Merge pull request #50 from Yoii-Inc/feat/r1cs_for_pedersen_commitment

Feat/r1cs for pedersen commitment
Yoii-Inc · Aug 1, 2024 · 92f6c37 · 92f6c37
2 parents 9b51215 + 86da687
commit 92f6c37
Show file tree

Hide file tree

Showing 52 changed files with 7,494 additions and 769 deletions.
diff --git a/arkworks/curves/ed_on_bls12_377/Cargo.toml b/arkworks/curves/ed_on_bls12_377/Cargo.toml
@@ -29,3 +29,4 @@ ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-featu
 default = []
 std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bls12-377/std" ]
 r1cs = [ "ark-r1cs-std" ]
+ed_on_bls12_377 = []
diff --git a/examples/bin_werewolf.rs b/examples/bin_werewolf.rs
@@ -1,13 +1,13 @@
 use ark_bls12_377::{Fr, FrParameters};
 use ark_crypto_primitives::encryption::AsymmetricEncryptionScheme;
-use ark_ec::twisted_edwards_extended::GroupAffine;
 use ark_ec::AffineCurve;
 use ark_ff::FpParameters;
 use ark_marlin::IndexProverKey;
 use ark_mnt4_753::FqParameters;
 use ark_serialize::{CanonicalDeserialize, Read};
 use ark_std::test_rng;
 use core::panic;
+use mpc_algebra::encryption::elgamal::elgamal::Parameters;
 use mpc_algebra::malicious_majority::*;
 use mpc_algebra::Reveal;
 use mpc_net::{MpcMultiNet as Net, MpcNet};
@@ -368,7 +368,7 @@ fn multi_divination(_opt: &Opt) -> Result<(), std::io::Error> {
         mpc_input: mpc_input.clone(),
     };
 
-    let _peculiar_is_werewolf_commitment: Vec<GroupAffine<MpcEdwardsParameters>> = mpc_input
+    let _peculiar_is_werewolf_commitment: Vec<MpcEdwardsAffine> = mpc_input
         .peculiar
         .clone()
         .unwrap()
@@ -377,7 +377,7 @@ fn multi_divination(_opt: &Opt) -> Result<(), std::io::Error> {
         .map(|x| x.commitment)
         .collect::<Vec<_>>();
 
-    let _peculiar_is_target_commitment: Vec<GroupAffine<MpcEdwardsParameters>> = mpc_input
+    let _peculiar_is_target_commitment: Vec<MpcEdwardsAffine> = mpc_input
         .peculiar
         .clone()
         .unwrap()
@@ -386,12 +386,10 @@ fn multi_divination(_opt: &Opt) -> Result<(), std::io::Error> {
         .map(|x| x.commitment)
         .collect::<Vec<_>>();
 
-    let elgamal_generator: ark_crypto_primitives::encryption::elgamal::Parameters<
-        MpcEdwardsProjective,
-    > = mpc_input.clone().common.unwrap().elgamal_param;
+    let elgamal_generator: Parameters<MpcEdwardsProjective> =
+        mpc_input.clone().common.unwrap().elgamal_param;
 
-    let elgamal_pubkey: GroupAffine<MpcEdwardsParameters> =
-        mpc_input.clone().common.unwrap().pub_key;
+    let elgamal_pubkey: MpcEdwardsAffine = mpc_input.clone().common.unwrap().pub_key;
 
     let message = <MFr as ElGamalLocalOrMPC<MFr>>::ElGamalPlaintext::prime_subgroup_generator();
 
@@ -408,17 +406,17 @@ fn multi_divination(_opt: &Opt) -> Result<(), std::io::Error> {
     let mut inputs = Vec::new();
 
     // elgamal param
-    inputs.push(elgamal_generator.generator.x.reveal());
-    inputs.push(elgamal_generator.generator.y.reveal());
+    inputs.push(elgamal_generator.generator.reveal().x);
+    inputs.push(elgamal_generator.generator.reveal().y);
     // elgamal pubkey
-    inputs.push(elgamal_pubkey.x.reveal());
-    inputs.push(elgamal_pubkey.y.reveal());
+    inputs.push(elgamal_pubkey.reveal().x);
+    inputs.push(elgamal_pubkey.reveal().y);
 
     // elgamal ciphertext
-    inputs.push(enc_result.0.x.reveal());
-    inputs.push(enc_result.0.y.reveal());
-    inputs.push(enc_result.1.x.reveal());
-    inputs.push(enc_result.1.y.reveal());
+    inputs.push(enc_result.0.reveal().x);
+    inputs.push(enc_result.0.reveal().y);
+    inputs.push(enc_result.1.reveal().x);
+    inputs.push(enc_result.1.reveal().y);
 
