diff --git a/bbs_plus/Cargo.toml b/bbs_plus/Cargo.toml index 66021901..16bbdcbc 100644 --- a/bbs_plus/Cargo.toml +++ b/bbs_plus/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bbs_plus" -version = "0.21.0" +version = "0.22.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -23,10 +23,10 @@ sha3 = { version = "0.10.6", default-features = false } serde.workspace = true serde_with.workspace = true zeroize.workspace = true -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -oblivious_transfer_protocols = { version = "0.8.0", default-features = false, path = "../oblivious_transfer" } -secret_sharing_and_dkg = { version = "0.12.0", default-features = false, path = "../secret_sharing_and_dkg" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +oblivious_transfer_protocols = { version = "0.9.0", default-features = false, path = "../oblivious_transfer" } +secret_sharing_and_dkg = { version = "0.13.0", default-features = false, path = "../secret_sharing_and_dkg" } [dev-dependencies] blake2.workspace = true diff --git a/bbs_plus/src/proof.rs b/bbs_plus/src/proof.rs index d0f13860..eabcf9f6 100644 --- a/bbs_plus/src/proof.rs +++ b/bbs_plus/src/proof.rs @@ -296,6 +296,8 @@ impl PoKOfSignatureG1Protocol { }) } + /// Generate a partial proof, i.e. don't generate responses for message indices in `skip_responses_for` as these will be + /// generated by some other protocol. pub fn gen_partial_proof( mut self, challenge: &E::ScalarField, @@ -307,6 +309,7 @@ impl PoKOfSignatureG1Protocol { } // Schnorr response for relation `A_bar - d == A'*{-e} + h_0*r2` let sc_resp_1 = mem::take(&mut self.sc_comm_1).gen_proof(challenge); + let wits = schnorr_responses_to_msg_index_map( mem::take(&mut self.sc_wits_2), revealed_msg_ids, @@ -386,6 +389,8 @@ impl PoKOfSignatureG1Proof { ) } + /// Similar to `Self::verify` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial( &self, revealed_msgs: &BTreeMap, @@ -403,6 +408,8 @@ impl PoKOfSignatureG1Proof { ) } + /// Similar to `Self::verify_with_randomized_pairing_checker` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial_with_randomized_pairing_checker( &self, revealed_msgs: &BTreeMap, diff --git a/bbs_plus/src/proof_23_cdl.rs b/bbs_plus/src/proof_23_cdl.rs index 5cea7a06..c560e1b0 100644 --- a/bbs_plus/src/proof_23_cdl.rs +++ b/bbs_plus/src/proof_23_cdl.rs @@ -241,6 +241,8 @@ impl PoKOfSignature23G1Protocol { }) } + /// Generate a partial proof, i.e. don't generate responses for message indices in `skip_responses_for` as these will be + /// generated by some other protocol. pub fn gen_partial_proof( mut self, challenge: &E::ScalarField, @@ -331,6 +333,8 @@ impl PoKOfSignature23G1Proof { ) } + /// Similar to `Self::verify` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial( &self, revealed_msgs: &BTreeMap, @@ -348,6 +352,8 @@ impl PoKOfSignature23G1Proof { ) } + /// Similar to `Self::verify_with_randomized_pairing_checker` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial_with_randomized_pairing_checker( &self, revealed_msgs: &BTreeMap, diff --git a/bbs_plus/src/proof_23_ietf.rs b/bbs_plus/src/proof_23_ietf.rs index a976be10..1e4d3440 100644 --- a/bbs_plus/src/proof_23_ietf.rs +++ b/bbs_plus/src/proof_23_ietf.rs @@ -192,6 +192,8 @@ impl PoKOfSignature23G1Protocol { }) } + /// Generate a partial proof, i.e. don't generate responses for message indices in `skip_responses_for` as these will be + /// generated by some other protocol. pub fn gen_partial_proof( mut self, challenge: &E::ScalarField, @@ -273,6 +275,8 @@ impl PoKOfSignature23G1Proof { ) } + /// Similar to `Self::verify` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial( &self, revealed_msgs: &BTreeMap, @@ -290,6 +294,8 @@ impl PoKOfSignature23G1Proof { ) } + /// Similar to `Self::verify_with_randomized_pairing_checker` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial_with_randomized_pairing_checker( &self, revealed_msgs: &BTreeMap, diff --git a/bulletproofs_plus_plus/Cargo.toml b/bulletproofs_plus_plus/Cargo.toml index a0761f10..7bffe59e 100644 --- a/bulletproofs_plus_plus/Cargo.toml +++ b/bulletproofs_plus_plus/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bulletproofs_plus_plus" -version = "0.5.0" +version = "0.6.