From 9f43ed15415f5063f2d7b2e14f407875ac7bc660 Mon Sep 17 00:00:00 2001 From: Özgür Kesim Date: Sun, 10 Nov 2024 16:27:10 +0100 Subject: add simpler API to nizk stages --- nizk/commit/commit.go | 13 +++++++++---- nizk/commit/commit_test.go | 22 +++++++++++++++++++++- nizk/stage1/stage1.go | 34 +++++++++++++++++++++------------- nizk/stage1/stage1_test.go | 26 +++++++++++++++++++++++++- nizk/stage2/stage2.go | 11 ++++++++++- nizk/stage2/stage2_test.go | 33 ++++++++++++++++++++++++++++++--- 6 files changed, 116 insertions(+), 23 deletions(-) diff --git a/nizk/commit/commit.go b/nizk/commit/commit.go index 84ba8e5..1fa653e 100644 --- a/nizk/commit/commit.go +++ b/nizk/commit/commit.go @@ -13,8 +13,8 @@ import ( type Statement struct { bitSet bool - a *Scalar - b *Scalar + a *Scalar + b *Scalar Commitment } @@ -25,11 +25,16 @@ type Commitment struct { Proof *Proof } -func NewStatement(a, b *Scalar, bitSet bool) *Statement { +func NewStatement(bitSet bool) *Statement { + a, b := Curve.RandomScalar(), Curve.RandomScalar() + return NewStatementFromScalars(bitSet, a, b) +} + +func NewStatementFromScalars(bitSet bool, a, b *Scalar) *Statement { return &Statement{ a: a, b: b, - bitSet: bitSet, + bitSet: bitSet, Commitment: commitment(a, b, bitSet), } } diff --git a/nizk/commit/commit_test.go b/nizk/commit/commit_test.go index 8763706..4ea5964 100644 --- a/nizk/commit/commit_test.go +++ b/nizk/commit/commit_test.go @@ -7,11 +7,31 @@ import ( ) func TestStatement(t *testing.T) { + id := Curve.RandomScalar() + Id := G.Exp(id) + + st1, st2 := NewStatement(true), NewStatement(false) + c1, c2 := st1.Commit(Id), st2.Commit(Id) + if !c1.Verify() { + t.Fatal("Could not verify st1 with c1, plus=true case") + } + if !c2.Verify() { + t.Fatal("Could not verify st2 with c2, plus=false case") + } + + // Use the wrong proof + c2.Proof = c1.Proof + if c2.Verify() { + t.Fatal("Verify with wrong proof should have failed!") + } +} + +func TestStatementFromScalar(t *testing.T) { var α, β, id = Curve.RandomScalar(), Curve.RandomScalar(), Curve.RandomScalar() Id := G.Exp(id) - st1, st2 := NewStatement(α, β, true), NewStatement(α, β, false) + st1, st2 := NewStatementFromScalars(true, α, β), NewStatementFromScalars(false, α, β) c1, c2 := st1.Commit(Id), st2.Commit(Id) if !c1.Verify() { t.Fatal("Could not verify st1 with c1, plus=true case") diff --git a/nizk/stage1/stage1.go b/nizk/stage1/stage1.go index 0bd3e29..5c729c8 100644 --- a/nizk/stage1/stage1.go +++ b/nizk/stage1/stage1.go @@ -10,12 +10,12 @@ import ( // for given Z, X, Y, R, C, A and B type Statement struct { - x *Scalar - y *Scalar - r *Scalar - α *Scalar - β *Scalar - plus bool + x *Scalar + y *Scalar + r *Scalar + α *Scalar + β *Scalar + bitSet bool *Commitment } @@ -29,22 +29,30 @@ type Commitment struct { Z *Point } -func NewStatement(x, y, r, α, β *Scalar, plus bool) *Statement { +func NewStatement(bitSet bool) *Statement { + var x [5]*Scalar + for i := range x { + x[i] = Curve.RandomScalar() + } + return NewStatementFromScalars(bitSet, x[0], x[1], x[2], x[3], x[4]) +} + +func NewStatementFromScalars(bitSet bool, x, y, r, α, β *Scalar) *Statement { return &Statement{ x: x, y: y, r: r, α: α, β: β, - plus: plus, - Commitment: commitment(x, y, r, α, β, plus), + bitSet: bitSet, + Commitment: commitment(x, y, r, α, β, bitSet), } } -func commitment(x, y, r, α, β *Scalar, plus bool) *Commitment { +func commitment(x, y, r, α, β *Scalar, bitSet bool) *Commitment { var Z *Point φ := α.Mul(β) - if plus { + if bitSet { Z = G.Exp(x.Mul(r)) φ = φ.Add(One) } else { @@ -78,7 +86,7 @@ func (s *Statement) Proof() *Proof { *s = Curve.RandomScalar() } - if s.plus { + if s.bitSet { ε[0][0] = G.Exp(r1).Mul(s.X.Exp(ω)) ε[0][1] = G.Exp(r2).Mul(s.A.Exp(ω)) ε[0][2] = s.Y.Exp(r1).Mul(s.Z.Exp(ω)) @@ -109,7 +117,7 @@ func (s *Statement) Proof() *Proof { ch := Challenge(p...) pr := &Proof{} - if s.plus { + if s.bitSet { pr.Ch[0] = ω pr.Ch[1] = ch.Sub(ω) pr.Rho[0][0] = r1 diff --git a/nizk/stage1/stage1_test.go b/nizk/stage1/stage1_test.go index 828dd0a..df93cdb 100644 --- a/nizk/stage1/stage1_test.go +++ b/nizk/stage1/stage1_test.go @@ -7,12 +7,32 @@ import ( ) func TestStatement(t *testing.T) { + st1 := NewStatement(true) + st2 := NewStatement(false) + + c1, c2 := st1.Commit(), st2.Commit() + pr1, pr2 := st1.Proof(), st2.Proof() + if !c1.Verify(pr1) { + t.Fatal("Could not verify st1 with c1 and pr1, plus=true case") + } + if !c2.Verify(pr2) { + t.Fatal("Could not verify st2 with c2 and pr2, plus=false case") + } + // Wrong proof test + if c1.Verify(pr2) { + t.Fatal("Shouldn't be able to verify c1 with pr2") + } +} + +func TestStatementFromScalars(t *testing.T) { var x, y, r, α, β *Scalar for _, s := range []**Scalar{&x, &y, &r, &α, &β} { *s = Curve.RandomScalar() } - st1, st2 := NewStatement(x, y, r, α, β, true), NewStatement(x, y, r, α, β, false) + st1 := NewStatementFromScalars(true, x, y, r, α, β) + st2 := NewStatementFromScalars(false, x, y, r, α, β) + c1, c2 := st1.Commit(), st2.Commit() pr1, pr2 := st1.Proof(), st2.Proof() if !c1.Verify(pr1) { @@ -21,4 +41,8 @@ func TestStatement(t *testing.T) { if !c2.Verify(pr2) { t.Fatal("Could not verify st2 with c2 and pr2, plus=false case") } + // Wrong proof test + if c1.Verify(pr2) { + t.Fatal("Shouldn't be able to verify c1 with pr2") + } } diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go index a17000f..88bfa59 100644 --- a/nizk/stage2/stage2.go +++ b/nizk/stage2/stage2.go @@ -47,7 +47,16 @@ type Commitment struct { Z_ *Point } -func NewStatement(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement { +func NewStatement(typ Type) *Statement { + var s [8]*Scalar + for i := range s { + s[i] = Curve.RandomScalar() + } + + return NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7]) +} + +func NewStatementFromScalars(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement { if typ > Set || typ < None { panic("unknown type") } diff --git a/nizk/stage2/stage2_test.go b/nizk/stage2/stage2_test.go index e4e6e5c..a33a468 100644 --- a/nizk/stage2/stage2_test.go +++ b/nizk/stage2/stage2_test.go @@ -7,16 +7,43 @@ import ( ) func TestVerification(t *testing.T) { + var st [3]*Statement + for i, typ := range []Type{None, Unset, Set} { + st[i] = NewStatement(typ) + c, p := st[i].Commit(), st[i].Proof() + if !c.Verify(p) { + t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i) + } + } + + for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 0}} { + c, p := st[ind[0]].Commit(), st[ind[1]].Proof() + if c.Verify(p) { + t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1]) + } + } +} + +func TestVerificationFromScalar(t *testing.T) { var s [8]*Scalar + var st [3]*Statement + for i := range s { s[i] = Curve.RandomScalar() } for i, typ := range []Type{None, Unset, Set} { - st := NewStatement(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7]) - c, p := st.Commit(), st.Proof() + st[i] = NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7]) + c, p := st[i].Commit(), st[i].Proof() if !c.Verify(p) { t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i) } } -} \ No newline at end of file + + for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 1}, {2, 0}} { + c, p := st[ind[0]].Commit(), st[ind[1]].Proof() + if c.Verify(p) { + t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1]) + } + } +} -- cgit v1.2.3