From aff87b5f6a3eb1f41b5fb31db9b1ccb8568cc340 Mon Sep 17 00:00:00 2001 From: Sarang Noether <32460187+SarangNoether@users.noreply.github.com> Date: Tue, 12 May 2020 13:53:10 -0400 Subject: [PATCH] Added balance check to MLSAG/CLSAG performance tests --- tests/performance_tests/main.cpp | 26 ++-- tests/performance_tests/sig_clsag.h | 176 +++++++++++++++++++--------- tests/performance_tests/sig_mlsag.h | 174 ++++++++++++++++++--------- 3 files changed, 257 insertions(+), 119 deletions(-) diff --git a/tests/performance_tests/main.cpp b/tests/performance_tests/main.cpp index 675a8c19f..e59bb52fd 100644 --- a/tests/performance_tests/main.cpp +++ b/tests/performance_tests/main.cpp @@ -215,18 +215,20 @@ int main(int argc, char** argv) TEST_PERFORMANCE1(filter, p, test_cn_fast_hash, 32); TEST_PERFORMANCE1(filter, p, test_cn_fast_hash, 16384); - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 8, 1); // MLSAG verification - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 16, 1); - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 32, 1); - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 64, 1); - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 128, 1); - TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 256, 1); - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 8, 1); // CLSAG verification - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 16, 1); - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 32, 1); - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 64, 1); - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 128, 1); - TEST_PERFORMANCE2(filter, p, test_sig_clsag, 256, 1); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 4, 2, 2); // MLSAG verification + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 8, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 16, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 32, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 64, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 128, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_mlsag, 256, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 4, 2, 2); // CLSAG verification + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 8, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 16, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 32, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 64, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 128, 2, 2); + TEST_PERFORMANCE3(filter, p, test_sig_clsag, 256, 2, 2); TEST_PERFORMANCE2(filter, p, test_ringct_mlsag, 11, false); TEST_PERFORMANCE2(filter, p, test_ringct_mlsag, 11, true); diff --git a/tests/performance_tests/sig_clsag.h b/tests/performance_tests/sig_clsag.h index c15668adb..c59e1e869 100644 --- a/tests/performance_tests/sig_clsag.h +++ b/tests/performance_tests/sig_clsag.h @@ -1,4 +1,4 @@ -// Copyright (c) 2014-2019, The Monero Project +// Copyright (c) 2014-2020, The Monero Project // // All rights reserved. // @@ -31,74 +31,142 @@ #pragma once #include "ringct/rctSigs.h" -#include "cryptonote_basic/cryptonote_basic.h" +#include "ringct/rctTypes.h" #include "device/device.hpp" -#include "single_tx_test_base.h" - using namespace rct; -template -class test_sig_clsag : public single_tx_test_base +template +class test_sig_clsag { -public: - static const size_t N = ring_size; - static const size_t loop_count = 1000; - static const size_t l = index; + public: + static const size_t loop_count = 1000; + static const size_t N = a_N; + static const size_t T = a_T; + static const size_t w = a_w; - bool init() - { - if (!single_tx_test_base::init()) - return false; + bool init() + { + pubs.reserve(N); + pubs.resize(N); - message = skGen(); + r = keyV(w); // M[l[u]] = Com(0,r[u]) - // Random