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -18,7 +18,7 @@ serde.workspace = true serde_with.workspace = true zeroize.workspace = true rayon = { workspace = true, optional = true } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } [dev-dependencies] blake2.workspace = true diff --git a/coconut/Cargo.toml b/coconut/Cargo.toml index f6dc410c..4e2029b7 100644 --- a/coconut/Cargo.toml +++ b/coconut/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "coconut-crypto" -version = "0.10.0" +version = "0.11.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -22,9 +22,9 @@ itertools.workspace = true zeroize.workspace = true serde_with.workspace = true rayon = { workspace = true, optional = true } -utils = { package = "dock_crypto_utils", version = "0.19.0", default-features = false, path = "../utils" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } -secret_sharing_and_dkg = { version = "0.12.0", default-features = false, path = "../secret_sharing_and_dkg" } +utils = { package = "dock_crypto_utils", version = "0.20.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } +secret_sharing_and_dkg = { version = "0.13.0", default-features = false, path = "../secret_sharing_and_dkg" } [dev-dependencies] blake2.workspace = true diff --git a/compressed_sigma/Cargo.toml b/compressed_sigma/Cargo.toml index 3863046a..5f86e62d 100644 --- a/compressed_sigma/Cargo.toml +++ b/compressed_sigma/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "compressed_sigma" -version = "0.0.10" +version = "0.0.11" edition.workspace = true authors.workspace = true license.workspace = true @@ -15,7 +15,7 @@ ark-std.workspace = true ark-poly.workspace = true rayon = {workspace = true, optional = true} digest.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } [dev-dependencies] blake2.workspace = true diff --git a/delegatable_credentials/Cargo.toml b/delegatable_credentials/Cargo.toml index ab4b34c2..3aaf0b78 100644 --- a/delegatable_credentials/Cargo.toml +++ b/delegatable_credentials/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "delegatable_credentials" -version = "0.9.0" +version = "0.10.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -20,8 +20,8 @@ serde.workspace = true serde_with.workspace = true zeroize.workspace = true num-bigint = { version = "0.4.0", default-features = false } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } [dependencies.num-integer] version = "0.1.42" diff --git a/kvac/Cargo.toml b/kvac/Cargo.toml index 3807bf5a..3adf51cf 100644 --- a/kvac/Cargo.toml +++ b/kvac/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "kvac" -version = "0.4.0" +version = "0.5.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -18,8 +18,8 @@ rayon = {workspace = true, optional = true} serde.workspace = true serde_with.workspace = true itertools.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } [dev-dependencies] blake2.workspace = true diff --git a/kvac/src/bbdt_2016/proof_cdh.rs b/kvac/src/bbdt_2016/proof_cdh.rs index 9d825454..35b8c56b 100644 --- a/kvac/src/bbdt_2016/proof_cdh.rs +++ b/kvac/src/bbdt_2016/proof_cdh.rs @@ -214,6 +214,8 @@ impl PoKOfMACProtocol { }) } + /// Generate a partial proof, i.e. don't generate responses for message indices in `skip_responses_for` as these will be + /// generated by some other protocol. pub fn gen_partial_proof( mut self, challenge: &G::ScalarField, @@ -282,6 +284,8 @@ impl PoKOfMAC { self._verify(revealed_msgs, challenge, secret_key, params, None) } + /// Similar to `Self::verify` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial( &self, revealed_msgs: &BTreeMap, @@ -308,6 +312,8 @@ impl PoKOfMAC { self._verify_schnorr_proof(revealed_msgs, challenge, params, None) } + /// Similar to `Self::verify_schnorr_proof` but responses for some messages (witnesses) are provided in `missing_responses`. + /// The keys of the map are message indices. pub fn verify_partial_schnorr_proof( &self, revealed_msgs: &BTreeMap, diff --git a/legogroth16/Cargo.toml b/legogroth16/Cargo.toml index b0262e20..73c31313 100644 --- a/legogroth16/Cargo.toml +++ b/legogroth16/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "legogroth16" -version = "0.14.0" +version = "0.15.0" authors = [ "arkworks contributors", "Dock.io" ] description = "An implementation of the LegoGroth16, the Legosnark variant of Groth16 zkSNARK proof system" repository.workspace = true @@ -29,7 +29,7 @@ num-bigint = { version = "0.4", default-features = false, optional = true } log = "0.4" ark-groth16 = { workspace = true, optional = true } ark-snark = { version = "^0.4.0", default-features = false, optional = true } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } [dev-dependencies] csv = { version = "1" } diff --git a/oblivious_transfer/Cargo.toml b/oblivious_transfer/Cargo.toml index 7590f5ba..6d6a2e2c 100644 --- a/oblivious_transfer/Cargo.toml +++ b/oblivious_transfer/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "oblivious_transfer_protocols" -version = "0.8.0" +version = "0.9.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -23,8 +23,8 @@ sha3 = { version = "0.10.6", default-features = false } aes = { version = "0.8.2", default-features = false } itertools.workspace = true byteorder = { version = "1.4", default-features = false } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } [dev-dependencies] blake2.workspace = true diff --git a/proof_system/Cargo.toml b/proof_system/Cargo.toml index 14dcaf58..b8c0685f 100644 --- a/proof_system/Cargo.toml +++ b/proof_system/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proof_system" -version = "0.30.0" +version = "0.31.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -27,18 +27,18 @@ zeroize.workspace = true itertools.workspace = true aead = {version = "0.5.2", default-features = false, features = [ "alloc" ]} chacha20poly1305 = {version = "0.10.1", default-features = false} -bbs_plus = { version = "0.21.0", default-features = false, path = "../bbs_plus" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } -vb_accumulator = { version = "0.25.0", default-features = false, path = "../vb_accumulator" } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -saver = { version = "0.17.0", default-features = false, path = "../saver" } -coconut-crypto = { version = "0.10.0", default-features = false, path = "../coconut" } +bbs_plus = { version = "0.22.0", default-features = false, path = "../bbs_plus" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } +vb_accumulator = { version = "0.26.0", default-features = false, path = "../vb_accumulator" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +saver = { version = "0.18.0", default-features = false, path = "../saver" } +coconut-crypto = { version = "0.11.0", default-features = false, path = "../coconut" } merlin = { package = "dock_merlin", version = "3.0.0", default-features = false, path = "../merlin" } -legogroth16 = { version = "0.14.0", default-features = false, features = ["circom", "aggregation"], path = "../legogroth16" } -bulletproofs_plus_plus = { version = "0.5.0", default-features = false, path = "../bulletproofs_plus_plus" } -smc_range_proof = { version = "0.5.0", default-features = false, path = "../smc_range_proof" } -short_group_sig = { version = "0.3.0", default-features = false, path = "../short_group_sig" } -kvac = { version = "0.4.0", default-features = false, path = "../kvac" } +legogroth16 = { version = "0.15.0", default-features = false, features = ["circom", "aggregation"], path = "../legogroth16" } +bulletproofs_plus_plus = { version = "0.6.0", default-features = false, path = "../bulletproofs_plus_plus" } +smc_range_proof = { version = "0.6.0", default-features = false, path = "../smc_range_proof" } +short_group_sig = { version = "0.4.0", default-features = false, path = "../short_group_sig" } +kvac = { version = "0.5.0", default-features = false, path = "../kvac" } [dev-dependencies] ark-bls12-381.workspace = true diff --git a/proof_system/src/prover.rs b/proof_system/src/prover.rs index dee4197e..3055a1c5 100644 --- a/proof_system/src/prover.rs +++ b/proof_system/src/prover.rs @@ -1132,6 +1132,8 @@ impl Proof { } } + /// Get indices of witnesses of statement index `s_id` for which response should not be generated since it already exists. + /// If the response didn't exists, then the given `resp_generated` will