Implement Verifiable Incremental Distributed Point Function (VIDPF). #954
Conversation
There was a problem hiding this comment.
Still working my way through eval(), but I wanted to give you some comments to catch up on in the meantime. Looking good!
- Be careful about what we expose in the public API.
- I'd like to find more meaningful names than "hash_one" and "hash_two". What about something like "node_proof" and "node_proof_adjustment" respectively? This is more or less what we came up in the draft.
- Documentation: Be consistent about notation for the struct name in the code comment. All of the following are used:
Name,[Name], andName. Note that the are all rendered differently incargo doc. - Resolve the conflicts on this branch.
src/vidpf.rs
Outdated
| } | ||
|
|
||
| fn prg(&self, seed: &Seed) -> Sequence { | ||
| let dst = b"100"; |
There was a problem hiding this comment.
Bump: If you don't want to work on this in this PR, let me know and I"ll find some place to track the TODO.
There was a problem hiding this comment.
Looking very good! It looks to me like you've properly translated the paper. Just one minor thing to fix in prg() to match the (eventual) draft.
The only other high level thing is that we want a default implementation of VidpfWeight for Vec<F> instead of [F; N].
src/vidpf.rs
Outdated
| } | ||
|
|
||
| fn node_proof(input: &VidpfInput, level: usize, seed: &Seed) -> Result<Proof, VidpfError> { | ||
| let mut binder = input.prefix(level).to_bytes(); |
There was a problem hiding this comment.
Note that this part of the binder is variable-length, which differs from the current draft-mouris-cfrg-mastic implementation. It sounds like we may want to wait on further draft changes before we try fully aligning with it, though.
There was a problem hiding this comment.
Noted. Also, it's likely than there are some other discrepancies between this implementation and the Python impl.
armfazh
force-pushed
the
impl_vidpf
branch
2 times, most recently
from
c72abbe
to
93006fb
Compare
|
I've addressed your comments, and added more tests for coverage. |
There was a problem hiding this comment.
Looks good to me. All of my remaining comments are debatable gripes about the API. Take these as suggestions, and let @divergentdave make the final call.
- For consistency with the rest of this crate, each struct should begin with
Vidpf. (See inline comments.) - Each docuco mment for a struct begins with a refereence to that struct. This gets rendered into a hyperlink, which looks strange in
cargo doc:
The VIDPF construction is specified in [[draft-mouris-cfrg-mastic]] and builds on techniques from [[MST23]] and [[CP22]] to lift an IDPF to a VIDPF. [CP22]: https://eprint.iacr.org/2021/580 [MST23]: https://eprint.iacr.org/2023/080 [draft-mouris-cfrg-mastic]: https://datatracker.ietf.org/doc/draft-mouris-cfrg-mastic/02/
|
@armfazh go ahead and merge at will. |
Partially addresses #947.
Implements Verifiable Incremental Distributed Point Function (VIDPF).
The VIDPF construction is specified in [draft-mouris-cfrg-mastic] and builds on techniques from [MST23] and [CP22] to lift an IDPF to a VIDPF.