From 22806d2110f65c6367e4144ef84e58d361a01e85 Mon Sep 17 00:00:00 2001 From: David Rusu Date: Wed, 17 Nov 2021 23:58:44 -0500 Subject: [PATCH] refactor: generic over curve --- src/proofs/inner_product.rs | 110 ++++++++--------- src/proofs/range_proof.rs | 240 +++++++++++++++++------------------- 2 files changed, 169 insertions(+), 181 deletions(-) diff --git a/src/proofs/inner_product.rs b/src/proofs/inner_product.rs index 052d755..77bdfd3 100644 --- a/src/proofs/inner_product.rs +++ b/src/proofs/inner_product.rs @@ -18,31 +18,31 @@ version 3 of the License, or (at your option) any later version. // based on the paper: https://eprint.iacr.org/2017/1066.pdf use curv::arithmetic::traits::*; use curv::cryptographic_primitives::hashing::{Digest, DigestExt}; -use curv::elliptic::curves::{secp256_k1::Secp256k1, Point, Scalar}; +use curv::elliptic::curves::{Curve, Point, Scalar}; use curv::BigInt; use sha2::Sha256; use Errors::{self, InnerProductError}; #[derive(Clone, Debug, Serialize, Deserialize)] -pub struct InnerProductArg { - pub(super) L: Vec>, - pub(super) R: Vec>, +pub struct InnerProductArg { + pub(super) L: Vec>, + pub(super) R: Vec>, pub(super) a_tag: BigInt, pub(super) b_tag: BigInt, } -impl InnerProductArg { +impl InnerProductArg { pub fn prove( - G: &[Point], - H: &[Point], - ux: &Point, - P: &Point, + G: &[Point], + H: &[Point], + ux: &Point, + P: &Point, a: &[BigInt], b: &[BigInt], - mut L_vec: Vec>, - mut R_vec: Vec>, - ) -> InnerProductArg { + mut L_vec: Vec>, + mut R_vec: Vec>, + ) -> Self { let n = G.len(); // All of the input vectors must have the same length. @@ -61,19 +61,19 @@ impl InnerProductArg { let (G_L, G_R) = G.split_at(n); let (H_L, H_R) = H.split_at(n); - let c_L = inner_product(a_L, b_R); - let c_R = inner_product(a_R, b_L); + let c_L = inner_product::(a_L, b_R); + let c_R = inner_product::(a_R, b_L); // Note that no element in vectors a_L and b_R can be 0 // since 0 is an invalid secret key! // // L = + + c_L * ux - let c_L_fe = Scalar::::from(&c_L); - let ux_CL: Point = ux * &c_L_fe; + let c_L_fe = Scalar::::from(&c_L); + let ux_CL: Point = ux * &c_L_fe; let aL_GR = G_R.iter().zip(a_L).fold(ux_CL, |acc, x| { if x.1 != &BigInt::zero() { - let aLi = Scalar::::from(x.1); - let aLi_GRi: Point = x.0 * &aLi; + let aLi = Scalar::::from(x.1); + let aLi_GRi: Point = x.0 * &aLi; acc + &aLi_GRi } else { acc @@ -81,8 +81,8 @@ impl InnerProductArg { }); let L = H_L.iter().zip(b_R).fold(aL_GR, |acc, x| { if x.1 != &BigInt::zero() { - let bRi = Scalar::::from(x.1); - let bRi_HLi: Point = x.0 * &bRi; + let bRi = Scalar::::from(x.1); + let bRi_HLi: Point = x.0 * &bRi; acc + &bRi_HLi } else { acc @@ -93,12 +93,12 @@ impl InnerProductArg { // since 0 is an invalid secret key! // // R = + + c_R * ux - let c_R_fe = Scalar::::from(&c_R); - let ux_CR: Point = ux * &c_R_fe; + let c_R_fe = Scalar::::from(&c_R); + let ux_CR: Point = ux * &c_R_fe; let aR_GL = G_L.iter().zip(a_R).fold(ux_CR, |acc, x| { if x.1 != &BigInt::zero() { - let aRi = Scalar::::from(x.1); - let aRi_GLi: Point = x.0 * &aRi; + let aRi = Scalar::::from(x.1); + let aRi_GLi: