Skip to content

Commit ed5f511

Browse files
mj850mj850
committed
remove denom also
1 parent f379d04 commit ed5f511

11 files changed

+75
-114
lines changed

pkg/encryption/aes.go

+4-7
Original file line numberDiff line numberDiff line change
@@ -14,19 +14,16 @@ import (
1414
"golang.org/x/crypto/hkdf"
1515
)
1616

17-
// GetAESKey derives a 32-byte AES key using the provided bytes and denomination string.
17+
// GetAESKey derives a 32-byte AES key using the provided bytes.
1818
// The bytes can be anything, but we strongly suggest using something that is private to the use, such as the ecdas Private Key or a signed message.
19-
// It employs HKDF with SHA-256, using the private key bytes and a SHA-256 hash of the denom as salt.
20-
func GetAESKey(privateBytes []byte, denom string) ([]byte, error) {
21-
if len(denom) == 0 {
22-
return nil, fmt.Errorf("denom is empty")
23-
}
19+
// It employs HKDF with SHA-256, using the private key bytes.
20+
func GetAESKey(privateBytes []byte) ([]byte, error) {
2421
if len(privateBytes) == 0 {
2522
return nil, fmt.Errorf("bytes is empty")
2623
}
2724

2825
// Use a SHA-256 hash of the denom string as the salt
29-
salt := sha256.Sum256([]byte(denom))
26+
salt := sha256.Sum256([]byte("aes key derivation salt"))
3027

3128
// Create an HKDF reader using SHA-256
3229
hkdf := hkdf.New(sha256.New, privateBytes, salt[:], []byte("aes key derivation"))

pkg/encryption/aes_test.go

+4-28
Original file line numberDiff line numberDiff line change
@@ -25,48 +25,28 @@ func TestGetAESKey(t *testing.T) {
2525
{
2626
name: "Deterministic Key Generation",
2727
privateKey: generateTestKey(),
28-
denom: TestDenom,
2928
expectEqual: true,
3029
},
31-
{
32-
name: "Different Denom (Salt) Generates Different Key",
33-
privateKey: generateTestKey(),
34-
denom: TestDenom,
35-
anotherDenom: TestDenom + "1",
36-
expectEqual: false,
37-
},
38-
{
39-
name: "Different Denom (Salt) of same length Generates Different Key",
40-
privateKey: generateTestKey(),
41-
denom: TestDenom + "1",
42-
anotherDenom: TestDenom + "2",
43-
expectEqual: false,
44-
},
4530
{
4631
name: "Different PrivateKey Generates Different Key",
4732
privateKey: generateTestKey(),
48-
denom: TestDenom + "N",
4933
anotherKey: generateTestKey(),
5034
expectEqual: false,
5135
},
5236
}
5337

5438
for _, tt := range tests {
5539
t.Run(tt.name, func(t *testing.T) {
56-
aesPK, err := GetAESKey(tt.privateKey, tt.denom)
40+
aesPK, err := GetAESKey(tt.privateKey)
5741
require.Nil(t, err, "Should not have error here")
5842

5943
if tt.anotherKey != nil {
60-
aesPKDiff, err := GetAESKey(tt.anotherKey, tt.denom)
44+
aesPKDiff, err := GetAESKey(tt.anotherKey)
6145
require.Nil(t, err)
6246
require.NotEqual(t, aesPK, aesPKDiff, "PK should be different for different private keys")
63-
} else if tt.anotherDenom != "" {
64-
aesPKDiff, err := GetAESKey(tt.privateKey, tt.anotherDenom)
65-
require.Nil(t, err)
66-
require.NotEqual(t, aesPK, aesPKDiff, "PK should be different for different salts")
6747
} else {
6848

