Use new protocols for committed point addition and scalar multiplication, reorg schnorr_pok crate and add randomized scalar multiplication check

Signed-off-by: lovesh <lovesh.bond@gmail.com>

Author: lovesh

bbs_plus/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "bbs_plus"
-version = "0.23.0"
+version = "0.24.0"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -23,10 +23,10 @@ itertools.workspace = true
 serde.workspace = true
 serde_with.workspace = true
 zeroize.workspace = true
-schnorr_pok = { version = "0.21.0", default-features = false, path = "../schnorr_pok" }
-dock_crypto_utils = { version = "0.21.0", default-features = false, path = "../utils" }
-oblivious_transfer_protocols = { version = "0.10.0", default-features = false, path = "../oblivious_transfer" }
-secret_sharing_and_dkg = { version = "0.14.0", default-features = false, path = "../secret_sharing_and_dkg" }
+schnorr_pok = { version = "0.22.0", default-features = false, path = "../schnorr_pok" }
+dock_crypto_utils = { version = "0.22.0", default-features = false, path = "../utils" }
+oblivious_transfer_protocols = { version = "0.11.0", default-features = false, path = "../oblivious_transfer" }
+secret_sharing_and_dkg = { version = "0.15.0", default-features = false, path = "../secret_sharing_and_dkg" }
 
 [dev-dependencies]
 blake2.workspace = true

bbs_plus/src/proof.rs

@@ -85,7 +85,7 @@ use dock_crypto_utils::{
 };
 use itertools::multiunzip;
 use schnorr_pok::{
-    discrete_log::{PokTwoDiscreteLogs, PokTwoDiscreteLogsProtocol},
+    discrete_log::{PokPedersenCommitment, PokPedersenCommitmentProtocol},
     error::SchnorrError,
     partial::PartialSchnorrResponse,
     SchnorrCommitment, SchnorrResponse,
@@ -127,7 +127,7 @@ pub struct PoKOfSignatureG1Protocol<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub d: E::G1Affine,
     /// For proving relation `A_bar - d = A_prime * -e + h_0 * r2`
-    pub sc_comm_1: PokTwoDiscreteLogsProtocol<E::G1Affine>,
+    pub sc_comm_1: PokPedersenCommitmentProtocol<E::G1Affine>,
     /// For proving relation `g1 + \sum_{i in D}(h_i*m_i)` = `d*r3 + {h_0}*{-s'} + sum_{j notin D}(h_j*m_j)`
     pub sc_comm_2: SchnorrCommitment<E::G1Affine>,
     #[serde_as(as = "Vec<ArkObjectBytes>")]
@@ -148,7 +148,7 @@ pub struct PoKOfSignatureG1Proof<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub d: E::G1Affine,
     /// Proof of relation `A_bar - d = A_prime * -e + h_0 * r2`
-    pub sc_resp_1: PokTwoDiscreteLogs<E::G1Affine>,
+    pub sc_resp_1: PokPedersenCommitment<E::G1Affine>,
     /// Proof of relation `g1 + h1*m1 + h2*m2 +.... + h_i*m_i` = `d*r3 + {h_0}*{-s'} + h1*{-m1} + h2*{-m2} + .... + h_j*{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
     #[serde_as(as = "ArkObjectBytes")]
     pub T2: E::G1Affine,
@@ -214,7 +214,7 @@ impl<E: Pairing> PoKOfSignatureG1Protocol<E> {
         let A_prime_affine = A_prime.into_affine();
 
         // Commit to randomness with `h_0` and `A'`, i.e. `bases_1[0]*randomness_1[0] + bases_1[1]*randomness_1[1]`
-        let sc_comm_1 = PokTwoDiscreteLogsProtocol::init(
+        let sc_comm_1 = PokPedersenCommitmentProtocol::init(
             -signature.e,
             E::ScalarField::rand(rng),
             &A_prime_affine,
@@ -689,31 +689,37 @@ mod tests {
             // Protocol can be serialized
             test_serialization!($protocol<Bls12_381>, pok);
 
+            let start = Instant::now();
             let mut chal_bytes_prover = vec![];
+            keypair
+                .public_key
+                .serialize_compressed(&mut chal_bytes_prover)
+                .unwrap();
             pok.challenge_contribution(&revealed_msgs, &params, &mut chal_bytes_prover)
                 .unwrap();
             let challenge_prover =
                 compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_prover);
 
-            let start = Instant::now();
             let proof = pok.gen_proof(&challenge_prover).unwrap();
             proof_create_duration += start.elapsed();
 
             let public_key = &keypair.public_key;
             assert!(params.is_valid());
             assert!(public_key.is_valid());
 
