kontor-crypto 0.1.5

Kontor Proof-of-Retrievability system for decentralized storage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386

//! Tests for complex aggregation scenarios with unusual file counts and depths

use ff::Field;
use kontor_crypto::{
    api::{self, Challenge, FieldElement, PorSystem},
    config,
};
use rand::Rng;
use std::collections::BTreeMap;

mod common;
use common::{
    create_single_file_ledger,
    fixtures::{create_ledger_from_metadatas, create_test_files},
};

#[test]
fn test_awkward_file_count_padding() {
    // AGG-01: Test with 5 files (pads to 8) - exercises more complex padding logic
    println!("Testing aggregation with 5 files (awkward padding to 8)");

    let num_files = 5;

    // Create 5 files using helper
    let (files, metadatas) = create_test_files(num_files, 40, 1000);
    let metadata_refs: Vec<&_> = metadatas.iter().collect();
    let ledger = create_ledger_from_metadatas(&metadata_refs);

    // Create challenges for all 5 files
    let seed = FieldElement::from(12345u64);
    let challenges: Vec<Challenge> = metadatas
        .iter()
        .map(|m| Challenge::new_test(m.clone(), 1000, 1, seed))
        .collect();

    // Verify the shape derivation
    let max_depth = challenges
        .iter()
        .map(|c| api::tree_depth_from_metadata(&c.file_metadata))
        .max()
        .unwrap();

    let (files_per_step, file_tree_depth) = config::derive_shape(num_files, max_depth);
    assert_eq!(
        files_per_step, 8,
        "5 files should pad to 8 (next power of 2)"
    );

    // Generate proof
    let file_refs: BTreeMap<String, &_> = files.iter().map(|(k, v)| (k.clone(), v)).collect();

    let system = PorSystem::new(&ledger);
    let files_vec: Vec<&_> = file_refs.values().copied().collect();
    let proof = system
        .prove(files_vec, &challenges)
        .expect("Should generate proof with 5 files");

    // Verify proof
    let is_valid = system
        .verify(&proof, &challenges)
        .expect("Verification should complete");

    assert!(is_valid, "Proof with 5 files (padded to 8) should verify");
    println!("✓ Successfully proved and verified with 5 files padded to 8");

    // Additional check: witness generation should create 8 witnesses (5 real + 3 padding)
    let dummy_ledger_indices = vec![0, 1, 2, 3, 4, 0, 0, 0]; // 5 real indices + padding
    let (witness, _) = api::generate_circuit_witness(
        &challenges.iter().collect::<Vec<_>>(),
        Some(&file_refs),
        &ledger,
        file_tree_depth,
        file_tree_depth,
        FieldElement::ZERO,
        ledger.tree.layers.len() - 1,
        0,
        &dummy_ledger_indices,
    )
    .expect("Failed to generate witness");

    assert_eq!(
        witness.witnesses().len(),
        8,
        "Should have 8 witnesses (5 real + 3 padding)"
    );

    let real_count = witness
        .witnesses()
        .iter()
        .filter(|w| w.actual_depth > 0)
        .count();
    assert_eq!(real_count, 5, "Should have exactly 5 real witnesses");

    let padding_count = witness
        .witnesses()
        .iter()
        .filter(|w| w.actual_depth == 0)
        .count();
    assert_eq!(padding_count, 3, "Should have exactly 3 padding witnesses");

    println!("✓ Witness structure correct: 5 real + 3 padding = 8 total");
}

#[test]
fn test_highly_heterogeneous_depths() {
    // AGG-02: Test with files of depths 0, 1, 3, 5 in a single proof
    println!("Testing aggregation with highly heterogeneous depths (0, 1, 3, 5)");

    // Create files targeting specific depths
    // Depth calculation: ceil(log2(blob_size / chunk_size))
    // To get specific depths, we need specific blob sizes

    let target_depths = vec![0, 1, 3, 5];

