frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename buletproof_pp* to bppp*

Browse Source
This commit is contained in:
sanket1729 2023-02-06 13:53:02 -08:00
parent c983186872
commit e5a01d12c6
18 changed files with 180 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.cirrus.yml
View File

@ -23,7 +23,7 @@ env:
WHITELIST: no
MUSIG: no
ECDSAADAPTOR: no
BULLETPROOFS: no
BPPP: no
### test options
SECP256K1_TEST_ITERS:
BENCH: yes
@ -73,12 +73,12 @@ task:
<< : *LINUX_CONTAINER
matrix: &ENV_MATRIX
- env: {WIDEMUL: int64, RECOVERY: yes}
- env: {WIDEMUL: int64, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
- env: {WIDEMUL: int64, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
- env: {WIDEMUL: int128}
- env: {WIDEMUL: int128, RECOVERY: yes, SCHNORRSIG: yes}
- env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
- env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
- env: {WIDEMUL: int128, ASM: x86_64}
- env: { RECOVERY: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
- env: { RECOVERY: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
- env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no}
- env: {CPPFLAGS: -DDETERMINISTIC}
- env: {CFLAGS: -O0, CTIMETEST: no}
@ -109,7 +109,7 @@ task:
GENERATOR: yes
MUSIG: yes
ECDSAADAPTOR: yes
BULLETPROOFS: yes
BPPP: yes
matrix:
- env:
CC: i686-linux-gnu-gcc
@ -167,7 +167,7 @@ task:
GENERATOR: yes
MUSIG: yes
ECDSAADAPTOR: yes
BULLETPROOFS: yes
BPPP: yes
CTIMETEST: no
<< : *MERGE_BASE
test_script:
@ -262,7 +262,7 @@ task:
GENERATOR: yes
MUSIG: yes
ECDSAADAPTOR: yes
BULLETPROOFS: yes
BPPP: yes
CTIMETEST: no
matrix:
- name: "Valgrind (memcheck)"

2
.gitignore vendored
View File

@ -1,5 +1,5 @@
bench
bench_bulletproofs
bench_bppp
bench_ecmult
bench_generator
bench_rangeproof

4
Makefile.am
View File

@ -226,8 +226,8 @@ clean-precomp:
EXTRA_DIST = autogen.sh SECURITY.md
if ENABLE_MODULE_BULLETPROOFS
include src/modules/bulletproofs/Makefile.am.include
if ENABLE_MODULE_BPPP
include src/modules/bppp/Makefile.am.include
endif
if ENABLE_MODULE_ECDH

6
ci/cirrus.sh
View File

@ -19,7 +19,7 @@ valgrind --version || true
--with-ecmult-gen-precision="$ECMULTGENPRECISION" \
--enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \
--enable-module-ecdsa-s2c="$ECDSA_S2C" \
--enable-module-bulletproofs="$BULLETPROOFS" \
--enable-module-bppp="$BPPP" \
--enable-module-rangeproof="$RANGEPROOF" --enable-module-whitelist="$WHITELIST" --enable-module-generator="$GENERATOR" \
--enable-module-schnorrsig="$SCHNORRSIG" --enable-module-musig="$MUSIG" --enable-module-ecdsa-adaptor="$ECDSAADAPTOR" \
--enable-module-schnorrsig="$SCHNORRSIG" \
@ -52,9 +52,9 @@ then
$EXEC ./bench_ecmult
$EXEC ./bench_internal
$EXEC ./bench
if [ "$BULLETPROOFS" = "yes" ]
if [ "$BPPP" = "yes" ]
then
$EXEC ./bench_bulletproofs
$EXEC ./bench_bppp
fi
} >> bench.log 2>&1
fi

18
configure.ac
View File

@ -140,10 +140,10 @@ AC_ARG_ENABLE(examples,
AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
[SECP_SET_DEFAULT([enable_examples], [no], [yes])])
AC_ARG_ENABLE(module_bulletproofs,
AS_HELP_STRING([--enable-module-bulletproofs],[enable Bulletproofs module (experimental)]),
AC_ARG_ENABLE(module_bppp,
AS_HELP_STRING([--enable-module-bppp],[enable Bulletproofs++ module (experimental)]),
[],
[SECP_SET_DEFAULT([enable_module_bulletproofs], [no], [yes])])
[SECP_SET_DEFAULT([enable_module_bppp], [no], [yes])])
AC_ARG_ENABLE(module_ecdh,
AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=no]]), [],
@ -422,9 +422,9 @@ if test x"$enable_module_rangeproof" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
fi
if test x"$enable_module_bulletproofs" = x"yes"; then
if test x"$enable_module_bppp" = x"yes"; then
enable_module_generator=yes
AC_DEFINE(ENABLE_MODULE_BULLETPROOFS, 1, [Define this symbol to enable the Bulletproofs module])
AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module])
fi
if test x"$enable_module_generator" = x"yes"; then
@ -470,8 +470,8 @@ else
# module (which automatically enables the module dependencies) we want to
# print an error for the dependent module, not the module dependency. Hence,
# we first test dependent modules.
if test x"$enable_module_bulletproofs" = x"yes"; then
AC_MSG_ERROR([Bulletproofs module is experimental. Use --enable-experimental to allow.])
if test x"$enable_module_bppp" = x"yes"; then
AC_MSG_ERROR([Bulletproofs++ module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_whitelist" = x"yes"; then
AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
@ -515,7 +515,7 @@ AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_BULLETPROOFS], [test x"$enable_module_bulletproofs" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_BPPP], [test x"$enable_module_bppp" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
@ -555,7 +555,7 @@ echo " module whitelist = $enable_module_whitelist"
echo " module musig = $enable_module_musig"
echo " module ecdsa-s2c = $enable_module_ecdsa_s2c"
echo " module ecdsa-adaptor = $enable_module_ecdsa_adaptor"
echo " module bulletproofs = $enable_module_bulletproofs"
echo " module bppp = $enable_module_bppp"
echo
echo " asm = $set_asm"
echo " ecmult window size = $set_ecmult_window"

