Update the DLEq proof for any amount of generators

The two-generator limit wasn't required nor beneficial. This does theoretically optimize FROST, yet not for any current constructions. A follow up proof which would optimize current constructions has been noted in #38. Adds explicit no_std support to the core DLEq proof. Closes #34.
2025-12-08 12:19:24 +00:00 · 2022-07-13 23:29:48 -04:00
parent 46975812c3
commit 5ede5b9e8f
9 changed files with 110 additions and 105 deletions
--- a/crypto/dleq/src/cross_group/mod.rs
+++ b/crypto/dleq/src/cross_group/mod.rs
@@ -8,8 +8,6 @@ use transcript::Transcript;
 use group::{ff::{Field, PrimeField, PrimeFieldBits}, prime::PrimeGroup};
 use multiexp::BatchVerifier;

-use crate::Generators;
-
 pub mod scalar;
 use scalar::{scalar_convert, mutual_scalar_from_bytes};

@@ -35,6 +33,24 @@ pub(crate) fn read_point<R: Read, G: PrimeGroup>(r: &mut R) -> std::io::Result<G
  Ok(point.unwrap())
 }

+#[derive(Clone, Copy, PartialEq, Eq)]
+pub struct Generators<G: PrimeGroup> {
+  pub primary: G,
+  pub alt: G
+}
+
+impl<G: PrimeGroup> Generators<G> {
+  pub fn new(primary: G, alt: G) -> Generators<G> {
+    Generators { primary, alt }
+  }
+
+  fn transcript<T: Transcript>(&self, transcript: &mut T) {
+    transcript.domain_separate(b"generators");
+    transcript.append_message(b"primary", self.primary.to_bytes().as_ref());
+    transcript.append_message(b"alternate", self.alt.to_bytes().as_ref());
+  }
+}
+
 #[derive(Error, PartialEq, Eq, Debug)]
 pub enum DLEqError {
  #[error("invalid proof of knowledge")]