Skip to content

Commit

Permalink
Working tests
Browse files Browse the repository at this point in the history
  • Loading branch information
cmester0 committed Mar 13, 2024
1 parent f63a107 commit 9297f11
Show file tree
Hide file tree
Showing 10 changed files with 193 additions and 133 deletions.
1 change: 1 addition & 0 deletions bip-340/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ hacspec-lib = { git = "https://github.com/hacspec/hacspec.git" }
hacspec-sha256 = { path = "../sha256" }

group = "0.13"
ff = "0.13"
subtle = "*"
rand_core = "0.6"

Expand Down
72 changes: 45 additions & 27 deletions bip-340/src/bip-340.rs
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,10 @@ pub fn verify(msg: Message, pubkey: PublicKey, sig: Signature) -> VerificationRe
/////////////////

pub mod GroupTrait {
use super::{PBytes32, Point, FieldElement, Scalar, ScalarCanvas, lift_x, AffinePoint, finite};
use super::{
finite, lift_x, point_add, x, y, AffinePoint, FieldElement, PBytes32, Point, Scalar,
ScalarCanvas,
};
use group::*;
use hacspec_lib::*;

Expand Down Expand Up @@ -359,39 +362,42 @@ pub mod GroupTrait {
type Output = Point;

fn neg(self) -> Self::Output {
-self
match self {
Point::AtInfinity => Point::AtInfinity,
Point::Affine((x, y)) => Point::Affine((x, FieldElement::from_literal(0u128) - y)),
}
}
}

impl Add for Point {
type Output = Point;
#[inline]
fn add(self, rhs: Point) -> Self::Output {
self + rhs
point_add(self, rhs)
}
}

impl<'b> Add<&'b Point> for Point {
type Output = Point;
#[inline]
fn add(self, rhs: &'b Point) -> Self::Output {
self + rhs
self + *rhs
}
}

impl Sub for Point {
type Output = Point;
#[inline]
fn sub(self, rhs: Point) -> Self::Output {
self - rhs
self + (-rhs)
}
}

impl<'b> Sub<&'b Point> for Point {
type Output = Point;
#[inline]
fn sub(self, rhs: &'b Point) -> Self::Output {
self - rhs
self - *rhs
}
}

Expand All @@ -407,7 +413,7 @@ pub mod GroupTrait {
type Output = Point;
#[inline]
fn mul(self, rhs: &'b Scalar) -> Self::Output {
self * rhs
self * *rhs
}
}

Expand Down Expand Up @@ -479,7 +485,7 @@ pub mod GroupTrait {
fn product<I: Iterator<Item = Scalar>>(iter: I) -> Self {
let mut accum = Scalar::from_literal(1u128);
for x in iter {
accum = accum + x;
accum = accum * x;
}
accum
}
Expand All @@ -489,7 +495,7 @@ pub mod GroupTrait {
fn product<I: Iterator<Item = &'b Scalar>>(iter: I) -> Self {
let mut accum = Scalar::from_literal(1u128);
for x in iter {
accum = accum + x;
accum = accum * x;
}
accum
}
Expand All @@ -507,23 +513,23 @@ pub mod GroupTrait {
type Output = Scalar;
#[inline]
fn add(self, rhs: &'b Scalar) -> Self::Output {
self - rhs
self + *rhs
}
}

impl<'b> Sub<&'b Scalar> for Scalar {
type Output = Scalar;
#[inline]
fn sub(self, rhs: &'b Scalar) -> Self::Output {
self - rhs
self - *rhs
}
}

impl<'b> Mul<&'b Scalar> for Scalar {
type Output = Scalar;
#[inline]
fn mul(self, rhs: &'b Scalar) -> Self::Output {
self * rhs
self * *rhs
}
}

Expand Down Expand Up @@ -570,7 +576,7 @@ pub mod GroupTrait {
}

// AffinePoint

impl Add<AffinePoint> for Point {
type Output = Point;
#[inline]
Expand Down Expand Up @@ -631,7 +637,6 @@ pub mod GroupTrait {
}
}


impl ConstantTimeEq for Scalar {
fn ct_eq(&self, other: &Self) -> Choice {
let a: Seq<u8> = self.to_public_byte_seq_be();
Expand Down Expand Up @@ -700,27 +705,28 @@ pub mod GroupTrait {
}

