Incremental aggregation in Themis (#563)

* Move interactions PublicKey to User constructor

* Permit incremental interaction submissions

* Split InitializePoliciesAccount into two instructions

* Clean up BPF instruction count output

* Update Themis program

* Get submit_interactions() working on testnet

* Fix build

Author: garious

themis/client/Cargo.lock

@@ -30,6 +30,7 @@ tokio = "0.2"
 url = "2.1"
 
 [dev-dependencies]
+separator = "0.4.1"
 solana-banks-server = "1.3.14"
 solana-bpf-loader-program = "1.3.14"
 solana_rbpf = "=0.1.31"

themis/client/Cargo.toml

@@ -35,7 +35,7 @@ async fn run_user_workflow(
     let user_keypair = Keypair::new();
     let user_pubkey = user_keypair.pubkey();
     let ixs =
-        instruction::create_user_account(&sender_pubkey, &user_pubkey, sol_to_lamports(0.001));
+        instruction::create_user_account(&sender_pubkey, &user_pubkey, sol_to_lamports(0.001), pk);
     let msg = Message::new(&ixs, Some(&sender_keypair.pubkey()));
     let recent_blockhash = client.get_recent_blockhash().await?;
     let tx = Transaction::new(&[&sender_keypair, &user_keypair], msg, recent_blockhash);
@@ -51,21 +51,25 @@ async fn run_user_workflow(
         .unwrap();
     num_transactions += 1;
 
-    let ix = instruction::calculate_aggregate(&user_pubkey, &policies_pubkey, interactions, pk);
-    let msg = Message::new(&[ix], Some(&sender_keypair.pubkey()));
-    let recent_blockhash = client.get_recent_blockhash().await?;
-    let tx = Transaction::new(&[&sender_keypair, &user_keypair], msg, recent_blockhash);
-    let tx_size = bincode::serialize(&tx).unwrap().len();
-    assert!(
-        tx_size <= 1200,
-        "transaction over 1200 bytes: {} bytes",
-        tx_size
-    );
-    client
-        .process_transaction_with_commitment(tx, CommitmentLevel::Recent)
-        .await
-        .unwrap();
-    num_transactions += 1;
+    // Send one interaction at a time to stay under the BPF instruction limit
+    for (i, interaction) in interactions.into_iter().enumerate() {
+        let interactions = vec![(i as u8, interaction)];
+        let ix = instruction::submit_interactions(&user_pubkey, &policies_pubkey, interactions);
+        let msg = Message::new(&[ix], Some(&sender_keypair.pubkey()));
+        let recent_blockhash = client.get_recent_blockhash().await?;
+        let tx = Transaction::new(&[&sender_keypair, &user_keypair], msg, recent_blockhash);
+        let tx_size = bincode::serialize(&tx).unwrap().len();
+        assert!(
+            tx_size <= 1200,
+            "transaction over 1200 bytes: {} bytes",
+            tx_size
+        );
+        client
+            .process_transaction_with_commitment(tx, CommitmentLevel::Recent)
+            .await
+            .unwrap();
+        num_transactions += 1;
+    }
 
     //let user_account = client
     //    .get_account_with_commitment_and_context(
@@ -135,12 +139,22 @@ pub async fn test_e2e(
     let policies_len = policies.len();
 
     // Create the policies account
-    let ixs = instruction::create_policies_account(
+    let mut ixs = instruction::create_policies_account(
         &sender_pubkey,
         &policies_pubkey,
         sol_to_lamports(0.01),
-        policies,
+        policies.len() as u8,
     );
+    let policies_slice: Vec<_> = policies
+        .iter()
+        .enumerate()
+        .map(|(i, x)| (i as u8, *x))
+        .collect();
+    ixs.push(instruction::store_policies(
+        &policies_pubkey,
+        policies_slice,
+    ));
+
     let msg = Message::new(&ixs, Some(&sender_keypair.pubkey()));
     let recent_blockhash = client.get_recent_blockhash().await?;
     let tx = Transaction::new(&[&sender_keypair, &policies_keypair], msg, recent_blockhash);

