Skip to content

Commit

Permalink
conceal binding_sig_r and hints of shielded ptx when tx is balances
Browse files Browse the repository at this point in the history
  • Loading branch information
XuyangSong committed Oct 25, 2023
1 parent 9801cdb commit b9729aa
Show file tree
Hide file tree
Showing 8 changed files with 72 additions and 32 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
// Create the final transaction
let shielded_tx_bundle = ShieldedPartialTxBundle::new(vec![ptx_1, ptx_2]);
let transparent_ptx_bundle = TransparentPartialTxBundle::default();
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle).unwrap()
}

#[test]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
// Solver creates the final transaction
let shielded_tx_bundle = ShieldedPartialTxBundle::new(vec![alice_ptx, bob_ptx, solver_ptx]);
let transparent_ptx_bundle = TransparentPartialTxBundle::default();
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle).unwrap()
}

#[test]
Expand Down
2 changes: 1 addition & 1 deletion taiga_halo2/examples/tx_examples/token_swap_with_intent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ pub fn create_token_swap_intent_transaction<R: RngCore + CryptoRng>(mut rng: R)
// Solver creates the final transaction
let shielded_tx_bundle = ShieldedPartialTxBundle::new(vec![alice_ptx, bob_ptx, solver_ptx]);
let transparent_ptx_bundle = TransparentPartialTxBundle::default();
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle).unwrap()
}

#[test]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
// Solver creates the final transaction
let shielded_tx_bundle = ShieldedPartialTxBundle::new(vec![alice_ptx, bob_ptx, carol_ptx]);
let transparent_ptx_bundle = TransparentPartialTxBundle::default();
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle).unwrap()
}

#[test]
Expand Down
5 changes: 5 additions & 0 deletions taiga_halo2/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ pub enum TransactionError {
MissingTransparentResourceNullifierKey,
/// Transparent resource merkle path is missing
MissingTransparentResourceMerklePath,
/// Shielded partial Tx binding signature r is missing
MissingPartialTxBindingSignatureR,
}

impl Display for TransactionError {
Expand All @@ -47,6 +49,9 @@ impl Display for TransactionError {
MissingTransparentResourceMerklePath => {
f.write_str("Transparent resource merkle path is missing")
}
MissingPartialTxBindingSignatureR => {
f.write_str("Shielded partial Tx binding signature r is missing")
}
}
}
}
Expand Down
51 changes: 37 additions & 14 deletions taiga_halo2/src/shielded_ptx.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ pub struct ShieldedPartialTransaction {
actions: [ActionVerifyingInfo; NUM_NOTE],
inputs: [NoteVPVerifyingInfoSet; NUM_NOTE],
outputs: [NoteVPVerifyingInfoSet; NUM_NOTE],
binding_sig_r: pallas::Scalar,
binding_sig_r: Option<pallas::Scalar>,
hints: Vec<u8>,
}

Expand Down Expand Up @@ -68,7 +68,7 @@ struct ShieldedPartialTransactionProxy {
actions: Vec<ActionVerifyingInfo>,
inputs: Vec<NoteVPVerifyingInfoSet>,
outputs: Vec<NoteVPVerifyingInfoSet>,
binding_sig_r: pallas::Scalar,
binding_sig_r: Option<pallas::Scalar>,
hints: Vec<u8>,
}

Expand Down Expand Up @@ -102,7 +102,7 @@ impl ShieldedPartialTransaction {
actions: actions.try_into().unwrap(),
inputs: inputs.try_into().unwrap(),
outputs: outputs.try_into().unwrap(),
binding_sig_r: rcv_sum,
binding_sig_r: Some(rcv_sum),
hints,
}
}
Expand Down Expand Up @@ -146,7 +146,7 @@ impl ShieldedPartialTransaction {
actions: actions.try_into().unwrap(),
inputs: inputs.try_into().unwrap(),
outputs: outputs.try_into().unwrap(),
binding_sig_r: rcv_sum,
binding_sig_r: Some(rcv_sum),
hints,
}
}
Expand Down Expand Up @@ -245,13 +245,18 @@ impl ShieldedPartialTransaction {
}
}

