docknetwork / crypto Goto Github PK
View Code? Open in Web Editor NEWRust crypto library for data privacy tools
License: Apache License 2.0
Rust crypto library for data privacy tools
License: Apache License 2.0
I am compiling some code I added to a custom crate (here called xxxx
).
It has been compiling fine until I rebased to f5b61cd
.
Now I am getting several errors like:
error[E0308]: arguments to this function are incorrect
--> xxxx/src/proofsystem_algo.rs:102:20
|
102 | statements.add(PoKSignatureBBSG1Stmt::new_statement_from_params(
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
note: expected struct `bbs_plus::setup::SignatureParamsG1`, found struct `SignatureParamsG1`
--> xxxx/src/proofsystem_algo.rs:103:9
|
103 | sig_params.clone(),
| ^^^^^^^^^^^^^^^^^^
= note: struct `SignatureParamsG1` and struct `bbs_plus::setup::SignatureParamsG1` have similar names, but are actually distinct types
note: struct `SignatureParamsG1` is defined in crate `bbs_plus`
--> /Users/me/ws/OLABS/github-docknetwork-crypto-NEW-f5b61cd/bbs_plus/src/setup.rs:343:1
|
343 | impl_sig_params!(SignatureParamsG1, G1Affine, G1, G2Affine, G2);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: struct `bbs_plus::setup::SignatureParamsG1` is defined in crate `bbs_plus`
--> /Users/me/.cargo/registry/src/github.com-1ecc6299db9ec823/bbs_plus-0.11.0/src/setup.rs:343:1
|
343 | impl_sig_params!(SignatureParamsG1, G1Affine, G1, G2Affine, G2);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: perhaps two different versions of crate `bbs_plus` are being used?
This might be related to a cargo
issue: rust-lang/cargo#11490
Note, the top-level Cargo.lock
file does have two versions of bbs_plus
in it:
name = "bbs_plus"
version = "0.11.0"
dependencies = [
"ark-bls12-381",
"ark-ec 0.4.1",
"ark-ff 0.4.1",
"ark-serialize 0.4.1",
"ark-std 0.4.0",
"blake2",
"digest 0.10.6",
"dock_crypto_utils 0.9.0",
"rayon",
"rmp-serde",
"schnorr_pok 0.9.0",
"serde",
"serde_json",
"serde_with",
"zeroize",
]
[[package]]
name = "bbs_plus"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9007b7a0f5ce3fe4b22e3acbbd05d7fbb13e722cb6380254ed0ae3684764602"
dependencies = [
"ark-ec 0.4.1",
"ark-ff 0.4.1",
"ark-serialize 0.4.1",
"ark-std 0.4.0",
"digest 0.10.6",
"dock_crypto_utils 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rayon",
"schnorr_pok 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"serde",
"serde_with",
"zeroize",
]
I also note that some of the docknetwork/crypto
crate's Cargo.toml
include a path
to other crates in the repo while others do not.
For example: see proof_system
compared to bbs_plus
below.
