mwixnet/src/secp.rs

219 lines
7.9 KiB
Rust
Raw Normal View History

2021-11-12 19:09:11 +03:00
pub use secp256k1zkp::{ContextFlag, Message, Secp256k1, Signature};
2022-02-11 04:33:35 +03:00
pub use secp256k1zkp::aggsig;
2021-11-12 19:09:11 +03:00
pub use secp256k1zkp::ecdh::SharedSecret;
pub use secp256k1zkp::pedersen::{Commitment, RangeProof};
2022-02-11 04:33:35 +03:00
pub use secp256k1zkp::key::{PublicKey, SecretKey, ZERO_KEY};
2021-11-12 19:09:11 +03:00
pub use secp256k1zkp::constants::{AGG_SIGNATURE_SIZE, COMPRESSED_PUBLIC_KEY_SIZE, MAX_PROOF_SIZE, PEDERSEN_COMMITMENT_SIZE, SECRET_KEY_SIZE};
2022-02-11 04:33:35 +03:00
use crate::error::{Error, ErrorKind, Result};
2021-11-12 19:09:11 +03:00
2022-02-11 04:33:35 +03:00
use blake2::blake2b::Blake2b;
use byteorder::{BigEndian, ByteOrder};
2022-04-27 06:13:44 +03:00
use grin_core::ser::{self, Readable, Reader, Writeable, Writer};
2022-02-11 04:33:35 +03:00
use secp256k1zkp::rand::thread_rng;
2021-11-12 19:09:11 +03:00
/// A generalized Schnorr signature with a pedersen commitment value & blinding factors as the keys
2022-02-11 04:33:35 +03:00
pub struct ComSignature {
2022-04-27 06:13:44 +03:00
pub_nonce: Commitment,
s: SecretKey,
t: SecretKey,
2022-02-11 04:33:35 +03:00
}
2021-11-12 19:09:11 +03:00
impl ComSignature {
2022-02-11 04:33:35 +03:00
pub fn new(pub_nonce: &Commitment, s: &SecretKey, t: &SecretKey) -> ComSignature {
ComSignature {
2022-04-27 06:13:44 +03:00
pub_nonce: pub_nonce.to_owned(),
s: s.to_owned(),
t: t.to_owned(),
2021-11-12 19:09:11 +03:00
}
}
#[allow(dead_code)]
2022-02-11 04:33:35 +03:00
pub fn sign(amount: u64, blind: &SecretKey, msg: &Vec<u8>) -> Result<ComSignature> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
let mut amt_bytes = [0; 32];
2022-04-27 06:13:44 +03:00
BigEndian::write_u64(&mut amt_bytes[24..32], amount);
2022-02-11 04:33:35 +03:00
let k_amt = SecretKey::from_slice(&secp, &amt_bytes)?;
let k_1 = SecretKey::new(&secp, &mut thread_rng());
let k_2 = SecretKey::new(&secp, &mut thread_rng());
let commitment = secp.commit(amount, blind.clone())?;
let nonce_commitment = secp.commit_blind(k_1.clone(), k_2.clone())?;
let e = ComSignature::calc_challenge(&secp, &commitment, &nonce_commitment, &msg)?;
// s = k_1 + (e * amount)
let mut s = k_amt.clone();
s.mul_assign(&secp, &e)?;
s.add_assign(&secp, &k_1)?;
// t = k_2 + (e * blind)
let mut t = blind.clone();
t.mul_assign(&secp, &e)?;
t.add_assign(&secp, &k_2)?;
Ok(ComSignature::new(&nonce_commitment, &s, &t))
2021-11-12 19:09:11 +03:00
}
2022-02-11 04:33:35 +03:00
#[allow(non_snake_case)]
pub fn verify(&self, commit: &Commitment, msg: &Vec<u8>) -> Result<()> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
let S1 = secp.commit_blind(self.s.clone(), self.t.clone())?;
let mut Ce = commit.to_pubkey(&secp)?;
let e = ComSignature::calc_challenge(&secp, &commit, &self.pub_nonce, &msg)?;
Ce.mul_assign(&secp, &e)?;
let commits = vec![Commitment::from_pubkey(&secp, &Ce)?, self.pub_nonce.clone()];
let S2 = secp.commit_sum(commits, Vec::new())?;
2022-04-27 06:13:44 +03:00
if S1 != S2 {
2022-02-11 04:33:35 +03:00
return Err(Error::new(ErrorKind::InvalidSigError));
}
2021-11-12 19:09:11 +03:00
Ok(())
}
2022-02-11 04:33:35 +03:00
fn calc_challenge(secp: &Secp256k1, commit: &Commitment, nonce_commit: &Commitment, msg: &Vec<u8>) -> Result<SecretKey> {
let mut challenge_hasher = Blake2b::new(32);
challenge_hasher.update(&commit.0);
challenge_hasher.update(&nonce_commit.0);
challenge_hasher.update(msg);
let mut challenge = [0; 32];
challenge.copy_from_slice(challenge_hasher.finalize().as_bytes());
Ok(SecretKey::from_slice(&secp, &challenge)?)