be updated fn get_responses_to_skip( s_id: usize, total_msgs: usize, diff --git a/proof_system/src/sub_protocols/bound_check_bpp.rs b/proof_system/src/sub_protocols/bound_check_bpp.rs index c71f76d6..d9f33fdf 100644 --- a/proof_system/src/sub_protocols/bound_check_bpp.rs +++ b/proof_system/src/sub_protocols/bound_check_bpp.rs @@ -159,6 +159,7 @@ impl<'a, G: AffineRepr> BoundCheckBppProtocol<'a, G> { self.bpp_randomness.take().unwrap(), )?; let proof = prover.prove(rng, self.setup_params.clone(), transcript)?; + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for = BTreeSet::from([0]); Ok(StatementProof::BoundCheckBpp(BoundCheckBppProof { bpp_proof: ProofArbitraryRange { diff --git a/proof_system/src/sub_protocols/bound_check_legogroth16.rs b/proof_system/src/sub_protocols/bound_check_legogroth16.rs index 409dfd24..6f029aea 100644 --- a/proof_system/src/sub_protocols/bound_check_legogroth16.rs +++ b/proof_system/src/sub_protocols/bound_check_legogroth16.rs @@ -160,6 +160,7 @@ impl<'a, E: Pairing> BoundCheckLegoGrothProtocol<'a, E> { self.id, )); } + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for = BTreeSet::from([0]); Ok(StatementProof::BoundCheckLegoGroth16( BoundCheckLegoGroth16Proof { diff --git a/proof_system/src/sub_protocols/bound_check_smc.rs b/proof_system/src/sub_protocols/bound_check_smc.rs index c4f0d77b..fe87fc1c 100644 --- a/proof_system/src/sub_protocols/bound_check_smc.rs +++ b/proof_system/src/sub_protocols/bound_check_smc.rs @@ -165,6 +165,7 @@ impl<'a, E: Pairing> BoundCheckSmcProtocol<'a, E> { BoundCheckSmcInnerProof::CLS(p) } }; + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for = BTreeSet::from([0]); Ok(StatementProof::BoundCheckSmc(BoundCheckSmcProof { proof, diff --git a/proof_system/src/sub_protocols/bound_check_smc_with_kv.rs b/proof_system/src/sub_protocols/bound_check_smc_with_kv.rs index d3eb67e6..18ead54f 100644 --- a/proof_system/src/sub_protocols/bound_check_smc_with_kv.rs +++ b/proof_system/src/sub_protocols/bound_check_smc_with_kv.rs @@ -197,6 +197,7 @@ impl<'a, E: Pairing> BoundCheckSmcWithKVProtocol<'a, E> { BoundCheckSmcWithKVInnerProof::CLS(p) } }; + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for = BTreeSet::from([0]); Ok(StatementProof::BoundCheckSmcWithKV( BoundCheckSmcWithKVProof { diff --git a/proof_system/src/sub_protocols/inequality.rs b/proof_system/src/sub_protocols/inequality.rs index 3d470c46..4ddd90d8 100644 --- a/proof_system/src/sub_protocols/inequality.rs +++ b/proof_system/src/sub_protocols/inequality.rs @@ -130,6 +130,7 @@ impl<'a, G: AffineRepr> InequalityProtocol<'a, G> { .take() .unwrap() .gen_proof(challenge); + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for = BTreeSet::from([0]); Ok(StatementProof::Inequality(InequalityProof { proof, diff --git a/proof_system/src/sub_protocols/saver.rs b/proof_system/src/sub_protocols/saver.rs index 19d748d1..52fc2b30 100644 --- a/proof_system/src/sub_protocols/saver.rs +++ b/proof_system/src/sub_protocols/saver.rs @@ -221,6 +221,7 @@ impl<'a, E: Pairing> SaverProtocol<'a, E> { let mut sp_chunks = self.sp_chunks.take().unwrap(); let mut sp_combined = self.sp_combined.take().unwrap(); let skip_for_chunks = BTreeSet::from_iter(0..ciphertext.enc_chunks.len()); + // Don't generated response for index 0 since its response will come from proofs of one of the signatures. let skip_for_message = BTreeSet::from([0]); Ok(StatementProof::Saver(SaverProof { ciphertext, diff --git a/proof_system/src/verifier.rs b/proof_system/src/verifier.rs index cd827e53..e8000481 100644 --- a/proof_system/src/verifier.rs +++ b/proof_system/src/verifier.rs @@ -1762,6 +1762,9 @@ impl Proof { Ok(()) } + /// Get the response for a witness from the tracked responses of witness equalities. Expects the response + /// to exists else throws error. This is not to be called for signature proof protocols but others whose + /// responses are expected to come from them or pedersen commitment protocols. fn get_resp_for_message( s_idx: usize, disjoint_equalities: &[EqualWitnesses], diff --git a/saver/Cargo.toml b/saver/Cargo.toml index 395295ca..9642e6fa 100644 --- a/saver/Cargo.toml +++ b/saver/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "saver" -version = "0.17.0" +version = "0.18.