Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 8a4cffece5 | |||
| e9144fb1bd |
Generated
+756
-931
File diff suppressed because it is too large
Load Diff
@@ -14,6 +14,7 @@ use cosmwasm_std::Decimal;
|
||||
use schemars::JsonSchema;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::time::Duration;
|
||||
use cosmwasm_std::Addr;
|
||||
|
||||
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)]
|
||||
#[serde(rename_all = "snake_case")]
|
||||
@@ -510,4 +511,5 @@ pub enum QueryMsg {
|
||||
#[serde(rename_all = "snake_case")]
|
||||
pub struct MigrateMsg {
|
||||
pub vesting_contract_address: Option<String>,
|
||||
pub gateway_address: Addr,
|
||||
}
|
||||
|
||||
@@ -7,18 +7,17 @@ use std::borrow::Borrow;
|
||||
use std::convert::TryInto;
|
||||
|
||||
use bls12_381::{G1Projective, G2Projective, Scalar};
|
||||
use digest::Digest;
|
||||
use digest::generic_array::typenum::Unsigned;
|
||||
use digest::Digest;
|
||||
use group::GroupEncoding;
|
||||
use itertools::izip;
|
||||
use sha2::Sha256;
|
||||
|
||||
use crate::Attribute;
|
||||
use crate::error::{CoconutError, Result};
|
||||
use crate::scheme::issuance::compute_commitment_hash;
|
||||
use crate::scheme::setup::Parameters;
|
||||
use crate::scheme::VerificationKey;
|
||||
use crate::utils::{hash_g1, try_deserialize_scalar, try_deserialize_scalar_vec};
|
||||
use crate::Attribute;
|
||||
|
||||
// as per the reference python implementation
|
||||
type ChallengeDigest = Sha256;
|
||||
@@ -39,10 +38,10 @@ pub struct ProofCmCs {
|
||||
// and as per the bls12-381 library all elements are using big-endian form
|
||||
/// Generates a Scalar [or Fp] challenge by hashing a number of elliptic curve points.
|
||||
fn compute_challenge<D, I, B>(iter: I) -> Scalar
|
||||
where
|
||||
D: Digest,
|
||||
I: Iterator<Item=B>,
|
||||
B: AsRef<[u8]>,
|
||||
where
|
||||
D: Digest,
|
||||
I: Iterator<Item = B>,
|
||||
B: AsRef<[u8]>,
|
||||
{
|
||||
let mut h = D::new();
|
||||
for point_representation in iter {
|
||||
@@ -70,8 +69,8 @@ fn produce_response(witness: &Scalar, challenge: &Scalar, secret: &Scalar) -> Sc
|
||||
|
||||
// note: it's caller's responsibility to ensure witnesses.len() = secrets.len()
|
||||
fn produce_responses<S>(witnesses: &[Scalar], challenge: &Scalar, secrets: &[S]) -> Vec<Scalar>
|
||||
where
|
||||
S: Borrow<Scalar>,
|
||||
where
|
||||
S: Borrow<Scalar>,
|
||||
{
|
||||
debug_assert_eq!(witnesses.len(), secrets.len());
|
||||
|
||||
@@ -92,7 +91,6 @@ impl ProofCmCs {
|
||||
commitments: &[G1Projective],
|
||||
pedersen_commitments_openings: &[Scalar],
|
||||
private_attributes: &[Attribute],
|
||||
public_attributes: &[Attribute],
|
||||
) -> Self {
|
||||
// note: this is only called from `prepare_blind_sign` that already checks
|
||||
// whether private attributes are non-empty and whether we don't have too many
|
||||
@@ -106,7 +104,7 @@ impl ProofCmCs {
|
||||
let witness_attributes = params.n_random_scalars(private_attributes.len());
|
||||
|
||||
// recompute h
|
||||
let h = compute_commitment_hash(*commitment, public_attributes);
|
||||
let h = hash_g1(commitment.to_bytes());
|
||||
let hs_bytes = params
|
||||
.gen_hs()
|
||||
.iter()
|
||||
@@ -121,10 +119,10 @@ impl ProofCmCs {
|
||||
// Ccm = (wr * g1) + (wm[0] * hs[0]) + ... + (wm[i] * hs[i])
|
||||
let commitment_attributes = g1 * witness_commitment_opening
|
||||
+ witness_attributes
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter())
|
