mastic: Simplify onehot check (#1197)

Author: cjpatton

src/vdaf/mastic.rs

@@ -19,12 +19,11 @@ use crate::{
         PrepareTransition, Vdaf, VdafError,
     },
     vidpf::{
-        xor_proof, Vidpf, VidpfError, VidpfInput, VidpfKey, VidpfProof, VidpfPublicShare,
-        VidpfServerId, VidpfWeight, VIDPF_PROOF_SIZE,
+        Vidpf, VidpfError, VidpfInput, VidpfKey, VidpfPublicShare, VidpfServerId, VidpfWeight,
+        VIDPF_PROOF_SIZE,
     },
 };
 
-use rand::prelude::*;
 use std::io::{Cursor, Read};
 use std::ops::BitAnd;
 use std::slice::from_ref;
@@ -35,27 +34,18 @@ use super::xof::XofTurboShake128;
 
 const NONCE_SIZE: usize = 16;
 
-// draft-jimouris-cfrg-mastic:
-//
-// ONEHOT_PROOF_INIT = XofTurboShake128(
-//     b'', dst(b'', USAGE_ONEHOT_PROOF_INIT), b'').next(PROOF_SIZE)
-pub(crate) const ONEHOT_PROOF_INIT: [u8; 32] = [
-    97, 188, 153, 213, 116, 162, 25, 70, 98, 231, 255, 255, 1, 207, 231, 225, 13, 187, 182, 1, 16,
-    90, 161, 104, 201, 152, 149, 153, 35, 92, 254, 149,
-];
-
 pub(crate) const USAGE_PROVE_RAND: u8 = 0;
 pub(crate) const USAGE_PROOF_SHARE: u8 = 1;
 pub(crate) const USAGE_QUERY_RAND: u8 = 2;
 pub(crate) const USAGE_JOINT_RAND_SEED: u8 = 3;
 pub(crate) const USAGE_JOINT_RAND_PART: u8 = 4;
 pub(crate) const USAGE_JOINT_RAND: u8 = 5;
-pub(crate) const USAGE_ONEHOT_PROOF_HASH: u8 = 7;
-pub(crate) const USAGE_NODE_PROOF: u8 = 8;
-pub(crate) const USAGE_EVAL_PROOF: u8 = 9;
+pub(crate) const USAGE_ONEHOT_CHECK: u8 = 6;
+pub(crate) const USAGE_PAYLOAD_CHECK: u8 = 7;
+pub(crate) const USAGE_EVAL_PROOF: u8 = 8;
+pub(crate) const USAGE_NODE_PROOF: u8 = 9;
 pub(crate) const USAGE_EXTEND: u8 = 10;
 pub(crate) const USAGE_CONVERT: u8 = 11;
-pub(crate) const USAGE_PAYLOAD_CHECK: u8 = 12;
 
 pub(crate) fn dst_usage(usage: u8) -> [u8; 8] {
     const VERSION: u8 = 0;
@@ -324,16 +314,6 @@ impl<T: Type> Mastic<T> {
         };
         Ok((public_share, vec![leader_share, helper_share]))
     }
-
-    fn hash_proof(&self, mut proof: VidpfProof, ctx: &[u8]) -> VidpfProof {
-        let mut xof = XofTurboShake128::from_seed_slice(
-            &[],
-            &[&dst_usage(USAGE_ONEHOT_PROOF_HASH), &self.id, ctx],
-        );
-        xof.update(&proof);
-        xof.into_seed_stream().fill_bytes(&mut proof);
-        proof
-    }
 }
 
 impl<T: Type> Client<16> for Mastic<T> {
@@ -546,24 +526,24 @@ impl<T: Type> Aggregator<32, NONCE_SIZE> for Mastic<T> {
         let root = prefix_tree.root.as_ref().unwrap();
 
         // Onehot and payload checks
-        let (payload_check, onehot_proof) = {
+        let (onehot_check, payload_check) = {
+            let mut onehot_check_xof = XofTurboShake128::from_seed_slice(
+                &[],
+                &[&dst_usage(USAGE_ONEHOT_CHECK), &self.id, ctx],
+            );
             let mut payload_check_xof = XofTurboShake128::from_seed_slice(
                 &[],
                 &[&dst_usage(USAGE_PAYLOAD_CHECK), &self.id, ctx],
             );
             let mut payload_check_buf = Vec::with_capacity(T::Field::ENCODED_SIZE);
-            let mut onehot_proof = ONEHOT_PROOF_INIT;
 
             // Traverse the prefix tree breadth-first.
             let mut q = VecDeque::with_capacity(100);
             q.push_back(root.left.as_ref().unwrap());
             q.push_back(root.right.as_ref().unwrap());
             while let Some(node) = q.pop_front() {
                 // Update onehot proof.
-                onehot_proof = xor_proof(
-                    onehot_proof,
-                    &self.hash_proof(xor_proof(onehot_proof, &node.value.state.node_proof), ctx),
-                );
+                onehot_check_xof.update(&node.value.state.node_proof);
 
