[crypto] add bulletproofs to move (MystenLabs#4035)

ritic89 · Aug 18, 2022 · 36cd1ae · 36cd1ae
1 parent 8b8654d
commit 36cd1ae
Show file tree

Hide file tree

Showing 11 changed files with 506 additions and 19 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/sui-config/Cargo.toml b/crates/sui-config/Cargo.toml
@@ -36,5 +36,5 @@ sha3 = "0.10.2"
 digest = "0.10.3"
 
 [dev-dependencies]
-insta = { version = "1.17.1", features = ["redactions"] }
+insta = { version = "1.17.1", features = ["redactions", "yaml"] }
 tempfile = "3.3.0"
diff --git a/crates/sui-config/tests/snapshots/snapshot_tests__empty_genesis_snapshot_matches.snap b/crates/sui-config/tests/snapshots/snapshot_tests__empty_genesis_snapshot_matches.snap
diff --git a/crates/sui-cost/tests/snapshots/snapshot_tests__good_snapshot.snap b/crates/sui-cost/tests/snapshots/snapshot_tests__good_snapshot.snap
@@ -3,27 +3,27 @@ source: crates/sui-cost/tests/snapshot_tests.rs
 expression: common_costs
 ---
 Publish:
-  computationCost: 549
+  computationCost: 561
   storageCost: 84
   storageRebate: 16
 MergeCoin:
-  computationCost: 489
+  computationCost: 501
   storageCost: 32
   storageRebate: 0
 ? SplitCoin: 0
-: computationCost: 472
+: computationCost: 484
   storageCost: 32
   storageRebate: 0
 ? SplitCoin: 1
-: computationCost: 515
+: computationCost: 527
   storageCost: 48
   storageRebate: 0
 ? SplitCoin: 2
-: computationCost: 558
+: computationCost: 570
   storageCost: 64
   storageRebate: 0
 ? SplitCoin: 3
-: computationCost: 601
+: computationCost: 613
   storageCost: 80
   storageRebate: 0
 TransferWholeCoin:

diff --git a/crates/sui-framework/Cargo.toml b/crates/sui-framework/Cargo.toml
@@ -15,6 +15,7 @@ smallvec = "1.9.0"
 num_enum = "0.5.7"
 once_cell = "1.13.1"
 sha3 = "0.10.1"
+curve25519-dalek-ng = "4.1.1"
 
 sui-types = { path = "../sui-types" }
 sui-framework-build = { path = "../sui-framework-build" }

