Compare commits

..

2 Commits

Author SHA1 Message Date
Tommy Verrall 8a4cffece5 qwerty env fixes 2023-01-12 17:03:06 +01:00
durch e9144fb1bd Make layers always balanced 2023-01-11 18:33:26 +01:00
6 changed files with 874 additions and 1038 deletions
Generated
+756 -931
View File
File diff suppressed because it is too large Load Diff
@@ -14,6 +14,7 @@ use cosmwasm_std::Decimal;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use std::time::Duration;
use cosmwasm_std::Addr;
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)]
#[serde(rename_all = "snake_case")]
@@ -510,4 +511,5 @@ pub enum QueryMsg {
#[serde(rename_all = "snake_case")]
pub struct MigrateMsg {
pub vesting_contract_address: Option<String>,
pub gateway_address: Addr,
}
+35 -54
View File
@@ -7,18 +7,17 @@ use std::borrow::Borrow;
use std::convert::TryInto;
use bls12_381::{G1Projective, G2Projective, Scalar};
use digest::Digest;
use digest::generic_array::typenum::Unsigned;
use digest::Digest;
use group::GroupEncoding;
use itertools::izip;
use sha2::Sha256;
use crate::Attribute;
use crate::error::{CoconutError, Result};
use crate::scheme::issuance::compute_commitment_hash;
use crate::scheme::setup::Parameters;
use crate::scheme::VerificationKey;
use crate::utils::{hash_g1, try_deserialize_scalar, try_deserialize_scalar_vec};
use crate::Attribute;
// as per the reference python implementation
type ChallengeDigest = Sha256;
@@ -39,10 +38,10 @@ pub struct ProofCmCs {
// and as per the bls12-381 library all elements are using big-endian form
/// Generates a Scalar [or Fp] challenge by hashing a number of elliptic curve points.
fn compute_challenge<D, I, B>(iter: I) -> Scalar
where
D: Digest,
I: Iterator<Item=B>,
B: AsRef<[u8]>,
where
D: Digest,
I: Iterator<Item = B>,
B: AsRef<[u8]>,
{
let mut h = D::new();
for point_representation in iter {
@@ -70,8 +69,8 @@ fn produce_response(witness: &Scalar, challenge: &Scalar, secret: &Scalar) -> Sc
// note: it's caller's responsibility to ensure witnesses.len() = secrets.len()
fn produce_responses<S>(witnesses: &[Scalar], challenge: &Scalar, secrets: &[S]) -> Vec<Scalar>
where
S: Borrow<Scalar>,
where
S: Borrow<Scalar>,
{
debug_assert_eq!(witnesses.len(), secrets.len());
@@ -92,7 +91,6 @@ impl ProofCmCs {
commitments: &[G1Projective],
pedersen_commitments_openings: &[Scalar],
private_attributes: &[Attribute],
public_attributes: &[Attribute],
) -> Self {
// note: this is only called from `prepare_blind_sign` that already checks
// whether private attributes are non-empty and whether we don't have too many
@@ -106,7 +104,7 @@ impl ProofCmCs {
let witness_attributes = params.n_random_scalars(private_attributes.len());
// recompute h
let h = compute_commitment_hash(*commitment, public_attributes);
let h = hash_g1(commitment.to_bytes());
let hs_bytes = params
.gen_hs()
.iter()
@@ -121,10 +119,10 @@ impl ProofCmCs {
// Ccm = (wr * g1) + (wm[0] * hs[0]) + ... + (wm[i] * hs[i])
let commitment_attributes = g1 * witness_commitment_opening
+ witness_attributes
.iter()
.zip(params.gen_hs().iter())
.map(|(wm_i, hs_i)| hs_i * wm_i)
.sum::<G1Projective>();
.iter()
.zip(params.gen_hs().iter())
.map(|(wm_i, hs_i)| hs_i * wm_i)
.sum::<G1Projective>();
// zkp commitments for the individual attributes
let commitments_attributes = witness_pedersen_commitments_openings
@@ -188,7 +186,7 @@ impl ProofCmCs {
}
// recompute h
let h = compute_commitment_hash(*commitment, public_attributes);
let h = hash_g1(commitment.to_bytes());
let g1 = params.gen1();
let hs_bytes = params
@@ -201,26 +199,26 @@ impl ProofCmCs {
// Cw = (cm * c) + (rr * g1) + (rm[0] * hs[0]) + ... + (rm[n] * hs[n])
