Changing the variables name and the dependency depending on the future_snark feature.

Author: damrobi

mithril-stm/Cargo.toml

@@ -19,23 +19,23 @@ rug-backend = ["rug/default"]
 num-integer-backend = ["num-bigint", "num-rational", "num-traits"]
 benchmark-internals = [] # For benchmarking multi_sig
 future_proof_system = [] # For activating future proof systems
-future_snark = [] # For activating snark features
+future_snark = ["ff", "midnight-circuits", "midnight-curves", "sha2", "group", "num-traits"] # For activating snark features
 
 [dependencies]
-anyhow.workspace = true
+anyhow = { workspace = true }
 blake2 = "0.10.6"
 # Enforce blst portable feature for runtime detection of Intel ADX instruction set.
 blst = { version = "0.3.16", features = ["portable"] }
 digest = { workspace = true }
-ff = "0.13.1"
-group = "0.13.0"
-midnight-circuits = { git = "https://github.com/midnightntwrk/midnight-zk", rev = "c88a50c2169f060120a52ad0980de90f08bc9535" }
-midnight-curves = { git = "https://github.com/midnightntwrk/midnight-zk", rev = "c88a50c2169f060120a52ad0980de90f08bc9535" }
-num-traits = "0.2.19"
+ff = {version = "0.13.1", optional = true}
+group = {version = "0.13.0", optional = true }
+midnight-circuits = { git = "https://github.com/midnightntwrk/midnight-zk", rev = "c88a50c2169f060120a52ad0980de90f08bc9535", optional = true }
+midnight-curves = { git = "https://github.com/midnightntwrk/midnight-zk", rev = "c88a50c2169f060120a52ad0980de90f08bc9535", optional = true  }
+num-traits = {version = "0.2.19", optional = true}
 rand_core = { workspace = true }
 rayon = { workspace = true }
 serde = { workspace = true }
-sha2 = "0.10.9"
+sha2 = {version = "0.10.9", optional = true }
 thiserror = { workspace = true }
 
 [target.'cfg(any(target_family = "wasm", target_env = "musl", windows))'.dependencies]

mithril-stm/src/schnorr_signature/mod.rs

@@ -1,6 +1,11 @@
 // TODO: Remove
 #![allow(dead_code)]
 
+mod signature;
+mod signing_key;
+mod verification_key;
+
+
 use midnight_circuits::{
     ecc::{hash_to_curve::HashToCurveGadget, native::EccChip},
     hash::poseidon::PoseidonChip,
@@ -13,20 +18,17 @@ use sha2::{Digest, Sha256};
 
 use anyhow::{Result, anyhow};
 
-mod signature;
-mod signing_key;
-mod verification_key;
-
 use signature::*;
-// use signing_key::*;
 use verification_key::*;
 
+
+
 /// A DST to distinguish between use of Poseidon hash
 pub const DST_SIGNATURE: JubjubBase = JubjubBase::from_raw([0u64, 0, 0, 0]);
 pub const DST_LOTTERY: JubjubBase = JubjubBase::from_raw([1u64, 0, 0, 0]);
 
 /// Defining a type for the CPU hash to curve gadget
-type JubjubHashToCurve = HashToCurveGadget<
+pub(crate) type JubjubHashToCurve = HashToCurveGadget<
     JubjubBase,
     JubjubExtended,
     AssignedNative<JubjubBase>,
@@ -36,7 +38,6 @@ type JubjubHashToCurve = HashToCurveGadget<
 
 /// Convert an arbitrary array of bytes into a Jubjub scalar field element
 /// First hash the message to 256 bits use Sha256 then perform the conversion
-/// TODO: Handle the unwrap properly
 pub(crate) fn hash_msg_to_jubjubbase(msg: &[u8]) -> Result<JubjubBase> {
     let mut hash = Sha256::new();
     hash.update(msg);
@@ -50,6 +51,7 @@ pub(crate) fn hash_msg_to_jubjubbase(msg: &[u8]) -> Result<JubjubBase> {
             "Hash of the message does not have the correct lenght."
         ));
     }
+
     Ok(JubjubBase::from_raw([
         u64::from_le_bytes(output[0..8].try_into()?),
         u64::from_le_bytes(output[8..16].try_into()?),
@@ -65,13 +67,15 @@ pub(crate) fn get_coordinates(point: JubjubSubgroup) -> (JubjubBase, JubjubBase)
     let affine = JubjubAffine::from(extended); // Convert to JubjubAffine (affine coordinates)
     let x = affine.get_u(); // Get x-coordinate
     let y = affine.get_v(); // Get y-coordinate
+
     (x, y)
 }
 
