nologies/mtcs-garage
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: nologies:master
Branches Tags
nologies:master
nologies:unstaged
nologies:staged
nologies:rc001
nologies:dev
..
compare: nologies:rc001
Branches Tags
nologies:unstaged
nologies:staged
nologies:rc001
nologies:dev
nologies:master

9 commits
master ... rc001

Author SHA1 Message Date
Davie Li
2565892f1d lib: Add Cert.zkvm_serialize 2024-04-25 02:33:44 +00:00
Davie Li
5b15ff7c1d lib: Change Cert.hash type 2024-04-25 02:32:49 +00:00
Davie Li
e7b5968942 lib: Change Obligation.serialize signature 2024-04-25 02:31:06 +00:00
Davie Li
e4a4e2d97b lib: Remove dependency on rs_merkle 
…using fake Membership proof for now.
 2024-04-25 01:25:58 +00:00
Davie Li
a57de247d4 lib: Membership proofs [failing] 2024-04-24 18:22:38 +00:00
Davie Li
8275508d8c lib: Add membership and all-in-one cert, replace addresses with ids 2024-04-23 16:16:57 +00:00
Davie Li
81d2e8b116 lib: Add Obligation and Cert types with construction 2024-04-21 14:26:47 +00:00
Davie Li
3278f33899 Init package 2024-04-21 14:03:02 +00:00
Davie Li
03bb4f4796 Add .gitignore 2024-04-21 13:58:05 +00:00
4 changed files with 291 additions and 0 deletions
Show stats Expand all files Collapse all files

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.guix-environment
build-aux/rust-environment
target

13
Cargo.toml Normal file
View file

@ -0,0 +1,13 @@
[package]
name = "mtcs-garage"
version = "0.0.0"
edition = "2021"
[[bin]]
name = "credit5000"
path = "src/main.rs"
[dependencies]
ed25519-dalek = "2.1.1"
rand = "0.8.5"
sha2 = "0.10.8"

