Skip to content

Commit

Permalink
Use baby step giant step for solving discrete log in pairing group an…
Browse files Browse the repository at this point in the history
…d add hashing utils

Signed-off-by: lovesh <[email protected]>
  • Loading branch information
lovesh committed Jun 5, 2024
1 parent a1f322a commit 3652320
Show file tree
Hide file tree
Showing 30 changed files with 311 additions and 639 deletions.
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,14 @@ Library providing privacy enhancing cryptographic primitives.
- prove knowledge of a BBS+ signature and the corresponding messages
- prove knowledge of a modified PS signature and the corresponding messages
- equality of signed messages (from same or different signatures) in zero knowledge
- inequality of signed messages with public or committed values in zero knowledge
- the (non)membership of a certain signed message(s)in the accumulator
- numeric bounds (min, max) on the messages can be proved in zero-knowledge
- verifiable encryption of signed messages under BBS+.
- verifiable encryption of signed messages under BBS+ or PS.
- zk-SNARK created from R1CS and WASM generated by [Circom](https://docs.circom.io/) with witnesses as BBS+ signed messages (not exclusively though).
5. [Verifiable encryption](./saver) using [SAVER](https://eprint.iacr.org/2019/1270).
6. [Compression and amortization of Sigma protocols](./compressed_sigma). This is PoC implementation.
7. [Secret sharing schemes and DKG](./secret_sharing_and_dkg). Implements verifiable secret sharing schemes and DKG from Gennaro and FROST. Also implements protocol to do a distributed DLOG check.
7. [Secret sharing schemes and DKG](./secret_sharing_and_dkg). Implements several verifiable secret sharing schemes and DKG from Gennaro and FROST. Also implements protocol to do a distributed DLOG check.
8. [Cocount and PS signatures](./coconut/). Based on the paper [Security Analysis of Coconut, an Attribute-Based Credential Scheme with Threshold Issuance](https://eprint.iacr.org/2022/011)
9. [LegoGroth16](./legogroth16/). LegoGroth16, the [LegoSNARK](https://eprint.iacr.org/2019/142) variant of [Groth16](https://eprint.iacr.org/2016/260) zkSNARK proof system
10. [Oblivious Transfer (OT) and Oblivious Transfer Extensions (OTE)](./oblivious_transfer).
Expand Down
11 changes: 4 additions & 7 deletions bbs_plus/src/setup.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,7 @@

use crate::error::BBSPlusError;
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, VariableBaseMSM};
use ark_ff::{
field_hashers::{DefaultFieldHasher, HashToField},
PrimeField,
};
use ark_ff::PrimeField;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{cfg_iter, fmt::Debug, rand::RngCore, vec::Vec, UniformRand};
use digest::{Digest, DynDigest};
Expand All @@ -64,7 +61,7 @@ use dock_crypto_utils::{
affine_group_element_from_byte_slices,
aliases::*,
concat_slices,
hashing_utils::projective_group_elem_from_try_and_incr,
hashing_utils::{hash_to_field, projective_group_elem_from_try_and_incr},
iter::*,
join,
misc::{n_projective_group_elements, seq_pairs_satisfy},
Expand Down Expand Up @@ -96,13 +93,13 @@ use serde_with::serde_as;
pub struct SecretKey<F: PrimeField>(#[serde_as(as = "ArkObjectBytes")] pub F);

impl<F: PrimeField> SecretKey<F> {
pub const DST: &'static [u8] = b"BBS-SIG-KEYGEN-SALT";
pub fn generate_using_seed<D>(seed: &[u8]) -> Self
where
F: PrimeField,
D: Default + DynDigest + Clone,
{
let hasher = <DefaultFieldHasher<D> as HashToField<F>>::new(b"BBS-SIG-KEYGEN-SALT");
Self(hasher.hash_to_field(seed, 1).pop().unwrap())
Self(hash_to_field::<F, D>(Self::DST, seed))
}
}

Expand Down
3 changes: 2 additions & 1 deletion delegatable_credentials/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ edition.workspace = true
authors.workspace = true
license.workspace = true
repository.workspace = true
description = "Schemes used to develop DAC (Delegatable Anonymous Credentials)"
description = "Schemes used to develop DAC (Delegatable Anonymous Credentials). Implements structure preseving signatures, Mercurial Signature, set commitment scheme"
keywords = ["mercurial-signature", "set-commitment", "SPS-EQ"]

