Revert a change

lovesh · lovesh · commit 0405015ebdff · 2024-07-18T11:03:25.000+05:30
Signed-off-by: lovesh &lt;lovesh.bond@gmail.com&gt;
diff --git a/bbs_plus/src/proof.rs b/bbs_plus/src/proof.rs
@@ -152,6 +152,8 @@ pub struct PoKOfSignatureG1Proof<E: Pairing> {
     /// Proof of relation `g1 + h1*m1 + h2*m2 +.... + h_i*m_i` = `d*r3 + {h_0}*{-s'} + h1*{-m1} + h2*{-m2} + .... + h_j*{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
     #[serde_as(as = "ArkObjectBytes")]
     pub T2: E::G1Affine,
+    /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization
+    /// for Either is not supported out of the box and had to be implemented
     pub sc_resp_2: Option<SchnorrResponse<E::G1Affine>>,
     pub sc_partial_resp_2: Option<PartialSchnorrResponse<E::G1Affine>>,
 }
diff --git a/bbs_plus/src/proof_23_cdl.rs b/bbs_plus/src/proof_23_cdl.rs
@@ -104,6 +104,8 @@ pub struct PoKOfSignature23G1Proof<E: Pairing> {
     /// Proof of relation `g1 + h1*m1 + h2*m2 +.... + h_i*m_i` = `d*r3 + h1*{-m1} + h2*{-m2} + .... + h_j*{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
     #[serde_as(as = "ArkObjectBytes")]
     pub T2: E::G1Affine,
+    /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization
+    /// for Either is not supported out of the box and had to be implemented
     pub sc_resp_2: Option<SchnorrResponse<E::G1Affine>>,
     pub sc_partial_resp_2: Option<PartialSchnorrResponse<E::G1Affine>>,
 }
diff --git a/bbs_plus/src/proof_23_ietf.rs b/bbs_plus/src/proof_23_ietf.rs
@@ -87,6 +87,8 @@ pub struct PoKOfSignature23G1Proof<E: Pairing> {
     /// Proof of relation `\sum_{j \notin D}{h_j * m_j} - B_bar * 1/r - A_bar * e * 1/r = g + \sum_{i \in D}{h_i * m_i}`
     #[serde_as(as = "ArkObjectBytes")]
     pub T: E::G1Affine,
+    /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization
+    /// for Either is not supported out of the box and had to be implemented
     pub sc_resp: Option<SchnorrResponse<E::G1Affine>>,
     pub sc_partial_resp: Option<PartialSchnorrResponse<E::G1Affine>>,
 }
diff --git a/kvac/src/bbdt_2016/proof_cdh.rs b/kvac/src/bbdt_2016/proof_cdh.rs
@@ -101,6 +101,8 @@ pub struct PoKOfMAC<G: AffineRepr> {
     pub sc_C: PokTwoDiscreteLogs<G>,
     #[serde_as(as = "ArkObjectBytes")]
     pub t_msgs: G,
+    /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization
+    /// for Either is not supported out of the box and had to be implemented
     pub sc_resp_msgs: Option<SchnorrResponse<G>>,
     pub sc_partial_resp_msgs: Option<PartialSchnorrResponse<G>>,
 }
diff --git a/proof_system/src/error.rs b/proof_system/src/error.rs
@@ -110,6 +110,7 @@ pub enum ProofSystemError {
     UnequalCiphertextChunksAndSchnorrResponses(usize, usize),
     UnequalResponseOfSaverCiphertextAndChunk(usize),
     ResponseForWitnessNotFoundForStatement(usize),
+    NoResponseFoundForWitnessRef(usize, usize),
 }
 
 impl From<SchnorrError> for ProofSystemError {
diff --git a/proof_system/src/statement_proof.rs b/proof_system/src/statement_proof.rs
@@ -284,10 +284,17 @@ pub struct BoundCheckLegoGroth16ProofWhenAggregatingSnarks<E: Pairing> {
 pub struct R1CSLegoGroth16Proof<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub snark_proof: legogroth16::Proof<E>,
-    pub sp: PedersenCommitmentPartialProof<E::G1Affine>,
+    pub sp: PedersenCommitmentProof<E::G1Affine>,
 }
 
