diff --git a/common/credentials/src/bandwidth.rs b/common/credentials/src/bandwidth.rs index ec2ca6df82..ea1385d926 100644 --- a/common/credentials/src/bandwidth.rs +++ b/common/credentials/src/bandwidth.rs @@ -59,13 +59,13 @@ pub async fn obtain_signature( let private_attributes = attributes.get_private_attributes(); obtain_aggregate_signature( - ¶ms, + params, &public_attributes, &private_attributes, validators, verification_key, ) - .await + .await } pub fn prepare_for_spending( diff --git a/common/credentials/src/utils.rs b/common/credentials/src/utils.rs index 411885879c..09e029f18f 100644 --- a/common/credentials/src/utils.rs +++ b/common/credentials/src/utils.rs @@ -4,8 +4,8 @@ use url::Url; use coconut_interface::{ - aggregate_signature_shares, aggregate_verification_keys, prepare_blind_sign, - prove_bandwidth_credential, Attribute, BlindSignRequestBody, Credential, Parameters, Signature, + aggregate_signature_shares, aggregate_verification_keys, Attribute, + BlindSignRequestBody, Credential, Parameters, prepare_blind_sign, prove_bandwidth_credential, Signature, SignatureShare, VerificationKey, }; @@ -88,11 +88,11 @@ async fn obtain_partial_credential( .blinded_signature; Ok(blinded_signature .unblind( - ¶ms, + params, elgamal_keypair.private_key(), validator_vk, - &private_attributes, - &public_attributes, + private_attributes, + public_attributes, &blind_sign_request.commitment_hash, ) .unwrap()) @@ -121,7 +121,7 @@ pub async fn obtain_aggregate_signature( &client, &validator_partial_vk.key, ) - .await?; + .await?; shares.push(SignatureShare::new(first, 0)); for (id, validator_url) in validators.iter().enumerate().skip(1) { @@ -134,17 +134,17 @@ pub async fn obtain_aggregate_signature( &client, &validator_partial_vk.key, ) - .await?; + .await?; let share = SignatureShare::new(signature, id as u64); shares.push(share) } let mut attributes = Vec::with_capacity(private_attributes.len() + public_attributes.len()); - attributes.extend_from_slice(&private_attributes); - attributes.extend_from_slice(&public_attributes); + attributes.extend_from_slice(private_attributes); + attributes.extend_from_slice(public_attributes); Ok(aggregate_signature_shares( - ¶ms, + params, verification_key, &attributes, &shares, diff --git a/common/nymcoconut/src/elgamal.rs b/common/nymcoconut/src/elgamal.rs index f5eb5f45a7..5998bc6f97 100644 --- a/common/nymcoconut/src/elgamal.rs +++ b/common/nymcoconut/src/elgamal.rs @@ -48,11 +48,11 @@ impl TryFrom<&[u8]> for Ciphertext { let c2_bytes: &[u8; 48] = &bytes[48..].try_into().expect("Slice size != 48"); let c1 = try_deserialize_g1_projective( - &c1_bytes, + c1_bytes, CoconutError::Deserialization("Failed to deserialize compressed c1".to_string()), )?; let c2 = try_deserialize_g1_projective( - &c2_bytes, + c2_bytes, CoconutError::Deserialization("Failed to deserialize compressed c2".to_string()), )?; @@ -112,7 +112,7 @@ impl PrivateKey { .to_string(), ), ) - .map(PrivateKey) + .map(PrivateKey) } } @@ -183,7 +183,7 @@ impl TryFrom<&[u8]> for PublicKey { "Failed to deserialize compressed ElGamal public key".to_string(), ), ) - .map(PublicKey) + .map(PublicKey) } } @@ -326,7 +326,7 @@ mod tests { ciphertext.0.to_affine().to_compressed(), ciphertext.1.to_affine().to_compressed(), ] - .concat(); + .concat(); assert_eq!(expected_bytes, bytes); assert_eq!