diff --git a/Cargo.toml b/Cargo.toml index c987a2d..da4fbdb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,9 +36,12 @@ indexmap = { version = "2.2.6", features = ["serde"] } default = [ "std" ] std = [ "ark-std/std", - "ark-std/getrandom", "ark-ec/std", "ring-proof?/std", + "getrandom" +] +getrandom = [ + "ark-std/getrandom", ] secp256r1 = [ "ark-secp256r1", diff --git a/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json b/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json index 9f1ffad..e29e8b8 100644 --- a/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json +++ b/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json @@ -8,12 +8,12 @@ "h": "bb21b9e639f2f712abdacd1d7d3b85e9d02674e768268a0f99fd78231f23adbe", "gamma": "9d1326a5c7bc71cb746a961ffc0a83ccb2da6be3fd13081fdb4515c91e54c9d0", "beta": "be2af0216454b40a366b8216d78a7b7a065eb90c8e30027bac51f6bb88fd04800afc968223ef2c5e7fc3a042b24515cac54177186661af9e3b87bd215454e4a8", - "blinding": "da15f919c93a5ed24add36ab4dc014fe195280b7ebc851526069a9acf599b006", - "proof_pkb": "a040683d30fed4a5e6b01e0d89c05aa8c774f5b22c6ab09904d236272e6d7c28", - "proof_r": "741e85156557d156fc2bb4ff69bb16c68403bb2285a26563953ee824c0cabf05", + "blinding": "849cfd29b6d7895e74dd880b5a4830f2d7bfee3635952248222352128c95c11a", + "proof_pk_com": "fd548179ad9785279c2e4bef57691d44cbd5e5f987c0a557b50a886b5f626b16", + "proof_r": "b955eb287c976142bf2ef749547b5e00a96ede71adf1594e68056efc23682fd6", "proof_ok": "bd35d97a9ac7943fcb8821c98f3fae58c6ae318fe67f9dfa9006882d5d4852c6", - "proof_s": "8b071af2cd0efa87c03ed998999d9b922c36eb809b302ad7e2f14661c1a9fa11", - "proof_sb": "1ec307f961297ae2745a645f40972df05dd63155b25fcfdb6eb467b2211d7606" + "proof_s": "4ed3f75b934efa196432d519e003c8d8eb4352c200f98ba33d0a7955d7843809", + "proof_sb": "30522ca67a2c3c830b8bd7007d3040c8be56ad8f42445a5519b5890ec0a1fd10" }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-2", @@ -24,12 +24,12 @@ "h": "fb460da0b0d91803ba7157a3f4fba7377c5fdcbc107be32de2d3ba1b27bbdadb", "gamma": "b38bd5cda1732f3e838c6d2cadbe741cffe6e7ee804f7186378a664f138b4509", "beta": "50302f0b81a922f8d590c622863f434d79913379573aebcf4c7d637b6cf78450c57dbdbf011222a429b104b49ace7ddf7a98ca782100ff8b12c9d2aa36947e4b", - "blinding": "e1f3eed508b1bc3aa31526ad3faf39e41a85554e1a453f6522e1de2da1128813", - "proof_pkb": "6543166e9a5e62847ea649663690ee9a15b89a63eb08f65b686ad2e8aa06a2cd", - "proof_r": "81b4c295dd708bda8cdeee35967564f02bbb7d6fdb30e886a782681c93cd683f", + "blinding": "ebcef140bec6896c5a9e51e3f699253bf9c05210eba1e26ee5d8a89dd693ea01", + "proof_pk_com": "9fa964a4ab811002fc8fb6dc528ab8e0b30018f5504650950a390241a24462d1", + "proof_r": "0cf2d07e25bd61205b28d1b7047f5521b7b94f4ea2b93d10e5312e1d32924d8a", "proof_ok": "eef78a380b9ace0eebd1c301b393264984e989c43ff99958e51f80b636067940", - "proof_s": "95cef876901db79643cc106b994815a92eca7703a9075b145bf244ede078f70e", - "proof_sb": "43f301b8061a9acc6154c89488fb6022a6795b02821a3e31e230528c97c8af09" + "proof_s": "ebd057092f42b2bcd5e5eaa3e0a6e08edcabc903e234f5b3b2195cafcc60eb08", + "proof_sb": "3a548fd781010a6a1f9e3490a6b0ab786bd5d5cccfd40d73606552d14cfbc700" }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-3", @@ -40,12 +40,12 @@ "h": "54169525e90bf569c974bd8f68d462d4f0c245523ec082097cabcb9ca05f12e5", "gamma": "14020183589d3848899ed56dd3a303db8238d675fd81f01918d1eec3c6ea6125", "beta": "1e5d230c898b3710e0b5ccbde76900fb40be458724bbab61c74e30346c8ae0100a663395bbb73f5b3f8d63d674a3729b170b5ff00fac8a2b391c78586209e76e", - "blinding": "5225ce7829a87dd522d7ae5ee5c1f3dd19fabd39e218daebe9b402c6e7547b0c", - "proof_pkb": "9cc2cb53c955e0c1aa899a7306324db985d8f529eb50186ba85abe39cfbfe514", - "proof_r": "606be1adf7a19601a4c96a29437a2fa7d97e75fcfc645c2e10cde258c8579b88", + "blinding": "362be635848aa4217c81c816ffc1d18676c9fb90a85d4ac6f962a9fbe2749216", + "proof_pk_com": "42a7074f74c7df8f2ae964fc949a859b23be0c511bd3dc3be4cd14b7fc68d170", + "proof_r": "d393ad1a8c0f8ffc3961031fe88eba466e1d1c64bc97618bcfc551c9d4a4eb67", "proof_ok": "6461caebd9f4b292e394268293abb114212188b727b6bcec98e6b02091d6540f", - "proof_s": "56a8e25de20d42ea530f4dc45c5c7771fc9d58a66c6d0572d9a9e9c1f540980d", - "proof_sb": "b265c404c661858a98a5f5404e957d71345b442f1f310b21401e64666908d51b" + "proof_s": "f20f82c89e5526b666668b2d7233ae7ef01ff60b3b9b42105e68021aa4db6202", + "proof_sb": "1b4bf3ede07a83922cac9efecc491f738a6d96cbca92f6720bd2c3a5ecec0f0a" }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-4", @@ -56,12 +56,12 @@ "h": "889e4fef46be12a90de3a85fd228cbd401854cb6de9a53cd8e256c6fe98a1cb4", "gamma": "1197b2dbc086a11938ca9b58230bba6c6d07396059abe1cb75c7498a981d8d3a", "beta": "d3b2e4531f23f99677fafa456694121744f8ca7eb0733d54753b5bf3db5559b0fa3194fc6cbc06c63635fb222e3eca0c7e9d6fe8996dded951b469e256d159f5", - "blinding": "ce543e15dabb94ce66e64e683b42b6c95cd07b8c7fcbd16d2abd69f25c6a2114", - "proof_pkb": "ffc50e5462566fb623226d83c44835f1fc8e91f4eac0c2ef1d62d2eb3ebba970", - "proof_r": "7777a8ad0eda6f6bf44960424c34a4c865576fa7f383f7a21153833d6ffcf003", + "blinding": "b005ac39f9b07a7bca2740128331281e603e0a5cc53932b219ed53497d09760a", + "proof_pk_com": "ccdbe52f5316d98a54e081009781ecb40578a9c228bf03677727e48520838b4c", + "proof_r": "eb6a6d43dbed8bac9cb3b9134b11598870b63927f4e42c4665963a0fc30be6b7", "proof_ok": "5c2e454a4dc8af49d832f68df9da1db322a59182cf6efa9aa74bb63639a90503", - "proof_s": "0d4f0d76d7d1bab7d7eee569097948511c82ea6e84183801c8d3e2b5a6894d18", - "proof_sb": "077129e3ee33436e641bdc1fd29eb87e8203a602955fe6bebd74bdba95b62214" + "proof_s": "63f6de93a95a6e7ce1d5691b6273211ffd804668b8acec275b138cf8082ecd14", + "proof_sb": "2d9a8e2f2b7f8875bcbe7dba4bff57b97ea7c65f09431a296c8f81b704b08214" }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-5", @@ -72,12 +72,12 @@ "h": "45750b9ebdbe9d2d74a1d81e52b8ce882c2621aeb54f37521a1928ef6b242b34", "gamma": "46c5db953de82d9035ce367b270b2666b29e56d255dfe4cb54d8c0816698c599", "beta": "ac30d1fbd6e7c2f689b970eb46174de8dd5c3de3b0f7ca989d07ad453ff8a4221b888a140b37afed48823355b715f6e6320c9594238f400d8a5e8046c19f4014", - "blinding": "8b46d6bfb4f436c49d4c356eba768247607de1251ad87f10b119d67aa11cd507", - "proof_pkb": "68e0c96492e4d658a21bbb01fa2b76fa50331451932ac4957c57e96159be881f", - "proof_r": "4c0618af2c9b7c4814d0f3b16017861a7cc8dd1349918712cb4997d1c194564b", + "blinding": "4f3a7a6a7fef2b498abf9bcf9f5de740b48a08d595de9a4ed7531fe6011e0d14", + "proof_pk_com": "7aac13a049c570eaa5162c71ebac264f711a6d7e825f6b28fa1f8be17d0376bb", + "proof_r": "62a7f3ac432b3ed8893d022dd47c5cf68f6fd0f34186598636181dfad4b83091", "proof_ok": "59f2cf5c9501e5a819680e4b0b2815b4e9228c1a5afa36c3eaba65d31f5611e9", - "proof_s": "2a909ff6546d8bab7ed13d8678577315251887847e299ab6abaec1a1bc8c2715", - "proof_sb": "0b3a3f06ea5f488a3273e93f16373e80a0c2cf8c7b542789c3d145ca6d69f400" + "proof_s": "b4e4f14aca98214eb642ce88ce2a48f892bcbf0ac816a20f4796be49aa8b5b1c", + "proof_sb": "89b3fe44a94e13f5170c02c06db5f2a4aded841a10ab129997f6e359414f2e0c" }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-6", @@ -88,11 +88,11 @@ "h": "8af6936567d457e80f6715f403e20597c2ca58219974c3996a4e4414c3361635", "gamma": "022abfa7670d5051a6a0e212467666abb955faafe7fe63446f50eb710383444c", "beta": "126296afb914aa1225dfdddfe3bfd185b488801810e18034330b1c07409ccdc4f8deccfc30be219cb5186f80a523ae41720031ae39a78f18d3b14df8bb6d8e8a", - "blinding": "7529c9acdfb82d17361fd5cf0a7e8cea7da0fe88b21aa9f5bfb56c28dd8c4608", - "proof_pkb": "0cb8975799638c0f0dc14bf0752a5eaf6c66a8ca4f72c4da8c862da465da9c16", - "proof_r": "4dea915576f35148914e86e069cc75578a0e7a1e470f09de90ce14b950269bab", + "blinding": "d896feff98f1398b548f8c49500d41237c90a34876d82bd34553ab3ed5623110", + "proof_pk_com": "7ecf70faea2c4d82f6a7cef226d60d2d16cfccdf81a360fa15a7c8665299f89f", + "proof_r": "bc6d88b3b07be4880b772ad74f1e023bbe2e4f5a91b3c1f3a84ba190c8982ebb", "proof_ok": "3639790d6414b474aa1d53de4e7a896b4e6458c078867acd22200f00f20f280a", - "proof_s": "f5f1e64505335f495e3b20e508cb075c0365420648ad612a02697d7d589b4704", - "proof_sb": "73b2c1137f7685652bc2d759f3fed7f6914976d49b71009478171d2defcea909" + "proof_s": "883c3324f6dc6f19047122be50db678e37c96fcc1d035c0d001cb5ee6a964216", + "proof_sb": "651e1b4fcf34ca04a4ed1f5fa46b6631849a59b07da392d081d63531682e6506" } ] \ No newline at end of file diff --git a/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json b/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json index 03646b3..c582e8c 100644 --- a/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json +++ b/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json @@ -8,12 +8,12 @@ "h": "4b47d0c639c8c7b00ed5409caf2f1fc946c4e554537ea5775e86de30dd05170480", "gamma": "5f3c9b5f8a80679b1bd335c46cfd35686750291704811d581f9e9a4904f8401b00", "beta": "5f66fe722cb411ce93c415a8f5bf6ae9e8c95acd90762e11ebddba2727c3fa41813005dc6ce72078e0e9d0f4702b5fe0a7debfaf1e64c638c8a098b384ac4b69", - "blinding": "6af2737ccfffced39a0817fd50f83f0271277d7f937581711d7e2ebf26af8e17", - "proof_pkb": "abfbcc8c7492627b84febbaa663c6ee1b7578edd733790e4b8df2c9573cb163980", - "proof_r": "f324bde3e09c6eaa77d75bd056a0928e367bace280d6c9ed7b9e9920c318396600", + "blinding": "73d348cb42acf5e892f3fc2f94daa3def961cc0f14514b675587992f34414c18", + "proof_pk_com": "285df785693eb2e43bb3b2d05ec90f0788cb126ed5e4f2af88a7084dd199161700", + "proof_r": "0cda24b7cee0b04f89259222c2129b2e4fcc28699cf26c3da090516b016c466100", "proof_ok": "bf337e250d9bc9d82763daadc4de97ae507bc5e7ffeaddb64c5c33c451cff76500", - "proof_s": "aa204fd08e125b7c344cbb0a962a2a60e62dd6ff0a84ecf146fc67fc803b670b", - "proof_sb": "70d1b5e3883d3d3e7c410c72e5a6acc503e437176c959cbac26b24488352b717" + "proof_s": "8c4860450e1cddb04acfb6bfd4d2463b4464c9daf94c76e76ee215fd2b411710", + "proof_sb": "8198b2ac3630fe48ce32f00a24418f6cf462919537e35d6c9a26cab9aeb87c0c" }, { "comment": "Bandersnatch_SHA-512_TAI - vector-2", @@ -24,12 +24,12 @@ "h": "4bbd395c9760dd34c8a430b5f1949168218bd4004a79de863f1d1c8e80df630780", "gamma": "60031e90dc2998241e5ae73e0237d08fe1aaca59431adb7c5e54fcf64e3e7c0080", "beta": "333ce15eec798c112a1cee57484d66877e1001ba20537dd2bf6153e122d0851728a7c26e0201cbae348d9205a71d8846c4cd3e148b7ff50c484e1f1894e289e1", - "blinding": "2510f009befd8f06bf437a6e3e808b6386c533789efd10839af7bd5be140b112", - "proof_pkb": "0bb8e1d1173e0ce077f5ddcad51b2aa5b44b076b26764e7d582a83d090e1c45380", - "proof_r": "858b06d57afcd4d9bdc4f57b704964f7a921772a194683f58f9eccfc64b0e03f00", + "blinding": "2a5d700eb06ad15f691fb6f66a1ea5322a414b2fa7e5ad6fa3461358843f290a", + "proof_pk_com": "8fb0e107051a2dc07cc163afe16558bd05eb53e746d898f54b361e735b6af26480", + "proof_r": "d4f6373f4ce00fdf39bce0431051c0bae2127ec92631ecf56c9872a81793d25e80", "proof_ok": "b47cf555af1472f1dda5cd581bbc85a6b5d0c7253f09ef95ed6f402fa6cdc66100", - "proof_s": "9839d0c3ebcacde50a8c1fb7254bb936e5777aa56dbc5920f1a81f2c7bfea012", - "proof_sb": "6c71e58e7ad4638aafe6606bb43c677b3cdca68527472b3237011dd30ed7f718" + "proof_s": "93f2dc496858993f2a1b560d98805ccacc788ad0b48b74e1ecbd6675f58a8119", + "proof_sb": "7b6cd688ee2442d5bc55a8c6894287f1e99f1105caad6b3abc3b71eefeef2706" }, { "comment": "Bandersnatch_SHA-512_TAI - vector-3", @@ -40,12 +40,12 @@ "h": "1c7ee438bdc9a0fa33d7466cecb2b34b3584453567de9c14aa85c7de7948e84480", "gamma": "718f7ea6e99c70dd9a54f6493ece5d27cfcdeb13d5629d10568ceb3096d6a93100", "beta": "664617a664c598dc8b3513338d9fdcfee2b04f8bc77bb7225fd49258e2098f220d9ad054c74fa2cdd6e9f762ecaee89a08ab0957d21dfc8873fe1c39ffc300e5", - "blinding": "95a6f613cd7aeea954fa54dd49df153dc3ac65e774474311aed1daf43d36f015", - "proof_pkb": "594293c2b6bc7175dd7002f649e3057d41522cbde20842e17a5c38038d898b6f80", - "proof_r": "0d025552f31081e5b2dcaca15c1df8794b75ae6a179aeb23f6aee48435d4cc1700", + "blinding": "71f2a79e2dcd1d74e8144dc321e6c9578493b56c1f13eee3d2b8983dfe3e160f", + "proof_pk_com": "f565e1fe7ced5762032d3cdf30924be3da278a5b80ce9dfce8c567740a91362a00", + "proof_r": "dde1b6c4036e2fdad5481acd76c8f97299cf246efff4ee11425f2fecc9b05b4e80", "proof_ok": "f67cc695f923c225f1cb5e84a6890519f288728e40dd952172acf552ef65d52080", - "proof_s": "32298b6accd300d34a7c5f43e9d2109440d9eba87f29c4c94bd28a9e591a4f07", - "proof_sb": "125f37f77711c23fe3ead959f9ea722c013fea9968583eae94eb7294decc0917" + "proof_s": "0c33830b49e1948e03df500a00d6c1aeebd378b57763666778c3a7e2be997412", + "proof_sb": "377ff70b369920598e4773afcc11b3cefa9764c541f8954dbf3b16a13bbffb11" }, { "comment": "Bandersnatch_SHA-512_TAI - vector-4", @@ -56,12 +56,12 @@ "h": "9e689f17e75a53527cba47be2c005e1866635ea6b4df50d66d71fd15ca78310780", "gamma": "f9522a47aaf42c87bb3981ab51be6be878c6212a13e788f5b5716ed630221c2b80", "beta": "25178372616cc2632cac6c79d2af0dec6998ee6bba60aa7138fdb225590e68da81d2681e3c9d0e38b2ee7cd50ef7acf87b8a572b616edfbb3fe159301df5555b", - "blinding": "06f9e1d426e48dac4834dc780e199f9375ad551dc9e08d9aed8580ab2c820100", - "proof_pkb": "8643280135c000952c886c5a83a9ca3f47f4f68e830814b5bc800b2701b4936c80", - "proof_r": "fa80a01035ea1e466548703e48c16729dc1760fa59b5af873fb3b0fdd1d2293400", + "blinding": "562471c8de7e703466bc020d46936d22e687fdba6846ff04acc80f1a3a5e3d02", + "proof_pk_com": "6f727f76cedbfe0a9774375b75ed385d1494fbafc4d8524650b6d27b49e41b7000", + "proof_r": "1c27b8be50260c457980de3e7dd14d1c8ac3d85eb3a142a2fcd22c7fbb03fc3c00", "proof_ok": "90e2f7da267cba03dea05c04b568c680814818853213e7811f94234c2a5c200e00", - "proof_s": "0f8cc5180c97a6f8a90f1fde2a0db1703fb54e55ee076e8eeaa30f4643e23718", - "proof_sb": "ba909724d4298f098ac95ba3ea834d7d874e7dec08333e5eff85a90bfa665017" + "proof_s": "b1d6cbc0f69859a4da72bd7222865957b1a2afa7ebebb20a4262c5ff0d82ac08", + "proof_sb": "5923611c047c76b6cb62eb69a5cb577153bb5f33b0638184ba656f27259dbd00" }, { "comment": "Bandersnatch_SHA-512_TAI - vector-5", @@ -72,12 +72,12 @@ "h": "771e6bc0f01e01f4fbd38ab93ec61c35ada53c426dcf55bed039f7ada10aed6500", "gamma": "47aa1025c292656b2ca74854033b8c92a48b02ad72271b642998a4384752af6080", "beta": "f08a4e95ca4e9351a3f83f9921aabfa0771983cb6194fdfb22cf85128645ee0e3df03f7ec7e3b47e06dc602cce8d282672b4fcde522b69fc85e04f1300288bf8", - "blinding": "da04cc5ea6d07e29f13ee94425b710ebd9b0850dd9aaa90faf7494d5a291fa00", - "proof_pkb": "2edf2504d0ff19adf2bcef8386a90e4beb8d329fbd10e5f6e526a4eb8039524280", - "proof_r": "35300be08e65f990eda7a1c35bd1416b5e467e2b0af5de88ff362aa8f72ee93f80", + "blinding": "afeefd7a40d4f9e77a19ff7ab35c463dd7d1a0f3c1421ebe9628e8386791a901", + "proof_pk_com": "fc6ed039a22c52f3404a0acf2a717fb3b78fcde2a29f8a13ef72b7e0e6f0ab0080", + "proof_r": "82215958755d14ec0ece79163d22a28815b819ca6b4c1a539c5631715086850300", "proof_ok": "8bd1ff755d7999ca047e08d1275e01c212312132077c7707fd33487e6d5ed16080", - "proof_s": "742b91632f8eced2527c53e9adcf0ab792058d53fddace5831e29c88049e4d0c", - "proof_sb": "88228eb0f4ca45ee6b6ff782056377246bc538f8eded8f11d0e10f9c934e0305" + "proof_s": "a036dc77f3868662224d9fde7070a65a730cd1794f87dd5540e1a2bd77d98f0b", + "proof_sb": "d3ce9d62de85c3e475dba77f52421e35a83147e9a7c177825cb1ed4ca62ae60e" }, { "comment": "Bandersnatch_SHA-512_TAI - vector-6", @@ -88,11 +88,11 @@ "h": "dc4276ab164a69cc584b2b8fd3da54531649e075ca2e26688eece1ca9fdc230680", "gamma": "aacbf066133024064dd8923da69ae3fc52b2fb8b2b1a2508621472392e99e00b80", "beta": "a67a122a8423aabb806342b4b3f8f652de250acf964339d8975f07052015ca993b97a96cfc07ed2f07bc8b596eb88f561724d376f25846337af88edf5c86f602", - "blinding": "b766898d6807991cbe02f8a361982ebcac3b9fe0ad2425112f4b4a4ad2fa3815", - "proof_pkb": "65237094d61d005e460e42f9f37175d80b0a4e09011dc018df85c3f16442045b00", - "proof_r": "215e7f942793b28e8dfff6ec2673dcfd9032335ce9c6f727d495c4ced4b8704f00", + "blinding": "49f8755ac727dc7ce3c53a1799885340af4e0b891d01d6f513ab09204c46250c", + "proof_pk_com": "ee4f719c0ce5dc7f95ba176c4beabe5055832c1597ecc3e3f418a648cf9a6b5980", + "proof_r": "668055643cb3263af4e68dfd460bba683d729a6d79a454f156c3c0203362180f00", "proof_ok": "6d63a2b05cc3a230a6a02b89c63c2a4daa13cccbd73e82960813d65a2d0d5b0580", - "proof_s": "609700a01bfae439d1b5de6548b8023b5371c4ab8514a99336332d29ecc14314", - "proof_sb": "7c27442a5165b3254defbf8583e9a797762030c87cba40684f74938ebcbd3713" + "proof_s": "8abc5e2e409e408c4e735cf6ef635c0f6066b68534152c4de5f8558ef6879f0c", + "proof_sb": "135f1f2d6a5b5e2eedc965aecb9ca51170c1a1ed9c0412f75074e65f03628e1b" } ] \ No newline at end of file diff --git a/data/ed25519_sha512_tai_pedersen_vectors.json b/data/ed25519_sha512_tai_pedersen_vectors.json index 96d20d2..ac45295 100644 --- a/data/ed25519_sha512_tai_pedersen_vectors.json +++ b/data/ed25519_sha512_tai_pedersen_vectors.json @@ -8,12 +8,12 @@ "h": "5e1dbdda4ce6a06e9e1062bf1c5d2ff6dd2689ba99a9b4c57e86bc8c9953e685", "gamma": "bfc0b9986b3732c37543cd5f66830a2c0d5005ee5d1a075c5ac6504c7a25fc1d", "beta": "1ce87ebb1710c3b55ff9c72e1d7e6f852bdbc4e793aa2ff1ceea1c698ca9b5b10709598d6c35b32e7caeecdb26e6d6f18199bc1545c3789fc30ef167ff8b51a5", - "blinding": "61ef59a3f0b11597461a42ae7f0a79a84a2b416e26116ec60c81939188c9e903", - "proof_pkb": "fc57b1fa6eb2732b09ebd948c2155df185477c440af0591f519f8ab6ad3b44fe", - "proof_r": "09101720fb92ad346ad8d0a1d9950efdc52246c83fa3c63906cc0680a6f254f3", + "blinding": "4ce14827bfc77a3ce7632503e500025dfe487aba7d92b33ff41f7db0b8d5f40a", + "proof_pk_com": "149a5e998b1e32cfe0cf5e9f1c5e9bf6bf7c5512655efadef4ea7937b6f53dc3", + "proof_r": "71c5c1f1b84f303ad3474dd362bb01418a624541c3cc6208a3fbc5fb7830e512", "proof_ok": "77ba30ad60734c023386c3459b179a3a485a5237255bad8adbabbb2b08be0d1a", - "proof_s": "55911d67ceb9184af08360a5584be72dbf1a43e9ab9f72e270e6b297de9b0109", - "proof_sb": "305be5dff847c79d6bf64d4b68f4a7822f3856c5bdee61a16e63206c249aad0f" + "proof_s": "3decd6668613130d6b4076226170186944eb017926ae1ebac5140f75bbde0c01", + "proof_sb": "9c703beb86b7cd4abdf406ae79cfe8cca6cd8b9dda4a2a1db2b409a5f147af0e" }, { "comment": "Ed25519_SHA-512_TAI - vector-2", @@ -24,12 +24,12 @@ "h": "a8b789c2545f3fbeb1f801136462a7734ff39a37d7352cc8d0b1d5bf2db54a08", "gamma": "9aeb013867130f00b431f30038d5054dfcd29b45bb2402d6f4f6b65225504eec", "beta": "ad37782159dce2a4674a2fa5e411df74c1bd4a59a119271252c459a6cb0a58d281705d0a0256a2a941a369f9f1d71dea0c1c7d3bf069cfd6edf92a267f8ed3f3", - "blinding": "fde19c48faae9394a3874fa52ddd60672a3ff12cc1e6eec1f081b16ac9176d01", - "proof_pkb": "8e7053d5fdf16519c767d75874ea93b6846f2c9a9119f9fd8c888804e332233f", - "proof_r": "ce105b319027ba37a9f6b0e0714d494f5c245b962c9f9ac95d59444a42659820", + "blinding": "007f2daabf54557a1ba8330c3931eafdf8fe1c13cfb1747d5d43874b134c9a0c", + "proof_pk_com": "d668ca83a65cfb1859f248c9d8b5c6de8a5b92c27cf29868a330052ee7d54a8c", + "proof_r": "e455f96a37fe50341509fc6132281d04982763e5a5df9248703f4e38bcd17990", "proof_ok": "9aabbae6704c817a5558c7702b7bbafb849c5dedf35e7f52f2653c2bc36a98a5", - "proof_s": "e74b02008b47fcd0a80e1511821e9e8dbafae6153a2d6e86e2c3a5c062e25b01", - "proof_sb": "7981cd7016b4d82bf258640eda0f5eacdf33b075b15488c0cf4e969d7832060e" + "proof_s": "6553833432a007a2eb2b9f5c15833c14ad66b48c608bbd41bc1a7f6af2bdb803", + "proof_sb": "862187c4d51420b3f1602b51487df3e45f720eae113787e64796352f531a1008" }, { "comment": "Ed25519_SHA-512_TAI - vector-3", @@ -40,12 +40,12 @@ "h": "b2f60d2cdd4e97a5418b383abdea63c57aab609fa05f579c43374bf008e23964", "gamma": "d0bd8c705293879daed5264dd2c4b129a941db2e9513544a17100ec4634dfd46", "beta": "45e62e4c45a49aafc014042de5a870824326641d156bca99f894b2e8a0f44193f27ef85500a87a8ac023d66e4f70bb8b1bbb0b3d0b25eb5093ed99b3122fa1f4", - "blinding": "b8e907880c93fabc0b00c7514678eea2103a4c63be23d4160e4596fe21af3d00", - "proof_pkb": "b673e6622521a412ff36f36202d96aa2fe5783324a964487d9175e0bd6e22972", - "proof_r": "75421d1d73ab6035d6fedcd40f54d7dba50347eff95efad2b9d0205168aa9e3b", + "blinding": "77d6d168e85b1e69ef5045ea4ff1d8263f2b28b9dcac71ae60e1fd1a34cf5601", + "proof_pk_com": "c5bf2462788c6f61ecb122e30a2e04199cfbf432457d24f34d7b8aa63d24b572", + "proof_r": "81f5a60114abb77233bd81ed799e9ef3f984c932590dc16bdecb3c905c87d7d2", "proof_ok": "d80eb2d5b2781fa58863e0e63422df7d981e4620f3f8036671877328303973a4", - "proof_s": "09728cd1bad4b8d872b4bd444b4f2bb538f97f7463127a23f33b159bd39e820d", - "proof_sb": "96b6e5f8e918021a89408a750dbb1dc0b776fcaf6c6a6893c3bca1a6bea43807" + "proof_s": "ff2d771e3bcb337f6ffc8e971822a170ecbea2cc857c5e5c85df0ef79c0bee08", + "proof_sb": "bb1182e607d8d55fdcba8f3e34b44da56099b16cf7a124a05805982889d8fa05" }, { "comment": "Ed25519_SHA-512_TAI - vector-4", @@ -56,12 +56,12 @@ "h": "69567baa9dc496ef24aafb2da474ade1e1202f061e413ea33e0877dd8db085c7", "gamma": "be9ce3cd0b2ee84de50ce670ae9673ab3b5dc8aaffc7474415e09699f7378155", "beta": "c1e4361d7314984ce6b2d21fe4c27d12413fb5364e6e3be6894a3d5ad5c2f3783a03efc6908b203758eab6264cb03f1cdee98aa1ebe810f60e97f86cc27d221e", - "blinding": "31547ca9d95741732ee5b8d5ae38902fcec8807911c38a6c2014d1641d07b504", - "proof_pkb": "27ed5ed822532253d797d1d86bff89cf8f4c02a7184d0d199127c2610883b88b", - "proof_r": "a9f10e940a9486409d352cf1082128698a1c5f0c735c59f817564542416ca82d", + "blinding": "3c8fc818f6d9bc44b17835e1b3a7277bb8e6e4608b170da852ead89c1ec70102", + "proof_pk_com": "e9ed874b54c3b508cdd79f747300be42d3faaab64f29e43f8d043bdc0d1e2284", + "proof_r": "8e4f9ea2cf7492b2c8b7592538a89e28e1d8c165409ab7512faf0d6e9cb1c7fd", "proof_ok": "f747c53c2f95a495644f32a0b1cd04664f0956c8d46abe247135b50b786ed765", - "proof_s": "31a96d1bf13dfd343a319cf89f7e7ebbc6baa61f772d87928cb36dbe66898a0d", - "proof_sb": "41d45a400b0fd629b5ace9b65a653c501f30abd98e8b2ceb90d9fc5b1de43a06" + "proof_s": "650332c62a42f5c4a88aaad18870a6969414a0f7ae4133a4bf72e2a8b7489d0b", + "proof_sb": "c7f2f30b1b59263ceacc8d27213fa66290c114dcc3ff12c6bbbdba1d6f8ca50d" }, { "comment": "Ed25519_SHA-512_TAI - vector-5", @@ -72,12 +72,12 @@ "h": "71d02b885f6a81bb31d52c5bc54d8ba1c2fc52c42e34ddfd026e669caa30ca9e", "gamma": "032de270c2fba46c5345d09b039c389e826deb4083bba4a0e343518b1377c80f", "beta": "7ea607c45bc373ac948f334bb8d392b17f5156cf19330bab7a2572eaf7fcaa48fff48847d88a20659de03b2066ad8449d9c1fc3c178a6f3b074c33f7a74d0fde", - "blinding": "2bf90ce85684c584634cab050727a5f6151113a1f5bfa9fb1f19f2fd35fa2208", - "proof_pkb": "fafa5d8710741b2b6060fac68d9368132df94e1dea0f6ea8474b3c14acc037e4", - "proof_r": "cb22758192c97479a553a1c67c08f33e75c971c4b55fa8a459bea07f1bdf78fe", + "blinding": "aaedab45ce15ebba797fa1651143edff32ca94b90f375a215bc92ac40e5ae608", + "proof_pk_com": "2e60c1d425c2bad7377955c0fa78847a925d7495c5ed7c0f23ccfca06ce1ba3e", + "proof_r": "1d9883cb462e52c5ce34e10691fe9dc2328cee3552ad78fb54027d7bbf803ea8", "proof_ok": "f75d11b3ff0ad62fca3da82810d1605211258dfba324e2346b9a768cfba8632c", - "proof_s": "2cccc2371a1c6c585ae9dad8f1f821551cb6f6b00a1855a2845201d783901506", - "proof_sb": "0e5d20343e463f26aaf8f848461422641ebb7fa78181dec40df21e7f32a55501" + "proof_s": "922ef812f237feaca7c1716337f74a3746df4431a8ad10fa06dcd7eea7c4a70d", + "proof_sb": "1936105f1fcfc30472148953b1f32a8aa6a884a1141de6ec420b0a7296e1ae0e" }, { "comment": "Ed25519_SHA-512_TAI - vector-6", @@ -88,11 +88,11 @@ "h": "bc89b34d01bda6e9115462584ed1f5554e9035ea4b4b77d27dbd3027c16dfa43", "gamma": "50901ea735820db2198b6b6a8c8b62abdbc7bedde6b88a30e439583f1e387103", "beta": "4dc1285faf82ddd0b0b60f6055051d3f501e0b55b57d5f440467eea15dce84e56b20dca9462c11e57439b558b557f09a5ae8fbafea3f2d477f8f9aad10f19fc3", - "blinding": "d6e1ff0921c918cc33726200af54d68bb8b45cda89989f799d5cec26daf25302", - "proof_pkb": "2adaaa9b7114371dc4ef39ee9e718e55cb858ee2f43cbda264b3994e6238f939", - "proof_r": "d10d285f37329b4b9f99989beb86373c3bc19be578c42ccb66670c41dcf48a91", + "blinding": "424aaaf330eb729068ebb55ac828fe0e1f4b359c9b7b0336caddfe2e31fc900f", + "proof_pk_com": "382b2a4861069e028fb4cec3bfb4c4d4e420f42d61025e6ecd707bca6c14d835", + "proof_r": "12331c79b4207b6d7b89150fd03fdcbb2d121e5f2e5224ad1e0af1258bdced8e", "proof_ok": "ba09519e25af9a9e054a023340b59facdf0dbd58355f13794012122b573092d7", - "proof_s": "9189a14a88d9388b9bb7c86421ee6bb3c7c1cb9e5403e1a88447af95d0f1440d", - "proof_sb": "afc47e6d45a3708c8b5c6bb59e3a95fea101a709463ddd63f07396b74804fe0e" + "proof_s": "09718b2ac47b1fc5b0d285aa4e7024a0ed364116c4d96389070e05b818b8720b", + "proof_sb": "7d194509ae0d4e1fa4423862eb264246236825dbcef2004de42e482946e8aa08" } ] \ No newline at end of file diff --git a/data/secp256r1_sha256_tai_pedersen_vectors.json b/data/secp256r1_sha256_tai_pedersen_vectors.json index 1d061af..bfbdcb9 100644 --- a/data/secp256r1_sha256_tai_pedersen_vectors.json +++ b/data/secp256r1_sha256_tai_pedersen_vectors.json @@ -8,12 +8,12 @@ "h": "02ce0d7db4edd23b99b3736443c53ad12b133266c45646be3902a854606672e6ef", "gamma": "0298b844148e41d128a2f2d49eb208618039cd9ece62d0fc2659461ebe2c7df2ac", "beta": "92fd1eff9ddb4173ee87c45476b1c43486da7c20efd7a3c5b88891cf99bcd680", - "blinding": "c775f83de8efa45cdf5bbec03944526bfe9fdb502b3a3cd381ed88e75bc45cd7", - "proof_pkb": "02379fea5ac3147b8353a927387f6338a1d83f4730d86b8a83fa6716e810ff1f58", - "proof_r": "02f8cac054a48ffbddd79eed405d0732aa666c990147bca58ed98f2c832a3a76aa", + "blinding": "ab7d4ad073c44da9932dd035fe8826d9a1e80484c87cda2e2c71006b200a41e5", + "proof_pk_com": "0283c78a40f5c63168aa826d7c6ddd423c9ff181bd033f89769f05e7ffdb20c789", + "proof_r": "03cabf0e86fbf4712bd4fdb1d8680ac74ddc7675451419cac5311a8cf9de0d5552", "proof_ok": "020971b43cdc3c5854b262e217be2e003891f13020d69a6358edf56a3090f9b08c", - "proof_s": "d62986357982715e79bbce50127d865afb475cc093db733b1f894bd59cfe1ec6", - "proof_sb": "d02e6153787e75d155c7e9d9b02a437ed5bc9cb2fd94fede0af18ac8030cd642" + "proof_s": "d2468dac24274a1686acae4997fe37a874e1003f4b749448d2d47c39a3c2c11d", + "proof_sb": "5afff235206bbf501148454e3516ed8b157fdcc16fb3fae352edfaa2f9e291b2" }, { "comment": "secp256r1_SHA-256_TAI - vector-2", @@ -24,12 +24,12 @@ "h": "0242336b14ccf0f101b64a1cca4b08f72f6be851f717dc56c07262500a84071e06", "gamma": "03b2ae579ccf850038d9ba6b94a87646e8ecdec789639aab4c1492f11b114e6515", "beta": "f30b3d4fb257c287cf423d044796ce1eaf6ec9c9d42ae4305274dad9a2fbd4dd", - "blinding": "27d0fca6249e57e120056104b167b434e25b330809382a64608fb4ff6e8b6abc", - "proof_pkb": "02d018a17bfbbbd216f8b8aa77e7e6325744217be05b08fcdb4c8940d068d4c1a5", - "proof_r": "03cd637d1e000f1f99e5384d2c2f40e3d5ff8e21489aace34964ad51e767587222", + "blinding": "c20ffd1f7c015649c99bb063295931aa46016950f1d6d2b32a7d2bee3dc8ed25", + "proof_pk_com": "03dfead932f5f35f9a9c9b2544024946bc9d5796bf04858d036078926c2d0c708f", + "proof_r": "0301a3f23887efb9b8daa20208334404adf046ae52d6ad400190008e5c71cb17bc", "proof_ok": "0309f02f4b891d4751873ae88dc7501a251d8bd9fd10c85f7e5e85023f62fc6d10", - "proof_s": "5583ebad798ef6e45fc76a2cd293a19e6a7369838a5b0940919bcefc819426a0", - "proof_sb": "3f338436c5b51b2cb608108d93f156fca2682f8b8f28c7818a5674efa1936abf" + "proof_s": "c40e1a9abfaa0da5fd19146b77e984079c299d5d399851aa16727d1b09115f61", + "proof_sb": "6ce4f6a8107c38cbc9327931db2a476003300b6b0568542cf6362b226ef110cd" }, { "comment": "secp256r1_SHA-256_TAI - vector-3", @@ -40,12 +40,12 @@ "h": "02b90c05c10ddbfdafda6a964012946641737f888b90c930abdd2454c568f73d70", "gamma": "02c572767b190538c104182dfac985cd58430074f0db24305f4006d896c93b96c7", "beta": "478e767539cb216ca6c8a545cc4749ee08d90d7bca54d4d92286c90ae31ef31e", - "blinding": "e4fea845f9e5d999420f0bd7522dad8e67514f6a8666c31c0670aad2cabbf64d", - "proof_pkb": "0304aa8ce127cbf59b9a35f86970d51ca309d2a4dd89677a58fcf0b2aa5d0c5b89", - "proof_r": "023ac777c2b8b40a88d2a9412a7ec916410d77047dfeaa1d9caf7284f386d34839", + "blinding": "29665989dcb25272c8e0c4b61ab5dbf4260d5a549009b68f4248e65c35714391", + "proof_pk_com": "02192335a7e29c1c6d7e25f7e0bc7193a55a87c4c23de8a536fdad827ff8b73a50", + "proof_r": "02118e2f0ba18c4e094b71e99a602d3b0cebb2b522de1cdf49824d6ac7cbf3dd77", "proof_ok": "0240f062739e3f6bcf7bb190823296b59113314364afcfb5a1adcceb6b0d417778", - "proof_s": "7d3e421f6d59bb5b1e67bd4e9f60395fb3d7ce004a8770d06811e7501b75cf22", - "proof_sb": "5b464636bd968da1cbe4489aef873275b1d4f88d26193c5e76aaf097adfaac2e" + "proof_s": "eae5891e16ff6fe5772c7894ed1c5037b62d50082ae1a21c8d127426ae46066f", + "proof_sb": "98ab20e7f86cf0862dc526e5f21e44429154d68316d9924cb676a6bcd1e1fdbd" }, { "comment": "secp256r1_SHA-256_TAI - vector-4", @@ -56,12 +56,12 @@ "h": "02bca955248372984158e0f9bf7d8d9bb1ee87f188cf27e93647a967a0f9b09535", "gamma": "0323c860bdba4ceccc28ebed9283dc6f74b4e16c94ffe566f49318b955458c20e3", "beta": "cd9444669432a6b5ca8ad3a4adcd8152fb8a76e327877ea876e6bf3e761b6e13", - "blinding": "e752b23bb91e02e6e903724bb5404ea2acd7cd6f0292ac06e368a11a09d33123", - "proof_pkb": "03a20c2a6b08e07db5edc830d1c58fd1f70c7aebaf3f086bb0013d15cde37ffb30", - "proof_r": "0205dbc92128d7a1f56901d3e95aaed8fffb2f8a113d47bab9ea0921ba7d65fda2", + "blinding": "db2f990d07b0675f6d591b34be51c75829cfd31c279998cf277bd1929eef28cb", + "proof_pk_com": "0326823863ae28182b450385a5302c71cce041e1155a4bfb8482096cb015fd343f", + "proof_r": "038545235c0976f1f216d7ba2f584ff88a64bd5a22422292df46b18dd9b071257a", "proof_ok": "026ba875a05665eb46708bc60fd80e3df9dfdb5040c8d6d99d7bc002c2f16d10a7", - "proof_s": "d8ee8fc384a314aff9dd2c82d1a02f37a701114f3548de1be44603a7d875dc3f", - "proof_sb": "e7047fefd5647d2d04b0d383aef5c060272a6fbf65a58efab1743b928084d23e" + "proof_s": "d12389e168bbdfdfde1a435560cbb8be3a3f61a9b951fa3f65dec0e4916389ca", + "proof_sb": "27523bbaf4147f13a63fa93630029bbe9ce961d05103cb7f02fddabc1cdfd2d1" }, { "comment": "secp256r1_SHA-256_TAI - vector-5", @@ -72,12 +72,12 @@ "h": "029edace829d35ef117e135c8b81b5b00a0d3c9f24a349761fc07a7503bf048966", "gamma": "03d7b9b206af6fae3a6225ef09701e965e5387a22eca8e1bc71c167cd53f66903a", "beta": "8ddb31c01a18db34fccd27e152d7691aab6fd377436e8d845448e00e031bf4c4", - "blinding": "0600b465346eca73621da1064065d4f926a45b264ecf108b52977af77c3a8012", - "proof_pkb": "02f68470b9073ada2829da484d8467b8cd04122b68d0f5392c254835985cddf573", - "proof_r": "03cdf7fe38bf14ea59d747216877ef48ec87b9889e7adb1301611089df4be5ff24", + "blinding": "6f1ce7af5d3f94f32894af8fde57e5602318a14e9e3920d5af6426ceef843b38", + "proof_pk_com": "021faa64318ec9f93e9b61aba3782a43b651da6a9820325f431c9a426b5d61d729", + "proof_r": "031a6732336bf3f77162e67e097276a2d4e7eb830626fa198bac93b8a7f4e26bf1", "proof_ok": "0321e072c35510b1624d65f6fde7241cad651387fb423289ce707948b5ffcb38c8", - "proof_s": "e86155a67cf9b6e6cd390dfc261d9ed8aa9d3d8b25034e04f50d52a00fa7923f", - "proof_sb": "2c7f4943877f2929720f17ea313f8e84a407aac30d5ad8d9b27994b63de30853" + "proof_s": "043e5853245eef6e3fe3e223f1aed64d75a9b7d1f102d0f9a8f3d3cbc20265a7", + "proof_sb": "c37989b7edd688c358d3ed16026a7dc801c9604a2871b3dfa0602f4adb5fdf61" }, { "comment": "secp256r1_SHA-256_TAI - vector-6", @@ -88,11 +88,11 @@ "h": "029d367ea8eaf47bdb453f836c0c6afe9e5540c33adf4b20e1ecdf96c45f07ed1f", "gamma": "0288734131a4dddb3a69e0ff346bd6afa5fcf29a328f1a4f7fa00c512127960e33", "beta": "0a53ce69bc69cf00fc7f42a74717d8271fb6f7124351697e64e006e1e77733ba", - "blinding": "54e73c7354cae1649eab898f59dfb7dd607690f95ba4250f6aabe2eb2bbdbd19", - "proof_pkb": "0392f7d13ef53d12b09a70d147cb95bd15702d92619a77f194933a744d7e316327", - "proof_r": "037d1e28c4e1384a254c29197f2ee9dbf7a5d4b0201fe26d8725cdf065480e89d0", + "blinding": "add830a6be7348a23707eb692069da952a01bc1309692d6e9ec35ce1e80ab25a", + "proof_pk_com": "03d1a88012294d89f7cfb8485aa3441ec79330a153ee6aaa01735121db0d8182d1", + "proof_r": "028163cc48d76199ddcd4a5f61e3e9aecfa7b234b34f6971c07791403b804b1b3a", "proof_ok": "0280a50463670b22104f5440d603f2905688e7221ab102891758b800155573560d", - "proof_s": "39c075177f9ad9a26350ed97035d15cb5a2c73b80911b97b71926701b1942769", - "proof_sb": "6fcf7f30bdbaa7ffbaec1584efc3f4cae2f4d2f0545d151240528ee01550afbc" + "proof_s": "8952d839924665b0b5f8efe645924f2514e177ea9866bdcda6f112dbbe9ad98b", + "proof_sb": "984662cd868f03093b4f52393f55671233e701f99b7f380e075e3402fcc3082b" } ] \ No newline at end of file diff --git a/data/vectors-generate.sh b/data/vectors-generate.sh index b1e1570..3df447b 100755 --- a/data/vectors-generate.sh +++ b/data/vectors-generate.sh @@ -2,6 +2,7 @@ cargo test \ --release \ - --features full \ + --features full,test-vectors \ -- \ + --nocapture \ --ignored diff --git a/src/ietf.rs b/src/ietf.rs index f97f50d..bfad65c 100644 --- a/src/ietf.rs +++ b/src/ietf.rs @@ -155,16 +155,9 @@ pub mod testing { } impl common::TestVectorTrait for TestVector { - fn new( - comment: &str, - seed: &[u8], - alpha: &[u8], - salt: Option<&[u8]>, - ad: &[u8], - flags: u8, - ) -> Self { + fn new(comment: &str, seed: &[u8], alpha: &[u8], salt: Option<&[u8]>, ad: &[u8]) -> Self { use super::Prover; - let base = common::TestVector::new(comment, seed, alpha, salt, ad, flags); + let base = common::TestVector::new(comment, seed, alpha, salt, ad); // TODO: store constructed types in the vectors let input = Input::from(base.h); let output = Output::from(base.gamma); diff --git a/src/pedersen.rs b/src/pedersen.rs index 3ec586f..a0d626a 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -3,11 +3,33 @@ use crate::*; pub trait PedersenSuite: IetfSuite { const BLINDING_BASE: AffinePoint; + + /// Pedersen blinding factor. + /// + /// Default implementation is deterministic and inspired by the RFC-9381 challenge procedure. + /// All parameters but `secret` are public parameters. + fn blinding( + secret: &ScalarField, + pts: &[&AffinePoint], + ad: &[u8], + ) -> ScalarField { + const DOM_SEP_START: u8 = 0xCC; + const DOM_SEP_END: u8 = 0x00; + let mut buf = [Self::SUITE_ID, &[DOM_SEP_START]].concat(); + Self::Codec::scalar_encode(secret, &mut buf); + pts.iter().for_each(|p| { + Self::Codec::point_encode(p, &mut buf); + }); + buf.extend_from_slice(ad); + buf.push(DOM_SEP_END); + let hash = &utils::hash::(&buf); + ScalarField::::from_be_bytes_mod_order(hash) + } } #[derive(Debug, Clone, CanonicalSerialize, CanonicalDeserialize)] pub struct Proof { - pk_blind: AffinePoint, + pk_com: AffinePoint, r: AffinePoint, ok: AffinePoint, s: ScalarField, @@ -15,8 +37,9 @@ pub struct Proof { } impl Proof { + /// Get public key commitment from proof. pub fn key_commitment(&self) -> AffinePoint { - self.pk_blind + self.pk_com } } @@ -34,11 +57,14 @@ pub trait Prover { pub trait Verifier { /// Verify a proof for the given input/output and user additional data. + /// + /// Verifiers that the secret key used to generate `output` is the same as + /// the secret key used to generate `proof.key_commitment()`. fn verify( input: Input, output: Output, ad: impl AsRef<[u8]>, - sig: &Proof, + proof: &Proof, ) -> Result<(), Error>; } @@ -49,35 +75,37 @@ impl Prover for Secret { output: Output, ad: impl AsRef<[u8]>, ) -> (Proof, ScalarField) { + // Build blinding factor + let blinding = S::blinding(&self.scalar, &[&input.0, &output.0], ad.as_ref()); + // Construct the nonces let k = S::nonce(&self.scalar, input); - let kb = S::nonce(&k, input); - let b = S::nonce(&kb, input); + let kb = S::nonce(&blinding, input); // Yb = x*G + b*B - let pk_blind = (S::generator() * self.scalar + S::BLINDING_BASE * b).into_affine(); + let pk_com = (S::generator() * self.scalar + S::BLINDING_BASE * blinding).into_affine(); + // R = k*G + kb*B let r = (S::generator() * k + S::BLINDING_BASE * kb).into_affine(); // Ok = k*I let ok = (input.0 * k).into_affine(); // c = Hash(Yb, I, O, R, Ok, ad) - let c = S::challenge(&[&pk_blind, &input.0, &output.0, &r, &ok], ad.as_ref()); + let c = S::challenge(&[&pk_com, &input.0, &output.0, &r, &ok], ad.as_ref()); // s = k + c*x