Protocols for proving equality of committed values across groups

Signed-off-by: lovesh <lovesh.bond@gmail.com>

Author: lovesh

Cargo.toml

@@ -21,7 +21,9 @@ members = [
     "smc_range_proof",
     "short_group_sig",
     "syra",
-    "verifiable_encryption"]
+    "verifiable_encryption",
+    "equality_across_groups"
+]
 resolver = "2"
 
 [workspace.package]

benches/Cargo.toml

@@ -16,6 +16,7 @@ serde_with.workspace = true
 blake2 = { version = "0.10", default-features = false }
 itertools.workspace = true
 zeroize.workspace = true
+rayon = {workspace = true, optional = true}
 bbs_plus = { default-features = false, path = "../bbs_plus" }
 schnorr_pok = { default-features = false, path = "../schnorr_pok" }
 vb_accumulator = { default-features = false, path = "../vb_accumulator" }
@@ -93,4 +94,9 @@ harness = false
 [[bench]]
 name = "syra"
 path = "benches/syra.rs"
-harness = false
+harness = false
+
+[features]
+default = [ "parallel" ]
+std = [ "ark-ff/std", "ark-ec/std", "ark-std/std", "schnorr_pok/std", "dock_crypto_utils/std", "serde/std", "oblivious_transfer_protocols/std", "secret_sharing_and_dkg/std", "bbs_plus/std", "vb_accumulator/std", "coconut-crypto/std", "syra/std"]
+parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "rayon", "schnorr_pok/parallel", "dock_crypto_utils/parallel", "oblivious_transfer_protocols/parallel", "secret_sharing_and_dkg/parallel", "bbs_plus/parallel", "vb_accumulator/parallel", "coconut-crypto/parallel", "syra/parallel"]

benches/benches/syra.rs

@@ -1,5 +1,6 @@
 use ark_bls12_381::{Bls12_381, Fr, G1Affine};
 use ark_ff::Zero;
+use ark_serialize::{CanonicalSerialize, Compress};
 use ark_std::{
     collections::BTreeSet,
     rand::{prelude::StdRng, SeedableRng},
@@ -399,21 +400,27 @@ fn pseudonym(c: &mut Criterion) {
     });
 }
 
-criterion_group!(benches, threshold_issuance_with_known_user_id, pseudonym);
-criterion_main!(benches);
+// criterion_group!(benches, threshold_issuance_with_known_user_id, pseudonym);
+// criterion_main!(benches);
 
-/*fn timing_info(mut times: Vec<std::time::Duration>) -> String {
+fn timing_info(mut times: Vec<std::time::Duration>) -> String {
     times.sort();
     let median = {
         let mid = times.len() / 2;
         if times.len() % 2 == 0 {
-            (times[mid - 1] +  times[mid]) / 2
+            (times[mid - 1] + times[mid]) / 2
         } else {
             times[mid]
         }
     };
     let total = times.iter().sum::<std::time::Duration>();
-    format!("{:.2?} | [{:.2?}, {:.2?}, {:.2?}]", total, times[0], median, times[times.len() - 1])
+    format!(
+        "{:.2?} | [{:.2?}, {:.2?}, {:.2?}]",
+        total,
+        times[0],
+        median,
+        times[times.len() - 1]
+    )
 }
 
 fn main() {
@@ -428,28 +435,51 @@ fn main() {
     );
 
     const NUM_ITERATIONS: usize = 10;
+    // let ps = [(5, 10), (10, 20)];
+    // let ps = [(5, 10), (10, 20), (15, 30), (20, 40), (25, 50), (30, 60), (35, 70), (40, 80), (45, 90), (50, 100), (55, 110), (60, 120), (65, 130), (70, 140)];
+    let ps = [(350, 700)];
+    let max = ps.iter().map(|(t, _)| *t).max().unwrap();
+    let start = Instant::now();
+    // The signers run OT protocol instances. This is also a one time setup.
+    let base_ot_outputs = test_utils::ot::do_pairwise_base_ot::<BASE_OT_KEY_SIZE>(
+        &mut rng,
+        OTE_PARAMS.num_base_ot(),
+        max,
+        (1..=max).into_iter().collect::<BTreeSet<_>>(),
+    );
+    println!("Time taken for {} base OT {:.2?}", max, start.elapsed());
+    println!(
+        "Uncompressed size of base OT {}",
+        base_ot_outputs.serialized_size(Compress::No)
+    );
+    println!(
+        "Compressed size of base OT {}",
+        base_ot_outputs.serialized_size(Compress::Yes)
+    );
 
-    for (threshold_signers, total_signers) in [(5, 10), (10, 20), (15, 30), (20, 40), (25, 50), (30, 60), (35, 70), (40, 80), (45, 90), (50, 100), (55, 110), (60, 120), (65, 130), (70, 140)] {
-        println!("\nRunning {} iterations for {}-of-{}", NUM_ITERATIONS, threshold_signers, total_signers);
+    for (threshold_signers, total_signers) in ps {
+        println!(
+            "\nRunning {} iterations for {}-of-{}",
+            NUM_ITERATIONS, threshold_signers, total_signers
+        );
         let all_party_set = (1..=total_signers).into_iter().collect::<BTreeSet<_>>();
 
