crypto-primitives no-std (#96)

cp-benches/Cargo.toml

@@ -0,0 +1,58 @@
+[package]
+name = "cp-benches"
+version = "0.1.0"
+authors = [
+    "Sean Bowe",
+    "Alessandro Chiesa",
+    "Matthew Green",
+    "Ian Miers",
+    "Pratyush Mishra",
+    "Howard Wu"
+]
+description = "A library of cryptographic primitives that are used by Zexe"
+homepage = "https://libzexe.org"
+repository = "https://github.com/scipr/zexe"
+documentation = "https://docs.rs/crypto-primitives/"
+keywords = ["r1cs", "groth16", "gm17", "pedersen", "blake2s"]
+categories = ["cryptography"]
+include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+license = "MIT/Apache-2.0"
+edition = "2018"
+
+################################# Dependencies ################################
+
+[dev-dependencies]
+algebra = { path = "../algebra", default-features = false }
+blake2 = { version = "0.7", default-features = false }
+criterion = "0.3.1"
+crypto-primitives = { path = "../crypto-primitives" }
+rand = { version = "0.7" }
+rand_xorshift = { version = "0.2" }
+
+################################# Benchmarks ##################################
+
+[[bench]]
+name = "pedersen_crh"
+path = "benches/crypto_primitives/crh.rs"
+harness = false
+
+[[bench]]
+name = "pedersen_comm"
+path = "benches/crypto_primitives/comm.rs"
+harness = false
+
+[[bench]]
+name = "blake2s_prf"
+path = "benches/crypto_primitives/prf.rs"
+harness = false
+
+[[bench]]
+name = "schnorr_sig"
+path = "benches/crypto_primitives/signature.rs"
+harness = false
+
+[[bench]]
+name = "gm17"
+path = "benches/crypto_primitives/nizk.rs"
+required-features = ["r1cs", "gm17"]
+harness = false

cp-benches/benches/crypto_primitives/comm.rs

@@ -0,0 +1,57 @@
+use rand;
+
+#[macro_use]
+extern crate criterion;
+
+use algebra::{curves::edwards_bls12::EdwardsProjective as Edwards, UniformRand};
+use criterion::Criterion;
+use crypto_primitives::commitment::{pedersen::*, CommitmentScheme};
+
+#[derive(Clone, PartialEq, Eq, Hash)]
+pub struct CommWindow;
+
+impl PedersenWindow for CommWindow {
+    const WINDOW_SIZE: usize = 250;
+    const NUM_WINDOWS: usize = 8;
+}
+
+fn pedersen_comm_setup(c: &mut Criterion) {
+    c.bench_function("Pedersen Commitment Setup", move |b| {
+        b.iter(|| {
+            let mut rng = &mut rand::thread_rng();
+            PedersenCommitment::<Edwards, CommWindow>::setup(&mut rng).unwrap()
+        })
+    });
+}
+
+fn pedersen_comm_eval(c: &mut Criterion) {
+    let mut rng = &mut rand::thread_rng();
+    let parameters = PedersenCommitment::<Edwards, CommWindow>::setup(&mut rng).unwrap();
+    let input = vec![5u8; 128];
+    c.bench_function("Pedersen Commitment Eval", move |b| {
+        b.iter(|| {
+            let rng = &mut rand::thread_rng();
+            let commitment_randomness = PedersenRandomness::rand(rng);
+            PedersenCommitment::<Edwards, CommWindow>::commit(
+                &parameters,
+                &input,
+                &commitment_randomness,
+            )
+            .unwrap();
+        })
+    });
+}
+
+criterion_group! {
+    name = comm_setup;
+    config = Criterion::default().sample_size(10);
+    targets = pedersen_comm_setup
+}
+
+criterion_group! {
+    name = comm_eval;
+    config = Criterion::default().sample_size(10);
+    targets = pedersen_comm_eval
+}
+
+criterion_main!(comm_setup, comm_eval);

cp-benches/benches/crypto_primitives/crh.rs

@@ -0,0 +1,50 @@
+use rand;
+
+#[macro_use]
+extern crate criterion;
+
+use algebra::curves::edwards_bls12::EdwardsProjective as Edwards;
+use criterion::Criterion;
+use crypto_primitives::crh::{pedersen::*, FixedLengthCRH};
+
+#[derive(Clone, PartialEq, Eq, Hash)]
+pub struct HashWindow;
+
+impl PedersenWindow for HashWindow {
+    const WINDOW_SIZE: usize = 250;
+    const NUM_WINDOWS: usize = 8;
+}
+
+fn pedersen_crh_setup(c: &mut Criterion) {
+    c.bench_function("Pedersen CRH Setup", move |b| {
+        b.iter(|| {
+            let mut rng = &mut rand::thread_rng();
+            PedersenCRH::<Edwards, HashWindow>::setup(&mut rng).unwrap()
+        })
+    });
+}
+
+fn pedersen_crh_eval(c: &mut Criterion) {
+    let mut rng = &mut rand::thread_rng();
+    let parameters = PedersenCRH::<Edwards, HashWindow>::setup(&mut rng).unwrap();
+    let input = vec![5u8; 128];
+    c.bench_function("Pedersen CRH Eval", move |b| {
+        b.iter(|| {
+            PedersenCRH::<Edwards, HashWindow>::evaluate(&parameters, &input).unwrap();
+        })
+    });
+}
+
+criterion_group! {
+    name = crh_setup;
+    config = Criterion::default().sample_size(10);
+    targets = pedersen_crh_setup
+}
+
+criterion_group! {
+    name = crh_eval;
+    config = Criterion::default().sample_size(10);
+    targets = pedersen_crh_eval
+}
+
+criterion_main!(crh_setup, crh_eval);

cp-benches/benches/crypto_primitives/nizk.rs

@@ -0,0 +1,121 @@
+#[macro_use]
+extern crate criterion;
+
+use algebra::{curves::bls12_377::Bls12_377, fields::bls12_377::Fr, Field};
+use crypto_primitives::nizk::*;
+use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
+
+use criterion::Criterion;
+use rand::{thread_rng, Rng};
+
+type TestProofSystem = Gm17<Bls12_377, Bench<Fr>, Fr>;
+
+struct Bench<F: Field> {
+    inputs:          Vec<Option<F>>,
+    num_constraints: usize,
+}
+
+impl<F: Field> ConstraintSynthesizer<F> for Bench<F> {
+    fn generate_constraints<CS: ConstraintSystem<F>>(
+        self,
+        cs: &mut CS,
+    ) -> Result<(), SynthesisError> {
+        assert!(self.inputs.len() >= 2);
+        assert!(self.num_constraints >= self.inputs.len());
+
+        let mut variables: Vec<_> = Vec::with_capacity(self.inputs.len());
+        for (i, input) in self.inputs.into_iter().enumerate() {
+            let input_var = cs.alloc_input(
+                || format!("Input {}", i),
+                || input.ok_or(SynthesisError::AssignmentMissing),
+            )?;
+            variables.push((input, input_var));
+        }
+
+        for i in 0..self.num_constraints {
+            let new_entry = {
+                let (input_1_val, input_1_var) = variables[i];
+                let (input_2_val, input_2_var) = variables[i + 1];
+                let result_val =
+                    input_1_val.and_then(|input_1| input_2_val.map(|input_2| input_1 * &input_2));
+                let result_var = cs.alloc(
+                    || format!("Result {}", i),
+                    || result_val.ok_or(SynthesisError::AssignmentMissing),
+                )?;
+                cs.enforce(
+                    || format!("Enforce constraint {}", i),
+                    |lc| lc + input_1_var,
+                    |lc| lc + input_2_var,
+                    |lc| lc + result_var,
+                );
+                (result_val, result_var)
+            };
+            variables.push(new_entry);
+        }
+        Ok(())
+    }
+}
+
+fn gm17_setup(c: &mut Criterion) {
+    let num_inputs = 100;
+    let num_constraints = num_inputs;
+    let rng = &mut thread_rng();
+    let mut inputs: Vec<Option<Fr>> = Vec::with_capacity(num_inputs);
+    for _ in 0..num_inputs {
+        inputs.push(Some(rng.gen()));
+    }
+
+    c.bench_function("gm17_setup", move |b| {
+        b.iter(|| {
+            TestProofSystem::setup(
+                Bench::<Fr> {
+                    inputs: vec![None; num_inputs],
+                    num_constraints,
+                },
+                rng,
+            )
+            .unwrap()
+        })
+    });
+}
+
+fn gm17_prove(c: &mut Criterion) {
+    let num_inputs = 100;
+    let num_constraints = num_inputs;
+    let rng = &mut thread_rng();
+    let mut inputs: Vec<Option<Fr>> = Vec::with_capacity(num_inputs);
+    for _ in 0..num_inputs {
+        inputs.push(Some(rng.gen()));
+    }
+
+    let params = TestProofSystem::setup(
+        Bench::<Fr> {
+            inputs: vec![None; num_inputs],
+            num_constraints,
+        },
+        rng,
+    )
+    .unwrap();
+
+    c.bench_function("gm17_prove", move |b| {
+        b.iter(|| {
+            TestProofSystem::prove(
+                &params.0,
+                Bench {
+                    inputs: inputs.clone(),
+                    num_constraints,
+                },
+                rng,
+            )
+            .unwrap()
+        })
+    });
+}
+
+criterion_group! {
+    name = nizk_eval;
+    config = Criterion::default().sample_size(10);
+    targets = gm17_setup, gm17_prove
+}
+
+criterion_main!(nizk_eval);