diff --git a/crates/sui-framework/sources/crypto.move b/crates/sui-framework/sources/crypto.move
@@ -26,4 +26,16 @@ module sui::crypto {
     /// If the signature is a valid BLS12381 signature of the message and public key, return true.
     /// Otherwise, return false.
     public native fun bls12381_verify_g1_sig(signature: vector<u8>, public_key: vector<u8>, msg: vector<u8>): bool; 
+
+    use sui::elliptic_curve::{Self as ec, RistrettoPoint};
+
+    native fun native_verify_full_range_proof(proof: vector<u8>, commitment: vector<u8>);
+
+    /// @param proof: The bulletproof
+    /// @param commitment: The commitment which we are trying to verify the range proof for
+    /// 
+    /// If the range proof is valid, execution succeeds, else panics.
+    public fun verify_full_range_proof(proof: vector<u8>, commitment: RistrettoPoint) {
+        native_verify_full_range_proof(proof, ec::bytes(&commitment))
+    }
 }
diff --git a/crates/sui-framework/sources/crypto/elliptic_curve.move b/crates/sui-framework/sources/crypto/elliptic_curve.move
@@ -0,0 +1,120 @@
+// Copyright (c) 2022, Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+/// Library for Elliptic Curve operations on chain. We specifically support the Ristretto-255 sub-group.
+module sui::elliptic_curve {
+    use std::vector;
+
+    ///////////////////////////////////
+    /// Elliptic Curve structs
+    ///////////////////////////////////
+
+    /// Represents a point on the Ristretto-255 subgroup.
+    struct RistrettoPoint has copy, drop, store {
+        // A 32-byte representation of the group element.
+        value: vector<u8>
+    }
+
+    /// Represents a scalar within the Curve25519 prime-order group.
+    struct Scalar has copy, drop, store {
+        // A 32-byte representation of the scalar
+        value: vector<u8>
+    }
+
+    ///////////////////////////////////
+    /// Private 
+    ///////////////////////////////////
+
+    /// @param value: The value to commit to
+    /// @param blinding_factor: A random number used to ensure that the commitment is hiding.
+    native fun native_create_pedersen_commitment(value: vector<u8>, blinding_factor: vector<u8>): vector<u8>;
+
+    /// @param self: bytes representation of an EC point on the Ristretto-255 subgroup 
+    /// @param other: bytes representation of an EC point on the Ristretto-255 subgroup 
+    /// A native move wrapper around the addition of Ristretto points. Returns self + other.
+    native fun native_add_ristretto_point(point1: vector<u8>, point2: vector<u8>): vector<u8>;
+
+    /// @param self: bytes representation of an EC point on the Ristretto-255 subgroup
+    /// @param other: bytes representation of an EC point on the Ristretto-255 subgroup 
+    /// A native move wrapper around the subtraction of Ristretto points. Returns self - other.
+    native fun native_subtract_ristretto_point(point1: vector<u8>, point2: vector<u8>): vector<u8>;
+
+    /// @param value: the value of the to-be-created scalar
+    /// TODO: Transfer this into a Move function some time in the future.
+    /// A native move wrapper for the creation of Scalars on Curve25519.
+    native fun native_scalar_from_u64(value: u64): vector<u8>;
+
+
+    /// @param value: the bytes representation of the scalar.
+    /// TODO: Transfer this into a Move function some time in the future.
+    /// A native move wrapper for the creation of Scalars on Curve25519.
+    native fun native_scalar_from_bytes(bytes: vector<u8>): vector<u8>;
+
+    ///////////////////////////////////
+    /// Public
+    ///////////////////////////////////
+
+    // Scalar
+    ///////////////////////
+
+    /// Create a field element from u64
+    public fun new_scalar_from_u64(value: u64): Scalar {
+        Scalar {
+            value: native_scalar_from_u64(value)
+        }
+    }
+
+    /// Create a pedersen commitment from two field elements
+    public fun create_pedersen_commitment(value: Scalar, blinding_factor: Scalar): RistrettoPoint {
+        return RistrettoPoint {
+            value: native_create_pedersen_commitment(value.value, blinding_factor.value)
+        }
+    }
+
+    /// Creates a new field element from byte representation. Note that
+    /// `value` must be 32-bytes
+    public fun new_scalar_from_bytes(value: vector<u8>): Scalar {
+        Scalar {
+            value: native_scalar_from_bytes(value)
+        }
+    }
+
+    /// Get the byte representation of the field element
+    public fun scalar_bytes(self: &Scalar): vector<u8> {
+        self.value
+    }
+
+    // EC Point
+    ///////////////////////
+
+    /// Get the underlying compressed byte representation of the group element
+    public fun bytes(self: &RistrettoPoint): vector<u8> {
+        self.value
+    }
+
+
+    /// Perform addition on two group elements
+    public fun add(self: &RistrettoPoint, other: &RistrettoPoint): RistrettoPoint {
+        RistrettoPoint {
+            value: native_add_ristretto_point(self.value, other.value)
+        }
+    }
+
+    /// Perform subtraction on two group elements
+    public fun subtract(self: &RistrettoPoint, other: &RistrettoPoint): RistrettoPoint {
+        RistrettoPoint {
+            value: native_subtract_ristretto_point(self.value, other.value)
+        }
+    }
+
+    /// Attempt to create a new group element from compressed bytes representation
+    public fun new_from_bytes(bytes: vector<u8>): RistrettoPoint {
+        assert!(vector::length(&bytes) == 32, 1);
+        RistrettoPoint {
+            value: bytes
+        }
+    }
+
+    // TODO: Add arithmetic for Scalar elements. We just need add, subtract, and multiply.
+    // TODO: Add scalar to point multiplication for group elements.
+}