Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[zk-token-sdk] Grouped ElGamal ciphertext and validity proof #31853

Closed
samkim-crypto opened this issue May 29, 2023 · 0 comments
Closed

[zk-token-sdk] Grouped ElGamal ciphertext and validity proof #31853

samkim-crypto opened this issue May 29, 2023 · 0 comments
Labels
stale [bot only] Added to stale content; results in auto-close after a week.

Comments

@samkim-crypto
Copy link
Contributor

Problem

What remains in the zk token proof program is the ciphertext validity (and batched ciphertext validity) proof, which certifies that a variant of ElGamal ciphertext is well-formed.

The issue is that the ciphertext validity proof that is needed for the confidential transfer instruction is not a validity proof on the standard ElGamal ciphertext, which is an encryption of a message under a single ElGamal public key. Instead, the validity proof is on a "grouped" variant of ElGamal ciphertext where the message is encrypted under multiple ElGamal public keys at once.

We can add VerifyCiphertextValidity and VerifyBatchedCiphertextValidityProof in the proof program, but this may be confused as certifying validity on a regular ElGamal ciphertext. A more suitable name for these two proofs would be VerifyGroupedCiphertextValidity and VerifyBatchedGroupedCiphertextValidity.

We can go ahead and rename the implementation in #31816 as VerifyGroupedCiphertextValidity and VerifyBatchedGroupedCiphertextValidity, but a cleaner way would be to actually create a GroupedElGamalCiphertext type in the encryption module and define these proof instructions with respect to the GroupedElGamalCiphertext type.

Defining GroupedElGamalCiphertext would also help in simplifying/cleaning up the VerifyTransfer and VerifyTransferWithFee instruction data as the TransferAmountEncryption and FeeEncryption types can be defined with respect to GroupedElGamalCiphertext type.

Proposed Solution
@samkim-crypto samkim-crypto mentioned this issue May 29, 2023
Merged
@github-actions github-actions bot added the stale [bot only] Added to stale content; results in auto-close after a week. label May 28, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale [bot only] Added to stale content; results in auto-close after a week.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@samkim-crypto