     // input commitment
     // inputs.push(peculiar_is_werewolf_commitment[0].x.reveal());

diff --git a/examples/online.rs b/examples/online.rs
@@ -288,10 +288,10 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             let peculiar_a_commitment = mpc_input.peculiar.clone().unwrap().a.commitment;
             let peculiar_b_commitment = mpc_input.peculiar.unwrap().b.commitment;
 
-            inputs.push(peculiar_a_commitment.x.reveal());
-            inputs.push(peculiar_a_commitment.y.reveal());
-            inputs.push(peculiar_b_commitment.x.reveal());
-            inputs.push(peculiar_b_commitment.y.reveal());
+            inputs.push(peculiar_a_commitment.reveal().x);
+            inputs.push(peculiar_a_commitment.reveal().y);
+            inputs.push(peculiar_b_commitment.reveal().x);
+            inputs.push(peculiar_b_commitment.reveal().y);
 
             assert!(LocalMarlin::verify(&index_vk, &inputs, &proof, rng).unwrap());
         }

diff --git a/mpc-algebra/Cargo.toml b/mpc-algebra/Cargo.toml
@@ -12,7 +12,7 @@ ark-poly = { path = "../arkworks/algebra/poly", version = "0.3.0" }
 ark-serialize = { path = "../arkworks/algebra/serialize", version = "0.3.0" }
 ark-std = { path = "../arkworks/std", version = "0.3.0", features = ["std", "print-trace"] }
 ark-r1cs-std = { path = "../arkworks/r1cs-std", version = "0.3.0", default-features = false, optional = true }
-ark-crypto-primitives = { path = "../arkworks/crypto-primitives", version = "0.3.0" }
+ark-crypto-primitives = { path = "../arkworks/crypto-primitives", version = "0.3.0", features = ["r1cs"] }
 ark-relations = { path = "../arkworks/snark/relations", version = "^0.3.0", default-features = false }
 
 ark-bls12-377 = { path = "../arkworks/curves/bls12_377", version = "0.3.0" }

diff --git a/mpc-algebra/examples/algebra.rs b/mpc-algebra/examples/algebra.rs
@@ -1,14 +1,20 @@
 use std::path::PathBuf;
 
+use ark_crypto_primitives::{CommitmentScheme, CRH};
 use ark_ff::PubUniformRand;
 use ark_ff::{BigInteger, BigInteger256, FpParameters, PrimeField, UniformRand};
 use ark_ff::{One, Zero};
+use ark_poly::reveal;
+use ark_std::PubUniformRand;
 use ark_std::{end_timer, start_timer};
 use log::debug;
+use mpc_algebra::pedersen::Randomness;
 use mpc_algebra::boolean_field::MpcBooleanField;
 use mpc_algebra::{
-    AdditiveFieldShare, BitAdd, BitDecomposition, BitwiseLessThan, BooleanWire, EqualityZero,
-    LessThan, LogicalOperations, MpcField, Reveal, UniformBitRand,
+    edwards2, share, AdditiveFieldShare, BitAdd, BitDecomposition, BitwiseLessThan, BooleanWire,
+    CommitmentScheme as MpcCommitmentScheme, EqualityZero, LessThan,
+    LogicalOperations,
+    MpcEdwardsProjective, MpcField, Reveal, UniformBitRand,
 };
 use mpc_net::{MpcMultiNet as Net, MpcNet};
 
@@ -375,6 +381,71 @@ fn test_bit_decomposition() {
     assert_eq!(res, random.reveal());
 }
 