[dependencies]
ark-ff.workspace = true
Expand Down
36 changes: 17 additions & 19 deletions delegatable_credentials/src/mercurial_sig.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,29 +2,24 @@
//! Implements 2 variations of the algorithms, one where signature is in group G1 and public key in group G2
//! and the other where signature is in group G2 and public key in group G1

use crate::error::DelegationError;
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group, VariableBaseMSM};
use ark_ff::{
field_hashers::{DefaultFieldHasher, HashToField},
Field, PrimeField, Zero,
};
use ark_ff::{Field, PrimeField, Zero};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{cfg_iter, fmt::Debug, rand::RngCore, vec::Vec, UniformRand};
use digest::DynDigest;

use zeroize::{Zeroize, ZeroizeOnDrop};

use dock_crypto_utils::serde_utils::*;

use dock_crypto_utils::{
aliases::{FullDigest, SyncIfParallel},
hashing_utils::hash_to_field_many,
msm::WindowTable,
serde_utils::*,
};
use serde::{Deserialize, Serialize};
use serde_with::serde_as;

use dock_crypto_utils::msm::WindowTable;
use zeroize::{Zeroize, ZeroizeOnDrop};

#[cfg(feature = "parallel")]
use rayon::prelude::*;

use crate::error::DelegationError;

/// Secret key used by the signer to sign messages
#[serde_as]
#[derive(
Expand Down Expand Up @@ -105,6 +100,8 @@ pub struct SignatureG2<E: Pairing> {
}

impl<E: Pairing> SecretKey<E> {
pub const DST: &'static [u8] = b"MERCURIAL-SIG-KEYGEN-SALT";

pub fn new<R: RngCore>(rng: &mut R, size: u32) -> Result<Self, DelegationError> {
if size == 0 {
return Err(DelegationError::NeedNonZeroSize);
Expand All @@ -118,15 +115,16 @@ impl<E: Pairing> SecretKey<E> {

pub fn generate_using_seed<D>(seed: &[u8], size: u32) -> Result<Self, DelegationError>
where
D: DynDigest + Default + Clone,
D: FullDigest + SyncIfParallel,
{
if size == 0 {
return Err(DelegationError::NeedNonZeroSize);
}
let hasher = <DefaultFieldHasher<D> as HashToField<E::ScalarField>>::new(
b"MERCURIAL-SIG-KEYGEN-SALT",
);
Ok(Self(hasher.hash_to_field(seed, size as usize)))
Ok(Self(hash_to_field_many::<E::ScalarField, D>(
Self::DST,
seed,
size,
)))
}

/// ConvertSK from the paper.
Expand Down
22 changes: 12 additions & 10 deletions delegatable_credentials/src/msbm/keys.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ use crate::{
set_commitment::SetCommitmentSRS,
};
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group};
use ark_ff::{
field_hashers::{DefaultFieldHasher, HashToField},
PrimeField, Zero,
};
use ark_ff::{PrimeField, Zero};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{cfg_iter, ops::Neg, rand::RngCore, vec, vec::Vec, UniformRand};
use digest::DynDigest;
use zeroize::{Zeroize, ZeroizeOnDrop};

use dock_crypto_utils::{
aliases::{FullDigest, SyncIfParallel},
hashing_utils::hash_to_field,
};
#[cfg(feature = "parallel")]
use rayon::prelude::*;

Expand Down Expand Up @@ -64,20 +64,22 @@ pub struct UpdateKey<E: Pairing> {
}

impl<E: Pairing> RootIssuerSecretKey<E> {
pub const DST: &'static [u8] = b"MERCURIAL-SIG-KEYGEN-SALT-0";

pub fn new<R: RngCore>(rng: &mut R, size: u32) -> Result<Self, DelegationError> {
let m_sk = SecretKey::new(rng, size)?;
Ok(Self(E::ScalarField::rand(rng), m_sk))
}

pub fn generate_using_seed<D>(seed: &[u8], size: u32) -> Result<Self, DelegationError>
where
D: DynDigest + Default + Clone,
D: FullDigest + SyncIfParallel,
{
let m_sk = SecretKey::generate_using_seed::<D>(seed, size)?;
let hasher = <DefaultFieldHasher<D> as HashToField<E::ScalarField>>::new(
b"MERCURIAL-SIG-KEYGEN-SALT-0",
);
Ok(Self(hasher.hash_to_field(seed, 1).pop().unwrap(), m_sk))
Ok(Self(
hash_to_field::<E::ScalarField, D>(Self::DST, seed),
m_sk,
))
}
}

