Added more test and helper function to convert msg to base field.

Author: damrobi

Cargo.lock

@@ -37,6 +37,7 @@ ff = "0.13.1"
 group = "0.13.0"
 num-traits = "0.2.19"
 subtle = "2.6.1"
+sha2 = "0.10.9"
 
 [target.'cfg(any(target_family = "wasm", windows))'.dependencies]
 # WASM and Windows don't support rug backend, fallback to num-integer only

mithril-stm/Cargo.toml

@@ -117,9 +117,9 @@ mod key_registration;
 mod merkle_tree;
 mod parameters;
 mod participant;
-mod single_signature;
 #[cfg(feature = "future_snark")]
 mod schnorr_signatures;
+mod single_signature;
 
 pub use aggregate_signature::{
     AggregateSignature, AggregateSignatureType, AggregateVerificationKey, BasicVerifier, Clerk,

mithril-stm/src/lib.rs

@@ -1,14 +1,13 @@
 pub use midnight_curves::{
-    EDWARDS_D, Fq as JubjubBase, Fr as JubjubScalar,
-    JubjubAffine, JubjubExtended, JubjubSubgroup,
+    EDWARDS_D, Fq as JubjubBase, Fr as JubjubScalar, JubjubAffine, JubjubExtended, JubjubSubgroup,
 };
 
 use ff::Field;
+use sha2::{Digest, Sha256};
 use subtle::{Choice, ConstantTimeEq};
 
 use std::slice;
 
-
 pub fn get_coordinates(point: JubjubSubgroup) -> (JubjubBase, JubjubBase) {
     let extended: JubjubExtended = point.into(); // Convert to JubjubExtended
     let affine: JubjubAffine = extended.into(); // Convert to JubjubAffine (affine coordinates)
@@ -27,7 +26,6 @@ pub fn jubjub_base_to_scalar(x: JubjubBase) -> JubjubScalar {
     ])
 }
 
-
 pub fn is_on_curve(u: JubjubBase, v: JubjubBase) -> Choice {
     let u2 = u.square();
     let v2 = v.square();
@@ -41,3 +39,15 @@ pub fn is_on_curve(u: JubjubBase, v: JubjubBase) -> Choice {
     // Compare in constant time
     lhs.ct_eq(&rhs)
 }
+
+pub fn hash_msg_to_base(msg: &[u8]) -> JubjubBase {
+    let mut hash = Sha256::new();
+    hash.update(msg);
+    let hmsg = hash.finalize();
+    let mut output = [0u8; 32];
+    output.copy_from_slice(hmsg.as_slice());
+
+    output[31] &= 0x0f;
+
+    JubjubBase::from_bytes_le(&output).unwrap()
+}

mithril-stm/src/schnorr_signatures/helper.rs

@@ -5,20 +5,15 @@ pub use midnight_curves::{
 };
 
 use midnight_circuits::{
-    ecc::{
-        hash_to_curve::HashToCurveGadget,
-        native::EccChip,
-    },
+    ecc::{hash_to_curve::HashToCurveGadget, native::EccChip},
     hash::poseidon::PoseidonChip,
-    instructions::{
-        HashToCurveCPU,
-        hash::HashCPU,
-    },
+    instructions::{HashToCurveCPU, hash::HashCPU},
     types::AssignedNative,
 };
 
-use ff::{Field};
+use ff::Field;
 use group::Group;
+use sha2::{Digest, Sha256};
 
 use subtle::{Choice, ConstantTimeEq};
 use thiserror::Error;
@@ -28,12 +23,11 @@ mod signature;
 mod signing_key;
 mod verification_key;
 
+pub use helper::*;
 pub use signature::*;
 pub use signing_key::*;
 pub use verification_key::*;
 
-
-
 type JubjubHashToCurve = HashToCurveGadget<
     JubjubBase,
     Jubjub,
@@ -46,7 +40,6 @@ type PoseidonHash = PoseidonChip<JubjubBase>;
 
 pub(crate) const DST_SIGNATURE: JubjubBase = JubjubBase::from_raw([2u64, 0, 0, 0]);
 
