Add project for encrypted shares

Author: NDobrev

build.rs

@@ -2,4 +2,5 @@ fn main() {
     sp1_build::build_program("crates/share_exchange_prove");
     sp1_build::build_program("crates/finalization_prove");
     sp1_build::build_program("crates/wrong_final_key_generation_prove");
+    sp1_build::build_program("crates/bad_encrypted_share_prove");
 }

crates/bad_encrypted_share_prove/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "bad_encrypted_share_prove"
+version = "1.1.0"
+edition = "2021"
+publish = false
+
+[dependencies]
+sp1-zkvm = "3.4.0"
+ff = "0.13.0"
+rand = "0.8.5"
+group = "0.13.0"
+serde = "1.0.216"
+dvt_abi = { path = "../dvt_abi" }
+bls_utils = { path = "../bls_utils" }
+hex = "0.4"
+chacha20 = "0.9.1"

crates/bad_encrypted_share_prove/src/main.rs

@@ -0,0 +1,52 @@
+#![no_main]
+
+sp1_zkvm::entrypoint!(main);
+
+use core::panic;
+
+use bls_utils::{self};
+
+use chacha20::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
+use chacha20::ChaCha20;
+
+pub fn main() {
+    let data = bls_utils::read_wrong_final_key_generation_data();
+    print!("{:?}", data);
+
+    let ok = bls_utils::prove_wrong_final_key_generation(&data);
+    if ok.is_err() {
+        panic!("{:?}", ok.unwrap_err().to_string());
+    }
+
+    let key = [0x42; 32];
+    let nonce = [0x24; 12];
+    let plaintext = hex::decode("000102030405060708090A0B0C0D0E0F").unwrap();
+    let ciphertext = hex::decode("e405626e4f1236b3670ee428332ea20e").unwrap();
+
+    // Key and IV must be references to the `GenericArray` type.
+    // Here we use the `Into` trait to convert arrays into it.
+    let mut cipher = ChaCha20::new(&key.into(), &nonce.into());
+
+    let mut buffer = plaintext.clone();
+
+    // apply keystream (encrypt)
+    cipher.apply_keystream(&mut buffer);
+    assert_eq!(buffer, ciphertext);
+
+    let ciphertext = buffer.clone();
+
+    // ChaCha ciphers support seeking
+    cipher.seek(0u32);
+
+    // decrypt ciphertext by applying keystream again
+    cipher.apply_keystream(&mut buffer);
+    assert_eq!(buffer, plaintext);
+
+    // stream ciphers can be used with streaming messages
+    cipher.seek(0u32);
+    for chunk in buffer.chunks_mut(3) {
+        cipher.apply_keystream(chunk);
+    }
+    assert_eq!(buffer, ciphertext);
+    print!("{:?}", ciphertext);
+}

crates/bls_utils/src/bls.rs

@@ -39,7 +39,7 @@ pub fn evaluate_polynomial(cfs: Vec<G1Affine>, x: Scalar) -> G1Affine {
     }
 }
 
-pub fn evaluate_polynomial_g1_projection(cfs: &Vec<G1Projective>, x: Scalar) -> G1Projective {   
+pub fn evaluate_polynomial_g1_projection(cfs: &Vec<G1Projective>, x: Scalar) -> G1Projective {
     let count = cfs.len();
     if count == 0 {
         return G1Projective::identity();
@@ -109,10 +109,14 @@ pub fn hash_message_to_g2(msg: &[u8]) -> G2Projective {
     <G2Projective as HashToCurve<ExpandMsgXmd<Sha256>>>::hash_to_curve(msg, domain)
 }
 
-pub fn bls_verify_precomputed_hash(pubkey: &G1Affine, signature: &G2Affine, hashed_msg: &G2Affine) -> bool {
+pub fn bls_verify_precomputed_hash(
+    pubkey: &G1Affine,
+    signature: &G2Affine,
+    hashed_msg: &G2Affine,
+) -> bool {
     let left = pairing(&pubkey, &hashed_msg);
     let right = pairing(&G1Affine::generator(), &signature);
-    
+
     left == right
 }
 pub fn bls_verify(pubkey: &G1Affine, signature: &G2Affine, message: &[u8]) -> bool {

crates/bls_utils/src/input.rs

@@ -171,3 +171,7 @@ pub fn read_wrong_final_key_generation_data() -> dvt_abi::AbiWrongFinalKeyGenera
         perpatrator_hash: perpatrator_hash,
     }
 }
+
+pub fn read_bad_encrypted_share() -> dvt_abi::AbiBadEncryptedShare {
+    dvt_abi::AbiBadEncryptedShare {}
+}

crates/bls_utils/src/lib.rs

@@ -2,8 +2,11 @@ pub mod bls;
 pub mod input;
 pub mod verification;
 
