-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Syncing new test vectors and base mode #58
Conversation
@daxpedda : In the latest version, only the "POPRF" mode uses the "PreparedTScalar" and will follow the batch_evaluate_prepare -> batch_evaluate_finish paradigm. However, the new "Verifiable" mode no longer needs to create a PreparedTScalar, and can just have a single function execute the batch_evaluate, I believe. I was hoping to make this change, but was struggling to make sense of some of the types that were introduced here. Happy to sync off-line if you get a chance and I can explain further where I got stuck! |
Will take a look soon'ish! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Things I will do tmrw:
- Actually go check with the spec, I only reviewed how the code looks.
- Fix
batch_evaluate
. Will make a PR against this branch.
src/voprf.rs
Outdated
@@ -458,40 +457,9 @@ where | |||
/// to the client. | |||
/// | |||
/// # Errors | |||
/// - [`Error::Metadata`] if the `metadata` is longer then `u16::MAX - 21`. | |||
/// - [`Error::Protocol`] if the protocol fails and can't be completed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/// - [`Error::Protocol`] if the protocol fails and can't be completed. | |
/// [`Error::Protocol`] if the protocol fails and can't be completed. |
Not a list anymore.
src/voprf.rs
Outdated
loop { | ||
if counter > 255 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably better in a for counter in 0..=255
loop.
src/voprf.rs
Outdated
|
||
// skS = G.HashToScalar(deriveInput || I2OSP(counter, 1), DST = "DeriveKeyPair" | ||
// || contextString) | ||
let counter_i2osp = i2osp_1(counter).map_err(|_| Error::DeriveKeyPair)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we let counter
be a u8
, we can simply use .to_be_bytes()
here, which also can't fail.
src/voprf.rs
Outdated
@@ -1135,8 +1091,7 @@ where | |||
&a2, | |||
&elem_len, | |||
&a3, | |||
&challenge_dst_len, | |||
&challenge_dst, | |||
&GenericArray::from(STR_CHALLENGE), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to use GenericArray
here, this is already a byte slice.
.zip(iter::repeat((info, finalize_dst))) | ||
.map(|((input, unblinded_element), (info, finalize_dst))| { | ||
let finalize_dst_len = i2osp_2_array(&finalize_dst); | ||
.zip(iter::repeat(finalize_dst)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that finalize_dst
is "free" we won't need to pass it through here either.
@@ -1176,30 +1130,24 @@ where | |||
// https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-3.3.3.2-2 | |||
// https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-3.3.4.3-1 | |||
|
|||
// finalizeDST = "Finalize-" || contextString | |||
let finalize_dst = GenericArray::from(STR_FINALIZE).concat(get_context_string::<CS>(mode)); | |||
let finalize_dst = GenericArray::from(STR_FINALIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above, STR_FINALIZE
is already a byte slice.
src/voprf.rs
Outdated
@@ -1264,9 +1214,9 @@ where | |||
&ci, | |||
&elem_len, | |||
&di, | |||
&composite_dst_len, | |||
&composite_dst, | |||
&GenericArray::from(STR_COMPOSITE), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above.
Thanks for leaving the comments! I have not addressed them just yet (am adding POPRF in first), and could use your eyes on that first...! |
As of the latest commit on this branch, the implementation should be in sync with the CFRG's test vectors for all three modes (OPRF, VOPRF, POPRF). I split up the previous "voprf.rs" into three files, one for each mode. However, I removed the no-alloc versions since I could not get them to compile. I believe the no-alloc version is only needed for the batch functions of POPRF, but not VOPRF. Would be great if you could help here @daxpedda ! Also, the doctests do not currently pass, and many docs for functions need to be updated. Will be happy to do so once we have the no-alloc version working! |
I addressed the remaining concerns in #59. |
Merging along with #59 |
To sync with version 09 of voprf. This version introduces a new mode (so we have three now: base, verifiable, and "poprf").