Merge branch 'release/0.7'

Author: hdevalence

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 Entries are listed in reverse chronological order.
 
+## 0.7.0
+
+* Update `curve25519-dalek`, `merlin` dependencies to 2.0.
+* Switch from `failure` to `thiserror` to provide `std`-compatible errors.
+* Correct `curve25519-dalek` feature-selection logic.
+
 ## 0.6.2
 
 * Correct minimum `curve25519-dalek` version to 1.0.3, not 1.0.0.

Cargo.toml

@@ -1,14 +1,15 @@
 [package]
 name = "zkp"
-version = "0.6.2"
+version = "0.7.0"
 authors = ["Henry de Valence <[email protected]>"]
+edition = "2018"
 license = "CC0-1.0"
 readme = "README.md"
 repository = "https://github.com/hdevalence/zkp"
 documentation = "https://docs.rs/zkp"
 categories = ["cryptography"]
-keywords = ["cryptography", "curve25519", "zero-knowledge", "NIZK", "compiler"]
-description = "This crate has an experimental zero-knowledge proof compiler implemented using Rust macros"
+keywords = ["cryptography", "ristretto", "zero-knowledge", "NIZK", "compiler"]
+description = "A toolkit for auto-generated implementations of Schnorr proofs"
 exclude = [
     ".gitignore"
 ]
@@ -17,26 +18,23 @@ exclude = [
 features = ["nightly"]
 
 [dependencies]
-merlin = "1"
-rand = "0.6"
-serde = "1.0"
-serde_derive = "1.0"
-failure = "0.1.5"
-failure_derive = "0.1.5"
-
-[dependencies.curve25519-dalek]
-features = ["serde", "nightly", "alloc"]
-version = "1.0.3"
+merlin = "2"
+rand = "0.7"
+serde = "1"
+serde_derive = "1"
+thiserror = "1"
+# Disable default features to deselect a backend, then select one below
+curve25519-dalek = { version = "2", default-features = false, features = ["serde", "std"] }
 
 [dev-dependencies]
 bincode = "1"
 sha2 = "0.8"
 
 [features]
+nightly = ["curve25519-dalek/nightly"]
+debug-transcript = ["merlin/debug-transcript"]
+bench = []
 default = ["u64_backend"]
 u32_backend = ["curve25519-dalek/u32_backend"]
 u64_backend = ["curve25519-dalek/u64_backend"]
 simd_backend = ["curve25519-dalek/simd_backend"]
-nightly = ["curve25519-dalek/nightly"]
-bench = [ ]
-debug-transcript = ["merlin/debug-transcript"]

benches/dleq.rs

@@ -30,8 +30,8 @@ use curve25519_dalek::constants as dalek_constants;
 use curve25519_dalek::ristretto::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
 
-use zkp::Transcript;
 use zkp::toolbox::{batch_verifier::BatchVerifier, prover::Prover, verifier::Verifier, SchnorrCS};
+use zkp::Transcript;
 
 #[allow(non_snake_case)]
 fn dleq_statement<CS: SchnorrCS>(
@@ -62,8 +62,8 @@ fn create_compact_dleq(b: &mut Bencher) {
         let var_x = prover.allocate_scalar(b"x", x);
         let (var_G, _) = prover.allocate_point(b"G", G);
         let (var_H, _) = prover.allocate_point(b"H", H);
-        let (var_A, cmpr_A) = prover.allocate_point(b"A", A);
-        let (var_B, cmpr_B) = prover.allocate_point(b"B", B);
+        let (var_A, _cmpr_A) = prover.allocate_point(b"A", A);
+        let (var_B, _cmpr_B) = prover.allocate_point(b"B", B);
 
         dleq_statement(&mut prover, var_x, var_A, var_B, var_G, var_H);
 
@@ -132,8 +132,8 @@ fn create_batchable_dleq(b: &mut Bencher) {
         let var_x = prover.allocate_scalar(b"x", x);
         let (var_G, _) = prover.allocate_point(b"G", G);
         let (var_H, _) = prover.allocate_point(b"H", H);
-        let (var_A, cmpr_A) = prover.allocate_point(b"A", A);
-        let (var_B, cmpr_B) = prover.allocate_point(b"B", B);
+        let (var_A, _cmpr_A) = prover.allocate_point(b"A", A);
+        let (var_B, _cmpr_B) = prover.allocate_point(b"B", B);
 
         dleq_statement(&mut prover, var_x, var_A, var_B, var_G, var_H);
 

benches/zkp.rs

@@ -21,15 +21,6 @@ extern crate sha2;
 extern crate zkp;
 
 extern crate test;
-use test::Bencher;
-
-use self::sha2::Sha512;
-
-use curve25519_dalek::constants as dalek_constants;
-use curve25519_dalek::ristretto::RistrettoPoint;
-use curve25519_dalek::scalar::Scalar;
-
-use zkp::Transcript;
 
 mod cmz {
     // Proof statement for "credential presentation with 10 hidden attributes" from CMZ'13.

src/errors.rs

@@ -1,11 +1,11 @@
-
+use thiserror::Error;
 /// An error during proving or verification, such as a verification failure.
-#[derive(Debug, Fail)]
+#[derive(Debug, Error)]
 pub enum ProofError {
     /// Something is wrong with the proof, causing a verification failure.
-    #[fail(display = "Verification failed.")]
+    #[error("Verification failed.")]
     VerificationFailure,
     /// Occurs during batch verification if the batch parameters are mis-sized.
-    #[fail(display = "Mismatched parameter sizes for batch verification.")]
+    #[error("Mismatched parameter sizes for batch verification.")]
     BatchSizeMismatch,
 }

src/lib.rs

@@ -20,10 +20,6 @@
 //! Docs will only build on nightly Rust until
 //! [RFC 1990 stabilizes](https://github.com/rust-lang/rust/issues/44732).
 
-extern crate failure;
-#[macro_use]
-extern crate failure_derive;
-
 extern crate serde;
 
 #[doc(hidden)]
@@ -42,11 +38,11 @@ mod errors;
 mod proofs;
 mod util;
 
-pub use errors::*;
-pub use proofs::*;
+pub use crate::errors::*;
+pub use crate::proofs::*;
 
 pub mod toolbox;
 
 #[macro_use]
 mod macros;
-pub use macros::*;
+pub use crate::macros::*;

src/toolbox/batch_verifier.rs

@@ -4,15 +4,15 @@ use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::{IsIdentity, VartimeMultiscalarMul};
 
-use crate::{ProofError, Transcript, BatchableProof};
-use toolbox::{TranscriptProtocol, SchnorrCS};
-use util::Matrix;
+use crate::toolbox::{SchnorrCS, TranscriptProtocol};
+use crate::util::Matrix;
+use crate::{BatchableProof, ProofError, Transcript};
 
 /// Used to produce batch verification results.
 ///
 /// To use a [`BatchVerifier`], first construct one using [`BatchVerifier::new()`],
 /// declaring a batch size,
-/// supplying a domain separation label for the proof statement, as well as a 
+/// supplying a domain separation label for the proof statement, as well as a
 /// transcript for each proof to verify.
 ///
 /// Allocate secret variables using [`BatchVerifier::allocate_scalar`].

src/toolbox/mod.rs

@@ -34,18 +34,18 @@
 //! function, making it possible to combine generated and hand-crafted
 //! proof statements into the same constraint system.
 
