diff --git a/common/credentials/src/bandwidth.rs b/common/credentials/src/bandwidth.rs index c945236bdf..aadafed65e 100644 --- a/common/credentials/src/bandwidth.rs +++ b/common/credentials/src/bandwidth.rs @@ -9,12 +9,12 @@ use url::Url; use coconut_interface::{ - Attribute, Credential, hash_to_scalar, Parameters, PrivateAttribute, PublicAttribute, + Attribute, Credential, Parameters, PrivateAttribute, PublicAttribute, Signature, VerificationKey, }; use crate::error::Error; -use crate::utils::{obtain_aggregate_signature, prepare_credential_for_spending, ValidatorInfo}; +use crate::utils::{obtain_aggregate_signature, prepare_credential_for_spending}; pub const BANDWIDTH_VALUE: u64 = 10 * 1024 * 1024 * 1024; // 10 GB diff --git a/common/credentials/src/utils.rs b/common/credentials/src/utils.rs index fd3c16ca33..cb5dbb4309 100644 --- a/common/credentials/src/utils.rs +++ b/common/credentials/src/utils.rs @@ -1,14 +1,17 @@ // Copyright 2021 - Nym Technologies SA // SPDX-License-Identifier: Apache-2.0 -use crate::error::Error; +use std::borrow::Borrow; + +use url::Url; + use coconut_interface::{ - aggregate_signature_shares, aggregate_verification_keys, hash_to_scalar, prepare_blind_sign, - prove_credential, Attribute, BlindSignRequestBody, Credential, Parameters, Signature, + aggregate_signature_shares, aggregate_verification_keys, Attribute, + BlindSignRequestBody, Credential, Parameters, prepare_blind_sign, prove_credential, Signature, SignatureShare, VerificationKey, }; -use std::borrow::Borrow; -use url::Url; + +use crate::error::Error; /// Contacts all provided validators and then aggregate their verification keys. /// @@ -97,11 +100,6 @@ async fn obtain_partial_credential( .unwrap()) } -pub struct ValidatorInfo { - url: Url, - verification_key: VerificationKey, -} - pub async fn obtain_aggregate_signature( params: &Parameters, public_attributes: &[Attribute], @@ -125,7 +123,7 @@ pub async fn obtain_aggregate_signature( &client, &validator_partial_vk.key, ) - .await?; + .await?; shares.push(SignatureShare::new(first, 0)); for (id, validator_url) in validators.iter().enumerate().skip(1) { @@ -138,7 +136,7 @@ pub async fn obtain_aggregate_signature( &client, &validator_partial_vk.key, ) - .await?; + .await?; let share = SignatureShare::new(signature, id as u64); shares.push(share) } diff --git a/common/nymcoconut/src/lib.rs b/common/nymcoconut/src/lib.rs index 138bebb5f9..3d4cb6d29a 100644 --- a/common/nymcoconut/src/lib.rs +++ b/common/nymcoconut/src/lib.rs @@ -22,20 +22,20 @@ pub use elgamal::PublicKey; pub use error::CoconutError; pub use scheme::aggregation::aggregate_signature_shares; pub use scheme::aggregation::aggregate_verification_keys; -pub use scheme::BlindedSignature; pub use scheme::issuance::blind_sign; -pub use scheme::issuance::BlindSignRequest; pub use scheme::issuance::prepare_blind_sign; -pub use scheme::keygen::KeyPair; +pub use scheme::issuance::BlindSignRequest; pub use scheme::keygen::ttp_keygen; +pub use scheme::keygen::KeyPair; pub use scheme::keygen::VerificationKey; -pub use scheme::setup::Parameters; pub use scheme::setup::setup; +pub use scheme::setup::Parameters; +pub use scheme::verification::prove_credential; +pub use scheme::verification::verify_credential; +pub use scheme::verification::Theta; +pub use scheme::BlindedSignature; pub use scheme::Signature; pub use scheme::SignatureShare; -pub use scheme::verification::prove_credential; -pub use scheme::verification::Theta; -pub use scheme::verification::verify_credential; pub use traits::Base58; pub use utils::hash_to_scalar; diff --git a/common/nymcoconut/src/proofs/mod.rs b/common/nymcoconut/src/proofs/mod.rs index 536363ab39..5ccdc08e3a 100644 --- a/common/nymcoconut/src/proofs/mod.rs +++ b/common/nymcoconut/src/proofs/mod.rs @@ -18,18 +18,18 @@ use std::borrow::Borrow; use std::convert::TryInto; use