From 3d0f22f3939313e01236bb2a05076e592c079b8d Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 22 May 2024 09:48:51 +0200 Subject: [PATCH] Rename 'signature' to 'proof' --- src/ietf.rs | 58 +++++++++++++++++++------------------- src/pedersen.rs | 42 +++++++++++++-------------- src/ring.rs | 53 +++++++++++++++++----------------- src/suites/bandersnatch.rs | 12 ++++---- src/suites/secp256.rs | 2 +- src/utils.rs | 7 ++++- 6 files changed, 89 insertions(+), 85 deletions(-) diff --git a/src/ietf.rs b/src/ietf.rs index ca28298..23614dd 100644 --- a/src/ietf.rs +++ b/src/ietf.rs @@ -10,17 +10,17 @@ pub trait IetfSuite: Suite {} impl IetfSuite for T where T: Suite {} -/// VRF signature generic over the cipher suite. +/// VRF proof generic over the cipher suite. /// /// An output point which can be used to derive the actual output together -/// with the actual signature of the input point and the associated data. +/// with the actual proof of the input point and the associated data. #[derive(Debug, Clone)] -pub struct Signature { +pub struct Proof { pub c: ScalarField, pub s: ScalarField, } -impl CanonicalSerialize for Signature { +impl CanonicalSerialize for Proof { fn serialize_with_mode( &self, mut writer: W, @@ -41,7 +41,7 @@ impl CanonicalSerialize for Signature { } } -impl CanonicalDeserialize for Signature { +impl CanonicalDeserialize for Proof { fn deserialize_with_mode( mut reader: R, _compress_always: ark_serialize::Compress, @@ -57,11 +57,11 @@ impl CanonicalDeserialize for Signature { ark_serialize::Compress::No, validate, )?; - Ok(Signature { c, s }) + Ok(Proof { c, s }) } } -impl ark_serialize::Valid for Signature { +impl ark_serialize::Valid for Proof { fn check(&self) -> Result<(), ark_serialize::SerializationError> { self.c.check()?; self.s.check()?; @@ -69,24 +69,24 @@ impl ark_serialize::Valid for Signature { } } -pub trait IetfSigner { - /// Sign the input and the user additional data `ad`. - fn sign(&self, input: Input, output: Output, ad: impl AsRef<[u8]>) -> Signature; +pub trait IetfProver { + /// Generate a proof for the given input/output and user additional data. + fn prove(&self, input: Input, output: Output, ad: impl AsRef<[u8]>) -> Proof; } pub trait IetfVerifier { - /// Verify the VRF signature. + /// Verify a proof for the given input/output and user additional data. fn verify( &self, input: Input, output: Output, ad: impl AsRef<[u8]>, - sig: &Signature, + sig: &Proof, ) -> Result<(), Error>; } -impl IetfSigner for Secret { - fn sign(&self, input: Input, output: Output, ad: impl AsRef<[u8]>) -> Signature { +impl IetfProver for Secret { + fn prove(&self, input: Input, output: Output, ad: impl AsRef<[u8]>) -> Proof { let k = S::nonce(&self.scalar, input); let k_b = (S::Affine::generator() * k).into_affine(); @@ -97,7 +97,7 @@ impl IetfSigner for Secret { ad.as_ref(), ); let s = k + c * self.scalar; - Signature { c, s } + Proof { c, s } } } @@ -107,9 +107,9 @@ impl IetfVerifier for Public { input: Input, output: Output, ad: impl AsRef<[u8]>, - signature: &Signature, + proof: &Proof, ) -> Result<(), Error> { - let Signature { c, s } = signature; + let Proof { c, s } = proof; let s_b = S::Affine::generator() * s; let c_y = self.0 * c; @@ -129,9 +129,9 @@ impl IetfVerifier for Public { #[cfg(test)] pub mod testing { use crate::*; - use ietf::IetfSigner; + use ietf::IetfProver; - pub const TEST_FLAG_SKIP_SIGN_CHECK: u8 = 1 << 0; + pub const TEST_FLAG_SKIP_PROOF_CHECK: u8 = 1 << 0; pub struct TestVector { pub flags: u8, @@ -162,19 +162,19 @@ pub mod testing { let input = Input::from(h); let output = sk.output(input); - let signature = sk.sign(input, output, []); + let proof = sk.prove(input, output, []); let gamma_bytes = utils::encode_point::(&output.0); assert_eq!