From c6af5a5e61826f79ffb7e1cd27567496ed3ec798 Mon Sep 17 00:00:00 2001 From: arnaucube Date: Wed, 19 Oct 2022 19:42:31 +0200 Subject: [PATCH] Update native lib over BasePrimeField --- src/lib.rs | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index dfed9a1..eac07f2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -30,6 +30,7 @@ use ark_ed_on_bn254::{ EdwardsAffine, EdwardsParameters, EdwardsProjective, FqParameters, Fr, FrParameters, }; +type ConstraintF = <::BaseField as Field>::BasePrimeField; pub type SecretKey = ::ScalarField; pub type PublicKey = ::Affine; pub type BlindedSignature = ::ScalarField; @@ -135,14 +136,11 @@ where pub fn blind( parameters: &Parameters, rng: &mut R, - poseidon_hash: &poseidon::Poseidon, - m: C::ScalarField, + poseidon_hash: &poseidon::Poseidon>, + m: ConstraintF, signer_r: C::Affine, ) -> Result<(C::ScalarField, UserSecretData), ark_crypto_primitives::Error> where - ::ScalarField: Mul>, - ::ScalarField: - From<<::ScalarField as Mul>>::Output>, ::ScalarField: From, { let u = Self::new_blind_params(parameters, rng, signer_r); @@ -152,8 +150,11 @@ where let x_fr = C::ScalarField::from(r.x.into_repr()); // m' = a^-1 rx h(m) - let h_m = poseidon_hash.hash(&[m])?; - let m_blinded = C::ScalarField::from(u.a.inverse().unwrap() * x_fr) * h_m; + // TODO hash(m) must be \in Fr + let hm = poseidon_hash.hash(&[m])?; + // let hm_fr = C::ScalarField::from_repr(hm.into_repr()).unwrap(); + let hm_fr = C::ScalarField::from_le_bytes_mod_order(&to_bytes!(hm)?); // WIP TMP + let m_blinded = C::ScalarField::from(u.a.inverse().unwrap() * x_fr) * hm_fr; Ok((m_blinded, u)) } @@ -166,8 +167,8 @@ where pub fn verify( parameters: &Parameters, - poseidon_hash: &poseidon::Poseidon, - m: C::ScalarField, + poseidon_hash: &poseidon::Poseidon>, + m: ConstraintF, s: Signature, q: PublicKey, ) -> bool @@ -176,7 +177,10 @@ where { let sG = parameters.generator.mul(s.s.into_repr()); - let h_m = poseidon_hash.hash(&[m]).unwrap(); + // TODO hash(m) must be \in Fr + let hm = poseidon_hash.hash(&[m]).unwrap(); + // let hm_fr = C::ScalarField::from_repr(hm.into_repr()).unwrap(); + let hm_fr = C::ScalarField::from_le_bytes_mod_order(&to_bytes!(hm).unwrap()); // WIP TMP // check that s.R.x is in Fr let r = EdwardsAffine::from(s.r); // WIP @@ -189,7 +193,7 @@ where } // get s.R.x let x_fr = C::ScalarField::from(r.x.into_repr()); - let right = s.r + q.mul((x_fr * h_m).into_repr()).into_affine(); + let right = s.r + q.mul((x_fr * hm_fr).into_repr()).into_affine(); sG.into_affine() == right } @@ -219,13 +223,14 @@ pub fn poseidon_setup_params( #[cfg(test)] mod tests { use super::*; - pub type ConstraintF = ark_ed_on_bn254::Fr; // scalar field + pub type Fq = ark_ed_on_bn254::Fq; // base field + // pub type Fr = ark_ed_on_bn254::Fr; // scalar field #[test] - fn test_blind() { + fn test_blind_signature_flow_native() { type S = BlindSigScheme; - let poseidon_params = poseidon_setup_params::(Curve::Bn254, 5, 3); + let poseidon_params = poseidon_setup_params::(Curve::Bn254, 5, 3); let poseidon_hash = poseidon::Poseidon::new(poseidon_params); let mut rng = ark_std::test_rng(); @@ -234,7 +239,7 @@ mod tests { let (pk, sk) = S::keygen(¶ms, &mut rng); let (k, signer_r) = S::new_request_params(¶ms, &mut rng); - let m = ConstraintF::from(1234); + let m = Fq::from(1234); let (m_blinded, u) = S::blind(¶ms, &mut rng, &poseidon_hash, m, signer_r).unwrap();