themis/client/src/lib.rs

@@ -1,6 +1,7 @@
 use bn::{Fr, Group, G1};
 use borsh::BorshSerialize;
 use elgamal_bn::ciphertext::Ciphertext;
+use separator::Separatable;
 use solana_bpf_loader_program::{
     create_vm,
     serialization::{deserialize_parameters, serialize_parameters},
@@ -184,25 +185,27 @@ fn assert_instruction_count() {
     let num_scalars = scalars.len();
 
     let (sk, pk) = generate_keys();
-    let encrypted_interactions: Vec<_> = scalars
-        .iter()
-        .map(|_| pk.encrypt(&G1::one()).points)
+    let encrypted_interactions: Vec<_> = (0..num_scalars)
+        .map(|i| (i as u8, pk.encrypt(&G1::one()).points))
         .collect();
 
     let policies_account = SolanaAccount::new_ref(
         0,
         Policies {
             is_initialized: true,
+            num_scalars: num_scalars as u8,
             scalars: scalars.clone(),
         }
         .try_to_vec()
         .unwrap()
         .len(),
         &program_id,
     );
-    let instruction_data = ThemisInstruction::InitializePoliciesAccount { scalars }
-        .serialize()
-        .unwrap();
+    let instruction_data = ThemisInstruction::InitializePoliciesAccount {
+        num_scalars: num_scalars as u8,
+    }
+    .serialize()
+    .unwrap();
     let parameter_accounts = vec![KeyedAccount::new(&policies_key, false, &policies_account)];
     let initialize_policies_count =
         run_program(&program_id, &parameter_accounts[..], &instruction_data).unwrap();
@@ -211,17 +214,16 @@ fn assert_instruction_count() {
     let user_key = Pubkey::new_rand();
     let user_account =
         SolanaAccount::new_ref(0, User::default().try_to_vec().unwrap().len(), &program_id);
-    let instruction_data = ThemisInstruction::InitializeUserAccount
+    let instruction_data = ThemisInstruction::InitializeUserAccount { public_key: pk }
         .serialize()
         .unwrap();
     let parameter_accounts = vec![KeyedAccount::new(&user_key, false, &user_account)];
     let initialize_user_count =
         run_program(&program_id, &parameter_accounts[..], &instruction_data).unwrap();
 
     // Calculate Aggregate
-    let instruction_data = ThemisInstruction::CalculateAggregate {
+    let instruction_data = ThemisInstruction::SubmitInteractions {
         encrypted_interactions,
-        public_key: pk,
     }
     .serialize()
     .unwrap();
@@ -251,7 +253,7 @@ fn assert_instruction_count() {
 
     let instruction_data = ThemisInstruction::SubmitProofDecryption {
         plaintext: decrypted_aggregate,
-        announcement,
+        announcement: Box::new(announcement),
         response,
     }
     .serialize()
@@ -267,20 +269,25 @@ fn assert_instruction_count() {
 
     println!("BPF instructions executed");
     println!(
-        "  InitializePolicies({}): {:?} ({:?})",
-        num_scalars, initialize_policies_count, BASELINE_NEW_POLICIES_COUNT
+        "  InitializePolicies({}): {} ({:?})",
+        num_scalars,
+        initialize_policies_count.separated_string(),
+        BASELINE_NEW_POLICIES_COUNT
     );
     println!(
-        "  InitializeUserAccount: {:?} ({:?})",
-        initialize_user_count, BASELINE_INITIALIZE_USER_COUNT
+        "  InitializeUserAccount: {} ({:?})",
+        initialize_user_count.separated_string(),
+        BASELINE_INITIALIZE_USER_COUNT
     );
     println!(
-        "  CalculateAggregate:    {:?} ({:?})",
-        calculate_aggregate_count, BASELINE_CALCULATE_AGGREGATE_COUNT
+        "  CalculateAggregate:    {} ({:?})",
+        calculate_aggregate_count.separated_string(),
+        BASELINE_CALCULATE_AGGREGATE_COUNT
     );
     println!(
-        "  SubmitProofDecryption: {:?} ({:?})",
-        proof_decryption_count, BASELINE_PROOF_DECRYPTION_COUNT
+        "  SubmitProofDecryption: {} ({:?})",
+        proof_decryption_count.separated_string(),
+        BASELINE_PROOF_DECRYPTION_COUNT
     );
 
     assert!(initialize_policies_count <= BASELINE_NEW_POLICIES_COUNT);

themis/client/tests/assert_instruction_count.rs

@@ -1 +1 @@
-6q92wS9neZdex1jT72zqeWEPJ6YYNSqYjF6PKrqbVUwJ
+F3FWeYPjD1jeR6UykMj1GRbCcmoxtJnDiPuFdTLRGvb6

themis/program/program-id.md

@@ -1,6 +1,8 @@
 //! Error types
 
 use num_derive::FromPrimitive;
+use num_traits::FromPrimitive;
+use solana_sdk::program_error::PrintProgramError;
 use solana_sdk::{decode_error::DecodeError, program_error::ProgramError};
 use thiserror::Error;
 
@@ -25,3 +27,15 @@ impl<T> DecodeError<T> for ThemisError {
         "ThemisError"
     }
 }
+
+impl PrintProgramError for ThemisError {
+    fn print<E>(&self)
+    where
+        E: 'static + std::error::Error + DecodeError<E> + PrintProgramError + FromPrimitive,
+    {
+        match self {
+            ThemisError::InvalidInstruction => println!("Error: Invalid instruction"),
+            ThemisError::AccountInUse => println!("Error: Account in use"),
+        }
+    }
+}

themis/program/src/error.rs

@@ -23,7 +23,10 @@ pub enum ThemisInstruction {
     /// Accounts expected by this instruction:
     ///
     ///   0. `[writable]` The account to initialize.
-    InitializeUserAccount,
+    InitializeUserAccount {
+        /// Public key for all encrypted interations
+        public_key: PublicKey,
+    },
 
     /// Initialize a new policies account
     ///
@@ -35,8 +38,20 @@ pub enum ThemisInstruction {
     ///
     ///   0. `[writable]` The account to initialize.
     InitializePoliciesAccount {
+        /// Number of policies to be added
+        num_scalars: u8,
+    },
+
+    /// Store policies
+    ///
+    /// The `StorePolices` instruction is used to set individual policies.
+    ///
+    /// Accounts expected by this instruction:
+    ///
+    ///   0. `[writable, signer]` The policies account.
+    StorePolicies {
         /// Policies to be added
-        scalars: Vec<Fr>,
+        scalars: Vec<(u8, Fr)>,
     },
 
     /// Calculate aggregate. The length of the `input` vector must equal the
@@ -46,12 +61,9 @@ pub enum ThemisInstruction {
     ///
     ///   0. `[writable, signer]`  The user account
     ///   1. `[]`  The policies account
-    CalculateAggregate {
+    SubmitInteractions {
         /// Encrypted interactions
-        encrypted_interactions: Vec<(G1, G1)>,
-
-        /// Public key for all encrypted interations
-        public_key: PublicKey,
+        encrypted_interactions: Vec<(u8, (G1, G1))>,
     },
 
     /// Submit proof decryption
@@ -64,7 +76,7 @@ pub enum ThemisInstruction {
         plaintext: G1,
 
         /// (announcement_g, announcement_ctx)
-        announcement: (G1, G1),
+        announcement: Box<(G1, G1)>,
 
         /// response
         response: Fr,
@@ -99,8 +111,8 @@ impl ThemisInstruction {
 }
 
 /// Return an `InitializeUserAccount` instruction.
-fn initialize_user_account(user_pubkey: &Pubkey) -> Instruction {
-    let data = ThemisInstruction::InitializeUserAccount;
+fn initialize_user_account(user_pubkey: &Pubkey, public_key: PublicKey) -> Instruction {
+    let data = ThemisInstruction::InitializeUserAccount { public_key };
 
     let accounts = vec![AccountMeta::new(*user_pubkey, false)];
 
@@ -112,17 +124,22 @@ fn initialize_user_account(user_pubkey: &Pubkey) -> Instruction {
 }
 