let commitment_attributes = (commitment
- public_attributes
.iter()
.zip(params.gen_hs().iter().skip(self.response_attributes.len()))
.map(|(pub_attr, hs)| hs * pub_attr)
.sum::<G1Projective>())
.iter()
.zip(params.gen_hs().iter().skip(self.response_attributes.len()))
.map(|(pub_attr, hs)| hs * pub_attr)
.sum::<G1Projective>())
* self.challenge
+ g1 * self.response_opening
+ self
.response_attributes
.iter()
.zip(params.gen_hs().iter())
.map(|(res_attr, hs)| hs * res_attr)
.sum::<G1Projective>();
.response_attributes
.iter()
.zip(params.gen_hs().iter())
.map(|(res_attr, hs)| hs * res_attr)
.sum::<G1Projective>();
let commitments_attributes = izip!(
commitments.iter(),
self.response_openings.iter(),
self.response_attributes.iter()
)
.map(|(cm_j, r_o_j, r_m_j)| cm_j * self.challenge + g1 * r_o_j + h * r_m_j)
.collect::<Vec<_>>();
.map(|(cm_j, r_o_j, r_m_j)| cm_j * self.challenge + g1 * r_o_j + h * r_m_j)
.collect::<Vec<_>>();
let commitments_bytes = commitments
.iter()
@@ -367,10 +365,10 @@ impl ProofKappaZeta {
let commitment_kappa = params.gen2() * witness_blinder
+ verification_key.alpha
+ witness_attributes
.iter()
.zip(verification_key.beta_g2.iter())
.map(|(wm_i, beta_i)| beta_i * wm_i)
.sum::<G2Projective>();
.iter()
.zip(verification_key.beta_g2.iter())
.map(|(wm_i, beta_i)| beta_i * wm_i)
.sum::<G2Projective>();
// zeta is the public value associated with the serial number
let commitment_zeta = params.gen2() * witness_serial_number;
@@ -424,10 +422,10 @@ impl ProofKappaZeta {
+ params.gen2() * self.response_blinder
+ verification_key.alpha * (Scalar::one() - self.challenge)
+ response_attributes
.iter()
.zip(verification_key.beta_g2.iter())
.map(|(priv_attr, beta_i)| beta_i * priv_attr)
.sum::<G2Projective>();
.iter()
.zip(verification_key.beta_g2.iter())
.map(|(priv_attr, beta_i)| beta_i * priv_attr)
.sum::<G2Projective>();
// zeta is the public value associated with the serial number
let commitment_zeta = zeta * self.challenge + params.gen2() * self.response_serial_number;
@@ -531,18 +529,9 @@ mod tests {
let cms: [G1Projective; 1] = [G1Projective::random(&mut rng)];
let rs = params.n_random_scalars(1);
let private_attributes = params.n_random_scalars(1);
let public_attributes = params.n_random_scalars(1);
// 0 public 1 private
let pi_s = ProofCmCs::construct(
&params,
&cm,
&r,
&cms,
&rs,
&private_attributes,
&public_attributes,
);
let pi_s = ProofCmCs::construct(&params, &cm, &r, &cms, &rs, &private_attributes);
let bytes = pi_s.to_bytes();
assert_eq!(ProofCmCs::from_bytes(&bytes).unwrap(), pi_s);
@@ -558,15 +547,7 @@ mod tests {
let private_attributes = params.n_random_scalars(2);
// 0 public 2 privates
let pi_s = ProofCmCs::construct(
&params,
&cm,
&r,
&cms,
&rs,
&private_attributes,
&public_attributes,
);
let pi_s = ProofCmCs::construct(&params, &cm, &r, &cms, &rs, &private_attributes);
let bytes = pi_s.to_bytes();
assert_eq!(ProofCmCs::from_bytes(&bytes).unwrap(), pi_s);
+4 -13
View File
@@ -201,16 +201,8 @@ pub fn compute_pedersen_commitments_for_private_attributes(
(commitments_openings, pedersen_commitments)
}
pub fn compute_commitment_hash(
commitment: G1Projective,
public_attributes: &[Attribute],
) -> G1Projective {
let mut msg_bytes = Vec::with_capacity(public_attributes.len() * 32);
msg_bytes.extend_from_slice(&commitment.to_affine().to_compressed());
for attr in public_attributes {
msg_bytes.extend_from_slice(&attr.to_bytes());
}
hash_g1(msg_bytes)
pub fn compute_commitment_hash(commitment: G1Projective) -> G1Projective {
hash_g1(commitment.to_bytes())
}
/// Builds cryptographic material required for blind sign.