bls12_381::{G1Projective, G2Projective, Scalar}; -use digest::Digest; use digest::generic_array::typenum::Unsigned; +use digest::Digest; use group::GroupEncoding; use itertools::izip; use sha2::Sha256; -use crate::{Attribute, elgamal, ElGamalKeyPair, PublicKey}; use crate::elgamal::Ciphertext; use crate::error::{CoconutError, Result}; -use crate::scheme::{Signature, VerificationKey}; use crate::scheme::setup::Parameters; +use crate::scheme::VerificationKey; use crate::utils::{hash_g1, try_deserialize_scalar, try_deserialize_scalar_vec}; +use crate::{elgamal, Attribute, ElGamalKeyPair}; // as per the reference python implementation type ChallengeDigest = Sha256; @@ -51,10 +51,10 @@ pub struct ProofCmCs { // and as per the bls12-381 library all elements are using big-endian form /// Generates a Scalar [or Fp] challenge by hashing a number of elliptic curve points. fn compute_challenge(iter: I) -> Scalar - where - D: Digest, - I: Iterator, - B: AsRef<[u8]>, +where + D: Digest, + I: Iterator, + B: AsRef<[u8]>, { let mut h = D::new(); for point_representation in iter { @@ -82,8 +82,8 @@ fn produce_response(witness: &Scalar, challenge: &Scalar, secret: &Scalar) -> Sc // note: it's caller's responsibility to ensure witnesses.len() = secrets.len() fn produce_responses(witnesses: &[Scalar], challenge: &Scalar, secrets: &[S]) -> Vec - where - S: Borrow, +where + S: Borrow, { debug_assert_eq!(witnesses.len(), secrets.len()); @@ -150,10 +150,10 @@ impl ProofCmCs { // Ccm = (wr * g1) + (wm[0] * hs[0]) + ... + (wm[i] * hs[i]) let commitment_attributes = g1 * witness_commitment_opening + witness_attributes - .iter() - .zip(params.gen_hs().iter()) - .map(|(wm_i, hs_i)| hs_i * wm_i) - .sum::(); + .iter() + .zip(params.gen_hs().iter()) + .map(|(wm_i, hs_i)| hs_i * wm_i) + .sum::(); let ciphertexts_bytes = priv_attributes_ciphertexts .iter() @@ -244,19 +244,19 @@ impl ProofCmCs { self.response_keys.iter(), self.response_attributes.iter() ) - .map(|(c2, res_key, res_attr)| c2 * self.challenge + pub_key * res_key + h * res_attr) - .map(|witness| witness.to_bytes()) - .collect::>(); + .map(|(c2, res_key, res_attr)| c2 * self.challenge + pub_key * res_key + h * res_attr) + .map(|witness| witness.to_bytes()) + .collect::>(); // Cw = (cm * c) + (rr * g1) + (rm[0] * hs[0]) + ... + (rm[n] * hs[n]) let commitment_attributes = commitment * self.challenge + g1 * self.response_opening + self - .response_attributes - .iter() - .zip(params.gen_hs().iter()) - .map(|(res_attr, hs)| hs * res_attr) - .sum::(); + .response_attributes + .iter() + .zip(params.gen_hs().iter()) + .map(|(res_attr, hs)| hs * res_attr) + .sum::(); let ciphertexts_bytes = attributes_ciphertexts .iter() @@ -413,17 +413,18 @@ impl ProofKappaNu { let commitment_kappa = params.gen2() * witness_blinder + verification_key.alpha + witness_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(wm_i, beta_i)| beta_i * wm_i) - .sum::(); + .iter() + .zip(verification_key.beta.iter()) + .map(|(wm_i, beta_i)| beta_i * wm_i) + .sum::(); // zeta is the public value associated with the serial number let commitment_zeta = params.gen2() * witness_serial_number; let challenge = compute_challenge::( std::iter::once(params.gen2().to_bytes().as_ref()) - .chain(std::iter::once(blinded_message.to_bytes().as_ref())) //kappa + .chain(std::iter::once(blinded_message.to_bytes().as_ref())) + .chain(std::iter::once(blinded_serial_number.to_bytes().as_ref())) //kappa .chain(std::iter::once(verification_key.alpha.to_bytes().as_ref())) .chain(beta_bytes.iter().map(|b| b.as_ref())) .chain(std::iter::once(commitment_kappa.to_bytes().as_ref())) @@ -469,10 +470,10 @@ impl ProofKappaNu { + params.gen2() * self.response_blinder + verification_key.alpha * (Scalar::one() - self.challenge) + response_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(priv_attr, beta_i)| beta_i * priv_attr) - .sum::(); + .iter() + .zip(verification_key.beta.iter()) + .map(|(priv_attr, beta_i)| beta_i * priv_attr) + .sum::(); // zeta is the public value associated with the serial number let commitment_zeta = zeta * self.challenge + params.gen2() * self.response_serial_number; @@ -480,7 +481,8 @@ impl ProofKappaNu { // compute the challenge let challenge = compute_challenge::( std::iter::once(params.gen2().to_bytes().as_ref()) - .chain(std::iter::once(kappa.to_bytes().as_ref())) //kappa + .chain(std::iter::once(kappa.to_bytes().as_ref())) + .chain(std::iter::once(zeta.to_bytes().as_ref())) //kappa .chain(std::iter::once(verification_key.alpha.to_bytes().as_ref())) .chain(beta_bytes.iter().map(|b| b.as_ref())) .chain(std::iter::once(commitment_kappa.to_bytes().as_ref())) @@ -594,20 +596,18 @@ mod tests { let elgamal_keypair = elgamal::elgamal_keygen(¶ms); let private_attributes = params.n_random_scalars(1); - let public_attributes = params.n_random_scalars(0); // we don't care about 'correctness' of the proof. only whether we can correctly recover it from bytes let cm = G1Projective::random(&mut rng); let r = params.random_scalar(); let commitment_hash = compute_commitment_hash(cm); - let (attributes_ciphertexts, ephemeral_keys): (Vec<_>, Vec<_>) = - compute_attribute_encryption( - ¶ms, - private_attributes.as_ref(), - elgamal_keypair.public_key(), - commitment_hash, - ); + let (attributes_ciphertexts, _): (Vec<_>, Vec<_>) = compute_attribute_encryption( + ¶ms, + private_attributes.as_ref(), + elgamal_keypair.public_key(), + commitment_hash, + ); let ephemeral_keys = params.n_random_scalars(1); // 0 public 1 private @@ -624,9 +624,8 @@ mod tests { let bytes = pi_s.to_bytes(); assert_eq!(ProofCmCs::from_bytes(&bytes).unwrap(), pi_s); - // 2 public 2 private + // 2 private let private_attributes = params.n_random_scalars(2); - let public_attributes = params.n_random_scalars(2); let ephemeral_keys = params.n_random_scalars(2); let pi_s = ProofCmCs::construct( @@ -648,11 +647,8 @@ mod tests { let mut params = setup(1).unwrap(); let keypair = keygen(&mut params); - let r = params.random_scalar(); - let s = params.random_scalar(); // we don't care about 'correctness' of the proof. only whether we can correctly recover it from bytes - let signature = Signature(params.gen1() * r, params.gen1() * s); let serial_number = params.random_scalar(); let binding_number = params.random_scalar(); let private_attributes = vec![serial_number, binding_number]; @@ -678,9 +674,6 @@ mod tests { // 2 public 2 private let mut params = setup(4).unwrap(); let keypair = keygen(&mut params); - let private_attributes = params.n_random_scalars(2); - let serial_number = params.random_scalar(); - let binding_number = params.random_scalar(); let pi_v = ProofKappaNu::construct( &mut params, diff --git a/common/nymcoconut/src/scheme/aggregation.rs b/common/nymcoconut/src/scheme/aggregation.rs index 6aca96079c..752e797e1f 100644 --- a/common/nymcoconut/src/scheme/aggregation.rs +++ b/common/nymcoconut/src/scheme/aggregation.rs @@ -260,6 +260,7 @@ mod tests { // verify credential for good measure assert!(verify(¶ms, &aggr_vk_1, &attributes, &aggr_sig1)); + assert!(verify(¶ms, &aggr_vk_2, &attributes, &aggr_sig2)); // aggregating threshold+1 works let aggr_vk_more = aggregate_verification_keys(&vks[1..], Some(&[2, 3, 4, 5])).unwrap(); @@ -304,7 +305,7 @@ mod tests { &aggr_vk_bad, &attributes, &sigs[2..], - Some(&[42, 123, 100]) + Some(&[42, 123, 100]), ) .is_err()); } @@ -324,7 +325,7 @@ mod tests { let attributes = params.n_random_scalars(2); let keypairs = ttp_keygen(&mut params, 3, 5).unwrap(); - let (sks, vks): (Vec<_>, Vec<_>) = keypairs + let (_, vks): (Vec<_>, Vec<_>) = keypairs .into_iter() .map(|keypair| (keypair.secret_key(), keypair.verification_key())) .unzip(); @@ -341,7 +342,7 @@ mod