Merge #1: Add Bulletproof rewind functionality

This is closely modelled on Grin's solution, but using two private keys: - Interfaces: - create a rewindable ZK proof with up to 23 bytes additional embedded data - extract the value and 23 bytes extra data only - extract the value, blinding factor and 23 bytes extra data - Required: - two rewind nonces, based on two public rewind keys and the value commitment - two blinding nonces, based on the two private rewind keys and the value commitment - Use: - the two rewind nonces are used to extract the value and 23 bytes embedded data - the two rewind nonces and two blinding nonces are used to extract the value, blinding factor and 23 bytes embedded data See related Dalek issue dalek-cryptography#335
tari-project · Nov 27, 2020 · f93eaaf · f93eaaf
2 parents 1a10ce1 + 6e820b0
commit f93eaaf
Show file tree

Hide file tree

Showing 7 changed files with 867 additions and 14 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ serde = { version = "1", default-features = false, features = ["alloc"] }
 serde_derive = { version = "1", default-features = false }
 thiserror = { version = "1", optional = true }
 merlin = { version = "2", default-features = false }
-clear_on_drop = { version = "0.2", default-features = false, features = ["nightly"] }
+clear_on_drop = { version = "=0.2.4", default-features = false }
 
 [dev-dependencies]
 hex = "0.3"

diff --git a/src/errors.rs b/src/errors.rs
@@ -45,6 +45,18 @@ pub enum ProofError {
     /// consider its errors to be internal errors.
     #[cfg_attr(feature = "std", error("Internal error during proof creation: {0}"))]
     ProvingError(MPCError),
+    /// This error results from trying to rewind a proof with the wrong rewind nonce
+    #[cfg_attr(
+    feature = "std",
+    error("Rewinding the proof failed, invalid commitment extracted")
+    )]
+    InvalidCommitmentExtracted,
+    /// This error results from trying to rewind a proof with an invalid rewind key separator
+    #[cfg_attr(
+    feature = "std",
+    error("Trying to rewind a proof with the wrong rewind key separator")
+    )]
+    InvalidRewindKeySeparator,
 }
 
 impl From<MPCError> for ProofError {

diff --git a/src/lib.rs b/src/lib.rs
@@ -27,7 +27,8 @@ mod notes {
 mod errors;
 mod generators;
 mod inner_product_proof;
-mod range_proof;
+// TODO: Do not expose `range_proof` publicly
+pub mod range_proof;
 mod transcript;
 
 pub use crate::errors::ProofError;