From 82c80dc6980675b9fd61d17e9cfb921914ffe608 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Mon, 16 Sep 2024 11:29:26 +0200 Subject: [PATCH 1/8] Generate padding point using ChaCha20Rng directly --- ring/Cargo.toml | 7 +++---- ring/src/lib.rs | 12 ------------ ring/src/piop/params.rs | 8 +++++++- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/ring/Cargo.toml b/ring/Cargo.toml index 8479c0d..7e1a947 100644 --- a/ring/Cargo.toml +++ b/ring/Cargo.toml @@ -18,6 +18,7 @@ rayon = { workspace = true, optional = true } common = { path = "../common", default-features = false } blake2 = { version = "0.10", default-features = false } arrayvec = { version = "0.7", default-features = false } +rand_chacha = { version = "0.3", default-features = false } ark-transcript = { git = "https://github.com/w3f/ring-vrf", default-features = false } [dev-dependencies] @@ -25,7 +26,7 @@ ark-bls12-381 = { version = "0.4", default-features = false, features = ["curve" ark-ed-on-bls12-381-bandersnatch = { version = "0.4", default-features = false } [features] -default = [] +default = [ "std" ] std = [ "ark-std/std", "ark-ff/std", @@ -49,6 +50,4 @@ print-trace = [ "ark-std/print-trace", "common/print-trace" ] -asm = [ - "fflonk/asm" -] +asm = [ "fflonk/asm" ] diff --git a/ring/src/lib.rs b/ring/src/lib.rs index e0bc2f0..88f7d04 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -1,10 +1,8 @@ #![cfg_attr(not(feature = "std"), no_std)] -use ark_ec::AffineRepr; use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; use ark_ff::{One, PrimeField, Zero}; use ark_serialize::CanonicalSerialize; -use ark_std::rand; use ark_std::rand::RngCore; use fflonk::pcs::PCS; @@ -37,16 +35,6 @@ pub fn find_complement_point() -> Affine { } } -// TODO: switch to better hash to curve when available -pub fn hash_to_curve(message: &[u8]) -> A { - use blake2::Digest; - use ark_std::rand::SeedableRng; - - let seed = blake2::Blake2s::digest(message); - let rng = &mut rand::rngs::StdRng::from_seed(seed.into()); - A::rand(rng) -} - #[derive(Clone)] pub struct ArkTranscript(ark_transcript::Transcript); diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index 134a3ec..33802e9 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -32,7 +32,13 @@ pub struct PiopParams> { impl> PiopParams { pub fn setup(domain: Domain, h: Affine, seed: Affine) -> Self { - let padding_point = crate::hash_to_curve::>(b"w3f/ring-proof/common/padding"); + let padding_point = { + use ark_std::{rand::SeedableRng, UniformRand}; + use blake2::Digest; + let seed = blake2::Blake2s::digest(b"w3f/ring-proof/common/padding"); + Affine::::rand(&mut rand_chacha::ChaCha20Rng::from_seed(seed.into())) + }; + let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize; // 1 accounts for the last cells of the points and bits columns that remain unconstrained let keyset_part_size = domain.capacity - scalar_bitlen - 1; From 78b30bbed9c730d03e7557888e3223cd289ee4f7 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Mon, 16 Sep 2024 11:46:01 +0200 Subject: [PATCH 2/8] Blake2b --- ring/src/piop/params.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index 33802e9..1ce9827 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -35,7 +35,7 @@ impl> PiopParams { let padding_point = { use ark_std::{rand::SeedableRng, UniformRand}; use blake2::Digest; - let seed = blake2::Blake2s::digest(b"w3f/ring-proof/common/padding"); + let seed = blake2::Blake2b::digest(b"w3f/ring-proof/common/padding"); Affine::::rand(&mut rand_chacha::ChaCha20Rng::from_seed(seed.into())) }; From 105b1e767842de1e607d93ff3de5678eaf157f5f Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 12:51:25 +0200 Subject: [PATCH 3/8] Generate padding using TAI --- ring/Cargo.toml | 1 - ring/src/lib.rs | 20 +++++++++++++++++++- ring/src/piop/params.rs | 8 +------- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/ring/Cargo.toml b/ring/Cargo.toml index 7e1a947..d3ab80c 100644 --- a/ring/Cargo.toml +++ b/ring/Cargo.toml @@ -18,7 +18,6 @@ rayon = { workspace = true, optional = true } common = { path = "../common", default-features = false } blake2 = { version = "0.10", default-features = false } arrayvec = { version = "0.7", default-features = false } -rand_chacha = { version = "0.3", default-features = false } ark-transcript = { git = "https://github.com/w3f/ring-vrf", default-features = false } [dev-dependencies] diff --git a/ring/src/lib.rs b/ring/src/lib.rs index 88f7d04..d8edcce 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -1,6 +1,6 @@ #![cfg_attr(not(feature = "std"), no_std)] -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; +use ark_ec::{short_weierstrass::{Affine, SWCurveConfig}, AffineRepr}; use ark_ff::{One, PrimeField, Zero}; use ark_serialize::CanonicalSerialize; use ark_std::rand::RngCore; @@ -35,6 +35,24 @@ pub fn find_complement_point() -> Affine { } } +// Hash to curve using TAI +pub fn hash_to_curve>(message: &[u8]) -> Affine { + use blake2::Digest; + let mut seed = message.to_vec(); + seed.push(0); + let cnt_offset = seed.len() - 1; + loop { + let hash: [u8; 64] = blake2::Blake2b::digest(&seed[..]).into(); + let x = F::from_le_bytes_mod_order(&hash); + if let Some(point) = Affine::::get_point_from_x_unchecked(x, false) { + let point = point.clear_cofactor(); + assert!