Expand Down
4 changes: 2 additions & 2 deletions delegatable_credentials/src/protego/keys.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup};
use ark_ff::PrimeField;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{rand::RngCore, vec::Vec, UniformRand};
use digest::DynDigest;
use dock_crypto_utils::aliases::{FullDigest, SyncIfParallel};
use zeroize::{Zeroize, ZeroizeOnDrop};

/// Secret key of the credential issuer. The size of the key would be at least 3 and at most 7 depending on it
Expand Down Expand Up @@ -62,7 +62,7 @@ impl<E: Pairing> IssuerSecretKey<E> {
supports_audit: bool,
) -> Result<Self, DelegationError>
where
D: DynDigest + Default + Clone,
D: FullDigest + SyncIfParallel,
{
Ok(Self {
secret_key: SecretKey::generate_using_seed::<D>(
Expand Down
2 changes: 1 addition & 1 deletion kvac/src/bddt_2016/mac.rs
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ impl<G: AffineRepr> MAC<G> {

let s = G::ScalarField::rand(rng);
// `b` is the part of signature on uncommitted messages,
// i.e. partial_sig = h + sum(g_vec__i * m_i) for all i in uncommitted_messages
// i.e. partial_sig = h + sum(g_vec_i * m_i) for all i in uncommitted_messages
let b = params.b(uncommitted_messages, &s)?;

let mut e = G::ScalarField::rand(rng);
Expand Down
21 changes: 11 additions & 10 deletions kvac/src/bddt_2016/setup.rs
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM};
use ark_ff::{
field_hashers::{DefaultFieldHasher, HashToField},
PrimeField,
};
use ark_ff::PrimeField;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{cfg_iter, rand::RngCore, vec::Vec};
use core::iter::once;
use digest::{Digest, DynDigest};
use dock_crypto_utils::{
affine_group_element_from_byte_slices, concat_slices, join,
affine_group_element_from_byte_slices, concat_slices,
hashing_utils::hash_to_field,
iter::pair_valid_items_with_slice,
join,
misc::{n_projective_group_elements, seq_pairs_satisfy},
serde_utils::ArkObjectBytes,
signature::MultiMessageSignatureParams,
try_iter::CheckLeft,
};

use itertools::process_results;
use serde::{Deserialize, Serialize};
use serde_with::serde_as;
use zeroize::{Zeroize, ZeroizeOnDrop};

use crate::error::KVACError;
use dock_crypto_utils::{iter::pair_valid_items_with_slice, try_iter::CheckLeft};

use dock_crypto_utils::signature::MultiMessageSignatureParams;

#[cfg(feature = "parallel")]
use rayon::prelude::*;
Expand Down Expand Up @@ -150,13 +150,14 @@ impl<G: AffineRepr> MultiMessageSignatureParams for &MACParams<G> {
}

impl<F: PrimeField> SecretKey<F> {
pub const DST: &'static [u8] = b"BDDT16-MAC-KEYGEN-SALT";

pub fn new<R: RngCore>(rng: &mut R) -> Self {
Self(F::rand(rng))
}

pub fn generate_using_seed<D: DynDigest + Default + Clone>(seed: &[u8]) -> Self {
let hasher = <DefaultFieldHasher<D> as HashToField<F>>::new(b"BDDT16-MAC-KEYGEN-SALT");
Self(hasher.hash_to_field(seed, 1).pop().unwrap())
Self(hash_to_field::<F, D>(Self::DST, seed))
}
}

Expand Down
3 changes: 2 additions & 1 deletion oblivious_transfer/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ edition.workspace = true
authors.workspace = true
license.workspace = true
repository.workspace = true
description = "Oblivious Transfer (OT), Oblivious Transfer Extensions (OTE)"
description = "Oblivious Transfer (OT), Oblivious Transfer Extensions (OTE) and multiplication protocol using them"
keywords = ["oblivious-transfer", "simplest-OT", "OT-multiplication"]

