github.com/dusk-network/dusk-crypto@v0.1.3/rangeproof/debug.go (about)

     1  package rangeproof
     2  
     3  import (
     4  	"math/big"
     5  
     6  	"github.com/pkg/errors"
     7  
     8  	ristretto "github.com/bwesterb/go-ristretto"
     9  	"github.com/dusk-network/dusk-crypto/rangeproof/vector"
    10  
    11  	"github.com/dusk-network/dusk-crypto/rangeproof/pedersen"
    12  )
    13  
    14  // Put all debug functions here
    15  func debugProve(x, y, z ristretto.Scalar, v, l, r []ristretto.Scalar, aL, aR, sL, sR []ristretto.Scalar) error {
    16  
    17  	ok, err := debugLxG(l, x, z, aL, aR, sL)
    18  	if !ok {
    19  		return errors.Wrap(err, "[DEBUG]: <l(x), G> is constructed incorrectly")
    20  	}
    21  
    22  	ok, err = debugRxHPrime(r, x, y, z, aR, sR)
    23  	if !ok {
    24  		return errors.Wrap(err, "[DEBUG]: <r(x), H'> is constructed incorrectly")
    25  	}
    26  
    27  	for i := range v {
    28  
    29  		ok = debugsizeOfV(v[i].BigInt())
    30  		if !ok {
    31  			return errors.New("[DEBUG]: Value v is more than 2^N - 1")
    32  		}
    33  	}
    34  
    35  	return nil
    36  }
    37  
    38  // DEBUG
    39  
    40  func debugT0(aL, aR []ristretto.Scalar, y, z ristretto.Scalar) (ristretto.Scalar, error) {
    41  
    42  	aLMinusZ := vector.SubScalar(aL, z)
    43  
    44  	aRPlusZ := vector.AddScalar(aR, z)
    45  
    46  	yNM := vector.ScalarPowers(y, uint32(N*M))
    47  
    48  	hada, err := vector.Hadamard(yNM, aRPlusZ)
    49  	if err != nil {
    50  		return ristretto.Scalar{}, err
    51  	}
    52  
    53  	zMTwoN := sumZMTwoN(z)
    54  
    55  	rightIP, err := vector.Add(zMTwoN, hada)
    56  	if err != nil {
    57  		return ristretto.Scalar{}, err
    58  	}
    59  
    60  	iP, err := vector.InnerProduct(aLMinusZ, rightIP)
    61  	if err != nil {
    62  		return ristretto.Scalar{}, err
    63  	}
    64  
    65  	return iP, nil
    66  }
    67  
    68  // <l(x), G> =  <aL, G> + x<sL, G> +<-z1, G>
    69  func debugLxG(l []ristretto.Scalar, x, z ristretto.Scalar, aL, aR, sL []ristretto.Scalar) (bool, error) {
    70  
    71  	var P ristretto.Point
    72  	P.SetZero()
    73  
    74  	genData := []byte("dusk.BulletProof.vec1")
    75  	ped := pedersen.New(genData)
    76  	ped.BaseVector.Compute(uint32((N * M)))
    77  
    78  	G := ped.BaseVector.Bases
    79  
    80  	lG, err := vector.Exp(l, G, N, M)
    81  	if err != nil {
    82  		return false, errors.Wrap(err, "<l(x), G>")
    83  	}
    84  	// <aL,G>
    85  	aLG, err := vector.Exp(aL, G, N, M)
    86  	if err != nil {
    87  		return false, errors.Wrap(err, "<aL,G>")
    88  	}
    89  	// x<sL, G>
    90  	sLG, err := vector.Exp(sL, G, N, M)
    91  	if err != nil {
    92  		return false, errors.Wrap(err, "x<sL, G>")
    93  	}
    94  	var xsLG ristretto.Point
    95  	xsLG.ScalarMult(&sLG, &x)
    96  
    97  	// <-z1, G>
    98  	var zNeg ristretto.Scalar
    99  	zNeg.Neg(&z)
   100  	zNegG, err := vector.Exp(vector.FromScalar(zNeg, uint32(N*M)), G, N, M)
   101  	if err != nil {
   102  		return false, errors.Wrap(err, "<-z1, G>")
   103  	}
   104  	var rhs ristretto.Point
   105  	rhs.SetZero()
   106  	rhs.Add(&aLG, &xsLG)
   107  	rhs.Add(&rhs, &zNegG)
   108  
   109  	return lG.Equals(&rhs), nil
   110  }
   111  
   112  // < r(x), H'> = <aR, H> + x<sR, H> + <z*y^(n*m), H'> + sum( (< <z^(j+1),2^n>, H') ) from j = 1 to j = m
   113  func debugRxHPrime(r []ristretto.Scalar, x, y, z ristretto.Scalar, aR, sR []ristretto.Scalar) (bool, error) {
   114  
   115  	genData := []byte("dusk.BulletProof.vec1")
   116  
   117  	genData = append(genData, uint8(1))
   118  
   119  	ped2 := pedersen.New(genData)
   120  	ped2.BaseVector.Compute(uint32((N * M)))
   121  
   122  	H := ped2.BaseVector.Bases
   123  
   124  	Hprime := computeHprime(H, y)
   125  
   126  	// <r(x), H'>
   127  	rH, err := vector.Exp(r, Hprime, N, M)
   128  	if err != nil {
   129  		return false, errors.Wrap(err, "<r(x), H'>")
   130  	}
   131  
   132  	// <aR,H>
   133  	aRH, err := vector.Exp(aR, H, N, M)
   134  	if err != nil {
   135  		return false, errors.Wrap(err, "<aR,H>")
   136  	}
   137  	// x<sR, H>
   138  	sRH, err := vector.Exp(sR, H, N, M)
   139  	if err != nil {
   140  
   141  		return false, errors.Wrap(err, "x<sR, H>")
   142  	}
   143  	var xsRH ristretto.Point
   144  	xsRH.SetZero()
   145  	xsRH.ScalarMult(&sRH, &x)
   146  
   147  	// y^(n*m)
   148  	yNM := vector.ScalarPowers(y, uint32(N*M))
   149  
   150  	// z*y^nm
   151  	zMulYn := vector.MulScalar(yNM, z)
   152  
   153  	// p = <z*y^nm , H'>
   154  	p, err := vector.Exp(zMulYn, Hprime, N, M)
   155  	if err != nil {
   156  		return false, errors.Wrap(err, "<z*y^nm , H'>")
   157  	}
   158  	// k = sum( (< <z^(j+1) * 2^n>, H') ) from j = 1 to j = m
   159  	k, err := vector.Exp(sumZMTwoN(z), Hprime, N, M)
   160  	if err != nil {
   161  		return false, errors.Wrap(err, "k = sum()...")
   162  	}
   163  
   164  	var rhs ristretto.Point
   165  	rhs.SetZero()
   166  
   167  	rhs.Add(&aRH, &xsRH)
   168  	rhs.Add(&rhs, &p)
   169  	rhs.Add(&rhs, &k)
   170  
   171  	return rH.Equals(&rhs), nil
   172  }
   173  
   174  // debugsizeOfV returns true if v is less than 2^N - 1
   175  func debugsizeOfV(v *big.Int) bool {
   176  	var twoN, e, one = big.NewInt(2), big.NewInt(int64(N)), big.NewInt(int64(1))
   177  	twoN.Exp(twoN, e, nil)
   178  	twoN.Sub(twoN, one)
   179  
   180  	cmp := v.Cmp(twoN)
   181  	return (cmp == -1)
   182  }