Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve half of #67 (Part 1/2) #93

Merged
merged 7 commits into from
Feb 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 12 additions & 8 deletions rust-arkworks/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
[package]
name = "sig"
version = "0.1.0"
name = "plume_arkworks"
version = "0.0.1"
edition = "2021"
license = "MIT"
description = "Implementation of PLUME: nullifier friendly signature scheme on ECDSA; using the `arkworks-rs` libraries"
repository = "https://github.com/plume-sig/zk-nullifier-sig/"
categories = ["cryptography", "cryptography::cryptocurrencies"]
keywords = ["nullifier", "zero-knowledge", "ECDSA", "PLUME"]

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
ark-ec = "~0.3.0"
ark-ff = "0.3.0"
ark-std = "0.3.0"
ark-serialize = "0.3.0"
ark-serialize-derive = "0.3.0"
thiserror = "1.0.30"
secp256k1 = { git = "https://github.com/geometryresearch/ark-secp256k1.git" }
ark-ff = "~0.3.0"
ark-std = "~0.3.0"
ark-serialize = "~0.3.0"
ark-serialize-derive = "~0.3.0"
secp256k1 = { git = "https://github.com/geometryresearch/ark-secp256k1.git", version = "0.1.0" }
rand_core = { version = "0.6", default-features = false, features = [
"getrandom",
] }
Expand Down
3 changes: 3 additions & 0 deletions rust-arkworks/README.MD
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
https://github.com/plume-sig/zk-nullifier-sig/blob/main/README.md
# HAZMAT
Please note that until `v0.1.0` this is very much a preview crate which lets you have some preliminary feel of the structure and the reference implementation approach.
7 changes: 6 additions & 1 deletion rust-arkworks/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

// use thiserror::Error;

/// This is an error that could occur when running a cryptograhic primitive
// /// This is an error that could occur when running a cryptograhic primitive
// #[derive(Error, Debug, PartialEq)]
// pub enum CryptoError {
// #[error("Cannot hash to curve")]
Expand All @@ -14,13 +14,18 @@
// }

// Let's outline what errors will be in `~0.4.0`
/// It's an interim `enum` between legacy definition of the errors and prospective which will be relying on [`ark_ec::hashing::HashToCurveError`].
#[derive(Debug, Clone)]
pub enum HashToCurveError {
/// Mimics the `ark_ec::hashing::HashToCurveError` enum
UnsupportedCurveError(String),
/// Mimics the `ark_ec::hashing::HashToCurveError` enum
MapToCurveError(String),
/* let's add two more items to absorb everything
in `crate::hash_to_curve` which is
subject to deprecation */
/// Absorbs any legacy error in [`mod@crate::hash_to_curve`]. They will be deprecated with upgrade to `~0.4.0`.
Legacy,
/// A special case for a reference function. It will be moved to <./examples> with the upgrade to `~0.4.0`.
ReferenceTryAndIncrement,
}
61 changes: 52 additions & 9 deletions rust-arkworks/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,26 @@
use crate::error::HashToCurveError;
/// This crate provides the PLUME signature scheme.
///
/// See <https://blog.aayushg.com/nullifier> for more information.
///
/// Find RustCrypto crate as `plume_rustcrypto`.

pub use crate::error::HashToCurveError;
use crate::hash_to_curve::hash_to_curve;
use ark_ec::short_weierstrass_jacobian::GroupAffine;
use ark_ec::{models::SWModelParameters, AffineCurve, ProjectiveCurve};

/// Re-exports the `GroupAffine` and `SWModelParameters` types from the `ark_ec` crate.
///
/// `GroupAffine` represents an affine point on a short Weierstrass elliptic curve.
/// `SWModelParameters` contains the parameters defining a short Weierstrass curve.
pub use ark_ec::{models::SWModelParameters, short_weierstrass_jacobian::GroupAffine};
/// Re-exports the `Rng` trait from the `rand` crate in `ark_std`.
///
/// `Rng` provides methods for generating random values.
pub use ark_std::rand::Rng;

use ark_ec::{AffineCurve, ProjectiveCurve};
use ark_ff::PrimeField;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, Read, SerializationError, Write};
use ark_std::{rand::Rng, UniformRand};
use ark_std::UniformRand;
use secp256k1::sec1::Sec1EncodePoint;
use sha2::digest::Output;
use sha2::{Digest, Sha256};
Expand All @@ -14,11 +30,15 @@ mod hash_to_curve;

const EXPECT_MSG_DECODE: &str = "the value decoded have been generated by a function which is improbable to output a malformed hexstring (still a place for refactoring)";

/// An `enum` representing the variant of the PLUME protocol.
pub enum PlumeVersion {
V1,
V2,
}