+pub const PERDERSON_WINDOW_SIZE: usize = 256;
+pub const PERDERSON_WINDOW_NUM: usize = 1;
+
+#[derive(Clone)]
+pub struct Window;
+impl ark_crypto_primitives::crh::pedersen::Window for Window {
+    const WINDOW_SIZE: usize = PERDERSON_WINDOW_SIZE;
+    const NUM_WINDOWS: usize = PERDERSON_WINDOW_NUM;
+}
+
+impl mpc_algebra::crh::pedersen::Window for Window {
+    const WINDOW_SIZE: usize = PERDERSON_WINDOW_SIZE;
+    const NUM_WINDOWS: usize = PERDERSON_WINDOW_NUM;
+}
+
+type LocalPed = ark_crypto_primitives::commitment::pedersen::Commitment<
+    ark_ed_on_bls12_377::EdwardsProjective,
+    Window,
+>;
+type MpcPed = mpc_algebra::commitment::pedersen::Commitment<edwards2::MpcEdwardsProjective, Window>;
+
+fn test_pedersen_commitment() {
+    let rng = &mut ark_std::test_rng();
+
+    let x = F::rand(rng);
+    let x_bytes = x.into_repr().to_bytes_le();
+    let x_bits = x.into_repr().to_bits_le();
+
+    // mpc calculation
+    let mpc_parameters = MpcPed::setup(rng).unwrap();
+
+    let scalar_x_bytes = if Net::am_king() {
+        x_bits
+        .iter()
+        .map(|b| {
+            MpcField::<ark_ed_on_bls12_377::Fr, AdditiveFieldShare<ark_ed_on_bls12_377::Fr>>::from_add_shared(ark_ed_on_bls12_377::Fr::from(*b))
+        })
+        .collect::<Vec<_>>()
+    } else {
+        x_bits
+        .iter()
+        .map(|b| {
+            MpcField::<ark_ed_on_bls12_377::Fr, AdditiveFieldShare<ark_ed_on_bls12_377::Fr>>::from_add_shared(ark_ed_on_bls12_377::Fr::zero())
+        })
+        .collect::<Vec<_>>()
+    };
+
+    let randomness = Randomness::<MpcEdwardsProjective>::rand(rng);
+
+    let result_mpc = MpcPed::commit(&mpc_parameters, &scalar_x_bytes, &randomness).unwrap();
+
+    // local calculation
+    let local_parameters = ark_crypto_primitives::commitment::pedersen::Parameters {
+        randomness_generator: mpc_parameters.randomness_generator.clone().reveal(),
+        generators: mpc_parameters.generators.reveal(),
+    };
+
+    let local_randomness =
+        ark_crypto_primitives::commitment::pedersen::Randomness(randomness.0.reveal());
+
+    let result_local = LocalPed::commit(&local_parameters, &x_bytes, &local_randomness).unwrap();
+
+    assert_eq!(result_local, result_mpc.reveal());
+}
+
 fn test_share() {
     let rng = &mut ark_std::test_rng();
 
@@ -432,6 +503,9 @@ fn main() {
     test_bit_decomposition();
     println!("Test bit_decomposition passed");
 
+    test_pedersen_commitment();
+    println!("Test pedersen commitment passed");
+
     test_share();
     println!("Test share passed");
 }
diff --git a/mpc-algebra/src/commitment.rs b/mpc-algebra/src/commitment.rs
@@ -0,0 +1,25 @@
+use ark_ff::UniformRand;
+use ark_std::rand::Rng;
+use ark_std::{fmt::Debug, hash::Hash};
+
+use ark_ff::bytes::ToBytes;
+
+pub mod constraints;
+pub mod pedersen;
+
+use ark_crypto_primitives::Error;
+
+pub trait CommitmentScheme {
+    type Input;
+    type Output: ToBytes + Clone + Default + Eq + Hash + Debug;
+    type Parameters: Clone;
+    type Randomness: Clone + ToBytes + Default + Eq + UniformRand + Debug;
+
+    fn setup<R: Rng>(r: &mut R) -> Result<Self::Parameters, Error>;
+
+    fn commit(
+        parameters: &Self::Parameters,
+        input: &Self::Input,
+        r: &Self::Randomness,
+    ) -> Result<Self::Output, Error>;
+}
diff --git a/mpc-algebra/src/commitment/constraints.rs b/mpc-algebra/src/commitment/constraints.rs
@@ -0,0 +1,23 @@
+use crate::commitment::CommitmentScheme;
+use ark_ff::PrimeField;
+use ark_r1cs_std::{alloc::AllocVar, R1CSVar, ToBytesGadget};
+use ark_relations::r1cs::SynthesisError;
+use core::fmt::Debug;
+
+pub trait CommitmentGadget<C: CommitmentScheme, ConstraintF: PrimeField> {
+    type OutputVar: ToBytesGadget<ConstraintF>
+        + AllocVar<C::Output, ConstraintF>
+        + R1CSVar<ConstraintF>
+        + Clone
+        + Sized
+        + Debug;
+    type ParametersVar: AllocVar<C::Parameters, ConstraintF> + Clone;
+    type RandomnessVar: AllocVar<C::Randomness, ConstraintF> + Clone;
+    type InputVar: AllocVar<C::Input, ConstraintF> + Clone;
+
+    fn commit(
+        parameters: &Self::ParametersVar,
+        input: &Self::InputVar,
+        r: &Self::RandomnessVar,
+    ) -> Result<Self::OutputVar, SynthesisError>;
+}
diff --git a/mpc-algebra/src/commitment/pedersen.rs b/mpc-algebra/src/commitment/pedersen.rs
@@ -0,0 +1,5 @@
+pub mod pedersen;
+pub use pedersen::*;
+pub mod constraints;
+pub use constraints::*;
+pub mod local_pedersen;