diff --git a/src/ring.rs b/src/ring.rs index f8e6524..cf16676 100644 --- a/src/ring.rs +++ b/src/ring.rs @@ -11,26 +11,32 @@ pub mod prelude { #[cfg(feature = "parallel")] use rayon::prelude::*; +/// Ring suite. pub trait RingSuite: PedersenSuite { + /// Pairing type. type Pairing: ark_ec::pairing::Pairing>; + /// Complement point. const COMPLEMENT_POINT: AffinePoint; } -/// KZG Polynomial Commitment Scheme. -pub type Pcs = fflonk::pcs::kzg::KZG<::Pairing>; +/// Polinomial Commitment Scheme (KZG) +type Pcs = fflonk::pcs::kzg::KZG<::Pairing>; -/// KZG commitment. -pub type PcsCommitment = fflonk::pcs::kzg::commitment::KzgCommitment<::Pairing>; - -/// KZG setup parameters. +/// PCS setup parameters. /// /// Basically the powers of tau SRS. pub type PcsParams = fflonk::pcs::kzg::urs::URS<::Pairing>; -/// Ring proof application specific setup parameters. +/// Polynomial Interactive Oracle Proof (IOP) parameters. +/// +/// Basically all the application specific parameters required to construct and +/// verify the ring proof. pub type PiopParams = ring_proof::PiopParams, CurveConfig>; +/// Single PCS commitment. +pub type PcsCommitment = fflonk::pcs::kzg::commitment::KzgCommitment<::Pairing>; + /// Ring keys commitment. pub type RingCommitment = ring_proof::FixedColumnsCommitted, PcsCommitment>; @@ -48,10 +54,12 @@ pub type RingProver = ring_proof::ring_prover::RingProver, Pcs = ring_proof::ring_verifier::RingVerifier, Pcs, CurveConfig>; -/// Ring proof. +/// Actual ring proof. pub type RingProof = ring_proof::RingProof, Pcs>; -/// Ring proof. +/// Ring proof bundled together with a Pedersen proof. +/// +/// Pedersen proof is used to provide VRF capability. #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] pub struct Proof where @@ -201,20 +209,26 @@ where self.piop_params.keyset_part_size } - pub fn prover_key(&self, pks: &[AffinePoint]) -> ProverKey { + pub fn prover_key(&self, pks: &[AffinePoint]) -> Result, Error> { + if pks.len() > self.max_ring_size() { + return Err(Error::InvalidData); + } #[cfg(feature = "parallel")] let pks = pks.par_iter().map(|p| p.into_sw()).collect(); #[cfg(not(feature = "parallel"))] let pks = pks.iter().map(|p| p.into_sw()).collect(); - ring_proof::index(self.pcs_params.clone(), &self.piop_params, pks).0 + Ok(ring_proof::index(self.pcs_params.clone(), &self.piop_params, pks).0) } - pub fn verifier_key(&self, pks: &[AffinePoint]) -> VerifierKey { + pub fn verifier_key(&self, pks: &[AffinePoint]) -> Result, Error> { + if pks.len() > self.max_ring_size() { + return Err(Error::InvalidData); + } #[cfg(feature = "parallel")] let pks = pks.par_iter().map(|p| p.into_sw()).collect(); #[cfg(not(feature = "parallel"))] let pks = pks.iter().map(|p| p.into_sw()).collect(); - ring_proof::index(self.pcs_params.clone(), &self.piop_params, pks).1 + Ok(ring_proof::index(self.pcs_params.clone(), &self.piop_params, pks).1) } pub fn prover(&self, prover_key: ProverKey, key_index: usize) -> RingProver { diff --git a/src/testing.rs b/src/testing.rs index 9c8ed6b..5b19c71 100644 --- a/src/testing.rs +++ b/src/testing.rs @@ -94,11 +94,11 @@ where let mut pks = random_vec::>(ring_size, Some(rng)); pks[prover_idx] = public.0; - let prover_key = ring_ctx.prover_key(&pks); + let prover_key = ring_ctx.prover_key(&pks).unwrap(); let prover = ring_ctx.prover(prover_key, prover_idx); let proof = secret.prove(input, output, b"foo", &prover); - let verifier_key = ring_ctx.verifier_key(&pks); + let verifier_key = ring_ctx.verifier_key(&pks).unwrap(); let verifier = ring_ctx.verifier(verifier_key); let result = Public::verify(input, output, b"foo", &proof, &verifier); assert!(result.is_ok());