69-
aesPKAgain, err := GetAESKey(tt.privateKey, tt.denom)
49+
aesPKAgain, err := GetAESKey(tt.privateKey)
7050
require.Nil(t, err, "Should not have error here")
7151
if tt.expectEqual {
7252
require.Equal(t, aesPK, aesPKAgain, "PK should be deterministically generated")
@@ -80,12 +60,8 @@ func TestGetAESKey(t *testing.T) {
8060

8161
func TestGetAESKey_InvalidInput(t *testing.T) {
8262
// Nil private key
83-
_, err := GetAESKey([]byte{}, TestDenom)
63+
_, err := GetAESKey([]byte{})
8464
require.Error(t, err, "Should return error for nil private key")
85-
86-
validPrivateKey := generateTestKey()
87-
_, err = GetAESKey(validPrivateKey, "")
88-
require.Error(t, err, "Should not allow empty denom(salt)")
8965
}
9066

9167
func TestAESEncryptionDecryption(t *testing.T) {

pkg/encryption/elgamal/common.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,11 @@ const H_STRING = "gPt25pi0eDphSiXWu0BIeIvyVATCtwhslTqfqvNhW2c"
1313

1414
// KeyGen generates a new key pair for the Twisted ElGamal encryption scheme.
1515
// The private key is derived from the provided privateBytes and denom string. Ensure that the privateBytes passed is not exposed.
16-
func (teg TwistedElGamal) KeyGen(privateBytes []byte, denom string) (*KeyPair, error) {
16+
func (teg TwistedElGamal) KeyGen(privateBytes []byte) (*KeyPair, error) {
1717
// Fixed base point H
1818
H := teg.GetH()
1919

20-
s, err := teg.getPrivateKeyFromBytes(privateBytes, denom)
20+
s, err := teg.getPrivateKeyFromBytes(privateBytes)
2121
if err != nil {
2222
return nil, err
2323
}
@@ -47,9 +47,9 @@ func (teg TwistedElGamal) GetH() curves.Point {
4747
return teg.curve.Point.Hash(bytes)
4848
}
4949

50-
func (teg TwistedElGamal) getPrivateKeyFromBytes(privateBytes []byte, denom string) (curves.Scalar, error) {
50+
func (teg TwistedElGamal) getPrivateKeyFromBytes(privateBytes []byte) (curves.Scalar, error) {
5151
// Hash the denom to get a salt.
52-
salt := sha256.Sum256([]byte(denom))
52+
salt := sha256.Sum256([]byte("elgamal scalar derivation salt"))
5353

5454
// Create an HKDF reader using SHA-256
5555
hkdf := hkdf.New(sha256.New, privateBytes, salt[:], []byte("elgamal scalar derivation"))

pkg/encryption/elgamal/encryption_test.go

+15-27
Original file line numberDiff line numberDiff line change
@@ -16,29 +16,17 @@ func TestKeyGeneration(t *testing.T) {
1616
privateKey := testutils.GenerateKey()
1717

1818
eg := NewTwistedElgamal()
19-
keyPair, err := eg.KeyGen(*privateKey, DefaultTestDenom)
19+
keyPair, err := eg.KeyGen(*privateKey)
2020
require.Nil(t, err)
2121

2222
// Test that keyPair is deterministically generated
23-
keyPairAgain, err := eg.KeyGen(*privateKey, DefaultTestDenom)
23+
keyPairAgain, err := eg.KeyGen(*privateKey)
2424
require.Nil(t, err)
2525
require.Equal(t, keyPair, keyPairAgain, "PK should be deterministically generated")
2626

