From 958e9450dbbf7a10bc12c911e135d0caf168d530 Mon Sep 17 00:00:00 2001 From: Srinath Setty Date: Tue, 28 Apr 2020 11:16:43 -0700 Subject: [PATCH] introduce a separate type RandomTape atop Transcript (#13) --- benches/polycommit.rs | 15 ++------- benches/r1csproof.rs | 15 ++------- benches/sumcheck.rs | 16 ++------- src/dense_mlpoly.rs | 16 +++------ src/lib.rs | 1 + src/nizk.rs | 78 +++++++++++++++---------------------------- src/r1csinstance.rs | 3 +- src/r1csproof.rs | 24 ++++++------- src/random.rs | 28 ++++++++++++++++ src/sparse_mlpoly.rs | 18 ++++------ src/spartan.rs | 18 ++-------- src/sumcheck.rs | 13 ++++---- 12 files changed, 99 insertions(+), 146 deletions(-) create mode 100644 src/random.rs diff --git a/benches/polycommit.rs b/benches/polycommit.rs index f70b732..7905217 100644 --- a/benches/polycommit.rs +++ b/benches/polycommit.rs @@ -10,6 +10,7 @@ extern crate sha3; use criterion::*; use libspartan::dense_mlpoly::{DensePolynomial, PolyCommitmentGens, PolyEvalProof}; use libspartan::math::Math; +use libspartan::random::RandomTape; use libspartan::scalar::Scalar; use libspartan::transcript::ProofTranscript; use merlin::Transcript; @@ -101,12 +102,7 @@ fn evalproof_benchmark(c: &mut Criterion) { let name = format!("polycommit_evalproof_{}", n); group.bench_function(&name, move |b| { b.iter(|| { - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); PolyEvalProof::prove( black_box(&poly), @@ -151,12 +147,7 @@ fn evalproofverify_benchmark(c: &mut Criterion) { let (poly_commitment, blinds) = poly.commit(false, &gens, None); let eval = poly.evaluate(&r); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, c_zr) = PolyEvalProof::prove( black_box(&poly), diff --git a/benches/r1csproof.rs b/benches/r1csproof.rs index ecdef93..d0e087d 100644 --- a/benches/r1csproof.rs +++ b/benches/r1csproof.rs @@ -11,6 +11,7 @@ use libspartan::dense_mlpoly::EqPolynomial; use libspartan::math::Math; use libspartan::r1csinstance::R1CSInstance; use libspartan::r1csproof::{R1CSGens, R1CSProof}; +use libspartan::random::RandomTape; use libspartan::scalar::Scalar; use libspartan::transcript::ProofTranscript; use merlin::Transcript; @@ -35,12 +36,7 @@ fn prove_benchmark(c: &mut Criterion) { let name = format!("r1cs_prove_{}", n); group.bench_function(&name, move |b| { b.iter(|| { - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); R1CSProof::prove( black_box(&inst), @@ -69,12 +65,7 @@ fn verify_benchmark(c: &mut Criterion) { let n = inst.get_num_vars(); let gens = R1CSGens::new(num_cons, num_vars, b"test-m"); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, rx, ry) = R1CSProof::prove( &inst, diff --git a/benches/sumcheck.rs b/benches/sumcheck.rs index 9b09bc8..5022a69 100644 --- a/benches/sumcheck.rs +++ b/benches/sumcheck.rs @@ -14,6 +14,7 @@ use libspartan::commitments::MultiCommitGens; use libspartan::dense_mlpoly::DensePolynomial; use libspartan::math::Math; use libspartan::nizk::DotProductProof; +use libspartan::random::RandomTape; use libspartan::scalar::Scalar; use libspartan::sumcheck::ZKSumcheckInstanceProof; use libspartan::transcript::ProofTranscript; @@ -53,12 +54,7 @@ fn prove_benchmark(c: &mut Criterion) { let name = format!("zksumcheck_prove_{}", n); group.bench_function(&name, move |b| { b.iter(|| { - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); ZKSumcheckInstanceProof::prove_quad( black_box(&claim), @@ -105,13 +101,7 @@ fn verify_benchmark(c: &mut Criterion) { let comb_func = |poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp }; - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; - + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, _r, _v, _blind_post_claim) = ZKSumcheckInstanceProof::prove_quad( &claim, diff --git a/src/dense_mlpoly.rs b/src/dense_mlpoly.rs index 180fdc3..f270f6b 100644 --- a/src/dense_mlpoly.rs +++ b/src/dense_mlpoly.rs @@ -3,6 +3,7 @@ use