 impl<E: Pairing> R1CSLegoGroth16Proof<E> {
+    pub fn get_schnorr_response_for_message(
+        &self,
+        index: usize,
+    ) -> Result<&E::ScalarField, ProofSystemError> {
+        self.sp.response.get_response(index).map_err(|e| e.into())
+    }
+
     pub fn for_aggregation(&self) -> R1CSLegoGroth16ProofWhenAggregatingSnarks<E> {
         R1CSLegoGroth16ProofWhenAggregatingSnarks {
             commitment: self.snark_proof.d,
@@ -304,7 +311,16 @@ impl<E: Pairing> R1CSLegoGroth16Proof<E> {
 pub struct R1CSLegoGroth16ProofWhenAggregatingSnarks<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub commitment: E::G1Affine,
-    pub sp: PedersenCommitmentPartialProof<E::G1Affine>,
+    pub sp: PedersenCommitmentProof<E::G1Affine>,
+}
+
+impl<E: Pairing> R1CSLegoGroth16ProofWhenAggregatingSnarks<E> {
+    pub fn get_schnorr_response_for_message(
+        &self,
+        index: usize,
+    ) -> Result<&E::ScalarField, ProofSystemError> {
+        self.sp.response.get_response(index).map_err(|e| e.into())
+    }
 }
 
 #[serde_as]
diff --git a/proof_system/src/sub_protocols/r1cs_legogorth16.rs b/proof_system/src/sub_protocols/r1cs_legogorth16.rs
@@ -7,13 +7,7 @@ use crate::{
 };
 use ark_ec::pairing::Pairing;
 use ark_serialize::CanonicalSerialize;
-use ark_std::{
-    collections::{BTreeMap, BTreeSet},
-    io::Write,
-    rand::RngCore,
-    vec::Vec,
-    UniformRand,
-};
+use ark_std::{collections::BTreeMap, io::Write, rand::RngCore, vec::Vec, UniformRand};
 use dock_crypto_utils::randomized_pairing_check::RandomizedPairingChecker;
 use legogroth16::{
     calculate_d,
@@ -156,15 +150,13 @@ impl<'a, E: Pairing> R1CSLegogroth16Protocol<'a, E> {
                 self.id,
             ));
         }
-        let comm_wit_count = self.proving_key.as_ref().unwrap().vk.commit_witness_count as usize;
-        let skip_responses_for = BTreeSet::from_iter(0..comm_wit_count);
         Ok(StatementProof::R1CSLegoGroth16(R1CSLegoGroth16Proof {
             snark_proof: self.snark_proof.take().unwrap(),
             sp: self
                 .sp
                 .take()
                 .unwrap()
-                .gen_partial_proof_contribution_as_struct(challenge, &skip_responses_for)?,
+                .gen_proof_contribution_as_struct(challenge)?,
         }))
     }
 
@@ -177,7 +169,6 @@ impl<'a, E: Pairing> R1CSLegogroth16Protocol<'a, E> {
         comm_key: &[E::G1Affine],
         pvk: &PreparedVerifyingKey<E>,
         pairing_checker: &mut Option<RandomizedPairingChecker<E>>,
-        missing_responses: BTreeMap<usize, E::ScalarField>,
     ) -> Result<(), ProofSystemError> {
         let snark_proof = &proof.snark_proof;
         match pairing_checker {
@@ -201,7 +192,7 @@ impl<'a, E: Pairing> R1CSLegogroth16Protocol<'a, E> {
         // NOTE: value of id is dummy
         let sp = SchnorrProtocol::new(10000, comm_key, proof.snark_proof.d);
 
-        sp.verify_partial_proof_contribution(challenge, &proof.sp, missing_responses)
+        sp.verify_proof_contribution(challenge, &proof.sp)
             .map_err(|e| ProofSystemError::SchnorrProofContributionFailed(self.id as u32, e))
     }
 
@@ -210,11 +201,10 @@ impl<'a, E: Pairing> R1CSLegogroth16Protocol<'a, E> {
         challenge: &E::ScalarField,
         proof: &R1CSLegoGroth16ProofWhenAggregatingSnarks<E>,
         comm_key: &[E::G1Affine],
-        missing_responses: BTreeMap<usize, E::ScalarField>,
     ) -> Result<(), ProofSystemError> {
         // NOTE: value of id is dummy
         let sp = SchnorrProtocol::new(10000, comm_key, proof.commitment);
-        sp.verify_partial_proof_contribution(challenge, &proof.sp, missing_responses)
+        sp.verify_proof_contribution(challenge, &proof.sp)
             .map_err(|e| ProofSystemError::SchnorrProofContributionFailed(self.id as u32, e))
     }
 
