include user label as message in audit

Adam Gibson · Adam Gibson · commit 4badf67ee12c · 2024-09-03T15:20:13.000-06:00
diff --git a/auditor-docs/README.md b/auditor-docs/README.md
@@ -34,10 +34,17 @@ target/release/autct -M serve -k mycontext:something.pks -n signet
 But use the `auditprove` method from the client:
 
 ```
-target/release/autct -M auditprove -k mycontext:something.pks -n signet -H 127.0.0.1 -i some-privkeys.txt --audit-range-min 5000 --audit-range-exponent 12
+target/release/autct -M auditprove -k mycontext:something.pks \
+-n signet -H 127.0.0.1 -i some-privkeys.txt \
+--audit-range-min 5000 --audit-range-exponent 12 \
+-u "Alice's more than 5K sats"
 ```
 
-First note the two new option flags ``--audit-range-min`` which corresponds to \(k\) in the description, and ``-audit-range-exponent`` which corresponds to \(n\). Second, the format of `some-privkeys.txt` is like this:
+First note the two new option flags ``--audit-range-min`` which corresponds to $k$ in the description, and ``-audit-range-exponent`` which corresponds to $n$.
+
+Second the argument ``-u`` is necessary here: it functions exactly as the "message" in a Schnorr signature, evidencing what is attested to. Otherwise, someone could take your proof of funds and use it to pretend they owned the money! One sensible thing to put as the "message" here might be a public key, over which you could sign.
+
+Thirdly, the format of `some-privkeys.txt` is like this:
 
 ```
 cMahea7zqjxrtgAbB7LSGbcQUr1uX1ojuat9jZodMN87Lc8ycuM4,5000
@@ -49,9 +56,11 @@ that is, it is pairs (raw WIF private key, value-in-sats) one per line, remember
 To verify an existing proof file, you need to know what ``audit-range-min`` and ``audit-range-exponent`` are being claimed (for now; this is actually in the proof serialization so it can be extracted), and run the `auditverify` method:
 
 ```
-target/release/autct -M auditverify -k mycontext:something.pks -n signet -H 127.0.0.1 -P some-proof.txt --audit-range-min 5000 --audit-range-exponent 12
+target/release/autct -M auditverify -k mycontext:something.pks -n signet -H 127.0.0.1 -P some-proof.txt --audit-range-min 5000 --audit-range-exponent 12 -u "Alice's more than 5K sats"
 ```
 
+Note that you need to use exactly the same message as `-u` here as in proving, also.
+
 If successful, the following will be printed:
 
 ```
diff --git a/src/auditor.rs b/src/auditor.rs
@@ -109,7 +109,8 @@ ScalarField = P0::BaseField> + Copy,> AuditProof<F, P0, P1> {
         // proof parameters:
         keyset: &str,
         curve_tree: &CurveTree<P0, P1>,
-        sr_params: &SelRerandParameters<P0, P1>
+        sr_params: &SelRerandParameters<P0, P1>,
+        user_string: &str
     ) -> Result<AuditProof<F, P0, P1>, Box<dyn Error>> {
         // 3: curve tree proof for each of the m commitments
         let mut curvetree_p0_proofs: Vec<R1CSProof<Affine<P0>>> = Vec::new();
@@ -210,7 +211,7 @@ ScalarField = P0::BaseField> + Copy,> AuditProof<F, P0, P1> {
                 &basesvec,
                 keyimagebase,
                 // TODO labelling:
-                b"bloo",b"blah"));
+                b"bloo", user_string.as_bytes()));
         }
         // We now have a full set of AuditProof elements:
         Ok(AuditProof{
@@ -232,7 +233,8 @@ ScalarField = P0::BaseField> + Copy,> AuditProof<F, P0, P1> {
     pub fn verify(
         &self, G: &Affine<P0>, J: &Affine<P0>,
         curve_tree: &CurveTree<P0, P1>,
-        sr_params: &SelRerandParameters<P0, P1>
+        sr_params: &SelRerandParameters<P0, P1>,
+        user_string: &str
     ) -> Result<(), Box<dyn Error>>
     {
         // Before verifying the ZK proofs,
@@ -260,7 +262,7 @@ ScalarField = P0::BaseField> + Copy,> AuditProof<F, P0, P1> {
                 &vec![self.blinded_commitment_list[i], self.Q_comms[i]],
                 &basesvec,
                 b"bloo", // TODO labels
-                b"blah"
+                user_string.as_bytes()
             )?;
         }
         for i in 0..m {
diff --git a/src/lib.rs b/src/lib.rs
@@ -251,7 +251,8 @@ pub mod rpc {
                         values,
                         &pva.keyset_file_locs[0],
                         &pva.curve_trees[0],
-                        &pva.sr_params
+                        &pva.sr_params,
+                        &args.user_label
                     ).unwrap(); // todo Result not working?
                     //if prfres.is_err(){
                     //    resp.accepted = -2;
@@ -263,7 +264,8 @@ pub mod rpc {
                     //
                     let verifresult = prf.verify(&G, &J,
                         &pva.curve_trees[0], // assuming one is that OK? TODO
-                        &pva.sr_params);
+                        &pva.sr_params,
+                        &args.user_label);
                     if verifresult.is_err() {
                         resp.accepted = -2;
                         return Ok(resp);
@@ -617,7 +619,8 @@ pub mod rpc {
                 // uses one keyset in the definition, hence [0]:
                 let verifresult = prf.verify(&G, &J,
                         &pva.curve_trees[0],
-                        &pva.sr_params);
+                        &pva.sr_params,
+                        &verif_request.user_label);
                 if verifresult.is_err() {
                         resp.accepted = -3;
                         return Ok(resp);