Point = x.0 * &aRi; acc + &aRi_GLi } else { acc @@ -106,8 +106,8 @@ impl InnerProductArg { }); let R = H_R.iter().zip(b_L).fold(aR_GL, |acc, x| { if x.1 != &BigInt::zero() { - let bLi = Scalar::::from(x.1); - let bLi_HRi: Point = x.0 * &bLi; + let bLi = Scalar::::from(x.1); + let bLi_HRi: Point = x.0 * &bLi; acc + &bLi_HRi } else { acc @@ -116,7 +116,7 @@ impl InnerProductArg { let x = Sha256::new().chain_points([&L, &R, ux]).result_scalar(); let x_bn = x.to_bigint(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let x_inv_fe = x.invert().unwrap(); let a_new = (0..n) @@ -143,7 +143,7 @@ impl InnerProductArg { let GRx = &G_R[i] * &x; GRx + GLx_inv }) - .collect::>>(); + .collect::>>(); // G = &mut G_new[..]; let H_new = (0..n) @@ -152,7 +152,7 @@ impl InnerProductArg { let HRx_inv = &H_R[i] * &x_inv_fe; HLx + HRx_inv }) - .collect::>>(); + .collect::>>(); // H = &mut H_new[..]; L_vec.push(L); @@ -170,10 +170,10 @@ impl InnerProductArg { pub fn verify( &self, - g_vec: &[Point], - hi_tag: &[Point], - ux: &Point, - P: &Point, + g_vec: &[Point], + hi_tag: &[Point], + ux: &Point, + P: &Point, ) -> Result<(), Errors> { let G = g_vec; let H = hi_tag; @@ -193,12 +193,12 @@ impl InnerProductArg { .chain_points([&self.L[0], &self.R[0], ux]) .result_scalar(); let x_bn = x.to_bigint(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let x_inv_fe = x.invert().unwrap(); let x_sq_bn = BigInt::mod_mul(&x_bn, &x_bn, order); let x_inv_sq_bn = BigInt::mod_mul(&x_inv_fe.to_bigint(), &x_inv_fe.to_bigint(), order); - let x_sq_fe = Scalar::::from(&x_sq_bn); - let x_inv_sq_fe = Scalar::::from(&x_inv_sq_bn); + let x_sq_fe = Scalar::::from(&x_sq_bn); + let x_inv_sq_fe = Scalar::::from(&x_inv_sq_bn); let G_new = (0..n) .map(|i| { @@ -206,7 +206,7 @@ impl InnerProductArg { let GRx = &G_R[i] * &x; GRx + GLx_inv }) - .collect::>>(); + .collect::>>(); // G = &mut G_new[..]; let H_new = (0..n) @@ -215,7 +215,7 @@ impl InnerProductArg { let HRx_inv = &H_R[i] * &x_inv_fe; HLx + HRx_inv }) - .collect::>>(); + .collect::>>(); // H = &mut H_new[..]; let Lx_sq = &self.L[0] * &x_sq_fe; let Rx_sq_inv = &self.R[0] * &x_inv_sq_fe; @@ -229,8 +229,8 @@ impl InnerProductArg { return ip.verify(&G_new, &H_new, ux, &P_tag); } - let a_fe = Scalar::::from(&self.a_tag); - let b_fe = Scalar::::from(&self.b_tag); + let a_fe = Scalar::::from(&self.a_tag); + let b_fe = Scalar::::from(&self.b_tag); let c = &a_fe * &b_fe; let Ga = &G[0] * &a_fe; let Hb = &H[0] * &b_fe; @@ -252,15 +252,15 @@ impl InnerProductArg { /// pub fn fast_verify( &self, - g_vec: &[Point], - hi_tag: &[Point], - ux: &Point, - P: &Point, + g_vec: &[Point], + hi_tag: &[Point], + ux: &Point, + P: &Point, ) -> Result<(), Errors> { let G = g_vec; let H = hi_tag; let n = G.len(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); // All of the input vectors must have the same length. assert_eq!