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -20,8 +20,8 @@ rayon = {workspace = true, optional = true} serde.workspace = true serde_with.workspace = true zeroize.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -legogroth16 = { version = "0.14.0", default-features = false, features = ["aggregation"], path = "../legogroth16" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +legogroth16 = { version = "0.15.0", default-features = false, features = ["aggregation"], path = "../legogroth16" } merlin = { package = "dock_merlin", version = "3.0.0", default-features = false, path = "../merlin" } [dev-dependencies] diff --git a/schnorr_pok/Cargo.toml b/schnorr_pok/Cargo.toml index 8ffe4321..8673ffb5 100644 --- a/schnorr_pok/Cargo.toml +++ b/schnorr_pok/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "schnorr_pok" -version = "0.19.0" +version = "0.20.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -19,7 +19,7 @@ ark-ec.workspace = true ark-std.workspace = true rayon = {workspace = true, optional = true} digest.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } serde.workspace = true serde_with.workspace = true zeroize.workspace = true diff --git a/schnorr_pok/README.md b/schnorr_pok/README.md index 3d45b5d1..479a2c9b 100644 --- a/schnorr_pok/README.md +++ b/schnorr_pok/README.md @@ -7,7 +7,7 @@ Refer [this](https://crypto.stanford.edu/cs355/19sp/lec5.pdf) for more details o Also implements the proof of knowledge of discrete log in pairing groups, i.e. given prover and verifier both know (`A1`, `Y1`), and prover additionally knows `B1`, prove that `e(A1, B1) = Y1`. Similarly, -proving `e(A2, B2) = Y2` when only prover knows `A2` but both know (`B2`, `Y2`). See [`discrete_log_pairing`] +proving `e(A2, B2) = Y2` when only prover knows `A2` but both know (`B2`, `Y2`). See [`discrete_log_pairing`]. Also implements the proof of **inequality of discrete log** (a value committed in a Pedersen commitment), either with a public value or with another discrete log in [`Inequality`]. eg. Given a message `m`, @@ -15,21 +15,26 @@ its commitment `C = g * m + h * r` and a public value `v`, proving that `m` ≠ `m1` and `m2` and their commitments `C1 = g * m1 + h * r1` and `C2 = g * m2 + h * r2`, proving `m1` ≠ `m2` Also implements the proof of **inequality of discrete log** when only one of the discrete log is known to -the prover. i.e. given `y = g * x` and `z = h * k`, prover and verifier know `g`, `h`, `y` and `z` and prover additionally -knows `x` but not `k`. +the prover. i.e. given `y = g * x` and `z = h * k`, prover and verifier know `g`, `h`, `y` and `z` and +prover additionally knows `x` but not `k`. + +Also impelements partial Schnorr proof where response for some witnesses is not generated. This is useful +when several Schnorr protocols are executed together and they share some witnesses. The response for those +witnesses will be generated in one Schnorr proof while the other protocols will generate partial Schnorr +proofs where responses for those witnesses will be missing. We outline the steps of Schnorr protocol. -Prover wants to prove knowledge of `x` in `y = g * x` (`y` and `g` are public knowledge) -**Step 1**: Prover generates randomness `r`, and sends `t = g * r` to Verifier. -**Step 2**: Verifier generates random challenge `c` and send to Prover. -**Step 3**: Prover produces `s = r + x*c`, and sends s to Verifier. -**Step 4**: Verifier checks that `g * s = (y * c) + t`. - -For proving knowledge of multiple messages like `x_1` and `x_2` in `y = g_1*x_1 + g_2*x_2`: -**Step 1**: Prover generates randomness `r_1` and `r_2`, and sends `t = g_1*r_1 + g_2*r_2` to Verifier -**Step 2**: Verifier generates random challenge `c` and send to Prover -**Step 3**: Prover produces `s_1 = r_1 + x_1*c` and `s_2 = r_2 + x_2*c`, and sends `s_1` and `s_2` to Verifier -**Step 4**: Verifier checks that `g_1*s_1 + g_2*s_2 = y*c + t` +Prover wants to prove knowledge of `x` in `y = g * x` (`y` and `g` are public knowledge) +**Step 1**: Prover generates randomness `r`, and sends `t = g * r` to Verifier. +**Step 2**: Verifier generates