pub fn get_binding_sig_r(&self) -> pallas::Scalar {
pub fn get_binding_sig_r(&self) -> Option<pallas::Scalar> {
self.binding_sig_r
}

pub fn get_hints(&self) -> Vec<u8> {
self.hints.clone()
}

pub fn clean_private_info(&mut self) {
self.binding_sig_r = None;
self.hints = vec![];
}
}

impl ShieldedPartialTransactionProxy {
Expand Down Expand Up @@ -309,6 +314,7 @@ impl Executable for ShieldedPartialTransaction {
#[cfg(feature = "borsh")]
impl BorshSerialize for ShieldedPartialTransaction {
fn serialize<W: std::io::Write>(&self, writer: &mut W) -> std::io::Result<()> {
use byteorder::WriteBytesExt;
for action in self.actions.iter() {
action.serialize(writer)?;
}
Expand All @@ -321,7 +327,16 @@ impl BorshSerialize for ShieldedPartialTransaction {
output.serialize(writer)?;
}

writer.write_all(&self.binding_sig_r.to_repr())?;
// Write binding_sig_r
match self.binding_sig_r {
None => {
writer.write_u8(0)?;
}
Some(r) => {
writer.write_u8(1)?;
writer.write_all(&r.to_repr())?;
}
};

self.hints.serialize(writer)?;

Expand All @@ -332,6 +347,7 @@ impl BorshSerialize for ShieldedPartialTransaction {
#[cfg(feature = "borsh")]
impl BorshDeserialize for ShieldedPartialTransaction {
fn deserialize_reader<R: std::io::Read>(reader: &mut R) -> std::io::Result<Self> {
use byteorder::ReadBytesExt;
let actions: Vec<_> = (0..NUM_NOTE)
.map(|_| ActionVerifyingInfo::deserialize_reader(reader))
.collect::<Result<_, _>>()?;
Expand All @@ -341,14 +357,21 @@ impl BorshDeserialize for ShieldedPartialTransaction {
let outputs: Vec<_> = (0..NUM_NOTE)
.map(|_| NoteVPVerifyingInfoSet::deserialize_reader(reader))
.collect::<Result<_, _>>()?;
let binding_sig_r_bytes = <[u8; 32]>::deserialize_reader(reader)?;
let binding_sig_r = Option::from(pallas::Scalar::from_repr(binding_sig_r_bytes))
.ok_or_else(|| {
std::io::Error::new(
std::io::ErrorKind::InvalidData,
"binding_sig_r not in field",
)
})?;
let binding_sig_r_type = reader.read_u8()?;
let binding_sig_r = if binding_sig_r_type == 0 {
None
} else {
let binding_sig_r_bytes = <[u8; 32]>::deserialize_reader(reader)?;
let r =
Option::from(pallas::Scalar::from_repr(binding_sig_r_bytes)).ok_or_else(|| {
std::io::Error::new(
std::io::ErrorKind::InvalidData,
"binding_sig_r not in field",
)
})?;
Some(r)
};

