sonr/crypto/accumulator/accumulator.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

// Package accumulator implements the cryptographic accumulator as described in https://eprint.iacr.org/2020/777.pdf
// It also implements the zero knowledge proof of knowledge protocol
// described in section 7 of the paper.
// Note: the paper only describes for non-membership witness case, but we don't
// use non-membership witness. We only implement the membership witness case.
package accumulator

import (
	"fmt"

	"git.sr.ht/~sircmpwn/go-bare"

	"github.com/onsonr/sonr/crypto/core/curves"
)

type structMarshal struct {
	Curve string `bare:"curve"`
	Value []byte `bare:"value"`
}

type Element curves.Scalar

// Coefficient is a point
type Coefficient curves.Point

// Accumulator is a point
type Accumulator struct {
	value curves.Point
}

// New creates a new accumulator.
func (acc *Accumulator) New(curve *curves.PairingCurve) (*Accumulator, error) {
	// If we need to support non-membership witness, we need to implement Accumulator Initialization
	// as described in section 6 of <https://eprint.iacr.org/2020/777.pdf>
	// for now we don't need non-membership witness

	// i.e., it computes V0 = prod(y + α) * P, y ∈ Y_V0, P is a generator of G1. Since we do not use non-membership witness
	// we just set the initial accumulator a G1 generator.
	acc.value = curve.Scalar.Point().Generator()
	return acc, nil
}

// WithElements initializes a new accumulator prefilled with entries
// Each member is assumed to be hashed
// V = prod(y + α) * V0, for all y∈ Y_V
func (acc *Accumulator) WithElements(curve *curves.PairingCurve, key *SecretKey, m []Element) (*Accumulator, error) {
	_, err := acc.New(curve)
	if err != nil {
		return nil, err
	}
	y, err := key.BatchAdditions(m)
	if err != nil {
		return nil, err
	}
	acc.value = acc.value.Mul(y)
	return acc, nil
}

// AddElements accumulates a set of elements into the accumulator.
func (acc *Accumulator) AddElements(key *SecretKey, m []Element) (*Accumulator, error) {
	if acc.value == nil || key.value == nil {
		return nil, fmt.Errorf("accumulator and secret key should not be nil")
	}
	y, err := key.BatchAdditions(m)
	if err != nil {
		return nil, err
	}
	acc.value = acc.value.Mul(y)
	return acc, nil
}

// Add accumulates a single element into the accumulator
// V' = (y + alpha) * V
func (acc *Accumulator) Add(key *SecretKey, e Element) (*Accumulator, error) {
	if acc.value == nil || acc.value.IsIdentity() || key.value == nil || e == nil {
		return nil, fmt.Errorf("accumulator, secret key and element should not be nil")
	}
	y := e.Add(key.value) // y + alpha
	acc.value = acc.value.Mul(y)
	return acc, nil
}

// Remove removes a single element from accumulator if it exists
// V' = 1/(y+alpha) *  V
func (acc *Accumulator) Remove(key *SecretKey, e Element) (*Accumulator, error) {
	if acc.value == nil || acc.value.IsIdentity() || key.value == nil || e == nil {
		return nil, fmt.Errorf("accumulator, secret key and element should not be nil")
	}
	y := e.Add(key.value) // y + alpha
	y, err := y.Invert()  // 1/(y+alpha)
	if err != nil {
		return nil, err
	}
	acc.value = acc.value.Mul(y)
	return acc, nil
}

// Update performs a batch addition and deletion as described on page 7, section 3 in
// https://eprint.iacr.org/2020/777.pdf
func (acc *Accumulator) Update(key *SecretKey, additions []Element, deletions []Element) (*Accumulator, []Coefficient, error) {
	if acc.value == nil || acc.value.IsIdentity() || key.value == nil {
		return nil, nil, fmt.Errorf("accumulator and secret key should not be nil")
	}

	// Compute dA(-alpha) = prod(y + alpha), y in the set of A ⊆ ACC-Y_V
	a, err := key.BatchAdditions(additions)
	if err != nil {
		return nil, nil, err
	}

	// Compute dD(-alpha) = 1/prod(y + alpha), y in the set of D ⊆ Y_V
	d, err := key.BatchDeletions(deletions)
	if err != nil {
		return nil, nil, err
	}

	// dA(-alpha)/dD(-alpha)
	div := a.Mul(d)
	newAcc := acc.value.Mul(div)

	// build an array of coefficients
	elements, err := key.CreateCoefficients(additions, deletions)
	if err != nil {
		return nil, nil, err
	}

	coefficients := make([]Coefficient, len(elements))
	for i := 0; i < len(elements); i++ {
		coefficients[i] = acc.value.Mul(elements[i])
	}
	acc.value = newAcc
	return acc, coefficients, nil
}

