[crypto] Move Bulletproofs and EC #4035
Merged
+506
−19
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
punwai
commented
Aug 16, 2022
•
punwai
commented
- Introduce a Elliptic Curve library based on the Ristretto-255 group to Move (includes structs for both the group element and the underlying finite-field elements)
- Introduce a native Move implementation of Pedersen Commitments
- Introduce a native Move implementation of Bulletproofs (range proofs)
punwai
requested review from
tharbert,
huitseeker,
Clay-Mysten and
randall-Mysten
as code owners
Clay-Mysten
approved these changes
Aug 16, 2022
kchalkias
requested changes
Aug 16, 2022
punwai
force-pushed
the
bulletproofs
branch
4 times, most recently
from
b75b4ed to
25d1a20
Compare
kchalkias
reviewed
Aug 17, 2022
punwai
force-pushed
the
bulletproofs
branch
2 times, most recently
from
6cd8923 to
a3327ff
Compare
kchalkias
reviewed
Aug 18, 2022
kchalkias
reviewed
Aug 18, 2022
| use smallvec::smallvec; | ||
| use std::collections::VecDeque; | ||
|
|
||
| pub const FAIL_TO_RECOVER_PUBKEY: u64 = 0; | ||
| pub const INVALID_SIGNATURE: u64 = 1; | ||
| pub const INVALID_BULLETPROOF: u64 = 2; | ||
| pub const INVALID_RISTRETTO_GROUP_ELEMENT: u64 = 3; | ||
| pub const INVALID_RISTRETTO_SCALAR: u64 = 5; |
There was a problem hiding this comment.
switch 4 and 5 for readability (the first one to be 4)
| return Ok(NativeResult::err(cost, INVALID_RISTRETTO_GROUP_ELEMENT)); | ||
| }; | ||
|
|
||
| match proof.verify_bit_length(&commitment, bit_length as usize, b"sui") { |
There was a problem hiding this comment.
I'd put `b"sui" as const if possible (not to have it hidden inside the function.
kchalkias
reviewed
Aug 18, 2022
| } | ||
|
|
||
| /// Create a pedersen commitment from two field elements | ||
| public fun create_pedersen_commitment(value: Scalar, blinding_factor: Scalar): RistrettoPoint { |
There was a problem hiding this comment.
Although it's not clear where we need that (because we reveal a blinding factor and in most privacy preserving apps we don't open commitments publicly), I'll approve for now as it might be useful in the future for fraud proofs etc.
There was a problem hiding this comment.
I'll keep this for this PR, but if I can implement the example without this, I'll remove it with the example PR.
punwai
force-pushed
the
bulletproofs
branch
2 times, most recently
from
79442f5 to
7d863aa
Compare
kchalkias
approved these changes
Aug 18, 2022
| } | ||
|
|
||
| // TODO: Add arithmetic for Scalar elements. We just need add, subtract, and multiply. | ||
| // TODO: Add scalar to point multiplication for group elements. |
| pub const INVALID_RISTRETTO_SCALAR: u64 = 4; | ||
| pub const BULLETPROOFS_VERIFICATION_FAILED: u64 = 5; | ||
|
|
||
| pub const BP_DOMAIN: &[u8] = b"sui"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.