Skip to content

Commit 25b7339

Browse files
grandchildricegrandchildrice
authored
Coconut Proof allows empty blinding messages (#21)
* allow empty messages on coconut UnpackedBlindedMessages * use j instead of i * chal_bytes is used for both prover and verifier * pass empty blinded_messages * commit 05f02df * fmt
1 parent ef3650a commit 25b7339

File tree

4 files changed

+107
-125
lines changed

4 files changed

+107
-125
lines changed

benches/benches/ps_proof.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ fn pok_sig_benchmark(c: &mut Criterion) {
7676
let sig = &sigs_range[i];
7777

7878
let mut prove_group = c.benchmark_group(format!("Creating proof for Proof-of-knowledge of signature and corresponding multi-message of size {}", count));
79-
for (_j, r_count) in k.iter().enumerate() {
79+
for (j, r_count) in k.iter().enumerate() {
8080
prove_group.bench_with_input(
8181
BenchmarkId::from_parameter(format!("Revealing {} messages", r_count)),
8282
&r_count,
@@ -89,7 +89,7 @@ fn pok_sig_benchmark(c: &mut Criterion) {
8989
.iter()
9090
.enumerate()
9191
.merge_join_by(
92-
revealed_indices[i].iter(),
92+
revealed_indices[j].iter(),
9393
|(m_idx, _), reveal_idx| m_idx.cmp(reveal_idx),
9494
)
9595
.map(|either| match either {

coconut/src/proof/messages_pok/mod.rs

Lines changed: 58 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -230,17 +230,14 @@ mod tests {
230230

231231
let pok = MessagesPoKGenerator::init(&mut rng, &messages, &params, &h).unwrap();
232232

233-
let mut chal_bytes_prover = vec![];
234-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
233+
let mut chal_bytes = vec![];
234+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
235235
.unwrap();
236-
let challenge_prover =
237-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
236+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
238237

239-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
238+
let proof = pok.clone().gen_proof(&challenge).unwrap();
240239

241-
proof
242-
.verify(&challenge_prover, empty(), &params, &h)
243-
.unwrap();
240+
proof.verify(&challenge, empty(), &params, &h).unwrap();
244241
}
245242
}
246243

@@ -269,21 +266,15 @@ mod tests {
269266

270267
assert_eq!(messages.len() / 2, pok.com_j.len());
271268

272-
let mut chal_bytes_prover = vec![];
273-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
269+
let mut chal_bytes = vec![];
270+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
274271
.unwrap();
275-
let challenge_prover =
276-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
272+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
277273

278-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
274+
let proof = pok.clone().gen_proof(&challenge).unwrap();
279275

280276
proof
281-
.verify(
282-
&challenge_prover,
283-
(0..messages.len()).step_by(2),
284-
&params,
285-
&h,
286-
)
277+
.verify(&challenge, (0..messages.len()).step_by(2), &params, &h)
287278
.unwrap();
288279
}
289280
}
@@ -385,17 +376,16 @@ mod tests {
385376

386377
assert_eq!(messages.len() / 2, pok.com_j.len());
387378

388-
let mut chal_bytes_prover = vec![];
389-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
379+
let mut chal_bytes = vec![];
380+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
390381
.unwrap();
391-
let challenge_prover =
392-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
382+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
393383

394-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
384+
let proof = pok.clone().gen_proof(&challenge).unwrap();
395385
let mut indices = (0..messages.len()).step_by(2).rev();
396386

397387
assert_eq!(
398-
proof.verify(&challenge_prover, indices.clone(), &params, &h,),
388+
proof.verify(&challenge, indices.clone(), &params, &h,),
399389
Err(MessagesPoKError::RevealedIndicesMustBeUniqueAndSorted {
400390
previous: indices.next().unwrap(),
401391
current: indices.next().unwrap()
@@ -426,17 +416,14 @@ mod tests {
426416
)
427417
.unwrap();
428418

429-
let mut chal_bytes_prover = vec![];
430-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
419+
let mut chal_bytes = vec![];
420+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
431421
.unwrap();
432-
let challenge_prover =
433-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
422+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
434423

435-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
424+
let proof = pok.clone().gen_proof(&challenge).unwrap();
436425

437-
proof
438-
.verify(&challenge_prover, empty(), &params, &h)
439-
.unwrap();
426+
proof.verify(&challenge, empty(), &params, &h).unwrap();
440427
}
441428
}
442429

@@ -460,22 +447,17 @@ mod tests {
460447
)
461448
.unwrap();
462449

463-
let mut chal_bytes_prover = vec![];
464-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
450+
let mut chal_bytes = vec![];
451+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
465452
.unwrap();
466-
let challenge_prover =
467-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
453+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
468454

469-
let mut proof = pok.clone().gen_proof(&challenge_prover).unwrap();
470-
assert!(proof
471-
.verify(&challenge_prover, empty(), &params, &h)
472-
.is_ok());
455+
let mut proof = pok.clone().gen_proof(&challenge).unwrap();
456+
assert!(proof.verify(&challenge, empty(), &params, &h).is_ok());
473457

