github.com/dusk-network/dusk-crypto@v0.1.3/rangeproof/debug.go (about) 1 package rangeproof 2 3 import ( 4 "math/big" 5 6 "github.com/pkg/errors" 7 8 ristretto "github.com/bwesterb/go-ristretto" 9 "github.com/dusk-network/dusk-crypto/rangeproof/vector" 10 11 "github.com/dusk-network/dusk-crypto/rangeproof/pedersen" 12 ) 13 14 // Put all debug functions here 15 func debugProve(x, y, z ristretto.Scalar, v, l, r []ristretto.Scalar, aL, aR, sL, sR []ristretto.Scalar) error { 16 17 ok, err := debugLxG(l, x, z, aL, aR, sL) 18 if !ok { 19 return errors.Wrap(err, "[DEBUG]: <l(x), G> is constructed incorrectly") 20 } 21 22 ok, err = debugRxHPrime(r, x, y, z, aR, sR) 23 if !ok { 24 return errors.Wrap(err, "[DEBUG]: <r(x), H'> is constructed incorrectly") 25 } 26 27 for i := range v { 28 29 ok = debugsizeOfV(v[i].BigInt()) 30 if !ok { 31 return errors.New("[DEBUG]: Value v is more than 2^N - 1") 32 } 33 } 34 35 return nil 36 } 37 38 // DEBUG 39 40 func debugT0(aL, aR []ristretto.Scalar, y, z ristretto.Scalar) (ristretto.Scalar, error) { 41 42 aLMinusZ := vector.SubScalar(aL, z) 43 44 aRPlusZ := vector.AddScalar(aR, z) 45 46 yNM := vector.ScalarPowers(y, uint32(N*M)) 47 48 hada, err := vector.Hadamard(yNM, aRPlusZ) 49 if err != nil { 50 return ristretto.Scalar{}, err 51 } 52 53 zMTwoN := sumZMTwoN(z) 54 55 rightIP, err := vector.Add(zMTwoN, hada) 56 if err != nil { 57 return ristretto.Scalar{}, err 58 } 59 60 iP, err := vector.InnerProduct(aLMinusZ, rightIP) 61 if err != nil { 62 return ristretto.Scalar{}, err 63 } 64 65 return iP, nil 66 } 67 68 // <l(x), G> = <aL, G> + x<sL, G> +<-z1, G> 69 func debugLxG(l []ristretto.Scalar, x, z ristretto.Scalar, aL, aR, sL []ristretto.Scalar) (bool, error) { 70 71 var P ristretto.Point 72 P.SetZero() 73 74 genData := []byte("dusk.BulletProof.vec1") 75 ped := pedersen.New(genData) 76 ped.BaseVector.Compute(uint32((N * M))) 77 78 G := ped.BaseVector.Bases 79 80 lG, err := vector.Exp(l, G, N, M) 81 if err != nil { 82 return false, errors.Wrap(err, "<l(x), G>") 83 } 84 // <aL,G> 85 aLG, err := vector.Exp(aL, G, N, M) 86 if err != nil { 87 return false, errors.Wrap(err, "<aL,G>") 88 } 89 // x<sL, G> 90 sLG, err := vector.Exp(sL, G, N, M) 91 if err != nil { 92 return false, errors.Wrap(err, "x<sL, G>") 93 } 94 var xsLG ristretto.Point 95 xsLG.ScalarMult(&sLG, &x) 96 97 // <-z1, G> 98 var zNeg ristretto.Scalar 99 zNeg.Neg(&z) 100 zNegG, err := vector.Exp(vector.FromScalar(zNeg, uint32(N*M)), G, N, M) 101 if err != nil { 102 return false, errors.Wrap(err, "<-z1, G>") 103 } 104 var rhs ristretto.Point 105 rhs.SetZero() 106 rhs.Add(&aLG, &xsLG) 107 rhs.Add(&rhs, &zNegG) 108 109 return lG.Equals(&rhs), nil 110 } 111 112 // < r(x), H'> = <aR, H> + x<sR, H> + <z*y^(n*m), H'> + sum( (< <z^(j+1),2^n>, H') ) from j = 1 to j = m 113 func debugRxHPrime(r []ristretto.Scalar, x, y, z ristretto.Scalar, aR, sR []ristretto.Scalar) (bool, error) { 114 115 genData := []byte("dusk.BulletProof.vec1") 116 117 genData = append(genData, uint8(1)) 118 119 ped2 := pedersen.New(genData) 120 ped2.BaseVector.Compute(uint32((N * M))) 121 122 H := ped2.BaseVector.Bases 123 124 Hprime := computeHprime(H, y) 125 126 // <r(x), H'> 127 rH, err := vector.Exp(r, Hprime, N, M) 128 if err != nil { 129 return false, errors.Wrap(err, "<r(x), H'>") 130 } 131 132 // <aR,H> 133 aRH, err := vector.Exp(aR, H, N, M) 134 if err != nil { 135 return false, errors.Wrap(err, "<aR,H>") 136 } 137 // x<sR, H> 138 sRH, err := vector.Exp(sR, H, N, M) 139 if err != nil { 140 141 return false, errors.Wrap(err, "x<sR, H>") 142 } 143 var xsRH ristretto.Point 144 xsRH.SetZero() 145 xsRH.ScalarMult(&sRH, &x) 146 147 // y^(n*m) 148 yNM := vector.ScalarPowers(y, uint32(N*M)) 149 150 // z*y^nm 151 zMulYn := vector.MulScalar(yNM, z) 152 153 // p = <z*y^nm , H'> 154 p, err := vector.Exp(zMulYn, Hprime, N, M) 155 if err != nil { 156 return false, errors.Wrap(err, "<z*y^nm , H'>") 157 } 158 // k = sum( (< <z^(j+1) * 2^n>, H') ) from j = 1 to j = m 159 k, err := vector.Exp(sumZMTwoN(z), Hprime, N, M) 160 if err != nil { 161 return false, errors.Wrap(err, "k = sum()...") 162 } 163 164 var rhs ristretto.Point 165 rhs.SetZero() 166 167 rhs.Add(&aRH, &xsRH) 168 rhs.Add(&rhs, &p) 169 rhs.Add(&rhs, &k) 170 171 return rH.Equals(&rhs), nil 172 } 173 174 // debugsizeOfV returns true if v is less than 2^N - 1 175 func debugsizeOfV(v *big.Int) bool { 176 var twoN, e, one = big.NewInt(2), big.NewInt(int64(N)), big.NewInt(int64(1)) 177 twoN.Exp(twoN, e, nil) 178 twoN.Sub(twoN, one) 179 180 cmp := v.Cmp(twoN) 181 return (cmp == -1) 182 }