(ciphertext, Ciphertext::try_from(&bytes[..]).unwrap()) } diff --git a/common/nymcoconut/src/proofs/mod.rs b/common/nymcoconut/src/proofs/mod.rs index 5ccdc08e3a..9a777c7ad4 100644 --- a/common/nymcoconut/src/proofs/mod.rs +++ b/common/nymcoconut/src/proofs/mod.rs @@ -18,18 +18,18 @@ use std::borrow::Borrow; use std::convert::TryInto; use bls12_381::{G1Projective, G2Projective, Scalar}; -use digest::generic_array::typenum::Unsigned; use digest::Digest; +use digest::generic_array::typenum::Unsigned; use group::GroupEncoding; use itertools::izip; use sha2::Sha256; +use crate::{Attribute, elgamal, ElGamalKeyPair}; use crate::elgamal::Ciphertext; use crate::error::{CoconutError, Result}; use crate::scheme::setup::Parameters; use crate::scheme::VerificationKey; use crate::utils::{hash_g1, try_deserialize_scalar, try_deserialize_scalar_vec}; -use crate::{elgamal, Attribute, ElGamalKeyPair}; // as per the reference python implementation type ChallengeDigest = Sha256; @@ -51,10 +51,10 @@ pub struct ProofCmCs { // and as per the bls12-381 library all elements are using big-endian form /// Generates a Scalar [or Fp] challenge by hashing a number of elliptic curve points. fn compute_challenge(iter: I) -> Scalar -where - D: Digest, - I: Iterator, - B: AsRef<[u8]>, + where + D: Digest, + I: Iterator, + B: AsRef<[u8]>, { let mut h = D::new(); for point_representation in iter { @@ -82,8 +82,8 @@ fn produce_response(witness: &Scalar, challenge: &Scalar, secret: &Scalar) -> Sc // note: it's caller's responsibility to ensure witnesses.len() = secrets.len() fn produce_responses(witnesses: &[Scalar], challenge: &Scalar, secrets: &[S]) -> Vec -where - S: Borrow, + where + S: Borrow, { debug_assert_eq!(witnesses.len(), secrets.len()); @@ -150,10 +150,10 @@ impl ProofCmCs { // Ccm = (wr * g1) + (wm[0] * hs[0]) + ... + (wm[i] * hs[i]) let commitment_attributes = g1 * witness_commitment_opening + witness_attributes - .iter() - .zip(params.gen_hs().iter()) - .map(|(wm_i, hs_i)| hs_i * wm_i) - .sum::(); + .iter() + .zip(params.gen_hs().iter()) + .map(|(wm_i, hs_i)| hs_i * wm_i) + .sum::(); let ciphertexts_bytes = priv_attributes_ciphertexts .iter() @@ -180,7 +180,7 @@ impl ProofCmCs { // Responses let response_opening = - produce_response(&witness_commitment_opening, &challenge, &commitment_opening); + produce_response(&witness_commitment_opening, &challenge, commitment_opening); let response_private_elgamal_key = produce_response( &witness_private_elgamal_key, &challenge, @@ -244,19 +244,19 @@ impl ProofCmCs { self.response_keys.iter(), self.response_attributes.iter() ) - .map(|(c2, res_key, res_attr)| c2 * self.challenge + pub_key * res_key + h * res_attr) - .map(|witness| witness.to_bytes()) - .collect::>(); + .map(|(c2, res_key, res_attr)| c2 * self.challenge + pub_key * res_key + h * res_attr) + .map(|witness| witness.to_bytes()) + .collect::>(); // Cw = (cm * c) + (rr * g1) + (rm[0] * hs[0]) + ... + (rm[n] * hs[n]) let commitment_attributes = commitment * self.challenge + g1 * self.response_opening + self - .response_attributes - .iter() - .zip(params.gen_hs().iter()) - .map(|(res_attr, hs)| hs * res_attr) - .sum::(); + .response_attributes + .iter() + .zip(params.gen_hs().iter()) + .map(|(res_attr, hs)| hs * res_attr) + .sum::(); let ciphertexts_bytes = attributes_ciphertexts .iter() @@ -413,10 +413,10 @@ impl ProofKappaNu { let commitment_kappa = params.gen2() * witness_blinder + verification_key.alpha + witness_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(wm_i, beta_i)| beta_i * wm_i) - .sum::(); + .iter() + .zip(verification_key.beta.iter()) + .map(|(wm_i, beta_i)| beta_i * wm_i) + .sum::(); // zeta is the public value associated with the serial number let commitment_zeta = params.gen2() * witness_serial_number; @@ -432,11 +432,11 @@ impl ProofKappaNu { ); // responses - let