20
include/secp256k1_bulletproofs.h → include/secp256k1_bppp.h
View File

@ -1,5 +1,5 @@
#ifndef _SECP256K1_BULLETPROOFS_
# define _SECP256K1_BULLETPROOFS_
#ifndef _SECP256K1_BPPP_
# define _SECP256K1_BPPP_
# include "secp256k1.h"
@ -10,7 +10,7 @@ extern "C" {
#include <stdint.h>
/** Opaque structure representing a large number of NUMS generators */
typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generators;
typedef struct secp256k1_bppp_generators secp256k1_bppp_generators;
/** Allocates and initializes a list of NUMS generators.
* Returns a list of generators, or calls the error callback if the allocation fails.
@ -21,7 +21,7 @@ typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generato
* points. We will later use G = H0(required for compatibility with pedersen_commitment DS)
* in a separate commit to make review easier.
*/
SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(
SECP256K1_API secp256k1_bppp_generators *secp256k1_bppp_generators_create(
const secp256k1_context* ctx,
size_t n
) SECP256K1_ARG_NONNULL(1);
@ -29,10 +29,10 @@ SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generato
/** Allocates a list of generators from a static array
* Returns a list of generators or NULL in case of failure.
* Args: ctx: pointer to a context object
* In: data: data that came from `secp256k1_bulletproofs_generators_serialize`
* In: data: data that came from `secp256k1_bppp_generators_serialize`
* data_len: the length of the `data` buffer
*/
SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(
SECP256K1_API secp256k1_bppp_generators* secp256k1_bppp_generators_parse(
const secp256k1_context* ctx,
const unsigned char* data,
size_t data_len
@ -49,9 +49,9 @@ SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generato
* TODO: For ease of review, this setting G = H0 is not included in this commit. We will
* add it in the follow-up rangeproof PR.
*/
SECP256K1_API int secp256k1_bulletproofs_generators_serialize(
SECP256K1_API int secp256k1_bppp_generators_serialize(
const secp256k1_context* ctx,
const secp256k1_bulletproofs_generators* gen,
const secp256k1_bppp_generators* gen,
unsigned char* data,
size_t *data_len
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -61,9 +61,9 @@ SECP256K1_API int secp256k1_bulletproofs_generators_serialize(
* gen: pointer to the generator set to be destroyed
* (can be NULL, in which case this function is a no-op)
*/
SECP256K1_API void secp256k1_bulletproofs_generators_destroy(
SECP256K1_API void secp256k1_bppp_generators_destroy(
const secp256k1_context* ctx,
secp256k1_bulletproofs_generators* gen
secp256k1_bppp_generators* gen
) SECP256K1_ARG_NONNULL(1);
# ifdef __cplusplus

14
src/bench_bulletproofs.c → src/bench_bppp.c
View File

@ -6,32 +6,32 @@
#include <stdint.h>
#include "include/secp256k1_bulletproofs.h"
#include "include/secp256k1_bppp.h"
#include "util.h"
#include "bench.h"
typedef struct {
secp256k1_context* ctx;
} bench_bulletproofs_data;
} bench_bppp_data;
static void bench_bulletproofs_setup(void* arg) {
static void bench_bppp_setup(void* arg) {
(void) arg;
}
static void bench_bulletproofs(void* arg, int iters) {
bench_bulletproofs_data *data = (bench_bulletproofs_data*)arg;
static void bench_bppp(void* arg, int iters) {
bench_bppp_data *data = (bench_bppp_data*)arg;
(void) data;
(void) iters;
}
int main(void) {
bench_bulletproofs_data data;
bench_bppp_data data;
int iters = get_iters(32);
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
run_benchmark("bulletproofs_verify_bit", bench_bulletproofs, bench_bulletproofs_setup, NULL, &data, 10, iters);
run_benchmark("bppp_verify_bit", bench_bppp, bench_bppp_setup, NULL, &data, 10, iters);
secp256k1_context_destroy(data.ctx);
return 0;

13
src/modules/bppp/Makefile.am.include Normal file
View File

@ -0,0 +1,13 @@
include_HEADERS += include/secp256k1_bppp.h
noinst_HEADERS += src/modules/bppp/bppp_util.h
noinst_HEADERS += src/modules/bppp/main_impl.h
noinst_HEADERS += src/modules/bppp/bppp_transcript_impl.h
noinst_HEADERS += src/modules/bppp/bppp_norm_product_impl.h
noinst_HEADERS += src/modules/bppp/tests_impl.h
if USE_BENCHMARK
noinst_PROGRAMS += bench_bppp
bench_bppp_SOURCES = src/bench_bppp.c
bench_bppp_LDADD = libsecp256k1.la $(SECP_LIBS)
bench_bppp_LDFLAGS = -static
endif