super::errors::ProofVerifyError; use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul}; use super::math::Math; use super::nizk::{DotProductProofGens, DotProductProofLog}; +use super::random::RandomTape; use super::scalar::Scalar; use super::transcript::{AppendToTranscript, ProofTranscript}; use core::ops::Index; @@ -230,7 +231,7 @@ impl DensePolynomial { &self, hiding: bool, gens: &PolyCommitmentGens, - random_tape: Option<&mut Transcript>, + random_tape: Option<&mut RandomTape>, ) -> (PolyCommitment, PolyCommitmentBlinds) { let n = self.Z.len(); let ell = self.get_num_vars(); @@ -243,9 +244,7 @@ impl DensePolynomial { let blinds = match hiding { true => PolyCommitmentBlinds { - blinds: random_tape - .unwrap() - .challenge_vector(b"poly_blinds", L_size), + blinds: random_tape.unwrap().random_vector(b"poly_blinds", L_size), }, false => PolyCommitmentBlinds { blinds: vec![Scalar::zero(); L_size], @@ -380,7 +379,7 @@ impl PolyEvalProof { blind_Zr_opt: Option<&Scalar>, // specifies a blind for Zr gens: &PolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (PolyEvalProof, CompressedGroup) { transcript.append_protocol_name(PolyEvalProof::protocol_name()); @@ -714,12 +713,7 @@ mod tests { let gens = PolyCommitmentGens::new(poly.get_num_vars(), b"test-two"); let (poly_commitment, blinds) = poly.commit(false, &gens, None); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, C_Zr) = PolyEvalProof::prove( &poly, diff --git a/src/lib.rs b/src/lib.rs index 188d410..b753f02 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -21,6 +21,7 @@ pub mod nizk; mod product_tree; pub mod r1csinstance; pub mod r1csproof; +pub mod random; pub mod scalar; mod scalar_25519; pub mod sparse_mlpoly; diff --git a/src/nizk.rs b/src/nizk.rs index cb08514..00db3f8 100644 --- a/src/nizk.rs +++ b/src/nizk.rs @@ -3,6 +3,7 @@ use super::commitments::{Commitments, MultiCommitGens}; use super::errors::ProofVerifyError; use super::group::CompressedGroup; use super::math::Math; +use super::random::RandomTape; use super::scalar::Scalar; use super::transcript::{AppendToTranscript, ProofTranscript}; use merlin::Transcript; @@ -23,15 +24,15 @@ impl KnowledgeProof { pub fn prove( gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, x: &Scalar, r: &Scalar, ) -> (KnowledgeProof, CompressedGroup) { transcript.append_protocol_name(KnowledgeProof::protocol_name()); // produce two random Scalars - let t1 = random_tape.challenge_scalar(b"t1"); - let t2 = random_tape.challenge_scalar(b"t2"); + let t1 = random_tape.random_scalar(b"t1"); + let t2 = random_tape.random_scalar(b"t2"); let C = x.commit(&r, gens_n).compress(); C.append_to_transcript(b"C", transcript); @@ -89,7 +90,7 @@ impl EqualityProof { pub fn prove( gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, v1: &Scalar, s1: &Scalar, v2: &Scalar, @@ -98,7 +99,7 @@ impl EqualityProof { transcript.append_protocol_name(EqualityProof::protocol_name()); // produce a random Scalar - let r = random_tape.challenge_scalar(b"r"); + let r = random_tape.random_scalar(b"r"); let C1 = v1.commit(&s1, gens_n).compress(); C1.append_to_transcript(b"C1", transcript); @@ -160,7 +161,7 @@ impl ProductProof { pub fn prove( gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, x: &Scalar, rX: &Scalar, y: &Scalar, @@ -176,11 +177,11 @@ impl ProductProof { transcript.append_protocol_name(ProductProof::protocol_name()); // produce five random Scalar - let b1 = random_tape.challenge_scalar(b"b1"); - let b2 = random_tape.challenge_scalar(b"b2"); - let b3 = random_tape.challenge_scalar(b"b3"); - let b4 = random_tape.challenge_scalar(b"b4"); - let b5 = random_tape.challenge_scalar(b"b5"); + let b1 = random_tape.random_scalar(b"b1"); + let b2 = random_tape.random_scalar(b"b2"); + let b3 = random_tape.random_scalar(b"b3"); + let b4 = random_tape.random_scalar(b"b4"); + let b5 = random_tape.random_scalar(b"b5"); let X = x.commit(&rX, gens_n).compress(); X.append_to_transcript(b"X", transcript); @@ -317,7 +318,7 @@ impl DotProductProof { gens_1: &MultiCommitGens, gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, x: &Vec, r_x: &Scalar, a: &Vec, @@ -332,9 +333,9 @@ impl DotProductProof { assert_eq!