Skip to content

Commit

Permalink
refactor: updates and cleanups
Browse files Browse the repository at this point in the history
  • Loading branch information
@BasileiosKal
BasileiosKal committed Sep 16, 2023
1 parent 8a6d8d2 commit 638653c
Show file tree
Hide file tree
Showing 10 changed files with 110 additions and 91 deletions.
6 changes: 6 additions & 0 deletions src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ pub enum Error {
/// Public key is not valid.
InvalidPublicKey,

/// Pseudonym is not valid
InvalidPseudonym,

/// Signature is malformed.
MalformedSignature {
/// Detailed cause.
Expand Down Expand Up @@ -126,6 +129,9 @@ impl core::fmt::Debug for Error {
Error::InvalidPublicKey => {
write!(f, "public key is invalid.")
}
Error::InvalidPseudonym => {
write!(f, "pseudonym is invalid")
}
Error::MalformedSignature { ref cause } => {
write!(f, "signature is malformed: cause: {cause}")
}
Expand Down
42 changes: 26 additions & 16 deletions src/schemes/bbs/core/proof.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,24 @@ macro_rules! slicer {
};
}

#[derive(Default)]
pub(crate) struct RandomScalars {
pub r1: Scalar,
pub r2_tilde: Scalar,
pub z_tilde: Scalar,
pub m_tilde_scalars: Vec<Scalar>,
}

impl Default for RandomScalars {
fn default() -> Self {
Self {
r1: Default::default(),
r2_tilde: Default::default(),
z_tilde: Default::default(),
m_tilde_scalars: Vec::new() as Vec<Scalar>,
}
}
}

impl RandomScalars {
pub fn insert_m_tilde(&mut self, m_tilde: Scalar) {
self.m_tilde_scalars.push(m_tilde);
Expand Down Expand Up @@ -144,19 +154,6 @@ impl Proof {
C: BbsCiphersuiteParameters,
{
// Input parameter checks
// Error out if there is no `header` and not any `ProofMessage`
if header.is_none() && messages.is_empty() {
return Err(Error::BadParams {
cause: "nothing to prove".to_owned(),
});
}
// Error out if length of messages and generators are not equal
if messages.len() != generators.message_generators_length() {
return Err(Error::MessageGeneratorsLengthMismatch {
generators: generators.message_generators_length(),
messages: messages.len(),
});
}
let api_id = api_id.unwrap_or([].to_vec());

// (r1, r2, r3, m~_j1, ..., m~_jU) = calculate_random_scalars(3+U)
Expand Down Expand Up @@ -318,6 +315,19 @@ impl Proof {
let total_no_of_messages = message_scalars.len();

// Check input sizes.
// Error out if there is no `header` and not any `ProofMessage`
if header.is_none() && message_scalars.is_empty() {
return Err(Error::BadParams {
cause: "nothing to prove".to_owned(),
});
}
// Error out if length of messages and generators are not equal
if total_no_of_messages != generators.message_generators_length() {
return Err(Error::MessageGeneratorsLengthMismatch {
generators: generators.message_generators_length(),
messages: total_no_of_messages,
});
}
// Number of message generators == number of messages is checked in
// compute_domain. Checking that all the indexes are in the [0,
// length(messages)) range is done before get_message_generator
Expand All @@ -332,7 +342,7 @@ impl Proof {

