update zkdl simot

zhdllwyc · zhdllwyc · commit c9ffb0b06a10 · 2022-08-30T00:48:30.000-05:00
diff --git a/ot/simot/simot_test.go b/ot/simot/simot_test.go
@@ -1,4 +1,8 @@
-package simplestOT
+// Reference: https://eprint.iacr.org/2015/267.pdf (1 out of 2 OT case)
+// Sender has 2 messages m0, m1
+// Receiver receives mc based on the choice bit c
+
+package simot
 
 import (
 	"bytes"
@@ -8,15 +12,43 @@ import (
 	"github.com/cloudflare/circl/group"
 )
 
-const TestBaseOTCount = 100
+const testSimOTCount = 100
+
+func simOT(myGroup group.Group, sender *SenderSimOT, receiver *ReceiverSimOT, m0, m1 []byte, choice, index int) error {
+	// Initialization
+	A := sender.InitSender(myGroup, m0, m1, index)
+
+	// Round 1
+	// Sender sends A to receiver
+	B := receiver.Round1Receiver(myGroup, choice, index, A)
+
+	// Round 2
+	// Receiver sends B to sender
+	e0, e1 := sender.Round2Sender(B)
+
+	// Round 3
+	// Sender sends e0 e1 to receiver
+	errDec := receiver.Round3Receiver(e0, e1, receiver.c)
+	if errDec != nil {
+		return errDec
+	}
+
+	return nil
+}
 
-func testNegativeBaseOT(t *testing.T, myGroup group.Group, choice int) {
+func testNegativeSimOT(t *testing.T, myGroup group.Group, choice int) {
 	var sender SenderSimOT
 	var receiver ReceiverSimOT
 	m0 := make([]byte, myGroup.Params().ScalarLength)
 	m1 := make([]byte, myGroup.Params().ScalarLength)
-	rand.Read(m0)
-	rand.Read(m1)
+	_, errRand := rand.Read(m0)
+	if errRand != nil {
+		panic(errRand)
+	}
+	_, errRand = rand.Read(m1)
+	if errRand != nil {
+		panic(errRand)
+	}
 
 	// Initialization
 	A := sender.InitSender(myGroup, m0, m1, 0)
@@ -32,7 +64,7 @@ func testNegativeBaseOT(t *testing.T, myGroup group.Group, choice int) {
 	// The receiver will not learn anything about m_{1-c}
 	errDec := receiver.Round3Receiver(e0, e1, 1-choice)
 	if errDec == nil {
-		t.Error("BaseOT decryption failed", errDec)
+		t.Error("SimOT decryption failed", errDec)
 	}
 
 	if choice == 0 {
@@ -54,23 +86,29 @@ func testNegativeBaseOT(t *testing.T, myGroup group.Group, choice int) {
 			t.Error("Receiver decryption should fail")
 		}
 	}
-
 }
 
 // Input: myGroup, the group we operate in
-func testBaseOT(t *testing.T, myGroup group.Group, choice int) {
+func testSimOT(t *testing.T, myGroup group.Group, choice int) {
 	var sender SenderSimOT
 	var receiver ReceiverSimOT
 
 	m0 := make([]byte, myGroup.Params().ScalarLength)
 	m1 := make([]byte, myGroup.Params().ScalarLength)
-	rand.Read(m0)
-	rand.Read(m1)
-	err := BaseOT(myGroup, &sender, &receiver, m0, m1, choice, 0)
-	if err != nil {
-		t.Error("BaseOT failed", err)
+	_, errRand := rand.Read(m0)
+	if errRand != nil {
+		panic(errRand)
+	}
+	_, errRand = rand.Read(m1)
+	if errRand != nil {
+		panic(errRand)
+	}
+
+	errDec := simOT(myGroup, &sender, &receiver, m0, m1, choice, 0)
+	if errDec != nil {
+		t.Error("AES GCM Decryption failed")
 	}
-	//Confirm
+
 	if choice == 0 {
 		equal0 := bytes.Compare(sender.m0, receiver.mc)
 		if equal0 != 0 {
@@ -84,29 +122,41 @@ func testBaseOT(t *testing.T, myGroup group.Group, choice int) {
 	}
 }
 