The following output is editted and formatted for readability:
find . -type f -exec grep --color=auto -nH --null -e "version =" \{\} +
./compressed_sigma/Cargo.toml�17:dock_crypto_utils = { version = "0.9.0", default-features = false }
./test_utils/Cargo.toml�9:bbs_plus = { version = "0.11.0", default-features = false }
./test_utils/Cargo.toml�10:schnorr_pok = { version = "0.9.0", default-features = false }
./test_utils/Cargo.toml�11:vb_accumulator = { version = "0.12.0", default-features = false }
./test_utils/Cargo.toml�18:proof_system = { version = "0.18.0", default-features = false, path = "../proof_system" }
./saver/Cargo.toml�20:dock_crypto_utils = { version = "0.9.0", default-features = false }
./proof_system/Cargo.toml�21:bbs_plus = { version = "0.11.0", default-features = false }
./proof_system/Cargo.toml�22:schnorr_pok = { version = "0.9.0", default-features = false }
./proof_system/Cargo.toml�23:vb_accumulator = { version = "0.12.0", default-features = false }
./proof_system/Cargo.toml�24:dock_crypto_utils = { version = "0.9.0", default-features = false }
./proof_system/Cargo.toml�25:saver = { version = "0.9.0", default-features = false }
./delegatable_credentials/Cargo.toml�20:dock_crypto_utils = { version = "0.9.0", default-features = false }
./delegatable_credentials/Cargo.toml�23:schnorr_pok = { version = "0.9.0", default-features = false }
./schnorr_pok/Cargo.toml�21:dock_crypto_utils = { version = "0.9.0", default-features = false, path = "../utils" }
./vb_accumulator/Cargo.toml�25:schnorr_pok = { version = "0.9.0", default-features = false, path = "../schnorr_pok" }
./vb_accumulator/Cargo.toml�26:dock_crypto_utils = { version = "0.9.0", default-features = false, path = "../utils" }
./benches/Cargo.toml�9:bbs_plus = { version = "0.11.0", default-features = false, path = "../bbs_plus" }
./benches/Cargo.toml�10:schnorr_pok = { version = "0.9.0", default-features = false, path = "../schnorr_pok" }
./benches/Cargo.toml�11:vb_accumulator = { version = "0.12.0", default-features = false, path = "../vb_accumulator" }
./benches/Cargo.toml�12:test_utils = { version = "0.1.0", default-features = false, path = "../test_utils" }
./secret_sharing_and_dkg/Cargo.toml�21:dock_crypto_utils = { version = "0.9.0", default-features = false }
./secret_sharing_and_dkg/Cargo.toml�22:schnorr_pok = { version = "0.9.0", default-features = false }
./bbs_plus/Cargo.toml�21:schnorr_pok = { version = "0.9.0", default-features = false, path = "../schnorr_pok" }
./bbs_plus/Cargo.toml�22:dock_crypto_utils = { version = "0.9.0", default-features = false, path = "../utils" }
One last thing. `saver/Cargo.toml' seems to indicate the need for paths:
./saver/Cargo.toml�33:#proof_system = { path = "../proof_system" }
./saver/Cargo.toml�34:#bbs_plus = { path = "../bbs_plus" }
Bottom line: the rust compiler can't tell the difference between what is in the local registry and what is available via path
.
I am assuming that is my problem, but maybe not.
Thank you,
H
> cargo --version
cargo 1.67.1 (8ecd4f20a 2023-01-10)
> rustc --version
rustc 1.67.1 (d5a82bbd2 2023-02-07)
Hi I'm 0xvon. I'd like to compare some algorithms for blind signatures and its SPKs.
That library especially seems to be so helpful for the performance analysis. However, I failed running ps_proof benchmark due to an error.
When I run the benchmark of ps signature's SPK whis that command:
cargo bench --bench=ps_proof
The error causes with that message.
...
Creating proof for Proof-of-knowledge of signature and corresponding multi-message of size 4/Reveali... #4
time: [6.5353 ms 6.6979 ms 6.8960 ms]
change: [-3.8391% +0.2687% +4.7065%] (p = 0.89 > 0.05)
No change in performance detected.
Found 12 outliers among 100 measurements (12.00%)
1 (1.00%) high mild
11 (11.00%) high severe
thread 'main' panicked at benches/benches/ps_proof.rs:150:14:
called `Result::unwrap()` on an `Err` value: MessageInputError(NoMessagesProvided)
stack backtrace:
0: _rust_begin_unwind
1: core::panicking::panic_fmt
2: core::result::unwrap_failed
3: ps_proof::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
error: bench failed, to rerun pass `-p benches --bench ps_proof`
I guess the function UnpackedBlindedMessages::new()
doesn't allow empty messages.
I propose two directions to fix this issue. Can you please give me some comments for it?
If you don't take time to fix that quickly, I can help.
Could a C interface be provide (like is done for Hyperledger Ursa)?
That would make it possible to use the crypto library from other languages.