    // With multi-codeword: need larger files for depth variation
    // depth 8: ~255 symbols (1 codeword)
    // depth 10: ~1,020 symbols (4 codewords)
    // depth 14: ~16,065 symbols (63 codewords)
    // depth 16: ~65,025 symbols (255 codewords)

    let _target_depths = target_depths; // Document intent (now approximate)
    let file_sizes = [
        100,       // 1 codeword → depth 8
        30_000,    // 4 codewords → depth 10
        500_000,   // 63 codewords → depth 14
        2_000_000, // 255 codewords → depth 16
    ];

    let mut files = BTreeMap::new();
    let mut metadatas = vec![];
    let mut ledger = kontor_crypto::ledger::FileLedger::new();
    let mut actual_depths = vec![];

    for (i, size) in file_sizes.iter().enumerate() {
        let data = vec![(i * 10) as u8; *size];
        // Use random nonce for unique file_id
        let nonce: [u8; 16] = rand::thread_rng().gen();
        let (prepared, metadata) =
            api::prepare_file(&data, &format!("test_file_{}.dat", i), &nonce)
                .expect("Failed to prepare file");

        let depth = api::tree_depth_from_metadata(&metadata);
        actual_depths.push(depth);

        println!(
            "  File {}: size={}, total_symbols={}, padded_len={}, depth={}",
            i,
            size,
            metadata.total_symbols(),
            metadata.padded_len,
            depth
        );

        files.insert(metadata.file_id.clone(), prepared);
        ledger.add_file(&metadata).expect("Failed to add to ledger");
        metadatas.push(metadata);
    }

    // Verify we got a good spread of depths
    let min_depth = *actual_depths.iter().min().unwrap();
    let max_depth = *actual_depths.iter().max().unwrap();
    let depth_spread = max_depth - min_depth;

    println!(
        "  Achieved depths: {:?}, spread: {}",
        actual_depths, depth_spread
    );
    assert!(
        depth_spread >= 3,
        "Should have significant depth variation (spread >= 3)"
    );

    // Create challenges
    let seed = FieldElement::from(99999u64);
    let challenges: Vec<Challenge> = metadatas
        .iter()
        .map(|m| Challenge::new_test(m.clone(), 1000, 1, seed))
        .collect();

    // Generate proof with heterogeneous depths
    let file_refs: BTreeMap<String, &_> = files.iter().map(|(k, v)| (k.clone(), v)).collect();

    let system = PorSystem::new(&ledger);
    let files_vec: Vec<&_> = file_refs.values().copied().collect();
    let proof = system
        .prove(files_vec, &challenges)
        .expect("Should generate proof with heterogeneous depths");

    // Verify proof
    let is_valid = system
        .verify(&proof, &challenges)
        .expect("Verification should complete");

    assert!(
        is_valid,
        "Proof with highly heterogeneous depths should verify"
    );

    println!(
        "✓ Successfully proved and verified with depth spread of {}",
        depth_spread
    );
    println!("✓ Circuit gating correctly handles heterogeneous depths");
}

#[test]
fn test_maximum_file_aggregation() {
    // Test with a larger number of files to stress aggregation
    println!("Testing aggregation with 7 files");

    let num_files = 7; // Will pad to 8

    let mut files = BTreeMap::new();
    let mut metadatas = vec![];
    let mut ledger = kontor_crypto::ledger::FileLedger::new();

    for i in 0..num_files {
        // Vary sizes to get different depths
        let size = 30 + i * 20;
        let data = vec![(i * 5) as u8; size];
        let (prepared, metadata) =
            api::prepare_file(&data, "test_file.dat", b"").expect("Failed to prepare file");

        files.insert(metadata.file_id.clone(), prepared);
        ledger.add_file(&metadata).expect("Failed to add to ledger");
        metadatas.push(metadata);
    }

    // Create challenges
    let seed = FieldElement::from(54321u64);
    let challenges: Vec<Challenge> = metadatas
        .iter()
        .map(|m| Challenge::new_test(m.clone(), 1000, 2, seed)) // 2 challenges per file
        .collect();

    // Generate and verify proof
    let file_refs: BTreeMap<String, &_> = files.iter().map(|(k, v)| (k.clone(), v)).collect();

    let system = PorSystem::new(&ledger);
    let files_vec: Vec<&_> = file_refs.values().copied().collect();
    let proof = system
        .prove(files_vec, &challenges)
        .expect("Should generate proof with 7 files");

    let is_valid = system
        .verify(&proof, &challenges)
        .expect("Verification should complete");

    assert!(is_valid, "Proof with 7 files should verify");

    // Check aggregation tree depth
    let agg_depth = ledger.tree.layers.len() - 1;
    let expected_agg_depth = (num_files as f64).log2().ceil() as usize;

    println!("✓ 7 files aggregated successfully");
    println!(
        "  Aggregation tree depth: {} (expected ~{})",
        agg_depth, expected_agg_depth
    );
}