-func benchmarBaseOT(b *testing.B, myGroup group.Group) {
+func benchmarSimOT(b *testing.B, myGroup group.Group) {
 	var sender SenderSimOT
 	var receiver ReceiverSimOT
 	m0 := make([]byte, myGroup.Params().ScalarLength)
 	m1 := make([]byte, myGroup.Params().ScalarLength)
-	rand.Read(m0)
-	rand.Read(m1)
+	_, errRand := rand.Read(m0)
+	if errRand != nil {
+		panic(errRand)
+	}
+	_, errRand = rand.Read(m1)
+	if errRand != nil {
+		panic(errRand)
+	}
 
 	for iter := 0; iter < b.N; iter++ {
-		err := BaseOT(myGroup, &sender, &receiver, m0, m1, iter%2, 0)
-		if err != nil {
-			b.Error("BaseOT failed")
+		errDec := simOT(myGroup, &sender, &receiver, m0, m1, iter%2, 0)
+		if errDec != nil {
+			b.Error("AES GCM Decryption failed")
 		}
 	}
 }
 
-func benchmarkBaseOTRound(b *testing.B, myGroup group.Group) {
+func benchmarkSimOTRound(b *testing.B, myGroup group.Group) {
 	var sender SenderSimOT
 	var receiver ReceiverSimOT
 	m0 := make([]byte, myGroup.Params().ScalarLength)
 	m1 := make([]byte, myGroup.Params().ScalarLength)
-	rand.Read(m0)
-	rand.Read(m1)
+	_, errRand := rand.Read(m0)
+	if errRand != nil {
+		panic(errRand)
+	}
+	_, errRand = rand.Read(m1)
+	if errRand != nil {
+		panic(errRand)
+	}
 
 	b.Run("Sender-Initialization", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
@@ -127,7 +177,6 @@ func benchmarkBaseOTRound(b *testing.B, myGroup group.Group) {
 	b.Run("Sender-Round2", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			sender.Round2Sender(B)
-
 		}
 	})
 
@@ -152,34 +201,31 @@ func benchmarkBaseOTRound(b *testing.B, myGroup group.Group) {
 	if equal0 != 0 {
 		b.Error("Receiver decryption failed")
 	}
-
 }
 
-func TestBaseOT(t *testing.T) {
-
-	t.Run("BaseOT", func(t *testing.T) {
-		for i := 0; i < TestBaseOTCount; i++ {
+func TestSimOT(t *testing.T) {
+	t.Run("SimOT", func(t *testing.T) {
+		for i := 0; i < testSimOTCount; i++ {
 			currGroup := group.P256
 			choice := i % 2
-			testBaseOT(t, currGroup, choice)
+			testSimOT(t, currGroup, choice)
 		}
 	})
-	t.Run("BaseOTNegative", func(t *testing.T) {
-		for i := 0; i < TestBaseOTCount; i++ {
+	t.Run("SimOTNegative", func(t *testing.T) {
+		for i := 0; i < testSimOTCount; i++ {
 			currGroup := group.P256
 			choice := i % 2
-			testNegativeBaseOT(t, currGroup, choice)
+			testNegativeSimOT(t, currGroup, choice)
 		}
 	})
-
 }
 
-func BenchmarkBaseOT(b *testing.B) {
+func BenchmarkSimOT(b *testing.B) {
 	currGroup := group.P256
-	benchmarBaseOT(b, currGroup)
+	benchmarSimOT(b, currGroup)
 }
 
-func BenchmarkBaseOTRound(b *testing.B) {
+func BenchmarkSimOTRound(b *testing.B) {
 	currGroup := group.P256
-	benchmarkBaseOTRound(b, currGroup)
+	benchmarkSimOTRound(b, currGroup)
 }
diff --git a/ot/simot/simotlocal.go b/ot/simot/simotlocal.go
@@ -1,4 +1,4 @@
-package simplestOT
+package simot
 
 import (
 	"crypto/aes"
@@ -66,7 +66,7 @@ func aesDecGCM(key, ciphertext []byte) ([]byte, error) {
 
 // Input: myGroup, the group we operate in
 // Input: m0, m1 the 2 message of the sender
-// Input: index, the index of this BaseOT
+// Input: index, the index of this SimOT
 // Output: A = [a]G, a the sender randomness
 func (sender *SenderSimOT) InitSender(myGroup group.Group, m0, m1 []byte, index int) group.Element {
 	sender.a = myGroup.RandomNonZeroScalar(rand.Reader)
@@ -87,7 +87,7 @@ func (sender *SenderSimOT) InitSender(myGroup group.Group, m0, m1 []byte, index
 