/// Converts an affine point on the curve to the byte representation.
///
/// Serializes the affine point to its SEC1 encoding and returns the raw bytes.
pub fn affine_to_bytes<P: SWModelParameters>(point: &GroupAffine<P>) -> Vec<u8> {
hex::decode(point.to_encoded_point(true))
.expect(EXPECT_MSG_DECODE)
Expand Down Expand Up @@ -72,45 +92,58 @@ fn compute_c_v2<P: SWModelParameters>(
Sha256::digest(c_preimage_vec.as_slice())
}

/// A struct containing parameters for the SW model, including the generator point `g_point`.
/// This struct implements traits for (de)serialization.
#[derive(
Copy,
Clone,
ark_serialize_derive::CanonicalSerialize,
ark_serialize_derive::CanonicalDeserialize,
)]
pub struct Parameters<P: SWModelParameters> {
/// The generator point for the SW model parameters.
pub g_point: GroupAffine<P>,
}

/// A struct containing the PLUME signature data
#[derive(
Copy,
Clone,
ark_serialize_derive::CanonicalSerialize,
ark_serialize_derive::CanonicalDeserialize,
)]
pub struct PlumeSignature<P: SWModelParameters> {
/// The hash-to-curve output multiplied by the random `r`.
pub hashed_to_curve_r: GroupAffine<P>,
/// The randomness `r` represented as the curve point.
pub r_point: GroupAffine<P>,
pub s: P::ScalarField,
pub c: P::ScalarField,
/// The nullifier.
pub nullifier: GroupAffine<P>,
}

// These aliases should be gone in #88 . If they won't TODO pay attention to the warning about `trait` boundaries being not checked for aliases
// also not enforcing trait bounds can impact PublicKey -- it's better to find appropriate upstream type
type Message<'a> = &'a [u8];
type PublicKey<P: SWModelParameters> = GroupAffine<P>;
type SecretKeyMaterial<P: SWModelParameters> = P::ScalarField;

/// A type alias for a byte slice reference, used for representing the message.
pub type Message<'a> = &'a [u8];
/// The public key.
pub type PublicKey<P: SWModelParameters> = GroupAffine<P>;
/// The scalar field element representing the secret key.
pub type SecretKeyMaterial<P: SWModelParameters> = P::ScalarField;

impl<P: SWModelParameters> PlumeSignature<P> {
/// Generate the public key and a private key.
fn keygen(pp: &Parameters<P>, rng: &mut impl Rng) -> (PublicKey<P>, SecretKeyMaterial<P>) {
/// # HAZMAT
/// No measures yet taken for the [`SecretKeyMaterial`] protection
pub fn keygen(pp: &Parameters<P>, rng: &mut impl Rng) -> (PublicKey<P>, SecretKeyMaterial<P>) {
let secret_key = SecretKeyMaterial::<P>::rand(rng);
let public_key = pp.g_point.mul(secret_key).into();
(public_key, secret_key)
}

/// Sign a message using a specified r value
/// Sign a message using the specified `r` value
fn sign_with_r(
pp: &Parameters<P>,
keypair: (&PublicKey<P>, &SecretKeyMaterial<P>),
Expand Down Expand Up @@ -174,6 +207,16 @@ impl<P: SWModelParameters> PlumeSignature<P> {
Self::sign_with_r(pp, keypair, message, r_scalar, version)
}

/// Verifies a PLUME signature.
/// Returns `true` if the signature is valid, `false` otherwise.
///
/// Computes the curve points and scalars needed for verification from the
/// signature parameters. Then performs the verification steps:
/// - Confirm g^s * pk^-c = g^r
/// - Confirm h^s * nul^-c = z
/// - Confirm c = c'
///
/// Rejects if any check fails.
fn verify_non_zk(
self,
pp: &Parameters<P>,
Expand Down
41 changes: 0 additions & 41 deletions rust-k256/.vscode/launch.json

This file was deleted.

7 changes: 6 additions & 1 deletion rust-k256/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[package]
name = "zk-nullifier"
name = "plume_rustcrypto"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make this one plume_crypto, and the other one plume_arkworks!

version = "0.1.0"
edition = "2021"
license = "MIT"
description = "Implementation of PLUME: nullifier friendly signature scheme on ECDSA; using the k256 library"
repository = "https://github.com/plume-sig/zk-nullifier-sig/"
categories = ["cryptography", "cryptography::cryptocurrencies"]
keywords = ["nullifier", "zero-knowledge", "ECDSA", "PLUME"]

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

Expand Down
1 change: 1 addition & 0 deletions rust-k256/README.MD
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
https://github.com/plume-sig/zk-nullifier-sig/blob/main/README.md
Loading
Loading