Verifiable encryption of messages of a generalized Pedersen commitmen…

…t using the paper "Verifiable Encryption from MPC-in-the-Head" Signed-off-by: lovesh <[email protected]>
docknetwork · Sep 30, 2024 · 5f125d0 · 5f125d0
1 parent a34298a
commit 5f125d0
Show file tree

Hide file tree

Showing 20 changed files with 2,885 additions and 10 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,8 +20,8 @@ members = [
     "bulletproofs_plus_plus",
     "smc_range_proof",
     "short_group_sig",
-    "syra"
-]
+    "syra",
+    "verifiable_encryption"]
 resolver = "2"
 
 [workspace.package]

diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ Library providing privacy enhancing cryptographic primitives.
 11. [Short group signatures](./short_group_sig/). BB signature and weak-BB signature and their proofs of knowledge based on the papers [Short Signatures Without Random Oracles](https://eprint.iacr.org/2004/171) and [Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs](http://library.usc.edu.ph/ACM/SIGSAC%202017/wpes/p123.pdf).
 12. [Keyed-Verification Anonymous Credentials (KVAC)](./kvac). Implements Keyed-Verification Anonymous Credentials (KVAC) schemes.
 13. [SyRA](./syra). Implements sybil resilient signatures to be used for generating pseudonyms for low-entropy credential attributes.
+14. [Verifiable encryption](./verifiable_encryption) using [this paper Verifiable Encryption from MPC-in-the-Head](https://eprint.iacr.org/2021/1704.pdf).
 
 ## Composite proof system
 

diff --git a/proof_system/src/lib.rs b/proof_system/src/lib.rs
@@ -112,6 +112,8 @@
 //!
 //! - test `pok_of_3_bbs_plus_sig_and_message_equality` proves knowledge of 3 BBS+ signatures and also that certain
 //!   messages are equal among them without revealing them.
+//! - test `pok_of_bbs_plus_sig_and_inequality_with_public_value` proves knowledge of a BBS+ signature and also that
+//!   certain message is not equal to a public value without revealing the message
 //! - test `pok_of_bbs_plus_sig_and_accumulator` proves knowledge of a BBS+ signature and also that certain messages
 //!   are present and absent in the 2 accumulators respectively.
 //! - test `pok_of_knowledge_in_pedersen_commitment_and_bbs_plus_sig` proves knowledge of a BBS+ signature and opening
@@ -136,7 +138,7 @@
 //!   is bounded by a given value, etc [here](tests/r1cs). The Circom compiler output and circuits are [here](tests/r1cs/circom).
 //!   The circuits were compiled and tested for BLS12-381 curve.
 //!
-//! *Note*: This design is largely inspired from my work at Hyperledger Ursa.
+//! *Note*: This design is inspired from my work at Hyperledger Ursa.
 //!
 //! *Note*: The design is tentative and will likely change as more protocols are integrated.
 //!

diff --git a/proof_system/tests/bbs_plus_and_accumulator.rs b/proof_system/tests/bbs_plus_and_accumulator.rs
@@ -407,6 +407,7 @@ macro_rules! gen_tests {
 
             let nonce = Some(b"test-nonce".to_vec());
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 prover_proof_spec.clone(),
@@ -416,6 +417,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to create a proof with a BBS+ signature and VB positive accumulator membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -623,6 +628,7 @@ macro_rules! gen_tests {
 
             test_serialization!(ProofSpec<Bls12_381>, prover_proof_spec);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 prover_proof_spec.clone(),
@@ -632,6 +638,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to crate a proof with a BBS+ signature and VB universal accumulator membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -735,6 +745,7 @@ macro_rules! gen_tests {
 
             test_serialization!(ProofSpec<Bls12_381>, proof_spec);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -744,6 +755,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to create a proof with a BBS+ signature and VB universal accumulator non-membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -850,6 +865,7 @@ macro_rules! gen_tests {
 
             test_serialization!(ProofSpec<Bls12_381>, proof_spec);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -859,6 +875,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to create a proof with a BBS+ signature and KB universal accumulator membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -961,6 +981,7 @@ macro_rules! gen_tests {
 
             test_serialization!(ProofSpec<Bls12_381>, proof_spec);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -970,6 +991,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to create a proof with a BBS+ signature and KB universal accumulator non-membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -1081,6 +1106,7 @@ macro_rules! gen_tests {
 
             let nonce = Some(b"test-nonce".to_vec());
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -1090,6 +1116,10 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!(
+                "Time to create proof with a BBS+ signature and KB positive accumulator membership: {:?}",
+                start.elapsed()
+            );
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -1279,6 +1309,7 @@ macro_rules! gen_tests {
 
             test_serialization!(ProofSpec<Bls12_381>, proof_spec);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -1288,6 +1319,7 @@ macro_rules! gen_tests {
             )
             .unwrap()
             .0;
+            println!("Time to create proof with a BBS+ signature and 6 accumulator membership and non-membership checks: {:?}", start.elapsed());
 
             test_serialization!(Proof<Bls12_381>, proof);
 
@@ -1828,6 +1860,7 @@ macro_rules! gen_tests {
             ));
             test_serialization!(Witnesses<Bls12_381>, witnesses);
 
+            let start = Instant::now();
             let proof = Proof::new::<StdRng, Blake2b512>(
                 &mut rng,
                 proof_spec.clone(),
@@ -1837,6 +1870,10 @@ macro_rules! gen_tests {
             )
                 .unwrap()
                 .0;
+            println!(
+                "Time to create proof with 4 BBS+ signatures: {:?}",
+                start.elapsed()
+            );
 
             let mut statements = Statements::new();
             statements.add($verifier_stmt::new_statement_from_params_ref(

diff --git a/secret_sharing_and_dkg/src/common.rs b/secret_sharing_and_dkg/src/common.rs
@@ -155,7 +155,7 @@ impl<G: AffineRepr> PublicKeyBase<G> {
     }
 }
 
-/// Return the Lagrange basis polynomial at x = 0 given the `x` coordinates
+/// Return the Lagrange basis polynomial at x = 0 given the `x` coordinates.
 /// `(x_coords[0]) * (x_coords[1]) * ... / ((x_coords[0] - i) * (x_coords[1] - i) * ...)`
 /// Assumes all `x` coordinates are distinct and appropriate number of coordinates are provided
 pub fn lagrange_basis_at_0<F: PrimeField>(x_coords: &[ShareId], i: ShareId) -> Result<F, SSError> {

diff --git a/utils/README.md b/utils/README.md
@@ -3,7 +3,7 @@
 A collection of utilities used by our other libraries in this workspace.
 
 - Pedersen commitment
-- Elgamal encryption
+- Elgamal encryption and variations - plain Elgamal, hashed-Elgamal and batched hashed-Elgamal
 - finite field utilities like inner product, weighted inner product, hadamard product, etc.
 - multiscalar multiplication (MSM) like Fixed Base MSM
 - polynomial utilities like multiplying polynomials, creating polynomial from roots, etc.