38
src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h → src/modules/bppp/bppp_norm_product_impl.h
View File

@ -4,8 +4,8 @@
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_
#define _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_
#ifndef _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_
#define _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_
#include "group.h"
#include "scalar.h"
@ -13,9 +13,9 @@
#include "ecmult_gen.h"
#include "hash.h"
#include "modules/bulletproofs/main.h"
#include "modules/bulletproofs/bulletproofs_util.h"
#include "modules/bulletproofs/bulletproofs_pp_transcript_impl.h"
#include "modules/bppp/main.h"
#include "modules/bppp/bppp_util.h"
#include "modules/bppp/bppp_transcript_impl.h"
/* Computes the inner product of two vectors of scalars
* with elements starting from offset a and offset b
@ -69,7 +69,7 @@ static int secp256k1_weighted_scalar_inner_product(
}
/* Compute the powers of r as r, r^2, r^4 ... r^(2^(n-1)) */
static void secp256k1_bulletproofs_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) {
static void secp256k1_bppp_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) {
size_t i;
if (n == 0) {
return;
@ -102,11 +102,11 @@ static int ecmult_bp_commit_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t id
v = |n_vec*n_vec|_q + <l_vec, c_vec>. |w|_q denotes q-weighted norm of w and
<l, r> denotes inner product of l and r.
*/
static int secp256k1_bulletproofs_commit(
static int secp256k1_bppp_commit(
const secp256k1_context* ctx,
secp256k1_scratch_space* scratch,
secp256k1_ge* commit,
const secp256k1_bulletproofs_generators* g_vec,
const secp256k1_bppp_generators* g_vec,
const secp256k1_scalar* n_vec,
size_t n_vec_len,
const secp256k1_scalar* l_vec,
@ -216,7 +216,7 @@ static int ecmult_r_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void
* some parent protocol. To use this norm protocol in a standalone manner, the user
* should add the commitment, generators and initial public data to the transcript hash.
*/
static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
static int secp256k1_bppp_rangeproof_norm_product_prove(
const secp256k1_context* ctx,
secp256k1_scratch_space* scratch,
unsigned char* proof,
@ -238,7 +238,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
ecmult_r_cb_data r_cb_data;
size_t g_len = n_vec_len, h_len = l_vec_len;
const size_t G_GENS_LEN = g_len;
size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(h_len);
size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(h_len);
size_t num_rounds = log_g_len > log_h_len ? log_g_len : log_h_len;
/* Check proof sizes.*/
@ -307,12 +307,12 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
secp256k1_ge_set_gej_var(&r_ge, &rj);
secp256k1_fe_normalize_var(&r_ge.x);
secp256k1_fe_normalize_var(&r_ge.y);
secp256k1_bulletproofs_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
secp256k1_bppp_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
proof_idx += 65;
/* Obtain challenge e for the the next round */
secp256k1_sha256_write(transcript, &proof[proof_idx - 65], 65);
secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0);
secp256k1_bppp_challenge_scalar(&e, transcript, 0);
if (g_len > 1) {
for (i = 0; i < g_len; i = i + 2) {
@ -422,14 +422,14 @@ static int ec_mult_verify_cb2(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
/* Verify the proof. This function modifies the generators, c_vec and the challenge r. The
caller should make sure to back them up if they need to be reused.
*/
static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
static int secp256k1_bppp_rangeproof_norm_product_verify(
const secp256k1_context* ctx,
secp256k1_scratch_space* scratch,
const unsigned char* proof,
size_t proof_len,
secp256k1_sha256* transcript,
const secp256k1_scalar* r,
const secp256k1_bulletproofs_generators* g_vec,
const secp256k1_bppp_generators* g_vec,
size_t g_len,
const secp256k1_scalar* c_vec,
size_t c_vec_len,
@ -440,7 +440,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
secp256k1_gej res1, res2;
size_t i = 0, scratch_checkpoint;
int overflow;
size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(c_vec_len);
size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(c_vec_len);
size_t n_rounds = log_g_len > log_h_len ? log_g_len : log_h_len;
size_t h_len = c_vec_len;
@ -471,7 +471,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
/* Compute powers of r_inv. Later used in g_factor computations*/
secp256k1_scalar_inverse_var(&r_inv, r);
secp256k1_bulletproofs_powers_of_r(r_inv_pows, &r_inv, log_g_len);
secp256k1_bppp_powers_of_r(r_inv_pows, &r_inv, log_g_len);
/* Compute r_f = r^(2^log_g_len) */
r_f = *r;
@ -482,7 +482,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
for (i = 0; i < n_rounds; i++) {
secp256k1_scalar e;
secp256k1_sha256_write(transcript, &proof[i * 65], 65);
secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0);
secp256k1_bppp_challenge_scalar(&e, transcript, 0);
es[i] = e;
}
/* s_g[0] = n * \prod_{j=0}^{log_g_len - 1} r^(2^j)
@ -491,7 +491,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
secp256k1_scalar_mul(&s_g[0], &n, &r_f);
secp256k1_scalar_mul(&s_g[0], &s_g[0], &r_inv);
for (i = 1; i < g_len; i++) {
size_t log_i = secp256k1_bulletproofs_pp_log2(i);
size_t log_i = secp256k1_bppp_log2(i);
size_t nearest_pow_of_two = (size_t)1 << log_i;
/* This combines the two multiplications of challenges and r_invs in a
* single loop.
@ -503,7 +503,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
s_h[0] = l;
secp256k1_scalar_set_int(&h_c, 0);
for (i = 1; i < h_len; i++) {
size_t log_i = secp256k1_bulletproofs_pp_log2(i);
size_t log_i = secp256k1_bppp_log2(i);
size_t nearest_pow_of_two = (size_t)1 << log_i;
secp256k1_scalar_mul(&s_h[i], &s_h[i - nearest_pow_of_two], &es[log_i]);
}

