coins/monero/src/tests/bulletproofs/plus/aggregate_range_proof.rs

use rand_core::{RngCore, OsRng};

use multiexp::BatchVerifier;
use group::ff::Field;
use dalek_ff_group::{Scalar, EdwardsPoint};

use crate::{
  Commitment,
  ringct::bulletproofs::plus::aggregate_range_proof::{
    AggregateRangeStatement, AggregateRangeWitness,
  },
};

#[test]
fn test_aggregate_range_proof() {
  let mut verifier = BatchVerifier::new(16);
  for m in 1 ..= 16 {
    let mut commitments = vec![];
    for _ in 0 .. m {
      commitments.push(Commitment::new(*Scalar::random(&mut OsRng), OsRng.next_u64()));
    }
    let commitment_points = commitments.iter().map(|com| EdwardsPoint(com.calculate())).collect();
    let statement = AggregateRangeStatement::new(commitment_points).unwrap();
    let witness = AggregateRangeWitness::new(&commitments).unwrap();

    let proof = statement.clone().prove(&mut OsRng, witness).unwrap();
    statement.verify(&mut OsRng, &mut verifier, (), proof);
  }
  assert!(verifier.verify_vartime());
}
Use FCMP implementation of BP+ in monero-serai (#344) * Add in an implementation of BP+ based off the paper, intended for clarity and review This was done as part of my work on FCMPs from Monero, and is copied from https://github.com/kayabaNerve/full-chain-membership-proofs * Remove crate structure of BP+ * Remove arithmetic circuit code * Remove AC/VC generators code * Remove generator transcript Monero uses non-transcripted static generators. * Further trimming of generators * Remove the single range proof It's unused by Monero and accordingly unhelpful. * Work on getting BP+ to compile in its new env * Correct BP+ folder name * Further tweaks to get closer to compiling * Remove the ScalarMatrix file It's only used for AC proofs * Compiles, with tests passing * Lock BP+ to Ed25519 instead of the generic Ciphersuite * Resolve most warnings in BP+ * Make existing bulletproofs test easier to read * Further strip generators * Swap G/H as Monero did * Replace RangeCommitment with Commitment * Hard-code BP+ h to Ed25519's generator * Use pub(crate) for BP+, not pub * Replace initial_transcript with hash_plus * Rename hash_plus to initial_transcript * Finish integrating the FCMP BP+ impl * Move BP+ folder * Correct no-std support * Rename "long_n" to eta * Add note on non-prime order dfg points 2023-08-27 15:33:17 -04:00			`use rand_core::{RngCore, OsRng};`

			`use multiexp::BatchVerifier;`
			`use group::ff::Field;`
			`use dalek_ff_group::{Scalar, EdwardsPoint};`

			`use crate::{`
			`Commitment,`
			`ringct::bulletproofs::plus::aggregate_range_proof::{`
			`AggregateRangeStatement, AggregateRangeWitness,`
			`},`
			`};`

			`#[test]`
			`fn test_aggregate_range_proof() {`
			`let mut verifier = BatchVerifier::new(16);`
			`for m in 1 ..= 16 {`
			`let mut commitments = vec![];`
			`for _ in 0 .. m {`
			`commitments.push(Commitment::new(*Scalar::random(&mut OsRng), OsRng.next_u64()));`
			`}`
			`let commitment_points = commitments.iter().map(\|com\| EdwardsPoint(com.calculate())).collect();`
			`let statement = AggregateRangeStatement::new(commitment_points).unwrap();`
			`let witness = AggregateRangeWitness::new(&commitments).unwrap();`

			`let proof = statement.clone().prove(&mut OsRng, witness).unwrap();`
			`statement.verify(&mut OsRng, &mut verifier, (), proof);`
			`}`
			`assert!(verifier.verify_vartime());`
			`}`