From 94f77ff6631423cfc7e005217075be2469939eeb Mon Sep 17 00:00:00 2001 From: sanket1729 Date: Mon, 6 Feb 2023 13:53:02 -0800 Subject: [PATCH] Rename buletproof_pp* to bppp* --- .cirrus.yml | 14 +- .gitignore | 2 +- Makefile.am | 4 +- ci/cirrus.sh | 6 +- configure.ac | 18 +-- ...p256k1_bulletproofs.h => secp256k1_bppp.h} | 20 +-- src/{bench_bulletproofs.c => bench_bppp.c} | 14 +- src/modules/bppp/Makefile.am.include | 13 ++ .../bppp_norm_product_impl.h} | 38 ++--- .../bppp_transcript_impl.h} | 12 +- .../bulletproofs_util.h => bppp/bppp_util.h} | 12 +- src/modules/{bulletproofs => bppp}/main.h | 8 +- .../{bulletproofs => bppp}/main_impl.h | 26 +-- .../test_vectors/verify.h | 0 .../{bulletproofs => bppp}/tests_impl.h | 148 +++++++++--------- src/modules/bulletproofs/Makefile.am.include | 13 -- src/secp256k1.c | 4 +- src/tests.c | 8 +- 18 files changed, 180 insertions(+), 180 deletions(-) rename include/{secp256k1_bulletproofs.h => secp256k1_bppp.h} (77%) rename src/{bench_bulletproofs.c => bench_bppp.c} (64%) create mode 100644 src/modules/bppp/Makefile.am.include rename src/modules/{bulletproofs/bulletproofs_pp_norm_product_impl.h => bppp/bppp_norm_product_impl.h} (93%) rename src/modules/{bulletproofs/bulletproofs_pp_transcript_impl.h => bppp/bppp_transcript_impl.h} (73%) rename src/modules/{bulletproofs/bulletproofs_util.h => bppp/bppp_util.h} (78%) rename src/modules/{bulletproofs => bppp}/main.h (50%) rename src/modules/{bulletproofs => bppp}/main_impl.h (70%) rename src/modules/{bulletproofs => bppp}/test_vectors/verify.h (100%) rename src/modules/{bulletproofs => bppp}/tests_impl.h (75%) delete mode 100644 src/modules/bulletproofs/Makefile.am.include diff --git a/.cirrus.yml b/.cirrus.yml index e4ef0e347..48c9be8c0 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -23,7 +23,7 @@ env: WHITELIST: no MUSIG: no ECDSAADAPTOR: no - BULLETPROOFS: no + BPPP: no ### test options SECP256K1_TEST_ITERS: BENCH: yes @@ -73,12 +73,12 @@ task: << : *LINUX_CONTAINER matrix: &ENV_MATRIX - env: {WIDEMUL: int64, RECOVERY: yes} - - env: {WIDEMUL: int64, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes} + - env: {WIDEMUL: int64, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes} - env: {WIDEMUL: int128} - env: {WIDEMUL: int128, RECOVERY: yes, SCHNORRSIG: yes} - - env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes} + - env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes} - env: {WIDEMUL: int128, ASM: x86_64} - - env: { RECOVERY: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes} + - env: { RECOVERY: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes} - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no} - env: {CPPFLAGS: -DDETERMINISTIC} - env: {CFLAGS: -O0, CTIMETEST: no} @@ -109,7 +109,7 @@ task: GENERATOR: yes MUSIG: yes ECDSAADAPTOR: yes - BULLETPROOFS: yes + BPPP: yes matrix: - env: CC: i686-linux-gnu-gcc @@ -167,7 +167,7 @@ task: GENERATOR: yes MUSIG: yes ECDSAADAPTOR: yes - BULLETPROOFS: yes + BPPP: yes CTIMETEST: no << : *MERGE_BASE test_script: @@ -262,7 +262,7 @@ task: GENERATOR: yes MUSIG: yes ECDSAADAPTOR: yes - BULLETPROOFS: yes + BPPP: yes CTIMETEST: no matrix: - name: "Valgrind (memcheck)" diff --git a/.gitignore b/.gitignore index 3c0494d55..9be37772b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ bench -bench_bulletproofs +bench_bppp bench_ecmult bench_generator bench_rangeproof diff --git a/Makefile.am b/Makefile.am index 722dfac3a..482d870d0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -226,8 +226,8 @@ clean-precomp: EXTRA_DIST = autogen.sh SECURITY.md -if ENABLE_MODULE_BULLETPROOFS -include src/modules/bulletproofs/Makefile.am.include +if ENABLE_MODULE_BPPP +include src/modules/bppp/Makefile.am.include endif if ENABLE_MODULE_ECDH diff --git a/ci/cirrus.sh b/ci/cirrus.sh index 8f2b105d6..14c8dbe9e 100755 --- a/ci/cirrus.sh +++ b/ci/cirrus.sh @@ -19,7 +19,7 @@ valgrind --version || true --with-ecmult-gen-precision="$ECMULTGENPRECISION" \ --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \ --enable-module-ecdsa-s2c="$ECDSA_S2C" \ - --enable-module-bulletproofs="$BULLETPROOFS" \ + --enable-module-bppp="$BPPP" \ --enable-module-rangeproof="$RANGEPROOF" --enable-module-whitelist="$WHITELIST" --enable-module-generator="$GENERATOR" \ --enable-module-schnorrsig="$SCHNORRSIG" --enable-module-musig="$MUSIG" --enable-module-ecdsa-adaptor="$ECDSAADAPTOR" \ --enable-module-schnorrsig="$SCHNORRSIG" \ @@ -52,9 +52,9 @@ then $EXEC ./bench_ecmult $EXEC ./bench_internal $EXEC ./bench - if [ "$BULLETPROOFS" = "yes" ] + if [ "$BPPP" = "yes" ] then - $EXEC ./bench_bulletproofs + $EXEC ./bench_bppp fi } >> bench.log 2>&1 fi diff --git a/configure.ac b/configure.ac index 0b0a9d78e..c168694cd 100644 --- a/configure.ac +++ b/configure.ac @@ -140,10 +140,10 @@ AC_ARG_ENABLE(examples, AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [], [SECP_SET_DEFAULT([enable_examples], [no], [yes])]) -AC_ARG_ENABLE(module_bulletproofs, - AS_HELP_STRING([--enable-module-bulletproofs],[enable Bulletproofs module (experimental)]), +AC_ARG_ENABLE(module_bppp, + AS_HELP_STRING([--enable-module-bppp],[enable Bulletproofs++ module (experimental)]), [], - [SECP_SET_DEFAULT([enable_module_bulletproofs], [no], [yes])]) + [SECP_SET_DEFAULT([enable_module_bppp], [no], [yes])]) AC_ARG_ENABLE(module_ecdh, AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=no]]), [], @@ -422,9 +422,9 @@ if test x"$enable_module_rangeproof" = x"yes"; then AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module]) fi -if test x"$enable_module_bulletproofs" = x"yes"; then +if test x"$enable_module_bppp" = x"yes"; then enable_module_generator=yes - AC_DEFINE(ENABLE_MODULE_BULLETPROOFS, 1, [Define this symbol to enable the Bulletproofs module]) + AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module]) fi if test x"$enable_module_generator" = x"yes"; then @@ -470,8 +470,8 @@ else # module (which automatically enables the module dependencies) we want to # print an error for the dependent module, not the module dependency. Hence, # we first test dependent modules. - if test x"$enable_module_bulletproofs" = x"yes"; then - AC_MSG_ERROR([Bulletproofs module is experimental. Use --enable-experimental to allow.]) + if test x"$enable_module_bppp" = x"yes"; then + AC_MSG_ERROR([Bulletproofs++ module is experimental. Use --enable-experimental to allow.]) fi if test x"$enable_module_whitelist" = x"yes"; then AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.]) @@ -515,7 +515,7 @@ AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"]) AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"]) AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"]) AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"]) -AM_CONDITIONAL([ENABLE_MODULE_BULLETPROOFS], [test x"$enable_module_bulletproofs" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_BPPP], [test x"$enable_module_bppp" = x"yes"]) AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"]) AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"]) AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"]) @@ -555,7 +555,7 @@ echo " module whitelist = $enable_module_whitelist" echo " module musig = $enable_module_musig" echo " module ecdsa-s2c = $enable_module_ecdsa_s2c" echo " module ecdsa-adaptor = $enable_module_ecdsa_adaptor" -echo " module bulletproofs = $enable_module_bulletproofs" +echo " module bppp = $enable_module_bppp" echo echo " asm = $set_asm" echo " ecmult window size = $set_ecmult_window" diff --git a/include/secp256k1_bulletproofs.h b/include/secp256k1_bppp.h similarity index 77% rename from include/secp256k1_bulletproofs.h rename to include/secp256k1_bppp.h index 1ddd96997..c880ee484 100644 --- a/include/secp256k1_bulletproofs.h +++ b/include/secp256k1_bppp.h @@ -1,5 +1,5 @@ -#ifndef _SECP256K1_BULLETPROOFS_ -# define _SECP256K1_BULLETPROOFS_ +#ifndef _SECP256K1_BPPP_ +# define _SECP256K1_BPPP_ # include "secp256k1.h" @@ -10,7 +10,7 @@ extern "C" { #include /** Opaque structure representing a large number of NUMS generators */ -typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generators; +typedef struct secp256k1_bppp_generators secp256k1_bppp_generators; /** Allocates and initializes a list of NUMS generators. * Returns a list of generators, or calls the error callback if the allocation fails. @@ -21,7 +21,7 @@ typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generato * points. We will later use G = H0(required for compatibility with pedersen_commitment DS) * in a separate commit to make review easier. */ -SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create( +SECP256K1_API secp256k1_bppp_generators *secp256k1_bppp_generators_create( const secp256k1_context* ctx, size_t n ) SECP256K1_ARG_NONNULL(1); @@ -29,10 +29,10 @@ SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generato /** Allocates a list of generators from a static array * Returns a list of generators or NULL in case of failure. * Args: ctx: pointer to a context object - * In: data: data that came from `secp256k1_bulletproofs_generators_serialize` + * In: data: data that came from `secp256k1_bppp_generators_serialize` * data_len: the length of the `data` buffer */ -SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse( +SECP256K1_API secp256k1_bppp_generators* secp256k1_bppp_generators_parse( const secp256k1_context* ctx, const unsigned char* data, size_t data_len @@ -49,9 +49,9 @@ SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generato * TODO: For ease of review, this setting G = H0 is not included in this commit. We will * add it in the follow-up rangeproof PR. */ -SECP256K1_API int secp256k1_bulletproofs_generators_serialize( +SECP256K1_API int secp256k1_bppp_generators_serialize( const secp256k1_context* ctx, - const secp256k1_bulletproofs_generators* gen, + const secp256k1_bppp_generators* gen, unsigned char* data, size_t *data_len ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -61,9 +61,9 @@ SECP256K1_API int secp256k1_bulletproofs_generators_serialize( * gen: pointer to the generator set to be destroyed * (can be NULL, in which case this function is a no-op) */ -SECP256K1_API void secp256k1_bulletproofs_generators_destroy( +SECP256K1_API void secp256k1_bppp_generators_destroy( const secp256k1_context* ctx, - secp256k1_bulletproofs_generators* gen + secp256k1_bppp_generators* gen ) SECP256K1_ARG_NONNULL(1); # ifdef __cplusplus diff --git a/src/bench_bulletproofs.c b/src/bench_bppp.c similarity index 64% rename from src/bench_bulletproofs.c rename to src/bench_bppp.c index f113791c4..c2846182d 100644 --- a/src/bench_bulletproofs.c +++ b/src/bench_bppp.c @@ -6,32 +6,32 @@ #include -#include "include/secp256k1_bulletproofs.h" +#include "include/secp256k1_bppp.h" #include "util.h" #include "bench.h" typedef struct { secp256k1_context* ctx; -} bench_bulletproofs_data; +} bench_bppp_data; -static void bench_bulletproofs_setup(void* arg) { +static void bench_bppp_setup(void* arg) { (void) arg; } -static void bench_bulletproofs(void* arg, int iters) { - bench_bulletproofs_data *data = (bench_bulletproofs_data*)arg; +static void bench_bppp(void* arg, int iters) { + bench_bppp_data *data = (bench_bppp_data*)arg; (void) data; (void) iters; } int main(void) { - bench_bulletproofs_data data; + bench_bppp_data data; int iters = get_iters(32); data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - run_benchmark("bulletproofs_verify_bit", bench_bulletproofs, bench_bulletproofs_setup, NULL, &data, 10, iters); + run_benchmark("bppp_verify_bit", bench_bppp, bench_bppp_setup, NULL, &data, 10, iters); secp256k1_context_destroy(data.ctx); return 0; diff --git a/src/modules/bppp/Makefile.am.include b/src/modules/bppp/Makefile.am.include new file mode 100644 index 000000000..13e8ea03d --- /dev/null +++ b/src/modules/bppp/Makefile.am.include @@ -0,0 +1,13 @@ +include_HEADERS += include/secp256k1_bppp.h +noinst_HEADERS += src/modules/bppp/bppp_util.h +noinst_HEADERS += src/modules/bppp/main_impl.h +noinst_HEADERS += src/modules/bppp/bppp_transcript_impl.h +noinst_HEADERS += src/modules/bppp/bppp_norm_product_impl.h +noinst_HEADERS += src/modules/bppp/tests_impl.h + +if USE_BENCHMARK +noinst_PROGRAMS += bench_bppp +bench_bppp_SOURCES = src/bench_bppp.c +bench_bppp_LDADD = libsecp256k1.la $(SECP_LIBS) +bench_bppp_LDFLAGS = -static +endif diff --git a/src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h b/src/modules/bppp/bppp_norm_product_impl.h similarity index 93% rename from src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h rename to src/modules/bppp/bppp_norm_product_impl.h index 45b4bd966..9353bb671 100644 --- a/src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h +++ b/src/modules/bppp/bppp_norm_product_impl.h @@ -4,8 +4,8 @@ * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_ -#define _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_ +#ifndef _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_ +#define _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_ #include "group.h" #include "scalar.h" @@ -13,9 +13,9 @@ #include "ecmult_gen.h" #include "hash.h" -#include "modules/bulletproofs/main.h" -#include "modules/bulletproofs/bulletproofs_util.h" -#include "modules/bulletproofs/bulletproofs_pp_transcript_impl.h" +#include "modules/bppp/main.h" +#include "modules/bppp/bppp_util.h" +#include "modules/bppp/bppp_transcript_impl.h" /* Computes the inner product of two vectors of scalars * with elements starting from offset a and offset b @@ -69,7 +69,7 @@ static int secp256k1_weighted_scalar_inner_product( } /* Compute the powers of r as r, r^2, r^4 ... r^(2^(n-1)) */ -static void secp256k1_bulletproofs_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) { +static void secp256k1_bppp_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) { size_t i; if (n == 0) { return; @@ -102,11 +102,11 @@ static int ecmult_bp_commit_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t id v = |n_vec*n_vec|_q + . |w|_q denotes q-weighted norm of w and denotes inner product of l and r. */ -static int secp256k1_bulletproofs_commit( +static int secp256k1_bppp_commit( const secp256k1_context* ctx, secp256k1_scratch_space* scratch, secp256k1_ge* commit, - const secp256k1_bulletproofs_generators* g_vec, + const secp256k1_bppp_generators* g_vec, const secp256k1_scalar* n_vec, size_t n_vec_len, const secp256k1_scalar* l_vec, @@ -216,7 +216,7 @@ static int ecmult_r_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void * some parent protocol. To use this norm protocol in a standalone manner, the user * should add the commitment, generators and initial public data to the transcript hash. */ -static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove( +static int secp256k1_bppp_rangeproof_norm_product_prove( const secp256k1_context* ctx, secp256k1_scratch_space* scratch, unsigned char* proof, @@ -238,7 +238,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove( ecmult_r_cb_data r_cb_data; size_t g_len = n_vec_len, h_len = l_vec_len; const size_t G_GENS_LEN = g_len; - size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(h_len); + size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(h_len); size_t num_rounds = log_g_len > log_h_len ? log_g_len : log_h_len; /* Check proof sizes.*/ @@ -307,12 +307,12 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove( secp256k1_ge_set_gej_var(&r_ge, &rj); secp256k1_fe_normalize_var(&r_ge.x); secp256k1_fe_normalize_var(&r_ge.y); - secp256k1_bulletproofs_serialize_points(&proof[proof_idx], &x_ge, &r_ge); + secp256k1_bppp_serialize_points(&proof[proof_idx], &x_ge, &r_ge); proof_idx += 65; /* Obtain challenge e for the the next round */ secp256k1_sha256_write(transcript, &proof[proof_idx - 65], 65); - secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0); + secp256k1_bppp_challenge_scalar(&e, transcript, 0); if (g_len > 1) { for (i = 0; i < g_len; i = i + 2) { @@ -422,14 +422,14 @@ static int ec_mult_verify_cb2(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx /* Verify the proof. This function modifies the generators, c_vec and the challenge r. The caller should make sure to back them up if they need to be reused. */ -int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( +int secp256k1_bppp_rangeproof_norm_product_verify( const secp256k1_context* ctx, secp256k1_scratch_space* scratch, const unsigned char* proof, size_t proof_len, secp256k1_sha256* transcript, const secp256k1_scalar* r, - const secp256k1_bulletproofs_generators* g_vec, + const secp256k1_bppp_generators* g_vec, size_t g_len, const secp256k1_scalar* c_vec, size_t c_vec_len, @@ -440,7 +440,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( secp256k1_gej res1, res2; size_t i = 0, scratch_checkpoint; int overflow; - size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(c_vec_len); + size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(c_vec_len); size_t n_rounds = log_g_len > log_h_len ? log_g_len : log_h_len; size_t h_len = c_vec_len; @@ -471,7 +471,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( /* Compute powers of r_inv. Later used in g_factor computations*/ secp256k1_scalar_inverse_var(&r_inv, r); - secp256k1_bulletproofs_powers_of_r(r_inv_pows, &r_inv, log_g_len); + secp256k1_bppp_powers_of_r(r_inv_pows, &r_inv, log_g_len); /* Compute r_f = r^(2^log_g_len) */ r_f = *r; @@ -482,7 +482,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( for (i = 0; i < n_rounds; i++) { secp256k1_scalar e; secp256k1_sha256_write(transcript, &proof[i * 65], 65); - secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0); + secp256k1_bppp_challenge_scalar(&e, transcript, 0); es[i] = e; } /* s_g[0] = n * \prod_{j=0}^{log_g_len - 1} r^(2^j) @@ -491,7 +491,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( secp256k1_scalar_mul(&s_g[0], &n, &r_f); secp256k1_scalar_mul(&s_g[0], &s_g[0], &r_inv); for (i = 1; i < g_len; i++) { - size_t log_i = secp256k1_bulletproofs_pp_log2(i); + size_t log_i = secp256k1_bppp_log2(i); size_t nearest_pow_of_two = (size_t)1 << log_i; /* This combines the two multiplications of challenges and r_invs in a * single loop. @@ -503,7 +503,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( s_h[0] = l; secp256k1_scalar_set_int(&h_c, 0); for (i = 1; i < h_len; i++) { - size_t log_i = secp256k1_bulletproofs_pp_log2(i); + size_t log_i = secp256k1_bppp_log2(i); size_t nearest_pow_of_two = (size_t)1 << log_i; secp256k1_scalar_mul(&s_h[i], &s_h[i - nearest_pow_of_two], &es[log_i]); } diff --git a/src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h b/src/modules/bppp/bppp_transcript_impl.h similarity index 73% rename from src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h rename to src/modules/bppp/bppp_transcript_impl.h index e8444e91e..a734ea2dd 100644 --- a/src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h +++ b/src/modules/bppp/bppp_transcript_impl.h @@ -3,17 +3,17 @@ * Distributed under the MIT software license, see the accompanying * * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_ -#define _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_ +#ifndef _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_ +#define _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_ #include "group.h" #include "scalar.h" -#include "bulletproofs_util.h" +#include "bppp_util.h" /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("Bulletproofs_pp/v0/commitment")||SHA256("Bulletproofs_pp/v0/commitment"). */ -static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) { +static void secp256k1_bppp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) { secp256k1_sha256_initialize(sha); sha->s[0] = 0x52fc8185ul; sha->s[1] = 0x0e7debf0ul; @@ -28,10 +28,10 @@ static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sh } /* Obtain a challenge scalar from the current transcript.*/ -static void secp256k1_bulletproofs_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) { +static void secp256k1_bppp_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) { unsigned char buf[32]; secp256k1_sha256 sha = *transcript; - secp256k1_bulletproofs_le64(buf, idx); + secp256k1_bppp_le64(buf, idx); secp256k1_sha256_write(&sha, buf, 8); secp256k1_sha256_finalize(&sha, buf); secp256k1_scalar_set_b32(ch, buf, NULL); diff --git a/src/modules/bulletproofs/bulletproofs_util.h b/src/modules/bppp/bppp_util.h similarity index 78% rename from src/modules/bulletproofs/bulletproofs_util.h rename to src/modules/bppp/bppp_util.h index 07f6fc62b..10c58bb7d 100644 --- a/src/modules/bulletproofs/bulletproofs_util.h +++ b/src/modules/bppp/bppp_util.h @@ -4,8 +4,8 @@ * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -#ifndef _SECP256K1_MODULE_BULLETPROOFS_UTIL_ -#define _SECP256K1_MODULE_BULLETPROOFS_UTIL_ +#ifndef _SECP256K1_MODULE_BPPP_UTIL_ +#define _SECP256K1_MODULE_BPPP_UTIL_ #include "field.h" #include "group.h" @@ -15,7 +15,7 @@ /* Outputs a pair of points, amortizing the parity byte between them * Assumes both points' coordinates have been normalized. */ -static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) { +static void secp256k1_bppp_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) { output[0] = (secp256k1_fe_is_odd(&lpt->y) << 1) + secp256k1_fe_is_odd(&rpt->y); secp256k1_fe_get_b32(&output[1], &lpt->x); secp256k1_fe_get_b32(&output[33], &rpt->x); @@ -23,13 +23,13 @@ static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const /* Outputs a serialized point in compressed form. Returns 0 at point at infinity. */ -static int secp256k1_bulletproofs_serialize_pt(unsigned char *output, secp256k1_ge *lpt) { +static int secp256k1_bppp_serialize_pt(unsigned char *output, secp256k1_ge *lpt) { size_t size; return secp256k1_eckey_pubkey_serialize(lpt, output, &size, 1 /*compressed*/); } /* little-endian encodes a uint64 */ -static void secp256k1_bulletproofs_le64(unsigned char *output, const uint64_t n) { +static void secp256k1_bppp_le64(unsigned char *output, const uint64_t n) { output[0] = n; output[1] = n >> 8; output[2] = n >> 16; @@ -49,7 +49,7 @@ static int secp256k1_is_power_of_two(size_t n) { * `k` such that 2^k <= n. Assumes n < 2^64. In Bulletproofs, this is bounded * by len of input vectors which can be safely assumed to be less than 2^64. */ -static size_t secp256k1_bulletproofs_pp_log2(size_t n) { +static size_t secp256k1_bppp_log2(size_t n) { return 64 - 1 - secp256k1_clz64_var((uint64_t)n); } diff --git a/src/modules/bulletproofs/main.h b/src/modules/bppp/main.h similarity index 50% rename from src/modules/bulletproofs/main.h rename to src/modules/bppp/main.h index 4174102a6..47405f458 100644 --- a/src/modules/bulletproofs/main.h +++ b/src/modules/bppp/main.h @@ -1,8 +1,8 @@ -#ifndef SECP256K1_MODULE_BULLETPROOFS_MAIN_H -#define SECP256K1_MODULE_BULLETPROOFS_MAIN_H +#ifndef SECP256K1_MODULE_BPPP_MAIN_H +#define SECP256K1_MODULE_BPPP_MAIN_H -/* this type must be completed before any of the modules/bulletproofs includes */ -struct secp256k1_bulletproofs_generators { +/* this type must be completed before any of the modules/bppp includes */ +struct secp256k1_bppp_generators { size_t n; /* n total generators; includes both G_i and H_i */ /* For BP++, the generators are G_i from [0..(n - 8)] and the last 8 values diff --git a/src/modules/bulletproofs/main_impl.h b/src/modules/bppp/main_impl.h similarity index 70% rename from src/modules/bulletproofs/main_impl.h rename to src/modules/bppp/main_impl.h index f87b9876b..dfebde10e 100644 --- a/src/modules/bulletproofs/main_impl.h +++ b/src/modules/bppp/main_impl.h @@ -4,26 +4,26 @@ * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -#ifndef _SECP256K1_MODULE_BULLETPROOFS_MAIN_ -#define _SECP256K1_MODULE_BULLETPROOFS_MAIN_ +#ifndef _SECP256K1_MODULE_BPPP_MAIN_ +#define _SECP256K1_MODULE_BPPP_MAIN_ -#include "include/secp256k1_bulletproofs.h" +#include "include/secp256k1_bppp.h" #include "include/secp256k1_generator.h" #include "modules/generator/main_impl.h" /* for generator_{load, save} */ #include "hash.h" #include "util.h" -#include "modules/bulletproofs/main.h" -#include "modules/bulletproofs/bulletproofs_pp_norm_product_impl.h" +#include "modules/bppp/main.h" +#include "modules/bppp/bppp_norm_product_impl.h" -secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(const secp256k1_context *ctx, size_t n) { - secp256k1_bulletproofs_generators *ret; +secp256k1_bppp_generators *secp256k1_bppp_generators_create(const secp256k1_context *ctx, size_t n) { + secp256k1_bppp_generators *ret; secp256k1_rfc6979_hmac_sha256 rng; unsigned char seed[64]; size_t i; VERIFY_CHECK(ctx != NULL); - ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); + ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); if (ret == NULL) { return NULL; } @@ -49,9 +49,9 @@ secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(cons return ret; } -secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) { +secp256k1_bppp_generators* secp256k1_bppp_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) { size_t n = data_len / 33; - secp256k1_bulletproofs_generators* ret; + secp256k1_bppp_generators* ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(data != NULL); @@ -60,7 +60,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const return NULL; } - ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); + ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); if (ret == NULL) { return NULL; } @@ -83,7 +83,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const return ret; } -int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, const secp256k1_bulletproofs_generators* gens, unsigned char* data, size_t *data_len) { +int secp256k1_bppp_generators_serialize(const secp256k1_context* ctx, const secp256k1_bppp_generators* gens, unsigned char* data, size_t *data_len) { size_t i; VERIFY_CHECK(ctx != NULL); @@ -103,7 +103,7 @@ int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, co return 1; } -void secp256k1_bulletproofs_generators_destroy(const secp256k1_context* ctx, secp256k1_bulletproofs_generators *gens) { +void secp256k1_bppp_generators_destroy(const secp256k1_context* ctx, secp256k1_bppp_generators *gens) { VERIFY_CHECK(ctx != NULL); (void) ctx; if (gens != NULL) { diff --git a/src/modules/bulletproofs/test_vectors/verify.h b/src/modules/bppp/test_vectors/verify.h similarity index 100% rename from src/modules/bulletproofs/test_vectors/verify.h rename to src/modules/bppp/test_vectors/verify.h diff --git a/src/modules/bulletproofs/tests_impl.h b/src/modules/bppp/tests_impl.h similarity index 75% rename from src/modules/bulletproofs/tests_impl.h rename to src/modules/bppp/tests_impl.h index dd3e4130e..ab101facb 100644 --- a/src/modules/bulletproofs/tests_impl.h +++ b/src/modules/bppp/tests_impl.h @@ -4,23 +4,23 @@ * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -#ifndef _SECP256K1_MODULE_BULLETPROOFS_TEST_ -#define _SECP256K1_MODULE_BULLETPROOFS_TEST_ +#ifndef _SECP256K1_MODULE_BPPP_TEST_ +#define _SECP256K1_MODULE_BPPP_TEST_ #include -#include "include/secp256k1_bulletproofs.h" -#include "bulletproofs_pp_norm_product_impl.h" -#include "bulletproofs_util.h" -#include "bulletproofs_pp_transcript_impl.h" +#include "include/secp256k1_bppp.h" +#include "bppp_norm_product_impl.h" +#include "bppp_util.h" +#include "bppp_transcript_impl.h" #include "test_vectors/verify.h" -static void test_bulletproofs_generators_api(void) { +static void test_bppp_generators_api(void) { /* The BP generator API requires no precomp */ secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); - secp256k1_bulletproofs_generators *gens; - secp256k1_bulletproofs_generators *gens_orig; + secp256k1_bppp_generators *gens; + secp256k1_bppp_generators *gens_orig; unsigned char gens_ser[330]; size_t len = sizeof(gens_ser); @@ -30,47 +30,47 @@ static void test_bulletproofs_generators_api(void) { secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); /* Create */ - gens = secp256k1_bulletproofs_generators_create(none, 10); + gens = secp256k1_bppp_generators_create(none, 10); CHECK(gens != NULL && ecount == 0); gens_orig = gens; /* Preserve for round-trip test */ /* Serialize */ ecount = 0; - CHECK(!secp256k1_bulletproofs_generators_serialize(none, NULL, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(none, NULL, gens_ser, &len)); CHECK(ecount == 1); - CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, NULL, &len)); + CHECK(!secp256k1_bppp_generators_serialize(none, gens, NULL, &len)); CHECK(ecount == 2); - CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, NULL)); + CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, NULL)); CHECK(ecount == 3); len = 0; - CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len)); CHECK(ecount == 4); len = sizeof(gens_ser) - 1; - CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len)); CHECK(ecount == 5); len = sizeof(gens_ser); { /* Output buffer can be greater than minimum needed */ unsigned char gens_ser_tmp[331]; size_t len_tmp = sizeof(gens_ser_tmp); - CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser_tmp, &len_tmp)); + CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser_tmp, &len_tmp)); CHECK(len_tmp == sizeof(gens_ser_tmp) - 1); CHECK(ecount == 5); } /* Parse */ - CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len)); ecount = 0; - gens = secp256k1_bulletproofs_generators_parse(none, NULL, sizeof(gens_ser)); + gens = secp256k1_bppp_generators_parse(none, NULL, sizeof(gens_ser)); CHECK(gens == NULL && ecount == 1); /* Not a multiple of 33 */ - gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser) - 1); + gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser) - 1); CHECK(gens == NULL && ecount == 1); - gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser)); + gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser)); CHECK(gens != NULL && ecount == 1); /* Not valid generators */ memset(gens_ser, 1, sizeof(gens_ser)); - CHECK(secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL); + CHECK(secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL); CHECK(ecount == 1); /* Check that round-trip succeeded */ @@ -81,16 +81,16 @@ static void test_bulletproofs_generators_api(void) { /* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */ ecount = 0; - secp256k1_bulletproofs_generators_destroy(none, NULL); - secp256k1_bulletproofs_generators_destroy(none, gens); - secp256k1_bulletproofs_generators_destroy(none, gens_orig); + secp256k1_bppp_generators_destroy(none, NULL); + secp256k1_bppp_generators_destroy(none, gens); + secp256k1_bppp_generators_destroy(none, gens_orig); CHECK(ecount == 0); secp256k1_context_destroy(none); } -static void test_bulletproofs_generators_fixed(void) { - secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, 3); +static void test_bppp_generators_fixed(void) { + secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, 3); unsigned char gens_ser[330]; const unsigned char fixed_first_3[99] = { 0x0b, @@ -112,17 +112,17 @@ static void test_bulletproofs_generators_fixed(void) { size_t len; len = 99; - CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); len = sizeof(gens_ser); - CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); - secp256k1_bulletproofs_generators_destroy(ctx, gens); + secp256k1_bppp_generators_destroy(ctx, gens); } -static void test_bulletproofs_pp_tagged_hash(void) { +static void test_bppp_tagged_hash(void) { unsigned char tag_data[29] = "Bulletproofs_pp/v0/commitment"; secp256k1_sha256 sha; secp256k1_sha256 sha_cached; @@ -131,7 +131,7 @@ static void test_bulletproofs_pp_tagged_hash(void) { secp256k1_scalar s; secp256k1_sha256_initialize_tagged(&sha, tag_data, sizeof(tag_data)); - secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha_cached); + secp256k1_bppp_sha256_tagged_commitment_init(&sha_cached); secp256k1_sha256_finalize(&sha, output); secp256k1_sha256_finalize(&sha_cached, output_cached); CHECK(secp256k1_memcmp_var(output, output_cached, 32) == 0); @@ -141,8 +141,8 @@ static void test_bulletproofs_pp_tagged_hash(void) { 0xF6, 0x91, 0x15, 0xEE, 0x74, 0xF5, 0x12, 0x67, 0x8A, 0x41, 0xC6, 0x85, 0x1A, 0x79, 0x14, 0xFC, 0x48, 0x15, 0xC7, 0x2D, 0xF8, 0x63, 0x8F, 0x1B }; - secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha); - secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0); + secp256k1_bppp_sha256_tagged_commitment_init(&sha); + secp256k1_bppp_challenge_scalar(&s, &sha, 0); secp256k1_scalar_get_b32(output, &s); CHECK(memcmp(output, expected, sizeof(output)) == 0); } @@ -154,7 +154,7 @@ static void test_bulletproofs_pp_tagged_hash(void) { 0x69, 0x4D, 0xAA, 0x96, 0xCE, 0x98, 0xBB, 0x39, 0x1C, 0x2F, 0x7C, 0x2E, 0x1C, 0x17, 0x78, 0x6D }; secp256k1_sha256_write(&sha, tmp, sizeof(tmp)); - secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0); + secp256k1_bppp_challenge_scalar(&s, &sha, 0); secp256k1_scalar_get_b32(output, &s); CHECK(memcmp(output, expected, sizeof(output)) == 0); } @@ -168,11 +168,11 @@ void test_log_exp(void) { CHECK(secp256k1_is_power_of_two(63) == 0); CHECK(secp256k1_is_power_of_two(256) == 1); - CHECK(secp256k1_bulletproofs_pp_log2(1) == 0); - CHECK(secp256k1_bulletproofs_pp_log2(2) == 1); - CHECK(secp256k1_bulletproofs_pp_log2(255) == 7); - CHECK(secp256k1_bulletproofs_pp_log2(256) == 8); - CHECK(secp256k1_bulletproofs_pp_log2(257) == 8); + CHECK(secp256k1_bppp_log2(1) == 0); + CHECK(secp256k1_bppp_log2(2) == 1); + CHECK(secp256k1_bppp_log2(255) == 7); + CHECK(secp256k1_bppp_log2(256) == 8); + CHECK(secp256k1_bppp_log2(257) == 8); } void test_norm_util_helpers(void) { @@ -205,7 +205,7 @@ void test_norm_util_helpers(void) { secp256k1_scalar_set_int(&res2, 4740); /*i*i*4^(i+1) */ CHECK(secp256k1_scalar_eq(&res2, &res) == 1); - secp256k1_bulletproofs_powers_of_r(r_pows, &r, 4); + secp256k1_bppp_powers_of_r(r_pows, &r, 4); secp256k1_scalar_set_int(&res, 2); CHECK(secp256k1_scalar_eq(&res, &r_pows[0])); secp256k1_scalar_set_int(&res, 4); CHECK(secp256k1_scalar_eq(&res, &r_pows[1])); secp256k1_scalar_set_int(&res, 16); CHECK(secp256k1_scalar_eq(&res, &r_pows[2])); @@ -215,7 +215,7 @@ void test_norm_util_helpers(void) { static void secp256k1_norm_arg_commit_initial_data( secp256k1_sha256* transcript, const secp256k1_scalar* r, - const secp256k1_bulletproofs_generators* gens_vec, + const secp256k1_bppp_generators* gens_vec, size_t g_len, /* Same as n_vec_len, g_len + c_vec_len = gens->n */ const secp256k1_scalar* c_vec, size_t c_vec_len, @@ -225,25 +225,25 @@ static void secp256k1_norm_arg_commit_initial_data( unsigned char ser_commit[33], ser_scalar[32], ser_le64[8]; size_t i; secp256k1_ge comm = *commit; - secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(transcript); + secp256k1_bppp_sha256_tagged_commitment_init(transcript); secp256k1_fe_normalize(&comm.x); secp256k1_fe_normalize(&comm.y); CHECK(secp256k1_ge_is_infinity(&comm) == 0); - CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &comm)); + CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &comm)); secp256k1_sha256_write(transcript, ser_commit, 33); secp256k1_scalar_get_b32(ser_scalar, r); secp256k1_sha256_write(transcript, ser_scalar, 32); - secp256k1_bulletproofs_le64(ser_le64, g_len); + secp256k1_bppp_le64(ser_le64, g_len); secp256k1_sha256_write(transcript, ser_le64, 8); - secp256k1_bulletproofs_le64(ser_le64, gens_vec->n); + secp256k1_bppp_le64(ser_le64, gens_vec->n); secp256k1_sha256_write(transcript, ser_le64, 8); for (i = 0; i < gens_vec->n; i++) { secp256k1_fe_normalize(&gens_vec->gens[i].x); secp256k1_fe_normalize(&gens_vec->gens[i].y); - CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &gens_vec->gens[i])); + CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &gens_vec->gens[i])); secp256k1_sha256_write(transcript, ser_commit, 33); } - secp256k1_bulletproofs_le64(ser_le64, c_vec_len); + secp256k1_bppp_le64(ser_le64, c_vec_len); secp256k1_sha256_write(transcript, ser_le64, 8); for (i = 0; i < c_vec_len; i++) { secp256k1_scalar_get_b32(ser_scalar, &c_vec[i]); @@ -273,9 +273,9 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch, memcpy(*gs, gens_vec, (g_len + h_len) * sizeof(secp256k1_ge)); } -/* A complete norm argument. In contrast to secp256k1_bulletproofs_pp_rangeproof_norm_product_prove, this is meant +/* A complete norm argument. In contrast to secp256k1_bppp_rangeproof_norm_product_prove, this is meant to be used as a standalone norm argument. - This is a simple wrapper around secp256k1_bulletproofs_pp_rangeproof_norm_product_prove + This is a simple wrapper around secp256k1_bppp_rangeproof_norm_product_prove that also commits to the initial public values used in the protocol. In this case, these public values are commitment. */ @@ -284,7 +284,7 @@ static int secp256k1_norm_arg_prove( unsigned char* proof, size_t *proof_len, const secp256k1_scalar* r, - const secp256k1_bulletproofs_generators* gens_vec, + const secp256k1_bppp_generators* gens_vec, const secp256k1_scalar* n_vec, size_t n_vec_len, const secp256k1_scalar* l_vec, @@ -307,7 +307,7 @@ static int secp256k1_norm_arg_prove( /* Commit to the initial public values */ secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm); - res = secp256k1_bulletproofs_pp_rangeproof_norm_product_prove( + res = secp256k1_bppp_rangeproof_norm_product_prove( ctx, scratch, proof, @@ -333,7 +333,7 @@ static int secp256k1_norm_arg_verify( const unsigned char* proof, size_t proof_len, const secp256k1_scalar* r, - const secp256k1_bulletproofs_generators* gens_vec, + const secp256k1_bppp_generators* gens_vec, size_t g_len, const secp256k1_scalar* c_vec, size_t c_vec_len, @@ -346,7 +346,7 @@ static int secp256k1_norm_arg_verify( /* Commit to the initial public values */ secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm); - res = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify( + res = secp256k1_bppp_rangeproof_norm_product_verify( ctx, scratch, proof, @@ -379,26 +379,26 @@ void norm_arg_zero(void) { size_t plen = sizeof(proof); unsigned int n_vec_len = 1; unsigned int c_vec_len = 1; - secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len); + secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len); secp256k1_scalar_set_int(&n_vec[0], 0); secp256k1_scalar_set_int(&l_vec[0], 0); random_scalar_order(&c_vec[0]); secp256k1_sha256_initialize(&transcript); /* No challenges used in n = 1, l = 1, but we set transcript as a good practice*/ - CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q)); + CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q)); { secp256k1_scalar *ns, *ls, *cs; secp256k1_ge *gs; size_t scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, gens->gens, n_vec_len, c_vec_len); - CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len)); + CHECK(secp256k1_bppp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len)); secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint); } secp256k1_sha256_initialize(&transcript); - CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit)); + CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit)); - secp256k1_bulletproofs_generators_destroy(ctx, gens); + secp256k1_bppp_generators_destroy(ctx, gens); } /* l is the zero vector and longer than n. This results in one of the @@ -406,7 +406,7 @@ void norm_arg_zero(void) { { unsigned int n_vec_len = 1; unsigned int c_vec_len = 2; - secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len); + secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len); size_t plen = sizeof(proof); for (i = 0; i < n_vec_len; i++) { random_scalar_order(&n_vec[i]); @@ -415,9 +415,9 @@ void norm_arg_zero(void) { secp256k1_scalar_set_int(&l_vec[i], 0); random_scalar_order(&c_vec[i]); } - CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q)); + CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q)); CHECK(!secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit)); - secp256k1_bulletproofs_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(ctx, gs); } secp256k1_scratch_space_destroy(ctx, scratch); @@ -429,7 +429,7 @@ void norm_arg_test(unsigned int n, unsigned int m) { secp256k1_ge commit; size_t i, plen; int res; - secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n + m); + secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n + m); secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ unsigned char proof[1000]; plen = 1000; @@ -445,7 +445,7 @@ void norm_arg_test(unsigned int n, unsigned int m) { random_scalar_order(&c_vec[i]); } - res = secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q); + res = secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q); CHECK(res == 1); res = secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n, l_vec, m, c_vec, m, &commit); CHECK(res == 1); @@ -462,13 +462,13 @@ void norm_arg_test(unsigned int n, unsigned int m) { CHECK(res == 0); secp256k1_scratch_space_destroy(ctx, scratch); - secp256k1_bulletproofs_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(ctx, gs); } /* Parses generators from points compressed as pubkeys */ -secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const unsigned char* data, size_t data_len) { +secp256k1_bppp_generators* bppp_generators_parse_regular(const unsigned char* data, size_t data_len) { size_t n = data_len / 33; - secp256k1_bulletproofs_generators* ret; + secp256k1_bppp_generators* ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(data != NULL); @@ -477,7 +477,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u return NULL; } - ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); + ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); if (ret == NULL) { return NULL; } @@ -500,7 +500,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned char *gens, const unsigned char *proof, size_t plen, const unsigned char *r32, size_t n_vec_len, const unsigned char c_vec32[][32], secp256k1_scalar *c_vec, size_t c_vec_len, const unsigned char *commit33) { secp256k1_sha256 transcript; - secp256k1_bulletproofs_generators *gs = bulletproofs_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len)); + secp256k1_bppp_generators *gs = bppp_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len)); secp256k1_scalar r; secp256k1_ge commit; int overflow; @@ -518,9 +518,9 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch CHECK(!overflow); } CHECK(secp256k1_eckey_pubkey_parse(&commit, commit33, 33)); - ret = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit); + ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit); - secp256k1_bulletproofs_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(ctx, gs); return ret; } @@ -545,12 +545,12 @@ void norm_arg_verify_vectors(void) { } #undef IDX_TO_TEST -void run_bulletproofs_tests(void) { +void run_bppp_tests(void) { test_log_exp(); test_norm_util_helpers(); - test_bulletproofs_generators_api(); - test_bulletproofs_generators_fixed(); - test_bulletproofs_pp_tagged_hash(); + test_bppp_generators_api(); + test_bppp_generators_fixed(); + test_bppp_tagged_hash(); norm_arg_zero(); norm_arg_test(1, 1); diff --git a/src/modules/bulletproofs/Makefile.am.include b/src/modules/bulletproofs/Makefile.am.include deleted file mode 100644 index cfd0916d2..000000000 --- a/src/modules/bulletproofs/Makefile.am.include +++ /dev/null @@ -1,13 +0,0 @@ -include_HEADERS += include/secp256k1_bulletproofs.h -noinst_HEADERS += src/modules/bulletproofs/bulletproofs_util.h -noinst_HEADERS += src/modules/bulletproofs/main_impl.h -noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h -noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h -noinst_HEADERS += src/modules/bulletproofs/tests_impl.h - -if USE_BENCHMARK -noinst_PROGRAMS += bench_bulletproofs -bench_bulletproofs_SOURCES = src/bench_bulletproofs.c -bench_bulletproofs_LDADD = libsecp256k1.la $(SECP_LIBS) -bench_bulletproofs_LDFLAGS = -static -endif diff --git a/src/secp256k1.c b/src/secp256k1.c index 857e9a76e..c147eae5f 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -800,8 +800,8 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32, return 1; } -#ifdef ENABLE_MODULE_BULLETPROOFS -# include "modules/bulletproofs/main_impl.h" +#ifdef ENABLE_MODULE_BPPP +# include "modules/bppp/main_impl.h" #endif #ifdef ENABLE_MODULE_ECDH diff --git a/src/tests.c b/src/tests.c index fc84b3cb1..9e7efe3ad 100644 --- a/src/tests.c +++ b/src/tests.c @@ -7132,8 +7132,8 @@ void run_ecdsa_edge_cases(void) { test_ecdsa_edge_cases(); } -#ifdef ENABLE_MODULE_BULLETPROOFS -# include "modules/bulletproofs/tests_impl.h" +#ifdef ENABLE_MODULE_BPPP +# include "modules/bppp/tests_impl.h" #endif #ifdef ENABLE_MODULE_ECDH @@ -7456,8 +7456,8 @@ int main(int argc, char **argv) { /* EC key arithmetic test */ run_eckey_negate_test(); -#ifdef ENABLE_MODULE_BULLETPROOFS - run_bulletproofs_tests(); +#ifdef ENABLE_MODULE_BPPP + run_bppp_tests(); #endif #ifdef ENABLE_MODULE_ECDH