-
 #[derive(Debug, Error)]
 pub enum SignatureError {
     #[error("Verification failed: Signature is invalid.")]
@@ -56,20 +49,30 @@ pub enum SignatureError {
     SerializationError,
 }
 
-
+fn u64s_from_bytes(bytes: &[u8; 32]) -> [u64; 4] {
+    [
+        u64::from_le_bytes(bytes[0..8].try_into().unwrap()),
+        u64::from_le_bytes(bytes[8..16].try_into().unwrap()),
+        u64::from_le_bytes(bytes[16..24].try_into().unwrap()),
+        u64::from_le_bytes(bytes[24..32].try_into().unwrap()),
+    ]
+}
 
 #[cfg(test)]
 mod tests {
     // use blst::{blst_p1, blst_p2};
     use proptest::prelude::*;
     use rand_chacha::ChaCha20Rng;
-    use rand_core::{RngCore, SeedableRng, OsRng};
+    use rand_core::{OsRng, RngCore, SeedableRng};
 
     // use crate::bls_multi_signature::helper::unsafe_helpers::{p1_affine_to_sig, p2_affine_to_vk};
     use crate::error::{MultiSignatureError, RegisterError};
     use crate::key_registration::KeyRegistration;
 
-    use blake2::{Blake2b, Blake2s256,Blake2b512, digest::{Digest, FixedOutput, consts::U32}};
+    use blake2::{
+        Blake2b, Blake2b512, Blake2s256,
+        digest::{Digest, FixedOutput, consts::U32},
+    };
 
     type Blake2b256 = Blake2b<U32>;
 
@@ -89,40 +92,54 @@ mod tests {
 
     impl Eq for SchnorrSigningKey {}
 
+    // Testing conversion from arbitrary message to base field element
     #[test]
-    fn test_sig(
-    ) {
-
-        let msg = vec![0,0,0,1];
+    fn test_hash_msg_to_bas() {
+        let msg = vec![0, 0, 0, 1];
+        let h = hash_msg_to_base(&msg);
+        println!("{:?}", h);
+    }
 
+    // Testing basic signature using Sha256 to hash the message
+    #[test]
+    fn test_sig() {
+        let msg = vec![0, 0, 0, 1];
         let mut rng = OsRng;
 
         let sk = SchnorrSigningKey::generate(&mut ChaCha20Rng::from_entropy());
         let vk = SchnorrVerificationKey::from(&sk);
 
+        let msg = hash_msg_to_base(&msg);
+
+        let sig = sk.sign(msg, &mut rng);
+
+        sig.verify(msg, &vk).unwrap();
+    }
+
+    // Testing basic signature using Blake2b256 to hash the message
+    #[test]
+    fn test_sig_blake() {
+        let mut rng = OsRng;
+        let msg = vec![0, 0, 0, 1];
+        let sk = SchnorrSigningKey::generate(&mut ChaCha20Rng::from_entropy());
+        let vk = SchnorrVerificationKey::from(&sk);
+
         let mut hash = Blake2b256::new();
         hash.update(msg);
         let hmsg = hash.finalize();
         let mut output = [0u8; 32];
         output.copy_from_slice(hmsg.as_slice());
 
         let msg = JubjubBase::from_bytes_be(&output).unwrap();
-
         let sig = sk.sign(msg, &mut rng);
-
         sig.verify(msg, &vk).unwrap();
     }
 
