arnaucube/babyjubjub-ark
1
0
Fork 0
mirror of https://github.com/arnaucube/babyjubjub-ark.git synced 2026-01-13 17:21:29 +01:00
Code Issues Projects Releases Wiki Activity

constants with lazy_static, refactor

Browse Source
This commit is contained in:
arnaucube
2019-08-28 00:25:27 +02:00
parent 1ff5a567a7
commit 48085c5a83
2 changed files with 240 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@@ -17,3 +17,4 @@ tiny-keccak = "1.5"
rustc-hex = "1.0.0" rustc-hex = "1.0.0"
mimc-rs = "0.0.1" mimc-rs = "0.0.1"
arrayref = "0.3.5" arrayref = "0.3.5"
lazy_static = "1.4.0"

287
src/lib.rs
View File

@@ -17,79 +17,18 @@ use generic_array::GenericArray;
mod utils; mod utils;
#[derive(Clone, Debug)] #[macro_use]
pub struct Point { extern crate lazy_static;
pub x: BigInt,
pub y: BigInt,
}
pub struct Signature { lazy_static! {
r_b8: Point, static ref D: BigInt = BigInt::parse_bytes(b"168696", 10).unwrap();
s: BigInt, static ref A: BigInt = BigInt::parse_bytes(b"168700", 10).unwrap();
} static ref Q: BigInt = BigInt::parse_bytes(
pub struct PrivateKey {
bbjj: Babyjubjub,
key: BigInt,
}
impl PrivateKey {
pub fn public(&self) -> Point {
// https://tools.ietf.org/html/rfc8032#section-5.1.5
let pk = &self.bbjj.mul_scalar(self.bbjj.b8.clone(), self.key.clone());
pk.clone()
}
pub fn sign(&self, msg: BigInt) -> Signature {
// https://tools.ietf.org/html/rfc8032#section-5.1.6
let mut hasher = Blake2b::new();
let (_, sk_bytes) = self.key.to_bytes_be();
hasher.input(sk_bytes);
let mut h = hasher.result(); // h: hash(sk)
// s: h[32:64]
let s = GenericArray::<u8, generic_array::typenum::U32>::from_mut_slice(&mut h[32..64]);
let (_, msg_bytes) = msg.to_bytes_be();
let r_bytes = utils::concatenate_arrays(s, &msg_bytes);
let mut r = BigInt::from_bytes_be(Sign::Plus, &r_bytes[..]);
r = utils::modulus(&r, &self.bbjj.sub_order);
let r8: Point = self.bbjj.mul_scalar(self.bbjj.b8.clone(), r.clone());
let a = &self.public();
let hm_input = vec![r8.x.clone(), r8.y.clone(), a.x.clone(), a.y.clone(), msg];
let mimc7 = Mimc7::new();
let hm = mimc7.hash(hm_input);
let mut s = &self.key << 3;
s = hm * s;
s = r + s;
s = s % &self.bbjj.sub_order;
Signature {
r_b8: r8.clone(),
s: s,
}
}
}
pub struct Babyjubjub {
d: BigInt,
a: BigInt,
q: BigInt,
b8: Point,
// order: BigInt,
sub_order: BigInt,
}
impl Babyjubjub {
pub fn new() -> Babyjubjub {
let d: BigInt = BigInt::parse_bytes(b"168696", 10).unwrap();
let a: BigInt = BigInt::parse_bytes(b"168700", 10).unwrap();
let q: BigInt = BigInt::parse_bytes(
b"21888242871839275222246405745257275088548364400416034343698204186575808495617", b"21888242871839275222246405745257275088548364400416034343698204186575808495617",
10, 10,
) )
.unwrap(); .unwrap();
let b8: Point = Point { static ref B8: Point = Point {
x: BigInt::parse_bytes( x: BigInt::parse_bytes(
b"5299619240641551281634865583518297030282874472190772894086521144482721001553", b"5299619240641551281634865583518297030282874472190772894086521144482721001553",
10, 10,
@@ -101,78 +40,82 @@ impl Babyjubjub {
) )
.unwrap(), .unwrap(),
}; };
let order: BigInt = BigInt::parse_bytes( static ref ORDER: BigInt = BigInt::parse_bytes(
b"21888242871839275222246405745257275088614511777268538073601725287587578984328", b"21888242871839275222246405745257275088614511777268538073601725287587578984328",
10, 10,
) )
.unwrap(); .unwrap();
let sub_order: BigInt = &order >> 3; static ref SUBORDER: BigInt = &BigInt::parse_bytes(
