/secp256k1-zkp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: bulletproofs #16

Open
wants to merge 17 commits into
base: secp256k1-zkp
from

Conversation

Reviewers

@jonasnick jonasnick

@yeastplume yeastplume

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@apoelstra @jonasnick @benma @yeastplume
@apoelstra
Member

apoelstra commented Nov 27, 2017
edited

Based on rebase of strauss-multiexp from upstream onto -zkp

TODO rangeproof aggregation
TODO const time proving
TODO pippenger support
TODO 48-bit (and generally non-power-of-2) rangeproofs and aggregates
TODO general arithmetic circuit support

@yeastplume yeastplume referenced this pull request Dec 5, 2017

Closed

Bulletproofs #273

src/modules/bulletproof/rangeproof_impl.h Outdated
/* Compute Ti = t_i*A + tau_i*G for i = 1,2 */
secp256k1_gej_set_ge(&tmpj, genp);
secp256k1_ecmult(ecmult_ctx, &tj[0], &tmpj, &t1, &tau1);
secp256k1_ecmult(ecmult_ctx, &tj[1], &tmpj, &t2, &tau2);

This comment has been minimized.

Sign in to view
Copy link
@apoelstra

apoelstra Jan 19, 2018

Member

Both these ecmult need to be constant time since tau1 and tau2 are secrets.
@jonasnick

This comment has been minimized.

Sign in to view
Contributor

jonasnick commented Feb 2, 2018

Doesn't compile:

./src/modules/bulletproof/inner_product_impl.h:49:33: error: ‘MAX_BATCH_QTY’ undeclared here (not in a function)
     secp256k1_scalar randomizer[MAX_BATCH_QTY];
@apoelstra

This comment has been minimized.

Sign in to view
Member

apoelstra commented Feb 2, 2018

Try now? that constant is defined in include/secp256k1_bulletproofs.h, maybe I forgot to commit that in an earlier patchset.
@jonasnick

This comment has been minimized.

Sign in to view
Contributor

jonasnick commented Feb 2, 2018

Looks like some files in the circuits directory are missing:

src/bench_bulletproof.c:16:18: fatal error: src/modules/bulletproof/circuits/jubjub-3072.circuit: No such file or directory
 #define FILENAME "src/modules/bulletproof/circuits/jubjub-3072.circuit"
src/modules/bulletproof/parser_impl.h Outdated
row = &w[index];
row->size++;
row->entry = checked_realloc(&ctx->error_callback, row->entry, row->size * sizeof(*row->entry));

This comment has been minimized.

Sign in to view
Copy link
@jonasnick

jonasnick Feb 2, 2018

Contributor

row->entry is never freed
src/modules/bulletproof/parser_impl.h Outdated
ret->wv = (secp256k1_bulletproof_wmatrix_row *)checked_malloc(&ctx->error_callback, ret->n_commits * sizeof(*ret->wv));
ret->c = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, ret->n_constraints * sizeof(*ret->wl));
ret->scratch = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, ret->n_constraints * sizeof(*ret->scratch));

This comment has been minimized.

Sign in to view
Copy link
@jonasnick

jonasnick Feb 2, 2018

Contributor

scratch is never freed
@benma

This comment has been minimized.

Sign in to view

benma commented Mar 13, 2018

Got a compilation error:

$ make 
  CCLD     exhaustive_tests
src/exhaustive_tests-tests_exhaustive.o: In function `secp256k1_bulletproof_circuit_prove':
secp256k1-zkp/src/modules/bulletproof/circuits/jubjub-3072.assn:1: undefined reference to `SECP256K1_SCALAR_CONST'
@apoelstra

This comment has been minimized.

Sign in to view
Member

apoelstra commented Mar 13, 2018

@benma sorry, you have to disable exhaustive tests for now.
@apoelstra

This comment has been minimized.

Sign in to view
Member

apoelstra commented Mar 13, 2018

update with current state, rebase on current secp256k1-zkp branch. still very much WIP
@apoelstra

This comment has been minimized.

Sign in to view
Member

apoelstra commented Mar 31, 2018

@sipa When you get a chance, can you take a look at my rebase branch at https://github.com/apoelstra/secp256k1-mw/tree/secp256k1-zkp-rebase ?

Aside from the rebase, I think this PR is ready for review.
include/secp256k1_bulletproofs.h Outdated
unsigned char* blind,
const unsigned char* proof,
size_t plen,
size_t min_value,

This comment has been minimized.

Sign in to view
Copy link
@yeastplume

yeastplume Apr 12, 2018

Should this not be uint64_t min_value?

This comment has been minimized.

Sign in to view
Copy link
@apoelstra

apoelstra Apr 12, 2018

Member

Yes, it should, thanks.

@yeastplume yeastplume referenced this pull request Apr 16, 2018

Closed

Bulletproofs - Size change and other issues #962

@apoelstra apoelstra referenced this pull request May 25, 2018

Open

Bulletproofs (rangeproofs only) #23

@apoelstra

This comment has been minimized.

Sign in to view
Member

apoelstra commented Oct 10, 2018

Rebased on #23

garyyu pushed a commit to fastgrin/secp256k1-zkp that referenced this pull request Oct 29, 2018

@antiochp
Merge pull request ElementsProject#16 from antiochp/fix_conflicting_c… 
…hacha

fix types for secp256k1_scalar_chacha20()
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
4d9c58c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment