From 6ea746e7f3e48cdedc62a67e144368b67058f26d Mon Sep 17 00:00:00 2001 From: aniampio Date: Thu, 8 Aug 2024 16:47:17 +0100 Subject: [PATCH] Add test for check if h is identity in the verify_partial_blind_signature --- common/nym_offline_compact_ecash/src/error.rs | 3 ++ .../src/scheme/withdrawal.rs | 42 +++++++++++++++++-- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/common/nym_offline_compact_ecash/src/error.rs b/common/nym_offline_compact_ecash/src/error.rs index 0d49581ec6..a1afef7b62 100644 --- a/common/nym_offline_compact_ecash/src/error.rs +++ b/common/nym_offline_compact_ecash/src/error.rs @@ -40,6 +40,9 @@ pub enum CompactEcashError { #[error("issuance verification failed")] IssuanceVerification, + #[error("verification of partial blind signature failed")] + PartialBlindSignatureVerification, + #[error("trying to spend more than what's available. Spending : {spending}, available : {remaining}")] SpendExceedsAllowance { spending: u64, remaining: u64 }, diff --git a/common/nym_offline_compact_ecash/src/scheme/withdrawal.rs b/common/nym_offline_compact_ecash/src/scheme/withdrawal.rs index b744450628..3a0b64077e 100644 --- a/common/nym_offline_compact_ecash/src/scheme/withdrawal.rs +++ b/common/nym_offline_compact_ecash/src/scheme/withdrawal.rs @@ -493,7 +493,12 @@ pub fn verify_partial_blind_signature( if num_private_attributes + public_attributes.len() > partial_verification_key.beta_g2.len() { return false; } - + // Note: This check is useful if someone uses the code of those functions + // to verify Pointcheval-Sanders signatures in a context different for their use + // in zk-nyms + if bool::from(blind_sig.h.is_identity()){ + return false; + } // TODO: we're losing some memory here due to extra allocation, // but worst-case scenario (given SANE amount of attributes), it's just few kb at most let c_neg = blind_sig.c.to_affine().neg(); @@ -553,8 +558,10 @@ pub fn verify_partial_blind_signature( #[cfg(test)] mod tests { use crate::ecash_group_parameters; - use crate::scheme::keygen::SecretKeyUser; - use super::generate_non_identity_h; + use crate::scheme::keygen::{SecretKeyUser, VerificationKeyAuth}; + use super::{generate_non_identity_h, verify_partial_blind_signature}; + use crate::common_types::{BlindedSignature}; + use bls12_381::{G1Projective}; #[test] fn test_generate_non_identity_h() { @@ -572,4 +579,33 @@ mod tests { // Ensure that the joined_commitment_hash is not the identity element assert!(!bool::from(joined_commitment_hash.is_identity()), "Joined commitment hash should not be the identity element"); } + + #[test] + fn test_verify_partial_blind_signature_blind_sig_identity() { + let params = ecash_group_parameters(); + let private_attribute_commitments = vec![params.gen1() * params.random_scalar()]; + let public_attributes = vec![]; + // Create a blinded signature with h being the identity element + let blind_sig = BlindedSignature { + h: G1Projective::identity(), + c: params.gen1() * params.random_scalar(), + }; + // Create a mock partial verification key + let partial_verification_key = VerificationKeyAuth { + alpha: params.gen2() * params.random_scalar(), + beta_g1: vec![params.gen1() * params.random_scalar()], + beta_g2: vec![params.gen2() * params.random_scalar()], + }; + + // Test with identity h, expecting false + assert!( + !verify_partial_blind_signature( + &private_attribute_commitments, + &public_attributes, + &blind_sig, + &partial_verification_key + ), + "Expected verification to return false for identity h in blind signature" + ); + } } \ No newline at end of file