From 0cdcedd9de59983c54e88bbb849c684b2ea1313b Mon Sep 17 00:00:00 2001 From: dark64 Date: Mon, 12 Dec 2022 16:28:16 +0100 Subject: [PATCH] allow user-provided randomness in setup --- Cargo.lock | 5 ++- zokrates_ark/src/gm17.rs | 12 +++--- zokrates_ark/src/groth16.rs | 12 +++--- zokrates_ark/src/marlin.rs | 14 ++----- zokrates_bellman/Cargo.toml | 4 +- zokrates_bellman/src/groth16.rs | 20 ++++++---- zokrates_bellman/src/lib.rs | 37 +++++++++++-------- zokrates_book/src/toolbox/trusted_setup.md | 2 +- .../mpc_tutorial/{circuit.zok => program.zok} | 0 .../examples/book/mpc_tutorial/test.sh | 4 +- zokrates_cli/src/bin.rs | 1 + zokrates_cli/src/common.rs | 21 +++++++++++ zokrates_cli/src/ops/generate_proof.rs | 18 ++++++++- zokrates_cli/src/ops/mpc/beacon.rs | 11 +++--- zokrates_cli/src/ops/mpc/contribute.rs | 17 +++++---- zokrates_cli/src/ops/setup.rs | 18 ++++++++- zokrates_cli/src/ops/universal_setup.rs | 18 ++++++++- zokrates_js/Cargo.toml | 1 + zokrates_js/src/lib.rs | 10 +++-- zokrates_proof_systems/Cargo.toml | 2 +- zokrates_proof_systems/src/lib.rs | 13 ++++--- 21 files changed, 159 insertions(+), 81 deletions(-) rename zokrates_cli/examples/book/mpc_tutorial/{circuit.zok => program.zok} (100%) create mode 100644 zokrates_cli/src/common.rs diff --git a/Cargo.lock b/Cargo.lock index f250f1fb..4d1c40b3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3041,11 +3041,11 @@ name = "zokrates_bellman" version = "0.1.0" dependencies = [ "bellman_ce", - "getrandom", "hex 0.4.3", "pairing_ce", "phase2", "rand 0.4.6", + "rand 0.8.5", "zokrates_ast", "zokrates_field", "zokrates_interpreter", @@ -3216,6 +3216,7 @@ dependencies = [ "js-sys", "json", "lazy_static", + "rand 0.8.5", "serde", "serde_json", "toml", @@ -3264,7 +3265,7 @@ dependencies = [ "getrandom", "hex 0.4.3", "primitive-types", - "rand 0.4.6", + "rand 0.8.5", "regex 0.2.11", "serde", "zokrates_ast", diff --git a/zokrates_ark/src/gm17.rs b/zokrates_ark/src/gm17.rs index 209a1abd..6983d1c6 100644 --- a/zokrates_ark/src/gm17.rs +++ b/zokrates_ark/src/gm17.rs @@ -9,19 +9,18 @@ use zokrates_field::{ArkFieldExtensions, Field}; use crate::Computation; use crate::{parse_fr, parse_g1, parse_g2}; use crate::{serialization, Ark}; -use rand_0_8::{rngs::StdRng, SeedableRng}; +use rand_0_8::{CryptoRng, RngCore}; use zokrates_ast::ir::{ProgIterator, Statement, Witness}; use zokrates_proof_systems::gm17::{ProofPoints, VerificationKey, GM17}; use zokrates_proof_systems::Scheme; use zokrates_proof_systems::{Backend, NonUniversalBackend, Proof, SetupKeypair}; impl NonUniversalBackend for Ark { - fn setup>>( + fn setup>, R: RngCore + CryptoRng>( program: ProgIterator, + rng: &mut R, ) -> SetupKeypair { let computation = Computation::without_witness(program); - - let rng = &mut StdRng::from_entropy(); let (pk, vk) = ArkGM17::::circuit_specific_setup(computation, rng).unwrap(); let mut pk_vec: Vec = Vec::new(); @@ -41,10 +40,11 @@ impl NonUniversalBackend for Ark { } impl Backend for Ark { - fn generate_proof>>( + fn generate_proof>, R: RngCore + CryptoRng>( program: ProgIterator, witness: Witness, proving_key: Vec, + rng: &mut R, ) -> Proof { let computation = Computation::with_witness(program, witness); @@ -59,9 +59,7 @@ impl Backend for Ark { ) .unwrap(); - let rng = &mut StdRng::from_entropy(); let proof = ArkGM17::::prove(&pk, computation, rng).unwrap(); - let proof_points = ProofPoints { a: parse_g1::(&proof.a), b: parse_g2::(&proof.b), diff --git