apply pr suggestions

theref · Jan 9, 2023 · 6dc7173 · 6dc7173
1 parent 526d198
commit 6dc7173
Show file tree

Hide file tree

Showing 7 changed files with 109 additions and 77 deletions.
diff --git a/tpke-wasm/src/lib.rs b/tpke-wasm/src/lib.rs
@@ -14,8 +14,8 @@ pub type E = ark_bls12_381::Bls12_381;
 pub type TpkePublicKey = ark_bls12_381::G1Affine;
 pub type TpkePrivateKey = ark_bls12_381::G2Affine;
 pub type TpkeCiphertext = tpke::Ciphertext<E>;
-pub type TpkeDecryptionShare = tpke::DecryptionShare<E>;
-pub type TpkePublicDecryptionContext = tpke::PublicDecryptionContext<E>;
+pub type TpkeDecryptionShare = tpke::DecryptionShareFast<E>;
+pub type TpkePublicDecryptionContext = tpke::PublicDecryptionContextFast<E>;
 pub type TpkeSharedSecret =
     <ark_bls12_381::Bls12_381 as ark_ec::PairingEngine>::Fqk;
 
@@ -168,13 +168,16 @@ impl Setup {
 
         let mut rng = rand::thread_rng();
         let (public_key, private_key, contexts) =
-            tpke::setup::<E>(threshold, shares_num, &mut rng);
+            tpke::setup_fast::<E>(threshold, shares_num, &mut rng);
         let private_contexts = contexts
             .clone()
             .into_iter()
             .map(|x| {
                 PrivateDecryptionContext(
-                    tpke::api::PrivateDecryptionContext::new(&x.b_inv, x.index),
+                    tpke::api::PrivateDecryptionContext::new(
+                        &x.setup_params.b_inv,
+                        x.index,
+                    ),
                 )
             })
             .collect();
@@ -282,9 +285,11 @@ impl SharedSecretBuilder {
         }
 
         let prepared_blinded_key_shares =
-            tpke::prepare_combine(&self.contexts, &self.shares);
-        let shared_secret =
-            tpke::share_combine(&self.shares, &prepared_blinded_key_shares);
+            tpke::prepare_combine_fast(&self.contexts, &self.shares);
+        let shared_secret = tpke::share_combine_fast(
+            &self.shares,
+            &prepared_blinded_key_shares,
+        );
         SharedSecret(shared_secret)
     }
 }

diff --git a/tpke/benches/benchmarks.rs b/tpke/benches/benchmarks.rs
@@ -20,12 +20,13 @@ pub fn bench_decryption(c: &mut Criterion) {
         type E = ark_bls12_381::Bls12_381;
         let threshold = num_shares * 2 / 3;
 
-        let (pubkey, _, contexts) = setup::<E>(threshold, num_shares, &mut rng);
+        let (pubkey, _, contexts) =
+            setup_fast::<E>(threshold, num_shares, &mut rng);
 
         // let mut messages: Vec<[u8; NUM_OF_TX]> = vec![];
         let mut messages: Vec<Vec<u8>> = vec![];
         let mut ciphertexts: Vec<Ciphertext<E>> = vec![];
-        let mut dec_shares: Vec<Vec<DecryptionShare<E>>> =
+        let mut dec_shares: Vec<Vec<DecryptionShareFast<E>>> =
             Vec::with_capacity(ciphertexts.len());
         for j in 0..num_msg {
             // let mut msg: [u8; NUM_OF_TX] = [0u8; NUM_OF_TX];
@@ -40,16 +41,16 @@ pub fn bench_decryption(c: &mut Criterion) {
                 dec_shares[j].push(ctx.create_share(&ciphertexts[j]));
             }
         }
-        let prepared_blinded_key_shares = prepare_combine(
+        let prepared_blinded_key_shares = prepare_combine_fast(
             &contexts[0].public_decryption_contexts,
             &dec_shares[0],
         );
 
         move || {
-            let shares: Vec<Vec<DecryptionShare<E>>> = dec_shares.clone();
+            let shares: Vec<Vec<DecryptionShareFast<E>>> = dec_shares.clone();
 
             for i in 0..ciphertexts.len() {
-                black_box(share_combine(
+                black_box(share_combine_fast(
                     &shares[i],
                     &prepared_blinded_key_shares,
                 ));
@@ -69,12 +70,13 @@ pub fn bench_decryption(c: &mut Criterion) {
         type E = ark_bls12_381::Bls12_381;
         let threshold = num_shares * 2 / 3;
 
-        let (pubkey, _, contexts) = setup::<E>(threshold, num_shares, &mut rng);
+        let (pubkey, _, contexts) =
+            setup_fast::<E>(threshold, num_shares, &mut rng);
 
