From 343682b0bb40af178d54093ddf9905c7d9792887 Mon Sep 17 00:00:00 2001 From: samkim-crypto Date: Wed, 1 May 2024 16:57:16 +0900 Subject: [PATCH 1/2] flatten out arguments for ciphertext validity proofs --- .../handles_2.rs | 52 +++++++++++------ .../grouped_ciphertext_validity/handles_2.rs | 56 ++++++++++++------- 2 files changed, 71 insertions(+), 37 deletions(-) diff --git a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs index 9cc9d3ae43b28f..38dc4be251e865 100644 --- a/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs @@ -48,9 +48,12 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { /// /// This function is randomized. It uses `OsRng` internally to generate random scalars. pub fn new>( - (destination_pubkey, auditor_pubkey): (&ElGamalPubkey, &ElGamalPubkey), - (amount_lo, amount_hi): (T, T), - (opening_lo, opening_hi): (&PedersenOpening, &PedersenOpening), + destination_pubkey: &ElGamalPubkey, + auditor_pubkey: &ElGamalPubkey, + amount_lo: T, + amount_hi: T, + opening_lo: &PedersenOpening, + opening_hi: &PedersenOpening, transcript: &mut Transcript, ) -> Self { transcript.batched_grouped_ciphertext_validity_proof_domain_separator(); @@ -61,7 +64,8 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { let batched_opening = opening_lo + &(opening_hi * &t); BatchedGroupedCiphertext2HandlesValidityProof(GroupedCiphertext2HandlesValidityProof::new( - (destination_pubkey, auditor_pubkey), + destination_pubkey, + auditor_pubkey, batched_message, &batched_opening, transcript, @@ -73,12 +77,17 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { /// The function does *not* hash the public keys, commitment, or decryption handles into the /// transcript. For security, the caller (the main protocol) should hash these public /// components prior to invoking this constructor. + #[allow(clippy::too_many_arguments)] pub fn verify( self, - (destination_pubkey, auditor_pubkey): (&ElGamalPubkey, &ElGamalPubkey), - (commitment_lo, commitment_hi): (&PedersenCommitment, &PedersenCommitment), - (destination_handle_lo, destination_handle_hi): (&DecryptHandle, &DecryptHandle), - (auditor_handle_lo, auditor_handle_hi): (&DecryptHandle, &DecryptHandle), + destination_pubkey: &ElGamalPubkey, + auditor_pubkey: &ElGamalPubkey, + commitment_lo: &PedersenCommitment, + commitment_hi: &PedersenCommitment, + destination_handle_lo: &DecryptHandle, + destination_handle_hi: &DecryptHandle, + auditor_handle_lo: &DecryptHandle, + auditor_handle_hi: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.batched_grouped_ciphertext_validity_proof_domain_separator(); @@ -93,8 +102,10 @@ impl BatchedGroupedCiphertext2HandlesValidityProof { validity_proof.verify( &batched_commitment, - (destination_pubkey, auditor_pubkey), - (&destination_batched_handle, &auditor_batched_handle), + destination_pubkey, + auditor_pubkey, + &destination_batched_handle, + &auditor_batched_handle, transcript, ) } @@ -139,18 +150,25 @@ mod test { let mut verifier_transcript = Transcript::new(b"Test"); let proof = BatchedGroupedCiphertext2HandlesValidityProof::new( - (destination_pubkey, auditor_pubkey), - (amount_lo, amount_hi), - (&open_lo, &open_hi), + destination_pubkey, + auditor_pubkey, + amount_lo, + amount_hi, + &open_lo, + &open_hi, &mut prover_transcript, ); assert!(proof .verify( - (destination_pubkey, auditor_pubkey), - (&commitment_lo, &commitment_hi), - (&destination_handle_lo, &destination_handle_hi), - (&auditor_handle_lo, &auditor_handle_hi), + destination_pubkey, + auditor_pubkey, + &commitment_lo, + &commitment_hi, + &destination_handle_lo, + &destination_handle_hi, + &auditor_handle_lo, + &auditor_handle_hi, &mut verifier_transcript, ) .is_ok()); diff --git a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs index 1c1a57997e4740..3c92f570f9cece 100644 --- a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs @@ -65,13 +65,14 @@ impl GroupedCiphertext2HandlesValidityProof { /// Note that the proof constructor does not take the actual Pedersen commitment or decryption /// handles as input; it only takes the associated Pedersen opening instead. /// - /// * `(destination_pubkey, auditor_pubkey)` - The ElGamal public keys associated with the decryption - /// handles + /// * `destination_pubkey` - The destination ElGamal public key + /// * `auditor` - The auditor ElGamal public key /// * `amount` - The committed message in the commitment /// * `opening` - The opening associated with the Pedersen commitment /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn new>( - (destination_pubkey, auditor_pubkey): (&ElGamalPubkey, &ElGamalPubkey), // TODO: rename auditor_pubkey + destination_pubkey: &ElGamalPubkey, + auditor_pubkey: &ElGamalPubkey, amount: T, opening: &PedersenOpening, transcript: &mut Transcript, @@ -120,15 +121,18 @@ impl GroupedCiphertext2HandlesValidityProof { /// Verifies a grouped ciphertext validity proof for 2 handles. /// /// * `commitment` - The Pedersen commitment - /// * `(destination_pubkey, auditor_pubkey)` - The ElGamal pubkeys associated with the decryption - /// handles - /// * `(destination_handle, auditor_handle)` - The decryption handles + /// * `destination_pubkey` - The destination ElGamal public key + /// * `auditor_pubkey` - The auditor ElGamal public key + /// * `destination_handle` - The destination decryption handle + /// * `auditor_handle` - The auditor decryption handle /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic pub fn verify( self, commitment: &PedersenCommitment, - (destination_pubkey, auditor_pubkey): (&ElGamalPubkey, &ElGamalPubkey), - (destination_handle, auditor_handle): (&DecryptHandle, &DecryptHandle), + destination_pubkey: &ElGamalPubkey, + auditor_pubkey: &ElGamalPubkey, + destination_handle: &DecryptHandle, + auditor_handle: &DecryptHandle, transcript: &mut Transcript, ) -> Result<(), ValidityProofVerificationError> { transcript.grouped_ciphertext_validity_proof_domain_separator(); @@ -255,7 +259,8 @@ mod test { let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - (destination_pubkey, auditor_pubkey), + destination_pubkey, + auditor_pubkey, amount, &opening, &mut prover_transcript, @@ -264,8 +269,10 @@ mod test { assert!(proof .verify( &commitment, - (destination_pubkey, auditor_pubkey), - (&destination_handle, &auditor_handle), + destination_pubkey, + auditor_pubkey, + &destination_handle, + &auditor_handle, &mut verifier_transcript, ) .is_ok()); @@ -289,7 +296,8 @@ mod test { let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - (&destination_pubkey, auditor_pubkey), + &destination_pubkey, + auditor_pubkey, amount, &opening, &mut prover_transcript, @@ -298,8 +306,10 @@ mod test { assert!(proof .verify( &commitment, - (&destination_pubkey, auditor_pubkey), - (&destination_handle, &auditor_handle), + &destination_pubkey, + auditor_pubkey, + &destination_handle, + &auditor_handle, &mut verifier_transcript, ) .is_err()); @@ -322,7 +332,8 @@ mod test { let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - (destination_pubkey, auditor_pubkey), + destination_pubkey, + auditor_pubkey, amount, &opening, &mut prover_transcript, @@ -331,8 +342,10 @@ mod test { assert!(proof .verify( &commitment, - (destination_pubkey, auditor_pubkey), - (&destination_handle, &auditor_handle), + destination_pubkey, + auditor_pubkey, + &destination_handle, + &auditor_handle, &mut verifier_transcript, ) .is_ok()); @@ -354,7 +367,8 @@ mod test { let mut verifier_transcript = Transcript::new(b"Test"); let proof = GroupedCiphertext2HandlesValidityProof::new( - (destination_pubkey, auditor_pubkey), + destination_pubkey, + auditor_pubkey, amount, &opening, &mut prover_transcript, @@ -363,8 +377,10 @@ mod test { assert!(proof .verify( &commitment, - (destination_pubkey, auditor_pubkey), - (&destination_handle, &auditor_handle), + destination_pubkey, + auditor_pubkey, + &destination_handle, + &auditor_handle, &mut verifier_transcript, ) .is_ok()); From 33676f117ba1d21c55d06b18b9c577e8a35d3fc6 Mon Sep 17 00:00:00 2001 From: samkim-crypto Date: Thu, 2 May 2024 11:34:32 +0900 Subject: [PATCH 2/2] Update zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs Co-authored-by: Jon C --- .../src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs index 3c92f570f9cece..7a0952b1f23a6d 100644 --- a/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs +++ b/zk-sdk/src/sigma_proofs/grouped_ciphertext_validity/handles_2.rs @@ -66,7 +66,7 @@ impl GroupedCiphertext2HandlesValidityProof { /// handles as input; it only takes the associated Pedersen opening instead. /// /// * `destination_pubkey` - The destination ElGamal public key - /// * `auditor` - The auditor ElGamal public key + /// * `auditor_pubkey` - The auditor ElGamal public key /// * `amount` - The committed message in the commitment /// * `opening` - The opening associated with the Pedersen commitment /// * `transcript` - The transcript that does the bookkeeping for the Fiat-Shamir heuristic