12
src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h → src/modules/bppp/bppp_transcript_impl.h
View File

@ -3,17 +3,17 @@
* Distributed under the MIT software license, see the accompanying *
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_
#define _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_
#ifndef _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_
#define _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_
#include "group.h"
#include "scalar.h"
#include "bulletproofs_util.h"
#include "bppp_util.h"
/* Initializes SHA256 with fixed midstate. This midstate was computed by applying
* SHA256 to SHA256("Bulletproofs_pp/v0/commitment")||SHA256("Bulletproofs_pp/v0/commitment").
*/
static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) {
static void secp256k1_bppp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) {
secp256k1_sha256_initialize(sha);
sha->s[0] = 0x52fc8185ul;
sha->s[1] = 0x0e7debf0ul;
@ -28,10 +28,10 @@ static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sh
}
/* Obtain a challenge scalar from the current transcript.*/
static void secp256k1_bulletproofs_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) {
static void secp256k1_bppp_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) {
unsigned char buf[32];
secp256k1_sha256 sha = *transcript;
secp256k1_bulletproofs_le64(buf, idx);
secp256k1_bppp_le64(buf, idx);
secp256k1_sha256_write(&sha, buf, 8);
secp256k1_sha256_finalize(&sha, buf);
secp256k1_scalar_set_b32(ch, buf, NULL);

12
src/modules/bulletproofs/bulletproofs_util.h → src/modules/bppp/bppp_util.h
View File

@ -4,8 +4,8 @@
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef _SECP256K1_MODULE_BULLETPROOFS_UTIL_
#define _SECP256K1_MODULE_BULLETPROOFS_UTIL_
#ifndef _SECP256K1_MODULE_BPPP_UTIL_
#define _SECP256K1_MODULE_BPPP_UTIL_
#include "field.h"
#include "group.h"
@ -15,7 +15,7 @@
/* Outputs a pair of points, amortizing the parity byte between them
* Assumes both points' coordinates have been normalized.
*/
static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
static void secp256k1_bppp_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
output[0] = (secp256k1_fe_is_odd(&lpt->y) << 1) + secp256k1_fe_is_odd(&rpt->y);
secp256k1_fe_get_b32(&output[1], &lpt->x);
secp256k1_fe_get_b32(&output[33], &rpt->x);
@ -23,13 +23,13 @@ static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const
/* Outputs a serialized point in compressed form. Returns 0 at point at infinity.
*/
static int secp256k1_bulletproofs_serialize_pt(unsigned char *output, secp256k1_ge *lpt) {
static int secp256k1_bppp_serialize_pt(unsigned char *output, secp256k1_ge *lpt) {
size_t size;
return secp256k1_eckey_pubkey_serialize(lpt, output, &size, 1 /*compressed*/);
}
/* little-endian encodes a uint64 */
static void secp256k1_bulletproofs_le64(unsigned char *output, const uint64_t n) {
static void secp256k1_bppp_le64(unsigned char *output, const uint64_t n) {
output[0] = n;
output[1] = n >> 8;
output[2] = n >> 16;
@ -49,7 +49,7 @@ static int secp256k1_is_power_of_two(size_t n) {
* `k` such that 2^k <= n. Assumes n < 2^64. In Bulletproofs, this is bounded
* by len of input vectors which can be safely assumed to be less than 2^64.
*/
static size_t secp256k1_bulletproofs_pp_log2(size_t n) {
static size_t secp256k1_bppp_log2(size_t n) {
return 64 - 1 - secp256k1_clz64_var((uint64_t)n);
}

8
src/modules/bulletproofs/main.h → src/modules/bppp/main.h
View File

@ -1,8 +1,8 @@
#ifndef SECP256K1_MODULE_BULLETPROOFS_MAIN_H
#define SECP256K1_MODULE_BULLETPROOFS_MAIN_H
#ifndef SECP256K1_MODULE_BPPP_MAIN_H
#define SECP256K1_MODULE_BPPP_MAIN_H
/* this type must be completed before any of the modules/bulletproofs includes */
struct secp256k1_bulletproofs_generators {
/* this type must be completed before any of the modules/bppp includes */
struct secp256k1_bppp_generators {
size_t n;
/* n total generators; includes both G_i and H_i */
/* For BP++, the generators are G_i from [0..(n - 8)] and the last 8 values

