akakou · akakou · Nov 12, 2023 · Nov 12, 2023 · Nov 12, 2023
diff --git a/src/cred.rs b/src/cred.rs
@@ -11,26 +11,6 @@ use crate::{
  EcdaaError,
 };
 
-fn valid_cred(a: &ECP, b: &ECP, c: &ECP, d: &ECP, ipk: &IPK) -> EcdaaError {
- let mut tmp = a.clone();
- tmp.add(&d);
-
- let param1 = pair::ate(&ipk.y, a);
- let param2 = pair::ate(&g2(), b);
- let param3 = pair::ate(&g2(), c);
- let param4 = pair::ate(&ipk.y, &tmp);
-
- if param1.equals(&param2) {
- return Err(3);
- }
-
- if param3.equals(&param4) {
- return Err(4);
- }
-
- Ok(())
-}
-
 #[derive(Deserialize, Serialize, Copy, Clone)]
 pub struct Credential {
  pub a: ECP,
@@ -44,13 +24,13 @@ impl Credential {
  Self { a, b, c, d }
  }
 
- pub fn with_no_encryption(req: &ReqForJoin, m: &[u8], isk: &ISK) -> Result<Self, u32> {
+ pub fn with_no_encryption(req: &ReqForJoin, m: &[u8], isk: &ISK) -> Result<Self, EcdaaError> {
  // 1/y
  let mut inv_y = isk.y.clone();
  inv_y.invmodp(&p());
 
  // b = H(m)
- let b = hash_to_ecp(m)?.1;
+ let b = hash_to_ecp(m)?.0;
 
  // a = B^{1/y}
  let a = b.mul(&inv_y);
@@ -67,32 +47,41 @@ impl Credential {
  Ok(Self::new(a, b, c, d))
  }
 
- pub fn valid(&self, ipk: &IPK) -> EcdaaError {
- valid_cred(&self.a, &self.b, &self.c, &self.d, ipk)
- }
-}
+ pub fn valid(&self, ipk: &IPK) -> Result<(), EcdaaError> {
+ let mut tmp = self.a.clone();
+ tmp.add(&self.d);
 
-#[derive(Deserialize, Serialize, Copy, Clone)]
-pub struct RandomizedCredential {
- pub r: ECP,
- pub s: ECP,
- pub t: ECP,
- pub w: ECP,
-}
+ let param1 = pair::ate(&ipk.y, &self.a);
+ let param1 = pair::fexp(&param1);
 
-impl RandomizedCredential {
- pub fn randomize(cred: &Credential, rng: &mut RAND) -> Self {
- let l = BIG::random(rng);
+ let param2 = pair::ate(&g2(), &self.b);
+ let param2 = pair::fexp(&param2);
 
- let r = cred.a.mul(&l);
- let s = cred.b.mul(&l);
- let t = cred.c.mul(&l);
- let w = cred.d.mul(&l);
+ if !param1.equals(&param2) {
+ return Err(EcdaaError::InvalidCredential1);
+ }
 
- Self { r, s, t, w }
- }
+ let param3 = pair::ate(&g2(), &self.c);
+ let param3 = pair::fexp(&param3);
+
+ let param4 = pair::ate(&ipk.x, &tmp);
+ let param4 = pair::fexp(&param4);
+
+ if !param3.equals(&param4) {
+ return Err(EcdaaError::InvalidCredential2);
+ }
 
- pub fn valid(&self, ipk: &IPK) -> EcdaaError {
- valid_cred(&self.r, &self.s, &self.t, &self.w, ipk)
+ Ok(())
  }
 }
+
+pub fn randomize_cred(cred: &Credential, rng: &mut RAND) -> Credential {
+ let l = BIG::random(rng);
+
+ let a = cred.a.mul(&l);
+ let b = cred.b.mul(&l);
+ let c = cred.c.mul(&l);
+ let d = cred.d.mul(&l);
+
+ Credential { a, b, c, d }
+}
diff --git a/src/issuer.rs b/src/issuer.rs
@@ -79,7 +79,7 @@ impl IPK {
  Self::new(x, y, c, sx, sy)
  }
 
