Browse Source

combinecomm_noverify becomes agg to match the paper

Ian Goldberg 11 months ago
parent
commit
781bb6e9f4
2 changed files with 27 additions and 16 deletions
  1. 1 1
      src/arctic.rs
  2. 26 15
      src/shine.rs

+ 1 - 1
src/arctic.rs

@@ -135,7 +135,7 @@ pub fn combine_polys(
 
 
     // Check the answer
     // Check the answer
 
 
-    let combcomm = shine::combinecomm_polys_noverify(t, lag_polys, commitments);
+    let combcomm = shine::agg_polys(t, lag_polys, commitments);
     let c = hash2(&combcomm, pk, msg);
     let c = hash2(&combcomm, pk, msg);
 
 
     if shine::commit(&z) == combcomm + c * pk {
     if shine::commit(&z) == combcomm + c * pk {

+ 26 - 15
src/shine.rs

@@ -233,19 +233,31 @@ pub fn combinecomm_polys(
     ))
     ))
 }
 }
 
 
-// A version of the above that skips the verification.  This can be
-// used, for example, if you can check that the output is correct by
-// verifying a signature.
-pub fn combinecomm_polys_noverify(
+// Combine commitments. Return None if the commitments are not
+// consistent with the given t.  You must pass at least 2t-1
+// commitments, and the same size of coalition.
+pub fn combinecomm(
+    t: u32,
+    coalition: &[u32],
+    commitments: &[RistrettoPoint],
+) -> Option<RistrettoPoint> {
+    let polys = lagrange_polys(coalition);
+    combinecomm_polys(t, &polys, commitments)
+}
+
+// Combine already-verified commitments using precomputed Lagrange
+// polynomials.  You must pass at least 2t-1 commitments, and the same
+// number of lag_polys.
+pub fn agg_polys(
     t: u32,
     t: u32,
     lag_polys: &[ScalarPoly],
     lag_polys: &[ScalarPoly],
     commitments: &[RistrettoPoint],
     commitments: &[RistrettoPoint],
 ) -> RistrettoPoint {
 ) -> RistrettoPoint {
-    let mu = commitments.len();
+    let coalition_size = commitments.len();
     assert!(t >= 1);
     assert!(t >= 1);
-    assert!(mu >= 2 * (t as usize) - 1);
-    assert!(mu == lag_polys.len());
-    assert!(mu == lag_polys[0].coeffs.len());
+    assert!(coalition_size >= 2 * (t as usize) - 1);
+    assert!(coalition_size == lag_polys.len());
+    assert!(coalition_size == lag_polys[0].coeffs.len());
 
 
     // Use this to compute the multiscalar multiplications
     // Use this to compute the multiscalar multiplications
     let multiscalar = VartimeRistrettoPrecomputation::new(Vec::<RistrettoPoint>::new());
     let multiscalar = VartimeRistrettoPrecomputation::new(Vec::<RistrettoPoint>::new());
@@ -253,21 +265,20 @@ pub fn combinecomm_polys_noverify(
     // Compute B_0 (which is the combined commitment) and return it
     // Compute B_0 (which is the combined commitment) and return it
     multiscalar.vartime_mixed_multiscalar_mul(
     multiscalar.vartime_mixed_multiscalar_mul(
         &Vec::<Scalar>::new(),
         &Vec::<Scalar>::new(),
-        (0..mu).map(|j| lag_polys[j].coeffs[0]),
+        (0..coalition_size).map(|j| lag_polys[j].coeffs[0]),
         commitments,
         commitments,
     )
     )
 }
 }
 
 
-// Combine commitments. Return None if the commitments are not
-// consistent with the given t.  You must pass at least 2t-1
-// commitments, and the same size of coalition.
-pub fn combinecomm(
+// Combine already-verified commitments. You must pass at least 2t-1
+// commitments, and the same number of lag_polys.
+pub fn agg(
     t: u32,
     t: u32,
     coalition: &[u32],
     coalition: &[u32],
     commitments: &[RistrettoPoint],
     commitments: &[RistrettoPoint],
-) -> Option<RistrettoPoint> {
+) -> RistrettoPoint {
     let polys = lagrange_polys(coalition);
     let polys = lagrange_polys(coalition);
-    combinecomm_polys(t, &polys, commitments)
+    agg_polys(t, &polys, commitments)
 }
 }
 
 
 #[test]
 #[test]