From 5b2b6c21872aef57b787aa991a7ac486d808f471 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Mon, 6 Jan 2025 14:29:21 -0500 Subject: [PATCH] Clarify commentary on the BatchVerifiers --- crypto/fcmps/src/lib.rs | 4 +++- .../generalized-bulletproofs/src/arithmetic_circuit_proof.rs | 5 +++++ crypto/generalized-bulletproofs/src/inner_product.rs | 2 ++ networks/monero/ringct/fcmp++/src/lib.rs | 5 +++++ networks/monero/ringct/fcmp++/src/sal/mod.rs | 5 +++++ 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/crypto/fcmps/src/lib.rs b/crypto/fcmps/src/lib.rs index b8db9b3a..b9976ae2 100644 --- a/crypto/fcmps/src/lib.rs +++ b/crypto/fcmps/src/lib.rs @@ -761,7 +761,9 @@ where /// the amount of layers, the specified amount of layers must be checked to be equal to the /// actual amount of layers. /// - /// If this function returns an error, the batch verifiers are corrupted and must be discarded. + /// This only queues the FCMP for batch verification. The BatchVerifiers MUST also be verified. + /// + /// If this function returns an error, the batch verifiers are corrupted and MUST be discarded. // This may be collision resistant regardless of layer count thanks to the expected usage of a // distinct curve for the leaves, yet the layer count is cheap to check and avoids the question. #[allow(clippy::too_many_arguments)] diff --git a/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs b/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs index 9820d4c0..573e1314 100644 --- a/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs +++ b/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs @@ -495,6 +495,11 @@ impl<'a, C: Ciphersuite> ArithmeticCircuitStatement<'a, C> { } /// Verify a proof for this statement. + /// + /// This solely queues the statement for batch verification. The resulting BatchVerifier MUST + /// still be verified. + /// + /// If this proof returns an error, the BatchVerifier MUST be assumed corrupted and discarded. pub fn verify( self, rng: &mut R, diff --git a/crypto/generalized-bulletproofs/src/inner_product.rs b/crypto/generalized-bulletproofs/src/inner_product.rs index a064bdd7..e7127e00 100644 --- a/crypto/generalized-bulletproofs/src/inner_product.rs +++ b/crypto/generalized-bulletproofs/src/inner_product.rs @@ -271,6 +271,8 @@ impl<'a, C: Ciphersuite> IpStatement<'a, C> { /// This will return Err if there is an error. This will return Ok if the proof was successfully /// queued for batch verification. The caller is required to verify the batch in order to ensure /// the proof is actually correct. + /// + /// If this proof returns an error, the BatchVerifier MUST be assumed corrupted and discarded. pub(crate) fn verify( self, verifier: &mut BatchVerifier, diff --git a/networks/monero/ringct/fcmp++/src/lib.rs b/networks/monero/ringct/fcmp++/src/lib.rs index 7b04ff7e..58bb91e8 100644 --- a/networks/monero/ringct/fcmp++/src/lib.rs +++ b/networks/monero/ringct/fcmp++/src/lib.rs @@ -311,6 +311,11 @@ impl FcmpPlusPlus { /// /// `signable_tx_hash` must be binding to the transaction prefix, the RingCT base, and the /// pseudo-outs. + /// + /// This only queues the proofs for batch verification. The BatchVerifiers MUST also be verified. + /// + /// If this function returns an error, the BatchVerifiers MUST be considered corrupted and + /// discarded. #[allow(clippy::too_many_arguments)] pub fn verify( &self, diff --git a/networks/monero/ringct/fcmp++/src/sal/mod.rs b/networks/monero/ringct/fcmp++/src/sal/mod.rs index e7d398c5..841ee4d3 100644 --- a/networks/monero/ringct/fcmp++/src/sal/mod.rs +++ b/networks/monero/ringct/fcmp++/src/sal/mod.rs @@ -253,6 +253,11 @@ impl SpendAuthAndLinkability { } /// Verify a Spend-Authorization and Linkability proof. + /// + /// This only queues the proof for batch verification. The BatchVerifier MUST also be verified. + /// + /// If this function returns an error, the BatchVerifier MUST be considered corrupted and + /// discarded. #[allow(clippy::result_unit_err)] pub fn verify( &self,