feat(rust/catalyst-voting): Vote proof (#54)

* initialize a new crate

* add intentionally failed test

* fix CI

* fix

* fix

* update vscode setting.recommended.json

* add a basic interfaces for the vote part

* add basic elgamal encryption based on the ristretto255 group

* add arithmetic tests for ristretto255

* fix tests

* wip

* add decryption algorithm, add tests

* fix CI

* remove unused std_ops_gen

* add new voter module

* add  EncryptionRandomness random generation

* add a tally function

* fix

* wip

* add a babystep implementation

* wip

* refactor, add decrypt_tally_result

* wip

* wip

* add voting test

* remove rayon dependency for now

* fix spelling, remove rayon

* fix

* remove unused anyhow dep

* intentionally break the test

* try

* wip

* update DecryptionTallySetup interface

* add doctest example

* refactor, make voting_test as integration test

* fix baby_step_giant_step_test

* move tally module into the seprate dir

* add new proof.rs

* refactor

* add to_bytes, from_bytes functions for Scalar and GroupElement

* add zk_dl_equality.rs

* add hash module

* update hash implementation

* add dleq verify function, add tests

* implement tally proof generation and tally proof verification

* update voting_test with the tally proofs, fix verify_tally_proof

* remove uneeded comment

* fix

* fix

* fix spelling

* fix comment

* update rust docs

* fix rustdoc tests

* refactor

* refactor

* add zk_unit_vector_proof module

* refactor

* add polynomial generation

* fix

* wip

* wip

* finish proof generation

* refactor

* add new get_bit function

* refactor bit calculation

* wip

* fix calculation

* refactor imports

* refactor

* refactor

* update tests

* update comment

* update test

* refactor

* fix doc tests

* remove redundant polynomial test

* refactor imports, add voter proof module

* fix doc test

* update

* add error handling for `generate_voter_proof`

* update voting_test

* update test

* fix spelling

Author: Mr-Leshiy

rust/catalyst-voting/src/crypto/babystep_giantstep.rs

@@ -3,7 +3,7 @@
 
 use std::collections::HashMap;
 
-use super::group::{GroupElement, Scalar};
+use crate::crypto::group::{GroupElement, Scalar};
 
 /// Default balance value.
 /// Make steps asymmetric, in order to better use caching of baby steps.

rust/catalyst-voting/src/crypto/elgamal.rs

@@ -5,14 +5,14 @@ use std::ops::{Add, Deref, Mul};
 
 use rand_core::CryptoRngCore;
 
-use super::group::{GroupElement, Scalar};
+use crate::crypto::group::{GroupElement, Scalar};
 
 /// ``ElGamal`` secret key.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct SecretKey(Scalar);
 
 /// ``ElGamal`` public key.
-#[derive(Debug, Clone, Eq, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 pub struct PublicKey(GroupElement);
 
 /// ``ElGamal`` ciphertext, encrypted message with the public key.
@@ -37,7 +37,7 @@ impl Deref for PublicKey {
 
 impl SecretKey {
     /// Generate a random `SecretKey` value from the random number generator.
-    pub fn generate<R: CryptoRngCore>(rng: &mut R) -> Self {
+    pub fn random<R: CryptoRngCore>(rng: &mut R) -> Self {
         Self(Scalar::random(rng))
     }
 

rust/catalyst-voting/src/crypto/group/ristretto255.rs

@@ -45,12 +45,12 @@ impl Scalar {
     }
 
     /// additive identity
-    pub fn zero() -> Self {
+    pub const fn zero() -> Self {
         Scalar(IScalar::ZERO)
     }
 
     /// multiplicative identity
-    pub fn one() -> Self {
+    pub const fn one() -> Self {
         Scalar(IScalar::ONE)
     }
 