27-
// Test that changing the salt should generate a different key
28-
altDenom := "factory/sei1239081236470/testToken1"
29-
keyPairDiffSalt, err := eg.KeyGen(*privateKey, altDenom)
30-
require.Nil(t, err)
31-
require.NotEqual(t, keyPair, keyPairDiffSalt, "PK should be different for different salt")
32-
33-
// Test same thing for salt of same length
34-
altDenom = "factory/sei1239081236470/testTokeN"
35-
keyPairDiffSalt, err = eg.KeyGen(*privateKey, altDenom)
36-
require.Nil(t, err)
37-
require.NotEqual(t, keyPair, keyPairDiffSalt, "PK should be different for different salt")
38-
3927
// Test that different privateKey should generate different PK
4028
altPrivateKey := testutils.GenerateKey()
41-
keyPairDiffPK, err := eg.KeyGen(*altPrivateKey, altDenom)
29+
keyPairDiffPK, err := eg.KeyGen(*altPrivateKey)
4230
require.Nil(t, err)
4331
require.NotEqual(t, keyPair, keyPairDiffPK, "PK should be different for different ESDCA Private Key")
4432
}
@@ -49,8 +37,8 @@ func TestEncryptionDecryption(t *testing.T) {
4937

5038
eg := NewTwistedElgamal()
5139

52-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
53-
altKeys, _ := eg.KeyGen(*altPrivateKey, DefaultTestDenom)
40+
keys, _ := eg.KeyGen(*privateKey)
41+
altKeys, _ := eg.KeyGen(*altPrivateKey)
5442

5543
// Happy Path
5644
value := big.NewInt(108)
@@ -84,7 +72,7 @@ func Test48BitEncryptionDecryption(t *testing.T) {
8472
privateKey := testutils.GenerateKey()
8573

8674
eg := NewTwistedElgamal()
87-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
75+
keys, _ := eg.KeyGen(*privateKey)
8876

8977
// First decrypt a 32 bit number (sets up the decryptor for a later test)
9078
value := big.NewInt(108092)
@@ -126,8 +114,8 @@ func TestAddCiphertext(t *testing.T) {
126114

127115
eg := NewTwistedElgamal()
128116

129-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
130-
altKeys, _ := eg.KeyGen(*altPrivateKey, DefaultTestDenom)
117+
keys, _ := eg.KeyGen(*privateKey)
118+
altKeys, _ := eg.KeyGen(*altPrivateKey)
131119

132120
// Happy Path
133121
value1 := big.NewInt(30842)
@@ -170,7 +158,7 @@ func TestAddCiphertext(t *testing.T) {
170158
func TestTwistedElGamal_InvalidCiphertext(t *testing.T) {
171159
eg := NewTwistedElgamal()
172160
privateKey := testutils.GenerateKey()
173-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
161+
keys, _ := eg.KeyGen(*privateKey)
174162

175163
invalidCt := &Ciphertext{}
176164

@@ -185,7 +173,7 @@ func TestTwistedElGamal_NilPrivateKey(t *testing.T) {
185173

186174
// Generate a valid key pair for comparison
187175
privateKey := testutils.GenerateKey()
188-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
176+
keys, _ := eg.KeyGen(*privateKey)
189177

190178
// Encrypt a value with a valid public key
191179
value := big.NewInt(12345)
@@ -204,7 +192,7 @@ func TestTwistedElGamal_EncryptDecryptWithRand(t *testing.T) {
204192

205193
// Generate a valid key pair for comparison
206194
privateKey := testutils.GenerateKey()
207-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
195+
keys, _ := eg.KeyGen(*privateKey)
208196

209197
message := big.NewInt(555555555)
210198
randomFactor := curves.ED25519().Scalar.Random(rand.Reader)
@@ -222,7 +210,7 @@ func TestTwistedElGamal_EncryptMessageTwice(t *testing.T) {
222210

223211
// Generate a valid key pair for comparison
224212
privateKey := testutils.GenerateKey()
225-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
213+
keys, _ := eg.KeyGen(*privateKey)
226214

227215
message := big.NewInt(555555555)
228216
randomFactor := curve.Scalar.Random(rand.Reader)
@@ -238,7 +226,7 @@ func TestTwistedElGamal_DecryptWithZeroBits(t *testing.T) {
238226

239227
// Generate a valid key pair for comparison
240228
privateKey := testutils.GenerateKey()
241-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
229+
keys, _ := eg.KeyGen(*privateKey)
242230