26
src/modules/bulletproofs/main_impl.h → src/modules/bppp/main_impl.h
View File

@ -4,26 +4,26 @@
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef _SECP256K1_MODULE_BULLETPROOFS_MAIN_
#define _SECP256K1_MODULE_BULLETPROOFS_MAIN_
#ifndef _SECP256K1_MODULE_BPPP_MAIN_
#define _SECP256K1_MODULE_BPPP_MAIN_
#include "include/secp256k1_bulletproofs.h"
#include "include/secp256k1_bppp.h"
#include "include/secp256k1_generator.h"
#include "modules/generator/main_impl.h" /* for generator_{load, save} */
#include "hash.h"
#include "util.h"
#include "modules/bulletproofs/main.h"
#include "modules/bulletproofs/bulletproofs_pp_norm_product_impl.h"
#include "modules/bppp/main.h"
#include "modules/bppp/bppp_norm_product_impl.h"
secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(const secp256k1_context *ctx, size_t n) {
secp256k1_bulletproofs_generators *ret;
secp256k1_bppp_generators *secp256k1_bppp_generators_create(const secp256k1_context *ctx, size_t n) {
secp256k1_bppp_generators *ret;
secp256k1_rfc6979_hmac_sha256 rng;
unsigned char seed[64];
size_t i;
VERIFY_CHECK(ctx != NULL);
ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
if (ret == NULL) {
return NULL;
}
@ -49,9 +49,9 @@ secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(cons
return ret;
}
secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) {
secp256k1_bppp_generators* secp256k1_bppp_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) {
size_t n = data_len / 33;
secp256k1_bulletproofs_generators* ret;
secp256k1_bppp_generators* ret;
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(data != NULL);
@ -60,7 +60,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const
return NULL;
}
ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
if (ret == NULL) {
return NULL;
}
@ -83,7 +83,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const
return ret;
}
int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, const secp256k1_bulletproofs_generators* gens, unsigned char* data, size_t *data_len) {
int secp256k1_bppp_generators_serialize(const secp256k1_context* ctx, const secp256k1_bppp_generators* gens, unsigned char* data, size_t *data_len) {
size_t i;
VERIFY_CHECK(ctx != NULL);
@ -103,7 +103,7 @@ int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, co
return 1;
}
void secp256k1_bulletproofs_generators_destroy(const secp256k1_context* ctx, secp256k1_bulletproofs_generators *gens) {
void secp256k1_bppp_generators_destroy(const secp256k1_context* ctx, secp256k1_bppp_generators *gens) {
VERIFY_CHECK(ctx != NULL);
(void) ctx;
if (gens != NULL) {

0
src/modules/bulletproofs/test_vectors/verify.h → src/modules/bppp/test_vectors/verify.h
View File

148
src/modules/bulletproofs/tests_impl.h → src/modules/bppp/tests_impl.h
View File

