Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validity checks #38

Merged
merged 41 commits into from
Feb 1, 2023
Merged

Validity checks #38

merged 41 commits into from
Feb 1, 2023

Conversation

piotr-roslaniec
Copy link

@piotr-roslaniec piotr-roslaniec commented Jan 17, 2023
edited
Loading

Benchmarks

Ciphertext validity

lines

PVSS Validity (optimistic vs full verification)

lines

piotr-roslaniec
piotr-roslaniec commented Jan 18, 2023
View reviewed changes
tpke/src/combine.rs Outdated Show resolved Hide resolved
This was referenced Jan 19, 2023
Merged
Closed
@github-actions
Copy link

Benchmark for a8b951f

Click to view benchmark
Test Base PR %
ENCRYPT DECRYPT/decrypt/1024 6.9±0.14ms 7.0±0.19ms +1.45%
ENCRYPT DECRYPT/decrypt/16384 7.2±0.23ms 7.3±0.19ms +1.39%
ENCRYPT DECRYPT/decrypt/2048 6.9±0.12ms 7.1±0.13ms +2.90%
ENCRYPT DECRYPT/decrypt/256 6.8±0.12ms 7.1±0.23ms +4.41%
ENCRYPT DECRYPT/decrypt/4096 7.0±0.17ms 7.1±0.13ms +1.43%
ENCRYPT DECRYPT/decrypt/512 7.0±0.11ms 7.1±0.10ms +1.43%
ENCRYPT DECRYPT/decrypt/8192 7.1±0.22ms 7.0±0.09ms -1.41%
ENCRYPT DECRYPT/encrypt/1024 8.1±0.10ms 8.0±0.20ms -1.23%
ENCRYPT DECRYPT/encrypt/16384 8.1±0.12ms 8.4±0.37ms +3.70%
ENCRYPT DECRYPT/encrypt/2048 8.0±0.14ms 8.4±0.20ms +5.00%
ENCRYPT DECRYPT/encrypt/256 7.9±0.15ms 8.1±0.14ms +2.53%
ENCRYPT DECRYPT/encrypt/4096 8.0±0.11ms 8.2±0.15ms +2.50%
ENCRYPT DECRYPT/encrypt/512 7.7±0.11ms 8.1±0.30ms +5.19%
ENCRYPT DECRYPT/encrypt/8192 8.0±0.14ms 8.3±0.21ms +3.75%
SHARE COMBINE/share_combine_fast/16 8.3±0.16ms 8.3±0.13ms 0.00%
SHARE COMBINE/share_combine_fast/32 14.7±0.42ms 15.1±0.54ms +2.72%
SHARE COMBINE/share_combine_fast/4 3.4±0.06ms 3.5±0.08ms +2.94%
SHARE COMBINE/share_combine_fast/64 28.0±0.37ms 28.0±0.85ms 0.00%
SHARE COMBINE/share_combine_fast/8 5.0±0.09ms 5.2±0.09ms +4.00%
SHARE COMBINE/share_combine_simple/16 40.9±1.17ms 40.8±0.73ms -0.24%
SHARE COMBINE/share_combine_simple/32 79.4±1.92ms 80.6±1.95ms +1.51%
SHARE COMBINE/share_combine_simple/4 10.5±0.23ms 10.7±0.23ms +1.90%
SHARE COMBINE/share_combine_simple/64 166.0±3.65ms 164.9±2.73ms -0.66%
SHARE COMBINE/share_combine_simple/8 21.1±0.64ms 21.8±0.72ms +3.32%
SHARE CREATE/share_create_fast/16 153.8±5.53ns 111.3±3.97ms +72366610.01%
SHARE CREATE/share_create_fast/32 213.9±4.05ns 219.9±4.72ms +102804949.09%