tests { let mut params = Parameters::new(2).unwrap(); let attributes = params.n_random_scalars(2); let keypairs = ttp_keygen(&mut params, 3, 5).unwrap(); - let (sks, vks): (Vec<_>, Vec<_>) = keypairs + let (_, vks): (Vec<_>, Vec<_>) = keypairs .into_iter() .map(|keypair| (keypair.secret_key(), keypair.verification_key())) .unzip(); @@ -356,7 +357,7 @@ mod tests { &aggr_vk_all, &attributes, &signatures, - Some(&[1, 2]) + Some(&[1, 2]), ) .is_err()); } @@ -367,7 +368,7 @@ mod tests { let mut params = Parameters::new(2).unwrap(); let attributes = params.n_random_scalars(2); let keypairs = ttp_keygen(&mut params, 3, 5).unwrap(); - let (sks, vks): (Vec<_>, Vec<_>) = keypairs + let (_, vks): (Vec<_>, Vec<_>) = keypairs .into_iter() .map(|keypair| (keypair.secret_key(), keypair.verification_key())) .unzip(); @@ -378,7 +379,7 @@ mod tests { &aggr_vk_all, &attributes, &signatures, - Some(&[1, 1]) + Some(&[1, 1]), ) .is_err()); } diff --git a/common/nymcoconut/src/scheme/issuance.rs b/common/nymcoconut/src/scheme/issuance.rs index 09e1a94561..630628ff6b 100644 --- a/common/nymcoconut/src/scheme/issuance.rs +++ b/common/nymcoconut/src/scheme/issuance.rs @@ -18,16 +18,16 @@ use std::convert::TryInto; use bls12_381::{G1Affine, G1Projective, Scalar}; use group::{Curve, GroupEncoding}; -use crate::{Attribute, elgamal, ElGamalKeyPair, VerificationKey}; use crate::elgamal::{Ciphertext, EphemeralKey}; use crate::error::{CoconutError, Result}; use crate::proofs::ProofCmCs; +use crate::scheme::setup::Parameters; use crate::scheme::BlindedSignature; use crate::scheme::SecretKey; -use crate::scheme::setup::Parameters; /// Creates a Coconut Signature under a given secret key on a set of public attributes only. #[cfg(test)] use crate::Signature; +use crate::{elgamal, Attribute, ElGamalKeyPair}; // TODO: possibly completely remove those two functions. // They only exist to have a simpler and smaller code snippets to test // basic functionalities. @@ -61,26 +61,26 @@ impl TryFrom<&[u8]> for BlindSignRequest { } let mut j = 0; - let COMMITMENT_BYTES_LEN = 48; - let COMMITMENT_HASH_BYTES_LEN = 48; + let commitment_bytes_len = 48; + let commitment_hash_bytes_len = 48; - let cm_bytes = bytes[..j + COMMITMENT_BYTES_LEN].try_into().unwrap(); + let cm_bytes = bytes[..j + commitment_bytes_len].try_into().unwrap(); let commitment = try_deserialize_g1_projective( &cm_bytes, CoconutError::Deserialization( "Failed to deserialize compressed commitment".to_string(), ), )?; - j += COMMITMENT_BYTES_LEN; + j += commitment_bytes_len; - let cm_hash_bytes = bytes[j..j + COMMITMENT_HASH_BYTES_LEN].try_into().unwrap(); + let cm_hash_bytes = bytes[j..j + commitment_hash_bytes_len].try_into().unwrap(); let commitment_hash = try_deserialize_g1_projective( &cm_hash_bytes, CoconutError::Deserialization( "Failed to deserialize compressed commitment hash".to_string(), ), )?; - j += COMMITMENT_HASH_BYTES_LEN; + j += commitment_hash_bytes_len; let c_len = u64::from_le_bytes(bytes[j..j + 8].try_into().unwrap()); j += 8; @@ -338,10 +338,10 @@ pub fn sign( // x + m0 * y0 + m1 * y1 + ... mn * yn let exponent = secret_key.x + public_attributes - .iter() - .zip(secret_key.ys.iter()) - .map(|(m_i, y_i)| m_i * y_i) - .sum::(); + .iter() + .zip(secret_key.ys.iter()) + .map(|(m_i, y_i)| m_i * y_i) + .sum::(); let sig2 = h * exponent; Ok(Signature(h, sig2)) @@ -364,7 +364,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let bytes = lambda.to_bytes(); println!("{:?}", bytes.len()); @@ -382,7 +382,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let bytes = lambda.to_bytes(); assert_eq!