Syncing new test vectors and base mode #58
Conversation
facebook-github-bot
added
the
CLA Signed
|
@daxpedda : In the latest version, only the "POPRF" mode uses the "PreparedTScalar" and will follow the batch_evaluate_prepare -> batch_evaluate_finish paradigm. However, the new "Verifiable" mode no longer needs to create a PreparedTScalar, and can just have a single function execute the batch_evaluate, I believe. I was hoping to make this change, but was struggling to make sense of some of the types that were introduced here. Happy to sync off-line if you get a chance and I can explain further where I got stuck! |
|
Will take a look soon'ish! |
src/voprf.rs
Outdated
| @@ -458,40 +457,9 @@ where | |||
| /// to the client. | |||
| /// | |||
| /// # Errors | |||
| /// - [`Error::Metadata`] if the `metadata` is longer then `u16::MAX - 21`. | |||
| /// - [`Error::Protocol`] if the protocol fails and can't be completed. | |||
There was a problem hiding this comment.
| /// - [`Error::Protocol`] if the protocol fails and can't be completed. | |
| /// [`Error::Protocol`] if the protocol fails and can't be completed. |
Not a list anymore.
src/voprf.rs
Outdated
| loop { | ||
| if counter > 255 { |
There was a problem hiding this comment.
This is probably better in a for counter in 0..=255 loop.
src/voprf.rs
Outdated
|
|
||
| // skS = G.HashToScalar(deriveInput || I2OSP(counter, 1), DST = "DeriveKeyPair" | ||
| // || contextString) | ||
| let counter_i2osp = i2osp_1(counter).map_err(|_| Error::DeriveKeyPair)?; |
There was a problem hiding this comment.
If we let counter be a u8, we can simply use .to_be_bytes() here, which also can't fail.
src/voprf.rs
Outdated
| @@ -1135,8 +1091,7 @@ where | |||
| &a2, | |||
| &elem_len, | |||
| &a3, | |||
| &challenge_dst_len, | |||
| &challenge_dst, | |||
| &GenericArray::from(STR_CHALLENGE), | |||
There was a problem hiding this comment.
We don't need to use GenericArray here, this is already a byte slice.
| .zip(iter::repeat((info, finalize_dst))) | ||
| .map(|((input, unblinded_element), (info, finalize_dst))| { | ||
| let finalize_dst_len = i2osp_2_array(&finalize_dst); | ||
| .zip(iter::repeat(finalize_dst)) |
There was a problem hiding this comment.
Now that finalize_dst is "free" we won't need to pass it through here either.
| @@ -1176,30 +1130,24 @@ where | |||
| // https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-3.3.3.2-2 | |||
| // https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-3.3.4.3-1 | |||
|
|
|||
| // finalizeDST = "Finalize-" || contextString | |||
| let finalize_dst = GenericArray::from(STR_FINALIZE).concat(get_context_string::<CS>(mode)); | |||
| let finalize_dst = GenericArray::from(STR_FINALIZE); | |||
There was a problem hiding this comment.
As above, STR_FINALIZE is already a byte slice.
src/voprf.rs
Outdated
| @@ -1264,9 +1214,9 @@ where | |||
| &ci, | |||
| &elem_len, | |||
| &di, | |||
| &composite_dst_len, | |||
| &composite_dst, | |||
| &GenericArray::from(STR_COMPOSITE), | |||
|
Thanks for leaving the comments! I have not addressed them just yet (am adding POPRF in first), and could use your eyes on that first...! |
|
As of the latest commit on this branch, the implementation should be in sync with the CFRG's test vectors for all three modes (OPRF, VOPRF, POPRF). I split up the previous "voprf.rs" into three files, one for each mode. However, I removed the no-alloc versions since I could not get them to compile. I believe the no-alloc version is only needed for the batch functions of POPRF, but not VOPRF. Would be great if you could help here @daxpedda ! Also, the doctests do not currently pass, and many docs for functions need to be updated. Will be happy to do so once we have the no-alloc version working! |
|
I addressed the remaining concerns in #59. |
|
Merging along with #59 |
To sync with version 09 of voprf. This version introduces a new mode (so we have three now: base, verifiable, and "poprf").