243231
message := big.NewInt(555555555)
244232
randomFactor := curve.Scalar.Random(rand.Reader)
@@ -264,7 +252,7 @@ func TestTwistedElGamal_EncryptInvalidRandomFactor(t *testing.T) {
264252

265253
// Generate a valid key pair for comparison
266254
privateKey := testutils.GenerateKey()
267-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
255+
keys, _ := eg.KeyGen(*privateKey)
268256

269257
// Test with nil public key
270258
_, _, err := eg.encryptWithRand(keys.PublicKey, big.NewInt(12345), nil)
@@ -277,7 +265,7 @@ func TestTwistedElGamal_EncryptBoundaryValues(t *testing.T) {
277265

278266
// Generate a valid key pair for comparison
279267
privateKey := testutils.GenerateKey()
280-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
268+
keys, _ := eg.KeyGen(*privateKey)
281269

282270
// Test with the smallest possible value (0)
283271
_, _, err := eg.Encrypt(keys.PublicKey, big.NewInt(0))

pkg/encryption/elgamal/types_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ func TestCiphertext_MarshalJSON(t *testing.T) {
1313
privateKey := testutils.GenerateKey()
1414
eg := NewTwistedElgamal()
1515

16-
keys, _ := eg.KeyGen(*privateKey, DefaultTestDenom)
16+
keys, _ := eg.KeyGen(*privateKey)
1717

1818
value := big.NewInt(108)
1919
ciphertext, _, _ := eg.Encrypt(keys.PublicKey, value)

pkg/zkproofs/ciphertext_ciphertext_equality_test.go

+15-15
Original file line numberDiff line numberDiff line change
@@ -58,14 +58,14 @@ func TestCiphertextCiphertextEqualityProof(t *testing.T) {
5858
sourcePrivateKey := testutils.GenerateKey()
5959
destPrivateKey := testutils.GenerateKey()
6060
eg := elgamal.NewTwistedElgamal()
61-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
62-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
61+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
62+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
6363

6464
var actualDestinationPubkey *curves.Point
6565
if tt.useDifferentPublicKey {
6666
altDestPrivateKey := testutils.GenerateKey()
6767
// Generate an alternative keypair for destination
68-
altDestinationKeypair, _ := eg.KeyGen(*altDestPrivateKey, TestDenom)
68+
altDestinationKeypair, _ := eg.KeyGen(*altDestPrivateKey)
6969
actualDestinationPubkey = &altDestinationKeypair.PublicKey
7070
} else {
7171
actualDestinationPubkey = &destinationKeypair.PublicKey
@@ -115,8 +115,8 @@ func TestCiphertextCiphertextEqualityProof_EdgeCases(t *testing.T) {
115115
sourcePrivateKey := testutils.GenerateKey()
116116
destPrivateKey := testutils.GenerateKey()
117117
eg := elgamal.NewTwistedElgamal()
118-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
119-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
118+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
119+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
120120

121121
amount := big.NewInt(0)
122122

@@ -155,9 +155,9 @@ func TestCiphertextCiphertextEqualityProof_EdgeCases(t *testing.T) {
155155
sourcePrivateKey := testutils.GenerateKey()
156156
destPrivateKey := testutils.GenerateKey()
157157
eg := elgamal.NewTwistedElgamal()
158-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
158+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
159159

160-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
160+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
161161

162162
amount := big.NewInt(1 << 60) // A large amount to test scalability
163163

@@ -197,8 +197,8 @@ func TestCiphertextCiphertextEqualityProof_UnmarshalJSON_Valid(t *testing.T) {
197197
sourcePrivateKey := testutils.GenerateKey()
198198
destPrivateKey := testutils.GenerateKey()
199199
eg := elgamal.NewTwistedElgamal()
200-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
201-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
200+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
201+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
202202

