diff --git a/crates/proof-of-sql/src/proof_primitive/dory/dory_inner_product_test.rs b/crates/proof-of-sql/src/proof_primitive/dory/dory_inner_product_test.rs index 660f3b9ba..7e8bacb8a 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/dory_inner_product_test.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/dory_inner_product_test.rs @@ -1,6 +1,6 @@ use super::{ - dory_inner_product_prove, dory_inner_product_verify, rand_G_vecs, test_rng, DoryMessages, - G1Affine, ProverState, PublicParameters, GT, + dory_inner_product_prove, dory_inner_product_verify, rand_G_vecs_for_testing, test_rng, + DoryMessages, G1Affine, ProverState, PublicParameters, GT, }; use ark_std::UniformRand; use merlin::Transcript; @@ -12,7 +12,7 @@ fn we_can_prove_and_verify_a_dory_inner_product() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -38,7 +38,7 @@ fn we_can_prove_and_verify_a_dory_inner_product_for_multiple_nu_values() { let verifier_setup = (&pp).into(); for nu in 0..max_nu { - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -63,7 +63,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_a_message_is_modified() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -89,7 +89,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_there_are_too_few_GT_messages() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -115,7 +115,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_there_are_too_many_GT_messages() let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -141,7 +141,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_there_are_too_few_G1_messages() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -167,7 +167,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_there_are_too_many_G1_messages() let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -193,7 +193,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_the_transcripts_differ() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -218,7 +218,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_the_setups_differ() { let prover_setup = (&pp).into(); let pp_wrong = PublicParameters::rand(nu, &mut rng); let verifier_setup = (&pp_wrong).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -244,7 +244,7 @@ fn we_fail_to_verify_a_dory_inner_product_when_the_commitment_is_wrong() { let pp = PublicParameters::rand(nu, &mut rng); let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1, v2, nu); let mut verifier_state = prover_state.calculate_verifier_state(&prover_setup); diff --git a/crates/proof-of-sql/src/proof_primitive/dory/extended_dory_inner_product_test.rs b/crates/proof-of-sql/src/proof_primitive/dory/extended_dory_inner_product_test.rs index ed9e145ec..96d941f97 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/extended_dory_inner_product_test.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/extended_dory_inner_product_test.rs @@ -1,7 +1,7 @@ use super::{ extended_dory_inner_product_prove, extended_dory_inner_product_verify, extended_dory_reduce_helper::extended_dory_reduce_verify_fold_s_vecs, rand_F_tensors, - rand_G_vecs, test_rng, DoryMessages, ExtendedProverState, G1Affine, PublicParameters, GT, + rand_G_vecs_for_testing, test_rng, DoryMessages, ExtendedProverState, G1Affine, PublicParameters, GT, }; use ark_std::UniformRand; use merlin::Transcript; @@ -14,7 +14,7 @@ fn we_can_prove_and_verify_an_extended_dory_inner_product() { let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -42,7 +42,7 @@ fn we_can_prove_and_verify_an_extended_dory_inner_product_for_multiple_nu_values for nu in 0..max_nu { let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -74,7 +74,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_a_message_is_modified() let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -102,7 +102,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_there_are_too_few_GT_me let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -130,7 +130,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_there_are_too_many_GT_m let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -158,7 +158,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_there_are_too_few_G1_me let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -186,7 +186,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_there_are_too_many_G1_m let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -214,7 +214,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_the_transcripts_differ( let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -241,7 +241,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_the_setups_differ() { let pp_wrong = PublicParameters::rand(nu, &mut rng); let verifier_setup = (&pp_wrong).