hash/include/nil/crypto3/hash/pedersen.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2021 Ilias Khairullin <ilias@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 
26 #ifndef CRYPTO3_HASH_PEDERSEN_HPP
27 #define CRYPTO3_HASH_PEDERSEN_HPP
28 
29 #include <tuple>
30 
31 #include <nil/crypto3/hash/algorithm/to_curve.hpp>
32 #include <nil/crypto3/hash/to_curve_state.hpp>
33 #include <nil/crypto3/hash/find_group_hash.hpp>
34 
35 #include <nil/crypto3/hash/detail/raw_stream_processor.hpp>
36 #include <nil/crypto3/hash/detail/pedersen/basic_functions.hpp>
37 #include <nil/crypto3/hash/detail/pedersen/lookup.hpp>
38 
39 namespace nil {
40  namespace crypto3 {
41  namespace hashes {
48  // TODO: use blake2s by default
49  template<typename Params = find_group_hash_default_params,
50  typename BasePointGeneratorHash = sha2<256>,
51  typename Group = algebra::curves::jubjub::template g1_type<
52  nil::crypto3::algebra::curves::coordinates::affine,
53  nil::crypto3::algebra::curves::forms::twisted_edwards>>
54  struct pedersen_to_point {
55  using params = Params;
56  using group_type = Group;
57 
58  using base_point_generator_hash = BasePointGeneratorHash;
59  using base_point_generator = find_group_hash<params, base_point_generator_hash, group_type>;
60 
61  using curve_type = typename group_type::curve_type;
62  using group_value_type = typename group_type::value_type;
63 
64  using digest_type = group_value_type;
65  using result_type = digest_type;
66 
67  // TODO: sync definition of the chunk_bits with circuit
68  static constexpr std::size_t chunk_bits = 3;
70  static constexpr std::size_t chunks_per_base_point =
71  detail::get_chunks_per_base_point<typename curve_type::scalar_field_type>(chunk_bits);
72 
73  class internal_accumulator_type {
74  std::size_t bits_supplied = 0;
75  std::vector<bool> cached_bits;
76  typename curve_type::scalar_field_type::integral_type pow_two = 1;
77  typename curve_type::scalar_field_type::value_type encoded_segment =
78  curve_type::scalar_field_type::value_type::zero();
79  group_value_type current_base_point = to_curve<base_point_generator>({
80  static_cast<std::uint32_t>(0),
81  });
82 
83  public:
84  group_value_type result = group_value_type::zero();
85 
86  private:
87  inline std::size_t supplied_chunks() const {
88  assert(bits_supplied % chunk_bits == 0);
89  return bits_supplied / chunk_bits;
90  }
91 
92  inline bool is_time_to_go_to_new_segment() const {
93  return supplied_chunks() > 1 &&
95  supplied_chunks() % chunks_per_base_point ==
96  1;
97  }
98 
99  inline void update_result() {
100  result = result + encoded_segment * current_base_point;
101  }
102 
103  inline void update_new_segment() {
104  assert(bits_supplied > 0);
105  assert(is_time_to_go_to_new_segment());
106  current_base_point = to_curve<base_point_generator>({
107  static_cast<std::uint32_t>(supplied_chunks() / chunks_per_base_point),
108  });
109  pow_two = 1;
110  encoded_segment = curve_type::scalar_field_type::value_type::zero();
111  }
112 
113  inline void update_current_segment() {
114  assert(cached_bits.size() == chunk_bits);
115  typename curve_type::scalar_field_type::value_type encoded_chunk =
116  detail::lookup<typename curve_type::scalar_field_type::value_type, chunk_bits>::process(
117  cached_bits) *
118  pow_two;
119  encoded_segment = encoded_segment + encoded_chunk;
120  pow_two = pow_two << (chunk_bits + 1);
121  cached_bits.clear();
123  }
124 
125  public:
126  inline void update(bool b) {
127  cached_bits.template emplace_back(b);
128  ++bits_supplied;
129  if (cached_bits.size() == chunk_bits) {
130  if (is_time_to_go_to_new_segment()) {
131  update_result();
132  update_new_segment();
133  }
134  update_current_segment();
135  }
136  }
137 
138  inline void pad_update() {
139  while (!cached_bits
140  .empty() ||
141  !bits_supplied) {
142  update(false);
143  }
144  update_result();
145  }
146  };
147 
148  static inline void init_accumulator(internal_accumulator_type &acc) {
149  }
150 
151  template<
152  typename InputRange,
153  typename std::enable_if<
154  std::is_same<bool,
155  typename std::iterator_traits<typename InputRange::iterator>::value_type>::value,
156  bool>::type = true>
157  static inline void update(internal_accumulator_type &acc, const InputRange &range) {
158  for (auto b : range) {
159  acc.update(b);
160  }
161  }
162 
163  template<typename InputIterator,