+            let start = Instant::now();
             let mut chal_bytes_verifier = vec![];
+            keypair
+                .public_key
+                .serialize_compressed(&mut chal_bytes_verifier)
+                .unwrap();
             proof
                 .challenge_contribution(&revealed_msgs, &params, &mut chal_bytes_verifier)
                 .unwrap();
             let challenge_verifier =
                 compute_random_oracle_challenge::<Fr, Blake2b512>(&chal_bytes_verifier);
 
             assert_eq!(chal_bytes_prover, chal_bytes_verifier);
-
-            let mut proof_verif_duration = Duration::default();
-            let start = Instant::now();
             proof
                 .verify(
                     &revealed_msgs,
@@ -722,7 +728,7 @@ mod tests {
                     params.clone(),
                 )
                 .unwrap();
-            proof_verif_duration += start.elapsed();
+            let proof_verif_duration = start.elapsed();
 
             // Proof can be serialized
             test_serialization!($proof<Bls12_381>, proof);
@@ -876,6 +882,9 @@ mod tests {
 
 
             let mut chal_bytes_prover = vec![];
+            keypair_1.public_key.serialize_compressed(&mut chal_bytes_prover).unwrap();
+            keypair_2.public_key.serialize_compressed(&mut chal_bytes_prover).unwrap();
+            keypair_3.public_key.serialize_compressed(&mut chal_bytes_prover).unwrap();
             pok_1
                 .challenge_contribution(&revealed_msgs_1, &params_1, &mut chal_bytes_prover)
                 .unwrap();
@@ -894,6 +903,9 @@ mod tests {
 
             // The verifier generates the challenge on its own.
             let mut chal_bytes_verifier = vec![];
+            keypair_1.public_key.serialize_compressed(&mut chal_bytes_verifier).unwrap();
+            keypair_2.public_key.serialize_compressed(&mut chal_bytes_verifier).unwrap();
+            keypair_3.public_key.serialize_compressed(&mut chal_bytes_verifier).unwrap();
             proof_1
                 .challenge_contribution(&revealed_msgs_1, &params_1, &mut chal_bytes_verifier)
                 .unwrap();
@@ -984,6 +996,9 @@ mod tests {
             let mut chal_bytes_prover = vec![];
             let mut poks = vec![];
             let mut proofs = vec![];
+
+            keypair.public_key.serialize_compressed(&mut chal_bytes_prover).unwrap();
+
             for i in 0..sig_count {
                 msgs.push(
                     (0..message_count)
@@ -1014,6 +1029,7 @@ mod tests {
             }
 
             let mut chal_bytes_verifier = vec![];
+            keypair.public_key.serialize_compressed(&mut chal_bytes_verifier).unwrap();
 
             for proof in &proofs {
                 proof

bbs_plus/src/proof_23_cdl.rs

@@ -45,7 +45,7 @@ use dock_crypto_utils::{
 };
 use itertools::multiunzip;
 use schnorr_pok::{
-    discrete_log::{PokTwoDiscreteLogs, PokTwoDiscreteLogsProtocol},
+    discrete_log::{PokPedersenCommitment, PokPedersenCommitmentProtocol},
     error::SchnorrError,
     partial::PartialSchnorrResponse,
     SchnorrCommitment, SchnorrResponse,
@@ -79,7 +79,7 @@ pub struct PoKOfSignature23G1Protocol<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub d: E::G1Affine,
     /// For proving relation `B_bar = d * r1 + A_bar * -e`
-    pub sc_comm_1: PokTwoDiscreteLogsProtocol<E::G1Affine>,
+    pub sc_comm_1: PokPedersenCommitmentProtocol<E::G1Affine>,
     /// For proving relation `g1 + \sum_{i in D}(h_i*m_i)` = `d*r3 + sum_{j notin D}(h_j*m_j)`
     pub sc_comm_2: SchnorrCommitment<E::G1Affine>,
     #[serde_as(as = "Vec<ArkObjectBytes>")]
@@ -100,7 +100,7 @@ pub struct PoKOfSignature23G1Proof<E: Pairing> {
     #[serde_as(as = "ArkObjectBytes")]
     pub d: E::G1Affine,
     /// Proof of relation `B_bar = d * r3 + A_bar * -e`
-    pub sc_resp_1: PokTwoDiscreteLogs<E::G1Affine>,
+    pub sc_resp_1: PokPedersenCommitment<E::G1Affine>,
     /// Proof of relation `g1 + h1*m1 + h2*m2 +.... + h_i*m_i` = `d*r3 + h1*{-m1} + h2*{-m2} + .... + h_j*{-m_j}` for all disclosed messages `m_i` and for all undisclosed messages `m_j`
     #[serde_as(as = "ArkObjectBytes")]
     pub T2: E::G1Affine,
@@ -162,7 +162,7 @@ impl<E: Pairing> PoKOfSignature23G1Protocol<E> {
         // of `(e, r1)`, and the second of `(r2, {m_j}_{j \notin D})`. The secret knowledge items are
         // referred to as witnesses, and the public items as instances.
 