#[test]
fn test_single_file_with_various_depths() {
    // Test single-file proofs at different depths to ensure consistency
    println!("Testing single-file proofs at various depths");

    let test_sizes = vec![10, 35, 70, 150, 300]; // Various sizes for different depths

    for size in test_sizes {
        let data = vec![42u8; size];
        let (prepared, metadata) =
            api::prepare_file(&data, "test_file.dat", b"").expect("Failed to prepare file");

        let depth = api::tree_depth_from_metadata(&metadata);

        let challenge =
            Challenge::new_test(metadata.clone(), 1000, 1, FieldElement::from(size as u64));

        let mut files = BTreeMap::new();
        files.insert(metadata.file_id.clone(), &prepared);

        // Create ledger for unified API
        let ledger = create_single_file_ledger(&metadata);

        let system = PorSystem::new(&ledger);
        let files_vec: Vec<&_> = files.values().copied().collect();
        let proof = system
            .prove(files_vec, std::slice::from_ref(&challenge))
            .unwrap_or_else(|e| {
                panic!(
                    "Should generate proof for size {} (depth {}): {}",
                    size, depth, e
                )
            });

        let is_valid = system
            .verify(&proof, &[challenge])
            .expect("Verification should complete");

        assert!(
            is_valid,
            "Single-file proof at depth {} should verify",
            depth
        );

        println!("  ✓ Size {} -> depth {} verified", size, depth);
    }

    println!("✓ All single-file depths verified successfully");
}

#[test]
fn test_aggregate_proofs_from_different_blocks() {
    // AGG-03: Test aggregating challenges from different blockchain heights
    // This simulates real-world scenario where challenges arrive from different blocks
    println!("Testing aggregation of proofs from different block heights");

    let num_files = 3;

    // Create test files
    let (files, metadatas) = create_test_files(num_files, 50, 1000);
    let metadata_refs: Vec<&_> = metadatas.iter().collect();
    let ledger = create_ledger_from_metadatas(&metadata_refs);

    // Simulate challenges from different blocks with per-file seeds
    // In practice: seed = H(block_hash, file_id)
    // Here we simulate with: seed = block_height * 1000 + file_index
    let challenges: Vec<Challenge> = vec![
        Challenge::new(
            metadatas[0].clone(),
            1000, // Block 1000
            2,
            FieldElement::from(1000 * 1000), // Simulated H(block_1000_hash, file0_id)
            "prover0".to_string(),
        ),
        Challenge::new(
            metadatas[1].clone(),
            1005, // Block 1005 - different block!
            2,
            FieldElement::from(1005 * 1000 + 1), // Simulated H(block_1005_hash, file1_id)
            "prover1".to_string(),
        ),
        Challenge::new(
            metadatas[2].clone(),
            1010, // Block 1010 - yet another block!
            2,
            FieldElement::from(1010 * 1000 + 2), // Simulated H(block_1010_hash, file2_id)
            "prover2".to_string(),
        ),
    ];

    println!(
        "  Challenge 0: block_height={}, seed={:?}",
        challenges[0].block_height, challenges[0].seed
    );
    println!(
        "  Challenge 1: block_height={}, seed={:?}",
        challenges[1].block_height, challenges[1].seed
    );
    println!(
        "  Challenge 2: block_height={}, seed={:?}",
        challenges[2].block_height, challenges[2].seed
    );

    // Generate aggregated proof across different block heights
    let file_refs: BTreeMap<String, &_> = files.iter().map(|(k, v)| (k.clone(), v)).collect();
    let system = PorSystem::new(&ledger);
    let files_vec: Vec<&_> = file_refs.values().copied().collect();

    let proof = system
        .prove(files_vec, &challenges)
        .expect("Should generate aggregated proof from different blocks");

    // Verify the aggregated proof
    let is_valid = system
        .verify(&proof, &challenges)
        .expect("Verification should complete");

    assert!(
        is_valid,
        "Aggregated proof from blocks 1000, 1005, 1010 should verify"
    );

    println!("✓ Successfully aggregated and verified proofs from blocks 1000, 1005, 1010");
    println!("✓ Multi-block aggregation with per-file seeds works correctly");
}