Skip to content

Add Arkworks crate support #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Add Arkworks crate support #2

Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
2d56fb3
upd deps
juja256 Mar 25, 2025
3fa566f
add arkworks compability
juja256 Mar 26, 2025
f64aaec
fix strange ark_ff bug with from_random_bytes
juja256 Jul 9, 2025
f575080
fix: `serialize_uncompressed` -> `serialize_compressed` in ordinary p…
Arniiiii Aug 20, 2025
0f74e69
added one necessary for compilation import and removed ton of unused …
Arniiiii Aug 20, 2025
2d65a60
Removed ~~dead~~ commented code
Arniiiii Aug 26, 2025
95a2752
Removed commented test
Arniiiii Aug 26, 2025
70f3dff
Tests: secp256k1 -> xsk233_ark
Arniiiii Aug 26, 2025
6728a71
Remove unnecessary generic in prover/verifier structure
Nazarevsky Aug 26, 2025
8533cd8
Remove unnecessary generic in BatchedVerifier structure, update bench…
Nazarevsky Aug 26, 2025
5549b6a
Apply clippy and fmt
Nazarevsky Aug 26, 2025
35d8a52
Remove name
Nazarevsky Aug 26, 2025
83f3155
Apply formatting, fix comments, remove unused crates
Nazarevsky Aug 27, 2025
2abdba7
Add transcript comparison tests
Nazarevsky Aug 29, 2025
4018d30
Bring test back, apply formatting
Nazarevsky Sep 1, 2025
c5b9bbc
Fix doc formatting
Nazarevsky Sep 1, 2025
ef7d193
Remove commented imports
Nazarevsky Sep 1, 2025
b561de7
Change xsk233-ark to ark_xsk233
Nazarevsky Sep 1, 2025
fde37e7
Make transcript be mut in prover and verifier instances
Nazarevsky Sep 3, 2025
027d157
Fix mutable transcript
Nazarevsky Sep 4, 2025
deb0d53
Added transcript sync test (#3)
Arniiiii Sep 8, 2025
28e4b20
Resolve comments, apply formatting
Nazarevsky Sep 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
target/
**/*.rs.bk
Cargo.lock
.idea
29 changes: 16 additions & 13 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,14 @@ name = "zkp"
# - update CHANGELOG
# - update html_root_url
# - update README if required by semver
version = "0.8.0"
version = "0.9.0"
authors = ["Henry de Valence <hdevalence@hdevalence.ca>"]
edition = "2018"
license = "CC0-1.0"
readme = "README.md"
repository = "https://github.com/zkcrypto/zkp"
documentation = "https://docs.rs/zkp"
categories = ["cryptography"]
keywords = ["cryptography", "ristretto", "zero-knowledge", "NIZK", "compiler"]
keywords = ["cryptography", "xsk233", "zero-knowledge", "NIZK", "compiler"]
description = "A toolkit for auto-generated implementations of Schnorr proofs"
exclude = [
".gitignore"
Expand All @@ -22,23 +21,27 @@ exclude = [
features = ["nightly"]

[dependencies]
merlin = "2"
rand = "0.7"
serde = "1"
merlin = "3.0.0"
rand = "0.8.5"
serde = { version = "1.0", features = ["derive"] }
serde_derive = "1"
thiserror = "1"
thiserror = "2.0.12"
# Disable default features to deselect a backend, then select one below
curve25519-dalek = { package = "curve25519-dalek-ng", version = "3", default-features = false, features = ["serde", "std"] }
ark-ec = "0.5.0"
ark-serialize = "0.5.0"
ark-std = "0.5.0"
ark-ff = "0.5.0"

[dev-dependencies]
bincode = "1"
sha2 = "0.9"
sha2 = "0.10.8"
ark-xsk233 = { version="0.1.0", git = "https://github.com/distributed-lab/ark-xsk233.git", branch = "fix/for_zkp" }

[features]
nightly = ["curve25519-dalek/nightly"]
nightly = []
debug-transcript = ["merlin/debug-transcript"]
bench = []
default = ["u64_backend"]
u32_backend = ["curve25519-dalek/u32_backend"]
u64_backend = ["curve25519-dalek/u64_backend"]
simd_backend = ["curve25519-dalek/simd_backend"]
u32_backend = []
u64_backend = []
simd_backend = []
12 changes: 3 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# zkp: a toolkit for Schnorr proofs

This crate has a toolkit for Schnorr-style zero-knowledge proofs,
instantiated using the ristretto255 group.
instantiated using arbitrary elliptic curve group built with [arkworks]
(original package uses only xsk233 group).

It provides two levels of API:

Expand Down Expand Up @@ -64,14 +65,6 @@ extern crate zkp;
The `nightly` feature enables nightly-specific features. It is required
to build the documentation.

#### Backend selection

`zkp` provides the following pass-through features to select a
`curve25519-dalek` backend:

* `u32_backend`
* `u64_backend`
* `simd_backend`

#### Transcript debugging

Expand Down Expand Up @@ -99,5 +92,6 @@ While I expect the 1.0 version to be largely unchanged from the current
code, for now there are no stability guarantees on the proofs, so they
should not yet be deployed.

