From 402fb41458966b20b28891a720962e6029153cde Mon Sep 17 00:00:00 2001 From: arnaucube Date: Thu, 20 Apr 2023 09:13:35 +0200 Subject: [PATCH] add pedersen vec commitment prove & verify --- src/lib.rs | 2 +- src/pedersen.rs | 126 ++++++++++++++++++++++++++++++++++++++-------- src/transcript.rs | 7 +++ 3 files changed, 114 insertions(+), 21 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index e76e3b9..23b04fd 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -3,7 +3,7 @@ #![allow(non_upper_case_globals)] #![allow(unused)] // TMP -mod nifs; +// mod nifs; mod pedersen; mod r1cs; mod transcript; diff --git a/src/pedersen.rs b/src/pedersen.rs index a44915f..8a7265e 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -6,13 +6,18 @@ use ark_std::{ use std::marker::PhantomData; use crate::transcript::Transcript; -use crate::utils::naive_msm; +use crate::utils::{naive_msm, vec_add, vector_elem_product}; -pub struct Proof { +pub struct Proof_elem { R: C, t1: C::ScalarField, t2: C::ScalarField, } +pub struct Proof { + R: C, + u_: Vec, + ru_: C::ScalarField, +} pub struct Params { g: C, @@ -46,9 +51,14 @@ impl Pedersen { let cm: C = (params.g.mul(v) + params.h.mul(r)).into(); CommitmentElem:: { cm, r } } - pub fn commit(rs: &Vec, v: &Vec) -> Commitment { - let cm = naive_msm(v, &rs); - Commitment::(cm) + pub fn commit( + rng: &mut R, + params: &Params, + v: &Vec, + ) -> Commitment { + let r = C::ScalarField::rand(rng); + let cm = params.h.mul(r) + naive_msm(v, ¶ms.r_vec); + Commitment:: { cm: cm.into(), r } } pub fn prove_elem( @@ -57,36 +67,77 @@ impl Pedersen { cm: C, v: C::ScalarField, r: C::ScalarField, + ) -> Proof_elem { + let r1 = transcript.get_challenge(b"r_1"); + let r2 = transcript.get_challenge(b"r_2"); + + let R: C = (params.g.mul(r1) + params.h.mul(r2)).into(); + + transcript.add(b"cm", &cm); + transcript.add(b"R", &R); + let e = transcript.get_challenge(b"e"); + + let t1 = r1 + v * e; + let t2 = r2 + r * e; + + Proof_elem:: { R, t1, t2 } + } + pub fn prove( + params: &Params, + transcript: &mut Transcript, + cm: C, + v: Vec, + r: C::ScalarField, ) -> Proof { - let s1 = transcript.get_challenge(b"s_1"); - let s2 = transcript.get_challenge(b"s_2"); + let r1 = transcript.get_challenge(b"r_1"); + let d = transcript.get_challenge_vec(b"d", v.len()); - let R: C = (params.g.mul(s1) + params.h.mul(s2)).into(); + let R: C = (params.h.mul(r1) + naive_msm(&d, ¶ms.r_vec)).into(); transcript.add(b"cm", &cm); transcript.add(b"R", &R); - let c = transcript.get_challenge(b"c"); + let e = transcript.get_challenge(b"e"); - let t1 = s1 + v * c; - let t2 = s2 + r * c; + let u_ = vec_add(&vector_elem_product(&v, &e), &d); + let ru_ = e * r + r1; - Proof:: { R, t1, t2 } + Proof:: { R, u_, ru_ } + } + pub fn verify( + params: &Params, + transcript: &mut Transcript, + cm: C, + proof: Proof, + ) -> bool { + // r1, d just to match Prover's transcript + transcript.get_challenge(b"r_1"); + transcript.get_challenge_vec(b"d", proof.u_.len()); + + transcript.add(b"cm", &cm); + transcript.add(b"R", &proof.R); + let e = transcript.get_challenge(b"e"); + let lhs = proof.R + cm.mul(e); + let rhs = params.h.mul(proof.ru_) + naive_msm(&proof.u_, ¶ms.r_vec); + if lhs != rhs { + return false; + } + true } pub fn verify_elem( params: &Params, transcript: &mut Transcript, cm: C, - proof: Proof, + proof: Proof_elem, ) -> bool { // s1, s2 just to match Prover's transcript - transcript.get_challenge(b"s_1"); - transcript.get_challenge(b"s_2"); + transcript.get_challenge(b"r_1"); + transcript.get_challenge(b"r_2"); transcript.add(b"cm", &cm); transcript.add(b"R", &proof.R); - let c = transcript.get_challenge(b"c"); - let lhs = proof.R + cm.mul(c); + let e = transcript.get_challenge(b"e"); + let lhs = proof.R + cm.mul(e); let rhs = params.g.mul(proof.t1) + params.h.mul(proof.t2); if lhs != rhs { return false; @@ -95,7 +146,20 @@ impl Pedersen { } } -pub struct Commitment(pub C); +pub struct Commitment { + pub cm: C, + pub r: C::ScalarField, +} +impl Commitment { + pub fn prove( + &self, + params: &Params, + transcript: &mut Transcript, + v: Vec, + ) -> Proof { + Pedersen::::prove(params, transcript, self.cm, v, self.r) + } +} pub struct CommitmentElem { pub cm: C, @@ -107,7 +171,7 @@ impl CommitmentElem { params: &Params, transcript: &mut Transcript, v: C::ScalarField, - ) -> Proof { + ) -> Proof_elem { Pedersen::::prove_elem(params, transcript, self.cm, v, self.r) } } @@ -120,7 +184,7 @@ mod tests { use std::ops::Mul; #[test] - fn test_pedersen() { + fn test_pedersen_single_element() { let mut rng = ark_std::test_rng(); // setup params @@ -142,4 +206,26 @@ mod tests { let v = Pedersen::verify_elem(¶ms, &mut transcript_v, cm.cm, proof); assert!(v); } + #[test] + fn test_pedersen_vector() { + let mut rng = ark_std::test_rng(); + + const n: usize = 10; + // setup params + let params = Pedersen::::new_params(&mut rng, n); + + // init Prover's transcript + let mut transcript_p: Transcript = Transcript::::new(); + // init Verifier's transcript + let mut transcript_v: Transcript = Transcript::::new(); + + let mut v: Vec = vec![Fr::rand(&mut rng); n]; + + let cm = Pedersen::commit(&mut rng, ¶ms, &v); + let proof = cm.prove(¶ms, &mut transcript_p, v); + // also can use: + // let proof = Pedersen::prove(¶ms, &mut transcript_p, cm.cm, v, cm.r); + let v = Pedersen::verify(¶ms, &mut transcript_v, cm.cm, proof); + assert!(v); + } } diff --git a/src/transcript.rs b/src/transcript.rs index 499a5b6..94b444b 100644 --- a/src/transcript.rs +++ b/src/transcript.rs @@ -29,4 +29,11 @@ impl Transcript { self.add(b"get challenge", &challenge); challenge } + pub fn get_challenge_vec(&mut self, label: &'static [u8], n: usize) -> Vec { + let mut c: Vec = vec![F::zero(); n]; + for i in 0..n { + c[i] = self.get_challenge(label); + } + c + } }