More

brave-experiments · Feb 26, 2024 · 4f5d169 · 4f5d169
1 parent 201ffa2
commit 4f5d169
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 0 deletions.
diff --git a/macros/src/test_pedersen.rs b/macros/src/test_pedersen.rs
@@ -263,6 +263,46 @@ macro_rules! __test_pedersen {
             assert!(!proof.verify(&mut transcript_f, &c3.comm));
         }
 
+        #[test]
+        fn test_pedersen_opening_multi_comm() {
+            // Test that the opening proof with multi commitments goes through.
+            let label = b"PedersenOpenMulti";
+
+            let b = SF::rand(&mut OsRng);
+            let c = SF::rand(&mut OsRng);
+            let d = SF::rand(&mut OsRng);
+            let mut vals: Vec<SF> = Vec::new();
+            vals.push(b);
+            vals.push(c);
+            vals.push(d);
+
+            let a = SF::rand(&mut OsRng);
+            let c1: PC = PC::new_multi(vals, &mut OsRng);
+            let mut transcript = Transcript::new(label);
+
+            let proof = OP::create(&mut transcript, &mut OsRng, &a, &c1);
+            assert!(proof.alpha.is_on_curve());
+
+            // Now check that the proof verifies correctly.
+            let mut transcript_v = Transcript::new(label);
+            assert!(proof.verify(&mut transcript_v, &c1.comm));
+
+            // Now check that an unrelated commitment would fail.
+            // Alternatively, check that a different proof would fail.
+            //let mut b = SF::rand(&mut OsRng);
+
+            //loop {
+            //    if b != a {
+            //        break;
+            //    }
+            //    b = SF::rand(&mut OsRng);
+            //}
+
+            //let c3: PC = PC::new(b, &mut OsRng);
+            //let mut transcript_f = Transcript::new(label);
+            //assert!(!proof.verify(&mut transcript_f, &c3.comm));
+        }
+
         #[test]
         fn test_pedersen_opening_other_challenge() {
             // Test that the proof fails if the wrong challenge is used.

diff --git a/pedersen/src/pedersen_config.rs b/pedersen/src/pedersen_config.rs
@@ -390,6 +390,20 @@ impl<P: PedersenConfig> PedersenComm<P> {
         Self::new_with_generators(x, rng, &<P as SWCurveConfig>::GENERATOR, &P::GENERATOR2)
     }
 
+    /// new_multi. This function accepts various ScalarField elements `val` and an rng, returning a Pedersen Commitment
+    /// to `vals`.
+    /// # Arguments
+    /// * `vals` - the values that are committed to.
+    /// * `rng` - the random number generator used to produce the randomness. Must be cryptographically
+    /// secure.
+    /// Returns a new Pedersen Commitment to `x`.
+    pub fn new_multi<T: RngCore + CryptoRng>(
+        vals: Vec<<P as CurveConfig>::ScalarField>,
+        rng: &mut T,
+    ) -> Self {
+        Self::new_multi_with_generators(vals, rng, &<P as SWCurveConfig>::GENERATOR, &P::GENERATOR2)
+    }
+
     /// new_with_generator. This function accepts a ScalarField element `x`, an `rng`,
     /// and two generators (`g`, `q`) and returns a Pedersen Commitment C = xg + rq. Here `r` is
     /// the produced randomness.
@@ -416,6 +430,37 @@ impl<P: PedersenConfig> PedersenComm<P> {
         }
     }
 
+    /// new_multi_with_generator. This function accepts a list of ScalarField elements `val`, an `rng`,
+    /// and two generators (`g`, `q`) and returns a Pedersen Commitment C = valsg + rq. Here `r` is
+    /// the produced randomness.
+    /// # Arguments
+    /// * `vals` - the values that are committed to.
+    /// * `rng` - the random number generator used to produce the randomness. Must be cryptographically
+    /// secure.
+    /// * `g` - a generator of `P`'s scalar field.
+    /// * `q` - a distinct generator of `P`'s scalar field.
+    /// Returns a new commitment to `x`.
+    pub fn new_multi_with_generators<T: RngCore + CryptoRng>(
+        vals: Vec<<P as CurveConfig>::ScalarField>,
+        rng: &mut T,
+        g: &sw::Affine<P>,
+        q: &sw::Affine<P>,
+    ) -> Self {
+        // Returns a new pedersen commitment using fixed generators.
+        // N.B First check that `g != q`.
+        assert!(g != q);
+        let r = <P as CurveConfig>::ScalarField::rand(rng);
+
+        let mut total = P::CP1;
+        for i in vals {
+            total += i
+        }
+        Self {
+            comm: (g.mul(total) + q.mul(r)).into_affine(),
+            r,
+        }
+    }
+
     /// new_with_both. This function returns a new Pedersen Commitment to `x` with randomness
     /// `r` (i.e the commitment is C = xg + rq, where `g` and `q` are pre-defined generators.
     /// # Arguments
@@ -431,4 +476,26 @@ impl<P: PedersenConfig> PedersenComm<P> {
             r,
         }
     }
+
+    /// new_multi_with_both. This function returns a new Pedersen Commitment to `vals` with randomness
+    /// `r` (i.e the commitment is C = valsg + rq, where `g` and `q` are pre-defined generators.
+    /// # Arguments
+    /// * `vals` - the values that are being committed to.
+    /// * `r` - the randomness to use.
+    /// Returns a new commitment to `x`.
+    pub fn new_multi_with_both(
+        vals: Vec<<P as CurveConfig>::ScalarField>,
+        r: <P as CurveConfig>::ScalarField,
+    ) -> Self {
+        let mut total = P::CP1;
+
+        for i in vals {
+            total += i
+        }
+
+        Self {
+            comm: (<P as SWCurveConfig>::GENERATOR.mul(total) + P::GENERATOR2.mul(r)).into_affine(),
+            r,
+        }
+    }
 }