Merge pull request #36 from stevenroose/whitelist

Add whitelist support

Author: stevenroose

secp256k1-zkp-sys/build.rs

@@ -43,6 +43,7 @@ fn main() {
         .define("ENABLE_MODULE_GENERATOR", Some("1"))
         .define("ENABLE_MODULE_RANGEPROOF", Some("1"))
         .define("ENABLE_MODULE_ECDSA_ADAPTOR", Some("1"))
+        .define("ENABLE_MODULE_WHITELIST", Some("1"))
         .define("ECMULT_GEN_PREC_BITS", Some("4"))
         // TODO these three should be changed to use libgmp, at least until secp PR 290 is merged
         .define("USE_NUM_NONE", Some("1"))

secp256k1-zkp-sys/src/zkp.rs

@@ -1,10 +1,13 @@
 use core::{fmt, hash};
-use {types::*, Context, PublicKey, Signature};
+use {types::*, Context, NonceFn, PublicKey, Signature};
 
 /// Rangeproof maximum length
 pub const RANGEPROOF_MAX_LENGTH: size_t = 5134;
 pub const ECDSA_ADAPTOR_SIGNATURE_LENGTH: size_t = 162;
 
+/// The maximum number of whitelist keys.
+pub const WHITELIST_MAX_N_KEYS: size_t = 255;
+
 extern "C" {
     #[cfg_attr(
         not(feature = "external-symbols"),
@@ -334,6 +337,59 @@ extern "C" {
         adaptor_sig162: *const EcdsaAdaptorSignature,
         enckey: *const PublicKey,
     ) -> c_int;
+
+    #[cfg_attr(
+        not(feature = "external-symbols"),
+        link_name = "rustsecp256k1zkp_v0_4_0_whitelist_signature_parse"
+    )]
+    pub fn secp256k1_whitelist_signature_parse(
+        cx: *const Context,
+        sig: *mut WhitelistSignature,
+        input: *const c_uchar,
+        input_len: size_t,
+    ) -> c_int;
+
+    #[cfg_attr(
+        not(feature = "external-symbols"),
+        link_name = "rustsecp256k1zkp_v0_4_0_whitelist_signature_serialize"
+    )]
+    pub fn secp256k1_whitelist_signature_serialize(
+        ctx: *const Context,
+        output: *mut c_uchar,
+        outputlen: *mut size_t,
+        sig: *const WhitelistSignature,
+    ) -> c_int;
+
+    #[cfg_attr(
+        not(feature = "external-symbols"),
+        link_name = "rustsecp256k1zkp_v0_4_0_whitelist_sign"
+    )]
+    pub fn secp256k1_whitelist_sign(
+        ctx: *const Context,
+        sig: *mut WhitelistSignature,
+        online_keys: *const PublicKey,
+        offline_keys: *const PublicKey,
+        n_keys: size_t,
+        sub_pubkey: *const PublicKey,
+        online_seckey: *const c_uchar,
+        summed_seckey: *const c_uchar,
+        index: size_t,
+        noncefp: NonceFn,
+        noncedata: *mut c_void,
+    ) -> c_int;
+
+    #[cfg_attr(
+        not(feature = "external-symbols"),
+        link_name = "rustsecp256k1zkp_v0_4_0_whitelist_verify"
+    )]
+    pub fn secp256k1_whitelist_verify(
+        ctx: *const Context,
+        sig: *const WhitelistSignature,
+        online_keys: *const PublicKey,
+        offline_keys: *const PublicKey,
+        n_keys: size_t,
+        sub_pubkey: *const PublicKey,
+    ) -> c_int;
 }
 
 #[repr(C)]
@@ -476,6 +532,39 @@ impl hash::Hash for PedersenCommitment {
     }
 }
 
+/// A ring signature for the "whitelist" scheme.
+#[repr(C)]
+#[derive(Clone)]
+pub struct WhitelistSignature {
+    /// The number of keys.
+    pub n_keys: size_t,
+    /// The signature in the form of e0 + n_keys s values.
+    pub data: [u8; 32 * (1 + WHITELIST_MAX_N_KEYS)],
+}
+
+impl hash::Hash for WhitelistSignature {
+    fn hash<H: hash::Hasher>(&self, state: &mut H) {
+        self.n_keys.hash(state);
+        self.data[..].hash(state);
+    }
+}
+
+impl PartialEq for WhitelistSignature {
+    fn eq(&self, other: &Self) -> bool {
+        self.n_keys == other.n_keys && self.data[..] == other.data[..]
+    }
+}
+impl Eq for WhitelistSignature {}
+
+impl Default for WhitelistSignature {
+    fn default() -> WhitelistSignature {
+        WhitelistSignature {
+            n_keys: 0,
+            data: [0; 32 * (1 + WHITELIST_MAX_N_KEYS)],
+        }
+    }
+}
+
 /// Same as secp256k1_nonce_function_hardened with the exception of using the
 /// compressed 33-byte encoding for the pubkey argument.
 pub type EcdsaAdaptorNonceFn = Option<

src/lib.rs

@@ -110,6 +110,14 @@ pub enum Error {
     CannotRecoverAdaptorSecret,
     /// Given adaptor signature is not valid for the provided combination of public key, encryption key and message
     CannotVerifyAdaptorSignature,
+    /// Given bytes don't represent a valid whitelist signature
+    InvalidWhitelistSignature,
+    /// Invalid PAK list
+    InvalidPakList,
+    /// Couldn't create whitelist signature with the given data.
+    CannotCreateWhitelistSignature,
+    /// The given whitelist signature doesn't correctly prove inclusion in the whitelist.
+    InvalidWhitelistProof,
 }
 
 // Passthrough Debug to Display, since errors should be user-visible
@@ -129,6 +137,14 @@ impl fmt::Display for Error {
             Error::Upstream(inner) => return write!(f, "{}", inner),
             Error::InvalidTweakLength => "Tweak must of size 32",
             Error::TweakOutOfBounds => "Tweak must be less than secp curve order",
+            Error::InvalidWhitelistSignature => "malformed whitelist signature",
+            Error::InvalidPakList => "invalid PAK list",
+            Error::CannotCreateWhitelistSignature => {
+                "cannot create whitelist signature with the given data"
+            }
+            Error::InvalidWhitelistProof => {
+                "given whitelist signature doesn't correctly prove inclusion in the whitelist"
+            }
         };
 
         f.write_str(str)

src/zkp/mod.rs

@@ -7,6 +7,7 @@ mod rangeproof;
 #[cfg(feature = "std")]
 mod surjection_proof;
 mod tag;
+mod whitelist;
 
 pub use self::ecdsa_adaptor::*;
 pub use self::generator::*;
@@ -17,3 +18,4 @@ pub use self::rangeproof::*;
 #[cfg(feature = "std")]
 pub use self::surjection_proof::*;
 pub use self::tag::*;
+pub use self::whitelist::*;