b"21888242871839275222246405745257275088614511777268538073601725287587578984328",
Babyjubjub { 10,
d: d, )
a: a, .unwrap()
q: q, >> 3;
b8: b8,
// order: order,
sub_order: sub_order,
}
} }
pub fn add(&self, p: &Point, q: &Point) -> Point { #[derive(Clone, Debug)]
pub struct Point {
pub x: BigInt,
pub y: BigInt,
}
impl Point {
pub fn add(&self, q: &Point) -> Point {
// x = (x1*y2+y1*x2)/(c*(1+d*x1*x2*y1*y2)) // x = (x1*y2+y1*x2)/(c*(1+d*x1*x2*y1*y2))
// y = (y1*y2-x1*x2)/(c*(1-d*x1*x2*y1*y2)) // y = (y1*y2-x1*x2)/(c*(1-d*x1*x2*y1*y2))
// x = (x1 * y2 + y1 * x2) / (1 + d * x1 * y1 * y2) // x = (x1 * y2 + y1 * x2) / (1 + d * x1 * y1 * y2)
let one: BigInt = One::one(); let one: BigInt = One::one();
let x_num: BigInt = &p.x * &q.y + &p.y * &q.x; let x_num: BigInt = &self.x * &q.y + &self.y * &q.x;
let x_den: BigInt = &one + &self.d * &p.x * &q.x * &p.y * &q.y; let x_den: BigInt = &one + &D.clone() * &self.x * &q.x * &self.y * &q.y;
let x_den_inv = utils::modinv(&x_den, &self.q); let x_den_inv = utils::modinv(&x_den, &Q);
let x: BigInt = utils::modulus(&(&x_num * &x_den_inv), &self.q); let x: BigInt = utils::modulus(&(&x_num * &x_den_inv), &Q);
// y = (y1 * y2 - a * x1 * x2) / (1 - d * x1 * x2 * y1 * y2) // y = (y1 * y2 - a * x1 * x2) / (1 - d * x1 * x2 * y1 * y2)
let y_num = &p.y * &q.y - &self.a * &p.x * &q.x; let y_num = &self.y * &q.y - &A.clone() * &self.x * &q.x;
let y_den = utils::modulus(&(&one - &self.d * &p.x * &q.x * &p.y * &q.y), &self.q); let y_den = utils::modulus(&(&one - &D.clone() * &self.x * &q.x * &self.y * &q.y), &Q);
let y_den_inv = utils::modinv(&y_den, &self.q); let y_den_inv = utils::modinv(&y_den, &Q);
let y: BigInt = utils::modulus(&(&y_num * &y_den_inv), &self.q); let y: BigInt = utils::modulus(&(&y_num * &y_den_inv), &Q);
Point { x: x, y: y } Point { x: x, y: y }
} }
pub fn mul_scalar(&self, p: Point, n: BigInt) -> Point { pub fn mul_scalar(&self, n: BigInt) -> Point {
// TODO use & in p and n to avoid clones on function call // TODO use & in n to avoid clones on function call
let mut r: Point = Point { let mut r: Point = Point {
x: Zero::zero(), x: Zero::zero(),
y: One::one(), y: One::one(),
}; };
let mut rem: BigInt = n; let mut rem: BigInt = n;
let mut exp: Point = p; let mut exp: Point = self.clone();
let zero: BigInt = Zero::zero(); let zero: BigInt = Zero::zero();
let one: BigInt = One::one(); let one: BigInt = One::one();
while rem != zero { while rem != zero {
let is_odd = &rem & &one == one; let is_odd = &rem & &one == one;
if is_odd == true { if is_odd == true {
r = self.add(&r, &exp); r = r.add(&exp);
} }
exp = self.add(&exp, &exp); exp = exp.add(&exp);
rem = rem >> 1; rem = rem >> 1;
} }
r.x = utils::modulus(&r.x, &self.q); r.x = utils::modulus(&r.x, &Q);
r.y = utils::modulus(&r.y, &self.q); r.y = utils::modulus(&r.y, &Q);
r r
} }
pub fn compress_point(&self, p: &Point) -> [u8; 32] { pub fn compress(&self) -> [u8; 32] {
let mut r: [u8; 32]; let mut r: [u8; 32];
let (_, y_bytes) = p.y.to_bytes_le(); let (_, y_bytes) = self.y.to_bytes_le();
r = *array_ref!(y_bytes, 0, 32); r = *array_ref!(y_bytes, 0, 32);
if &p.x > &(&self.q >> 1) { if &self.x > &(&Q.clone() >> 1) {
r[31] = r[31] | 0x80; r[31] = r[31] | 0x80;
} }
r r
} }
}
pub fn decompress_point(&self, bb: [u8; 32]) -> Point { pub fn decompress_point(bb: [u8; 32]) -> Point {
// https://tools.ietf.org/html/rfc8032#section-5.2.3 // https://tools.ietf.org/html/rfc8032#section-5.2.3
let mut sign: bool = false; let mut sign: bool = false;
let mut b = bb.clone(); let mut b = bb.clone();
@@ -181,37 +124,43 @@ impl Babyjubjub {
b[31] = b[31] & 0x7F; b[31] = b[31] & 0x7F;
} }
let y: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[..]); let y: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[..]);
if y >= self.q { if y >= Q.clone() {
// println!("ERROR0"); // println!("ERROR0");
} }
let one: BigInt = One::one(); let one: BigInt = One::one();
// x^2 = (1 - y^2) / (a - d * y^2) (mod p) // x^2 = (1 - y^2) / (a - d * y^2) (mod p)
let mut x: BigInt = utils::modulus( let mut x: BigInt = utils::modulus(
&((one - utils::modulus(&(&y * &y), &self.q)) &((one - utils::modulus(&(&y * &y), &Q))
* utils::modinv( * utils::modinv(
&utils::modulus( &utils::modulus(
&(&self.a - utils::modulus(&(&self.d * (&y * &y)), &self.q)), &(&A.clone() - utils::modulus(&(&D.clone() * (&y * &y)), &Q)),
&self.q, &Q,
), ),
&self.q, &Q,
)), )),
&self.q, &Q,
); );
x = utils::modsqrt(&x, &self.q); x = utils::modsqrt(&x, &Q);
if (sign && x >= Zero::zero()) || (!sign && x < Zero::zero()) { if (sign && x >= Zero::zero()) || (!sign && x < Zero::zero()) {
x = x * -1.to_bigint().unwrap(); x = x * -1.to_bigint().unwrap();
} }
x = utils::modulus(&x, &self.q); x = utils::modulus(&x, &Q);
Point { x: x, y: y } Point { x: x, y: y }
} }
pub fn compress_sig(&self, sig: &Signature) -> [u8; 64] { pub struct Signature {
r_b8: Point,
s: BigInt,
}
impl Signature {
pub fn compress(&self) -> [u8; 64] {
let mut b: Vec<u8> = Vec::new(); let mut b: Vec<u8> = Vec::new();
b.append(&mut self.compress_point(&sig.r_b8).to_vec()); b.append(&mut self.r_b8.compress().to_vec());
// let (_, mut s_bytes) = sig.s.to_bytes_le(); // let (_, mut s_bytes) = self.s.to_bytes_le();
let (_, mut s_bytes) = sig.s.to_bytes_le(); let (_, mut s_bytes) = self.s.to_bytes_le();
println!("sbytes LENGTH {:?}", s_bytes.len()); println!("sbytes LENGTH {:?}", s_bytes.len());
// let mut s_32bytes: [u8; 32] = [0; 32]; // let mut s_32bytes: [u8; 32] = [0; 32];
// s_32bytes[..].copy_from_slice(&s_bytes[..]); // s_32bytes[..].copy_from_slice(&s_bytes[..]);
@@ -226,22 +175,65 @@ impl Babyjubjub {
// let e: [u8; 1] = [0]; // let e: [u8; 1] = [0];
// b.append(&mut e.to_vec()); // b.append(&mut e.to_vec());
// } // }
r.copy_from_slice(&b[..]); r[..].copy_from_slice(&b[..]);
println!("r {:?}", r.len()); println!("r {:?}", r.len());
r r
} }
}
pub fn decompress_sig(&self, b: &[u8; 64]) -> Signature { pub fn decompress_signature(b: &[u8; 64]) -> Signature {
let r_b8_bytes: [u8; 32] = *array_ref!(b[..32], 0, 32); let r_b8_bytes: [u8; 32] = *array_ref!(b[..32], 0, 32);
let s: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[32..]); let s: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[32..]);
let r_b8 = &self.decompress_point(r_b8_bytes); let r_b8 = decompress_point(r_b8_bytes);
Signature { Signature {
r_b8: r_b8.clone(), r_b8: r_b8.clone(),
s: s, s: s,
} }
} }
pub fn new_key(&self) -> PrivateKey { pub struct PrivateKey {
key: BigInt,
}
impl PrivateKey {
pub fn public(&self) -> Point {
// https://tools.ietf.org/html/rfc8032#section-5.1.5
let pk = B8.mul_scalar(self.key.clone());
pk.clone()
}
pub fn sign(&self, msg: BigInt) -> Signature {
// https://tools.ietf.org/html/rfc8032#section-5.1.6
let mut hasher = Blake2b::new();
let (_, sk_bytes) = self.key.to_bytes_be();