( diff --git a/common/nymcoconut/src/scheme/mod.rs b/common/nymcoconut/src/scheme/mod.rs index 76c9333d09..7af1fcfe09 100644 --- a/common/nymcoconut/src/scheme/mod.rs +++ b/common/nymcoconut/src/scheme/mod.rs @@ -22,14 +22,13 @@ use group::Curve; pub use keygen::{SecretKey, VerificationKey}; -use crate::{Attribute, elgamal}; use crate::elgamal::Ciphertext; use crate::error::{CoconutError, Result}; -use crate::scheme::aggregation::{aggregate_signature_shares, aggregate_signatures}; use crate::scheme::setup::Parameters; use crate::scheme::verification::check_bilinear_pairing; use crate::traits::{Base58, Bytable}; use crate::utils::try_deserialize_g1_projective; +use crate::{elgamal, Attribute}; pub mod aggregation; pub mod issuance; @@ -238,7 +237,7 @@ impl SignatureShare { #[cfg(test)] mod tests { - use crate::scheme::aggregation::aggregate_verification_keys; + use crate::scheme::aggregation::{aggregate_signatures, aggregate_verification_keys}; use crate::scheme::issuance::{blind_sign, prepare_blind_sign, sign}; use crate::scheme::keygen::{keygen, ttp_keygen}; use crate::scheme::verification::{prove_credential, verify, verify_credential}; @@ -266,16 +265,16 @@ mod tests { &lambda, &[], ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair1.verification_key(), - &private_attributes, - &[], - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair1.verification_key(), + &private_attributes, + &[], + &lambda.commitment_hash, + ) + .unwrap(); let sig2 = blind_sign( &mut params, @@ -284,16 +283,16 @@ mod tests { &lambda, &[], ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair2.verification_key(), - &private_attributes, - &[], - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair2.verification_key(), + &private_attributes, + &[], + &lambda.commitment_hash, + ) + .unwrap(); let theta1 = prove_credential( &mut params, @@ -302,7 +301,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); let theta2 = prove_credential( &mut params, @@ -311,7 +310,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -320,19 +319,19 @@ mod tests { &[], )); - // assert!(verify_credential( - // ¶ms, - // &keypair2.verification_key(), - // &theta2, - // &[], - // )); - // - // assert!(!verify_credential( - // ¶ms, - // &keypair1.verification_key(), - // &theta2, - // &[], - // )); + assert!(verify_credential( + ¶ms, + &keypair2.verification_key(), + &theta2, + &[], + )); + + assert!(!verify_credential( + ¶ms, + &keypair1.verification_key(), + &theta2, + &[], + )); } #[test] @@ -385,7 +384,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let sig1 = blind_sign( &mut params, @@ -394,16 +393,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair1.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair1.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap(); let sig2 = blind_sign( &mut params, @@ -412,16 +411,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair2.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair2.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap(); let theta1 = prove_credential( &mut params, @@ -430,7 +429,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); let theta2 = prove_credential( &mut params, @@ -439,7 +438,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -480,7 +479,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let sigs = keypairs .iter() @@ -492,16 +491,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap() + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap() }) .collect::>(); @@ -519,8 +518,14 @@ mod tests { aggregate_signatures(¶ms, &aggr_vk, &attributes, &sigs[..2], Some(&[1, 2])) .unwrap(); - let theta = - prove_credential(&mut params, &aggr_vk, &aggr_sig, serial_number, binding_number).unwrap(); + let theta = prove_credential( + &mut params, + &aggr_vk, + &aggr_sig, + serial_number, + binding_number, + ) + .unwrap(); assert!(verify_credential( ¶ms, @@ -535,8 +540,14 @@ mod tests { aggregate_signatures(¶ms, &aggr_vk, &attributes, &sigs[1..], Some(&[2, 3])) .unwrap(); - let theta = - prove_credential(&mut params, &aggr_vk, &aggr_sig, serial_number, binding_number).unwrap(); + let theta = prove_credential( + &mut params, + &aggr_vk, + &aggr_sig, + serial_number, + binding_number, + ) + .unwrap(); assert!