Refactor KB universal accum

Signed-off-by: lovesh <[email protected]>
docknetwork · Mar 25, 2024 · 42f9bba · 42f9bba
1 parent f69877e
commit 42f9bba
Show file tree

Hide file tree

Showing 17 changed files with 826 additions and 226 deletions.
diff --git a/proof_system/Cargo.toml b/proof_system/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "proof_system"
-version = "0.25.0"
+version = "0.26.0"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -29,7 +29,7 @@ aead = {version = "0.5.2", default-features = false, features = [ "alloc" ]}
 chacha20poly1305 = {version = "0.10.1", default-features = false}
 bbs_plus = { version = "0.19.0", default-features = false, path = "../bbs_plus" }
 schnorr_pok = { version = "0.17.0", default-features = false, path = "../schnorr_pok" }
-vb_accumulator = { version = "0.20.0", default-features = false, path = "../vb_accumulator" }
+vb_accumulator = { version = "0.21.0", default-features = false, path = "../vb_accumulator" }
 dock_crypto_utils = { version = "0.17.0", default-features = false, path = "../utils" }
 saver = { version = "0.15.0", default-features = false, path = "../saver" }
 coconut-crypto = { version = "0.8.0", default-features = false, path = "../coconut" }

diff --git a/proof_system/src/prover.rs b/proof_system/src/prover.rs
@@ -38,7 +38,11 @@ use crate::{
                 DetachedAccumulatorMembershipSubProtocol,
                 DetachedAccumulatorNonMembershipSubProtocol,
             },
-            keyed_verification::VBAccumulatorMembershipKVSubProtocol,
+            keyed_verification::{
+                KBUniversalAccumulatorMembershipKVSubProtocol,
+                KBUniversalAccumulatorNonMembershipKVSubProtocol,
+                VBAccumulatorMembershipKVSubProtocol,
+            },
             KBPositiveAccumulatorMembershipSubProtocol,
             KBUniversalAccumulatorMembershipSubProtocol,
             KBUniversalAccumulatorNonMembershipSubProtocol, VBAccumulatorMembershipSubProtocol,
@@ -227,6 +231,17 @@ impl<E: Pairing> Proof<E> {
             }};
         }
 
