diff --git a/Cargo.toml b/Cargo.toml index 0fb90ad..988519e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,23 +11,19 @@ ark-ec = { version = "0.4", default-features = false } ark-ff = { version = "0.4", default-features = false } ark-std = { version = "0.4", default-features = false } ark-serialize = { version = "0.4", default-features = false } -rand_core = { version = "0.6", default-features = false, optional = true } +zeroize = { version = "1.8", default-features = false } +digest = { version = "0.10", default-features = false } +sha2 = { version = "0.10", default-features = false } rand_chacha = { version = "0.3", default-features = false } rayon = { version = "1.10", default-features = false, optional = true } -zeroize = { version = "1.8", default-features = false } hmac = {version = "0.12", default-features = false, optional = true } -digest = { version = "0.10", default-features = false } -merlin = { version = "3.0", default-features = false, optional = true } +# Waiting for crates.io +ring-proof = { package = "ring", git = "https://github.com/davxy/ring-proof", branch = "extended", default-features = false, optional = true } # Curves ark-secp256r1 = { version = "0.4.0", default-features = false, optional = true } ark-ed25519 = { version = "0.4.0", default-features = false, optional = true } ark-ed-on-bls12-381-bandersnatch = { version = "0.4.0", default-features = false, optional = true } ark-bls12-381 = { version = "0.4.0", default-features = false, optional = true } -# Hashing -sha2 = { version = "0.10", default-features = false } -# Ring VRF (waiting for crates.io) -fflonk = { git = "https://github.com/w3f/fflonk", default-features = false, optional = true } -ring-proof = { package = "ring", git = "https://github.com/davxy/ring-proof", branch = "extended", default-features = false, optional = true } [dev-dependencies] ark-ed25519 = "0.4" @@ -39,48 +35,44 @@ indexmap = { version = "2.2.6", features = ["serde"] } [features] default = [ "std" ] std = [ - "getrandom", "ark-std/std", + "ark-std/getrandom", "ark-ec/std", - "rand_core/std", - "fflonk/std", "ring-proof/std", ] -getrandom = [ - "rand_core", - "ark-std/getrandom" -] -curves = [ - "secp256r1", - "ed25519", - "bandersnatch", -] secp256r1 = [ "ark-secp256r1", "rfc-6979", ] ed25519 = [ "ark-ed25519" ] bandersnatch = [ "ark-ed-on-bls12-381-bandersnatch" ] -parallel = [ - "ark-ec/parallel", - "ark-ff/parallel", - "ark-std/parallel", - "ring-proof?/parallel", - "fflonk?/parallel", - "rayon", -] ring = [ "bandersnatch", - "fflonk", "ring-proof", "ark-bls12-381/curve", - "merlin", ] rfc-6979 = [ "hmac" ] full = [ - "curves", + "secp256r1", + "ed25519", + "bandersnatch", "ring", ] + +# Optimizations +parallel = [ + "ark-ec/parallel", + "ark-ff/parallel", + "ark-std/parallel", + "ring-proof?/parallel", + "rayon", +] +asm = [ + "ark-ff/asm", + "ring-proof?/asm" +] + +# Deterministic ring-proof (unsafe) test-vectors = [ "ring-proof?/test-vectors" ] diff --git a/src/lib.rs b/src/lib.rs index 0c760fa..15134fb 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -211,12 +211,10 @@ impl Secret { Self::from_scalar(scalar) } - /// Construct an ephemeral `Secret` using system randomness. - #[cfg(feature = "getrandom")] - pub fn ephemeral() -> Self { - use rand_core::RngCore; + /// Construct an ephemeral `Secret` using some random generator. + pub fn from_rand(rng: &mut impl ark_std::rand::RngCore) -> Self { let mut seed = [0u8; 32]; - rand_core::OsRng.fill_bytes(&mut seed); + rng.fill_bytes(&mut seed); Self::from_seed(&seed) } diff --git a/src/ring.rs b/src/ring.rs index 747e507..a3836b7 100644 --- a/src/ring.rs +++ b/src/ring.rs @@ -3,11 +3,6 @@ use crate::*; use ark_ec::short_weierstrass::SWCurveConfig; use pedersen::{PedersenSuite, Proof as PedersenProof}; -pub mod prelude { - pub use fflonk; - pub use ring_proof; -} - /// Ring suite. pub trait RingSuite: PedersenSuite { /// Pairing type. @@ -18,21 +13,21 @@ pub trait RingSuite: PedersenSuite { } /// Polinomial Commitment Scheme (KZG) -type Pcs = fflonk::pcs::kzg::KZG<::Pairing>; +type Pcs = ring_proof::pcs::kzg::KZG<::Pairing>; + +/// Single PCS commitment. +type PcsCommitment = ring_proof::pcs::kzg::commitment::KzgCommitment<::Pairing>; -/// PCS setup parameters. +/// KZG "Polynomial Commitment Scheme" (PCS) parameters. /// -/// Basically the powers of tau SRS. -pub type PcsParams = fflonk::pcs::kzg::urs::URS<::Pairing>; +/// Basically powers of tau SRS. +pub type PcsParams = ring_proof::pcs::kzg::urs::URS<::Pairing>; -/// Polynomial Interactive Oracle Proof (IOP) parameters. +/// Polynomial "Interactive Oracle Proof" (IOP) parameters. /// /// Basically all the application specific parameters required to construct and /// verify the ring proof. -pub type PiopParams = ring_proof::PiopParams, CurveConfig>; - -/// Single PCS commitment. -pub type PcsCommitment = fflonk::pcs::kzg::commitment::KzgCommitment<::Pairing>; +type PiopParams = ring_proof::PiopParams, CurveConfig>; /// Ring keys commitment. pub type RingCommitment = ring_proof::FixedColumnsCommitted, PcsCommitment>; @@ -149,8 +144,8 @@ where BaseField: ark_ff::PrimeField, CurveConfig: SWCurveConfig + Clone, { - pub pcs_params: PcsParams, - pub piop_params: PiopParams, + pcs_params: PcsParams, + piop_params: PiopParams, } #[inline(always)] @@ -170,12 +165,12 @@ where pub fn from_seed(ring_size: usize, seed: [u8; 32]) -> Self { use ark_std::rand::SeedableRng; let mut rng = rand_chacha::ChaCha20Rng::from_seed(seed); - Self::new_random(ring_size, &mut rng) + Self::from_rand(ring_size, &mut rng) } /// Construct a new random ring context suitable for the given ring size. - pub fn new_random(ring_size: usize, rng: &mut R) -> Self { - use fflonk::pcs::PCS; + pub fn from_rand(ring_size: usize, rng: &mut impl ark_std::rand::RngCore) -> Self { + use ring_proof::pcs::PCS; let domain_size = domain_size(ring_size); let pcs_params = Pcs::::setup(3 * domain_size, rng); Self::from_srs(ring_size, pcs_params).expect("PCS params is correct") @@ -217,6 +212,19 @@ where ring_proof::index(&self.pcs_params, &self.piop_params, &pks).0 } + /// Construct `RingProver` from `ProverKey` for the prover implied by `key_index`. + /// + /// Key index is the prover index within the `pks` sequence passed to construct the + /// `ProverKey` via the `prover_key` method. + pub fn prover(&self, prover_key: ProverKey, key_index: usize) -> RingProver { + RingProver::::init( + prover_key, + self.piop_params.clone(), + key_index, + ring_proof::Transcript::new(b""), + ) + } + /// Construct a `VerifierKey` instance for the given ring. /// /// Note: if `pks.len() > self.max_ring_size()` the extra keys in the tail are ignored. @@ -225,20 +233,23 @@ where ring_proof::index(&self.pcs_params, &self.piop_params, &pks).1 } - pub fn prover(&self, prover_key: ProverKey, key_index: usize) -> RingProver { - RingProver::::init( - prover_key, - self.piop_params.clone(), - key_index, - merlin::Transcript::new(b""), - ) + /// Construct `VerifierKey` instance for the ring previously committed. + /// + /// The `RingCommitment` instance can be obtained via the `VerifierKey::commitment()` method. + /// + /// This allows to quickly reconstruct the verifier key without having to recompute the + /// keys commitment. + pub fn verifier_key_from_commitment(&self, commitment: RingCommitment) -> VerifierKey { + use ring_proof::pcs::PcsParams; + VerifierKey::::from_commitment_and_kzg_vk(commitment, self.pcs_params.raw_vk()) } + /// Construct `RingVerifier` from `VerifierKey`. pub fn verifier(&self, verifier_key: VerifierKey) -> RingVerifier { RingVerifier::::init( verifier_key, self.piop_params.clone(), - merlin::Transcript::new(b""), + ring_proof::Transcript::new(b""), ) } } diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs index 1b7268e..889824f 100644 --- a/src/suites/bandersnatch.rs +++ b/src/suites/bandersnatch.rs @@ -89,6 +89,7 @@ pub mod weierstrass { pub type PcsParams = ring_suite::PcsParams; pub type RingContext = ring_suite::RingContext; + pub type RingCommitment = ring_suite::RingCommitment; pub type VerifierKey = ring_suite::VerifierKey; pub type RingProver = ring_suite::RingProver; pub type RingVerifier = ring_suite::RingVerifier; @@ -177,6 +178,7 @@ pub mod edwards { pub type PcsParams = ring_suite::PcsParams; pub type RingContext = ring_suite::RingContext; + pub type RingCommitment = ring_suite::RingCommitment; pub type VerifierKey = ring_suite::VerifierKey; pub type RingProver = ring_suite::RingProver; pub type RingVerifier = ring_suite::RingVerifier; diff --git a/src/testing.rs b/src/testing.rs index 489db3a..f10a37c 100644 --- a/src/testing.rs +++ b/src/testing.rs @@ -81,7 +81,7 @@ where use ring::{Prover, RingContext, Verifier}; let rng = &mut ark_std::test_rng(); - let ring_ctx = RingContext::::new_random(512, rng); + let ring_ctx = RingContext::::from_rand(512, rng); let secret = Secret::::from_seed(TEST_SEED); let public = secret.public();