@@ -238,7 +230,7 @@ pub fn prepare_blind_sign(
compute_attributes_commitment(params, private_attributes, public_attributes, hs);
// Compute the challenge as the commitment hash
let commitment_hash = compute_commitment_hash(commitment, public_attributes);
let commitment_hash = compute_commitment_hash(commitment);
let (pedersen_commitments_openings, pedersen_commitments) =
compute_pedersen_commitments_for_private_attributes(
@@ -254,7 +246,6 @@ pub fn prepare_blind_sign(
&pedersen_commitments,
&pedersen_commitments_openings,
private_attributes,
public_attributes,
);
Ok((
@@ -285,7 +276,7 @@ pub fn blind_sign(
}
// Verify the commitment hash
let h = compute_commitment_hash(blind_sign_request.commitment, public_attributes);
let h = hash_g1(blind_sign_request.commitment.to_bytes());
if !(h == blind_sign_request.commitment_hash) {
return Err(CoconutError::Issuance(
"Failed to verify the commitment hash".to_string(),
+12
View File
@@ -12,6 +12,7 @@ use mixnet_contract_common::error::MixnetContractError;
use mixnet_contract_common::{
ContractState, ContractStateParams, ExecuteMsg, InstantiateMsg, Interval, MigrateMsg, QueryMsg,
};
use crate::gateways::storage;
fn default_initial_state(
owner: Addr,
@@ -568,6 +569,17 @@ pub fn migrate(
mixnet_params_storage::CONTRACT_STATE.save(deps.storage, &current_state)?;
}
let gateway_bond = match storage::gateways()
.idx
.owner
.item(deps.storage, msg.gateway_address.clone())?
{
Some(record) => record.1,
None => return Err(MixnetContractError::NoAssociatedGatewayBond { owner: msg.gateway_address.clone() }),
};
storage::gateways().remove(deps.storage, gateway_bond.identity())?;
Ok(Default::default())
}
+65 -40
View File
@@ -59,16 +59,6 @@ pub struct RewardedSetUpdater {
storage: NymApiStorage,
}
// Weight of a layer being chose is reciprocal to current count in layer
fn layer_weight(l: &Layer, layer_assignments: &HashMap<Layer, f32>) -> f32 {
let total = layer_assignments.values().fold(0., |acc, i| acc + i);
if total == 0. {
1.
} else {
1. - (layer_assignments.get(l).unwrap_or(&0.) / total)
}
}
impl RewardedSetUpdater {
pub(crate) async fn current_interval_details(
&self,
@@ -88,15 +78,13 @@ impl RewardedSetUpdater {
})
}
// Needs to run for active and reserve sets separatley, as it does not preserve order
async fn determine_layers(
&self,
rewarded_set: &[MixNodeDetails],
) -> Result<(Vec<LayerAssignment>, HashMap<String, Layer>), RewardingError> {
let mut families_in_layer: HashMap<String, Layer> = HashMap::new();
let mut assignments = vec![];
let mut layer_assignments: HashMap<Layer, f32> = HashMap::new();
let mut rng = OsRng;
let layers = vec![Layer::One, Layer::Two, Layer::Three];
set: &[MixNodeDetails],
) -> Result<Vec<LayerAssignment>, RewardingError> {
let mut assignments = Vec::with_capacity(set.len());
let target_layer_count = set.len() / 3;
let mix_to_family = self.validator_cache.mix_to_family().await.to_vec();
@@ -104,31 +92,60 @@ impl RewardedSetUpdater {
.into_iter()
.collect::<HashMap<IdentityKey, FamilyHead>>();
for mix in rewarded_set {
let family = mix_to_family.get(&mix.bond_information.identity().to_owned());
// Get layer already assigned to nodes family, if any
let family_layer = family.and_then(|h| families_in_layer.get(h.identity()));
let mut regular_nodes = Vec::with_capacity(set.len());
// Same node families are always assigned to the same layer, otherwise layer selected by a random weighted choice
let layer = if let Some(layer) = family_layer {
layer.to_owned()
let mut families = HashMap::new();
for node in set.iter() {
if let Some(fh) = mix_to_family.get(node.bond_information.identity()) {
let family: &mut Vec<u32> = families.entry(fh.identity()).or_default();
family.push(node.mix_id())
} else {
layers
.choose_weighted(&mut rng, |l| layer_weight(l, &layer_assignments))?
.to_owned()
};
assignments.push(LayerAssignment::new(mix.mix_id(), layer));
// layer accounting
let layer_entry = layer_assignments.entry(layer).or_insert(0.);
*layer_entry += 1.;
if let Some(family) = family {
families_in_layer.insert(family.identity().to_string(), layer);
regular_nodes.push(node.mix_id())
}
}
Ok((assignments, families_in_layer))
let mut layers = HashMap::new();
layers.insert(Layer::One, Vec::with_capacity(target_layer_count));
layers.insert(Layer::Two, Vec::with_capacity(target_layer_count));
layers.insert(Layer::Three, Vec::with_capacity(target_layer_count));
// Assign all members of a family to same layer
for (_head, members) in families.iter_mut() {
let smallest_layer = layers
.iter()
.min_by_key(|(_layer, members)| members.len())
.map(|(layer, _members)| *layer)
.unwrap_or(Layer::One);
let entry = layers.entry(smallest_layer).or_default();
if entry.len() + members.len() <= target_layer_count {
entry.extend_from_slice(members)
}
}
// Assign nodes with no families into layers
for mix_id in regular_nodes.drain(..) {
let smallest_layer = layers
.iter()
.min_by_key(|(_layer, members)| members.len())
.map(|(layer, _members)| *layer)
.unwrap_or(Layer::One);
let entry = layers.entry(smallest_layer).or_default();
if entry.len() < target_layer_count {
entry.push(mix_id)
}
}
for (layer, members) in layers {
let layer_assignments = members
.into_iter()
.map(|mix_id| LayerAssignment::new(mix_id, layer));
assignments.extend(layer_assignments);
}
Ok(assignments)
}
fn determine_rewarded_set(
@@ -248,11 +265,19 @@ impl RewardedSetUpdater {
let new_rewarded_set =
self.determine_rewarded_set(all_mixnodes, rewarding_parameters.rewarded_set_size)?;
let (layer_assignments, _families_in_layer) =
self.determine_layers(&new_rewarded_set).await?;
let (active_set, reserve_set) =
new_rewarded_set.split_at(rewarding_parameters.active_set_size as usize);
let mut active_set_layer_assignments = self.determine_layers(active_set).await?;
let reserve_set_layer_assignments = self.determine_layers(reserve_set).await?;
active_set_layer_assignments.extend(reserve_set_layer_assignments);
self.nyxd_client
.advance_current_epoch(layer_assignments, rewarding_parameters.active_set_size)
.advance_current_epoch(
active_set_layer_assignments,
rewarding_parameters.active_set_size,
)
.await?;
Ok(())