 /// Return two instructions that create and initialize a user account.
-pub fn create_user_account(from: &Pubkey, user_pubkey: &Pubkey, lamports: u64) -> Vec<Instruction> {
+pub fn create_user_account(
+    from: &Pubkey,
+    user_pubkey: &Pubkey,
+    lamports: u64,
+    public_key: PublicKey,
+) -> Vec<Instruction> {
     let space = User::default().try_to_vec().unwrap().len() as u64;
     vec![
         system_instruction::create_account(from, user_pubkey, lamports, space, &crate::id()),
-        initialize_user_account(user_pubkey),
+        initialize_user_account(user_pubkey, public_key),
     ]
 }
 
 /// Return an `InitializePoliciesAccount` instruction.
-fn initialize_policies_account(policies_pubkey: &Pubkey, scalars: Vec<Fr>) -> Instruction {
-    let data = ThemisInstruction::InitializePoliciesAccount { scalars };
+fn initialize_policies_account(policies_pubkey: &Pubkey, num_scalars: u8) -> Instruction {
+    let data = ThemisInstruction::InitializePoliciesAccount { num_scalars };
     let accounts = vec![AccountMeta::new(*policies_pubkey, false)];
     Instruction {
         program_id: crate::id(),
@@ -136,31 +153,34 @@ pub fn create_policies_account(
     from: &Pubkey,
     policies_pubkey: &Pubkey,
     lamports: u64,
-    scalars: Vec<Fr>,
+    num_scalars: u8,
 ) -> Vec<Instruction> {
-    let space = Policies {
-        scalars: scalars.clone(),
-        ..Policies::default()
-    }
-    .try_to_vec()
-    .unwrap()
-    .len() as u64;
+    let space = Policies::new(num_scalars).try_to_vec().unwrap().len() as u64;
     vec![
         system_instruction::create_account(from, policies_pubkey, lamports, space, &crate::id()),
-        initialize_policies_account(policies_pubkey, scalars),
+        initialize_policies_account(policies_pubkey, num_scalars),
     ]
 }
 
-/// Return a `CalculateAggregate` instruction.
-pub fn calculate_aggregate(
+/// Return an `InitializePoliciesAccount` instruction.
+pub fn store_policies(policies_pubkey: &Pubkey, scalars: Vec<(u8, Fr)>) -> Instruction {
+    let data = ThemisInstruction::StorePolicies { scalars };
+    let accounts = vec![AccountMeta::new(*policies_pubkey, true)];
+    Instruction {
+        program_id: crate::id(),
+        accounts,
+        data: data.serialize().unwrap(),
+    }
+}
+
+/// Return a `SubmitInteractions` instruction.
+pub fn submit_interactions(
     user_pubkey: &Pubkey,
     policies_pubkey: &Pubkey,
-    encrypted_interactions: Vec<(G1, G1)>,
-    public_key: PublicKey,
+    encrypted_interactions: Vec<(u8, (G1, G1))>,
 ) -> Instruction {
-    let data = ThemisInstruction::CalculateAggregate {
+    let data = ThemisInstruction::SubmitInteractions {
         encrypted_interactions,
-        public_key,
     };
     let accounts = vec![
         AccountMeta::new(*user_pubkey, true),
@@ -183,7 +203,7 @@ pub fn submit_proof_decryption(
 ) -> Instruction {
     let data = ThemisInstruction::SubmitProofDecryption {
         plaintext,
-        announcement: (announcement_g, announcement_ctx),
+        announcement: Box::new((announcement_g, announcement_ctx)),
         response,
     };
     let accounts = vec![AccountMeta::new(*user_pubkey, true)];

themis/program/src/instruction.rs

@@ -11,4 +11,4 @@ pub mod state;
 // solana-sdk version
 pub use solana_sdk;
 
-solana_sdk::declare_id!("6q92wS9neZdex1jT72zqeWEPJ6YYNSqYjF6PKrqbVUwJ");
+solana_sdk::declare_id!("F3FWeYPjD1jeR6UykMj1GRbCcmoxtJnDiPuFdTLRGvb6");