hasher.input(sk_bytes);
let mut h = hasher.result(); // h: hash(sk)
// s: h[32:64]
let s = GenericArray::<u8, generic_array::typenum::U32>::from_mut_slice(&mut h[32..64]);
let (_, msg_bytes) = msg.to_bytes_be();
let r_bytes = utils::concatenate_arrays(s, &msg_bytes);
let mut r = BigInt::from_bytes_be(Sign::Plus, &r_bytes[..]);
r = utils::modulus(&r, &SUBORDER);
let r8: Point = B8.mul_scalar(r.clone());
let a = &self.public();
let hm_input = vec![r8.x.clone(), r8.y.clone(), a.x.clone(), a.y.clone(), msg];
let mimc7 = Mimc7::new();
let hm = mimc7.hash(hm_input);
let mut s = &self.key << 3;
s = hm * s;
s = r + s;
s = s % &SUBORDER.clone();
Signature {
r_b8: r8.clone(),
s: s,
}
}
}
pub fn new_key() -> PrivateKey {
// https://tools.ietf.org/html/rfc8032#section-5.1.5 // https://tools.ietf.org/html/rfc8032#section-5.1.5
let mut rng = rand::thread_rng(); let mut rng = rand::thread_rng();
let sk_raw = rng.gen_biguint(1024).to_bigint().unwrap(); let sk_raw = rng.gen_biguint(1024).to_bigint().unwrap();
@@ -257,20 +249,10 @@ impl Babyjubjub {
let sk = BigInt::from_bytes_le(Sign::Plus, &h[..]); let sk = BigInt::from_bytes_le(Sign::Plus, &h[..]);
let bbjj_new = Babyjubjub { PrivateKey { key: sk }
d: self.d.clone(),
a: self.a.clone(),
q: self.q.clone(),
b8: self.b8.clone(),
sub_order: self.sub_order.clone(),
};
PrivateKey {
bbjj: bbjj_new,
key: sk,
}
} }
pub fn verify(&self, pk: Point, sig: Signature, msg: BigInt) -> bool { pub fn verify(pk: Point, sig: Signature, msg: BigInt) -> bool {
let hm_input = vec![ let hm_input = vec![
sig.r_b8.x.clone(), sig.r_b8.x.clone(),
sig.r_b8.y.clone(), sig.r_b8.y.clone(),
@@ -280,14 +262,13 @@ impl Babyjubjub {
]; ];
let mimc7 = Mimc7::new(); let mimc7 = Mimc7::new();
let hm = mimc7.hash(hm_input); let hm = mimc7.hash(hm_input);
let l = self.mul_scalar(self.b8.clone(), sig.s); let l = B8.mul_scalar(sig.s);
let r = self.add(&sig.r_b8, &self.mul_scalar(pk, 8.to_bigint().unwrap() * hm)); let r = sig.r_b8.add(&pk.mul_scalar(8.to_bigint().unwrap() * hm));
if l.x == r.x && l.y == r.y { if l.x == r.x && l.y == r.y {
return true; return true;
} }
false false
} }
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
@@ -321,8 +302,7 @@ mod tests {
) )
.unwrap(), .unwrap(),
}; };
let bbjj = Babyjubjub::new(); let res = p.add(&q);
let res = bbjj.add(&p, &q);
assert_eq!( assert_eq!(
res.x.to_string(), res.x.to_string(),
"6890855772600357754907169075114257697580319025794532037257385534741338397365" "6890855772600357754907169075114257697580319025794532037257385534741338397365"
@@ -358,8 +338,7 @@ mod tests {
) )
.unwrap(), .unwrap(),
}; };
let bbjj = Babyjubjub::new(); let res = p.add(&q);
let res = bbjj.add(&p, &q);
assert_eq!( assert_eq!(
res.x.to_string(), res.x.to_string(),
"7916061937171219682591368294088513039687205273691143098332585753343424131937" "7916061937171219682591368294088513039687205273691143098332585753343424131937"
@@ -384,10 +363,9 @@ mod tests {
) )
.unwrap(), .unwrap(),
}; };
let bbjj = Babyjubjub::new(); let res_m = p.mul_scalar(3.to_bigint().unwrap());
let res_m = bbjj.mul_scalar(p.clone(), 3.to_bigint().unwrap()); let res_a = p.add(&p);
let res_a = bbjj.add(&p, &p); let res_a = res_a.add(&p);
let res_a = bbjj.add(&res_a, &p);
assert_eq!(res_m.x, res_a.x); assert_eq!(res_m.x, res_a.x);
assert_eq!( assert_eq!(
res_m.x.to_string(), res_m.x.to_string(),
@@ -403,7 +381,7 @@ mod tests {
10, 10,
) )