cp-benches/benches/crypto_primitives/prf.rs

@@ -0,0 +1,25 @@
+use rand;
+
+#[macro_use]
+extern crate criterion;
+
+use criterion::Criterion;
+use crypto_primitives::prf::*;
+use rand::Rng;
+
+fn blake2s_prf_eval(c: &mut Criterion) {
+    let rng = &mut rand::thread_rng();
+    let input: [u8; 32] = rng.gen();
+    let seed: [u8; 32] = rng.gen();
+    c.bench_function("Blake2s PRF Eval", move |b| {
+        b.iter(|| Blake2s::evaluate(&seed, &input).unwrap())
+    });
+}
+
+criterion_group! {
+    name = prf_eval;
+    config = Criterion::default().sample_size(50);
+    targets = blake2s_prf_eval
+}
+
+criterion_main!(prf_eval);

cp-benches/benches/crypto_primitives/signature.rs

@@ -0,0 +1,180 @@
+#[macro_use]
+extern crate criterion;
+
+mod affine {
+    use algebra::curves::edwards_bls12::EdwardsAffine as Edwards;
+    use blake2::Blake2s;
+    use criterion::Criterion;
+    use crypto_primitives::signature::{schnorr::*, SignatureScheme};
+    use rand::{self, Rng};
+
+    type SchnorrEdwards = SchnorrSignature<Edwards, Blake2s>;
+    fn schnorr_signature_setup(c: &mut Criterion) {
+        c.bench_function("SchnorrEdwardsAffine: Setup", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::setup(&mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_keygen(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsAffine: KeyGen", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::keygen(&parameters, &mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_sign(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (_, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let message = [100u8; 128];
+
+        c.bench_function("SchnorrEdwardsAffine: Sign", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_verify(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (pk, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let message = [100u8; 128];
+        let signature = SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsAffine: Verify", move |b| {
+            b.iter(|| SchnorrEdwards::verify(&parameters, &pk, &message, &signature).unwrap())
+        });
+    }
+
+    fn schnorr_signature_randomize_pk(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (pk, _) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let randomness: [u8; 32] = rng.gen();
+
+        c.bench_function("SchnorrEdwardsAffine: Randomize PubKey", move |b| {
+            b.iter(|| SchnorrEdwards::randomize_public_key(&parameters, &pk, &randomness).unwrap())
+        });
+    }
+
+    fn schnorr_signature_randomize_signature(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (_, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let randomness: [u8; 32] = rng.gen();
+        let message = [100u8; 128];
+        let signature = SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsAffine: Randomize Signature", move |b| {
+            b.iter(|| {
+                SchnorrEdwards::randomize_signature(&parameters, &signature, &randomness).unwrap()
+            })
+        });
+    }
+    criterion_group! {
+        name = schnorr_sig_affine;
+        config = Criterion::default().sample_size(20);
+        targets = schnorr_signature_setup, schnorr_signature_keygen, schnorr_signature_sign,