 /// Convert an element of the BLS12-381 base field to
 /// one of the Jubjub base field
 pub(crate) fn jubjub_base_to_scalar(x: &JubjubBase) -> Result<JubjubScalar> {
     let bytes = x.to_bytes_le();
+
     Ok(JubjubScalar::from_raw([
         u64::from_le_bytes(bytes[0..8].try_into()?),
         u64::from_le_bytes(bytes[8..16].try_into()?),
@@ -121,7 +125,7 @@ mod tests {
     // Testing conversion from BLS12-381 base field to Jubjub base field
     // TODO: Add randomness to val
     #[test]
-    fn test_jubjub_ase_to_scalar() {
+    fn test_jubjub_base_to_scalar() {
         let val = vec![0, 0, 0, 1];
         let jjbase = JubjubBase::from_raw(val.clone().try_into().unwrap());
         let jjscalar = JubjubScalar::from_raw(val.try_into().unwrap());
@@ -142,7 +146,6 @@ mod tests {
         sig.verify(&msg, &vk).unwrap();
     }
 
-    // TODO: Change the errors
     #[test]
     fn test_invalid_sig() {
         let msg = vec![0, 0, 0, 1];

mithril-stm/src/schnorr_signature/signature.rs

@@ -21,8 +21,8 @@ use crate::{
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub(crate) struct SchnorrSignature {
     pub(crate) sigma: JubjubSubgroup,
-    pub(crate) s: JubjubScalar,
-    pub(crate) c: JubjubBase,
+    pub(crate) signature: JubjubScalar,
+    pub(crate) challenge: JubjubBase,
 }
 
 impl SchnorrSignature {
@@ -60,13 +60,13 @@ impl SchnorrSignature {
         let hash = JubjubHashToCurve::hash_to_curve(&[hash_msg_to_jubjubbase(msg)?]);
 
         // Computing R1 = H(msg) * s + sigma * c
-        let c_scalar = jubjub_base_to_scalar(&self.c)?;
-        let h_s = hash * self.s;
+        let c_scalar = jubjub_base_to_scalar(&self.challenge)?;
+        let h_s = hash * self.signature;
         let sigma_c = self.sigma * c_scalar;
         let r1_tilde = h_s + sigma_c;
 
         // Computing R2 = g * s + vk * c
-        let g_s = g * self.s;
+        let g_s = g * self.signature;
         let vk_c = vk.0 * c_scalar;
         let r2_tilde = g_s + vk_c;
 
@@ -90,7 +90,7 @@ impl SchnorrSignature {
             r2y,
         ]);
 
-        if c_tilde != self.c {
+        if c_tilde != self.challenge {
             // TODO: Wrong error for now, need to change that once the errors are added
             return Err(anyhow!("Signature failed to verify."));
         }
@@ -111,15 +111,17 @@ impl SchnorrSignature {
         let (sigmax, sigmay) = get_coordinates(self.sigma);
         let ev =
             PoseidonChip::<JubjubBase>::hash(&[DST_LOTTERY, hashx, hashy, idx, sigmax, sigmay]);
+
         Ok(ev.to_bytes_le())
     }
 
     /// Convert an `SchnorrSignature` to a byte representation.
     pub(crate) fn to_bytes(self) -> [u8; 96] {
         let mut out = [0; 96];
         out[0..32].copy_from_slice(&self.sigma.to_bytes());
-        out[32..64].copy_from_slice(&self.s.to_bytes());
-        out[64..96].copy_from_slice(&self.c.to_bytes_le());
+        out[32..64].copy_from_slice(&self.signature.to_bytes());
+        out[64..96].copy_from_slice(&self.challenge.to_bytes_le());
+
         out
     }
 
@@ -133,12 +135,13 @@ impl SchnorrSignature {
         let sigma = JubjubSubgroup::from_bytes(&bytes[0..32].try_into()?)
             .into_option()
             .ok_or(anyhow!("Unable to convert bytes into a sigma value."))?;
-        let s = JubjubScalar::from_bytes(&bytes[32..64].try_into()?)
+        let signature = JubjubScalar::from_bytes(&bytes[32..64].try_into()?)
             .into_option()
             .ok_or(anyhow!("Unable to convert bytes into an s value."))?;
-        let c = JubjubBase::from_bytes_le(&bytes[64..96].try_into()?)
+        let challenge = JubjubBase::from_bytes_le(&bytes[64..96].try_into()?)
             .into_option()
             .ok_or(anyhow!("Unable to convert bytes into a c value."))?;
-        Ok(Self { sigma, s, c })
+
+        Ok(Self { sigma, signature, challenge })
     }
 }

mithril-stm/src/schnorr_signature/signing_key.rs

@@ -9,7 +9,7 @@ use midnight_circuits::instructions::HashToCurveCPU;
 
 use group::Group;
 