||||
.map(|(wm_i, hs_i)| hs_i * wm_i)
|
||||
.sum::<G1Projective>();
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter())
|
||||
.map(|(wm_i, hs_i)| hs_i * wm_i)
|
||||
.sum::<G1Projective>();
|
||||
|
||||
// zkp commitments for the individual attributes
|
||||
let commitments_attributes = witness_pedersen_commitments_openings
|
||||
@@ -188,7 +186,7 @@ impl ProofCmCs {
|
||||
}
|
||||
|
||||
// recompute h
|
||||
let h = compute_commitment_hash(*commitment, public_attributes);
|
||||
let h = hash_g1(commitment.to_bytes());
|
||||
let g1 = params.gen1();
|
||||
|
||||
let hs_bytes = params
|
||||
@@ -201,26 +199,26 @@ impl ProofCmCs {
|
||||
// Cw = (cm * c) + (rr * g1) + (rm[0] * hs[0]) + ... + (rm[n] * hs[n])
|
||||
let commitment_attributes = (commitment
|
||||
- public_attributes
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter().skip(self.response_attributes.len()))
|
||||
.map(|(pub_attr, hs)| hs * pub_attr)
|
||||
.sum::<G1Projective>())
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter().skip(self.response_attributes.len()))
|
||||
.map(|(pub_attr, hs)| hs * pub_attr)
|
||||
.sum::<G1Projective>())
|
||||
* self.challenge
|
||||
+ g1 * self.response_opening
|
||||
+ self
|
||||
.response_attributes
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter())
|
||||
.map(|(res_attr, hs)| hs * res_attr)
|
||||
.sum::<G1Projective>();
|
||||
.response_attributes
|
||||
.iter()
|
||||
.zip(params.gen_hs().iter())
|
||||
.map(|(res_attr, hs)| hs * res_attr)
|
||||
.sum::<G1Projective>();
|
||||
|
||||
let commitments_attributes = izip!(
|
||||
commitments.iter(),
|
||||
self.response_openings.iter(),
|
||||
self.response_attributes.iter()
|
||||
)
|
||||
.map(|(cm_j, r_o_j, r_m_j)| cm_j * self.challenge + g1 * r_o_j + h * r_m_j)
|
||||
.collect::<Vec<_>>();
|
||||
.map(|(cm_j, r_o_j, r_m_j)| cm_j * self.challenge + g1 * r_o_j + h * r_m_j)
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
let commitments_bytes = commitments
|
||||
.iter()
|
||||
@@ -367,10 +365,10 @@ impl ProofKappaZeta {
|
||||
let commitment_kappa = params.gen2() * witness_blinder
|
||||
+ verification_key.alpha
|
||||
+ witness_attributes
|
||||
.iter()
|
||||
.zip(verification_key.beta_g2.iter())
|
||||
.map(|(wm_i, beta_i)| beta_i * wm_i)
|
||||
.sum::<G2Projective>();
|
||||
.iter()
|
||||
.zip(verification_key.beta_g2.iter())
|
||||
.map(|(wm_i, beta_i)| beta_i * wm_i)
|
||||
.sum::<G2Projective>();
|
||||
|
||||
// zeta is the public value associated with the serial number
|
||||
let commitment_zeta = params.gen2() * witness_serial_number;
|
||||
@@ -424,10 +422,10 @@ impl ProofKappaZeta {
|
||||
+ params.gen2() * self.response_blinder
|
||||
+ verification_key.alpha * (Scalar::one() - self.challenge)
|
||||
+ response_attributes
|
||||
.iter()
|
||||
.zip(verification_key.beta_g2.iter())
|
||||
.map(|(priv_attr, beta_i)| beta_i * priv_attr)
|
||||
.sum::<G2Projective>();
|
||||
.iter()
|
||||
.zip(verification_key.beta_g2.iter())
|
||||
.map(|(priv_attr, beta_i)| beta_i * priv_attr)
|
||||
.sum::<G2Projective>();
|
||||
|
||||
// zeta is the public value associated with the serial number
|
||||
let commitment_zeta = zeta * self.challenge + params.gen2() * self.response_serial_number;
|
||||
@@ -531,18 +529,9 @@ mod tests {
|
||||
let cms: [G1Projective; 1] = [G1Projective::random(&mut rng)];
|
||||
let rs = params.n_random_scalars(1);
|
||||
let private_attributes = params.n_random_scalars(1);