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -269,7 +269,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_the_base_commitment_is_ let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let mut verifier_state = prover_state.calculate_verifier_state(&prover_setup); @@ -297,7 +297,7 @@ fn we_fail_to_verify_an_extended_dory_inner_product_when_a_scalar_commitment_is_ let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let mut verifier_state = prover_state.calculate_verifier_state(&prover_setup); diff --git a/crates/proof-of-sql/src/proof_primitive/dory/extended_state_test.rs b/crates/proof-of-sql/src/proof_primitive/dory/extended_state_test.rs index c7ed9e874..d8a57868c 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/extended_state_test.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/extended_state_test.rs @@ -1,6 +1,6 @@ use super::{ - rand_F_tensors, rand_G_vecs, test_rng, ExtendedProverState, G1Projective, G2Projective, - PublicParameters, + rand_F_tensors, rand_G_vecs_for_testing, test_rng, ExtendedProverState, G1Projective, + G2Projective, PublicParameters, }; use crate::base::polynomial::compute_evaluation_vector; use ark_ec::{pairing::Pairing, VariableBaseMSM}; @@ -12,7 +12,7 @@ pub fn we_can_create_an_extended_verifier_state_from_an_extended_prover_state() let pp = PublicParameters::rand(max_nu, &mut rng); let prover_setup = (&pp).into(); for nu in 0..max_nu { - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); let mut s1 = vec![Default::default(); 1 << nu]; let mut s2 = vec![Default::default(); 1 << nu]; diff --git a/crates/proof-of-sql/src/proof_primitive/dory/fold_scalars_test.rs b/crates/proof-of-sql/src/proof_primitive/dory/fold_scalars_test.rs index fa42456af..f2c9665a0 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/fold_scalars_test.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/fold_scalars_test.rs @@ -1,6 +1,6 @@ use super::{ extended_dory_reduce_helper::extended_dory_reduce_verify_fold_s_vecs, fold_scalars_0_prove, - fold_scalars_0_verify, rand_F_tensors, rand_G_vecs, test_rng, DoryMessages, + fold_scalars_0_verify, rand_F_tensors, rand_G_vecs_for_testing, test_rng, DoryMessages, ExtendedProverState, PublicParameters, }; use merlin::Transcript; @@ -13,7 +13,7 @@ fn we_can_fold_scalars() { let prover_setup = (&pp).into(); let verifier_setup = (&pp).into(); let (s1_tensor, s2_tensor) = rand_F_tensors(nu, &mut rng); - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ExtendedProverState::new_from_tensors(s1_tensor, s2_tensor, v1, v2, nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup); diff --git a/crates/proof-of-sql/src/proof_primitive/dory/mod.rs b/crates/proof-of-sql/src/proof_primitive/dory/mod.rs index fc1659e22..80c9ad292 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/mod.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/mod.rs @@ -26,7 +26,7 @@ mod rand_util; #[cfg(test)] use rand_util::rand_F_tensors; #[cfg(any(test, feature = "test"))] -use rand_util::rand_G_vecs; +use rand_util::rand_G_vecs_for_testing; #[cfg(any(test, feature = "test"))] pub use rand_util::test_rng; diff --git a/crates/proof-of-sql/src/proof_primitive/dory/public_parameters.rs b/crates/proof-of-sql/src/proof_primitive/dory/public_parameters.rs index 81e925761..c1cb0108b 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/public_parameters.