Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ephemeral private key for generating ecdh shared key for encryption #88

Merged
merged 3 commits into from
Sep 30, 2024
Merged

Support ephemeral private key for generating ecdh shared key for encryption #88

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ccd8f7b
use an ephemeral private key to generate ECDH key
Chengxuan Sep 27, 2024
2254d92
fixing golang e2e
Chengxuan Sep 27, 2024
1e9addb
fixing gas cost test
Chengxuan Sep 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions go-sdk/integration-test/e2e_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,7 @@ func (s *E2ETestSuite) TestZeto_2_SuccessfulProving() {
outputCommitments := []*big.Int{output1, output2}

encryptionNonce := crypto.NewEncryptionNonce()
ephemeralKeypair := testutils.NewKeypair()

witnessInputs := map[string]interface{}{
"inputCommitments": inputCommitments,
Expand All @@ -228,6 +229,7 @@ func (s *E2ETestSuite) TestZeto_2_SuccessfulProving() {
"outputSalts": []*big.Int{salt3, salt4},
"outputOwnerPublicKeys": [][]*big.Int{{receiver.PublicKey.X, receiver.PublicKey.Y}, {sender.PublicKey.X, sender.PublicKey.Y}},
"encryptionNonce": encryptionNonce,
"ecdhPrivateKey": ephemeralKeypair.PrivateKey.Scalar().BigInt(),
}

startTime := time.Now()
Expand All @@ -242,7 +244,7 @@ func (s *E2ETestSuite) TestZeto_2_SuccessfulProving() {
assert.Equal(s.T(), 3, len(proof.Proof.A))
assert.Equal(s.T(), 3, len(proof.Proof.B))
assert.Equal(s.T(), 3, len(proof.Proof.C))
assert.Equal(s.T(), 12, len(proof.PubSignals))
assert.Equal(s.T(), 14, len(proof.PubSignals))

// the receiver would be able to get the encrypted values and salts
// from the transaction events
Expand All @@ -256,7 +258,7 @@ func (s *E2ETestSuite) TestZeto_2_SuccessfulProving() {
// the first two elements in the public signals are the encrypted value and salt
// for the first output. decrypt using the receiver's private key and compare with
// the UTXO hash
secret := crypto.GenerateECDHSharedSecret(receiver.PrivateKey, sender.PublicKey)
secret := crypto.GenerateECDHSharedSecret(receiver.PrivateKey, ephemeralKeypair.PublicKey)
decrypted, err := crypto.PoseidonDecrypt(encryptedValues, []*big.Int{secret.X, secret.Y}, encryptionNonce, 4)
assert.NoError(s.T(), err)
assert.Equal(s.T(), outputValues[0].String(), decrypted[0].String())
Expand Down Expand Up @@ -403,6 +405,7 @@ func (s *E2ETestSuite) TestZeto_4_SuccessfulProving() {
outputCommitments := []*big.Int{output1, output2}

encryptionNonce := crypto.NewEncryptionNonce()
ephemeralKeypair := testutils.NewKeypair()

proof1Siblings := make([]*big.Int, len(circomProof1.Siblings)-1)
for i, s := range circomProof1.Siblings[0 : len(circomProof1.Siblings)-1] {
Expand All @@ -426,6 +429,7 @@ func (s *E2ETestSuite) TestZeto_4_SuccessfulProving() {
"outputSalts": []*big.Int{salt3, salt4},
"outputOwnerPublicKeys": [][]*big.Int{{receiver.PublicKey.X, receiver.PublicKey.Y}, {sender.PublicKey.X, sender.PublicKey.Y}},
"encryptionNonce": encryptionNonce,
"ecdhPrivateKey": ephemeralKeypair.PrivateKey.Scalar().BigInt(),
}