|
||||
let public_attributes = params.n_random_scalars(1);
|
||||
|
||||
// 0 public 1 private
|
||||
let pi_s = ProofCmCs::construct(
|
||||
¶ms,
|
||||
&cm,
|
||||
&r,
|
||||
&cms,
|
||||
&rs,
|
||||
&private_attributes,
|
||||
&public_attributes,
|
||||
);
|
||||
let pi_s = ProofCmCs::construct(¶ms, &cm, &r, &cms, &rs, &private_attributes);
|
||||
|
||||
let bytes = pi_s.to_bytes();
|
||||
assert_eq!(ProofCmCs::from_bytes(&bytes).unwrap(), pi_s);
|
||||
@@ -558,15 +547,7 @@ mod tests {
|
||||
let private_attributes = params.n_random_scalars(2);
|
||||
|
||||
// 0 public 2 privates
|
||||
let pi_s = ProofCmCs::construct(
|
||||
¶ms,
|
||||
&cm,
|
||||
&r,
|
||||
&cms,
|
||||
&rs,
|
||||
&private_attributes,
|
||||
&public_attributes,
|
||||
);
|
||||
let pi_s = ProofCmCs::construct(¶ms, &cm, &r, &cms, &rs, &private_attributes);
|
||||
|
||||
let bytes = pi_s.to_bytes();
|
||||
assert_eq!(ProofCmCs::from_bytes(&bytes).unwrap(), pi_s);
|
||||
|
||||
@@ -201,16 +201,8 @@ pub fn compute_pedersen_commitments_for_private_attributes(
|
||||
(commitments_openings, pedersen_commitments)
|
||||
}
|
||||
|
||||
pub fn compute_commitment_hash(
|
||||
commitment: G1Projective,
|
||||
public_attributes: &[Attribute],
|
||||
) -> G1Projective {
|
||||
let mut msg_bytes = Vec::with_capacity(public_attributes.len() * 32);
|
||||
msg_bytes.extend_from_slice(&commitment.to_affine().to_compressed());
|
||||
for attr in public_attributes {
|
||||
msg_bytes.extend_from_slice(&attr.to_bytes());
|
||||
}
|
||||
hash_g1(msg_bytes)
|
||||
pub fn compute_commitment_hash(commitment: G1Projective) -> G1Projective {
|
||||
hash_g1(commitment.to_bytes())
|
||||
}
|
||||
|
||||
/// Builds cryptographic material required for blind sign.
|
||||
@@ -238,7 +230,7 @@ pub fn prepare_blind_sign(
|
||||
compute_attributes_commitment(params, private_attributes, public_attributes, hs);
|
||||
|
||||
// Compute the challenge as the commitment hash
|
||||
let commitment_hash = compute_commitment_hash(commitment, public_attributes);
|
||||
let commitment_hash = compute_commitment_hash(commitment);
|
||||
|
||||
let (pedersen_commitments_openings, pedersen_commitments) =
|
||||
compute_pedersen_commitments_for_private_attributes(
|
||||
@@ -254,7 +246,6 @@ pub fn prepare_blind_sign(
|
||||
&pedersen_commitments,
|
||||
&pedersen_commitments_openings,
|
||||
private_attributes,
|
||||
public_attributes,
|
||||
);
|
||||
|
||||
Ok((
|
||||
@@ -285,7 +276,7 @@ pub fn blind_sign(
|
||||
}
|
||||
|
||||
// Verify the commitment hash
|
||||
let h = compute_commitment_hash(blind_sign_request.commitment, public_attributes);
|
||||
let h = hash_g1(blind_sign_request.commitment.to_bytes());
|
||||
if !(h == blind_sign_request.commitment_hash) {
|
||||
return Err(CoconutError::Issuance(
|
||||
"Failed to verify the commitment hash".to_string(),
|
||||
|
||||
@@ -12,6 +12,7 @@ use mixnet_contract_common::error::MixnetContractError;
|
||||
use mixnet_contract_common::{
|
||||
ContractState, ContractStateParams, ExecuteMsg, InstantiateMsg, Interval, MigrateMsg, QueryMsg,
|
||||
};
|
||||
use crate::gateways::storage;
|
||||
|
||||
fn default_initial_state(
|
||||
owner: Addr,
|
||||
@@ -568,6 +569,17 @@ pub fn migrate(
|
||||
mixnet_params_storage::CONTRACT_STATE.save(deps.storage, ¤t_state)?;
|
||||
}
|
||||
|
||||
let gateway_bond = match storage::gateways()
|
||||
.idx
|
||||
.owner
|
||||
.item(deps.storage, msg.gateway_address.clone())?