(G.len(), n); @@ -279,7 +279,7 @@ impl InnerProductArg { let mut minus_x_inv_sq_vec: Vec = Vec::with_capacity(lg_n); let mut allinv = BigInt::one(); for (Li, Ri) in self.L.iter().zip(self.R.iter()) { - let x: Scalar = Sha256::new().chain_points([Li, Ri, ux]).result_scalar(); + let x: Scalar = Sha256::new().chain_points([Li, Ri, ux]).result_scalar(); let x_bn = x.to_bigint(); let x_inv_fe = x.invert().unwrap(); let x_inv_bn = x_inv_fe.to_bigint(); @@ -322,20 +322,20 @@ impl InnerProductArg { scalars.extend_from_slice(&minus_x_sq_vec); scalars.extend_from_slice(&minus_x_inv_sq_vec); - let mut points: Vec> = Vec::with_capacity(2 * n + 2 * lg_n + 1); + let mut points: Vec> = Vec::with_capacity(2 * n + 2 * lg_n + 1); points.extend_from_slice(g_vec); points.extend_from_slice(hi_tag); points.extend_from_slice(&self.L); points.extend_from_slice(&self.R); let c = BigInt::mod_mul(&self.a_tag, &self.b_tag, order); - let ux_c = ux * &Scalar::::from(&c); + let ux_c = ux * &Scalar::::from(&c); let tot_len = points.len(); let expect_P = (0..tot_len) - .map(|i| &points[i] * &Scalar::::from(&scalars[i])) - .fold(ux_c, |acc, x| acc + x as Point); + .map(|i| &points[i] * &Scalar::::from(&scalars[i])) + .fold(ux_c, |acc, x| acc + x as Point); if *P == expect_P { Ok(()) @@ -345,14 +345,14 @@ impl InnerProductArg { } } -fn inner_product(a: &[BigInt], b: &[BigInt]) -> BigInt { +fn inner_product(a: &[BigInt], b: &[BigInt]) -> BigInt { assert_eq!( a.len(), b.len(), "inner_product(a,b): lengths of vectors do not match" ); let out = BigInt::zero(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let out = a.iter().zip(b).fold(out, |acc, x| { let aibi = BigInt::mod_mul(x.0, x.1, order); BigInt::mod_add(&acc, &aibi, order) @@ -408,7 +408,7 @@ mod tests { rand.to_bigint() }) .collect(); - let c = super::inner_product(&a, &b); + let c = super::inner_product::(&a, &b); let y = Scalar::::random(); let order = Scalar::::group_order(); @@ -488,7 +488,7 @@ mod tests { rand.to_bigint() }) .collect(); - let c = super::inner_product(&a, &b); + let c = super::inner_product::(&a, &b); let y = Scalar::::random(); let order = Scalar::::group_order(); @@ -555,7 +555,7 @@ mod tests { let hash = Sha512::new().chain_bigint(&label).result_bigint(); let Gx = generate_random_point(&Converter::to_bytes(&hash)); - let c = super::inner_product(a, b); + let c = super::inner_product::(a, b); let y = Scalar::::random(); let order = Scalar::::group_order(); diff --git a/src/proofs/range_proof.rs b/src/proofs/range_proof.rs index faf114d..f79aad4 100644 --- a/src/proofs/range_proof.rs +++ b/src/proofs/range_proof.rs @@ -19,7 +19,7 @@ version 3 of the License, or (at your option) any later version. use curv::arithmetic::traits::*; use curv::cryptographic_primitives::hashing::{Digest, DigestExt}; -use curv::elliptic::curves::{secp256_k1::Secp256k1, Curve, ECPoint, Point, Scalar}; +use curv::elliptic::curves::{Curve, ECPoint, Point, Scalar}; use curv::BigInt; use sha2::Sha256; @@ -30,32 +30,32 @@ use std::ops::{Shl, Shr}; use Errors::{self, RangeProofError}; #[derive(Clone, Debug, Serialize, Deserialize)] -pub struct RangeProof { - A: Point, - S: Point, - T1: Point, - T2: Point, - tau_x: Scalar, - miu: Scalar, - tx: Scalar, - inner_product_proof: InnerProductArg, +pub struct RangeProof { + A: Point, + S: Point, + T1: Point, + T2: Point, + tau_x: Scalar, + miu: Scalar, + tx: Scalar, + inner_product_proof: InnerProductArg, } -impl RangeProof { +impl RangeProof { pub fn prove( - g_vec: &[Point], - h_vec: &[Point], - G: &Point, - H: &Point, - mut secret: Vec>, - blinding: &[Scalar], + g_vec: &[Point], + h_vec: &[Point], + G: &Point, + H: &Point, + mut secret: Vec>, + blinding: &[Scalar], bit_length: usize, - ) -> RangeProof { + ) -> Self { let num_of_proofs = secret.len(); //num of proofs times bit length let nm = num_of_proofs * bit_length; - let alpha = Scalar::::random(); - let rho = Scalar::::random(); + let alpha = Scalar::::random(); + let rho = Scalar::::random(); let g_vec = g_vec.to_vec(); let h_vec = h_vec.to_vec(); @@ -64,7 +64,7 @@ impl RangeProof { let mut S = H * ρ let two = BigInt::from(2); let one = BigInt::from(1); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); //concat all secrets: secret.reverse(); @@ -107,11 +107,11 @@ impl RangeProof { .fold(A, |acc, x| if !x.1 { acc - x.0 } else { acc }); let SR = (0..nm) - .map(|_| Scalar::::random()) - .collect::>>(); + .map(|_| Scalar::::random()) + .collect::>>(); let SL = (0..nm) - .map(|_| Scalar::::random()) - .collect::>>(); + .map(|_| Scalar::::random()) + .collect::>>(); S = SL.iter().zip(&SR).fold(S, |acc, x| { let g_vec_i_SLi = &g_vec[index] * x.0; @@ -122,25 +122,25 @@ impl RangeProof { }); let y = Sha256::new().chain_points([&A, &S]).result_scalar(); - let base_point = Point::::generator(); - let yG: Point = base_point * &y; - let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); + let base_point = Point::::generator(); + let yG: Point = base_point * &y; + let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); let z_bn = z.to_bigint(); - let one_fe = Scalar::::from(&one); + let one_fe = Scalar::::from(&one); let yi = iterate(one_fe.clone(), |i| i.clone() * &y) .take(nm) - .collect::>>(); + .collect::>>(); let t2 = (0..nm) .map(|i| SR[i].clone() * &yi[i] * &SL[i]) - .fold(Scalar::::zero(), |acc, x| acc + x); + .fold(Scalar::::zero(), |acc, x| acc + x); let t2 = t2.to_bigint(); - let two_fe = Scalar::::from(&two); + let two_fe = Scalar::::from(&two); let vec_2n = iterate(one_fe, |i| i.clone() * &two_fe) .take(bit_length) - .collect::>>(); + .collect::>>(); let t1 = (0..nm) .map(|i| { @@ -161,10 +161,10 @@ impl RangeProof { }) .fold(BigInt::zero(), |acc, x| BigInt::mod_add(&acc, &x, order)); - let tau1 = Scalar::::random(); - let tau2 = Scalar::::random(); - let t1_fe = Scalar::::from(&t1); - let t2_fe = Scalar::::from(&t2); + let tau1 = Scalar::::random(); + let tau2 = Scalar::::random(); + let t1_fe = Scalar::::from(&t1); + let t2_fe = Scalar::::from(&t2); let T1 = G * &t1_fe + H * &tau1; let T2 = G * &t2_fe + H * &tau2; @@ -176,7 +176,7 @@ impl RangeProof { .map(|i| { let j = BigInt::mod_add(&two, &BigInt::from(i as u32), order); let z_j = BigInt::mod_pow(&z_bn, &j, order); - let z_j_fe = Scalar::::from(&z_j); + let z_j_fe = Scalar::::from(&z_j); z_j_fe * &blinding[i] }) .fold(taux_2, |acc, x| acc + &x); @@ -209,9 +209,9 @@ impl RangeProof { let Lp_iRp_i = BigInt::mod_mul(x.0, x.1, order); BigInt::mod_add(&acc, &Lp_iRp_i, order) }); - let tx_fe = Scalar::::from(&tx); + let tx_fe = Scalar::::from(&tx); - let challenge_x: Scalar = Sha256::new() + let challenge_x: Scalar = Sha256::new() .chain_bigint(&tau_x.to_bigint()) .chain_bigint(&miu.to_bigint()) .chain_bigint(&tx) @@ -226,20 +226,20 @@ impl RangeProof { // yi_fe.invert() yi[i].invert().unwrap() }) - .collect::>>(); + .collect::>>(); let hi_tag = (0..nm) .map(|i| &h_vec[i] * &yi_inv[i]) - .collect::>>(); + .collect::>>(); // P' = P' g^l let P = g_vec.iter().zip(&Lp).fold(P, |acc, x| { - let g_vec_i_lp_i = x.0 * &Scalar::::from(x.1); + let g_vec_i_lp_i = x.0 * &Scalar::::from(x.1); acc + g_vec_i_lp_i }); // P' = P' h'^r let P = hi_tag.iter().zip(&Rp).fold(P, |acc, x| { - let h_vec_i_rp_i = x.0 * &Scalar::::from(x.1); + let h_vec_i_rp_i = x.0 * &Scalar::::from(x.1); acc + h_vec_i_rp_i }); // line 9 @@ -264,11 +264,11 @@ impl RangeProof { pub fn verify( &self, - g_vec: &[Point], - h_vec: &[Point], - G: &Point, - H: &Point, - ped_com: &[Point], + g_vec: &[Point], + h_vec: &[Point], + G: &Point, + H: &Point, + ped_com: &[Point], bit_length: usize, ) -> Result<(), Errors> { let num_of_proofs = ped_com.len(); @@ -277,35 +277,31 @@ impl RangeProof { let y = Sha256::new() .chain_points([&self.A, &self.S]) .result_scalar(); - let base_point = Point::::generator(); - let yG: Point = base_point * &y; - let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); + let base_point = Point::::generator(); + let yG: Point = base_point * &y; + let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); let z_bn = z.to_bigint(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let z_minus = BigInt::mod_sub(order, &z.to_bigint(), order); - let z_minus_fe = Scalar::::from(&z_minus); + let z_minus_fe = Scalar::::from(&z_minus); let z_squared = BigInt::mod_pow(&z.to_bigint(), &BigInt::from(2), order); // delta(x,y): let one_bn = BigInt::one(); - let one_fe = Scalar::::from(&one_bn); + let one_fe = Scalar::::from(&one_bn); let yi = iterate(one_fe.clone(), |i| i.clone() * &y) .take(nm) - .collect::>>(); + .collect::>>(); - let scalar_mul_yn = yi - .iter() - .fold(Scalar::::zero(), |acc, x| acc + x); + let scalar_mul_yn = yi.iter().fold(Scalar::::zero(), |acc, x| acc + x); let scalar_mul_yn = scalar_mul_yn.to_bigint(); let two = BigInt::from(2); - let two_fe = Scalar::::from(&two); + let two_fe = Scalar::::from(&two); let vec_2n = iterate(one_fe, |i| i.clone() * &two_fe) .take(bit_length) - .collect::>>(); + .collect::>>(); - let scalar_mul_2n = vec_2n - .iter() - .fold(Scalar::::zero(), |acc, x| acc + x); + let scalar_mul_2n = vec_2n.iter().fold(Scalar::::zero(), |acc, x| acc + x); let scalar_mul_2n = scalar_mul_2n.to_bigint(); let z_cubed_scalar_mul_2n = (0..num_of_proofs) @@ -322,11 +318,11 @@ impl RangeProof { let yi_inv = (0..nm) .map(|i| yi[i].invert().unwrap()) - .collect::>>(); + .collect::>>(); let hi_tag = (0..nm) .map(|i| &h_vec[i] * &yi_inv[i]) - .collect::>>(); + .collect::>>(); let fs_challenge = Sha256::new() .chain_points([&self.T1, &self.T2, G, H]) @@ -337,7 +333,7 @@ impl