Skip to content

Commit 1d55442

Browse files
hdevalencecathieyun
hdevalence
and
cathieyun
committed
Add a party capacity to the Generators
Co-authored-by: Cathie Yun <[email protected]>
1 parent 54a0611 commit 1d55442

File tree

3 files changed

+59
-33
lines changed

3 files changed

+59
-33
lines changed

src/generators.rs

Lines changed: 50 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -88,48 +88,64 @@ pub struct Generators {
8888
/// Bases for Pedersen commitments
8989
pub pedersen_gens: PedersenGenerators,
9090
/// The maximum number of usable generators for each party.
91-
capacity: usize,
91+
pub gens_capacity: usize,
9292
/// Number of values or parties
93-
parties: usize,
93+
pub party_capacity: usize,
9494
/// Per-bit generators for the bit values
9595
G_vec: Vec<Vec<RistrettoPoint>>,
9696
/// Per-bit generators for the bit blinding factors
9797
H_vec: Vec<Vec<RistrettoPoint>>,
9898
}
9999

100100
impl Generators {
101-
/// Creates `capacity` generators for the given number of `parties`.
102-
pub fn new(pedersen_gens: PedersenGenerators, capacity: usize, parties: usize) -> Self {
101+
/// Create a new `Generators` object.
102+
///
103+
/// # Inputs
104+
///
105+
/// * `pedersen_gens` is a pair of generators used for Pedersen
106+
/// commitments.
107+
/// * `gens_capacity` is the number of generators to precompute
108+
/// for each party. For rangeproofs, it is sufficient to pass
109+
/// `64`, the maximum bitsize of the rangeproofs. For circuit
110+
/// proofs, the capacity must be greater than the number of
111+
/// multipliers, rounded up to the next power of two.
112+
/// * `party_capacity` is the maximum number of parties that can
113+
/// produce an aggregated proof.
114+
pub fn new(
115+
pedersen_gens: PedersenGenerators,
116+
gens_capacity: usize,
117+
party_capacity: usize,
118+
) -> Self {
103119
use byteorder::{ByteOrder, LittleEndian};
104120

105-
let G_vec = (0..parties)
121+
let G_vec = (0..party_capacity)
106122
.map(|i| {
107123
let party_index = i as u32;
108124
let mut label = [b'G', 0, 0, 0, 0];
109125
LittleEndian::write_u32(&mut label[1..5], party_index);
110126

111127
GeneratorsChain::new(&label)
112-
.take(capacity)
128+
.take(gens_capacity)
113129
.collect::<Vec<_>>()
114130
})
115131
.collect();
116132

117-
let H_vec = (0..parties)
133+
let H_vec = (0..party_capacity)
118134
.map(|i| {
119135
let party_index = i as u32;
120136
let mut label = [b'H', 0, 0, 0, 0];
121137
LittleEndian::write_u32(&mut label[1..5], party_index);
122138

123139
GeneratorsChain::new(&label)
124-
.take(capacity)
140+
.take(gens_capacity)
125141
.collect::<Vec<_>>()
126142
})
127143
.collect();
128144

129145
Generators {
130146
pedersen_gens,
131-
capacity,
132-
parties,
147+
gens_capacity,
148+
party_capacity,
133149
G_vec,
134150
H_vec,
135151
}
@@ -145,25 +161,22 @@ impl Generators {
145161
}
146162
}
147163

148-
/// Get the maximum number of generators that can be used in a proof.
149-
pub fn capacity(&self) -> usize {
150-
self.capacity
151-
}
152-
153164
/// Return an iterator over the aggregation of the parties' G generators with given size `n`.
154-
pub(crate) fn G(&self, n: usize) -> impl Iterator<Item = &RistrettoPoint> {
165+
pub(crate) fn G(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
155166
AggregatedGensIter {
156167
n,
168+
m,
157169
array: &self.G_vec,
158170
party_idx: 0,
159171
gen_idx: 0,
160172
}
161173
}
162174

163175
/// Return an iterator over the aggregation of the parties' H generators with given size `n`.
164-
pub(crate) fn H(&self, n: usize) -> impl Iterator<Item = &RistrettoPoint> {
176+
pub(crate) fn H(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
165177
AggregatedGensIter {
166178
n,
179+
m,
167180
array: &self.H_vec,
168181
party_idx: 0,
169182
gen_idx: 0,
@@ -174,6 +187,7 @@ impl Generators {
174187
struct AggregatedGensIter<'a> {
175188
array: &'a Vec<Vec<RistrettoPoint>>,
176189
n: usize,
190+
m: usize,
177191
party_idx: usize,
178192
gen_idx: usize,
179193
}
@@ -187,7 +201,7 @@ impl<'a> Iterator for AggregatedGensIter<'a> {
187201
self.party_idx += 1;
188202
}
189203