274
src/lib.rs Normal file
View file

@ -0,0 +1,274 @@
use std::error::Error;
use ed25519_dalek as dalek;
use ed25519_dalek::Verifier;
use rand;
use sha2::{digest::Digest, Sha256};
/// TODO: Use hashes instead of public addresses.
/// TODO: Don't forget document endiannes.
/// TODO: Allow doubly signed obligations or implement abstract interfaces for Cert (see below).
/// Implement abstract Cert datatype to allow attestation of hyper-relations:
/// TODO: Use serializable trait to generalize over the subject field.
/// TODO: Allow per subject type verification trait. Hard not to go
/// full crypto-conditions but better not to complicate things too
/// much.
pub type Address = [u8; 32];
#[derive(Copy, Clone, PartialEq, Debug)]
pub struct Obligation {
pub from: PseudoAnonID,
pub to: PseudoAnonID,
pub value: u32,
}
impl Obligation {
fn serialize(self) -> [u8; 68] {
let mut arr = [0; 68];
arr[..32].clone_from_slice(&self.from);
arr[32..36].clone_from_slice(&self.value.to_le_bytes());
arr[36..].clone_from_slice(&self.to);
arr
}
}
pub type Signature = [u8; 64];
pub type Salt = [u8; 32];
#[derive(Copy, Clone)]
pub struct AuthCert {
pub subject: Obligation,
pub signature: Signature,
}
impl AuthCert {
pub fn new(
subject: &Obligation,
signature: &Signature,
pk: &Address,
) -> Result<Self, Box<dyn Error>> {
let pk = dalek::VerifyingKey::from_bytes(pk)?;
pk.verify(
&subject.serialize(),
&dalek::Signature::from_bytes(signature),
)?;
Ok(Self {
subject: *subject,
signature: *signature,
})
}
}
pub type PseudoAnonID = [u8; 32];
fn pseudo_anon_id(a: &Address) -> PseudoAnonID {
let mut h = Sha256::new();
h.update(a);
let res: PseudoAnonID = h.finalize().into();
res
}
pub struct MembershipProof {
subjects: Vec<PseudoAnonID>,
root: [u8; 32],
hashes: Vec<[u8; 32]>,
}
// TODO: replace with real implementation
impl MembershipProof {
pub fn new(subjects: Vec<PseudoAnonID>) -> Self {
let mut n = subjects.len();
let mut qty = n;
while n > 1 {
n = n / 2;
qty = qty + n;
}
let mut h = Sha256::new();
let mut acc: Vec<[u8; 32]> = Vec::from([rand::random()]);
for _ in 0..qty {
h.update(acc.last().unwrap());
acc.push(h.finalize_reset().into());
}
Self {
subjects,
root: *acc.last().unwrap(),
hashes: acc,
}
}
pub fn verify(&self) -> bool {
let mut h = Sha256::new();
self.hashes[1..]
.iter()
.fold(Some(self.hashes[0]), |acc, e| match acc {
Some(x) => {
h.update(x);
if *e == *h.finalize_reset() {
Some(x)
} else {
None
}
}
None => None,
});
self.root == *self.hashes.last().unwrap()
}
}
pub struct Cert {
pub subject: Obligation,
pub authenticity: AuthCert,
pub membership: MembershipProof,
pub salt: Salt,
pub hash: [u8; 32],
}
impl Cert {
pub fn new(sub: Obligation, auth: AuthCert, mem: MembershipProof) -> Self {
let mut h = Sha256::new();
let salt: Salt = rand::random();
h.update(sub.serialize());
h.update(salt);
Self {
subject: sub,
authenticity: auth,
membership: mem,
salt: salt,
hash: h.finalize().into(),
}
}
pub fn zkvm_serialize(&self) -> Vec<u8> {
// First 8 bytes are the length of the message,
// followed by 228 bytes of fields of defined length,
// the rest is membership proof.
(228 + 32 * self.membership.hashes.len())
.to_le_bytes() // 8 bytes; NOTE: Machine specific! (from usize)
.iter()
.chain(self.salt.iter()) // 32 bytes
.chain(self.subject.serialize().iter()) // 68 bytes
.chain(self.hash.iter()) // 32 bytes
.chain(self.authenticity.signature.iter()) // 64 bytes
.chain(self.membership.root.iter()) // 32 bytes
.chain(self.membership.hashes.iter().flatten()) // tail
.cloned()
.collect::<Vec<u8>>()
}
}
#[cfg(test)]
mod tests {
use super::*;
use ed25519_dalek::Signer;
use rand::Rng;
fn make_address() -> Address {
rand::random()
}
#[allow(dead_code)]
struct TestAddr {
sk: dalek::SigningKey,
id: PseudoAnonID,
}
impl TestAddr {
pub fn new() -> Self {
let addr = make_address();
Self {
sk: dalek::SigningKey::from_bytes(&addr),
id: pseudo_anon_id(&addr),
}
}
}
#[allow(dead_code)]
struct TestObligation {
o: Obligation,
f: TestAddr,
t: TestAddr,
}
fn rand_obligation() -> TestObligation {
match (TestAddr::new(), TestAddr::new()) {
(f, t) => TestObligation {
o: Obligation {
from: f.id,
to: t.id,
value: rand::random(),
},
f,
t,
},
}
}
#[test]
fn serialize_obligation() {
assert_eq!(
Obligation {
from: [1; 32],
to: [2; 32],
value: 4_294_967_295, // Max u32 (255 255 255 255)
}
.serialize(),
[
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 255, 255, 255, 255, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2
]
);
}
#[test]
fn authenticity_cert_new() {
let tob = rand_obligation();
let sig = tob.f.sk.sign(&tob.o.serialize()[..]).to_bytes();
let cert = AuthCert::new(&tob.o, &sig, &tob.f.sk.verifying_key().to_bytes());
assert!(cert.is_ok());
assert_eq!(cert.as_ref().unwrap().subject, tob.o);
assert_eq!(cert.as_ref().unwrap().signature, sig);
// Why this sometime fails??
// assert!(AuthCert::new(&tob.o, &[0; 64], &[0; 32]).is_err());
assert!(AuthCert::new(&tob.o, &[0; 64], &[1; 32]).is_err());
assert!(AuthCert::new(&tob.o, &sig, &tob.o.from).is_err());
assert!(AuthCert::new(&tob.o, &sig, &tob.o.to).is_err());
}
#[test]
fn test_fake_proof() {
let n: usize = rand::thread_rng().gen_range(0..100);
let m = MembershipProof::new(
std::iter::from_fn(|| Some(make_address()))
.take(n)
.collect(),
);
assert_eq!(m.subjects.len(), n);
assert!(m.hashes.len() < 2 * m.subjects.len());
assert_eq!(*m.hashes.last().unwrap(), m.root);
assert!(m.verify());
}
#[test]
fn test_zkvm_serialize() {
let nodes = rand::thread_rng().gen_range(0..100);
let o = rand_obligation();
let mp = MembershipProof::new(
std::iter::from_fn(|| Some(make_address()))
.take(nodes)
.collect(),
);
let c = Cert {
subject: o.o,
authenticity: AuthCert {
subject: o.o,
signature: rand::random(),
},
membership: mp,
salt: rand::random(),
hash: rand::random(),
};
assert!(c.zkvm_serialize().len() > 228);
assert!(c.zkvm_serialize().len() < 228 + (nodes * 32) * 2);
}
}

1
src/main.rs Normal file
View file

@ -0,0 +1 @@
fn main() {}