From a2435dd22fb2e1da8db8fd24255396a9bca41a96 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Sun, 11 Aug 2024 18:20:47 +0200 Subject: [PATCH] Fix bandersnatch test without ring --- Cargo.toml | 1 - src/pedersen.rs | 1 + src/ring.rs | 27 ++++++++++++++++----------- src/suites/bandersnatch.rs | 18 +++++++++++++----- src/testing.rs | 2 +- 5 files changed, 31 insertions(+), 18 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index da4fbdb..365b241 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,7 +50,6 @@ secp256r1 = [ ed25519 = [ "ark-ed25519" ] bandersnatch = [ "ark-ed-on-bls12-381-bandersnatch" ] ring = [ - "bandersnatch", "ring-proof", "ark-bls12-381/curve", ] diff --git a/src/pedersen.rs b/src/pedersen.rs index 69587e0..b76ffcb 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -2,6 +2,7 @@ use crate::ietf::IetfSuite; use crate::*; pub trait PedersenSuite: IetfSuite { + /// Blinding base. const BLINDING_BASE: AffinePoint; /// Pedersen blinding factor. diff --git a/src/ring.rs b/src/ring.rs index 4bab7dc..e5a629c 100644 --- a/src/ring.rs +++ b/src/ring.rs @@ -8,8 +8,11 @@ pub trait RingSuite: PedersenSuite { /// Pairing type. type Pairing: ark_ec::pairing::Pairing>; - /// Complement point. - const COMPLEMENT_POINT: AffinePoint; + /// Accumulator base. + /// + /// In order for the ring-proof backend to work correctly, this is required to be + /// in the prime order subgroup. + const ACCUMULATOR_BASE: AffinePoint; } /// Polinomial Commitment Scheme (KZG) @@ -189,7 +192,7 @@ where let piop_params = PiopParams::::setup( ring_proof::Domain::new(domain_size, true), S::BLINDING_BASE.into_sw(), - S::COMPLEMENT_POINT.into_sw(), + S::ACCUMULATOR_BASE.into_sw(), ); Ok(Self { @@ -313,6 +316,7 @@ pub(crate) mod testing { pub const TEST_RING_SIZE: usize = 8; + #[allow(unused)] pub fn prove_verify() where BaseField: ark_ff::PrimeField, @@ -343,34 +347,35 @@ pub(crate) mod testing { assert!(result.is_ok()); } - pub fn check_complement_point() + /// Check that complement point is not in the prime subgroup. + /// + /// This is a requirement for the correct working of ring-proof backend. + #[allow(unused)] + pub fn check_accumulator_base() where BaseField: ark_ff::PrimeField, CurveConfig: ark_ec::short_weierstrass::SWCurveConfig + Clone, AffinePoint: utils::te_sw_map::SWMapping>, { use utils::te_sw_map::SWMapping; - let pt = S::COMPLEMENT_POINT.into_sw(); + let pt = S::ACCUMULATOR_BASE.into_sw(); assert!(pt.is_on_curve()); assert!(!pt.is_in_correct_subgroup_assuming_on_curve()); } #[macro_export] macro_rules! ring_suite_tests { - ($suite:ident, true) => { - #[cfg(feature = "ring")] + ($suite:ident) => { #[test] fn ring_prove_verify() { $crate::ring::testing::prove_verify::<$suite>() } - #[cfg(feature = "ring")] #[test] - fn check_complement_point() { - $crate::ring::testing::check_complement_point::<$suite>() + fn check_accumulator_base() { + $crate::ring::testing::check_accumulator_base::<$suite>() } }; - ($suite:ident, false) => {}; } pub trait RingSuiteExt: RingSuite diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs index 239f82f..85b3724 100644 --- a/src/suites/bandersnatch.rs +++ b/src/suites/bandersnatch.rs @@ -101,7 +101,7 @@ pub mod weierstrass { /// A point on the curve not belonging to the prime order subgroup. /// /// Found using `ring_proof::find_complement_point::()` function. - const COMPLEMENT_POINT: AffinePoint = { + const ACCUMULATOR_BASE: AffinePoint = { const X: BaseField = MontFp!("0"); const Y: BaseField = MontFp!( "11982629110561008531870698410380659621661946968466267969586599013782997959645" @@ -113,8 +113,11 @@ pub mod weierstrass { #[cfg(feature = "ring")] pub use ring_defs::*; + #[cfg(all(test, feature = "ring"))] + ring_suite_tests!(BandersnatchSha512Tai); + #[cfg(test)] - suite_tests!(BandersnatchSha512Tai, true); + suite_tests!(BandersnatchSha512Tai); } pub mod edwards { @@ -143,7 +146,7 @@ pub mod edwards { } impl PedersenSuite for BandersnatchSha512Ell2 { - /// Found mapping the `BLINDING_BASE` of `weierstrass` module using the `utils::map_sw_to_te` + /// Found mapping `BLINDING_BASE` of `weierstrass` module using the `utils::map_sw_to_te` const BLINDING_BASE: AffinePoint = { const X: BaseField = MontFp!( "14576224270591906826192118712803723445031237947873156025406837473427562701854" @@ -190,7 +193,7 @@ pub mod edwards { /// A point on the curve not belonging to the prime order subgroup. /// /// Found mapping the `COMPLEMENT_POINT` of `weierstrass` module using the `utils::map_sw_to_te` - const COMPLEMENT_POINT: AffinePoint = { + const ACCUMULATOR_BASE: AffinePoint = { const X: BaseField = MontFp!( "3955725774225903122339172568337849452553276548604445833196164961773358506589" ); @@ -204,8 +207,11 @@ pub mod edwards { #[cfg(feature = "ring")] pub use ring_defs::*; + #[cfg(all(test, feature = "ring"))] + ring_suite_tests!(BandersnatchSha512Ell2); + #[cfg(test)] - suite_tests!(BandersnatchSha512Ell2, true); + suite_tests!(BandersnatchSha512Ell2); #[test] fn elligator2_hash_to_curve() { @@ -242,6 +248,8 @@ mod tests { let sw_point = map_te_to_sw::(&te_point).unwrap(); assert!(sw_point.is_on_curve()); + + assert_eq!(org_point, sw_point); } } diff --git a/src/testing.rs b/src/testing.rs index d5782f5..85707cb 100644 --- a/src/testing.rs +++ b/src/testing.rs @@ -29,7 +29,7 @@ pub fn random_val(rng: Option<&mut dyn RngCore>) -> T { #[macro_export] macro_rules! suite_tests { - ($suite:ident, $build_ring:ident) => { + ($suite:ident, $build_ring:expr) => { suite_tests!($suite); ring_suite_tests!($suite, $build_ring); };