474458
proof.com_resp.response.0[0] = rand(&mut rng);
475459

476-
assert!(proof
477-
.verify(&challenge_prover, empty(), &params, &h)
478-
.is_err());
460+
assert!(proof.verify(&challenge, empty(), &params, &h).is_err());
479461
}
480462

481463
#[test]
@@ -498,22 +480,17 @@ mod tests {
498480
)
499481
.unwrap();
500482

501-
let mut chal_bytes_prover = vec![];
502-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
483+
let mut chal_bytes = vec![];
484+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
503485
.unwrap();
504-
let challenge_prover =
505-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
486+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
506487

507-
let mut proof = pok.clone().gen_proof(&challenge_prover).unwrap();
508-
assert!(proof
509-
.verify(&challenge_prover, empty(), &params, &h)
510-
.is_ok());
488+
let mut proof = pok.clone().gen_proof(&challenge).unwrap();
489+
assert!(proof.verify(&challenge, empty(), &params, &h).is_ok());
511490

512491
*proof.com_resp.value = G1::rand(&mut rng).into_affine();
513492

514-
assert!(proof
515-
.verify(&challenge_prover, empty(), &params, &h)
516-
.is_err());
493+
assert!(proof.verify(&challenge, empty(), &params, &h).is_err());
517494
}
518495

519496
#[test]
@@ -536,36 +513,44 @@ mod tests {
536513
)
537514
.unwrap();
538515

539-
let mut chal_bytes_prover = vec![];
540-
pok.challenge_contribution(&mut chal_bytes_prover, &params, &h)
516+
let mut chal_bytes = vec![];
517+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
541518
.unwrap();
542-
let challenge_prover =
543-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
519+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
544520

545-
let mut proof = pok.clone().gen_proof(&challenge_prover).unwrap();
521+
let mut proof = pok.clone().gen_proof(&challenge).unwrap();
546522

547-
assert!(proof
548-
.verify(&challenge_prover, empty(), &params, &h)
549-
.is_ok());
523+
assert!(proof.verify(&challenge, empty(), &params, &h).is_ok());
550524

551525
*proof.com_j_resp.first_mut().unwrap().value = G1::rand(&mut rng).into_affine();
552526

553-
assert!(proof
554-
.verify(&challenge_prover, empty(), &params, &h)
555-
.is_err());
527+
assert!(proof.verify(&challenge, empty(), &params, &h).is_err());
556528
}
557529

558530
#[test]
559531
fn empty_proof() {
560532
let mut rng = StdRng::seed_from_u64(0u64);
561-
let (_sk, _pk, params, _messages) = test_setup::<Bls12_381, Blake2b512, _>(&mut rng, 1);
533+
let (_, _, params, messages) = test_setup::<Bls12_381, Blake2b512, _>(&mut rng, 1);
562534
let h = G1::rand(&mut rng).into_affine();
563535

564-
assert_eq!(
565-
MessagesPoKGenerator::init(&mut rng, &[], &params, &h),
566-
Err(MessagesPoKError::MessageInputError(
567-
MessageUnpackingError::NoMessagesProvided
568-
))
569-
);
536+
let pok = MessagesPoKGenerator::init(
537+
&mut rng,
538+
messages.iter().map(|_| CommitMessage::RevealMessage),
539+
&params,
540+
&h,
541+
)
542+
.unwrap();
543+
544+
let mut chal_bytes = vec![];
545+
pok.challenge_contribution(&mut chal_bytes, &params, &h)
546+
.unwrap();
547+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
548+
549+
let proof = pok.clone().gen_proof(&challenge).unwrap();
550+
let indices = (0..messages.len()).rev();
551+
552+
assert!(proof
553+
.verify(&challenge, indices.clone(), &params, &h)
554+
.is_ok());
570555
}
571556
}

coconut/src/proof/mod.rs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -177,9 +177,7 @@ impl<'pair, Pair, F: PrimeField> UnpackedBlindedMessages<'pair, Pair, F> {
177177

178178
let (paired, (msgs, blindings)): (Vec<_>, _) =
179179
process_results(paired, |iter| iter.unzip())?;
180-
if paired.is_empty() {
181-
Err(MessageUnpackingError::NoMessagesProvided)
182-
} else if pair_with.len() != total_count {
180+
if pair_with.len() != total_count {
183181
Err(MessageUnpackingError::LessMessagesThanExpected {
184182
provided: total_count,
185183
expected: pair_with.len(),

coconut/src/proof/signature_pok/mod.rs

Lines changed: 46 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -173,17 +173,14 @@ mod tests {
173173

174174
let pok = SignaturePoKGenerator::init(&mut rng, &messages, &sig, &pk, &params).unwrap();
175175

176-
let mut chal_bytes_prover = vec![];
177-
pok.challenge_contribution(&mut chal_bytes_prover, &pk, &params)
176+
let mut chal_bytes = vec![];
177+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
178178
.unwrap();
179-
let challenge_prover =
180-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
179+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
181180

182-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
181+
let proof = pok.clone().gen_proof(&challenge).unwrap();
183182

