Resolve #86 (#104)

`_arkworks` checked, `_rustcrypto` updated
plume-sig · Apr 9, 2024 · 1fa9c09 · 1fa9c09
1 parent d0ceebc
commit 1fa9c09
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 38 deletions.
diff --git a/rust-k256/src/lib.rs b/rust-k256/src/lib.rs
@@ -30,14 +30,17 @@
 use k256::elliptic_curve::bigint::ArrayEncoding;
 use k256::elliptic_curve::ops::Reduce;
 use k256::sha2::{digest::Output, Digest, Sha256}; // requires 'getrandom' feature
+use k256::ProjectivePoint;
 use k256::Scalar;
 use k256::U256;
 use signature::RandomizedSigner;
-// TODO
-pub use k256::ProjectivePoint;
-/// Re-exports the `NonZeroScalar` and `SecretKey` types from the `k256` crate.
-/// These are used for generating secret keys and non-zero scalars for signing.
-pub use k256::{NonZeroScalar, SecretKey};
+
+/// Exports types from the `k256` crate:
+///
+/// - `NonZeroScalar`: A secret 256-bit scalar value.
+/// - `SecretKey`: A secret 256-bit scalar wrapped in a struct.  
+/// - `AffinePoint`: A public elliptic curve point.
+pub use k256::{AffinePoint, NonZeroScalar, SecretKey};
 /// Re-exports the [`CryptoRngCore`] trait from the [`rand_core`] crate.
 /// This allows it to be used from the current module.
 pub use rand_core::CryptoRngCore;
@@ -60,9 +63,9 @@ pub struct PlumeSignature {
     /// The message that was signed.
     pub message: Vec<u8>,
     /// The public key used to verify the signature.
-    pub pk: ProjectivePoint,
+    pub pk: AffinePoint,
     /// The nullifier.
-    pub nullifier: ProjectivePoint,
+    pub nullifier: AffinePoint,
     /// Part of the signature data. SHA-256 interpreted as a scalar.
     pub c: NonZeroScalar,
     /// Part of the signature data, a scalar value.
@@ -74,9 +77,9 @@ pub struct PlumeSignature {
 #[derive(Debug)]
 pub struct PlumeSignatureV1Fields {
     /// Part of the signature data, a curve point.  
-    pub r_point: ProjectivePoint,
+    pub r_point: AffinePoint,
     /// Part of the signature data, a curve point.
-    pub hashed_to_curve_r: ProjectivePoint,
+    pub hashed_to_curve_r: AffinePoint,
 }
 impl PlumeSignature {
     /// Verifies a PLUME signature.
@@ -91,7 +94,7 @@ impl PlumeSignature {
 
         let r_point = (ProjectivePoint::GENERATOR * *self.s) - (self.pk * (c_scalar));
 
-        let hashed_to_curve = hash_to_curve(&self.message, &self.pk);
+        let hashed_to_curve = hash_to_curve(&self.message, &self.pk.into());
         if hashed_to_curve.is_err() {
             return false;
         }
@@ -118,17 +121,17 @@ impl PlumeSignature {
             c_scalar
                 == Scalar::reduce(U256::from_be_byte_array(c_sha256_vec_signal(vec![
                     &ProjectivePoint::GENERATOR,
-                    &self.pk,
+                    &self.pk.into(),
                     &hashed_to_curve,
-                    &self.nullifier,
+                    &self.nullifier.into(),
                     &r_point,
                     &hashed_to_curve_r,
                 ])))
         } else {
             // Check if the given hash matches
             c_scalar
                 == Scalar::reduce(U256::from_be_byte_array(c_sha256_vec_signal(vec![
-                    &self.nullifier,
+                    &self.nullifier.into(),
                     &r_point,
                     &hashed_to_curve_r,
                 ])))
@@ -191,7 +194,7 @@ mod tests {
     fn test_byte_array_to_scalar() {
         let scalar = byte_array_to_scalar(&hex!(
             "c6a7fc2c926ddbaf20731a479fb6566f2daa5514baae5223fe3b32edbce83254"
-        )); 
+        ));
         assert_eq!(
             hex::encode(scalar.to_bytes()),
             "c6a7fc2c926ddbaf20731a479fb6566f2daa5514baae5223fe3b32edbce83254"