response_blinder = produce_response(&witness_blinder, &challenge, &blinding_factor); + let response_blinder = produce_response(&witness_blinder, &challenge, blinding_factor); let response_serial_number = - produce_response(&witness_serial_number, &challenge, &serial_number); + produce_response(&witness_serial_number, &challenge, serial_number); let response_binding_number = - produce_response(&witness_binding_number, &challenge, &binding_number); + produce_response(&witness_binding_number, &challenge, binding_number); ProofKappaNu { challenge, @@ -470,10 +470,10 @@ impl ProofKappaNu { + params.gen2() * self.response_blinder + verification_key.alpha * (Scalar::one() - self.challenge) + response_attributes - .iter() - .zip(verification_key.beta.iter()) - .map(|(priv_attr, beta_i)| beta_i * priv_attr) - .sum::(); + .iter() + .zip(verification_key.beta.iter()) + .map(|(priv_attr, beta_i)| beta_i * priv_attr) + .sum::(); // zeta is the public value associated with the serial number let commitment_zeta = zeta * self.challenge + params.gen2() * self.response_serial_number; @@ -541,13 +541,13 @@ impl ProofKappaNu { let serial_number_bytes = &bytes[32..64].try_into().unwrap(); let response_serial_number = try_deserialize_scalar( - &serial_number_bytes, + serial_number_bytes, CoconutError::Deserialization("failed to deserialize the serial number".to_string()), )?; let binding_number_bytes = &bytes[64..96].try_into().unwrap(); let response_binding_number = try_deserialize_scalar( - &binding_number_bytes, + binding_number_bytes, CoconutError::Deserialization("failed to deserialize the binding number".to_string()), )?; // let rm_end = 40 + rm_len as usize * 32; diff --git a/common/nymcoconut/src/scheme/aggregation.rs b/common/nymcoconut/src/scheme/aggregation.rs index 752e797e1f..eaef72abd6 100644 --- a/common/nymcoconut/src/scheme/aggregation.rs +++ b/common/nymcoconut/src/scheme/aggregation.rs @@ -19,11 +19,11 @@ use bls12_381::{G2Prepared, G2Projective, Scalar}; use group::Curve; use itertools::Itertools; -use crate::error::{CoconutError, Result}; -use crate::scheme::verification::check_bilinear_pairing; -use crate::scheme::{PartialSignature, Signature, SignatureShare, SignerIndex, VerificationKey}; -use crate::utils::perform_lagrangian_interpolation_at_origin; use crate::{Attribute, Parameters}; +use crate::error::{CoconutError, Result}; +use crate::scheme::{PartialSignature, Signature, SignatureShare, SignerIndex, VerificationKey}; +use crate::scheme::verification::check_bilinear_pairing; +use crate::utils::perform_lagrangian_interpolation_at_origin; pub(crate) trait Aggregatable: Sized { fn aggregate(aggregatable: &[Self], indices: Option<&[SignerIndex]>) -> Result; @@ -36,10 +36,10 @@ pub(crate) trait Aggregatable: Sized { // includes `VerificationKey` impl Aggregatable for T -where - T: Sum, - for<'a> T: Sum<&'a T>, - for<'a> &'a T: Mul, + where + T: Sum, + for<'a> T: Sum<&'a T>, + for<'a> &'a T: Mul, { fn aggregate(aggregatable: &[T], indices: Option<&[u64]>) -> Result { if aggregatable.is_empty() { @@ -138,9 +138,9 @@ pub fn aggregate_signature_shares( .unzip(); aggregate_signatures( - ¶ms, - &verification_key, - &attributes, + params, + verification_key, + attributes, &signatures, Some(&indices), ) @@ -245,7 +245,7 @@ mod tests { &sigs[..3], Some(&[1, 2, 3]), ) - .unwrap(); + .unwrap(); let aggr_vk_2 = aggregate_verification_keys(&vks[2..], Some(&[3, 4, 5])).unwrap(); let aggr_sig2 = aggregate_signatures( @@ -255,7 +255,7 @@ mod tests { &sigs[2..], Some(&[3, 4, 5]), ) - .unwrap(); + .unwrap(); assert_eq!