Update the DLEq proof for any amount of generators

The two-generator limit wasn't required nor beneficial. This does theoretically optimize FROST, yet not for any current constructions. A follow up proof which would optimize current constructions has been noted in #38. Adds explicit no_std support to the core DLEq proof. Closes #34.
2025-12-09 12:49:23 +00:00 · 2022-07-13 23:29:48 -04:00
parent 46975812c3
commit 5ede5b9e8f
9 changed files with 110 additions and 105 deletions
--- a/crypto/dleq/src/tests/cross_group/mod.rs
+++ b/crypto/dleq/src/tests/cross_group/mod.rs
@@ -12,10 +12,9 @@ use dalek_ff_group::{self as dfg, EdwardsPoint};
 use transcript::{Transcript, RecommendedTranscript};

 use crate::{
-  Generators,
  cross_group::{
    scalar::mutual_scalar_from_bytes,
-    ClassicLinearDLEq, EfficientLinearDLEq, ConciseLinearDLEq, CompromiseLinearDLEq
+    Generators, ClassicLinearDLEq, EfficientLinearDLEq, ConciseLinearDLEq, CompromiseLinearDLEq
  }
 };

--- a/crypto/dleq/src/tests/mod.rs
+++ b/crypto/dleq/src/tests/mod.rs
@@ -11,33 +11,47 @@ use k256::{Scalar, ProjectivePoint};

 use transcript::{Transcript, RecommendedTranscript};

-use crate::{Generators, DLEqProof};
+use crate::DLEqProof;

 #[test]
 fn test_dleq() {
  let transcript = || RecommendedTranscript::new(b"DLEq Proof Test");

-  let generators = Generators::new(
+  let generators = [
    ProjectivePoint::GENERATOR,
    ProjectivePoint::from_bytes(
      &(hex!("0250929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0").into())
+    ).unwrap(),
+    // Just an increment of the last byte from the previous, where the previous two are valid
+    ProjectivePoint::from_bytes(
+      &(hex!("0250929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac4").into())
+    ).unwrap(),
+    ProjectivePoint::from_bytes(
+      &(hex!("0250929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803aca").into())
+    ).unwrap(),
+    ProjectivePoint::from_bytes(
+      &(hex!("0250929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803acb").into())
    ).unwrap()
-  );
+  ];

-  let key = Scalar::random(&mut OsRng);
-  let proof = DLEqProof::prove(&mut OsRng, &mut transcript(), generators, key);
+  for i in 0 .. 5 {
+    let key = Scalar::random(&mut OsRng);
+    let proof = DLEqProof::prove(&mut OsRng, &mut transcript(), &generators[.. i], key);

-  let keys = (generators.primary * key, generators.alt * key);
-  proof.verify(&mut transcript(), generators, keys).unwrap();
+    let mut keys = [ProjectivePoint::GENERATOR; 5];
+    for k in 0 .. 5 {
+      keys[k] = generators[k] * key;
+    }
+    proof.verify(&mut transcript(), &generators[.. i], &keys[.. i]).unwrap();

-  #[cfg(feature = "serialize")]
-  {
-    let mut buf = vec![];
-    proof.serialize(&mut buf).unwrap();
-    let deserialized = DLEqProof::<ProjectivePoint>::deserialize(
-      &mut std::io::Cursor::new(&buf)
-    ).unwrap();
-    assert_eq!(proof, deserialized);
-    deserialized.verify(&mut transcript(), generators, keys).unwrap();
+    #[cfg(feature = "serialize")]
+    {
+      let mut buf = vec![];
+      proof.serialize(&mut buf).unwrap();
+      let deserialized = DLEqProof::<ProjectivePoint>::deserialize(
+        &mut std::io::Cursor::new(&buf)
+      ).unwrap();
+      assert_eq!(proof, deserialized);
+    }
  }
 }