a/zokrates_ark/src/groth16.rs b/zokrates_ark/src/groth16.rs index 617d34ed..e96f8a62 100644 --- a/zokrates_ark/src/groth16.rs +++ b/zokrates_ark/src/groth16.rs @@ -11,7 +11,7 @@ use zokrates_proof_systems::{Backend, NonUniversalBackend, Proof, SetupKeypair}; use crate::Computation; use crate::{parse_fr, serialization, Ark}; use crate::{parse_g1, parse_g2}; -use rand_0_8::{rngs::StdRng, SeedableRng}; +use rand_0_8::{CryptoRng, RngCore}; use zokrates_ast::ir::{ProgIterator, Statement, Witness}; use zokrates_proof_systems::groth16::{ProofPoints, VerificationKey, G16}; use zokrates_proof_systems::Scheme; @@ -19,10 +19,11 @@ use zokrates_proof_systems::Scheme; const G16_WARNING: &str = "WARNING: You are using the G16 scheme which is subject to malleability. See zokrates.github.io/toolbox/proving_schemes.html#g16-malleability for implications."; impl Backend for Ark { - fn generate_proof>>( + fn generate_proof>, R: RngCore + CryptoRng>( program: ProgIterator, witness: Witness, proving_key: Vec, + rng: &mut R, ) -> Proof { println!("{}", G16_WARNING); @@ -39,9 +40,7 @@ impl Backend for Ark { ) .unwrap(); - let rng = &mut StdRng::from_entropy(); let proof = Groth16::::prove(&pk, computation, rng).unwrap(); - let proof_points = ProofPoints { a: parse_g1::(&proof.a), b: parse_g2::(&proof.b), @@ -86,14 +85,13 @@ impl Backend for Ark { } impl NonUniversalBackend for Ark { - fn setup>>( + fn setup>, R: RngCore + CryptoRng>( program: ProgIterator, + rng: &mut R, ) -> SetupKeypair { println!("{}", G16_WARNING); let computation = Computation::without_witness(program); - - let rng = &mut StdRng::from_entropy(); let (pk, vk) = Groth16::::circuit_specific_setup(computation, rng).unwrap(); let mut pk_vec: Vec = Vec::new(); diff --git a/zokrates_ark/src/marlin.rs b/zokrates_ark/src/marlin.rs index cc85f6a2..1bb21c67 100644 --- a/zokrates_ark/src/marlin.rs +++ b/zokrates_ark/src/marlin.rs @@ -17,7 +17,7 @@ use ark_poly_commit::{ }; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; use digest::Digest; -use rand_0_8::{Error, RngCore, SeedableRng}; +use rand_0_8::{CryptoRng, Error, RngCore, SeedableRng}; use sha3::Keccak256; use std::marker::PhantomData; @@ -116,9 +116,7 @@ type MarlinInst = ArkMarlin< >; impl UniversalBackend for Ark { - fn universal_setup(size: u32) -> Vec { - let rng = &mut rand_0_8::rngs::StdRng::from_entropy(); - + fn universal_setup(size: u32, rng: &mut R) -> Vec { let srs = MarlinInst::::universal_setup( 2usize.pow(size), 2usize.pow(size), @@ -128,9 +126,7 @@ impl UniversalBackend for Ark .unwrap(); let mut res = vec![]; - srs.serialize(&mut res).unwrap(); - res } @@ -210,15 +206,14 @@ impl UniversalBackend for Ark } impl Backend for Ark { - fn generate_proof>>( + fn generate_proof>, R: RngCore + CryptoRng>( program: ProgIterator, witness: Witness, proving_key: Vec, + rng: &mut R, ) -> Proof { let computation = Computation::with_witness(program, witness); - let rng = &mut rand_0_8::rngs::StdRng::from_entropy(); - let pk = IndexProverKey::< <::ArkEngine as PairingEngine>::Fr, MarlinKZG10< @@ -229,7 +224,6 @@ impl Backend for Ark { .unwrap(); let public_inputs = computation.public_inputs_values(); - let inputs = public_inputs.iter().map(parse_fr::).collect::>(); let proof = MarlinInst::::prove(&pk, computation, rng).unwrap(); diff --git a/zokrates_bellman/Cargo.toml b/zokrates_bellman/Cargo.toml index 852b1fbe..526078b7 100644 --- a/zokrates_bellman/Cargo.toml +++ b/zokrates_bellman/Cargo.toml @@ -15,8 +15,8 @@ zokrates_proof_systems = { version = "0.1", path = "../zokrates_proof_systems", bellman = { package = "bellman_ce", version = "^0.3", default-features = false } pairing = { package = "pairing_ce", version = "^0.21" } phase2 = { git = "https://github.com/Zokrates/phase2", default-features = false } -rand_0_4 = { version = "0.4", package = "rand" }# -getrandom = { version = "0.2", features = ["js", "wasm-bindgen"] } +rand_0_4 = { version = "0.4", package = "rand" } +rand_0_8 = { version = "0.8", package = "rand" } hex = "0.4.2" [dev-dependencies] diff --git a/zokrates_bellman/src/groth16.rs b/zokrates_bellman/src/groth16.rs index c918ccf5..66df1789 100644 --- a/zokrates_bellman/src/groth16.rs +++ b/zokrates_bellman/src/groth16.rs @@ -8,11 +8,12 @@ use zokrates_field::BellmanFieldExtensions; use zokrates_field::Field; use zokrates_proof_systems::{Backend, MpcBackend, NonUniversalBackend, Proof, SetupKeypair}; -use crate::Bellman; use crate::Computation; +use crate::{get_random_seed, Bellman}; use crate::{parse_g1, parse_g2}; use phase2::MPCParameters; -use rand_0_4::Rng; +use rand_0_4::{ChaChaRng, SeedableRng}; +use rand_0_8::{CryptoRng, RngCore}; use std::io::{Read, Write}; use zokrates_ast::ir::{ProgIterator, Statement, Witness}; use zokrates_proof_systems::groth16::{ProofPoints, VerificationKey, G16}; @@ -21,10 +22,11 @@ use zokrates_proof_systems::Scheme; const G16_WARNING: &str = "WARNING: You are using the G16 scheme which is subject to malleability. See zokrates.github.io/toolbox/proving_schemes.html#g16-malleability for implications."; impl Backend for Bellman { - fn generate_proof>>( + fn generate_proof>, R: RngCore + CryptoRng>( program: ProgIterator, witness: Witness, proving_key: Vec, + rng: &mut R, ) -> Proof { println!("{}", G16_WARNING); @@ -37,7 +39,7 @@ impl Backend for Bellman { .map(|e| format!("0x{}", to_hex(e))) .collect(); - let proof = computation.prove(¶ms); + let proof = computation.prove(¶ms, rng); let proof_points = ProofPoints { a: parse_g1::(&proof.a), b: parse_g2::(&proof.b), @@ -84,12 +86,13 @@ impl Backend for Bellman { } impl NonUniversalBackend for Bellman { - fn setup>>( + fn setup>, R: RngCore + CryptoRng>( program: ProgIterator, + rng: &mut R, ) -> SetupKeypair { println!("{}", G16_WARNING); - let parameters = Computation::without_witness(program).setup(); + let parameters = Computation::without_witness(program).setup(rng); let mut pk: Vec = Vec::new(); parameters.write(&mut pk).unwrap(); @@ -110,7 +113,7 @@ impl MpcBackend for Bellman { Ok(()) } - fn contribute( + fn contribute( params: &mut R, rng: &mut G, output: &mut W, @@ -118,6 +121,9 @@ impl MpcBackend for Bellman { let mut params = MPCParameters::::read(params, true).map_err(|e| e.to_string())?; + let seed = get_random_seed(rng); + let rng = &mut ChaChaRng::from_seed(seed.as_ref()); + let hash = params.contribute(rng); params.write(output).map_err(|e| e.to_string())?; diff --git a/zokrates_bellman/src/lib.rs b/zokrates_bellman/src/lib.rs index 4bf39624..3882adc2 100644 --- a/zokrates_bellman/src/lib.rs +++ b/zokrates_bellman/src/lib.rs @@ -16,6 +16,7 @@ use zokrates_field::BellmanFieldExtensions; use zokrates_field::Field; use rand_0_4::ChaChaRng; +use rand_0_8::{CryptoRng, RngCore}; pub use self::parse::*; @@ -148,22 +149,26 @@ impl>> } } +pub fn get_random_seed(rng: &mut R) -> [u32; 8] { + let mut seed = [0u8; 32]; + rng.fill_bytes(&mut seed); + + use std::mem::transmute; + // This is