LCOV - code coverage report
Current view: top level - flamenco/runtime/program/zksdk/instructions - fd_zksdk_pubkey_validity.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 40 46 87.0 %
Date: 2024-11-13 11:58:15 Functions: 3 3 100.0 % 

          Line data    Source code
       1             : #include "../fd_zksdk_private.h"
       2             : 
       3             : static inline void
       4             : pubkey_validity_transcript_init( fd_zksdk_transcript_t *                    transcript,
       5          33 :                                  fd_zksdk_pubkey_validity_context_t const * context ) {
       6          33 :   fd_zksdk_transcript_init( transcript, FD_TRANSCRIPT_LITERAL("pubkey-validity-instruction") );
       7          33 :   fd_zksdk_transcript_append_pubkey( transcript, FD_TRANSCRIPT_LITERAL("pubkey"), context->pubkey );
       8          33 : }
       9             : 
      10             : /* https://github.com/anza-xyz/agave/blob/v2.0.1/zk-sdk/src/sigma_proofs/pubkey_validity.rs#L91 */
      11             : static inline int
      12             : fd_zksdk_verify_proof_pubkey_validity(
      13             :   fd_zksdk_pubkey_validity_proof_t const * proof,
      14             :   uchar const                              pubkey[ 32 ],
      15          33 :   fd_zksdk_transcript_t *                  transcript ) {
      16             :   /*
      17             :     We need to verify the following equivalence:
      18             :         z H =?= c P + Y
      19             :     or:
      20             :         Y =?= z H - c P
      21             :   */
      22             : 
      23             :   /* Validate all inputs */
      24          33 :   uchar scalars[ 2 * 32 ];
      25          33 :   fd_ristretto255_point_t points[2];
      26          33 :   fd_ristretto255_point_t y[1];
      27          33 :   fd_ristretto255_point_t res[1];
      28             : 
      29          33 :   if( FD_UNLIKELY( fd_curve25519_scalar_validate( proof->z )==NULL ) ) {
      30           0 :     return FD_ZKSDK_VERIFY_PROOF_ERROR;
      31           0 :   }
      32             : 
      33          33 :   fd_ristretto255_point_set( &points[0], fd_zksdk_basepoint_H );
      34          33 :   if( FD_UNLIKELY( fd_ristretto255_point_decompress( &points[1], pubkey )==NULL ) ) {
      35           3 :     return FD_ZKSDK_VERIFY_PROOF_ERROR;
      36           3 :   }
      37          30 :   if( FD_UNLIKELY( fd_ristretto255_point_decompress( y, proof->y )==NULL ) ) {
      38           0 :     return FD_ZKSDK_VERIFY_PROOF_ERROR;
      39           0 :   }
      40             : 
      41             :   /* Finalize transcript and extract challenges */
      42          30 :   fd_zksdk_transcript_domsep_pubkey_proof( transcript );
      43          30 :   int val = FD_TRANSCRIPT_SUCCESS;
      44          30 :   val |= fd_zksdk_transcript_validate_and_append_point( transcript, FD_TRANSCRIPT_LITERAL("Y"), proof->y);
      45          30 :   if( FD_UNLIKELY( val != FD_TRANSCRIPT_SUCCESS ) ) {
      46           0 :     return FD_ZKSDK_VERIFY_PROOF_ERROR;
      47           0 :   }
      48             : 
      49          30 :   uchar c[ 32 ];
      50          30 :   fd_zksdk_transcript_challenge_scalar( c, transcript, FD_TRANSCRIPT_LITERAL("c") );
      51             : 
      52             :   /* Compute scalars */
      53          30 :   fd_curve25519_scalar_set( &scalars[ 0*32 ], proof->z ); //  z
      54          30 :   fd_curve25519_scalar_neg( &scalars[ 1*32 ], c );        // -c
      55             : 
      56             :   /* Compute the final MSM */
      57          30 :   fd_ristretto255_multi_scalar_mul( res, scalars, points, 2 );
      58             : 
      59          30 :   if( FD_LIKELY( fd_ristretto255_point_eq( res, y ) ) ) {
      60          27 :     return FD_EXECUTOR_INSTR_SUCCESS;
      61          27 :   }
      62           3 :   return FD_ZKSDK_VERIFY_PROOF_ERROR;
      63          30 : }
      64             : 
      65             : /* https://github.com/anza-xyz/agave/blob/v2.0.1/zk-sdk/src/zk_elgamal_proof_program/proof_data/pubkey_validity.rs#L73 */
      66             : int
      67          33 : fd_zksdk_instr_verify_proof_pubkey_validity( void const * _context, void const * _proof ) {
      68          33 :   fd_zksdk_transcript_t transcript[1];
      69          33 :   fd_zksdk_pubkey_validity_context_t const * context = _context;
      70          33 :   fd_zksdk_pubkey_validity_proof_t const *   proof   = _proof;
      71             : 
      72          33 :   pubkey_validity_transcript_init( transcript, context );
      73          33 :   return fd_zksdk_verify_proof_pubkey_validity(
      74          33 :     proof,
      75          33 :     context->pubkey,
      76          33 :     transcript
      77          33 :   );
      78          33 : }

Generated by: LCOV version 1.14