// MarshalBinary converts Accumulator to bytes
func (acc Accumulator) MarshalBinary() ([]byte, error) {
	if acc.value == nil {
		return nil, fmt.Errorf("accumulator cannot be nil")
	}
	tv := &structMarshal{
		Value: acc.value.ToAffineCompressed(),
		Curve: acc.value.CurveName(),
	}
	return bare.Marshal(tv)
}

// UnmarshalBinary sets Accumulator from bytes
func (acc *Accumulator) UnmarshalBinary(data []byte) error {
	tv := new(structMarshal)
	err := bare.Unmarshal(data, tv)
	if err != nil {
		return err
	}
	curve := curves.GetCurveByName(tv.Curve)
	if curve == nil {
		return fmt.Errorf("invalid curve")
	}

	value, err := curve.NewIdentityPoint().FromAffineCompressed(tv.Value)
	if err != nil {
		return err
	}
	acc.value = value
	return nil
}
-												feature/1114 implement account interface (#1167)

      - **refactor: move session-related code to middleware package**
- **refactor: update PKL build process and adjust related
configurations**
- **feat: integrate base.cosmos.v1 Genesis module**
- **refactor: pass session context to modal rendering functions**
- **refactor: move nebula package to app directory and update templ
version**
- **refactor: Move home section video view to dedicated directory**
- **refactor: remove unused views file**
- **refactor: move styles and UI components to global scope**
- **refactor: Rename images.go to cdn.go**
- **feat: Add Empty State Illustrations**
- **refactor: Consolidate Vault Index Logic**
- **fix: References to App.wasm and remove Vault Directory embedded CDN
files**
- **refactor: Move CDN types to Models**
- **fix: Correct line numbers in templ error messages for
arch_templ.go**
- **refactor: use common types for peer roles**
- **refactor: move common types and ORM to a shared package**
- **fix: Config import dwn**
- **refactor: move nebula directory to app**
- **feat: Rebuild nebula**
- **fix: correct file paths in panels templates**
- **feat: Remove duplicate types**
- **refactor: Move dwn to pkg/core**
- **refactor: Binary Structure**
- **feat: Introduce Crypto Pkg**
- **fix: Broken Process Start**
- **feat: Update pkg/* structure**
- **feat: Refactor PKL Structure**
- **build: update pkl build process**
- **chore: Remove Empty Files**
- **refactor: remove unused macaroon package**
- **feat: Add WebAwesome Components**
- **refactor: consolidate build and generation tasks into a single
taskfile, remove redundant makefile targets**
- **refactor: refactor server and move components to pkg/core/dwn**
- **build: update go modules**
- **refactor: move gateway logic into dedicated hway command**
- **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module**
- **feat: Implement MPC-based JWT signing and UCAN token generation**
- **feat: add support for MPC-based JWT signing**
- **feat: Implement MPC-based UCAN capabilities for smart accounts**
- **feat: add address field to keyshareSource**
- **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens,
and token attenuations**
- **refactor: improve MPC keyshare management and signing process**
- **feat: enhance MPC capability hierarchy documentation**
- **refactor: rename GenerateKeyshares function to NewKeyshareSource for
clarity**
- **refactor: remove unused Ethereum address computation**
- **feat: Add HasHandle and IsAuthenticated methods to HTTPContext**
- **refactor: Add context.Context support to session HTTPContext**
- **refactor: Resolve context interface conflicts in HTTPContext**
- **feat: Add session ID context key and helper functions**
- **feat: Update WebApp Page Rendering**
- **refactor: Simplify context management by using single HTTPContext
key**
- **refactor: Simplify HTTPContext creation and context management in
session middleware**
- **refactor: refactor session middleware to use a single data
structure**
- **refactor: Simplify HTTPContext implementation and session data
handling**
- **refactor: Improve session context handling and prevent nil pointer
errors**
- **refactor: Improve session context handling with nil safety and type
support**
- **refactor: improve session data injection**
- **feat: add full-screen modal component and update registration flow**
- **chore: add .air.toml to .gitignore**
- **feat: add Air to devbox and update dependencies**
  
											
										
										
											2024-11-23 01:28:58 -05:00
+								//
 								// Copyright Coinbase, Inc. All Rights Reserved.
 								//
 								// SPDX-License-Identifier: Apache-2.0
 								//
 								// Package accumulator implements the cryptographic accumulator as described in https://eprint.iacr.org/2020/777.pdf
 								// It also implements the zero knowledge proof of knowledge protocol
 								// described in section 7 of the paper.
 								// Note: the paper only describes for non-membership witness case, but we don't
 								// use non-membership witness. We only implement the membership witness case.
 								package accumulator
 								import (
 									"fmt"
 									"git.sr.ht/~sircmpwn/go-bare"
-												feature/1220 origin handle exists method (#1241)

