Fix serialization

This enabled getting the proof sizes, which are: - ConciseLinear had a proof size of 44607 bytes - CompromiseLinear had a proof size of 48765 bytes - ClassicLinear had a proof size of 56829 bytes - EfficientLinear had a proof size of 65145 byte
2025-12-10 05:09:22 +00:00 · 2022-07-07 08:46:11 -04:00
parent c3a0e0375d
commit 4dbf50243b
5 changed files with 26 additions and 10 deletions
--- a/crypto/dleq/src/cross_group/aos.rs
+++ b/crypto/dleq/src/cross_group/aos.rs
@@ -195,6 +195,7 @@ impl<

  #[cfg(feature = "serialize")]
  pub(crate) fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {
+    #[allow(non_snake_case)]
    match self.Re_0 {
      Re::R(R0, R1) => {
        w.write_all(R0.to_bytes().as_ref())?;
@@ -211,6 +212,7 @@ impl<
    Ok(())
  }

+  #[allow(non_snake_case)]
  #[cfg(feature = "serialize")]
  pub(crate) fn deserialize<R: Read>(r: &mut R, mut Re_0: Re<G0, G1>) -> std::io::Result<Self> {
    match Re_0 {
--- a/crypto/dleq/src/cross_group/bits.rs
+++ b/crypto/dleq/src/cross_group/bits.rs
@@ -165,6 +165,11 @@ impl<

  #[cfg(feature = "serialize")]
  pub(crate) fn deserialize<R: Read>(r: &mut R) -> std::io::Result<Self> {
-    Ok(Bits { commitments: (read_point(r)?, read_point(r)?), signature: Aos::deserialize(r)? })
+    Ok(
+      Bits {
+        commitments: (read_point(r)?, read_point(r)?),
+        signature: Aos::deserialize(r, BitSignature::from(SIGNATURE).aos_form())?
+      }
+    )
  }
 }
--- a/crypto/dleq/src/cross_group/mod.rs
+++ b/crypto/dleq/src/cross_group/mod.rs
@@ -63,7 +63,7 @@ pub struct DLEqProof<
 }

 macro_rules! dleq {
-  ($name: ident, $signature: expr, $remainder: expr) => {
+  ($name: ident, $signature: expr, $remainder: literal) => {
    pub type $name<G0, G1> = DLEqProof<
      G0,
      G1,
@@ -81,10 +81,12 @@ macro_rules! dleq {
 // bit and removing a hash while slightly reducing challenge security. This security reduction is
 // already applied to the scalar being proven for, a result of the requirement it's mutually valid
 // over both scalar fields, hence its application here as well. This is mainly here as a point of
-// reference for the following DLEq proofs, all which use merged challenges
+// reference for the following DLEq proofs, all which use merged challenges, and isn't performant
+// in comparison to the others
 dleq!(ClassicLinearDLEq, BitSignature::ClassicLinear, false);

 // Proves for 2-bits at a time to save 3/7 elements of every other bit
+// <9% smaller than CompromiseLinear, yet ~12% slower
 dleq!(ConciseLinearDLEq, BitSignature::ConciseLinear, true);

 // Uses AOS signatures of the form R, s, to enable the final step of the ring signature to be
@@ -94,6 +96,7 @@ dleq!(EfficientLinearDLEq, BitSignature::EfficientLinear, false);
 // Proves for 2-bits at a time while using the R, s form. This saves 3/7 elements of every other
 // bit, while adding 1 element to every bit, and is more efficient than ConciseLinear yet less
 // efficient than EfficientLinear due to having more ring signature steps which aren't batched
+// >25% smaller than EfficientLinear and just 11% slower, making it the recommended option
 dleq!(CompromiseLinearDLEq, BitSignature::CompromiseLinear, true);

 impl<