2021-11-12 19:09:11 +03:00
}
}
/// Serializes a ComSignature to and from hex
pub mod comsig_serde {
use super::ComSignature;
2022-04-27 06:13:44 +03:00
use grin_core::ser::{self, ProtocolVersion};
2021-11-12 19:09:11 +03:00
use serde::{Deserialize, Serializer};
use grin_util::ToHex;
/// Serializes a ComSignature as a hex string
pub fn serialize<S>(comsig: &ComSignature, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
2022-02-11 04:33:35 +03:00
use serde::ser::Error;
2022-04-27 06:13:44 +03:00
let bytes = ser::ser_vec(&comsig, ProtocolVersion::local()).map_err(Error::custom)?;
2022-02-11 04:33:35 +03:00
serializer.serialize_str(&bytes.to_hex())
2021-11-12 19:09:11 +03:00
}
/// Creates a ComSignature from a hex string
pub fn deserialize<'de, D>(deserializer: D) -> std::result::Result<ComSignature, D::Error>
where
D: serde::Deserializer<'de>,
{
use serde::de::Error;
2022-02-11 04:33:35 +03:00
let bytes = String::deserialize(deserializer)
.and_then(|string| grin_util::from_hex(&string).map_err(Error::custom))?;
2022-04-27 06:13:44 +03:00
let sig: ComSignature = grin_core::ser::deserialize_default(&mut &bytes[..])
.map_err(Error::custom)?;
Ok(sig)
2021-11-12 19:09:11 +03:00
}
}
2022-04-27 06:13:44 +03:00
#[allow(non_snake_case)]
impl Readable for ComSignature {
fn read<R: Reader>(reader: &mut R) -> std::result::Result<Self, ser::Error> {
let R = Commitment::read(reader)?;
let s = read_secret_key(reader)?;
let t = read_secret_key(reader)?;
Ok(ComSignature::new(&R, &s, &t))
}
}
impl Writeable for ComSignature {
fn write<W: Writer>(&self, writer: &mut W) -> std::result::Result<(), ser::Error> {
writer.write_fixed_bytes(self.pub_nonce.0)?;
writer.write_fixed_bytes(self.s.0)?;
writer.write_fixed_bytes(self.t.0)?;
Ok(())
}
2021-11-12 19:09:11 +03:00
}
2022-02-11 04:33:35 +03:00
/// Generate a random SecretKey.
pub fn random_secret() -> SecretKey {
2021-11-12 19:09:11 +03:00
let secp = Secp256k1::new();
2022-02-11 04:33:35 +03:00
SecretKey::new(&secp, &mut thread_rng())
2021-11-12 19:09:11 +03:00
}
2022-04-27 06:13:44 +03:00
/// Deserialize a SecretKey from a Reader
pub fn read_secret_key<R: Reader>(reader: &mut R) -> std::result::Result<SecretKey, ser::Error> {
let buf = reader.read_fixed_bytes(SECRET_KEY_SIZE)?;
let secp = Secp256k1::with_caps(ContextFlag::None);
let pk = SecretKey::from_slice(&secp, &buf).map_err(|_| ser::Error::CorruptedData)?;
Ok(pk)
}
2021-11-12 19:09:11 +03:00
/// Build a Pedersen Commitment using the provided value and blinding factor
pub fn commit(value: u64, blind: &SecretKey) -> Result<Commitment> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
let commit = secp.commit(value, blind.clone())?;
Ok(commit)
}
/// Add a blinding factor to an existing Commitment
pub fn add_excess(commitment: &Commitment, excess: &SecretKey) -> Result<Commitment> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
let excess_commit : Commitment = secp.commit(0, excess.clone())?;
let commits = vec![commitment.clone(), excess_commit.clone()];
let sum = secp.commit_sum(commits, Vec::new())?;
Ok(sum)
}
2022-04-27 06:13:44 +03:00
/// Subtracts a value (v*H) from an existing commitment
2022-02-11 04:33:35 +03:00
pub fn sub_value(commitment: &Commitment, value: u64) -> Result<Commitment> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
let neg_commit : Commitment = secp.commit(value, ZERO_KEY)?;
let sum = secp.commit_sum(vec![commitment.clone()], vec![neg_commit.clone()])?;
Ok(sum)
}
2022-04-27 06:13:44 +03:00
/// Signs the message with the provided SecretKey
2022-02-11 04:33:35 +03:00
pub fn sign(sk: &SecretKey, msg: &Message) -> Result<Signature> {
let secp = Secp256k1::with_caps(ContextFlag::Full);
let pubkey = PublicKey::from_secret_key(&secp, &sk)?;
let sig = aggsig::sign_single(&secp, &msg, &sk, None, None, None, Some(&pubkey), None)?;
Ok(sig)
}
2022-04-27 06:13:44 +03:00
#[cfg(test)]
mod tests {
use super::{ComSignature, ContextFlag, Secp256k1, SecretKey};
use crate::error::Result;
2021-11-12 19:09:11 +03:00
2022-04-27 06:13:44 +03:00
use secp256k1zkp::rand::{RngCore, thread_rng};
use rand::Rng;
/// Test signing and verification of ComSignatures
#[test]
fn verify_comsig() -> Result<()> {
let secp = Secp256k1::with_caps(ContextFlag::Commit);
2021-11-12 19:09:11 +03:00
2022-04-27 06:13:44 +03:00
let amount = thread_rng().next_u64();
let blind = SecretKey::new(&secp, &mut thread_rng());
let msg: [u8; 16] = rand::thread_rng().gen();
let comsig = ComSignature::sign(amount, &blind, &msg.to_vec())?;
let commit = secp.commit(amount, blind.clone())?;
assert!(comsig.verify(&commit, &msg.to_vec()).is_ok());
2021-11-12 19:09:11 +03:00
2022-04-27 06:13:44 +03:00
let wrong_msg: [u8; 16] = rand::thread_rng().gen();
assert!(comsig.verify(&commit, &wrong_msg.to_vec()).is_err());
2021-11-12 19:09:11 +03:00
2022-04-27 06:13:44 +03:00
let wrong_commit = secp.commit(amount, SecretKey::new(&secp, &mut thread_rng()))?;
assert!(comsig.verify(&wrong_commit, &msg.to_vec()).is_err());
2021-11-12 19:09:11 +03:00
Ok(())
}
}