         // The signers do a keygen. This is a one time setup.
-        let (sk, sk_shares) =
-            trusted_party_keygen(&mut rng, threshold_signers, total_signers);
+        let (sk, sk_shares) = trusted_party_keygen(&mut rng, threshold_signers, total_signers);
         let isk_shares = sk_shares
             .into_iter()
             .map(|s| IssuerSecretKey(s))
             .collect::<Vec<_>>();
         // Public key created by the trusted party using the secret key directly. In practice, this will be a result of a DKG
         let threshold_ipk = IssuerPublicKey::new(&mut rng, &IssuerSecretKey(sk), &params);
 
-        // The signers run OT protocol instances. This is also a one time setup.
-        let base_ot_outputs = test_utils::ot::do_pairwise_base_ot::<BASE_OT_KEY_SIZE>(
-            &mut rng,
-            OTE_PARAMS.num_base_ot(),
-            total_signers,
-            all_party_set.clone(),
-        );
+        // // The signers run OT protocol instances. This is also a one time setup.
+        // let base_ot_outputs = test_utils::ot::do_pairwise_base_ot::<BASE_OT_KEY_SIZE>(
+        //     &mut rng,
+        //     OTE_PARAMS.num_base_ot(),
+        //     total_signers,
+        //     all_party_set.clone(),
+        // );
 
         let mut phase1_time = vec![];
         let mut phase2_time = vec![];
@@ -492,4 +522,4 @@ fn main() {
         println!("Phase2 time: {:?}", timing_info(phase2_time));
         println!("Aggregation time: {:?}", timing_info(aggr_time));
     }
-}*/
+}

benches/src/ot.rs

@@ -1,6 +1,7 @@
 use ark_bls12_381::Bls12_381;
 use ark_ec::pairing::Pairing;
 use ark_std::{
+    cfg_into_iter,
     collections::{BTreeMap, BTreeSet},
     rand::prelude::StdRng,
     UniformRand,
@@ -15,6 +16,9 @@ use oblivious_transfer_protocols::{
     Bit, ParticipantId,
 };
 
+#[cfg(feature = "parallel")]
+use rayon::prelude::*;
+
 pub fn check_base_ot_keys(
     choices: &[Bit],
     receiver_keys: &ROTReceiverKeys,
@@ -91,26 +95,49 @@ pub fn do_pairwise_base_ot<const KEY_SIZE: u16>(
             .unwrap();
         challenges.insert((receiver, sender), chal);
     }
+    // let challenges = cfg_into_iter!(receiver_pks).map(|((sender, receiver), pk)| {
+    //     let chal = base_ots[receiver as usize - 1]
+    //         .receive_receiver_pubkey::<KEY_SIZE>(sender, pk)
+    //         .unwrap();
+    //     ((receiver, sender), chal)
+    // }).collect::<BTreeMap<_, _>>();
 
     for ((sender, receiver), chal) in challenges {
         let resp = base_ots[receiver as usize - 1]
             .receive_challenges(sender, chal)
             .unwrap();
         responses.insert((receiver, sender), resp);
     }
+    // let responses = cfg_into_iter!(challenges).map(|((sender, receiver), chal)| {
+    //     let resp = base_ots[receiver as usize - 1]
+    //         .receive_challenges(sender, chal)
+    //         .unwrap();
+    //     ((receiver, sender), resp)
+    // }).collect::<BTreeMap<_, _>>();
 
     for ((sender, receiver), resp) in responses {
         let hk = base_ots[receiver as usize - 1]
             .receive_responses(sender, resp)
             .unwrap();
         hashed_keys.insert((receiver, sender), hk);
     }
+    // let hashed_keys = cfg_into_iter!(responses).map(|((sender, receiver), resp)| {
+    //     let hk = base_ots[receiver as usize - 1]
+    //         .receive_responses(sender, resp)
+    //         .unwrap();
+    //     ((receiver, sender), hk)
+    // }).collect::<BTreeMap<_, _>>();
 
     for ((sender, receiver), hk) in hashed_keys {
         base_ots[receiver as usize - 1]
             .receive_hashed_keys(sender, hk)
             .unwrap()
     }
+    // cfg_into_iter!(hashed_keys).for_each(|((sender, receiver), hk)| {
+    //     base_ots[receiver as usize - 1]
+    //         .receive_hashed_keys(sender, hk)
+    //         .unwrap()
+    // });
 
     let mut base_ot_outputs = vec![];
     for b in base_ots {

bulletproofs_plus_plus/src/lib.rs

@@ -2,17 +2,17 @@
 #![allow(non_snake_case)]
 
 pub mod error;
+pub mod range_proof;
 pub mod range_proof_arbitrary_range;
-pub mod rangeproof;
 pub mod setup;
 pub mod util;
 pub mod weighted_norm_linear_argument;
 
 pub mod prelude {
     pub use crate::{
         error::BulletproofsPlusPlusError,
+        range_proof::{Proof, Prover},
         range_proof_arbitrary_range::ProofArbitraryRange,
-        rangeproof::{Proof, Prover},
         setup::SetupParams,
     };
 }