let hints = Vec::<u8>::deserialize_reader(reader)?;
Ok(ShieldedPartialTransaction {
actions: actions.try_into().unwrap(),
Expand Down
8 changes: 4 additions & 4 deletions taiga_halo2/src/taiga_api.rs
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
#[cfg(feature = "borsh")]
use crate::{
action::ActionInfo, circuit::vp_bytecode::ApplicationByteCode, error::TransactionError,
transaction::TransactionResult,
action::ActionInfo, circuit::vp_bytecode::ApplicationByteCode, transaction::TransactionResult,
};
use crate::{
error::TransactionError,
note::{Note, RandomSeed},
nullifier::{Nullifier, NullifierKeyContainer},
shielded_ptx::ShieldedPartialTransaction,
Expand Down Expand Up @@ -133,7 +133,7 @@ pub fn note_deserialize(bytes: Vec<u8>) -> std::io::Result<Note> {
/// | output2 static vp proof | VPVerifyingInfo | 158216 |
/// | output2 dynamic vp num(by borsh) | u32 | 4 |
/// | output2 dynamic vp proofs | VPVerifyingInfo | 158216 * num |
/// | binding_sig_r | pallas::Scalar | 32 |
/// | binding_sig_r | Option<pallas::Scalar>| 1 or (1 + 32) |
/// | hints | Vec<u8> | - |
///
/// Note: Ultimately, vp proofs won't go to the ptx. It's verifier proofs instead.
Expand Down Expand Up @@ -191,7 +191,7 @@ pub fn create_transaction(
shielded_ptxs: Vec<ShieldedPartialTransaction>,
// TODO: add transparent_ptxs
// transparent_ptxs: Vec<TransparentPartialTransaction>,
) -> Transaction {
) -> Result<Transaction, TransactionError> {
let rng = OsRng;
let shielded_ptx_bundle = ShieldedPartialTxBundle::new(shielded_ptxs);
// empty transparent_ptx_bundle
Expand Down
32 changes: 22 additions & 10 deletions taiga_halo2/src/transaction.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,21 @@ impl Transaction {
// Generate the transaction
pub fn build<R: RngCore + CryptoRng>(
rng: R,
shielded_ptx_bundle: ShieldedPartialTxBundle,
mut shielded_ptx_bundle: ShieldedPartialTxBundle,
transparent_ptx_bundle: TransparentPartialTxBundle,
) -> Self {
) -> Result<Self, TransactionError> {
assert!(!(shielded_ptx_bundle.is_empty() && transparent_ptx_bundle.is_empty()));
let shielded_sk = shielded_ptx_bundle.get_bindig_sig_r();
let shielded_sk = shielded_ptx_bundle.get_binding_sig_r()?;
let binding_sk = BindingSigningKey::from(shielded_sk);
let sig_hash = Self::digest(&shielded_ptx_bundle, &transparent_ptx_bundle);
let signature = binding_sk.sign(rng, &sig_hash);
shielded_ptx_bundle.clean_private_info();

Self {
Ok(Self {
shielded_ptx_bundle,
transparent_ptx_bundle,
signature,
}
})
}

#[allow(clippy::type_complexity)]
Expand Down Expand Up @@ -216,10 +217,21 @@ impl ShieldedPartialTxBundle {
self.0.is_empty()
}

pub fn get_bindig_sig_r(&self) -> pallas::Scalar {
self.0.iter().fold(pallas::Scalar::zero(), |acc, ptx| {
acc + ptx.get_binding_sig_r()
})
pub fn get_binding_sig_r(&self) -> Result<pallas::Scalar, TransactionError> {
let mut sum = pallas::Scalar::zero();
for ptx in self.0.iter() {
if let Some(r) = ptx.get_binding_sig_r() {
sum += r;
} else {
return Err(TransactionError::MissingPartialTxBindingSignatureR);
}
}

Ok(sum)
}

pub fn clean_private_info(&mut self) {
self.0.iter_mut().for_each(|ptx| ptx.clean_private_info());
}

pub fn new(partial_txs: Vec<ShieldedPartialTransaction>) -> Self {
Expand Down Expand Up @@ -342,7 +354,7 @@ pub mod testing {

let shielded_ptx_bundle = create_shielded_ptx_bundle(1);
let transparent_ptx_bundle = create_transparent_ptx_bundle(1);
let tx = Transaction::build(rng, shielded_ptx_bundle, transparent_ptx_bundle);
let tx = Transaction::build(rng, shielded_ptx_bundle, transparent_ptx_bundle).unwrap();
let _ret = tx.execute().unwrap();

#[cfg(feature = "borsh")]
Expand Down

0 comments on commit b9729aa

Please sign in to comment.