@ -4,23 +4,23 @@
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef _SECP256K1_MODULE_BULLETPROOFS_TEST_
#define _SECP256K1_MODULE_BULLETPROOFS_TEST_
#ifndef _SECP256K1_MODULE_BPPP_TEST_
#define _SECP256K1_MODULE_BPPP_TEST_
#include <stdint.h>
#include "include/secp256k1_bulletproofs.h"
#include "bulletproofs_pp_norm_product_impl.h"
#include "bulletproofs_util.h"
#include "bulletproofs_pp_transcript_impl.h"
#include "include/secp256k1_bppp.h"
#include "bppp_norm_product_impl.h"
#include "bppp_util.h"
#include "bppp_transcript_impl.h"
#include "test_vectors/verify.h"
static void test_bulletproofs_generators_api(void) {
static void test_bppp_generators_api(void) {
/* The BP generator API requires no precomp */
secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
secp256k1_bulletproofs_generators *gens;
secp256k1_bulletproofs_generators *gens_orig;
secp256k1_bppp_generators *gens;
secp256k1_bppp_generators *gens_orig;
unsigned char gens_ser[330];
size_t len = sizeof(gens_ser);
@ -30,47 +30,47 @@ static void test_bulletproofs_generators_api(void) {
secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
/* Create */
gens = secp256k1_bulletproofs_generators_create(none, 10);
gens = secp256k1_bppp_generators_create(none, 10);
CHECK(gens != NULL && ecount == 0);
gens_orig = gens; /* Preserve for round-trip test */
/* Serialize */
ecount = 0;
CHECK(!secp256k1_bulletproofs_generators_serialize(none, NULL, gens_ser, &len));
CHECK(!secp256k1_bppp_generators_serialize(none, NULL, gens_ser, &len));
CHECK(ecount == 1);
CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, NULL, &len));
CHECK(!secp256k1_bppp_generators_serialize(none, gens, NULL, &len));
CHECK(ecount == 2);
CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, NULL));
CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, NULL));
CHECK(ecount == 3);
len = 0;
CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
CHECK(ecount == 4);
len = sizeof(gens_ser) - 1;
CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
CHECK(ecount == 5);
len = sizeof(gens_ser);
{
/* Output buffer can be greater than minimum needed */
unsigned char gens_ser_tmp[331];
size_t len_tmp = sizeof(gens_ser_tmp);
CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser_tmp, &len_tmp));
CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser_tmp, &len_tmp));
CHECK(len_tmp == sizeof(gens_ser_tmp) - 1);
CHECK(ecount == 5);
}
/* Parse */
CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
ecount = 0;
gens = secp256k1_bulletproofs_generators_parse(none, NULL, sizeof(gens_ser));
gens = secp256k1_bppp_generators_parse(none, NULL, sizeof(gens_ser));
CHECK(gens == NULL && ecount == 1);
/* Not a multiple of 33 */
gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser) - 1);
gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser) - 1);
CHECK(gens == NULL && ecount == 1);
gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser));
gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser));
CHECK(gens != NULL && ecount == 1);
/* Not valid generators */
memset(gens_ser, 1, sizeof(gens_ser));
CHECK(secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL);
CHECK(secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL);
CHECK(ecount == 1);
/* Check that round-trip succeeded */
@ -81,16 +81,16 @@ static void test_bulletproofs_generators_api(void) {
/* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */
ecount = 0;
secp256k1_bulletproofs_generators_destroy(none, NULL);
secp256k1_bulletproofs_generators_destroy(none, gens);
secp256k1_bulletproofs_generators_destroy(none, gens_orig);
secp256k1_bppp_generators_destroy(none, NULL);
secp256k1_bppp_generators_destroy(none, gens);
secp256k1_bppp_generators_destroy(none, gens_orig);
CHECK(ecount == 0);
secp256k1_context_destroy(none);
}
static void test_bulletproofs_generators_fixed(void) {
secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, 3);
static void test_bppp_generators_fixed(void) {
secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, 3);
unsigned char gens_ser[330];
const unsigned char fixed_first_3[99] = {
0x0b,
@ -112,17 +112,17 @@ static void test_bulletproofs_generators_fixed(void) {
size_t len;
len = 99;
CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len));
CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len));
CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0);
len = sizeof(gens_ser);
CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len));
CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len));
CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0);
secp256k1_bulletproofs_generators_destroy(ctx, gens);
secp256k1_bppp_generators_destroy(ctx, gens);
}
static void test_bulletproofs_pp_tagged_hash(void) {
static void test_bppp_tagged_hash(void) {
unsigned char tag_data[29] = "Bulletproofs_pp/v0/commitment";
secp256k1_sha256 sha;
secp256k1_sha256 sha_cached;
@ -131,7 +131,7 @@ static void test_bulletproofs_pp_tagged_hash(void) {
secp256k1_scalar s;
secp256k1_sha256_initialize_tagged(&sha, tag_data, sizeof(tag_data));
secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha_cached);
secp256k1_bppp_sha256_tagged_commitment_init(&sha_cached);
secp256k1_sha256_finalize(&sha, output);
secp256k1_sha256_finalize(&sha_cached, output_cached);
CHECK(secp256k1_memcmp_var(output, output_cached, 32) == 0);
@ -141,8 +141,8 @@ static void test_bulletproofs_pp_tagged_hash(void) {
0xF6, 0x91, 0x15, 0xEE, 0x74, 0xF5, 0x12, 0x67,
0x8A, 0x41, 0xC6, 0x85, 0x1A, 0x79, 0x14, 0xFC,
0x48, 0x15, 0xC7, 0x2D, 0xF8, 0x63, 0x8F, 0x1B };
secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha);
secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0);
secp256k1_bppp_sha256_tagged_commitment_init(&sha);
secp256k1_bppp_challenge_scalar(&s, &sha, 0);
secp256k1_scalar_get_b32(output, &s);
CHECK(memcmp(output, expected, sizeof(output)) == 0);
}
@ -154,7 +154,7 @@ static void test_bulletproofs_pp_tagged_hash(void) {
0x69, 0x4D, 0xAA, 0x96, 0xCE, 0x98, 0xBB, 0x39,
0x1C, 0x2F, 0x7C, 0x2E, 0x1C, 0x17, 0x78, 0x6D };
secp256k1_sha256_write(&sha, tmp, sizeof(tmp));
secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0);
secp256k1_bppp_challenge_scalar(&s, &sha, 0);
secp256k1_scalar_get_b32(output, &s);
CHECK(memcmp(output, expected, sizeof(output)) == 0);
}
@ -168,11 +168,11 @@ void test_log_exp(void) {
CHECK(secp256k1_is_power_of_two(63) == 0);
CHECK(secp256k1_is_power_of_two(256) == 1);
CHECK(secp256k1_bulletproofs_pp_log2(1) == 0);
CHECK(secp256k1_bulletproofs_pp_log2(2) == 1);
CHECK(secp256k1_bulletproofs_pp_log2(255) == 7);
CHECK(secp256k1_bulletproofs_pp_log2(256) == 8);
CHECK(secp256k1_bulletproofs_pp_log2(257) == 8);
CHECK(secp256k1_bppp_log2(1) == 0);
CHECK(secp256k1_bppp_log2(2) == 1);
CHECK(secp256k1_bppp_log2(255) == 7);
CHECK(secp256k1_bppp_log2(256) == 8);
CHECK(secp256k1_bppp_log2(257) == 8);
}
void test_norm_util_helpers(void) {
@ -205,7 +205,7 @@ void test_norm_util_helpers(void) {
secp256k1_scalar_set_int(&res2, 4740); /*i*i*4^(i+1) */
CHECK(secp256k1_scalar_eq(&res2, &res) == 1);
secp256k1_bulletproofs_powers_of_r(r_pows, &r, 4);
secp256k1_bppp_powers_of_r(r_pows, &r, 4);
secp256k1_scalar_set_int(&res, 2); CHECK(secp256k1_scalar_eq(&res, &r_pows[0]));
secp256k1_scalar_set_int(&res, 4); CHECK(secp256k1_scalar_eq(&res, &r_pows[1]));
secp256k1_scalar_set_int(&res, 16); CHECK(secp256k1_scalar_eq(&res, &r_pows[2]));
@ -215,7 +215,7 @@ void test_norm_util_helpers(void) {
static void secp256k1_norm_arg_commit_initial_data(
secp256k1_sha256* transcript,
const secp256k1_scalar* r,
const secp256k1_bulletproofs_generators* gens_vec,
const secp256k1_bppp_generators* gens_vec,
size_t g_len, /* Same as n_vec_len, g_len + c_vec_len = gens->n */
const secp256k1_scalar* c_vec,
size_t c_vec_len,
@ -225,25 +225,25 @@ static void secp256k1_norm_arg_commit_initial_data(
unsigned char ser_commit[33], ser_scalar[32], ser_le64[8];
size_t i;
secp256k1_ge comm = *commit;
secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(transcript);
secp256k1_bppp_sha256_tagged_commitment_init(transcript);
