Skip to content

Complete Curdleproof migration to generic group backend #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Sep 25, 2023
Merged

Complete Curdleproof migration to generic group backend #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
a86b74a
tmp progress
jsign Sep 23, 2023
1acab36
samemultiscalarargument: use generic group backend
jsign Sep 23, 2023
00726ea
Merge branch 'jsign-gt-grandproductargument' into jsign-gt-samemultis…
jsign Sep 23, 2023
b66501f
remove debug code
jsign Sep 23, 2023
220deaa
grandproductargument: fixes
jsign Sep 23, 2023
207067c
samepermutationargument: migrate to generic backend
jsign Sep 23, 2023
829c179
curdleproofs: make progress in generic backend
jsign Sep 23, 2023
61fc0c4
bench: support abstract group
jsign Sep 23, 2023
9f96dcd
curdleproofs: migrate soundess tests to generic gorup
jsign Sep 24, 2023
61e1bba
mod: add my patch for faster equality check
jsign Sep 24, 2023
685d722
cleanups
jsign Sep 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion common/rand.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,17 @@ func (r *Rand) GeneratePermutation(n int) ([]uint32, error) {

// Experimental
func (r *Rand) GetGt() (bls12381.GT, error) {
var byts [48 * 12]byte
for i := 0; i < 6; i++ {
a, err := r.GetG1Affine()
if err != nil {
return bls12381.GT{}, nil
}
abytes := a.RawBytes()
copy(byts[i*(48*2):], abytes[:])
}
var randElem bls12381.GT
if _, err := randElem.SetRandom(); err != nil {
if err := randElem.SetBytes(byts[:]); err != nil {
Comment on lines +117 to +127
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks to the test verifiers complaining... we were using SetRandom(), where we should use the randomness from r *Rand to get deterministic setup generation.

return bls12381.GT{}, fmt.Errorf("get random GT: %s", err)
}

Expand Down
46 changes: 0 additions & 46 deletions common/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package common

import (
"errors"
"fmt"
"math/big"
"runtime"

Expand Down Expand Up @@ -42,51 +41,6 @@ func Permute[T any](vs []T, perm []uint32) []T {
return ret
}

func ShufflePermuteCommit(
crsGs []bls12381.G1Affine,
crsHs []bls12381.G1Affine,
Rs []bls12381.G1Affine,
Ss []bls12381.G1Affine,
perm []uint32,
k fr.Element,
rand *Rand,
) ([]bls12381.G1Affine, []bls12381.G1Affine, bls12381.G1Jac, []fr.Element, error) {
biK := FrToBigInt(&k)
Ts := make([]bls12381.G1Affine, len(Rs))
for i := range Ts {
Ts[i].ScalarMultiplication(&Rs[i], biK)
}

Us := make([]bls12381.G1Affine, len(Ss))
for i := range Us {
Us[i].ScalarMultiplication(&Ss[i], biK)
}

Ts = Permute(Ts, perm)
Us = Permute(Us, perm)

rangeFrs := make([]fr.Element, len(crsGs))
for i := range perm {
rangeFrs[i] = fr.NewElement(uint64(i))
}

permRangeFrs := Permute(rangeFrs, perm)
var M, M2 bls12381.G1Jac
if _, err := M.MultiExp(crsGs, permRangeFrs, MultiExpConf); err != nil {
return nil, nil, bls12381.G1Jac{}, nil, fmt.Errorf("calculating M_1: %s", err)
}
rs_m, err := rand.GetFrs(N_BLINDERS)
if err != nil {
return nil, nil, bls12381.G1Jac{}, nil, fmt.Errorf("getting rs_m: %s", err)
}
if _, err := M2.MultiExp(crsHs, rs_m, MultiExpConf); err != nil {
return nil, nil, bls12381.G1Jac{}, nil, fmt.Errorf("calculating M_2: %s", err)
}
M.AddAssign(&M2)

return Ts, Us, M, rs_m, nil
}

func DecodeAffineSliceToJac(d *bls12381.Decoder, out *[]bls12381.G1Jac) error {
var affs []bls12381.G1Affine
if err := d.Decode(&affs); err != nil {
Expand Down
50 changes: 32 additions & 18 deletions crs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,48 +3,62 @@ package curdleproof
import (
"fmt"

bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381"
"github.com/jsign/curdleproofs/common"
"github.com/jsign/curdleproofs/group"
)

type CRS struct {
Gs []bls12381.G1Affine
Hs []bls12381.G1Affine
H bls12381.G1Jac
Gt bls12381.G1Jac
Gu bls12381.G1Jac
Gsum bls12381.G1Affine
Hsum bls12381.G1Affine
Gs []group.Element
Hs []group.Element
H group.Element
Gt group.Element
Gu group.Element
Gsum group.Element
Hsum group.Element
}

func GenerateCRS(size int, rand *common.Rand) (CRS, error) {
gs, err := rand.GetG1Affines(size)
// TODO: Clean up API if generic backend is used.
func GenerateCRS(size int, g group.Group, genRandGroupElement func() (group.Element, error)) (CRS, error) {
var err error
gs := make([]group.Element, size)
for i := range gs {
gs[i], err = genRandGroupElement()
if err != nil {
return CRS{}, fmt.Errorf("gen gs: %s", err)
}
}
if err != nil {
return CRS{}, fmt.Errorf("gen gs: %s", err)
}
hs, err := rand.GetG1Affines(common.N_BLINDERS)
hs := make([]group.Element, common.N_BLINDERS)
for i := range hs {
hs[i], err = genRandGroupElement()
if err != nil {
return CRS{}, fmt.Errorf("gen hs: %s", err)
}
}
if err != nil {
return CRS{}, fmt.Errorf("gen hs: %s", err)
}
h, err := rand.GetG1Jac()
h, err := genRandGroupElement()
if err != nil {
return CRS{}, fmt.Errorf("gen h: %s", err)
}
gt, err := rand.GetG1Jac()
gt, err := genRandGroupElement()
if err != nil {
return CRS{}, fmt.Errorf("gen gt: %s", err)
}
gu, err := rand.GetG1Jac()
gu, err := genRandGroupElement()
if err != nil {
return CRS{}, fmt.Errorf("gen gu: %s", err)
}
var gsum bls12381.G1Affine
gsum := g.CreateElement()
for _, g := range gs {
gsum.Add(&gsum, &g)
gsum.Add(gsum, g)
}
var hsum bls12381.G1Affine
hsum := g.CreateElement()
for _, h := range hs {
hsum.Add(&hsum, &h)
hsum.Add(hsum, h)
}

return CRS{
Expand Down
Loading