-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathcommitments.rs
107 lines (90 loc) · 3.02 KB
/
commitments.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
//! # GroupCommitment commitment scheme
//!
//! We implement the following commitment scheme which allows us to commit to a group element $T$:
//!
//! $GroupCommitment( (G_T, H); \\ T; \\ r_T) = com_T = (com_{T,1}, com_{T,2}) = ( r_T G_T, \\ T + r_T H)$
//!
//! This commitment scheme is statistically binding and hiding under the DDH assumption.
//! It is also equipped with a homomorphism such that
//!
//! \\[
//! \begin{align*}
//! & GroupCommitment( (G_T, H); \ A; \ r_{A}) + GroupCommit( (G_T, H); \ B; \ r_{B}) \\\\
//! & \hspace{8cm} =
//! GroupCommitment( (G_T, H); \ A + B; \ r_{A} + r_{B}) \\\\
//! & \hspace{8cm} =
//! ( (r_A + r_B) G_T, \ (A + B) + (r_A + r_B) H)
//! \end{align*}
//! \\]
//!
//! It is based on the ElGamal encryption scheme.
#![allow(non_snake_case)]
use ark_bls12_381::{Fr, G1Projective};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use std::ops::{Add, Mul};
/// A GroupCommitment object
///
/// $GroupCommitment((G , H); T ; r ) = cm_T = (cm_{T,1} , cm_{T,2} ) = (r G , T + r H)$
///
/// CanonicalSerde produces compact representation since they type has no dyn vecs
#[derive(Copy, Clone, CanonicalDeserialize, CanonicalSerialize, Debug, PartialEq, Eq)]
pub struct GroupCommitment {
/// Given $GroupCommitment((G , H); T ; r )$ this is $rG$
pub T_1: G1Projective,
/// Given $GroupCommitment((G , H); T ; r )$ this is $T + rH$
pub T_2: G1Projective,
}
impl GroupCommitment {
/// Commit to `T` using provided CRS and randomness `r`
pub fn new(
crs_G: &G1Projective,
crs_H: &G1Projective,
T: G1Projective,
r: Fr,
) -> GroupCommitment {
let T_1 = crs_G.mul(&r);
let T_2 = T + crs_H.mul(&r);
GroupCommitment { T_1, T_2 }
}
}
// Teach the machine how to add commitments
impl Add<GroupCommitment> for GroupCommitment {
type Output = Self;
fn add(self, other: Self) -> Self {
Self {
T_1: self.T_1 + other.T_1,
T_2: self.T_2 + other.T_2,
}
}
}
// Teach the machine how to multiply commitments
impl Mul<Fr> for GroupCommitment {
type Output = Self;
fn mul(self, other: Fr) -> Self {
Self {
T_1: self.T_1.mul(&other),
T_2: self.T_2.mul(&other),
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use ark_std::rand::{rngs::StdRng, SeedableRng};
use ark_std::UniformRand;
#[test]
fn test_group_commit() {
let mut rng = StdRng::seed_from_u64(0u64);
let crs_G = G1Projective::rand(&mut rng);
let crs_H = G1Projective::rand(&mut rng);
let A = G1Projective::rand(&mut rng);
let B = G1Projective::rand(&mut rng);
let r_a = Fr::rand(&mut rng);
let r_b = Fr::rand(&mut rng);
let cm_a = GroupCommitment::new(&crs_G, &crs_H, A, r_a);
let cm_b = GroupCommitment::new(&crs_G, &crs_H, B, r_b);
let cm_a_b = GroupCommitment::new(&crs_G, &crs_H, A + B, r_a + r_b);
// Check that the commitment is homomorphic
assert_eq!(cm_a + cm_b, cm_a_b);
}
}