feat: add implementation for the sha256 commitment scheme (#3)

* feat: add sha256 implementation of hashcom

Signed-off-by: Luca Georges Francois <luca@quartz.technology>

* docs: update cover path in main readme

Signed-off-by: Luca Georges Francois <luca@quartz.technology>

* docs: add instructions and examples for sha256 scheme

Signed-off-by: Luca Georges Francois <luca@quartz.technology>

* ci: update package version to 0.2.0

Signed-off-by: Luca Georges Francois <luca@quartz.technology>

Signed-off-by: Luca Georges Francois <luca@quartz.technology>

Author: 0xpanoramix

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "hashcom-rs"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Luca Georges François <luca@quartz.technology>"]
 description = "A fast, minimal but yet extensible framework for building and using hash commitment schemes"
 repository = "https://github.com/quartz-technology/hashcom-rs"
@@ -11,6 +11,11 @@ edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
+[dev-dependencies]
+base16ct = "0.1.1"
+hex-literal = "0.3.4"
+
 [dependencies]
 bincode = "1.3.3"
-serde = "1.0.150"
+serde = "1.0.150"
+sha2 = "0.10.6"

README.md

@@ -1,7 +1,7 @@
 # <h1 align="center"> hashcom-rs </h1>
 
 <p align="center">
-    <img src="./.github/assets/COVER.PNG" width="400" alt="A DALL-E representation of a 
+    <img src="https://github.com/quartz-technology/hashcom-rs/blob/main/.github/assets/COVER.PNG" width="400" alt="A DALL-E representation of a 
 photo of a computer circuit in cyberpunk style with a dark theme">
 </p>
 
@@ -20,4 +20,34 @@ I was inspired by the [go-ibft](https://github.com/0xPolygon/go-ibft) to create
 easily integrate and customize a hash commitment scheme in a rust application.
 
 This package exposes both a trait for you to build your scheme given a specific hash function, or
-use an existing one.
+use an existing one.
+
+## Architecture
+
+The `hashcom-rs` library exposes a [`HashCommitmentScheme`](./src/lib.rs#L20) trait that can be
+implemented with you own hash function.
+You'll just have to implement the `commit` and `verify` methods.
+
+A [`SHA256`](./src/lib.rs#L34) implementation is already provided. Below is an example of how it can be used
+(here, there's only one party who acts as both the prover and the verifier):
+```rust
+/// Here, one party acts as both the prover and the verifier,
+/// assuming that the verifier is not malicious.
+fn it_verifies_valid_commitment() {
+    let s: [u8; 4] = [52, 50, 52, 50]; // 4242 in string format.
+    let r: [u8; 4] = [50, 52, 50, 52]; // 2424 in string format.
+
+    // Commit phase.
+    let party = SHA256Commitment::new(&s, &r);
+    let commit = party.commit();
+
+    // Verification phase.
+    let verification = party.verify(&commit.unwrap(), &s, &r);
+
+    assert_eq!(verification.is_ok(), true);
+    assert_eq!(verification.unwrap(), true)
+}
+```
+
+## Authors
+Made with ❤️ by 🤖 [0xpanoramix](https://github.com/0xpanoramix/) 🤖

src/lib.rs

@@ -1,5 +1,6 @@
 use bincode::Result;
 use serde::Serialize;
+use sha2::{Digest, Sha256};
 
