SyRa

Signed-off-by: lovesh <[email protected]>
docknetwork · Jul 21, 2024 · ed791bb · ed791bb
1 parent 33181f5
commit ed791bb
Show file tree

Hide file tree

Showing 14 changed files with 953 additions and 39 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,7 +19,8 @@ members = [
     "merlin",
     "bulletproofs_plus_plus",
     "smc_range_proof",
-    "short_group_sig"
+    "short_group_sig",
+    "syra"
 ]
 resolver = "2"
 
@@ -58,4 +59,4 @@ inherits = "release"
 # https://doc.rust-lang.org/rustc/linker-plugin-lto.html
 lto = "fat"
 # https://doc.rust-lang.org/rustc/codegen-options/index.html#codegen-units
-codegen-units = 1
+codegen-units = 1
diff --git a/delegatable_credentials/src/protego/show/known_signer.rs b/delegatable_credentials/src/protego/show/known_signer.rs
@@ -379,10 +379,10 @@ impl<E: Pairing> CredentialShowProtocol<E> {
         if let Some(ct) = &self.ct {
             P1.serialize_compressed(&mut writer)?;
             apk.unwrap().serialize_compressed(&mut writer)?;
-            ct.ct.enc1.serialize_compressed(&mut writer)?;
+            ct.ct.encrypted.serialize_compressed(&mut writer)?;
             ct.com1.serialize_compressed(&mut writer)?;
             ct.ciphertext_rand_protocol
-                .challenge_contribution(P1, &ct.ct.enc2, &mut writer)?;
+                .challenge_contribution(P1, &ct.ct.eph_pk, &mut writer)?;
         }
         Ok(())
     }
@@ -603,7 +603,7 @@ impl<E: Pairing> CredentialShow<E> {
                 if P1
                     .mul(ct_proof.z1)
                     .add(&apk.0.mul(ct_proof.ciphertext_rand_proof.response))
-                    .sub(ct.enc1.mul_bigint(challenge.into_bigint()))
+                    .sub(ct.encrypted.mul_bigint(challenge.into_bigint()))
                     .into_affine()
                     != ct_proof.com1
                 {
@@ -612,7 +612,7 @@ impl<E: Pairing> CredentialShow<E> {
 
                 if !ct_proof
                     .ciphertext_rand_proof
-                    .verify(&ct.enc2, P1, challenge)
+                    .verify(&ct.eph_pk, P1, challenge)
                 {
                     return Err(DelegationError::InvalidAuditShow);
                 }
@@ -622,15 +622,15 @@ impl<E: Pairing> CredentialShow<E> {
                 let t3_prep = E::G2Prepared::from(ct_proof.t3);
 
                 if !E::multi_pairing(
-                    [ct.enc2, (-P1.into_group()).into_affine()],
+                    [ct.eph_pk, (-P1.into_group()).into_affine()],
                     [t1_prep.clone(), t3_prep.clone()],
                 )
                 .is_zero()
                 {
                     return Err(DelegationError::InvalidAuditShow);
                 }
                 if !E::multi_pairing(
-                    [ct.enc2, (-self.core.C3.into_group()).into_affine()],
+                    [ct.eph_pk, (-self.core.C3.into_group()).into_affine()],
                     [t2_prep.clone(), t3_prep.clone()],
                 )
                 .is_zero()
@@ -639,7 +639,7 @@ impl<E: Pairing> CredentialShow<E> {
                 }
                 if !E::multi_pairing(
                     [
-                        (-ct.enc1.into_group()).into_affine(),
+                        (-ct.encrypted.into_group()).into_affine(),
                         ct_proof.C6,
                         ct_proof.C7,
                     ],

diff --git a/schnorr_pok/src/discrete_log_pairing.rs b/schnorr_pok/src/discrete_log_pairing.rs
@@ -132,10 +132,10 @@ macro_rules! impl_protocol {
 
 impl_protocol!(
     /// Protocol for proving knowledge of discrete log in group G1, i.e. given public `Y` and `B`, prove knowledge of `A` in `e(A, B) = Y`
-    PokG1DiscreteLogInPairingProtocol, PokG1DiscreteLogInPairing, E::G1Affine, E::G2Affine, E::G2Prepared, pair_g2_g1
+    PoKG1DiscreteLogInPairingProtocol, PoKG1DiscreteLogInPairing, E::G1Affine, E::G2Affine, E::G2Prepared, pair_g2_g1
 );
 
-impl<E: Pairing> PokG1DiscreteLogInPairing<E> {
+impl<E: Pairing> PoKG1DiscreteLogInPairing<E> {
     pub fn verify_with_randomized_pairing_checker(
         &self,
         y: &PairingOutput<E>,
@@ -149,10 +149,10 @@ impl<E: Pairing> PokG1DiscreteLogInPairing<E> {
 
 impl_protocol!(
     /// Protocol for proving knowledge of discrete log in group G2, i.e. given public `Y` and `A`, prove knowledge of `B` in `e(A, B) = Y`
-    PokG2DiscreteLogInPairingProtocol, PokG2DiscreteLogInPairing, E::G2Affine, E::G1Affine, E::G1Prepared, pair_g1_g2
+    PoKG2DiscreteLogInPairingProtocol, PoKG2DiscreteLogInPairing, E::G2Affine, E::G1Affine, E::G1Prepared, pair_g1_g2
 );
 
