Support transcripts with 32-byte challenges in the DLEq crate

This commit is contained in:
Luke Parker 2022-07-09 00:38:19 -04:00
parent f8760ae021
commit 5942492519
No known key found for this signature in database
GPG key ID: F9F1386DB1E119B6
2 changed files with 12 additions and 7 deletions

View file

@ -34,22 +34,27 @@ impl<G: PrimeGroup> Generators<G> {
} }
pub(crate) fn challenge<T: Transcript, F: PrimeField>(transcript: &mut T) -> F { pub(crate) fn challenge<T: Transcript, F: PrimeField>(transcript: &mut T) -> F {
assert!(F::NUM_BITS <= 384);
// From here, there are three ways to get a scalar under the ff/group API // From here, there are three ways to get a scalar under the ff/group API
// 1: Scalar::random(ChaCha12Rng::from_seed(self.transcript.rng_seed(b"challenge"))) // 1: Scalar::random(ChaCha12Rng::from_seed(self.transcript.rng_seed(b"challenge")))
// 2: Grabbing a UInt library to perform reduction by the modulus, then determining endianess // 2: Grabbing a UInt library to perform reduction by the modulus, then determining endianess
// and loading it in // and loading it in
// 3: Iterating over each byte and manually doubling/adding. This is simplest // 3: Iterating over each byte and manually doubling/adding. This is simplest
let challenge_bytes = transcript.challenge(b"challenge");
assert!(challenge_bytes.as_ref().len() == 64); // Get a wide amount of bytes to safely reduce without bias
let target = ((usize::try_from(F::NUM_BITS).unwrap() + 7) / 8) * 2;
let mut challenge_bytes = transcript.challenge(b"challenge").as_ref().to_vec();
while challenge_bytes.len() < target {
// Secure given transcripts updating on challenge
challenge_bytes.extend(transcript.challenge(b"challenge_extension").as_ref());
}
challenge_bytes.truncate(target);
let mut challenge = F::zero(); let mut challenge = F::zero();
for b in challenge_bytes.as_ref() { for b in challenge_bytes {
for _ in 0 .. 8 { for _ in 0 .. 8 {
challenge = challenge.double(); challenge = challenge.double();
} }
challenge += F::from(u64::from(*b)); challenge += F::from(u64::from(b));
} }
challenge challenge
} }

View file

@ -158,7 +158,7 @@ fn test_rejection_sampling() {
// Either would work // Either would work
EfficientLinearDLEq::prove_without_bias( EfficientLinearDLEq::prove_without_bias(
&mut OsRng, &mut OsRng,
&mut RecommendedTranscript::new(b""), &mut transcript(),
generators(), generators(),
pow_2 pow_2
).is_none() ).is_none()