impl PrimeField for Scalar {
type Repr = [u8;32];
type Repr = [u8; 32];
fn from_repr(x: <Self as PrimeField>::Repr) -> CtOption<Self> {
CtOption::new(Scalar::from_public_byte_seq_be(PBytes32(x)), x.ct_eq(&x))
CtOption::new(Scalar::from_public_byte_seq_be(PBytes32(x)), x.ct_eq(&x))
}
fn to_repr(&self) -> <Self as PrimeField>::Repr {
let mut res : [u8;32] = [0u8;32];
let mut res: [u8; 32] = [0u8; 32];
let val = Scalar::to_public_byte_seq_be(*self);
for i in 0..32 {
res[i] = val[i];
}
res
}
fn is_odd(&self) -> Choice {
todo!()
Choice::from(if self.bit(0) {1} else {0})
}
const MODULUS: &'static str = "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141";
const MODULUS: &'static str =
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141";
const NUM_BITS: u32 = 256;
const CAPACITY: u32 = 256; // TODO
const CAPACITY: u32 = 255; // TODO
const TWO_INV: Self = <Scalar as Field>::ONE; // TODO
const MULTIPLICATIVE_GENERATOR: Self = <Scalar as Field>::ONE; // TODO
const S: u32 = 42;
const S: u32 = 42;
const ROOT_OF_UNITY: Self = <Scalar as Field>::ONE; // TODO
const ROOT_OF_UNITY_INV: Self = <Scalar as Field>::ONE; // TODO
const DELTA: Self = <Scalar as Field>::ONE; // TODO
Expand All @@ -731,10 +737,13 @@ pub mod GroupTrait {
fn random(mut rng: impl RngCore) -> Self {
let b: &mut [u8; 32] = &mut [0u8; 32];
rng.fill_bytes(b);
Point::Affine(lift_x(FieldElement::from_public_byte_seq_be(PBytes32(*b))).unwrap())
Point::Affine(lift_x(FieldElement::from_public_byte_seq_be(PBytes32(*b))).unwrap())
}

fn identity() -> Self {
Point::AtInfinity
}

fn identity() -> Self { todo!() }
fn generator() -> Self {
#[rustfmt::skip]
let gx = PBytes32([
Expand All @@ -755,9 +764,18 @@ pub mod GroupTrait {
FieldElement::from_public_byte_seq_be(gy),
))
}
fn is_identity(&self) -> Choice { todo!() }
fn double(&self) -> Self { *self + *self }
}

fn is_identity(&self) -> Choice {
match self {
Point::AtInfinity => Choice::from(1),
_ => Choice::from(0),
}
}

fn double(&self) -> Self {
*self + *self
}
}

impl Curve for Point {
type AffineRepr = AffinePoint;
Expand Down
5 changes: 3 additions & 2 deletions ovn/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@

pub mod ovn_traits;

pub mod ovn_z_89;
pub mod ovn_secp256k1;
pub mod ovn_group;
pub mod ovn_secp256k1;
pub mod ovn_z_89;

pub mod ovn_zk_z_89;
pub mod ovn_zk_secp256k1;
pub mod ovn_zkgroup;
30 changes: 25 additions & 5 deletions ovn/src/ovn_group.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,20 @@ pub fn schnorr_zkp<Z: Z_Field, G: Group<Z>>(
let c = G::hash(vec![G::g(), h, u]);
let z = Z::add(r, Z::mul(c, x));

return SchnorrZKPCommit { schnorr_zkp_u: u, schnorr_zkp_c: c, schnorr_zkp_z: z };
return SchnorrZKPCommit {
schnorr_zkp_u: u,
schnorr_zkp_c: c,
schnorr_zkp_z: z,
};
}

// https://crypto.stanford.edu/cs355/19sp/lec5.pdf
pub fn schnorr_zkp_validate<Z: Z_Field, G: Group<Z>>(
h: G::group_type,
pi: SchnorrZKPCommit<Z, G>,
) -> bool {
pi.schnorr_zkp_c == G::hash(vec![G::g(), h, pi.schnorr_zkp_u]) && G::g_pow(pi.schnorr_zkp_z) == G::prod(pi.schnorr_zkp_u, G::pow(h, pi.schnorr_zkp_c))
pi.schnorr_zkp_c == G::hash(vec![G::g(), h, pi.schnorr_zkp_u])
&& G::g_pow(pi.schnorr_zkp_z) == G::prod(pi.schnorr_zkp_u, G::pow(h, pi.schnorr_zkp_c))
}

#[derive(Serialize, SchemaType, Clone, Copy)]
Expand Down Expand Up @@ -142,13 +147,28 @@ pub fn zkp_one_out_of_two_validate<Z: Z_Field, G: Group<Z>>(
h: G::group_type,
zkp: OrZKPCommit<Z, G>,
) -> bool {
let c = G::hash(vec![zkp.or_zkp_x, zkp.or_zkp_y, zkp.or_zkp_a1, zkp.or_zkp_b1, zkp.or_zkp_a2, zkp.or_zkp_b2]); // TODO: add i
let c = G::hash(vec![
zkp.or_zkp_x,
zkp.or_zkp_y,
zkp.or_zkp_a1,
zkp.or_zkp_b1,
zkp.or_zkp_a2,
zkp.or_zkp_b2,
]); // TODO: add i

(c == Z::add(zkp.or_zkp_d1, zkp.or_zkp_d2)
&& zkp.or_zkp_a1 == G::prod(G::g_pow(zkp.or_zkp_r1), G::pow(zkp.or_zkp_x, zkp.or_zkp_d1))
&& zkp.or_zkp_b1 == G::prod(G::pow(h, zkp.or_zkp_r1), G::pow(zkp.or_zkp_y, zkp.or_zkp_d1))
&& zkp.or_zkp_b1
== G::prod(
G::pow(h, zkp.or_zkp_r1),
G::pow(zkp.or_zkp_y, zkp.or_zkp_d1),
)
&& zkp.or_zkp_a2 == G::prod(G::g_pow(zkp.or_zkp_r2), G::pow(zkp.or_zkp_x, zkp.or_zkp_d2))
&& zkp.or_zkp_b2 == G::prod(G::pow(h, zkp.or_zkp_r2), G::pow(G::div(zkp.or_zkp_y, G::g()), zkp.or_zkp_d2)))
&& zkp.or_zkp_b2
== G::prod(
G::pow(h, zkp.or_zkp_r2),
G::pow(G::div(zkp.or_zkp_y, G::g()), zkp.or_zkp_d2),
))
}

pub fn commit_to<Z: Z_Field, G: Group<Z>>(g_pow_xi_yi_vi: G::group_type) -> Z::field_type {
Expand Down
25 changes: 14 additions & 11 deletions ovn/src/ovn_secp256k1.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ pub struct Z_curve {
impl hacspec_concordium::Deserial for Z_curve {
// TODO:
fn deserial<R: Read>(_source: &mut R) -> ParseResult<Self> {
let buffer : &mut [u8] = &mut [];
let buffer: &mut [u8] = &mut [];
let _ = _source.read(buffer)?;

Ok(Z_curve {
Expand Down Expand Up @@ -103,18 +103,22 @@ pub struct Group_curve {
impl hacspec_concordium::Deserial for Group_curve {
// TODO:
fn deserial<R: Read>(_source: &mut R) -> ParseResult<Self> {
let buffer : &mut [u8] = &mut [];
let buffer: &mut [u8] = &mut [];
let _ = _source.read(buffer)?;
if let [0] = buffer {
return Ok(Group_curve { val: Point::AtInfinity })
return Ok(Group_curve {
val: Point::AtInfinity,
});
}

let buffer_y : &mut [u8] = &mut [];
let buffer_y: &mut [u8] = &mut [];
let _ = _source.read(buffer_y)?;

Ok(Group_curve {
val: Point::Affine((FieldElement::from_public_byte_seq_be(Seq::<u8>::from_native_slice(buffer)),
FieldElement::from_public_byte_seq_be(Seq::<u8>::from_native_slice(buffer_y)))),
val: Point::Affine((
FieldElement::from_public_byte_seq_be(Seq::<u8>::from_native_slice(buffer)),
FieldElement::from_public_byte_seq_be(Seq::<u8>::from_native_slice(buffer_y)),
)),
})
}
}
Expand All @@ -123,11 +127,10 @@ impl hacspec_concordium::Serial for Group_curve {
// TODO:
fn serial<W: Write>(&self, _out: &mut W) -> Result<(), W::Err> {
match self.val {
Point::Affine(p) =>
{
Point::Affine(p) => {
_out.write(x(p).to_public_byte_seq_be().native_slice());
_out.write(y(p).to_public_byte_seq_be().native_slice())
},
}
Point::AtInfinity => _out.write(&[0]),
};
Ok(())
Expand Down Expand Up @@ -187,9 +190,9 @@ impl Group<Z_curve> for Group_curve {
fn inv(x: Self::group_type) -> Self::group_type {
Group_curve {
val: match x.val {
Point::Affine((a,b)) => Point::Affine((a, FieldElement::from_literal(0u128)-b)),
Point::Affine((a, b)) => Point::Affine((a, FieldElement::from_literal(0u128) - b)),
Point::AtInfinity => Point::AtInfinity, // TODO?
}
},
}
}

Expand Down
23 changes: 23 additions & 0 deletions ovn/src/ovn_zk_secp256k1.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#[hax_lib_macros::exclude]
use hax_lib_macros::*;

#[exclude]
use hacspec_concordium::*;
#[exclude]
use hacspec_concordium_derive::*;

pub use group::{ff::Field, Group};
pub use crate::ovn_zkgroup::*;

use hacspec_bip_340::{GroupTrait::*, Point, *};

impl MGroup for Point {
fn pow (p: Self,exp: Self::Scalar) -> Self {
point_mul(exp,p)
}

fn hash(inp: Vec<Self>) -> Self::Scalar {
return Self::Scalar::ONE // TODO
}

}
2 changes: 1 addition & 1 deletion ovn/src/ovn_zk_z_89.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ use group::*;
// Impl for Z/89Z //
////////////////////

pub struct z_89 (u32);
pub struct z_89(u32);

// impl Group for z_89 {

Expand Down
Loading

0 comments on commit 9297f11

Please sign in to comment.