-use crate::schnorr_signature::{
+pub(crate) use crate::schnorr_signature::{
     DST_SIGNATURE, JubjubHashToCurve, get_coordinates, hash_msg_to_jubjubbase,
     jubjub_base_to_scalar,
 };
@@ -67,53 +67,52 @@ impl SchnorrSigningKey {
         rng: &mut (impl RngCore + CryptoRng),
     ) -> Result<SchnorrSignature> {
         // Use the subgroup generator to compute the curve points
-        let g = JubjubSubgroup::generator();
-        let vk = SchnorrVerificationKey::from(self);
+        let generator = JubjubSubgroup::generator();
+        let verification_key = SchnorrVerificationKey::from(self);
 
         // First hashing the message to a scalar then hashing it to a curve point
-        let hash = JubjubHashToCurve::hash_to_curve(&[hash_msg_to_jubjubbase(msg)?]);
+        let hash_msg = JubjubHashToCurve::hash_to_curve(&[hash_msg_to_jubjubbase(msg)?]);
 
         // sigma = H(Sha256(msg)) * sk
-        let sigma = hash * self.0;
+        let sigma = hash_msg * self.0;
 
         // Compute the random part of the signature with
         // r1 = H(msg) * r
         // r2 = g * r
-        let r = JubjubScalar::random(rng);
-        let r1 = hash * r;
-        let r2 = g * r;
+        let random_scalar = JubjubScalar::random(rng);
+        let random_value_1 = hash_msg * random_scalar;
+        let random_value_2 = generator * random_scalar;
 
         // Since the hash function takes as input scalar elements
         // We need to convert the EC points to their coordinates
         // I use gx and gy for now but maybe we can replace them by a DST?
-        let (hashx, hashy) = get_coordinates(hash);
-        let (vkx, vky) = get_coordinates(vk.0);
-        let (sigmax, sigmay) = get_coordinates(sigma);
-        let (r1x, r1y) = get_coordinates(r1);
-        let (r2x, r2y) = get_coordinates(r2);
+        let (hash_msg_x, hash_msg_y) = get_coordinates(hash_msg);
+        let (verification_key_x, verification_key_y) = get_coordinates(verification_key.0);
+        let (sigma_x, sigma_y) = get_coordinates(sigma);
+        let (random_value_1_x, random_value_1_y) = get_coordinates(random_value_1);
+        let (random_value_2_x, random_value_2_y) = get_coordinates(random_value_2);
 
-        let c = PoseidonChip::<JubjubBase>::hash(&[
+        let challenge = PoseidonChip::<JubjubBase>::hash(&[
             DST_SIGNATURE,
-            hashx,
-            hashy,
-            vkx,
-            vky,
-            sigmax,
-            sigmay,
-            r1x,
-            r1y,
-            r2x,
-            r2y,
+            hash_msg_x,
+            hash_msg_y,
+            verification_key_x,
+            verification_key_y,
+            sigma_x,
+            sigma_y,
+            random_value_1_x,
+            random_value_1_y,
+            random_value_2_x,
+            random_value_2_y,
         ]);
 
         // We want to use the from_raw function because the result of
         // the poseidon hash might not fit into the smaller modulus
         // the Fr scalar field
-        // TODO: Refactor this
-        let c_scalar = jubjub_base_to_scalar(&c)?;
-        let s = r - c_scalar * self.0;
+        let challenge_scalar = jubjub_base_to_scalar(&challenge)?;
+        let signature = random_scalar - challenge_scalar * self.0;
 
-        Ok(SchnorrSignature { sigma, s, c })
+        Ok(SchnorrSignature { sigma, signature, challenge })
     }
 
     pub(crate) fn to_bytes(&self) -> [u8; 32] {
@@ -130,6 +129,7 @@ impl SchnorrSigningKey {
             .get(..32)
             .ok_or(anyhow!("Not enough bytes to create a signing key."))?
             .try_into()?;
+
         // Jubjub returs a CtChoice so I convert it to an option that looses the const time property
         match JubjubScalar::from_bytes(bytes).into_option() {
             Some(sk) => Ok(Self(sk)),
@@ -144,7 +144,7 @@ impl SchnorrSigningKey {
 //
 #[cfg(test)]
 mod tests {
-    use super::*;
+    pub(crate) use super::*;
     use rand_chacha::ChaCha20Rng;
     use rand_core::SeedableRng;
 

mithril-stm/src/schnorr_signature/verification_key.rs

@@ -22,7 +22,6 @@ impl SchnorrVerificationKey {
     }
 
     /// Do we really need to separate the coordinates?
-    /// TODO: Make sure this is correct with some tests
     pub(crate) fn from_bytes(bytes: &[u8]) -> Result<Self> {
         let bytes = bytes
             .get(0..32)
@@ -42,6 +41,7 @@ impl From<&SchnorrSigningKey> for SchnorrVerificationKey {
     /// of the subgroup and sk is the schnorr secret key
     fn from(sk: &SchnorrSigningKey) -> Self {
         let g = JubjubSubgroup::generator();
+
         SchnorrVerificationKey(g * sk.0)
     }
 }