safe because we are just reinterpreting the bytes (u8[32] -> u32[8]), + // byte order or the actual content does not matter here as this is used + // as a random seed for the rng (rand 0.4) + let seed: [u32; 8] = unsafe { transmute(seed) }; + seed +} + impl>> Computation { - fn get_random_seed(&self) -> Result<[u32; 8], getrandom::Error> { - let mut seed = [0u8; 32]; - getrandom::getrandom(&mut seed)?; - - use std::mem::transmute; - // This is safe because we are just reinterpreting the bytes (u8[32] -> u32[8]), - // byte order or the actual content does not matter here as this is used - // as a random seed for the rng. - let seed: [u32; 8] = unsafe { transmute(seed) }; - Ok(seed) - } - - pub fn prove(self, params: &Parameters) -> Proof { + pub fn prove( + self, + params: &Parameters, + rng: &mut R, + ) -> Proof { use rand_0_4::SeedableRng; - let seed = self.get_random_seed().unwrap(); + let seed = get_random_seed(rng); let rng = &mut ChaChaRng::from_seed(seed.as_ref()); // extract public inputs @@ -186,9 +191,9 @@ impl>> Co .collect() } - pub fn setup(self) -> Parameters { + pub fn setup(self, rng: &mut R) -> Parameters { use rand_0_4::SeedableRng; - let seed = self.get_random_seed().unwrap(); + let seed = get_random_seed(rng); let rng = &mut ChaChaRng::from_seed(seed.as_ref()); // run setup phase generate_random_parameters(self, rng).unwrap() diff --git a/zokrates_book/src/toolbox/trusted_setup.md b/zokrates_book/src/toolbox/trusted_setup.md index aa05b4f0..84bdef4a 100644 --- a/zokrates_book/src/toolbox/trusted_setup.md +++ b/zokrates_book/src/toolbox/trusted_setup.md @@ -14,7 +14,7 @@ We will start this tutorial by using ZoKrates to compile a basic program. First, we create a new file named `program.zok` with the following content: ```zokrates -{{#include ../../../zokrates_cli/examples/book/mpc_tutorial/circuit.zok}} +{{#include ../../../zokrates_cli/examples/book/mpc_tutorial/program.zok}} ``` We compile the program using the `compile` command. diff --git a/zokrates_cli/examples/book/mpc_tutorial/circuit.zok b/zokrates_cli/examples/book/mpc_tutorial/program.zok similarity index 100% rename from zokrates_cli/examples/book/mpc_tutorial/circuit.zok rename to zokrates_cli/examples/book/mpc_tutorial/program.zok diff --git a/zokrates_cli/examples/book/mpc_tutorial/test.sh b/zokrates_cli/examples/book/mpc_tutorial/test.sh index 743b881b..979f1e08 100755 --- a/zokrates_cli/examples/book/mpc_tutorial/test.sh +++ b/zokrates_cli/examples/book/mpc_tutorial/test.sh @@ -7,8 +7,8 @@ function zokrates() { ZOKRATES_STDLIB=$stdlib $bin "$@" } -# compile the circuit -zokrates compile -i circuit.zok -o circuit +# compile the program +zokrates compile -i program.zok -o circuit # initialize the ceremony # this step requires phase1 files eg. phase1radix2m2 for circuits of 2^2 constraints diff --git a/zokrates_cli/src/bin.rs b/zokrates_cli/src/bin.rs index 99a1b083..62b0c1db 100644 --- a/zokrates_cli/src/bin.rs +++ b/zokrates_cli/src/bin.rs @@ -10,6 +10,7 @@ extern crate lazy_static; mod cli_constants; +mod common; mod ops; use clap::{App, AppSettings, Arg}; diff --git a/zokrates_cli/src/common.rs b/zokrates_cli/src/common.rs new file mode 100644 index 00000000..f5f1e3cc --- /dev/null +++ b/zokrates_cli/src/common.rs @@ -0,0 +1,21 @@ +use blake2::{Blake2b, Digest}; +use byteorder::ReadBytesExt; +use rand_0_8::rngs::StdRng; +use rand_0_8::SeedableRng; + +pub fn get_seeded_rng(entropy: &str) -> StdRng { + let h = { + let mut h = Blake2b::default(); + h.input(&entropy.as_bytes()); + h.result() + }; + + let mut digest = &h[..]; + let mut seed = [0u8; 32]; + + for e in &mut seed { + *e = digest.read_u8().unwrap(); + } + + StdRng::from_seed(seed) +} diff --git a/zokrates_cli/src/ops/generate_proof.rs b/zokrates_cli/src/ops/generate_proof.rs index 2a62042a..eff1715f 100644 --- a/zokrates_cli/src/ops/generate_proof.rs +++ b/zokrates_cli/src/ops/generate_proof.rs @@ -1,5 +1,8 @@ use crate::cli_constants; +use crate::common::get_seeded_rng; use clap::{App, Arg, ArgMatches, SubCommand}; +use rand_0_8::rngs::StdRng; +use rand_0_8::SeedableRng; use std::convert::TryFrom; use std::fs::File; use std::io::{BufReader, Read, Write}; @@ -79,6 +82,14 @@ pub fn subcommand() -> App<'static, 'static> { .possible_values(cli_constants::SCHEMES) .default_value(constants::G16), ) + .arg( + Arg::with_name("entropy") + .short("e") + .long("entropy") + .help("User provided randomness") + .takes_value(true) + .required(false), + ) } pub fn exec(sub_matches: &ArgMatches) -> Result<(), String> { @@ -166,7 +177,12 @@ fn cli_generate_proof< .read_to_end(&mut pk) .map_err(|why| format!("Could not read {}: {}", pk_path.display(), why))?; - let proof = B::generate_proof(program, witness, pk); + let mut rng = sub_matches + .value_of("entropy") + .map(|entropy| get_seeded_rng(entropy)) + .unwrap_or_else(|| StdRng::from_entropy()); + + let proof = B::generate_proof(program, witness, pk, &mut rng); let mut proof_file = File::create(proof_path).unwrap(); let proof = diff --git a/zokrates_cli/src/ops/mpc/beacon.rs b/zokrates_cli/src/ops/mpc/beacon.rs index b5af669e..619a95ed 100644 --- a/zokrates_cli/src/ops/mpc/beacon.rs +++ b/zokrates_cli/src/ops/mpc/beacon.rs @@ -1,5 +1,6 @@ use crate::cli_constants::MPC_DEFAULT_PATH; use clap::{App, Arg, ArgMatches, SubCommand}; +use rand_0_8::{rngs::StdRng, SeedableRng}; use std::fs::File; use std::io::{BufReader, BufWriter}; use std::path::Path; @@ -87,9 +88,7 @@ fn cli_mpc_beacon, B: MpcBack // Create an RNG based on the outcome of the random beacon let mut rng = { - use byteorder::{BigEndian, ReadBytesExt}; - use rand_0_4::chacha::ChaChaRng; - use rand_0_4::SeedableRng; + use byteorder::ReadBytesExt; use sha2::{Digest, Sha256}; // The hash used for the beacon @@ -126,12 +125,12 @@ fn cli_mpc_beacon, B: MpcBack let mut digest = &cur_hash[..]; - let mut seed = [0u32; 8]; + let mut seed = [0u8; 32]; for e in &mut seed { - *e = digest.read_u32::().unwrap(); + *e = digest.read_u8().unwrap(); } - ChaChaRng::from_seed(&seed) + StdRng::from_seed(seed) }; let output_path = Path::new(sub_matches.value_of("output").unwrap()); diff --git a/zokrates_cli/src/ops/mpc/contribute.rs b/zokrates_cli/src/ops/mpc/contribute.rs index 3490f381..2936e3c2 100644 --- a/zokrates_cli/src/ops/mpc/contribute.rs +++ b/zokrates_cli/src/ops/mpc/contribute.rs @@ -1,5 +1,9 @@ use crate::cli_constants::MPC_DEFAULT_PATH; use clap::{App, Arg, ArgMatches, SubCommand}; +use rand_0_8::{ + rngs::{OsRng, StdRng}, + Rng, SeedableRng, +}; use std::fs::File; use std::io::{BufReader, BufWriter}; use std::path::Path; @@ -76,12 +80,10 @@ pub fn cli_mpc_contribute< // Create an RNG based on a mixture of system randomness and user provided randomness let mut rng = { use blake2::{Blake2b, Digest}; - use byteorder::{BigEndian, ReadBytesExt}; - use rand_0_4::chacha::ChaChaRng; - use rand_0_4::{OsRng, Rng, SeedableRng}; + use byteorder::ReadBytesExt; let