-        let sc_comm_1 = PokTwoDiscreteLogsProtocol::init(
+        let sc_comm_1 = PokPedersenCommitmentProtocol::init(
             -signature.e,
             E::ScalarField::rand(rng),
             &A_bar_affine,

bulletproofs_plus_plus/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "bulletproofs_plus_plus"
-version = "0.7.0"
+version = "0.8.0"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -18,7 +18,7 @@ serde.workspace = true
 serde_with.workspace = true
 zeroize.workspace = true
 rayon = { workspace = true, optional = true }
-dock_crypto_utils = { version = "0.21.0", default-features = false, path = "../utils" }
+dock_crypto_utils = { version = "0.22.0", default-features = false, path = "../utils" }
 
 [dev-dependencies]
 blake2.workspace = true

coconut/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "coconut-crypto"
-version = "0.12.0"
+version = "0.13.0"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -22,9 +22,9 @@ itertools.workspace = true
 zeroize.workspace = true
 serde_with.workspace = true
 rayon = { workspace = true, optional = true }
-utils = { package = "dock_crypto_utils", version = "0.21.0", default-features = false, path = "../utils" }
-schnorr_pok = { version = "0.21.0", default-features = false, path = "../schnorr_pok" }
-secret_sharing_and_dkg = { version = "0.14.0", default-features = false, path = "../secret_sharing_and_dkg" }
+utils = { package = "dock_crypto_utils", version = "0.22.0", default-features = false, path = "../utils" }
+schnorr_pok = { version = "0.22.0", default-features = false, path = "../schnorr_pok" }
+secret_sharing_and_dkg = { version = "0.15.0", default-features = false, path = "../secret_sharing_and_dkg" }
 
 [dev-dependencies]
 blake2.workspace = true

coconut/src/proof/messages_pok/mod.rs

@@ -6,12 +6,12 @@ use ark_ec::pairing::Pairing;
 
 use ark_serialize::*;
 use ark_std::{cfg_iter, rand::RngCore};
+use schnorr_pok::{error::SchnorrError, SchnorrChallengeContributor};
 use serde::{Deserialize, Serialize};
+use utils::join;
 
 #[cfg(feature = "parallel")]
 use rayon::prelude::*;
-use schnorr_pok::{error::SchnorrError, SchnorrChallengeContributor};
-use utils::join;
 
 use super::UnpackedBlindedMessages;
 use crate::{
@@ -205,7 +205,7 @@ mod tests {
         One,
     };
     use blake2::Blake2b512;
-    use schnorr_pok::compute_random_oracle_challenge;
+    use schnorr_pok::pok_generalized_pedersen::compute_random_oracle_challenge;
 
     use crate::{
         helpers::{rand, IndexIsOutOfBounds},

coconut/src/proof/signature_pok/mod.rs

@@ -154,9 +154,10 @@ mod tests {
     #[cfg(feature = "parallel")]
     use rayon::prelude::*;
 
-    use schnorr_pok::{compute_random_oracle_challenge, error::SchnorrError};
-
     use crate::{proof::MessageUnpackingError, setup::test_setup, CommitMessage, Signature};
+    use schnorr_pok::{
+        error::SchnorrError, pok_generalized_pedersen::compute_random_oracle_challenge,
+    };
 
     use super::SignaturePoKGenerator;
 

coconut/src/tests.rs

@@ -14,7 +14,7 @@ use blake2::Blake2b512;
 
 type G1 = <Bls12_381 as Pairing>::G1;
 
-use schnorr_pok::compute_random_oracle_challenge;
+use schnorr_pok::pok_generalized_pedersen::compute_random_oracle_challenge;
 
 use crate::{
     setup::test_setup, BlindSignature, CommitMessage, CommitmentOrMessage, MessagesPoKGenerator,

compressed_sigma/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "compressed_sigma"
-version = "0.0.11"
+version = "0.0.12"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -15,7 +15,7 @@ ark-std.workspace = true
 ark-poly.workspace = true
 rayon = {workspace = true, optional = true}
 digest.workspace = true
-dock_crypto_utils = { version = "0.21.0", default-features = false, path = "../utils" }
+dock_crypto_utils = { version = "0.22.0", default-features = false, path = "../utils" }
 