(verify_credential( ¶ms, @@ -559,7 +570,7 @@ mod tests { signature.0.to_affine().to_compressed(), signature.1.to_affine().to_compressed(), ] - .concat(); + .concat(); assert_eq!(expected_bytes, bytes); assert_eq!(signature, Signature::try_from(&bytes[..]).unwrap()) } @@ -579,10 +590,10 @@ mod tests { // also make sure it is equivalent to the internal g1 compressed bytes concatenated let expected_bytes = [ blinded_sig.0.to_affine().to_compressed(), - blinded_sig.1.0.to_affine().to_compressed(), - blinded_sig.1.1.to_affine().to_compressed(), + blinded_sig.1 .0.to_affine().to_compressed(), + blinded_sig.1 .1.to_affine().to_compressed(), ] - .concat(); + .concat(); assert_eq!(expected_bytes, bytes); assert_eq!(blinded_sig, BlindedSignature::try_from(&bytes[..]).unwrap()) } diff --git a/common/nymcoconut/src/scheme/verification.rs b/common/nymcoconut/src/scheme/verification.rs index b00618759a..76a2bf5eb7 100644 --- a/common/nymcoconut/src/scheme/verification.rs +++ b/common/nymcoconut/src/scheme/verification.rs @@ -16,17 +16,17 @@ use core::ops::Neg; use std::convert::TryFrom; use std::convert::TryInto; -use bls12_381::{G1Affine, G1Projective, G2Prepared, G2Projective, multi_miller_loop, Scalar}; +use bls12_381::{multi_miller_loop, G1Affine, G2Prepared, G2Projective, Scalar}; use group::{Curve, Group}; -use crate::Attribute; use crate::error::{CoconutError, Result}; use crate::proofs::ProofKappaNu; use crate::scheme::setup::Parameters; use crate::scheme::Signature; use crate::scheme::VerificationKey; use crate::traits::{Base58, Bytable}; -use crate::utils::{try_deserialize_g1_projective, try_deserialize_g2_projective}; +use crate::utils::try_deserialize_g2_projective; +use crate::Attribute; // TODO NAMING: this whole thing // Theta @@ -133,10 +133,10 @@ pub fn compute_kappa( params.gen2() * blinding_factor + verification_key.alpha + private_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(priv_attr, beta_i)| beta_i * priv_attr) - .sum::() + .iter() + .zip(verification_key.beta.iter()) + .map(|(priv_attr, beta_i)| beta_i * priv_attr) + .sum::() } pub fn compute_zeta(params: &Parameters, serial_number: Attribute) -> G2Projective { @@ -258,11 +258,11 @@ pub fn verify( ) -> bool { let kappa = (verification_key.alpha + public_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(m_i, b_i)| b_i * m_i) - .sum::()) - .to_affine(); + .iter() + .zip(verification_key.beta.iter()) + .map(|(m_i, b_i)| b_i * m_i) + .sum::()) + .to_affine(); check_bilinear_pairing( &sig.0.to_affine(), @@ -298,7 +298,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); let bytes = theta.to_bytes(); assert_eq!(Theta::try_from(bytes.as_slice()).unwrap(), theta); diff --git a/common/nymcoconut/src/tests/e2e.rs b/common/nymcoconut/src/tests/e2e.rs index 428458af82..194f3a06d6 100644 --- a/common/nymcoconut/src/tests/e2e.rs +++ b/common/nymcoconut/src/tests/e2e.rs @@ -1,7 +1,7 @@ use crate::{ - aggregate_signature_shares, aggregate_verification_keys, blind_sign, CoconutError, - elgamal_keygen, prepare_blind_sign, prove_credential, setup, Signature, SignatureShare, - ttp_keygen, VerificationKey, verify_credential, + aggregate_signature_shares, aggregate_verification_keys, blind_sign, elgamal_keygen, + prepare_blind_sign, prove_credential, setup, ttp_keygen, verify_credential, CoconutError, + Signature, SignatureShare, VerificationKey, }; #[test] @@ -85,7 +85,13 @@ fn main() -> Result<(), CoconutError> { // Generate cryptographic material to verify them - let theta = prove_credential(¶ms, &verification_key, &signature, serial_number, binding_number)?; + let theta = prove_credential( + ¶ms, + &verification_key, + &signature, + serial_number, + binding_number, + )?; // Verify credentials