Precompute DlogProverInput.public_image

sethdusek · sethdusek · commit d89f1bb6cdf2 · 2025-01-03T09:57:51.000+05:00
This avoids repeated multiplications by group element when signing
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,3 +1,4 @@
+
 [workspace]
 resolver = "2"
 members = [
diff --git a/ergo-chain-types/Cargo.toml b/ergo-chain-types/Cargo.toml
@@ -31,6 +31,13 @@ core2 = { workspace = true }
 default = ["std", "json"]
 arbitrary = ["proptest", "proptest-derive", "std"]
 json = ["serde", "serde_json", "serde_with"]
-std = ["dep:url", "base16/std", "base64/std", "serde/std"]
+std = [
+    "dep:url",
+    "base16/std",
+    "base64/std",
+    "serde/std",
+    "k256/precomputed-tables",
+    "k256/std",
+]
 
 [dev-dependencies]
diff --git a/ergo-chain-types/src/ec_point.rs b/ergo-chain-types/src/ec_point.rs
@@ -11,7 +11,7 @@ use sigma_ser::vlq_encode::{ReadSigmaVlqExt, WriteSigmaVlqExt};
 use sigma_ser::{ScorexParsingError, ScorexSerializable, ScorexSerializeResult};
 
 /// Elliptic curve point
-#[derive(PartialEq, Clone, Default, From, Into)]
+#[derive(PartialEq, Clone, Copy, Default, From, Into)]
 #[cfg_attr(
     feature = "json",
     derive(serde::Serialize, serde::Deserialize),
diff --git a/ergo-lib/src/wallet/deterministic.rs b/ergo-lib/src/wallet/deterministic.rs
@@ -77,7 +77,7 @@ mod test {
     use crate::wallet::Wallet;
     fn gen_boxes() -> impl Strategy<Value = (SecretKey, Vec<ErgoBox>)> {
         any::<Wscalar>()
-            .prop_map(|s| SecretKey::DlogSecretKey(DlogProverInput { w: s }))
+            .prop_map(|s| SecretKey::DlogSecretKey(DlogProverInput::new(s)))
             .prop_flat_map(|sk: SecretKey| {
                 (
                     Just(sk.clone()),
diff --git a/ergotree-interpreter/src/sigma_protocol/private_input.rs b/ergotree-interpreter/src/sigma_protocol/private_input.rs
@@ -3,6 +3,7 @@ use core::convert::TryInto;
 use core::fmt::Formatter;
 
 use alloc::vec::Vec;
+use elliptic_curve::ops::MulByGenerator;
 use ergo_chain_types::EcPoint;
 use ergotree_ir::serialization::SigmaSerializable;
 use ergotree_ir::sigma_protocol::sigma_boolean::ProveDhTuple;
@@ -13,18 +14,20 @@ use ergotree_ir::sigma_protocol::sigma_boolean::SigmaBoolean;
 extern crate derive_more;
 use derive_more::From;
 use k256::elliptic_curve::PrimeField;
+use k256::ProjectivePoint;
 use num_bigint::BigUint;
 use num_traits::ToPrimitive;
 
 use super::wscalar::Wscalar;
 
 /// Secret key of discrete logarithm signature protocol
 #[cfg_attr(feature = "json", derive(serde::Serialize, serde::Deserialize))]
-#[cfg_attr(feature = "json", serde(transparent))]
-#[derive(PartialEq, Eq, Clone, derive_more::From)]
+#[cfg_attr(feature = "json", serde(from = "Wscalar", into = "Wscalar"))]
+#[derive(PartialEq, Eq, Clone)]
 pub struct DlogProverInput {
     /// secret key value
     pub w: Wscalar,
+    pk: EcPoint,
 }
 
 impl core::fmt::Debug for DlogProverInput {
@@ -34,26 +37,46 @@ impl core::fmt::Debug for DlogProverInput {
     }
 }
 
+impl From<Wscalar> for DlogProverInput {
+    fn from(scalar: Wscalar) -> Self {
+        DlogProverInput::new(scalar)
+    }
+}
+
+impl From<DlogProverInput> for Wscalar {
+    fn from(prover_input: DlogProverInput) -> Self {
+        prover_input.w
+    }
+}
+
 impl DlogProverInput {
     /// Scalar(secret key) size in bytes
     pub const SIZE_BYTES: usize = 32;
 
+    /// Create new DlogProverInput
+    pub fn new(w: Wscalar) -> DlogProverInput {
+        Self {
+            pk: EcPoint::from(ProjectivePoint::mul_by_generator(w.as_scalar_ref())),
+            w,
+        }
+    }
     /// generates random secret in the range [0, n), where n is DLog group order.
     #[cfg(feature = "std")]
     pub fn random() -> DlogProverInput {
-        DlogProverInput {
-            w: ergotree_ir::sigma_protocol::dlog_group::random_scalar_in_group_range(
-                super::crypto_utils::secure_rng(),
-            )
-            .into(),
-        }
+        use ergotree_ir::sigma_protocol::dlog_group;
+
+        use crate::sigma_protocol::crypto_utils;
+
+        DlogProverInput::new(
+            dlog_group::random_scalar_in_group_range(crypto_utils::secure_rng()).into(),
+        )
     }
 
     /// Attempts to parse the given byte array as an SEC-1-encoded scalar(secret key).
     /// Returns None if the byte array does not contain a big-endian integer in the range [0, modulus).
     pub fn from_bytes(bytes: &[u8; DlogProverInput::SIZE_BYTES]) -> Option<DlogProverInput> {
         k256::Scalar::from_repr((*bytes).into())
-            .map(|s| DlogProverInput::from(Wscalar::from(s)))
+            .map(|s| DlogProverInput::new(Wscalar::from(s)))
             .into()
     }
 
@@ -90,12 +113,7 @@ impl DlogProverInput {
 
     /// public key of discrete logarithm signature protocol
     pub fn public_image(&self) -> ProveDlog {
-        // test it, see https://github.com/ergoplatform/sigma-rust/issues/38
-        let g = ergo_chain_types::ec_point::generator();
-        ProveDlog::new(ergo_chain_types::ec_point::exponentiate(
-            &g,
-            self.w.as_scalar_ref(),
-        ))
+        ProveDlog::new(self.pk)
     }
 
     /// Return true if the secret is 0

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+`
`1`	`2`	`[workspace]`
`2`	`3`	`resolver = "2"`
`3`	`4`	`members = [`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ mod test {`
`77`	`77`	`use crate::wallet::Wallet;`
`78`	`78`	`fn gen_boxes() -> impl Strategy<Value = (SecretKey, Vec<ErgoBox>)> {`
`79`	`79`	`any::<Wscalar>()`
`80`		`- .prop_map(\|s\| SecretKey::DlogSecretKey(DlogProverInput { w: s }))`
	`80`	`+ .prop_map(\|s\| SecretKey::DlogSecretKey(DlogProverInput::new(s)))`
`81`	`81`	`.prop_flat_map(\|sk: SecretKey\| {`
`82`	`82`	`(`
`83`	`83`	`Just(sk.clone()),`