SHARE CREATE/share_create_fast/4 32.6±0.75ns 27.3±0.48ms +83742231.29%
SHARE CREATE/share_create_fast/64 368.1±8.55ns 466.6±9.43ms +126758932.87%
SHARE CREATE/share_create_fast/8 49.3±1.05ns 54.5±1.55ms +110547567.34%
SHARE CREATE/share_create_simple/16 37.6±0.91ms 146.4±2.53ms +289.36%
SHARE CREATE/share_create_simple/32 75.6±1.85ms 303.0±9.26ms +300.79%
SHARE CREATE/share_create_simple/4 9.8±0.17ms 36.9±0.58ms +276.53%
SHARE CREATE/share_create_simple/64 151.4±2.56ms 601.6±6.74ms +297.36%
SHARE CREATE/share_create_simple/8 19.9±0.64ms 73.8±2.22ms +270.85%
SHARE PREPARE/share_prepare_fast/16 22.9±0.49ms 22.6±0.67ms -1.31%
SHARE PREPARE/share_prepare_fast/32 47.2±1.48ms 47.1±0.77ms -0.21%
SHARE PREPARE/share_prepare_fast/4 5.2±0.14ms 5.0±0.12ms -3.85%
SHARE PREPARE/share_prepare_fast/64 94.2±3.00ms 100.2±1.61ms +6.37%
SHARE PREPARE/share_prepare_fast/8 11.3±0.39ms 11.5±0.12ms +1.77%
SHARE PREPARE/share_prepare_simple/16 1756.3±36.11µs 1698.6±32.65µs -3.29%
SHARE PREPARE/share_prepare_simple/32 7.3±0.21ms 7.3±0.21ms 0.00%
SHARE PREPARE/share_prepare_simple/4 36.4±1.08µs 37.8±0.93µs +3.85%
SHARE PREPARE/share_prepare_simple/64 30.3±0.92ms 30.9±1.57ms +1.98%
SHARE PREPARE/share_prepare_simple/8 358.9±5.60µs 384.4±8.73µs +7.11%
final_exponentiation/BLS12-381 final_exponentiation/1 1383.2±68.42µs 1356.6±45.16µs -1.92%
final_exponentiation/BLS12-381 final_exponentiation/16 1354.3±59.69µs 1371.7±67.36µs +1.28%
final_exponentiation/BLS12-381 final_exponentiation/2 1369.7±56.84µs 1411.3±122.54µs +3.04%
final_exponentiation/BLS12-381 final_exponentiation/32 1394.7±41.12µs 1361.7±49.09µs -2.37%
final_exponentiation/BLS12-381 final_exponentiation/4 1359.3±63.64µs 1362.1±61.60µs +0.21%
final_exponentiation/BLS12-381 final_exponentiation/64 1389.6±47.59µs 1380.6±53.46µs -0.65%
final_exponentiation/BLS12-381 final_exponentiation/8 1382.0±46.86µs 1352.9±50.56µs -2.11%
into_affine/G1Projective 9.6±0.41µs 9.6±0.62µs 0.00%
into_affine/G2Projective 11.0±0.45µs 11.1±0.54µs +0.91%
into_projective/G1Affine 8.7±0.53ns 8.6±0.39ns -1.15%
into_projective/G2Affine 25.0±0.97ns 23.6±1.01ns -5.60%
miller_loop/BLS12-381 miller_loop/1 744.3±41.05µs 760.7±31.47µs +2.20%
miller_loop/BLS12-381 miller_loop/16 7.2±0.23ms 6.9±0.33ms -4.17%
miller_loop/BLS12-381 miller_loop/2 1144.3±56.90µs 1182.4±44.97µs +3.33%
