feat: new protocol for zk discrete log with El-Gamal commitment #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manel1874
reviewed
Jan 9, 2025
| //! | ||
| //! //! ## Description | ||
| //! | ||
| //! A party P has `L = g * lambda`, `M = (g * y) (X * lambda)`, and `Y = h * y`, |
There was a problem hiding this comment.
Suggested change
| //! A party P has `L = g * lambda`, `M = (g * y) (X * lambda)`, and `Y = h * y`, | |
| //! A party P has `L = g ^ lambda`, `M = (g ^ y) * (X ^ lambda)`, and `Y = h ^ y`, |
manel1874
reviewed
Jan 9, 2025
Comment on lines
+7
to
+8
| //! with g being a generator of curve `E`, h is a point of the curve | ||
| //! and X is a public key (and a point of the curve). |
There was a problem hiding this comment.
Suggested change
| //! with g being a generator of curve `E`, h is a point of the curve | |
| //! and X is a public key (and a point of the curve). | |
| //! with g being a generator of curve `E`, h is a point on the curve | |
| //! and X is a public key (and a point on the curve). |
manel1874
reviewed
Jan 9, 2025
| //! | ||
| //! Given: | ||
| //! - Curve `E` | ||
| //! - `X` - public key, point of the curve |
There was a problem hiding this comment.
Suggested change
| //! - `X` - public key, point of the curve | |
| //! - `X` - public key, point on the curve |
manel1874
reviewed
Jan 9, 2025
| //! Given: | ||
| //! - Curve `E` | ||
| //! - `X` - public key, point of the curve | ||
| //! - `L = g * lambda`, `M = (g * y) (X * lambda)`, and `Y = h * y` - data to obtain proof about |
There was a problem hiding this comment.
Suggested change
| //! - `L = g * lambda`, `M = (g * y) (X * lambda)`, and `Y = h * y` - data to obtain proof about | |
| //! - `L = g * lambda`, `M = (g ^ y) * (X ^ lambda)`, and `Y = h ^ y` - data to obtain proof about |
manel1874
reviewed
Jan 9, 2025
| //! - `L = g * lambda`, `M = (g * y) (X * lambda)`, and `Y = h * y` - data to obtain proof about | ||
| //! | ||
| //! Prove: | ||
| //! - `logarithm base h of Y= lambda` |
There was a problem hiding this comment.
Suggested change
| //! - `logarithm base h of Y= lambda` | |
| //! - `logarithm base h of Y= y` |
Right?
manel1874
reviewed
Jan 9, 2025
| //! | ||
| //! // 1. Setup: prover prepares the public key X | ||
| //! | ||
| //! // X in paper is a point of the Curve E |
There was a problem hiding this comment.
Suggested change
| //! // X in paper is a point of the Curve E | |
| //! // X in paper is a point on the Curve E |
manel1874
reviewed
Jan 9, 2025
| //! // X in paper is a point of the Curve E | ||
| //! let x = Point::<E>::generator() * Scalar::random(&mut rng); | ||
| //! | ||
| //! // h in paper is a point of the Curve E |
There was a problem hiding this comment.
Suggested change
| //! // h in paper is a point of the Curve E | |
| //! // h in paper is a point on the Curve E |
manel1874
reviewed
Jan 9, 2025
Comment on lines
+60
to
+72
| //! // y in paper | ||
| //! let y = Integer::from_rng_pm(&security.q,&mut rng); | ||
| //! // lambda in paper | ||
| //! let lambda = Integer::from_rng_pm(&security.q,&mut rng); | ||
| //! | ||
| //! // 3. Setup: prover encrypts everything on correct keys | ||
| //! | ||
| //! // L in paper | ||
| //! let l = Point::<C>::generator() * lambda.to_scalar(); | ||
| //! // M in paper | ||
| //! let m = Point::<C>::generator() * y.to_scalar() + x * lambda.to_scalar(); | ||
| //! // Y in paper | ||
| //! let h_to_y = h * y.to_scalar(); |
There was a problem hiding this comment.
Suggested change
| //! // y in paper | |
| //! let y = Integer::from_rng_pm(&security.q,&mut rng); | |
| //! // lambda in paper | |
| //! let lambda = Integer::from_rng_pm(&security.q,&mut rng); | |
| //! | |
| //! // 3. Setup: prover encrypts everything on correct keys | |
| //! | |
| //! // L in paper | |
| //! let l = Point::<C>::generator() * lambda.to_scalar(); | |
| //! // M in paper | |
| //! let m = Point::<C>::generator() * y.to_scalar() + x * lambda.to_scalar(); | |
| //! // Y in paper | |
| //! let h_to_y = h * y.to_scalar(); | |
| //! // y in paper | |
| //! let plaintext_y = Integer::from_rng_pm(&security.q,&mut rng); | |
| //! // lambda in paper | |
| //! let plaintext_lambda = Integer::from_rng_pm(&security.q,&mut rng); | |
| //! | |
| //! // 3. Setup: prover encrypts everything on correct keys | |
| //! | |
| //! // L in paper | |
| //! let ciphertext_l = Point::<C>::generator() * plaintext_lambda.to_scalar(); | |
| //! // M in paper | |
| //! let ciphertext_m = Point::<C>::generator() * plaintext_y.to_scalar() + x * plaintext_lambda.to_scalar(); | |
| //! // Y in paper | |
| //! let ciphertext_h_to_y = h * plaintext_y.to_scalar(); |
manel1874
reviewed
Jan 9, 2025
| //! // and lambda are the same | ||
| //! | ||
| //! let data = p::Data { | ||
| //! key0: &key0, |
There was a problem hiding this comment.