|
||||
{
|
||||
Some(record) => record.1,
|
||||
None => return Err(MixnetContractError::NoAssociatedGatewayBond { owner: msg.gateway_address.clone() }),
|
||||
};
|
||||
|
||||
storage::gateways().remove(deps.storage, gateway_bond.identity())?;
|
||||
|
||||
Ok(Default::default())
|
||||
}
|
||||
|
||||
|
||||
@@ -59,16 +59,6 @@ pub struct RewardedSetUpdater {
|
||||
storage: NymApiStorage,
|
||||
}
|
||||
|
||||
// Weight of a layer being chose is reciprocal to current count in layer
|
||||
fn layer_weight(l: &Layer, layer_assignments: &HashMap<Layer, f32>) -> f32 {
|
||||
let total = layer_assignments.values().fold(0., |acc, i| acc + i);
|
||||
if total == 0. {
|
||||
1.
|
||||
} else {
|
||||
1. - (layer_assignments.get(l).unwrap_or(&0.) / total)
|
||||
}
|
||||
}
|
||||
|
||||
impl RewardedSetUpdater {
|
||||
pub(crate) async fn current_interval_details(
|
||||
&self,
|
||||
@@ -88,15 +78,13 @@ impl RewardedSetUpdater {
|
||||
})
|
||||
}
|
||||
|
||||
// Needs to run for active and reserve sets separatley, as it does not preserve order
|
||||
async fn determine_layers(
|
||||
&self,
|
||||
rewarded_set: &[MixNodeDetails],
|
||||
) -> Result<(Vec<LayerAssignment>, HashMap<String, Layer>), RewardingError> {
|
||||
let mut families_in_layer: HashMap<String, Layer> = HashMap::new();
|
||||
let mut assignments = vec![];
|
||||
let mut layer_assignments: HashMap<Layer, f32> = HashMap::new();
|
||||
let mut rng = OsRng;
|
||||
let layers = vec![Layer::One, Layer::Two, Layer::Three];
|
||||
set: &[MixNodeDetails],
|
||||
) -> Result<Vec<LayerAssignment>, RewardingError> {
|
||||
let mut assignments = Vec::with_capacity(set.len());
|
||||
let target_layer_count = set.len() / 3;
|
||||
|
||||
let mix_to_family = self.validator_cache.mix_to_family().await.to_vec();
|
||||
|
||||
@@ -104,31 +92,60 @@ impl RewardedSetUpdater {
|
||||
.into_iter()
|
||||
.collect::<HashMap<IdentityKey, FamilyHead>>();
|
||||
|
||||
for mix in rewarded_set {
|
||||
let family = mix_to_family.get(&mix.bond_information.identity().to_owned());
|
||||
// Get layer already assigned to nodes family, if any
|
||||
let family_layer = family.and_then(|h| families_in_layer.get(h.identity()));
|
||||
let mut regular_nodes = Vec::with_capacity(set.len());
|
||||
|
||||
// Same node families are always assigned to the same layer, otherwise layer selected by a random weighted choice
|
||||
let layer = if let Some(layer) = family_layer {
|
||||
layer.to_owned()
|
||||
let mut families = HashMap::new();
|
||||
|
||||
for node in set.iter() {
|
||||
if let Some(fh) = mix_to_family.get(node.bond_information.identity()) {
|
||||
let family: &mut Vec<u32> = families.entry(fh.identity()).or_default();
|
||||
family.push(node.mix_id())
|
||||
} else {
|
||||
layers
|
||||
.choose_weighted(&mut rng, |l| layer_weight(l, &layer_assignments))?