RangeProof { let Gtx = G * &self.tx; let Htaux = H * &self.tau_x; let left_side = Gtx + Htaux; - let delta_fe = Scalar::::from(&delta); + let delta_fe = Scalar::::from(&delta); let Gdelta = G * &delta_fe; let Tx = &self.T1 * &fs_challenge; let Tx_sq = &self.T2 * &fs_challenge_square; @@ -345,10 +341,10 @@ impl RangeProof { let mut vec_ped_zm = (0..num_of_proofs) .map(|i| { let z_2_m = BigInt::mod_pow(&z_bn, &BigInt::from((2 + i) as u32), order); - let z_2_m_fe = Scalar::::from(&z_2_m); + let z_2_m_fe = Scalar::::from(&z_2_m); &ped_com[i] * &z_2_m_fe }) - .collect::>>(); + .collect::>>(); let vec_ped_zm_1 = vec_ped_zm.remove(0); let ped_com_sum = vec_ped_zm.iter().fold(vec_ped_zm_1, |acc, x| acc + x); let right_side = ped_com_sum + Gdelta + Tx + Tx_sq; @@ -363,11 +359,11 @@ impl RangeProof { let P = &Gx * &self.tx; let minus_miu = BigInt::mod_sub( - Scalar::::group_order(), + Scalar::::group_order(), &self.miu.to_bigint(), - Scalar::::group_order(), + Scalar::::group_order(), ); - let minus_miu_fe = Scalar::::from(&minus_miu); + let minus_miu_fe = Scalar::::from(&minus_miu); let Hmiu = H * &minus_miu_fe; let Sx = &self.S * &fs_challenge; let P = Hmiu + P + self.A.clone() + Sx; @@ -381,7 +377,7 @@ impl RangeProof { let z_j_2_n = BigInt::mod_mul(&z_j, &vec_2n[k].to_bigint(), order); // let z_sq_2n = BigInt::mod_mul(&z_squared, &vec_2n[i], &order); let zyn_zsq2n = BigInt::mod_add(&z_yn, &z_j_2_n, order); - let zyn_zsq2n_fe = Scalar::::from(&zyn_zsq2n); + let zyn_zsq2n_fe = Scalar::::from(&zyn_zsq2n); &hi_tag[i] * &zyn_zsq2n_fe }) .fold(P, |acc, x| acc + x); @@ -399,11 +395,11 @@ impl RangeProof { pub fn fast_verify( &self, - g_vec: &[Point], - h_vec: &[Point], - G: &Point, - H: &Point, - ped_com: &[Point], + g_vec: &[Point], + h_vec: &[Point], + G: &Point, + H: &Point, + ped_com: &[Point], bit_length: usize, ) -> Result<(), Errors> { let num_of_proofs = ped_com.len(); @@ -412,35 +408,31 @@ impl RangeProof { let y = Sha256::new() .chain_points([&self.A, &self.S]) .result_scalar(); - let base_point = Point::::generator(); - let yG: Point = base_point * &y; - let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); + let base_point = Point::::generator(); + let yG: Point = base_point * &y; + let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); let z_bn = z.to_bigint(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let z_minus = BigInt::mod_sub(order, &z.to_bigint(), order); - let z_minus_fe = Scalar::::from(&z_minus); + let z_minus_fe = Scalar::::from(&z_minus); let z_squared = BigInt::mod_pow(&z.to_bigint(), &BigInt::from(2), order); // delta(x,y): let one_bn = BigInt::one(); - let one_fe = Scalar::::from(&one_bn); + let one_fe = Scalar::::from(&one_bn); let yi = iterate(one_fe.clone(), |i| i.clone() * &y) .take(nm) - .collect::>>(); + .collect::>>(); - let scalar_mul_yn = yi - .iter() - .fold(Scalar::::zero(), |acc, x| acc + x); + let scalar_mul_yn = yi.iter().fold(Scalar::::zero(), |acc, x| acc + x); let scalar_mul_yn = scalar_mul_yn.to_bigint(); let two = BigInt::from(2); - let two_fe = Scalar::::from(&two); + let two_fe = Scalar::::from(&two); let