 // Input: myGroup, the group we operate in
 // Input: choice, the receiver choice bit
-// Input: index, the index of this BaseOT
+// Input: index, the index of this SimOT
 // Input: A, from sender
 // Output: B = [b]G if c == 0, B = A+[b]G if c == 1 (Implementation in constant time). b, the receiver randomness
 func (receiver *ReceiverSimOT) Round1Receiver(myGroup group.Group, choice int, index int, A group.Element) group.Element {
diff --git a/ot/simot/simotparty.go b/ot/simot/simotparty.go
@@ -1,4 +1,4 @@
-package simplestOT
+package simot
 
 import "github.com/cloudflare/circl/group"
 
diff --git a/ot/simplestOT/simplestOT.go b/ot/simplestOT/simplestOT.go
diff --git a/zk/dl/dl.go b/zk/dl/dl.go
@@ -1,9 +1,9 @@
 // Reference: https://datatracker.ietf.org/doc/html/rfc8235#page-6
 // Prove the knowledge of [k] given [k]G, G and the curve where the points reside
-package zkRDL
+package dl
 
 import (
-	"crypto/rand"
+	"io"
 
 	"github.com/cloudflare/circl/group"
 )
@@ -12,9 +12,8 @@ import (
 // Input: R = [kA]DB
 // Input: proverLabel, verifierLabel labels of prover and verifier
 // Ouptput: (V,r), the prove such that we know kA without revealing kA
-func ProveGen(myGroup group.Group, DB, R group.Element, kA group.Scalar, proverLabel, verifierLabel []byte) (group.Element, group.Scalar) {
-
-	v := myGroup.RandomNonZeroScalar(rand.Reader)
+func ProveGen(myGroup group.Group, DB, R group.Element, kA group.Scalar, proverLabel, verifierLabel, dst []byte, rnd io.Reader) (group.Element, group.Scalar) {
+	v := myGroup.RandomNonZeroScalar(rnd)
 	V := myGroup.NewElement()
 	V.Mul(DB, v)
 
@@ -38,8 +37,7 @@ func ProveGen(myGroup group.Group, DB, R group.Element, kA group.Scalar, proverL
 	hashByte = append(hashByte, proverLabel...)
 	hashByte = append(hashByte, verifierLabel...)
 
-	dst := "zeroknowledge"
-	c := myGroup.HashToScalar(hashByte, []byte(dst))
+	c := myGroup.HashToScalar(hashByte, dst)
 
 	kAc := myGroup.NewScalar()
 	kAc.Mul(c, kA)
@@ -54,7 +52,7 @@ func ProveGen(myGroup group.Group, DB, R group.Element, kA group.Scalar, proverL
 // Input: (V,r), the prove such that the prover knows kA
 // Input: proverLabel, verifierLabel labels of prover and verifier
 // Output: V ?= [r]D_B +[c]R
-func Verify(myGroup group.Group, DB, R group.Element, V group.Element, r group.Scalar, proverLabel, verifierLabel []byte) bool {
+func Verify(myGroup group.Group, DB, R group.Element, V group.Element, r group.Scalar, proverLabel, verifierLabel, dst []byte) bool {
 	// Hash the transcript (D_B | V | R | proverLabel | verifierLabel) to get the random coin
 	DBByte, errByte := DB.MarshalBinary()
 	if errByte != nil {
@@ -74,8 +72,7 @@ func Verify(myGroup group.Group, DB, R group.Element, V group.Element, r group.S
 	hashByte = append(hashByte, proverLabel...)
 	hashByte = append(hashByte, verifierLabel...)
 
-	dst := "zeroknowledge"
-	c := myGroup.HashToScalar(hashByte, []byte(dst))
+	c := myGroup.HashToScalar(hashByte, dst)
 
 	rDB := myGroup.NewElement()
 	rDB.Mul(DB, r)
diff --git a/zk/dl/dl_test.go b/zk/dl/dl_test.go

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package simplestOT`
	`1`	`+package simot`
`2`	`2`
`3`	`3`	`import "github.com/cloudflare/circl/group"`
`4`	`4`