Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer the Pow trait #179

Draft
wants to merge 25 commits into
base: master
Choose a base branch
from
Draft

Prefer the Pow trait #179

wants to merge 25 commits into from
+1,256 −100

Conversation

dvdplm
Copy link
Contributor

@dvdplm dvdplm commented Jan 23, 2025
edited
Loading

This PR removes the Exponentiable trait and its implementations for SecretSigned, SecretUnsigned and PublicSigned. It's up for debate whether this is actually better, but I think it's a little bit cleaner and may be helpful for tricks like "exponentiation with known totient"? The downside is that now the wrapper types are public.

EDIT: Rebased this on top of #173 t to be able to check for regressions (looks good).

group                                      no-exponentiable
-----                                      ----------------
AffG proof/prove                           1.00     90.5±0.36ms        ? ?/sec
AffG proof/verify                          1.00     68.0±4.82ms        ? ?/sec
Dec proof/prove                            1.00     39.5±1.03ms        ? ?/sec
Dec proof/verify                           1.00     33.3±6.40ms        ? ?/sec
Enc proof/prove                            1.00     35.8±1.72ms        ? ?/sec
Enc proof/verify                           1.00     31.6±6.75ms        ? ?/sec
LogStar proof/prove                        1.00     36.1±1.14ms        ? ?/sec
LogStar proof/verify                       1.00     30.7±6.52ms        ? ?/sec
MulStar proof/prove                        1.00     51.4±1.44ms        ? ?/sec
MulStar proof/verify                       1.00     36.4±6.38ms        ? ?/sec
Paillier multiplication proof/prove        1.00     49.0±1.19ms        ? ?/sec
Paillier multiplication proof/verify       1.00     52.5±7.58ms        ? ?/sec
Paillier-Blum modulus proof/prove          1.00    627.7±1.18ms        ? ?/sec
Paillier-Blum modulus proof/verify         1.00    278.6±0.71ms        ? ?/sec
Pedersen Ring params (prm) proof/prove     1.00    274.2±1.61ms        ? ?/sec
Pedersen Ring params (prm) proof/verify    1.00    274.2±1.05ms        ? ?/sec
Schnorr (sch) proof/prove                  1.00      7.8±0.02µs        ? ?/sec
Schnorr (sch) proof/verify                 1.00     62.7±0.06µs        ? ?/sec
fac proof/prove                            1.00     59.3±0.30ms        ? ?/sec
fac proof/verify                           1.00     47.6±3.49ms        ? ?/sec

dvdplm added 19 commits January 8, 2025 10:22
@dvdplm
Synthetic benchmark for exponentiation with known totient
bf9acac
@dvdplm
Initial benchmark for Fac proof
a6e4168
@dvdplm
Init tracing for FacProof benches
936fceb
@dvdplm
Add test that exercise the ser-/deserialization of FacProof
3d8ebf0
@dvdplm
Add benchmark for AffG
72355d1
@dvdplm
mod.rs is not allowed and other clippy fixes
e225fb2
@dvdplm
Allow formatting args in string literals
0c78a5c
@dvdplm
Benchmark for DecProof construction and verification
0d748b7
@dvdplm
Add Enc proof
0e9b77c
@dvdplm
Add Paillier Mul proof benchmark
c310e31
@dvdplm
Clippy fixes
b6c79c9
@dvdplm
moar clippy crap
6f88bef
@dvdplm
Add benches for Prm and Sch proofs
7cf86ec
@dvdplm
Remove workaround for broken/quirky clippy on nightly (rust-lang/rust…
30cc953 
…-clippy#13885)
@dvdplm
Prm proofs are broken for now
5eedb88
@dvdplm
Appease clippy
d45d19c
@dvdplm
Don't use a PublicSigned for PrmProof
05d714b
@dvdplm
Merge branch 'master' into dp-zk-proof-benches
6ad3132
@dvdplm
Re-enable Prm benchmark
58d9fb4
@codecov Codecov
Copy link

codecov bot commented Jan 23, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.47%. Comparing base (a3bbfc6) to head (dc4ed8a).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #179      +/-   ##
==========================================
+ Coverage   92.46%   92.47%   +0.01%     
==========================================
  Files          35       35              
  Lines        7030     7031       +1     
==========================================
+ Hits         6500     6502       +2     
+ Misses        530      529       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dvdplm dvdplm self-assigned this Jan 23, 2025
@dvdplm dvdplm requested a review from fjarri January 23, 2025 14:52
dvdplm
dvdplm commented Jan 23, 2025
View reviewed changes
synedrion/src/paillier/params.rs
Comment on lines +67 to +73
+ Pow<SecretUnsigned<Self::Uint>>
+ Pow<PublicSigned<Self::Uint>>
+ Pow<PublicSigned<Self::WideUint>>
+ Pow<PublicSigned<Self::ExtraWideUint>>
+ Pow<SecretSigned<Self::Uint>>
+ Pow<SecretSigned<Self::WideUint>>
+ Pow<SecretSigned<Self::ExtraWideUint>>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit nasty. :/

dvdplm
dvdplm commented Jan 23, 2025
View reviewed changes
synedrion/src/tools/secret.rs
@@ -23,7 +23,7 @@ use crate::{
/// - Safe `Clone` implementation (without needing to impl `CloneableSecret`)
/// - Safe `Debug` implementation
/// - Safe serialization/deserialization (down to `serde` API; what happens there we cannot control)
pub(crate) struct Secret<T: Zeroize>(SecretBox<T>);
pub struct Secret<T: Zeroize>(SecretBox<T>);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having to make the wrapper types pub is unfortunate.

fjarri
fjarri reviewed Jan 24, 2025
View reviewed changes
synedrion/src/paillier/encryption.rs Outdated
@@ -294,7 +294,9 @@ impl<P: PaillierParams> Ciphertext<P> {
// To isolate `rho`, calculate `(rho^N)^(N^(-1)) mod N`.
// The order of `Z_N` is `phi(N)`, so the inversion in the exponent is modulo `phi(N)`.
let sk_inv_modulus = sk.inv_modulus();
let randomizer_mod = Secret::init_with(|| ciphertext_mod_n.pow(sk_inv_modulus));
let randomizer_mod = Secret::init_with(|| {
ciphertext_mod_n.pow_bounded_exp(sk_inv_modulus.expose_secret(), sk_inv_modulus.bound())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't pow() work here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should, good catch. This was a left-over from early experimentation.

@fjarri
Copy link
Member

fjarri commented Jan 24, 2025

and may be helpful for tricks like "exponentiation with known totient"?

Is it actually helpful? I think that's the crucial thing here. I would say that using macros and making internal types public is a downside, so what are we getting for it?

@dvdplm
Copy link
Contributor Author

dvdplm commented Jan 24, 2025

Is it actually helpful? I think that's the crucial thing here. I would say that using macros and making internal types public is a downside, so what are we getting for it?

Indeed, I'm not convinced myself. I think it is useful (or even required) to have this to make using the MultiExponentiate feature possible/easier.

I'll put this back as draft and collect some more info on how/if it's useful.

@dvdplm dvdplm marked this pull request as draft January 24, 2025 08:07
@dvdplm dvdplm force-pushed the dp-remove-exponentiable-trait branch from dc4ed8a to 43d6bf7 Compare January 27, 2025 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fjarri fjarri fjarri left review comments

Assignees

@dvdplm dvdplm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dvdplm @fjarri