h = { - let mut system_rng = OsRng::new().unwrap(); + let mut system_rng = OsRng::default(); let mut h = Blake2b::default(); // Gather 1024 bytes of entropy from the system @@ -97,13 +99,12 @@ pub fn cli_mpc_contribute< let mut digest = &h[..]; - // Interpret the first 32 bytes of the digest as 8 32-bit words - let mut seed = [0u32; 8]; + let mut seed = [0u8; 32]; for e in &mut seed { - *e = digest.read_u32::().unwrap(); + *e = digest.read_u8().unwrap(); } - ChaChaRng::from_seed(&seed) + StdRng::from_seed(seed) }; let output_path = Path::new(sub_matches.value_of("output").unwrap()); diff --git a/zokrates_cli/src/ops/setup.rs b/zokrates_cli/src/ops/setup.rs index e9e8a216..d368463c 100644 --- a/zokrates_cli/src/ops/setup.rs +++ b/zokrates_cli/src/ops/setup.rs @@ -1,5 +1,8 @@ use crate::cli_constants; +use crate::common::get_seeded_rng; use clap::{App, Arg, ArgMatches, SubCommand}; +use rand_0_8::rngs::StdRng; +use rand_0_8::SeedableRng; use std::convert::TryFrom; use std::fs::File; use std::io::{BufReader, Write}; @@ -78,6 +81,14 @@ pub fn subcommand() -> App<'static, 'static> { .required(false) .default_value(cli_constants::UNIVERSAL_SETUP_DEFAULT_PATH), ) + .arg( + Arg::with_name("entropy") + .short("e") + .long("entropy") + .help("User provided randomness") + .takes_value(true) + .required(false), + ) } pub fn exec(sub_matches: &ArgMatches) -> Result<(), String> { @@ -181,8 +192,13 @@ fn cli_setup_non_universal< let pk_path = Path::new(sub_matches.value_of("proving-key-path").unwrap()); let vk_path = Path::new(sub_matches.value_of("verification-key-path").unwrap()); + let mut rng = sub_matches + .value_of("entropy") + .map(|entropy| get_seeded_rng(entropy)) + .unwrap_or_else(|| StdRng::from_entropy()); + // run setup phase - let keypair = B::setup(program); + let keypair = B::setup(program, &mut rng); // write verification key let mut vk_file = File::create(vk_path) diff --git a/zokrates_cli/src/ops/universal_setup.rs b/zokrates_cli/src/ops/universal_setup.rs index 98bc8892..44761e5e 100644 --- a/zokrates_cli/src/ops/universal_setup.rs +++ b/zokrates_cli/src/ops/universal_setup.rs @@ -1,5 +1,8 @@ use crate::cli_constants; +use crate::common::get_seeded_rng; use clap::{App, Arg, ArgMatches, SubCommand}; +use rand_0_8::rngs::StdRng; +use rand_0_8::SeedableRng; use std::convert::TryFrom; use std::fs::File; use std::io::Write; @@ -54,6 +57,14 @@ pub fn subcommand() -> App<'static, 'static> { .required(false) .default_value(cli_constants::UNIVERSAL_SETUP_DEFAULT_SIZE), ) + .arg( + Arg::with_name("entropy") + .short("e") + .long("entropy") + .help("User provided randomness") + .takes_value(true) + .required(false), + ) } pub fn exec(sub_matches: &ArgMatches) -> Result<(), String> { @@ -98,8 +109,13 @@ fn cli_universal_setup, B: UniversalBackend() .map_err(|_| format!("Universal setup size {} is invalid", size))?; + let mut rng = sub_matches + .value_of("entropy") + .map(|entropy| get_seeded_rng(entropy)) + .unwrap_or_else(|| StdRng::from_entropy()); + // run universal setup phase - let setup = B::universal_setup(size); + let setup = B::universal_setup(size, &mut rng); // write proving key let mut u_file = File::create(u_path) diff --git a/zokrates_js/Cargo.toml b/zokrates_js/Cargo.toml index feb949d1..29788384 100644 --- a/zokrates_js/Cargo.toml +++ b/zokrates_js/Cargo.toml @@ -14,6 +14,7 @@ serde_json = { version = "1.0", features = ["preserve_order"] } wasm-bindgen = { version = "0.2.46", features = ["serde-serialize"] } typed-arena = "1.4.1" lazy_static = "1.4.0" +rand_0_8 = { version = "0.8", package = "rand" } zokrates_core = { path = "../zokrates_core", default-features = false, features = ["ark", "bellman"] } zokrates_ark = { path = "../zokrates_ark", default-features = false} zokrates_bellman = { path = "../zokrates_bellman", default-features = false} diff --git a/zokrates_js/src/lib.rs b/zokrates_js/src/lib.rs index cf24252e..d349fbfb 100644 --- a/zokrates_js/src/lib.rs +++ b/zokrates_js/src/lib.rs @@ -4,6 +4,7 @@ mod util; extern crate lazy_static; use crate::util::normalize_path; +use rand_0_8::{rngs::StdRng, SeedableRng}; use serde::{Deserialize, Serialize}; use serde_json::to_string_pretty; use std::convert::TryFrom; @@ -343,7 +344,8 @@ mod internal { >( program: ir::Prog, ) -> JsValue { - let keypair = B::setup(program); + let rng = &mut StdRng::from_entropy(); + let keypair = B::setup(program, rng); let tagged_keypair = TaggedKeypair::::new(keypair); JsValue::from_serde(&tagged_keypair).unwrap() } @@ -364,7 +366,8 @@ mod internal { pub fn universal_setup_of_size, B: UniversalBackend>( size: u32, ) -> Vec { - B::universal_setup(size) + let rng = &mut StdRng::from_entropy(); + B::universal_setup(size, rng) } pub fn generate_proof, B: Backend>( @@ -376,7 +379,8 @@ mod internal { let ir_witness: ir::Witness = ir::Witness::read(str_witness.as_bytes()) .map_err(|err| JsValue::from_str(&format!("Could not read witness: {}", err)))?; - let proof = B::generate_proof(prog, ir_witness, pk.to_vec()); + let rng = &mut StdRng::from_entropy(); + let proof = B::generate_proof(prog, ir_witness, pk.to_vec(), rng); Ok(JsValue::from_serde(&TaggedProof::::new(proof.proof, proof.inputs)).unwrap()) } diff --git a/zokrates_proof_systems/Cargo.toml b/zokrates_proof_systems/Cargo.toml index 5fc9ee2c..bbc76f8e 100644 --- a/zokrates_proof_systems/Cargo.toml +++ b/zokrates_proof_systems/Cargo.toml @@ -12,5 +12,5 @@ regex = "0.2" cfg-if = "0.1" ethabi = "17.0.0" primitive-types = { version = "0.11", features = ["rlp"] } -rand_0_4 = { version = "0.4", package = "rand" } +rand_0_8 = { version = "0.8", package = "rand" } getrandom = { version = "0.2", features = ["js"] } \ No newline at end of file diff --git a/zokrates_proof_systems/src/lib.rs b/zokrates_proof_systems/src/lib.rs index 231fbeee..da705bce 100644 --- a/zokrates_proof_systems/src/lib.rs +++ b/zokrates_proof_systems/src/lib.rs @@ -10,9 +10,8 @@ pub use tagged::{TaggedKeypair, TaggedProof, TaggedVerificationKey}; use zokrates_ast::ir; +use rand_0_8::{CryptoRng, RngCore}; use serde::{Deserialize, Serialize}; - -use rand_0_4::Rng; use std::io::{Read, Write}; use zokrates_field::Field; @@ -96,22 +95,24 @@ impl ToString for G2AffineFq2 { } pub trait Backend> { - fn generate_proof>>( + fn generate_proof>, R: RngCore + CryptoRng>( program: ir::ProgIterator, witness: ir::Witness, proving_key: Vec, + rng: &mut R, ) -> Proof; fn verify(vk: S::VerificationKey, proof: Proof) -> bool; } pub trait NonUniversalBackend>: Backend { - fn setup>>( + fn setup>, R: RngCore + CryptoRng>( program: ir::ProgIterator, + rng: &mut R, ) -> SetupKeypair; } pub trait UniversalBackend>: Backend { - fn universal_setup(size: u32) -> Vec; + fn universal_setup(size: u32, rng: &mut R) -> Vec; fn setup>>( srs: Vec, @@ -126,7 +127,7 @@ pub trait MpcBackend> { output: &mut W, ) -> Result<(), String>; - fn contribute( + fn contribute( params: &mut R, rng: &mut G, output: &mut W,