// -*- coding: utf-8; mode: rust; -*-
//
// To the extent possible under law, the authors have waived all
// copyright and related or neighboring rights to zkp,
// using the Creative Commons "CC0" public domain dedication. See
// for full
// details.
//
// Authors:
// - Henry de Valence
#![allow(non_snake_case)]
extern crate bincode;
extern crate curve25519_dalek;
extern crate serde;
extern crate sha2;
extern crate lox_zkp;
use self::sha2::Sha512;
use curve25519_dalek::constants as dalek_constants;
use curve25519_dalek::ristretto::RistrettoPoint;
use curve25519_dalek::scalar::Scalar;
use lox_zkp::toolbox::{batch_verifier::BatchVerifier, prover::Prover, verifier::Verifier, SchnorrCS};
use lox_zkp::Transcript;
fn dleq_statement(
cs: &mut CS,
x: CS::ScalarVar,
A: CS::PointVar,
G: CS::PointVar,
B: CS::PointVar,
H: CS::PointVar,
) {
cs.constrain(A, vec![(x, B)]);
cs.constrain(G, vec![(x, H)]);
}
#[test]
fn create_and_verify_compact_dleq() {
let B = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::(B.compress().as_bytes());
let (proof, cmpr_A, cmpr_G) = {
let x = Scalar::from(89327492234u64);
let A = B * x;
let G = H * x;
let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
// XXX committing var names to transcript forces ordering (?)
let var_x = prover.allocate_scalar(b"x", x);
let (var_B, _) = prover.allocate_point(b"B", B);
let (var_H, _) = prover.allocate_point(b"H", H);
let (var_A, cmpr_A) = prover.allocate_point(b"A", A);
let (var_G, cmpr_G) = prover.allocate_point(b"G", G);
dleq_statement(&mut prover, var_x, var_A, var_G, var_B, var_H);
(prover.prove_compact(), cmpr_A, cmpr_G)
};
let mut transcript = Transcript::new(b"DLEQTest");
let mut verifier = Verifier::new(b"DLEQProof", &mut transcript);
let var_x = verifier.allocate_scalar(b"x");
let var_B = verifier.allocate_point(b"B", B.compress()).unwrap();
let var_H = verifier.allocate_point(b"H", H.compress()).unwrap();
let var_A = verifier.allocate_point(b"A", cmpr_A).unwrap();
let var_G = verifier.allocate_point(b"G", cmpr_G).unwrap();
dleq_statement(&mut verifier, var_x, var_A, var_G, var_B, var_H);
assert!(verifier.verify_compact(&proof).is_ok());
}
#[test]
fn create_and_verify_batchable_dleq() {
let B = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::(B.compress().as_bytes());
let (proof, cmpr_A, cmpr_G) = {
let x = Scalar::from(89327492234u64);
let A = B * x;
let G = H * x;
let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
// XXX committing var names to transcript forces ordering (?)
let var_x = prover.allocate_scalar(b"x", x);
let (var_B, _) = prover.allocate_point(b"B", B);
let (var_H, _) = prover.allocate_point(b"H", H);
let (var_A, cmpr_A) = prover.allocate_point(b"A", A);
let (var_G, cmpr_G) = prover.allocate_point(b"G", G);
dleq_statement(&mut prover, var_x, var_A, var_G, var_B, var_H);
(prover.prove_batchable(), cmpr_A, cmpr_G)
};
let mut transcript = Transcript::new(b"DLEQTest");
let mut verifier = Verifier::new(b"DLEQProof", &mut transcript);
let var_x = verifier.allocate_scalar(b"x");
let var_B = verifier.allocate_point(b"B", B.compress()).unwrap();
let var_H = verifier.allocate_point(b"H", H.compress()).unwrap();
let var_A = verifier.allocate_point(b"A", cmpr_A).unwrap();
let var_G = verifier.allocate_point(b"G", cmpr_G).unwrap();
dleq_statement(&mut verifier, var_x, var_A, var_G, var_B, var_H);
assert!(verifier.verify_batchable(&proof).is_ok());
}
#[test]
fn create_and_batch_verify_batchable_dleq() {
let B = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::(B.compress().as_bytes());
let batch_size = 16;
let mut proofs = Vec::new();
let mut cmpr_As = Vec::new();
let mut cmpr_Gs = Vec::new();
for j in 0..batch_size {
let (proof, cmpr_A, cmpr_G) = {
let x = Scalar::from((j as u64) + 89327492234u64);
let A = B * x;
let G = H * x;
let mut transcript = Transcript::new(b"DLEQBatchTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
// XXX committing var names to transcript forces ordering (?)
let var_x = prover.allocate_scalar(b"x", x);
let (var_B, _) = prover.allocate_point(b"B", B);
let (var_H, _) = prover.allocate_point(b"H", H);
let (var_A, cmpr_A) = prover.allocate_point(b"A", A);
let (var_G, cmpr_G) = prover.allocate_point(b"G", G);
dleq_statement(&mut prover, var_x, var_A, var_G, var_B, var_H);
(prover.prove_batchable(), cmpr_A, cmpr_G)
};
proofs.push(proof);
cmpr_As.push(cmpr_A);
cmpr_Gs.push(cmpr_G);
}
let mut transcripts = vec![Transcript::new(b"DLEQBatchTest"); batch_size];
let transcript_refs = transcripts.iter_mut().collect();
let mut verifier = BatchVerifier::new(b"DLEQProof", batch_size, transcript_refs).unwrap();
let var_x = verifier.allocate_scalar(b"x");
let var_B = verifier.allocate_static_point(b"B", B.compress()).unwrap();
let var_H = verifier.allocate_static_point(b"H", H.compress()).unwrap();
let var_A = verifier.allocate_instance_point(b"A", cmpr_As).unwrap();
let var_G = verifier.allocate_instance_point(b"G", cmpr_Gs).unwrap();
dleq_statement(&mut verifier, var_x, var_A, var_G, var_B, var_H);
assert!(verifier.verify_batchable(&proofs).is_ok());
}