arcis-compiler 0.9.7

A framework for writing secure multi-party computation (MPC) circuits to be executed on the Arcium network.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

//! Arcis implementation of <https://github.com/solana-program/zk-elgamal-proof/blob/main/zk-sdk/src/encryption/pedersen.rs>

use crate::{
    core::global_value::{curve_value::CurveValue, value::FieldValue},
    traits::Reveal,
    utils::field::ScalarField,
};
use std::{
    ops::{Add, Mul, Sub},
    sync::LazyLock,
};
use zk_elgamal_proof::encryption::pedersen::H;

/// Algorithm handle for the Pedersen commitment scheme.
pub struct Pedersen;
impl Pedersen {
    /// On input a message (numeric amount), the function returns a Pedersen commitment of the
    /// message and the corresponding opening.
    ///
    /// This function is randomized. It internally samples a Pedersen opening.
    #[allow(clippy::new_ret_no_self)]
    pub fn new(amount: FieldValue<ScalarField>) -> (PedersenCommitment, PedersenOpening) {
        let opening = PedersenOpening::new_rand();
        let commitment = Pedersen::with(amount, &opening);

        (commitment, opening)
    }

    /// On input a message (numeric amount) and a Pedersen opening, the function returns the
    /// corresponding Pedersen commitment.
    ///
    /// This function is deterministic.
    pub fn with(amount: FieldValue<ScalarField>, opening: &PedersenOpening) -> PedersenCommitment {
        let x = amount;
        let r = opening.get_scalar();

        PedersenCommitment(
            CurveValue::multiscalar_mul(
                vec![x, *r],
                vec![
                    CurveValue::generator(),
                    CurveValue::from(*LazyLock::force(&H)),
                ],
            )
            .reveal(),
        )
    }

    /// On input a message, the function returns a Pedersen commitment with zero as the opening.
    ///
    /// This function is deterministic. The commitment is binding, but depending on the size of
    /// amount it is not hiding.
    pub fn encode(amount: FieldValue<ScalarField>) -> PedersenCommitment {
        PedersenCommitment((amount * CurveValue::generator()).reveal())
    }
}

/// Pedersen opening type.
#[derive(Clone, Debug)]
pub struct PedersenOpening(FieldValue<ScalarField>);

impl PedersenOpening {
    pub fn new(scalar: FieldValue<ScalarField>) -> Self {
        assert!(!scalar.is_plaintext());
        Self(scalar)
    }

    pub fn new_rand() -> Self {
        PedersenOpening(FieldValue::<ScalarField>::random())
    }

    pub fn get_scalar(&self) -> &FieldValue<ScalarField> {
        &self.0
    }
}

impl Add<&PedersenOpening> for &PedersenOpening {
    type Output = PedersenOpening;

    fn add(self, opening: &PedersenOpening) -> PedersenOpening {
        PedersenOpening(self.0 + opening.0)
    }
}

impl Mul<FieldValue<ScalarField>> for &PedersenOpening {
    type Output = PedersenOpening;

    fn mul(self, scalar: FieldValue<ScalarField>) -> PedersenOpening {
        PedersenOpening(self.0 * scalar)
    }
}

/// Pedersen commitment type.
#[derive(Clone, Copy, Debug)]
pub struct PedersenCommitment(CurveValue);

impl PedersenCommitment {
    pub fn new(point: CurveValue) -> Self {
        assert!(point.is_plaintext());
        Self(point)
    }

    pub fn get_point(&self) -> &CurveValue {
        &self.0
    }
}

impl Add for PedersenCommitment {
    type Output = PedersenCommitment;

    fn add(self, commitment: PedersenCommitment) -> Self::Output {
        PedersenCommitment(self.0 + commitment.0)
    }
}

impl Sub for PedersenCommitment {
    type Output = PedersenCommitment;

    fn sub(self, commitment: PedersenCommitment) -> Self::Output {
        PedersenCommitment(self.0 - commitment.0)
    }
}

impl Mul<PedersenCommitment> for FieldValue<ScalarField> {
    type Output = PedersenCommitment;

    fn mul(self, rhs: PedersenCommitment) -> Self::Output {
        PedersenCommitment(self * rhs.0)
    }
}