(point.is_in_correct_subgroup_assuming_on_curve()); + return point + } + seed[cnt_offset] += 1; + } +} + #[derive(Clone)] pub struct ArkTranscript(ark_transcript::Transcript); diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index 1ce9827..277c446 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -32,13 +32,7 @@ pub struct PiopParams> { impl> PiopParams { pub fn setup(domain: Domain, h: Affine, seed: Affine) -> Self { - let padding_point = { - use ark_std::{rand::SeedableRng, UniformRand}; - use blake2::Digest; - let seed = blake2::Blake2b::digest(b"w3f/ring-proof/common/padding"); - Affine::::rand(&mut rand_chacha::ChaCha20Rng::from_seed(seed.into())) - }; - + let padding_point = crate::hash_to_curve(b"w3f/ring-proof/common/padding"); let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize; // 1 accounts for the last cells of the points and bits columns that remain unconstrained let keyset_part_size = domain.capacity - scalar_bitlen - 1; From cfa60768f2236c886615f25259d7ecd60b18cb78 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 12:57:09 +0200 Subject: [PATCH 4/8] Blanks --- ring/src/piop/params.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index 277c446..f87ee6e 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -32,7 +32,7 @@ pub struct PiopParams> { impl> PiopParams { pub fn setup(domain: Domain, h: Affine, seed: Affine) -> Self { - let padding_point = crate::hash_to_curve(b"w3f/ring-proof/common/padding"); + let padding_point = crate::hash_to_curve(b"w3f/ring-proof/common/padding"); let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize; // 1 accounts for the last cells of the points and bits columns that remain unconstrained let keyset_part_size = domain.capacity - scalar_bitlen - 1; From 535630a144952492981f65bace774e8a5629f696 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 13:06:13 +0200 Subject: [PATCH 5/8] Keep h2c internal --- ring/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/lib.rs b/ring/src/lib.rs index d8edcce..e3ce9f4 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -36,7 +36,7 @@ pub fn find_complement_point() -> Affine { } // Hash to curve using TAI -pub fn hash_to_curve>(message: &[u8]) -> Affine { +pub(crate) fn hash_to_curve>(message: &[u8]) -> Affine { use blake2::Digest; let mut seed = message.to_vec(); seed.push(0); From 644dc5d012ac949726dc05fa937e4859c481be46 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 15:53:21 +0200 Subject: [PATCH 6/8] Nit --- ring/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/lib.rs b/ring/src/lib.rs index e3ce9f4..317eccc 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -35,7 +35,7 @@ pub fn find_complement_point() -> Affine { } } -// Hash to curve using TAI +// Try and increment hash to curve. pub(crate) fn hash_to_curve>(message: &[u8]) -> Affine { use blake2::Digest; let mut seed = message.to_vec(); From 9e6a372075c8b1d01233acc3053a25566b4506de Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 15:55:26 +0200 Subject: [PATCH 7/8] Nit Nit --- ring/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/lib.rs b/ring/src/lib.rs index 317eccc..80ce956 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -39,8 +39,8 @@ pub fn find_complement_point() -> Affine { pub(crate) fn hash_to_curve>(message: &[u8]) -> Affine { use blake2::Digest; let mut seed = message.to_vec(); + let cnt_offset = seed.len(); seed.push(0); - let cnt_offset = seed.len() - 1; loop { let hash: [u8; 64] = blake2::Blake2b::digest(&seed[..]).into(); let x = F::from_le_bytes_mod_order(&hash); From a4580181a8579401a5029d3155a9762d4e96902b Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 18 Sep 2024 16:33:26 +0200 Subject: [PATCH 8/8] Change padding seed string --- ring/src/piop/params.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index f87ee6e..36366d3 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -32,7 +32,7 @@ pub struct PiopParams> { impl> PiopParams { pub fn setup(domain: Domain, h: Affine, seed: Affine) -> Self { - let padding_point = crate::hash_to_curve(b"w3f/ring-proof/common/padding"); + let padding_point = crate::hash_to_curve(b"/w3f/ring-proof/padding"); let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize; // 1 accounts for the last cells of the points and bits columns that remain unconstrained let keyset_part_size = domain.capacity - scalar_bitlen - 1;