184-
proof
185-
.verify(&challenge_prover, empty(), &pk, &params)
186-
.unwrap();
183+
proof.verify(&challenge, empty(), &pk, &params).unwrap();
187184
})
188185
}
189186

@@ -212,17 +209,14 @@ mod tests {
212209
)
213210
.unwrap();
214211

215-
let mut chal_bytes_prover = vec![];
216-
pok.challenge_contribution(&mut chal_bytes_prover, &pk, &params)
212+
let mut chal_bytes = vec![];
213+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
217214
.unwrap();
218-
let challenge_prover =
219-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
215+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
220216

221-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
217+
let proof = pok.clone().gen_proof(&challenge).unwrap();
222218

223-
proof
224-
.verify(&challenge_prover, reveal_msgs, &pk, &params)
225-
.unwrap();
219+
proof.verify(&challenge, reveal_msgs, &pk, &params).unwrap();
226220
})
227221
}
228222

@@ -321,17 +315,16 @@ mod tests {
321315
)
322316
.unwrap();
323317

324-
let mut chal_bytes_prover = vec![];
325-
pok.challenge_contribution(&mut chal_bytes_prover, &pk, &params)
318+
let mut chal_bytes = vec![];
319+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
326320
.unwrap();
327-
let challenge_prover =
328-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
321+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
329322

330-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
323+
let proof = pok.clone().gen_proof(&challenge).unwrap();
331324
let mut revealed = reveal_msgs.into_iter().rev();
332325

333326
assert_eq!(
334-
proof.verify(&challenge_prover, revealed.clone(), &pk, &params,),
327+
proof.verify(&challenge, revealed.clone(), &pk, &params,),
335328
Err(SignaturePoKError::RevealedIndicesMustBeUniqueAndSorted {
336329
previous: revealed.next().unwrap().0,
337330
current: revealed.next().unwrap().0
@@ -347,12 +340,26 @@ mod tests {
347340

348341
let sig = Signature::new(&mut rng, messages.as_slice(), &sk, &params).unwrap();
349342

350-
assert_eq!(
351-
SignaturePoKGenerator::init(&mut rng, &[], &sig, &pk, &params),
352-
Err(SignaturePoKError::MessageInputError(
353-
MessageUnpackingError::NoMessagesProvided
354-
))
355-
);
343+
let pok = SignaturePoKGenerator::init(
344+
&mut rng,
345+
messages.iter().map(|_| CommitMessage::RevealMessage),
346+
&sig,
347+
&pk,
348+
&params,
349+
)
350+
.unwrap();
351+
352+
let mut chal_bytes = vec![];
353+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
354+
.unwrap();
355+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
356+
357+
let proof = pok.clone().gen_proof(&challenge).unwrap();
358+
let revealed = messages.iter().enumerate().into_iter().rev();
359+
360+
assert!(proof
361+
.verify(&challenge, revealed.clone(), &pk, &params)
362+
.is_ok());
356363
}
357364

358365
#[test]
@@ -368,24 +375,17 @@ mod tests {
368375

369376
let pok = SignaturePoKGenerator::init(&mut rng, &messages, &sig, &pk, &params).unwrap();
370377

371-
let mut chal_bytes_prover = vec![];
372-
pok.challenge_contribution(&mut chal_bytes_prover, &pk, &params)
378+
let mut chal_bytes = vec![];
379+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
373380
.unwrap();
374-
let challenge_prover =
375-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
381+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
376382

377-
let mut proof = pok.clone().gen_proof(&challenge_prover).unwrap();
383+
let mut proof = pok.clone().gen_proof(&challenge).unwrap();
378384

379-
assert!(proof
380-
.verify(&challenge_prover, empty(), &pk, &params)
381-
.is_ok());
382-
assert!(proof
383-
.verify(&challenge_prover, empty(), &pk1, &params)
384-
.is_err());
385+
assert!(proof.verify(&challenge, empty(), &pk, &params).is_ok());
386+
assert!(proof.verify(&challenge, empty(), &pk1, &params).is_err());
385387
*proof.k.value = G2Projective::rand(&mut rng).into_affine();
386-
assert!(proof
387-
.verify(&challenge_prover, empty(), &pk, &params)
388-
.is_err())
388+
assert!(proof.verify(&challenge, empty(), &pk, &params).is_err())
389389
})
390390
}
391391

@@ -413,13 +413,12 @@ mod tests {
413413

414414
let pok = SignaturePoKGenerator::init(&mut rng, comms, &sig, &pk, &params).unwrap();
415415

416-
let mut chal_bytes_prover = vec![];
417-
pok.challenge_contribution(&mut chal_bytes_prover, &pk, &params)
416+
let mut chal_bytes = vec![];
417+
pok.challenge_contribution(&mut chal_bytes, &pk, &params)
418418
.unwrap();
419-
let challenge_prover =
420-
compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
419+
let challenge = compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes);
421420

422-
let proof = pok.clone().gen_proof(&challenge_prover).unwrap();
421+
let proof = pok.clone().gen_proof(&challenge).unwrap();
423422

424423
for idx in committed_msg_indices {
425424
assert_eq!(

0 commit comments

Comments
 (0)