reverie/transcript/
mod.rs

1mod prover;
2mod verifier;
3
4pub use prover::ProverTranscript;
5pub use verifier::VerifierTranscriptOnline;
6pub use verifier::VerifierTranscriptPreprocess;
7
8use crate::algebra::Domain;
9use crate::crypto::hash::{Hash, Hasher};
10use crate::crypto::prg::{Key, KEY_SIZE, PRG};
11use crate::generator::ShareGen;
12use crate::interpreter::Wire;
13use crate::{PACKED, PLAYERS};
14
15pub trait Transcript<D: Domain> {
16    const IS_PROVER: bool = false;
17
18    // Different instances:
19    //
20    // - Proving   : input is the next input value
21    // - Verifying : input is unused bogus value a
22    fn input(&mut self) -> Wire<D>;
23
24    /// Reconstructs the share:
25    ///
26    /// # Proving
27    ///
28    /// The transcript records the mask (each share send by each party)
29    ///
30    /// # Verifying (Online)
31    ///
32    /// The transcript adds the missing share for the unopened players
33    ///
34    /// # Verifying (Preprocessing)
35    ///
36    /// Nop, just return zero.
37    fn reconstruct(&mut self, mask: D::Share) -> D::Recon;
38
39    /// Record correction:
40    ///
41    /// # Proving
42    ///
43    /// The transcript records the correction
44    ///
45    /// # Verifying (Online)
46    ///
47    /// The transcript provides the next correction (ignoring the input)
48    ///
49    /// # Verifying (Preprocessing)
50    ///
51    /// The transcript records the correction
52    fn correction(&mut self, corr: D::Recon) -> D::Recon;
53
54    /// Record if the reconstructed value is zero
55    ///
56    /// # Proving
57    ///
58    /// Check if zero: if not the witness was invalid and the prover aborts
59    ///
60    /// # Verifying (Online)
61    ///
62    /// Check if zero: if zero the proof is invalid.
63    ///
64    /// # Verifying (Preprocessing)
65    ///
66    /// Nop. Ignore the input.
67    fn zero_check(&mut self, recon: D::Recon);
68
69    fn new_mask(&mut self) -> D::Share;
70
71    /// Return the commitment to the online phase
72    fn online_hash(&self) -> [Hash; PACKED];
73
74    /// Return the commitment to the preprocessing phase
75    fn preprocess_hash(&self) -> [Hash; PACKED];
76
77    fn hash(&self) -> [Hash; PACKED] {
78        fn hash_join(preprocess: &Hash, online: &Hash) -> Hash {
79            let mut hasher = Hasher::new();
80            hasher.update(preprocess.as_bytes());
81            hasher.update(online.as_bytes());
82            hasher.finalize()
83        }
84        let online_hashes = self.online_hash();
85        let preprocess_hashes = self.preprocess_hash();
86        [
87            hash_join(&preprocess_hashes[0], &online_hashes[0]),
88            hash_join(&preprocess_hashes[1], &online_hashes[1]),
89            hash_join(&preprocess_hashes[2], &online_hashes[2]),
90            hash_join(&preprocess_hashes[3], &online_hashes[3]),
91            hash_join(&preprocess_hashes[4], &online_hashes[4]),
92            hash_join(&preprocess_hashes[5], &online_hashes[5]),
93            hash_join(&preprocess_hashes[6], &online_hashes[6]),
94            hash_join(&preprocess_hashes[7], &online_hashes[7]),
95        ]
96    }
97}
98
99fn expand_seed(seed: Key) -> [Key; PLAYERS] {
100    let mut prg = PRG::new(&seed);
101    let mut keys = [[0u8; KEY_SIZE]; PLAYERS];
102    for key in keys.iter_mut() {
103        prg.gen(key);
104    }
105    keys
106}
107
108fn share_gen_from_rep_seeds<D: Domain>(seeds: &[Key; PACKED]) -> Box<ShareGen<D>> {
109    Box::new(ShareGen::new(
110        &[
111            expand_seed(seeds[0]),
112            expand_seed(seeds[1]),
113            expand_seed(seeds[2]),
114            expand_seed(seeds[3]),
115            expand_seed(seeds[4]),
116            expand_seed(seeds[5]),
117            expand_seed(seeds[6]),
118            expand_seed(seeds[7]),
119        ],
120        [PLAYERS; PACKED],
121    ))
122}