// Checking that number of undisclosed messages (/indexes) <= number of
// messages
if undisclosed_indexes.len() > message_scalars.len() {
if undisclosed_indexes.len() > total_no_of_messages {
return Err(Error::BadParams {
cause: format!(
"Not disclosed messages number is invalid. Maximum \
Expand All @@ -347,7 +357,7 @@ impl Proof {
let domain = compute_domain::<_, _, C>(
PK,
header,
message_scalars.len(),
total_no_of_messages,
generators,
api_id,
)?;
Expand Down
12 changes: 6 additions & 6 deletions src/schemes/pseudonym/api/dtos.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ pub struct BbsSignRequest<'a, T: AsRef<[u8]> + Default> {
/// Public key
pub public_key: &'a [u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
/// Prover unique identifier
pub pid: T,
pub prover_id: T,
/// Header containing context and application specific information
pub header: Option<T>,
/// Vector of messages to sign
Expand All @@ -29,7 +29,7 @@ impl<'a, T: AsRef<[u8]> + Default> Default for BbsSignRequest<'a, T> {
Self {
secret_key: &[0u8; BBS_BLS12381G1_SECRET_KEY_LENGTH],
public_key: &[0u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
pid: Default::default(),
prover_id: Default::default(),
header: Default::default(),
messages: Default::default(),
}
Expand All @@ -42,7 +42,7 @@ pub struct BbsVerifyRequest<'a, T: AsRef<[u8]> + Default> {
/// Public key
pub public_key: &'a [u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
/// Prover unique identifier
pub pid: T,
pub prover_id: T,
/// Header containing context and application specific information
pub header: Option<T>,
/// Vector of messages to verify against a signature
Expand All @@ -55,7 +55,7 @@ impl<'a, T: AsRef<[u8]> + Default> Default for BbsVerifyRequest<'a, T> {
fn default() -> Self {
Self {
public_key: &[0u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
pid: Default::default(),
prover_id: Default::default(),
header: Default::default(),
messages: Default::default(),
signature: &[0u8; BBS_BLS12381G1_SIGNATURE_LENGTH],
Expand All @@ -70,7 +70,7 @@ pub struct BbsProofGenRequest<'a, T: AsRef<[u8]> + Default> {
/// Public key associated to the BBS signature
pub public_key: &'a [u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
/// The Prover's unique identifier
pub pid: T,
pub prover_id: T,
/// The Verifier's unique Identifier
pub verifier_id: T,
/// Point of G1 used by a Verifier to link multiple proof presentations
Expand All @@ -94,7 +94,7 @@ impl<'a, T: AsRef<[u8]> + Default> Default for BbsProofGenRequest<'a, T> {
fn default() -> Self {
Self {
public_key: &[0u8; BBS_BLS12381G1_PUBLIC_KEY_LENGTH],
pid: Default::default(),
prover_id: Default::default(),
verifier_id: Default::default(),
pseudonym: &[0u8; OCTET_POINT_G1_LENGTH],
header: Default::default(),
Expand Down
3 changes: 1 addition & 2 deletions src/schemes/pseudonym/api/proof.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,8 @@ where
let pseudonym = Pseudonym::from_octets(request.pseudonym)?;

// digest the pid message
let pid = pid_to_message::<_, I>(&request.pid)?;
let pid = pid_to_message::<_, I>(&request.prover_id)?;
digested_messages.push(pid);
// proof_messages.push(ProofMessage::Hidden(pid));

let verify_signature = request.verify_signature.unwrap_or(true);
if verify_signature
Expand Down
4 changes: 2 additions & 2 deletions src/schemes/pseudonym/api/signature.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ where
let pk = PublicKey::from_octets(request.public_key)?;

let mut messages = digest_messages::<_, I>(request.messages)?;
let pid_msg = digest_messages::<_, I>(Some(&[&request.pid]))?;
let pid_msg = digest_messages::<_, I>(Some(&[&request.prover_id]))?;
messages.push(pid_msg[0]);

let generators = MemoryCachedGenerators::<I>::new(messages.len(), None)?;
Expand All @@ -51,7 +51,7 @@ where
let pk = PublicKey::from_octets(request.public_key)?;

let mut messages = digest_messages::<_, I>(request.messages)?;
let pid_msg = digest_messages::<_, I>(Some(&[&request.pid]))?;
let pid_msg = digest_messages::<_, I>(Some(&[&request.prover_id]))?;
messages.push(pid_msg[0]);

let generators = MemoryCachedGenerators::<I>::new(messages.len(), None)?;
Expand Down
9 changes: 0 additions & 9 deletions src/schemes/pseudonym/ciphersuites/bls12_381_g1_sha_256.rs
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
#![allow(dead_code)]
#![allow(unused)]
#![allow(non_snake_case)]

// use crate::common::ciphersuite::{
// CipherSuiteParameter,
// CipherSuiteId,
// };

use crate::{
bbs::{
ciphersuites::{
Expand Down
74 changes: 39 additions & 35 deletions src/schemes/pseudonym/core/proof.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#![allow(dead_code)]
#![allow(unused)]
#![allow(non_snake_case)]

use std::collections::BTreeMap;