164  typename std::enable_if<
165  std::is_same<bool, typename std::iterator_traits<InputIterator>::value_type>::value,
166  bool>::type = true>
167  static inline void update(internal_accumulator_type &acc, InputIterator first, InputIterator last) {
168  for (auto it = first; it != last; ++it) {
169  acc.update(*it);
170  }
171  }
172 
173  static inline result_type process(internal_accumulator_type &acc) {
174  acc.pad_update();
175  return acc.result;
176  }
177  };
178 
179  // TODO: use blake2s by default
180  template<typename Params = find_group_hash_default_params,
181  typename BasePointGeneratorHash = sha2<256>,
182  typename Group = algebra::curves::jubjub::template g1_type<
183  nil::crypto3::algebra::curves::coordinates::affine,
184  nil::crypto3::algebra::curves::forms::twisted_edwards>>
185  struct pedersen {
186  using params = Params;
187  using group_type = Group;
188  using base_point_generator_hash = BasePointGeneratorHash;
189 
190  using base_hash_type = pedersen_to_point<params, base_point_generator_hash, group_type>;
191 
192  using curve_type = typename base_hash_type::curve_type;
193  using group_value_type = typename base_hash_type::group_value_type;
194 
195  // TODO: use marshalling method to determine bit size of serialized group_value_type
196  static constexpr std::size_t digest_bits = group_type::field_type::value_bits;
197  // TODO: define digest_type using marshalling
198  using digest_type = std::vector<bool>;
199  using result_type = digest_type;
200 
201  struct construction {
202  struct params_type {
203  typedef nil::marshalling::option::little_endian digest_endian;
204  };
205  typedef void type;
206  };
207 
208  template<typename StateAccumulator, std::size_t ValueBits>
209  struct stream_processor {
210  struct params_type {
211  typedef typename construction::params_type::digest_endian digest_endian;
212 
213  constexpr static const std::size_t value_bits = ValueBits;
214  };
215 
216  typedef raw_stream_processor<construction, StateAccumulator, params_type> type;
217  };
218 
219  using internal_accumulator_type = hashing_to_curve_accumulator_set<base_hash_type>;
220 
221  static inline void init_accumulator(internal_accumulator_type &acc) {
222  }
223 
224  template<typename InputRange>
225  static inline void update(internal_accumulator_type &acc, const InputRange &range) {
226  to_curve<base_hash_type>(range, acc);
227  }
228 
229  template<typename InputIterator>
230  static inline void update(internal_accumulator_type &acc, InputIterator first, InputIterator last) {
231  to_curve<base_hash_type>(first, last, acc);
232  }
233 
234  static inline result_type process(internal_accumulator_type &acc) {
235  auto result_point = nil::crypto3::hashes::accumulators::extract::to_curve<base_hash_type>(acc);
236  nil::marshalling::status_type status;
237  // TODO: check status
238  result_type result = nil::marshalling::pack<typename construction::params_type::digest_endian>(
239  result_point, status);
240  return result;
241  }
242  };
243  } // namespace hashes
244  } // namespace crypto3
245 } // namespace nil
246 
247 #endif // CRYPTO3_HASH_PEDERSEN_HPP
to_curve.hpp
nil::crypto3::hashes::pedersen_to_point::internal_accumulator_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:73
nil::crypto3::hashes::pedersen_to_point::internal_accumulator_type::pad_update
void pad_update()
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:138
nil::crypto3::hashes::pedersen_to_point::internal_accumulator_type::result
group_value_type result
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:84
nil::crypto3::hashes::pedersen_to_point::internal_accumulator_type::update
void update(bool b)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:126
nil::crypto3::hashes::raw_stream_processor
Definition: raw_stream_processor.hpp:47
find_group_hash.hpp
nil::crypto3::hashing_to_curve_accumulator_set
boost::accumulators::accumulator_set< typename Hash::result_type, boost::accumulators::features< hashes::accumulators::tag::to_curve< Hash > >> hashing_to_curve_accumulator_set
Accumulator set with pre-defined hashing to curve accumulator params.
Definition: to_curve_state.hpp:46
basic_functions.hpp
nil
Definition: pair.hpp:31
raw_stream_processor.hpp
nil::crypto3::algebra::curves::coordinates::affine
Jacobi quatrics curve group element coordinates representation. Description: https://hyperelliptic....