Hi
There is a bug in disjoint_witness_equalities
, which results in not ensuring disjoint lists. The problem is that, when merging current
with an overlapping list here, this may introduce a transitive equality with a list that we've already skipped and not merged.
The result is that verify
fails, even though the given witnesses do meet all requirements.
A simple solution is to run the algorithm repeatedly until the number of lists does not change.
I'm not in a position to make a pull request, I'm afraid, but I can offer the following to aid with reproducing and testing a fix.
let input_eqs =
vec![
vec![(0, 1), (2, 0)],
vec![(0, 5), (1, 2)],
vec![(0, 5), (3, 0)],
vec![(1, 3), (5, 0)],
vec![(1, 2), (4, 0)],
];
let current_result =
vec![
vec![(0, 1), (2, 0)],
vec![(1, 3), (5, 0)],
vec![(0, 5), (1, 2), (4, 0)], // NOTE: (0,5) is in both of the last
vec![(0, 5), (3, 0)] // two, so these are not disjoint
];
let one_correct_result =
vec![
vec![(0, 1), (2, 0)],
vec![(0, 5), (1, 2), (3, 0), (4, 0)],
vec![(1, 3), (5, 0)]
];
// This passes
check!(input_eqs.clone(), current_result);
// This fails
check!(input_eqs, one_correct_result);
Hi 👋 I am still admiring your work!
I am wondering about the terminology of the witness
and its "implementation".
From the docs:
Witness - Private data that needs to be kept hidden from the verifier. This can be the messages/attributes that are not being disclosed, the signature itself, the accumulator member, accumulator witness. Every witness corresponds to some Statement.
So:
And, for two statements (e.g. for POKS and set membership), the witnesses are distinct objects in code, but "reference" the same value. This equality of the witnesses is what we prove with witnessEquality in the metaStatements.
I feel that the term witness
is used quite heterogeneously on the Web - and, FWIW, Rannenberg, Camenisch and Sabouri don't even mention that term in their work on Attribute-based Credentials for Trust.
I'd appreciate if you could clarify your understanding of the term witness
and how it relates to the composite proofs.
Cheers
Christoph
Hi @lovesh , thank you for reviewing my previous PR.
In this issue, let me report the benchmark result for BBS+ and PS signature.
After this, I'd like to discuss:
git clone [email protected]:docknetwork/crypto.git && cd crypto
cargo bench --bench=bbs_plus_signature
cargo bench --bench=bbs_plus_proof
cargo bench --bench=ps_signature
cargo bench --bench=ps_proof
As the benchmark, I plotted these 4 metrics with changing the number of messages(attributes) for the statement.
I'll show 2 table and 4 graphs to compare the performance.
*the first row's label means num of messages(attributes)
*the unit is ms
2 | 4 | 8 | 15 | 20 | 30 | 40 | 60 | ||
---|---|---|---|---|---|---|---|---|---|
BBS+ GenSig[ms] | $1 | 0.62183 | 0.64961 | 0.71722 | 0.827 | 0.90691 | 1.045 | 1.1586 | 1.3416 |