(aggr_sig1, aggr_sig2); // verify credential for good measure @@ -271,7 +271,7 @@ mod tests { &sigs[1..], Some(&[2, 3, 4, 5]), ) - .unwrap(); + .unwrap(); assert_eq!(aggr_sig1, aggr_more); // aggregating all @@ -283,7 +283,7 @@ mod tests { &sigs, Some(&[1, 2, 3, 4, 5]), ) - .unwrap(); + .unwrap(); assert_eq!(aggr_all, aggr_sig1); // not taking enough points (threshold was 3) should fail @@ -295,7 +295,7 @@ mod tests { &sigs[..2], Some(&[1, 2]), ) - .unwrap(); + .unwrap(); assert_ne!(aggr_not_enough, aggr_sig1); // taking wrong index should fail @@ -307,7 +307,7 @@ mod tests { &sigs[2..], Some(&[42, 123, 100]), ) - .is_err()); + .is_err()); } fn random_signature() -> Signature { @@ -359,7 +359,7 @@ mod tests { &signatures, Some(&[1, 2]), ) - .is_err()); + .is_err()); } #[test] @@ -381,7 +381,7 @@ mod tests { &signatures, Some(&[1, 1]), ) - .is_err()); + .is_err()); } // TODO: test for aggregating non-threshold keys diff --git a/common/nymcoconut/src/scheme/mod.rs b/common/nymcoconut/src/scheme/mod.rs index 33f7a77aa8..3016d564a3 100644 --- a/common/nymcoconut/src/scheme/mod.rs +++ b/common/nymcoconut/src/scheme/mod.rs @@ -22,13 +22,13 @@ use group::Curve; pub use keygen::{SecretKey, VerificationKey}; +use crate::{Attribute, elgamal}; use crate::elgamal::Ciphertext; use crate::error::{CoconutError, Result}; use crate::scheme::setup::Parameters; use crate::scheme::verification::check_bilinear_pairing; use crate::traits::{Base58, Bytable}; use crate::utils::try_deserialize_g1_projective; -use crate::{elgamal, Attribute}; pub mod aggregation; pub mod issuance; @@ -60,12 +60,12 @@ impl TryFrom<&[u8]> for Signature { let sig2_bytes: &[u8; 48] = &bytes[48..].try_into().expect("Slice size != 48"); let sig1 = try_deserialize_g1_projective( - &sig1_bytes, + sig1_bytes, CoconutError::Deserialization("Failed to deserialize compressed sig1".to_string()), )?; let sig2 = try_deserialize_g1_projective( - &sig2_bytes, + sig2_bytes, CoconutError::Deserialization("Failed to deserialize compressed sig2".to_string()), )?; @@ -144,7 +144,7 @@ impl TryFrom<&[u8]> for BlindedSignature { let h_bytes: &[u8; 48] = &bytes[..48].try_into().expect("Slice size != 48"); let h = try_deserialize_g1_projective( - &h_bytes, + h_bytes, CoconutError::Deserialization("Failed to deserialize compressed h".to_string()), )?; let c_tilde = Ciphertext::try_from(&bytes[48..])?; @@ -265,16 +265,16 @@ mod tests { &lambda, &[], ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair1.verification_key(), - &private_attributes, - &[], - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair1.verification_key(), + &private_attributes, + &[], + &lambda.commitment_hash, + ) + .unwrap(); let sig2 = blind_sign( &mut params, @@ -283,16 +283,16 @@ mod tests { &lambda, &[], ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair2.verification_key(), - &private_attributes, - &[], - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair2.verification_key(), + &private_attributes, + &[], + &lambda.commitment_hash, + ) + .unwrap(); let theta1 = prove_bandwidth_credential( &mut params, @@ -301,7 +301,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); let theta2 = prove_bandwidth_credential( &mut params, @@ -310,7 +310,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -384,7 +384,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let sig1 = blind_sign( &mut params, @@ -393,16 +393,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair1.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair1.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap(); let sig2 = blind_sign( &mut params, @@ -411,16 +411,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair2.