miller_loop/BLS12-381 miller_loop/32 14.1±0.54ms 13.6±0.71ms -3.55%
miller_loop/BLS12-381 miller_loop/4 1988.5±182.91µs 1985.8±57.43µs -0.14%
miller_loop/BLS12-381 miller_loop/64 27.2±1.52ms 26.8±1.12ms -1.47%
miller_loop/BLS12-381 miller_loop/8 3.7±0.17ms 3.7±0.14ms 0.00%
mul/G1Affine 311.7±12.43µs 301.1±13.58µs -3.40%
mul/G1Projective 366.3±17.07µs 355.7±20.51µs -2.89%
mul/G2Affine 999.4±38.98µs 997.7±37.51µs -0.17%
mul/G2Projective 1176.6±45.23µs 1192.3±43.16µs +1.33%
pairing/BLS12-381 pairing 2.5±0.09ms 2.4±0.09ms -4.00%
pow/Fqk 2.6±0.10ms 2.7±0.18ms +3.85%
prepare_gx/G1Affine 7.1±0.30ns 7.0±0.26ns -1.41%
prepare_gx/G2Affine 246.6±11.20µs 244.5±9.25µs -0.85%
product_of_pairings/BLS12-381 product_of_pairings/1 2.2±0.06ms 2.2±0.07ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/16 8.5±0.07ms 8.4±0.13ms -1.18%
product_of_pairings/BLS12-381 product_of_pairings/2 2.7±0.03ms 2.5±0.03ms -7.41%
product_of_pairings/BLS12-381 product_of_pairings/32 15.1±0.28ms 15.1±0.31ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/4 3.4±0.06ms 3.3±0.06ms -2.94%
product_of_pairings/BLS12-381 product_of_pairings/64 28.9±0.22ms 27.9±0.44ms -3.46%
product_of_pairings/BLS12-381 product_of_pairings/8 5.1±0.13ms 5.0±0.10ms -1.96%
random_polynomial_evaluation/random_polynomial_ark/16 742.4±19.68ns 704.6±13.57ns -5.09%
random_polynomial_evaluation/random_polynomial_ark/2 108.9±2.75ns 107.5±2.10ns -1.29%
random_polynomial_evaluation/random_polynomial_ark/32 1342.5±36.84ns 1233.7±36.13ns -8.10%
random_polynomial_evaluation/random_polynomial_ark/4 166.7±3.18ns 161.1±2.62ns -3.36%
random_polynomial_evaluation/random_polynomial_ark/64 2.4±0.05µs 2.2±0.05µs -8.33%
random_polynomial_evaluation/random_polynomial_ark/8 379.6±6.07ns 378.6±8.08ns -0.26%
random_polynomial_evaluation/random_polynomial_naive/16 3.3±0.09µs 3.3±0.06µs 0.00%
random_polynomial_evaluation/random_polynomial_naive/2 541.9±8.18ns 517.5±9.93ns -4.50%
random_polynomial_evaluation/random_polynomial_naive/32 6.4±0.11µs 6.2±0.19µs -3.13%
random_polynomial_evaluation/random_polynomial_naive/4 905.3±16.68ns 892.1±13.67ns -1.46%
random_polynomial_evaluation/random_polynomial_naive/64 12.6±0.31µs 12.4±0.15µs -1.59%
random_polynomial_evaluation/random_polynomial_naive/8 1709.5±80.23ns 1686.8±38.14ns -1.33%