+        macro_rules! accum_kv_protocol_init {
+            ($s: ident, $s_idx: ident, $w: ident, $protocol: ident, $protocol_variant: ident, $label: ident) => {{
+                let blinding = blindings.remove(&($s_idx, 0));
+                let mut sp = $protocol::new($s_idx, $s.accumulator_value);
+                sp.init(rng, blinding, $w)?;
+                transcript.set_label($label);
+                sp.challenge_contribution(&mut transcript)?;
+                sub_protocols.push(SubProtocol::$protocol_variant(sp));
+            }};
+        }
+
         fn build_blindings_map<E: Pairing>(
             blindings: &mut BTreeMap<WitnessRef, E::ScalarField>,
             s_idx: usize,
@@ -694,13 +709,40 @@ impl<E: Pairing> Proof<E> {
                 },
                 Statement::VBAccumulatorMembershipKV(s) => match witness {
                     Witness::VBAccumulatorMembership(w) => {
-                        let blinding = blindings.remove(&(s_idx, 0));
-                        let mut sp =
-                            VBAccumulatorMembershipKVSubProtocol::new(s_idx, s.accumulator_value);
-                        sp.init(rng, blinding, w)?;
-                        transcript.set_label(VB_ACCUM_MEM_LABEL);
-                        sp.challenge_contribution(&mut transcript)?;
-                        sub_protocols.push(SubProtocol::VBAccumulatorMembershipKV(sp));
+                        accum_kv_protocol_init!(
+                            s,
+                            s_idx,
+                            w,
+                            VBAccumulatorMembershipKVSubProtocol,
+                            VBAccumulatorMembershipKV,
+                            VB_ACCUM_MEM_LABEL
+                        );
+                    }
+                    _ => err_incompat_witness!(s_idx, s, witness),
+                },
+                Statement::KBUniversalAccumulatorMembershipKV(s) => match witness {
+                    Witness::KBUniAccumulatorMembership(w) => {
+                        accum_kv_protocol_init!(
+                            s,
+                            s_idx,
+                            w,
+                            KBUniversalAccumulatorMembershipKVSubProtocol,
+                            KBUniversalAccumulatorMembershipKV,
+                            KB_UNI_ACCUM_MEM_LABEL
+                        );
+                    }
+                    _ => err_incompat_witness!(s_idx, s, witness),
+                },
+                Statement::KBUniversalAccumulatorNonMembershipKV(s) => match witness {
+                    Witness::KBUniAccumulatorNonMembership(w) => {
+                        accum_kv_protocol_init!(
+                            s,
+                            s_idx,
+                            w,
+                            KBUniversalAccumulatorNonMembershipKVSubProtocol,
+                            KBUniversalAccumulatorNonMembershipKV,
+                            KB_UNI_ACCUM_NON_MEM_LABEL
+                        );
                     }
                     _ => err_incompat_witness!(s_idx, s, witness),
                 },
@@ -787,6 +829,12 @@ impl<E: Pairing> Proof<E> {
                 SubProtocol::VBAccumulatorMembershipKV(mut sp) => {
                     sp.gen_proof_contribution(&challenge)?
                 }
+                SubProtocol::KBUniversalAccumulatorMembershipKV(mut sp) => {
+                    sp.gen_proof_contribution(&challenge)?
+                }
+                SubProtocol::KBUniversalAccumulatorNonMembershipKV(mut sp) => {
+                    sp.gen_proof_contribution(&challenge)?
+                }
             });
         }
 
@@ -888,7 +936,7 @@ impl<E: Pairing> Proof<E> {
         &self.statement_proofs
     }
 
-    /// Hash bytes to a field element. This is vulnerable to timing attack and is only used input
+    /// Hash bytes to a field element. This is vulnerable to timing attack and is only used when input
     /// is public anyway like when generating setup parameters or challenge
     pub fn generate_challenge_from_bytes<D: Digest>(bytes: &[u8]) -> E::ScalarField {
         field_elem_from_try_and_incr::<E::ScalarField, D>(bytes)

diff --git a/proof_system/src/statement/accumulator/keyed_verification.rs b/proof_system/src/statement/accumulator/keyed_verification.rs
@@ -7,41 +7,81 @@ use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 use vb_accumulator::setup::SecretKey;
 
-#[serde_as]
-#[derive(
-    Clone, Debug, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize, Serialize, Deserialize,
-)]
-#[serde(bound = "")]
-pub struct VBAccumulatorMembershipKV<G: AffineRepr> {
-    #[serde_as(as = "ArkObjectBytes")]
-    pub accumulator_value: G,
-}
+macro_rules! impl_struct_and_funcs {
+    ($(#[$doc:meta])*
+    $name:ident, $name_full_verifier: ident, $stmt_variant: ident, $stmt_full_verifier_variant: ident) => {
+        #[serde_as]
+        #[derive(
+            Clone,
+            Debug,
+            PartialEq,
+            Eq,
+            CanonicalSerialize,
+            CanonicalDeserialize,
+            Serialize,
+            Deserialize,
+        )]
+        #[serde(bound = "")]
+        pub struct $name<G: AffineRepr> {
+            #[serde_as(as = "ArkObjectBytes")]
+            pub accumulator_value: G,
+        }
 