     /// Test signing functionality.
     #[test]
     fn test_signature_verification_valid() {
-        let msg = vec![0,0,0,1];
-        let mut hash = Blake2b256::new();
-        hash.update(msg);
-        let hmsg = hash.finalize();
-        let mut output = [0u8; 32];
-        output.copy_from_slice(hmsg.as_slice());
-        let msg = JubjubBase::from_bytes_be(&output).unwrap();
+        let msg = vec![0, 0, 0, 1];
+        let msg = hash_msg_to_base(&msg);
 
         let mut rng = OsRng;
         let sk = SchnorrSigningKey::generate(&mut rng);
@@ -190,6 +207,4 @@ mod tests {
         let sk2 = SchnorrSigningKey::from_bytes(&sk_bytes).unwrap();
         assert_eq!(sk, sk2);
     }
-
-
-}
+}

mithril-stm/src/schnorr_signatures/mod.rs

@@ -1,23 +1,12 @@
+use midnight_circuits::instructions::{HashToCurveCPU, hash::HashCPU};
 
-use midnight_circuits::{
-    instructions::{
-        HashToCurveCPU,
-        hash::HashCPU,
-    },
-};
-
-pub use midnight_curves::{Fq as JubjubBase, Fr as JubjubScalar,
-    JubjubSubgroup,
-};
-
+pub use midnight_curves::{Fq as JubjubBase, Fr as JubjubScalar, JubjubSubgroup};
 
 use group::Group;
 
-use crate::schnorr_signatures::helper::{get_coordinates, jubjub_base_to_scalar, is_on_curve};
+use crate::schnorr_signatures::helper::{get_coordinates, is_on_curve, jubjub_base_to_scalar};
 use crate::schnorr_signatures::verification_key::*;
-use crate::schnorr_signatures::{JubjubHashToCurve, SignatureError, PoseidonHash, DST_SIGNATURE};
-
-
+use crate::schnorr_signatures::{DST_SIGNATURE, JubjubHashToCurve, PoseidonHash, SignatureError};
 
 /// Schnorr signature including the value sigma used for the lottery
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -29,7 +18,11 @@ pub struct SchnorrSignature {
 
 impl SchnorrSignature {
     /// Verify a signature against a verification key.
-    pub fn verify(&self, msg: JubjubBase, vk: &SchnorrVerificationKey) -> Result<(), SignatureError> {
+    pub fn verify(
+        &self,
+        msg: JubjubBase,
+        vk: &SchnorrVerificationKey,
+    ) -> Result<(), SignatureError> {
         let g = JubjubSubgroup::generator();
         let hash = JubjubHashToCurve::hash_to_curve(&[msg]);
         let c_scalar = jubjub_base_to_scalar(self.c);
@@ -67,4 +60,3 @@ impl SchnorrSignature {
         (x, y)
     }
 }
-

mithril-stm/src/schnorr_signatures/signature.rs

@@ -1,12 +1,6 @@
-
-pub use midnight_curves::{Fq as JubjubBase, Fr as JubjubScalar,
-    JubjubExtended as Jubjub, JubjubExtended, JubjubSubgroup
-};
-use midnight_circuits::{
-    instructions::{
-        HashToCurveCPU,
-        hash::HashCPU,
-    },
+use midnight_circuits::instructions::{HashToCurveCPU, hash::HashCPU};
+pub use midnight_curves::{
+    Fq as JubjubBase, Fr as JubjubScalar, JubjubExtended as Jubjub, JubjubExtended, JubjubSubgroup,
 };
 
 use ff::Field;
@@ -15,13 +9,14 @@ use rand_core::{CryptoRng, RngCore};
 use subtle::CtOption;
 use thiserror::Error;
 
-use crate::{error::MultiSignatureError, schnorr_signatures::helper::{get_coordinates, is_on_curve, jubjub_base_to_scalar}};
-use crate::schnorr_signatures::verification_key::*;
 use crate::schnorr_signatures::signature::*;
+use crate::schnorr_signatures::verification_key::*;
+use crate::{
+    error::MultiSignatureError,
+    schnorr_signatures::helper::{get_coordinates, is_on_curve, jubjub_base_to_scalar},
+};
 
-use crate::schnorr_signatures::{JubjubHashToCurve, SignatureError, PoseidonHash, DST_SIGNATURE};
-
-
+use crate::schnorr_signatures::{DST_SIGNATURE, JubjubHashToCurve, PoseidonHash, SignatureError};
 