diff --git a/rust-k256/src/randomizedsigner.rs b/rust-k256/src/randomizedsigner.rs
@@ -94,13 +94,13 @@ impl<'signing> RandomizedSigner<PlumeSignature> for PlumeSigner<'signing> {
         Ok(PlumeSignature {
             message: msg.to_owned(),
             pk: pk.into(),
-            nullifier: nullifier.to_point(),
+            nullifier: nullifier.to_point().to_affine(),
             c: c_scalar,
             s: s_scalar,
             v1specific: if self.v1 {
                 Some(PlumeSignatureV1Fields {
                     r_point: r_point.into(),
-                    hashed_to_curve_r: hashed_to_curve_r.to_point(),
+                    hashed_to_curve_r: hashed_to_curve_r.to_point().to_affine(),
                 })
             } else {
                 None

diff --git a/rust-k256/tests/verification.rs b/rust-k256/tests/verification.rs
@@ -3,8 +3,8 @@
 //! Their setup is shared, `mod helpers` contains barely not refactored code, which is still instrumental to the tests.
 
 use helpers::{gen_test_scalar_sk, test_gen_signals, PlumeVersion};
-use k256::{elliptic_curve::sec1::ToEncodedPoint, NonZeroScalar};
-use plume_rustcrypto::{PlumeSignature, PlumeSignatureV1Fields, ProjectivePoint};
+use k256::{elliptic_curve::sec1::ToEncodedPoint, NonZeroScalar, ProjectivePoint};
+use plume_rustcrypto::{AffinePoint, PlumeSignature, PlumeSignatureV1Fields};
 
 const G: ProjectivePoint = ProjectivePoint::GENERATOR;
 const M: &[u8; 29] = b"An example app message string";
@@ -33,13 +33,13 @@ fn plume_v1_test() {
 
     let sig = PlumeSignature {
         message: M.to_owned().into(),
-        pk: G * gen_test_scalar_sk(),
-        nullifier: test_data.1,
+        pk: (G * gen_test_scalar_sk()).into(),
+        nullifier: test_data.1.into(),
         c: NonZeroScalar::from_repr(C_V1.into()).unwrap(),
         s: NonZeroScalar::new(test_data.3).unwrap(),
         v1specific: Some(PlumeSignatureV1Fields {
-            r_point,
-            hashed_to_curve_r,
+            r_point: r_point.into(),
+            hashed_to_curve_r: hashed_to_curve_r.into(),
         }),
     };
     let verified = sig.verify();
@@ -48,23 +48,11 @@ fn plume_v1_test() {
     // Print nullifier
     println!(
         "nullifier.x: {:?}",
-        hex::encode(
-            sig.nullifier
-                .to_affine()
-                .to_encoded_point(false)
-                .x()
-                .unwrap()
-        )
+        hex::encode(sig.nullifier.to_encoded_point(false).x().unwrap())
     );
     println!(
         "nullifier.y: {:?}",
-        hex::encode(
-            sig.nullifier
-                .to_affine()
-                .to_encoded_point(false)
-                .y()
-                .unwrap()
-        )
+        hex::encode(sig.nullifier.to_encoded_point(false).y().unwrap())
     );
     // Print c
     println!("c: {:?}", hex::encode(C_V1));
@@ -109,8 +97,8 @@ fn plume_v2_test() {
     let test_data = test_gen_signals(M, PlumeVersion::V2);
     assert!(PlumeSignature {
         message: M.to_owned().into(),
-        pk: G * gen_test_scalar_sk(),
-        nullifier: test_data.1,
+        pk: (G * gen_test_scalar_sk()).into(),
+        nullifier: test_data.1.into(),
         c: NonZeroScalar::from_repr(test_data.2).unwrap(),
         s: NonZeroScalar::new(test_data.3).unwrap(),
         v1specific: None
@@ -167,6 +155,7 @@ mod helpers {
         pt
     }
 
+    use k256::ProjectivePoint;
     // These generate test signals as if it were passed from a secure enclave to wallet. Note that leaking these signals would leak pk, but not sk.
     // Outputs these 6 signals, in this order
     // g^sk																(private)