(gens_1.n, 1); // produce randomness for the proofs - let d = random_tape.challenge_vector(b"d", n); - let r_delta = random_tape.challenge_scalar(b"r_delta"); - let r_beta = random_tape.challenge_scalar(b"r_beta"); + let d = random_tape.random_vector(b"d", n); + let r_delta = random_tape.random_scalar(b"r_delta"); + let r_beta = random_tape.random_scalar(b"r_beta"); let Cx = x.commit(&r_x, gens_n).compress(); Cx.append_to_transcript(b"Cx", transcript); @@ -442,7 +443,7 @@ impl DotProductProofLog { pub fn prove( gens: &DotProductProofGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, x: &Vec, r_x: &Scalar, a: &Vec, @@ -456,12 +457,12 @@ impl DotProductProofLog { assert_eq!(gens.n, n); // produce randomness for generating a proof - let d = random_tape.challenge_scalar(b"d"); - let r_delta = random_tape.challenge_scalar(b"r_delta"); - let r_beta = random_tape.challenge_scalar(b"r_delta"); + let d = random_tape.random_scalar(b"d"); + let r_delta = random_tape.random_scalar(b"r_delta"); + let r_beta = random_tape.random_scalar(b"r_delta"); let blinds_vec = { - let v1 = random_tape.challenge_vector(b"blinds_vec_1", 2 * n.log2()); - let v2 = random_tape.challenge_vector(b"blinds_vec_2", 2 * n.log2()); + let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log2()); + let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log2()); (0..v1.len()) .map(|i| (v1[i], v2[i])) .collect::>() @@ -579,12 +580,7 @@ mod tests { let x = Scalar::random(&mut csprng); let r = Scalar::random(&mut csprng); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, committed_value) = KnowledgeProof::prove(&gens_1, &mut prover_transcript, &mut random_tape, &x, &r); @@ -605,12 +601,7 @@ mod tests { let s1 = Scalar::random(&mut csprng); let s2 = Scalar::random(&mut csprng); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, C1, C2) = EqualityProof::prove( &gens_1, @@ -640,12 +631,7 @@ mod tests { let z = x * y; let rZ = Scalar::random(&mut csprng); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, X, Y, Z) = ProductProof::prove( &gens_1, @@ -684,12 +670,7 @@ mod tests { let r_x = Scalar::random(&mut csprng); let r_y = Scalar::random(&mut csprng); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, Cx, Cy) = DotProductProof::prove( &gens_1, @@ -724,12 +705,7 @@ mod tests { let r_x = Scalar::random(&mut csprng); let r_y = Scalar::random(&mut csprng); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, Cx, Cy) = DotProductProofLog::prove( &gens, diff --git a/src/r1csinstance.rs b/src/r1csinstance.rs index bb769b0..663bde5 100644 --- a/src/r1csinstance.rs +++ b/src/r1csinstance.rs @@ -1,6 +1,7 @@ use super::dense_mlpoly::DensePolynomial; use super::errors::ProofVerifyError; use super::math::Math; +use super::random::RandomTape; use super::scalar::Scalar; use super::sparse_mlpoly::{ MultiSparseMatPolynomialAsDense, SparseMatEntry, SparseMatPolyCommitment, @@ -307,7 +308,7 @@ impl R1CSEvalProof { evals: &R1CSInstanceEvals, gens: &R1CSCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> R1CSEvalProof { let timer = Timer::new("R1CSEvalProof::prove"); let proof = SparseMatPolyEvalProof::prove( diff --git a/src/r1csproof.rs b/src/r1csproof.rs index 1f0be9e..ec30b40 100644 --- a/src/r1csproof.rs +++ b/src/r1csproof.rs @@ -7,6 +7,7 @@ use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul}; use super::math::Math; use super::nizk::{EqualityProof, KnowledgeProof, ProductProof}; use super::r1csinstance::{R1CSInstance, R1CSInstanceEvals}; +use super::random::RandomTape; use super::scalar::Scalar; use super::sparse_mlpoly::{SparsePolyEntry, SparsePolynomial}; use super::sumcheck::ZKSumcheckInstanceProof; @@ -81,7 +82,7 @@ impl R1CSProof { evals_Cz: &mut DensePolynomial, gens: &R1CSSumcheckGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (ZKSumcheckInstanceProof, Vec, Vec, Scalar) { let comb_func = |poly_A_comp: &Scalar, poly_B_comp: &Scalar, @@ -116,7 +117,7 @@ impl R1CSProof { evals_ABC: &mut DensePolynomial, gens: &R1CSSumcheckGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (ZKSumcheckInstanceProof, Vec, Vec, Scalar) { let comb_func = |poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp }; @@ -146,7 +147,7 @@ impl R1CSProof { input: &Vec, gens: &R1CSGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (R1CSProof, Vec, Vec) { let timer_prove = Timer::new("R1CSProof::prove"); transcript.append_protocol_name(R1CSProof::protocol_name()); @@ -208,10 +209,10 @@ impl R1CSProof { let (tau_claim, Az_claim, Bz_claim, Cz_claim) = (&poly_tau[0], &poly_Az[0], &poly_Bz[0], &poly_Cz[0]); let (Az_blind, Bz_blind, Cz_blind, prod_Az_Bz_blind) = ( - random_tape.challenge_scalar(b"Az_blind"), - random_tape.challenge_scalar(b"Bz_blind"), - random_tape.challenge_scalar(b"Cz_blind"), - random_tape.challenge_scalar(b"prod_Az_Bz_blind"), + random_tape.random_scalar(b"Az_blind"), + random_tape.random_scalar(b"Bz_blind"), + random_tape.random_scalar(b"Cz_blind"), + random_tape.random_scalar(b"prod_Az_Bz_blind"), ); let (pok_Cz_claim, comm_Cz_claim) = { @@ -294,7 +295,7 @@ impl R1CSProof { let timer_polyeval = Timer::new("polyeval"); let eval_vars_at_ry = poly_vars.evaluate(&ry[1..].to_vec()); - let blind_eval = random_tape.challenge_scalar(b"blind_eval"); + let blind_eval = random_tape.random_scalar(b"blind_eval"); let (proof_eval_vars_at_ry, comm_vars_at_ry) = PolyEvalProof::prove( &poly_vars, Some(&blinds_vars), @@ -597,12 +598,7 @@ mod tests { let gens = R1CSGens::new(num_cons, num_vars, b"test-m"); - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let (proof, rx, ry) = R1CSProof::prove( &inst, diff --git a/src/random.rs b/src/random.rs new file mode 100644 index 0000000..2a1a3a2 --- /dev/null +++ b/src/random.rs @@ -0,0 +1,28 @@ +use super::scalar::Scalar; +use super::transcript::ProofTranscript; +use merlin::Transcript; +use rand::rngs::OsRng; + +pub struct RandomTape { + tape: Transcript, +} + +impl RandomTape { + pub fn new(name: &'static [u8]) -> Self { + let tape = { + let mut csprng: OsRng = OsRng; + let mut tape = Transcript::new(name); + tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); + tape + }; + Self { tape } + } + + pub fn random_scalar(&mut self, label: &'static [u8]) -> Scalar { + self.tape.challenge_scalar(label) + } + + pub fn random_vector(&mut self, label: &'static [u8], len: usize) -> Vec { + self.tape.challenge_vector(label, len) + } +} diff --git a/src/sparse_mlpoly.rs b/src/sparse_mlpoly.rs index 4624b7b..2f73683 100644 --- a/src/sparse_mlpoly.rs +++ b/src/sparse_mlpoly.rs @@ -5,6 +5,7 @@ use super::dense_mlpoly::{ use super::errors::ProofVerifyError; use super::math::Math; use super::product_tree::{DotProductCircuit, ProductCircuit, ProductCircuitEvalProofBatched}; +use super::random::RandomTape; use super::scalar::Scalar; use super::timer::Timer; use super::transcript::{AppendToTranscript, ProofTranscript}; @@ -78,7 +79,7 @@ impl DerefsEvalProof { evals: Vec, gens: &PolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> PolyEvalProof { assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log2()); @@ -122,7 +123,7 @@ impl DerefsEvalProof { r: &Vec, gens: &PolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> Self { transcript.append_protocol_name(DerefsEvalProof::protocol_name()); @@ -752,7 +753,7 @@ impl HashLayerProof { derefs: &Derefs, gens: &SparseMatPolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> Self { transcript.append_protocol_name(HashLayerProof::protocol_name()); @@ -1361,7 +1362,7 @@ impl PolyEvalNetworkProof { evals: &Vec, gens: &SparseMatPolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> Self { transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name()); @@ -1493,7 +1494,7 @@ impl SparseMatPolyEvalProof { evals: &Vec, // a vector evaluation of \widetilde{M}(r = (rx,ry)) for each M gens: &SparseMatPolyCommitmentGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> SparseMatPolyEvalProof { transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name()); @@ -1689,12 +1690,7 @@ mod tests { let eval = poly_M.evaluate(&rx, &ry); let evals = vec![eval, eval, eval]; - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"proof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; + let mut random_tape = RandomTape::new(b"proof"); let mut prover_transcript = Transcript::new(b"example"); let proof = SparseMatPolyEvalProof::prove( &dense, diff --git a/src/spartan.rs b/src/spartan.rs index 9fe926e..ec996a6 100644 --- a/src/spartan.rs +++ b/src/spartan.rs @@ -5,11 +5,11 @@ use super::r1csinstance::{ R1CSInstanceEvals, }; use super::r1csproof::{R1CSGens, R1CSProof}; +use super::random::RandomTape; use super::scalar::Scalar; use super::timer::Timer; use super::transcript::{AppendToTranscript, ProofTranscript}; use merlin::Transcript; -use rand::rngs::OsRng; use serde::{Deserialize, Serialize}; pub struct SNARKGens { @@ -57,13 +57,7 @@ impl SNARK { ) -> Self { // we create a Transcript object seeded with a random Scalar // to aid the prover produce its randomness - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"SpartanSNARKProof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; - + let mut random_tape = RandomTape::new(b"proof"); transcript.append_protocol_name(SNARK::protocol_name()); let (r1cs_sat_proof, rx, ry) = { let (proof, rx, ry) = R1CSProof::prove( @@ -190,13 +184,7 @@ impl NIZK { ) -> Self { // we create a Transcript object seeded with a random Scalar // to aid the prover produce its randomness - let mut random_tape = { - let mut csprng: OsRng = OsRng; - let mut tape = Transcript::new(b"SpartanNIZKProof"); - tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng)); - tape - }; - + let mut random_tape = RandomTape::new(b"proof"); transcript.append_protocol_name(NIZK::protocol_name()); let (r1cs_sat_proof, rx, ry) = { let (proof, rx, ry) = R1CSProof::prove( diff --git a/src/sumcheck.rs b/src/sumcheck.rs index bca16f3..1fbc19b 100644 --- a/src/sumcheck.rs +++ b/src/sumcheck.rs @@ -3,6 +3,7 @@ use super::dense_mlpoly::DensePolynomial; use super::errors::ProofVerifyError; use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul}; use super::nizk::DotProductProof; +use super::random::RandomTape; use super::scalar::Scalar; use super::transcript::{AppendToTranscript, ProofTranscript}; use super::unipoly::{CompressedUniPoly, UniPoly}; @@ -567,14 +568,14 @@ impl ZKSumcheckInstanceProof { gens_1: &MultiCommitGens, gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (Self, Vec, Vec, Scalar) where F: Fn(&Scalar, &Scalar) -> Scalar, { let (blinds_poly, blinds_evals) = ( - random_tape.challenge_vector(b"blinds_poly", num_rounds), - random_tape.challenge_vector(b"blinds_evals", num_rounds), + random_tape.random_vector(b"blinds_poly", num_rounds), + random_tape.random_vector(b"blinds_evals", num_rounds), ); let mut claim_per_round = *claim; let mut comm_claim_per_round = claim_per_round.commit(&blind_claim, &gens_1).compress(); @@ -729,14 +730,14 @@ impl ZKSumcheckInstanceProof { gens_1: &MultiCommitGens, gens_n: &MultiCommitGens, transcript: &mut Transcript, - random_tape: &mut Transcript, + random_tape: &mut RandomTape, ) -> (Self, Vec, Vec, Scalar) where F: Fn(&Scalar, &Scalar, &Scalar, &Scalar) -> Scalar, { let (blinds_poly, blinds_evals) = ( - random_tape.challenge_vector(b"blinds_poly", num_rounds), - random_tape.challenge_vector(b"blinds_evals", num_rounds), + random_tape.random_vector(b"blinds_poly", num_rounds), + random_tape.random_vector(b"blinds_evals", num_rounds), ); let mut claim_per_round = *claim;