secp256k1_fe_normalize(&comm.x);
secp256k1_fe_normalize(&comm.y);
CHECK(secp256k1_ge_is_infinity(&comm) == 0);
CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &comm));
CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &comm));
secp256k1_sha256_write(transcript, ser_commit, 33);
secp256k1_scalar_get_b32(ser_scalar, r);
secp256k1_sha256_write(transcript, ser_scalar, 32);
secp256k1_bulletproofs_le64(ser_le64, g_len);
secp256k1_bppp_le64(ser_le64, g_len);
secp256k1_sha256_write(transcript, ser_le64, 8);
secp256k1_bulletproofs_le64(ser_le64, gens_vec->n);
secp256k1_bppp_le64(ser_le64, gens_vec->n);
secp256k1_sha256_write(transcript, ser_le64, 8);
for (i = 0; i < gens_vec->n; i++) {
secp256k1_fe_normalize(&gens_vec->gens[i].x);
secp256k1_fe_normalize(&gens_vec->gens[i].y);
CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &gens_vec->gens[i]));
CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &gens_vec->gens[i]));
secp256k1_sha256_write(transcript, ser_commit, 33);
}
secp256k1_bulletproofs_le64(ser_le64, c_vec_len);
secp256k1_bppp_le64(ser_le64, c_vec_len);
secp256k1_sha256_write(transcript, ser_le64, 8);
for (i = 0; i < c_vec_len; i++) {
secp256k1_scalar_get_b32(ser_scalar, &c_vec[i]);
@ -273,9 +273,9 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch,
memcpy(*gs, gens_vec, (g_len + h_len) * sizeof(secp256k1_ge));
}
/* A complete norm argument. In contrast to secp256k1_bulletproofs_pp_rangeproof_norm_product_prove, this is meant
/* A complete norm argument. In contrast to secp256k1_bppp_rangeproof_norm_product_prove, this is meant
to be used as a standalone norm argument.
This is a simple wrapper around secp256k1_bulletproofs_pp_rangeproof_norm_product_prove
This is a simple wrapper around secp256k1_bppp_rangeproof_norm_product_prove
that also commits to the initial public values used in the protocol. In this case, these public
values are commitment.
*/
@ -284,7 +284,7 @@ static int secp256k1_norm_arg_prove(
unsigned char* proof,
size_t *proof_len,
const secp256k1_scalar* r,
const secp256k1_bulletproofs_generators* gens_vec,
const secp256k1_bppp_generators* gens_vec,
const secp256k1_scalar* n_vec,
size_t n_vec_len,
const secp256k1_scalar* l_vec,
@ -307,7 +307,7 @@ static int secp256k1_norm_arg_prove(
/* Commit to the initial public values */
secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm);
res = secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
res = secp256k1_bppp_rangeproof_norm_product_prove(
ctx,
scratch,
proof,
@ -333,7 +333,7 @@ static int secp256k1_norm_arg_verify(
const unsigned char* proof,
size_t proof_len,
const secp256k1_scalar* r,
const secp256k1_bulletproofs_generators* gens_vec,
const secp256k1_bppp_generators* gens_vec,
size_t g_len,
const secp256k1_scalar* c_vec,
size_t c_vec_len,
@ -346,7 +346,7 @@ static int secp256k1_norm_arg_verify(
/* Commit to the initial public values */
secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm);
res = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
res = secp256k1_bppp_rangeproof_norm_product_verify(
ctx,
scratch,
proof,
@ -379,26 +379,26 @@ void norm_arg_zero(void) {
size_t plen = sizeof(proof);
unsigned int n_vec_len = 1;
unsigned int c_vec_len = 1;
secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len);
secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
secp256k1_scalar_set_int(&n_vec[0], 0);
secp256k1_scalar_set_int(&l_vec[0], 0);
random_scalar_order(&c_vec[0]);
secp256k1_sha256_initialize(&transcript); /* No challenges used in n = 1, l = 1, but we set transcript as a good practice*/
CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
{
secp256k1_scalar *ns, *ls, *cs;
secp256k1_ge *gs;
size_t scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch);
copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, gens->gens, n_vec_len, c_vec_len);
CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len));
CHECK(secp256k1_bppp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len));
secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);
}
secp256k1_sha256_initialize(&transcript);
CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit));
CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit));
secp256k1_bulletproofs_generators_destroy(ctx, gens);
secp256k1_bppp_generators_destroy(ctx, gens);
}
/* l is the zero vector and longer than n. This results in one of the
@ -406,7 +406,7 @@ void norm_arg_zero(void) {
{
unsigned int n_vec_len = 1;
unsigned int c_vec_len = 2;
secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len);
secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
size_t plen = sizeof(proof);
for (i = 0; i < n_vec_len; i++) {
random_scalar_order(&n_vec[i]);
@ -415,9 +415,9 @@ void norm_arg_zero(void) {
secp256k1_scalar_set_int(&l_vec[i], 0);
random_scalar_order(&c_vec[i]);
}
CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
CHECK(!secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit));
secp256k1_bulletproofs_generators_destroy(ctx, gs);
secp256k1_bppp_generators_destroy(ctx, gs);
}
secp256k1_scratch_space_destroy(ctx, scratch);
@ -429,7 +429,7 @@ void norm_arg_test(unsigned int n, unsigned int m) {
secp256k1_ge commit;
size_t i, plen;
int res;
secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n + m);
secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n + m);
secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */
unsigned char proof[1000];
plen = 1000;
@ -445,7 +445,7 @@ void norm_arg_test(unsigned int n, unsigned int m) {
random_scalar_order(&c_vec[i]);
}
res = secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q);
res = secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q);
CHECK(res == 1);
res = secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n, l_vec, m, c_vec, m, &commit);
CHECK(res == 1);
@ -462,13 +462,13 @@ void norm_arg_test(unsigned int n, unsigned int m) {
CHECK(res == 0);
secp256k1_scratch_space_destroy(ctx, scratch);
secp256k1_bulletproofs_generators_destroy(ctx, gs);
secp256k1_bppp_generators_destroy(ctx, gs);
}
/* Parses generators from points compressed as pubkeys */
secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const unsigned char* data, size_t data_len) {
secp256k1_bppp_generators* bppp_generators_parse_regular(const unsigned char* data, size_t data_len) {
size_t n = data_len / 33;
secp256k1_bulletproofs_generators* ret;
secp256k1_bppp_generators* ret;
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(data != NULL);
@ -477,7 +477,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u
return NULL;
}
ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
if (ret == NULL) {
return NULL;
}
@ -500,7 +500,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u
int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned char *gens, const unsigned char *proof, size_t plen, const unsigned char *r32, size_t n_vec_len, const unsigned char c_vec32[][32], secp256k1_scalar *c_vec, size_t c_vec_len, const unsigned char *commit33) {
secp256k1_sha256 transcript;
secp256k1_bulletproofs_generators *gs = bulletproofs_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len));
secp256k1_bppp_generators *gs = bppp_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len));
secp256k1_scalar r;
secp256k1_ge commit;
int overflow;
@ -518,9 +518,9 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch
CHECK(!overflow);
}
CHECK(secp256k1_eckey_pubkey_parse(&commit, commit33, 33));
ret = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit);
ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit);
secp256k1_bulletproofs_generators_destroy(ctx, gs);
secp256k1_bppp_generators_destroy(ctx, gs);
return ret;
}
@ -545,12 +545,12 @@ void norm_arg_verify_vectors(void) {
}
#undef IDX_TO_TEST
void run_bulletproofs_tests(void) {
void run_bppp_tests(void) {
test_log_exp();
test_norm_util_helpers();
test_bulletproofs_generators_api();
test_bulletproofs_generators_fixed();
test_bulletproofs_pp_tagged_hash();
test_bppp_generators_api();
test_bppp_generators_fixed();
test_bppp_tagged_hash();
norm_arg_zero();
norm_arg_test(1, 1);