diff --git a/proof_system/src/verifier.rs b/proof_system/src/verifier.rs
@@ -505,27 +505,6 @@ impl<E: Pairing> Proof<E> {
                     StatementProof::PoKPSSignature(p) => {
                         let sig_params = s.get_params(&proof_spec.setup_params, s_idx)?;
                         let pk = s.get_public_key(&proof_spec.setup_params, s_idx)?;
-                        // // Check witness equalities for this statement.
-                        // let revealed_msg_ids: Vec<_> =
-                        //     s.revealed_messages.keys().copied().collect();
-                        // for i in 0..sig_params.supported_message_count() {
-                        //     let w_ref = (s_idx, i);
-                        //     for j in 0..witness_equalities.len() {
-                        //         if witness_equalities[j].contains(&w_ref) {
-                        //             let resp = p.response_for_message(
-                        //                 i,
-                        //                 revealed_msg_ids.iter().copied(),
-                        //             )?;
-                        //             Self::check_response_for_equality(
-                        //                 s_idx,
-                        //                 i,
-                        //                 j,
-                        //                 &mut responses_for_equalities,
-                        //                 resp,
-                        //             )?;
-                        //         }
-                        //     }
-                        // }
                         transcript.set_label(PS_LABEL);
                         p.challenge_contribution(&mut transcript, pk, sig_params)?;
                     }
@@ -1295,49 +1274,70 @@ impl<E: Pairing> Proof<E> {
                     let pub_inp = s
                         .get_public_inputs(&proof_spec.setup_params, s_idx)?
                         .to_vec();
-                    let mut resp = BTreeMap::new();
-                    for i in 0..verifying_key.commit_witness_count as usize {
-                        let wit_ref = (s_idx, i);
-                        for (i, eq) in disjoint_equalities.iter().enumerate() {
-                            if eq.has_wit_ref(&wit_ref) {
-                                if let Some(r) = resp_for_equalities.get(&i) {
-                                    resp.insert(i, *r);
-                                } else {
-                                    return Err(
-                                        ProofSystemError::ResponseForWitnessNotFoundForStatement(
-                                            s_idx,
-                                        ),
-                                    );
-                                }
-                                // Exit loop because equalities are disjoint
-                                break;
-                            }
-                        }
-                    }
 
                     match proof {
-                        StatementProof::R1CSLegoGroth16(ref r1cs_proof) => sp
-                            .verify_proof_contribution(
+                        StatementProof::R1CSLegoGroth16(ref r1cs_proof) => {
+                            for w_id in 0..verifying_key.commit_witness_count as usize {
+                                let w_ref = (s_idx, w_id);
+                                for (i, eq) in disjoint_equalities.iter().enumerate() {
+                                    if eq.has_wit_ref(&w_ref) {
+                                        let resp =
+                                            r1cs_proof.get_schnorr_response_for_message(w_id)?;
+                                        if let Some(r) = resp_for_equalities.get(&i) {
+                                            if resp != r {
+                                                return Err(
+                                                    ProofSystemError::WitnessResponseNotEqual(
+                                                        s_idx, w_id,
+                                                    ),
+                                                );
+                                            }
+                                        } else {
+                                            resp_for_equalities.insert(i, *resp);
+                                        }
+                                    }
+                                }
+                            }
+                            sp.verify_proof_contribution(
                                 &challenge,
                                 &pub_inp,
                                 r1cs_proof,
                                 r1cs_comm_keys.get(s_idx).unwrap(),
                                 derived_lego_vk.get(s_idx).unwrap(),
                                 &mut pairing_checker,
-                                resp,
-                            )?,
+                            )?
+                        }
                         StatementProof::R1CSLegoGroth16WithAggregation(ref r1cs_proof) => {
                             let agg_idx = agg_lego_stmts.get(&s_idx).ok_or_else(|| {
                                 ProofSystemError::InvalidStatementProofIndex(s_idx)
                             })?;
                             agg_lego[*agg_idx].0.push(r1cs_proof.commitment);
                             agg_lego[*agg_idx].1.push(pub_inp);
 