Definition: jacobi_quartics/coordinates.hpp:40
nil::crypto3::algebra::curves::forms::twisted_edwards
Definition: forms.hpp:71
nil::crypto3::hashes::find_group_hash
Hashing to elliptic curve Jubjub according to FindGroupHash Zcash algorithm https://zips....
Definition: find_group_hash.hpp:71
nil::crypto3::hashes::pedersen::construction::params_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:202
nil::crypto3::hashes::pedersen::construction::params_type::digest_endian
nil::marshalling::option::little_endian digest_endian
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:203
nil::crypto3::hashes::pedersen::construction
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:201
nil::crypto3::hashes::pedersen::construction::type
void type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:205
nil::crypto3::hashes::pedersen::stream_processor::params_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:210
nil::crypto3::hashes::pedersen::stream_processor::params_type::digest_endian
construction::params_type::digest_endian digest_endian
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:211
nil::crypto3::hashes::pedersen::stream_processor::params_type::value_bits
constexpr static const std::size_t value_bits
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:213
nil::crypto3::hashes::pedersen::stream_processor
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:209
nil::crypto3::hashes::pedersen::stream_processor::type
raw_stream_processor< construction, StateAccumulator, params_type > type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:216
nil::crypto3::hashes::pedersen_to_point
Pedersen hash.
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:54
nil::crypto3::hashes::pedersen_to_point::group_type
Group group_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:56
nil::crypto3::hashes::pedersen_to_point::digest_type
group_value_type digest_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:64
nil::crypto3::hashes::pedersen_to_point::init_accumulator
static void init_accumulator(internal_accumulator_type &acc)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:148
nil::crypto3::hashes::pedersen_to_point::group_value_type
typename group_type::value_type group_value_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:62
nil::crypto3::hashes::pedersen_to_point::params
Params params
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:55
nil::crypto3::hashes::pedersen_to_point::chunks_per_base_point
static constexpr std::size_t chunks_per_base_point
See definition of c in https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash.
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:70
nil::crypto3::hashes::pedersen_to_point::base_point_generator_hash
BasePointGeneratorHash base_point_generator_hash
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:58
nil::crypto3::hashes::pedersen_to_point::process
static result_type process(internal_accumulator_type &acc)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:173
nil::crypto3::hashes::pedersen_to_point::update
static void update(internal_accumulator_type &acc, const InputRange &range)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:157
nil::crypto3::hashes::pedersen_to_point::curve_type
typename group_type::curve_type curve_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:61
nil::crypto3::hashes::pedersen_to_point::result_type
digest_type result_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:65
nil::crypto3::hashes::pedersen_to_point::update
static void update(internal_accumulator_type &acc, InputIterator first, InputIterator last)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:167
nil::crypto3::hashes::pedersen_to_point::chunk_bits
static constexpr std::size_t chunk_bits
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:68
nil::crypto3::hashes::pedersen
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:185
nil::crypto3::hashes::pedersen::digest_bits
static constexpr std::size_t digest_bits
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:196
nil::crypto3::hashes::pedersen::params
Params params
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:186
nil::crypto3::hashes::pedersen::internal_accumulator_type
hashing_to_curve_accumulator_set< base_hash_type > internal_accumulator_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:219
nil::crypto3::hashes::pedersen::update
static void update(internal_accumulator_type &acc, const InputRange &range)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:225
nil::crypto3::hashes::pedersen::update
static void update(internal_accumulator_type &acc, InputIterator first, InputIterator last)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:230
nil::crypto3::hashes::pedersen::result_type
digest_type result_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:199
nil::crypto3::hashes::pedersen::group_type
Group group_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:187
nil::crypto3::hashes::pedersen::curve_type
typename base_hash_type::curve_type curve_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:192
nil::crypto3::hashes::pedersen::base_point_generator_hash
BasePointGeneratorHash base_point_generator_hash
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:188
nil::crypto3::hashes::pedersen::init_accumulator
static void init_accumulator(internal_accumulator_type &acc)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:221
nil::crypto3::hashes::pedersen::digest_type
std::vector< bool > digest_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:198
nil::crypto3::hashes::pedersen::group_value_type
typename base_hash_type::group_value_type group_value_type
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:193
nil::crypto3::hashes::pedersen::process
static result_type process(internal_accumulator_type &acc)
Definition: hash/include/nil/crypto3/hash/pedersen.hpp:234
to_curve_state.hpp