@github-actions
Copy link

Benchmark for 190d8bf

Click to view benchmark
Test Base PR %
ENCRYPT DECRYPT/decrypt/1024 5.9±0.00ms 5.9±0.00ms 0.00%
ENCRYPT DECRYPT/decrypt/16384 6.0±0.00ms 6.0±0.00ms 0.00%
ENCRYPT DECRYPT/decrypt/2048 5.9±0.00ms 5.9±0.00ms 0.00%
ENCRYPT DECRYPT/decrypt/256 5.9±0.00ms 5.9±0.00ms 0.00%
ENCRYPT DECRYPT/decrypt/4096 5.9±0.00ms 5.9±0.00ms 0.00%
ENCRYPT DECRYPT/decrypt/512 5.9±0.01ms 5.9±0.01ms 0.00%
ENCRYPT DECRYPT/decrypt/8192 6.0±0.00ms 6.0±0.00ms 0.00%
ENCRYPT DECRYPT/encrypt/1024 6.8±0.00ms 6.8±0.01ms 0.00%
ENCRYPT DECRYPT/encrypt/16384 7.0±0.00ms 7.0±0.00ms 0.00%
ENCRYPT DECRYPT/encrypt/2048 6.9±0.00ms 6.9±0.00ms 0.00%
ENCRYPT DECRYPT/encrypt/256 6.8±0.01ms 6.8±0.01ms 0.00%
ENCRYPT DECRYPT/encrypt/4096 6.9±0.01ms 6.9±0.02ms 0.00%
ENCRYPT DECRYPT/encrypt/512 6.8±0.01ms 6.8±0.00ms 0.00%
ENCRYPT DECRYPT/encrypt/8192 6.9±0.01ms 6.9±0.00ms 0.00%
SHARE COMBINE/share_combine_fast/16 7.2±0.00ms 7.2±0.01ms 0.00%
SHARE COMBINE/share_combine_fast/32 12.9±0.00ms 12.9±0.00ms 0.00%
SHARE COMBINE/share_combine_fast/4 2.9±0.00ms 2.9±0.00ms 0.00%
SHARE COMBINE/share_combine_fast/64 24.3±0.01ms 24.3±0.01ms 0.00%
SHARE COMBINE/share_combine_fast/8 4.3±0.00ms 4.4±0.00ms +2.33%
SHARE COMBINE/share_combine_simple/16 36.4±0.01ms 36.7±0.01ms +0.82%
SHARE COMBINE/share_combine_simple/32 69.7±0.01ms 70.4±0.02ms +1.00%
SHARE COMBINE/share_combine_simple/4 9.2±0.00ms 9.3±0.00ms +1.09%
SHARE COMBINE/share_combine_simple/64 146.7±0.02ms 148.3±0.03ms +1.09%
SHARE COMBINE/share_combine_simple/8 18.1±0.00ms 18.3±0.00ms +1.10%
SHARE CREATE/share_create_fast/16 110.3±0.11ns 99.0±0.03ms +89755113.06%
SHARE CREATE/share_create_fast/32 143.8±0.49ns 197.9±0.03ms +137621596.80%
SHARE CREATE/share_create_fast/4 24.7±0.16ns 24.7±0.01ms +99999900.00%
SHARE CREATE/share_create_fast/64 242.0±0.30ns 395.8±0.06ms +163553619.01%
SHARE CREATE/share_create_fast/8 38.1±0.03ns 49.4±0.09ms +129658692.65%
SHARE CREATE/share_create_simple/16 34.0±0.01ms 128.2±0.02ms +277.06%
SHARE CREATE/share_create_simple/32 68.1±0.03ms 256.8±0.06ms +277.09%
SHARE CREATE/share_create_simple/4 8.5±0.00ms 32.1±0.01ms +277.65%
SHARE CREATE/share_create_simple/64 136.2±0.03ms 513.0±0.13ms +276.65%
SHARE CREATE/share_create_simple/8 17.0±0.01ms 64.1±0.01ms +277.06%
SHARE PREPARE/share_prepare_fast/16 19.6±0.00ms 19.6±0.00ms 0.00%
SHARE PREPARE/share_prepare_fast/32 40.1±0.01ms 40.1±0.03ms 0.00%
SHARE PREPARE/share_prepare_fast/4 4.5±0.01ms 4.5±0.00ms 0.00%
SHARE PREPARE/share_prepare_fast/64 82.7±0.02ms 81.9±0.01ms -0.97%
SHARE PREPARE/share_prepare_fast/8 9.5±0.00ms 9.5±0.00ms 0.00%
SHARE PREPARE/share_prepare_simple/16 1701.3±5.04µs 1700.2±4.80µs -0.06%
SHARE PREPARE/share_prepare_simple/32 7.3±0.05ms 7.4±0.03ms +1.37%
SHARE PREPARE/share_prepare_simple/4 29.1±0.01µs 29.1±0.00µs 0.00%
SHARE PREPARE/share_prepare_simple/64 30.3±0.06ms 30.3±0.04ms 0.00%
SHARE PREPARE/share_prepare_simple/8 320.8±0.29µs 317.9±0.25µs -0.90%
final_exponentiation/BLS12-381 final_exponentiation/1 1138.8±3.58µs 1141.7±7.11µs +0.25%
final_exponentiation/BLS12-381 final_exponentiation/16 1144.7±4.46µs 1144.9±3.70µs +0.02%