random challenge `c` and send to Prover. +**Step 3**: Prover produces `s = r + x*c`, and sends s to Verifier. +**Step 4**: Verifier checks that `g * s = (y * c) + t`. + +For proving knowledge of multiple messages like `x_1` and `x_2` in `y = g_1*x_1 + g_2*x_2`: +**Step 1**: Prover generates randomness `r_1` and `r_2`, and sends `t = g_1*r_1 + g_2*r_2` to Verifier +**Step 2**: Verifier generates random challenge `c` and send to Prover +**Step 3**: Prover produces `s_1 = r_1 + x_1*c` and `s_2 = r_2 + x_2*c`, and sends `s_1` and `s_2` to Verifier +**Step 4**: Verifier checks that `g_1*s_1 + g_2*s_2 = y*c + t` Above can be generalized to more than 2 `x`s diff --git a/schnorr_pok/src/lib.rs b/schnorr_pok/src/lib.rs index 89baa07a..4d1be718 100644 --- a/schnorr_pok/src/lib.rs +++ b/schnorr_pok/src/lib.rs @@ -16,6 +16,11 @@ //! the prover. i.e. given `y = g * x` and `z = h * k`, prover and verifier know `g`, `h`, `y` and `z` and //! prover additionally knows `x` but not `k`. //! +//! Also impelements partial Schnorr proof where response for some witnesses is not generated. This is useful +//! when several Schnorr protocols are executed together and they share some witnesses. The response for those +//! witnesses will be generated in one Schnorr proof while the other protocols will generate partial Schnorr +//! proofs where responses for those witnesses will be missing. +//! //! We outline the steps of Schnorr protocol. //! Prover wants to prove knowledge of `x` in `y = g * x` (`y` and `g` are public knowledge) //! **Step 1**: Prover generates randomness `r`, and sends `t = g * r` to Verifier. diff --git a/schnorr_pok/src/partial.rs b/schnorr_pok/src/partial.rs index 728463d6..0d8592c8 100644 --- a/schnorr_pok/src/partial.rs +++ b/schnorr_pok/src/partial.rs @@ -18,16 +18,25 @@ use serde::{Deserialize, Serialize}; use serde_with::{serde_as, Same}; /// Response during step 3 of the Schnorr protocol to prove knowledge of 1 or more discrete logs +/// This is called partial because it does not contain the responses for all the witnesses. This is +/// used when more than one Schnorr protocol is used and some witnesses are to be proved equal among them. +/// Also useful in case of a single Schnorr protocol if some witnesses are to be proved equal. +/// Eg. when proving knowledge of witnesses `m1`, `m2`, `m3`, `m4` in `C = G1 * m1 + G2 * m2 + G3 * m3 + G4 * m4`, +/// if `m1` and `m3` are also witnesses of another Schnorr protocol then this will contain only the responses +/// for `m2` and `m4`. During verification, the responses for `m1` and `m3` will be given to it. #[serde_as] #[derive( Clone, Debug, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize, Serialize, Deserialize, )] pub struct PartialSchnorrResponse { + /// Key of the map is the witness index and value is the response for that witnesses. #[serde_as(as = "BTreeMap")] pub responses: BTreeMap, pub total_responses: usize, } +/// Proof of knowledge of discrete log but does not contain the response as the response comes from another protocol +/// running with it which has the same witness (discrete log) #[serde_as] #[derive( Default, @@ -45,6 +54,9 @@ pub struct PartialPokDiscreteLog { pub t: G, } +/// Proof of knowledge of 2 discrete logs but contains the response of only 1, i.e. when proving knowledge of witnesses +/// `a` and `b` in `C = G * a + H * b`, contains the response only for witness `a`. This is because response for `b` will +/// come from another Schnorr protocol which also has `b` as one of the witnesses #[serde_as] #[derive( Default, @@ -64,6 +76,9 @@ pub struct Partial1PokTwoDiscreteLogs { pub response1: G::ScalarField, } +/// Proof of knowledge of 2 discrete logs but contains the response of only 1, i.e. when proving knowledge of witnesses +/// `a` and `b` in `C = G * a + H * b`, contains the response only for witness `b`. This is because response for `a` will +/// come from another Schnorr protocol which also has `a` as one of the witnesses #[serde_as] #[derive( Default, @@ -83,7 +98,28 @@ pub struct Partial2PokTwoDiscreteLogs { pub response2: G::ScalarField, } +/// Proof of knowledge of 2 discrete logs but contains the response for