                 // Update payload check.
                 if let (Some(left), Some(right)) = (node.left.as_ref(), node.right.as_ref()) {
@@ -586,9 +566,10 @@ impl<T: Type> Aggregator<32, NONCE_SIZE> for Mastic<T> {
                 }
             }
 
+            let onehot_check = onehot_check_xof.into_seed().0;
             let payload_check = payload_check_xof.into_seed().0;
 
-            (payload_check, onehot_proof)
+            (onehot_check, payload_check)
         };
 
         // Counter check.
@@ -607,7 +588,7 @@ impl<T: Type> Aggregator<32, NONCE_SIZE> for Mastic<T> {
                 &[],
                 &[&dst_usage(USAGE_EVAL_PROOF), &self.id, ctx],
             );
-            eval_proof_xof.update(&onehot_proof);
+            eval_proof_xof.update(&onehot_check);
             eval_proof_xof.update(&counter_check);
             eval_proof_xof.update(&payload_check);
             eval_proof_xof.into_seed().0

src/vdaf/test_vec/mastic/04/MasticCount_0.json

@@ -42,11 +42,11 @@
             ],
             "prep_shares": [
                 [
-                    "7e721d28bd48370b6a16ea503791be940d88fa776d7bb59945b5c8eff6973e8d82518600b8bd84150c9df3154968eb00fd6949610bbaa838f528e845e9b134bf",
-                    "7e721d28bd48370b6a16ea503791be940d88fa776d7bb59945b5c8eff6973e8d7fae79ff46427bea6814d366e7d3bd95781ac4b7ab90e6a99f6399ebb8914e6d"
+                    "2f82f72d65d285b4d41551667bc8d1832ed2212b211bec5bf0e228302bbcd23282518600b8bd84150c9df3154968eb00fd6949610bbaa838f528e845e9b134bf",
+                    "2f82f72d65d285b4d41551667bc8d1832ed2212b211bec5bf0e228302bbcd2327fae79ff46427bea6814d366e7d3bd95781ac4b7ab90e6a99f6399ebb8914e6d"
                 ]
             ],
-            "public_share": "0e30118b55bf77ff34817d80025c5c736b1ee2188425350e71cc1dc5a779de3e6ff0676312c362381937b2713cf2d65c6bfd5e3a8400fe1b3f71da0726d672f55f796f086f2d82ba5c736f5c7854b6fbe6605a571bdabcacce7acd94b9c87b314bead370e09dc18618bd5cc3c8825338a085d4790108cbeb9ecdb914466664cfa0",
+            "public_share": "0e30118b55bf77ff34817d80025c5c736b1ee2188425350e71cc1dc5a779de3e6ff0676312c362381937b2713cf2d65c6bfd5e3a8400fe1b3f71da0726d672f55f893f521233758b42d37212b7a0c5d64e450af652ace0e50986026a123de440e13432801b02eeda044017d8cc739b4f93ea6360a4887c1b1f4e688c4a6b02a111",
             "rand": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f"
         }
     ],

src/vdaf/test_vec/mastic/04/MasticCount_1.json

@@ -42,11 +42,11 @@
             ],
             "prep_shares": [
                 [
-                    "bfdffd964fe8b1d7804cc7bb1197c5b1c6f08094599a8021986e517e923f43a282518600b8bd8415522695511228b9228a6b0a9d88a7f97af0b1b62107f08c47",
-                    "bfdffd964fe8b1d7804cc7bb1197c5b1c6f08094599a8021986e517e923f43a27fae79ff46427beaf79ffb3f48d217d30f4b40b400becf0407f72fed209095f2"
+                    "ca98c5aa7a21e337c3feb5e936676af3169f0b4e524da401bc107bb92447b98382518600b8bd8415522695511228b9228a6b0a9d88a7f97af0b1b62107f08c47",
+                    "ca98c5aa7a21e337c3feb5e936676af3169f0b4e524da401bc107bb92447b9837fae79ff46427beaf79ffb3f48d217d30f4b40b400becf0407f72fed209095f2"
                 ]
             ],
-            "public_share": "0e30118b55bf77ff34817d80025c5c736b1ee2188425350e71cc1dc5a779de3e6ff0676312c362381937b2713cf2d65c6bfd5e3a8400fe1b3f71da0726d672f55f796f086f2d82ba5c736f5c7854b6fbe6605a571bdabcacce7acd94b9c87b314bead370e09dc18618bd5cc3c8825338a085d4790108cbeb9ecdb914466664cfa0",
+            "public_share": "0e30118b55bf77ff34817d80025c5c736b1ee2188425350e71cc1dc5a779de3e6ff0676312c362381937b2713cf2d65c6bfd5e3a8400fe1b3f71da0726d672f55f893f521233758b42d37212b7a0c5d64e450af652ace0e50986026a123de440e13432801b02eeda044017d8cc739b4f93ea6360a4887c1b1f4e688c4a6b02a111",
             "rand": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f"
         }
     ],