190-
if self.party_idx >= self.array.len() {
204+
if self.party_idx >= self.m {
191205
None
192206
} else {
193207
let cur_gen = self.gen_idx;
@@ -197,7 +211,7 @@ impl<'a> Iterator for AggregatedGensIter<'a> {
197211
}
198212

199213
fn size_hint(&self) -> (usize, Option<usize>) {
200-
let size = self.n * self.array.len();
214+
let size = self.n * self.m;
201215
(size, Some(size))
202216
}
203217
}
@@ -240,19 +254,21 @@ mod tests {
240254
fn aggregated_gens_iter_matches_flat_map() {
241255
let gens = Generators::new(PedersenGenerators::default(), 64, 8);
242256

243-
let helper = |n: usize| {
244-
let agg_G: Vec<RistrettoPoint> = gens.G(n).cloned().collect();
257+
let helper = |n: usize, m: usize| {
258+
let agg_G: Vec<RistrettoPoint> = gens.G(n, m).cloned().collect();
245259
let flat_G: Vec<RistrettoPoint> = gens
246260
.G_vec
247261
.iter()
262+
.take(m)
248263
.flat_map(move |G_j| G_j.iter().take(n))
249264
.cloned()
250265
.collect();
251266

252-
let agg_H: Vec<RistrettoPoint> = gens.H(n).cloned().collect();
267+
let agg_H: Vec<RistrettoPoint> = gens.H(n, m).cloned().collect();
253268
let flat_H: Vec<RistrettoPoint> = gens
254269
.H_vec
255270
.iter()
271+
.take(m)
256272
.flat_map(move |H_j| H_j.iter().take(n))
257273
.cloned()
258274
.collect();
@@ -261,9 +277,17 @@ mod tests {
261277
assert_eq!(agg_H, flat_H);
262278
};
263279

264-
helper(64);
265-
helper(32);
266-
helper(16);
267-
helper(8);
280+
helper(64, 8);
281+
helper(64, 4);
282+
helper(64, 2);
283+
helper(64, 1);
284+
helper(32, 8);
285+
helper(32, 4);
286+
helper(32, 2);
287+
helper(32, 1);
288+
helper(16, 8);
289+
helper(16, 4);
290+
helper(16, 2);
291+
helper(16, 1);
268292
}
269293
}

src/range_proof/dealer.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -226,8 +226,8 @@ impl<'a, 'b> DealerAwaitingProofShares<'a, 'b> {
226226
self.transcript,
227227
&Q,
228228
util::exp_iter(self.value_challenge.y.invert()),
229-
self.gens.G(self.n).cloned().collect(),
230-
self.gens.H(self.n).cloned().collect(),
229+
self.gens.G(self.n, self.m).cloned().collect(),
230+
self.gens.H(self.n, self.m).cloned().collect(),
231231
l_vec,
232232
r_vec,
233233
);

src/range_proof/mod.rs

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ impl RangeProof {
8282
if !(n == 8 || n == 16 || n == 32 || n == 64) {
8383
return Err(ProofError::InvalidBitsize);
8484
}
85-
if generators.capacity() < n {
85+
if generators.gens_capacity < n {
8686
return Err(ProofError::InvalidGeneratorsLength);
8787
}
8888

@@ -155,7 +155,7 @@ impl RangeProof {
155155
if !(n == 8 || n == 16 || n == 32 || n == 64) {
156156
return Err(ProofError::InvalidBitsize);
157157
}
158-
if gens.capacity() < n {
158+
if gens.gens_capacity < n {
159159
return Err(ProofError::InvalidGeneratorsLength);
160160
}
161161

@@ -235,8 +235,8 @@ impl RangeProof {
235235
.chain(self.ipp_proof.R_vec.iter().map(|R| R.decompress()))
236236
.chain(iter::once(Some(gens.pedersen_gens.B_blinding)))
237237
.chain(iter::once(Some(gens.pedersen_gens.B)))
238-
.chain(gens.G(n).map(|&x| Some(x)))
239-
.chain(gens.H(n).map(|&x| Some(x)))
238+
.chain(gens.G(n, m).map(|&x| Some(x)))
239+
.chain(gens.H(n, m).map(|&x| Some(x)))
240240
.chain(value_commitments.iter().map(|&x| Some(x))),
241241
).ok_or_else(|| ProofError::VerificationError)?;
242242

@@ -407,7 +407,9 @@ mod tests {
407407
use bincode;
408408

409409
// Both prover and verifier have access to the generators and the proof
410-
let generators = Generators::new(PedersenGenerators::default(), n, m);
410+
let max_bitsize = 64;
411+
let max_parties = 8;
412+
let generators = Generators::new(PedersenGenerators::default(), max_bitsize, max_parties);
411413

412414
// Serialized proof data
413415
let proof_bytes: Vec<u8>;

0 commit comments

Comments
 (0)