[arkworks]: https://arkworks.rs/
[bellman]: https://github.com/zkcrypto/bellman
[merlin_blog]: https://medium.com/@hdevalence/merlin-flexible-composable-transcripts-for-zero-knowledge-proofs-28d9fda22d9a
108 changes: 56 additions & 52 deletions benches/dleq.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
#![allow(non_snake_case)]

extern crate bincode;
extern crate curve25519_dalek;
extern crate serde;
#[macro_use]
extern crate serde_derive;
Expand All @@ -22,15 +21,18 @@ extern crate sha2;
extern crate zkp;

extern crate test;
use ark_ec::{AffineRepr, CurveGroup};
use ark_std::UniformRand;
use rand::thread_rng;
use test::Bencher;

use self::sha2::Sha512;
use ark_xsk233::affine::{Xsk233Affine as G1Affine, Xsk233Affine};
use ark_xsk233::xsk233::Fr;

use curve25519_dalek::constants as dalek_constants;
use curve25519_dalek::ristretto::RistrettoPoint;
use curve25519_dalek::scalar::Scalar;

use zkp::toolbox::{batch_verifier::BatchVerifier, prover::Prover, verifier::Verifier, SchnorrCS};
use zkp::toolbox::{
batch_verifier::BatchVerifier, prover::Prover, verifier::Verifier, SchnorrCS,
TranscriptProtocol,
};
use zkp::Transcript;

#[allow(non_snake_case)]
Expand All @@ -48,16 +50,17 @@ fn dleq_statement<CS: SchnorrCS>(

#[bench]
fn create_compact_dleq(b: &mut Bencher) {
let G = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::<Sha512>(G.compress().as_bytes());
let G = G1Affine::generator();
let H = G1Affine::rand(&mut thread_rng());

let x = Scalar::from(89327492234u64);
let A = G * x;
let B = H * x;
let x = Fr::from(89327492234u64);
let A = (G * x).into_affine();
let B = (H * x).into_affine();

b.iter(|| {
let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
let mut prover: Prover<Xsk233Affine, Transcript, _> =
Prover::new(b"DLEQProof", &mut transcript);

let var_x = prover.allocate_scalar(b"x", x);
let (var_G, _) = prover.allocate_point(b"G", G);
Expand All @@ -73,17 +76,18 @@ fn create_compact_dleq(b: &mut Bencher) {

#[bench]
fn verify_compact_dleq(b: &mut Bencher) {
let G = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::<Sha512>(G.compress().as_bytes());
let G = G1Affine::generator();
let H = G1Affine::rand(&mut thread_rng());

let (proof, cmpr_A, cmpr_B) = {
let x = Scalar::from(89327492234u64);
let x = Fr::from(89327492234u64);

let A = G * x;
let B = H * x;
let A = (G * x).into_affine();
let B = (H * x).into_affine();

let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
let mut prover: Prover<Xsk233Affine, Transcript, _> =
Prover::new(b"DLEQProof", &mut transcript);

// XXX committing var names to transcript forces ordering (?)
let var_x = prover.allocate_scalar(b"x", x);
Expand All @@ -97,16 +101,14 @@ fn verify_compact_dleq(b: &mut Bencher) {
(prover.prove_compact(), cmpr_A, cmpr_B)
};

let cmpr_G = G.compress();
let cmpr_H = H.compress();

b.iter(|| {
let mut transcript = Transcript::new(b"DLEQTest");
let mut verifier = Verifier::new(b"DLEQProof", &mut transcript);
let mut verifier: Verifier<Xsk233Affine, Transcript, _> =
Verifier::new(b"DLEQProof", &mut transcript);

let var_x = verifier.allocate_scalar(b"x");
let var_G = verifier.allocate_point(b"G", cmpr_G).unwrap();
let var_H = verifier.allocate_point(b"H", cmpr_H).unwrap();
let var_G = verifier.allocate_point(b"G", G).unwrap();
let var_H = verifier.allocate_point(b"H", H).unwrap();
let var_A = verifier.allocate_point(b"A", cmpr_A).unwrap();
let var_B = verifier.allocate_point(b"B", cmpr_B).unwrap();

Expand All @@ -118,16 +120,17 @@ fn verify_compact_dleq(b: &mut Bencher) {

#[bench]
fn create_batchable_dleq(b: &mut Bencher) {
let G = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::<Sha512>(G.compress().as_bytes());
let G = G1Affine::generator();
let H = G1Affine::rand(&mut thread_rng());

let x = Scalar::from(89327492234u64);
let A = G * x;
let B = H * x;
let x = Fr::from(89327492234u64);
let A = (G * x).into_affine();
let B = (H * x).into_affine();

b.iter(|| {
let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
let mut prover: Prover<Xsk233Affine, Transcript, _> =
Prover::new(b"DLEQProof", &mut transcript);

let var_x = prover.allocate_scalar(b"x", x);
let (var_G, _) = prover.allocate_point(b"G", G);
Expand All @@ -143,17 +146,18 @@ fn create_batchable_dleq(b: &mut Bencher) {