[dependencies]
ark-ff.workspace = true
Expand Down
15 changes: 4 additions & 11 deletions saver/src/encryption.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ use serde_with::serde_as;
use crate::utils::CHUNK_TYPE;
use dock_crypto_utils::{ff::non_zero_random, serde_utils::*};

use dock_crypto_utils::solve_discrete_log::solve_discrete_log_bsgs_alt;
#[cfg(feature = "parallel")]
use rayon::prelude::*;

Expand Down Expand Up @@ -505,6 +506,7 @@ impl<E: Pairing> Encryption<E> {
let c_0_rho = c_0.mul_bigint((-sk.0).into_bigint());
let c_0_rho_prepared = E::G1Prepared::from(c_0_rho.into_affine());
let mut decrypted_chunks = vec![];
// chunk_max_val = 2^chunk_bit_size - 1
let chunk_max_val: u32 = (1 << chunk_bit_size) - 1;
let pairing_powers = if let Some(p) = pairing_powers { p } else { &[] };
for i in 0..n {
Expand Down Expand Up @@ -582,17 +584,8 @@ impl<E: Pairing> Encryption<E> {
g_i_v_i: PairingOutput<E>,
p: PairingOutput<E>,
) -> crate::Result<CHUNK_TYPE> {
if p == g_i_v_i {
return Ok(1);
}
let mut cur = g_i_v_i;
for j in 2..=chunk_max_val {
cur += g_i_v_i;
if cur == p {
return Ok(j);
}
}
Err(SaverError::CouldNotFindDiscreteLog)
solve_discrete_log_bsgs_alt(chunk_max_val, g_i_v_i, p)
.ok_or(SaverError::CouldNotFindDiscreteLog)
}

/// Relies on precomputation
Expand Down
3 changes: 2 additions & 1 deletion schnorr_pok/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ edition.workspace = true
authors.workspace = true
license.workspace = true
repository.workspace = true
description = "Schnorr protocol for proof of knowledge of one or more discrete logs"
description = "Schnorr protocol for proof of knowledge of one or more discrete logs. Working in elliptic curve and pairing groups"
keywords = ["Schnorr", "proof-of-knowledge", "ZKPoK"]

[lib]
doctest = false
Expand Down
3 changes: 2 additions & 1 deletion secret_sharing_and_dkg/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ edition.workspace = true
authors.workspace = true
license.workspace = true
repository.workspace = true
description = "Secret sharing schemes and DKGs."
description = "Secret sharing schemes like Shamir's, Feldman's, Pedersen's and Publicly Verifiable Secret Sharing scheme and DKGs like FROST"
keywords = ["secret-sharing", "VSS", "PVSS", "DKG", "Shamir"]

[dependencies]
ark-ff.workspace = true
Expand Down
7 changes: 4 additions & 3 deletions secret_sharing_and_dkg/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Secret sharing and distributed key generation

Implements Secret Sharing (SS), Verifiable Secret Sharing (VSS), Distributed Verifiable Secret Sharing (DVSS) and Distributed
Key Generation (DKG) algorithms. DVSS and DKG do not require a trusted dealer. Also implements a distributed discrete log check.
Implements Secret Sharing (SS), Verifiable Secret Sharing (VSS), Distributed Verifiable Secret Sharing (DVSS), Distributed
Key Generation (DKG) and Publicly Verifiable Secret Sharing (PVSS) algorithms. DVSS and DKG do not require a trusted dealer. Also implements a distributed discrete log check.


1. [Shamir secret sharing (Requires a trusted dealer)](./src/shamir_ss.rs)
Expand All @@ -11,4 +11,5 @@ Key Generation (DKG) algorithms. DVSS and DKG do not require a trusted dealer. A
1. [Feldman Distributed Verifiable Secret Sharing](./src/feldman_dvss_dkg.rs)
1. [Secure Distributed Key Generation for Discrete-Log Based Cryptosystems](./src/gennaro_dkg.rs)
1. [Distributed Key Generation from FROST](./src/frost_dkg.rs)
1. [Distributed discrete log (DLOG) check](./src/distributed_dlog_check)
1. [Distributed discrete log (DLOG) check](./src/distributed_dlog_check)
1. [Publicly Verifiable Secret Sharing](./src/baghery_pvss)
Loading

0 comments on commit 3652320

Please sign in to comment.