signing/commitment keys - pubs.reserve(N); - for (size_t i = 0; i < N; i++) - { - key sk; - ctkey tmp; + a = keyV(w); // P[l[u]] = Com(a[u],s[u]) + s = keyV(w); - skpkGen(sk, tmp.dest); - skpkGen(sk, tmp.mask); + Q = keyV(T); // Q[j] = Com(b[j],t[j]) + b = keyV(T); + t = keyV(T); - pubs.push_back(tmp); - } + // Random keys + key temp; + for (size_t k = 0; k < N; k++) + { + skpkGen(temp,pubs[k].dest); + skpkGen(temp,pubs[k].mask); + } - // Signing key - key p; - skpkGen(p,pubs[l].dest); - - // Commitment key - key t,u; - t = skGen(); - u = skGen(); - addKeys2(pubs[l].mask,t,u,H); + // Signing and commitment keys (assumes fixed signing indices 0,1,...,w-1 for this test) + // TODO: random signing indices + C_offsets = keyV(w); // P[l[u]] - C_offsets[u] = Com(0,s[u]-s1[u]) + s1 = keyV(w); + key a_sum = zero(); + key s1_sum = zero(); + messages = keyV(w); + for (size_t u = 0; u < w; u++) + { + skpkGen(r[u],pubs[u].dest); // M[u] = Com(0,r[u]) - // Offset - key t2; - t2 = skGen(); - addKeys2(C_offset,t2,u,H); + a[u] = skGen(); // P[u] = Com(a[u],s[u]) + s[u] = skGen(); + addKeys2(pubs[u].mask,s[u],a[u],H); - // Final signing keys - ctkey insk; - insk.dest = p; - insk.mask = t; + s1[u] = skGen(); // C_offsets[u] = Com(a[u],s1[u]) + addKeys2(C_offsets[u],s1[u],a[u],H); - sig = proveRctCLSAGSimple(message,pubs,insk,t2,C_offset,NULL,NULL,NULL,l,hw::get_device("default")); + sc_add(a_sum.bytes,a_sum.bytes,a[u].bytes); + sc_add(s1_sum.bytes,s1_sum.bytes,s1[u].bytes); - return true; - } + messages[u] = skGen(); + } - bool test() - { - return verRctCLSAGSimple(message,sig,pubs,C_offset); - } + // Outputs + key b_sum = zero(); + key t_sum = zero(); + for (size_t j = 0; j < T-1; j++) + { + b[j] = skGen(); // Q[j] = Com(b[j],t[j]) + t[j] = skGen(); + addKeys2(Q[j],t[j],b[j],H); -private: - ctkeyV pubs; - key C_offset; - clsag sig; - key message; + sc_add(b_sum.bytes,b_sum.bytes,b[j].bytes); + sc_add(t_sum.bytes,t_sum.bytes,t[j].bytes); + } + // Value/mask balance for Q[T-1] + sc_sub(b[T-1].bytes,a_sum.bytes,b_sum.bytes); + sc_sub(t[T-1].bytes,s1_sum.bytes,t_sum.bytes); + addKeys2(Q[T-1],t[T-1],b[T-1],H); + + // Build proofs + sigs.reserve(w); + sigs.resize(0); + ctkey sk; + for (size_t u = 0; u < w; u++) + { + sk.dest = r[u]; + sk.mask = s[u]; + + sigs.push_back(proveRctCLSAGSimple(messages[u],pubs,sk,s1[u],C_offsets[u],NULL,NULL,NULL,u,hw::get_device("default"))); + } + + return true; + } + + bool test() + { + for (size_t u = 0; u < w; u++) + { + if (!verRctCLSAGSimple(messages[u],sigs[u],pubs,C_offsets[u])) + { + return false; + } + } + + // Check balanace + std::vector balance; + balance.reserve(w + T); + balance.resize(0); + key ZERO = zero(); + key ONE = identity(); + key MINUS_ONE; + sc_sub(MINUS_ONE.bytes,ZERO.bytes,ONE.bytes); + for (size_t u = 0; u < w; u++) + { + balance.push_back({ONE,C_offsets[u]}); + } + for (size_t j = 0; j < T; j++) + { + balance.push_back({MINUS_ONE,Q[j]}); + } + if (!(straus(balance) == ONE)) // group identity + { + return false; + } + + return true; + } + + private: + ctkeyV pubs; + keyV Q; + keyV r; + keyV s; + keyV s1; + keyV t; + keyV a; + keyV b; + keyV C_offsets; + keyV messages; + std::vector sigs; }; diff --git a/tests/performance_tests/sig_mlsag.h b/tests/performance_tests/sig_mlsag.h index c9745b504..89645e155 100644 --- a/tests/performance_tests/sig_mlsag.h +++ b/tests/performance_tests/sig_mlsag.h @@ -1,4 +1,4 @@ -// Copyright (c) 2014-2019, The Monero Project +// Copyright (c) 2014-2020, The Monero Project // // All rights reserved. // @@ -31,74 +31,142 @@ #pragma once #include "ringct/rctSigs.h" -#include "cryptonote_basic/cryptonote_basic.h" +#include "ringct/rctTypes.h" #include "device/device.hpp" -#include "single_tx_test_base.h" - using namespace rct; -template -class test_sig_mlsag : public single_tx_test_base +template +class test_sig_mlsag { -public: - static const size_t N = ring_size; - static const size_t loop_count = 1000; - static const size_t l = index; + public: + static const size_t loop_count = 1000; + static const size_t N = a_N; + static const size_t T = a_T; + static const size_t w = a_w; - bool init() - { - if (!single_tx_test_base::init()) - return false; + bool init() + { + pubs.reserve(N); + pubs.resize(N); - message = skGen(); + r = keyV(w); // M[l[u]] = Com(0,r[u]) - // Random signing/commitment keys - pubs.reserve(N); - for (size_t i = 0; i < N; i++) - { - key sk; - ctkey tmp; + a = keyV(w); // P[l[u]] = Com(a[u],s[u]) + s = keyV(w); - skpkGen(sk, tmp.dest); - skpkGen(sk, tmp.mask); + Q = keyV(T); // Q[j] = Com(b[j],t[j]) + b = keyV(T); + t = keyV(T); - pubs.push_back(tmp); - } + // Random keys + key temp; + for (size_t k = 0; k < N; k++) + { + skpkGen(temp,pubs[k].dest); + skpkGen(temp,pubs[k].mask); + } - // Signing key - key p; - skpkGen(p,pubs[l].dest); + // Signing and commitment keys (assumes fixed signing indices 0,1,...,w-1 for this test) + // TODO: random signing indices + C_offsets = keyV(w); // P[l[u]] - C_offsets[u] = Com(0,s[u]-s1[u]) + s1 = keyV(w); + key a_sum = zero(); + key s1_sum = zero(); + messages = keyV(w); + for (size_t u = 0; u < w; u++) + { + skpkGen(r[u],pubs[u].dest); // M[u] = Com(0,r[u]) - // Commitment key - key t,u; - t = skGen(); - u = skGen(); - addKeys2(pubs[l].mask,t,u,H); + a[u] = skGen(); // P[u] = Com(a[u],s[u]) + s[u] = skGen(); + addKeys2(pubs[u].mask,s[u],a[u],H); - // Offset - key t2; - t2 = skGen(); - addKeys2(C_offset,t2,u,H); + s1[u] = skGen(); // C_offsets[u] = Com(a[u],s1[u]) + addKeys2(C_offsets[u],s1[u],a[u],H); - // Final signing keys - ctkey insk; - insk.dest = p; - insk.mask = t; + sc_add(a_sum.bytes,a_sum.bytes,a[u].bytes); + sc_add(s1_sum.bytes,s1_sum.bytes,s1[u].bytes); - sig = proveRctMGSimple(message,pubs,insk,t2,C_offset,NULL,NULL,l,hw::get_device("default")); + messages[u] = skGen(); + } - return true; - } + // Outputs + key b_sum = zero(); + key t_sum = zero(); + for (size_t j = 0; j < T-1; j++) + { + b[j] = skGen(); // Q[j] = Com(b[j],t[j]) + t[j] = skGen(); + addKeys2(Q[j],t[j],b[j],H); - bool test() - { - return verRctMGSimple(message,sig,pubs,C_offset); - } + sc_add(b_sum.bytes,b_sum.bytes,b[j].bytes); + sc_add(t_sum.bytes,t_sum.bytes,t[j].bytes); + } + // Value/mask balance for Q[T-1] + sc_sub(b[T-1].bytes,a_sum.bytes,b_sum.bytes); + sc_sub(t[T-1].bytes,s1_sum.bytes,t_sum.bytes); + addKeys2(Q[T-1],t[T-1],b[T-1],H); -private: - ctkeyV pubs; - key C_offset; - mgSig sig; - key message; + // Build proofs + sigs.reserve(w); + sigs.resize(0); + ctkey sk; + for (size_t u = 0; u < w; u++) + { + sk.dest = r[u]; + sk.mask = s[u]; + + sigs.push_back(proveRctMGSimple(messages[u],pubs,sk,s1[u],C_offsets[u],NULL,NULL,u,hw::get_device("default"))); + } + + return true; + } + + bool test() + { + for (size_t u = 0; u < w; u++) + { + if (!verRctMGSimple(messages[u],sigs[u],pubs,C_offsets[u])) + { + return false; + } + } + + // Check balanace + std::vector balance; + balance.reserve(w + T); + balance.resize(0); + key ZERO = zero(); + key ONE = identity(); + key MINUS_ONE; + sc_sub(MINUS_ONE.bytes,ZERO.bytes,ONE.bytes); + for (size_t u = 0; u < w; u++) + { + balance.push_back({ONE,C_offsets[u]}); + } + for (size_t j = 0; j < T; j++) + { + balance.push_back({MINUS_ONE,Q[j]}); + } + if (!(straus(balance) == ONE)) // group identity + { + return false; + } + + return true; + } + + private: + ctkeyV pubs; + keyV Q; + keyV r; + keyV s; + keyV s1; + keyV t; + keyV a; + keyV b; + keyV C_offsets; + keyV messages; + std::vector sigs; };