From 6589d298df4512747f10dbbe2ecc7b2433ac7e9b Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Thu, 25 Jul 2024 19:50:24 +0200 Subject: [PATCH] Allow generator overwrite --- src/ietf.rs | 4 ++-- src/lib.rs | 24 +++++++++++++++++------- src/pedersen.rs | 6 +++--- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/ietf.rs b/src/ietf.rs index ccc3938..f97f50d 100644 --- a/src/ietf.rs +++ b/src/ietf.rs @@ -93,7 +93,7 @@ pub trait Verifier { impl Prover for Secret { fn prove(&self, input: Input, output: Output, ad: impl AsRef<[u8]>) -> Proof { let k = S::nonce(&self.scalar, input); - let k_b = (S::Affine::generator() * k).into_affine(); + let k_b = (S::generator() * k).into_affine(); let k_h = (input.0 * k).into_affine(); @@ -116,7 +116,7 @@ impl Verifier for Public { ) -> Result<(), Error> { let Proof { c, s } = proof; - let s_b = S::Affine::generator() * s; + let s_b = S::generator() * s; let c_y = self.0 * c; let u = (s_b - c_y).into_affine(); diff --git a/src/lib.rs b/src/lib.rs index 15134fb..9d4ed23 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -76,7 +76,7 @@ impl From for Error { /// /// Can be easily customized to implement more exotic VRF types by overwriting /// the default methods implementations. -pub trait Suite: Copy + Clone { +pub trait Suite: Copy { /// Suite identifier (aka `suite_string` in RFC-9381) const SUITE_ID: &'static [u8]; @@ -96,6 +96,9 @@ pub trait Suite: Copy + Clone { /// Used wherever an hash is required: nonce, challenge, MAC, etc. type Hasher: Digest; + /// Overarching codec. + /// + /// Used wherever we need to encode/decode points and scalars. type Codec: codec::Codec; /// Nonce generation as described by RFC-9381 section 5.4.2. @@ -144,6 +147,14 @@ pub trait Suite: Copy + Clone { fn point_to_hash(pt: &AffinePoint) -> HashOutput { utils::point_to_hash_rfc_9381::(pt) } + + /// Generator used through all the suite. + /// + /// Defaults to Arkworks provided generator. + #[inline(always)] + fn generator() -> AffinePoint { + Self::Affine::generator() + } } /// Secret key. @@ -197,8 +208,7 @@ impl ark_serialize::Valid for Secret { impl Secret { /// Construct a `Secret` from the given scalar. pub fn from_scalar(scalar: ScalarField) -> Self { - let public = S::Affine::generator() * scalar; - let public = Public(public.into_affine()); + let public = Public((S::generator() * scalar).into_affine()); Self { scalar, public } } @@ -211,7 +221,7 @@ impl Secret { Self::from_scalar(scalar) } - /// Construct an ephemeral `Secret` using some random generator. + /// Construct an ephemeral `Secret` using the provided randomness source. pub fn from_rand(rng: &mut impl ark_std::rand::RngCore) -> Self { let mut seed = [0u8; 32]; rng.fill_bytes(&mut seed); @@ -235,7 +245,7 @@ pub struct Public(pub AffinePoint); /// VRF input point generic over the cipher suite. #[derive(Debug, Clone, Copy, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)] -pub struct Input(pub S::Affine); +pub struct Input(pub AffinePoint); impl Input { /// Construct from [`Suite::data_to_point`]. @@ -251,11 +261,11 @@ impl Input { /// VRF output point generic over the cipher suite. #[derive(Debug, Clone, Copy, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)] -pub struct Output(pub S::Affine); +pub struct Output(pub AffinePoint); impl Output { /// Construct from inner affine point. - pub fn from(value: ::Affine) -> Self { + pub fn from(value: AffinePoint) -> Self { Output(value) } diff --git a/src/pedersen.rs b/src/pedersen.rs index e336bfa..3ec586f 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -55,9 +55,9 @@ impl Prover for Secret { let b = S::nonce(&kb, input); // Yb = x*G + b*B - let pk_blind = (S::Affine::generator() * self.scalar + S::BLINDING_BASE * b).into_affine(); + let pk_blind = (S::generator() * self.scalar + S::BLINDING_BASE * b).into_affine(); // R = k*G + kb*B - let r = (S::Affine::generator() * k + S::BLINDING_BASE * kb).into_affine(); + let r = (S::generator() * k + S::BLINDING_BASE * kb).into_affine(); // Ok = k*I let ok = (input.0 * k).into_affine(); @@ -105,7 +105,7 @@ impl Verifier for Public { } // R + c*Yb = s*G + sb*B - if *pk_blind * c + r != S::Affine::generator() * s + S::BLINDING_BASE * sb { + if *pk_blind * c + r != S::generator() * s + S::BLINDING_BASE * sb { return Err(Error::VerificationFailure); }