* feat: add docs and CI workflow for publishing to onsonr.dev

* (refactor): Move hway,motr executables to their own repos

* feat: simplify devnet and testnet configurations

* refactor: update import path for didcrypto package

* docs(networks): Add README with project overview, architecture, and community links

* refactor: Move network configurations to deploy directory

* build: update golang version to 1.23

* refactor: move logger interface to appropriate package

* refactor: Move devnet configuration to networks/devnet

* chore: improve release process with date variable

* (chore): Move Crypto Library

* refactor: improve code structure and readability in DID module

* feat: integrate Trunk CI checks

* ci: optimize CI workflow by removing redundant build jobs

---------

Co-authored-by: Darp Alakun <i@prad.nu>
											
										
										
											2025-01-06 12:06:10 -05:00
+									"github.com/onsonr/sonr/crypto/core/curves"
-												feature/1114 implement account interface (#1167)

      - **refactor: move session-related code to middleware package**
- **refactor: update PKL build process and adjust related
configurations**
- **feat: integrate base.cosmos.v1 Genesis module**
- **refactor: pass session context to modal rendering functions**
- **refactor: move nebula package to app directory and update templ
version**
- **refactor: Move home section video view to dedicated directory**
- **refactor: remove unused views file**
- **refactor: move styles and UI components to global scope**
- **refactor: Rename images.go to cdn.go**
- **feat: Add Empty State Illustrations**
- **refactor: Consolidate Vault Index Logic**
- **fix: References to App.wasm and remove Vault Directory embedded CDN
files**
- **refactor: Move CDN types to Models**
- **fix: Correct line numbers in templ error messages for
arch_templ.go**
- **refactor: use common types for peer roles**
- **refactor: move common types and ORM to a shared package**
- **fix: Config import dwn**
- **refactor: move nebula directory to app**
- **feat: Rebuild nebula**
- **fix: correct file paths in panels templates**
- **feat: Remove duplicate types**
- **refactor: Move dwn to pkg/core**
- **refactor: Binary Structure**
- **feat: Introduce Crypto Pkg**
- **fix: Broken Process Start**
- **feat: Update pkg/* structure**
- **feat: Refactor PKL Structure**
- **build: update pkl build process**
- **chore: Remove Empty Files**
- **refactor: remove unused macaroon package**
- **feat: Add WebAwesome Components**
- **refactor: consolidate build and generation tasks into a single
taskfile, remove redundant makefile targets**
- **refactor: refactor server and move components to pkg/core/dwn**
- **build: update go modules**
- **refactor: move gateway logic into dedicated hway command**
- **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module**
- **feat: Implement MPC-based JWT signing and UCAN token generation**
- **feat: add support for MPC-based JWT signing**
- **feat: Implement MPC-based UCAN capabilities for smart accounts**
- **feat: add address field to keyshareSource**
- **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens,
and token attenuations**
- **refactor: improve MPC keyshare management and signing process**
- **feat: enhance MPC capability hierarchy documentation**
- **refactor: rename GenerateKeyshares function to NewKeyshareSource for
clarity**
- **refactor: remove unused Ethereum address computation**
- **feat: Add HasHandle and IsAuthenticated methods to HTTPContext**
- **refactor: Add context.Context support to session HTTPContext**
- **refactor: Resolve context interface conflicts in HTTPContext**
- **feat: Add session ID context key and helper functions**
- **feat: Update WebApp Page Rendering**
- **refactor: Simplify context management by using single HTTPContext
key**
- **refactor: Simplify HTTPContext creation and context management in
session middleware**
- **refactor: refactor session middleware to use a single data
structure**
- **refactor: Simplify HTTPContext implementation and session data
handling**
- **refactor: Improve session context handling and prevent nil pointer
errors**
- **refactor: Improve session context handling with nil safety and type
support**
- **refactor: improve session data injection**
- **feat: add full-screen modal component and update registration flow**
- **chore: add .air.toml to .gitignore**
- **feat: add Air to devbox and update dependencies**
  
											
										