+                  schnorr_signature_verify, schnorr_signature_randomize_pk, schnorr_signature_randomize_signature
+    }
+}
+
+mod projective {
+    use algebra::curves::edwards_bls12::EdwardsProjective as Edwards;
+    use blake2::Blake2s;
+    use criterion::Criterion;
+    use crypto_primitives::signature::{schnorr::*, SignatureScheme};
+    use rand::{self, Rng};
+
+    type SchnorrEdwards = SchnorrSignature<Edwards, Blake2s>;
+    fn schnorr_signature_setup(c: &mut Criterion) {
+        c.bench_function("SchnorrEdwardsProjective: Setup", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::setup(&mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_keygen(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsProjective: KeyGen", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::keygen(&parameters, &mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_sign(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (_, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let message = [100u8; 128];
+
+        c.bench_function("SchnorrEdwardsProjective: Sign", move |b| {
+            b.iter(|| {
+                let mut rng = &mut rand::thread_rng();
+                SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap()
+            })
+        });
+    }
+
+    fn schnorr_signature_verify(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (pk, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let message = [100u8; 128];
+        let signature = SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsProjective: Verify", move |b| {
+            b.iter(|| SchnorrEdwards::verify(&parameters, &pk, &message, &signature).unwrap())
+        });
+    }
+
+    fn schnorr_signature_randomize_pk(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (pk, _) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let randomness: [u8; 32] = rng.gen();
+
+        c.bench_function("SchnorrEdwardsProjective: Randomize PubKey", move |b| {
+            b.iter(|| SchnorrEdwards::randomize_public_key(&parameters, &pk, &randomness).unwrap())
+        });
+    }
+
+    fn schnorr_signature_randomize_signature(c: &mut Criterion) {
+        let mut rng = &mut rand::thread_rng();
+        let parameters = SchnorrEdwards::setup(&mut rng).unwrap();
+        let (_, sk) = SchnorrEdwards::keygen(&parameters, &mut rng).unwrap();
+        let randomness: [u8; 32] = rng.gen();
+        let message = [100u8; 128];
+        let signature = SchnorrEdwards::sign(&parameters, &sk, &message, &mut rng).unwrap();
+
+        c.bench_function("SchnorrEdwardsProjective: Randomize Signature", move |b| {
+            b.iter(|| {
+                SchnorrEdwards::randomize_signature(&parameters, &signature, &randomness).unwrap()
+            })
+        });
+    }
+    criterion_group! {
+        name = schnorr_sig_projective;
+        config = Criterion::default().sample_size(20);
+        targets = schnorr_signature_setup, schnorr_signature_keygen, schnorr_signature_sign,
+                  schnorr_signature_verify, schnorr_signature_randomize_pk, schnorr_signature_randomize_signature
+    }
+}
+use crate::{affine::schnorr_sig_affine, projective::schnorr_sig_projective};
+criterion_main!(schnorr_sig_affine, schnorr_sig_projective);