Extended feats

w3f-plonk-common/Cargo.toml

@@ -1,11 +1,12 @@
 [package]
 name = "w3f-plonk-common"
-version = "0.0.1"
+version = "0.0.2"
 edition = "2021"
 authors = ["Sergey Vasilyev <swasilyev@gmail.com>"]
 license = "MIT/Apache-2.0"
 description = "Infrastructure for creating plonk-like proofs"
 keywords = ["cryptography", "plonk"]
+repository = "https://github.com/w3f/ring-proof"
 
 [dependencies]
 ark-std.workspace = true
@@ -44,3 +45,4 @@ parallel = [
 ]
 print-trace = ["ark-std/print-trace"]
 asm = ["w3f-pcs/asm"]
+test-vectors = []

w3f-plonk-common/src/domain.rs

@@ -109,7 +109,7 @@ impl<F: FftField> Domain<F> {
     pub(crate) fn column(&self, mut evals: Vec<F>, hidden: bool) -> FieldColumn<F> {
         let len = evals.len();
         assert!(len <= self.capacity);
-        if self.hiding && hidden {
+        if self.hiding && hidden && !cfg!(feature = "test-vectors") {
             evals.resize(self.capacity, F::zero());
             evals.resize_with(self.domains.x1.size(), || {
                 F::rand(&mut getrandom_or_panic::getrandom_or_panic())

w3f-ring-proof/Cargo.toml

@@ -1,11 +1,12 @@
 [package]
 name = "w3f-ring-proof"
-version = "0.0.1"
+version = "0.0.2"
 edition = "2021"
 authors = ["Sergey Vasilyev <swasilyev@gmail.com>"]
 license = "MIT/Apache-2.0"
 description = "zk-proof of knowledge of the blinding factor for a Pedersen commitment"
 keywords = ["cryptography", "ring-vrf"]
+repository = "https://github.com/w3f/ring-proof"
 
 [dependencies]
 ark-std.workspace = true
@@ -16,7 +17,6 @@ ark-serialize.workspace = true
 w3f-pcs.workspace = true
 rayon = { workspace = true, optional = true }
 w3f-plonk-common = { path="../w3f-plonk-common", default-features = false }
-blake2 = { version = "0.10", default-features = false }
 ark-transcript = { version = "0.0.3", default-features = false }
 
 [dev-dependencies]
@@ -49,3 +49,4 @@ print-trace = [
   "w3f-plonk-common/print-trace"
 ]
 asm = [ "w3f-pcs/asm" ]
+test-vectors = [ "w3f-plonk-common/test-vectors" ]

w3f-ring-proof/src/lib.rs

@@ -1,7 +1,5 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
-use ark_ec::twisted_edwards::{Affine, TECurveConfig};
-use ark_ec::AffineRepr;
 use ark_ff::PrimeField;
 use ark_serialize::CanonicalSerialize;
 use ark_std::rand::RngCore;
@@ -24,26 +22,6 @@ pub type RingProof<F, CS> = Proof<F, CS, RingCommitments<F, <CS as PCS<F>>::C>,
 /// Polynomial Commitment Schemes.
 pub use w3f_pcs::pcs;
 
-// Try and increment hash to curve.
-pub(crate) fn hash_to_curve<F: PrimeField, Curve: TECurveConfig<BaseField = F>>(
-    message: &[u8],
-) -> Affine<Curve> {
-    use blake2::Digest;
-    let mut seed = message.to_vec();
-    let cnt_offset = seed.len();
-    seed.push(0);
-    loop {
-        let hash: [u8; 64] = blake2::Blake2b::digest(&seed[..]).into();
-        let x = F::from_le_bytes_mod_order(&hash);
-        if let Some(point) = Affine::<Curve>::get_point_from_y_unchecked(x, false) {
-            let point = point.clear_cofactor();
-            assert!(point.is_in_correct_subgroup_assuming_on_curve());
-            return point;
-        }
-        seed[cnt_offset] += 1;
-    }
-}
-
 #[derive(Clone)]
 pub struct ArkTranscript(ark_transcript::Transcript);
 
@@ -121,7 +99,7 @@ mod tests {
             ArkTranscript::new(b"w3f-ring-proof-test"),
         );
         let t_verify = start_timer!(|| "Verify");
-        let res = ring_verifier.verify_ring_proof(proof, result.into_affine());
+        let res = ring_verifier.verify(proof, result.into_affine());
         end_timer!(t_verify);
         assert!(res);
     }
@@ -160,7 +138,8 @@ mod tests {
         let domain = Domain::new(domain_size, true);
         let h = EdwardsAffine::rand(rng);
         let seed = EdwardsAffine::rand(rng);
-        let piop_params = PiopParams::setup(domain, h, seed);
+        let pad = EdwardsAffine::rand(rng);
+        let piop_params = PiopParams::setup(domain, h, seed, pad);
 
