fix

brech1 · Oct 21, 2024 · 521399b · 521399b
1 parent 215e5dc
commit 521399b
Show file tree

Hide file tree

Showing 6 changed files with 145 additions and 98 deletions.
diff --git a/src/kem.rs b/src/kem.rs
@@ -16,7 +16,7 @@ pub fn encapsulate<E: Pairing>(
     commitment: E::G1,
     point: E::ScalarField,
     value: E::ScalarField,
-    tau_g2: E::G2,
+    tau_g2: &E::G2,
 ) -> Result<(E::G2, OutputReader), KEMError> {
     // [beta]_1
     let value_in_g1: E::G1 = g1_gen::<E>().mul(value);
@@ -39,7 +39,7 @@ pub fn encapsulate<E: Pairing>(
 
     // Calculate a ciphertext to share the randomness used in the encapsulation.
     // ct = r([tau]_2 - [alpha]_2)
-    let tau_alpha: E::G2 = tau_g2 - g2_gen::<E>().mul(point);
+    let tau_alpha: E::G2 = *tau_g2 - g2_gen::<E>().mul(point);
     let ciphertext: E::G2 = tau_alpha.mul(r);
 
     // Generate the key

diff --git a/src/kzg.rs b/src/kzg.rs
@@ -174,8 +174,8 @@ impl<E: Pairing> KZG<E> {
     }
 
     /// Returns [tau]_2
-    pub fn tau_g2(&self) -> E::G2 {
-        self.tau_g2
+    pub fn tau_g2(&self) -> &E::G2 {
+        &self.tau_g2
     }
 }
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -4,4 +4,5 @@
 
 pub mod kem;
 pub mod kzg;
+pub mod vec;
 pub mod we;
diff --git a/src/vec.rs b/src/vec.rs
@@ -0,0 +1,97 @@
+//! # Vector
+//!
+//! This module contains a helper struct to use the extractable witness encryption scheme with vectors as polynomials.
+
+use crate::{
+    kem,
+    kzg::{KZGError, KZG},
+    we::{self, Ciphertext},
+};
+use ark_ec::pairing::Pairing;
+use ark_poly::{
+    domain::{EvaluationDomain, Radix2EvaluationDomain},
+    polynomial::univariate::DensePolynomial,
+    DenseUVPolynomial,
+};
+use ark_std::{rand::rngs::SmallRng, rand::SeedableRng, UniformRand};
+use thiserror::Error;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct VectorWE<E: Pairing> {
+    kzg: KZG<E>,
+    domain_d: Radix2EvaluationDomain<<E as Pairing>::ScalarField>,
+}
+
+impl<E: Pairing> VectorWE<E> {
+    pub fn new(kzg: KZG<E>) -> Self {
+        let domain_d = Radix2EvaluationDomain::new(kzg.g1_pow().len()).unwrap();
+
+        Self { kzg, domain_d }
+    }
+
+    /// Commit to a vector of values.
+    /// Returns the commitment and the proofs for each index.
+    pub fn commit(&self, vec: &[E::ScalarField]) -> Result<(E::G1, Vec<E::G1>), VectorWEError> {
+        // Pad with a random value.
+        // This is necessary since the commitment could leak information about the vector.
+        let mut rng = SmallRng::from_entropy();
+        let r = E::ScalarField::rand(&mut rng);
+
+        let mut values = vec.to_vec();
+        values.push(r);
+
+        // Transform the vector into a polynomial in coefficient form
+        let p_coeff = self.domain_d.ifft(&values);
+
+        // Calculate proofs for each index
+        let proofs = self.kzg.open_fk(&p_coeff)?;
+
+        // Construct the dense polynomial from the coefficients
+        let p_dense = DensePolynomial::from_coefficients_vec(p_coeff);
+
+        // Commit
+        let com = self.kzg.commit(&p_dense)?;
+
+        Ok((com, proofs))
+    }
+
+    /// Encrypt
+    pub fn encrypt(
+        &self,
+        com: E::G1,
+        index: usize,
+        value: E::ScalarField,
+        message: &[u8],
+    ) -> Result<Ciphertext<E>, VectorWEError> {
+        // Get n-th root of unity
+        let omega = self.domain_d.element(index);
+
+        // Encrypt
+        we::encrypt::<E>(com, omega, value, message, self.kzg.tau_g2()).map_err(VectorWEError::from)
+    }
+
+    // Decrypt
+    pub fn decrypt(&self, proof: E::G1, ct: Ciphertext<E>) -> Result<Vec<u8>, VectorWEError> {
+        we::decrypt::<E>(proof, ct).map_err(VectorWEError::from)
+    }
+}
+
+#[derive(Error, Debug, PartialEq, Eq)]
+pub enum VectorWEError {
+    #[error("KZG error: {0}")]
+    KZGError(KZGError),
+    #[error("KEM error: {0}")]
+    KEMError(kem::KEMError),
+}
+
+impl From<KZGError> for VectorWEError {
+    fn from(err: KZGError) -> Self {
+        VectorWEError::KZGError(err)
+    }
+}
+
+impl From<kem::KEMError> for VectorWEError {
+    fn from(err: kem::KEMError) -> Self {
+        VectorWEError::KEMError(err)
+    }
+}
diff --git a/src/we.rs b/src/we.rs
@@ -5,7 +5,6 @@
 use crate::kem::{self, KEMError};
 use ark_ec::pairing::Pairing;
 use ark_std::vec::Vec;
-use thiserror::Error;
 