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap(); + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair2.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap(); let theta1 = prove_bandwidth_credential( &mut params, @@ -429,7 +429,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); let theta2 = prove_bandwidth_credential( &mut params, @@ -438,7 +438,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -479,7 +479,7 @@ mod tests { &private_attributes, &public_attributes, ) - .unwrap(); + .unwrap(); let sigs = keypairs .iter() @@ -491,16 +491,16 @@ mod tests { &lambda, &public_attributes, ) - .unwrap() - .unblind( - ¶ms, - elgamal_keypair.private_key(), - &keypair.verification_key(), - &private_attributes, - &public_attributes, - &lambda.commitment_hash, - ) - .unwrap() + .unwrap() + .unblind( + ¶ms, + elgamal_keypair.private_key(), + &keypair.verification_key(), + &private_attributes, + &public_attributes, + &lambda.commitment_hash, + ) + .unwrap() }) .collect::>(); @@ -525,7 +525,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -547,7 +547,7 @@ mod tests { serial_number, binding_number, ) - .unwrap(); + .unwrap(); assert!(verify_credential( ¶ms, @@ -570,7 +570,7 @@ mod tests { signature.0.to_affine().to_compressed(), signature.1.to_affine().to_compressed(), ] - .concat(); + .concat(); assert_eq!(expected_bytes, bytes); assert_eq!(signature, Signature::try_from(&bytes[..]).unwrap()) } @@ -590,10 +590,10 @@ mod tests { // also make sure it is equivalent to the internal g1 compressed bytes concatenated let expected_bytes = [ blinded_sig.0.to_affine().to_compressed(), - blinded_sig.1 .0.to_affine().to_compressed(), - blinded_sig.1 .1.to_affine().to_compressed(), + blinded_sig.1.0.to_affine().to_compressed(), + blinded_sig.1.1.to_affine().to_compressed(), ] - .concat(); + .concat(); assert_eq!(expected_bytes, bytes); assert_eq!(blinded_sig, BlindedSignature::try_from(&bytes[..]).unwrap()) } diff --git a/common/nymcoconut/src/utils.rs b/common/nymcoconut/src/utils.rs index a9fcc21704..8d0a05a85c 100644 --- a/common/nymcoconut/src/utils.rs +++ b/common/nymcoconut/src/utils.rs @@ -16,8 +16,8 @@ use core::iter::Sum; use core::ops::Mul; use std::convert::TryInto; -use bls12_381::hash_to_curve::{ExpandMsgXmd, HashToCurve, HashToField}; use bls12_381::{G1Affine, G1Projective, G2Affine, G2Projective, Scalar}; +use bls12_381::hash_to_curve::{ExpandMsgXmd, HashToCurve, HashToField}; use ff::Field; use crate::error::{CoconutError, Result}; @@ -92,9 +92,9 @@ pub(crate) fn perform_lagrangian_interpolation_at_origin( points: &[SignerIndex], values: &[T], ) -> Result -where - T: Sum, - for<'a> &'a T: Mul, + where + T: Sum, + for<'a> &'a T: Mul, { if points.is_empty() || values.is_empty() { return Err(CoconutError::Interpolation( @@ -171,14 +171,14 @@ pub(crate) fn try_deserialize_scalar_vec( } pub(crate) fn try_deserialize_scalar(bytes: &[u8; 32], err: CoconutError) -> Result { - Into::>::into(Scalar::from_bytes(&bytes)).ok_or(err) + Into::>::into(Scalar::from_bytes(bytes)).ok_or(err) } pub(crate) fn try_deserialize_g1_projective( bytes: &[u8; 48], err: CoconutError, ) -> Result { - Into::>::into(G1Affine::from_compressed(&bytes)) + Into::>::into(G1Affine::from_compressed(bytes)) .ok_or(err) .map(G1Projective::from) } @@ -187,7 +187,7 @@ pub(crate) fn try_deserialize_g2_projective( bytes: &[u8; 96], err: CoconutError, ) -> Result { - Into::>::into(G2Affine::from_compressed(&bytes)) + Into::>::into(G2Affine::from_compressed(bytes)) .ok_or(err) .map(G2Projective::from) }