 /// A high-level representation of a party in a Hash Commitment Scheme.
 ///
@@ -20,3 +21,133 @@ pub trait HashCommitmentScheme<T: Serialize> {
     fn commit(&self) -> Result<Vec<u8>>;
     fn verify(&self, com: &[u8], s: &T, r: &[u8]) -> Result<bool>;
 }
+
+/// An implementation of the Hash Commitment Scheme using the SHA256 hash function.
+///
+/// We store the party's secret and random number as references because we don't want to take
+/// ownership over those variables and avoid useless copies (we only perform read operations
+/// with them).
+///
+/// We use lifetime annotations as we need to store references to existing variables in our
+/// structure, so that an instance of SHA256Commitment can not outlive the references
+/// it holds.
+pub struct SHA256Commitment<'a, T: 'a + Serialize> {
+    s: &'a T,
+    r: &'a [u8],
+}
+
+impl<'a, T: 'a + Serialize> SHA256Commitment<'a, T> {
+    /// Creates a new party for the SHA256 Commitment Scheme using its secret and random
+    /// number.
+    pub fn new(s: &'a T, r: &'a [u8]) -> SHA256Commitment<'a, T> {
+        SHA256Commitment { s, r }
+    }
+
+    /// Forges a commitment given a secret s and a random number r.
+    ///
+    /// We encode the secret to a byte array (which is padded by default), and use it along with
+    /// the random number, given as a byte array, to forge the commitment using the SHA256 hash
+    /// function.
+    fn forge_commitment(&self, s: &T, r: &[u8]) -> Result<Vec<u8>> {
+        let binary_encoded_s = bincode::serialize(s)?;
+
+        let hash = Sha256::new()
+            .chain_update(binary_encoded_s.as_slice())
+            .chain_update(r)
+            .finalize();
+
+        Ok(hash.as_slice().to_vec())
+    }
+}
+
+impl<'a, T: 'a + Serialize> HashCommitmentScheme<T> for SHA256Commitment<'a, T> {
+    /// Creates the commitment used during the commit phase.
+    fn commit(&self) -> Result<Vec<u8>> {
+        self.forge_commitment(self.s, self.r)
+    }
+
+    /// Creates the expected commitment using the prover's secret and random number.
+    /// Then, compares the expected commitment with the prover's one to verify if the commitment
+    /// holds.
+    fn verify(&self, com: &[u8], s: &T, r: &[u8]) -> Result<bool> {
+        let expected_commitment = self.forge_commitment(s, r)?;
+
+        Ok(expected_commitment == com)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{HashCommitmentScheme, SHA256Commitment};
+    use hex_literal::hex;
+
+    #[test]
+    fn it_commits_correctly() {
+        let s: [u8; 4] = [52, 50, 52, 50]; // 4242 in string format.
+        let r: [u8; 4] = [50, 52, 50, 52]; // 2424 in string format.
+
+        let party = SHA256Commitment::new(&s, &r);
+        let commit = party.commit();
+
+        assert_eq!(commit.is_ok(), true);
+        assert_eq!(
+            commit.unwrap().as_slice(),
+            hex!("f4417d2878a0e2da0393e604b24a98627fd22506089baa83c165f9ac7b336fe9")
+        )
+    }
+
+    /// Here, one party acts as both the prover and the verifier,
+    /// assuming that the verifier is not malicious.
+    #[test]
+    fn it_verifies_valid_commitment() {
+        let s: [u8; 4] = [52, 50, 52, 50]; // 4242 in string format.
+        let r: [u8; 4] = [50, 52, 50, 52]; // 2424 in string format.
+
+        // Commit phase.
+        let party = SHA256Commitment::new(&s, &r);
+        let commit = party.commit();
+
+        // Verification phase.
+        let verification = party.verify(&commit.unwrap(), &s, &r);
+
+        assert_eq!(verification.is_ok(), true);
+        assert_eq!(verification.unwrap(), true)
+    }
+
+    /// Here, during the verification phase, we assume that the prover has given an invalid r.
+    #[test]
+    fn it_fails_to_verify_due_to_invalid_random() {
+        let s: [u8; 4] = [52, 50, 52, 50]; // 4242 in string format.
+        let r: [u8; 4] = [50, 52, 50, 52]; // 2424 in string format.
+
+        // Commit phase.
+        let party = SHA256Commitment::new(&s, &r);
+        let commit = party.commit();
+
+        // Verification phase.
+        let fake_r: [u8; 4] = [66, 68, 66, 68];
+        let verification = party.verify(&commit.unwrap(), &s, &fake_r);
+
+        assert_eq!(verification.is_ok(), true);
+        assert_eq!(verification.unwrap(), false)
+    }
+
+    /// Here, during the verification phase, we assume that the prover has given an invalid secret.
+    /// This happens when the prover decides to break his initial commitment.
+    #[test]
+    fn it_fails_to_verify_due_to_invalid_secret() {
+        let s: [u8; 4] = [52, 50, 52, 50]; // 4242 in string format.
+        let r: [u8; 4] = [50, 52, 50, 52]; // 2424 in string format.
+
+        // Commit phase.
+        let party = SHA256Commitment::new(&s, &r);
+        let commit = party.commit();
+
+        // Verification phase.
+        let fake_s: [u8; 4] = [66, 68, 66, 68];
+        let verification = party.verify(&commit.unwrap(), &fake_s, &r);
+
+        assert_eq!(verification.is_ok(), true);
+        assert_eq!(verification.unwrap(), false)
+    }
+}