Merge pull request anoma#26 from nucypher/share-recovery

theref · Jan 13, 2023 · 94de0a0 · 94de0a0
2 parents b2b4809 + 86a95f3
commit 94de0a0
Show file tree

Hide file tree

Showing 5 changed files with 473 additions and 105 deletions.
diff --git a/tpke/benches/benchmarks.rs b/tpke/benches/benchmarks.rs
@@ -1,6 +1,12 @@
-use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use ark_std::Zero;
+use criterion::{
+    black_box, criterion_group, criterion_main, BenchmarkId, Criterion,
+};
 use group_threshold_cryptography::*;
 
+type Fr = <ark_bls12_381::Bls12_381 as ark_ec::PairingEngine>::Fr;
+type E = ark_bls12_381::Bls12_381;
+
 pub fn bench_decryption(c: &mut Criterion) {
     use rand::SeedableRng;
     use rand_core::RngCore;
@@ -143,5 +149,49 @@ pub fn bench_decryption(c: &mut Criterion) {
     }
 }
 
-criterion_group!(benches, bench_decryption);
+pub fn bench_random_poly(c: &mut Criterion) {
+    use rand::SeedableRng;
+    let mut group = c.benchmark_group("RandomPoly");
+    group.sample_size(10);
+
+    for threshold in [1, 2, 4, 8, 16, 32, 64] {
+        let rng = &mut rand::rngs::StdRng::seed_from_u64(0);
+        let mut ark = {
+            let mut rng = rng.clone();
+            move || {
+                black_box(make_random_ark_polynomial_at::<E>(
+                    threshold,
+                    &Fr::zero(),
+                    &mut rng,
+                ))
+            }
+        };
+        let mut vec = {
+            let mut rng = rng.clone();
+            move || {
+                black_box(make_random_polynomial_at::<E>(
+                    threshold,
+                    &Fr::zero(),
+                    &mut rng,
+                ))
+            }
+        };
+        group.bench_function(
+            BenchmarkId::new("random_polynomial_ark", threshold),
+            |b| {
+                #[allow(clippy::redundant_closure)]
+                b.iter(|| ark())
+            },
+        );
+        group.bench_function(
+            BenchmarkId::new("random_polynomial_vec", threshold),
+            |b| {
+                #[allow(clippy::redundant_closure)]
+                b.iter(|| vec())
+            },
+        );
+    }
+}
+
+criterion_group!(benches, bench_decryption, bench_random_poly);
 criterion_main!(benches);
diff --git a/tpke/src/combine.rs b/tpke/src/combine.rs
@@ -3,7 +3,6 @@
 
 use crate::*;
 use ark_ec::ProjectiveCurve;
-use itertools::zip_eq;
 
 pub fn prepare_combine_fast<E: PairingEngine>(
     public_decryption_contexts: &[PublicDecryptionContextFast<E>],
@@ -52,26 +51,28 @@ pub fn prepare_combine_simple<E: PairingEngine>(
         .map(|ctxt| ctxt.domain)
         .collect::<Vec<_>>();
 
+    // Calculate lagrange coefficients using optimized formula, see https://en.wikipedia.org/wiki/Lagrange_polynomial#Optimal_algorithm
     // In this formula x_i = 0, hence numerator is x_m
-    lagrange_coeffs_at::<E>(&shares_x, &E::Fr::zero())
+    lagrange_basis_at::<E>(&shares_x, &E::Fr::zero())
 }
 
-fn lagrange_coeffs_at<E: PairingEngine>(
-    shares_x: &Vec<E::Fr>,
+/// Calculates Lagrange coefficients for a given x_i
+pub fn lagrange_basis_at<E: PairingEngine>(
+    shares_x: &[E::Fr],
     x_i: &E::Fr,
 ) -> Vec<E::Fr> {
-    // Calculate lagrange coefficients using optimized formula, see https://en.wikipedia.org/wiki/Lagrange_polynomial#Optimal_algorithm
-    let mut lagrange_coeffs = vec![];
-    for x_j in shares_x {
-        let mut prod = E::Fr::one();
-        for x_m in shares_x {
-            if x_j != x_m {
-                prod *= (*x_m - x_i) / (*x_m - *x_j);
-            }
-        }
-        lagrange_coeffs.push(prod);
-    }
-    lagrange_coeffs
+    shares_x
+        .iter()
+        .map(|x_j| {
+            let mut prod = E::Fr::one();
+            shares_x.iter().for_each(|x_m| {
+                if x_j != x_m {
+                    prod *= (*x_m - x_i) / (*x_m - *x_j);
+                }
+            });
+            prod
+        })
+        .collect()
 }
 
 pub fn share_combine_fast<E: PairingEngine>(
@@ -101,7 +102,7 @@ pub fn share_combine_simple<E: PairingEngine>(
     let mut product_of_shares = E::Fqk::one();
 
     // Sum of C_i^{L_i}z
-    for (c_i, alpha_i) in zip_eq(shares.iter(), lagrange_coeffs.iter()) {
+    for (c_i, alpha_i) in izip!(shares, lagrange_coeffs) {
         // Exponentiation by alpha_i
         let ss = c_i.pow(alpha_i.into_repr());
         product_of_shares *= ss;

diff --git a/tpke/src/context.rs b/tpke/src/context.rs
@@ -23,6 +23,7 @@ pub struct SetupParams<E: PairingEngine> {
     pub g: E::G1Affine,
     pub g_inv: E::G1Prepared,
     pub h_inv: E::G2Prepared,
+    pub h: E::G2Affine,
 }
 
 #[derive(Clone, Debug)]