New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: bulletproofs #16

Open
wants to merge 17 commits into
base: secp256k1-zkp
from

Conversation

Projects
None yet
4 participants
@apoelstra
Member

apoelstra commented Nov 27, 2017

Based on rebase of strauss-multiexp from upstream onto -zkp

TODO rangeproof aggregation
TODO const time proving
TODO pippenger support
TODO 48-bit (and generally non-power-of-2) rangeproofs and aggregates
TODO general arithmetic circuit support

@yeastplume yeastplume referenced this pull request Dec 5, 2017

Closed

Bulletproofs #273

/* Compute Ti = t_i*A + tau_i*G for i = 1,2 */
secp256k1_gej_set_ge(&tmpj, genp);
secp256k1_ecmult(ecmult_ctx, &tj[0], &tmpj, &t1, &tau1);
secp256k1_ecmult(ecmult_ctx, &tj[1], &tmpj, &t2, &tau2);

This comment has been minimized.

@apoelstra

apoelstra Jan 19, 2018

Member

Both these ecmult need to be constant time since tau1 and tau2 are secrets.

@jonasnick

This comment has been minimized.

Contributor

jonasnick commented Feb 2, 2018

Doesn't compile:

./src/modules/bulletproof/inner_product_impl.h:49:33: error: ‘MAX_BATCH_QTY’ undeclared here (not in a function)
     secp256k1_scalar randomizer[MAX_BATCH_QTY];
@apoelstra

This comment has been minimized.

Member

apoelstra commented Feb 2, 2018

Try now? that constant is defined in include/secp256k1_bulletproofs.h, maybe I forgot to commit that in an earlier patchset.

@jonasnick

This comment has been minimized.

Contributor

jonasnick commented Feb 2, 2018

Looks like some files in the circuits directory are missing:

src/bench_bulletproof.c:16:18: fatal error: src/modules/bulletproof/circuits/jubjub-3072.circuit: No such file or directory
 #define FILENAME "src/modules/bulletproof/circuits/jubjub-3072.circuit"
row = &w[index];
row->size++;
row->entry = checked_realloc(&ctx->error_callback, row->entry, row->size * sizeof(*row->entry));

This comment has been minimized.

@jonasnick

jonasnick Feb 2, 2018

Contributor

row->entry is never freed

ret->wv = (secp256k1_bulletproof_wmatrix_row *)checked_malloc(&ctx->error_callback, ret->n_commits * sizeof(*ret->wv));
ret->c = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, ret->n_constraints * sizeof(*ret->wl));
ret->scratch = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, ret->n_constraints * sizeof(*ret->scratch));

This comment has been minimized.

@jonasnick

jonasnick Feb 2, 2018

Contributor

scratch is never freed

@benma

This comment has been minimized.

benma commented Mar 13, 2018

Got a compilation error:

$ make 
  CCLD     exhaustive_tests
src/exhaustive_tests-tests_exhaustive.o: In function `secp256k1_bulletproof_circuit_prove':
secp256k1-zkp/src/modules/bulletproof/circuits/jubjub-3072.assn:1: undefined reference to `SECP256K1_SCALAR_CONST'
@apoelstra

This comment has been minimized.

Member

apoelstra commented Mar 13, 2018

@benma sorry, you have to disable exhaustive tests for now.

@apoelstra

This comment has been minimized.

Member

apoelstra commented Mar 13, 2018

update with current state, rebase on current secp256k1-zkp branch. still very much WIP

@apoelstra

This comment has been minimized.

Member

apoelstra commented Mar 31, 2018

@sipa When you get a chance, can you take a look at my rebase branch at https://github.com/apoelstra/secp256k1-mw/tree/secp256k1-zkp-rebase ?

Aside from the rebase, I think this PR is ready for review.

unsigned char* blind,
const unsigned char* proof,
size_t plen,
size_t min_value,

This comment has been minimized.

@yeastplume

yeastplume Apr 12, 2018

Should this not be uint64_t min_value?

This comment has been minimized.

@apoelstra

apoelstra Apr 12, 2018

Member

Yes, it should, thanks.

@apoelstra

This comment has been minimized.

Member

apoelstra commented Oct 10, 2018

Rebased on #23

garyyu pushed a commit to fastgrin/secp256k1-zkp that referenced this pull request Oct 29, 2018

Merge pull request ElementsProject#16 from antiochp/fix_conflicting_c…
…hacha

fix types for secp256k1_scalar_chacha20()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment