /// Verifies a zero-ciphertext proof. /// /// * `elgamal_pubkey` - The ElGamal pubkey associated with the ciphertext to be proved /// * `ciphertext` - The main ElGamal ciphertext to be proved @@ -104,7 +104,7 @@ impl ZeroBalanceProof { elgamal_pubkey: &ElGamalPubkey, ciphertext: &ElGamalCiphertext, transcript: &mut Transcript, - ) -> Result<(), ZeroBalanceProofVerificationError> { + ) -> Result<(), ZeroCiphertextProofVerificationError> { transcript.zero_balance_proof_domain_separator(); // extract the relevant scalar and Ristretto points from the input @@ -158,8 +158,8 @@ impl ZeroBalanceProof { } } - pub fn to_bytes(&self) -> [u8; ZERO_BALANCE_PROOF_LEN] { - let mut buf = [0_u8; ZERO_BALANCE_PROOF_LEN]; + pub fn to_bytes(&self) -> [u8; ZERO_CIPHERTEXT_PROOF_LEN] { + let mut buf = [0_u8; ZERO_CIPHERTEXT_PROOF_LEN]; let mut chunks = buf.chunks_mut(UNIT_LEN); chunks.next().unwrap().copy_from_slice(self.Y_P.as_bytes()); chunks.next().unwrap().copy_from_slice(self.Y_D.as_bytes()); @@ -167,12 +167,12 @@ impl ZeroBalanceProof { buf } - pub fn from_bytes(bytes: &[u8]) -> Result { + pub fn from_bytes(bytes: &[u8]) -> Result { let mut chunks = bytes.chunks(UNIT_LEN); let Y_P = ristretto_point_from_optional_slice(chunks.next())?; let Y_D = ristretto_point_from_optional_slice(chunks.next())?; let z = canonical_scalar_from_optional_slice(chunks.next())?; - Ok(ZeroBalanceProof { Y_P, Y_D, z }) + Ok(ZeroCiphertextProof { Y_P, Y_D, z }) } } @@ -187,7 +187,7 @@ mod test { }; #[test] - fn test_zero_balance_proof_correctness() { + fn test_zero_cipehrtext_proof_correctness() { let source_keypair = ElGamalKeypair::new_rand(); let mut prover_transcript = Transcript::new(b"test"); @@ -196,7 +196,7 @@ mod test { // general case: encryption of 0 let elgamal_ciphertext = source_keypair.pubkey().encrypt(0_u64); let proof = - ZeroBalanceProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); + ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); assert!(proof .verify( source_keypair.pubkey(), @@ -208,7 +208,7 @@ mod test { // general case: encryption of > 0 let elgamal_ciphertext = source_keypair.pubkey().encrypt(1_u64); let proof = - ZeroBalanceProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); + ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript); assert!(proof .verify( source_keypair.pubkey(), @@ -219,7 +219,7 @@ mod test { } #[test] - fn test_zero_balance_proof_edge_cases() { + fn test_zero_ciphertext_proof_edge_cases() { let source_keypair = ElGamalKeypair::new_rand(); let mut prover_transcript = Transcript::new(b"test"); @@ -228,7 +228,7 @@ mod test { // all zero ciphertext should always be a valid encryption of 0 let ciphertext = ElGamalCiphertext::from_bytes(&[0u8; 64]).unwrap(); - let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); assert!(proof .verify( @@ -253,7 +253,7 @@ mod test { handle, }; - let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); assert!(proof .verify( @@ -272,7 +272,7 @@ mod test { handle: DecryptHandle::from_bytes(&[0u8; 32]).unwrap(), }; - let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); assert!(proof .verify( @@ -289,7 +289,7 @@ mod test { let public = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap(); let ciphertext = public.encrypt(0_u64); - let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript); + let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript); assert!(proof .verify(