203203
amount := big.NewInt(100)
204204

@@ -244,8 +244,8 @@ func TestNewCiphertextCiphertextEqualityProof_InvalidInputs(t *testing.T) {
244244
sourcePrivateKey := testutils.GenerateKey()
245245
destPrivateKey := testutils.GenerateKey()
246246
eg := elgamal.NewTwistedElgamal()
247-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
248-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
247+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
248+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
249249

250250
amount := big.NewInt(100)
251251

@@ -326,8 +326,8 @@ func TestVerifyCiphertextCiphertextEquality_InvalidInputs(t *testing.T) {
326326
sourcePrivateKey := testutils.GenerateKey()
327327
destPrivateKey := testutils.GenerateKey()
328328
eg := elgamal.NewTwistedElgamal()
329-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
330-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
329+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
330+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
331331

332332
amount := big.NewInt(100)
333333

@@ -459,8 +459,8 @@ func TestCiphertextCiphertextEqualityProof_IdentityD(t *testing.T) {
459459
sourcePrivateKey := testutils.GenerateKey()
460460
destPrivateKey := testutils.GenerateKey()
461461
eg := elgamal.NewTwistedElgamal()
462-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
463-
destinationKeypair, _ := eg.KeyGen(*destPrivateKey, TestDenom)
462+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
463+
destinationKeypair, _ := eg.KeyGen(*destPrivateKey)
464464

465465
// Encrypt the source amount
466466
sourceCiphertext, _, err := eg.Encrypt(sourceKeypair.PublicKey, big.NewInt(100))

pkg/zkproofs/ciphertext_commitment_equality_test.go

+5-5
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ func TestCiphertextCommitmentEqualityProof(t *testing.T) {
5656
// Key generation
5757
sourcePrivateKey := testutils.GenerateKey()
5858
eg := elgamal.NewTwistedElgamal()
59-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
59+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
6060

6161
// Encrypt the source amount
6262
sourceCiphertext, sourceRandomness, err := eg.Encrypt(sourceKeypair.PublicKey, tt.sourceAmount)
@@ -123,7 +123,7 @@ func TestCiphertextCommitmentEqualityProof(t *testing.T) {
123123
func TestCiphertextCommitmentEqualityProof_MarshalUnmarshalJSON(t *testing.T) {
124124
sourcePrivateKey := testutils.GenerateKey()
125125
eg := elgamal.NewTwistedElgamal()
126-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
126+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
127127

128128
amount := big.NewInt(232436)
129129
// Encrypt the source amount
@@ -163,7 +163,7 @@ func TestCiphertextCommitmentEqualityProof_MarshalUnmarshalJSON(t *testing.T) {
163163
func TestNewCiphertextCommitmentEqualityProof_InvalidInput(t *testing.T) {
164164
sourcePrivateKey := testutils.GenerateKey()
165165
eg := elgamal.NewTwistedElgamal()
166-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
166+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
167167

168168
amount := big.NewInt(100)
169169

@@ -223,7 +223,7 @@ func TestNewCiphertextCommitmentEqualityProof_InvalidInput(t *testing.T) {
223223
func TestVerifyCiphertextCommitmentEquality_InvalidInput(t *testing.T) {
224224
sourcePrivateKey := testutils.GenerateKey()
225225
eg := elgamal.NewTwistedElgamal()
226-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
226+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
227227

228228
amount := big.NewInt(100)
229229

@@ -333,7 +333,7 @@ func TestCiphertextCommitmentEqualityProof_IdentityD(t *testing.T) {
333333
// Key generation
334334
sourcePrivateKey := testutils.GenerateKey()
335335
eg := elgamal.NewTwistedElgamal()
336-
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey, TestDenom)
336+
sourceKeypair, _ := eg.KeyGen(*sourcePrivateKey)
337337

338338
// Encrypt the source amount
339339
sourceCiphertext, _, err := eg.Encrypt(sourceKeypair.PublicKey, big.NewInt(100))

0 commit comments

Comments
 (0)