$2 | 1.7734 | 1.8958 | 2.0983 | 2.4408 | 2.6355 | 2.9816 | 3.4678 | 3.9194 | |
ave. | 1.197615 | 1.272705 | 1.40776 | 1.6339 | 1.771205 | 2.0133 | 2.3132 | 2.6305 | |
BBS+ VerSig[ms] | $1 | 2.7016 | 2.6374 | 2.7036 | 2.8611 | 2.9737 | 3.0657 | 3.1599 | 3.3106 |
$2 | 3.2652 | 3.4031 | 3.6543 | 3.8949 | 4.0533 | 4.436 | 4.9669 | 5.4332 | |
ave. | 2.9834 | 3.02025 | 3.17895 | 3.378 | 3.5135 | 3.75085 | 4.0634 | 4.3719 | |
BBS+ GenProof[ms] | $1 | 2.0099 | 2.1014 | 2.8049 | 2.2209 | 2.7935 | 2.9676 | 3.2108 | 3.5762 |
$2 | 1.96 | 2.067 | 2.8871 | 2.5812 | 2.735 | 2.9154 | 3.2154 | 3.6223 | |
$3 | 2.0406 | 2.5583 | 2.5471 | 2.7057 | 2.8124 | 3.046 | 3.5096 | ||
$4 | 2.0601 | 2.3759 | 2.4619 | 2.6178 | 2.6977 | 2.9467 | 3.2454 | ||
$5 | 2.361 | 2.4378 | 2.4847 | 2.6728 | 2.806 | ||||
max. | 2.0099 | 2.1014 | 2.8871 | 2.5812 | 2.7935 | 2.9676 | 3.2154 | 3.6223 | |
BBS+ VerProof[ms] | $1 | 3.5296 | 3.6233 | 3.7149 | 3.7544 | 3.8783 | 3.9414 | 4.0455 | 4.27 |
$2 | 3.5781 | 3.624 | 3.6392 | 3.7953 | 3.8829 | 3.9481 | 4.1603 | 4.3722 | |
$3 | 3.6087 | 3.6367 | 3.8269 | 3.8823 | 4.007 | 4.2378 | 4.4628 | ||
$4 | 3.5764 | 3.685 | 3.843 | 3.8835 | 4.0056 | 4.2087 | 4.593 | ||
$5 | 3.7057 | 3.8491 | 3.8423 | 3.9704 | 4.182 | 4.3449 | |||
max. | 3.5781 | 3.624 | 3.7149 | 3.8491 | 3.8835 | 4.007 | 4.2378 | 4.593 |
2 | 4 | 8 | 15 | 20 | 30 | 40 | 60 | ||
---|---|---|---|---|---|---|---|---|---|
PS GenSig[ms] | $1 | 0.51308 | 0.53232 | 0.56112 | 0.5592 | 0.56739 | 0.55512 | 0.57305 | 0.56861 |
$2 | 0.51673 | 0.54085 | 0.5582 | 0.56925 | 0.56855 | 0.5598 | 0.56941 | 0.56456 | |
ave. | 0.514905 | 0.536585 | 0.55966 | 0.564225 | 0.56797 | 0.55746 | 0.57123 | 0.566585 | |
PS VerSig[ms] | $1 | 7.7095 | 7.7969 | 8.3695 | 9.0656 | 9.3218 | 10.162 | 10.586 | 12.122 |
$2 | 7.3306 | 7.9236 | 7.9625 | 8.6113 | 9.0243 | 9.8657 | 10.314 | 11.564 | |
ave. | 7.52005 | 7.86025 | 8.166 | 8.83845 | 9.17305 | 10.01385 | 10.45 | 11.843 | |
PS GenProof[ms] | $1 | 5.9315 | 6.1475 | 6.6131 | 7.9361 | 8.0812 | 9.3107 | 10.846 | 12.102 |
$2 | 5.7042 | 5.8307 | 6.5255 | 7.3908 | 8.0245 | 9.1593 | 10.259 | 11.957 | |
$3 | 5.7572 | 6.4059 | 7.225 | 7.7813 | 8.7491 | 9.765 | 11.255 | ||
$4 | 5.419 | 6.2343 | 6.9428 | 7.3541 | 8.1313 | 8.5433 | 9.9965 | ||
$5 | 5.6496 | 6.0622 | 6.2131 | 6.6925 | 6.622 | 7.3308 | |||
max. | 5.9315 | 6.1475 | 6.6131 | 7.9361 | 8.0812 | 9.3107 | 10.846 | 12.102 | |
PS VerProof[ms] | $1 | 7.2431 | 7.4569 | 7.8751 | 8.3666 | 9.3701 | 9.656 | 10.866 | 12.167 |
$2 | 7.327 | 7.5439 | 8.0123 | 8.4641 | 9.2729 | 9.6978 | 11.127 | 12.12 | |
$3 | 7.4569 | 7.5204 | 7.9836 | 8.5934 | 8.9852 | 9.8368 | 11.128 | 12.588 | |
$4 | 7.6356 | 8.0263 | 8.6903 | 9.0409 | 9.9549 | 11 | 12.433 | ||
$5 | 7.9485 | 9.2128 | 9.0994 | 10.027 | 10.877 | 12.275 | |||
max. | 7.4569 | 7.6356 | 8.0263 | 9.2128 | 9.3701 | 10.027 | 11.128 | 12.588 |
And these graphs reflects the table.
