mirror of
https://github.com/serai-dex/serai.git
synced 2025-01-18 08:45:00 +00:00
Slight tweaks to BP+
This commit is contained in:
Luke Parker
parent
c73acb3d62
commit
558a2bfa46
4 changed files with 19 additions and 24 deletions
|
|
@ -91,7 +91,7 @@ impl Bulletproofs {
|
||||||
Bulletproofs::Plus(
|
Bulletproofs::Plus(
|
||||||
AggregateRangeStatement::new(outputs.iter().map(|com| DfgPoint(com.calculate())).collect())
|
AggregateRangeStatement::new(outputs.iter().map(|com| DfgPoint(com.calculate())).collect())
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.prove(rng, &Zeroizing::new(AggregateRangeWitness::new(outputs).unwrap()))
|
.prove(rng, &Zeroizing::new(AggregateRangeWitness::new(outputs.to_vec()).unwrap()))
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ use crate::{
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
// Figure 3
|
// Figure 3 of the Bulletproofs+ Paper
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub(crate) struct AggregateRangeStatement {
|
pub(crate) struct AggregateRangeStatement {
|
||||||
generators: Generators,
|
generators: Generators,
|
||||||
|
|
@ -38,24 +38,15 @@ impl Zeroize for AggregateRangeStatement {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone, Debug, Zeroize, ZeroizeOnDrop)]
|
#[derive(Clone, Debug, Zeroize, ZeroizeOnDrop)]
|
||||||
pub(crate) struct AggregateRangeWitness {
|
pub(crate) struct AggregateRangeWitness(Vec<Commitment>);
|
||||||
values: Vec<u64>,
|
|
||||||
gammas: Vec<Scalar>,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl AggregateRangeWitness {
|
impl AggregateRangeWitness {
|
||||||
pub(crate) fn new(commitments: &[Commitment]) -> Option<Self> {
|
pub(crate) fn new(commitments: Vec<Commitment>) -> Option<Self> {
|
||||||
if commitments.is_empty() || (commitments.len() > MAX_M) {
|
if commitments.is_empty() || (commitments.len() > MAX_M) {
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut values = Vec::with_capacity(commitments.len());
|
Some(AggregateRangeWitness(commitments))
|
||||||
let mut gammas = Vec::with_capacity(commitments.len());
|
|
||||||
for commitment in commitments {
|
|
||||||
values.push(commitment.amount);
|
|
||||||
gammas.push(Scalar(commitment.mask));
|
|
||||||
}
|
|
||||||
Some(AggregateRangeWitness { values, gammas })
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -162,13 +153,11 @@ impl AggregateRangeStatement {
|
||||||
witness: &AggregateRangeWitness,
|
witness: &AggregateRangeWitness,
|
||||||
) -> Option<AggregateRangeProof> {
|
) -> Option<AggregateRangeProof> {
|
||||||
// Check for consistency with the witness
|
// Check for consistency with the witness
|
||||||
if self.V.len() != witness.values.len() {
|
if self.V.len() != witness.0.len() {
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
for (commitment, (value, gamma)) in
|
for (commitment, witness) in self.V.iter().zip(witness.0.iter()) {
|
||||||
self.V.iter().zip(witness.values.iter().zip(witness.gammas.iter()))
|
if witness.calculate() != **commitment {
|
||||||
{
|
|
||||||
if Commitment::new(**gamma, *value).calculate() != **commitment {
|
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -196,7 +185,13 @@ impl AggregateRangeStatement {
|
||||||
let mut a_l = ScalarVector(Vec::with_capacity(V.len() * N));
|
let mut a_l = ScalarVector(Vec::with_capacity(V.len() * N));
|
||||||
for j in 1 ..= V.len() {
|
for j in 1 ..= V.len() {
|
||||||
d_js.push(Self::d_j(j, V.len()));
|
d_js.push(Self::d_j(j, V.len()));
|
||||||
a_l.0.append(&mut u64_decompose(*witness.values.get(j - 1).unwrap_or(&0)).0);
|
#[allow(clippy::map_unwrap_or)]
|
||||||
|
a_l.0.append(
|
||||||
|
&mut u64_decompose(
|
||||||
|
*witness.0.get(j - 1).map(|commitment| &commitment.amount).unwrap_or(&0),
|
||||||
|
)
|
||||||
|
.0,
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
let a_r = a_l.clone() - Scalar::ONE;
|
let a_r = a_l.clone() - Scalar::ONE;
|
||||||
|
|
@ -223,8 +218,8 @@ impl AggregateRangeStatement {
|
||||||
let a_l = a_l - z;
|
let a_l = a_l - z;
|
||||||
let a_r = a_r + &d_descending_y_plus_z;
|
let a_r = a_r + &d_descending_y_plus_z;
|
||||||
let mut alpha = alpha;
|
let mut alpha = alpha;
|
||||||
for j in 1 ..= witness.gammas.len() {
|
for j in 1 ..= witness.0.len() {
|
||||||
alpha += z_pow[j - 1] * witness.gammas[j - 1] * y_mn_plus_one;
|
alpha += z_pow[j - 1] * Scalar(witness.0[j - 1].mask) * y_mn_plus_one;
|
||||||
}
|
}
|
||||||
|
|
||||||
Some(AggregateRangeProof {
|
Some(AggregateRangeProof {
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ use crate::ringct::bulletproofs::plus::{
|
||||||
ScalarVector, PointVector, GeneratorsList, Generators, padded_pow_of_2, transcript::*,
|
ScalarVector, PointVector, GeneratorsList, Generators, padded_pow_of_2, transcript::*,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Figure 1
|
// Figure 1 of the Bulletproofs+ paper
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub(crate) struct WipStatement {
|
pub(crate) struct WipStatement {
|
||||||
generators: Generators,
|
generators: Generators,
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ fn test_aggregate_range_proof() {
|
||||||
}
|
}
|
||||||
let commitment_points = commitments.iter().map(|com| EdwardsPoint(com.calculate())).collect();
|
let commitment_points = commitments.iter().map(|com| EdwardsPoint(com.calculate())).collect();
|
||||||
let statement = AggregateRangeStatement::new(commitment_points).unwrap();
|
let statement = AggregateRangeStatement::new(commitment_points).unwrap();
|
||||||
let witness = AggregateRangeWitness::new(&commitments).unwrap();
|
let witness = AggregateRangeWitness::new(commitments).unwrap();
|
||||||
|
|
||||||
let proof = statement.clone().prove(&mut OsRng, &witness).unwrap();
|
let proof = statement.clone().prove(&mut OsRng, &witness).unwrap();
|
||||||
statement.verify(&mut OsRng, &mut verifier, (), proof);
|
statement.verify(&mut OsRng, &mut verifier, (), proof);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue