serai/crypto/dleq/src/cross_group/schnorr.rs

use rand_core::{RngCore, CryptoRng};

use transcript::Transcript;

use group::{
  ff::{Field, PrimeFieldBits},
  prime::PrimeGroup,
};
use multiexp::BatchVerifier;

use crate::challenge;

#[cfg(feature = "serialize")]
use std::io::{Read, Write};
#[cfg(feature = "serialize")]
use ff::PrimeField;
#[cfg(feature = "serialize")]
use crate::{read_scalar, cross_group::read_point};

#[allow(non_snake_case)]
#[derive(Clone, PartialEq, Eq, Debug)]
pub(crate) struct SchnorrPoK<G: PrimeGroup> {
  R: G,
  s: G::Scalar,
}

impl<G: PrimeGroup> SchnorrPoK<G>
where
  G::Scalar: PrimeFieldBits,
{
  // Not hram due to the lack of m
  #[allow(non_snake_case)]
  fn hra<T: Transcript>(transcript: &mut T, generator: G, R: G, A: G) -> G::Scalar {
    transcript.domain_separate(b"schnorr_proof_of_knowledge");
    transcript.append_message(b"generator", generator.to_bytes().as_ref());
    transcript.append_message(b"nonce", R.to_bytes().as_ref());
    transcript.append_message(b"public_key", A.to_bytes().as_ref());
    challenge(transcript)
  }

  pub(crate) fn prove<R: RngCore + CryptoRng, T: Transcript>(
    rng: &mut R,
    transcript: &mut T,
    generator: G,
    private_key: G::Scalar,
  ) -> SchnorrPoK<G> {
    let nonce = G::Scalar::random(rng);
    #[allow(non_snake_case)]
    let R = generator * nonce;
    SchnorrPoK {
      R,
      s: nonce + (private_key * SchnorrPoK::hra(transcript, generator, R, generator * private_key)),
    }
  }

  pub(crate) fn verify<R: RngCore + CryptoRng, T: Transcript>(
    &self,
    rng: &mut R,
    transcript: &mut T,
    generator: G,
    public_key: G,
    batch: &mut BatchVerifier<(), G>,
  ) {
    batch.queue(
      rng,
      (),
      [
        (-self.s, generator),
        (G::Scalar::one(), self.R),
        (Self::hra(transcript, generator, self.R, public_key), public_key),
      ],
    );
  }

  #[cfg(feature = "serialize")]
  pub fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {
    w.write_all(self.R.to_bytes().as_ref())?;
    w.write_all(self.s.to_repr().as_ref())
  }

  #[cfg(feature = "serialize")]
  pub fn deserialize<R: Read>(r: &mut R) -> std::io::Result<SchnorrPoK<G>> {
    Ok(SchnorrPoK { R: read_point(r)?, s: read_scalar(r)? })
  }
}
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`use rand_core::{RngCore, CryptoRng};`

			`use transcript::Transcript;`

Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`use group::{`
			`ff::{Field, PrimeFieldBits},`
			`prime::PrimeGroup,`
			`};`
Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`use multiexp::BatchVerifier;`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00
			`use crate::challenge;`

			`#[cfg(feature = "serialize")]`
			`use std::io::{Read, Write};`
			`#[cfg(feature = "serialize")]`
			`use ff::PrimeField;`
			`#[cfg(feature = "serialize")]`
			`use crate::{read_scalar, cross_group::read_point};`

			`#[allow(non_snake_case)]`
			`#[derive(Clone, PartialEq, Eq, Debug)]`
			`pub(crate) struct SchnorrPoK<G: PrimeGroup> {`
			`R: G,`
Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`s: G::Scalar,`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`}`

Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`impl<G: PrimeGroup> SchnorrPoK<G>`
			`where`
			`G::Scalar: PrimeFieldBits,`
			`{`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`// Not hram due to the lack of m`
			`#[allow(non_snake_case)]`
			`fn hra<T: Transcript>(transcript: &mut T, generator: G, R: G, A: G) -> G::Scalar {`
			`transcript.domain_separate(b"schnorr_proof_of_knowledge");`
			`transcript.append_message(b"generator", generator.to_bytes().as_ref());`
			`transcript.append_message(b"nonce", R.to_bytes().as_ref());`
			`transcript.append_message(b"public_key", A.to_bytes().as_ref());`
Unify the cross-group DLEq challenges This does reduce the strength of the challenges to that of the weaker field, yet that doesn't have any impact on whether or not this is ZK due to the key being shared across fields. Saves ~8kb. 2022-06-30 15:23:13 +00:00			`challenge(transcript)`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`}`

			`pub(crate) fn prove<R: RngCore + CryptoRng, T: Transcript>(`
			`rng: &mut R,`
			`transcript: &mut T,`
			`generator: G,`
Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`private_key: G::Scalar,`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`) -> SchnorrPoK<G> {`
			`let nonce = G::Scalar::random(rng);`
			`#[allow(non_snake_case)]`
			`let R = generator * nonce;`
			`SchnorrPoK {`
			`R,`
Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`s: nonce + (private_key * SchnorrPoK::hra(transcript, generator, R, generator * private_key)),`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`}`
			`}`

Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`pub(crate) fn verify<R: RngCore + CryptoRng, T: Transcript>(`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`&self,`
Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`rng: &mut R,`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`transcript: &mut T,`
			`generator: G,`
Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`public_key: G,`
Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`batch: &mut BatchVerifier<(), G>,`
Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`) {`
			`batch.queue(`
			`rng,`
			`(),`
			`[`
			`(-self.s, generator),`
			`(G::Scalar::one(), self.R),`
Apply an initial set of rustfmt rules 2022-07-15 05:26:07 +00:00			`(Self::hra(transcript, generator, self.R, public_key), public_key),`
			`],`
Consolidate concise/efficient and clean 2022-07-07 11:30:10 +00:00			`);`
Implement a DLEq library While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io. 2022-06-30 09:42:29 +00:00			`}`

			`#[cfg(feature = "serialize")]`
			`pub fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {`
			`w.write_all(self.R.to_bytes().as_ref())?;`
			`w.write_all(self.s.to_repr().as_ref())`
			`}`

			`#[cfg(feature = "serialize")]`
			`pub fn deserialize<R: Read>(r: &mut R) -> std::io::Result<SchnorrPoK<G>> {`
			`Ok(SchnorrPoK { R: read_point(r)?, s: read_scalar(r)? })`
			`}`
			`}`