Implement a DLEq library

While Serai only needs the simple DLEq which was already present under monero, this migrates the implementation of the cross-group DLEq I maintain into Serai. This was to have full access to the ecosystem of libraries built under Serai while also ensuring support for it. The cross_group curve, which is extremely experimental, is feature flagged off. So is the built in serialization functionality, as this should be possible to make nostd once const generics are full featured, yet the implemented serialization adds the additional barrier of std::io.
2025-12-09 04:39:24 +00:00 · 2022-06-30 05:42:29 -04:00
parent 2e168204f0
commit 5d115f1e1c
15 changed files with 854 additions and 111 deletions
--- a/crypto/dleq/src/cross_group/schnorr.rs
+++ b/crypto/dleq/src/cross_group/schnorr.rs
@@ -0,0 +1,71 @@
+use rand_core::{RngCore, CryptoRng};
+
+use transcript::Transcript;
+
+use group::{ff::Field, prime::PrimeGroup};
+
+use crate::challenge;
+
+#[cfg(feature = "serialize")]
+use std::io::{Read, Write};
+#[cfg(feature = "serialize")]
+use ff::PrimeField;
+#[cfg(feature = "serialize")]
+use crate::{read_scalar, cross_group::read_point};
+
+#[allow(non_snake_case)]
+#[derive(Clone, PartialEq, Eq, Debug)]
+pub(crate) struct SchnorrPoK<G: PrimeGroup> {
+  R: G,
+  s: G::Scalar
+}
+
+impl<G: PrimeGroup> SchnorrPoK<G> {
+  // Not hram due to the lack of m
+  #[allow(non_snake_case)]
+  fn hra<T: Transcript>(transcript: &mut T, generator: G, R: G, A: G) -> G::Scalar {
+    transcript.domain_separate(b"schnorr_proof_of_knowledge");
+    transcript.append_message(b"generator", generator.to_bytes().as_ref());
+    transcript.append_message(b"nonce", R.to_bytes().as_ref());
+    transcript.append_message(b"public_key", A.to_bytes().as_ref());
+    challenge(transcript, b"challenge")
+  }
+
+  pub(crate) fn prove<R: RngCore + CryptoRng, T: Transcript>(
+    rng: &mut R,
+    transcript: &mut T,
+    generator: G,
+    private_key: G::Scalar
+  ) -> SchnorrPoK<G> {
+    let nonce = G::Scalar::random(rng);
+    #[allow(non_snake_case)]
+    let R = generator * nonce;
+    SchnorrPoK {
+      R,
+      s: nonce + (private_key * SchnorrPoK::hra(transcript, generator, R, generator * private_key))
+    }
+  }
+
+  #[must_use]
+  pub(crate) fn verify<T: Transcript>(
+    &self,
+    transcript: &mut T,
+    generator: G,
+    public_key: G
+  ) -> bool {
+    (generator * self.s) == (
+      self.R + (public_key * Self::hra(transcript, generator, self.R, public_key))
+    )
+  }
+
+  #[cfg(feature = "serialize")]
+  pub fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {
+    w.write_all(self.R.to_bytes().as_ref())?;
+    w.write_all(self.s.to_repr().as_ref())
+  }
+
+  #[cfg(feature = "serialize")]
+  pub fn deserialize<R: Read>(r: &mut R) -> std::io::Result<SchnorrPoK<G>> {
+    Ok(SchnorrPoK { R: read_point(r)?, s: read_scalar(r)? })
+  }
+}