#[bench]
fn verify_batchable_dleq(b: &mut Bencher) {
let G = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::<Sha512>(G.compress().as_bytes());
let G = G1Affine::generator();
let H = G1Affine::rand(&mut thread_rng());

let (proof, cmpr_A, cmpr_B) = {
let x = Scalar::from(89327492234u64);
let x = Fr::from(89327492234u64);

let A = G * x;
let B = H * x;
let A = (G * x).into_affine();
let B = (H * x).into_affine();

let mut transcript = Transcript::new(b"DLEQTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
let mut prover: Prover<Xsk233Affine, Transcript, _> =
Prover::new(b"DLEQProof", &mut transcript);

let var_x = prover.allocate_scalar(b"x", x);
let (var_G, _) = prover.allocate_point(b"G", G);
Expand All @@ -166,16 +170,14 @@ fn verify_batchable_dleq(b: &mut Bencher) {
(prover.prove_batchable(), cmpr_A, cmpr_B)
};

let cmpr_G = G.compress();
let cmpr_H = H.compress();

b.iter(|| {
let mut transcript = Transcript::new(b"DLEQTest");
let mut verifier = Verifier::new(b"DLEQProof", &mut transcript);
let mut verifier: Verifier<Xsk233Affine, Transcript, _> =
Verifier::new(b"DLEQProof", &mut transcript);

let var_x = verifier.allocate_scalar(b"x");
let var_G = verifier.allocate_point(b"G", cmpr_G).unwrap();
let var_H = verifier.allocate_point(b"H", cmpr_H).unwrap();
let var_G = verifier.allocate_point(b"G", G).unwrap();
let var_H = verifier.allocate_point(b"H", H).unwrap();
let var_A = verifier.allocate_point(b"A", cmpr_A).unwrap();
let var_B = verifier.allocate_point(b"B", cmpr_B).unwrap();

Expand All @@ -186,22 +188,23 @@ fn verify_batchable_dleq(b: &mut Bencher) {
}

fn batch_verify_batchable_dleq_helper(batch_size: usize, b: &mut Bencher) {
let G = dalek_constants::RISTRETTO_BASEPOINT_POINT;
let H = RistrettoPoint::hash_from_bytes::<Sha512>(G.compress().as_bytes());
let G = G1Affine::generator();
let H = G1Affine::rand(&mut thread_rng());

let mut proofs = Vec::new();
let mut cmpr_As = Vec::new();
let mut cmpr_Bs = Vec::new();

for j in 0..batch_size {
let (proof, cmpr_A, cmpr_B) = {
let x = Scalar::from((j as u64) + 89327492234u64);
let x = Fr::from((j as u64) + 89327492234u64);

let A = G * x;
let B = H * x;
let A = (G * x).into_affine();
let B = (H * x).into_affine();

let mut transcript = Transcript::new(b"DLEQBatchTest");
let mut prover = Prover::new(b"DLEQProof", &mut transcript);
let mut prover: Prover<Xsk233Affine, Transcript, _> =
Prover::new(b"DLEQProof", &mut transcript);

// XXX committing var names to transcript forces ordering (?)
let var_x = prover.allocate_scalar(b"x", x);
Expand All @@ -222,11 +225,12 @@ fn batch_verify_batchable_dleq_helper(batch_size: usize, b: &mut Bencher) {
b.iter(|| {
let mut transcripts = vec![Transcript::new(b"DLEQBatchTest"); batch_size];
let transcript_refs = transcripts.iter_mut().collect();
let mut verifier = BatchVerifier::new(b"DLEQProof", batch_size, transcript_refs).unwrap();
let mut verifier: BatchVerifier<Xsk233Affine, Transcript, _> =
BatchVerifier::new(b"DLEQProof", batch_size, transcript_refs).unwrap();

let var_x = verifier.allocate_scalar(b"x");
let var_G = verifier.allocate_static_point(b"G", G.compress()).unwrap();
let var_H = verifier.allocate_static_point(b"H", H.compress()).unwrap();
let var_G = verifier.allocate_static_point(b"G", G).unwrap();
let var_H = verifier.allocate_static_point(b"H", H).unwrap();
let var_A = verifier
.allocate_instance_point(b"A", cmpr_As.clone())
.unwrap();
Expand Down
1 change: 0 additions & 1 deletion benches/zkp.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
#![feature(test)]

extern crate bincode;
extern crate curve25519_dalek;
extern crate serde;
#[macro_use]
extern crate serde_derive;
Expand Down
11 changes: 5 additions & 6 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@

extern crate serde;

#[doc(hidden)]
#[macro_use]
pub extern crate serde_derive;
#[doc(hidden)]
pub extern crate curve25519_dalek;
#[doc(hidden)]
pub extern crate merlin;
#[doc(hidden)]
pub extern crate rand;
#[doc(hidden)]
pub extern crate serde_derive;

pub extern crate ark_ec;
pub extern crate ark_ff;

pub use merlin::Transcript;

Expand All @@ -45,4 +45,3 @@ pub mod toolbox;

#[macro_use]
mod macros;
pub use crate::macros::*;
Loading