let s = k + c * self.scalar; // sb = kb + c*b - let sb = kb + c * b; + let sb = kb + c * blinding; let proof = Proof { - pk_blind, + pk_com, r, ok, s, sb, }; - - (proof, b) + (proof, blinding) } } @@ -89,7 +117,7 @@ impl Verifier for Public { proof: &Proof, ) -> Result<(), Error> { let Proof { - pk_blind, + pk_com, r, ok, s, @@ -97,7 +125,7 @@ impl Verifier for Public { } = proof; // c = Hash(Yb, I, O, R, Ok, ad) - let c = S::challenge(&[pk_blind, &input.0, &output.0, r, ok], ad.as_ref()); + let c = S::challenge(&[pk_com, &input.0, &output.0, r, ok], ad.as_ref()); // Ok + c*O = s*I if output.0 * c + ok != input.0 * s { @@ -105,7 +133,7 @@ impl Verifier for Public { } // R + c*Yb = s*G + sb*B - if *pk_blind * c + r != S::generator() * s + S::BLINDING_BASE * sb { + if *pk_com * c + r != S::generator() * s + S::BLINDING_BASE * sb { return Err(Error::VerificationFailure); } @@ -147,7 +175,7 @@ mod tests { assert!(result.is_ok()); assert_eq!( - proof.pk_blind, + proof.key_commitment(), secret.public().0 + TestSuite::BLINDING_BASE * blinding ); } @@ -169,7 +197,7 @@ pub mod testing { f.debug_struct("TestVector") .field("base", &self.base) .field("blinding", &self.blind) - .field("proof_pkb", &self.proof.pk_blind) + .field("proof_pk_com", &self.proof.pk_com) .field("proof_r", &self.proof.r) .field("proof_ok", &self.proof.ok) .field("proof_s", &self.proof.s) @@ -179,33 +207,26 @@ pub mod testing { } impl common::TestVectorTrait for TestVector { - fn new( - comment: &str, - seed: &[u8], - alpha: &[u8], - salt: Option<&[u8]>, - ad: &[u8], - flags: u8, - ) -> Self { + fn new(comment: &str, seed: &[u8], alpha: &[u8], salt: Option<&[u8]>, ad: &[u8]) -> Self { use super::Prover; - let base = common::TestVector::new(comment, seed, alpha, salt, ad, flags); + let base = common::TestVector::new(comment, seed, alpha, salt, ad); let input = Input::::from(base.h); let output = Output::from(base.gamma); - let sk = Secret::from_scalar(base.sk); - let (proof, blind) = sk.prove(input, output, ad); + let secret = Secret::from_scalar(base.sk); + let (proof, blind) = secret.prove(input, output, ad); Self { base, blind, proof } } fn from_map(map: &common::TestVectorMap) -> Self { let base = common::TestVector::from_map(map); let blind = codec::scalar_decode::(&map.item_bytes("blinding")); - let pk_blind = codec::point_decode::(&map.item_bytes("proof_pkb")).unwrap(); + let pk_com = codec::point_decode::(&map.item_bytes("proof_pk_com")).unwrap(); let r = codec::point_decode::(&map.item_bytes("proof_r")).unwrap(); let ok = codec::point_decode::(&map.item_bytes("proof_ok")).unwrap(); let s = codec::scalar_decode::(&map.item_bytes("proof_s")); let sb = codec::scalar_decode::(&map.item_bytes("proof_sb")); let proof = Proof { - pk_blind, + pk_com, r, ok, s, @@ -221,8 +242,8 @@ pub mod testing { hex::encode(codec::scalar_encode::(&self.blind)), ), ( - "proof_pkb", - hex::encode(codec::point_encode::(&self.proof.pk_blind)), + "proof_pk_com", + hex::encode(codec::point_encode::(&self.proof.pk_com)), ), ( "proof_r", @@ -255,7 +276,7 @@ pub mod testing { let sk = Secret::from_scalar(self.base.sk); let (proof, blind) = sk.prove(input, output, &self.base.ad); assert_eq!(self.blind, blind, "Blinding factor mismatch"); - assert_eq!(self.proof.pk_blind, proof.pk_blind, "Proof pkb mismatch"); + assert_eq!(self.proof.pk_com, proof.pk_com, "Proof pkb mismatch"); assert_eq!(self.proof.r, proof.r, "Proof r mismatch"); assert_eq!(self.proof.ok, proof.ok, "Proof ok mismatch"); assert_eq!(self.proof.s, proof.s, "Proof s mismatch"); diff --git a/src/testing.rs b/src/testing.rs index f10a37c..7404cf7 100644 --- a/src/testing.rs +++ b/src/testing.rs @@ -186,14 +186,7 @@ impl TestVectorMap { } pub trait TestVectorTrait { - fn new( - comment: &str, - seed: &[u8], - alpha: &[u8], - salt: Option<&[u8]>, - ad: &[u8], - flags: u8, - ) -> Self; + fn new(comment: &str, seed: &[u8], alpha: &[u8], salt: Option<&[u8]>, ad: &[u8]) -> Self; fn from_map(map: &TestVectorMap) -> Self; @@ -214,14 +207,7 @@ pub struct TestVector { } impl TestVectorTrait for TestVector { - fn new( - comment: &str, - seed: &[u8], - alpha: &[u8], - salt: Option<&[u8]>, - ad: &[u8], - flags: u8, - ) -> Self { + fn new(comment: &str, seed: &[u8], alpha: &[u8], salt: Option<&[u8]>, ad: &[u8]) -> Self { let sk = Secret::::from_seed(seed); let pk = sk.public().0; @@ -289,7 +275,7 @@ impl TestVectorTrait for TestVector { } fn run(&self) { - println!("Running test vector: {}", self.comment); + println!("Run test vector: {}", self.comment); let sk = Secret::::from_scalar(self.sk); @@ -331,7 +317,8 @@ pub fn test_vectors_generate(file: &str, i let alpha = hex::decode(var_data.0).unwrap(); let ad = hex::decode(var_data.1).unwrap(); let comment = format!("{} - vector-{}", identifier, i + 1); - let vector = V::new(&comment, &[i as u8], &alpha, None, &ad, 0); + let vector = V::new(&comment, &[i as u8], &alpha, None, &ad); + println!("Gen test vector: {}", comment); vector.run(); vector_maps.push(vector.to_map()); }