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/public_parameters.rs @@ -1,5 +1,7 @@ use super::{G1Affine, G2Affine}; use alloc::vec::Vec; +use ark_ff::UniformRand; + /// The public parameters for the Dory protocol. See section 5 of https://eprint.iacr.org/2020/1274.pdf for details. /// /// Note: even though H_1 and H_2 are marked as blue, they are still needed. @@ -21,14 +23,33 @@ pub struct PublicParameters { } impl PublicParameters { - #[cfg(any(test, feature = "test"))] + /// Create new public parameters from the requisite group element vectors + /// and setup size. + pub fn new( + Gamma_1: Vec, + Gamma_2: Vec, + H_1: G1Affine, + H_2: G2Affine, + Gamma_2_fin: G2Affine, + max_nu: usize, + ) -> Self { + Self { + Gamma_1, + Gamma_2, + H_1, + H_2, + Gamma_2_fin, + max_nu, + } + } + /// Generate random public parameters for testing purposes. pub fn rand(max_nu: usize, rng: &mut R) -> Self where R: ark_std::rand::Rng + ?Sized, { use ark_std::UniformRand; - let (Gamma_1, Gamma_2) = super::rand_G_vecs(max_nu, rng); + let (Gamma_1, Gamma_2) = Self::rand_G_vecs(max_nu, rng); let (H_1, H_2) = (G1Affine::rand(rng), G2Affine::rand(rng)); let Gamma_2_fin = G2Affine::rand(rng); @@ -41,4 +62,14 @@ impl PublicParameters { Gamma_2_fin, } } + + /// Creates two vectors of random G1 and G2 elements with length 2^nu. + pub fn rand_G_vecs(nu: usize, rng: &mut R) -> (Vec, Vec) + where + R: ark_std::rand::Rng + ?Sized, + { + core::iter::repeat_with(|| (G1Affine::rand(rng), G2Affine::rand(rng))) + .take(1 << nu) + .unzip() + } } diff --git a/crates/proof-of-sql/src/proof_primitive/dory/rand_util.rs b/crates/proof-of-sql/src/proof_primitive/dory/rand_util.rs index cf7f7738d..8dd8a1ef9 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/rand_util.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/rand_util.rs @@ -17,7 +17,7 @@ pub fn test_seed_rng(seed: [u8; 32]) -> impl Rng { } /// Creates two vectors of random G1 and G2 elements with length 2^nu. -pub fn rand_G_vecs(nu: usize, rng: &mut R) -> (Vec, Vec) +pub fn rand_G_vecs_for_testing(nu: usize, rng: &mut R) -> (Vec, Vec) where R: ark_std::rand::Rng + ?Sized, { @@ -52,7 +52,7 @@ where fn we_can_create_rand_G_vecs() { let mut rng = test_rng(); for nu in 0..5 { - let (Gamma_1, Gamma_2) = rand_G_vecs(nu, &mut rng); + let (Gamma_1, Gamma_2) = rand_G_vecs_for_testing(nu, &mut rng); assert_eq!(Gamma_1.len(), 1 << nu); assert_eq!(Gamma_2.len(), 1 << nu); } @@ -62,8 +62,8 @@ fn we_can_create_rand_G_vecs() { fn we_can_create_different_rand_G_vecs_consecutively_from_the_same_rng() { let mut rng = test_rng(); for nu in 0..5 { - let (Gamma_1, Gamma_2) = rand_G_vecs(nu, &mut rng); - let (Gamma_1_2, Gamma_2_2) = rand_G_vecs(nu, &mut rng); + let (Gamma_1, Gamma_2) = rand_G_vecs_for_testing(nu, &mut rng); + let (Gamma_1_2, Gamma_2_2) = rand_G_vecs_for_testing(nu, &mut rng); assert_ne!(Gamma_1, Gamma_1_2); assert_ne!(Gamma_2, Gamma_2_2); } @@ -74,8 +74,8 @@ fn we_can_create_the_same_rand_G_vecs_from_the_same_seed() { let mut rng = test_seed_rng([1; 32]); let mut rng_2 = test_seed_rng([1; 32]); for nu in 0..5 { - let (Gamma_1, Gamma_2) = rand_G_vecs(nu, &mut rng); - let (Gamma_1_2, Gamma_2_2) = rand_G_vecs(nu, &mut rng_2); + let (Gamma_1, Gamma_2) = rand_G_vecs_for_testing(nu, &mut rng); + let (Gamma_1_2, Gamma_2_2) = rand_G_vecs_for_testing(nu, &mut rng_2); assert_eq!(Gamma_1, Gamma_1_2); assert_eq!(Gamma_2, Gamma_2_2); } @@ -86,8 +86,8 @@ fn we_can_create_different_rand_G_vecs_from_different_seeds() { let mut rng = test_seed_rng([1; 32]); let mut rng_2 = test_seed_rng([2; 32]); for nu in 0..5 { - let (Gamma_1, Gamma_2) = rand_G_vecs(nu, &mut rng); - let (Gamma_1_2, Gamma_2_2) = rand_G_vecs(nu, &mut rng_2); + let (Gamma_1, Gamma_2) = rand_G_vecs_for_testing(nu, &mut rng); + let (Gamma_1_2, Gamma_2_2) = rand_G_vecs_for_testing(nu, &mut rng_2); assert_ne!(Gamma_1, Gamma_1_2); assert_ne!(Gamma_2, Gamma_2_2); } diff --git a/crates/proof-of-sql/src/proof_primitive/dory/state_test.rs b/crates/proof-of-sql/src/proof_primitive/dory/state_test.rs index e9c4953ea..ae89385b7 100644 --- a/crates/proof-of-sql/src/proof_primitive/dory/state_test.rs +++ b/crates/proof-of-sql/src/proof_primitive/dory/state_test.rs @@ -1,4 +1,4 @@ -use super::{rand_G_vecs, test_rng, ProverState, PublicParameters}; +use super::{rand_G_vecs_for_testing, test_rng, ProverState, PublicParameters}; use ark_ec::pairing::Pairing; #[test] @@ -8,7 +8,7 @@ pub fn we_can_create_a_verifier_state_from_a_prover_state() { let pp = PublicParameters::rand(max_nu, &mut rng); let prover_setup = (&pp).into(); for nu in 0..max_nu { - let (v1, v2) = rand_G_vecs(nu, &mut rng); + let (v1, v2) = rand_G_vecs_for_testing(nu, &mut rng); let prover_state = ProverState::new(v1.clone(), v2.clone(), nu); let verifier_state = prover_state.calculate_verifier_state(&prover_setup);