The result tells them:
I'll also provide a theoretical computation cost for each algorithm.
*L: message length, d: open length, d’: hidden length, R: generate random, E: exponation, P: pairing
*(XX) means time for message which has 30 attributes
GenKey | GenSig | VerSig | GenProof | VerProof | |
---|---|---|---|---|---|
BBS+ | (L+1)RG1+1EG1 | 2RZp+(L+2)EG1(2.01ms) | (L+1)EG1 + 1EG2+2P(3.75ms) | 2RZp+(d’+8)EG1+1EG2(2.96ms) | (L+3)EG1+2P(4.01ms) |
PS | (L+1)RG1+(L+1)EG2 | 1RG1+1EG1(0.557ms) | LEG2+2P(10.01ms) | (d’+3)RZp+3EG1+(2d’+2)EG2(9.31ms) | (L+1)EG2+2P(10.03ms) |
In my opinion:
If you read SoftSpokenOT: Communication--Computation Tradeoffs in OT Extension, we learn the KOS is deprecated. Softspoken OT is considered more secure and requires one less back and forth.
Hi! 👋
Thank you for your great work! (Especially all the comments in the code!)
I was looking at how the composite proof system works, especially focusing on BBS+ with LegoGroth16.
From [1] I gather that everything is kinda glued together via Schnorr. Is there a formal description on how this works? I am really curious about this...
I recently looked into combining BBS+ and Bulletproofs (with Hyperledger Ursa) but got stuck at exactly that point...
Could not think of how to prove the usage of the witness from the BBS+ in the range proof (...still learning...).
As a side question: Would there be anything blocking the combination of the two from the get-go or could one "plug in" Bulletproofs (to avoid the trusted setup) using the same approach to composite proofs (i.e. adding to this repo)?
Cheers
Christoph
We check if witnesses.len() > j
, but j < witnesses.len()
by definition so this is trivially true.
The shamir methods fail running the following tests
#[test]
#[should_panic]
fn invalid_case() {
let mut rng = StdRng::seed_from_u64(0u64);
// Shouldn't allow sharing threshold of 1 but succeeds
let (secret, shares, poly) = deal_random_secret::<_, Fr>(&mut rng, 1, 1).unwrap();
assert_eq!(shares.0.len(), 1);
assert_eq!(secret, shares.0[0].share);
assert_eq!(poly.degree(), 0);
}
#[test]
fn invalid_recombine_dup_id() {
let mut rng = StdRng::seed_from_u64(0u64);
let (secret, mut shares, poly) = deal_random_secret::<_, Fr>(&mut rng, 3, 3).unwrap();
shares.0[1].id = 1;
// Should fail because of duplicate share id. Duplicate share id's result in lagrange divide by zero
assert!(shares.reconstruct_secret().is_err());
let secret1 = shares.reconstruct_secret().unwrap();
assert_eq!(secret, secret1);
}
#[test]
fn invalid_recombine_zero_id() {
let mut rng = StdRng::seed_from_u64(0u64);
let (secret, mut shares, poly) = deal_random_secret::<_, Fr>(&mut rng, 2, 3).unwrap();
shares.0[0].id = 0;
// Should fail because of zero share id. Zero id results in lagrange multiply by zero
// which nullifies the share
// assert!(shares.reconstruct_secret().is_err());
let secret1 = shares.reconstruct_secret().unwrap();
// shouldn't happen
assert_eq!(secret1, shares.0[0].share * lagrange_basis_at_0::<Fr>(&[0, 2], 0));
}
I am new to zero-knowledge proofs and would like to ask how the contents of the delegatable_credentials/ directory can be combined with BBS+signatures. Can a BBS+ signature be a delegatable credential?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.