use blstrs::{G1Projective, Scalar};
Expand Down Expand Up @@ -41,9 +40,9 @@ impl ProofWithNym {
pub fn new<T, G, C>(
PK: &PublicKey,
signature: &Signature,
nym: &Pseudonym,
pseudonym: &Pseudonym,
verifier_id: T,
pid: Message,
prover_id: Message,
header: Option<T>,
ph: Option<T>,
generators: &G,
Expand All @@ -58,9 +57,9 @@ impl ProofWithNym {
Self::new_with_rng::<_, _, _, C>(
PK,
signature,
nym,
pseudonym,
verifier_id,
pid,
prover_id,
header,
ph,
generators,
Expand All @@ -75,9 +74,9 @@ impl ProofWithNym {
pub fn new_with_rng<T, R, G, C>(
PK: &PublicKey,
signature: &Signature,
nym: &Pseudonym,
pseudonym: &Pseudonym,
verifier_id: T,
pid: Message,
prover_id: Message,
header: Option<T>,
ph: Option<T>,
generators: &G,
Expand All @@ -91,24 +90,6 @@ impl ProofWithNym {
G: Generators,
C: BbsCiphersuiteParameters,
{
if header.is_none() && messages.is_empty() {
return Err(Error::BadParams {
cause: "nothing to prove".to_owned(),
});
}
// Error out if length of messages and generators are not equal
if messages.len() + 1 != generators.message_generators_length() {
println!("messages.len() + 1 = {:?}", messages.len() + 1);
println!(
"generators.message_generators_length() = {:?}",
generators.message_generators_length()
);

return Err(Error::MessageGeneratorsLengthMismatch {
generators: generators.message_generators_length(),
messages: messages.len(),
});
}
let api_id = api_id.unwrap_or([].to_vec());

// (r1, r2, r3, m~_j1, ..., m~_jU) = calculate_random_scalars(3+U)
Expand All @@ -124,12 +105,12 @@ impl ProofWithNym {
//
// Deserialization:
// ...(implicit steps)...
// 4. messages.push(pid)
// 4. messages.push(prover_id)
// ...(implicit steps)...
// 10. undisclosed_indexes = range(1, L) \ disclosed_indexes
// 11. disclosed_messages = (messages[i1], ..., messages[iR])
let mut messages_vec = messages.to_vec();
messages_vec.push(ProofMessage::Hidden(pid));
messages_vec.push(ProofMessage::Hidden(prover_id));

let message_scalars: Vec<Scalar> =
messages_vec.iter().map(|m| m.get_message().0).collect();
Expand Down Expand Up @@ -169,7 +150,7 @@ impl ProofWithNym {

let pid_tilde = random_scalars.m_tilde_scalars.last().unwrap();
let pseudonym_proof_init = CommitProofInitResult {
commit: nym.as_point(),
commit: pseudonym.as_point(),
commit_base: OP,
blind_commit: OP * pid_tilde,
};
Expand Down Expand Up @@ -221,11 +202,35 @@ impl ProofWithNym {
if PK.is_valid().unwrap_u8() == 0u8 {
return Err(Error::InvalidPublicKey);
}

// the pseudonym should be a point of G1 but not any of the constant
// "reserved" points (i.e., the identity of G1 or the base
// generator and the base point of G1).
if pseudonym.is_valid::<C>().unwrap_u8() == 0u8 {
return Err(Error::InvalidPseudonym);
}

// Check that the m_hat_list is not empty (the prover_id
// should always be undisclosed).
if self.0.m_hat_list.is_empty() {
return Err(Error::BadParams {
cause: "At least on message must be undisclosed".to_owned(),
});
}

// Check that the last message (the prover_id) is not revealed
if let Some(val) = disclosed_messages.last_key_value() {
if *val.0 == self.0.m_hat_list.len() + disclosed_messages.len() {
return Err(Error::BadParams {
cause: "The last signed message should not be revealed"
.to_owned(),
});
}
}

let api_id = api_id.unwrap_or([].to_vec());

// initialize the proof verification procedure
// TODO: Check that the last message is not revealed
// TODO: Check that the m_hat_list is not empty.
let init_res = self.0.proof_verify_init::<T, G, C>(
PK,
header,
Expand All @@ -236,14 +241,13 @@ impl ProofWithNym {

// initialize the pseudonym correctness proof verification procedure
let OP = C::hash_to_curve(verifier_id.as_ref(), &api_id)?;

// unwrap() is safe here is we check that m_hat_list is non empty (TODO)
let pid_hat = self.0.m_hat_list.last().unwrap();
let pseudonym_point = pseudonym.as_point();
let proof_challenge = self.0.c;

// unwrap() is safe here since we check that m_hat_list is non empty
let Uv = G1Projective::multi_exp(
&[OP, pseudonym_point],
&[pid_hat.0, -proof_challenge.0],
&[self.0.m_hat_list.last().unwrap().0, -proof_challenge.0],
);

let pseudonym_proof_verify_init = CommitProofInitResult {
Expand Down
Loading

0 comments on commit 638653c

Please sign in to comment.