.unwrap(); .unwrap();
let res2 = bbjj.mul_scalar(p.clone(), n); let res2 = p.mul_scalar(n);
assert_eq!( assert_eq!(
res2.x.to_string(), res2.x.to_string(),
"17070357974431721403481313912716834497662307308519659060910483826664480189605" "17070357974431721403481313912716834497662307308519659060910483826664480189605"
@@ -416,7 +394,6 @@ mod tests {
#[test] #[test]
fn test_point_compress_decompress() { fn test_point_compress_decompress() {
let bbjj = Babyjubjub::new();
let p: Point = Point { let p: Point = Point {
x: BigInt::parse_bytes( x: BigInt::parse_bytes(
b"17777552123799933955779906779655732241715742912184938656739573121738514868268", b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
@@ -429,54 +406,56 @@ mod tests {
) )
.unwrap(), .unwrap(),
}; };
let p_comp = bbjj.compress_point(&p); let p_comp = p.compress();
assert_eq!( assert_eq!(
p_comp[..].to_hex(), p_comp[..].to_hex(),
"53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85" "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85"
); );
let p2 = bbjj.decompress_point(p_comp); let p2 = decompress_point(p_comp);
assert_eq!(p.x, p2.x); assert_eq!(p.x, p2.x);
assert_eq!(p.y, p2.y); assert_eq!(p.y, p2.y);
} }
#[test] #[test]
fn test_new_key_sign_verify0() { fn test_new_key_sign_verify0() {
let bbjj = Babyjubjub::new(); let sk = new_key();
let sk = bbjj.new_key();
let pk = sk.public(); let pk = sk.public();
let msg = 5.to_bigint().unwrap(); let msg = 5.to_bigint().unwrap();
let sig = sk.sign(msg.clone()); let sig = sk.sign(msg.clone());
let v = bbjj.verify(pk, sig, msg); let v = verify(pk, sig, msg);
assert_eq!(v, true); assert_eq!(v, true);
} }
#[test] #[test]
fn test_new_key_sign_verify1() { fn test_new_key_sign_verify1() {
let bbjj = Babyjubjub::new(); let sk = new_key();
let sk = bbjj.new_key();
let pk = sk.public(); let pk = sk.public();
let msg = BigInt::parse_bytes(b"123456789012345678901234567890", 10).unwrap(); let msg = BigInt::parse_bytes(b"123456789012345678901234567890", 10).unwrap();
let sig = sk.sign(msg.clone()); let sig = sk.sign(msg.clone());
let v = bbjj.verify(pk, sig, msg); let v = verify(pk, sig, msg);
assert_eq!(v, true); assert_eq!(v, true);
} }
#[test] #[test]
fn test_signature_compress_decompress() { fn test_signature_compress_decompress() {
let bbjj = Babyjubjub::new(); let sk = new_key();
let sk = bbjj.new_key();
let pk = sk.public(); let pk = sk.public();
let msg = 5.to_bigint().unwrap();
for i in 0..1 {
println!("i {:?}", i);
let msg_raw = "123456".to_owned() + &i.to_string();
let msg = BigInt::parse_bytes(msg_raw.as_bytes(), 10).unwrap();
let sig = sk.sign(msg.clone()); let sig = sk.sign(msg.clone());
let compressed_sig = bbjj.compress_sig(&sig); let compressed_sig = sig.compress();
println!("compressedsig {:?}", compressed_sig.to_hex()); println!("compressedsig {:?}", compressed_sig.to_hex());
let decompressed_sig = bbjj.decompress_sig(&compressed_sig); let decompressed_sig = decompress_signature(&compressed_sig);
assert_eq!(&sig.r_b8.x, &decompressed_sig.r_b8.x); assert_eq!(&sig.r_b8.x, &decompressed_sig.r_b8.x);
assert_eq!(&sig.r_b8.y, &decompressed_sig.r_b8.y); assert_eq!(&sig.r_b8.y, &decompressed_sig.r_b8.y);
assert_eq!(&sig.s, &decompressed_sig.s); assert_eq!(&sig.s, &decompressed_sig.s);
let v = bbjj.verify(pk, decompressed_sig, msg); let v = verify(pk.clone(), decompressed_sig, msg);
assert_eq!(v, true); assert_eq!(v, true);
} }
} }
}