 /// The signing key is a scalar from the Jubjub scalar field
 #[derive(Debug, Clone)]
@@ -35,7 +30,7 @@ impl SchnorrSigningKey {
     }
 
     /// A slightly modified version of the regular Schnorr signature (I think)
-    /// We include the computation of sigma, a value depending only on the msg 
+    /// We include the computation of sigma, a value depending only on the msg
     /// and the secret key as it is used for the lottery process
     pub fn sign(&self, msg: JubjubBase, rng: &mut (impl RngCore + CryptoRng)) -> SchnorrSignature {
         let g = JubjubSubgroup::generator();
@@ -84,15 +79,21 @@ impl SchnorrSigningKey {
     /// Fails if the byte string represents a scalar larger than the group order.
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, MultiSignatureError> {
         // This is a bit ugly, I'll try to find a better way to do it
-        let bytes = bytes.get(..32).ok_or(MultiSignatureError::SerializationError)?.try_into().unwrap();
+        let bytes = bytes
+            .get(..32)
+            .ok_or(MultiSignatureError::SerializationError)?
+            .try_into()
+            .unwrap();
         // Jubjub returs a CtChoice so I convert it to an option that looses the const time property
-        match JubjubScalar::from_bytes(bytes).into_option().ok_or(MultiSignatureError::SerializationError) {
+        match JubjubScalar::from_bytes(bytes)
+            .into_option()
+            .ok_or(MultiSignatureError::SerializationError)
+        {
             Ok(sk) => Ok(Self(sk)),
             // the error should be updated
-            Err(e) => Err(e)
+            Err(e) => Err(e),
         }
     }
-
 }
 
 // Should we have this implementation?
@@ -102,4 +103,4 @@ impl From<&SchnorrSigningKey> for SchnorrVerificationKey {
         let vk = &g * &sk.0;
         SchnorrVerificationKey(vk)
     }
-}
+}

mithril-stm/src/schnorr_signatures/signing_key.rs

@@ -1,35 +1,25 @@
 use midnight_circuits::{
-    ecc::{
-        hash_to_curve::HashToCurveGadget,
-        native::EccChip,
-    },
+    ecc::{hash_to_curve::HashToCurveGadget, native::EccChip},
     hash::poseidon::PoseidonChip,
-    instructions::{
-        HashToCurveCPU,
-        hash::HashCPU,
-    },
+    instructions::{HashToCurveCPU, hash::HashCPU},
     types::AssignedNative,
 };
 
-pub use midnight_curves::{Fq as JubjubBase, Fr as JubjubScalar,
-    JubjubExtended as Jubjub, JubjubExtended, JubjubSubgroup,
+pub use midnight_curves::{
+    Fq as JubjubBase, Fr as JubjubScalar, JubjubExtended as Jubjub, JubjubExtended, JubjubSubgroup,
 };
 
-
 use ff::Field;
 use group::Group;
 use rand_core::{CryptoRng, RngCore};
 use thiserror::Error;
 
-use crate::schnorr_signatures::helper::{get_coordinates, jubjub_base_to_scalar, is_on_curve};
-use crate::schnorr_signatures::{JubjubHashToCurve, SignatureError, PoseidonHash, DST_SIGNATURE};
-
-
+use crate::schnorr_signatures::helper::{get_coordinates, is_on_curve, jubjub_base_to_scalar};
+use crate::schnorr_signatures::{DST_SIGNATURE, JubjubHashToCurve, PoseidonHash, SignatureError};
 
 #[derive(Debug, Clone, Copy, Default)]
 pub struct SchnorrVerificationKey(pub JubjubSubgroup);
 
-
 impl SchnorrVerificationKey {
     pub fn to_field(&self) -> [JubjubBase; 2] {
         let (x, y) = get_coordinates(self.0);
@@ -68,4 +58,4 @@ impl SchnorrVerificationKey {
 
         Ok(SchnorrVerificationKey(point))
     }
-}
+}