 /// Ciphertext type alias.
 pub type Ciphertext<E> = (<E as Pairing>::G2, Vec<u8>);
@@ -19,8 +18,8 @@ pub fn encrypt<E: Pairing>(
     point: E::ScalarField,
     value: E::ScalarField,
     msg: &[u8],
-    tau_g2: E::G2,
-) -> Result<Ciphertext<E>, WEError> {
+    tau_g2: &E::G2,
+) -> Result<Ciphertext<E>, KEMError> {
     // Generate a key and the corresponding key ciphertext
     // (ct_1, k) <- Encap(x)
     let (key_ct, mut key_stream) = kem::encapsulate::<E>(com, point, value, tau_g2)?;
@@ -38,7 +37,9 @@ pub fn encrypt<E: Pairing>(
 
 /// Decrypts a ciphertext with a proof.
 /// Returns the decrypted message.
-pub fn decrypt<E: Pairing>(proof: E::G1, key_ct: E::G2, msg_ct: &[u8]) -> Result<Vec<u8>, WEError> {
+pub fn decrypt<E: Pairing>(proof: E::G1, ct: Ciphertext<E>) -> Result<Vec<u8>, KEMError> {
+    let (key_ct, msg_ct) = ct;
+
     // k = Decap(w, ct_1)
     let mut key_stream = kem::decapsulate::<E>(proof, key_ct)?;
 
@@ -52,18 +53,6 @@ pub fn decrypt<E: Pairing>(proof: E::G1, key_ct: E::G2, msg_ct: &[u8]) -> Result
     Ok(msg)
 }
 
-#[derive(Error, Debug, PartialEq, Eq)]
-pub enum WEError {
-    #[error("Key Encapsulation Error {0}")]
-    KEMError(KEMError),
-}
-
-impl From<KEMError> for WEError {
-    fn from(error: KEMError) -> Self {
-        WEError::KEMError(error)
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -97,12 +86,11 @@ mod tests {
 
         let msg = b"helloworld";
 
-        let (key_ct, msg_ct) =
-            encrypt::<Bls12_381>(commitment, point, val, msg, kzg.tau_g2()).unwrap();
+        let ct = encrypt::<Bls12_381>(commitment, point, val, msg, kzg.tau_g2()).unwrap();
 
         let proof = kzg.open(&p, &point).unwrap();
 
-        let decrypted_msg = decrypt::<Bls12_381>(proof, key_ct, &msg_ct).unwrap();
+        let decrypted_msg = decrypt::<Bls12_381>(proof, ct).unwrap();
 
         assert_eq!(msg.to_vec(), decrypted_msg);
     }
@@ -126,13 +114,12 @@ mod tests {
         let commitment = kzg.commit(&p).unwrap();
 
         let msg = b"helloworld";
-        let (key_ct, msg_ct) =
-            encrypt::<Bls12_381>(commitment, point, val, msg, kzg.tau_g2()).unwrap();
+        let ct = encrypt::<Bls12_381>(commitment, point, val, msg, kzg.tau_g2()).unwrap();
 
         let wrong_point: Fr = Fr::rand(rng);
         let invalid_proof = kzg.open(&p, &wrong_point).unwrap();
 
-        let decrypted_msg = decrypt::<Bls12_381>(invalid_proof, key_ct, &msg_ct).unwrap();
+        let decrypted_msg = decrypt::<Bls12_381>(invalid_proof, ct).unwrap();
 
         assert_ne!(msg.to_vec(), decrypted_msg);
     }