(v.gamma, hex::encode(gamma_bytes)); - if v.flags & TEST_FLAG_SKIP_SIGN_CHECK != 0 { + if v.flags & TEST_FLAG_SKIP_PROOF_CHECK != 0 { return; } - let c_bytes = utils::encode_scalar::(&signature.c); + let c_bytes = utils::encode_scalar::(&proof.c); assert_eq!(v.c, hex::encode(c_bytes)); - let s_bytes = utils::encode_scalar::(&signature.s); + let s_bytes = utils::encode_scalar::(&proof.s); assert_eq!(v.s, hex::encode(s_bytes)); let beta = output.hash(); @@ -190,30 +190,30 @@ mod tests { }; #[test] - fn sign_verify_works() { + fn prove_verify_works() { let secret = Secret::from_seed(TEST_SEED); let public = secret.public(); let input = Input::from(random_val::(None)); let output = secret.output(input); - let signature = secret.sign(input, output, b"foo"); + let proof = secret.prove(input, output, b"foo"); - let result = public.verify(input, output, b"foo", &signature); + let result = public.verify(input, output, b"foo", &proof); assert!(result.is_ok()); } #[test] - fn signature_encode_decode() { + fn proof_encode_decode() { let c = hex::decode("d091c00b0f5c3619d10ecea44363b5a5").unwrap(); let c = ScalarField::from_be_bytes_mod_order(&c[..]); let s = hex::decode("99cadc5b2957e223fec62e81f7b4825fc799a771a3d7334b9186bdbee87316b1") .unwrap(); let s = ScalarField::from_be_bytes_mod_order(&s[..]); - let signature = Signature:: { c, s }; + let proof = Proof:: { c, s }; let mut buf = Vec::new(); - signature.serialize_compressed(&mut buf).unwrap(); + proof.serialize_compressed(&mut buf).unwrap(); assert_eq!(buf.len(), TestSuite::CHALLENGE_LEN + 32); } } diff --git a/src/pedersen.rs b/src/pedersen.rs index 157eb7c..f2680ba 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -6,7 +6,7 @@ pub trait PedersenSuite: IetfSuite { } #[derive(Debug, Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct Signature { +pub struct Proof { pk_blind: AffinePoint, r: AffinePoint, ok: AffinePoint, @@ -14,41 +14,41 @@ pub struct Signature { sb: ScalarField, } -impl Signature { +impl Proof { pub fn key_commitment(&self) -> AffinePoint { self.pk_blind } } -pub trait PedersenSigner { - /// Sign the input and the user additional data `ad`. +pub trait PedersenProver { + /// Generate a proof for the given input/output and user additional data. /// - /// Returns the signature together with the blinding factor. - fn sign( + /// Returns the proof together with the associated blinding factor. + fn prove( &self, input: Input, output: Output, ad: impl AsRef<[u8]>, - ) -> (Signature, ScalarField); + ) -> (Proof, ScalarField); } pub trait PedersenVerifier { - /// Verify the VRF signature. + /// Verify a proof for the given input/output and user additional data. fn verify( input: Input, output: Output, ad: impl AsRef<[u8]>, - sig: &Signature, + sig: &Proof, ) -> Result<(), Error>; } -impl PedersenSigner for Secret { - fn sign( +impl PedersenProver for Secret { + fn prove( &self, input: Input, output: Output, ad: impl AsRef<[u8]>, - ) -> (Signature, ScalarField) { + ) -> (Proof, ScalarField) { // Construct the nonces let k = S::nonce(&self.scalar, input); let b = S::nonce(&k, input); @@ -69,7 +69,7 @@ impl PedersenSigner for Secret { // sb = kb + c*b let sb = kb + c * b; - let signature = Signature { + let proof = Proof { pk_blind, r, ok, @@ -77,7 +77,7 @@ impl PedersenSigner for Secret { sb, }; - (signature, b) + (proof, b) } } @@ -86,15 +86,15 @@ impl PedersenVerifier for Public { input: Input, output: Output, ad: impl AsRef<[u8]>, - signature: &Signature, + proof: &Proof, ) -> Result<(), Error> { - let Signature { + let Proof { pk_blind, r, ok, s, sb, - } = signature; + } = proof; // c = Hash(Yb, I, O, R, Ok, ad) let c = S::challenge(&[pk_blind, &input.0, &output.0, r, ok], ad.as_ref()); @@ -134,18 +134,18 @@ mod tests { } #[test] - fn sign_verify_works() { + fn prove_verify_works() { let secret = Secret::from_seed(TEST_SEED); let input = Input::from(random_val(None)); let output = secret.output(input); - let (signature, blinding) = secret.sign(input, output, b"foo"); + let (proof, blinding) = secret.prove(input, output, b"foo"); - let result = Public::verify(input, output, b"foo", &signature); + let result = Public::verify(input, output, b"foo", &proof); assert!(result.is_ok()); assert_eq!( - signature.pk_blind, + proof.pk_blind, secret.public().0 + TestSuite::BLINDING_BASE * blinding ); } diff --git a/src/ring.rs b/src/ring.rs index 42dd8fc..353e977 100644 --- a/src/ring.rs +++ b/src/ring.rs @@ -1,7 +1,7 @@ use crate::*; use ark_ec::{short_weierstrass::SWCurveConfig, CurveConfig}; use ark_serialize::{Compress, Read, SerializationError, Valid, Validate, Write}; -use pedersen::{PedersenSigner, PedersenSuite, PedersenVerifier, Signature as PedersenSignature}; +use pedersen::{PedersenSuite, Proof as PedersenProof}; // Ring proof assumes: // 1. Points over the whole curve group (not just the prime subgroup). @@ -43,27 +43,27 @@ pub type PiopParams = ring_proof::PiopParams, Curve> pub trait Pairing: ark_ec::pairing::Pairing> {} #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct Signature +pub struct Proof where ::BaseField: ark_ff::PrimeField, { - pub vrf_signature: PedersenSignature, + pub pedersen_proof: PedersenProof, pub ring_proof: RingProof, } -pub trait RingSigner +pub trait RingProver where Curve: SWCurveConfig, as CurveConfig>::BaseField: ark_ff::PrimeField, { - /// Sign the input and the user additional data `ad`. - fn ring_sign( + /// Generate a proof for the given input/output and user additional data. + fn prove( &self, input: Input, output: Output, ad: impl AsRef<[u8]>, prover: &Prover, - ) -> Signature; + ) -> Proof; } pub trait RingVerifier @@ -71,34 +71,34 @@ where Curve: SWCurveConfig, as CurveConfig>::BaseField: ark_ff::PrimeField, { - /// Verify a signature. - fn ring_verify( + /// Verify a proof for the given input/output and user additional data. + fn verify( input: Input, output: Output, ad: impl AsRef<[u8]>, - sig: &Signature, + sig: &Proof, verifier: &Verifier, ) -> Result<(), Error>; } -impl RingSigner for Secret +impl RingProver for Secret where - Self: PedersenSigner, Curve: SWCurveConfig, as CurveConfig>::BaseField: ark_ff::PrimeField, { - fn ring_sign( + fn prove( &self, input: Input, output: Output, ad: impl AsRef<[u8]>, ring_prover: &Prover, - ) -> Signature { - let (vrf_signature, secret_blinding) = - >::sign(self, input, output, ad); + ) -> Proof { + use crate::pedersen::PedersenProver; + let (pedersen_proof, secret_blinding) = + >::prove(self, input, output, ad); let ring_proof = ring_prover.prove(secret_blinding); - Signature { - vrf_signature, + Proof { + pedersen_proof, ring_proof, } } @@ -106,20 +106,19 @@ where impl RingVerifier for Public where - Self: PedersenVerifier, Curve: SWCurveConfig, as CurveConfig>::BaseField: ark_ff::PrimeField, { - /// Verify the VRF signature. - fn ring_verify( + fn verify( input: Input, output: Output, ad: impl AsRef<[u8]>, - sig: &Signature, + sig: &Proof, verifier: &Verifier, ) -> Result<(), Error> { - >::verify(input, output, ad, &sig.vrf_signature)?; - let key_commitment = sig.vrf_signature.key_commitment(); + use crate::pedersen::PedersenVerifier; + >::verify(input, output, ad, &sig.pedersen_proof)?; + let key_commitment = sig.pedersen_proof.key_commitment(); if !verifier.verify_ring_proof(sig.ring_proof.clone(), key_commitment) { return Err(Error::VerificationFailure); } @@ -282,7 +281,7 @@ mod tests { use crate::utils::testing::{random_val, random_vec, TEST_SEED}; #[test] - fn sign_verify_works() { + fn prove_verify_works() { let rng = &mut ark_std::test_rng(); let domain_size = 1024; let ring_ctx = RingContext::new_random(domain_size, rng); @@ -300,11 +299,11 @@ mod tests { let prover_key = ring_ctx.prover_key(pks.clone()); let prover = ring_ctx.prover(prover_key, prover_idx); - let signature = secret.ring_sign(input, output, b"foo", &prover); + let proof = secret.prove(input, output, b"foo", &prover); let verifier_key = ring_ctx.verifier_key(pks); let verifier = ring_ctx.verifier(verifier_key); - let result = Public::ring_verify(input, output, b"foo", &signature, &verifier); + let result = Public::verify(input, output, b"foo", &proof, &verifier); assert!(result.is_ok()); } } diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs index 09d5b7d..f559228 100644 --- a/src/suites/bandersnatch.rs +++ b/src/suites/bandersnatch.rs @@ -107,7 +107,7 @@ pub mod ring { pub type VerifierKey = ring::VerifierKey; pub type Prover = ring::Prover; pub type Verifier = ring::Verifier; - pub type Signature = ring::Signature; + pub type Proof = ring::Proof; } #[cfg(test)] @@ -116,20 +116,20 @@ mod test { use utils::testing::{random_val, TEST_SEED}; #[test] - fn sign_verify_works() { - use crate::pedersen::{PedersenSigner, PedersenVerifier}; + fn prove_verify_works() { + use crate::pedersen::{PedersenProver, PedersenVerifier}; let secret = Secret::from_seed(TEST_SEED); let input = Input::from(random_val(None)); let output = secret.output(input); - let (signature, blinding) = secret.sign(input, output, b"foo"); + let (proof, blinding) = secret.prove(input, output, b"foo"); - let result = Public::verify(input, output, b"foo", &signature); + let result = Public::verify(input, output, b"foo", &proof); assert!(result.is_ok()); assert_eq!( - signature.key_commitment(), + proof.key_commitment(), secret.public().0 + BandersnatchSha512::BLINDING_BASE * blinding ); } diff --git a/src/suites/secp256.rs b/src/suites/secp256.rs index e2b1493..6553cd2 100644 --- a/src/suites/secp256.rs +++ b/src/suites/secp256.rs @@ -108,7 +108,7 @@ mod tests { #[test] fn secp256_rfc_9381_test_vector_10() { let v = TestVector { - flags: TEST_FLAG_SKIP_SIGN_CHECK, + flags: TEST_FLAG_SKIP_PROOF_CHECK, sk: "c9afa9d845ba75166b5c215767b1d6934e50c3db36e89b127b8a622b120f6721", pk: "0360fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6", alpha: b"sample", diff --git a/src/utils.rs b/src/utils.rs index 1fb3b73..5225056 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -24,7 +24,12 @@ macro_rules! suite_types { #[allow(dead_code)] pub type BaseField = $crate::BaseField<$suite>; #[allow(dead_code)] - pub type Signature = $crate::ietf::Signature<$suite>; + pub type IetfProof = $crate::ietf::Proof<$suite>; + #[allow(dead_code)] + pub type PedersenProof = $crate::pedersen::Proof<$suite>; + #[cfg(feature = "ring")] + #[allow(dead_code)] + pub type RingProof = $crate::ring::Proof<$suite>; }; }