-#[serde_as]
-#[derive(
-    Clone, Debug, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize, Serialize, Deserialize,
-)]
-#[serde(bound = "")]
-pub struct VBAccumulatorMembershipKVFullVerifier<G: AffineRepr> {
-    #[serde_as(as = "ArkObjectBytes")]
-    pub accumulator_value: G,
-    pub secret_key: SecretKey<G::ScalarField>,
-}
+        #[serde_as]
+        #[derive(
+            Clone,
+            Debug,
+            PartialEq,
+            Eq,
+            CanonicalSerialize,
+            CanonicalDeserialize,
+            Serialize,
+            Deserialize,
+        )]
+        #[serde(bound = "")]
+        pub struct $name_full_verifier<G: AffineRepr> {
+            #[serde_as(as = "ArkObjectBytes")]
+            pub accumulator_value: G,
+            pub secret_key: SecretKey<G::ScalarField>,
+        }
 
-impl<G: AffineRepr> VBAccumulatorMembershipKV<G> {
-    pub fn new<E: Pairing<G1Affine = G>>(accumulator_value: G) -> Statement<E> {
-        Statement::VBAccumulatorMembershipKV(Self { accumulator_value })
-    }
-}
+        impl<G: AffineRepr> $name<G> {
+            pub fn new<E: Pairing<G1Affine = G>>(accumulator_value: G) -> Statement<E> {
+                Statement::$stmt_variant(Self { accumulator_value })
+            }
+        }
 
-impl<G: AffineRepr> VBAccumulatorMembershipKVFullVerifier<G> {
-    pub fn new<E: Pairing<G1Affine = G>>(
-        accumulator_value: G,
-        secret_key: SecretKey<G::ScalarField>,
-    ) -> Statement<E> {
-        Statement::VBAccumulatorMembershipKVFullVerifier(Self {
-            accumulator_value,
-            secret_key,
-        })
-    }
+        impl<G: AffineRepr> $name_full_verifier<G> {
+            pub fn new<E: Pairing<G1Affine = G>>(
+                accumulator_value: G,
+                secret_key: SecretKey<G::ScalarField>,
+            ) -> Statement<E> {
+                Statement::$stmt_full_verifier_variant(Self {
+                    accumulator_value,
+                    secret_key,
+                })
+            }
+        }
+    };
 }
+
+impl_struct_and_funcs!(
+    VBAccumulatorMembershipKV,
+    VBAccumulatorMembershipKVFullVerifier,
+    VBAccumulatorMembershipKV,
+    VBAccumulatorMembershipKVFullVerifier
+);
+
+impl_struct_and_funcs!(
+    KBUniversalAccumulatorMembershipKV,
+    KBUniversalAccumulatorMembershipKVFullVerifier,
+    KBUniversalAccumulatorMembershipKV,
+    KBUniversalAccumulatorMembershipKVFullVerifier
+);
+
+impl_struct_and_funcs!(
+    KBUniversalAccumulatorNonMembershipKV,
+    KBUniversalAccumulatorNonMembershipKVFullVerifier,
+    KBUniversalAccumulatorNonMembershipKV,
+    KBUniversalAccumulatorNonMembershipKVFullVerifier
+);
diff --git a/proof_system/src/statement/mod.rs b/proof_system/src/statement/mod.rs
@@ -105,6 +105,26 @@ pub enum Statement<E: Pairing> {
     VBAccumulatorMembershipKVFullVerifier(
         accumulator::keyed_verification::VBAccumulatorMembershipKVFullVerifier<E::G1Affine>,
     ),
+    /// For proof of membership in KB universal accumulator in keyed verification model.
+    KBUniversalAccumulatorMembershipKV(
+        accumulator::keyed_verification::KBUniversalAccumulatorMembershipKV<E::G1Affine>,
+    ),
+    /// Statement used by verifier for proof of membership in KB universal when it knows the secret key
+    KBUniversalAccumulatorMembershipKVFullVerifier(
+        accumulator::keyed_verification::KBUniversalAccumulatorMembershipKVFullVerifier<
+            E::G1Affine,
+        >,
+    ),
+    /// For proof of non-membership in KB universal accumulator in keyed verification model.
+    KBUniversalAccumulatorNonMembershipKV(
+        accumulator::keyed_verification::KBUniversalAccumulatorNonMembershipKV<E::G1Affine>,
+    ),
+    /// Statement used by verifier for proof of non-membership in KB universal when it knows the secret key
+    KBUniversalAccumulatorNonMembershipKVFullVerifier(
+        accumulator::keyed_verification::KBUniversalAccumulatorNonMembershipKVFullVerifier<
+            E::G1Affine,
+        >,
+    ),
 }
 
 /// A collection of statements
@@ -176,7 +196,11 @@ macro_rules! delegate {
                 PoKBDDT16MACFullVerifier,
                 PedersenCommitmentG2,
                 VBAccumulatorMembershipKV,
-                VBAccumulatorMembershipKVFullVerifier
+                VBAccumulatorMembershipKVFullVerifier,
+                KBUniversalAccumulatorMembershipKV,
+                KBUniversalAccumulatorMembershipKVFullVerifier,
+                KBUniversalAccumulatorNonMembershipKV,
+                KBUniversalAccumulatorNonMembershipKVFullVerifier
             : $($tt)+
         }
     }}
@@ -225,7 +249,11 @@ macro_rules! delegate_reverse {
                 PoKBDDT16MACFullVerifier,
                 PedersenCommitmentG2,
                 VBAccumulatorMembershipKV,
-                VBAccumulatorMembershipKVFullVerifier
+                VBAccumulatorMembershipKVFullVerifier,
+                KBUniversalAccumulatorMembershipKV,
+                KBUniversalAccumulatorMembershipKVFullVerifier,
+                KBUniversalAccumulatorNonMembershipKV,
+                KBUniversalAccumulatorNonMembershipKVFullVerifier
             : $($tt)+
         }
 

diff --git a/proof_system/src/statement_proof.rs b/proof_system/src/statement_proof.rs
@@ -59,7 +59,9 @@ pub enum StatementProof<E: Pairing> {
     KBPositiveAccumulatorMembershipCDH(#[serde_as(as = "ArkObjectBytes")] KBPositiveAccumulatorMembershipProofCDH<E>),
     PoKOfBDDT16MAC(PoKOfMAC<E::G1Affine>),
     PedersenCommitmentG2(PedersenCommitmentProof<E::G2Affine>),
-    VBAccumulatorMembershipKV(vb_accumulator::proofs_keyed_verification::MembershipProof<E::G1Affine>)
+    VBAccumulatorMembershipKV(vb_accumulator::proofs_keyed_verification::MembershipProof<E::G1Affine>),
+    KBUniversalAccumulatorMembershipKV(vb_accumulator::kb_universal_accumulator::proofs_keyed_verification::KBUniversalAccumulatorMembershipProof<E::G1Affine>),
+    KBUniversalAccumulatorNonMembershipKV(vb_accumulator::kb_universal_accumulator::proofs_keyed_verification::KBUniversalAccumulatorNonMembershipProof<E::G1Affine>),
 
 }
 
@@ -95,7 +97,9 @@ macro_rules! delegate {
                 KBPositiveAccumulatorMembershipCDH,
                 PoKOfBDDT16MAC,
                 PedersenCommitmentG2,
-                VBAccumulatorMembershipKV
+                VBAccumulatorMembershipKV,
+                KBUniversalAccumulatorMembershipKV,
+                KBUniversalAccumulatorNonMembershipKV
             : $($tt)+
         }
     }};
@@ -133,7 +137,9 @@ macro_rules! delegate_reverse {
                 KBPositiveAccumulatorMembershipCDH,
                 PoKOfBDDT16MAC,
                 PedersenCommitmentG2,
-                VBAccumulatorMembershipKV
+                VBAccumulatorMembershipKV,
+                KBUniversalAccumulatorMembershipKV,
+                KBUniversalAccumulatorNonMembershipKV
             : $($tt)+
         }