final_exponentiation/BLS12-381 final_exponentiation/2 1140.7±4.51µs 1140.0±3.62µs -0.06%
final_exponentiation/BLS12-381 final_exponentiation/32 1145.3±29.59µs 1142.0±4.63µs -0.29%
final_exponentiation/BLS12-381 final_exponentiation/4 1140.5±3.78µs 1142.7±4.09µs +0.19%
final_exponentiation/BLS12-381 final_exponentiation/64 1142.0±5.15µs 1141.7±4.47µs -0.03%
final_exponentiation/BLS12-381 final_exponentiation/8 1141.1±3.65µs 1142.9±6.45µs +0.16%
into_affine/G1Projective 6.9±0.00µs 6.9±0.01µs 0.00%
into_affine/G2Projective 8.1±0.01µs 8.0±0.01µs -1.23%
into_projective/G1Affine 8.2±0.01ns 8.2±0.01ns 0.00%
into_projective/G2Affine 18.9±0.06ns 20.1±0.02ns +6.35%
miller_loop/BLS12-381 miller_loop/1 589.5±1.81µs 589.7±1.39µs +0.03%
miller_loop/BLS12-381 miller_loop/16 6.0±0.01ms 6.0±0.01ms 0.00%
miller_loop/BLS12-381 miller_loop/2 953.7±2.23µs 953.9±1.92µs +0.02%
miller_loop/BLS12-381 miller_loop/32 11.7±0.01ms 11.7±0.01ms 0.00%
miller_loop/BLS12-381 miller_loop/4 1675.8±11.79µs 1677.2±6.98µs +0.08%
miller_loop/BLS12-381 miller_loop/64 23.1±0.01ms 23.1±0.08ms 0.00%
miller_loop/BLS12-381 miller_loop/8 3.1±0.00ms 3.1±0.00ms 0.00%
mul/G1Affine 260.3±0.17µs 260.7±0.12µs +0.15%
mul/G1Projective 308.8±0.15µs 308.8±0.15µs 0.00%
mul/G2Affine 807.4±3.08µs 807.2±1.30µs -0.02%
mul/G2Projective 969.7±2.16µs 971.3±1.66µs +0.16%
pairing/BLS12-381 pairing 2.1±0.00ms 2.1±0.00ms 0.00%
pow/Fqk 2.3±0.00ms 2.3±0.00ms 0.00%
prepare_gx/G1Affine 6.4±0.01ns 6.4±0.01ns 0.00%
prepare_gx/G2Affine 199.7±0.11µs 199.9±0.72µs +0.10%
product_of_pairings/BLS12-381 product_of_pairings/1 1837.0±1.91µs 1838.4±1.05µs +0.08%
product_of_pairings/BLS12-381 product_of_pairings/16 7.2±0.00ms 7.3±0.00ms +1.39%
product_of_pairings/BLS12-381 product_of_pairings/2 2.2±0.00ms 2.2±0.00ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/32 13.0±0.00ms 13.0±0.00ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/4 2.9±0.00ms 2.9±0.00ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/64 24.4±0.01ms 24.4±0.01ms 0.00%
product_of_pairings/BLS12-381 product_of_pairings/8 4.4±0.00ms 4.4±0.00ms 0.00%
random_polynomial_evaluation/random_polynomial_ark/16 587.7±0.30ns 610.4±0.75ns +3.86%
random_polynomial_evaluation/random_polynomial_ark/2 88.2±0.04ns 87.8±0.09ns -0.45%
random_polynomial_evaluation/random_polynomial_ark/32 1101.4±0.86ns 1082.8±0.75ns -1.69%
random_polynomial_evaluation/random_polynomial_ark/4 142.0±0.05ns 141.3±0.06ns -0.49%
random_polynomial_evaluation/random_polynomial_ark/64 1941.5±0.37ns 2.0±0.02µs +3.01%
random_polynomial_evaluation/random_polynomial_ark/8 319.7±0.89ns 316.2±0.08ns -1.09%
random_polynomial_evaluation/random_polynomial_naive/16 3.0±0.00µs 3.0±0.00µs 0.00%
random_polynomial_evaluation/random_polynomial_naive/2 448.1±0.06ns 447.9±0.09ns -0.04%
random_polynomial_evaluation/random_polynomial_naive/32 5.8±0.00µs 5.8±0.00µs 0.00%
random_polynomial_evaluation/random_polynomial_naive/4 819.1±0.10ns 811.6±0.15ns -0.92%
random_polynomial_evaluation/random_polynomial_naive/64 11.5±0.00µs 11.6±0.02µs +0.87%
random_polynomial_evaluation/random_polynomial_naive/8 1543.1±0.28ns 1544.4±0.14ns +0.08%