+/// Implements batch verification of batchable proofs.
+pub mod batch_verifier;
 /// Implements proof creation.
 pub mod prover;
 /// Implements proof verification of compact and batchable proofs.
 pub mod verifier;
-/// Implements batch verification of batchable proofs.
-pub mod batch_verifier;
 
 use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::IsIdentity;
 
-use crate::{Transcript, ProofError};
+use crate::{ProofError, Transcript};
 
 /// An interface for specifying proof statements, common between
 /// provers and verifiers.
@@ -164,12 +164,12 @@ pub trait TranscriptProtocol {
 
 impl TranscriptProtocol for Transcript {
     fn domain_sep(&mut self, label: &'static [u8]) {
-        self.commit_bytes(b"dom-sep", b"schnorrzkp/1.0/ristretto255");
-        self.commit_bytes(b"dom-sep", label);
+        self.append_message(b"dom-sep", b"schnorrzkp/1.0/ristretto255");
+        self.append_message(b"dom-sep", label);
     }
 
     fn append_scalar_var(&mut self, label: &'static [u8]) {
-        self.commit_bytes(b"scvar", label);
+        self.append_message(b"scvar", label);
     }
 
     fn append_point_var(
@@ -178,8 +178,8 @@ impl TranscriptProtocol for Transcript {
         point: &RistrettoPoint,
     ) -> CompressedRistretto {
         let encoding = point.compress();
-        self.commit_bytes(b"ptvar", label);
-        self.commit_bytes(b"val", encoding.as_bytes());
+        self.append_message(b"ptvar", label);
+        self.append_message(b"val", encoding.as_bytes());
         encoding
     }
 
@@ -191,8 +191,8 @@ impl TranscriptProtocol for Transcript {
         if point.is_identity() {
             return Err(ProofError::VerificationFailure);
         }
-        self.commit_bytes(b"ptvar", label);
-        self.commit_bytes(b"val", point.as_bytes());
+        self.append_message(b"ptvar", label);
+        self.append_message(b"val", point.as_bytes());
         Ok(())
     }
 
@@ -202,8 +202,8 @@ impl TranscriptProtocol for Transcript {
         point: &RistrettoPoint,
     ) -> CompressedRistretto {
         let encoding = point.compress();
-        self.commit_bytes(b"blindcom", label);
-        self.commit_bytes(b"val", encoding.as_bytes());
+        self.append_message(b"blindcom", label);
+        self.append_message(b"val", encoding.as_bytes());
         encoding
     }
 
@@ -215,8 +215,8 @@ impl TranscriptProtocol for Transcript {
         if point.is_identity() {
             return Err(ProofError::VerificationFailure);
         }
-        self.commit_bytes(b"blindcom", label);
-        self.commit_bytes(b"val", point.as_bytes());
+        self.append_message(b"blindcom", label);
+        self.append_message(b"val", point.as_bytes());
         Ok(())
     }
 

src/toolbox/prover.rs

@@ -4,8 +4,8 @@ use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::MultiscalarMul;
 
-use crate::{Transcript, CompactProof, BatchableProof};
-use toolbox::{SchnorrCS, TranscriptProtocol};
+use crate::toolbox::{SchnorrCS, TranscriptProtocol};
+use crate::{BatchableProof, CompactProof, Transcript};
 
 /// Used to create proofs.
 ///
@@ -77,7 +77,7 @@ impl<'a> Prover<'a> {
         // Construct a TranscriptRng
         let mut rng_builder = self.transcript.build_rng();
         for scalar in &self.scalars {
-            rng_builder = rng_builder.commit_witness_bytes(b"", scalar.as_bytes());
+            rng_builder = rng_builder.rekey_with_witness_bytes(b"", scalar.as_bytes());
         }
         let mut transcript_rng = rng_builder.finalize(&mut thread_rng());
 

src/toolbox/verifier.rs

@@ -5,8 +5,8 @@ use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::{IsIdentity, VartimeMultiscalarMul};
 
-use crate::{ProofError, Transcript, CompactProof, BatchableProof};
-use toolbox::{SchnorrCS, TranscriptProtocol};
+use crate::toolbox::{SchnorrCS, TranscriptProtocol};
+use crate::{BatchableProof, CompactProof, ProofError, Transcript};
 
 /// Used to produce verification results.
 ///
@@ -31,7 +31,6 @@ pub struct Verifier<'a> {
     constraints: Vec<(PointVar, Vec<(ScalarVar, PointVar)>)>,
 }
 
-
 /// A secret variable used during verification.
 ///
 /// Note that this variable is only a placeholder; it has no