vec_2n = iterate(one_fe, |i| i.clone() * &two_fe) .take(bit_length) - .collect::>>(); + .collect::>>(); - let scalar_mul_2n = vec_2n - .iter() - .fold(Scalar::::zero(), |acc, x| acc + x); + let scalar_mul_2n = vec_2n.iter().fold(Scalar::::zero(), |acc, x| acc + x); let scalar_mul_2n = scalar_mul_2n.to_bigint(); let z_cubed_scalar_mul_2n = (0..num_of_proofs) @@ -457,11 +449,11 @@ impl RangeProof { let yi_inv = (0..nm) .map(|i| yi[i].invert().unwrap()) - .collect::>>(); + .collect::>>(); let hi_tag = (0..nm) .map(|i| &h_vec[i] * &yi_inv[i]) - .collect::>>(); + .collect::>>(); let fs_challenge = Sha256::new() .chain_points([&self.T1, &self.T2, G, H]) @@ -472,7 +464,7 @@ impl RangeProof { let Gtx = G * &self.tx; let Htaux = H * &self.tau_x; let left_side = Gtx + Htaux; - let delta_fe = Scalar::::from(&delta); + let delta_fe = Scalar::::from(&delta); let Gdelta = G * &delta_fe; let Tx = &self.T1 * &fs_challenge; let Tx_sq = &self.T2 * &fs_challenge_square; @@ -480,10 +472,10 @@ impl RangeProof { let mut vec_ped_zm = (0..num_of_proofs) .map(|i| { let z_2_m = BigInt::mod_pow(&z_bn, &BigInt::from((2 + i) as u32), order); - let z_2_m_fe = Scalar::::from(&z_2_m); + let z_2_m_fe = Scalar::::from(&z_2_m); &ped_com[i] * &z_2_m_fe }) - .collect::>>(); + .collect::>>(); let vec_ped_zm_1 = vec_ped_zm.remove(0); let ped_com_sum = vec_ped_zm.iter().fold(vec_ped_zm_1, |acc, x| acc + x); let right_side = ped_com_sum + Gdelta + Tx + Tx_sq; @@ -498,11 +490,11 @@ impl RangeProof { let P = &Gx * &self.tx; let minus_miu = BigInt::mod_sub( - Scalar::::group_order(), + Scalar::::group_order(), &self.miu.to_bigint(), - Scalar::::group_order(), + Scalar::::group_order(), ); - let minus_miu_fe = Scalar::::from(&minus_miu); + let minus_miu_fe = Scalar::::from(&minus_miu); let Hmiu = H * &minus_miu_fe; let Sx = &self.S * &fs_challenge; let P = Hmiu + P + self.A.clone() + Sx; @@ -516,7 +508,7 @@ impl RangeProof { let z_j_2_n = BigInt::mod_mul(&z_j, &vec_2n[k].to_bigint(), order); // let z_sq_2n = BigInt::mod_mul(&z_squared, &vec_2n[i], &order); let zyn_zsq2n = BigInt::mod_add(&z_yn, &z_j_2_n, order); - let zyn_zsq2n_fe = Scalar::::from(&zyn_zsq2n); + let zyn_zsq2n_fe = Scalar::::from(&zyn_zsq2n); &hi_tag[i] * &zyn_zsq2n_fe }) .fold(P, |acc, x| acc + x); @@ -536,18 +528,18 @@ impl RangeProof { pub fn aggregated_verify( &self, - g_vec: &[Point], - h_vec: &[Point], - G: &Point, - H: &Point, - ped_com: &[Point], + g_vec: &[Point], + h_vec: &[Point], + G: &Point, + H: &Point, + ped_com: &[Point], bit_length: usize, ) -> Result<(), Errors> { let n = bit_length; let m = ped_com.len(); let nm = m * n; let lg_nm = self.inner_product_proof.L.len(); - let order = Scalar::::group_order(); + let order = Scalar::::group_order(); let two = BigInt::from(2); let one = BigInt::from(1); let zero = BigInt::zero(); @@ -567,13 +559,13 @@ impl RangeProof { .result_scalar(); let y_bn = y.to_bigint(); let y_inv_bn = BigInt::mod_inv(&y_bn, order).unwrap(); - let base_point = Point::::generator(); - let yG: Point = base_point * &y; - let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); + let