removed additional sources of copying secrets and introduced extra error variants

This commit is contained in:
Jędrzej Stuczyński
2024-10-17 15:12:52 +01:00
parent 4957d9dbf2
commit dabbe8ba7f
4 changed files with 32 additions and 31 deletions
@@ -22,9 +22,15 @@ pub enum CompactEcashError {
#[error("aggregation verification error")]
AggregationVerification,
#[error("the provided signature is at infinity")]
IdentitySignature,
#[error("different element size for aggregation")]
AggregationSizeMismatch,
#[error("the provided commitment hash is at infinity")]
IdentityCommitmentHash,
#[error("withdrawal request failed to verify")]
WithdrawalRequestVerification,
@@ -40,9 +46,6 @@ pub enum CompactEcashError {
#[error("issuance verification failed")]
IssuanceVerification,
#[error("verification of partial blind signature failed")]
PartialBlindSignatureVerification,
#[error("trying to spend more than what's available. Spending : {spending}, available : {remaining}")]
SpendExceedsAllowance { spending: u64, remaining: u64 },
@@ -24,12 +24,12 @@ pub struct WithdrawalReqInstance {
}
// witness: m1, m2, m3, o, o1, o2, o3,
pub struct WithdrawalReqWitness {
pub private_attributes: Vec<Scalar>,
pub struct WithdrawalReqWitness<'a> {
pub private_attributes: Vec<&'a Scalar>,
// Opening for the joined commitment com
pub joined_commitment_opening: Scalar,
pub joined_commitment_opening: &'a Scalar,
// Openings for the pedersen commitments of private attributes
pub private_attributes_openings: Vec<Scalar>,
pub private_attributes_openings: &'a Vec<Scalar>,
}
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
@@ -93,7 +93,7 @@ impl WithdrawalReqProof {
let response_opening = produce_response(
&r_com_opening,
&challenge,
&witness.joined_commitment_opening,
witness.joined_commitment_opening,
);
let response_openings = produce_responses(
&r_pedcom_openings,
@@ -103,11 +103,8 @@ impl WithdrawalReqProof {
.iter()
.collect::<Vec<_>>(),
);
let response_attributes = produce_responses(
&r_attributes,
&challenge,
&witness.private_attributes.iter().collect::<Vec<_>>(),
);
let response_attributes =
produce_responses(&r_attributes, &challenge, &witness.private_attributes);
WithdrawalReqProof {
challenge,
@@ -212,7 +209,7 @@ mod tests {
};
let v = params.random_scalar();
let t = params.random_scalar();
let private_attributes = vec![sk, v, t];
let private_attributes = vec![&sk, &v, &t];
let joined_commitment_opening = params.random_scalar();
let joined_commitment = params.gen1() * joined_commitment_opening
@@ -227,7 +224,7 @@ mod tests {
let private_attributes_commitments = private_attributes_openings
.iter()
.zip(private_attributes.iter())
.map(|(o_j, m_j)| params.gen1() * o_j + joined_commitment_hash * m_j)
.map(|(o_j, &m_j)| params.gen1() * o_j + joined_commitment_hash * m_j)
.collect::<Vec<_>>();
let instance = WithdrawalReqInstance {
@@ -239,8 +236,8 @@ mod tests {
let witness = WithdrawalReqWitness {
private_attributes,
joined_commitment_opening,
private_attributes_openings,
joined_commitment_opening: &joined_commitment_opening,
private_attributes_openings: &private_attributes_openings,
};
let zk_proof = WithdrawalReqProof::construct(&instance, &witness);
assert!(zk_proof.verify(&instance))
@@ -108,6 +108,10 @@ pub fn aggregate_signatures(
Err(err) => return Err(err),
};
if bool::from(signature.h.is_identity()) {
return Err(CompactEcashError::IdentitySignature);
}
// Verify the signature
let tmp = attributes
.iter()
@@ -115,9 +119,6 @@ pub fn aggregate_signatures(
.map(|(attr, beta_i)| beta_i * attr)
.sum::<G2Projective>();
if bool::from(signature.h.is_identity()) {
return Err(CompactEcashError::AggregationVerification);
}
if !check_bilinear_pairing(
&signature.h.to_affine(),
&G2Prepared::from((verification_key.alpha + tmp).to_affine()),
@@ -103,11 +103,11 @@ impl RequestInfo {
fn compute_private_attribute_commitments(
params: &GroupParameters,
joined_commitment_hash: &G1Projective,
private_attributes: &[Scalar],
private_attributes: &[&Scalar],
) -> (Vec<Scalar>, Vec<G1Projective>) {
let (openings, commitments): (Vec<Scalar>, Vec<G1Projective>) = private_attributes
.iter()
.map(|m_j| {
.map(|&m_j| {
let o_j = params.random_scalar();
(o_j, params.gen1() * o_j + joined_commitment_hash * m_j)
})
@@ -125,7 +125,7 @@ fn compute_private_attribute_commitments(
fn generate_non_identity_h(
params: &GroupParameters,
sk_user: &SecretKeyUser,
v: Scalar,
v: &Scalar,
expiration_date: Scalar,
t_type: Scalar,
) -> (G1Projective, G1Projective, Scalar) {
@@ -190,10 +190,10 @@ pub fn withdrawal_request(
// Generate a non-identity commitment hash
let (joined_commitment, joined_commitment_hash, joined_commitment_opening) =
generate_non_identity_h(params, sk_user, v, expiration_date, t_type);
generate_non_identity_h(params, sk_user, &v, expiration_date, t_type);
// Compute Pedersen commitments for private attributes (wallet secret and user's secret)
let private_attributes = vec![sk_user.sk, v];
let private_attributes = vec![&sk_user.sk, &v];
let (private_attributes_openings, private_attributes_commitments) =
compute_private_attribute_commitments(params, &joined_commitment_hash, &private_attributes);
@@ -209,8 +209,8 @@ pub fn withdrawal_request(
let witness = WithdrawalReqWitness {
private_attributes,
joined_commitment_opening,
private_attributes_openings: private_attributes_openings.clone(),
joined_commitment_opening: &joined_commitment_opening,
private_attributes_openings: &private_attributes_openings,
};
let zk_proof = WithdrawalReqProof::construct(&instance, &witness);
@@ -225,7 +225,7 @@ pub fn withdrawal_request(
RequestInfo {
joined_commitment_hash,
joined_commitment_opening,
private_attributes_openings: private_attributes_openings.clone(),
private_attributes_openings,
wallet_secret: v,
expiration_date,
t_type,
@@ -260,7 +260,7 @@ pub fn request_verify(
let t_type = type_scalar(t_type);
if bool::from(req.joined_commitment_hash.is_identity()) {
return Err(CompactEcashError::WithdrawalRequestVerification);
return Err(CompactEcashError::IdentityCommitmentHash);
}
let expected_commitment_hash = hash_g1(
@@ -421,7 +421,7 @@ pub fn issue_verify(
return Err(CompactEcashError::IssuanceVerification);
}
if bool::from(blind_signature.h.is_identity()) {
return Err(CompactEcashError::IssuanceVerification);
return Err(CompactEcashError::IdentitySignature);
}
// Unblind the blinded signature on the partial signature
@@ -583,7 +583,7 @@ mod tests {
// Generate the commitment and hash
let (_, joined_commitment_hash, _) =
generate_non_identity_h(params, &sk_user, v, expiration_date, t_type);
generate_non_identity_h(params, &sk_user, &v, expiration_date, t_type);
// Ensure that the joined_commitment_hash is not the identity element
assert!(