+                            for w_id in 0..verifying_key.commit_witness_count as usize {
+                                let w_ref = (s_idx, w_id);
+                                for (i, eq) in disjoint_equalities.iter().enumerate() {
+                                    if eq.has_wit_ref(&w_ref) {
+                                        let resp =
+                                            r1cs_proof.get_schnorr_response_for_message(w_id)?;
+                                        if let Some(r) = resp_for_equalities.get(&i) {
+                                            if resp != r {
+                                                return Err(
+                                                    ProofSystemError::WitnessResponseNotEqual(
+                                                        s_idx, w_id,
+                                                    ),
+                                                );
+                                            }
+                                        } else {
+                                            resp_for_equalities.insert(i, *resp);
+                                        }
+                                    }
+                                }
+                            }
+
                             sp.verify_proof_contribution_using_prepared_when_aggregating_snark(
                                 &challenge,
                                 r1cs_proof,
                                 r1cs_comm_keys.get(s_idx).unwrap(),
-                                resp,
                             )?
                         }
                         _ => {
@@ -1774,14 +1774,12 @@ impl<E: Pairing> Proof<E> {
                 if let Some(r) = resp_for_equalities.get(&i) {
                     resp = Some(*r);
                 } else {
-                    return Err(ProofSystemError::ResponseForWitnessNotFoundForStatement(
-                        s_idx,
-                    ));
+                    return Err(ProofSystemError::NoResponseFoundForWitnessRef(s_idx, 0));
                 }
                 // Exit loop because equalities are disjoint
                 break;
             }
         }
-        resp.ok_or_else(|| ProofSystemError::ResponseForWitnessNotFoundForStatement(s_idx))
+        resp.ok_or_else(|| ProofSystemError::NoResponseFoundForWitnessRef(s_idx, 0))
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,8 @@ pub struct PoKOfSignatureG1Proof<E: Pairing> {`
`152`	`152`	/// Proof of relation `g1 + h1m1 + h2m2 +.... + h_im_i` = `dr3 + {h_0}{-s'} + h1{-m1} + h2{-m2} + .... + h_j{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
`153`	`153`	`#[serde_as(as = "ArkObjectBytes")]`
`154`	`154`	`pub T2: E::G1Affine,`
	`155`	`+ /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization`
	`156`	`+ /// for Either is not supported out of the box and had to be implemented`
`155`	`157`	`pub sc_resp_2: Option<SchnorrResponse<E::G1Affine>>,`
`156`	`158`	`pub sc_partial_resp_2: Option<PartialSchnorrResponse<E::G1Affine>>,`
`157`	`159`	`}`
Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,8 @@ pub struct PoKOfSignature23G1Proof<E: Pairing> {`
`104`	`104`	/// Proof of relation `g1 + h1m1 + h2m2 +.... + h_im_i` = `dr3 + h1{-m1} + h2{-m2} + .... + h_j*{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
`105`	`105`	`#[serde_as(as = "ArkObjectBytes")]`
`106`	`106`	`pub T2: E::G1Affine,`
	`107`	`+ /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization`
	`108`	`+ /// for Either is not supported out of the box and had to be implemented`
`107`	`109`	`pub sc_resp_2: Option<SchnorrResponse<E::G1Affine>>,`
`108`	`110`	`pub sc_partial_resp_2: Option<PartialSchnorrResponse<E::G1Affine>>,`
`109`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,8 @@ pub struct PoKOfSignature23G1Proof<E: Pairing> {`
`87`	`87`	/// Proof of relation `\sum_{j \notin D}{h_j * m_j} - B_bar * 1/r - A_bar * e * 1/r = g + \sum_{i \in D}{h_i * m_i}`
`88`	`88`	`#[serde_as(as = "ArkObjectBytes")]`
`89`	`89`	`pub T: E::G1Affine,`
	`90`	`+ /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization`
	`91`	`+ /// for Either is not supported out of the box and had to be implemented`
`90`	`92`	`pub sc_resp: Option<SchnorrResponse<E::G1Affine>>,`
`91`	`93`	`pub sc_partial_resp: Option<PartialSchnorrResponse<E::G1Affine>>,`
`92`	`94`	`}`
Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,8 @@ pub struct PoKOfMAC<G: AffineRepr> {`
`101`	`101`	`pub sc_C: PokTwoDiscreteLogs<G>,`
`102`	`102`	`#[serde_as(as = "ArkObjectBytes")]`
`103`	`103`	`pub t_msgs: G,`
	`104`	`+ /// The following could be achieved by using Either<SchnorrResponse, PartialSchnorrResponse> but serialization`
	`105`	`+ /// for Either is not supported out of the box and had to be implemented`
`104`	`106`	`pub sc_resp_msgs: Option<SchnorrResponse<G>>,`
`105`	`107`	`pub sc_partial_resp_msgs: Option<PartialSchnorrResponse<G>>,`
`106`	`108`	`}`
Original file line number	Diff line number	Diff line change
`@@ -110,6 +110,7 @@ pub enum ProofSystemError {`
`110`	`110`	`UnequalCiphertextChunksAndSchnorrResponses(usize, usize),`
`111`	`111`	`UnequalResponseOfSaverCiphertextAndChunk(usize),`
`112`	`112`	`ResponseForWitnessNotFoundForStatement(usize),`
	`113`	`+ NoResponseFoundForWitnessRef(usize, usize),`
`113`	`114`	`}`
`114`	`115`
`115`	`116`	`impl From<SchnorrError> for ProofSystemError {`