Suggested change
| //! key0: &key0, |
I don't believe we are using a key0.
manel1874
reviewed
Jan 9, 2025
Comment on lines
+79
to
+82
| //! l: &l, | ||
| //! m: &m, | ||
| //! x: &x, | ||
| //! h_to_y: &h_to_y, |
There was a problem hiding this comment.
Suggested change
| //! l: &l, | |
| //! m: &m, | |
| //! x: &x, | |
| //! h_to_y: &h_to_y, | |
| //! l: &ciphertext_l, | |
| //! m: &ciphertext_m, | |
| //! x: &x, | |
| //! h_to_y: &ciphertext_h_to_y, |
manel1874
reviewed
Jan 9, 2025
Comment on lines
+86
to
+87
| //! y: &y, | ||
| //! lambda: &lambda, |
There was a problem hiding this comment.
Suggested change
| //! y: &y, | |
| //! lambda: &lambda, | |
| //! y: &plaintext_y, | |
| //! lambda: &plaintext_lambda, |
manel1874
reviewed
Jan 9, 2025
| pub lambda: &'a Integer, | ||
| } | ||
|
|
||
| // As described in cggmp21 at page 35 |
There was a problem hiding this comment.
Suggested change
| // As described in cggmp21 at page 35 | |
| // As described in cggmp24 at page 57 |
manel1874
reviewed
Jan 9, 2025
| #[cfg_attr(feature = "serde", derive(Serialize, Deserialize), serde(bound = ""))] | ||
| pub struct Commitment<C: Curve> { | ||
| pub a: Point<C>, | ||
| pub cap_n: Point<C>, |
There was a problem hiding this comment.
cap_n stands for capital n? Why are the others (a, b) not following the same naming?
manel1874
reviewed
Jan 9, 2025
| let alpha = Integer::gen_invertible(&Integer::curve_order::<C>(), &mut rng); | ||
| let m = Integer::gen_invertible(&Integer::curve_order::<C>(), &mut rng); | ||
|
|
||
|
|
manel1874
reviewed
Jan 9, 2025
|
|
||
|
|
||
| let a= Point::<C>::generator() * alpha.to_scalar(); | ||
| let enne= Point::<C>::generator() * m.to_scalar() + data.x * alpha.to_scalar(); |
manel1874
reviewed
Jan 9, 2025
| challenge: &Challenge, | ||
| proof: &Proof, | ||
| ) -> Result<(), InvalidProof> { | ||
| // Three equality checks and two range checks |
There was a problem hiding this comment.
Suggested change
| // Three equality checks and two range checks | |
| // Three equality checks |
manel1874
reviewed
Jan 9, 2025
| let security = super::SecurityParams { | ||
| q: (Integer::ONE << 128_u32).into(), | ||
| }; | ||
| let y = Integer::from_rng_pm(&security.q,&mut rng); |
There was a problem hiding this comment.
Suggested change
| let y = Integer::from_rng_pm(&security.q,&mut rng); | |
| let y = Integer::from_rng_pm(&security.q,&mut rng); |
manel1874
reviewed
Jan 9, 2025
| let security = super::SecurityParams { | ||
| q: (Integer::ONE << 128_u32).into(), | ||
| }; | ||
| let y = Integer::from_rng_pm(&security.q,&mut rng); |
There was a problem hiding this comment.
Suggested change
| let y = Integer::from_rng_pm(&security.q,&mut rng); | |
| let y = Integer::from_rng_pm(&security.q, &mut rng); |
manel1874
reviewed
Jan 9, 2025
Comment on lines
+417
to
+418
| let lambda = Integer::from_rng_pm(&security.q,&mut rng); | ||
| let false_lambda = Integer::from_rng_pm(&security.q,&mut rng); |
There was a problem hiding this comment.
Suggested change
| let lambda = Integer::from_rng_pm(&security.q,&mut rng); | |
| let false_lambda = Integer::from_rng_pm(&security.q,&mut rng); | |
| let lambda = Integer::from_rng_pm(&security.q, &mut rng); | |
| let false_lambda = Integer::from_rng_pm(&security.q, &mut rng); |
manel1874
reviewed
Jan 9, 2025
Comment on lines
+451
to
+453
| let y = Integer::from_rng_pm(&security.q,&mut rng); | ||
| let lambda = Integer::from_rng_pm(&security.q,&mut rng); | ||
| let false_y = Integer::from_rng_pm(&security.q,&mut rng); |
There was a problem hiding this comment.
Suggested change
| let y = Integer::from_rng_pm(&security.q,&mut rng); | |
| let lambda = Integer::from_rng_pm(&security.q,&mut rng); | |
| let false_y = Integer::from_rng_pm(&security.q,&mut rng); | |
| let y = Integer::from_rng_pm(&security.q, &mut rng); | |
| let lambda = Integer::from_rng_pm(&security.q, &mut rng); | |
| let false_y = Integer::from_rng_pm(&security.q, &mut rng); |
manel1874
approved these changes
Jan 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.