|
||||
.to_owned()
|
||||
};
|
||||
|
||||
assignments.push(LayerAssignment::new(mix.mix_id(), layer));
|
||||
|
||||
// layer accounting
|
||||
let layer_entry = layer_assignments.entry(layer).or_insert(0.);
|
||||
*layer_entry += 1.;
|
||||
if let Some(family) = family {
|
||||
families_in_layer.insert(family.identity().to_string(), layer);
|
||||
regular_nodes.push(node.mix_id())
|
||||
}
|
||||
}
|
||||
|
||||
Ok((assignments, families_in_layer))
|
||||
let mut layers = HashMap::new();
|
||||
layers.insert(Layer::One, Vec::with_capacity(target_layer_count));
|
||||
layers.insert(Layer::Two, Vec::with_capacity(target_layer_count));
|
||||
layers.insert(Layer::Three, Vec::with_capacity(target_layer_count));
|
||||
|
||||
// Assign all members of a family to same layer
|
||||
for (_head, members) in families.iter_mut() {
|
||||
let smallest_layer = layers
|
||||
.iter()
|
||||
.min_by_key(|(_layer, members)| members.len())
|
||||
.map(|(layer, _members)| *layer)
|
||||
.unwrap_or(Layer::One);
|
||||
|
||||
let entry = layers.entry(smallest_layer).or_default();
|
||||
if entry.len() + members.len() <= target_layer_count {
|
||||
entry.extend_from_slice(members)
|
||||
}
|
||||
}
|
||||
|
||||
// Assign nodes with no families into layers
|
||||
for mix_id in regular_nodes.drain(..) {
|
||||
let smallest_layer = layers
|
||||
.iter()
|
||||
.min_by_key(|(_layer, members)| members.len())
|
||||
.map(|(layer, _members)| *layer)
|
||||
.unwrap_or(Layer::One);
|
||||
|
||||
let entry = layers.entry(smallest_layer).or_default();
|
||||
if entry.len() < target_layer_count {
|
||||
entry.push(mix_id)
|
||||
}
|
||||
}
|
||||
|
||||
for (layer, members) in layers {
|
||||
let layer_assignments = members
|
||||
.into_iter()
|
||||
.map(|mix_id| LayerAssignment::new(mix_id, layer));
|
||||
assignments.extend(layer_assignments);
|
||||
}
|
||||
|
||||
Ok(assignments)
|
||||
}
|
||||
|
||||
fn determine_rewarded_set(
|
||||
@@ -248,11 +265,19 @@ impl RewardedSetUpdater {
|
||||
let new_rewarded_set =
|
||||
self.determine_rewarded_set(all_mixnodes, rewarding_parameters.rewarded_set_size)?;
|
||||
|
||||
let (layer_assignments, _families_in_layer) =
|
||||
self.determine_layers(&new_rewarded_set).await?;
|
||||
let (active_set, reserve_set) =
|
||||
new_rewarded_set.split_at(rewarding_parameters.active_set_size as usize);
|
||||
|
||||
let mut active_set_layer_assignments = self.determine_layers(active_set).await?;
|
||||
let reserve_set_layer_assignments = self.determine_layers(reserve_set).await?;
|
||||
|
||||
active_set_layer_assignments.extend(reserve_set_layer_assignments);
|
||||
|
||||
self.nyxd_client
|
||||
.advance_current_epoch(layer_assignments, rewarding_parameters.active_set_size)
|
||||
.advance_current_epoch(
|
||||
active_set_layer_assignments,
|
||||
rewarding_parameters.active_set_size,
|
||||
)
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
|
||||
Reference in New Issue
Block a user