         (pcs_params, piop_params)
     }

w3f-ring-proof/src/piop/params.rs

@@ -31,8 +31,12 @@ pub struct PiopParams<F: PrimeField, Curve: TECurveConfig<BaseField = F>> {
 }
 
 impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopParams<F, Curve> {
-    pub fn setup(domain: Domain<F>, h: Affine<Curve>, seed: Affine<Curve>) -> Self {
-        let padding_point = crate::hash_to_curve(b"/w3f/w3f-ring-proof/padding");
+    pub fn setup(
+        domain: Domain<F>,
+        h: Affine<Curve>,
+        seed: Affine<Curve>,
+        padding_point: Affine<Curve>,
+    ) -> Self {
         let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize;
         // 1 accounts for the last cells of the points and bits columns that remain unconstrained
         let keyset_part_size = domain.capacity - scalar_bitlen - 1;
@@ -107,8 +111,10 @@ mod tests {
         let rng = &mut test_rng();
         let h = EdwardsAffine::rand(rng);
         let seed = EdwardsAffine::rand(rng);
+        let pad = EdwardsAffine::rand(rng);
         let domain = Domain::new(1024, false);
-        let params = PiopParams::<Fq, BandersnatchConfig>::setup(domain, h, seed);
+
+        let params = PiopParams::<Fq, BandersnatchConfig>::setup(domain, h, seed, pad);
         let t = Fr::rand(rng);
         let t_bits = params.scalar_part(t);
         let th = cond_sum(&t_bits, &params.power_of_2_multiples_of_h());

w3f-ring-proof/src/ring.rs

@@ -284,8 +284,9 @@ mod tests {
         // piop params
         let h = EdwardsAffine::rand(rng);
         let seed = EdwardsAffine::rand(rng);
+        let pad = EdwardsAffine::rand(rng);
         let domain = Domain::new(domain_size, true);
-        let piop_params = PiopParams::setup(domain, h, seed);
+        let piop_params = PiopParams::setup(domain, h, seed, pad);
 
         let mut ring = TestRing::empty(&piop_params, srs, ring_builder_key.g1);
         let (monimial_cx, monimial_cy) = get_monomial_commitment(&pcs_params, &piop_params, &[]);
@@ -315,8 +316,9 @@ mod tests {
         // piop params
         let h = EdwardsAffine::rand(rng);
         let seed = EdwardsAffine::rand(rng);
+        let pad = EdwardsAffine::rand(rng);
         let domain = Domain::new(domain_size, true);
-        let piop_params = PiopParams::setup(domain, h, seed);
+        let piop_params = PiopParams::setup(domain, h, seed, pad);
 
         let ring = TestRing::empty(&piop_params, srs, ring_builder_key.g1);
         let same_ring = TestRing::with_keys(&piop_params, &[], &ring_builder_key);

w3f-ring-proof/src/ring_prover.rs

@@ -7,9 +7,9 @@ use w3f_plonk_common::transcript::PlonkTranscript;
 
 use crate::piop::params::PiopParams;
 use crate::piop::{FixedColumns, PiopProver, ProverKey};
-use crate::RingProof;
+use crate::{ArkTranscript, RingProof};
 
-pub struct RingProver<F, CS, Curve, T>
+pub struct RingProver<F, CS, Curve, T = ArkTranscript>
 where
     F: PrimeField,
     CS: PCS<F>,

w3f-ring-proof/src/ring_verifier.rs

@@ -10,9 +10,9 @@ use w3f_plonk_common::verifier::PlonkVerifier;
 
 use crate::piop::params::PiopParams;
 use crate::piop::{FixedColumnsCommitted, PiopVerifier, VerifierKey};
-use crate::RingProof;
+use crate::{ArkTranscript, RingProof};
 
-pub struct RingVerifier<F, CS, Jubjub, T>
+pub struct RingVerifier<F, CS, Jubjub, T = ArkTranscript>
 where
     F: PrimeField,
     CS: PCS<F>,
@@ -45,7 +45,7 @@ where
         }
     }
 
-    pub fn verify_ring_proof(&self, proof: RingProof<F, CS>, result: Affine<Jubjub>) -> bool {
+    pub fn verify(&self, proof: RingProof<F, CS>, result: Affine<Jubjub>) -> bool {
         let (challenges, mut rng) = self.plonk_verifier.restore_challenges(
             &result,
             &proof,