neither, i.e. when proving knowledge of witnesses +/// `a` and `b` in `C = G * a + H * b`, contains no response. This is because response for `a` and `b` will come from +/// another Schnorr protocol which also has `a` and `b` as their witnesses +#[serde_as] +#[derive( + Default, + Clone, + PartialEq, + Eq, + Debug, + CanonicalSerialize, + CanonicalDeserialize, + Serialize, + Deserialize, +)] +pub struct PartialPokTwoDiscreteLogs { + #[serde_as(as = "ArkObjectBytes")] + pub t: G, +} + impl SchnorrCommitment { + /// The key of the map is the index for which response has to be generated. pub fn partial_response( &self, witnesses: BTreeMap, @@ -110,28 +146,13 @@ impl PokDiscreteLogProtocol { } } -#[serde_as] -#[derive( - Default, - Clone, - PartialEq, - Eq, - Debug, - CanonicalSerialize, - CanonicalDeserialize, - Serialize, - Deserialize, -)] -pub struct PartialPokTwoDiscreteLogs { - #[serde_as(as = "ArkObjectBytes")] - pub t: G, -} - impl PokTwoDiscreteLogsProtocol { + /// Generate proof when no response has to be generated. pub fn gen_partial_proof(self) -> PartialPokTwoDiscreteLogs { PartialPokTwoDiscreteLogs { t: self.t } } + /// Generate proof when only response for witness1 has to be generated. pub fn gen_partial1_proof(self, challenge: &G::ScalarField) -> Partial1PokTwoDiscreteLogs { Partial1PokTwoDiscreteLogs { t: self.t, @@ -139,6 +160,7 @@ impl PokTwoDiscreteLogsProtocol { } } + /// Generate proof when only response for witness2 has to be generated. pub fn gen_partial2_proof(self, challenge: &G::ScalarField) -> Partial2PokTwoDiscreteLogs { Partial2PokTwoDiscreteLogs { t: self.t, @@ -148,6 +170,8 @@ impl PokTwoDiscreteLogsProtocol { } impl PartialSchnorrResponse { + /// Keys of `missing_responses` are the witness indices whose response was generated while creating this. Instead + /// these comes from some other Schnorr protocol. pub fn is_valid( &self, bases: &[G], @@ -189,6 +213,7 @@ impl PartialSchnorrResponse { } } + /// Get indices for which it does not have any response. These responses will be fetched from other protocols. pub fn get_missing_response_indices(&self) -> BTreeSet { let mut ids = BTreeSet::new(); for i in 0..self.total_responses { diff --git a/secret_sharing_and_dkg/Cargo.toml b/secret_sharing_and_dkg/Cargo.toml index c35ac3dd..2f9812ed 100644 --- a/secret_sharing_and_dkg/Cargo.toml +++ b/secret_sharing_and_dkg/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "secret_sharing_and_dkg" -version = "0.12.0" +version = "0.13.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -19,8 +19,8 @@ rayon = { workspace = true, optional = true } serde.workspace = true serde_with.workspace = true zeroize.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } [dev-dependencies] blake2.workspace = true diff --git a/short_group_sig/Cargo.toml b/short_group_sig/Cargo.toml index 08ee6014..ee312d79 100644 --- a/short_group_sig/Cargo.toml +++ b/short_group_sig/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "short_group_sig" -version = "0.3.0" +version = "0.4.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -19,8 +19,8 @@ rayon = {workspace = true, optional = true} serde.workspace = true serde_with.workspace = true zeroize.workspace = true -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } [dev-dependencies] blake2.workspace = true diff --git a/short_group_sig/src/bb_sig_pok.rs b/short_group_sig/src/bb_sig_pok.rs index 96b2e991..951d7f7b 100644 --- a/short_group_sig/src/bb_sig_pok.rs +++ b/short_group_sig/src/bb_sig_pok.rs @@ -84,6 +84,8 @@ pub struct PoKOfSignatureG1 { pub sc_T1: PokDiscreteLog, /// Proof of knowledge of `beta` in `T2 = v * beta` pub sc_T2: PokDiscreteLog, + /// The following could be achieved by using Either but serialization + /// for Either is not supported out of the box and had to be implemented /// For relation `T1 * message + u * delta_1 = 0` pub sc_T1_x: Option>, /// For relation `T1 * message + u * delta_1 = 0` diff --git a/short_group_sig/src/weak_bb_sig_pok_cdh.rs b/short_group_sig/src/weak_bb_sig_pok_cdh.rs index 6ceca044..75ba04d3 100644 --- a/short_group_sig/src/weak_bb_sig_pok_cdh.rs +++ b/short_group_sig/src/weak_bb_sig_pok_cdh.rs @@ -48,6 +48,8 @@ pub struct PoKOfSignatureG1 { pub A_prime: E::G1Affine, #[serde_as(as = "ArkObjectBytes")] pub A_bar: E::G1Affine, + /// The following could be achieved by using Either but serialization + /// for Either is not supported out of the box and had to be implemented pub sc: Option>, pub sc_partial: Option>, } diff --git a/short_group_sig/src/weak_bb_sig_pok_kv.rs b/short_group_sig/src/weak_bb_sig_pok_kv.rs index 76cccfdf..c96f557f 100644 --- a/short_group_sig/src/weak_bb_sig_pok_kv.rs +++ b/short_group_sig/src/weak_bb_sig_pok_kv.rs @@ -45,6 +45,8 @@ pub struct PoKOfSignatureG1KV { #[serde_as(as = "ArkObjectBytes")] pub A_bar: G, /// For proving relation `A_bar = g1 * r - A' * m` + /// The following could be achieved by using Either but serialization + /// for Either is not supported out of the box and had to be implemented pub sc: Option>, pub sc_partial: Option>, } diff --git a/smc_range_proof/Cargo.toml b/smc_range_proof/Cargo.toml index 3efa18e9..7f659706 100644 --- a/smc_range_proof/Cargo.toml +++ b/smc_range_proof/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "smc_range_proof" -version = "0.5.0" +version = "0.6.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -16,9 +16,9 @@ ark-serialize.workspace = true digest.workspace = true zeroize.workspace = true rayon = {workspace = true, optional = true} -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -short_group_sig = { version = "0.3.0", default-features = false, path = "../short_group_sig" } -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +short_group_sig = { version = "0.4.0", default-features = false, path = "../short_group_sig" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } [dev-dependencies] blake2.workspace = true diff --git a/utils/Cargo.toml b/utils/Cargo.toml index b8126a02..d922bccb 100644 --- a/utils/Cargo.toml +++ b/utils/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "dock_crypto_utils" -version = "0.19.0" +version = "0.20.0" edition.workspace = true authors.workspace = true license.workspace = true diff --git a/vb_accumulator/Cargo.toml b/vb_accumulator/Cargo.toml index a4086684..0a0a3da8 100644 --- a/vb_accumulator/Cargo.toml +++ b/vb_accumulator/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "vb_accumulator" -version = "0.25.0" +version = "0.26.0" edition.workspace = true authors.workspace = true license.workspace = true @@ -22,12 +22,12 @@ rayon = {workspace = true, optional = true} serde.workspace = true serde_with.workspace = true zeroize.workspace = true -schnorr_pok = { version = "0.19.0", default-features = false, path = "../schnorr_pok" } -dock_crypto_utils = { version = "0.19.0", default-features = false, path = "../utils" } -short_group_sig = { version = "0.3.0", default-features = false, path = "../short_group_sig" } -kvac = { version = "0.4.0", default-features = false, path = "../kvac" } -oblivious_transfer_protocols = { version = "0.8.0", default-features = false, path = "../oblivious_transfer" } -secret_sharing_and_dkg = { version = "0.12.0", default-features = false, path = "../secret_sharing_and_dkg" } +schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" } +dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" } +short_group_sig = { version = "0.4.0", default-features = false, path = "../short_group_sig" } +kvac = { version = "0.5.0", default-features = false, path = "../kvac" } +oblivious_transfer_protocols = { version = "0.9.0", default-features = false, path = "../oblivious_transfer" } +secret_sharing_and_dkg = { version = "0.13.0", default-features = false, path = "../secret_sharing_and_dkg" } [dev-dependencies] blake2.workspace = true diff --git a/vb_accumulator/src/proofs.rs b/vb_accumulator/src/proofs.rs index 146b014b..27e70bc9 100644 --- a/vb_accumulator/src/proofs.rs +++ b/vb_accumulator/src/proofs.rs @@ -201,6 +201,8 @@ pub struct SchnorrCommit { )] #[serde(bound = "")] pub struct SchnorrResponse { + /// This is the response for the accumulator member/non-member. If its missing, it means that the response is generated by + /// some other protocol and will be provided during verification. #[serde_as(as = "Option")] pub s_y: Option, #[serde_as(as = "ArkObjectBytes")]