										
											2024-11-23 01:28:58 -05:00
+								)
 								type structMarshal struct {
 									Curve string `bare:"curve"`
 									Value []byte `bare:"value"`
 								}
 								type Element curves.Scalar
 								// Coefficient is a point
 								type Coefficient curves.Point
 								// Accumulator is a point
 								type Accumulator struct {
 									value curves.Point
 								}
 								// New creates a new accumulator.
 								func (acc *Accumulator) New(curve *curves.PairingCurve) (*Accumulator, error) {
 									// If we need to support non-membership witness, we need to implement Accumulator Initialization
 									// as described in section 6 of <https://eprint.iacr.org/2020/777.pdf>
 									// for now we don't need non-membership witness
 									// i.e., it computes V0 = prod(y + α) * P, y ∈ Y_V0, P is a generator of G1. Since we do not use non-membership witness
 									// we just set the initial accumulator a G1 generator.
 									acc.value = curve.Scalar.Point().Generator()
 									return acc, nil
 								}
 								// WithElements initializes a new accumulator prefilled with entries
 								// Each member is assumed to be hashed
 								// V = prod(y + α) * V0, for all y∈ Y_V
 								func (acc *Accumulator) WithElements(curve *curves.PairingCurve, key *SecretKey, m []Element) (*Accumulator, error) {
 									_, err := acc.New(curve)
 									if err != nil {
 										return nil, err
 									}
 									y, err := key.BatchAdditions(m)
 									if err != nil {
 										return nil, err
 									}
 									acc.value = acc.value.Mul(y)
 									return acc, nil
 								}
 								// AddElements accumulates a set of elements into the accumulator.
 								func (acc *Accumulator) AddElements(key *SecretKey, m []Element) (*Accumulator, error) {
 									if acc.value == nil || key.value == nil {
 										return nil, fmt.Errorf("accumulator and secret key should not be nil")
 									}
 									y, err := key.BatchAdditions(m)
 									if err != nil {
 										return nil, err
 									}
 									acc.value = acc.value.Mul(y)
 									return acc, nil
 								}
 								// Add accumulates a single element into the accumulator
 								// V' = (y + alpha) * V
 								func (acc *Accumulator) Add(key *SecretKey, e Element) (*Accumulator, error) {
 									if acc.value == nil || acc.value.IsIdentity() || key.value == nil || e == nil {
 										return nil, fmt.Errorf("accumulator, secret key and element should not be nil")
 									}
 									y := e.Add(key.value) // y + alpha
 									acc.value = acc.value.Mul(y)
 									return acc, nil
 								}
 								// Remove removes a single element from accumulator if it exists
 								// V' = 1/(y+alpha) *  V
 								func (acc *Accumulator) Remove(key *SecretKey, e Element) (*Accumulator, error) {
 									if acc.value == nil || acc.value.IsIdentity() || key.value == nil || e == nil {
 										return nil, fmt.Errorf("accumulator, secret key and element should not be nil")
 									}
 									y := e.Add(key.value) // y + alpha
 									y, err := y.Invert()  // 1/(y+alpha)
 									if err != nil {
 										return nil, err
 									}
 									acc.value = acc.value.Mul(y)
 									return acc, nil
 								}
 								// Update performs a batch addition and deletion as described on page 7, section 3 in
 								// https://eprint.iacr.org/2020/777.pdf
 								func (acc *Accumulator) Update(key *SecretKey, additions []Element, deletions []Element) (*Accumulator, []Coefficient, error) {
 									if acc.value == nil || acc.value.IsIdentity() || key.value == nil {
 										return nil, nil, fmt.Errorf("accumulator and secret key should not be nil")
 									}
 									// Compute dA(-alpha) = prod(y + alpha), y in the set of A ⊆ ACC-Y_V
 									a, err := key.BatchAdditions(additions)
 									if err != nil {
 										return nil, nil, err
 									}
 									// Compute dD(-alpha) = 1/prod(y + alpha), y in the set of D ⊆ Y_V
 									d, err := key.BatchDeletions(deletions)
 									if err != nil {
 										return nil, nil, err
 									}
 									// dA(-alpha)/dD(-alpha)
 									div := a.Mul(d)
 									newAcc := acc.value.Mul(div)
 									// build an array of coefficients
 									elements, err := key.CreateCoefficients(additions, deletions)
 									if err != nil {
 										return nil, nil, err
 									}
 									coefficients := make([]Coefficient, len(elements))
 									for i := 0; i < len(elements); i++ {
 										coefficients[i] = acc.value.Mul(elements[i])
 									}
 									acc.value = newAcc
 									return acc, coefficients, nil
 								}
 								// MarshalBinary converts Accumulator to bytes
 								func (acc Accumulator) MarshalBinary() ([]byte, error) {
 									if acc.value == nil {
 										return nil, fmt.Errorf("accumulator cannot be nil")
 									}
 									tv := &structMarshal{
 										Value: acc.value.ToAffineCompressed(),
 										Curve: acc.value.CurveName(),
 									}
 									return bare.Marshal(tv)
 								}
 								// UnmarshalBinary sets Accumulator from bytes
 								func (acc *Accumulator) UnmarshalBinary(data []byte) error {
 									tv := new(structMarshal)
 									err := bare.Unmarshal(data, tv)
 									if err != nil {
 										return err
 									}
 									curve := curves.GetCurveByName(tv.Curve)
 									if curve == nil {
 										return fmt.Errorf("invalid curve")
 									}
 									value, err := curve.NewIdentityPoint().FromAffineCompressed(tv.Value)
 									if err != nil {
 										return err
 									}
 									acc.value = value
 									return nil
 								}