@@ -190,6 +190,17 @@ mod tests {
         }
     }
 
+    impl Arbitrary for GroupElement {
+        type Parameters = ();
+        type Strategy = BoxedStrategy<Self>;
+
+        fn arbitrary_with((): Self::Parameters) -> Self::Strategy {
+            any::<Scalar>()
+                .prop_map(|s| GroupElement::GENERATOR.mul(&s))
+                .boxed()
+        }
+    }
+
     #[proptest]
     fn scalar_to_bytes_from_bytes_test(e1: Scalar) {
         let bytes = e1.to_bytes();

rust/catalyst-voting/src/crypto/hash.rs

@@ -5,6 +5,7 @@ use curve25519_dalek::digest::{
 };
 
 /// Blake2b-512 hasher instance.
+#[derive(Clone, Debug)]
 pub struct Blake2b512Hasher(blake2b_simd::State);
 
 impl Blake2b512Hasher {

rust/catalyst-voting/src/crypto/mod.rs

@@ -5,3 +5,4 @@ pub(crate) mod elgamal;
 pub(crate) mod group;
 pub(crate) mod hash;
 pub(crate) mod zk_dl_equality;
+pub(crate) mod zk_unit_vector;

rust/catalyst-voting/src/crypto/zk_dl_equality.rs

@@ -12,9 +12,9 @@
 
 // cspell: words NIZK dlog
 
-use curve25519_dalek::digest::Update;
+use curve25519_dalek::digest::Digest;
 
-use super::{
+use crate::crypto::{
     group::{GroupElement, Scalar},
     hash::Blake2b512Hasher,
 };
@@ -55,12 +55,12 @@ fn calculate_challenge(
     a_1: &GroupElement, a_2: &GroupElement,
 ) -> Scalar {
     let blake2b_hasher = Blake2b512Hasher::new()
-        .chain(base_1.to_bytes())
-        .chain(base_2.to_bytes())
-        .chain(point_1.to_bytes())
-        .chain(point_2.to_bytes())
-        .chain(a_1.to_bytes())
-        .chain(a_2.to_bytes());
+        .chain_update(base_1.to_bytes())
+        .chain_update(base_2.to_bytes())
+        .chain_update(point_1.to_bytes())
+        .chain_update(point_2.to_bytes())
+        .chain_update(a_1.to_bytes())
+        .chain_update(a_2.to_bytes());
 
     Scalar::from_hash(blake2b_hasher)
 }

rust/catalyst-voting/src/crypto/zk_unit_vector/challenges.rs

@@ -0,0 +1,42 @@
+//! ZK unit vector challenges calculation functionality
+
+use curve25519_dalek::digest::Digest;
+
+use crate::{
+    crypto::{
+        elgamal::Ciphertext, group::GroupElement, hash::Blake2b512Hasher,
+        zk_unit_vector::randomness_announcements::Announcement,
+    },
+    PublicKey,
+};
+
+/// Calculates the first challenge hash.
+pub(crate) fn calculate_first_challenge_hash(
+    commitment_key: &GroupElement, public_key: &PublicKey, ciphertexts: &[Ciphertext],
+    announcements: &[Announcement],
+) -> Blake2b512Hasher {
+    let mut hash = Blake2b512Hasher::new()
+        .chain_update(commitment_key.to_bytes())
+        .chain_update(public_key.to_bytes());
+    for c in ciphertexts {
+        hash.update(c.first().to_bytes());
+        hash.update(c.second().to_bytes());
+    }
+    for announcement in announcements {
+        hash.update(announcement.i.to_bytes());
+        hash.update(announcement.b.to_bytes());
+        hash.update(announcement.a.to_bytes());
+    }
+    hash
+}
+
+/// Calculates the second challenge hash.
+pub(crate) fn calculate_second_challenge_hash(
+    mut com_1_hash: Blake2b512Hasher, ciphertexts: &[Ciphertext],
+) -> Blake2b512Hasher {
+    for c in ciphertexts {
+        com_1_hash.update(c.first().to_bytes());
+        com_1_hash.update(c.second().to_bytes());
+    }
+    com_1_hash
+}