startTime := time.Now()
Expand All @@ -440,7 +444,7 @@ func (s *E2ETestSuite) TestZeto_4_SuccessfulProving() {
assert.Equal(s.T(), 3, len(proof.Proof.A))
assert.Equal(s.T(), 3, len(proof.Proof.B))
assert.Equal(s.T(), 3, len(proof.Proof.C))
assert.Equal(s.T(), 15, len(proof.PubSignals))
assert.Equal(s.T(), 17, len(proof.PubSignals))
}

func (s *E2ETestSuite) TestZeto_5_SuccessfulProving() {
Expand Down
1 change: 1 addition & 0 deletions solidity/contracts/lib/interfaces/izeto_encrypted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ interface IZetoEncrypted is IZetoBase {
uint256[] inputs,
uint256[] outputs,
uint256 encryptionNonce,
uint256[2] ecdhPublicKey,
uint256[] encryptedValues,
address indexed submitter,
bytes data
Expand Down
68 changes: 41 additions & 27 deletions solidity/contracts/lib/verifier_anon_enc.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,44 +43,50 @@ contract Groth16Verifier_AnonEnc {
uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;


uint256 constant IC0x = 15520848054661511274945320545667385548601069271438999324366330478358568711164;
uint256 constant IC0y = 21157706785088596766640646951118458870358425037843657358834285142096534241567;
uint256 constant IC0x = 19738436812852754138717560068465488575650466935897866784235851363188283681055;
uint256 constant IC0y = 20276710811895297863478242769429631408343958016139841779904405850032032045827;

uint256 constant IC1x = 8426080128821983408742228948574443657002575937683949448708665466581838540418;
uint256 constant IC1y = 2961289054807278996124904978204815851370317973256653070013442261730110386382;
uint256 constant IC1x = 12004009131111215646999120161880487388502192413854826301881504538550543450502;
uint256 constant IC1y = 5034584841161295539588326933292197987831538710023697101766083868565246659218;

uint256 constant IC2x = 16846214183034172122880181483898983231574288374891417794445456783443571203454;
uint256 constant IC2y = 4795943127049292018241039074381217225273912831887247849230603976368095834324;
uint256 constant IC2x = 11744025093458990804167237970026144007871637967897648400215565295861061328335;
uint256 constant IC2y = 2248857409928028413263909113804746755226258898653477806239821342300643857095;

uint256 constant IC3x = 10240231648004351535934471246939085350017538992419843720960233896502823753829;
uint256 constant IC3y = 918298420507614225062851310351147657365217324218976043633227084147487484538;
uint256 constant IC3x = 1027866460885921739427963398134501038455918532796341088945078011511621442676;
uint256 constant IC3y = 5958883990350165479676838573621528879534261429892979129692820679034946644717;

uint256 constant IC4x = 2676903711586497323483713249304841063436832787967161822350958984717228651508;
uint256 constant IC4y = 11366926733173287985429506187405640951452084685400170840758508049511684394323;
uint256 constant IC4x = 21477343731350881336427671728879526073055001513676414044100634074555163654487;
uint256 constant IC4y = 975839980071906751516077094474212502568600329809457289967004593943814041533;

uint256 constant IC5x = 7501808156091619633948887448038018539596703524171333033985091618683129395104;
uint256 constant IC5y = 15183325431102096756416380632145698394481557936329850246257270656919651359614;
uint256 constant IC5x = 10745395673337059701699795673419720732231823654131369713589820865994307217089;
uint256 constant IC5y = 991956397633440927392694166348862131981180374714009247953939276179698863313;

uint256 constant IC6x = 16142642127854572324146698192700027612727186725464085127687467897687720973766;
uint256 constant IC6y = 4517714220502032665709414305462814581261203269046555880307186415606032799074;
uint256 constant IC6x = 1672993394090581484120407360563051967903199184399912366269853108749767520052;
uint256 constant IC6y = 2164345873917124991571819758981721198425688586574947724181752888003788143824;

uint256 constant IC7x = 1755538289631427930924987331320419179208761530645468129027087746202210024610;
uint256 constant IC7y = 12173734026028648655823071635152323182912152859934466692190630751344902966218;
uint256 constant IC7x = 12851905556792884689855342999140438817587827047283740173600609203898826077791;
uint256 constant IC7y = 2928106356023086030701978715110626259062951617739902988557680022327927922648;

uint256 constant IC8x = 7848298938728453306694415912843236021632832336242686994829367580246363462232;
uint256 constant IC8y = 14621047188318073218187719299332281645270167229458286064175382232430986150614;
uint256 constant IC8x = 1706366517711033642836339515106072692739807158278497001454479300738236232683;
uint256 constant IC8y = 16700903182897452990475040323204325018874215917926885692984146211640664248939;

uint256 constant IC9x = 5702664871943851440604579505620421848165916037464510240027885273509338564683;
uint256 constant IC9y = 4155173472639459280548275148817066405334382784770925752738906208871756122916;
uint256 constant IC9x = 19101508791113451928961082481025527911094003843281774332989233416940984939257;
uint256 constant IC9y = 21697565471392202731806697866311578445068434145060675485941899096932688363780;

uint256 constant IC10x = 11951237379444909975940139423428082852090010220501184525120096272922224325380;
uint256 constant IC10y = 7330212864492454320053389793155451329372996827534004209553742378250571973798;
uint256 constant IC10x = 19730275336196180738068616492761799716598666564420842355043346059462631887595;
uint256 constant IC10y = 16685285536790785249111663346085181130998577327076396224848784078816064185361;

uint256 constant IC11x = 17758792179933266126153564380301713721054370865026967564744749205362384449189;
uint256 constant IC11y = 20123875363051656182295676194267758869550749528323178608799833168744783048873;
uint256 constant IC11x = 7617913501130858003386168099320868449737268059133253154619134544472248055105;
uint256 constant IC11y = 7972962376779726951865679647174563612838286095297842951560535589126110704430;

uint256 constant IC12x = 16531299530766176947215740556184329586746603539886897864186093216474595540644;
uint256 constant IC12y = 8268807341917110402770543111430324212645734302589993091794921535136544275649;
uint256 constant IC12x = 12544403142863928402358237586570057011271857580491825726062907284786959213913;
uint256 constant IC12y = 6822386508465769764381472926650183520080357052212751223638195245287957269971;

uint256 constant IC13x = 18940507486165234508918415676788929441013178061873512240392411069614035082362;
uint256 constant IC13y = 16781396210596043591429632308560467689975084335009897683626466396650016291114;

uint256 constant IC14x = 558712144346877070501655608109394614280454755351878785357769476496746188097;
uint256 constant IC14y = 11446848258088708077539993154875274206911247468515662688034438075323420564863;


// Memory data
Expand All @@ -89,7 +95,7 @@ contract Groth16Verifier_AnonEnc {

uint16 constant pLastMem = 896;

function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[12] calldata _pubSignals) public view returns (bool) {
function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[14] calldata _pubSignals) public view returns (bool) {
assembly {
function checkField(v) {
if iszero(lt(v, r)) {
Expand Down Expand Up @@ -157,6 +163,10 @@ contract Groth16Verifier_AnonEnc {

g1_mulAccC(_pVk, IC12x, IC12y, calldataload(add(pubSignals, 352)))

g1_mulAccC(_pVk, IC13x, IC13y, calldataload(add(pubSignals, 384)))

g1_mulAccC(_pVk, IC14x, IC14y, calldataload(add(pubSignals, 416)))


// -A
mstore(_pPairing, calldataload(pA))
Expand Down Expand Up @@ -236,6 +246,10 @@ contract Groth16Verifier_AnonEnc {

checkField(calldataload(add(_pubSignals, 384)))

checkField(calldataload(add(_pubSignals, 416)))

checkField(calldataload(add(_pubSignals, 448)))


// Validate all evaluations
let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem)
Expand Down
Loading