-pub use input::{read_bls_shared_data_from_host, read_finalization_data, read_wrong_final_key_generation_data};
+pub use input::{
+    read_bls_shared_data_from_host, read_finalization_data, read_wrong_final_key_generation_data,
+};
 
 pub use verification::{
-    verify_generations, verify_initial_commitment_hash, verify_seed_exchange_commitment, prove_wrong_final_key_generation, VerificationErrors
+    prove_wrong_final_key_generation, verify_generations, verify_initial_commitment_hash,
+    verify_seed_exchange_commitment, VerificationErrors,
 };

crates/bls_utils/src/verification.rs

@@ -1,12 +1,12 @@
 use bls12_381::{G1Affine, G1Projective, G2Affine, Scalar};
 
 use dvt_abi::{self};
-use group::GroupEncoding;
 use sha2::{Digest, Sha256};
-use sp1_zkvm;
 
 use crate::bls::{
-    bls_id_from_u32, bls_verify, bls_verify_precomputed_hash, evaluate_polynomial, evaluate_polynomial_g1_projection, hash_message_to_g2, lagrange_interpolation, PublicKey, SecretKey
+    bls_id_from_u32, bls_verify_precomputed_hash, evaluate_polynomial,
+    evaluate_polynomial_g1_projection, hash_message_to_g2, lagrange_interpolation, PublicKey,
+    SecretKey,
 };
 
 #[derive(Debug)]
@@ -73,7 +73,6 @@ pub fn to_g1_projection(pubkey: &dvt_abi::BLSPubkey) -> G1Projective {
     G1Projective::from(to_g1_affine(pubkey))
 }
 
-
 pub fn verify_seed_exchange_commitment(
     verification_hashes: &dvt_abi::AbiVerificationHashes,
     seed_exchange: &dvt_abi::AbiSeedExchangeCommitment,
@@ -84,16 +83,14 @@ pub fn verify_seed_exchange_commitment(
 
     let g1_pubkey = to_g1_affine(&commitment.pubkey);
 
-
-    let g2_sig = &G2Affine::from_compressed(&commitment.signature)
-    .into_option();
+    let g2_sig = &G2Affine::from_compressed(&commitment.signature).into_option();
     if g2_sig.is_none() {
         return Err(Box::new(VerificationErrors::UnslashableError(
             String::from(format!(
-                "Invalid field seeds_exchange_commitment.commitment.signature {}\n", 
+                "Invalid field seeds_exchange_commitment.commitment.signature {}\n",
                 hex::encode(commitment.signature)
-            ))
-        )))
+            )),
+        )));
     }
     if !bls_verify_precomputed_hash(
         &g1_pubkey,
@@ -112,7 +109,6 @@ pub fn verify_seed_exchange_commitment(
     let sk = SecretKey::from_bytes(&shared_secret.secret);
     if sk.is_err() {
         return Err(Box::new(VerificationErrors::SlashableError(String::from(
-            
             format!(
                 "Invalid field seeds_exchange_commitment.shared_secret.secret: {} \n",
                 sk.unwrap_err()
@@ -226,7 +222,7 @@ fn agg_final_keys(
         .collect();
 
     let mut final_cfs = Vec::new();
-    for i in 0..verification_vectors[0].len() {      
+    for i in 0..verification_vectors[0].len() {
         let mut sum = G1Projective::identity();
         for j in 0..verification_vectors.len() {
             sum = sum + verification_vectors[j][i];
@@ -237,7 +233,7 @@ fn agg_final_keys(
     for i in 0..ids.len() {
         let tmp = evaluate_polynomial_g1_projection(&final_cfs, ids[i]);
         final_keys.push(tmp);
-    }  
+    }
     final_keys.iter().map(|x| G1Affine::from(x)).collect()
 }
 
@@ -275,7 +271,9 @@ pub fn verify_generation_hashes(
         // opcode count for n=5 924_860_863
         let ok = bls_verify_precomputed_hash(
             &to_g1_affine(&generation.partial_pubkey),
-            &G2Affine::from_compressed(&generation.message_signature).into_option().unwrap(),
+            &G2Affine::from_compressed(&generation.message_signature)
+                .into_option()
+                .unwrap(),
             &hashed_msg,
         );
 
@@ -366,7 +364,7 @@ pub fn verify_generations(
         })
         .collect();
 
-     let computed_key = lagrange_interpolation(&partial_keys, &ids)?;
+    let computed_key = lagrange_interpolation(&partial_keys, &ids)?;
 
     if computed_key != agg_key {
         return Err(Box::new(std::io::Error::new(

crates/dvt_abi/src/lib.rs

@@ -110,6 +110,11 @@ pub struct DvtWrongFinalKeyGeneration {
     perpatrator_hash: String,
 }
 
+#[derive(Debug, Deserialize)]
+pub struct DvtBadEncryptedShare {
+    // TODO: implement
+}
+
 #[derive(Debug)]
 pub struct AbiVerificationVector {
     pub pubkeys: Vec<BLSPubkey>,
@@ -183,6 +188,11 @@ pub struct AbiWrongFinalKeyGeneration {
     pub perpatrator_hash: SHA256,
 }
 
+#[derive(Debug)]
+pub struct AbiBadEncryptedShare {
+    // TODO: implement
+}
+
 fn decode_hex<const N: usize>(input: &str) -> Result<[u8; N], Box<dyn Error>> {
     let bytes = decode(input).map_err(|e| format!("Failed to decode input: {}", e))?;
 
@@ -358,7 +368,14 @@ impl DvtWrongFinalKeyGeneration {
                 .collect::<Result<Vec<AbiGeneration>, _>>()?,
             perpatrator_hash: decode_hex::<SHA256_SIZE>(&self.perpatrator_hash)
                 .map_err(|e| format!("Invalid perpatrator_hash: {}", e))?,
-            
+        })
+    }
+}
+
+impl DvtBadEncryptedShare {
+    pub fn to_abi(&self) -> Result<AbiBadEncryptedShare, Box<dyn std::error::Error>> {
+        Ok(AbiBadEncryptedShare {
+            // TODO: implement
         })
     }
 }

crates/dvt_abi_host/src/lib.rs

@@ -1,8 +1,7 @@
-use dvt_abi;
 use sp1_sdk::SP1Stdin;
 fn write_array_to_prover<const N: usize>(stdin: &mut SP1Stdin, data: &[u8; N]) {
-    for i in 0..N {
-        stdin.write(&[data[i]]);
+    for x in data.iter().take(N) {
+        stdin.write(x);
     }
 }
 pub trait ProverSerialize {
@@ -63,16 +62,19 @@ impl ProverSerialize for dvt_abi::AbiBlsSharedData {
         self.initial_commitment.write(stdin);
         self.seeds_exchange_commitment.write(stdin);
         if (self.initial_commitment.settings.n as usize) != self.verification_hashes.len() {
-            panic!("k != verification_hashes.len() {}", self.verification_hashes.len());
+            panic!(
+                "k != verification_hashes.len() {}",
+                self.verification_hashes.len()
+            );
         }
         self.verification_hashes.write(stdin);
     }
 }
 
 impl ProverSerialize for dvt_abi::AbiVerificationHashes {
     fn write(&self, stdin: &mut SP1Stdin) {
-        for i in 0..self.len() {
-            write_array_to_prover(stdin, &self[i]);
+        for x in self {
+            write_array_to_prover(stdin, x);
         }
     }
 }
@@ -100,7 +102,7 @@ impl ProverSerialize for dvt_abi::AbiFinalizationData {
         if self.settings.n as usize != self.generations.len() {
             panic!("k != generations.len() {}", self.generations.len());
         }
-        
+
         for i in 0..self.generations.len() {
             self.generations[i].write(stdin);
         }
@@ -116,4 +118,10 @@ impl ProverSerialize for dvt_abi::AbiWrongFinalKeyGeneration {
         }
         write_array_to_prover(stdin, &self.perpatrator_hash);
     }
-}
+}
+
+impl ProverSerialize for dvt_abi::AbiBadEncryptedShare {
+    fn write(&self, _stdin: &mut SP1Stdin) {
+        // TODO: implement
+    }
+}

crates/share_exchange_prove/src/main.rs

@@ -9,17 +9,18 @@ use bls_utils::{self, VerificationErrors};
 pub fn main() {
     let data = bls_utils::read_bls_shared_data_from_host();
 
-    if data.verification_hashes.len() != data.initial_commitment.settings.n as usize  {
+    if data.verification_hashes.len() != data.initial_commitment.settings.n as usize {
         panic!("The number of verification hashes does not match the number of keys\n");
     }
 
     if data.initial_commitment.settings.n < data.initial_commitment.settings.k {
         panic!("N should be greater than or equal to k\n");
     }
 
-    let found = data.verification_hashes.iter().find(|h| {
-        h == &&data.initial_commitment.hash
-    });
+    let found = data
+        .verification_hashes
+        .iter()
+        .find(|h| h == &&data.initial_commitment.hash);
 
     if found.is_none() {
         panic!("The seed exchange commitment is not part of the verification hashes\n");
@@ -37,18 +38,18 @@ pub fn main() {
         Ok(()) => {
             println!("The share is valid. We can't prove participant share is corrupted.");
         }
-        
+
         Err(e) => {
             if let Some(verification_error) = e.downcast_ref::<VerificationErrors>() {
                 match verification_error {
                     VerificationErrors::SlashableError(err) => {
                         println!("Slashable error seed exchange commitment: {}", err);
-                        
+
                         for h in data.verification_hashes.iter() {
                             println!("Verification hash: {}", hex::encode(h));
                             sp1_zkvm::io::commit(h);
                         }
-                        
+
                         return;
                     }
                     VerificationErrors::UnslashableError(err) => {