13
src/modules/bulletproofs/Makefile.am.include
View File

@ -1,13 +0,0 @@
include_HEADERS += include/secp256k1_bulletproofs.h
noinst_HEADERS += src/modules/bulletproofs/bulletproofs_util.h
noinst_HEADERS += src/modules/bulletproofs/main_impl.h
noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h
noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h
noinst_HEADERS += src/modules/bulletproofs/tests_impl.h
if USE_BENCHMARK
noinst_PROGRAMS += bench_bulletproofs
bench_bulletproofs_SOURCES = src/bench_bulletproofs.c
bench_bulletproofs_LDADD = libsecp256k1.la $(SECP_LIBS)
bench_bulletproofs_LDFLAGS = -static
endif

4
src/secp256k1.c
View File

@ -800,8 +800,8 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32,
return 1;
}
#ifdef ENABLE_MODULE_BULLETPROOFS
# include "modules/bulletproofs/main_impl.h"
#ifdef ENABLE_MODULE_BPPP
# include "modules/bppp/main_impl.h"
#endif
#ifdef ENABLE_MODULE_ECDH

8
src/tests.c
View File

@ -7132,8 +7132,8 @@ void run_ecdsa_edge_cases(void) {
test_ecdsa_edge_cases();
}
#ifdef ENABLE_MODULE_BULLETPROOFS
# include "modules/bulletproofs/tests_impl.h"
#ifdef ENABLE_MODULE_BPPP
# include "modules/bppp/tests_impl.h"
#endif
#ifdef ENABLE_MODULE_ECDH
@ -7456,8 +7456,8 @@ int main(int argc, char **argv) {
/* EC key arithmetic test */
run_eckey_negate_test();
#ifdef ENABLE_MODULE_BULLETPROOFS
run_bulletproofs_tests();
#ifdef ENABLE_MODULE_BPPP
run_bppp_tests();
#endif
#ifdef ENABLE_MODULE_ECDH