Merge branch 'ax/crypto-update' into ax/reshare-core

Author: alxiong

timeboost-crypto/src/feldman.rs

@@ -9,7 +9,7 @@ use derive_more::{Deref, From, IntoIterator};
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
-use std::{iter::successors, num::NonZeroU32};
+use std::{iter::successors, num::NonZeroUsize};
 
 use crate::{
     interpolation::{interpolate, interpolate_in_exponent},
@@ -23,22 +23,22 @@ pub struct FeldmanVss<C: CurveGroup>(PhantomData<C>);
 #[derive(Debug, Clone, Copy)]
 pub struct FeldmanVssPublicParam {
     // reconstruction threshold t
-    pub t: NonZeroU32,
+    pub t: NonZeroUsize,
     // total number of nodes
-    pub n: NonZeroU32,
+    pub n: NonZeroUsize,
 }
 
 impl FeldmanVssPublicParam {
-    pub fn new(t: NonZeroU32, n: NonZeroU32) -> Self {
+    pub fn new(t: NonZeroUsize, n: NonZeroUsize) -> Self {
         Self { t, n }
     }
 
     pub fn threshold(&self) -> usize {
-        self.t.get() as usize
+        self.t.get()
     }
 
     pub fn num_nodes(&self) -> usize {
-        self.n.get() as usize
+        self.n.get()
     }
 }
 
@@ -51,7 +51,7 @@ impl<C: CurveGroup> FeldmanVss<C> {
     ) -> (DensePolynomial<C::ScalarField>, FeldmanCommitment<C>) {
         // sample random polynomial of degree t-1 (s.t. any t evaluations can interpolate this poly)
         // f(X) = Sum a_i * X^i
-        let mut poly = DensePolynomial::<C::ScalarField>::rand(pp.t.get() as usize - 1, rng);
+        let mut poly = DensePolynomial::<C::ScalarField>::rand(pp.t.get() - 1, rng);
         // f(0) = a_0 set to the secret, this index access will never panic since t>0
         poly.coeffs[0] = secret;
 
@@ -67,7 +67,7 @@ impl<C: CurveGroup> FeldmanVss<C> {
         pp: &FeldmanVssPublicParam,
         poly: &DensePolynomial<C::ScalarField>,
     ) -> impl Iterator<Item = C::ScalarField> {
-        (0..pp.n.get()).map(|node_idx| poly.evaluate(&(node_idx + 1).into()))
+        (0..pp.n.get()).map(|node_idx| poly.evaluate(&((node_idx + 1) as u64).into()))
     }
 
     /// same as [`Self::compute_shares()`], but output an iterator of bytes
@@ -86,8 +86,8 @@ impl<C: CurveGroup> FeldmanVss<C> {
         node_idx: usize,
         commitment: &[C::Affine],
     ) -> Result<C, VssError> {
-        let n = pp.n.get() as usize;
-        let t = pp.t.get() as usize;
+        let n = pp.n.get();
+        let t = pp.t.get();
 
         // input validation
         if node_idx >= n {
@@ -155,8 +155,8 @@ impl<C: CurveGroup> VerifiableSecretSharing for FeldmanVss<C> {
         shares: impl Iterator<Item = (usize, Self::SecretShare)>,
     ) -> Result<Self::Secret, VssError> {
         let shares = shares.collect::<Vec<_>>();
-        let n = pp.n.get() as usize;
-        let t = pp.t.get() as usize;
+        let n = pp.n.get();
+        let t = pp.t.get();
         // input validation
         if shares.len() != t {
             return Err(VssError::MismatchedSharesCount(t, shares.len()));
@@ -316,8 +316,8 @@ mod tests {
             let n_usize = n as usize;
             let t_usize = t as usize;
 