         // let mut messages: Vec<[u8; NUM_OF_TX]> = vec![];
         let mut messages: Vec<Vec<u8>> = vec![];
         let mut ciphertexts: Vec<Ciphertext<E>> = vec![];
-        let mut dec_shares: Vec<Vec<DecryptionShare<E>>> =
+        let mut dec_shares: Vec<Vec<DecryptionShareFast<E>>> =
             Vec::with_capacity(ciphertexts.len());
         for j in 0..num_msg {
             // let mut msg: [u8; NUM_OF_TX] = [0u8; NUM_OF_TX];
@@ -93,16 +95,16 @@ pub fn bench_decryption(c: &mut Criterion) {
         move || {
             let rng = &mut ark_std::test_rng();
             let c: Vec<Ciphertext<E>> = ciphertexts.clone();
-            let shares: Vec<Vec<DecryptionShare<E>>> = dec_shares.clone();
+            let shares: Vec<Vec<DecryptionShareFast<E>>> = dec_shares.clone();
 
             contexts[0].batch_verify_decryption_shares(&c, &shares, rng);
-            let prepared_blinded_key_shares = prepare_combine(
+            let prepared_blinded_key_shares = prepare_combine_fast(
                 &contexts[0].public_decryption_contexts,
                 &dec_shares[0],
             );
 
             for i in 0..ciphertexts.len() {
-                black_box(share_combine(
+                black_box(share_combine_fast(
                     &shares[i],
                     &prepared_blinded_key_shares,
                 ));

diff --git a/tpke/src/api.rs b/tpke/src/api.rs
@@ -13,8 +13,8 @@ type E = ark_bls12_381::Bls12_381;
 type TpkePublicKey = ark_bls12_381::G1Affine;
 type TpkePrivateKey = ark_bls12_381::G2Affine;
 type TpkeCiphertext = crate::Ciphertext<E>;
-type TpkeDecryptionShare = crate::DecryptionShare<E>;
-type TpkePublicDecryptionContext = crate::PublicDecryptionContext<E>;
+type TpkeDecryptionShare = crate::DecryptionShareFast<E>;
+type TpkePublicDecryptionContext = crate::PublicDecryptionContextFast<E>;
 type TpkeSharedSecret =
     <ark_bls12_381::Bls12_381 as ark_ec::PairingEngine>::Fqk;
 

diff --git a/tpke/src/combine.rs b/tpke/src/combine.rs
@@ -1,12 +1,13 @@
 #![allow(non_snake_case)]
 #![allow(dead_code)]
+
 use crate::*;
 use ark_ec::ProjectiveCurve;
 use itertools::zip_eq;
 
-pub fn prepare_combine<E: PairingEngine>(
-    public_decryption_contexts: &[PublicDecryptionContext<E>],
-    shares: &[DecryptionShare<E>],
+pub fn prepare_combine_fast<E: PairingEngine>(
+    public_decryption_contexts: &[PublicDecryptionContextFast<E>],
+    shares: &[DecryptionShareFast<E>],
 ) -> Vec<E::G2Prepared> {
     let mut domain = vec![]; // omega_i, vector of domain points
     let mut n_0 = E::Fr::one();
@@ -42,26 +43,39 @@ pub fn prepare_combine<E: PairingEngine>(
         })
         .collect::<Vec<_>>()
 }
+
 pub fn prepare_combine_simple<E: PairingEngine>(
-    shares_x: &[E::Fr],
+    pub_contexts: &[PublicDecryptionContextSimple<E>],
+) -> Vec<E::Fr> {
+    let shares_x = pub_contexts
+        .iter()
+        .map(|ctxt| ctxt.domain)
+        .collect::<Vec<_>>();
+
+    // In this formula x_i = 0, hence numerator is x_m
+    lagrange_coeffs_at::<E>(&shares_x, &E::Fr::zero())
+}
+
+fn lagrange_coeffs_at<E: PairingEngine>(
+    shares_x: &Vec<E::Fr>,
+    x_i: &E::Fr,
 ) -> Vec<E::Fr> {
     // Calculate lagrange coefficients using optimized formula, see https://en.wikipedia.org/wiki/Lagrange_polynomial#Optimal_algorithm
     let mut lagrange_coeffs = vec![];
     for x_j in shares_x {
         let mut prod = E::Fr::one();
         for x_m in shares_x {
             if x_j != x_m {
-                // In this formula x_i = 0, hence numerator is x_m
-                prod *= (*x_m) / (*x_m - *x_j);
+                prod *= (*x_m - x_i) / (*x_m - *x_j);
             }
         }
         lagrange_coeffs.push(prod);
     }
     lagrange_coeffs
 }
 
-pub fn share_combine<E: PairingEngine>(
-    shares: &[DecryptionShare<E>],
+pub fn share_combine_fast<E: PairingEngine>(
+    shares: &[DecryptionShareFast<E>],
     prepared_key_shares: &[E::G2Prepared],
 ) -> E::Fqk {
     let mut pairing_product: Vec<(E::G1Prepared, E::G2Prepared)> = vec![];
@@ -98,7 +112,6 @@ pub fn share_combine_simple<E: PairingEngine>(
 
