Tapir provides a framework for building Anonymous / metadata resistant Services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

150 lines
5.4 KiB

package bulletproofs
import (
"cwtch.im/tapir/primitives/core"
"encoding/hex"
"encoding/json"
"git.openprivacy.ca/openprivacy/libricochet-go/log"
"github.com/gtank/ristretto255"
"golang.org/x/crypto/sha3"
"testing"
)
func TestProove(t *testing.T) {
log.SetLevel(log.LevelDebug)
proverTranscript := core.NewTranscript("rangeproof")
verifierTranscript := core.NewTranscript("rangeproof")
rangeproof, _ := GenerateRangeProof(10, Setup(32, proverTranscript), proverTranscript)
if VerifyRangeProof(rangeproof, Setup(32, verifierTranscript), verifierTranscript) == true {
t.Logf("Range Proof Passed!")
t.Logf("%v\n\n%v\n", proverTranscript.OutputTranscriptToAudit(), verifierTranscript.OutputTranscriptToAudit())
jsonProof, _ := json.Marshal(rangeproof)
t.Logf("RangeProof: %s", jsonProof)
} else {
t.Logf("%v\n\n%v\n", proverTranscript.OutputTranscriptToAudit(), verifierTranscript.OutputTranscriptToAudit())
t.Fatalf("Failed to Verify Range Proof")
}
}
func byteToPoint(in []byte) *ristretto255.Element {
element := ristretto255.NewElement()
element.Decode(in)
return element
}
func byteToScalar(in []byte) *ristretto255.Scalar {
scalar := ristretto255.NewScalar()
scalar.Decode(in[0:32])
return scalar
}
func decodeInnerProduct(in []byte) *InnerProductProof {
num_elements := len(in) / 32
lg_n := (num_elements - 2) / 2
lvec := make(core.PointVector, lg_n)
rvec := make(core.PointVector, lg_n)
for i := 0; i < lg_n; i++ {
pos := 2 * i * 32
lvec[i] = byteToPoint(in[pos : pos+32])
rvec[i] = byteToPoint(in[pos+32 : pos+64])
}
pos := 2 * lg_n * 32
a := byteToScalar(in[pos : pos+32])
b := byteToScalar(in[pos+32 : pos+64])
return &InnerProductProof{lvec, rvec, a, b}
}
func TestDalek(t *testing.T) {
log.SetLevel(log.LevelDebug)
t.Logf("Testing dalek-cryptography bulletproofs test vector...")
rp, _ := hex.DecodeString("46b6ea8b6a9710c41c2622d4b353dbcf5f89afe8ed66c469f192bec19dc71d23c0442827f97fc9085a89caa87d294b0a21e7b8957732ec4951f6bf7d3aa2c66e7af3b7b956c7dcb3bed1223575a217a30642b603b6bf1d4138ed95e3458c524510b42c8d82958f40b447a84242b1ba1eeea54013f80bad643048eeb0b17c292a057cb6ae1c42338837c05eaa6336a17d60fa141204e015a1df15b28c1318c709d7eb35569cde89c0bf37eace54880a151498b38da54c6d739564f46f01b73601e518355ea06c9ef58a45fcb3baadbd1ac54e0838c471a6b91845f123d569fa0c46ef94471b7b826230e8576146beec08ac3e6683998815c576581f4c0e493433480f95f6495210636eaa2e32b577e1c363e35e522db85b18a56d57eb626f9e2b50578e0d7ee7b74b328e158b366bb9d117db725820a2fec3b1508212d75823345a801c0b602bfa05919d7e3bb8e71944587072badc363f334b08ba90d13e077ad24b82bacd51fc668d2b880daabd3b87e6bdc9584af66523026a30aadfc359283891bb65cca502f47421ffeee1fb5a5237bfa965b66a8b8ca5d6954f4f8222244c6a5340dc81e8d781d092cae2a763f185dd0b89965b1dd2506807b5d3e5a305fd9a68e60b91389dcffae6f85538713aa7ed272b8174e2f0b9730ebb6c464d06")
t.Logf("Deserializing dalek-cryptography bulletproofs test vector...%x", rp)
A := byteToPoint(rp[0:32])
S := byteToPoint(rp[32:64])
T1 := byteToPoint(rp[64:96])
T2 := byteToPoint(rp[96:128])
TX := byteToScalar(rp[128:160])
TX_blinding := byteToScalar(rp[160:192])
micro := byteToScalar(rp[192 : 192+32])
ipp := decodeInnerProduct(rp[192+32:])
vbytes := []string{
"90b0c2fe57934dff9f5396e135e7d72b82b3c5393e1843178918eb2cf28a5f3c",
"74256a3e2a7fe948210c4095195ae4db3e3498c6c5fddc2afb226c0f1e97e468",
"7e348def6d03dc7bcbe7e03736ca2898e2efa9f6ff8ae4ed1cb5252ec1744075",
"861859f5d4c14f5d6d7ad88dcf43c9a98064a7d8702ffc9bad9eba2ed766702a",
"4c09b1260c833fefe25b1c3d3becc80979beca5e864d57fcb410bb15c7ba5c14",
"08cf26bfdf2e6b731536f5e48b4c0ac7b5fc846d36aaa3fe0d28f07c207f0814",
"a6e2d1c2770333c9a8a5ac10d9eb28e8609d5954428261335b2fd6ff0e0e8d69",
"30beef3b58fd2c18dde771d5c77e32f8dc01361e284aef517bce54a5c74c4665",
}
V := make([]*ristretto255.Element, len(vbytes))
for i, v := range vbytes {
V[i] = ristretto255.NewElement()
vdec, _ := hex.DecodeString(v)
V[i].Decode(vdec)
}
rangeProof := RangeProof{A, S, T1, T2, TX_blinding, TX, micro, *ipp, V[0:1]}
json, _ := json.Marshal(rangeProof)
t.Logf("RangeProof: %s", json)
t.Logf("Deserialized Range Proof: %s", json)
t.Logf("Generating dalek-cryptography pedersen generators....")
params := CommitmentsParams{}
params.g = ristretto255.NewElement().Base()
params.h = ristretto255.NewElement()
h := sha3.Sum512(params.g.Encode([]byte{}))
params.h = ristretto255.NewElement().FromUniformBytes(h[:])
params.max = 8
params.G = make(core.GeneratorVector, params.max)
params.H = make(core.GeneratorVector, params.max)
labelG := []byte{'G', 0, 0, 0, 0}
shake := sha3.NewShake256()
shake.Write([]byte("GeneratorsChain"))
shake.Write(labelG[:])
labelH := []byte{'H', 0, 0, 0, 0}
shakeH := sha3.NewShake256()
shakeH.Write([]byte("GeneratorsChain"))
shakeH.Write(labelH[:])
t.Logf("Generating dalek-cryptography BP generators....")
for i := 0; i < 8; i++ {
b := make([]byte, 64)
shake.Read(b)
params.G[i] = ristretto255.NewElement()
params.G[i].FromUniformBytes(b)
//t.Logf("G: %x", params.G[i].Encode([]byte{}))
bH := make([]byte, 64)
shakeH.Read(bH)
params.H[i] = ristretto255.NewElement()
params.H[i].FromUniformBytes(bH)
// t.Logf("H: %x", params.H[i].Encode([]byte{}))
}
//t.Logf("parmas: %v", params)
verifierTranscript := core.NewTranscript("Deserialize-And-Verify Test")
t.Logf("Verification Result: %v", VerifyRangeProof(rangeProof, params, verifierTranscript))
t.Logf("Transcript: %s\n", verifierTranscript.OutputTranscriptToAudit())
}