@piotr-roslaniec piotr-roslaniec mentioned this pull request Jan 23, 2023
Merged
5 tasks
@piotr-roslaniec piotr-roslaniec changed the base branch from main to dkg-pvss-flow January 23, 2023 17:05
Base automatically changed from dkg-pvss-flow to main January 23, 2023 17:40
@piotr-roslaniec
Merge branch 'main' into validity-checks
208d95c 
# Conflicts:
#	.github/workflows/workspace.yml
#	ferveo/benches/benchmarks/pvdkg.rs
#	ferveo/src/dkg/pv.rs
#	ferveo/src/vss/pvss.rs
#	tpke/src/ciphertext.rs
#	tpke/src/combine.rs
#	tpke/src/context.rs
#	tpke/src/decryption.rs
#	tpke/src/key_share.rs
#	tpke/src/lib.rs
@piotr-roslaniec piotr-roslaniec marked this pull request as ready for review January 23, 2023 18:49
theref
theref reviewed Jan 24, 2023
View reviewed changes
Copy link

@theref theref left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, only suggestion is to benchmark verify_optimistic and verify_full

@piotr-roslaniec
Copy link
Author

@theref Added missing benchmarks, please see the dropdown in the OP.

cygnusv
cygnusv reviewed Feb 1, 2023
View reviewed changes
ferveo/src/vss/pvss.rs Outdated
Comment on lines 159 to 160
// Y = \sum_i y_i \alpha^i
// A = \sum_i a_i \alpha^i
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Y = \sum_i y_i \alpha^i
// A = \sum_i a_i \alpha^i

I think these lines are outdated, there's no alpha_i anymore

ferveo/src/vss/pvss.rs Outdated
@@ -335,6 +338,28 @@ mod test_pvss {
assert!(!pvss.verify_optimistic());
}

/// Check that if PVSS shares are tempered with, the full verification fails
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// Check that if PVSS shares are tempered with, the full verification fails
/// Check that if PVSS shares are tampered with, the full verification fails

ferveo/src/vss/pvss.rs
// Optimistic verification should not catch this issue
assert!(bad_pvss.verify_optimistic());
// Full verification should catch this issue
assert!(!bad_pvss.verify_full(&dkg));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice test

tpke/src/ciphertext.rs Outdated
pub fn check_ciphertext_validity<E: PairingEngine>(
c: &Ciphertext<E>,
aad: &[u8],
) -> bool {
) -> Result<()> {
let g_inv = E::G1Prepared::from(-E::G1Affine::prime_subgroup_generator());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we take this from SetupParams?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we just need to pass g_inv through a lot of places. See my latest commit for details.

@piotr-roslaniec piotr-roslaniec merged commit 168bde6 into main Feb 1, 2023
@piotr-roslaniec piotr-roslaniec deleted the validity-checks branch February 1, 2023 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theref theref theref approved these changes

@cygnusv cygnusv cygnusv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
v7.0.0 (TACo)
Status: Completed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@piotr-roslaniec @cygnusv @theref