-            let n = NonZeroU32::new(n).unwrap();
-            let t = NonZeroU32::new(t).unwrap();
+            let n = NonZeroUsize::new(n as usize).unwrap();
+            let t = NonZeroUsize::new(t as usize).unwrap();
             let pp = FeldmanVssPublicParam::new(t, n);
 
             let (shares, commitment) = FeldmanVss::<C>::share(&pp, rng, secret);

timeboost-crypto/src/mre.rs

@@ -174,8 +174,8 @@ pub struct Ciphertext<C: CurveGroup, H: Digest = sha2::Sha256> {
 /// - `aad` is the associated data
 /// - `C` is the DL group, `H` is the choice of H_enc whose output space = message space
 ///   - preprocess messages to pad them to proper length before passing in
-pub fn encrypt<C, H, R>(
-    recipients: &[EncryptionKey<C>],
+pub fn encrypt<'a, C, H, R, I>(
+    recipients: I,
     messages: &[Vec<u8>],
     aad: &[u8],
     rng: &mut R,
@@ -184,14 +184,17 @@ where
     C: CurveGroup,
     H: Digest,
     R: Rng + CryptoRng,
+    I: IntoIterator<Item = &'a EncryptionKey<C>>,
+    I::IntoIter: ExactSizeIterator,
 {
     // input validation
-    if recipients.is_empty() || messages.is_empty() {
+    let recipients_iter = recipients.into_iter();
+    if messages.is_empty() {
         return Err(MultiRecvEncError::EmptyInput);
     }
-    if recipients.len() != messages.len() {
+    if recipients_iter.len() != messages.len() {
         return Err(MultiRecvEncError::MismatchedInputLength(
-            recipients.len(),
+            recipients_iter.len(),
             messages.len(),
         ));
     }
@@ -210,8 +213,7 @@ where
     let epk = C::generator().mul(&esk);
 
     // generate recipient-specific ciphertext parts
-    let cts = recipients
-        .iter()
+    let cts = recipients_iter
         .zip(messages.iter())
         .enumerate()
         .map(|(idx, (pk, msg))| {
@@ -228,7 +230,7 @@ where
 
             // TODO(alex): use SIMD vectorized XOR when `std::simd` move out of nightly,
             // or rayon as an intermediate improvement
-            let ct = Output::<H>::from_iter(k.iter().zip(msg).map(|(ki, m)| ki ^ m));
+            let ct = Output::<H>::from_iter(k.iter().zip(msg.iter()).map(|(ki, m)| ki ^ m));
             Ok(ct)
         })
         .collect::<Result<Vec<_>, MultiRecvEncError>>()?;
@@ -276,7 +278,7 @@ impl From<ark_serialize::SerializationError> for MultiRecvEncError {
 
 #[cfg(test)]
 mod tests {
-    use std::iter::repeat_with;
+    use std::{collections::BTreeMap, iter::repeat_with};
 
     use ark_bls12_381::G1Projective;
     use ark_std::rand;
@@ -290,8 +292,12 @@ mod tests {
         let n = 10; // num of recipients
         let recv_sks: Vec<DecryptionKey<G1Projective>> =
             repeat_with(|| DecryptionKey::rand(rng)).take(n).collect();
-        let recv_pks: Vec<EncryptionKey<G1Projective>> =
-            recv_sks.iter().map(EncryptionKey::from).collect();
+        // collecting into a BTreeSet to demonstrate flexible encrypt() input type
+        let recv_pks: BTreeMap<usize, EncryptionKey<G1Projective>> = recv_sks
+            .iter()
+            .enumerate()
+            .map(|(i, sk)| (i, EncryptionKey::from(sk)))
+            .collect();
         let labeled_sks: Vec<LabeledDecryptionKey<G1Projective>> = recv_sks
             .into_iter()
             .enumerate()
@@ -302,7 +308,7 @@ mod tests {
             .collect::<Vec<_>>();
         let aad = b"Alice";
 
-        let mre_ct = encrypt::<G1Projective, H, _>(&recv_pks, &msgs, aad, rng).unwrap();
+        let mre_ct = encrypt::<G1Projective, H, _, _>(recv_pks.values(), &msgs, aad, rng).unwrap();
         for i in 0..n {
             let ct = mre_ct.get_recipient_ct(i).unwrap();
             assert_eq!(