 #[cfg(test)]
 mod tests {
-
     type Fr = <ark_bls12_381::Bls12_381 as ark_ec::PairingEngine>::Fr;
 
     #[test]

diff --git a/tpke/src/context.rs b/tpke/src/context.rs
@@ -1,7 +1,7 @@
 use crate::*;
 
 #[derive(Clone, Debug)]
-pub struct PublicDecryptionContext<E: PairingEngine> {
+pub struct PublicDecryptionContextFast<E: PairingEngine> {
     pub domain: Vec<E::Fr>,
     pub public_key_shares: PublicKeyShares<E>,
     pub blinded_key_shares: BlindedKeyShares<E>,
@@ -17,27 +17,28 @@ pub struct PublicDecryptionContextSimple<E: PairingEngine> {
 }
 
 #[derive(Clone, Debug)]
-pub struct PrivateDecryptionContext<E: PairingEngine> {
-    pub index: usize,
+pub struct SetupParams<E: PairingEngine> {
     pub b: E::Fr,
     pub b_inv: E::Fr,
-    pub private_key_share: PrivateKeyShare<E>,
-    pub public_decryption_contexts: Vec<PublicDecryptionContext<E>>,
     pub g: E::G1Affine,
     pub g_inv: E::G1Prepared,
     pub h_inv: E::G2Prepared,
+}
+
+#[derive(Clone, Debug)]
+pub struct PrivateDecryptionContextFast<E: PairingEngine> {
+    pub index: usize,
+    pub setup_params: SetupParams<E>,
+    pub private_key_share: PrivateKeyShare<E>,
+    pub public_decryption_contexts: Vec<PublicDecryptionContextFast<E>>,
     pub scalar_bits: usize,
     pub window_size: usize,
 }
 
 #[derive(Clone, Debug)]
 pub struct PrivateDecryptionContextSimple<E: PairingEngine> {
     pub index: usize,
-    pub b: E::Fr,
-    pub b_inv: E::Fr,
+    pub setup_params: SetupParams<E>,
     pub private_key_share: PrivateKeyShare<E>,
     pub public_decryption_contexts: Vec<PublicDecryptionContextSimple<E>>,
-    pub g: E::G1Affine,
-    pub g_inv: E::G1Prepared,
-    pub h_inv: E::G2Prepared,
 }
diff --git a/tpke/src/decryption.rs b/tpke/src/decryption.rs
@@ -6,12 +6,12 @@ use crate::*;
 use ark_ec::ProjectiveCurve;
 
 #[derive(Debug, Clone)]
-pub struct DecryptionShare<E: PairingEngine> {
+pub struct DecryptionShareFast<E: PairingEngine> {
     pub decrypter_index: usize,
     pub decryption_share: E::G1Affine,
 }
 
-impl<E: PairingEngine> DecryptionShare<E> {
+impl<E: PairingEngine> DecryptionShareFast<E> {
     pub fn to_bytes(&self) -> Vec<u8> {
         let mut bytes = Vec::new();
         let decrypter_index =
@@ -31,31 +31,31 @@ impl<E: PairingEngine> DecryptionShare<E> {
             CanonicalDeserialize::deserialize(&bytes[INDEX_BYTE_LEN..])
                 .unwrap();
 
-        DecryptionShare {
+        DecryptionShareFast {
             decrypter_index,
             decryption_share,
         }
     }
 }
 
-impl<E: PairingEngine> PrivateDecryptionContext<E> {
+impl<E: PairingEngine> PrivateDecryptionContextFast<E> {
     pub fn create_share(
         &self,
         ciphertext: &Ciphertext<E>,
-    ) -> DecryptionShare<E> {
+    ) -> DecryptionShareFast<E> {
         // let decryption_share =
         //     ciphertext.commitment.mul(self.b_inv).into_affine();
         let decryption_share = ciphertext.commitment;
 
-        DecryptionShare {
+        DecryptionShareFast {
             decrypter_index: self.index,
             decryption_share,
         }
     }
     pub fn batch_verify_decryption_shares<R: RngCore>(
         &self,
         ciphertexts: &[Ciphertext<E>],
-        shares: &[Vec<DecryptionShare<E>>],
+        shares: &[Vec<DecryptionShareFast<E>>],
         //ciphertexts_and_shares: &[(Ciphertext<E>, Vec<DecryptionShare<E>>)],
         rng: &mut R,
     ) -> bool {
@@ -95,7 +95,7 @@ impl<E: PairingEngine> PrivateDecryptionContext<E> {
         );
 
         // e(\sum_j [ \sum_i \alpha_{i,j} ] U_j, -H)
-        pairings.push((sum_u_j, self.h_inv.clone()));
+        pairings.push((sum_u_j, self.setup_params.h_inv.clone()));
 
         let mut sum_d_j = vec![E::G1Projective::zero(); num_shares];