-impl<E: Pairing> PokG2DiscreteLogInPairing<E> {
+impl<E: Pairing> PoKG2DiscreteLogInPairing<E> {
     pub fn verify_with_randomized_pairing_checker(
         &self,
         y: &PairingOutput<E>,
@@ -261,16 +261,16 @@ mod tests {
         }
 
         check!(
-            PokG1DiscreteLogInPairingProtocol,
-            PokG1DiscreteLogInPairing,
+            PoKG1DiscreteLogInPairingProtocol,
+            PoKG1DiscreteLogInPairing,
             G1Affine,
             G2Affine,
             G2Prepared,
             pair_g2_g1
         );
         check!(
-            PokG2DiscreteLogInPairingProtocol,
-            PokG2DiscreteLogInPairing,
+            PoKG2DiscreteLogInPairingProtocol,
+            PoKG2DiscreteLogInPairing,
             G2Affine,
             G1Affine,
             G1Prepared,

diff --git a/secret_sharing_and_dkg/src/distributed_dlog_check/maliciously_secure.rs b/secret_sharing_and_dkg/src/distributed_dlog_check/maliciously_secure.rs
@@ -22,8 +22,8 @@ use dock_crypto_utils::{
 use schnorr_pok::{
     compute_random_oracle_challenge,
     discrete_log_pairing::{
-        PokG1DiscreteLogInPairing, PokG1DiscreteLogInPairingProtocol, PokG2DiscreteLogInPairing,
-        PokG2DiscreteLogInPairingProtocol,
+        PoKG1DiscreteLogInPairing, PoKG1DiscreteLogInPairingProtocol, PoKG2DiscreteLogInPairing,
+        PoKG2DiscreteLogInPairingProtocol,
     },
 };
 use serde::{Deserialize, Serialize};
@@ -372,8 +372,8 @@ impl_protocol!(
     ComputationShareG1,
     ComputationShareG1Proof,
     deal_secret_in_g1,
-    PokG1DiscreteLogInPairingProtocol,
-    PokG1DiscreteLogInPairing,
+    PoKG1DiscreteLogInPairingProtocol,
+    PoKG1DiscreteLogInPairing,
     G1Af<E>,
     G2Af<E>,
     pair_g2_g1
@@ -386,8 +386,8 @@ impl_protocol!(
     ComputationShareG2,
     ComputationShareG2Proof,
     deal_secret_in_g2,
-    PokG2DiscreteLogInPairingProtocol,
-    PokG2DiscreteLogInPairing,
+    PoKG2DiscreteLogInPairingProtocol,
+    PoKG2DiscreteLogInPairing,
     G2Af<E>,
     G1Af<E>,
     pair_g1_g2

diff --git a/syra/Cargo.toml b/syra/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "syra"
+version = "0.1.0"
+edition.workspace = true
+authors.workspace = true
+license.workspace = true
+repository.workspace = true
+description = "SyRA: Sybil-Resilient Anonymous Signatures with Applications to Decentralized Identity"
+
+[dependencies]
+ark-serialize.workspace = true
+ark-ff.workspace = true
+ark-ec.workspace = true
+ark-std.workspace = true
+digest.workspace = true
+rayon = {workspace = true, optional = true}
+serde.workspace = true
+serde_with.workspace = true
+zeroize.workspace = true
+dock_crypto_utils = { version = "0.20.0", default-features = false, path = "../utils" }
+schnorr_pok = { version = "0.20.0", default-features = false, path = "../schnorr_pok" }
+
+[dev-dependencies]
+blake2.workspace = true
+ark-bls12-381.workspace = true
+
+[features]
+default = [ "parallel" ]
+std = [ "ark-ff/std", "ark-ec/std", "ark-std/std", "ark-serialize/std", "dock_crypto_utils/std", "schnorr_pok/std", "serde/std"]
+print-trace = [ "ark-std/print-trace", "dock_crypto_utils/print-trace" ]
+parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "ark-std/parallel", "rayon", "dock_crypto_utils/parallel", "schnorr_pok/parallel" ]
diff --git a/syra/README.md b/syra/README.md
@@ -0,0 +1,7 @@
+<!-- cargo-rdme start -->
+
+Implements the protocol from the paper [SyRA: Sybil-Resilient Anonymous Signatures with Applications to Decentralized Identity](https://eprint.iacr.org/2024/379)
+
+This will be used to generate pseudonym for low-entropy user attributes. The issuer will create "signature" for a unique user attribute and user uses this "signature" to create the pseudonym.
+
+<!-- cargo-rdme end -->
diff --git a/syra/src/error.rs b/syra/src/error.rs
@@ -0,0 +1,13 @@
+use ark_serialize::SerializationError;
+
+#[derive(Debug)]
+pub enum SyraError {
+    InvalidProof,
+    Serialization(SerializationError),
+}
+
+impl From<SerializationError> for SyraError {
+    fn from(e: SerializationError) -> Self {
+        Self::Serialization(e)
+    }
+}
diff --git a/syra/src/lib.rs b/syra/src/lib.rs
@@ -0,0 +1,11 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![allow(non_snake_case)]
+
+//! Implements the protocol from the paper [SyRA: Sybil-Resilient Anonymous Signatures with Applications to Decentralized Identity](https://eprint.iacr.org/2024/379)
+//!
+//! This will be used to generate pseudonym for low-entropy user attributes. The issuer will create "signature" for a unique user attribute and user uses this "signature" to create the pseudonym.
+
+mod error;
+pub mod pseudonym;
+pub mod setup;
+pub mod vrf;