base_point = Point::::generator(); + let yG: Point = base_point * &y; + let z: Scalar = Sha256::new().chain_points([&yG]).result_scalar(); let z_bn = z.to_bigint(); let z_squared = BigInt::mod_pow(&z_bn, &BigInt::from(2), order); - let challenge_x: Scalar = Sha256::new() + let challenge_x: Scalar = Sha256::new() .chain_points([&self.T1, &self.T2, G, H]) .result_scalar(); let challenge_x_sq = &challenge_x * &challenge_x; @@ -588,7 +580,7 @@ impl RangeProof { let ux = G * &x_u_fe; // generate a random scalar to combine 2 verification equations - let challenge_ver: Scalar = Sha256::new() + let challenge_ver: Scalar = Sha256::new() .chain_points([&self.A, &self.S, &self.T1, &self.T2, G, H]) .result_scalar(); let challenge_ver_bn = challenge_ver.to_bigint(); @@ -653,7 +645,7 @@ impl RangeProof { .iter() .zip(self.inner_product_proof.R.iter()) { - let x: Scalar = Sha256::new().chain_points([Li, Ri, &ux]).result_scalar(); + let x: Scalar = Sha256::new().chain_points([Li, Ri, &ux]).result_scalar(); let x_bn = x.to_bigint(); let x_inv_fe = x.invert().unwrap(); let x_inv_bn = x_inv_fe.to_bigint(); @@ -754,7 +746,7 @@ impl RangeProof { scalars.push(scalar_T2); // compute concatenated base vector - let mut points: Vec> = Vec::with_capacity(2 * nm + 2 * lg_nm + m + 6); + let mut points: Vec> = Vec::with_capacity(2 * nm + 2 * lg_nm + m + 6); points.extend_from_slice(g_vec); points.extend_from_slice(h_vec); points.push(G.clone()); @@ -767,11 +759,11 @@ impl RangeProof { points.push(self.T1.clone()); points.push(self.T2.clone()); - let H_times_scalar_H = H * &Scalar::::from(&scalar_H); + let H_times_scalar_H = H * &Scalar::::from(&scalar_H); let tot_len = points.len(); let lhs = (0..tot_len) - .map(|i| &points[i] * &Scalar::::from(&scalars[i])) - .fold(H_times_scalar_H, |acc, x| acc + x as Point); + .map(|i| &points[i] * &Scalar::::from(&scalars[i])) + .fold(H_times_scalar_H, |acc, x| acc + x as Point); // single multi-exponentiation check if lhs == self.A { @@ -782,18 +774,14 @@ impl RangeProof { } } -pub fn generate_random_point(bytes: &[u8]) -> Point { - let compressed_point_len = - <::Point as ECPoint>::CompressedPointLength::USIZE; +pub fn generate_random_point(bytes: &[u8]) -> Point { + let compressed_point_len = ::CompressedPointLength::USIZE; let truncated = if bytes.len() > compressed_point_len - 1 { &bytes[0..compressed_point_len - 1] } else { &bytes }; - let mut buffer = GenericArray::< - u8, - <::Point as ECPoint>::CompressedPointLength, - >::default(); + let mut buffer = GenericArray::::CompressedPointLength>::default(); buffer.as_mut_slice()[0] = 0x2; buffer.as_mut_slice()[1..1 + truncated.len()].copy_from_slice(truncated); if let Ok(point) = Point::from_bytes(buffer.as_slice()) { @@ -802,7 +790,7 @@ pub fn generate_random_point(bytes: &[u8]) -> Point { let bn = BigInt::from_bytes(bytes); let two = BigInt::from(2); - let bn_times_two = BigInt::mod_mul(&bn, &two, Scalar::::group_order()); + let bn_times_two = BigInt::mod_mul(&bn, &two, Scalar::::group_order()); let bytes = BigInt::to_bytes(&bn_times_two); generate_random_point(&bytes) }