From 44db9b80b485c53ac10e0d0288e03f55e31d575d Mon Sep 17 00:00:00 2001 From: arnaucube Date: Wed, 9 Nov 2022 13:58:37 +0100 Subject: [PATCH] Add non-blind-signature impl non_blind_sign performs a non-blind signature, which can be verified with the same method than a blind-signature. --- src/constraints.rs | 8 +++--- src/lib.rs | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 4 deletions(-) diff --git a/src/constraints.rs b/src/constraints.rs index c629ed0..cf06619 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -59,8 +59,8 @@ where } } -#[derive(Clone, Default, Debug)] -pub struct Msg(pub [ConstraintF; 3]); +#[derive(Clone, Debug)] +pub struct Msg(pub [ConstraintF; MSG_LEN]); #[derive(Derivative)] #[derivative( @@ -588,7 +588,7 @@ mod test { circuit.generate_constraints(cs.clone()).unwrap(); let is_satisfied = cs.is_satisfied().unwrap(); assert!(is_satisfied); - println!("num_cnstraints={:?}", cs.num_constraints()); + println!("num_constraints={:?}", cs.num_constraints()); } #[test] @@ -614,6 +614,6 @@ mod test { circuit.generate_constraints(cs.clone()).unwrap(); let is_satisfied = cs.is_satisfied().unwrap(); assert!(is_satisfied); - println!("num_cnstraints={:?}", cs.num_constraints()); + println!("num_constraints={:?}", cs.num_constraints()); } } diff --git a/src/lib.rs b/src/lib.rs index e6cd6f0..a7a4f43 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -94,6 +94,52 @@ where sk * m_blinded + k } + // new_k_and_R returns a new k \in Fr, and R=k * G, such that R.x \in Fr + fn new_k_and_R(parameters: &Parameters, rng: &mut R) -> (C::ScalarField, C::Affine) + where + ::ScalarField: From, + { + let k = C::ScalarField::rand(rng); + + let R: C::Affine = parameters.generator.mul(k.into_repr()).into(); + let r = EdwardsAffine::from(R); // WIP + + let one = BigInteger256::from(1u64); + let x_repr = r.x.into_repr(); + let modulus = <::Params as FpParameters>::MODULUS; + let modulus_repr = BigInteger256::try_from(modulus.into()).unwrap(); + + if !(x_repr >= one && x_repr < modulus_repr) { + // TODO maybe add a counter of attempts with a limit + return Self::new_k_and_R(parameters, rng); + } + + (k, R) + } + + // non_blind_sign performs a non-blind signature, which can be verified with the same check + // than a blind-signature + pub fn non_blind_sign( + parameters: &Parameters, + rng: &mut R, + poseidon_hash: &poseidon::Poseidon>, + sk: SecretKey, + m: &[ConstraintF], + ) -> Result, ark_crypto_primitives::Error> + where + ::ScalarField: From, + { + let (k, R) = Self::new_k_and_R(parameters, rng); + let r = EdwardsAffine::from(R); // WIP + let x_fr = C::ScalarField::from(r.x.into_repr()); + + let hm = poseidon_hash.hash(m)?; + let hm_fr = C::ScalarField::from_le_bytes_mod_order(&to_bytes!(hm)?); // WIP TMP + + let s = k + (x_fr * hm_fr) * sk; + Ok(Signature { s, r: R }) + } + // requester pub fn new_blind_params( parameters: &Parameters, @@ -245,4 +291,24 @@ mod tests { let verified = S::verify(¶ms, &poseidon_hash, &m, s, pk); assert!(verified); } + + #[test] + fn test_non_blind_signature() { + type S = BlindSigScheme; + + let poseidon_params = poseidon_setup_params::(Curve::Bn254, 5, 4); + let poseidon_hash = poseidon::Poseidon::new(poseidon_params); + + let mut rng = ark_std::test_rng(); + + let params = S::setup(); + let (pk, sk) = S::keygen(¶ms, &mut rng); + + let m = [Fq::from(1234), Fq::from(5689), Fq::from(3456)]; + let s = S::non_blind_sign(¶ms, &mut rng, &poseidon_hash, sk, &m).unwrap(); + + // verify using the same verification method used for blind-signatures + let verified = S::verify(¶ms, &poseidon_hash, &m, s, pk); + assert!(verified); + } }