diff --git a/Cargo.toml b/Cargo.toml index 8208299..c1ae074 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,5 +12,4 @@ ark-ec = { version = "0.4", default-features = false } ark-poly = { version = "0.4", default-features = false } ark-serialize = { version = "0.4", default-features = false, features = ["derive"] } fflonk = { git = "https://github.com/w3f/fflonk", default-features = false } -merlin = { version = "3.0", default-features = false } rayon = { version = "1", default-features = false } diff --git a/common/Cargo.toml b/common/Cargo.toml index 5658a32..c3d2006 100644 --- a/common/Cargo.toml +++ b/common/Cargo.toml @@ -14,10 +14,9 @@ ark-ec.workspace = true ark-poly.workspace = true ark-serialize.workspace = true fflonk.workspace = true -merlin.workspace = true rayon = { workspace = true, optional = true } getrandom_or_panic = { version = "0.0.3", default-features = false } -rand_chacha = { version = "0.3.1", default-features = false } +rand_core = "0.6" [dev-dependencies] ark-ed-on-bls12-381-bandersnatch = { version = "0.4", default-features = false } @@ -31,8 +30,8 @@ std = [ "ark-poly/std", "ark-serialize/std", "fflonk/std", - "merlin/std", - "getrandom_or_panic/std" + "getrandom_or_panic/std", + "rand_core/std" ] parallel = [ "std", diff --git a/common/src/transcript.rs b/common/src/transcript.rs index 04851d2..38a6b70 100644 --- a/common/src/transcript.rs +++ b/common/src/transcript.rs @@ -1,10 +1,9 @@ use ark_ff::PrimeField; use ark_poly::GeneralEvaluationDomain; use ark_serialize::CanonicalSerialize; -use ark_std::{vec, vec::Vec}; -use ark_std::rand::SeedableRng; +use ark_std::vec::Vec; use fflonk::pcs::{PCS, PcsParams}; -use rand_chacha::ChaCha20Rng; +use rand_core::RngCore; use crate::{ColumnsCommited, ColumnsEvaluated}; @@ -26,14 +25,6 @@ pub trait Transcript>: Clone { self._add_serializable(b"committed_cols", committed_cols); } - // fn get_bitmask_aggregation_challenge(&mut self) -> Fr { - // self._get_128_bit_challenge(b"bitmask_aggregation") - // } - - // fn append_2nd_round_register_commitments(&mut self, register_commitments: &impl RegisterCommitments) { - // self._append_serializable(b"2nd_round_register_commitments", register_commitments); - // } - fn get_constraints_aggregation_coeffs(&mut self, n: usize) -> Vec { self._128_bit_coeffs(b"constraints_aggregation", n) } @@ -63,25 +54,5 @@ pub trait Transcript>: Clone { fn _add_serializable(&mut self, label: &'static [u8], message: &impl CanonicalSerialize); - fn to_rng(self) -> ChaCha20Rng; -} - -impl> Transcript for merlin::Transcript { - fn _128_bit_point(&mut self, label: &'static [u8]) -> F { - let mut buf = [0u8; 16]; - self.challenge_bytes(label, &mut buf); - F::from_random_bytes(&buf).unwrap() - } - - fn _add_serializable(&mut self, label: &'static [u8], message: &impl CanonicalSerialize) { - let mut buf = vec![0; message.uncompressed_size()]; - message.serialize_uncompressed(&mut buf).unwrap(); - self.append_message(label, &buf); - } - - fn to_rng(mut self) -> ChaCha20Rng { - let mut buf = [0u8; 32]; - self.challenge_bytes(b"transcript_rng", &mut buf); - ChaCha20Rng::from_seed(buf) - } + fn to_rng(self) -> impl RngCore; } \ No newline at end of file diff --git a/common/src/verifier.rs b/common/src/verifier.rs index b0b8caa..25316b9 100644 --- a/common/src/verifier.rs +++ b/common/src/verifier.rs @@ -3,7 +3,7 @@ use ark_serialize::CanonicalSerialize; use ark_std::{vec, vec::Vec}; use ark_std::rand::Rng; use fflonk::pcs::{Commitment, PCS, PcsParams}; -use rand_chacha::ChaCha20Rng; +use rand_core::RngCore; use crate::{ColumnsCommited, ColumnsEvaluated, Proof}; use crate::piop::VerifierPiop; @@ -74,7 +74,7 @@ impl, T: Transcript> PlonkVerifier { proof: &Proof, n_polys: usize, n_constraints: usize, - ) -> (Challenges, ChaCha20Rng) + ) -> (Challenges, impl RngCore) where Commitments: ColumnsCommited, Evaluations: ColumnsEvaluated, diff --git a/ring/Cargo.toml b/ring/Cargo.toml index 10639ed..8479c0d 100644 --- a/ring/Cargo.toml +++ b/ring/Cargo.toml @@ -14,11 +14,11 @@ ark-ec.workspace = true ark-poly.workspace = true ark-serialize.workspace = true fflonk.workspace = true -merlin.workspace = true rayon = { workspace = true, optional = true } common = { path = "../common", default-features = false } blake2 = { version = "0.10", default-features = false } arrayvec = { version = "0.7", default-features = false } +ark-transcript = { git = "https://github.com/w3f/ring-vrf", default-features = false } [dev-dependencies] ark-bls12-381 = { version = "0.4", default-features = false, features = ["curve"] } @@ -32,7 +32,6 @@ std = [ "ark-ec/std", "ark-poly/std", "ark-serialize/std", - "merlin/std", "fflonk/std", "common/std" ] diff --git a/ring/src/lib.rs b/ring/src/lib.rs index ba4a385..48d995b 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -2,8 +2,10 @@ use ark_ec::AffineRepr; use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; -use ark_ff::{One, Zero}; +use ark_ff::{One, PrimeField, Zero}; +use ark_serialize::CanonicalSerialize; use ark_std::rand; +use ark_std::rand::RngCore; use fflonk::pcs::PCS; pub use common::domain::Domain; @@ -23,9 +25,6 @@ pub type RingProof = Proof>::C>, /// Polynomial Commitment Schemes. pub use fflonk::pcs; -/// Transcript for `RingProver` and `RingVerifier` construction. -pub use merlin::Transcript; - // Calling the method for a prime-order curve results in an infinite loop. pub fn find_complement_point() -> Affine { let mut x = Curve::BaseField::zero(); @@ -48,6 +47,30 @@ pub fn hash_to_curve(message: &[u8]) -> A { A::rand(rng) } +#[derive(Clone)] +pub struct FS(ark_transcript::Transcript); + +impl> common::transcript::Transcript for FS { + fn _128_bit_point(&mut self, label: &'static [u8]) -> F { + self.0.challenge(label).read_reduce() + } + + fn _add_serializable(&mut self, label: &'static [u8], message: &impl CanonicalSerialize) { + self.0.label(label); + self.0.append(message); + } + + fn to_rng(mut self) -> impl RngCore { + self.0.challenge(b"transcript_rng") + } +} + +impl FS { + pub fn new(label: &'static [u8]) -> Self { + Self(ark_transcript::Transcript::new_labeled(label)) + } +} + #[cfg(test)] mod tests { use ark_bls12_381::Bls12_381; @@ -58,7 +81,6 @@ mod tests { use ark_std::ops::Mul; use ark_std::rand::Rng; use fflonk::pcs::kzg::KZG; - use merlin::Transcript; use common::test_helpers::random_vec; @@ -85,12 +107,12 @@ mod tests { // PROOF generation let secret = Fr::rand(rng); // prover's secret scalar let result = piop_params.h.mul(secret) + pk; - let ring_prover = RingProver::init(prover_key, piop_params.clone(), k, Transcript::new(b"ring-vrf-test")); + let ring_prover = RingProver::init(prover_key, piop_params.clone(), k, FS::new(b"ring-vrf-test")); let t_prove = start_timer!(|| "Prove"); let proof = ring_prover.prove(secret); end_timer!(t_prove); - let ring_verifier = RingVerifier::init(verifier_key, piop_params, Transcript::new(b"ring-vrf-test")); + let ring_verifier = RingVerifier::init(verifier_key, piop_params, FS::new(b"ring-vrf-test")); let t_verify = start_timer!(|| "Verify"); let res = ring_verifier.verify_ring_proof(proof, result.into_affine()); end_timer!(t_verify); diff --git a/ring/src/ring_prover.rs b/ring/src/ring_prover.rs index 07159e7..0762749 100644 --- a/ring/src/ring_prover.rs +++ b/ring/src/ring_prover.rs @@ -6,13 +6,13 @@ use common::prover::PlonkProver; use crate::piop::{FixedColumns, PiopProver, ProverKey}; use crate::piop::params::PiopParams; -use crate::RingProof; +use crate::{FS, RingProof}; pub struct RingProver, Curve: SWCurveConfig> { piop_params: PiopParams, fixed_columns: FixedColumns>, k: usize, - plonk_prover: PlonkProver, + plonk_prover: PlonkProver, } @@ -20,7 +20,7 @@ impl, Curve: SWCurveConfig> RingProver>, piop_params: PiopParams, k: usize, - empty_transcript: merlin::Transcript, + empty_transcript: FS, ) -> Self { let ProverKey { pcs_ck, fixed_columns, verifier_key } = prover_key; diff --git a/ring/src/ring_verifier.rs b/ring/src/ring_verifier.rs index 2268580..35497ce 100644 --- a/ring/src/ring_verifier.rs +++ b/ring/src/ring_verifier.rs @@ -9,18 +9,18 @@ use common::verifier::PlonkVerifier; use crate::piop::{FixedColumnsCommitted, PiopVerifier, VerifierKey}; use crate::piop::params::PiopParams; -use crate::RingProof; +use crate::{FS, RingProof}; pub struct RingVerifier, Curve: SWCurveConfig> { piop_params: PiopParams, fixed_columns_committed: FixedColumnsCommitted, - plonk_verifier: PlonkVerifier, + plonk_verifier: PlonkVerifier, } impl, Curve: SWCurveConfig> RingVerifier { pub fn init(verifier_key: VerifierKey, piop_params: PiopParams, - empty_transcript: merlin::Transcript, + empty_transcript: FS, ) -> Self { let pcs_vk = verifier_key.pcs_raw_vk.prepare(); let plonk_verifier = PlonkVerifier::init(pcs_vk, &verifier_key, empty_transcript);