🐛 Fix additivity of pedersen commitment

Yoii-Inc · Nov 7, 2023 · 6e7eab5 · 6e7eab5
1 parent 07f91e0
commit 6e7eab5
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 11 deletions.
diff --git a/arkworks/crypto-primitives/src/crh/pedersen/mod.rs b/arkworks/crypto-primitives/src/crh/pedersen/mod.rs
@@ -39,9 +39,9 @@ impl<C: ProjectiveCurve, W: Window> CRH<C, W> {
         generators_powers
     }
 
-    pub fn generator_powers<R: Rng>(num_powers: usize, rng: &mut R) -> Vec<C> {
+    pub fn generator_powers<R: Rng>(num_powers: usize, _rng: &mut R) -> Vec<C> {
         let mut cur_gen_powers = Vec::with_capacity(num_powers);
-        let mut base = C::pub_rand(rng);
+        let mut base = C::prime_subgroup_generator();
         for _ in 0..num_powers {
             cur_gen_powers.push(base);
             base.double_in_place();

diff --git a/src/online.rs b/src/online.rs
@@ -1,6 +1,6 @@
 use ark_bls12_377::Fr;
 use ark_crypto_primitives::CommitmentScheme;
-use ark_ff::{BigInteger, PrimeField};
+use ark_ff::{BigInteger, FpParameters, PrimeField};
 use ark_marlin::IndexProverKey;
 use ark_serialize::{CanonicalDeserialize, Read};
 use ark_std::test_rng;
@@ -178,32 +178,40 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     let shared_input = match Net::party_id() {
         0 => {
             vec![
-                MFr::from_add_shared(Fr::from(data.x) - sum_r0 + r0),
+                MFr::from_add_shared(
+                    Fr::from(data.x) - sum_r0
+                        + r0
+                        + Fr::from(ark_ed_on_bls12_377::FrParameters::MODULUS),
+                ),
                 MFr::from_add_shared(r1),
                 MFr::from_add_shared(r2),
             ]
         }
         1 => {
             vec![
                 MFr::from_add_shared(r0),
-                MFr::from_add_shared(Fr::from(data.y) - sum_r1 + r1),
+                MFr::from_add_shared(
+                    Fr::from(data.y) - sum_r1
+                        + r1
+                        + Fr::from(ark_ed_on_bls12_377::FrParameters::MODULUS),
+                ),
                 MFr::from_add_shared(r2),
             ]
         }
         2 => {
             vec![
                 MFr::from_add_shared(r0),
                 MFr::from_add_shared(r1),
-                MFr::from_add_shared(Fr::from(data.z) - sum_r2 + r2),
+                MFr::from_add_shared(
+                    Fr::from(data.z) - sum_r2
+                        + r2
+                        + Fr::from(ark_ed_on_bls12_377::FrParameters::MODULUS),
+                ),
             ]
         }
         _ => panic!("invalid party id"),
     };
 
-    assert_eq!(shared_input[0].reveal(), Fr::from(data.x));
-    assert_eq!(shared_input[1].reveal(), Fr::from(data.y));
-    assert_eq!(shared_input[2].reveal(), Fr::from(data.z));
-
     match zksnark {
         ZkSnark::Groth16 => {}
         ZkSnark::Marlin => {

diff --git a/src/preprocessing.rs b/src/preprocessing.rs
@@ -834,7 +834,7 @@ pub fn pair(
 
     // step 1
     let r_vec: Vec<Plaintexts> = (0..n)
-        .map(|_| Plaintexts::rand(she_params, &mut rng))
+        .map(|_| Plaintexts::restricted_rand(she_params, &mut rng))
         .collect();
 
     // step 2

diff --git a/src/she/plaintext.rs b/src/she/plaintext.rs
@@ -28,6 +28,16 @@ impl Plaintexts {
         Plaintexts { vals: res }
     }
 
+    pub fn restricted_rand<T: Rng>(params: &SHEParameters, rng: &mut T) -> Plaintexts {
+        let upper_bound = 1000000000;
+        let lower_bound = 100000;
+
+        let res = (0..params.s)
+            .map(|_| Plaintext::from(rng.gen_range(lower_bound..upper_bound)))
+            .collect();
+        Plaintexts { vals: res }
+    }
+
     pub fn encode(&self, params: &SHEParameters) -> Encodedtext {
         let remainders = self.vals.clone();
         let moduli = cyclotomic_moduli(params.s);