 [dev-dependencies]
 blake2.workspace = true

delegatable_credentials/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "delegatable_credentials"
-version = "0.10.0"
+version = "0.11.0"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
@@ -20,8 +20,8 @@ serde.workspace = true
 serde_with.workspace = true
 zeroize.workspace = true
 num-bigint = { version = "0.4.0", default-features = false }
-schnorr_pok = { version = "0.21.0", default-features = false, path = "../schnorr_pok" }
-dock_crypto_utils = { version = "0.21.0", default-features = false, path = "../utils" }
+schnorr_pok = { version = "0.22.0", default-features = false, path = "../schnorr_pok" }
+dock_crypto_utils = { version = "0.22.0", default-features = false, path = "../utils" }
 
 [dependencies.num-integer]
 version = "0.1.42"

equality_across_groups/Cargo.toml

@@ -5,23 +5,23 @@ edition.workspace = true
 authors.workspace = true
 license.workspace = true
 repository.workspace = true
-description = "Protocols for proving equality of committed values across groups"
+description = "Protocols for proving equality of committed values across groups and correctness of elliptic curve point addition and scalar multiplication"
 
 [dependencies]
 ark-serialize.workspace = true
 ark-ff.workspace = true
 ark-ec.workspace = true
 ark-std.workspace = true
+ark-secp256r1.workspace = true
+zeroize.workspace = true
 rayon = {workspace = true, optional = true}
 crypto-bigint = { version = "0.6.0-rc.6", default-features = false, features = ["zeroize", "alloc", "rand_core"] }
-ark-secp256r1.workspace = true
-bulletproofs_plus_plus = { version = "0.7.0", default-features = false, path = "../bulletproofs_plus_plus" }
-dock_crypto_utils = { version = "0.21.0", default-features = false, path = "../utils" }
-schnorr_pok = { default-features = false, path = "../schnorr_pok" }
-kvac = { version = "0.6.0", default-features = false, path = "../kvac" }
+bulletproofs_plus_plus = { version = "0.8.0", default-features = false, path = "../bulletproofs_plus_plus" }
+dock_crypto_utils = { version = "0.22.0", default-features = false, path = "../utils" }
+schnorr_pok = { version = "0.22.0", default-features = false, path = "../schnorr_pok" }
+kvac = { version = "0.7.0", default-features = false, path = "../kvac" }
 
 [dev-dependencies]
-rand = "0.8"
 blake2.workspace = true
 ark-bls12-381.workspace = true
 rand_core = { version = "0.6", default-features = false }

equality_across_groups/README.md

@@ -4,8 +4,8 @@ Protocols for proving equality of committed values across groups.
 
 - Implements the sigma protocol for proving that two values committed in different groups are equal. As described in Figure 1 and its
 extension in section 5 of the paper [Proofs of discrete logarithm equality across groups](https://eprint.iacr.org/2022/1593). Check the [module](./src/eq_across_groups.rs) for more docs
-- Implements the protocol to prove elliptic curve point addition and scalar multiplication from the paper [ZKAttest Ring and Group Signatures for Existing ECDSA Keys](https://eprint.iacr.org/2021/1183). Check the [point addition module](./src/ec/sw_point_addition.rs) and [scalar multiplication module](./src/ec/sw_scalar_mult.rs) for more docs
-- Use the above protocols to prove knowledge of a committed ECDSA public key on Tom-256 curve. Check the [module](./src/pok_ecdsa_pubkey.rs) for more docs
+- Implements the protocol to prove elliptic curve point addition and scalar multiplication from the paper [CDLS: Proving Knowledge of Committed Discrete Logarithms with Soundness](https://eprint.iacr.org/2023/1595). Check the [point addition module](./src/ec/sw_point_addition.rs) and [scalar multiplication module](./src/ec/sw_scalar_mult.rs) for more docs
+- Use the above protocols to prove knowledge of a committed ECDSA public key on Tom-256 curve as described in the paper [ZKAttest Ring and Group Signatures for Existing ECDSA Keys](https://eprint.iacr.org/2021/1183). Check the [module](./src/pok_ecdsa_pubkey.rs) for more docs
 - Use the above protocols to prove knowledge of a committed ECDSA public key on BLS12-381 curve. Check the test `pok_ecdsa_pubkey_committed_in_bls12_381_commitment` in [module](./src/pok_ecdsa_pubkey.rs).
 
 **CREDIT**