- pub fn valid(&self) -> EcdaaError {
+ pub fn valid(&self) -> Result<(), EcdaaError> {
  // Ux = g2^sx . X^(-c)
  let mut ux = ECP2::mul(&g2(), &self.sx);
  let tmp = ECP2::mul(&self.x, &self.c);
@@ -105,9 +105,7 @@ impl IPK {
  if BIG::comp(&c, &self.c) == 0 {
  Ok(())
  } else {
- #[cfg(feature = "tests")]
- println!("IPK is not valid ({:?} != {:?})", c, self.c);
- Err(0)
+ Err(EcdaaError::InvalidPublicKey)
  }
  }
 }
diff --git a/src/join.rs b/src/join.rs
@@ -13,23 +13,23 @@ pub struct ReqForJoin {
 }
 
 impl ReqForJoin {
- pub fn random(m: &[u8], mut rng: &mut RAND) -> Result<(Self, BIG), u32> {
- let b = hash_to_ecp(m)?.1;
+ pub fn random(m: &[u8], mut rng: &mut RAND) -> Result<(Self, BIG), EcdaaError> {
+ let b = hash_to_ecp(m)?.0;
 
  // key pair (sk, q)
  let sk = BIG::random(&mut rng);
 
  // Q = B^sk
  let q = b.mul(&sk);
 
- let proof = SchnorrProof::random(m, &[], &sk, &b, &q, false, rng);
+ let proof = SchnorrProof::random(m, &[], &sk, &b, &q, false, rng)?;
  let req = Self { q, proof };
 
  Ok((req, sk))
  }
 
- pub fn valid(&self, m: &[u8]) -> EcdaaError {
- let b = hash_to_ecp(m)?.1;
+ pub fn valid(&self, m: &[u8]) -> Result<(), EcdaaError> {
+ let b = hash_to_ecp(m)?.0;
  self.proof.valid(m, &[], &b, &self.q, false)
  }
 }
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,7 +1,15 @@
 extern crate alloc;
 extern crate serde;
 
-type EcdaaError = Result<(), u32>;
+#[derive(Debug)]
+pub enum EcdaaError {
+ InvalidSchnorrProof,
+ InvalidPublicKey,
+ InvalidCredential1,
+ InvalidCredential2,
+ KNotInSignature,
+ HashingFailed,
+}
 
 pub use fp256bn_amcl;
 pub mod cred;

diff --git a/src/schnorr.rs b/src/schnorr.rs
@@ -52,8 +52,8 @@ impl SchnorrProof {
  w: &ECP,
  calc_k: bool,
  mut rng: &mut RAND,
- ) -> Self {
- let b = hash_to_ecp(basename).expect("hashing errror").1;
+ ) -> Result<Self, EcdaaError> {
+ let b = hash_to_ecp(basename)?.0;
 
  let (r, e, l, k) = Self::commit(sk, &b, s, calc_k, &mut rng);
 
@@ -93,10 +93,17 @@ impl SchnorrProof {
  let mut s = BIG::modmul(&c, &sk, &p());
  s = BIG::modadd(&r, &s, &p());
 
- Self { s, c, n, k }
+ Ok(Self { s, c, n, k })
  }
 
- pub fn valid(&self, msg: &[u8], basename: &[u8], s: &ECP, w: &ECP, calc_k: bool) -> EcdaaError {
+ pub fn valid(
+ &self,
+ msg: &[u8],
+ basename: &[u8],
+ s: &ECP,
+ w: &ECP,
+ calc_k: bool,
+ ) -> Result<(), EcdaaError> {
  // E = S^s . W^-c
  // ----------------
  // S^s . W^-c
@@ -116,11 +123,11 @@ impl SchnorrProof {
  sha.process_array(&export_ecp(&w));
 
  if calc_k {
- let b = hash_to_ecp(basename).expect("hashing errror").1;
+ let b = hash_to_ecp(basename)?.0;
 
  let k = match self.k {
  Some(k) => k,
- None => return Err(2),
+ None => return Err(EcdaaError::KNotInSignature),
  };
 
  // L = B^s - K^c
@@ -157,9 +164,7 @@ impl SchnorrProof {
  if BIG::comp(&c, &self.c) == 0 {
  Ok(())
  } else {
- #[cfg(feature = "tests")]
- println!("{}", "schnorr proof is not valid".to_string());
- Err(0)
+ Err(EcdaaError::InvalidSchnorrProof)
  }
  }
 }
diff --git a/src/signature.rs b/src/signature.rs
@@ -2,20 +2,20 @@ use fp256bn_amcl::{fp256bn::big::BIG, rand::RAND};
 use serde::{Deserialize, Serialize};
 
 use crate::{
- cred::{Credential, RandomizedCredential},
+ cred::{randomize_cred, Credential},
  issuer::IPK,
  schnorr::SchnorrProof,
  EcdaaError,
 };
 
 #[derive(Deserialize, Serialize, Copy, Clone)]
 pub struct Signature {
- pub cred: RandomizedCredential,
+ pub cred: Credential,
  pub proof: SchnorrProof,
 }
 
 impl Signature {
- pub fn new(cred: RandomizedCredential, proof: SchnorrProof) -> Self {
+ pub fn new(cred: Credential, proof: SchnorrProof) -> Self {
  Self { cred, proof }
  }
 
@@ -26,18 +26,24 @@ impl Signature {
  cred: &Credential,
  calc_k: bool,
  rng: &mut RAND,
- ) -> Result<Self, u32> {
- let random_cred: RandomizedCredential = RandomizedCredential::randomize(cred, rng);
+ ) -> Result<Self, EcdaaError> {
+ let random_cred: Credential = randomize_cred(cred, rng);
  let proof =
- SchnorrProof::random(m, basename, sk, &random_cred.s, &random_cred.w, calc_k, rng);
+ SchnorrProof::random(m, basename, sk, &random_cred.b, &random_cred.d, calc_k, rng)?;
 
  Ok(Self::new(random_cred, proof))
  }
 
- pub fn verify(&self, m: &[u8], basename: &[u8], ipk: &IPK, calc_k: bool) -> EcdaaError {
+ pub fn verify(
+ &self,
+ m: &[u8],
+ basename: &[u8],
+ ipk: &IPK,
+ calc_k: bool,
+ ) -> Result<(), EcdaaError> {
  self.cred.valid(ipk)?;
  self.proof
- .valid(m, basename, &self.cred.s, &self.cred.w, calc_k)?;
+ .valid(m, basename, &self.cred.b, &self.cred.d, calc_k)?;
  Ok(())
  }
 }
diff --git a/src/tests.rs b/src/tests.rs
@@ -1,7 +1,7 @@
 use fp256bn_amcl::rand::RAND;
 
 use crate::{
- cred::{Credential, RandomizedCredential},
+ cred::{randomize_cred, Credential},
  issuer::{IPK, ISK},
  join::ReqForJoin,
  signature::Signature,
@@ -35,23 +35,23 @@ fn test_ok() {
  let cred = Credential::with_no_encryption(&req.0, &m, &isk).unwrap();
  cred.valid(&ipk).expect("cred");
 
- let rand_cred = RandomizedCredential::randomize(&cred, &mut rng);
+ let rand_cred = randomize_cred(&cred, &mut rng);
  rand_cred.valid(&ipk).expect("rand cred");
 
  let signature = Signature::sign(&m, &basename, &sk, &cred, true, &mut rng).unwrap();
 
  match signature.verify(&m, &basename, &ipk, true) {
- Err(e) => panic!("error: {}", e),
+ Err(e) => panic!("error: {:?}", e),
  _ => (),
  }
 
  match signature.verify(&basename, &basename, &ipk, true) {
- Err(e) => {}
+ Err(_) => {}
  _ => panic!("error: should fail"),
  }
 
  match signature.verify(&basename, &basename, &ipk, true) {
- Err(e) => {}
+ Err(_) => {}
  _ => panic!("error: should fail"),
  }
 }
diff --git a/src/utils.rs b/src/utils.rs
@@ -5,6 +5,8 @@ use fp256bn_amcl::fp256bn::ecp2::ECP2;
 use fp256bn_amcl::fp256bn::rom::{CURVE_COF_I, CURVE_ORDER};
 use fp256bn_amcl::sha3::{HASH256, SHA3};
 
+use crate::EcdaaError;
+
 pub fn p() -> BIG {
  BIG::new_ints(&CURVE_ORDER)
 }
@@ -35,7 +37,7 @@ pub fn export_ecp2(ecp2: &ECP2) -> Vec<u8> {
  return result.to_vec();
 }
 
-pub fn hash_to_ecp(base: &[u8]) -> Result<(u8, ECP), u32> {
+pub fn hash_to_ecp(base: &[u8]) -> Result<(ECP, u8), EcdaaError> {
  let mut buf = base.to_vec();
 
  for i in 0..232 {
@@ -52,11 +54,11 @@ pub fn hash_to_ecp(base: &[u8]) -> Result<(u8, ECP), u32> {
  ecp.mul(&BIG::new_int(CURVE_COF_I));
 
  if !ecp.is_infinity() {
- return Ok((i, ecp));
+ return Ok((ecp, i));
  }
 
  buf.pop();
  }
 
- Err(2)
+ Err(EcdaaError::HashingFailed)
 }